|
@@ -1,82 +1,84 @@
|
|
|
Changes in version 0.4.1.2-alpha - 2019-06-05
|
|
|
- Tor 0.4.1.2-alpha resolves numerous bugs--some of them from the previous
|
|
|
- alpha, and some much older. It also contains minor testing improvements,
|
|
|
- and an improvement to the security of our authenticated sendme
|
|
|
- implementation.
|
|
|
+ Tor 0.4.1.2-alpha resolves numerous bugs--some of them from the
|
|
|
+ previous alpha, and some much older. It also contains minor testing
|
|
|
+ improvements, and an improvement to the security of our authenticated
|
|
|
+ sendme implementation.
|
|
|
|
|
|
o Major bugfixes (bridges):
|
|
|
- - Consider our directory information to have changed when our list of
|
|
|
- bridges changes. Previously, Tor would not re-compute the status of its
|
|
|
- directory information when bridges changed, and therefore would not
|
|
|
- realize that it was no longer able to build circuits. Fixes part of bug
|
|
|
- 29875.
|
|
|
- - Do not count previously configured working bridges towards our total of
|
|
|
- working bridges. Previously, when Tor's list of bridges changed, it
|
|
|
- would think that the old bridges were still usable, and delay fetching
|
|
|
- router descriptors for the new ones. Fixes part of bug 29875; bugfix
|
|
|
- on 0.3.0.1-alpha.
|
|
|
+ - Consider our directory information to have changed when our list
|
|
|
+ of bridges changes. Previously, Tor would not re-compute the
|
|
|
+ status of its directory information when bridges changed, and
|
|
|
+ therefore would not realize that it was no longer able to build
|
|
|
+ circuits. Fixes part of bug 29875.
|
|
|
+ - Do not count previously configured working bridges towards our
|
|
|
+ total of working bridges. Previously, when Tor's list of bridges
|
|
|
+ changed, it would think that the old bridges were still usable,
|
|
|
+ and delay fetching router descriptors for the new ones. Fixes part
|
|
|
+ of bug 29875; bugfix on 0.3.0.1-alpha.
|
|
|
|
|
|
o Major bugfixes (Flow Control, SENDME):
|
|
|
- - The decrement of the stream-level package window was done in a log_debug()
|
|
|
- statement meaning that if the debug logs were not enabled, the decrement
|
|
|
- would never happen and thus the window would be out of sync with the other
|
|
|
- end point. Fixes bug 30628; bugfix on 0.4.1.1-alpha.
|
|
|
+ - The decrement of the stream-level package window was done in a
|
|
|
+ log_debug() statement meaning that if the debug logs were not
|
|
|
+ enabled, the decrement would never happen and thus the window
|
|
|
+ would be out of sync with the other end point. Fixes bug 30628;
|
|
|
+ bugfix on 0.4.1.1-alpha.
|
|
|
|
|
|
o Major bugfixes (Onion service reachability):
|
|
|
- - Properly clean up the introduction point map and associated state when
|
|
|
- circuits change purpose from onion service circuits to pathbias,
|
|
|
- measurement, or other circuit types. This should fix some instances of
|
|
|
- introduction point failure. Fixes bug 29034; bugfix on 0.3.2.1-alpha.
|
|
|
+ - Properly clean up the introduction point map and associated state
|
|
|
+ when circuits change purpose from onion service circuits to
|
|
|
+ pathbias, measurement, or other circuit types. This should fix
|
|
|
+ some instances of introduction point failure. Fixes bug 29034;
|
|
|
+ bugfix on 0.3.2.1-alpha.
|
|
|
|
|
|
o Minor features (authenticated SENDME):
|
|
|
- - Ensure that there is enough randomness on every circuit
|
|
|
- to prevent an attacker from successfully predicting what SENDME cells
|
|
|
- they will need to send: at a random interval, if we have not send
|
|
|
- randomness already, leave some extra space at the end of a cell that
|
|
|
- we can fill with random bytes. Closes ticket 26846.
|
|
|
+ - Ensure that there is enough randomness on every circuit to prevent
|
|
|
+ an attacker from successfully predicting what SENDME cells they
|
|
|
+ will need to send: at a random interval, if we have not send
|
|
|
+ randomness already, leave some extra space at the end of a cell
|
|
|
+ that we can fill with random bytes. Closes ticket 26846.
|
|
|
|
|
|
o Minor features (continuous integration):
|
|
|
- - When running coverage builds on Travis, we now set TOR_TEST_RNG_SEED,
|
|
|
- to avoid RNG-based coverage differences.
|
|
|
- Part of ticket 28878.
|
|
|
+ - When running coverage builds on Travis, we now set
|
|
|
+ TOR_TEST_RNG_SEED, to avoid RNG-based coverage differences. Part
|
|
|
+ of ticket 28878.
|
|
|
|
|
|
o Minor features (maintenance):
|
|
|
- - Add a new "make autostyle" target that developers can use to
|
|
|
- apply all automatic Tor style and consistency conversions to the
|
|
|
+ - Add a new "make autostyle" target that developers can use to apply
|
|
|
+ all automatic Tor style and consistency conversions to the
|
|
|
codebase. Closes ticket 30539.
|
|
|
|
|
|
o Minor features (testing):
|
|
|
- The circuitpadding tests now use a reproducible RNG implementation,
|
|
|
so that if a test fails, we can learn why. Part of ticket 28878.
|
|
|
- Tor's tests now support an environment variable, TOR_TEST_RNG_SEED,
|
|
|
- to set the RNG seed for tests that use a reproducible RNG.
|
|
|
- Part of ticket 28878.
|
|
|
+ to set the RNG seed for tests that use a reproducible RNG. Part of
|
|
|
+ ticket 28878.
|
|
|
- When running tests in coverage mode, take additional care to make
|
|
|
- our coverage deterministic, so that we can accurately track changes in
|
|
|
- code coverage. Closes ticket 30519.
|
|
|
+ our coverage deterministic, so that we can accurately track
|
|
|
+ changes in code coverage. Closes ticket 30519.
|
|
|
|
|
|
o Minor bugfixes (configuration, proxies):
|
|
|
- - Fix a bug that prevented us from supporting SOCKS5 proxies that want
|
|
|
- authentication along with configured (but unused!)
|
|
|
+ - Fix a bug that prevented us from supporting SOCKS5 proxies that
|
|
|
+ want authentication along with configured (but unused!)
|
|
|
ClientTransportPlugins. Fixes bug 29670; bugfix on 0.2.6.1-alpha.
|
|
|
|
|
|
o Minor bugfixes (controller):
|
|
|
- POSTDESCRIPTOR requests should work again. Previously, they were
|
|
|
- broken if a "purpose=" flag was specified. Fixes bug 30580;
|
|
|
- bugfix on 0.4.1.1-alpha.
|
|
|
+ broken if a "purpose=" flag was specified. Fixes bug 30580; bugfix
|
|
|
+ on 0.4.1.1-alpha.
|
|
|
- Repair the HSFETCH command so that it works again. Previously, it
|
|
|
- expected a body when it shouldn't have. Fixes bug 30646; bugfix on
|
|
|
- 0.4.1.1-alpha.
|
|
|
+ expected a body when it shouldn't have. Fixes bug 30646; bugfix
|
|
|
+ on 0.4.1.1-alpha.
|
|
|
|
|
|
o Minor bugfixes (developer tooling):
|
|
|
- - Fix pre-push hook to refrain from rejecting fixup and squash commits
|
|
|
- when pushing to non-upstream git remote. Fixes bug 30286; bugfix on
|
|
|
- 0.4.0.1-alpha.
|
|
|
+ - Fix pre-push hook to refrain from rejecting fixup and squash
|
|
|
+ commits when pushing to non-upstream git remote. Fixes bug 30286;
|
|
|
+ bugfix on 0.4.0.1-alpha.
|
|
|
|
|
|
o Minor bugfixes (directory authority):
|
|
|
- - Move the "bandwidth-file-headers" line in directory authority votes
|
|
|
- so that it conforms to dir-spec.txt. Fixes bug 30316; bugfix on
|
|
|
- 0.3.5.1-alpha.
|
|
|
+ - Move the "bandwidth-file-headers" line in directory authority
|
|
|
+ votes so that it conforms to dir-spec.txt. Fixes bug 30316; bugfix
|
|
|
+ on 0.3.5.1-alpha.
|
|
|
|
|
|
o Minor bugfixes (NetBSD):
|
|
|
- Fix usage of minherit() on NetBSD and other platforms that define
|
|
@@ -85,27 +87,29 @@ Changes in version 0.4.1.2-alpha - 2019-06-05
|
|
|
|
|
|
o Minor bugfixes (out-of-memory handler):
|
|
|
- When purging the DNS cache because of an out-of-memory condition,
|
|
|
- try purging just the older entries at first. Previously, we would
|
|
|
+ try purging just the older entries at first. Previously, we would
|
|
|
purge the whole thing. Fixes bug 29617; bugfix on 0.3.5.1-alpha.
|
|
|
|
|
|
o Minor bugfixes (portability):
|
|
|
- - Avoid crashing in our tor_vasprintf() implementation on systems that
|
|
|
- define neither vasprintf() nor _vscprintf(). (This bug has been here
|
|
|
- long enough that we question whether people are running Tor on such
|
|
|
- systems, but we're applying the fix out of caution.) Fixes bug 30561;
|
|
|
- bugfix on 0.2.8.2-alpha. Found and fixed by Tobias Stoeckmann.
|
|
|
+ - Avoid crashing in our tor_vasprintf() implementation on systems
|
|
|
+ that define neither vasprintf() nor _vscprintf(). (This bug has
|
|
|
+ been here long enough that we question whether people are running
|
|
|
+ Tor on such systems, but we're applying the fix out of caution.)
|
|
|
+ Fixes bug 30561; bugfix on 0.2.8.2-alpha. Found and fixed by
|
|
|
+ Tobias Stoeckmann.
|
|
|
|
|
|
o Minor bugfixes (shutdown, libevent, memory safety):
|
|
|
- - Avoid use-after-free bugs when shutting down, by making sure that we
|
|
|
- shut down libevent only after shutting down all of its users. We
|
|
|
- believe these are harmless in practice, since they only occur on the
|
|
|
- shutdown path, and do not involve any attacker-controlled data. Fixes
|
|
|
- bug 30629; bugfix on 0.4.1.1-alpha.
|
|
|
+ - Avoid use-after-free bugs when shutting down, by making sure that
|
|
|
+ we shut down libevent only after shutting down all of its users.
|
|
|
+ We believe these are harmless in practice, since they only occur
|
|
|
+ on the shutdown path, and do not involve any attacker-controlled
|
|
|
+ data. Fixes bug 30629; bugfix on 0.4.1.1-alpha.
|
|
|
|
|
|
o Minor bugfixes (static analysis):
|
|
|
- - Fix several spurious Coverity warnings about the unit tests, to lower our
|
|
|
- chances of missing any real warnings in the future. Fixes bug 30150;
|
|
|
- bugfix on 0.3.5.1-alpha and various other Tor versions.
|
|
|
+ - Fix several spurious Coverity warnings about the unit tests, to
|
|
|
+ lower our chances of missing any real warnings in the future.
|
|
|
+ Fixes bug 30150; bugfix on 0.3.5.1-alpha and various other
|
|
|
+ Tor versions.
|
|
|
|
|
|
o Testing:
|
|
|
- Specify torrc paths (with empty files) when launching tor in
|