|
@@ -1,4 +1,243 @@
|
|
|
-Changes in version 0.2.5.5-alpha - 2014-05-??
|
|
|
+Changes in version 0.2.5.5-alpha - 2014-06-??
|
|
|
+ Write a blurb here.
|
|
|
+
|
|
|
+ o Major bugfixes (security, OOM, new since 0.2.5.4-alpha, also in 0.2.4.22):
|
|
|
+ - Fix a memory leak that could occur if a microdescriptor parse
|
|
|
+ fails during the tokenizing step. This bug could enable a memory
|
|
|
+ exhaustion attack by directory servers. Fixes bug 11649; bugfix
|
|
|
+ on 0.2.2.6-alpha.
|
|
|
+
|
|
|
+ o Major bugfixes (relay):
|
|
|
+ - When uploading to the directory authorities, use a direct dirport
|
|
|
+ connection if we are a uploading an ordinary, non-anonymous directory
|
|
|
+ object. Previously, relays would used tunnel connections under a
|
|
|
+ fairly wide variety of circumstances. Fixes bug 11469; bugfix on
|
|
|
+ 0.2.4.3-alpha.
|
|
|
+
|
|
|
+ o Major security fixes (directory authorities):
|
|
|
+ - Directory authorities now include a digest of each relay's
|
|
|
+ identity key as a part of its microdescriptor.
|
|
|
+
|
|
|
+ This is a workaround for bug #11743 (reported by "cypherpunks"),
|
|
|
+ where Tor clients do not
|
|
|
+ support receiving multiple microdescriptors with the same SHA256
|
|
|
+ digest in the same consensus. When clients receive a consensus
|
|
|
+ like this, they only use one of the relays. Without this fix, a
|
|
|
+ hostile relay could selectively disable some client use of target
|
|
|
+ relays by constucting a router descriptor with a different
|
|
|
+ identity and the same microdescriptor parameters and getting the
|
|
|
+ authorities to list it in a microdescriptor consensus. This fix
|
|
|
+ prevents an attacker from causing a microdescriptor collision,
|
|
|
+ because the router's identity is not forgeable.
|
|
|
+
|
|
|
+ o Minor features (diagnostic):
|
|
|
+ - When logging a warning because of bug #7164, additionally check the
|
|
|
+ hash table for consistency (as proposed on ticket #11737). This may
|
|
|
+ help diagnose bug #7164.
|
|
|
+ - When we log a heartbeat, log how many one-hop circuits we have that
|
|
|
+ are at least 30 minutes old, and log status information about a
|
|
|
+ few of them. This is an attempt to track down bug 8387.
|
|
|
+
|
|
|
+ o Minor features (security):
|
|
|
+ - Apply the secure SipHash-2-4 function to the hash table mapping
|
|
|
+ circuit IDs and channels to circuits. We missed this one when we
|
|
|
+ were converting all the other hash functions to use SipHash back
|
|
|
+ in 0.2.5.3-alpha. Resolves ticket 11750.
|
|
|
+
|
|
|
+ o Minor features:
|
|
|
+ - Add a systemd service file (tor.service) that can be installed by
|
|
|
+ Linux distributions that make use of the systemd init daemon.
|
|
|
+ Fixes bug 8368.
|
|
|
+
|
|
|
+ o Minor features:
|
|
|
+ - Give more specific warnings when we notice at the client side that
|
|
|
+ an onion handshake has failed. Fixes ticket 9635.
|
|
|
+
|
|
|
+ o Minor features:
|
|
|
+ - The configure script has a --disable-seccomp option to turn off
|
|
|
+ support for libseccomp on systems that have it, in case it (or
|
|
|
+ Tor's use of it) is broken. Resolves ticket 11628.
|
|
|
+
|
|
|
+ o Minor features:
|
|
|
+ - When we encounter an unexpected CR in text that we're trying to
|
|
|
+ write to a file on Windows, log the name of the file. Should help
|
|
|
+ diagnosing bug 11233.
|
|
|
+
|
|
|
+ o Minor bugfixes (configuration, security, new since 0.2.5.4-alpha, also in 0.2.4.22):
|
|
|
+ - When running a hidden service, do not allow TunneledDirConns 0;
|
|
|
+ this will keep the hidden service from running, and also
|
|
|
+ make it publish its descriptors directly over HTTP. Fixes bug 10849;
|
|
|
+ bugfix on 0.2.1.1-alpha.
|
|
|
+
|
|
|
+ o Minor bugfixes (compilation):
|
|
|
+ - Fix compilation of test_status.c when building with MVSC.
|
|
|
+ Bugfix on 0.2.5.4-alpha. Patch from Gisle Vanem.
|
|
|
+ - Resolve GCC complaints on OpenBSD about discarding constness in
|
|
|
+ TO_{ORIGIN,OR}_CIRCUIT functions. Fixes part of bug 11633; bugfix on
|
|
|
+ 0.1.1.23. Patch from Dana Koch.
|
|
|
+ - Resolve clang complaints on OpenBSD with -Wshorten-64-to-32 due to
|
|
|
+ treatment of long and time_t as comparable types. Fixes part of bug 11633.
|
|
|
+ Patch from Dana Koch.
|
|
|
+
|
|
|
+ o Minor bugfixes (build):
|
|
|
+ - When deciding whether to build the 64-bit curve25519 implementation,
|
|
|
+ detect platforms where we can compile 128-bit arithmetic but cannot
|
|
|
+ link it. Fixes bug 11729; bugfix on 0.2.4.8-alpha. Patch
|
|
|
+ from "conradev".
|
|
|
+
|
|
|
+ o Minor bugfixes (Directory server):
|
|
|
+ - When sending a compressed set of descriptors or microdescriptors,
|
|
|
+ make sure to finalize the zlib stream. Previously, we would write
|
|
|
+ all the compressed data, but if the last descriptor we wanted to
|
|
|
+ send was missing or too old, we would not mark the stream as
|
|
|
+ finished. This caused problems for decompression tools. Fixes bug
|
|
|
+ 11648; bugfix on 0.1.1.23.
|
|
|
+
|
|
|
+ o Minor bugfixes (dmalloc):
|
|
|
+ - Fix compilation with dmalloc. Fixes bug 11605; bugfix on 0.2.4.10-alpha.
|
|
|
+
|
|
|
+ o Minor bugfixes (documentation):
|
|
|
+ - Correct the documenation so that it lists the correct directories
|
|
|
+ for the stats files. (They are in a subdirectory called "stats",
|
|
|
+ not "status".)
|
|
|
+
|
|
|
+ o Minor bugfixes (linux seccomp sandbox)
|
|
|
+ - Make the seccomp sandbox code compile with ARM linux. Fixes bug
|
|
|
+ 11622; bugfix on 0.2.5.1-alpha.
|
|
|
+ - Avoid crashing when re-opening listener ports with the seccomp
|
|
|
+ sandbox active. Fixes bug 12115; bugfix on 0.2.5.1-alpha.
|
|
|
+ - Avoid crashing with the seccomp sandbox enabled along with
|
|
|
+ ConstrainedSockets. Fixes bug 12139; bugfix on 0.2.5.1-alpha.
|
|
|
+ - When we receive a SIGHUP with the sandbox enabled, correctly
|
|
|
+ support rotating our log files. Fixes bug 12032; bugfix on
|
|
|
+ 0.2.5.1-alpha.
|
|
|
+ - Avoid crash when running with sandboxing enabled and
|
|
|
+ DirReqStatistics not disabled. Fixes bug 12035; bugfix on
|
|
|
+ 0.2.5.1-alpha.
|
|
|
+ - Fix a "BUG" warning when trying to write bridge-stats files with
|
|
|
+ the Linux syscall sandbox filter enabled. Fixes bug 12041;
|
|
|
+ bugfix on 0.2.5.1-alpha.
|
|
|
+ - Prevent the sandbox from crashing on startup when run with the
|
|
|
+ --enable-expensive-hardening configuration option. Fixes bug
|
|
|
+ 11477; bugfix on 0.2.5.4-alpha.
|
|
|
+ - When running with DirPortFrontPage and Sandbox both enabled, reload
|
|
|
+ the DirPortFrontPage correctly when restarting. Fixes bug 12028;
|
|
|
+ bugfix on 0.2.5.1-alpha.
|
|
|
+ - Don't try to enable the sandbox when using the Tor binary to
|
|
|
+ check its configuration, hash a passphrase, or so on. Doing
|
|
|
+ so was crashing on startup for some users. Fixes bug 11609;
|
|
|
+ bugfix on 0.2.5.1-alpha.
|
|
|
+ - Avoid warnings when running with sandboxing and node statistics
|
|
|
+ enabled at the same time.
|
|
|
+ Fixes part of 12064; bugfix on 0.2.5.1-alpha. Patch from Michael Wolf.
|
|
|
+ - Avoid warnings when running with sandboxing enabled at the same
|
|
|
+ time as cookie authentication, hidden services or directory
|
|
|
+ authority voting. Fixes part of 12064; bugfix on 0.2.5.1-alpha.
|
|
|
+ - Do not allow options which would require us to call exec to be
|
|
|
+ enabled along with the seccomp2 sandbox: they will inevitably
|
|
|
+ crash. Fix for bug 12043; bugfix on 0.2.5.1-alpha.
|
|
|
+ - Handle failures in getpwnam()/getpwuid() when running with the
|
|
|
+ User option set and the Linux syscall sandbox enabled. Fixes bug
|
|
|
+ 11946; bugfix on 0.2.5.1-alpha.
|
|
|
+
|
|
|
+ o Minor bugfixes (pluggable transports):
|
|
|
+ - Enable the ExtORPortCookieAuthFile option, to allow changing the
|
|
|
+ default location of the authentication token for the extended OR Port
|
|
|
+ as used by sever-side pluggable transports. We had implemented this
|
|
|
+ option before, but the code to make it settable had been omitted.
|
|
|
+ Fixes bug 11635; bugfix on 0.2.5.1-alpha.
|
|
|
+
|
|
|
+ o Minor bugfixes (testing):
|
|
|
+ - The Python parts of the test scripts now work on Python 3 as well
|
|
|
+ as Python 2, so systems where '/usr/bin/python' is Python 3 will
|
|
|
+ no longer have the tests break. Fixes bug 11608; bugfix on
|
|
|
+ 0.2.5.2-alpha.
|
|
|
+ - When looking for versions of python that we could run the tests
|
|
|
+ with, check for "python2.7" and "python3.3"; previously we were
|
|
|
+ only looking for "python", "python2", and "python3". Patch from
|
|
|
+ Dana Koch. Fixes bug 11632; bugfix on 0.2.5.2-alpha.
|
|
|
+
|
|
|
+ o Minor bugfixes (tor-fw-helper):
|
|
|
+ - Give a correct log message when tor-fw-helper fails to launch.
|
|
|
+ (Previously, we would say something like "tor-fw-helper sent us a
|
|
|
+ string we could not parse".) Fixes bug 9781; bugfix on 0.2.4.2-alpha.
|
|
|
+
|
|
|
+ o Minor bugfixes:
|
|
|
+ - Avoid another 60-second delay when starting Tor in a
|
|
|
+ pluggable-transport-using configuration when we already have
|
|
|
+ cached descriptors for our bridges. Fixes bug 11965; bugfix on
|
|
|
+ 0.2.3.6-alpha.
|
|
|
+
|
|
|
+ o Minor bugfixes:
|
|
|
+ - Check return code on spawn_func() in cpuworker code, so that we don't
|
|
|
+ think we've spawned a nonworking cpuworker and write junk to it
|
|
|
+ forever. Fix related to bug 4345; bugfix on all released Tor versions.
|
|
|
+ Found by "skruffy".
|
|
|
+ - Use a pthread_attr to make sure that spawn_func() cannot return
|
|
|
+ an error while at the same time launching a thread. Fix related
|
|
|
+ to bug 4345; bugfix on all released Tor versions. Reported by
|
|
|
+ "cypherpunks".
|
|
|
+
|
|
|
+ o Minor bugfixes:
|
|
|
+ - Correctly detect the total available system memory. We tried to do this
|
|
|
+ in 0.2.5.4-alpha, but the code was set up to always return an error
|
|
|
+ value, even on success.
|
|
|
+ Fixes bug 11805; bugfix on 0.2.5.4-alpha.
|
|
|
+
|
|
|
+ o Minor bugfixes:
|
|
|
+ - Fix a broken log message about delayed directory fetches that
|
|
|
+ was caused by a misuse of strlcpy(). Fixes bug 11654; bugfix on
|
|
|
+ 0.2.5.3-alpha.
|
|
|
+
|
|
|
+ o Minor bugfixes:
|
|
|
+ - Fix all valgrind warnings produced by the unit tests. There were
|
|
|
+ over a thousand memory leak warnings previously, mostly produced
|
|
|
+ by forgetting to free things in the unit test code. Fixes bug
|
|
|
+ 11618, bugfixes on many versions of Tor.
|
|
|
+
|
|
|
+ o Minor bugfixes:
|
|
|
+ - Fix compilation when DNS_CACHE_DEBUG is enabled. Fixes bug 11761;
|
|
|
+ bugfix on 0.2.3.13-alpha. Found by "cypherpunks".
|
|
|
+
|
|
|
+ o Minor bugfixes:
|
|
|
+ - Make Tor compile correctly with --disable-buf-freelists.
|
|
|
+ Fixes bug 11623; bugfix on 0.2.5.3-alpha.
|
|
|
+
|
|
|
+ o Bugfixes:
|
|
|
+ - Add configure options controlling allocator tricks like mempools and
|
|
|
+ freelists, and turn them off by default; on most platforms malloc is
|
|
|
+ reasonable enough for this not to be necessary, and a similar feature
|
|
|
+ in OpenSSL exacerbated Heartbleed. Fixes bug #11476.
|
|
|
+
|
|
|
+ o Distribution:
|
|
|
+ - Include a tor.service file in contrib.dist for use with
|
|
|
+ systemd. Some distributions will be able to use this file unmodified;
|
|
|
+ others will need to tweak it, or write their own. Patch from
|
|
|
+ Jamie Nguyen; resolves ticket 8368.
|
|
|
+
|
|
|
+ o Documentation:
|
|
|
+ - Clean up several option names in the manpage to match their real
|
|
|
+ names, add the missing documentation for a couple of testing and
|
|
|
+ directory authority options, remove the documentation for a
|
|
|
+ V2-directory fetching option that no longer exists. Resolves
|
|
|
+ ticket 11634.
|
|
|
+
|
|
|
+ o Package cleanup:
|
|
|
+ - The contrib directory has been sorted and tidy. Before, it was an
|
|
|
+ unsorted dumping ground for useful and not-so-useful things. Now,
|
|
|
+ it has been divided based on functionality, and the items which
|
|
|
+ seemed to be nonfunctional or useless have been removed. Resolves
|
|
|
+ ticket 8966; based on patches from "rl1987".
|
|
|
+
|
|
|
+ o Removed code:
|
|
|
+ - Remove /tor/dbg-stability.txt URL that was meant to help debug WFU
|
|
|
+ and MTBF calculations, but that nobody was using. Fixes #11742.
|
|
|
+ - The TunnelDirConns and PreferTunnelledDirConns options no longer
|
|
|
+ exist; tunneled directory connections have been available since
|
|
|
+ 0.1.2.5-alpha, and turning them off is not a good idea. This is a
|
|
|
+ brute-force fix for 10849, where "TunnelDirConns 0" would break
|
|
|
+ hidden services.
|
|
|
+
|
|
|
|
|
|
|
|
|
Changes in version 0.2.4.22 - 2014-05-16
|