123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476147714781479148014811482148314841485148614871488148914901491149214931494149514961497149814991500150115021503150415051506150715081509151015111512151315141515151615171518151915201521152215231524152515261527152815291530153115321533153415351536153715381539154015411542154315441545154615471548154915501551155215531554155515561557155815591560156115621563156415651566156715681569157015711572157315741575157615771578157915801581158215831584158515861587158815891590159115921593159415951596159715981599160016011602160316041605160616071608160916101611161216131614161516161617161816191620162116221623162416251626162716281629163016311632163316341635163616371638163916401641164216431644164516461647164816491650165116521653165416551656165716581659166016611662166316641665166616671668166916701671167216731674167516761677167816791680168116821683168416851686168716881689169016911692169316941695169616971698169917001701170217031704170517061707170817091710171117121713171417151716171717181719172017211722172317241725172617271728172917301731173217331734173517361737173817391740174117421743174417451746174717481749175017511752175317541755175617571758175917601761176217631764176517661767176817691770177117721773177417751776177717781779178017811782178317841785178617871788178917901791179217931794179517961797179817991800180118021803180418051806180718081809181018111812181318141815181618171818181918201821182218231824182518261827182818291830183118321833183418351836183718381839184018411842184318441845184618471848184918501851185218531854185518561857185818591860186118621863186418651866186718681869187018711872187318741875187618771878187918801881188218831884188518861887188818891890189118921893189418951896189718981899190019011902190319041905190619071908190919101911191219131914191519161917191819191920192119221923192419251926192719281929193019311932193319341935193619371938193919401941194219431944194519461947194819491950195119521953195419551956195719581959196019611962196319641965196619671968196919701971197219731974197519761977197819791980198119821983198419851986198719881989199019911992199319941995199619971998199920002001200220032004200520062007200820092010201120122013201420152016201720182019202020212022202320242025202620272028202920302031203220332034203520362037203820392040204120422043204420452046204720482049205020512052205320542055205620572058205920602061206220632064206520662067206820692070207120722073207420752076207720782079208020812082208320842085208620872088208920902091209220932094209520962097209820992100210121022103210421052106210721082109211021112112211321142115211621172118211921202121212221232124212521262127212821292130213121322133213421352136213721382139214021412142214321442145214621472148214921502151215221532154215521562157215821592160216121622163216421652166216721682169217021712172217321742175217621772178217921802181218221832184218521862187218821892190219121922193219421952196219721982199220022012202220322042205220622072208220922102211221222132214221522162217221822192220222122222223222422252226222722282229223022312232223322342235223622372238223922402241224222432244224522462247224822492250225122522253225422552256225722582259226022612262226322642265226622672268226922702271227222732274227522762277227822792280228122822283228422852286228722882289229022912292229322942295229622972298229923002301230223032304230523062307230823092310231123122313231423152316231723182319232023212322232323242325232623272328232923302331233223332334233523362337233823392340234123422343234423452346234723482349235023512352235323542355235623572358235923602361236223632364236523662367236823692370237123722373237423752376237723782379238023812382238323842385238623872388238923902391239223932394239523962397239823992400240124022403240424052406240724082409241024112412241324142415241624172418241924202421242224232424242524262427242824292430243124322433243424352436243724382439244024412442244324442445244624472448244924502451245224532454245524562457245824592460246124622463246424652466246724682469247024712472247324742475247624772478247924802481248224832484248524862487248824892490249124922493249424952496249724982499250025012502250325042505250625072508250925102511251225132514251525162517251825192520252125222523252425252526252725282529253025312532253325342535253625372538253925402541254225432544254525462547254825492550255125522553255425552556255725582559256025612562256325642565256625672568256925702571257225732574257525762577257825792580258125822583258425852586258725882589259025912592259325942595259625972598259926002601260226032604260526062607260826092610261126122613261426152616261726182619262026212622262326242625262626272628262926302631263226332634263526362637263826392640264126422643264426452646264726482649265026512652265326542655265626572658265926602661266226632664266526662667266826692670267126722673267426752676267726782679268026812682268326842685268626872688268926902691269226932694269526962697269826992700270127022703270427052706270727082709271027112712271327142715271627172718271927202721272227232724272527262727272827292730273127322733273427352736273727382739274027412742274327442745274627472748274927502751275227532754275527562757275827592760276127622763276427652766276727682769277027712772277327742775277627772778277927802781278227832784278527862787278827892790279127922793279427952796279727982799280028012802280328042805280628072808280928102811281228132814281528162817281828192820282128222823282428252826282728282829283028312832283328342835283628372838283928402841284228432844284528462847284828492850285128522853285428552856285728582859286028612862286328642865286628672868286928702871287228732874287528762877287828792880288128822883288428852886288728882889289028912892289328942895289628972898289929002901290229032904290529062907290829092910291129122913291429152916291729182919292029212922292329242925292629272928292929302931293229332934293529362937293829392940294129422943294429452946294729482949295029512952295329542955295629572958295929602961296229632964296529662967296829692970297129722973297429752976297729782979298029812982298329842985298629872988298929902991299229932994299529962997299829993000300130023003300430053006300730083009301030113012301330143015301630173018301930203021302230233024302530263027302830293030303130323033303430353036303730383039304030413042304330443045304630473048304930503051305230533054305530563057305830593060306130623063306430653066306730683069307030713072307330743075307630773078307930803081308230833084308530863087308830893090309130923093309430953096309730983099310031013102310331043105310631073108310931103111311231133114311531163117311831193120312131223123312431253126312731283129313031313132313331343135313631373138313931403141314231433144314531463147314831493150315131523153315431553156315731583159316031613162316331643165316631673168316931703171317231733174317531763177317831793180318131823183318431853186318731883189319031913192319331943195319631973198319932003201320232033204320532063207320832093210321132123213321432153216321732183219322032213222322332243225322632273228322932303231323232333234323532363237323832393240324132423243324432453246324732483249325032513252325332543255325632573258325932603261326232633264326532663267326832693270327132723273327432753276327732783279328032813282328332843285328632873288328932903291329232933294329532963297329832993300330133023303330433053306330733083309331033113312331333143315331633173318331933203321332233233324332533263327332833293330333133323333333433353336333733383339334033413342334333443345334633473348334933503351335233533354335533563357335833593360336133623363336433653366336733683369337033713372337333743375337633773378337933803381338233833384338533863387338833893390339133923393339433953396339733983399340034013402340334043405340634073408340934103411341234133414341534163417341834193420342134223423342434253426342734283429343034313432343334343435343634373438343934403441344234433444344534463447344834493450345134523453345434553456345734583459346034613462346334643465346634673468346934703471347234733474347534763477347834793480348134823483348434853486348734883489349034913492349334943495349634973498349935003501350235033504350535063507350835093510351135123513351435153516351735183519352035213522352335243525352635273528352935303531353235333534353535363537353835393540354135423543354435453546354735483549355035513552355335543555355635573558355935603561356235633564356535663567356835693570357135723573357435753576357735783579358035813582358335843585358635873588358935903591359235933594359535963597359835993600360136023603360436053606360736083609361036113612361336143615361636173618361936203621362236233624362536263627362836293630363136323633363436353636363736383639364036413642364336443645364636473648364936503651365236533654365536563657365836593660366136623663366436653666366736683669367036713672367336743675367636773678367936803681368236833684368536863687368836893690369136923693369436953696369736983699370037013702370337043705370637073708370937103711371237133714371537163717371837193720372137223723372437253726372737283729373037313732373337343735373637373738373937403741374237433744374537463747374837493750375137523753375437553756375737583759376037613762376337643765376637673768376937703771377237733774377537763777377837793780378137823783378437853786378737883789379037913792379337943795379637973798379938003801380238033804380538063807380838093810381138123813381438153816381738183819382038213822382338243825382638273828382938303831383238333834383538363837383838393840384138423843384438453846384738483849385038513852385338543855385638573858385938603861386238633864386538663867386838693870387138723873387438753876387738783879388038813882388338843885388638873888388938903891389238933894389538963897389838993900390139023903390439053906390739083909391039113912391339143915391639173918391939203921392239233924392539263927392839293930393139323933393439353936393739383939394039413942394339443945394639473948394939503951395239533954395539563957395839593960396139623963396439653966396739683969397039713972397339743975397639773978397939803981398239833984398539863987398839893990399139923993399439953996399739983999400040014002400340044005400640074008400940104011401240134014401540164017401840194020402140224023402440254026402740284029403040314032403340344035403640374038403940404041404240434044404540464047404840494050405140524053405440554056405740584059406040614062406340644065406640674068406940704071407240734074407540764077407840794080408140824083408440854086408740884089409040914092409340944095409640974098409941004101410241034104410541064107410841094110411141124113411441154116411741184119412041214122412341244125412641274128412941304131413241334134413541364137413841394140414141424143414441454146414741484149415041514152415341544155415641574158415941604161416241634164416541664167416841694170417141724173417441754176417741784179418041814182418341844185418641874188418941904191419241934194419541964197419841994200420142024203420442054206420742084209421042114212421342144215421642174218421942204221422242234224422542264227422842294230423142324233423442354236423742384239424042414242424342444245424642474248424942504251425242534254425542564257425842594260426142624263426442654266426742684269427042714272427342744275427642774278427942804281428242834284428542864287428842894290429142924293429442954296429742984299430043014302430343044305430643074308430943104311431243134314431543164317431843194320432143224323432443254326432743284329433043314332433343344335433643374338433943404341434243434344434543464347434843494350435143524353435443554356435743584359436043614362436343644365436643674368436943704371437243734374437543764377437843794380438143824383438443854386438743884389439043914392439343944395439643974398439944004401440244034404440544064407440844094410441144124413441444154416441744184419442044214422442344244425442644274428442944304431443244334434443544364437443844394440444144424443444444454446444744484449445044514452445344544455445644574458445944604461446244634464446544664467446844694470447144724473447444754476447744784479448044814482448344844485448644874488448944904491449244934494449544964497449844994500450145024503450445054506450745084509451045114512451345144515451645174518451945204521452245234524452545264527452845294530453145324533453445354536453745384539454045414542454345444545454645474548454945504551455245534554455545564557455845594560456145624563456445654566456745684569457045714572457345744575457645774578457945804581458245834584458545864587458845894590459145924593459445954596459745984599460046014602460346044605460646074608460946104611461246134614461546164617461846194620462146224623462446254626462746284629463046314632463346344635463646374638463946404641464246434644464546464647464846494650465146524653465446554656465746584659466046614662466346644665466646674668466946704671467246734674467546764677467846794680468146824683468446854686468746884689469046914692469346944695469646974698469947004701470247034704470547064707470847094710471147124713471447154716471747184719472047214722472347244725472647274728472947304731473247334734473547364737473847394740474147424743474447454746474747484749475047514752475347544755475647574758475947604761476247634764476547664767476847694770477147724773477447754776477747784779478047814782478347844785478647874788478947904791479247934794479547964797479847994800480148024803480448054806480748084809481048114812481348144815481648174818481948204821482248234824482548264827482848294830483148324833483448354836483748384839484048414842484348444845484648474848484948504851485248534854485548564857485848594860486148624863486448654866486748684869487048714872487348744875487648774878487948804881488248834884488548864887488848894890489148924893489448954896489748984899490049014902490349044905490649074908490949104911491249134914491549164917491849194920492149224923492449254926492749284929493049314932493349344935493649374938493949404941494249434944494549464947494849494950495149524953495449554956495749584959496049614962496349644965496649674968496949704971497249734974497549764977497849794980498149824983498449854986498749884989499049914992499349944995499649974998499950005001500250035004500550065007500850095010501150125013501450155016501750185019502050215022502350245025502650275028502950305031503250335034503550365037503850395040504150425043504450455046504750485049505050515052505350545055505650575058505950605061506250635064506550665067506850695070507150725073507450755076507750785079508050815082508350845085508650875088508950905091509250935094509550965097509850995100510151025103510451055106510751085109511051115112511351145115511651175118511951205121512251235124512551265127512851295130513151325133513451355136513751385139514051415142514351445145514651475148514951505151515251535154515551565157515851595160516151625163516451655166516751685169517051715172517351745175517651775178517951805181518251835184518551865187518851895190519151925193519451955196519751985199520052015202520352045205520652075208520952105211521252135214521552165217521852195220522152225223522452255226522752285229523052315232523352345235523652375238523952405241524252435244524552465247524852495250525152525253525452555256525752585259526052615262526352645265526652675268526952705271527252735274527552765277527852795280528152825283528452855286528752885289529052915292529352945295529652975298529953005301530253035304530553065307530853095310531153125313531453155316531753185319532053215322532353245325532653275328532953305331533253335334533553365337533853395340534153425343534453455346534753485349535053515352535353545355535653575358535953605361536253635364536553665367536853695370537153725373537453755376537753785379538053815382538353845385538653875388538953905391539253935394539553965397539853995400540154025403540454055406540754085409541054115412541354145415541654175418541954205421542254235424542554265427542854295430543154325433543454355436543754385439544054415442544354445445544654475448544954505451545254535454545554565457545854595460546154625463546454655466546754685469547054715472547354745475547654775478547954805481548254835484548554865487548854895490549154925493549454955496549754985499550055015502550355045505550655075508550955105511551255135514551555165517551855195520552155225523552455255526552755285529553055315532553355345535553655375538553955405541554255435544554555465547554855495550555155525553555455555556555755585559556055615562556355645565556655675568556955705571557255735574557555765577557855795580558155825583558455855586558755885589559055915592559355945595559655975598559956005601560256035604560556065607560856095610561156125613561456155616561756185619562056215622562356245625562656275628562956305631563256335634563556365637563856395640564156425643564456455646564756485649565056515652565356545655565656575658565956605661566256635664566556665667566856695670567156725673567456755676567756785679568056815682568356845685568656875688568956905691569256935694569556965697569856995700570157025703570457055706570757085709571057115712571357145715571657175718571957205721572257235724572557265727572857295730573157325733573457355736573757385739574057415742574357445745574657475748574957505751575257535754575557565757575857595760576157625763576457655766576757685769577057715772577357745775577657775778577957805781578257835784578557865787578857895790579157925793579457955796579757985799580058015802580358045805580658075808580958105811581258135814581558165817581858195820582158225823582458255826582758285829583058315832583358345835583658375838583958405841584258435844584558465847584858495850585158525853585458555856585758585859586058615862586358645865586658675868586958705871587258735874587558765877587858795880588158825883588458855886588758885889589058915892589358945895589658975898589959005901590259035904590559065907590859095910591159125913591459155916591759185919592059215922592359245925592659275928592959305931593259335934593559365937593859395940594159425943594459455946594759485949595059515952595359545955595659575958595959605961596259635964596559665967596859695970597159725973597459755976597759785979598059815982598359845985598659875988598959905991599259935994599559965997599859996000600160026003600460056006600760086009601060116012601360146015601660176018601960206021602260236024602560266027602860296030603160326033603460356036603760386039604060416042604360446045604660476048604960506051605260536054605560566057605860596060606160626063606460656066606760686069607060716072607360746075607660776078607960806081608260836084608560866087608860896090609160926093609460956096609760986099610061016102610361046105610661076108610961106111611261136114611561166117611861196120612161226123612461256126612761286129613061316132613361346135613661376138613961406141614261436144614561466147614861496150615161526153615461556156615761586159616061616162616361646165616661676168616961706171617261736174617561766177617861796180618161826183618461856186618761886189619061916192619361946195619661976198619962006201620262036204620562066207620862096210621162126213621462156216621762186219622062216222622362246225622662276228622962306231623262336234623562366237623862396240624162426243624462456246624762486249625062516252625362546255625662576258625962606261626262636264626562666267626862696270627162726273627462756276627762786279628062816282628362846285628662876288628962906291629262936294629562966297629862996300630163026303630463056306630763086309631063116312631363146315631663176318631963206321632263236324632563266327632863296330633163326333633463356336633763386339634063416342634363446345634663476348634963506351635263536354635563566357635863596360636163626363636463656366636763686369637063716372637363746375637663776378637963806381638263836384638563866387638863896390639163926393639463956396639763986399640064016402640364046405640664076408640964106411641264136414641564166417641864196420642164226423642464256426642764286429643064316432643364346435643664376438643964406441644264436444644564466447644864496450645164526453645464556456645764586459646064616462646364646465646664676468646964706471647264736474647564766477647864796480648164826483648464856486648764886489649064916492649364946495649664976498649965006501650265036504650565066507650865096510651165126513651465156516651765186519652065216522652365246525652665276528652965306531653265336534653565366537653865396540654165426543654465456546654765486549655065516552655365546555655665576558655965606561656265636564656565666567656865696570657165726573657465756576657765786579658065816582658365846585658665876588658965906591659265936594659565966597659865996600660166026603660466056606660766086609661066116612661366146615661666176618661966206621662266236624662566266627662866296630663166326633663466356636663766386639664066416642664366446645664666476648664966506651665266536654665566566657665866596660666166626663666466656666666766686669667066716672667366746675667666776678667966806681668266836684668566866687668866896690669166926693669466956696669766986699670067016702670367046705670667076708670967106711671267136714671567166717671867196720672167226723672467256726672767286729673067316732673367346735673667376738673967406741674267436744674567466747674867496750675167526753675467556756675767586759676067616762676367646765676667676768676967706771677267736774677567766777677867796780678167826783678467856786678767886789679067916792679367946795679667976798679968006801680268036804680568066807680868096810681168126813681468156816681768186819682068216822682368246825682668276828682968306831683268336834683568366837683868396840684168426843684468456846684768486849685068516852685368546855685668576858685968606861686268636864686568666867686868696870687168726873687468756876687768786879688068816882688368846885688668876888688968906891689268936894689568966897689868996900690169026903690469056906690769086909691069116912691369146915691669176918691969206921692269236924692569266927692869296930693169326933693469356936693769386939694069416942694369446945694669476948694969506951695269536954695569566957695869596960696169626963696469656966696769686969697069716972697369746975697669776978697969806981698269836984698569866987698869896990699169926993699469956996699769986999700070017002700370047005700670077008700970107011701270137014701570167017701870197020702170227023702470257026702770287029703070317032703370347035703670377038703970407041704270437044704570467047704870497050705170527053705470557056705770587059706070617062706370647065706670677068706970707071707270737074707570767077707870797080708170827083708470857086708770887089709070917092709370947095709670977098709971007101710271037104710571067107710871097110711171127113711471157116711771187119712071217122712371247125712671277128712971307131713271337134713571367137713871397140714171427143714471457146714771487149715071517152715371547155715671577158715971607161716271637164716571667167716871697170717171727173717471757176717771787179718071817182718371847185718671877188718971907191719271937194719571967197719871997200720172027203720472057206720772087209721072117212721372147215721672177218721972207221722272237224722572267227722872297230723172327233723472357236723772387239724072417242724372447245724672477248724972507251725272537254725572567257725872597260726172627263726472657266726772687269727072717272727372747275727672777278727972807281728272837284728572867287728872897290729172927293729472957296729772987299730073017302730373047305730673077308730973107311731273137314731573167317731873197320732173227323732473257326732773287329733073317332733373347335733673377338733973407341734273437344734573467347734873497350735173527353735473557356735773587359736073617362736373647365736673677368736973707371737273737374737573767377737873797380738173827383738473857386738773887389739073917392739373947395739673977398739974007401740274037404740574067407740874097410741174127413741474157416741774187419742074217422742374247425742674277428742974307431743274337434743574367437743874397440744174427443744474457446744774487449745074517452745374547455745674577458745974607461746274637464746574667467746874697470747174727473747474757476747774787479748074817482748374847485748674877488748974907491749274937494749574967497749874997500750175027503750475057506750775087509751075117512751375147515751675177518751975207521752275237524752575267527752875297530753175327533753475357536753775387539754075417542754375447545754675477548754975507551755275537554755575567557755875597560756175627563756475657566756775687569757075717572757375747575757675777578757975807581758275837584758575867587758875897590759175927593759475957596759775987599760076017602760376047605760676077608760976107611761276137614761576167617761876197620762176227623762476257626762776287629763076317632763376347635763676377638763976407641764276437644764576467647764876497650765176527653765476557656765776587659766076617662766376647665766676677668766976707671767276737674767576767677767876797680768176827683768476857686768776887689769076917692769376947695769676977698769977007701770277037704770577067707770877097710771177127713771477157716771777187719772077217722772377247725772677277728772977307731773277337734773577367737773877397740774177427743774477457746774777487749775077517752775377547755775677577758775977607761776277637764776577667767776877697770777177727773777477757776777777787779778077817782778377847785778677877788778977907791779277937794779577967797779877997800780178027803780478057806780778087809781078117812781378147815781678177818781978207821782278237824782578267827782878297830783178327833783478357836783778387839784078417842784378447845784678477848784978507851785278537854785578567857785878597860786178627863786478657866786778687869787078717872787378747875787678777878787978807881788278837884788578867887788878897890789178927893789478957896789778987899790079017902790379047905790679077908790979107911791279137914791579167917791879197920792179227923792479257926792779287929793079317932793379347935793679377938793979407941794279437944794579467947794879497950795179527953795479557956795779587959796079617962796379647965796679677968796979707971797279737974797579767977797879797980798179827983798479857986798779887989799079917992799379947995799679977998799980008001800280038004800580068007800880098010801180128013801480158016801780188019802080218022802380248025802680278028802980308031803280338034803580368037803880398040804180428043804480458046804780488049805080518052805380548055805680578058805980608061806280638064806580668067806880698070807180728073807480758076807780788079808080818082808380848085808680878088808980908091809280938094809580968097809880998100810181028103810481058106810781088109811081118112811381148115811681178118811981208121812281238124812581268127812881298130813181328133813481358136813781388139814081418142814381448145814681478148814981508151815281538154815581568157815881598160816181628163816481658166816781688169817081718172817381748175817681778178817981808181818281838184818581868187818881898190819181928193819481958196819781988199820082018202820382048205820682078208820982108211821282138214821582168217821882198220822182228223822482258226822782288229823082318232823382348235823682378238823982408241824282438244824582468247824882498250825182528253825482558256825782588259826082618262826382648265826682678268826982708271827282738274827582768277827882798280828182828283828482858286828782888289829082918292829382948295829682978298829983008301830283038304830583068307830883098310831183128313831483158316831783188319832083218322832383248325832683278328832983308331833283338334833583368337833883398340834183428343834483458346834783488349835083518352835383548355835683578358835983608361836283638364836583668367836883698370837183728373837483758376837783788379838083818382838383848385838683878388838983908391839283938394839583968397839883998400840184028403840484058406840784088409841084118412841384148415841684178418841984208421842284238424842584268427842884298430843184328433843484358436843784388439844084418442844384448445844684478448844984508451845284538454845584568457845884598460846184628463846484658466846784688469847084718472847384748475847684778478847984808481848284838484848584868487848884898490849184928493849484958496849784988499850085018502850385048505850685078508850985108511851285138514851585168517851885198520852185228523852485258526852785288529853085318532853385348535853685378538853985408541854285438544854585468547854885498550855185528553855485558556855785588559856085618562856385648565856685678568856985708571857285738574857585768577857885798580858185828583858485858586858785888589859085918592859385948595859685978598859986008601860286038604860586068607860886098610861186128613861486158616861786188619862086218622862386248625862686278628862986308631863286338634863586368637863886398640864186428643864486458646864786488649865086518652865386548655865686578658865986608661866286638664866586668667866886698670867186728673867486758676867786788679868086818682868386848685868686878688868986908691869286938694869586968697869886998700870187028703870487058706870787088709871087118712871387148715871687178718871987208721872287238724872587268727872887298730873187328733873487358736873787388739874087418742874387448745874687478748874987508751875287538754875587568757875887598760876187628763876487658766876787688769877087718772877387748775877687778778877987808781878287838784878587868787878887898790879187928793879487958796879787988799880088018802880388048805880688078808880988108811881288138814881588168817881888198820882188228823882488258826882788288829883088318832883388348835883688378838883988408841884288438844884588468847884888498850885188528853885488558856885788588859886088618862886388648865886688678868886988708871887288738874887588768877887888798880888188828883888488858886888788888889889088918892889388948895889688978898889989008901890289038904890589068907890889098910891189128913891489158916891789188919892089218922892389248925892689278928892989308931893289338934893589368937893889398940894189428943894489458946894789488949895089518952895389548955895689578958895989608961896289638964896589668967896889698970897189728973897489758976897789788979898089818982898389848985898689878988898989908991899289938994899589968997899889999000900190029003900490059006900790089009901090119012901390149015901690179018901990209021902290239024902590269027902890299030903190329033903490359036903790389039904090419042904390449045904690479048904990509051905290539054905590569057905890599060906190629063906490659066906790689069907090719072907390749075907690779078907990809081908290839084908590869087908890899090909190929093909490959096909790989099910091019102910391049105910691079108910991109111911291139114911591169117911891199120912191229123912491259126912791289129913091319132913391349135913691379138913991409141914291439144914591469147914891499150915191529153915491559156915791589159916091619162916391649165916691679168916991709171917291739174917591769177917891799180918191829183918491859186918791889189919091919192919391949195919691979198919992009201920292039204920592069207920892099210921192129213921492159216921792189219922092219222922392249225922692279228922992309231923292339234923592369237923892399240924192429243924492459246924792489249925092519252925392549255925692579258925992609261926292639264926592669267926892699270927192729273927492759276927792789279928092819282928392849285928692879288928992909291929292939294929592969297929892999300930193029303930493059306930793089309931093119312931393149315931693179318931993209321932293239324932593269327932893299330933193329333933493359336933793389339934093419342934393449345934693479348934993509351935293539354935593569357935893599360936193629363936493659366936793689369937093719372937393749375937693779378937993809381938293839384938593869387938893899390939193929393939493959396939793989399940094019402940394049405940694079408940994109411941294139414941594169417941894199420942194229423942494259426942794289429943094319432943394349435943694379438943994409441944294439444944594469447944894499450945194529453945494559456945794589459946094619462946394649465946694679468946994709471947294739474947594769477947894799480948194829483948494859486948794889489949094919492949394949495949694979498949995009501950295039504950595069507950895099510951195129513951495159516951795189519952095219522952395249525952695279528952995309531953295339534953595369537953895399540954195429543954495459546954795489549955095519552955395549555955695579558955995609561956295639564956595669567956895699570957195729573957495759576957795789579958095819582958395849585958695879588958995909591959295939594959595969597959895999600960196029603960496059606960796089609961096119612961396149615961696179618961996209621962296239624962596269627962896299630963196329633963496359636963796389639964096419642964396449645964696479648964996509651965296539654965596569657965896599660966196629663966496659666966796689669967096719672967396749675967696779678967996809681968296839684968596869687968896899690969196929693969496959696969796989699970097019702970397049705970697079708970997109711971297139714971597169717971897199720972197229723972497259726972797289729973097319732973397349735973697379738973997409741974297439744974597469747974897499750975197529753975497559756975797589759976097619762976397649765976697679768976997709771977297739774977597769777977897799780978197829783978497859786978797889789979097919792979397949795979697979798979998009801980298039804980598069807980898099810981198129813981498159816981798189819982098219822982398249825982698279828982998309831983298339834983598369837983898399840984198429843984498459846984798489849985098519852985398549855985698579858985998609861986298639864986598669867986898699870987198729873987498759876987798789879988098819882988398849885988698879888988998909891989298939894989598969897989898999900990199029903990499059906990799089909991099119912991399149915991699179918991999209921992299239924992599269927992899299930993199329933993499359936993799389939994099419942994399449945994699479948994999509951995299539954995599569957995899599960996199629963996499659966996799689969997099719972997399749975997699779978997999809981998299839984998599869987998899899990999199929993999499959996999799989999100001000110002100031000410005100061000710008100091001010011100121001310014100151001610017100181001910020100211002210023100241002510026100271002810029100301003110032100331003410035100361003710038100391004010041100421004310044100451004610047100481004910050100511005210053100541005510056100571005810059100601006110062100631006410065100661006710068100691007010071100721007310074100751007610077100781007910080100811008210083100841008510086100871008810089100901009110092100931009410095100961009710098100991010010101101021010310104101051010610107101081010910110101111011210113101141011510116101171011810119101201012110122101231012410125101261012710128101291013010131101321013310134101351013610137101381013910140101411014210143101441014510146101471014810149101501015110152101531015410155101561015710158101591016010161101621016310164101651016610167101681016910170101711017210173101741017510176101771017810179101801018110182101831018410185101861018710188101891019010191101921019310194101951019610197101981019910200102011020210203102041020510206102071020810209102101021110212102131021410215102161021710218102191022010221102221022310224102251022610227102281022910230102311023210233102341023510236102371023810239102401024110242102431024410245102461024710248102491025010251102521025310254102551025610257102581025910260102611026210263102641026510266102671026810269102701027110272102731027410275102761027710278102791028010281102821028310284102851028610287102881028910290102911029210293102941029510296102971029810299103001030110302103031030410305103061030710308103091031010311103121031310314103151031610317103181031910320103211032210323103241032510326103271032810329103301033110332103331033410335103361033710338103391034010341103421034310344103451034610347103481034910350103511035210353103541035510356103571035810359103601036110362103631036410365103661036710368103691037010371103721037310374103751037610377103781037910380103811038210383103841038510386103871038810389103901039110392103931039410395103961039710398103991040010401104021040310404104051040610407104081040910410104111041210413104141041510416104171041810419104201042110422104231042410425104261042710428104291043010431104321043310434104351043610437104381043910440104411044210443104441044510446104471044810449104501045110452104531045410455104561045710458104591046010461104621046310464104651046610467104681046910470104711047210473104741047510476104771047810479104801048110482104831048410485104861048710488104891049010491104921049310494104951049610497104981049910500105011050210503105041050510506105071050810509105101051110512105131051410515105161051710518105191052010521105221052310524105251052610527105281052910530105311053210533105341053510536105371053810539105401054110542105431054410545105461054710548105491055010551105521055310554105551055610557105581055910560105611056210563105641056510566105671056810569105701057110572105731057410575105761057710578105791058010581105821058310584105851058610587105881058910590105911059210593105941059510596105971059810599106001060110602106031060410605106061060710608106091061010611106121061310614106151061610617106181061910620106211062210623106241062510626106271062810629106301063110632106331063410635106361063710638106391064010641106421064310644106451064610647106481064910650106511065210653106541065510656106571065810659106601066110662106631066410665106661066710668106691067010671106721067310674106751067610677106781067910680106811068210683106841068510686106871068810689106901069110692106931069410695106961069710698106991070010701107021070310704107051070610707107081070910710107111071210713107141071510716107171071810719107201072110722107231072410725107261072710728107291073010731107321073310734107351073610737107381073910740107411074210743107441074510746107471074810749107501075110752107531075410755107561075710758107591076010761107621076310764107651076610767107681076910770107711077210773107741077510776107771077810779107801078110782107831078410785107861078710788107891079010791107921079310794107951079610797107981079910800108011080210803108041080510806108071080810809108101081110812108131081410815108161081710818108191082010821108221082310824108251082610827108281082910830108311083210833108341083510836108371083810839108401084110842108431084410845108461084710848108491085010851108521085310854108551085610857108581085910860108611086210863108641086510866108671086810869108701087110872108731087410875108761087710878108791088010881108821088310884108851088610887108881088910890108911089210893108941089510896108971089810899109001090110902109031090410905109061090710908109091091010911109121091310914109151091610917109181091910920109211092210923109241092510926109271092810929109301093110932109331093410935109361093710938109391094010941109421094310944109451094610947109481094910950109511095210953109541095510956109571095810959109601096110962109631096410965109661096710968109691097010971109721097310974109751097610977109781097910980109811098210983109841098510986109871098810989109901099110992109931099410995109961099710998109991100011001110021100311004110051100611007110081100911010110111101211013110141101511016110171101811019110201102111022110231102411025110261102711028110291103011031110321103311034110351103611037110381103911040110411104211043110441104511046110471104811049110501105111052110531105411055110561105711058110591106011061110621106311064110651106611067110681106911070110711107211073110741107511076110771107811079110801108111082110831108411085110861108711088110891109011091110921109311094110951109611097110981109911100111011110211103111041110511106111071110811109111101111111112111131111411115111161111711118111191112011121111221112311124111251112611127111281112911130111311113211133111341113511136111371113811139111401114111142111431114411145111461114711148111491115011151111521115311154111551115611157111581115911160111611116211163111641116511166111671116811169111701117111172111731117411175111761117711178111791118011181111821118311184111851118611187111881118911190111911119211193111941119511196111971119811199112001120111202112031120411205112061120711208112091121011211112121121311214112151121611217112181121911220112211122211223112241122511226112271122811229112301123111232112331123411235112361123711238112391124011241112421124311244112451124611247112481124911250112511125211253112541125511256112571125811259112601126111262112631126411265112661126711268112691127011271112721127311274112751127611277112781127911280112811128211283112841128511286112871128811289112901129111292112931129411295112961129711298112991130011301113021130311304113051130611307113081130911310113111131211313113141131511316113171131811319113201132111322113231132411325113261132711328113291133011331113321133311334113351133611337113381133911340113411134211343113441134511346113471134811349113501135111352113531135411355113561135711358113591136011361113621136311364113651136611367113681136911370113711137211373113741137511376113771137811379113801138111382113831138411385113861138711388113891139011391113921139311394113951139611397113981139911400114011140211403114041140511406114071140811409114101141111412114131141411415114161141711418114191142011421114221142311424114251142611427114281142911430114311143211433114341143511436114371143811439114401144111442114431144411445114461144711448114491145011451114521145311454114551145611457114581145911460114611146211463114641146511466114671146811469114701147111472114731147411475114761147711478114791148011481114821148311484114851148611487114881148911490114911149211493114941149511496114971149811499115001150111502115031150411505115061150711508115091151011511115121151311514115151151611517115181151911520115211152211523115241152511526115271152811529115301153111532115331153411535115361153711538115391154011541115421154311544115451154611547115481154911550115511155211553115541155511556115571155811559115601156111562115631156411565115661156711568115691157011571115721157311574115751157611577115781157911580115811158211583115841158511586115871158811589115901159111592115931159411595115961159711598115991160011601116021160311604116051160611607116081160911610116111161211613116141161511616116171161811619116201162111622116231162411625116261162711628116291163011631116321163311634116351163611637116381163911640116411164211643116441164511646116471164811649116501165111652116531165411655116561165711658116591166011661116621166311664116651166611667116681166911670116711167211673116741167511676116771167811679116801168111682116831168411685116861168711688116891169011691116921169311694116951169611697116981169911700117011170211703117041170511706117071170811709117101171111712117131171411715117161171711718117191172011721117221172311724117251172611727117281172911730117311173211733117341173511736117371173811739117401174111742117431174411745117461174711748117491175011751117521175311754117551175611757117581175911760117611176211763117641176511766117671176811769117701177111772117731177411775117761177711778117791178011781117821178311784117851178611787117881178911790117911179211793117941179511796117971179811799118001180111802118031180411805118061180711808118091181011811118121181311814118151181611817118181181911820118211182211823118241182511826118271182811829118301183111832118331183411835118361183711838118391184011841118421184311844118451184611847118481184911850118511185211853118541185511856118571185811859118601186111862118631186411865118661186711868118691187011871118721187311874118751187611877118781187911880118811188211883118841188511886118871188811889118901189111892118931189411895118961189711898118991190011901119021190311904119051190611907119081190911910119111191211913119141191511916119171191811919119201192111922119231192411925119261192711928119291193011931119321193311934119351193611937119381193911940119411194211943119441194511946119471194811949119501195111952119531195411955119561195711958119591196011961119621196311964119651196611967119681196911970119711197211973119741197511976119771197811979119801198111982119831198411985119861198711988119891199011991119921199311994119951199611997119981199912000120011200212003120041200512006120071200812009120101201112012120131201412015120161201712018120191202012021120221202312024120251202612027120281202912030120311203212033120341203512036120371203812039120401204112042120431204412045120461204712048120491205012051120521205312054120551205612057120581205912060120611206212063120641206512066120671206812069120701207112072120731207412075120761207712078120791208012081120821208312084120851208612087120881208912090120911209212093120941209512096120971209812099121001210112102121031210412105121061210712108121091211012111121121211312114121151211612117121181211912120121211212212123121241212512126121271212812129121301213112132121331213412135121361213712138121391214012141121421214312144121451214612147121481214912150121511215212153121541215512156121571215812159121601216112162121631216412165121661216712168121691217012171121721217312174121751217612177121781217912180121811218212183121841218512186121871218812189121901219112192121931219412195121961219712198121991220012201122021220312204122051220612207122081220912210122111221212213122141221512216122171221812219122201222112222122231222412225122261222712228122291223012231122321223312234122351223612237122381223912240122411224212243122441224512246122471224812249122501225112252122531225412255122561225712258122591226012261122621226312264122651226612267122681226912270122711227212273122741227512276122771227812279122801228112282122831228412285122861228712288122891229012291122921229312294122951229612297122981229912300123011230212303123041230512306123071230812309123101231112312123131231412315123161231712318123191232012321123221232312324123251232612327123281232912330123311233212333123341233512336123371233812339123401234112342123431234412345123461234712348123491235012351123521235312354123551235612357123581235912360123611236212363123641236512366123671236812369123701237112372123731237412375123761237712378123791238012381123821238312384123851238612387123881238912390123911239212393123941239512396123971239812399124001240112402124031240412405124061240712408124091241012411124121241312414124151241612417124181241912420124211242212423124241242512426124271242812429124301243112432124331243412435124361243712438124391244012441124421244312444124451244612447124481244912450124511245212453124541245512456124571245812459124601246112462124631246412465124661246712468124691247012471124721247312474124751247612477124781247912480124811248212483124841248512486124871248812489124901249112492124931249412495124961249712498124991250012501125021250312504125051250612507125081250912510125111251212513125141251512516125171251812519125201252112522125231252412525125261252712528125291253012531125321253312534125351253612537125381253912540125411254212543125441254512546125471254812549125501255112552125531255412555125561255712558125591256012561125621256312564125651256612567125681256912570125711257212573125741257512576125771257812579125801258112582125831258412585125861258712588125891259012591125921259312594125951259612597125981259912600126011260212603126041260512606126071260812609126101261112612126131261412615126161261712618126191262012621126221262312624126251262612627126281262912630126311263212633126341263512636126371263812639126401264112642126431264412645126461264712648126491265012651126521265312654126551265612657126581265912660126611266212663126641266512666126671266812669126701267112672126731267412675126761267712678126791268012681126821268312684126851268612687126881268912690126911269212693126941269512696126971269812699127001270112702127031270412705127061270712708127091271012711127121271312714127151271612717127181271912720127211272212723127241272512726127271272812729127301273112732127331273412735127361273712738127391274012741127421274312744127451274612747127481274912750127511275212753127541275512756127571275812759127601276112762127631276412765127661276712768127691277012771127721277312774127751277612777127781277912780127811278212783127841278512786127871278812789127901279112792127931279412795127961279712798127991280012801128021280312804128051280612807128081280912810128111281212813128141281512816128171281812819128201282112822128231282412825128261282712828128291283012831128321283312834128351283612837128381283912840128411284212843128441284512846128471284812849128501285112852128531285412855128561285712858128591286012861128621286312864128651286612867128681286912870128711287212873128741287512876128771287812879128801288112882128831288412885128861288712888128891289012891128921289312894128951289612897128981289912900129011290212903129041290512906129071290812909129101291112912129131291412915129161291712918129191292012921129221292312924129251292612927129281292912930129311293212933129341293512936129371293812939129401294112942129431294412945129461294712948129491295012951129521295312954129551295612957129581295912960129611296212963129641296512966129671296812969129701297112972129731297412975129761297712978129791298012981129821298312984129851298612987129881298912990129911299212993129941299512996129971299812999130001300113002130031300413005130061300713008130091301013011130121301313014130151301613017130181301913020130211302213023130241302513026130271302813029130301303113032130331303413035130361303713038130391304013041130421304313044130451304613047130481304913050130511305213053130541305513056130571305813059130601306113062130631306413065130661306713068130691307013071130721307313074130751307613077130781307913080130811308213083130841308513086130871308813089130901309113092130931309413095130961309713098130991310013101131021310313104131051310613107131081310913110131111311213113131141311513116131171311813119131201312113122131231312413125131261312713128131291313013131131321313313134131351313613137131381313913140131411314213143131441314513146131471314813149131501315113152131531315413155131561315713158131591316013161131621316313164131651316613167131681316913170131711317213173131741317513176131771317813179131801318113182131831318413185131861318713188131891319013191131921319313194131951319613197131981319913200132011320213203132041320513206132071320813209132101321113212132131321413215132161321713218132191322013221132221322313224132251322613227132281322913230132311323213233132341323513236132371323813239132401324113242132431324413245132461324713248132491325013251132521325313254132551325613257132581325913260132611326213263132641326513266132671326813269132701327113272132731327413275132761327713278132791328013281132821328313284132851328613287132881328913290132911329213293132941329513296132971329813299133001330113302133031330413305133061330713308133091331013311133121331313314133151331613317133181331913320133211332213323133241332513326133271332813329133301333113332133331333413335133361333713338133391334013341133421334313344133451334613347133481334913350133511335213353133541335513356133571335813359133601336113362133631336413365133661336713368133691337013371133721337313374133751337613377133781337913380133811338213383133841338513386133871338813389133901339113392133931339413395133961339713398133991340013401134021340313404134051340613407134081340913410134111341213413134141341513416134171341813419134201342113422134231342413425134261342713428134291343013431134321343313434134351343613437134381343913440134411344213443134441344513446134471344813449134501345113452134531345413455134561345713458134591346013461134621346313464134651346613467134681346913470134711347213473134741347513476134771347813479134801348113482134831348413485134861348713488134891349013491134921349313494134951349613497134981349913500135011350213503135041350513506135071350813509135101351113512135131351413515135161351713518135191352013521135221352313524135251352613527135281352913530135311353213533135341353513536135371353813539135401354113542135431354413545135461354713548135491355013551135521355313554135551355613557135581355913560135611356213563135641356513566135671356813569135701357113572135731357413575135761357713578135791358013581135821358313584135851358613587135881358913590135911359213593135941359513596135971359813599136001360113602136031360413605136061360713608136091361013611136121361313614136151361613617136181361913620136211362213623136241362513626136271362813629136301363113632136331363413635136361363713638136391364013641136421364313644136451364613647136481364913650136511365213653136541365513656136571365813659136601366113662136631366413665136661366713668136691367013671136721367313674136751367613677136781367913680136811368213683136841368513686136871368813689136901369113692136931369413695136961369713698136991370013701137021370313704137051370613707137081370913710137111371213713137141371513716137171371813719137201372113722137231372413725137261372713728137291373013731137321373313734137351373613737137381373913740137411374213743137441374513746137471374813749137501375113752137531375413755137561375713758137591376013761137621376313764137651376613767137681376913770137711377213773137741377513776137771377813779137801378113782137831378413785137861378713788137891379013791137921379313794137951379613797137981379913800138011380213803138041380513806138071380813809138101381113812138131381413815138161381713818138191382013821138221382313824138251382613827138281382913830138311383213833138341383513836138371383813839138401384113842138431384413845138461384713848138491385013851138521385313854138551385613857138581385913860138611386213863138641386513866138671386813869138701387113872138731387413875138761387713878138791388013881138821388313884138851388613887138881388913890138911389213893138941389513896138971389813899139001390113902139031390413905139061390713908139091391013911139121391313914139151391613917139181391913920139211392213923139241392513926139271392813929139301393113932139331393413935139361393713938139391394013941139421394313944139451394613947139481394913950139511395213953139541395513956139571395813959139601396113962139631396413965139661396713968139691397013971139721397313974139751397613977139781397913980139811398213983139841398513986139871398813989139901399113992139931399413995139961399713998139991400014001140021400314004140051400614007140081400914010140111401214013140141401514016140171401814019140201402114022140231402414025140261402714028140291403014031140321403314034140351403614037140381403914040140411404214043140441404514046140471404814049140501405114052140531405414055140561405714058140591406014061140621406314064140651406614067140681406914070140711407214073140741407514076140771407814079140801408114082140831408414085140861408714088140891409014091140921409314094140951409614097140981409914100141011410214103141041410514106141071410814109141101411114112141131411414115141161411714118141191412014121141221412314124141251412614127141281412914130141311413214133141341413514136141371413814139141401414114142141431414414145141461414714148141491415014151141521415314154141551415614157141581415914160141611416214163141641416514166141671416814169141701417114172141731417414175141761417714178141791418014181141821418314184141851418614187141881418914190141911419214193141941419514196141971419814199142001420114202142031420414205142061420714208142091421014211142121421314214142151421614217142181421914220142211422214223142241422514226142271422814229142301423114232142331423414235142361423714238142391424014241142421424314244142451424614247142481424914250142511425214253142541425514256142571425814259142601426114262142631426414265142661426714268142691427014271142721427314274142751427614277142781427914280142811428214283142841428514286142871428814289142901429114292142931429414295142961429714298142991430014301143021430314304143051430614307143081430914310143111431214313143141431514316143171431814319143201432114322143231432414325143261432714328143291433014331143321433314334143351433614337143381433914340143411434214343143441434514346143471434814349143501435114352143531435414355143561435714358143591436014361143621436314364143651436614367143681436914370143711437214373143741437514376143771437814379143801438114382143831438414385143861438714388143891439014391143921439314394143951439614397143981439914400144011440214403144041440514406144071440814409144101441114412144131441414415144161441714418144191442014421144221442314424144251442614427144281442914430144311443214433144341443514436144371443814439144401444114442144431444414445144461444714448144491445014451144521445314454144551445614457144581445914460144611446214463144641446514466144671446814469144701447114472144731447414475144761447714478144791448014481144821448314484144851448614487144881448914490144911449214493144941449514496144971449814499145001450114502145031450414505145061450714508145091451014511145121451314514145151451614517145181451914520145211452214523145241452514526145271452814529145301453114532145331453414535145361453714538145391454014541145421454314544145451454614547145481454914550145511455214553145541455514556145571455814559145601456114562145631456414565145661456714568145691457014571145721457314574145751457614577145781457914580145811458214583145841458514586145871458814589145901459114592145931459414595145961459714598145991460014601146021460314604146051460614607146081460914610146111461214613146141461514616146171461814619146201462114622146231462414625146261462714628146291463014631146321463314634146351463614637146381463914640146411464214643146441464514646146471464814649146501465114652146531465414655146561465714658146591466014661146621466314664146651466614667146681466914670146711467214673146741467514676146771467814679146801468114682146831468414685146861468714688146891469014691146921469314694146951469614697146981469914700147011470214703147041470514706147071470814709147101471114712147131471414715147161471714718147191472014721147221472314724147251472614727147281472914730147311473214733147341473514736147371473814739147401474114742147431474414745147461474714748147491475014751147521475314754147551475614757147581475914760147611476214763147641476514766147671476814769147701477114772147731477414775147761477714778147791478014781147821478314784147851478614787147881478914790147911479214793147941479514796147971479814799148001480114802148031480414805148061480714808148091481014811148121481314814148151481614817148181481914820148211482214823148241482514826148271482814829148301483114832148331483414835148361483714838148391484014841148421484314844148451484614847148481484914850148511485214853148541485514856148571485814859148601486114862148631486414865148661486714868148691487014871148721487314874148751487614877148781487914880148811488214883148841488514886148871488814889148901489114892148931489414895148961489714898148991490014901149021490314904149051490614907149081490914910149111491214913149141491514916149171491814919149201492114922149231492414925149261492714928149291493014931149321493314934149351493614937149381493914940149411494214943149441494514946149471494814949149501495114952149531495414955149561495714958149591496014961149621496314964149651496614967149681496914970149711497214973149741497514976149771497814979149801498114982149831498414985149861498714988149891499014991149921499314994149951499614997149981499915000150011500215003150041500515006150071500815009150101501115012150131501415015150161501715018150191502015021150221502315024150251502615027150281502915030150311503215033150341503515036150371503815039150401504115042150431504415045150461504715048150491505015051150521505315054150551505615057150581505915060150611506215063150641506515066150671506815069150701507115072150731507415075150761507715078150791508015081150821508315084150851508615087150881508915090150911509215093150941509515096150971509815099151001510115102151031510415105151061510715108151091511015111151121511315114151151511615117151181511915120151211512215123151241512515126151271512815129151301513115132151331513415135151361513715138151391514015141151421514315144151451514615147151481514915150151511515215153151541515515156151571515815159151601516115162151631516415165151661516715168151691517015171151721517315174151751517615177151781517915180151811518215183151841518515186151871518815189151901519115192151931519415195151961519715198151991520015201152021520315204152051520615207152081520915210152111521215213152141521515216152171521815219152201522115222152231522415225152261522715228152291523015231152321523315234152351523615237152381523915240152411524215243152441524515246152471524815249152501525115252152531525415255152561525715258152591526015261152621526315264152651526615267152681526915270152711527215273152741527515276152771527815279152801528115282152831528415285152861528715288152891529015291152921529315294152951529615297152981529915300153011530215303153041530515306153071530815309153101531115312153131531415315153161531715318153191532015321153221532315324153251532615327153281532915330153311533215333153341533515336153371533815339153401534115342153431534415345153461534715348153491535015351153521535315354153551535615357153581535915360153611536215363153641536515366153671536815369153701537115372153731537415375153761537715378153791538015381153821538315384153851538615387153881538915390153911539215393153941539515396153971539815399154001540115402154031540415405154061540715408154091541015411154121541315414154151541615417154181541915420154211542215423154241542515426154271542815429154301543115432154331543415435154361543715438154391544015441154421544315444154451544615447154481544915450154511545215453154541545515456154571545815459154601546115462154631546415465154661546715468154691547015471154721547315474154751547615477154781547915480154811548215483154841548515486154871548815489154901549115492154931549415495154961549715498154991550015501155021550315504155051550615507155081550915510155111551215513155141551515516155171551815519155201552115522155231552415525155261552715528155291553015531155321553315534155351553615537155381553915540155411554215543155441554515546155471554815549155501555115552155531555415555155561555715558155591556015561155621556315564155651556615567155681556915570155711557215573155741557515576155771557815579155801558115582155831558415585155861558715588155891559015591155921559315594155951559615597155981559915600156011560215603156041560515606156071560815609156101561115612156131561415615156161561715618156191562015621156221562315624156251562615627156281562915630156311563215633156341563515636156371563815639156401564115642156431564415645156461564715648156491565015651156521565315654156551565615657156581565915660156611566215663156641566515666156671566815669156701567115672156731567415675156761567715678156791568015681156821568315684156851568615687156881568915690156911569215693156941569515696156971569815699157001570115702157031570415705157061570715708157091571015711157121571315714157151571615717157181571915720157211572215723157241572515726157271572815729157301573115732157331573415735157361573715738157391574015741157421574315744157451574615747157481574915750157511575215753157541575515756157571575815759157601576115762157631576415765157661576715768157691577015771157721577315774157751577615777157781577915780157811578215783157841578515786157871578815789157901579115792157931579415795157961579715798157991580015801158021580315804158051580615807158081580915810158111581215813158141581515816158171581815819158201582115822158231582415825158261582715828158291583015831158321583315834158351583615837158381583915840158411584215843158441584515846158471584815849158501585115852158531585415855158561585715858158591586015861158621586315864158651586615867158681586915870158711587215873158741587515876158771587815879158801588115882158831588415885158861588715888158891589015891158921589315894158951589615897158981589915900159011590215903159041590515906159071590815909159101591115912159131591415915159161591715918159191592015921159221592315924159251592615927159281592915930159311593215933159341593515936159371593815939159401594115942159431594415945159461594715948159491595015951159521595315954159551595615957159581595915960159611596215963159641596515966159671596815969159701597115972159731597415975159761597715978159791598015981159821598315984159851598615987159881598915990159911599215993159941599515996159971599815999160001600116002160031600416005160061600716008160091601016011160121601316014160151601616017160181601916020160211602216023160241602516026160271602816029160301603116032160331603416035160361603716038160391604016041160421604316044160451604616047160481604916050160511605216053160541605516056160571605816059160601606116062160631606416065160661606716068160691607016071160721607316074160751607616077160781607916080160811608216083160841608516086160871608816089160901609116092160931609416095160961609716098160991610016101161021610316104161051610616107161081610916110161111611216113161141611516116161171611816119161201612116122161231612416125161261612716128161291613016131161321613316134161351613616137161381613916140161411614216143161441614516146161471614816149161501615116152161531615416155161561615716158161591616016161161621616316164161651616616167161681616916170161711617216173161741617516176161771617816179161801618116182161831618416185161861618716188161891619016191161921619316194161951619616197161981619916200162011620216203162041620516206162071620816209162101621116212162131621416215162161621716218162191622016221162221622316224162251622616227162281622916230162311623216233162341623516236162371623816239162401624116242162431624416245162461624716248162491625016251162521625316254162551625616257162581625916260162611626216263162641626516266162671626816269162701627116272162731627416275162761627716278162791628016281162821628316284162851628616287162881628916290162911629216293162941629516296162971629816299163001630116302163031630416305163061630716308163091631016311163121631316314163151631616317163181631916320163211632216323163241632516326163271632816329163301633116332163331633416335163361633716338163391634016341163421634316344163451634616347163481634916350163511635216353163541635516356163571635816359163601636116362163631636416365163661636716368163691637016371163721637316374163751637616377163781637916380163811638216383163841638516386163871638816389163901639116392163931639416395163961639716398163991640016401164021640316404164051640616407164081640916410164111641216413164141641516416164171641816419164201642116422164231642416425164261642716428164291643016431164321643316434164351643616437164381643916440164411644216443164441644516446164471644816449164501645116452164531645416455164561645716458164591646016461164621646316464164651646616467164681646916470164711647216473164741647516476164771647816479164801648116482164831648416485164861648716488164891649016491164921649316494164951649616497164981649916500165011650216503165041650516506165071650816509165101651116512165131651416515165161651716518165191652016521165221652316524165251652616527165281652916530165311653216533165341653516536165371653816539165401654116542165431654416545165461654716548165491655016551165521655316554165551655616557165581655916560165611656216563165641656516566165671656816569165701657116572165731657416575165761657716578165791658016581165821658316584165851658616587165881658916590165911659216593165941659516596165971659816599166001660116602166031660416605166061660716608166091661016611166121661316614166151661616617166181661916620166211662216623166241662516626166271662816629166301663116632166331663416635166361663716638166391664016641166421664316644166451664616647166481664916650166511665216653166541665516656166571665816659166601666116662166631666416665166661666716668166691667016671166721667316674166751667616677166781667916680166811668216683166841668516686166871668816689166901669116692166931669416695166961669716698166991670016701167021670316704167051670616707167081670916710167111671216713167141671516716167171671816719167201672116722167231672416725167261672716728167291673016731167321673316734167351673616737167381673916740167411674216743167441674516746167471674816749167501675116752167531675416755167561675716758167591676016761167621676316764167651676616767167681676916770167711677216773167741677516776167771677816779167801678116782167831678416785167861678716788167891679016791167921679316794167951679616797167981679916800168011680216803168041680516806168071680816809168101681116812168131681416815168161681716818168191682016821168221682316824168251682616827168281682916830168311683216833168341683516836168371683816839168401684116842168431684416845168461684716848168491685016851168521685316854168551685616857168581685916860168611686216863168641686516866168671686816869168701687116872168731687416875168761687716878168791688016881168821688316884168851688616887168881688916890168911689216893168941689516896168971689816899169001690116902169031690416905169061690716908169091691016911169121691316914169151691616917169181691916920169211692216923169241692516926169271692816929169301693116932169331693416935169361693716938169391694016941169421694316944169451694616947169481694916950169511695216953169541695516956169571695816959169601696116962169631696416965169661696716968169691697016971169721697316974169751697616977169781697916980169811698216983169841698516986169871698816989169901699116992169931699416995169961699716998169991700017001170021700317004170051700617007170081700917010170111701217013170141701517016170171701817019170201702117022170231702417025170261702717028170291703017031170321703317034170351703617037170381703917040170411704217043170441704517046170471704817049170501705117052170531705417055170561705717058170591706017061170621706317064170651706617067170681706917070170711707217073170741707517076170771707817079170801708117082170831708417085170861708717088170891709017091170921709317094170951709617097170981709917100171011710217103171041710517106171071710817109171101711117112171131711417115171161711717118171191712017121171221712317124171251712617127171281712917130171311713217133171341713517136171371713817139171401714117142171431714417145171461714717148171491715017151171521715317154171551715617157171581715917160171611716217163171641716517166171671716817169171701717117172171731717417175171761717717178171791718017181171821718317184171851718617187171881718917190171911719217193171941719517196171971719817199172001720117202172031720417205172061720717208172091721017211172121721317214172151721617217172181721917220172211722217223172241722517226172271722817229172301723117232172331723417235172361723717238172391724017241172421724317244172451724617247172481724917250172511725217253172541725517256172571725817259172601726117262172631726417265172661726717268172691727017271172721727317274172751727617277172781727917280172811728217283172841728517286172871728817289172901729117292172931729417295172961729717298172991730017301173021730317304173051730617307173081730917310173111731217313173141731517316173171731817319173201732117322173231732417325173261732717328173291733017331173321733317334173351733617337173381733917340173411734217343173441734517346173471734817349173501735117352173531735417355173561735717358173591736017361173621736317364173651736617367173681736917370173711737217373173741737517376173771737817379173801738117382173831738417385173861738717388173891739017391173921739317394173951739617397173981739917400174011740217403174041740517406174071740817409174101741117412174131741417415174161741717418174191742017421174221742317424174251742617427174281742917430174311743217433174341743517436174371743817439174401744117442174431744417445174461744717448174491745017451174521745317454174551745617457174581745917460174611746217463174641746517466174671746817469174701747117472174731747417475174761747717478174791748017481174821748317484174851748617487174881748917490174911749217493174941749517496174971749817499175001750117502175031750417505175061750717508175091751017511175121751317514175151751617517175181751917520175211752217523175241752517526175271752817529175301753117532175331753417535175361753717538175391754017541175421754317544175451754617547175481754917550175511755217553175541755517556175571755817559175601756117562175631756417565175661756717568175691757017571175721757317574175751757617577175781757917580175811758217583175841758517586175871758817589175901759117592175931759417595175961759717598175991760017601176021760317604176051760617607176081760917610176111761217613176141761517616176171761817619176201762117622176231762417625176261762717628176291763017631176321763317634176351763617637176381763917640176411764217643176441764517646176471764817649176501765117652176531765417655176561765717658176591766017661176621766317664176651766617667176681766917670176711767217673176741767517676176771767817679176801768117682176831768417685176861768717688176891769017691176921769317694176951769617697176981769917700177011770217703177041770517706177071770817709177101771117712177131771417715177161771717718177191772017721177221772317724177251772617727177281772917730177311773217733177341773517736177371773817739177401774117742177431774417745177461774717748177491775017751177521775317754177551775617757177581775917760177611776217763177641776517766177671776817769177701777117772177731777417775177761777717778177791778017781177821778317784177851778617787177881778917790177911779217793177941779517796177971779817799178001780117802178031780417805178061780717808178091781017811178121781317814178151781617817178181781917820178211782217823178241782517826178271782817829178301783117832178331783417835178361783717838178391784017841178421784317844178451784617847178481784917850178511785217853178541785517856178571785817859178601786117862178631786417865178661786717868178691787017871178721787317874178751787617877178781787917880178811788217883178841788517886178871788817889178901789117892178931789417895178961789717898178991790017901179021790317904179051790617907179081790917910179111791217913179141791517916179171791817919179201792117922179231792417925179261792717928179291793017931179321793317934179351793617937179381793917940179411794217943179441794517946179471794817949179501795117952179531795417955179561795717958179591796017961179621796317964179651796617967179681796917970179711797217973179741797517976179771797817979179801798117982179831798417985179861798717988179891799017991179921799317994179951799617997179981799918000180011800218003180041800518006180071800818009180101801118012180131801418015180161801718018180191802018021180221802318024180251802618027180281802918030180311803218033180341803518036180371803818039180401804118042180431804418045180461804718048180491805018051180521805318054180551805618057180581805918060180611806218063180641806518066180671806818069180701807118072180731807418075180761807718078180791808018081180821808318084180851808618087180881808918090180911809218093180941809518096180971809818099181001810118102181031810418105181061810718108181091811018111181121811318114181151811618117181181811918120181211812218123181241812518126181271812818129181301813118132181331813418135181361813718138181391814018141181421814318144181451814618147181481814918150181511815218153181541815518156181571815818159181601816118162181631816418165181661816718168181691817018171181721817318174181751817618177181781817918180181811818218183181841818518186181871818818189181901819118192181931819418195181961819718198181991820018201182021820318204182051820618207182081820918210182111821218213182141821518216182171821818219182201822118222182231822418225182261822718228182291823018231182321823318234182351823618237182381823918240182411824218243182441824518246182471824818249182501825118252182531825418255182561825718258182591826018261182621826318264182651826618267182681826918270182711827218273182741827518276182771827818279182801828118282182831828418285182861828718288182891829018291182921829318294182951829618297182981829918300183011830218303183041830518306183071830818309183101831118312183131831418315183161831718318183191832018321183221832318324183251832618327183281832918330183311833218333183341833518336183371833818339183401834118342183431834418345183461834718348183491835018351183521835318354183551835618357183581835918360183611836218363183641836518366183671836818369183701837118372183731837418375183761837718378183791838018381183821838318384183851838618387183881838918390183911839218393183941839518396183971839818399184001840118402184031840418405184061840718408184091841018411184121841318414184151841618417184181841918420184211842218423184241842518426184271842818429184301843118432184331843418435184361843718438184391844018441184421844318444184451844618447184481844918450184511845218453184541845518456184571845818459184601846118462184631846418465184661846718468184691847018471184721847318474184751847618477184781847918480184811848218483184841848518486184871848818489184901849118492184931849418495184961849718498184991850018501185021850318504185051850618507185081850918510185111851218513185141851518516185171851818519185201852118522185231852418525185261852718528185291853018531185321853318534185351853618537185381853918540185411854218543185441854518546185471854818549185501855118552185531855418555185561855718558185591856018561185621856318564185651856618567185681856918570185711857218573185741857518576185771857818579185801858118582185831858418585185861858718588185891859018591185921859318594185951859618597185981859918600186011860218603186041860518606186071860818609186101861118612186131861418615186161861718618186191862018621186221862318624186251862618627186281862918630186311863218633186341863518636186371863818639186401864118642186431864418645186461864718648186491865018651186521865318654186551865618657186581865918660186611866218663186641866518666186671866818669186701867118672186731867418675186761867718678186791868018681186821868318684186851868618687186881868918690186911869218693186941869518696186971869818699187001870118702187031870418705187061870718708187091871018711187121871318714187151871618717187181871918720187211872218723187241872518726187271872818729187301873118732187331873418735187361873718738187391874018741187421874318744187451874618747187481874918750187511875218753187541875518756187571875818759187601876118762187631876418765187661876718768187691877018771187721877318774187751877618777187781877918780187811878218783187841878518786187871878818789187901879118792187931879418795187961879718798187991880018801188021880318804188051880618807188081880918810188111881218813188141881518816188171881818819188201882118822188231882418825188261882718828188291883018831188321883318834188351883618837188381883918840188411884218843188441884518846188471884818849188501885118852188531885418855188561885718858188591886018861188621886318864188651886618867188681886918870188711887218873188741887518876188771887818879188801888118882188831888418885188861888718888188891889018891188921889318894188951889618897188981889918900189011890218903189041890518906189071890818909189101891118912189131891418915189161891718918189191892018921189221892318924189251892618927189281892918930189311893218933189341893518936189371893818939189401894118942189431894418945189461894718948189491895018951189521895318954189551895618957189581895918960189611896218963189641896518966189671896818969189701897118972189731897418975189761897718978189791898018981189821898318984189851898618987189881898918990189911899218993189941899518996189971899818999190001900119002190031900419005190061900719008190091901019011190121901319014190151901619017190181901919020190211902219023190241902519026190271902819029190301903119032190331903419035190361903719038190391904019041190421904319044190451904619047190481904919050190511905219053190541905519056190571905819059190601906119062190631906419065190661906719068190691907019071190721907319074190751907619077190781907919080190811908219083190841908519086190871908819089190901909119092190931909419095190961909719098190991910019101191021910319104191051910619107191081910919110191111911219113191141911519116191171911819119191201912119122191231912419125191261912719128191291913019131191321913319134191351913619137191381913919140191411914219143191441914519146191471914819149191501915119152191531915419155191561915719158191591916019161191621916319164191651916619167191681916919170191711917219173191741917519176191771917819179191801918119182191831918419185191861918719188191891919019191191921919319194191951919619197191981919919200192011920219203192041920519206192071920819209192101921119212192131921419215192161921719218192191922019221192221922319224192251922619227192281922919230192311923219233192341923519236192371923819239192401924119242192431924419245192461924719248192491925019251192521925319254192551925619257192581925919260192611926219263192641926519266192671926819269192701927119272192731927419275192761927719278192791928019281192821928319284192851928619287192881928919290192911929219293192941929519296192971929819299193001930119302193031930419305193061930719308193091931019311193121931319314193151931619317193181931919320193211932219323193241932519326193271932819329193301933119332193331933419335193361933719338193391934019341193421934319344193451934619347193481934919350193511935219353193541935519356193571935819359193601936119362193631936419365193661936719368193691937019371193721937319374193751937619377193781937919380193811938219383193841938519386193871938819389193901939119392193931939419395193961939719398193991940019401194021940319404194051940619407194081940919410194111941219413194141941519416194171941819419194201942119422194231942419425194261942719428194291943019431194321943319434194351943619437194381943919440194411944219443194441944519446194471944819449194501945119452194531945419455194561945719458194591946019461194621946319464194651946619467194681946919470194711947219473194741947519476194771947819479194801948119482194831948419485194861948719488194891949019491194921949319494194951949619497194981949919500195011950219503195041950519506195071950819509195101951119512195131951419515195161951719518195191952019521195221952319524195251952619527195281952919530195311953219533195341953519536195371953819539195401954119542195431954419545195461954719548195491955019551195521955319554195551955619557195581955919560195611956219563195641956519566195671956819569195701957119572195731957419575195761957719578195791958019581195821958319584195851958619587195881958919590195911959219593195941959519596195971959819599196001960119602196031960419605196061960719608196091961019611196121961319614196151961619617196181961919620196211962219623196241962519626196271962819629196301963119632196331963419635196361963719638196391964019641196421964319644196451964619647196481964919650196511965219653196541965519656196571965819659196601966119662196631966419665196661966719668196691967019671196721967319674196751967619677196781967919680196811968219683196841968519686196871968819689196901969119692196931969419695196961969719698196991970019701197021970319704197051970619707197081970919710197111971219713197141971519716197171971819719197201972119722197231972419725197261972719728197291973019731197321973319734197351973619737197381973919740197411974219743197441974519746197471974819749197501975119752197531975419755197561975719758197591976019761197621976319764197651976619767197681976919770197711977219773197741977519776197771977819779197801978119782197831978419785197861978719788197891979019791197921979319794197951979619797197981979919800198011980219803198041980519806198071980819809198101981119812198131981419815198161981719818198191982019821198221982319824198251982619827198281982919830198311983219833198341983519836198371983819839198401984119842198431984419845198461984719848198491985019851198521985319854198551985619857198581985919860198611986219863198641986519866198671986819869198701987119872198731987419875198761987719878198791988019881198821988319884198851988619887198881988919890198911989219893198941989519896198971989819899199001990119902199031990419905199061990719908199091991019911199121991319914199151991619917199181991919920199211992219923199241992519926199271992819929199301993119932199331993419935199361993719938199391994019941199421994319944199451994619947199481994919950199511995219953199541995519956199571995819959199601996119962199631996419965199661996719968199691997019971199721997319974199751997619977199781997919980199811998219983199841998519986199871998819989199901999119992199931999419995199961999719998199992000020001200022000320004200052000620007200082000920010200112001220013200142001520016200172001820019200202002120022200232002420025200262002720028200292003020031200322003320034200352003620037200382003920040200412004220043200442004520046200472004820049200502005120052200532005420055200562005720058200592006020061200622006320064200652006620067200682006920070200712007220073200742007520076200772007820079200802008120082200832008420085200862008720088200892009020091200922009320094200952009620097200982009920100201012010220103201042010520106201072010820109201102011120112201132011420115201162011720118201192012020121201222012320124201252012620127201282012920130201312013220133201342013520136201372013820139201402014120142201432014420145201462014720148201492015020151201522015320154201552015620157201582015920160201612016220163201642016520166201672016820169201702017120172201732017420175201762017720178201792018020181201822018320184201852018620187201882018920190201912019220193201942019520196201972019820199202002020120202202032020420205202062020720208202092021020211202122021320214202152021620217202182021920220202212022220223202242022520226202272022820229202302023120232202332023420235202362023720238202392024020241202422024320244202452024620247202482024920250202512025220253202542025520256202572025820259202602026120262202632026420265202662026720268202692027020271202722027320274202752027620277202782027920280202812028220283202842028520286202872028820289202902029120292202932029420295202962029720298202992030020301203022030320304203052030620307203082030920310203112031220313203142031520316203172031820319203202032120322203232032420325203262032720328203292033020331203322033320334203352033620337203382033920340203412034220343203442034520346203472034820349203502035120352203532035420355203562035720358203592036020361203622036320364203652036620367203682036920370203712037220373203742037520376203772037820379203802038120382203832038420385203862038720388203892039020391203922039320394203952039620397203982039920400204012040220403204042040520406204072040820409204102041120412204132041420415204162041720418204192042020421204222042320424204252042620427204282042920430204312043220433204342043520436204372043820439204402044120442204432044420445204462044720448204492045020451204522045320454204552045620457204582045920460204612046220463204642046520466204672046820469204702047120472204732047420475204762047720478204792048020481204822048320484204852048620487204882048920490204912049220493204942049520496204972049820499205002050120502205032050420505205062050720508205092051020511205122051320514205152051620517205182051920520205212052220523205242052520526205272052820529205302053120532205332053420535205362053720538205392054020541205422054320544205452054620547205482054920550205512055220553205542055520556205572055820559205602056120562205632056420565205662056720568205692057020571205722057320574205752057620577205782057920580205812058220583205842058520586205872058820589205902059120592205932059420595205962059720598205992060020601206022060320604206052060620607206082060920610206112061220613206142061520616206172061820619206202062120622206232062420625206262062720628206292063020631206322063320634206352063620637206382063920640206412064220643206442064520646206472064820649206502065120652206532065420655206562065720658206592066020661206622066320664206652066620667206682066920670206712067220673206742067520676206772067820679206802068120682206832068420685206862068720688206892069020691206922069320694206952069620697206982069920700207012070220703207042070520706207072070820709207102071120712207132071420715207162071720718207192072020721207222072320724207252072620727207282072920730207312073220733207342073520736207372073820739207402074120742207432074420745207462074720748207492075020751207522075320754207552075620757207582075920760207612076220763207642076520766207672076820769207702077120772207732077420775207762077720778207792078020781207822078320784207852078620787207882078920790207912079220793207942079520796207972079820799208002080120802208032080420805208062080720808208092081020811208122081320814208152081620817208182081920820208212082220823208242082520826208272082820829208302083120832208332083420835208362083720838208392084020841208422084320844208452084620847208482084920850208512085220853208542085520856208572085820859208602086120862208632086420865208662086720868208692087020871208722087320874208752087620877208782087920880208812088220883208842088520886208872088820889208902089120892208932089420895208962089720898208992090020901209022090320904209052090620907209082090920910209112091220913209142091520916209172091820919209202092120922209232092420925209262092720928209292093020931209322093320934209352093620937209382093920940209412094220943209442094520946209472094820949209502095120952209532095420955209562095720958209592096020961209622096320964209652096620967209682096920970209712097220973209742097520976209772097820979209802098120982209832098420985209862098720988209892099020991209922099320994209952099620997209982099921000210012100221003210042100521006210072100821009210102101121012210132101421015210162101721018210192102021021210222102321024210252102621027210282102921030210312103221033210342103521036210372103821039210402104121042210432104421045210462104721048210492105021051210522105321054210552105621057210582105921060210612106221063210642106521066210672106821069210702107121072210732107421075210762107721078210792108021081210822108321084210852108621087210882108921090210912109221093210942109521096210972109821099211002110121102211032110421105211062110721108211092111021111211122111321114211152111621117211182111921120211212112221123211242112521126211272112821129211302113121132211332113421135211362113721138211392114021141211422114321144211452114621147211482114921150211512115221153211542115521156211572115821159211602116121162211632116421165211662116721168211692117021171211722117321174211752117621177211782117921180211812118221183211842118521186211872118821189211902119121192211932119421195211962119721198211992120021201212022120321204212052120621207212082120921210212112121221213212142121521216212172121821219212202122121222212232122421225212262122721228212292123021231212322123321234212352123621237212382123921240212412124221243212442124521246212472124821249212502125121252212532125421255212562125721258212592126021261212622126321264212652126621267212682126921270212712127221273212742127521276212772127821279212802128121282212832128421285212862128721288212892129021291212922129321294212952129621297212982129921300213012130221303213042130521306213072130821309213102131121312213132131421315213162131721318213192132021321213222132321324213252132621327213282132921330213312133221333213342133521336213372133821339213402134121342213432134421345213462134721348213492135021351213522135321354213552135621357213582135921360213612136221363213642136521366213672136821369213702137121372213732137421375213762137721378213792138021381213822138321384213852138621387213882138921390213912139221393213942139521396213972139821399214002140121402214032140421405214062140721408214092141021411214122141321414214152141621417214182141921420214212142221423214242142521426214272142821429214302143121432214332143421435214362143721438214392144021441214422144321444214452144621447214482144921450214512145221453214542145521456214572145821459214602146121462214632146421465214662146721468214692147021471214722147321474214752147621477214782147921480214812148221483214842148521486214872148821489214902149121492214932149421495214962149721498214992150021501215022150321504215052150621507215082150921510215112151221513215142151521516215172151821519215202152121522215232152421525215262152721528215292153021531215322153321534215352153621537215382153921540215412154221543215442154521546215472154821549215502155121552215532155421555215562155721558215592156021561215622156321564215652156621567215682156921570215712157221573215742157521576215772157821579215802158121582215832158421585215862158721588215892159021591215922159321594215952159621597215982159921600216012160221603216042160521606216072160821609216102161121612216132161421615216162161721618216192162021621216222162321624216252162621627216282162921630216312163221633216342163521636216372163821639216402164121642216432164421645216462164721648216492165021651216522165321654216552165621657216582165921660216612166221663216642166521666216672166821669216702167121672216732167421675216762167721678216792168021681216822168321684216852168621687216882168921690216912169221693216942169521696216972169821699217002170121702217032170421705217062170721708217092171021711217122171321714217152171621717217182171921720217212172221723217242172521726217272172821729217302173121732217332173421735217362173721738217392174021741217422174321744217452174621747217482174921750217512175221753217542175521756217572175821759217602176121762217632176421765217662176721768217692177021771217722177321774217752177621777217782177921780217812178221783217842178521786217872178821789217902179121792217932179421795217962179721798217992180021801218022180321804218052180621807218082180921810218112181221813218142181521816218172181821819218202182121822218232182421825218262182721828218292183021831218322183321834218352183621837218382183921840218412184221843218442184521846218472184821849218502185121852218532185421855218562185721858218592186021861218622186321864218652186621867218682186921870218712187221873218742187521876218772187821879218802188121882218832188421885218862188721888218892189021891218922189321894218952189621897218982189921900219012190221903219042190521906219072190821909219102191121912219132191421915219162191721918219192192021921219222192321924219252192621927219282192921930219312193221933219342193521936219372193821939219402194121942219432194421945219462194721948219492195021951219522195321954219552195621957219582195921960219612196221963219642196521966219672196821969219702197121972219732197421975219762197721978219792198021981219822198321984219852198621987219882198921990219912199221993219942199521996219972199821999220002200122002220032200422005220062200722008220092201022011220122201322014220152201622017220182201922020220212202222023220242202522026220272202822029220302203122032220332203422035220362203722038220392204022041220422204322044220452204622047220482204922050220512205222053220542205522056220572205822059220602206122062220632206422065220662206722068220692207022071220722207322074220752207622077220782207922080220812208222083220842208522086220872208822089220902209122092220932209422095220962209722098220992210022101221022210322104221052210622107221082210922110221112211222113221142211522116221172211822119221202212122122221232212422125221262212722128221292213022131221322213322134221352213622137221382213922140221412214222143221442214522146221472214822149221502215122152221532215422155221562215722158221592216022161221622216322164221652216622167221682216922170221712217222173221742217522176221772217822179221802218122182221832218422185221862218722188221892219022191221922219322194221952219622197221982219922200222012220222203222042220522206222072220822209222102221122212222132221422215222162221722218222192222022221222222222322224222252222622227222282222922230222312223222233222342223522236222372223822239222402224122242222432224422245222462224722248222492225022251222522225322254222552225622257222582225922260222612226222263222642226522266222672226822269222702227122272222732227422275222762227722278222792228022281222822228322284222852228622287222882228922290222912229222293222942229522296222972229822299223002230122302223032230422305223062230722308223092231022311223122231322314223152231622317223182231922320223212232222323223242232522326223272232822329223302233122332223332233422335223362233722338223392234022341223422234322344223452234622347223482234922350223512235222353223542235522356223572235822359223602236122362223632236422365223662236722368223692237022371223722237322374223752237622377223782237922380223812238222383223842238522386223872238822389223902239122392223932239422395223962239722398223992240022401224022240322404224052240622407224082240922410224112241222413224142241522416224172241822419224202242122422224232242422425224262242722428224292243022431224322243322434224352243622437224382243922440224412244222443224442244522446224472244822449224502245122452224532245422455224562245722458224592246022461224622246322464224652246622467224682246922470224712247222473224742247522476224772247822479224802248122482224832248422485224862248722488224892249022491224922249322494224952249622497224982249922500225012250222503225042250522506225072250822509225102251122512225132251422515225162251722518225192252022521225222252322524225252252622527225282252922530225312253222533225342253522536225372253822539225402254122542225432254422545225462254722548225492255022551225522255322554225552255622557225582255922560225612256222563225642256522566225672256822569225702257122572225732257422575225762257722578225792258022581225822258322584225852258622587225882258922590225912259222593225942259522596225972259822599226002260122602226032260422605226062260722608226092261022611226122261322614226152261622617226182261922620226212262222623226242262522626226272262822629226302263122632226332263422635226362263722638226392264022641226422264322644226452264622647226482264922650226512265222653226542265522656226572265822659226602266122662226632266422665226662266722668226692267022671226722267322674226752267622677226782267922680226812268222683226842268522686226872268822689226902269122692226932269422695226962269722698226992270022701227022270322704227052270622707227082270922710227112271222713227142271522716227172271822719227202272122722227232272422725227262272722728227292273022731227322273322734227352273622737227382273922740227412274222743227442274522746227472274822749227502275122752227532275422755227562275722758227592276022761227622276322764227652276622767227682276922770227712277222773227742277522776227772277822779227802278122782227832278422785227862278722788227892279022791227922279322794227952279622797227982279922800228012280222803228042280522806228072280822809228102281122812228132281422815228162281722818228192282022821228222282322824228252282622827228282282922830228312283222833228342283522836228372283822839228402284122842228432284422845228462284722848228492285022851228522285322854228552285622857228582285922860228612286222863228642286522866228672286822869228702287122872228732287422875228762287722878228792288022881228822288322884228852288622887228882288922890228912289222893228942289522896228972289822899229002290122902229032290422905229062290722908229092291022911229122291322914229152291622917229182291922920229212292222923229242292522926229272292822929229302293122932229332293422935229362293722938229392294022941229422294322944229452294622947229482294922950229512295222953229542295522956229572295822959229602296122962229632296422965229662296722968229692297022971229722297322974229752297622977229782297922980229812298222983229842298522986229872298822989229902299122992229932299422995229962299722998229992300023001230022300323004230052300623007230082300923010230112301223013230142301523016230172301823019230202302123022230232302423025230262302723028230292303023031230322303323034230352303623037230382303923040230412304223043230442304523046230472304823049230502305123052230532305423055230562305723058230592306023061230622306323064230652306623067230682306923070230712307223073230742307523076230772307823079230802308123082230832308423085230862308723088230892309023091230922309323094230952309623097230982309923100231012310223103231042310523106231072310823109231102311123112231132311423115231162311723118231192312023121231222312323124231252312623127231282312923130231312313223133231342313523136231372313823139231402314123142231432314423145231462314723148231492315023151231522315323154231552315623157231582315923160231612316223163231642316523166231672316823169231702317123172231732317423175231762317723178231792318023181231822318323184231852318623187231882318923190231912319223193231942319523196231972319823199232002320123202232032320423205232062320723208232092321023211232122321323214232152321623217232182321923220232212322223223232242322523226232272322823229232302323123232232332323423235232362323723238232392324023241232422324323244232452324623247232482324923250232512325223253232542325523256232572325823259232602326123262232632326423265232662326723268232692327023271232722327323274232752327623277232782327923280232812328223283232842328523286232872328823289232902329123292232932329423295232962329723298232992330023301233022330323304233052330623307233082330923310233112331223313233142331523316233172331823319233202332123322233232332423325233262332723328233292333023331233322333323334233352333623337233382333923340233412334223343233442334523346233472334823349233502335123352233532335423355233562335723358233592336023361233622336323364233652336623367233682336923370233712337223373233742337523376233772337823379233802338123382233832338423385233862338723388233892339023391233922339323394233952339623397233982339923400234012340223403234042340523406234072340823409234102341123412234132341423415234162341723418234192342023421234222342323424234252342623427234282342923430234312343223433234342343523436234372343823439234402344123442234432344423445234462344723448234492345023451234522345323454234552345623457234582345923460234612346223463234642346523466234672346823469234702347123472234732347423475234762347723478234792348023481234822348323484234852348623487234882348923490234912349223493234942349523496234972349823499235002350123502235032350423505235062350723508235092351023511235122351323514235152351623517235182351923520235212352223523235242352523526235272352823529235302353123532235332353423535235362353723538235392354023541235422354323544235452354623547235482354923550235512355223553235542355523556235572355823559235602356123562235632356423565235662356723568235692357023571235722357323574235752357623577235782357923580235812358223583235842358523586235872358823589235902359123592235932359423595235962359723598235992360023601236022360323604236052360623607236082360923610236112361223613236142361523616236172361823619236202362123622236232362423625236262362723628236292363023631236322363323634236352363623637236382363923640236412364223643236442364523646236472364823649236502365123652236532365423655236562365723658236592366023661236622366323664236652366623667236682366923670236712367223673236742367523676236772367823679236802368123682236832368423685236862368723688236892369023691236922369323694236952369623697236982369923700237012370223703237042370523706237072370823709237102371123712237132371423715237162371723718237192372023721237222372323724237252372623727237282372923730237312373223733237342373523736237372373823739237402374123742237432374423745237462374723748237492375023751237522375323754237552375623757237582375923760237612376223763237642376523766237672376823769237702377123772237732377423775237762377723778237792378023781237822378323784237852378623787237882378923790237912379223793237942379523796237972379823799238002380123802238032380423805238062380723808238092381023811238122381323814238152381623817238182381923820238212382223823238242382523826238272382823829238302383123832238332383423835238362383723838238392384023841238422384323844238452384623847238482384923850238512385223853238542385523856238572385823859238602386123862238632386423865238662386723868238692387023871238722387323874238752387623877238782387923880238812388223883238842388523886238872388823889238902389123892238932389423895238962389723898238992390023901239022390323904239052390623907239082390923910239112391223913239142391523916239172391823919239202392123922239232392423925239262392723928239292393023931239322393323934239352393623937239382393923940239412394223943239442394523946239472394823949239502395123952239532395423955239562395723958239592396023961239622396323964239652396623967239682396923970239712397223973239742397523976239772397823979239802398123982239832398423985239862398723988239892399023991239922399323994239952399623997239982399924000240012400224003240042400524006240072400824009240102401124012240132401424015240162401724018240192402024021240222402324024240252402624027240282402924030240312403224033240342403524036240372403824039240402404124042240432404424045240462404724048240492405024051240522405324054240552405624057240582405924060240612406224063240642406524066240672406824069240702407124072240732407424075240762407724078240792408024081240822408324084240852408624087240882408924090240912409224093240942409524096240972409824099241002410124102241032410424105241062410724108241092411024111241122411324114241152411624117241182411924120241212412224123241242412524126241272412824129241302413124132241332413424135241362413724138241392414024141241422414324144241452414624147241482414924150241512415224153241542415524156241572415824159241602416124162241632416424165241662416724168241692417024171241722417324174241752417624177241782417924180241812418224183241842418524186241872418824189241902419124192241932419424195241962419724198241992420024201242022420324204242052420624207242082420924210242112421224213242142421524216242172421824219242202422124222242232422424225242262422724228242292423024231242322423324234242352423624237242382423924240242412424224243242442424524246242472424824249242502425124252242532425424255242562425724258242592426024261242622426324264242652426624267242682426924270242712427224273242742427524276242772427824279242802428124282242832428424285242862428724288242892429024291242922429324294242952429624297242982429924300243012430224303243042430524306243072430824309243102431124312243132431424315243162431724318243192432024321243222432324324243252432624327243282432924330243312433224333243342433524336243372433824339243402434124342243432434424345243462434724348243492435024351243522435324354243552435624357243582435924360243612436224363243642436524366243672436824369243702437124372243732437424375243762437724378243792438024381243822438324384243852438624387243882438924390243912439224393243942439524396243972439824399244002440124402244032440424405244062440724408244092441024411244122441324414244152441624417244182441924420244212442224423244242442524426244272442824429244302443124432244332443424435244362443724438244392444024441244422444324444244452444624447244482444924450244512445224453244542445524456244572445824459244602446124462244632446424465244662446724468244692447024471244722447324474244752447624477244782447924480244812448224483244842448524486244872448824489244902449124492244932449424495244962449724498244992450024501245022450324504245052450624507245082450924510245112451224513245142451524516245172451824519245202452124522245232452424525245262452724528245292453024531245322453324534245352453624537245382453924540245412454224543245442454524546245472454824549245502455124552245532455424555245562455724558245592456024561245622456324564245652456624567245682456924570245712457224573245742457524576245772457824579245802458124582245832458424585245862458724588245892459024591245922459324594245952459624597245982459924600246012460224603246042460524606246072460824609246102461124612246132461424615246162461724618246192462024621246222462324624246252462624627246282462924630246312463224633246342463524636246372463824639246402464124642246432464424645246462464724648246492465024651246522465324654246552465624657246582465924660246612466224663246642466524666246672466824669246702467124672246732467424675246762467724678246792468024681246822468324684246852468624687246882468924690246912469224693246942469524696246972469824699247002470124702247032470424705247062470724708247092471024711247122471324714247152471624717247182471924720247212472224723247242472524726247272472824729247302473124732247332473424735247362473724738247392474024741247422474324744247452474624747247482474924750247512475224753247542475524756247572475824759247602476124762247632476424765247662476724768247692477024771247722477324774247752477624777247782477924780247812478224783247842478524786247872478824789247902479124792247932479424795247962479724798247992480024801248022480324804248052480624807248082480924810248112481224813248142481524816248172481824819248202482124822248232482424825248262482724828248292483024831248322483324834248352483624837248382483924840248412484224843248442484524846248472484824849248502485124852248532485424855248562485724858248592486024861248622486324864248652486624867248682486924870248712487224873248742487524876248772487824879248802488124882248832488424885248862488724888248892489024891248922489324894248952489624897248982489924900249012490224903249042490524906249072490824909249102491124912249132491424915249162491724918249192492024921249222492324924249252492624927249282492924930249312493224933249342493524936249372493824939249402494124942249432494424945249462494724948249492495024951249522495324954249552495624957249582495924960249612496224963249642496524966249672496824969249702497124972249732497424975249762497724978249792498024981249822498324984249852498624987249882498924990249912499224993249942499524996249972499824999250002500125002250032500425005250062500725008250092501025011250122501325014250152501625017250182501925020250212502225023250242502525026250272502825029250302503125032250332503425035250362503725038250392504025041250422504325044250452504625047250482504925050250512505225053250542505525056250572505825059250602506125062250632506425065250662506725068250692507025071250722507325074250752507625077250782507925080250812508225083250842508525086250872508825089250902509125092250932509425095250962509725098250992510025101251022510325104251052510625107251082510925110251112511225113251142511525116251172511825119251202512125122251232512425125251262512725128251292513025131251322513325134251352513625137251382513925140251412514225143251442514525146251472514825149251502515125152251532515425155251562515725158251592516025161251622516325164251652516625167251682516925170251712517225173251742517525176251772517825179251802518125182251832518425185251862518725188251892519025191251922519325194251952519625197251982519925200252012520225203252042520525206252072520825209252102521125212252132521425215252162521725218252192522025221252222522325224252252522625227252282522925230252312523225233252342523525236252372523825239252402524125242252432524425245252462524725248252492525025251252522525325254252552525625257252582525925260252612526225263252642526525266252672526825269252702527125272252732527425275252762527725278252792528025281252822528325284252852528625287252882528925290252912529225293252942529525296252972529825299253002530125302253032530425305253062530725308253092531025311253122531325314253152531625317253182531925320253212532225323253242532525326253272532825329253302533125332253332533425335253362533725338253392534025341253422534325344253452534625347253482534925350253512535225353253542535525356253572535825359253602536125362253632536425365253662536725368253692537025371253722537325374253752537625377253782537925380253812538225383253842538525386253872538825389253902539125392253932539425395253962539725398253992540025401254022540325404254052540625407254082540925410254112541225413254142541525416254172541825419254202542125422254232542425425254262542725428254292543025431254322543325434254352543625437254382543925440254412544225443254442544525446254472544825449254502545125452254532545425455254562545725458254592546025461254622546325464254652546625467254682546925470254712547225473254742547525476254772547825479254802548125482254832548425485254862548725488254892549025491254922549325494254952549625497254982549925500255012550225503255042550525506255072550825509255102551125512255132551425515255162551725518255192552025521255222552325524255252552625527255282552925530255312553225533255342553525536255372553825539255402554125542255432554425545255462554725548255492555025551255522555325554255552555625557255582555925560255612556225563255642556525566255672556825569255702557125572255732557425575255762557725578255792558025581255822558325584255852558625587255882558925590255912559225593255942559525596255972559825599256002560125602256032560425605256062560725608256092561025611256122561325614256152561625617256182561925620256212562225623256242562525626256272562825629256302563125632256332563425635256362563725638256392564025641256422564325644256452564625647256482564925650256512565225653256542565525656256572565825659256602566125662256632566425665256662566725668256692567025671256722567325674256752567625677256782567925680256812568225683256842568525686256872568825689256902569125692256932569425695256962569725698256992570025701257022570325704257052570625707257082570925710257112571225713257142571525716257172571825719257202572125722257232572425725257262572725728257292573025731257322573325734257352573625737257382573925740257412574225743257442574525746257472574825749257502575125752257532575425755257562575725758257592576025761257622576325764257652576625767257682576925770257712577225773257742577525776257772577825779257802578125782257832578425785257862578725788257892579025791257922579325794257952579625797257982579925800258012580225803258042580525806258072580825809258102581125812258132581425815258162581725818258192582025821258222582325824258252582625827258282582925830258312583225833258342583525836258372583825839258402584125842258432584425845258462584725848258492585025851258522585325854258552585625857258582585925860258612586225863258642586525866258672586825869258702587125872258732587425875258762587725878258792588025881258822588325884258852588625887258882588925890258912589225893258942589525896258972589825899259002590125902259032590425905259062590725908259092591025911259122591325914259152591625917259182591925920259212592225923259242592525926259272592825929259302593125932259332593425935259362593725938259392594025941259422594325944259452594625947259482594925950259512595225953259542595525956259572595825959259602596125962259632596425965259662596725968259692597025971259722597325974259752597625977259782597925980259812598225983259842598525986259872598825989259902599125992259932599425995259962599725998259992600026001260022600326004260052600626007260082600926010260112601226013260142601526016260172601826019260202602126022260232602426025260262602726028260292603026031260322603326034260352603626037260382603926040260412604226043260442604526046260472604826049260502605126052260532605426055260562605726058260592606026061260622606326064260652606626067260682606926070260712607226073260742607526076260772607826079260802608126082260832608426085260862608726088260892609026091260922609326094260952609626097260982609926100261012610226103261042610526106261072610826109261102611126112261132611426115261162611726118261192612026121261222612326124261252612626127261282612926130261312613226133261342613526136261372613826139261402614126142261432614426145261462614726148261492615026151261522615326154261552615626157261582615926160261612616226163261642616526166261672616826169261702617126172261732617426175261762617726178261792618026181261822618326184261852618626187261882618926190261912619226193261942619526196261972619826199262002620126202262032620426205262062620726208262092621026211262122621326214262152621626217262182621926220262212622226223262242622526226262272622826229262302623126232262332623426235262362623726238262392624026241262422624326244262452624626247262482624926250262512625226253262542625526256262572625826259262602626126262262632626426265262662626726268262692627026271262722627326274262752627626277262782627926280262812628226283262842628526286262872628826289262902629126292262932629426295262962629726298262992630026301263022630326304263052630626307263082630926310263112631226313263142631526316263172631826319263202632126322263232632426325263262632726328263292633026331263322633326334263352633626337263382633926340263412634226343263442634526346263472634826349263502635126352263532635426355263562635726358263592636026361263622636326364263652636626367263682636926370263712637226373263742637526376263772637826379263802638126382263832638426385263862638726388263892639026391263922639326394263952639626397263982639926400264012640226403264042640526406264072640826409264102641126412264132641426415264162641726418264192642026421264222642326424264252642626427264282642926430264312643226433264342643526436264372643826439264402644126442264432644426445264462644726448264492645026451264522645326454264552645626457264582645926460264612646226463264642646526466264672646826469264702647126472264732647426475264762647726478264792648026481264822648326484264852648626487264882648926490264912649226493264942649526496264972649826499265002650126502265032650426505265062650726508265092651026511265122651326514265152651626517265182651926520265212652226523265242652526526265272652826529265302653126532265332653426535265362653726538265392654026541265422654326544265452654626547265482654926550265512655226553265542655526556265572655826559265602656126562265632656426565265662656726568265692657026571265722657326574265752657626577265782657926580265812658226583265842658526586265872658826589265902659126592265932659426595265962659726598265992660026601266022660326604266052660626607266082660926610266112661226613266142661526616266172661826619266202662126622266232662426625266262662726628266292663026631266322663326634266352663626637266382663926640266412664226643266442664526646266472664826649266502665126652266532665426655266562665726658266592666026661266622666326664266652666626667266682666926670266712667226673266742667526676266772667826679266802668126682266832668426685266862668726688266892669026691266922669326694266952669626697266982669926700267012670226703267042670526706267072670826709267102671126712267132671426715267162671726718267192672026721267222672326724267252672626727267282672926730267312673226733267342673526736267372673826739267402674126742267432674426745267462674726748267492675026751267522675326754267552675626757267582675926760267612676226763267642676526766267672676826769267702677126772267732677426775267762677726778267792678026781267822678326784267852678626787267882678926790267912679226793267942679526796267972679826799268002680126802268032680426805268062680726808268092681026811268122681326814268152681626817268182681926820268212682226823268242682526826268272682826829268302683126832268332683426835268362683726838268392684026841268422684326844268452684626847268482684926850268512685226853268542685526856268572685826859268602686126862268632686426865268662686726868268692687026871268722687326874268752687626877268782687926880268812688226883268842688526886268872688826889268902689126892268932689426895268962689726898268992690026901269022690326904269052690626907269082690926910269112691226913269142691526916269172691826919269202692126922269232692426925269262692726928269292693026931269322693326934269352693626937269382693926940269412694226943269442694526946269472694826949269502695126952269532695426955269562695726958269592696026961269622696326964269652696626967269682696926970269712697226973269742697526976 |
- Changes in version 0.3.3.2-alpha - 2018-02-10
- Tor 0.3.3.2-alpha is the second alpha in the 0.3.3.x series. It
- introduces a mechanism to handle the high loads that many relay
- operators have been reporting recently. It also fixes several bugs in
- older releases. If this new code proves reliable, we plan to backport
- it to older supported release series.
- o Major features (denial-of-service mitigation):
- - Give relays some defenses against the recent network overload. We
- start with three defenses (default parameters in parentheses).
- First: if a single client address makes too many concurrent
- connections (>100), hang up on further connections. Second: if a
- single client address makes circuits too quickly (more than 3 per
- second, with an allowed burst of 90) while also having too many
- connections open (3), refuse new create cells for the next while
- (1-2 hours). Third: if a client asks to establish a rendezvous
- point to you directly, ignore the request. These defenses can be
- manually controlled by new torrc options, but relays will also
- take guidance from consensus parameters, so there's no need to
- configure anything manually. Implements ticket 24902.
- o Major bugfixes (netflow padding):
- - Stop adding unneeded channel padding right after we finish
- flushing to a connection that has been trying to flush for many
- seconds. Instead, treat all partial or complete flushes as
- activity on the channel, which will defer the time until we need
- to add padding. This fix should resolve confusing and scary log
- messages like "Channel padding timeout scheduled 221453ms in the
- past." Fixes bug 22212; bugfix on 0.3.1.1-alpha.
- o Major bugfixes (protocol versions):
- - Add Link protocol version 5 to the supported protocols list. Fixes
- bug 25070; bugfix on 0.3.1.1-alpha.
- o Major bugfixes (scheduler, consensus):
- - The scheduler subsystem was failing to promptly notice changes in
- consensus parameters, making it harder to switch schedulers
- network-wide. Fixes bug 24975; bugfix on 0.3.2.1-alpha.
- o Minor features (denial-of-service avoidance):
- - Make our OOM handler aware of the geoip client history cache so it
- doesn't fill up the memory. This check is important for IPv6 and
- our DoS mitigation subsystem. Closes ticket 25122.
- o Minor features (directory authority):
- - When directory authorities are unable to add signatures to a
- pending consensus, log the reason why. Closes ticket 24849.
- o Minor features (geoip):
- - Update geoip and geoip6 to the February 7 2018 Maxmind GeoLite2
- Country database.
- o Minor features (logging, diagnostic):
- - When logging a failure to create an onion service's descriptor,
- also log what the problem with the descriptor was. Diagnostic for
- ticket 24972.
- o Minor bugfix (channel connection):
- - Use the actual observed address of an incoming relay connection,
- not the canonical address of the relay from its descriptor, when
- making decisions about how to handle the incoming connection.
- Fixes bug 24952; bugfix on 0.2.4.11-alpha. Patch by "ffmancera".
- o Minor bugfix (directory authority):
- - Directory authorities, when refusing a descriptor from a rejected
- relay, now explicitly tell the relay (in its logs) to set a valid
- ContactInfo address and contact the bad-relays@ mailing list.
- Fixes bug 25170; bugfix on 0.2.9.1.
- o Minor bugfixes (all versions of Tor):
- - Use the "misspell" tool to detect and fix typos throughout the
- source code. Fixes bug 23650; bugfix on various versions of Tor.
- Patch from Deepesh Pathak.
- o Minor bugfixes (circuit, cannibalization):
- - Don't cannibalize preemptively-built circuits if we no longer
- recognize their first hop. This situation can happen if our Guard
- relay went off the consensus after the circuit was created. Fixes
- bug 24469; bugfix on 0.0.6.
- o Minor bugfixes (correctness):
- - Remove a nonworking, unnecessary check to see whether a circuit
- hop's identity digest was set when the circuit failed. Fixes bug
- 24927; bugfix on 0.2.4.4-alpha.
- o Minor bugfixes (logging):
- - Don't treat inability to store a cached consensus object as a bug:
- it can happen normally when we are out of disk space. Fixes bug
- 24859; bugfix on 0.3.1.1-alpha.
- - Fix a (mostly harmless) race condition when invoking
- LOG_PROTOCOL_WARN message from a subthread while the torrc options
- are changing. Fixes bug 23954; bugfix on 0.1.1.9-alpha.
- o Minor bugfixes (onion services):
- - Remove a BUG() statement when a client fetches an onion descriptor
- that has a lower revision counter than the one in its cache. This
- can happen in normal circumstances due to HSDir desync. Fixes bug
- 24976; bugfix on 0.3.2.1-alpha.
- - If we are configured to offer a single onion service, don't log
- long-term established one hop rendezvous points in the heartbeat.
- Fixes bug 25116; bugfix on 0.2.9.6-rc.
- o Minor bugfixes (performance):
- - Avoid calling protocol_list_supports_protocol() from inside tight
- loops when running with cached routerinfo_t objects. Instead,
- summarize the relevant protocols as flags in the routerinfo_t, as
- we do for routerstatus_t objects. This change simplifies our code
- a little, and saves a large amount of short-term memory allocation
- operations. Fixes bug 25008; bugfix on 0.2.9.4-alpha.
- o Minor bugfixes (Rust FFI):
- - Fix a minor memory leak which would happen whenever the C code
- would call the Rust implementation of
- protover_get_supported_protocols(). This was due to the C version
- returning a static string, whereas the Rust version newly allocated
- a CString to pass accross the FFI boundary. Consequently, the C
- code was not expecting to need to free() what it was given. Fixes
- bug 25127; bugfix on 0.3.2.1-alpha.
- o Minor bugfixes (scheduler, KIST):
- - Avoid adding the same channel twice in the KIST scheduler pending
- list, which would waste CPU cycles. Fixes bug 24700; bugfix
- on 0.3.2.1-alpha.
- o Minor bugfixes (unit test, monotonic time):
- - Increase a constant (1msec to 10msec) in the monotonic time test
- that makes sure the nsec/usec/msec times read are synchronized.
- This change was needed to accommodate slow systems like armel or
- when the clock_gettime() is not a VDSO on the running kernel.
- Fixes bug 25113; bugfix on 0.2.9.1.
- o Minor bugfixes (v3 onion services):
- - Look at the "HSRend" protocol version, not the "HSDir" protocol
- version, when deciding whether a consensus entry can support the
- v3 onion service protocol as a rendezvous point. Fixes bug 25105;
- bugfix on 0.3.2.1-alpha.
- o Code simplification and refactoring:
- - Remove the unused nodelist_recompute_all_hsdir_indices(). Closes
- ticket 25108.
- - Remove a series of counters used to track circuit extend attempts
- and connection status but that in reality we aren't using for
- anything other than stats logged by a SIGUSR1 signal. Closes
- ticket 25163.
- o Documentation (man page):
- - The HiddenServiceVersion torrc option accepts only one number:
- either version 2 or 3. Closes ticket 25026; bugfix
- on 0.3.2.2-alpha.
- Changes in version 0.3.3.1-alpha - 2018-01-25
- Tor 0.3.3.1-alpha is the first release in the 0.3.3.x series. It adds
- several new features to Tor, including several improvements to
- bootstrapping, and support for an experimental "vanguards" feature to
- resist guard discovery attacks. This series also includes better
- support for applications that need to embed Tor or manage v3
- onion services.
- o Major features (embedding):
- - There is now a documented stable API for programs that need to
- embed Tor. See tor_api.h for full documentation and known bugs.
- Closes ticket 23684.
- - Tor now has support for restarting in the same process.
- Controllers that run Tor using the "tor_api.h" interface can now
- restart Tor after Tor has exited. This support is incomplete,
- however: we fixed crash bugs that prevented it from working at
- all, but many bugs probably remain, including a possibility of
- security issues. Implements ticket 24581.
- o Major features (IPv6, directory documents):
- - Add consensus method 27, which adds IPv6 ORPorts to the microdesc
- consensus. This information makes it easier for IPv6 clients to
- bootstrap and choose reachable entry guards. Implements 23826.
- - Add consensus method 28, which removes IPv6 ORPorts from
- microdescriptors. Now that the consensus contains IPv6 ORPorts,
- they are redundant in microdescs. This change will be used by Tor
- clients on 0.2.8.x and later. (That is to say, with all Tor
- clients having IPv6 bootstrap and guard support.) Implements 23828.
- - Expand the documentation for AuthDirHasIPv6Connectivity when it is
- set by different numbers of authorities. Fixes 23870
- on 0.2.4.1-alpha.
- o Major features (onion service v3, control port):
- - The control port now supports commands and events for v3 onion
- services. It is now possible to create ephemeral v3 services using
- ADD_ONION. Additionally, several events (HS_DESC, HS_DESC_CONTENT,
- CIRC and CIRC_MINOR) and commands (GETINFO, HSPOST, ADD_ONION and
- DEL_ONION) have been extended to support v3 onion services. Closes
- ticket 20699; implements proposal 284.
- o Major features (onion services):
- - Provide torrc options to pin the second and third hops of onion
- service circuits to a list of nodes. The option HSLayer2Guards
- pins the second hop, and the option HSLayer3Guards pins the third
- hop. These options are for use in conjunction with experiments
- with "vanguards" for preventing guard enumeration attacks. Closes
- ticket 13837.
- o Major features (rust, portability, experimental):
- - Tor now ships with an optional implementation of one of its
- smaller modules (protover.c) in the Rust programming language. To
- try it out, install a Rust build environment, and configure Tor
- with "--enable-rust --enable-cargo-online-mode". This should not
- cause any user-visible changes, but should help us gain more
- experience with Rust, and plan future Rust integration work.
- Implementation by Chelsea Komlo. Closes ticket 22840.
- o Major features (storage, configuration):
- - Users can store cached directory documents somewhere other than
- the DataDirectory by using the CacheDirectory option. Similarly,
- the storage location for relay's keys can be overridden with the
- KeyDirectory option. Closes ticket 22703.
- o Major features (v3 onion services, ipv6):
- - When v3 onion service clients send introduce cells, they now
- include the IPv6 address of the rendezvous point, if it has one.
- Current v3 onion services running 0.3.2 ignore IPv6 addresses, but
- in future Tor versions, IPv6-only v3 single onion services will be
- able to use IPv6 addresses to connect directly to the rendezvous
- point. Closes ticket 23577. Patch by Neel Chauhan.
- o Major bugfixes (onion services, retry behavior):
- - Fix an "off by 2" error in counting rendezvous failures on the
- onion service side. While we thought we would stop the rendezvous
- attempt after one failed circuit, we were actually making three
- circuit attempts before giving up. Now switch to a default of 2,
- and allow the consensus parameter "hs_service_max_rdv_failures" to
- override. Fixes bug 24895; bugfix on 0.0.6.
- - New-style (v3) onion services now obey the "max rendezvous circuit
- attempts" logic. Previously they would make as many rendezvous
- circuit attempts as they could fit in the MAX_REND_TIMEOUT second
- window before giving up. Fixes bug 24894; bugfix on 0.3.2.1-alpha.
- o Major bugfixes (relays):
- - Fix a set of false positives where relays would consider
- connections to other relays as being client-only connections (and
- thus e.g. deserving different link padding schemes) if those
- relays fell out of the consensus briefly. Now we look only at the
- initial handshake and whether the connection authenticated as a
- relay. Fixes bug 24898; bugfix on 0.3.1.1-alpha.
- o Minor feature (IPv6):
- - Make IPv6-only clients wait for microdescs for relays, even if we
- were previously using descriptors (or were using them as a bridge)
- and have a cached descriptor for them. Implements 23827.
- - When a consensus has IPv6 ORPorts, make IPv6-only clients use
- them, rather than waiting to download microdescriptors.
- Implements 23827.
- o Minor features (cleanup):
- - Tor now deletes the CookieAuthFile and ExtORPortCookieAuthFile
- when it stops. Closes ticket 23271.
- o Minor features (defensive programming):
- - Most of the functions in Tor that free objects have been replaced
- with macros that free the objects and set the corresponding
- pointers to NULL. This change should help prevent a large class of
- dangling pointer bugs. Closes ticket 24337.
- - Where possible, the tor_free() macro now only evaluates its input
- once. Part of ticket 24337.
- - Check that microdesc ed25519 ids are non-zero in
- node_get_ed25519_id() before returning them. Implements 24001,
- patch by "aruna1234".
- o Minor features (directory authority):
- - Make the "Exit" flag assignment only depend on whether the exit
- policy allows connections to ports 80 and 443. Previously relays
- would get the Exit flag if they allowed connections to one of
- these ports and also port 6667. Resolves ticket 23637.
- o Minor features (embedding):
- - Tor can now start with a preauthenticated control connection
- created by the process that launched it. This feature is meant for
- use by programs that want to launch and manage a Tor process
- without allowing other programs to manage it as well. For more
- information, see the __OwningControllerFD option documented in
- control-spec.txt. Closes ticket 23900.
- - On most errors that would cause Tor to exit, it now tries to
- return from the tor_main() function, rather than calling the
- system exit() function. Most users won't notice a difference here,
- but it should make a significant for programs that run Tor inside
- a separate thread: they should now be able to survive Tor's exit
- conditions rather than having Tor shut down the entire process.
- Closes ticket 23848.
- - Applications that want to embed Tor can now tell Tor not to
- register any of its own POSIX signal handlers, using the
- __DisableSignalHandlers option. Closes ticket 24588.
- o Minor features (fallback directory list):
- - Avoid selecting fallbacks that change their IP addresses too
- often. Select more fallbacks by ignoring the Guard flag, and
- allowing lower cutoffs for the Running and V2Dir flags. Also allow
- a lower bandwidth, and a higher number of fallbacks per operator
- (5% of the list). Implements ticket 24785.
- - Update the fallback whitelist and blacklist based on opt-ins and
- relay changes. Closes tickets 22321, 24678, 22527, 24135,
- and 24695.
- o Minor features (fallback directory mirror configuration):
- - Add a nickname to each fallback in a C comment. This makes it
- easier for operators to find their relays, and allows stem to use
- nicknames to identify fallbacks. Implements ticket 24600.
- - Add a type and version header to the fallback directory mirror
- file. Also add a delimiter to the end of each fallback entry. This
- helps external parsers like stem and Relay Search. Implements
- ticket 24725.
- - Add an extrainfo cache flag for each fallback in a C comment. This
- allows stem to use fallbacks to fetch extra-info documents, rather
- than using authorities. Implements ticket 22759.
- - Add the generateFallbackDirLine.py script for automatically
- generating fallback directory mirror lines from relay fingerprints.
- No more typos! Add the lookupFallbackDirContact.py script for
- automatically looking up operator contact info from relay
- fingerprints. Implements ticket 24706, patch by teor and atagar.
- - Reject any fallback directory mirror that serves an expired
- consensus. Implements ticket 20942, patch by "minik".
- - Remove commas and equals signs from external string inputs to the
- fallback list. This avoids format confusion attacks. Implements
- ticket 24726.
- - Remove the "weight=10" line from fallback directory mirror
- entries. Ticket 24681 will maintain the current fallback weights
- by changing Tor's default fallback weight to 10. Implements
- ticket 24679.
- - Stop logging excessive information about fallback netblocks.
- Implements ticket 24791.
- o Minor features (forward-compatibility):
- - If a relay supports some link authentication protocol that we do
- not recognize, then include that relay's ed25519 key when telling
- other relays to extend to it. Previously, we treated future
- versions as if they were too old to support ed25519 link
- authentication. Closes ticket 20895.
- o Minor features (heartbeat):
- - Add onion service information to our heartbeat logs, displaying
- stats about the activity of configured onion services. Closes
- ticket 24896.
- o Minor features (instrumentation, development):
- - Add the MainloopStats option to allow developers to get
- instrumentation information from the main event loop via the
- heartbeat messages. We hope to use this to improve Tor's behavior
- when it's trying to sleep. Closes ticket 24605.
- o Minor features (log messages):
- - Improve a warning message that happens when we fail to re-parse an
- old router because of an expired certificate. Closes ticket 20020.
- - Make the log more quantitative when we hit MaxMemInQueues
- threshold exposing some values. Closes ticket 24501.
- o Minor features (logging, android):
- - Added support for the Android logging subsystem. Closes
- ticket 24362.
- o Minor features (performance):
- - Support predictive circuit building for onion service circuits
- with multiple layers of guards. Closes ticket 23101.
- - Use stdatomic.h where available, rather than mutexes, to implement
- atomic_counter_t. Closes ticket 23953.
- o Minor features (performance, 32-bit):
- - Improve performance on 32-bit systems by avoiding 64-bit division
- when calculating the timestamp in milliseconds for channel padding
- computations. Implements ticket 24613.
- - Improve performance on 32-bit systems by avoiding 64-bit division
- when timestamping cells and buffer chunks for OOM calculations.
- Implements ticket 24374.
- o Minor features (performance, OSX, iOS):
- - Use the mach_approximate_time() function (when available) to
- implement coarse monotonic time. Having a coarse time function
- should avoid a large number of system calls, and improve
- performance slightly, especially under load. Closes ticket 24427.
- o Minor features (performance, windows):
- - Improve performance on Windows Vista and Windows 7 by adjusting
- TCP send window size according to the recommendation from
- SIO_IDEAL_SEND_BACKLOG_QUERY. Closes ticket 22798. Patch
- from Vort.
- o Minor features (relay):
- - Implement an option, ReducedExitPolicy, to allow an Tor exit relay
- operator to use a more reasonable ("reduced") exit policy, rather
- than the default one. If you want to run an exit node without
- thinking too hard about which ports to allow, this one is for you.
- Closes ticket 13605. Patch from Neel Chauhan.
- o Minor features (testing, debugging, embedding):
- - For development purposes, Tor now has a mode in which it runs for
- a few seconds, then stops, and starts again without exiting the
- process. This mode is meant to help us debug various issues with
- ticket 23847. To use this feature, compile with
- --enable-restart-debugging, and set the TOR_DEBUG_RESTART
- environment variable. This is expected to crash a lot, and is
- really meant for developers only. It will likely be removed in a
- future release. Implements ticket 24583.
- o Minor bugfix (network IPv6 test):
- - Tor's test scripts now check if "ping -6 ::1" works when the user
- runs "make test-network-all". Fixes bug 24677; bugfix on
- 0.2.9.3-alpha. Patch by "ffmancera".
- o Minor bugfixes (build, rust):
- - Fix output of autoconf checks to display success messages for Rust
- dependencies and a suitable rustc compiler version. Fixes bug
- 24612; bugfix on 0.3.1.3-alpha.
- - When building with Rust on OSX, link against libresolv, to work
- around the issue at https://github.com/rust-lang/rust/issues/46797.
- Fixes bug 24652; bugfix on 0.3.1.1-alpha.
- - Don't pass the --quiet option to cargo: it seems to suppress some
- errors, which is not what we want to do when building. Fixes bug
- 24518; bugfix on 0.3.1.7.
- - Build correctly when building from outside Tor's source tree with
- the TOR_RUST_DEPENDENCIES option set. Fixes bug 22768; bugfix
- on 0.3.1.7.
- o Minor bugfixes (directory authorities, IPv6):
- - When creating a routerstatus (vote) from a routerinfo (descriptor),
- set the IPv6 address to the unspecified IPv6 address, and
- explicitly initialize the port to zero. Fixes bug 24488; bugfix
- on 0.2.4.1-alpha.
- o Minor bugfixes (fallback directory mirrors):
- - Make updateFallbackDirs.py search harder for python. (Some OSs
- don't put it in /usr/bin.) Fixes bug 24708; bugfix
- on 0.2.8.1-alpha.
- o Minor bugfixes (hibernation, bandwidth accounting, shutdown):
- - When hibernating, close connections normally and allow them to
- flush. Fixes bug 23571; bugfix on 0.2.4.7-alpha. Also fixes
- bug 7267.
- - Do not attempt to launch self-reachability tests when entering
- hibernation. Fixes a case of bug 12062; bugfix on 0.0.9pre5.
- - Resolve several bugs related to descriptor fetching on bridge
- clients with bandwidth accounting enabled. (This combination is
- not recommended!) Fixes a case of bug 12062; bugfix
- on 0.2.0.3-alpha.
- - When hibernating, do not attempt to launch DNS checks. Fixes a
- case of bug 12062; bugfix on 0.1.2.2-alpha.
- - When hibernating, do not try to upload or download descriptors.
- Fixes a case of bug 12062; bugfix on 0.0.9pre5.
- o Minor bugfixes (IPv6, bridges):
- - Tor now always sets IPv6 preferences for bridges. Fixes bug 24573;
- bugfix on 0.2.8.2-alpha.
- - Tor now sets IPv6 address in the routerstatus as well as in the
- router descriptors when updating addresses for a bridge. Closes
- ticket 24572; bugfix on 0.2.4.5-alpha. Patch by "ffmancera".
- o Minor bugfixes (linux seccomp2 sandbox):
- - When running with the sandbox enabled, reload configuration files
- correctly even when %include was used. Previously we would crash.
- Fixes bug 22605; bugfix on 0.3.1. Patch from Daniel Pinto.
- o Minor bugfixes (memory leaks):
- - Avoid possible at-exit memory leaks related to use of Libevent's
- event_base_once() function. (This function tends to leak memory if
- the event_base is closed before the event fires.) Fixes bug 24584;
- bugfix on 0.2.8.1-alpha.
- - Fix a harmless memory leak in tor-resolve. Fixes bug 24582; bugfix
- on 0.2.1.1-alpha.
- o Minor bugfixes (OSX):
- - Don't exit the Tor process if setrlimit() fails to change the file
- limit (which can happen sometimes on some versions of OSX). Fixes
- bug 21074; bugfix on 0.0.9pre5.
- o Minor bugfixes (performance, fragile-hardening):
- - Improve the performance of our consensus-diff application code
- when Tor is built with the --enable-fragile-hardening option set.
- Fixes bug 24826; bugfix on 0.3.1.1-alpha.
- o Minor bugfixes (performance, timeouts):
- - Consider circuits for timeout as soon as they complete a hop. This
- is more accurate than applying the timeout in
- circuit_expire_building() because that function is only called
- once per second, which is now too slow for typical timeouts on the
- current network. Fixes bug 23114; bugfix on 0.2.2.2-alpha.
- - Use onion service circuits (and other circuits longer than 3 hops)
- to calculate a circuit build timeout. Previously, Tor only
- calculated its build timeout based on circuits that planned to be
- exactly 3 hops long. With this change, we include measurements
- from all circuits at the point where they complete their third
- hop. Fixes bug 23100; bugfix on 0.2.2.2-alpha.
- o Minor bugfixes (testing):
- - Give out Exit flags in bootstrapping networks. Fixes bug 24137;
- bugfix on 0.2.3.1-alpha.
- - Fix a memory leak in the scheduler/loop_kist unit test. Fixes bug
- 25005; bugfix on 0.3.2.7-rc.
- o Code simplification and refactoring:
- - Remove /usr/athena from search path in configure.ac. Closes
- ticket 24363.
- - Remove duplicate code in node_has_curve25519_onion_key() and
- node_get_curve25519_onion_key(), and add a check for a zero
- microdesc curve25519 onion key. Closes ticket 23966, patch by
- "aruna1234" and teor.
- - Rewrite channel_rsa_id_group_set_badness to reduce temporary
- memory allocations with large numbers of OR connections (e.g.
- relays). Closes ticket 24119.
- - Separate the function that deletes ephemeral files when Tor
- stops gracefully.
- - Small changes to Tor's buf_t API to make it suitable for use as a
- general-purpose safe string constructor. Closes ticket 22342.
- - Switch -Wnormalized=id to -Wnormalized=nfkc in configure.ac to
- avoid source code identifier confusion. Closes ticket 24467.
- - The tor_git_revision[] constant no longer needs to be redeclared
- by everything that links against the rest of Tor. Done as part of
- ticket 23845, to simplify our external API.
- - We make extend_info_from_node() use node_get_curve25519_onion_key()
- introduced in ticket 23577 to access the curve25519 public keys
- rather than accessing it directly. Closes ticket 23760. Patch by
- Neel Chauhan.
- - Add a function to log channels' scheduler state changes to aid
- debugging efforts. Closes ticket 24531.
- o Documentation:
- - Add documentation on how to build tor with Rust dependencies
- without having to be online. Closes ticket 22907; bugfix
- on 0.3.0.3-alpha.
- - Clarify the behavior of RelayBandwidth{Rate,Burst} with client
- traffic. Closes ticket 24318.
- - Document that OutboundBindAddress doesn't apply to DNS requests.
- Closes ticket 22145. Patch from Aruna Maurya.
- - Document that operators who run more than one relay or bridge are
- expected to set MyFamily and ContactInfo correctly. Closes
- ticket 24526.
- o Code simplification and refactoring (channels):
- - Remove the incoming and outgoing channel queues. These were never
- used, but still took up a step in our fast path.
- - The majority of the channel unit tests have been rewritten and the
- code coverage has now been raised to 83.6% for channel.c. Closes
- ticket 23709.
- - Remove other dead code from the channel subsystem: All together,
- this cleanup has removed more than 1500 lines of code overall and
- adding very little except for unit test.
- o Code simplification and refactoring (circuit rendezvous):
- - Split the client-size rendezvous circuit lookup into two
- functions: one that returns only established circuits and another
- that returns all kinds of circuits. Closes ticket 23459.
- o Code simplification and refactoring (controller):
- - Make most of the variables in networkstatus_getinfo_by_purpose()
- const. Implements ticket 24489.
- Changes in version 0.3.2.9 - 2018-01-09
- Tor 0.3.2.9 is the first stable release in the 0.3.2 series.
- The 0.3.2 series includes our long-anticipated new onion service
- design, with numerous security features. (For more information, see
- our blog post at https://blog.torproject.org/fall-harvest.) We also
- have a new circuit scheduler algorithm for improved performance on
- relays everywhere (see https://blog.torproject.org/kist-and-tell),
- along with many smaller features and bugfixes.
- Per our stable release policy, we plan to support each stable release
- series for at least the next nine months, or for three months after
- the first stable release of the next series: whichever is longer. If
- you need a release with long-term support, we recommend that you stay
- with the 0.2.9 series.
- Below is a list of the changes since 0.3.2.8-rc. For a list of all
- changes since 0.3.1, see the ReleaseNotes file.
- o Minor features (fallback directory mirrors):
- - The fallback directory list has been re-generated based on the
- current status of the network. Tor uses fallback directories to
- bootstrap when it doesn't yet have up-to-date directory
- information. Closes ticket 24801.
- - Make the default DirAuthorityFallbackRate 0.1, so that clients
- prefer to bootstrap from fallback directory mirrors. This is a
- follow-up to 24679, which removed weights from the default
- fallbacks. Implements ticket 24681.
- o Minor features (geoip):
- - Update geoip and geoip6 to the January 5 2018 Maxmind GeoLite2
- Country database.
- o Minor bugfixes (address selection):
- - When the fascist_firewall_choose_address_ functions don't find a
- reachable address, set the returned address to the null address
- and port. This is a precautionary measure, because some callers do
- not check the return value. Fixes bug 24736; bugfix
- on 0.2.8.2-alpha.
- o Minor bugfixes (compilation):
- - Resolve a few shadowed-variable warnings in the onion service
- code. Fixes bug 24634; bugfix on 0.3.2.1-alpha.
- o Minor bugfixes (portability, msvc):
- - Fix a bug in the bit-counting parts of our timing-wheel code on
- MSVC. (Note that MSVC is still not a supported build platform, due
- to cryptographic timing channel risks.) Fixes bug 24633; bugfix
- on 0.2.9.1-alpha.
- Changes in version 0.3.2.8-rc - 2017-12-21
- Tor 0.3.2.8-rc fixes a pair of bugs in the KIST and KISTLite
- schedulers that had led servers under heavy load to overload their
- outgoing connections. All relay operators running earlier 0.3.2.x
- versions should upgrade. This version also includes a mitigation for
- over-full DESTROY queues leading to out-of-memory conditions: if it
- works, we will soon backport it to earlier release series.
- This is the second release candidate in the 0.3.2 series. If we find
- no new bugs or regression here, then the first stable 0.3.2 release
- will be nearly identical to this.
- o Major bugfixes (KIST, scheduler):
- - The KIST scheduler did not correctly account for data already
- enqueued in each connection's send socket buffer, particularly in
- cases when the TCP/IP congestion window was reduced between
- scheduler calls. This situation lead to excessive per-connection
- buffering in the kernel, and a potential memory DoS. Fixes bug
- 24665; bugfix on 0.3.2.1-alpha.
- o Minor features (geoip):
- - Update geoip and geoip6 to the December 6 2017 Maxmind GeoLite2
- Country database.
- o Minor bugfixes (hidden service v3):
- - Bump hsdir_spread_store parameter from 3 to 4 in order to increase
- the probability of reaching a service for a client missing
- microdescriptors. Fixes bug 24425; bugfix on 0.3.2.1-alpha.
- o Minor bugfixes (memory usage):
- - When queuing DESTROY cells on a channel, only queue the circuit-id
- and reason fields: not the entire 514-byte cell. This fix should
- help mitigate any bugs or attacks that fill up these queues, and
- free more RAM for other uses. Fixes bug 24666; bugfix
- on 0.2.5.1-alpha.
- o Minor bugfixes (scheduler, KIST):
- - Use a sane write limit for KISTLite when writing onto a connection
- buffer instead of using INT_MAX and shoving as much as it can.
- Because the OOM handler cleans up circuit queues, we are better
- off at keeping them in that queue instead of the connection's
- buffer. Fixes bug 24671; bugfix on 0.3.2.1-alpha.
- Changes in version 0.3.2.7-rc - 2017-12-14
- Tor 0.3.2.7-rc fixes various bugs in earlier versions of Tor,
- including some that could affect reliability or correctness.
- This is the first release candidate in the 0.3.2 series. If we find no
- new bugs or regression here, then the first stable 0.3.2. release will
- be nearly identical to this.
- o Major bugfixes (circuit prediction):
- - Fix circuit prediction logic so that a client doesn't treat a port
- as being "handled" by a circuit if that circuit already has
- isolation settings on it. This change should make Tor clients more
- responsive by improving their chances of having a pre-created
- circuit ready for use when a request arrives. Fixes bug 18859;
- bugfix on 0.2.3.3-alpha.
- o Minor features (logging):
- - Provide better warnings when the getrandom() syscall fails. Closes
- ticket 24500.
- o Minor features (portability):
- - Tor now compiles correctly on arm64 with libseccomp-dev installed.
- (It doesn't yet work with the sandbox enabled.) Closes
- ticket 24424.
- o Minor bugfixes (bridge clients, bootstrap):
- - Retry directory downloads when we get our first bridge descriptor
- during bootstrap or while reconnecting to the network. Keep
- retrying every time we get a bridge descriptor, until we have a
- reachable bridge. Fixes part of bug 24367; bugfix on 0.2.0.3-alpha.
- - Stop delaying bridge descriptor fetches when we have cached bridge
- descriptors. Instead, only delay bridge descriptor fetches when we
- have at least one reachable bridge. Fixes part of bug 24367;
- bugfix on 0.2.0.3-alpha.
- - Stop delaying directory fetches when we have cached bridge
- descriptors. Instead, only delay bridge descriptor fetches when
- all our bridges are definitely unreachable. Fixes part of bug
- 24367; bugfix on 0.2.0.3-alpha.
- o Minor bugfixes (compilation):
- - Fix a signed/unsigned comparison warning introduced by our fix to
- TROVE-2017-009. Fixes bug 24480; bugfix on 0.2.5.16.
- o Minor bugfixes (correctness):
- - Fix several places in our codebase where a C compiler would be
- likely to eliminate a check, based on assuming that undefined
- behavior had not happened elsewhere in the code. These cases are
- usually a sign of redundant checking or dubious arithmetic. Found
- by Georg Koppen using the "STACK" tool from Wang, Zeldovich,
- Kaashoek, and Solar-Lezama. Fixes bug 24423; bugfix on various
- Tor versions.
- o Minor bugfixes (onion service v3):
- - Fix a race where an onion service would launch a new intro circuit
- after closing an old one, but fail to register it before freeing
- the previously closed circuit. This bug was making the service
- unable to find the established intro circuit and thus not upload
- its descriptor, thus making a service unavailable for up to 24
- hours. Fixes bug 23603; bugfix on 0.3.2.1-alpha.
- o Minor bugfixes (scheduler, KIST):
- - Properly set the scheduler state of an unopened channel in the
- KIST scheduler main loop. This prevents a harmless but annoying
- log warning. Fixes bug 24502; bugfix on 0.3.2.4-alpha.
- - Avoid a possible integer overflow when computing the available
- space on the TCP buffer of a channel. This had no security
- implications; but could make KIST allow too many cells on a
- saturated connection. Fixes bug 24590; bugfix on 0.3.2.1-alpha.
- - Downgrade to "info" a harmless warning about the monotonic time
- moving backwards: This can happen on platform not supporting
- monotonic time. Fixes bug 23696; bugfix on 0.3.2.1-alpha.
- Changes in version 0.3.2.6-alpha - 2017-12-01
- This version of Tor is the latest in the 0.3.2 alpha series. It
- includes fixes for several important security issues. All Tor users
- should upgrade to this release, or to one of the other releases coming
- out today.
- o Major bugfixes (security):
- - Fix a denial of service bug where an attacker could use a
- malformed directory object to cause a Tor instance to pause while
- OpenSSL would try to read a passphrase from the terminal. (Tor
- instances run without a terminal, which is the case for most Tor
- packages, are not impacted.) Fixes bug 24246; bugfix on every
- version of Tor. Also tracked as TROVE-2017-011 and CVE-2017-8821.
- Found by OSS-Fuzz as testcase 6360145429790720.
- - Fix a denial of service issue where an attacker could crash a
- directory authority using a malformed router descriptor. Fixes bug
- 24245; bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2017-010
- and CVE-2017-8820.
- - When checking for replays in the INTRODUCE1 cell data for a
- (legacy) onion service, correctly detect replays in the RSA-
- encrypted part of the cell. We were previously checking for
- replays on the entire cell, but those can be circumvented due to
- the malleability of Tor's legacy hybrid encryption. This fix helps
- prevent a traffic confirmation attack. Fixes bug 24244; bugfix on
- 0.2.4.1-alpha. This issue is also tracked as TROVE-2017-009
- and CVE-2017-8819.
- o Major bugfixes (security, onion service v2):
- - Fix a use-after-free error that could crash v2 Tor onion services
- when they failed to open circuits while expiring introduction
- points. Fixes bug 24313; bugfix on 0.2.7.2-alpha. This issue is
- also tracked as TROVE-2017-013 and CVE-2017-8823.
- o Major bugfixes (security, relay):
- - When running as a relay, make sure that we never build a path
- through ourselves, even in the case where we have somehow lost the
- version of our descriptor appearing in the consensus. Fixes part
- of bug 21534; bugfix on 0.2.0.1-alpha. This issue is also tracked
- as TROVE-2017-012 and CVE-2017-8822.
- - When running as a relay, make sure that we never choose ourselves
- as a guard. Fixes part of bug 21534; bugfix on 0.3.0.1-alpha. This
- issue is also tracked as TROVE-2017-012 and CVE-2017-8822.
- o Minor feature (relay statistics):
- - Change relay bandwidth reporting stats interval from 4 hours to 24
- hours in order to reduce the efficiency of guard discovery
- attacks. Fixes ticket 23856.
- o Minor features (directory authority):
- - Add an IPv6 address for the "bastet" directory authority. Closes
- ticket 24394.
- o Minor bugfixes (client):
- - By default, do not enable storage of client-side DNS values. These
- values were unused by default previously, but they should not have
- been cached at all. Fixes bug 24050; bugfix on 0.2.6.3-alpha.
- Changes in version 0.3.1.9 - 2017-12-01:
- Tor 0.3.1.9 backports important security and stability fixes from the
- 0.3.2 development series. All Tor users should upgrade to this
- release, or to another of the releases coming out today.
- o Major bugfixes (security, backport from 0.3.2.6-alpha):
- - Fix a denial of service bug where an attacker could use a
- malformed directory object to cause a Tor instance to pause while
- OpenSSL would try to read a passphrase from the terminal. (Tor
- instances run without a terminal, which is the case for most Tor
- packages, are not impacted.) Fixes bug 24246; bugfix on every
- version of Tor. Also tracked as TROVE-2017-011 and CVE-2017-8821.
- Found by OSS-Fuzz as testcase 6360145429790720.
- - Fix a denial of service issue where an attacker could crash a
- directory authority using a malformed router descriptor. Fixes bug
- 24245; bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2017-010
- and CVE-2017-8820.
- - When checking for replays in the INTRODUCE1 cell data for a
- (legacy) onion service, correctly detect replays in the RSA-
- encrypted part of the cell. We were previously checking for
- replays on the entire cell, but those can be circumvented due to
- the malleability of Tor's legacy hybrid encryption. This fix helps
- prevent a traffic confirmation attack. Fixes bug 24244; bugfix on
- 0.2.4.1-alpha. This issue is also tracked as TROVE-2017-009
- and CVE-2017-8819.
- o Major bugfixes (security, onion service v2, backport from 0.3.2.6-alpha):
- - Fix a use-after-free error that could crash v2 Tor onion services
- when they failed to open circuits while expiring introduction
- points. Fixes bug 24313; bugfix on 0.2.7.2-alpha. This issue is
- also tracked as TROVE-2017-013 and CVE-2017-8823.
- o Major bugfixes (security, relay, backport from 0.3.2.6-alpha):
- - When running as a relay, make sure that we never build a path
- through ourselves, even in the case where we have somehow lost the
- version of our descriptor appearing in the consensus. Fixes part
- of bug 21534; bugfix on 0.2.0.1-alpha. This issue is also tracked
- as TROVE-2017-012 and CVE-2017-8822.
- - When running as a relay, make sure that we never choose ourselves
- as a guard. Fixes part of bug 21534; bugfix on 0.3.0.1-alpha. This
- issue is also tracked as TROVE-2017-012 and CVE-2017-8822.
- o Major bugfixes (exit relays, DNS, backport from 0.3.2.4-alpha):
- - Fix an issue causing DNS to fail on high-bandwidth exit nodes,
- making them nearly unusable. Fixes bugs 21394 and 18580; bugfix on
- 0.1.2.2-alpha, which introduced eventdns. Thanks to Dhalgren for
- identifying and finding a workaround to this bug and to Moritz,
- Arthur Edelstein, and Roger for helping to track it down and
- analyze it.
- o Minor features (bridge):
- - Bridges now include notice in their descriptors that they are
- bridges, and notice of their distribution status, based on their
- publication settings. Implements ticket 18329. For more fine-
- grained control of how a bridge is distributed, upgrade to 0.3.2.x
- or later.
- o Minor features (directory authority, backport from 0.3.2.6-alpha):
- - Add an IPv6 address for the "bastet" directory authority. Closes
- ticket 24394.
- o Minor features (geoip):
- - Update geoip and geoip6 to the November 6 2017 Maxmind GeoLite2
- Country database.
- o Minor bugfix (relay address resolution, backport from 0.3.2.1-alpha):
- - Avoid unnecessary calls to directory_fetches_from_authorities() on
- relays, to prevent spurious address resolutions and descriptor
- rebuilds. This is a mitigation for bug 21789. Fixes bug 23470;
- bugfix on in 0.2.8.1-alpha.
- o Minor bugfixes (compilation, backport from 0.3.2.1-alpha):
- - Fix unused variable warnings in donna's Curve25519 SSE2 code.
- Fixes bug 22895; bugfix on 0.2.7.2-alpha.
- o Minor bugfixes (logging, relay shutdown, annoyance, backport from 0.3.2.2-alpha):
- - When a circuit is marked for close, do not attempt to package any
- cells for channels on that circuit. Previously, we would detect
- this condition lower in the call stack, when we noticed that the
- circuit had no attached channel, and log an annoying message.
- Fixes bug 8185; bugfix on 0.2.5.4-alpha.
- o Minor bugfixes (onion service, backport from 0.3.2.5-alpha):
- - Rename the consensus parameter "hsdir-interval" to "hsdir_interval"
- so it matches dir-spec.txt. Fixes bug 24262; bugfix
- on 0.3.1.1-alpha.
- o Minor bugfixes (relay, crash, backport from 0.3.2.4-alpha):
- - Avoid a crash when transitioning from client mode to bridge mode.
- Previously, we would launch the worker threads whenever our
- "public server" mode changed, but not when our "server" mode
- changed. Fixes bug 23693; bugfix on 0.2.6.3-alpha.
- Changes in version 0.3.0.13 - 2017-12-01
- Tor 0.3.0.13 backports important security and stability bugfixes from
- later Tor releases. All Tor users should upgrade to this release, or
- to another of the releases coming out today.
- Note: the Tor 0.3.0 series will no longer be supported after 26 Jan
- 2018. If you need a release with long-term support, please stick with
- the 0.2.9 series. Otherwise, please upgrade to 0.3.1 or later.
- o Major bugfixes (security, backport from 0.3.2.6-alpha):
- - Fix a denial of service bug where an attacker could use a
- malformed directory object to cause a Tor instance to pause while
- OpenSSL would try to read a passphrase from the terminal. (Tor
- instances run without a terminal, which is the case for most Tor
- packages, are not impacted.) Fixes bug 24246; bugfix on every
- version of Tor. Also tracked as TROVE-2017-011 and CVE-2017-8821.
- Found by OSS-Fuzz as testcase 6360145429790720.
- - Fix a denial of service issue where an attacker could crash a
- directory authority using a malformed router descriptor. Fixes bug
- 24245; bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2017-010
- and CVE-2017-8820.
- - When checking for replays in the INTRODUCE1 cell data for a
- (legacy) onion service, correctly detect replays in the RSA-
- encrypted part of the cell. We were previously checking for
- replays on the entire cell, but those can be circumvented due to
- the malleability of Tor's legacy hybrid encryption. This fix helps
- prevent a traffic confirmation attack. Fixes bug 24244; bugfix on
- 0.2.4.1-alpha. This issue is also tracked as TROVE-2017-009
- and CVE-2017-8819.
- o Major bugfixes (security, onion service v2, backport from 0.3.2.6-alpha):
- - Fix a use-after-free error that could crash v2 Tor onion services
- when they failed to open circuits while expiring introduction
- points. Fixes bug 24313; bugfix on 0.2.7.2-alpha. This issue is
- also tracked as TROVE-2017-013 and CVE-2017-8823.
- o Major bugfixes (security, relay, backport from 0.3.2.6-alpha):
- - When running as a relay, make sure that we never build a path
- through ourselves, even in the case where we have somehow lost the
- version of our descriptor appearing in the consensus. Fixes part
- of bug 21534; bugfix on 0.2.0.1-alpha. This issue is also tracked
- as TROVE-2017-012 and CVE-2017-8822.
- - When running as a relay, make sure that we never choose ourselves
- as a guard. Fixes part of bug 21534; bugfix on 0.3.0.1-alpha. This
- issue is also tracked as TROVE-2017-012 and CVE-2017-8822.
- o Major bugfixes (exit relays, DNS, backport from 0.3.2.4-alpha):
- - Fix an issue causing DNS to fail on high-bandwidth exit nodes,
- making them nearly unusable. Fixes bugs 21394 and 18580; bugfix on
- 0.1.2.2-alpha, which introduced eventdns. Thanks to Dhalgren for
- identifying and finding a workaround to this bug and to Moritz,
- Arthur Edelstein, and Roger for helping to track it down and
- analyze it.
- o Minor features (security, windows, backport from 0.3.1.1-alpha):
- - Enable a couple of pieces of Windows hardening: one
- (HeapEnableTerminationOnCorruption) that has been on-by-default
- since Windows 8, and unavailable before Windows 7; and one
- (PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION) which we believe doesn't
- affect us, but shouldn't do any harm. Closes ticket 21953.
- o Minor features (bridge, backport from 0.3.1.9):
- - Bridges now include notice in their descriptors that they are
- bridges, and notice of their distribution status, based on their
- publication settings. Implements ticket 18329. For more fine-
- grained control of how a bridge is distributed, upgrade to 0.3.2.x
- or later.
- o Minor features (directory authority, backport from 0.3.2.6-alpha):
- - Add an IPv6 address for the "bastet" directory authority. Closes
- ticket 24394.
- o Minor features (geoip):
- - Update geoip and geoip6 to the November 6 2017 Maxmind GeoLite2
- Country database.
- o Minor bugfix (relay address resolution, backport from 0.3.2.1-alpha):
- - Avoid unnecessary calls to directory_fetches_from_authorities() on
- relays, to prevent spurious address resolutions and descriptor
- rebuilds. This is a mitigation for bug 21789. Fixes bug 23470;
- bugfix on in 0.2.8.1-alpha.
- o Minor bugfixes (compilation, backport from 0.3.2.1-alpha):
- - Fix unused variable warnings in donna's Curve25519 SSE2 code.
- Fixes bug 22895; bugfix on 0.2.7.2-alpha.
- o Minor bugfixes (logging, relay shutdown, annoyance, backport from 0.3.2.2-alpha):
- - When a circuit is marked for close, do not attempt to package any
- cells for channels on that circuit. Previously, we would detect
- this condition lower in the call stack, when we noticed that the
- circuit had no attached channel, and log an annoying message.
- Fixes bug 8185; bugfix on 0.2.5.4-alpha.
- o Minor bugfixes (relay, crash, backport from 0.3.2.4-alpha):
- - Avoid a crash when transitioning from client mode to bridge mode.
- Previously, we would launch the worker threads whenever our
- "public server" mode changed, but not when our "server" mode
- changed. Fixes bug 23693; bugfix on 0.2.6.3-alpha.
- o Minor bugfixes (testing, backport from 0.3.1.6-rc):
- - Fix an undersized buffer in test-memwipe.c. Fixes bug 23291;
- bugfix on 0.2.7.2-alpha. Found and patched by Ties Stuij.
- Changes in version 0.2.9.14 - 2017-12-01
- Tor 0.3.0.13 backports important security and stability bugfixes from
- later Tor releases. All Tor users should upgrade to this release, or
- to another of the releases coming out today.
- o Major bugfixes (exit relays, DNS, backport from 0.3.2.4-alpha):
- - Fix an issue causing DNS to fail on high-bandwidth exit nodes,
- making them nearly unusable. Fixes bugs 21394 and 18580; bugfix on
- 0.1.2.2-alpha, which introduced eventdns. Thanks to Dhalgren for
- identifying and finding a workaround to this bug and to Moritz,
- Arthur Edelstein, and Roger for helping to track it down and
- analyze it.
- o Major bugfixes (security, backport from 0.3.2.6-alpha):
- - Fix a denial of service bug where an attacker could use a
- malformed directory object to cause a Tor instance to pause while
- OpenSSL would try to read a passphrase from the terminal. (Tor
- instances run without a terminal, which is the case for most Tor
- packages, are not impacted.) Fixes bug 24246; bugfix on every
- version of Tor. Also tracked as TROVE-2017-011 and CVE-2017-8821.
- Found by OSS-Fuzz as testcase 6360145429790720.
- - Fix a denial of service issue where an attacker could crash a
- directory authority using a malformed router descriptor. Fixes bug
- 24245; bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2017-010
- and CVE-2017-8820.
- - When checking for replays in the INTRODUCE1 cell data for a
- (legacy) onion service, correctly detect replays in the RSA-
- encrypted part of the cell. We were previously checking for
- replays on the entire cell, but those can be circumvented due to
- the malleability of Tor's legacy hybrid encryption. This fix helps
- prevent a traffic confirmation attack. Fixes bug 24244; bugfix on
- 0.2.4.1-alpha. This issue is also tracked as TROVE-2017-009
- and CVE-2017-8819.
- o Major bugfixes (security, onion service v2, backport from 0.3.2.6-alpha):
- - Fix a use-after-free error that could crash v2 Tor onion services
- when they failed to open circuits while expiring introduction
- points. Fixes bug 24313; bugfix on 0.2.7.2-alpha. This issue is
- also tracked as TROVE-2017-013 and CVE-2017-8823.
- o Major bugfixes (security, relay, backport from 0.3.2.6-alpha):
- - When running as a relay, make sure that we never build a path
- through ourselves, even in the case where we have somehow lost the
- version of our descriptor appearing in the consensus. Fixes part
- of bug 21534; bugfix on 0.2.0.1-alpha. This issue is also tracked
- as TROVE-2017-012 and CVE-2017-8822.
- o Minor features (bridge, backport from 0.3.1.9):
- - Bridges now include notice in their descriptors that they are
- bridges, and notice of their distribution status, based on their
- publication settings. Implements ticket 18329. For more fine-
- grained control of how a bridge is distributed, upgrade to 0.3.2.x
- or later.
- o Minor features (directory authority, backport from 0.3.2.6-alpha):
- - Add an IPv6 address for the "bastet" directory authority. Closes
- ticket 24394.
- o Minor features (geoip):
- - Update geoip and geoip6 to the November 6 2017 Maxmind GeoLite2
- Country database.
- o Minor features (security, windows, backport from 0.3.1.1-alpha):
- - Enable a couple of pieces of Windows hardening: one
- (HeapEnableTerminationOnCorruption) that has been on-by-default
- since Windows 8, and unavailable before Windows 7; and one
- (PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION) which we believe doesn't
- affect us, but shouldn't do any harm. Closes ticket 21953.
- o Minor bugfix (relay address resolution, backport from 0.3.2.1-alpha):
- - Avoid unnecessary calls to directory_fetches_from_authorities() on
- relays, to prevent spurious address resolutions and descriptor
- rebuilds. This is a mitigation for bug 21789. Fixes bug 23470;
- bugfix on in 0.2.8.1-alpha.
- o Minor bugfixes (compilation, backport from 0.3.2.1-alpha):
- - Fix unused variable warnings in donna's Curve25519 SSE2 code.
- Fixes bug 22895; bugfix on 0.2.7.2-alpha.
- o Minor bugfixes (logging, relay shutdown, annoyance, backport from 0.3.2.2-alpha):
- - When a circuit is marked for close, do not attempt to package any
- cells for channels on that circuit. Previously, we would detect
- this condition lower in the call stack, when we noticed that the
- circuit had no attached channel, and log an annoying message.
- Fixes bug 8185; bugfix on 0.2.5.4-alpha.
- o Minor bugfixes (relay, crash, backport from 0.3.2.4-alpha):
- - Avoid a crash when transitioning from client mode to bridge mode.
- Previously, we would launch the worker threads whenever our
- "public server" mode changed, but not when our "server" mode
- changed. Fixes bug 23693; bugfix on 0.2.6.3-alpha.
- o Minor bugfixes (testing, backport from 0.3.1.6-rc):
- - Fix an undersized buffer in test-memwipe.c. Fixes bug 23291;
- bugfix on 0.2.7.2-alpha. Found and patched by Ties Stuij.
- Changes in version 0.2.8.17 - 2017-12-01
- Tor 0.2.8.17 backports important security and stability bugfixes from
- later Tor releases. All Tor users should upgrade to this release, or
- to another of the releases coming out today.
- Note: the Tor 0.2.8 series will no longer be supported after 1 Jan
- 2018. If you need a release with long-term support, please upgrade with
- the 0.2.9 series. Otherwise, please upgrade to 0.3.1 or later.
- o Major bugfixes (security, backport from 0.3.2.6-alpha):
- - Fix a denial of service bug where an attacker could use a
- malformed directory object to cause a Tor instance to pause while
- OpenSSL would try to read a passphrase from the terminal. (Tor
- instances run without a terminal, which is the case for most Tor
- packages, are not impacted.) Fixes bug 24246; bugfix on every
- version of Tor. Also tracked as TROVE-2017-011 and CVE-2017-8821.
- Found by OSS-Fuzz as testcase 6360145429790720.
- - When checking for replays in the INTRODUCE1 cell data for a
- (legacy) onion service, correctly detect replays in the RSA-
- encrypted part of the cell. We were previously checking for
- replays on the entire cell, but those can be circumvented due to
- the malleability of Tor's legacy hybrid encryption. This fix helps
- prevent a traffic confirmation attack. Fixes bug 24244; bugfix on
- 0.2.4.1-alpha. This issue is also tracked as TROVE-2017-009
- and CVE-2017-8819.
- o Major bugfixes (security, onion service v2, backport from 0.3.2.6-alpha):
- - Fix a use-after-free error that could crash v2 Tor onion services
- when they failed to open circuits while expiring introduction
- points. Fixes bug 24313; bugfix on 0.2.7.2-alpha. This issue is
- also tracked as TROVE-2017-013 and CVE-2017-8823.
- o Major bugfixes (security, relay, backport from 0.3.2.6-alpha):
- - When running as a relay, make sure that we never build a path through
- ourselves, even in the case where we have somehow lost the version of
- our descriptor appearing in the consensus. Fixes part of bug 21534;
- bugfix on 0.2.0.1-alpha. This issue is also tracked as TROVE-2017-012
- and CVE-2017-8822.
- o Minor features (bridge, backport from 0.3.1.9):
- - Bridges now include notice in their descriptors that they are
- bridges, and notice of their distribution status, based on their
- publication settings. Implements ticket 18329. For more fine-
- grained control of how a bridge is distributed, upgrade to 0.3.2.x
- or later.
- o Minor features (directory authority, backport from 0.3.2.6-alpha):
- - Add an IPv6 address for the "bastet" directory authority. Closes
- ticket 24394.
- o Minor features (geoip):
- - Update geoip and geoip6 to the November 6 2017 Maxmind GeoLite2
- Country database.
- o Minor bugfixes (testing, backport from 0.3.1.6-rc):
- - Fix an undersized buffer in test-memwipe.c. Fixes bug 23291;
- bugfix on 0.2.7.2-alpha. Found and patched by Ties Stuij.
- Changes in version 0.2.5.16 - 2017-12-01
- Tor 0.2.5.13 backports important security and stability bugfixes from
- later Tor releases. All Tor users should upgrade to this release, or
- to another of the releases coming out today.
- Note: the Tor 0.2.5 series will no longer be supported after 1 May
- 2018. If you need a release with long-term support, please upgrade to
- the 0.2.9 series. Otherwise, please upgrade to 0.3.1 or later.
- o Major bugfixes (security, backport from 0.3.2.6-alpha):
- - Fix a denial of service bug where an attacker could use a
- malformed directory object to cause a Tor instance to pause while
- OpenSSL would try to read a passphrase from the terminal. (Tor
- instances run without a terminal, which is the case for most Tor
- packages, are not impacted.) Fixes bug 24246; bugfix on every
- version of Tor. Also tracked as TROVE-2017-011 and CVE-2017-8821.
- Found by OSS-Fuzz as testcase 6360145429790720.
- - When checking for replays in the INTRODUCE1 cell data for a
- (legacy) onion service, correctly detect replays in the RSA-
- encrypted part of the cell. We were previously checking for
- replays on the entire cell, but those can be circumvented due to
- the malleability of Tor's legacy hybrid encryption. This fix helps
- prevent a traffic confirmation attack. Fixes bug 24244; bugfix on
- 0.2.4.1-alpha. This issue is also tracked as TROVE-2017-009
- and CVE-2017-8819.
- o Major bugfixes (security, relay, backport from 0.3.2.6-alpha):
- - When running as a relay, make sure that we never build a path
- through ourselves, even in the case where we have somehow lost the
- version of our descriptor appearing in the consensus. Fixes part
- of bug 21534; bugfix on 0.2.0.1-alpha. This issue is also tracked
- as TROVE-2017-012 and CVE-2017-8822.
- o Minor features (bridge, backport from 0.3.1.9):
- - Bridges now include notice in their descriptors that they are
- bridges, and notice of their distribution status, based on their
- publication settings. Implements ticket 18329. For more fine-
- grained control of how a bridge is distributed, upgrade to 0.3.2.x
- or later.
- o Minor features (geoip):
- - Update geoip and geoip6 to the November 6 2017 Maxmind GeoLite2
- Country database.
- Changes in version 0.3.2.5-alpha - 2017-11-22
- Tor 0.3.2.5-alpha is the fifth alpha release in the 0.3.2.x series. It
- fixes several stability and reliability bugs, including a fix for
- intermittent bootstrapping failures that some people have been seeing
- since the 0.3.0.x series.
- Please test this alpha out -- many of these fixes will soon be
- backported to stable Tor versions if no additional bugs are found
- in them.
- o Major bugfixes (bootstrapping):
- - Fetch descriptors aggressively whenever we lack enough to build
- circuits, regardless of how many descriptors we are missing.
- Previously, we would delay launching the fetch when we had fewer
- than 15 missing descriptors, even if some of those descriptors
- were blocking circuits from building. Fixes bug 23985; bugfix on
- 0.1.1.11-alpha. The effects of this bug became worse in
- 0.3.0.3-alpha, when we began treating missing descriptors from our
- primary guards as a reason to delay circuits.
- - Don't try fetching microdescriptors from relays that have failed
- to deliver them in the past. Fixes bug 23817; bugfix
- on 0.3.0.1-alpha.
- o Minor features (directory authority):
- - Make the "Exit" flag assignment only depend on whether the exit
- policy allows connections to ports 80 and 443. Previously relays
- would get the Exit flag if they allowed connections to one of
- these ports and also port 6667. Resolves ticket 23637.
- o Minor features (geoip):
- - Update geoip and geoip6 to the November 6 2017 Maxmind GeoLite2
- Country database.
- o Minor features (linux seccomp2 sandbox):
- - Update the sandbox rules so that they should now work correctly
- with Glibc 2.26. Closes ticket 24315.
- o Minor features (logging):
- - Downgrade a pair of log messages that could occur when an exit's
- resolver gave us an unusual (but not forbidden) response. Closes
- ticket 24097.
- - Improve the message we log when re-enabling circuit build timeouts
- after having received a consensus. Closes ticket 20963.
- o Minor bugfixes (compilation):
- - Fix a memory leak warning in one of the libevent-related
- configuration tests that could occur when manually specifying
- -fsanitize=address. Fixes bug 24279; bugfix on 0.3.0.2-alpha.
- Found and patched by Alex Xu.
- - When detecting OpenSSL on Windows from our configure script, make
- sure to try linking with the ws2_32 library. Fixes bug 23783;
- bugfix on 0.3.2.2-alpha.
- o Minor bugfixes (control port, linux seccomp2 sandbox):
- - Avoid a crash when attempting to use the seccomp2 sandbox together
- with the OwningControllerProcess feature. Fixes bug 24198; bugfix
- on 0.2.5.1-alpha.
- o Minor bugfixes (control port, onion services):
- - Report "FAILED" instead of "UPLOAD_FAILED" "FAILED" for the
- HS_DESC event when a service is not able to upload a descriptor.
- Fixes bug 24230; bugfix on 0.2.7.1-alpha.
- o Minor bugfixes (directory cache):
- - Recover better from empty or corrupt files in the consensus cache
- directory. Fixes bug 24099; bugfix on 0.3.1.1-alpha.
- - When a consensus diff calculation is only partially successful,
- only record the successful parts as having succeeded. Partial
- success can happen if (for example) one compression method fails
- but the others succeed. Previously we misrecorded all the
- calculations as having succeeded, which would later cause a
- nonfatal assertion failure. Fixes bug 24086; bugfix
- on 0.3.1.1-alpha.
- o Minor bugfixes (logging):
- - Only log once if we notice that KIST support is gone. Fixes bug
- 24158; bugfix on 0.3.2.1-alpha.
- - Suppress a log notice when relay descriptors arrive. We already
- have a bootstrap progress for this so no need to log notice
- everytime tor receives relay descriptors. Microdescriptors behave
- the same. Fixes bug 23861; bugfix on 0.2.8.2-alpha.
- o Minor bugfixes (network layer):
- - When closing a connection via close_connection_immediately(), we
- mark it as "not blocked on bandwidth", to prevent later calls from
- trying to unblock it, and give it permission to read. This fixes a
- backtrace warning that can happen on relays under various
- circumstances. Fixes bug 24167; bugfix on 0.1.0.1-rc.
- o Minor bugfixes (onion services):
- - The introduction circuit was being timed out too quickly while
- waiting for the rendezvous circuit to complete. Keep the intro
- circuit around longer instead of timing out and reopening new ones
- constantly. Fixes bug 23681; bugfix on 0.2.4.8-alpha.
- - Rename the consensus parameter "hsdir-interval" to "hsdir_interval"
- so it matches dir-spec.txt. Fixes bug 24262; bugfix
- on 0.3.1.1-alpha.
- - Silence a warning about failed v3 onion descriptor uploads that
- can happen naturally under certain edge cases. Fixes part of bug
- 23662; bugfix on 0.3.2.1-alpha.
- o Minor bugfixes (tests):
- - Fix a memory leak in one of the bridge-distribution test cases.
- Fixes bug 24345; bugfix on 0.3.2.3-alpha.
- - Fix a bug in our fuzzing mock replacement for crypto_pk_checksig(),
- to correctly handle cases where a caller gives it an RSA key of
- under 160 bits. (This is not actually a bug in Tor itself, but
- rather in our fuzzing code.) Fixes bug 24247; bugfix on
- 0.3.0.3-alpha. Found by OSS-Fuzz as issue 4177.
- o Documentation:
- - Add notes in man page regarding OS support for the various
- scheduler types. Attempt to use less jargon in the scheduler
- section. Closes ticket 24254.
- Changes in version 0.3.2.4-alpha - 2017-11-08
- Tor 0.3.2.4-alpha is the fourth alpha release in the 0.3.2.x series.
- It fixes several stability and reliability bugs, especially including
- a major reliability issue that has been plaguing fast exit relays in
- recent months.
- o Major bugfixes (exit relays, DNS):
- - Fix an issue causing DNS to fail on high-bandwidth exit nodes,
- making them nearly unusable. Fixes bugs 21394 and 18580; bugfix on
- 0.1.2.2-alpha, which introduced eventdns. Thanks to Dhalgren for
- identifying and finding a workaround to this bug and to Moritz,
- Arthur Edelstein, and Roger for helping to track it down and
- analyze it.
- o Major bugfixes (scheduler, channel):
- - Stop processing scheduled channels if they closed while flushing
- cells. This can happen if the write on the connection fails
- leading to the channel being closed while in the scheduler loop.
- Fixes bug 23751; bugfix on 0.3.2.1-alpha.
- o Minor features (logging, scheduler):
- - Introduce a SCHED_BUG() function to log extra information about
- the scheduler state if we ever catch a bug in the scheduler.
- Closes ticket 23753.
- o Minor features (removed deprecations):
- - The ClientDNSRejectInternalAddresses flag can once again be set in
- non-testing Tor networks, so long as they do not use the default
- directory authorities. This change also removes the deprecation of
- this flag from 0.2.9.2-alpha. Closes ticket 21031.
- o Minor features (testing):
- - Our fuzzing tests now test the encrypted portions of v3 onion
- service descriptors. Implements more of 21509.
- o Minor bugfixes (directory client):
- - On failure to download directory information, delay retry attempts
- by a random amount based on the "decorrelated jitter" algorithm.
- Our previous delay algorithm tended to produce extra-long delays
- too easily. Fixes bug 23816; bugfix on 0.2.9.1-alpha.
- o Minor bugfixes (IPv6, v3 single onion services):
- - Remove buggy code for IPv6-only v3 single onion services, and
- reject attempts to configure them. This release supports IPv4,
- dual-stack, and IPv6-only v3 onion services; and IPv4 and dual-
- stack v3 single onion services. Fixes bug 23820; bugfix
- on 0.3.2.1-alpha.
- o Minor bugfixes (logging, relay):
- - Give only a protocol warning when the ed25519 key is not
- consistent between the descriptor and microdescriptor of a relay.
- This can happen, for instance, if the relay has been flagged
- NoEdConsensus. Fixes bug 24025; bugfix on 0.3.2.1-alpha.
- o Minor bugfixes (manpage, onion service):
- - Document that the HiddenServiceNumIntroductionPoints option is
- 0-10 for v2 services and 0-20 for v3 services. Fixes bug 24115;
- bugfix on 0.3.2.1-alpha.
- o Minor bugfixes (memory leaks):
- - Fix a minor memory leak at exit in the KIST scheduler. This bug
- should have no user-visible impact. Fixes bug 23774; bugfix
- on 0.3.2.1-alpha.
- - Fix a memory leak when decrypting a badly formatted v3 onion
- service descriptor. Fixes bug 24150; bugfix on 0.3.2.1-alpha.
- Found by OSS-Fuzz; this is OSS-Fuzz issue 3994.
- o Minor bugfixes (onion services):
- - Cache some needed onion service client information instead of
- constantly computing it over and over again. Fixes bug 23623;
- bugfix on 0.3.2.1-alpha.
- - Properly retry HSv3 descriptor fetches when missing required
- directory information. Fixes bug 23762; bugfix on 0.3.2.1-alpha.
- o Minor bugfixes (path selection):
- - When selecting relays by bandwidth, avoid a rounding error that
- could sometimes cause load to be imbalanced incorrectly.
- Previously, we would always round upwards; now, we round towards
- the nearest integer. This had the biggest effect when a relay's
- weight adjustments should have given it weight 0, but it got
- weight 1 instead. Fixes bug 23318; bugfix on 0.2.4.3-alpha.
- - When calculating the fraction of nodes that have descriptors, and
- all nodes in the network have zero bandwidths, count the number of
- nodes instead. Fixes bug 23318; bugfix on 0.2.4.10-alpha.
- - Actually log the total bandwidth in compute_weighted_bandwidths().
- Fixes bug 24170; bugfix on 0.2.4.3-alpha.
- o Minor bugfixes (relay, crash):
- - Avoid a crash when transitioning from client mode to bridge mode.
- Previously, we would launch the worker threads whenever our
- "public server" mode changed, but not when our "server" mode
- changed. Fixes bug 23693; bugfix on 0.2.6.3-alpha.
- o Minor bugfixes (testing):
- - Fix a spurious fuzzing-only use of an uninitialized value. Found
- by Brian Carpenter. Fixes bug 24082; bugfix on 0.3.0.3-alpha.
- - Test that IPv6-only clients can use microdescriptors when running
- "make test-network-all". Requires chutney master 61c28b9 or later.
- Closes ticket 24109.
- Changes in version 0.3.2.3-alpha - 2017-10-27
- Tor 0.3.2.3-alpha is the third release in the 0.3.2 series. It fixes
- numerous small bugs in earlier versions of 0.3.2.x, and adds a new
- directory authority, Bastet.
- o Directory authority changes:
- - Add "Bastet" as a ninth directory authority to the default list.
- Closes ticket 23910.
- - The directory authority "Longclaw" has changed its IP address.
- Closes ticket 23592.
- o Minor features (bridge):
- - Bridge relays can now set the BridgeDistribution config option to
- add a "bridge-distribution-request" line to their bridge
- descriptor, which tells BridgeDB how they'd like their bridge
- address to be given out. (Note that as of Oct 2017, BridgeDB does
- not yet implement this feature.) As a side benefit, this feature
- provides a way to distinguish bridge descriptors from non-bridge
- descriptors. Implements tickets 18329.
- o Minor features (client, entry guards):
- - Improve log messages when missing descriptors for primary guards.
- Resolves ticket 23670.
- o Minor features (geoip):
- - Update geoip and geoip6 to the October 4 2017 Maxmind GeoLite2
- Country database.
- o Minor bugfixes (bridge):
- - Overwrite the bridge address earlier in the process of retrieving
- its descriptor, to make sure we reach it on the configured
- address. Fixes bug 20532; bugfix on 0.2.0.10-alpha.
- o Minor bugfixes (documentation):
- - Document better how to read gcov, and what our gcov postprocessing
- scripts do. Fixes bug 23739; bugfix on 0.2.9.1-alpha.
- o Minor bugfixes (entry guards):
- - Tor now updates its guard state when it reads a consensus
- regardless of whether it's missing descriptors. That makes tor use
- its primary guards to fetch descriptors in some edge cases where
- it would previously have used fallback directories. Fixes bug
- 23862; bugfix on 0.3.0.1-alpha.
- o Minor bugfixes (hidden service client):
- - When handling multiple SOCKS request for the same .onion address,
- only fetch the service descriptor once.
- - When a descriptor fetch fails with a non-recoverable error, close
- all pending SOCKS requests for that .onion. Fixes bug 23653;
- bugfix on 0.3.2.1-alpha.
- o Minor bugfixes (hidden service):
- - Always regenerate missing hidden service public key files. Prior
- to this, if the public key was deleted from disk, it wouldn't get
- recreated. Fixes bug 23748; bugfix on 0.3.2.2-alpha. Patch
- from "cathugger".
- - Make sure that we have a usable ed25519 key when the intro point
- relay supports ed25519 link authentication. Fixes bug 24002;
- bugfix on 0.3.2.1-alpha.
- o Minor bugfixes (hidden service, v2):
- - When reloading configured hidden services, copy all information
- from the old service object. Previously, some data was omitted,
- causing delays in descriptor upload, and other bugs. Fixes bug
- 23790; bugfix on 0.2.1.9-alpha.
- o Minor bugfixes (memory safety, defensive programming):
- - Clear the target address when node_get_prim_orport() returns
- early. Fixes bug 23874; bugfix on 0.2.8.2-alpha.
- o Minor bugfixes (relay):
- - Avoid a BUG warning when receiving a dubious CREATE cell while an
- option transition is in progress. Fixes bug 23952; bugfix
- on 0.3.2.1-alpha.
- o Minor bugfixes (testing):
- - Adjust the GitLab CI configuration to more closely match that of
- Travis CI. Fixes bug 23757; bugfix on 0.3.2.2-alpha.
- - Prevent scripts/test/coverage from attempting to move gcov output
- to the root directory. Fixes bug 23741; bugfix on 0.2.5.1-alpha.
- - When running unit tests as root, skip a test that would fail
- because it expects a permissions error. This affects some
- continuous integration setups. Fixes bug 23758; bugfix
- on 0.3.2.2-alpha.
- - Stop unconditionally mirroring the tor repository in GitLab CI.
- This prevented developers from enabling GitLab CI on master. Fixes
- bug 23755; bugfix on 0.3.2.2-alpha.
- - Fix the hidden service v3 descriptor decoding fuzzing to use the
- latest decoding API correctly. Fixes bug 21509; bugfix
- on 0.3.2.1-alpha.
- o Minor bugfixes (warnings):
- - When we get an HTTP request on a SOCKS port, tell the user about
- the new HTTPTunnelPort option. Previously, we would give a "Tor is
- not an HTTP Proxy" message, which stopped being true when
- HTTPTunnelPort was introduced. Fixes bug 23678; bugfix
- on 0.3.2.1-alpha.
- Changes in version 0.2.5.15 - 2017-10-25
- Tor 0.2.5.15 backports a collection of bugfixes from later Tor release
- series. It also adds a new directory authority, Bastet.
- Note: the Tor 0.2.5 series will no longer be supported after 1 May
- 2018. If you need a release with long-term support, please upgrade to
- the 0.2.9 series. Otherwise, please upgrade to 0.3.1 or later.
- o Directory authority changes:
- - Add "Bastet" as a ninth directory authority to the default list.
- Closes ticket 23910.
- - The directory authority "Longclaw" has changed its IP address.
- Closes ticket 23592.
- o Major bugfixes (openbsd, denial-of-service, backport from 0.3.1.5-alpha):
- - Avoid an assertion failure bug affecting our implementation of
- inet_pton(AF_INET6) on certain OpenBSD systems whose strtol()
- handling of "0xx" differs from what we had expected. Fixes bug
- 22789; bugfix on 0.2.3.8-alpha. Also tracked as TROVE-2017-007.
- o Minor features (geoip):
- - Update geoip and geoip6 to the October 4 2017 Maxmind GeoLite2
- Country database.
- o Minor bugfixes (defensive programming, undefined behavior, backport from 0.3.1.4-alpha):
- - Fix a memset() off the end of an array when packing cells. This
- bug should be harmless in practice, since the corrupted bytes are
- still in the same structure, and are always padding bytes,
- ignored, or immediately overwritten, depending on compiler
- behavior. Nevertheless, because the memset()'s purpose is to make
- sure that any other cell-handling bugs can't expose bytes to the
- network, we need to fix it. Fixes bug 22737; bugfix on
- 0.2.4.11-alpha. Fixes CID 1401591.
- o Build features (backport from 0.3.1.5-alpha):
- - Tor's repository now includes a Travis Continuous Integration (CI)
- configuration file (.travis.yml). This is meant to help new
- developers and contributors who fork Tor to a Github repository be
- better able to test their changes, and understand what we expect
- to pass. To use this new build feature, you must fork Tor to your
- Github account, then go into the "Integrations" menu in the
- repository settings for your fork and enable Travis, then push
- your changes. Closes ticket 22636.
- Changes in version 0.2.8.16 - 2017-10-25
- Tor 0.2.8.16 backports a collection of bugfixes from later Tor release
- series, including a bugfix for a crash issue that had affected relays
- under memory pressure. It also adds a new directory authority, Bastet.
- Note: the Tor 0.2.8 series will no longer be supported after 1 Jan
- 2018. If you need a release with long-term support, please stick with
- the 0.2.9 series. Otherwise, please upgrade to 0.3.1 or later.
- o Directory authority changes:
- - Add "Bastet" as a ninth directory authority to the default list.
- Closes ticket 23910.
- - The directory authority "Longclaw" has changed its IP address.
- Closes ticket 23592.
- o Major bugfixes (relay, crash, assertion failure, backport from 0.3.2.2-alpha):
- - Fix a timing-based assertion failure that could occur when the
- circuit out-of-memory handler freed a connection's output buffer.
- Fixes bug 23690; bugfix on 0.2.6.1-alpha.
- o Minor features (directory authorities, backport from 0.3.2.2-alpha):
- - Remove longclaw's IPv6 address, as it will soon change. Authority
- IPv6 addresses were originally added in 0.2.8.1-alpha. This leaves
- 3/8 directory authorities with IPv6 addresses, but there are also
- 52 fallback directory mirrors with IPv6 addresses. Resolves 19760.
- o Minor features (geoip):
- - Update geoip and geoip6 to the October 4 2017 Maxmind GeoLite2
- Country database.
- Changes in version 0.2.9.13 - 2017-10-25
- Tor 0.2.9.13 backports a collection of bugfixes from later Tor release
- series, including a bugfix for a crash issue that had affected relays
- under memory pressure. It also adds a new directory authority, Bastet.
- o Directory authority changes:
- - Add "Bastet" as a ninth directory authority to the default list.
- Closes ticket 23910.
- - The directory authority "Longclaw" has changed its IP address.
- Closes ticket 23592.
- o Major bugfixes (relay, crash, assertion failure, backport from 0.3.2.2-alpha):
- - Fix a timing-based assertion failure that could occur when the
- circuit out-of-memory handler freed a connection's output buffer.
- Fixes bug 23690; bugfix on 0.2.6.1-alpha.
- o Minor features (directory authorities, backport from 0.3.2.2-alpha):
- - Remove longclaw's IPv6 address, as it will soon change. Authority
- IPv6 addresses were originally added in 0.2.8.1-alpha. This leaves
- 3/8 directory authorities with IPv6 addresses, but there are also
- 52 fallback directory mirrors with IPv6 addresses. Resolves 19760.
- o Minor features (geoip):
- - Update geoip and geoip6 to the October 4 2017 Maxmind GeoLite2
- Country database.
- o Minor bugfixes (directory authority, backport from 0.3.1.5-alpha):
- - When a directory authority rejects a descriptor or extrainfo with
- a given digest, mark that digest as undownloadable, so that we do
- not attempt to download it again over and over. We previously
- tried to avoid downloading such descriptors by other means, but we
- didn't notice if we accidentally downloaded one anyway. This
- behavior became problematic in 0.2.7.2-alpha, when authorities
- began pinning Ed25519 keys. Fixes bug 22349; bugfix
- on 0.2.1.19-alpha.
- o Minor bugfixes (memory safety, backport from 0.3.2.3-alpha):
- - Clear the address when node_get_prim_orport() returns early.
- Fixes bug 23874; bugfix on 0.2.8.2-alpha.
- o Minor bugfixes (Windows service, backport from 0.3.1.6-rc):
- - When running as a Windows service, set the ID of the main thread
- correctly. Failure to do so made us fail to send log messages to
- the controller in 0.2.1.16-rc, slowed down controller event
- delivery in 0.2.7.3-rc and later, and crash with an assertion
- failure in 0.3.1.1-alpha. Fixes bug 23081; bugfix on 0.2.1.6-alpha.
- Patch and diagnosis from "Vort".
- Changes in version 0.3.0.12 - 2017-10-25
- Tor 0.3.0.12 backports a collection of bugfixes from later Tor release
- series, including a bugfix for a crash issue that had affected relays
- under memory pressure. It also adds a new directory authority, Bastet.
- Note: the Tor 0.3.0 series will no longer be supported after 26 Jan
- 2018. If you need a release with long-term support, please stick with
- the 0.2.9 series. Otherwise, please upgrade to 0.3.1 or later.
- o Directory authority changes:
- - Add "Bastet" as a ninth directory authority to the default list.
- Closes ticket 23910.
- - The directory authority "Longclaw" has changed its IP address.
- Closes ticket 23592.
- o Major bugfixes (relay, crash, assertion failure, backport from 0.3.2.2-alpha):
- - Fix a timing-based assertion failure that could occur when the
- circuit out-of-memory handler freed a connection's output buffer.
- Fixes bug 23690; bugfix on 0.2.6.1-alpha.
- o Minor features (directory authorities, backport from 0.3.2.2-alpha):
- - Remove longclaw's IPv6 address, as it will soon change. Authority
- IPv6 addresses were originally added in 0.2.8.1-alpha. This leaves
- 3/8 directory authorities with IPv6 addresses, but there are also
- 52 fallback directory mirrors with IPv6 addresses. Resolves 19760.
- o Minor features (geoip):
- - Update geoip and geoip6 to the October 4 2017 Maxmind GeoLite2
- Country database.
- o Minor bugfixes (directory authority, backport from 0.3.1.5-alpha):
- - When a directory authority rejects a descriptor or extrainfo with
- a given digest, mark that digest as undownloadable, so that we do
- not attempt to download it again over and over. We previously
- tried to avoid downloading such descriptors by other means, but we
- didn't notice if we accidentally downloaded one anyway. This
- behavior became problematic in 0.2.7.2-alpha, when authorities
- began pinning Ed25519 keys. Fixes bug 22349; bugfix
- on 0.2.1.19-alpha.
- o Minor bugfixes (hidden service, relay, backport from 0.3.2.2-alpha):
- - Avoid a possible double close of a circuit by the intro point on
- error of sending the INTRO_ESTABLISHED cell. Fixes bug 23610;
- bugfix on 0.3.0.1-alpha.
- o Minor bugfixes (memory safety, backport from 0.3.2.3-alpha):
- - Clear the address when node_get_prim_orport() returns early.
- Fixes bug 23874; bugfix on 0.2.8.2-alpha.
- o Minor bugfixes (Windows service, backport from 0.3.1.6-rc):
- - When running as a Windows service, set the ID of the main thread
- correctly. Failure to do so made us fail to send log messages to
- the controller in 0.2.1.16-rc, slowed down controller event
- delivery in 0.2.7.3-rc and later, and crash with an assertion
- failure in 0.3.1.1-alpha. Fixes bug 23081; bugfix on 0.2.1.6-alpha.
- Patch and diagnosis from "Vort".
- Changes in version 0.3.1.8 - 2017-10-25
- Tor 0.3.1.8 is the second stable release in the 0.3.1 series.
- It includes several bugfixes, including a bugfix for a crash issue
- that had affected relays under memory pressure. It also adds
- a new directory authority, Bastet.
- o Directory authority changes:
- - Add "Bastet" as a ninth directory authority to the default list.
- Closes ticket 23910.
- - The directory authority "Longclaw" has changed its IP address.
- Closes ticket 23592.
- o Major bugfixes (relay, crash, assertion failure, backport from 0.3.2.2-alpha):
- - Fix a timing-based assertion failure that could occur when the
- circuit out-of-memory handler freed a connection's output buffer.
- Fixes bug 23690; bugfix on 0.2.6.1-alpha.
- o Minor features (directory authorities, backport from 0.3.2.2-alpha):
- - Remove longclaw's IPv6 address, as it will soon change. Authority
- IPv6 addresses were originally added in 0.2.8.1-alpha. This leaves
- 3/8 directory authorities with IPv6 addresses, but there are also
- 52 fallback directory mirrors with IPv6 addresses. Resolves 19760.
- o Minor features (geoip):
- - Update geoip and geoip6 to the October 4 2017 Maxmind GeoLite2
- Country database.
- o Minor bugfixes (compilation, backport from 0.3.2.2-alpha):
- - Fix a compilation warning when building with zstd support on
- 32-bit platforms. Fixes bug 23568; bugfix on 0.3.1.1-alpha. Found
- and fixed by Andreas Stieger.
- o Minor bugfixes (compression, backport from 0.3.2.2-alpha):
- - Handle a pathological case when decompressing Zstandard data when
- the output buffer size is zero. Fixes bug 23551; bugfix
- on 0.3.1.1-alpha.
- o Minor bugfixes (directory authority, backport from 0.3.2.1-alpha):
- - Remove the length limit on HTTP status lines that authorities can
- send in their replies. Fixes bug 23499; bugfix on 0.3.1.6-rc.
- o Minor bugfixes (hidden service, relay, backport from 0.3.2.2-alpha):
- - Avoid a possible double close of a circuit by the intro point on
- error of sending the INTRO_ESTABLISHED cell. Fixes bug 23610;
- bugfix on 0.3.0.1-alpha.
- o Minor bugfixes (memory safety, backport from 0.3.2.3-alpha):
- - Clear the address when node_get_prim_orport() returns early.
- Fixes bug 23874; bugfix on 0.2.8.2-alpha.
- o Minor bugfixes (unit tests, backport from 0.3.2.2-alpha):
- - Fix additional channelpadding unit test failures by using mocked
- time instead of actual time for all tests. Fixes bug 23608; bugfix
- on 0.3.1.1-alpha.
- Changes in version 0.3.2.2-alpha - 2017-09-29
- Tor 0.3.2.2-alpha is the second release in the 0.3.2 series. This
- release fixes several minor bugs in the new scheduler and next-
- generation onion services; both features were newly added in the 0.3.2
- series. Other fixes in this alpha include several fixes for non-fatal
- tracebacks which would appear in logs.
- With the aim to stabilise the 0.3.2 series by 15 December 2017, this
- alpha does not contain any substantial new features. Minor features
- include better testing and logging.
- The following comprises the complete list of changes included
- in tor-0.3.2.2-alpha:
- o Major bugfixes (relay, crash, assertion failure):
- - Fix a timing-based assertion failure that could occur when the
- circuit out-of-memory handler freed a connection's output buffer.
- Fixes bug 23690; bugfix on 0.2.6.1-alpha.
- o Major bugfixes (scheduler):
- - If a channel is put into the scheduler's pending list, then it
- starts closing, and then if the scheduler runs before it finishes
- closing, the scheduler will get stuck trying to flush its cells
- while the lower layers refuse to cooperate. Fix that race
- condition by giving the scheduler an escape method. Fixes bug
- 23676; bugfix on 0.3.2.1-alpha.
- o Minor features (build, compilation):
- - The "check-changes" feature is now part of the "make check" tests;
- we'll use it to try to prevent misformed changes files from
- accumulating. Closes ticket 23564.
- - Tor builds should now fail if there are any mismatches between the
- C type representing a configuration variable and the C type the
- data-driven parser uses to store a value there. Previously, we
- needed to check these by hand, which sometimes led to mistakes.
- Closes ticket 23643.
- o Minor features (directory authorities):
- - Remove longclaw's IPv6 address, as it will soon change. Authority
- IPv6 addresses were originally added in 0.2.8.1-alpha. This leaves
- 3/8 directory authorities with IPv6 addresses, but there are also
- 52 fallback directory mirrors with IPv6 addresses. Resolves 19760.
- o Minor features (hidden service, circuit, logging):
- - Improve logging of many callsite in the circuit subsystem to print
- the circuit identifier(s).
- - Log when we cleanup an intro point from a service so we know when
- and for what reason it happened. Closes ticket 23604.
- o Minor features (logging):
- - Log more circuit information whenever we are about to try to
- package a relay cell on a circuit with a nonexistent n_chan.
- Attempt to diagnose ticket 8185.
- - Improve info-level log identification of particular circuits, to
- help with debugging. Closes ticket 23645.
- o Minor features (relay):
- - When choosing which circuits can be expired as unused, consider
- circuits from clients even if those clients used regular CREATE
- cells to make them; and do not consider circuits from relays even
- if they were made with CREATE_FAST. Part of ticket 22805.
- o Minor features (robustness):
- - Change several fatal assertions when flushing buffers into non-
- fatal assertions, to prevent any recurrence of 23690.
- o Minor features (spec conformance, bridge, diagnostic):
- - When handling the USERADDR command on an ExtOrPort, warn when the
- transports provides a USERADDR with no port. In a future version,
- USERADDR commands of this format may be rejected. Detects problems
- related to ticket 23080.
- o Minor features (testing):
- - Add a unit test to make sure that our own generated platform
- string will be accepted by directory authorities. Closes
- ticket 22109.
- o Minor bugfixes (bootstrapping):
- - When warning about state file clock skew, report the correct
- direction for the detected skew. Fixes bug 23606; bugfix
- on 0.2.8.1-alpha.
- - Avoid an assertion failure when logging a state file clock skew
- very early in bootstrapping. Fixes bug 23607; bugfix
- on 0.3.2.1-alpha.
- o Minor bugfixes (build, compilation):
- - Fix a compilation warning when building with zstd support on
- 32-bit platforms. Fixes bug 23568; bugfix on 0.3.1.1-alpha. Found
- and fixed by Andreas Stieger.
- - When searching for OpenSSL, don't accept any OpenSSL library that
- lacks TLSv1_1_method(): Tor doesn't build with those versions.
- Additionally, look in /usr/local/opt/openssl, if it's present.
- These changes together repair the default build on OSX systems
- with Homebrew installed. Fixes bug 23602; bugfix on 0.2.7.2-alpha.
- o Minor bugfixes (compression):
- - Handle a pathological case when decompressing Zstandard data when
- the output buffer size is zero. Fixes bug 23551; bugfix
- on 0.3.1.1-alpha.
- o Minor bugfixes (documentation):
- - Fix manpage to not refer to the obsolete (and misspelled)
- UseEntryGuardsAsDirectoryGuards parameter in the description of
- NumDirectoryGuards. Fixes bug 23611; bugfix on 0.2.4.8-alpha.
- o Minor bugfixes (hidden service v3):
- - Don't log an assertion failure when we can't find the right
- information to extend to an introduction point. In rare cases,
- this could happen, causing a warning, even though tor would
- recover gracefully. Fixes bug 23159; bugfix on 0.3.2.1-alpha.
- - Pad RENDEZVOUS cell up to the size of the legacy cell which is
- much bigger so the rendezvous point can't distinguish which hidden
- service protocol is being used. Fixes bug 23420; bugfix
- on 0.3.2.1-alpha.
- o Minor bugfixes (hidden service, relay):
- - Avoid a possible double close of a circuit by the intro point on
- error of sending the INTRO_ESTABLISHED cell. Fixes bug 23610;
- bugfix on 0.3.0.1-alpha.
- o Minor bugfixes (logging, relay shutdown, annoyance):
- - When a circuit is marked for close, do not attempt to package any
- cells for channels on that circuit. Previously, we would detect
- this condition lower in the call stack, when we noticed that the
- circuit had no attached channel, and log an annoying message.
- Fixes bug 8185; bugfix on 0.2.5.4-alpha.
- o Minor bugfixes (scheduler):
- - When switching schedulers due to a consensus change, we didn't
- give the new scheduler a chance to react to the consensus. Fix
- that. Fixes bug 23537; bugfix on 0.3.2.1-alpha.
- - Make the KISTSchedRunInterval option a non negative value. With
- this, the way to disable KIST through the consensus is to set it
- to 0. Fixes bug 23539; bugfix on 0.3.2.1-alpha.
- - Only notice log the selected scheduler when we switch scheduler
- types. Fixes bug 23552; bugfix on 0.3.2.1-alpha.
- - Avoid a compilation warning on macOS in scheduler_ev_add() caused
- by a different tv_usec data type. Fixes bug 23575; bugfix
- on 0.3.2.1-alpha.
- - Make a hard exit if tor is unable to pick a scheduler which can
- happen if the user specifies a scheduler type that is not
- supported and not other types in Schedulers. Fixes bug 23581;
- bugfix on 0.3.2.1-alpha.
- - Properly initialize the scheduler last run time counter so it is
- not 0 at the first tick. Fixes bug 23696; bugfix on 0.3.2.1-alpha.
- o Minor bugfixes (testing):
- - Capture and detect several "Result does not fit" warnings in unit
- tests on platforms with 32-bit time_t. Fixes bug 21800; bugfix
- on 0.2.9.3-alpha.
- - Fix additional channelpadding unit test failures by using mocked
- time instead of actual time for all tests. Fixes bug 23608; bugfix
- on 0.3.1.1-alpha.
- - The removal of some old scheduler options caused some tests to
- fail on BSD systems. Assume current behavior is correct and make
- the tests pass again. Fixes bug 23566; bugfix on 0.3.2.1-alpha.
- o Code simplification and refactoring:
- - Remove various ways of testing circuits and connections for
- "clientness"; instead, favor channel_is_client(). Part of
- ticket 22805.
- o Deprecated features:
- - The ReachableDirAddresses and ClientPreferIPv6DirPort options are
- now deprecated; they do not apply to relays, and they have had no
- effect on clients since 0.2.8.x. Closes ticket 19704.
- o Documentation:
- - HiddenServiceVersion man page entry wasn't mentioning the now
- supported version 3. Fixes ticket 23580; bugfix on 0.3.2.1-alpha.
- - Clarify that the Address option is entirely about setting an
- advertised IPv4 address. Closes ticket 18891.
- - Clarify the manpage's use of the term "address" to clarify what
- kind of address is intended. Closes ticket 21405.
- - Document that onion service subdomains are allowed, and ignored.
- Closes ticket 18736.
- Changes in version 0.3.2.1-alpha - 2017-09-18
- Tor 0.3.2.1-alpha is the first release in the 0.3.2.x series. It
- includes support for our next-generation ("v3") onion service
- protocol, and adds a new circuit scheduler for more responsive
- forwarding decisions from relays. There are also numerous other small
- features and bugfixes here.
- Below are the changes since Tor 0.3.1.7.
- o Major feature (scheduler, channel):
- - Tor now uses new schedulers to decide which circuits should
- deliver cells first, in order to improve congestion at relays. The
- first type is called "KIST" ("Kernel Informed Socket Transport"),
- and is only available on Linux-like systems: it uses feedback from
- the kernel to prevent the kernel's TCP buffers from growing too
- full. The second new scheduler type is called "KISTLite": it
- behaves the same as KIST, but runs on systems without kernel
- support for inspecting TCP implementation details. The old
- scheduler is still available, under the name "Vanilla". To change
- the default scheduler preference order, use the new "Schedulers"
- option. (The default preference order is "KIST,KISTLite,Vanilla".)
- Matt Traudt implemented KIST, based on research by Rob Jansen,
- John Geddes, Christ Wacek, Micah Sherr, and Paul Syverson. For
- more information, see the design paper at
- http://www.robgjansen.com/publications/kist-sec2014.pdf and the
- followup implementation paper at https://arxiv.org/abs/1709.01044.
- Closes ticket 12541.
- o Major features (next-generation onion services):
- - Tor now supports the next-generation onion services protocol for
- clients and services! As part of this release, the core of
- proposal 224 has been implemented and is available for
- experimentation and testing by our users. This newer version of
- onion services ("v3") features many improvements over the legacy
- system, including:
- a) Better crypto (replaced SHA1/DH/RSA1024
- with SHA3/ed25519/curve25519)
- b) Improved directory protocol, leaking much less information to
- directory servers.
- c) Improved directory protocol, with smaller surface for
- targeted attacks.
- d) Better onion address security against impersonation.
- e) More extensible introduction/rendezvous protocol.
- f) A cleaner and more modular codebase.
- You can identify a next-generation onion address by its length:
- they are 56 characters long, as in
- "4acth47i6kxnvkewtm6q7ib2s3ufpo5sqbsnzjpbi7utijcltosqemad.onion".
- In the future, we will release more options and features for v3
- onion services, but we first need a testing period, so that the
- current codebase matures and becomes more robust. Planned features
- include: offline keys, advanced client authorization, improved
- guard algorithms, and statistics. For full details, see
- proposal 224.
- Legacy ("v2") onion services will still work for the foreseeable
- future, and will remain the default until this new codebase gets
- tested and hardened. Service operators who want to experiment with
- the new system can use the 'HiddenServiceVersion 3' torrc
- directive along with the regular onion service configuration
- options. We will publish a blog post about this new feature
- soon! Enjoy!
- o Major bugfixes (usability, control port):
- - Report trusted clock skew indications as bootstrap errors, so
- controllers can more easily alert users when their clocks are
- wrong. Fixes bug 23506; bugfix on 0.1.2.6-alpha.
- o Minor features (bug detection):
- - Log a warning message with a stack trace for any attempt to call
- get_options() during option validation. This pattern has caused
- subtle bugs in the past. Closes ticket 22281.
- o Minor features (client):
- - You can now use Tor as a tunneled HTTP proxy: use the new
- HTTPTunnelPort option to open a port that accepts HTTP CONNECT
- requests. Closes ticket 22407.
- - Add an extra check to make sure that we always use the newer guard
- selection code for picking our guards. Closes ticket 22779.
- - When downloading (micro)descriptors, don't split the list into
- multiple requests unless we want at least 32 descriptors.
- Previously, we split at 4, not 32, which led to significant
- overhead in HTTP request size and degradation in compression
- performance. Closes ticket 23220.
- o Minor features (command line):
- - Add a new commandline option, --key-expiration, which prints when
- the current signing key is going to expire. Implements ticket
- 17639; patch by Isis Lovecruft.
- o Minor features (control port):
- - If an application tries to use the control port as an HTTP proxy,
- respond with a meaningful "This is the Tor control port" message,
- and log the event. Closes ticket 1667. Patch from Ravi
- Chandra Padmala.
- - Provide better error message for GETINFO desc/(id|name) when not
- fetching router descriptors. Closes ticket 5847. Patch by
- Kevin Butler.
- - Add GETINFO "{desc,md}/download-enabled", to inform the controller
- whether Tor will try to download router descriptors and
- microdescriptors respectively. Closes ticket 22684.
- - Added new GETINFO targets "ip-to-country/{ipv4,ipv6}-available",
- so controllers can tell whether the geoip databases are loaded.
- Closes ticket 23237.
- - Adds a timestamp field to the CIRC_BW and STREAM_BW bandwidth
- events. Closes ticket 19254. Patch by "DonnchaC".
- o Minor features (development support):
- - Developers can now generate a call-graph for Tor using the
- "calltool" python program, which post-processes object dumps. It
- should work okay on many Linux and OSX platforms, and might work
- elsewhere too. To run it, install calltool from
- https://gitweb.torproject.org/user/nickm/calltool.git and run
- "make callgraph". Closes ticket 19307.
- o Minor features (ed25519):
- - Add validation function to checks for torsion components in
- ed25519 public keys, used by prop224 client-side code. Closes
- ticket 22006. Math help by Ian Goldberg.
- o Minor features (exit relay, DNS):
- - Improve the clarity and safety of the log message from evdns when
- receiving an apparently spoofed DNS reply. Closes ticket 3056.
- o Minor features (integration, hardening):
- - Add a new NoExec option to prevent Tor from running other
- programs. When this option is set to 1, Tor will never try to run
- another program, regardless of the settings of
- PortForwardingHelper, ClientTransportPlugin, or
- ServerTransportPlugin. Once NoExec is set, it cannot be disabled
- without restarting Tor. Closes ticket 22976.
- o Minor features (logging):
- - Improve the warning message for specifying a relay by nickname.
- The previous message implied that nickname registration was still
- part of the Tor network design, which it isn't. Closes
- ticket 20488.
- - If the sandbox filter fails to load, suggest to the user that
- their kernel might not support seccomp2. Closes ticket 23090.
- o Minor features (portability):
- - Check at configure time whether uint8_t is the same type as
- unsigned char. Lots of existing code already makes this
- assumption, and there could be strict aliasing issues if the
- assumption is violated. Closes ticket 22410.
- o Minor features (relay, configuration):
- - Reject attempts to use relative file paths when RunAsDaemon is
- set. Previously, Tor would accept these, but the directory-
- changing step of RunAsDaemon would give strange and/or confusing
- results. Closes ticket 22731.
- o Minor features (startup, safety):
- - When configured to write a PID file, Tor now exits if it is unable
- to do so. Previously, it would warn and continue. Closes
- ticket 20119.
- o Minor features (static analysis):
- - The BUG() macro has been changed slightly so that Coverity no
- longer complains about dead code if the bug is impossible. Closes
- ticket 23054.
- o Minor features (testing):
- - The default chutney network tests now include tests for the v3
- hidden service design. Make sure you have the latest version of
- chutney if you want to run these. Closes ticket 22437.
- - Add a unit test to verify that we can parse a hardcoded v2 hidden
- service descriptor. Closes ticket 15554.
- o Minor bugfixes (certificate handling):
- - Fix a time handling bug in Tor certificates set to expire after
- the year 2106. Fixes bug 23055; bugfix on 0.3.0.1-alpha. Found by
- Coverity as CID 1415728.
- o Minor bugfixes (client, usability):
- - Refrain from needlessly rejecting SOCKS5-with-hostnames and
- SOCKS4a requests that contain IP address strings, even when
- SafeSocks in enabled, as this prevents user from connecting to
- known IP addresses without relying on DNS for resolving. SafeSocks
- still rejects SOCKS connections that connect to IP addresses when
- those addresses are _not_ encoded as hostnames. Fixes bug 22461;
- bugfix on Tor 0.2.6.2-alpha.
- o Minor bugfixes (code correctness):
- - Call htons() in extend_cell_format() for encoding a 16-bit value.
- Previously we used ntohs(), which happens to behave the same on
- all the platforms we support, but which isn't really correct.
- Fixes bug 23106; bugfix on 0.2.4.8-alpha.
- - For defense-in-depth, make the controller's write_escaped_data()
- function robust to extremely long inputs. Fixes bug 19281; bugfix
- on 0.1.1.1-alpha. Reported by Guido Vranken.
- o Minor bugfixes (compilation):
- - Fix unused-variable warnings in donna's Curve25519 SSE2 code.
- Fixes bug 22895; bugfix on 0.2.7.2-alpha.
- o Minor bugfixes (consensus expiry):
- - Check for adequate directory information correctly. Previously, Tor
- would reconsider whether it had sufficient directory information
- every 2 minutes. Fixes bug 23091; bugfix on 0.2.0.19-alpha.
- o Minor bugfixes (directory protocol):
- - Directory servers now include a "Date:" http header for response
- codes other than 200. Clients starting with a skewed clock and a
- recent consensus were getting "304 Not modified" responses from
- directory authorities, so without the Date header, the client
- would never hear about a wrong clock. Fixes bug 23499; bugfix
- on 0.0.8rc1.
- - Make clients wait for 6 seconds before trying to download a
- consensus from an authority. Fixes bug 17750; bugfix
- on 0.2.8.1-alpha.
- o Minor bugfixes (DoS-resistance):
- - If future code asks if there are any running bridges, without
- checking if bridges are enabled, log a BUG warning rather than
- crashing. Fixes bug 23524; bugfix on 0.3.0.1-alpha.
- o Minor bugfixes (format strictness):
- - Restrict several data formats to decimal. Previously, the
- BuildTimeHistogram entries in the state file, the "bw=" entries in
- the bandwidth authority file, and the process IDs passed to the
- __OwningControllerProcess option could all be specified in hex or
- octal as well as in decimal. This was not an intentional feature.
- Fixes bug 22802; bugfixes on 0.2.2.1-alpha, 0.2.2.2-alpha,
- and 0.2.2.28-beta.
- o Minor bugfixes (heartbeat):
- - If we fail to write a heartbeat message, schedule a retry for the
- minimum heartbeat interval number of seconds in the future. Fixes
- bug 19476; bugfix on 0.2.3.1-alpha.
- o Minor bugfixes (linux seccomp2 sandbox, logging):
- - Fix some messages on unexpected errors from the seccomp2 library.
- Fixes bug 22750; bugfix on 0.2.5.1-alpha. Patch from "cypherpunks".
- o Minor bugfixes (logging):
- - Remove duplicate log messages regarding opening non-local
- SocksPorts upon parsing config and opening listeners at startup.
- Fixes bug 4019; bugfix on 0.2.3.3-alpha.
- - Use a more comprehensible log message when telling the user
- they've excluded every running exit node. Fixes bug 7890; bugfix
- on 0.2.2.25-alpha.
- - When logging the number of descriptors we intend to download per
- directory request, do not log a number higher than then the number
- of descriptors we're fetching in total. Fixes bug 19648; bugfix
- on 0.1.1.8-alpha.
- - When warning about a directory owned by the wrong user, log the
- actual name of the user owning the directory. Previously, we'd log
- the name of the process owner twice. Fixes bug 23487; bugfix
- on 0.2.9.1-alpha.
- - The tor specification says hop counts are 1-based, so fix two log
- messages that mistakenly logged 0-based hop counts. Fixes bug
- 18982; bugfix on 0.2.6.2-alpha and 0.2.4.5-alpha. Patch by teor.
- Credit to Xiaofan Li for reporting this issue.
- o Minor bugfixes (portability):
- - Stop using the PATH_MAX variable, which is not defined on GNU
- Hurd. Fixes bug 23098; bugfix on 0.3.1.1-alpha.
- o Minor bugfixes (relay):
- - When uploading our descriptor for the first time after startup,
- report the reason for uploading as "Tor just started" rather than
- leaving it blank. Fixes bug 22885; bugfix on 0.2.3.4-alpha.
- - Avoid unnecessary calls to directory_fetches_from_authorities() on
- relays, to prevent spurious address resolutions and descriptor
- rebuilds. This is a mitigation for bug 21789. Fixes bug 23470;
- bugfix on in 0.2.8.1-alpha.
- o Minor bugfixes (tests):
- - Fix a broken unit test for the OutboundAddress option: the parsing
- function was never returning an error on failure. Fixes bug 23366;
- bugfix on 0.3.0.3-alpha.
- - Fix a signed-integer overflow in the unit tests for
- dir/download_status_random_backoff, which was untriggered until we
- fixed bug 17750. Fixes bug 22924; bugfix on 0.2.9.1-alpha.
- o Minor bugfixes (usability, control port):
- - Stop making an unnecessary routerlist check in NETINFO clock skew
- detection; this was preventing clients from reporting NETINFO clock
- skew to controllers. Fixes bug 23532; bugfix on 0.2.4.4-alpha.
- o Code simplification and refactoring:
- - Extract the code for handling newly-open channels into a separate
- function from the general code to handle channel state
- transitions. This change simplifies our callgraph, reducing the
- size of the largest strongly connected component by roughly a
- factor of two. Closes ticket 22608.
- - Remove dead code for largely unused statistics on the number of
- times we've attempted various public key operations. Fixes bug
- 19871; bugfix on 0.1.2.4-alpha. Fix by Isis Lovecruft.
- - Remove several now-obsolete functions for asking about old
- variants directory authority status. Closes ticket 22311; patch
- from "huyvq".
- - Remove some of the code that once supported "Named" and "Unnamed"
- routers. Authorities no longer vote for these flags. Closes
- ticket 22215.
- - Rename the obsolete malleable hybrid_encrypt functions used in TAP
- and old hidden services, to indicate that they aren't suitable for
- new protocols or formats. Closes ticket 23026.
- - Replace our STRUCT_OFFSET() macro with offsetof(). Closes ticket
- 22521. Patch from Neel Chauhan.
- - Split the enormous circuit_send_next_onion_skin() function into
- multiple subfunctions. Closes ticket 22804.
- - Split the portions of the buffer.c module that handle particular
- protocols into separate modules. Part of ticket 23149.
- - Use our test macros more consistently, to produce more useful
- error messages when our unit tests fail. Add coccinelle patches to
- allow us to re-check for test macro uses. Closes ticket 22497.
- o Deprecated features:
- - Deprecate HTTPProxy/HTTPProxyAuthenticator config options. They
- only applies to direct unencrypted HTTP connections to your
- directory server, which your Tor probably isn't using. Closes
- ticket 20575.
- o Documentation:
- - Clarify in the manual that "Sandbox 1" is only supported on Linux
- kernels. Closes ticket 22677.
- - Document all values of PublishServerDescriptor in the manpage.
- Closes ticket 15645.
- - Improve the documentation for the directory port part of the
- DirAuthority line. Closes ticket 20152.
- - Restore documentation for the authorities' "approved-routers"
- file. Closes ticket 21148.
- o Removed features:
- - The AllowDotExit option has been removed as unsafe. It has been
- deprecated since 0.2.9.2-alpha. Closes ticket 23426.
- - The ClientDNSRejectInternalAddresses flag can no longer be set on
- non-testing networks. It has been deprecated since 0.2.9.2-alpha.
- Closes ticket 21031.
- - The controller API no longer includes an AUTHDIR_NEWDESCS event:
- nobody was using it any longer. Closes ticket 22377.
- Changes in version 0.2.8.15 - 2017-09-18
- Tor 0.2.8.15 backports a collection of bugfixes from later
- Tor series.
- Most significantly, it includes a fix for TROVE-2017-008, a
- security bug that affects hidden services running with the
- SafeLogging option disabled. For more information, see
- https://trac.torproject.org/projects/tor/ticket/23490
- Note that Tor 0.2.8.x will no longer be supported after 1 Jan
- 2018. We suggest that you upgrade to the latest stable release if
- possible. If you can't, we recommend that you upgrade at least to
- 0.2.9, which will be supported until 2020.
- o Major bugfixes (openbsd, denial-of-service, backport from 0.3.1.5-alpha):
- - Avoid an assertion failure bug affecting our implementation of
- inet_pton(AF_INET6) on certain OpenBSD systems whose strtol()
- handling of "0xx" differs from what we had expected. Fixes bug
- 22789; bugfix on 0.2.3.8-alpha. Also tracked as TROVE-2017-007.
- o Minor features:
- - Update geoip and geoip6 to the September 6 2017 Maxmind GeoLite2
- Country database.
- o Minor bugfixes (compilation, mingw, backport from 0.3.1.1-alpha):
- - Backport a fix for an "unused variable" warning that appeared
- in some versions of mingw. Fixes bug 22838; bugfix on
- 0.2.8.1-alpha.
- o Minor bugfixes (defensive programming, undefined behavior, backport from 0.3.1.4-alpha):
- - Fix a memset() off the end of an array when packing cells. This
- bug should be harmless in practice, since the corrupted bytes are
- still in the same structure, and are always padding bytes,
- ignored, or immediately overwritten, depending on compiler
- behavior. Nevertheless, because the memset()'s purpose is to make
- sure that any other cell-handling bugs can't expose bytes to the
- network, we need to fix it. Fixes bug 22737; bugfix on
- 0.2.4.11-alpha. Fixes CID 1401591.
- o Build features (backport from 0.3.1.5-alpha):
- - Tor's repository now includes a Travis Continuous Integration (CI)
- configuration file (.travis.yml). This is meant to help new
- developers and contributors who fork Tor to a Github repository be
- better able to test their changes, and understand what we expect
- to pass. To use this new build feature, you must fork Tor to your
- Github account, then go into the "Integrations" menu in the
- repository settings for your fork and enable Travis, then push
- your changes. Closes ticket 22636.
- Changes in version 0.2.9.12 - 2017-09-18
- Tor 0.2.9.12 backports a collection of bugfixes from later
- Tor series.
- Most significantly, it includes a fix for TROVE-2017-008, a
- security bug that affects hidden services running with the
- SafeLogging option disabled. For more information, see
- https://trac.torproject.org/projects/tor/ticket/23490
- o Major features (security, backport from 0.3.0.2-alpha):
- - Change the algorithm used to decide DNS TTLs on client and server
- side, to better resist DNS-based correlation attacks like the
- DefecTor attack of Greschbach, Pulls, Roberts, Winter, and
- Feamster. Now relays only return one of two possible DNS TTL
- values, and clients are willing to believe DNS TTL values up to 3
- hours long. Closes ticket 19769.
- o Major bugfixes (crash, directory connections, backport from 0.3.0.5-rc):
- - Fix a rare crash when sending a begin cell on a circuit whose
- linked directory connection had already been closed. Fixes bug
- 21576; bugfix on 0.2.9.3-alpha. Reported by Alec Muffett.
- o Major bugfixes (DNS, backport from 0.3.0.2-alpha):
- - Fix a bug that prevented exit nodes from caching DNS records for
- more than 60 seconds. Fixes bug 19025; bugfix on 0.2.4.7-alpha.
- o Major bugfixes (linux TPROXY support, backport from 0.3.1.1-alpha):
- - Fix a typo that had prevented TPROXY-based transparent proxying
- from working under Linux. Fixes bug 18100; bugfix on 0.2.6.3-alpha.
- Patch from "d4fq0fQAgoJ".
- o Major bugfixes (openbsd, denial-of-service, backport from 0.3.1.5-alpha):
- - Avoid an assertion failure bug affecting our implementation of
- inet_pton(AF_INET6) on certain OpenBSD systems whose strtol()
- handling of "0xx" differs from what we had expected. Fixes bug
- 22789; bugfix on 0.2.3.8-alpha. Also tracked as TROVE-2017-007.
- o Minor features (code style, backport from 0.3.1.3-alpha):
- - Add "Falls through" comments to our codebase, in order to silence
- GCC 7's -Wimplicit-fallthrough warnings. Patch from Andreas
- Stieger. Closes ticket 22446.
- o Minor features (geoip):
- - Update geoip and geoip6 to the September 6 2017 Maxmind GeoLite2
- Country database.
- o Minor bugfixes (bandwidth accounting, backport from 0.3.1.1-alpha):
- - Roll over monthly accounting at the configured hour and minute,
- rather than always at 00:00. Fixes bug 22245; bugfix on 0.0.9rc1.
- Found by Andrey Karpov with PVS-Studio.
- o Minor bugfixes (compilation, backport from 0.3.1.5-alpha):
- - Suppress -Wdouble-promotion warnings with clang 4.0. Fixes bug 22915;
- bugfix on 0.2.8.1-alpha.
- - Fix warnings when building with libscrypt and openssl scrypt support
- on Clang. Fixes bug 22916; bugfix on 0.2.7.2-alpha.
- - When building with certain versions the mingw C header files, avoid
- float-conversion warnings when calling the C functions isfinite(),
- isnan(), and signbit(). Fixes bug 22801; bugfix on 0.2.8.1-alpha.
- o Minor bugfixes (compilation, backport from 0.3.1.7):
- - Avoid compiler warnings in the unit tests for running tor_sscanf()
- with wide string outputs. Fixes bug 15582; bugfix on 0.2.6.2-alpha.
- o Minor bugfixes (compilation, mingw, backport from 0.3.1.1-alpha):
- - Backport a fix for an "unused variable" warning that appeared
- in some versions of mingw. Fixes bug 22838; bugfix on
- 0.2.8.1-alpha.
- o Minor bugfixes (controller, backport from 0.3.1.7):
- - Do not crash when receiving a HSPOST command with an empty body.
- Fixes part of bug 22644; bugfix on 0.2.7.1-alpha.
- - Do not crash when receiving a POSTDESCRIPTOR command with an
- empty body. Fixes part of bug 22644; bugfix on 0.2.0.1-alpha.
- o Minor bugfixes (coverity build support, backport from 0.3.1.5-alpha):
- - Avoid Coverity build warnings related to our BUG() macro. By
- default, Coverity treats BUG() as the Linux kernel does: an
- instant abort(). We need to override that so our BUG() macro
- doesn't prevent Coverity from analyzing functions that use it.
- Fixes bug 23030; bugfix on 0.2.9.1-alpha.
- o Minor bugfixes (defensive programming, undefined behavior, backport from 0.3.1.4-alpha):
- - Fix a memset() off the end of an array when packing cells. This
- bug should be harmless in practice, since the corrupted bytes are
- still in the same structure, and are always padding bytes,
- ignored, or immediately overwritten, depending on compiler
- behavior. Nevertheless, because the memset()'s purpose is to make
- sure that any other cell-handling bugs can't expose bytes to the
- network, we need to fix it. Fixes bug 22737; bugfix on
- 0.2.4.11-alpha. Fixes CID 1401591.
- o Minor bugfixes (file limits, osx, backport from 0.3.1.5-alpha):
- - When setting the maximum number of connections allowed by the OS,
- always allow some extra file descriptors for other files. Fixes
- bug 22797; bugfix on 0.2.0.10-alpha.
- o Minor bugfixes (linux seccomp2 sandbox, backport from 0.3.1.5-alpha):
- - Avoid a sandbox failure when trying to re-bind to a socket and
- mark it as IPv6-only. Fixes bug 20247; bugfix on 0.2.5.1-alpha.
- o Minor bugfixes (linux seccomp2 sandbox, backport from 0.3.1.4-alpha):
- - Permit the fchmod system call, to avoid crashing on startup when
- starting with the seccomp2 sandbox and an unexpected set of
- permissions on the data directory or its contents. Fixes bug
- 22516; bugfix on 0.2.5.4-alpha.
- o Minor bugfixes (relay, backport from 0.3.0.5-rc):
- - Avoid a double-marked-circuit warning that could happen when we
- receive DESTROY cells under heavy load. Fixes bug 20059; bugfix
- on 0.1.0.1-rc.
- o Minor bugfixes (voting consistency, backport from 0.3.1.1-alpha):
- - Reject version numbers with non-numeric prefixes (such as +, -, or
- whitespace). Disallowing whitespace prevents differential version
- parsing between POSIX-based and Windows platforms. Fixes bug 21507
- and part of 21508; bugfix on 0.0.8pre1.
- o Build features (backport from 0.3.1.5-alpha):
- - Tor's repository now includes a Travis Continuous Integration (CI)
- configuration file (.travis.yml). This is meant to help new
- developers and contributors who fork Tor to a Github repository be
- better able to test their changes, and understand what we expect
- to pass. To use this new build feature, you must fork Tor to your
- Github account, then go into the "Integrations" menu in the
- repository settings for your fork and enable Travis, then push
- your changes. Closes ticket 22636.
- Changes in version 0.3.0.11 - 2017-09-18
- Tor 0.3.0.11 backports a collection of bugfixes from Tor the 0.3.1
- series.
- Most significantly, it includes a fix for TROVE-2017-008, a
- security bug that affects hidden services running with the
- SafeLogging option disabled. For more information, see
- https://trac.torproject.org/projects/tor/ticket/23490
- o Minor features (code style, backport from 0.3.1.7):
- - Add "Falls through" comments to our codebase, in order to silence
- GCC 7's -Wimplicit-fallthrough warnings. Patch from Andreas
- Stieger. Closes ticket 22446.
- o Minor features:
- - Update geoip and geoip6 to the September 6 2017 Maxmind GeoLite2
- Country database.
- o Minor bugfixes (compilation, backport from 0.3.1.7):
- - Avoid compiler warnings in the unit tests for calling tor_sscanf()
- with wide string outputs. Fixes bug 15582; bugfix on 0.2.6.2-alpha.
- o Minor bugfixes (controller, backport from 0.3.1.7):
- - Do not crash when receiving a HSPOST command with an empty body.
- Fixes part of bug 22644; bugfix on 0.2.7.1-alpha.
- - Do not crash when receiving a POSTDESCRIPTOR command with an empty
- body. Fixes part of bug 22644; bugfix on 0.2.0.1-alpha.
- o Minor bugfixes (file limits, osx, backport from 0.3.1.5-alpha):
- - When setting the maximum number of connections allowed by the OS,
- always allow some extra file descriptors for other files. Fixes
- bug 22797; bugfix on 0.2.0.10-alpha.
- o Minor bugfixes (logging, relay, backport from 0.3.1.6-rc):
- - Remove a forgotten debugging message when an introduction point
- successfully establishes a hidden service prop224 circuit with
- a client.
- - Change three other log_warn() for an introduction point to
- protocol warnings, because they can be failure from the network
- and are not relevant to the operator. Fixes bug 23078; bugfix on
- 0.3.0.1-alpha and 0.3.0.2-alpha.
- Changes in version 0.3.1.7 - 2017-09-18
- Tor 0.3.1.7 is the first stable release in the 0.3.1 series.
- With the 0.3.1 series, Tor now serves and downloads directory
- information in more compact formats, to save on bandwidth overhead. It
- also contains a new padding system to resist netflow-based traffic
- analysis, and experimental support for building parts of Tor in Rust
- (though no parts of Tor are in Rust yet). There are also numerous
- small features, bugfixes on earlier release series, and groundwork for
- the hidden services revamp of 0.3.2.
- This release also includes a fix for TROVE-2017-008, a security bug
- that affects hidden services running with the SafeLogging option
- disabled. For more information, see
- https://trac.torproject.org/projects/tor/ticket/23490
- Per our stable release policy, we plan to support each stable release
- series for at least the next nine months, or for three months after
- the first stable release of the next series: whichever is longer. If
- you need a release with long-term support, we recommend that you stay
- with the 0.2.9 series.
- Below is a list of the changes since 0.3.1.6-rc. For a list of all
- changes since 0.3.0, see the ReleaseNotes file.
- o Major bugfixes (security, hidden services, loggging):
- - Fix a bug where we could log uninitialized stack when a certain
- hidden service error occurred while SafeLogging was disabled.
- Fixes bug #23490; bugfix on 0.2.7.2-alpha. This is also tracked as
- TROVE-2017-008 and CVE-2017-0380.
- o Minor features (defensive programming):
- - Create a pair of consensus parameters, nf_pad_tor2web and
- nf_pad_single_onion, to disable netflow padding in the consensus
- for non-anonymous connections in case the overhead is high. Closes
- ticket 17857.
- o Minor features (diagnostic):
- - Add a stack trace to the bug warnings that can be logged when
- trying to send an outgoing relay cell with n_chan == 0. Diagnostic
- attempt for bug 23105.
- o Minor features (geoip):
- - Update geoip and geoip6 to the September 6 2017 Maxmind GeoLite2
- Country database.
- o Minor bugfixes (compilation):
- - Avoid compiler warnings in the unit tests for calling tor_sscanf()
- with wide string outputs. Fixes bug 15582; bugfix on 0.2.6.2-alpha.
- o Minor bugfixes (controller):
- - Do not crash when receiving a HSPOST command with an empty body.
- Fixes part of bug 22644; bugfix on 0.2.7.1-alpha.
- - Do not crash when receiving a POSTDESCRIPTOR command with an empty
- body. Fixes part of bug 22644; bugfix on 0.2.0.1-alpha.
- o Minor bugfixes (relay):
- - Inform the geoip and rephist modules about all requests, even on
- relays that are only fetching microdescriptors. Fixes a bug
- related to 21585; bugfix on 0.3.0.1-alpha.
- o Minor bugfixes (unit tests):
- - Fix a channelpadding unit test failure on slow systems by using
- mocked time instead of actual time. Fixes bug 23077; bugfix
- on 0.3.1.1-alpha.
- Changes in version 0.3.1.6-rc - 2017-09-05
- Tor 0.3.1.6-rc fixes a few small bugs and annoyances in the 0.3.1
- release series, including a bug that produced weird behavior on
- Windows directory caches.
- This is the first release candidate in the Tor 0.3.1 series. If we
- find no new bugs or regressions here, the first stable 0.3.1 release
- will be nearly identical to it.
- o Major bugfixes (windows, directory cache):
- - On Windows, do not try to delete cached consensus documents and
- diffs before they are unmapped from memory--Windows won't allow
- that. Instead, allow the consensus cache directory to grow larger,
- to hold files that might need to stay around longer. Fixes bug
- 22752; bugfix on 0.3.1.1-alpha.
- o Minor features (directory authority):
- - Improve the message that authorities report to relays that present
- RSA/Ed25519 keypairs that conflict with previously pinned keys.
- Closes ticket 22348.
- o Minor features (geoip):
- - Update geoip and geoip6 to the August 3 2017 Maxmind GeoLite2
- Country database.
- o Minor features (testing):
- - Add more tests for compression backend initialization. Closes
- ticket 22286.
- o Minor bugfixes (directory cache):
- - Fix a memory leak when recovering space in the consensus cache.
- Fixes bug 23139; bugfix on 0.3.1.1-alpha.
- o Minor bugfixes (hidden service):
- - Increase the number of circuits that a service is allowed to
- open over a specific period of time. The value was lower than it
- should be (8 vs 12) in the normal case of 3 introduction points.
- Fixes bug 22159; bugfix on 0.3.0.5-rc.
- - Fix a BUG warning during HSv3 descriptor decoding that could be
- cause by a specially crafted descriptor. Fixes bug 23233; bugfix
- on 0.3.0.1-alpha. Bug found by "haxxpop".
- - Rate-limit the log messages if we exceed the maximum number of
- allowed intro circuits. Fixes bug 22159; bugfix on 0.3.1.1-alpha.
- o Minor bugfixes (logging, relay):
- - Remove a forgotten debugging message when an introduction point
- successfully establishes a hidden service prop224 circuit with
- a client.
- - Change three other log_warn() for an introduction point to
- protocol warnings, because they can be failure from the network
- and are not relevant to the operator. Fixes bug 23078; bugfix on
- 0.3.0.1-alpha and 0.3.0.2-alpha.
- o Minor bugfixes (relay):
- - When a relay is not running as a directory cache, it will no
- longer generate compressed consensuses and consensus diff
- information. Previously, this was a waste of disk and CPU. Fixes
- bug 23275; bugfix on 0.3.1.1-alpha.
- o Minor bugfixes (robustness, error handling):
- - Improve our handling of the cases where OpenSSL encounters a
- memory error while encoding keys and certificates. We haven't
- observed these errors in the wild, but if they do happen, we now
- detect and respond better. Fixes bug 19418; bugfix on all versions
- of Tor. Reported by Guido Vranken.
- o Minor bugfixes (stability):
- - Avoid crashing on a double-free when unable to load or process an
- included file. Fixes bug 23155; bugfix on 0.3.1.1-alpha. Found
- with the clang static analyzer.
- o Minor bugfixes (testing):
- - Fix an undersized buffer in test-memwipe.c. Fixes bug 23291;
- bugfix on 0.2.7.2-alpha. Found and patched by Ties Stuij.
- - Port the hs_ntor handshake test to work correctly with recent
- versions of the pysha3 module. Fixes bug 23071; bugfix
- on 0.3.1.1-alpha.
- o Minor bugfixes (Windows service):
- - When running as a Windows service, set the ID of the main thread
- correctly. Failure to do so made us fail to send log messages to
- the controller in 0.2.1.16-rc, slowed down controller event
- delivery in 0.2.7.3-rc and later, and crash with an assertion
- failure in 0.3.1.1-alpha. Fixes bug 23081; bugfix on 0.2.1.6-alpha.
- Patch and diagnosis from "Vort".
- Changes in version 0.3.0.10 - 2017-08-02
- Tor 0.3.0.10 backports a collection of small-to-medium bugfixes
- from the current Tor alpha series. OpenBSD users and TPROXY users
- should upgrade; others are probably okay sticking with 0.3.0.9.
- o Major features (build system, continuous integration, backport from 0.3.1.5-alpha):
- - Tor's repository now includes a Travis Continuous Integration (CI)
- configuration file (.travis.yml). This is meant to help new
- developers and contributors who fork Tor to a Github repository be
- better able to test their changes, and understand what we expect
- to pass. To use this new build feature, you must fork Tor to your
- Github account, then go into the "Integrations" menu in the
- repository settings for your fork and enable Travis, then push
- your changes. Closes ticket 22636.
- o Major bugfixes (linux TPROXY support, backport from 0.3.1.1-alpha):
- - Fix a typo that had prevented TPROXY-based transparent proxying
- from working under Linux. Fixes bug 18100; bugfix on 0.2.6.3-alpha.
- Patch from "d4fq0fQAgoJ".
- o Major bugfixes (openbsd, denial-of-service, backport from 0.3.1.5-alpha):
- - Avoid an assertion failure bug affecting our implementation of
- inet_pton(AF_INET6) on certain OpenBSD systems whose strtol()
- handling of "0xbar" differs from what we had expected. Fixes bug
- 22789; bugfix on 0.2.3.8-alpha. Also tracked as TROVE-2017-007.
- o Minor features (backport from 0.3.1.5-alpha):
- - Update geoip and geoip6 to the July 4 2017 Maxmind GeoLite2
- Country database.
- o Minor bugfixes (bandwidth accounting, backport from 0.3.1.2-alpha):
- - Roll over monthly accounting at the configured hour and minute,
- rather than always at 00:00. Fixes bug 22245; bugfix on 0.0.9rc1.
- Found by Andrey Karpov with PVS-Studio.
- o Minor bugfixes (compilation warnings, backport from 0.3.1.5-alpha):
- - Suppress -Wdouble-promotion warnings with clang 4.0. Fixes bug 22915;
- bugfix on 0.2.8.1-alpha.
- - Fix warnings when building with libscrypt and openssl scrypt
- support on Clang. Fixes bug 22916; bugfix on 0.2.7.2-alpha.
- - When building with certain versions of the mingw C header files,
- avoid float-conversion warnings when calling the C functions
- isfinite(), isnan(), and signbit(). Fixes bug 22801; bugfix
- on 0.2.8.1-alpha.
- o Minor bugfixes (compilation, mingw, backport from 0.3.1.1-alpha):
- - Backport a fix for an "unused variable" warning that appeared
- in some versions of mingw. Fixes bug 22838; bugfix on
- 0.2.8.1-alpha.
- o Minor bugfixes (coverity build support, backport from 0.3.1.5-alpha):
- - Avoid Coverity build warnings related to our BUG() macro. By
- default, Coverity treats BUG() as the Linux kernel does: an
- instant abort(). We need to override that so our BUG() macro
- doesn't prevent Coverity from analyzing functions that use it.
- Fixes bug 23030; bugfix on 0.2.9.1-alpha.
- o Minor bugfixes (directory authority, backport from 0.3.1.1-alpha):
- - When rejecting a router descriptor for running an obsolete version
- of Tor without ntor support, warn about the obsolete tor version,
- not the missing ntor key. Fixes bug 20270; bugfix on 0.2.9.3-alpha.
- o Minor bugfixes (linux seccomp2 sandbox, backport from 0.3.1.5-alpha):
- - Avoid a sandbox failure when trying to re-bind to a socket and
- mark it as IPv6-only. Fixes bug 20247; bugfix on 0.2.5.1-alpha.
- o Minor bugfixes (unit tests, backport from 0.3.1.5-alpha)
- - Fix a memory leak in the link-handshake/certs_ok_ed25519 test.
- Fixes bug 22803; bugfix on 0.3.0.1-alpha.
- Changes in version 0.3.1.5-alpha - 2017-08-01
- Tor 0.3.1.5-alpha improves the performance of consensus diff
- calculation, fixes a crash bug on older versions of OpenBSD, and fixes
- several other bugs. If no serious bugs are found in this version, the
- next version will be a release candidate.
- This release also marks the end of support for the Tor 0.2.4.x,
- 0.2.6.x, and 0.2.7.x release series. Those releases will receive no
- further bug or security fixes. Anyone still running or distributing
- one of those versions should upgrade.
- o Major features (build system, continuous integration):
- - Tor's repository now includes a Travis Continuous Integration (CI)
- configuration file (.travis.yml). This is meant to help new
- developers and contributors who fork Tor to a Github repository be
- better able to test their changes, and understand what we expect
- to pass. To use this new build feature, you must fork Tor to your
- Github account, then go into the "Integrations" menu in the
- repository settings for your fork and enable Travis, then push
- your changes. Closes ticket 22636.
- o Major bugfixes (openbsd, denial-of-service):
- - Avoid an assertion failure bug affecting our implementation of
- inet_pton(AF_INET6) on certain OpenBSD systems whose strtol()
- handling of "0xbar" differs from what we had expected. Fixes bug
- 22789; bugfix on 0.2.3.8-alpha. Also tracked as TROVE-2017-007.
- o Major bugfixes (relay, performance):
- - Perform circuit handshake operations at a higher priority than we
- use for consensus diff creation and compression. This should
- prevent circuits from starving when a relay or bridge receives a
- new consensus, especially on lower-powered machines. Fixes bug
- 22883; bugfix on 0.3.1.1-alpha.
- o Minor features (bridge authority):
- - Add "fingerprint" lines to the networkstatus-bridges file produced
- by bridge authorities. Closes ticket 22207.
- o Minor features (directory cache, consensus diff):
- - Add a new MaxConsensusAgeForDiffs option to allow directory cache
- operators with low-resource environments to adjust the number of
- consensuses they'll store and generate diffs from. Most cache
- operators should leave it unchanged. Helps to work around
- bug 22883.
- o Minor features (geoip):
- - Update geoip and geoip6 to the July 4 2017 Maxmind GeoLite2
- Country database.
- o Minor features (relay, performance):
- - Always start relays with at least two worker threads, to prevent
- priority inversion on slow tasks. Part of the fix for bug 22883.
- - Allow background work to be queued with different priorities, so
- that a big pile of slow low-priority jobs will not starve out
- higher priority jobs. This lays the groundwork for a fix for
- bug 22883.
- o Minor bugfixes (build system, rust):
- - Fix a problem where Rust toolchains were not being found when
- building without --enable-cargo-online-mode, due to setting the
- $HOME environment variable instead of $CARGO_HOME. Fixes bug
- 22830; bugfix on 0.3.1.1-alpha. Fix by Chelsea Komlo.
- o Minor bugfixes (compatibility, zstd):
- - Write zstd epilogues correctly when the epilogue requires
- reallocation of the output buffer, even with zstd 1.3.0.
- (Previously, we worked on 1.2.0 and failed with 1.3.0). Fixes bug
- 22927; bugfix on 0.3.1.1-alpha.
- o Minor bugfixes (compilation warnings):
- - Suppress -Wdouble-promotion warnings with clang 4.0. Fixes bug
- 22915; bugfix on 0.2.8.1-alpha.
- - Fix warnings when building with libscrypt and openssl scrypt
- support on Clang. Fixes bug 22916; bugfix on 0.2.7.2-alpha.
- - Compile correctly when both openssl 1.1.0 and libscrypt are
- detected. Previously this would cause an error. Fixes bug 22892;
- bugfix on 0.3.1.1-alpha.
- - When building with certain versions of the mingw C header files,
- avoid float-conversion warnings when calling the C functions
- isfinite(), isnan(), and signbit(). Fixes bug 22801; bugfix
- on 0.2.8.1-alpha.
- o Minor bugfixes (coverity build support):
- - Avoid Coverity build warnings related to our BUG() macro. By
- default, Coverity treats BUG() as the Linux kernel does: an
- instant abort(). We need to override that so our BUG() macro
- doesn't prevent Coverity from analyzing functions that use it.
- Fixes bug 23030; bugfix on 0.2.9.1-alpha.
- o Minor bugfixes (directory authority):
- - When a directory authority rejects a descriptor or extrainfo with
- a given digest, mark that digest as undownloadable, so that we do
- not attempt to download it again over and over. We previously
- tried to avoid downloading such descriptors by other means, but we
- didn't notice if we accidentally downloaded one anyway. This
- behavior became problematic in 0.2.7.2-alpha, when authorities
- began pinning Ed25519 keys. Fixes bug 22349; bugfix
- on 0.2.1.19-alpha.
- o Minor bugfixes (error reporting, windows):
- - When formatting Windows error messages, use the English format to
- avoid codepage issues. Fixes bug 22520; bugfix on 0.1.2.8-alpha.
- Patch from "Vort".
- o Minor bugfixes (file limits, osx):
- - When setting the maximum number of connections allowed by the OS,
- always allow some extra file descriptors for other files. Fixes
- bug 22797; bugfix on 0.2.0.10-alpha.
- o Minor bugfixes (linux seccomp2 sandbox):
- - Avoid a sandbox failure when trying to re-bind to a socket and
- mark it as IPv6-only. Fixes bug 20247; bugfix on 0.2.5.1-alpha.
- o Minor bugfixes (memory leaks):
- - Fix a small memory leak when validating a configuration that uses
- two or more AF_UNIX sockets for the same port type. Fixes bug
- 23053; bugfix on 0.2.6.3-alpha. This is CID 1415725.
- o Minor bugfixes (unit tests):
- - test_consdiff_base64cmp would fail on OS X because while OS X
- follows the standard of (less than zero/zero/greater than zero),
- it doesn't follow the convention of (-1/0/+1). Make the test
- comply with the standard. Fixes bug 22870; bugfix on 0.3.1.1-alpha.
- - Fix a memory leak in the link-handshake/certs_ok_ed25519 test.
- Fixes bug 22803; bugfix on 0.3.0.1-alpha.
- Changes in version 0.3.1.4-alpha - 2017-06-29
- Tor 0.3.1.4-alpha fixes a path selection bug that would allow a client
- to use a guard that was in the same network family as a chosen exit
- relay. This is a security regression; all clients running earlier
- versions of 0.3.0.x or 0.3.1.x should upgrade to 0.3.0.9
- or 0.3.1.4-alpha.
- This release also fixes several other bugs introduced in 0.3.0.x
- and 0.3.1.x, including others that can affect bandwidth usage
- and correctness.
- o New dependencies:
- - To build with zstd and lzma support, Tor now requires the
- pkg-config tool at build time. (This requirement was new in
- 0.3.1.1-alpha, but was not noted at the time. Noting it here to
- close ticket 22623.)
- o Major bugfixes (path selection, security):
- - When choosing which guard to use for a circuit, avoid the exit's
- family along with the exit itself. Previously, the new guard
- selection logic avoided the exit, but did not consider its family.
- Fixes bug 22753; bugfix on 0.3.0.1-alpha. Tracked as TROVE-2017-
- 006 and CVE-2017-0377.
- o Major bugfixes (compression, zstd):
- - Correctly detect a full buffer when decompressing a large zstd-
- compressed input. Previously, we would sometimes treat a full
- buffer as an error. Fixes bug 22628; bugfix on 0.3.1.1-alpha.
- o Major bugfixes (directory protocol):
- - Ensure that we send "304 Not modified" as HTTP status code when a
- client is attempting to fetch a consensus or consensus diff, and
- the best one we can send them is one they already have. Fixes bug
- 22702; bugfix on 0.3.1.1-alpha.
- o Major bugfixes (entry guards):
- - When starting with an old consensus, do not add new entry guards
- unless the consensus is "reasonably live" (under 1 day old). Fixes
- one root cause of bug 22400; bugfix on 0.3.0.1-alpha.
- o Minor features (bug mitigation, diagnostics, logging):
- - Avoid an assertion failure, and log a better error message, when
- unable to remove a file from the consensus cache on Windows.
- Attempts to mitigate and diagnose bug 22752.
- o Minor features (geoip):
- - Update geoip and geoip6 to the June 8 2017 Maxmind GeoLite2
- Country database.
- o Minor bugfixes (compression):
- - When compressing or decompressing a buffer, check for a failure to
- create a compression object. Fixes bug 22626; bugfix
- on 0.3.1.1-alpha.
- - When decompressing a buffer, check for extra data after the end of
- the compressed data. Fixes bug 22629; bugfix on 0.3.1.1-alpha.
- - When decompressing an object received over an anonymous directory
- connection, if we have already decompressed it using an acceptable
- compression method, do not reject it for looking like an
- unacceptable compression method. Fixes part of bug 22670; bugfix
- on 0.3.1.1-alpha.
- - When serving directory votes compressed with zlib, do not claim to
- have compressed them with zstd. Fixes bug 22669; bugfix
- on 0.3.1.1-alpha.
- - When spooling compressed data to an output buffer, don't try to
- spool more data when there is no more data to spool and we are not
- trying to flush the input. Previously, we would sometimes launch
- compression requests with nothing to do, which interferes with our
- 22672 checks. Fixes bug 22719; bugfix on 0.2.0.16-alpha.
- o Minor bugfixes (defensive programming):
- - Detect and break out of infinite loops in our compression code. We
- don't think that any such loops exist now, but it's best to be
- safe. Closes ticket 22672.
- - Fix a memset() off the end of an array when packing cells. This
- bug should be harmless in practice, since the corrupted bytes are
- still in the same structure, and are always padding bytes,
- ignored, or immediately overwritten, depending on compiler
- behavior. Nevertheless, because the memset()'s purpose is to make
- sure that any other cell-handling bugs can't expose bytes to the
- network, we need to fix it. Fixes bug 22737; bugfix on
- 0.2.4.11-alpha. Fixes CID 1401591.
- o Minor bugfixes (linux seccomp2 sandbox):
- - Permit the fchmod system call, to avoid crashing on startup when
- starting with the seccomp2 sandbox and an unexpected set of
- permissions on the data directory or its contents. Fixes bug
- 22516; bugfix on 0.2.5.4-alpha.
- - Fix a crash in the LZMA module, when the sandbox was enabled, and
- liblzma would allocate more than 16 MB of memory. We solve this by
- bumping the mprotect() limit in the sandbox module from 16 MB to
- 20 MB. Fixes bug 22751; bugfix on 0.3.1.1-alpha.
- o Minor bugfixes (logging):
- - When decompressing, do not warn if we fail to decompress using a
- compression method that we merely guessed. Fixes part of bug
- 22670; bugfix on 0.1.1.14-alpha.
- - When decompressing, treat mismatch between content-encoding and
- actual compression type as a protocol warning. Fixes part of bug
- 22670; bugfix on 0.1.1.9-alpha.
- - Downgrade "assigned_to_cpuworker failed" message to info-level
- severity. In every case that can reach it, either a better warning
- has already been logged, or no warning is warranted. Fixes bug
- 22356; bugfix on 0.2.6.3-alpha.
- - Demote a warn that was caused by libevent delays to info if
- netflow padding is less than 4.5 seconds late, or to notice
- if it is more (4.5 seconds is the amount of time that a netflow
- record might be emitted after, if we chose the maximum timeout).
- Fixes bug 22212; bugfix on 0.3.1.1-alpha.
- o Minor bugfixes (process behavior):
- - When exiting because of an error, always exit with a nonzero exit
- status. Previously, we would fail to report an error in our exit
- status in cases related to __OwningControllerProcess failure,
- lockfile contention, and Ed25519 key initialization. Fixes bug
- 22720; bugfix on versions 0.2.1.6-alpha, 0.2.2.28-beta, and
- 0.2.7.2-alpha respectively. Reported by "f55jwk4f"; patch
- from "huyvq".
- o Documentation:
- - Add a manpage description for the key-pinning-journal file. Closes
- ticket 22347.
- - Correctly note that bandwidth accounting values are stored in the
- state file, and the bw_accounting file is now obsolete. Closes
- ticket 16082.
- - Document more of the files in the Tor data directory, including
- cached-extrainfo, secret_onion_key{,_ntor}.old, hidserv-stats,
- approved-routers, sr-random, and diff-cache. Found while fixing
- ticket 22347.
- Changes in version 0.3.0.9 - 2017-06-29
- Tor 0.3.0.9 fixes a path selection bug that would allow a client
- to use a guard that was in the same network family as a chosen exit
- relay. This is a security regression; all clients running earlier
- versions of 0.3.0.x or 0.3.1.x should upgrade to 0.3.0.9 or
- 0.3.1.4-alpha.
- This release also backports several other bugfixes from the 0.3.1.x
- series.
- o Major bugfixes (path selection, security, backport from 0.3.1.4-alpha):
- - When choosing which guard to use for a circuit, avoid the exit's
- family along with the exit itself. Previously, the new guard
- selection logic avoided the exit, but did not consider its family.
- Fixes bug 22753; bugfix on 0.3.0.1-alpha. Tracked as TROVE-2017-
- 006 and CVE-2017-0377.
- o Major bugfixes (entry guards, backport from 0.3.1.1-alpha):
- - Don't block bootstrapping when a primary bridge is offline and we
- can't get its descriptor. Fixes bug 22325; fixes one case of bug
- 21969; bugfix on 0.3.0.3-alpha.
- o Major bugfixes (entry guards, backport from 0.3.1.4-alpha):
- - When starting with an old consensus, do not add new en
|