1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483148414851486148714881489149014911492149314941495149614971498149915001501150215031504150515061507150815091510151115121513151415151516151715181519152015211522152315241525152615271528152915301531153215331534153515361537153815391540154115421543154415451546154715481549155015511552155315541555155615571558155915601561156215631564156515661567156815691570157115721573157415751576157715781579158015811582158315841585158615871588158915901591159215931594159515961597159815991600160116021603160416051606160716081609161016111612161316141615161616171618161916201621162216231624162516261627162816291630163116321633163416351636163716381639164016411642164316441645164616471648164916501651165216531654165516561657165816591660166116621663166416651666166716681669167016711672167316741675167616771678167916801681168216831684168516861687168816891690169116921693169416951696169716981699170017011702170317041705170617071708170917101711171217131714171517161717171817191720172117221723172417251726172717281729173017311732173317341735173617371738173917401741174217431744174517461747174817491750175117521753175417551756175717581759176017611762176317641765176617671768176917701771177217731774177517761777177817791780178117821783178417851786178717881789179017911792179317941795179617971798179918001801180218031804180518061807180818091810181118121813181418151816181718181819182018211822182318241825182618271828182918301831183218331834183518361837183818391840184118421843184418451846184718481849185018511852185318541855185618571858185918601861186218631864186518661867186818691870187118721873187418751876187718781879188018811882188318841885188618871888188918901891189218931894189518961897189818991900190119021903190419051906190719081909191019111912191319141915191619171918191919201921192219231924192519261927192819291930193119321933193419351936193719381939194019411942194319441945194619471948194919501951195219531954195519561957195819591960196119621963196419651966196719681969197019711972197319741975197619771978197919801981198219831984198519861987198819891990199119921993199419951996199719981999200020012002200320042005200620072008200920102011201220132014201520162017201820192020202120222023202420252026202720282029203020312032203320342035203620372038203920402041204220432044204520462047204820492050205120522053205420552056205720582059206020612062206320642065206620672068206920702071207220732074207520762077207820792080208120822083208420852086208720882089209020912092209320942095209620972098209921002101210221032104210521062107210821092110211121122113211421152116211721182119212021212122212321242125212621272128212921302131213221332134213521362137213821392140214121422143214421452146214721482149215021512152215321542155215621572158215921602161216221632164216521662167216821692170217121722173217421752176217721782179218021812182218321842185218621872188218921902191219221932194219521962197219821992200220122022203220422052206220722082209221022112212221322142215221622172218221922202221222222232224222522262227222822292230223122322233223422352236223722382239224022412242224322442245224622472248224922502251225222532254225522562257225822592260226122622263226422652266226722682269227022712272227322742275227622772278227922802281228222832284228522862287228822892290229122922293229422952296229722982299230023012302230323042305230623072308230923102311231223132314231523162317231823192320232123222323232423252326232723282329233023312332233323342335233623372338233923402341234223432344234523462347234823492350235123522353235423552356235723582359236023612362236323642365236623672368236923702371237223732374237523762377237823792380238123822383238423852386238723882389239023912392239323942395239623972398239924002401240224032404240524062407240824092410241124122413241424152416241724182419242024212422242324242425242624272428242924302431243224332434243524362437243824392440244124422443244424452446244724482449245024512452245324542455245624572458245924602461246224632464246524662467246824692470247124722473247424752476247724782479248024812482248324842485248624872488248924902491249224932494249524962497249824992500250125022503250425052506250725082509251025112512251325142515251625172518251925202521252225232524252525262527252825292530253125322533253425352536253725382539254025412542254325442545254625472548254925502551255225532554255525562557255825592560256125622563256425652566256725682569257025712572257325742575257625772578257925802581258225832584258525862587258825892590259125922593259425952596259725982599260026012602260326042605260626072608260926102611261226132614261526162617261826192620262126222623262426252626262726282629263026312632263326342635263626372638263926402641264226432644264526462647264826492650265126522653265426552656265726582659266026612662266326642665266626672668266926702671267226732674267526762677267826792680268126822683268426852686268726882689269026912692269326942695269626972698269927002701270227032704270527062707270827092710271127122713271427152716271727182719272027212722272327242725272627272728272927302731273227332734273527362737273827392740274127422743274427452746274727482749275027512752275327542755275627572758275927602761276227632764276527662767276827692770277127722773277427752776277727782779278027812782278327842785278627872788278927902791279227932794279527962797279827992800280128022803280428052806280728082809281028112812281328142815281628172818281928202821282228232824282528262827282828292830283128322833283428352836283728382839284028412842284328442845284628472848284928502851285228532854285528562857285828592860286128622863286428652866286728682869287028712872287328742875287628772878287928802881288228832884288528862887288828892890289128922893289428952896289728982899290029012902290329042905290629072908290929102911291229132914291529162917291829192920292129222923292429252926292729282929293029312932293329342935293629372938293929402941294229432944294529462947294829492950295129522953295429552956295729582959296029612962296329642965296629672968296929702971297229732974297529762977297829792980298129822983298429852986298729882989299029912992299329942995299629972998299930003001300230033004300530063007300830093010301130123013301430153016301730183019302030213022302330243025302630273028302930303031303230333034303530363037303830393040304130423043304430453046304730483049305030513052305330543055305630573058305930603061306230633064306530663067306830693070307130723073307430753076307730783079308030813082308330843085308630873088308930903091309230933094309530963097309830993100310131023103310431053106310731083109311031113112311331143115311631173118311931203121312231233124312531263127312831293130313131323133313431353136313731383139314031413142314331443145314631473148314931503151315231533154315531563157315831593160316131623163316431653166316731683169317031713172317331743175317631773178317931803181318231833184318531863187318831893190319131923193319431953196319731983199320032013202320332043205320632073208320932103211321232133214321532163217321832193220322132223223322432253226322732283229323032313232323332343235323632373238323932403241324232433244324532463247324832493250325132523253325432553256325732583259326032613262326332643265326632673268326932703271327232733274327532763277327832793280328132823283328432853286328732883289329032913292329332943295329632973298329933003301330233033304330533063307330833093310331133123313331433153316331733183319332033213322332333243325332633273328332933303331333233333334333533363337333833393340334133423343334433453346334733483349335033513352335333543355335633573358335933603361336233633364336533663367336833693370337133723373337433753376337733783379338033813382338333843385338633873388338933903391339233933394339533963397339833993400340134023403340434053406340734083409341034113412341334143415341634173418341934203421342234233424342534263427342834293430343134323433343434353436343734383439344034413442344334443445344634473448344934503451345234533454345534563457345834593460346134623463346434653466346734683469347034713472347334743475347634773478347934803481348234833484348534863487348834893490349134923493349434953496349734983499350035013502350335043505350635073508350935103511351235133514351535163517351835193520352135223523352435253526352735283529353035313532353335343535353635373538353935403541354235433544354535463547354835493550355135523553355435553556355735583559356035613562356335643565356635673568356935703571357235733574357535763577357835793580358135823583358435853586358735883589359035913592359335943595359635973598359936003601360236033604360536063607360836093610361136123613361436153616361736183619362036213622362336243625362636273628362936303631363236333634363536363637363836393640364136423643364436453646364736483649365036513652365336543655365636573658365936603661366236633664366536663667366836693670367136723673367436753676367736783679368036813682368336843685368636873688368936903691369236933694369536963697369836993700370137023703370437053706370737083709371037113712371337143715371637173718371937203721372237233724372537263727372837293730373137323733373437353736373737383739374037413742374337443745374637473748374937503751375237533754375537563757375837593760376137623763376437653766376737683769377037713772377337743775377637773778377937803781378237833784378537863787378837893790379137923793379437953796379737983799380038013802380338043805380638073808380938103811381238133814381538163817381838193820382138223823382438253826382738283829383038313832383338343835383638373838383938403841384238433844384538463847384838493850385138523853385438553856385738583859386038613862386338643865386638673868386938703871387238733874387538763877387838793880388138823883388438853886388738883889389038913892389338943895389638973898389939003901390239033904390539063907390839093910391139123913391439153916391739183919392039213922392339243925392639273928392939303931393239333934393539363937393839393940394139423943394439453946394739483949395039513952395339543955395639573958395939603961396239633964396539663967396839693970397139723973397439753976397739783979398039813982398339843985398639873988398939903991399239933994399539963997399839994000400140024003400440054006400740084009401040114012401340144015401640174018401940204021402240234024402540264027402840294030403140324033403440354036403740384039404040414042404340444045404640474048404940504051405240534054405540564057405840594060406140624063406440654066406740684069407040714072407340744075407640774078407940804081408240834084408540864087408840894090409140924093409440954096409740984099410041014102410341044105410641074108410941104111411241134114411541164117411841194120412141224123412441254126412741284129413041314132413341344135413641374138413941404141414241434144414541464147414841494150415141524153415441554156415741584159416041614162416341644165416641674168416941704171417241734174417541764177417841794180418141824183418441854186418741884189419041914192419341944195419641974198419942004201420242034204420542064207420842094210421142124213421442154216421742184219422042214222422342244225422642274228422942304231423242334234423542364237423842394240424142424243424442454246424742484249425042514252425342544255425642574258425942604261426242634264426542664267426842694270427142724273427442754276427742784279428042814282428342844285428642874288428942904291429242934294429542964297429842994300430143024303430443054306430743084309431043114312431343144315431643174318431943204321432243234324432543264327432843294330433143324333433443354336433743384339434043414342434343444345434643474348434943504351435243534354435543564357435843594360436143624363436443654366436743684369437043714372437343744375437643774378437943804381438243834384438543864387438843894390439143924393439443954396439743984399440044014402440344044405440644074408440944104411441244134414441544164417441844194420442144224423442444254426442744284429443044314432443344344435443644374438443944404441444244434444444544464447444844494450445144524453445444554456445744584459446044614462446344644465446644674468446944704471447244734474447544764477447844794480448144824483448444854486448744884489449044914492449344944495449644974498449945004501450245034504450545064507450845094510451145124513451445154516451745184519452045214522452345244525452645274528452945304531453245334534453545364537453845394540454145424543454445454546454745484549455045514552455345544555455645574558455945604561456245634564456545664567456845694570457145724573457445754576457745784579458045814582458345844585458645874588458945904591459245934594459545964597459845994600460146024603460446054606460746084609461046114612461346144615461646174618461946204621462246234624462546264627462846294630463146324633463446354636463746384639464046414642464346444645464646474648464946504651465246534654465546564657465846594660466146624663466446654666466746684669467046714672467346744675467646774678467946804681468246834684468546864687468846894690469146924693469446954696469746984699470047014702470347044705470647074708470947104711471247134714471547164717471847194720472147224723472447254726472747284729473047314732473347344735473647374738473947404741474247434744474547464747474847494750475147524753475447554756475747584759476047614762476347644765476647674768476947704771477247734774477547764777477847794780478147824783478447854786478747884789479047914792479347944795479647974798479948004801480248034804480548064807480848094810481148124813481448154816481748184819482048214822482348244825482648274828482948304831483248334834483548364837483848394840484148424843484448454846484748484849485048514852485348544855485648574858485948604861486248634864486548664867486848694870487148724873487448754876487748784879488048814882488348844885488648874888488948904891489248934894489548964897489848994900490149024903490449054906490749084909491049114912491349144915491649174918491949204921492249234924492549264927492849294930493149324933493449354936493749384939494049414942494349444945494649474948494949504951495249534954495549564957495849594960496149624963496449654966496749684969497049714972497349744975497649774978497949804981498249834984498549864987498849894990499149924993499449954996499749984999500050015002500350045005500650075008500950105011501250135014501550165017501850195020502150225023502450255026502750285029503050315032503350345035503650375038503950405041504250435044504550465047504850495050505150525053505450555056505750585059506050615062506350645065506650675068506950705071507250735074507550765077507850795080508150825083508450855086508750885089509050915092509350945095509650975098509951005101510251035104510551065107510851095110511151125113511451155116511751185119512051215122512351245125512651275128512951305131513251335134513551365137513851395140514151425143514451455146514751485149515051515152515351545155515651575158515951605161516251635164516551665167516851695170517151725173517451755176517751785179518051815182518351845185518651875188518951905191519251935194519551965197519851995200520152025203520452055206520752085209521052115212521352145215521652175218521952205221522252235224522552265227522852295230523152325233523452355236523752385239524052415242524352445245524652475248524952505251525252535254525552565257525852595260526152625263526452655266526752685269527052715272527352745275527652775278527952805281528252835284528552865287528852895290529152925293529452955296529752985299530053015302530353045305530653075308530953105311531253135314531553165317531853195320532153225323532453255326532753285329533053315332533353345335533653375338533953405341534253435344534553465347534853495350535153525353535453555356535753585359536053615362536353645365536653675368536953705371537253735374537553765377537853795380538153825383538453855386538753885389539053915392539353945395539653975398539954005401540254035404540554065407540854095410541154125413541454155416541754185419542054215422542354245425542654275428542954305431543254335434543554365437543854395440544154425443544454455446544754485449545054515452545354545455545654575458545954605461546254635464546554665467546854695470547154725473547454755476547754785479548054815482548354845485548654875488548954905491549254935494549554965497549854995500550155025503550455055506550755085509551055115512551355145515551655175518551955205521552255235524552555265527552855295530553155325533553455355536553755385539554055415542554355445545554655475548554955505551555255535554555555565557555855595560556155625563556455655566556755685569557055715572557355745575557655775578557955805581558255835584558555865587558855895590559155925593559455955596559755985599560056015602560356045605560656075608560956105611561256135614561556165617561856195620562156225623562456255626562756285629563056315632563356345635563656375638563956405641564256435644564556465647564856495650565156525653565456555656565756585659566056615662566356645665566656675668566956705671567256735674567556765677567856795680568156825683568456855686568756885689569056915692569356945695569656975698569957005701570257035704570557065707570857095710571157125713571457155716571757185719572057215722572357245725572657275728572957305731573257335734573557365737573857395740574157425743574457455746574757485749575057515752575357545755575657575758575957605761576257635764576557665767576857695770577157725773577457755776577757785779578057815782578357845785578657875788578957905791579257935794579557965797579857995800580158025803580458055806580758085809581058115812581358145815581658175818581958205821582258235824582558265827582858295830583158325833583458355836583758385839584058415842584358445845584658475848584958505851585258535854585558565857585858595860586158625863586458655866586758685869587058715872587358745875587658775878587958805881588258835884588558865887588858895890589158925893589458955896589758985899590059015902590359045905590659075908590959105911591259135914591559165917591859195920592159225923592459255926592759285929593059315932593359345935593659375938593959405941594259435944594559465947594859495950595159525953595459555956595759585959596059615962596359645965596659675968596959705971597259735974597559765977597859795980598159825983598459855986598759885989599059915992599359945995599659975998599960006001600260036004600560066007600860096010601160126013601460156016601760186019602060216022602360246025602660276028602960306031603260336034603560366037603860396040604160426043604460456046604760486049605060516052605360546055605660576058605960606061606260636064606560666067606860696070607160726073607460756076607760786079608060816082608360846085608660876088608960906091609260936094609560966097609860996100610161026103610461056106610761086109611061116112611361146115611661176118611961206121612261236124612561266127612861296130613161326133613461356136613761386139614061416142614361446145614661476148614961506151615261536154615561566157615861596160616161626163616461656166616761686169617061716172617361746175617661776178617961806181618261836184618561866187618861896190619161926193619461956196619761986199620062016202620362046205620662076208620962106211621262136214621562166217621862196220622162226223622462256226622762286229623062316232623362346235623662376238623962406241624262436244624562466247624862496250625162526253625462556256625762586259626062616262626362646265626662676268626962706271627262736274627562766277627862796280628162826283628462856286628762886289629062916292629362946295629662976298629963006301630263036304630563066307630863096310631163126313631463156316631763186319632063216322632363246325632663276328632963306331633263336334633563366337633863396340634163426343634463456346634763486349635063516352635363546355635663576358635963606361636263636364636563666367636863696370637163726373637463756376637763786379638063816382638363846385638663876388638963906391639263936394639563966397639863996400640164026403640464056406640764086409641064116412641364146415641664176418641964206421642264236424642564266427642864296430643164326433643464356436643764386439644064416442644364446445644664476448644964506451645264536454645564566457645864596460646164626463646464656466646764686469647064716472647364746475647664776478647964806481648264836484648564866487648864896490649164926493649464956496649764986499650065016502650365046505650665076508650965106511651265136514651565166517651865196520652165226523652465256526652765286529653065316532653365346535653665376538653965406541654265436544654565466547654865496550655165526553655465556556655765586559656065616562656365646565656665676568656965706571657265736574657565766577657865796580658165826583658465856586658765886589659065916592659365946595659665976598659966006601660266036604660566066607660866096610661166126613661466156616661766186619662066216622662366246625662666276628662966306631663266336634663566366637663866396640664166426643664466456646664766486649665066516652665366546655665666576658665966606661666266636664666566666667666866696670667166726673667466756676667766786679668066816682668366846685668666876688668966906691669266936694669566966697669866996700670167026703670467056706670767086709671067116712671367146715671667176718671967206721672267236724672567266727672867296730673167326733673467356736673767386739674067416742674367446745674667476748674967506751675267536754675567566757675867596760676167626763676467656766676767686769677067716772677367746775677667776778677967806781678267836784678567866787678867896790679167926793679467956796679767986799680068016802680368046805680668076808680968106811681268136814681568166817681868196820682168226823682468256826682768286829683068316832683368346835683668376838683968406841684268436844684568466847684868496850685168526853685468556856685768586859686068616862686368646865686668676868686968706871687268736874687568766877687868796880688168826883688468856886688768886889689068916892689368946895689668976898689969006901690269036904690569066907690869096910691169126913691469156916691769186919692069216922692369246925692669276928692969306931693269336934693569366937693869396940694169426943694469456946694769486949695069516952695369546955695669576958695969606961696269636964696569666967696869696970697169726973697469756976697769786979698069816982698369846985698669876988698969906991699269936994699569966997699869997000700170027003700470057006700770087009701070117012701370147015701670177018701970207021702270237024702570267027702870297030703170327033703470357036703770387039704070417042704370447045704670477048704970507051705270537054705570567057705870597060706170627063706470657066706770687069707070717072707370747075707670777078707970807081708270837084708570867087708870897090709170927093709470957096709770987099710071017102710371047105710671077108710971107111711271137114711571167117711871197120712171227123712471257126712771287129713071317132713371347135713671377138713971407141714271437144714571467147714871497150715171527153715471557156715771587159716071617162716371647165716671677168716971707171717271737174717571767177717871797180718171827183718471857186718771887189719071917192719371947195719671977198719972007201720272037204720572067207720872097210721172127213721472157216721772187219722072217222722372247225722672277228722972307231723272337234723572367237723872397240724172427243724472457246724772487249725072517252725372547255725672577258725972607261726272637264726572667267726872697270727172727273727472757276727772787279728072817282728372847285728672877288728972907291729272937294729572967297729872997300730173027303730473057306730773087309731073117312731373147315731673177318731973207321732273237324732573267327732873297330733173327333733473357336733773387339734073417342734373447345734673477348734973507351735273537354735573567357735873597360736173627363736473657366736773687369737073717372737373747375737673777378737973807381738273837384738573867387738873897390739173927393739473957396739773987399740074017402740374047405740674077408740974107411741274137414741574167417741874197420742174227423742474257426742774287429743074317432743374347435743674377438743974407441744274437444744574467447744874497450745174527453745474557456745774587459746074617462746374647465746674677468746974707471747274737474747574767477747874797480748174827483748474857486748774887489749074917492749374947495749674977498749975007501750275037504750575067507750875097510751175127513751475157516751775187519752075217522752375247525752675277528752975307531753275337534753575367537753875397540754175427543754475457546754775487549755075517552755375547555755675577558755975607561756275637564756575667567756875697570757175727573757475757576757775787579758075817582758375847585758675877588758975907591759275937594759575967597759875997600760176027603760476057606760776087609761076117612761376147615761676177618761976207621762276237624762576267627762876297630763176327633763476357636763776387639764076417642764376447645764676477648764976507651765276537654765576567657765876597660766176627663766476657666766776687669767076717672767376747675767676777678767976807681768276837684768576867687768876897690769176927693769476957696769776987699770077017702770377047705770677077708770977107711771277137714771577167717771877197720772177227723772477257726772777287729773077317732773377347735773677377738773977407741774277437744774577467747774877497750775177527753775477557756775777587759776077617762776377647765776677677768776977707771777277737774777577767777777877797780778177827783778477857786778777887789779077917792779377947795779677977798779978007801780278037804780578067807780878097810781178127813781478157816781778187819782078217822782378247825782678277828782978307831783278337834783578367837783878397840784178427843784478457846784778487849785078517852785378547855785678577858785978607861786278637864786578667867786878697870787178727873787478757876787778787879788078817882788378847885788678877888788978907891789278937894789578967897789878997900790179027903790479057906790779087909791079117912791379147915791679177918791979207921792279237924792579267927792879297930793179327933793479357936793779387939794079417942794379447945794679477948794979507951795279537954795579567957795879597960796179627963796479657966796779687969797079717972797379747975797679777978797979807981798279837984798579867987798879897990799179927993799479957996799779987999800080018002800380048005800680078008800980108011801280138014801580168017801880198020802180228023802480258026802780288029803080318032803380348035803680378038803980408041804280438044804580468047804880498050805180528053805480558056805780588059806080618062806380648065806680678068806980708071807280738074807580768077807880798080808180828083808480858086808780888089809080918092809380948095809680978098809981008101810281038104810581068107810881098110811181128113811481158116811781188119812081218122812381248125812681278128812981308131813281338134813581368137813881398140814181428143814481458146814781488149815081518152815381548155815681578158815981608161816281638164816581668167816881698170817181728173817481758176817781788179818081818182818381848185818681878188818981908191819281938194819581968197819881998200820182028203820482058206820782088209821082118212821382148215821682178218821982208221822282238224822582268227822882298230823182328233823482358236823782388239824082418242824382448245824682478248824982508251825282538254825582568257825882598260826182628263826482658266826782688269827082718272827382748275827682778278827982808281828282838284828582868287828882898290829182928293829482958296829782988299830083018302830383048305830683078308830983108311831283138314831583168317831883198320832183228323832483258326832783288329833083318332833383348335833683378338833983408341834283438344834583468347834883498350835183528353835483558356835783588359836083618362836383648365836683678368836983708371837283738374837583768377837883798380838183828383838483858386838783888389839083918392839383948395839683978398839984008401840284038404840584068407840884098410841184128413841484158416841784188419842084218422842384248425842684278428842984308431843284338434843584368437843884398440844184428443844484458446844784488449845084518452845384548455845684578458845984608461846284638464846584668467846884698470847184728473847484758476847784788479848084818482848384848485848684878488848984908491849284938494849584968497849884998500850185028503850485058506850785088509851085118512851385148515851685178518851985208521852285238524852585268527852885298530853185328533853485358536853785388539854085418542854385448545854685478548854985508551855285538554855585568557855885598560856185628563856485658566856785688569857085718572857385748575857685778578857985808581858285838584858585868587858885898590859185928593859485958596859785988599860086018602860386048605860686078608860986108611861286138614861586168617861886198620862186228623862486258626862786288629863086318632863386348635863686378638863986408641864286438644864586468647864886498650865186528653865486558656865786588659866086618662866386648665866686678668866986708671867286738674867586768677867886798680868186828683868486858686868786888689869086918692869386948695869686978698869987008701870287038704870587068707870887098710871187128713871487158716871787188719872087218722872387248725872687278728872987308731873287338734873587368737873887398740874187428743874487458746874787488749875087518752875387548755875687578758875987608761876287638764876587668767876887698770877187728773877487758776877787788779878087818782878387848785878687878788878987908791879287938794879587968797879887998800880188028803880488058806880788088809881088118812881388148815881688178818881988208821882288238824882588268827882888298830883188328833883488358836883788388839884088418842884388448845884688478848884988508851885288538854885588568857885888598860886188628863886488658866886788688869887088718872887388748875887688778878887988808881888288838884888588868887888888898890889188928893889488958896889788988899890089018902890389048905890689078908890989108911891289138914891589168917891889198920892189228923892489258926892789288929893089318932893389348935893689378938893989408941894289438944894589468947894889498950895189528953895489558956895789588959896089618962896389648965896689678968896989708971897289738974897589768977897889798980898189828983898489858986898789888989899089918992899389948995899689978998899990009001900290039004900590069007900890099010901190129013901490159016901790189019902090219022902390249025902690279028902990309031903290339034903590369037903890399040904190429043904490459046904790489049905090519052905390549055905690579058905990609061906290639064906590669067906890699070907190729073907490759076907790789079908090819082908390849085908690879088908990909091909290939094909590969097909890999100910191029103910491059106910791089109911091119112911391149115911691179118911991209121912291239124912591269127912891299130913191329133913491359136913791389139914091419142914391449145914691479148914991509151915291539154915591569157915891599160916191629163916491659166916791689169917091719172917391749175917691779178917991809181918291839184918591869187918891899190919191929193919491959196919791989199920092019202920392049205920692079208920992109211921292139214921592169217921892199220922192229223922492259226922792289229923092319232923392349235923692379238923992409241924292439244924592469247924892499250925192529253925492559256925792589259926092619262926392649265926692679268926992709271927292739274927592769277927892799280928192829283928492859286928792889289929092919292929392949295929692979298929993009301930293039304930593069307930893099310931193129313931493159316931793189319932093219322932393249325932693279328932993309331933293339334933593369337933893399340934193429343934493459346934793489349935093519352935393549355935693579358935993609361936293639364936593669367936893699370937193729373937493759376937793789379938093819382938393849385938693879388938993909391939293939394939593969397939893999400940194029403940494059406940794089409941094119412941394149415941694179418941994209421942294239424942594269427942894299430943194329433943494359436943794389439944094419442944394449445944694479448944994509451945294539454945594569457945894599460946194629463946494659466946794689469947094719472947394749475947694779478947994809481948294839484948594869487948894899490949194929493949494959496949794989499950095019502950395049505950695079508950995109511951295139514951595169517951895199520952195229523952495259526952795289529953095319532953395349535953695379538953995409541954295439544954595469547954895499550955195529553955495559556955795589559956095619562956395649565956695679568956995709571957295739574957595769577957895799580958195829583958495859586958795889589959095919592959395949595959695979598959996009601960296039604960596069607960896099610961196129613961496159616961796189619962096219622962396249625962696279628962996309631963296339634963596369637963896399640964196429643964496459646964796489649965096519652965396549655965696579658965996609661966296639664966596669667966896699670967196729673967496759676967796789679968096819682968396849685968696879688968996909691969296939694969596969697969896999700970197029703970497059706970797089709971097119712971397149715971697179718971997209721972297239724972597269727972897299730973197329733973497359736973797389739974097419742974397449745974697479748974997509751975297539754975597569757975897599760976197629763976497659766976797689769977097719772977397749775977697779778977997809781978297839784978597869787978897899790979197929793979497959796979797989799980098019802980398049805980698079808980998109811981298139814981598169817981898199820982198229823982498259826982798289829983098319832983398349835983698379838983998409841984298439844984598469847984898499850985198529853985498559856985798589859986098619862986398649865986698679868986998709871987298739874987598769877987898799880988198829883988498859886988798889889989098919892989398949895989698979898989999009901990299039904990599069907990899099910991199129913991499159916991799189919992099219922992399249925992699279928992999309931993299339934993599369937993899399940994199429943994499459946994799489949995099519952995399549955995699579958995999609961996299639964996599669967996899699970997199729973997499759976997799789979998099819982998399849985998699879988998999909991999299939994999599969997999899991000010001100021000310004100051000610007100081000910010100111001210013100141001510016100171001810019100201002110022100231002410025100261002710028100291003010031100321003310034100351003610037100381003910040100411004210043100441004510046100471004810049100501005110052100531005410055100561005710058100591006010061100621006310064100651006610067100681006910070100711007210073100741007510076100771007810079100801008110082100831008410085100861008710088100891009010091100921009310094100951009610097100981009910100101011010210103101041010510106101071010810109101101011110112101131011410115101161011710118101191012010121101221012310124101251012610127101281012910130101311013210133101341013510136101371013810139101401014110142101431014410145101461014710148101491015010151101521015310154101551015610157101581015910160101611016210163101641016510166101671016810169101701017110172101731017410175101761017710178101791018010181101821018310184101851018610187101881018910190101911019210193101941019510196101971019810199102001020110202102031020410205102061020710208102091021010211102121021310214102151021610217102181021910220102211022210223102241022510226102271022810229102301023110232102331023410235102361023710238102391024010241102421024310244102451024610247102481024910250102511025210253102541025510256102571025810259102601026110262102631026410265102661026710268102691027010271102721027310274102751027610277102781027910280102811028210283102841028510286102871028810289102901029110292102931029410295102961029710298102991030010301103021030310304103051030610307103081030910310103111031210313103141031510316103171031810319103201032110322103231032410325103261032710328103291033010331103321033310334103351033610337103381033910340103411034210343103441034510346103471034810349103501035110352103531035410355103561035710358103591036010361103621036310364103651036610367103681036910370103711037210373103741037510376103771037810379103801038110382103831038410385103861038710388103891039010391103921039310394103951039610397103981039910400104011040210403104041040510406104071040810409104101041110412104131041410415104161041710418104191042010421104221042310424104251042610427104281042910430104311043210433104341043510436104371043810439104401044110442104431044410445104461044710448104491045010451104521045310454104551045610457104581045910460104611046210463104641046510466104671046810469104701047110472104731047410475104761047710478104791048010481104821048310484104851048610487104881048910490104911049210493104941049510496104971049810499105001050110502105031050410505105061050710508105091051010511105121051310514105151051610517105181051910520105211052210523105241052510526105271052810529105301053110532105331053410535105361053710538105391054010541105421054310544105451054610547105481054910550105511055210553105541055510556105571055810559105601056110562105631056410565105661056710568105691057010571105721057310574105751057610577105781057910580105811058210583105841058510586105871058810589105901059110592105931059410595105961059710598105991060010601106021060310604106051060610607106081060910610106111061210613106141061510616106171061810619106201062110622106231062410625106261062710628106291063010631106321063310634106351063610637106381063910640106411064210643106441064510646106471064810649106501065110652106531065410655106561065710658106591066010661106621066310664106651066610667106681066910670106711067210673106741067510676106771067810679106801068110682106831068410685106861068710688106891069010691106921069310694106951069610697106981069910700107011070210703107041070510706107071070810709107101071110712107131071410715107161071710718107191072010721107221072310724107251072610727107281072910730107311073210733107341073510736107371073810739107401074110742107431074410745107461074710748107491075010751107521075310754107551075610757107581075910760107611076210763107641076510766107671076810769107701077110772107731077410775107761077710778107791078010781107821078310784107851078610787107881078910790107911079210793107941079510796107971079810799108001080110802108031080410805108061080710808108091081010811108121081310814108151081610817108181081910820108211082210823108241082510826108271082810829108301083110832108331083410835108361083710838108391084010841108421084310844108451084610847108481084910850108511085210853108541085510856108571085810859108601086110862108631086410865108661086710868108691087010871108721087310874108751087610877108781087910880108811088210883108841088510886108871088810889108901089110892108931089410895108961089710898108991090010901109021090310904109051090610907109081090910910109111091210913109141091510916109171091810919109201092110922109231092410925109261092710928109291093010931109321093310934109351093610937109381093910940109411094210943109441094510946109471094810949109501095110952109531095410955109561095710958109591096010961109621096310964109651096610967109681096910970109711097210973109741097510976109771097810979109801098110982109831098410985109861098710988109891099010991109921099310994109951099610997109981099911000110011100211003110041100511006110071100811009110101101111012110131101411015110161101711018110191102011021110221102311024110251102611027110281102911030110311103211033110341103511036110371103811039110401104111042110431104411045110461104711048110491105011051110521105311054110551105611057110581105911060110611106211063110641106511066110671106811069110701107111072110731107411075110761107711078110791108011081110821108311084110851108611087110881108911090110911109211093110941109511096110971109811099111001110111102111031110411105111061110711108111091111011111111121111311114111151111611117111181111911120111211112211123111241112511126111271112811129111301113111132111331113411135111361113711138111391114011141111421114311144111451114611147111481114911150111511115211153111541115511156111571115811159111601116111162111631116411165111661116711168111691117011171111721117311174111751117611177111781117911180111811118211183111841118511186111871118811189111901119111192111931119411195111961119711198111991120011201112021120311204112051120611207112081120911210112111121211213112141121511216112171121811219112201122111222112231122411225112261122711228112291123011231112321123311234112351123611237112381123911240112411124211243112441124511246112471124811249112501125111252112531125411255112561125711258112591126011261112621126311264112651126611267112681126911270112711127211273112741127511276112771127811279112801128111282112831128411285112861128711288112891129011291112921129311294112951129611297112981129911300113011130211303113041130511306113071130811309113101131111312113131131411315113161131711318113191132011321113221132311324113251132611327113281132911330113311133211333113341133511336113371133811339113401134111342113431134411345113461134711348113491135011351113521135311354113551135611357113581135911360113611136211363113641136511366113671136811369113701137111372113731137411375113761137711378113791138011381113821138311384113851138611387113881138911390113911139211393113941139511396113971139811399114001140111402114031140411405114061140711408114091141011411114121141311414114151141611417114181141911420114211142211423114241142511426114271142811429114301143111432114331143411435114361143711438114391144011441114421144311444114451144611447114481144911450114511145211453114541145511456114571145811459114601146111462114631146411465114661146711468114691147011471114721147311474114751147611477114781147911480114811148211483114841148511486114871148811489114901149111492114931149411495114961149711498114991150011501115021150311504115051150611507115081150911510115111151211513115141151511516115171151811519115201152111522115231152411525115261152711528115291153011531115321153311534115351153611537115381153911540115411154211543115441154511546115471154811549115501155111552115531155411555115561155711558115591156011561115621156311564115651156611567115681156911570115711157211573115741157511576115771157811579115801158111582115831158411585115861158711588115891159011591115921159311594115951159611597115981159911600116011160211603116041160511606116071160811609116101161111612116131161411615116161161711618116191162011621116221162311624116251162611627116281162911630116311163211633116341163511636116371163811639116401164111642116431164411645116461164711648116491165011651116521165311654116551165611657116581165911660116611166211663116641166511666116671166811669116701167111672116731167411675116761167711678116791168011681116821168311684116851168611687116881168911690116911169211693116941169511696116971169811699117001170111702117031170411705117061170711708117091171011711117121171311714117151171611717117181171911720117211172211723117241172511726117271172811729117301173111732117331173411735117361173711738117391174011741117421174311744117451174611747117481174911750117511175211753117541175511756117571175811759117601176111762117631176411765117661176711768117691177011771117721177311774117751177611777117781177911780117811178211783117841178511786117871178811789117901179111792117931179411795117961179711798117991180011801118021180311804118051180611807118081180911810118111181211813118141181511816118171181811819118201182111822118231182411825118261182711828118291183011831118321183311834118351183611837118381183911840118411184211843118441184511846118471184811849118501185111852118531185411855118561185711858118591186011861118621186311864118651186611867118681186911870118711187211873118741187511876118771187811879118801188111882118831188411885118861188711888118891189011891118921189311894118951189611897118981189911900119011190211903119041190511906119071190811909119101191111912119131191411915119161191711918119191192011921119221192311924119251192611927119281192911930119311193211933119341193511936119371193811939119401194111942119431194411945119461194711948119491195011951119521195311954119551195611957119581195911960119611196211963119641196511966119671196811969119701197111972119731197411975119761197711978119791198011981119821198311984119851198611987119881198911990119911199211993119941199511996119971199811999120001200112002120031200412005120061200712008120091201012011120121201312014120151201612017120181201912020120211202212023120241202512026120271202812029120301203112032120331203412035120361203712038120391204012041120421204312044120451204612047120481204912050120511205212053120541205512056120571205812059120601206112062120631206412065120661206712068120691207012071120721207312074120751207612077120781207912080120811208212083120841208512086120871208812089120901209112092120931209412095120961209712098120991210012101121021210312104121051210612107121081210912110121111211212113121141211512116121171211812119121201212112122121231212412125121261212712128121291213012131121321213312134121351213612137121381213912140121411214212143121441214512146121471214812149121501215112152121531215412155121561215712158121591216012161121621216312164121651216612167121681216912170121711217212173121741217512176121771217812179121801218112182121831218412185121861218712188121891219012191121921219312194121951219612197121981219912200122011220212203122041220512206122071220812209122101221112212122131221412215122161221712218122191222012221122221222312224122251222612227122281222912230122311223212233122341223512236122371223812239122401224112242122431224412245122461224712248122491225012251122521225312254122551225612257122581225912260122611226212263122641226512266122671226812269122701227112272122731227412275122761227712278122791228012281122821228312284122851228612287122881228912290122911229212293122941229512296122971229812299123001230112302123031230412305123061230712308123091231012311123121231312314123151231612317123181231912320123211232212323123241232512326123271232812329123301233112332123331233412335123361233712338123391234012341123421234312344123451234612347123481234912350123511235212353123541235512356123571235812359123601236112362123631236412365123661236712368123691237012371123721237312374123751237612377123781237912380123811238212383123841238512386123871238812389123901239112392123931239412395123961239712398123991240012401124021240312404124051240612407124081240912410124111241212413124141241512416124171241812419124201242112422124231242412425124261242712428124291243012431124321243312434124351243612437124381243912440124411244212443124441244512446124471244812449124501245112452124531245412455124561245712458124591246012461124621246312464124651246612467124681246912470124711247212473124741247512476124771247812479124801248112482124831248412485124861248712488124891249012491124921249312494124951249612497124981249912500125011250212503125041250512506125071250812509125101251112512125131251412515125161251712518125191252012521125221252312524125251252612527125281252912530125311253212533125341253512536125371253812539125401254112542125431254412545125461254712548125491255012551125521255312554125551255612557125581255912560125611256212563125641256512566125671256812569125701257112572125731257412575125761257712578125791258012581125821258312584125851258612587125881258912590125911259212593125941259512596125971259812599126001260112602126031260412605126061260712608126091261012611126121261312614126151261612617126181261912620126211262212623126241262512626126271262812629126301263112632126331263412635126361263712638126391264012641126421264312644126451264612647126481264912650126511265212653126541265512656126571265812659126601266112662126631266412665126661266712668126691267012671126721267312674126751267612677126781267912680126811268212683126841268512686126871268812689126901269112692126931269412695126961269712698126991270012701127021270312704127051270612707127081270912710127111271212713127141271512716127171271812719127201272112722127231272412725127261272712728127291273012731127321273312734127351273612737127381273912740127411274212743127441274512746127471274812749127501275112752127531275412755127561275712758127591276012761127621276312764127651276612767127681276912770127711277212773127741277512776127771277812779127801278112782127831278412785127861278712788127891279012791127921279312794127951279612797127981279912800128011280212803128041280512806128071280812809128101281112812128131281412815128161281712818128191282012821128221282312824128251282612827128281282912830128311283212833128341283512836128371283812839128401284112842128431284412845128461284712848128491285012851128521285312854128551285612857128581285912860128611286212863128641286512866128671286812869128701287112872128731287412875128761287712878128791288012881128821288312884128851288612887128881288912890128911289212893128941289512896128971289812899129001290112902129031290412905129061290712908129091291012911129121291312914129151291612917129181291912920129211292212923129241292512926129271292812929129301293112932129331293412935129361293712938129391294012941129421294312944129451294612947129481294912950129511295212953129541295512956129571295812959129601296112962129631296412965129661296712968129691297012971129721297312974129751297612977129781297912980129811298212983129841298512986129871298812989129901299112992129931299412995129961299712998129991300013001130021300313004130051300613007130081300913010130111301213013130141301513016130171301813019130201302113022130231302413025130261302713028130291303013031130321303313034130351303613037130381303913040130411304213043130441304513046130471304813049130501305113052130531305413055130561305713058130591306013061130621306313064130651306613067130681306913070130711307213073130741307513076130771307813079130801308113082130831308413085130861308713088130891309013091130921309313094130951309613097130981309913100131011310213103131041310513106131071310813109131101311113112131131311413115131161311713118131191312013121131221312313124131251312613127131281312913130131311313213133131341313513136131371313813139131401314113142131431314413145131461314713148131491315013151131521315313154131551315613157131581315913160131611316213163131641316513166131671316813169131701317113172131731317413175131761317713178131791318013181131821318313184131851318613187131881318913190131911319213193131941319513196131971319813199132001320113202132031320413205132061320713208132091321013211132121321313214132151321613217132181321913220132211322213223132241322513226132271322813229132301323113232132331323413235132361323713238132391324013241132421324313244132451324613247132481324913250132511325213253132541325513256132571325813259132601326113262132631326413265132661326713268132691327013271132721327313274132751327613277132781327913280132811328213283132841328513286132871328813289132901329113292132931329413295132961329713298132991330013301133021330313304133051330613307133081330913310133111331213313133141331513316133171331813319133201332113322133231332413325133261332713328133291333013331133321333313334133351333613337133381333913340133411334213343133441334513346133471334813349133501335113352133531335413355133561335713358133591336013361133621336313364133651336613367133681336913370133711337213373133741337513376133771337813379133801338113382133831338413385133861338713388133891339013391133921339313394133951339613397133981339913400134011340213403134041340513406134071340813409134101341113412134131341413415134161341713418134191342013421134221342313424134251342613427134281342913430134311343213433134341343513436134371343813439134401344113442134431344413445134461344713448134491345013451134521345313454134551345613457134581345913460134611346213463134641346513466134671346813469134701347113472134731347413475134761347713478134791348013481134821348313484134851348613487134881348913490134911349213493134941349513496134971349813499135001350113502135031350413505135061350713508135091351013511135121351313514135151351613517135181351913520135211352213523135241352513526135271352813529135301353113532135331353413535135361353713538135391354013541135421354313544135451354613547135481354913550135511355213553135541355513556135571355813559135601356113562135631356413565135661356713568135691357013571135721357313574135751357613577135781357913580135811358213583135841358513586135871358813589135901359113592135931359413595135961359713598135991360013601136021360313604136051360613607136081360913610136111361213613136141361513616136171361813619136201362113622136231362413625136261362713628136291363013631136321363313634136351363613637136381363913640136411364213643136441364513646136471364813649136501365113652136531365413655136561365713658136591366013661136621366313664136651366613667136681366913670136711367213673136741367513676136771367813679136801368113682136831368413685136861368713688136891369013691136921369313694136951369613697136981369913700137011370213703137041370513706137071370813709137101371113712137131371413715137161371713718137191372013721137221372313724137251372613727137281372913730137311373213733137341373513736137371373813739137401374113742137431374413745137461374713748137491375013751137521375313754137551375613757137581375913760137611376213763137641376513766137671376813769137701377113772137731377413775137761377713778137791378013781137821378313784137851378613787137881378913790137911379213793137941379513796137971379813799138001380113802138031380413805138061380713808138091381013811138121381313814138151381613817138181381913820138211382213823138241382513826138271382813829138301383113832138331383413835138361383713838138391384013841138421384313844138451384613847138481384913850138511385213853138541385513856138571385813859138601386113862138631386413865138661386713868138691387013871138721387313874138751387613877138781387913880138811388213883138841388513886138871388813889138901389113892138931389413895138961389713898138991390013901139021390313904139051390613907139081390913910139111391213913139141391513916139171391813919139201392113922139231392413925139261392713928139291393013931139321393313934139351393613937139381393913940139411394213943139441394513946139471394813949139501395113952139531395413955139561395713958139591396013961139621396313964139651396613967139681396913970139711397213973139741397513976139771397813979139801398113982139831398413985139861398713988139891399013991139921399313994139951399613997139981399914000140011400214003140041400514006140071400814009140101401114012140131401414015140161401714018140191402014021140221402314024140251402614027140281402914030140311403214033140341403514036140371403814039140401404114042140431404414045140461404714048140491405014051140521405314054140551405614057140581405914060140611406214063140641406514066140671406814069140701407114072140731407414075140761407714078140791408014081140821408314084140851408614087140881408914090140911409214093140941409514096140971409814099141001410114102141031410414105141061410714108141091411014111141121411314114141151411614117141181411914120141211412214123141241412514126141271412814129141301413114132141331413414135141361413714138141391414014141141421414314144141451414614147141481414914150141511415214153141541415514156141571415814159141601416114162141631416414165141661416714168141691417014171141721417314174141751417614177141781417914180141811418214183141841418514186141871418814189141901419114192141931419414195141961419714198141991420014201142021420314204142051420614207142081420914210142111421214213142141421514216142171421814219142201422114222142231422414225142261422714228142291423014231142321423314234142351423614237142381423914240142411424214243142441424514246142471424814249142501425114252142531425414255142561425714258142591426014261142621426314264142651426614267142681426914270142711427214273142741427514276142771427814279142801428114282142831428414285142861428714288142891429014291142921429314294142951429614297142981429914300143011430214303143041430514306143071430814309143101431114312143131431414315143161431714318143191432014321143221432314324143251432614327143281432914330143311433214333143341433514336143371433814339143401434114342143431434414345143461434714348143491435014351143521435314354143551435614357143581435914360143611436214363143641436514366143671436814369143701437114372143731437414375143761437714378143791438014381143821438314384143851438614387143881438914390143911439214393143941439514396143971439814399144001440114402144031440414405144061440714408144091441014411144121441314414144151441614417144181441914420144211442214423144241442514426144271442814429144301443114432144331443414435144361443714438144391444014441144421444314444144451444614447144481444914450144511445214453144541445514456144571445814459144601446114462144631446414465144661446714468144691447014471144721447314474144751447614477144781447914480144811448214483144841448514486144871448814489144901449114492144931449414495144961449714498144991450014501145021450314504145051450614507145081450914510145111451214513145141451514516145171451814519145201452114522145231452414525145261452714528145291453014531145321453314534145351453614537145381453914540145411454214543145441454514546145471454814549145501455114552145531455414555145561455714558145591456014561145621456314564145651456614567145681456914570145711457214573145741457514576145771457814579145801458114582145831458414585145861458714588145891459014591145921459314594145951459614597145981459914600146011460214603146041460514606146071460814609146101461114612146131461414615146161461714618146191462014621146221462314624146251462614627146281462914630146311463214633146341463514636146371463814639146401464114642146431464414645146461464714648146491465014651146521465314654146551465614657146581465914660146611466214663146641466514666146671466814669146701467114672146731467414675146761467714678146791468014681146821468314684146851468614687146881468914690146911469214693146941469514696146971469814699147001470114702147031470414705147061470714708147091471014711147121471314714147151471614717147181471914720147211472214723147241472514726147271472814729147301473114732147331473414735147361473714738147391474014741147421474314744147451474614747147481474914750147511475214753147541475514756147571475814759147601476114762147631476414765147661476714768147691477014771147721477314774147751477614777147781477914780147811478214783147841478514786147871478814789147901479114792147931479414795147961479714798147991480014801148021480314804148051480614807148081480914810148111481214813148141481514816148171481814819148201482114822148231482414825148261482714828148291483014831148321483314834148351483614837148381483914840148411484214843148441484514846148471484814849148501485114852148531485414855148561485714858148591486014861148621486314864148651486614867148681486914870148711487214873148741487514876148771487814879148801488114882148831488414885148861488714888148891489014891148921489314894148951489614897148981489914900149011490214903149041490514906149071490814909149101491114912149131491414915149161491714918149191492014921149221492314924149251492614927149281492914930149311493214933149341493514936149371493814939149401494114942149431494414945149461494714948149491495014951149521495314954149551495614957149581495914960149611496214963149641496514966149671496814969149701497114972149731497414975149761497714978149791498014981149821498314984149851498614987149881498914990149911499214993149941499514996149971499814999150001500115002150031500415005150061500715008150091501015011150121501315014150151501615017150181501915020150211502215023150241502515026150271502815029150301503115032150331503415035150361503715038150391504015041150421504315044150451504615047150481504915050150511505215053150541505515056150571505815059150601506115062150631506415065150661506715068150691507015071150721507315074150751507615077150781507915080150811508215083150841508515086150871508815089150901509115092150931509415095150961509715098150991510015101151021510315104151051510615107151081510915110151111511215113151141511515116151171511815119151201512115122151231512415125151261512715128151291513015131151321513315134151351513615137151381513915140151411514215143151441514515146151471514815149151501515115152151531515415155151561515715158151591516015161151621516315164151651516615167151681516915170151711517215173151741517515176151771517815179151801518115182151831518415185151861518715188151891519015191151921519315194151951519615197151981519915200152011520215203152041520515206152071520815209152101521115212152131521415215152161521715218152191522015221152221522315224152251522615227152281522915230152311523215233152341523515236152371523815239152401524115242152431524415245152461524715248152491525015251152521525315254152551525615257152581525915260152611526215263152641526515266152671526815269152701527115272152731527415275152761527715278152791528015281152821528315284152851528615287152881528915290152911529215293152941529515296152971529815299153001530115302153031530415305153061530715308153091531015311153121531315314153151531615317153181531915320153211532215323153241532515326153271532815329153301533115332153331533415335153361533715338153391534015341153421534315344153451534615347153481534915350153511535215353153541535515356153571535815359153601536115362153631536415365153661536715368153691537015371153721537315374153751537615377153781537915380153811538215383153841538515386153871538815389153901539115392153931539415395153961539715398153991540015401154021540315404154051540615407154081540915410154111541215413154141541515416154171541815419154201542115422154231542415425154261542715428154291543015431154321543315434154351543615437154381543915440154411544215443154441544515446154471544815449154501545115452154531545415455154561545715458154591546015461154621546315464154651546615467154681546915470154711547215473154741547515476154771547815479154801548115482154831548415485154861548715488154891549015491154921549315494154951549615497154981549915500155011550215503155041550515506155071550815509155101551115512155131551415515155161551715518155191552015521155221552315524155251552615527155281552915530155311553215533155341553515536155371553815539155401554115542155431554415545155461554715548155491555015551155521555315554155551555615557155581555915560155611556215563155641556515566155671556815569155701557115572155731557415575155761557715578155791558015581155821558315584155851558615587155881558915590155911559215593155941559515596155971559815599156001560115602156031560415605156061560715608156091561015611156121561315614156151561615617156181561915620156211562215623156241562515626156271562815629156301563115632156331563415635156361563715638156391564015641156421564315644156451564615647156481564915650156511565215653156541565515656156571565815659156601566115662156631566415665156661566715668156691567015671156721567315674156751567615677156781567915680156811568215683156841568515686156871568815689156901569115692156931569415695156961569715698156991570015701157021570315704157051570615707157081570915710157111571215713157141571515716157171571815719157201572115722157231572415725157261572715728157291573015731157321573315734157351573615737157381573915740157411574215743157441574515746157471574815749157501575115752157531575415755157561575715758157591576015761157621576315764157651576615767157681576915770157711577215773157741577515776157771577815779157801578115782157831578415785157861578715788157891579015791157921579315794157951579615797157981579915800158011580215803158041580515806158071580815809158101581115812158131581415815158161581715818158191582015821158221582315824158251582615827158281582915830158311583215833158341583515836158371583815839158401584115842158431584415845158461584715848158491585015851158521585315854158551585615857158581585915860158611586215863158641586515866158671586815869158701587115872158731587415875158761587715878158791588015881158821588315884158851588615887158881588915890158911589215893158941589515896158971589815899159001590115902159031590415905159061590715908159091591015911159121591315914159151591615917159181591915920159211592215923159241592515926159271592815929159301593115932159331593415935159361593715938159391594015941159421594315944159451594615947159481594915950159511595215953159541595515956159571595815959159601596115962159631596415965159661596715968159691597015971159721597315974159751597615977159781597915980159811598215983159841598515986159871598815989159901599115992159931599415995159961599715998159991600016001160021600316004160051600616007160081600916010160111601216013160141601516016160171601816019160201602116022160231602416025160261602716028160291603016031160321603316034160351603616037160381603916040160411604216043160441604516046160471604816049160501605116052160531605416055160561605716058160591606016061160621606316064160651606616067160681606916070160711607216073160741607516076160771607816079160801608116082160831608416085160861608716088160891609016091160921609316094160951609616097160981609916100161011610216103161041610516106161071610816109161101611116112161131611416115161161611716118161191612016121161221612316124161251612616127161281612916130161311613216133161341613516136161371613816139161401614116142161431614416145161461614716148161491615016151161521615316154161551615616157161581615916160161611616216163161641616516166161671616816169161701617116172161731617416175161761617716178161791618016181161821618316184161851618616187161881618916190161911619216193161941619516196161971619816199162001620116202162031620416205162061620716208162091621016211162121621316214162151621616217162181621916220162211622216223162241622516226162271622816229162301623116232162331623416235162361623716238162391624016241162421624316244162451624616247162481624916250162511625216253162541625516256162571625816259162601626116262162631626416265162661626716268162691627016271162721627316274162751627616277162781627916280162811628216283162841628516286162871628816289162901629116292162931629416295162961629716298162991630016301163021630316304163051630616307163081630916310163111631216313163141631516316163171631816319163201632116322163231632416325163261632716328163291633016331163321633316334163351633616337163381633916340163411634216343163441634516346163471634816349163501635116352163531635416355163561635716358163591636016361163621636316364163651636616367163681636916370163711637216373163741637516376163771637816379163801638116382163831638416385163861638716388163891639016391163921639316394163951639616397163981639916400164011640216403164041640516406164071640816409164101641116412164131641416415164161641716418164191642016421164221642316424164251642616427164281642916430164311643216433164341643516436164371643816439164401644116442164431644416445164461644716448164491645016451164521645316454164551645616457164581645916460164611646216463164641646516466164671646816469164701647116472164731647416475164761647716478164791648016481164821648316484164851648616487164881648916490164911649216493164941649516496164971649816499165001650116502165031650416505165061650716508165091651016511165121651316514165151651616517165181651916520165211652216523165241652516526165271652816529165301653116532165331653416535165361653716538165391654016541165421654316544165451654616547165481654916550165511655216553165541655516556165571655816559165601656116562165631656416565165661656716568165691657016571165721657316574165751657616577165781657916580165811658216583165841658516586165871658816589165901659116592165931659416595165961659716598165991660016601166021660316604166051660616607166081660916610166111661216613166141661516616166171661816619166201662116622166231662416625166261662716628166291663016631166321663316634166351663616637166381663916640166411664216643166441664516646166471664816649166501665116652166531665416655166561665716658166591666016661166621666316664166651666616667166681666916670166711667216673166741667516676166771667816679166801668116682166831668416685166861668716688166891669016691166921669316694166951669616697166981669916700167011670216703167041670516706167071670816709167101671116712167131671416715167161671716718167191672016721167221672316724167251672616727167281672916730167311673216733167341673516736167371673816739167401674116742167431674416745167461674716748167491675016751167521675316754167551675616757167581675916760167611676216763167641676516766167671676816769167701677116772167731677416775167761677716778167791678016781167821678316784167851678616787167881678916790167911679216793167941679516796167971679816799168001680116802168031680416805168061680716808168091681016811168121681316814168151681616817168181681916820168211682216823168241682516826168271682816829168301683116832168331683416835168361683716838168391684016841168421684316844168451684616847168481684916850168511685216853168541685516856168571685816859168601686116862168631686416865168661686716868168691687016871168721687316874168751687616877168781687916880168811688216883168841688516886168871688816889168901689116892168931689416895168961689716898168991690016901169021690316904169051690616907169081690916910169111691216913169141691516916169171691816919169201692116922169231692416925169261692716928169291693016931169321693316934169351693616937169381693916940169411694216943169441694516946169471694816949169501695116952169531695416955169561695716958169591696016961169621696316964169651696616967169681696916970169711697216973169741697516976169771697816979169801698116982169831698416985169861698716988169891699016991169921699316994169951699616997169981699917000170011700217003170041700517006170071700817009170101701117012170131701417015170161701717018170191702017021170221702317024170251702617027170281702917030170311703217033170341703517036170371703817039170401704117042170431704417045170461704717048170491705017051170521705317054170551705617057170581705917060170611706217063170641706517066170671706817069170701707117072170731707417075170761707717078170791708017081170821708317084170851708617087170881708917090170911709217093170941709517096170971709817099171001710117102171031710417105171061710717108171091711017111171121711317114171151711617117171181711917120171211712217123171241712517126171271712817129171301713117132171331713417135171361713717138171391714017141171421714317144171451714617147171481714917150171511715217153171541715517156171571715817159171601716117162171631716417165171661716717168171691717017171171721717317174171751717617177171781717917180171811718217183171841718517186171871718817189171901719117192171931719417195171961719717198171991720017201172021720317204172051720617207172081720917210172111721217213172141721517216172171721817219172201722117222172231722417225172261722717228172291723017231172321723317234172351723617237172381723917240172411724217243172441724517246172471724817249172501725117252172531725417255172561725717258172591726017261172621726317264172651726617267172681726917270172711727217273172741727517276172771727817279172801728117282172831728417285172861728717288172891729017291172921729317294172951729617297172981729917300173011730217303173041730517306173071730817309173101731117312173131731417315173161731717318173191732017321173221732317324173251732617327173281732917330173311733217333173341733517336173371733817339173401734117342173431734417345173461734717348173491735017351173521735317354173551735617357173581735917360173611736217363173641736517366173671736817369173701737117372173731737417375173761737717378173791738017381173821738317384173851738617387173881738917390173911739217393173941739517396173971739817399174001740117402174031740417405174061740717408174091741017411174121741317414174151741617417174181741917420174211742217423174241742517426174271742817429174301743117432174331743417435174361743717438174391744017441174421744317444174451744617447174481744917450174511745217453174541745517456174571745817459174601746117462174631746417465174661746717468174691747017471174721747317474174751747617477174781747917480174811748217483174841748517486174871748817489174901749117492174931749417495174961749717498174991750017501175021750317504175051750617507175081750917510175111751217513175141751517516175171751817519175201752117522175231752417525175261752717528175291753017531175321753317534175351753617537175381753917540175411754217543175441754517546175471754817549175501755117552175531755417555175561755717558175591756017561175621756317564175651756617567175681756917570175711757217573175741757517576175771757817579175801758117582175831758417585175861758717588175891759017591175921759317594175951759617597175981759917600176011760217603176041760517606176071760817609176101761117612176131761417615176161761717618176191762017621176221762317624176251762617627176281762917630176311763217633176341763517636176371763817639176401764117642176431764417645176461764717648176491765017651176521765317654176551765617657176581765917660176611766217663176641766517666176671766817669176701767117672176731767417675176761767717678176791768017681176821768317684176851768617687176881768917690176911769217693176941769517696176971769817699177001770117702177031770417705177061770717708177091771017711177121771317714177151771617717177181771917720177211772217723177241772517726177271772817729177301773117732177331773417735177361773717738177391774017741177421774317744177451774617747177481774917750177511775217753177541775517756177571775817759177601776117762177631776417765177661776717768177691777017771177721777317774177751777617777177781777917780177811778217783177841778517786177871778817789177901779117792177931779417795177961779717798177991780017801178021780317804178051780617807178081780917810178111781217813178141781517816178171781817819178201782117822178231782417825178261782717828178291783017831178321783317834178351783617837178381783917840178411784217843178441784517846178471784817849178501785117852178531785417855178561785717858178591786017861178621786317864178651786617867178681786917870178711787217873178741787517876178771787817879178801788117882178831788417885178861788717888178891789017891178921789317894178951789617897178981789917900179011790217903179041790517906179071790817909179101791117912179131791417915179161791717918179191792017921179221792317924179251792617927179281792917930179311793217933179341793517936179371793817939179401794117942179431794417945179461794717948179491795017951179521795317954179551795617957179581795917960179611796217963179641796517966179671796817969179701797117972179731797417975179761797717978179791798017981179821798317984179851798617987179881798917990179911799217993179941799517996179971799817999180001800118002180031800418005180061800718008180091801018011180121801318014180151801618017180181801918020180211802218023180241802518026180271802818029180301803118032180331803418035180361803718038180391804018041180421804318044180451804618047180481804918050180511805218053180541805518056180571805818059180601806118062180631806418065180661806718068180691807018071180721807318074180751807618077180781807918080180811808218083180841808518086180871808818089180901809118092180931809418095180961809718098180991810018101181021810318104181051810618107181081810918110181111811218113181141811518116181171811818119181201812118122181231812418125181261812718128181291813018131181321813318134181351813618137181381813918140181411814218143181441814518146181471814818149181501815118152181531815418155181561815718158181591816018161181621816318164181651816618167181681816918170181711817218173181741817518176181771817818179181801818118182181831818418185181861818718188181891819018191181921819318194181951819618197181981819918200182011820218203182041820518206182071820818209182101821118212182131821418215182161821718218182191822018221182221822318224182251822618227182281822918230182311823218233182341823518236182371823818239182401824118242182431824418245182461824718248182491825018251182521825318254182551825618257182581825918260182611826218263182641826518266182671826818269182701827118272182731827418275182761827718278182791828018281182821828318284182851828618287182881828918290182911829218293182941829518296182971829818299183001830118302183031830418305183061830718308183091831018311183121831318314183151831618317183181831918320183211832218323183241832518326183271832818329183301833118332183331833418335183361833718338183391834018341183421834318344183451834618347183481834918350183511835218353183541835518356183571835818359183601836118362183631836418365183661836718368183691837018371183721837318374183751837618377183781837918380183811838218383183841838518386183871838818389183901839118392183931839418395183961839718398183991840018401184021840318404184051840618407184081840918410184111841218413184141841518416184171841818419184201842118422184231842418425184261842718428184291843018431184321843318434184351843618437184381843918440184411844218443184441844518446184471844818449184501845118452184531845418455184561845718458184591846018461184621846318464184651846618467184681846918470184711847218473184741847518476184771847818479184801848118482184831848418485184861848718488184891849018491184921849318494184951849618497184981849918500185011850218503185041850518506185071850818509185101851118512185131851418515185161851718518185191852018521185221852318524185251852618527185281852918530185311853218533185341853518536185371853818539185401854118542185431854418545185461854718548185491855018551185521855318554185551855618557185581855918560185611856218563185641856518566185671856818569185701857118572185731857418575185761857718578185791858018581185821858318584185851858618587185881858918590185911859218593185941859518596185971859818599186001860118602186031860418605186061860718608186091861018611186121861318614186151861618617186181861918620186211862218623186241862518626186271862818629186301863118632186331863418635186361863718638186391864018641186421864318644186451864618647186481864918650186511865218653186541865518656186571865818659186601866118662186631866418665186661866718668186691867018671186721867318674186751867618677186781867918680186811868218683186841868518686186871868818689186901869118692186931869418695186961869718698186991870018701187021870318704187051870618707187081870918710187111871218713187141871518716187171871818719187201872118722187231872418725187261872718728187291873018731187321873318734187351873618737187381873918740187411874218743187441874518746187471874818749187501875118752187531875418755187561875718758187591876018761187621876318764187651876618767187681876918770187711877218773187741877518776187771877818779187801878118782187831878418785187861878718788187891879018791187921879318794187951879618797187981879918800188011880218803188041880518806188071880818809188101881118812188131881418815188161881718818188191882018821188221882318824188251882618827188281882918830188311883218833188341883518836188371883818839188401884118842188431884418845188461884718848188491885018851188521885318854188551885618857188581885918860188611886218863188641886518866188671886818869188701887118872188731887418875188761887718878188791888018881188821888318884188851888618887188881888918890188911889218893188941889518896188971889818899189001890118902189031890418905189061890718908189091891018911189121891318914189151891618917189181891918920189211892218923189241892518926189271892818929189301893118932189331893418935189361893718938189391894018941189421894318944189451894618947189481894918950189511895218953189541895518956189571895818959189601896118962189631896418965189661896718968189691897018971189721897318974189751897618977189781897918980189811898218983189841898518986189871898818989189901899118992189931899418995189961899718998189991900019001190021900319004190051900619007190081900919010190111901219013190141901519016190171901819019190201902119022190231902419025190261902719028190291903019031190321903319034190351903619037190381903919040190411904219043190441904519046190471904819049190501905119052190531905419055190561905719058190591906019061190621906319064190651906619067190681906919070190711907219073190741907519076190771907819079190801908119082190831908419085190861908719088190891909019091190921909319094190951909619097190981909919100191011910219103191041910519106191071910819109191101911119112191131911419115191161911719118191191912019121191221912319124191251912619127191281912919130191311913219133191341913519136191371913819139191401914119142191431914419145191461914719148191491915019151191521915319154191551915619157191581915919160191611916219163191641916519166191671916819169191701917119172191731917419175191761917719178191791918019181191821918319184191851918619187191881918919190191911919219193191941919519196191971919819199192001920119202192031920419205192061920719208192091921019211192121921319214192151921619217192181921919220192211922219223192241922519226192271922819229192301923119232192331923419235192361923719238192391924019241192421924319244192451924619247192481924919250192511925219253192541925519256192571925819259192601926119262192631926419265192661926719268192691927019271192721927319274192751927619277192781927919280192811928219283192841928519286192871928819289192901929119292192931929419295192961929719298192991930019301193021930319304193051930619307193081930919310193111931219313193141931519316193171931819319193201932119322193231932419325193261932719328193291933019331193321933319334193351933619337193381933919340193411934219343193441934519346193471934819349193501935119352193531935419355193561935719358193591936019361193621936319364193651936619367193681936919370193711937219373193741937519376193771937819379193801938119382193831938419385193861938719388193891939019391193921939319394193951939619397193981939919400194011940219403194041940519406194071940819409194101941119412194131941419415194161941719418194191942019421194221942319424194251942619427194281942919430194311943219433194341943519436194371943819439194401944119442194431944419445194461944719448194491945019451194521945319454194551945619457194581945919460194611946219463194641946519466194671946819469194701947119472194731947419475194761947719478194791948019481194821948319484194851948619487194881948919490194911949219493194941949519496194971949819499195001950119502195031950419505195061950719508195091951019511195121951319514195151951619517195181951919520195211952219523195241952519526195271952819529195301953119532195331953419535195361953719538195391954019541195421954319544195451954619547195481954919550195511955219553195541955519556195571955819559195601956119562195631956419565195661956719568195691957019571195721957319574195751957619577195781957919580195811958219583195841958519586195871958819589195901959119592195931959419595195961959719598195991960019601196021960319604196051960619607196081960919610196111961219613196141961519616196171961819619196201962119622196231962419625196261962719628196291963019631196321963319634196351963619637196381963919640196411964219643196441964519646196471964819649196501965119652196531965419655196561965719658196591966019661196621966319664196651966619667196681966919670196711967219673196741967519676196771967819679196801968119682196831968419685196861968719688196891969019691196921969319694196951969619697196981969919700197011970219703197041970519706197071970819709197101971119712197131971419715197161971719718197191972019721197221972319724197251972619727197281972919730197311973219733197341973519736197371973819739197401974119742197431974419745197461974719748197491975019751197521975319754197551975619757197581975919760197611976219763197641976519766197671976819769197701977119772197731977419775197761977719778197791978019781197821978319784197851978619787197881978919790197911979219793197941979519796197971979819799198001980119802198031980419805198061980719808198091981019811198121981319814198151981619817198181981919820198211982219823198241982519826198271982819829198301983119832198331983419835198361983719838198391984019841198421984319844198451984619847198481984919850198511985219853198541985519856198571985819859198601986119862198631986419865198661986719868198691987019871198721987319874198751987619877198781987919880198811988219883198841988519886198871988819889198901989119892198931989419895198961989719898198991990019901199021990319904199051990619907199081990919910199111991219913199141991519916199171991819919199201992119922199231992419925199261992719928199291993019931199321993319934199351993619937199381993919940199411994219943199441994519946199471994819949199501995119952199531995419955199561995719958199591996019961199621996319964199651996619967199681996919970199711997219973199741997519976199771997819979199801998119982199831998419985199861998719988199891999019991199921999319994199951999619997199981999920000200012000220003200042000520006200072000820009200102001120012200132001420015200162001720018200192002020021200222002320024200252002620027200282002920030200312003220033200342003520036200372003820039200402004120042200432004420045200462004720048200492005020051200522005320054200552005620057200582005920060200612006220063200642006520066200672006820069200702007120072200732007420075200762007720078200792008020081200822008320084200852008620087200882008920090200912009220093200942009520096200972009820099201002010120102201032010420105201062010720108201092011020111201122011320114201152011620117201182011920120201212012220123201242012520126201272012820129201302013120132201332013420135201362013720138201392014020141201422014320144201452014620147201482014920150201512015220153201542015520156201572015820159201602016120162201632016420165201662016720168201692017020171201722017320174201752017620177201782017920180201812018220183201842018520186201872018820189201902019120192201932019420195201962019720198201992020020201202022020320204202052020620207202082020920210202112021220213202142021520216202172021820219202202022120222202232022420225202262022720228202292023020231202322023320234202352023620237202382023920240202412024220243202442024520246202472024820249202502025120252202532025420255202562025720258202592026020261202622026320264202652026620267202682026920270202712027220273202742027520276202772027820279202802028120282202832028420285202862028720288202892029020291202922029320294202952029620297202982029920300203012030220303203042030520306203072030820309203102031120312203132031420315203162031720318203192032020321203222032320324203252032620327203282032920330203312033220333203342033520336203372033820339203402034120342203432034420345203462034720348203492035020351203522035320354203552035620357203582035920360203612036220363203642036520366203672036820369203702037120372203732037420375203762037720378203792038020381203822038320384203852038620387203882038920390203912039220393203942039520396203972039820399204002040120402204032040420405204062040720408204092041020411204122041320414204152041620417204182041920420204212042220423204242042520426204272042820429204302043120432204332043420435204362043720438204392044020441204422044320444204452044620447204482044920450204512045220453204542045520456204572045820459204602046120462204632046420465204662046720468204692047020471204722047320474204752047620477204782047920480204812048220483204842048520486204872048820489204902049120492204932049420495204962049720498204992050020501205022050320504205052050620507205082050920510205112051220513205142051520516205172051820519205202052120522205232052420525205262052720528205292053020531205322053320534205352053620537205382053920540205412054220543205442054520546205472054820549205502055120552205532055420555205562055720558205592056020561205622056320564205652056620567205682056920570205712057220573205742057520576205772057820579205802058120582205832058420585205862058720588205892059020591205922059320594205952059620597205982059920600206012060220603206042060520606206072060820609206102061120612206132061420615206162061720618206192062020621206222062320624206252062620627206282062920630206312063220633206342063520636206372063820639206402064120642206432064420645206462064720648206492065020651206522065320654206552065620657206582065920660206612066220663206642066520666206672066820669206702067120672206732067420675206762067720678206792068020681206822068320684206852068620687206882068920690206912069220693206942069520696206972069820699207002070120702207032070420705207062070720708207092071020711207122071320714207152071620717207182071920720207212072220723207242072520726207272072820729207302073120732207332073420735207362073720738207392074020741207422074320744207452074620747207482074920750207512075220753207542075520756207572075820759207602076120762207632076420765207662076720768207692077020771207722077320774207752077620777207782077920780207812078220783207842078520786207872078820789207902079120792207932079420795207962079720798207992080020801208022080320804208052080620807208082080920810208112081220813208142081520816208172081820819208202082120822208232082420825208262082720828208292083020831208322083320834208352083620837208382083920840208412084220843208442084520846208472084820849208502085120852208532085420855208562085720858208592086020861208622086320864208652086620867208682086920870208712087220873208742087520876208772087820879208802088120882208832088420885208862088720888208892089020891208922089320894208952089620897208982089920900209012090220903209042090520906209072090820909209102091120912209132091420915209162091720918209192092020921209222092320924209252092620927209282092920930209312093220933209342093520936209372093820939209402094120942209432094420945209462094720948209492095020951209522095320954209552095620957209582095920960209612096220963209642096520966209672096820969209702097120972209732097420975209762097720978209792098020981209822098320984209852098620987209882098920990209912099220993209942099520996209972099820999210002100121002210032100421005210062100721008210092101021011210122101321014210152101621017210182101921020210212102221023210242102521026210272102821029210302103121032210332103421035210362103721038210392104021041210422104321044210452104621047210482104921050210512105221053210542105521056210572105821059210602106121062210632106421065210662106721068210692107021071210722107321074210752107621077210782107921080210812108221083210842108521086210872108821089210902109121092210932109421095210962109721098210992110021101211022110321104211052110621107211082110921110211112111221113211142111521116211172111821119211202112121122211232112421125211262112721128211292113021131211322113321134211352113621137211382113921140211412114221143211442114521146211472114821149211502115121152211532115421155211562115721158211592116021161211622116321164211652116621167211682116921170211712117221173211742117521176211772117821179211802118121182211832118421185211862118721188211892119021191211922119321194211952119621197211982119921200212012120221203212042120521206212072120821209212102121121212212132121421215212162121721218212192122021221212222122321224212252122621227212282122921230212312123221233212342123521236212372123821239212402124121242212432124421245212462124721248212492125021251212522125321254212552125621257212582125921260212612126221263212642126521266212672126821269212702127121272212732127421275212762127721278212792128021281212822128321284212852128621287212882128921290212912129221293212942129521296212972129821299213002130121302213032130421305213062130721308213092131021311213122131321314213152131621317213182131921320213212132221323213242132521326213272132821329213302133121332213332133421335213362133721338213392134021341213422134321344213452134621347213482134921350213512135221353213542135521356213572135821359213602136121362213632136421365213662136721368213692137021371213722137321374213752137621377213782137921380213812138221383213842138521386213872138821389213902139121392213932139421395213962139721398213992140021401214022140321404214052140621407214082140921410214112141221413214142141521416214172141821419214202142121422214232142421425214262142721428214292143021431214322143321434214352143621437214382143921440214412144221443214442144521446214472144821449214502145121452214532145421455214562145721458214592146021461214622146321464214652146621467214682146921470214712147221473214742147521476214772147821479214802148121482214832148421485214862148721488214892149021491214922149321494214952149621497214982149921500215012150221503 |
- This document summarizes new features and bugfixes in each stable
- release of Tor. If you want to see more detailed descriptions of the
- changes in each development snapshot, see the ChangeLog file.
- Changes in version 0.3.3.11 - 2019-01-07
- Tor 0.3.3.11 backports numerous fixes from later versions of Tor.
- numerous fixes, including an important fix for anyone using OpenSSL
- 1.1.1. Anyone running an earlier version of Tor 0.3.3 should upgrade
- to this version, or to a later series.
- As a reminder, support the Tor 0.3.3 series will end on 22 Feb 2019.
- We anticipate that this will be the last release of Tor 0.3.3, unless
- some major bug is before then. Some time between now and then, users
- should switch to either the Tor 0.3.4 series (supported until at least
- 10 June 2019), or the Tor 0.3.5 series, which will receive long-term
- support until at least 1 Feb 2022.
- o Major bugfixes (OpenSSL, portability, backport from 0.3.5.5-alpha):
- - Fix our usage of named groups when running as a TLS 1.3 client in
- OpenSSL 1.1.1. Previously, we only initialized EC groups when
- running as a relay, which caused clients to fail to negotiate TLS
- 1.3 with relays. Fixes bug 28245; bugfix on 0.2.9.15 (when TLS 1.3
- support was added).
- o Major bugfixes (restart-in-process, backport from 0.3.5.1-alpha):
- - Fix a use-after-free error that could be caused by passing Tor an
- impossible set of options that would fail during options_act().
- Fixes bug 27708; bugfix on 0.3.3.1-alpha.
- o Minor features (continuous integration, backport from 0.3.5.1-alpha):
- - Only run one online rust build in Travis, to reduce network
- errors. Skip offline rust builds on Travis for Linux gcc, because
- they're redundant. Implements ticket 27252.
- - Skip gcc on OSX in Travis CI, because it's rarely used. Skip a
- duplicate hardening-off build in Travis on Tor 0.2.9. Skip gcc on
- Linux with default settings, because all the non-default builds
- use gcc on Linux. Implements ticket 27252.
- o Minor features (continuous integration, backport from 0.3.5.3-alpha):
- - Use the Travis Homebrew addon to install packages on macOS during
- Travis CI. The package list is the same, but the Homebrew addon
- does not do a `brew update` by default. Implements ticket 27738.
- o Minor features (fallback directory list, backport from 0.3.5.6-rc):
- - Replace the 150 fallbacks originally introduced in Tor
- 0.3.3.1-alpha in January 2018 (of which ~115 were still
- functional), with a list of 157 fallbacks (92 new, 65 existing, 85
- removed) generated in December 2018. Closes ticket 24803.
- o Minor features (geoip):
- - Update geoip and geoip6 to the January 3 2019 Maxmind GeoLite2
- Country database. Closes ticket 29012.
- o Minor features (OpenSSL bug workaround, backport from 0.3.5.7):
- - Work around a bug in OpenSSL 1.1.1a, which prevented the TLS 1.3
- key export function from handling long labels. When this bug is
- detected, Tor will disable TLS 1.3. We recommend upgrading to a
- version of OpenSSL without this bug when it becomes available.
- Closes ticket 28973.
- o Minor bugfixes (relay statistics, backport from 0.3.5.7):
- - Update relay descriptor on bandwidth changes only when the uptime
- is smaller than 24h, in order to reduce the efficiency of guard
- discovery attacks. Fixes bug 24104; bugfix on 0.1.1.6-alpha.
- o Minor bugfixes (C correctness, backport from 0.3.5.4-alpha):
- - Avoid undefined behavior in an end-of-string check when parsing
- the BEGIN line in a directory object. Fixes bug 28202; bugfix
- on 0.2.0.3-alpha.
- o Minor bugfixes (code safety, backport from 0.3.5.3-alpha):
- - Rewrite our assertion macros so that they no longer suppress the
- compiler's -Wparentheses warnings. Fixes bug 27709; bugfix
- o Minor bugfixes (compilation, backport from 0.3.5.5-alpha):
- - Initialize a variable unconditionally in aes_new_cipher(), since
- some compilers cannot tell that we always initialize it before
- use. Fixes bug 28413; bugfix on 0.2.9.3-alpha.
- o Minor bugfixes (directory authority, backport from 0.3.5.4-alpha):
- - Log additional info when we get a relay that shares an ed25519 ID
- with a different relay, instead making a BUG() warning. Fixes bug
- 27800; bugfix on 0.3.2.1-alpha.
- o Minor bugfixes (directory permissions, backport form 0.3.5.3-alpha):
- - When a user requests a group-readable DataDirectory, give it to
- them. Previously, when the DataDirectory and the CacheDirectory
- were the same, the default setting (0) for
- CacheDirectoryGroupReadable would override the setting for
- DataDirectoryGroupReadable. Fixes bug 26913; bugfix
- on 0.3.3.1-alpha.
- o Minor bugfixes (onion service v3, backport from 0.3.5.1-alpha):
- - When the onion service directory can't be created or has the wrong
- permissions, do not log a stack trace. Fixes bug 27335; bugfix
- on 0.3.2.1-alpha.
- o Minor bugfixes (onion service v3, backport from 0.3.5.2-alpha):
- - Close all SOCKS request (for the same .onion) if the newly fetched
- descriptor is unusable. Before that, we would close only the first
- one leaving the other hanging and let to time out by themselves.
- Fixes bug 27410; bugfix on 0.3.2.1-alpha.
- o Minor bugfixes (onion service v3, backport from 0.3.5.3-alpha):
- - Don't warn so loudly when Tor is unable to decode an onion
- descriptor. This can now happen as a normal use case if a client
- gets a descriptor with client authorization but the client is not
- authorized. Fixes bug 27550; bugfix on 0.3.5.1-alpha.
- o Minor bugfixes (onion service v3, backport from 0.3.5.6-rc):
- - When deleting an ephemeral onion service (DEL_ONION), do not close
- any rendezvous circuits in order to let the existing client
- connections finish by themselves or closed by the application. The
- HS v2 is doing that already so now we have the same behavior for
- all versions. Fixes bug 28619; bugfix on 0.3.3.1-alpha.
- o Minor bugfixes (HTTP tunnel):
- - Fix a bug warning when closing an HTTP tunnel connection due to
- an HTTP request we couldn't handle. Fixes bug 26470; bugfix on
- 0.3.2.1-alpha.
- o Minor bugfixes (memory leaks, backport from 0.3.5.5-alpha):
- - Fix a harmless memory leak in libtorrunner.a. Fixes bug 28419;
- bugfix on 0.3.3.1-alpha. Patch from Martin Kepplinger.
- o Minor bugfixes (netflow padding, backport from 0.3.5.1-alpha):
- - Ensure circuitmux queues are empty before scheduling or sending
- padding. Fixes bug 25505; bugfix on 0.3.1.1-alpha.
- o Minor bugfixes (protover, backport from 0.3.5.3-alpha):
- - Reject protocol names containing bytes other than alphanumeric
- characters and hyphens ([A-Za-z0-9-]). Fixes bug 27316; bugfix
- on 0.2.9.4-alpha.
- o Minor bugfixes (rust, backport from 0.3.5.1-alpha):
- - Compute protover votes correctly in the rust version of the
- protover code. Previously, the protover rewrite in 24031 allowed
- repeated votes from the same voter for the same protocol version
- to be counted multiple times in protover_compute_vote(). Fixes bug
- 27649; bugfix on 0.3.3.5-rc.
- - Reject protover names that contain invalid characters. Fixes bug
- 27687; bugfix on 0.3.3.1-alpha.
- o Minor bugfixes (rust, backport from 0.3.5.2-alpha):
- - protover_all_supported() would attempt to allocate up to 16GB on
- some inputs, leading to a potential memory DoS. Fixes bug 27206;
- bugfix on 0.3.3.5-rc.
- o Minor bugfixes (rust, backport from 0.3.5.4-alpha):
- - Fix a potential null dereference in protover_all_supported(). Add
- a test for it. Fixes bug 27804; bugfix on 0.3.3.1-alpha.
- - Return a string that can be safely freed by C code, not one
- created by the rust allocator, in protover_all_supported(). Fixes
- bug 27740; bugfix on 0.3.3.1-alpha.
- - Fix an API mismatch in the rust implementation of
- protover_compute_vote(). This bug could have caused crashes on any
- directory authorities running Tor with Rust (which we do not yet
- recommend). Fixes bug 27741; bugfix on 0.3.3.6.
- o Minor bugfixes (testing, backport from 0.3.5.1-alpha):
- - If a unit test running in a subprocess exits abnormally or with a
- nonzero status code, treat the test as having failed, even if the
- test reported success. Without this fix, memory leaks don't cause
- the tests to fail, even with LeakSanitizer. Fixes bug 27658;
- bugfix on 0.2.2.4-alpha.
- o Minor bugfixes (testing, backport from 0.3.5.4-alpha):
- - Treat backtrace test failures as expected on BSD-derived systems
- (NetBSD, OpenBSD, and macOS/Darwin) until we solve bug 17808.
- (FreeBSD failures have been treated as expected since 18204 in
- 0.2.8.) Fixes bug 27948; bugfix on 0.2.5.2-alpha.
- o Minor bugfixes (unit tests, guard selection, backport from 0.3.5.6-rc):
- - Stop leaking memory in an entry guard unit test. Fixes bug 28554;
- bugfix on 0.3.0.1-alpha.
- Changes in version 0.3.4.10 - 2019-01-07
- Tor 0.3.4.9 is the second stable release in its series; it backports
- numerous fixes, including an important fix for relays, and for anyone
- using OpenSSL 1.1.1. Anyone running an earlier version of Tor 0.3.4
- should upgrade.
- As a reminder, the Tor 0.3.4 series will be supported until 10 June
- 2019. Some time between now and then, users should switch to the Tor
- 0.3.5 series, which will receive long-term support until at least 1
- Feb 2022.
- o Major bugfixes (OpenSSL, portability, backport from 0.3.5.5-alpha):
- - Fix our usage of named groups when running as a TLS 1.3 client in
- OpenSSL 1.1.1. Previously, we only initialized EC groups when
- running as a relay, which caused clients to fail to negotiate TLS
- 1.3 with relays. Fixes bug 28245; bugfix on 0.2.9.15 (when TLS 1.3
- support was added).
- o Major bugfixes (relay, directory, backport from 0.3.5.7):
- - Always reactivate linked connections in the main loop so long as
- any linked connection has been active. Previously, connections
- serving directory information wouldn't get reactivated after the
- first chunk of data was sent (usually 32KB), which would prevent
- clients from bootstrapping. Fixes bug 28912; bugfix on
- 0.3.4.1-alpha. Patch by "cypherpunks3".
- o Minor features (continuous integration, Windows, backport from 0.3.5.6-rc):
- - Always show the configure and test logs, and upload them as build
- artifacts, when building for Windows using Appveyor CI.
- Implements 28459.
- o Minor features (controller, backport from 0.3.5.1-alpha):
- - For purposes of CIRC_BW-based dropped cell detection, track half-
- closed stream ids, and allow their ENDs, SENDMEs, DATA and path
- bias check cells to arrive without counting it as dropped until
- either the END arrives, or the windows are empty. Closes
- ticket 25573.
- o Minor features (fallback directory list, backport from 0.3.5.6-rc):
- - Replace the 150 fallbacks originally introduced in Tor
- 0.3.3.1-alpha in January 2018 (of which ~115 were still
- functional), with a list of 157 fallbacks (92 new, 65 existing, 85
- removed) generated in December 2018. Closes ticket 24803.
- o Minor features (geoip):
- - Update geoip and geoip6 to the November 6 2018 Maxmind GeoLite2
- Country database. Closes ticket 28395.
- o Minor features (OpenSSL bug workaround, backport from 0.3.5.7):
- - Work around a bug in OpenSSL 1.1.1a, which prevented the TLS 1.3
- key export function from handling long labels. When this bug is
- detected, Tor will disable TLS 1.3. We recommend upgrading to a
- version of OpenSSL without this bug when it becomes available.
- Closes ticket 28973.
- o Minor bugfixes (compilation, backport from 0.3.5.5-alpha):
- - Initialize a variable unconditionally in aes_new_cipher(), since
- some compilers cannot tell that we always initialize it before
- use. Fixes bug 28413; bugfix on 0.2.9.3-alpha.
- o Minor bugfixes (connection, relay, backport from 0.3.5.5-alpha):
- - Avoid a logging a BUG() stacktrace when closing connection held
- open because the write side is rate limited but not the read side.
- Now, the connection read side is simply shut down until Tor is
- able to flush the connection and close it. Fixes bug 27750; bugfix
- on 0.3.4.1-alpha.
- o Minor bugfixes (continuous integration, Windows, backport from 0.3.5.5-alpha):
- - Manually configure the zstd compiler options, when building using
- mingw on Appveyor Windows CI. The MSYS2 mingw zstd package does
- not come with a pkg-config file. Fixes bug 28454; bugfix
- on 0.3.4.1-alpha.
- - Stop using an external OpenSSL install, and stop installing MSYS2
- packages, when building using mingw on Appveyor Windows CI. Fixes
- bug 28399; bugfix on 0.3.4.1-alpha.
- o Minor bugfixes (continuous integration, Windows, backport from 0.3.5.6-rc):
- - Explicitly specify the path to the OpenSSL library and do not
- download OpenSSL from Pacman, but instead use the library that is
- already provided by AppVeyor. Fixes bug 28574; bugfix on master.
- o Minor bugfixes (directory permissions, backport form 0.3.5.3-alpha):
- - When a user requests a group-readable DataDirectory, give it to
- them. Previously, when the DataDirectory and the CacheDirectory
- were the same, the default setting (0) for
- CacheDirectoryGroupReadable would override the setting for
- DataDirectoryGroupReadable. Fixes bug 26913; bugfix
- on 0.3.3.1-alpha.
- o Minor bugfixes (memory leaks, backport from 0.3.5.5-alpha):
- - Fix a harmless memory leak in libtorrunner.a. Fixes bug 28419;
- bugfix on 0.3.3.1-alpha. Patch from Martin Kepplinger.
- o Minor bugfixes (onion service v3, backport from 0.3.5.3-alpha):
- - Don't warn so loudly when Tor is unable to decode an onion
- descriptor. This can now happen as a normal use case if a client
- gets a descriptor with client authorization but the client is not
- authorized. Fixes bug 27550; bugfix on 0.3.5.1-alpha.
- o Minor bugfixes (onion service v3, backport from 0.3.5.6-rc):
- - When deleting an ephemeral onion service (DEL_ONION), do not close
- any rendezvous circuits in order to let the existing client
- connections finish by themselves or closed by the application. The
- HS v2 is doing that already so now we have the same behavior for
- all versions. Fixes bug 28619; bugfix on 0.3.3.1-alpha.
- o Minor bugfixes (relay statistics, backport from 0.3.5.7):
- - Update relay descriptor on bandwidth changes only when the uptime
- is smaller than 24h, in order to reduce the efficiency of guard
- discovery attacks. Fixes bug 24104; bugfix on 0.1.1.6-alpha.
- o Minor bugfixes (unit tests, guard selection, backport from 0.3.5.6-rc):
- - Stop leaking memory in an entry guard unit test. Fixes bug 28554;
- bugfix on 0.3.0.1-alpha.
- Changes in version 0.3.5.7 - 2019-01-07
- Tor 0.3.5.7 is the first stable release in its series; it includes
- compilation and portability fixes, and a fix for a severe problem
- affecting directory caches.
- The Tor 0.3.5 series includes several new features and performance
- improvements, including client authorization for v3 onion services,
- cleanups to bootstrap reporting, support for improved bandwidth-
- measurement tools, experimental support for NSS in place of OpenSSL,
- and much more. It also begins a full reorganization of Tor's code
- layout, for improved modularity and maintainability in the future.
- Finally, there is the usual set of performance improvements and
- bugfixes that we try to do in every release series.
- There are a couple of changes in the 0.3.5 that may affect
- compatibility. First, the default version for newly created onion
- services is now v3. Use the HiddenServiceVersion option if you want to
- override this. Second, some log messages related to bootstrapping have
- changed; if you use stem, you may need to update to the latest version
- so it will recognize them.
- We have designated 0.3.5 as a "long-term support" (LTS) series: we
- will continue to patch major bugs in typical configurations of 0.3.5
- until at least 1 Feb 2022. (We do not plan to provide long-term
- support for embedding, Rust support, NSS support, running a directory
- authority, or unsupported platforms. For these, you will need to stick
- with the latest stable release.)
- Below are the changes since 0.3.4.9. For a complete list of changes
- since 0.3.5.6-rc, see the ChangeLog file.
- o Major features (bootstrap):
- - Don't report directory progress until after a connection to a
- relay or bridge has succeeded. Previously, we'd report 80%
- progress based on cached directory information when we couldn't
- even connect to the network. Closes ticket 27169.
- o Major features (new code layout):
- - Nearly all of Tor's source code has been moved around into more
- logical places. The "common" directory is now divided into a set
- of libraries in "lib", and files in the "or" directory have been
- split into "core" (logic absolutely needed for onion routing),
- "feature" (independent modules in Tor), and "app" (to configure
- and invoke the rest of Tor). See doc/HACKING/CodeStructure.md for
- more information. Closes ticket 26481.
- This refactoring is not complete: although the libraries have been
- refactored to be acyclic, the main body of Tor is still too
- interconnected. We will attempt to improve this in the future.
- o Major features (onion services v3):
- - Implement onion service client authorization at the descriptor
- level: only authorized clients can decrypt a service's descriptor
- to find out how to contact it. A new torrc option was added to
- control this client side: ClientOnionAuthDir <path>. On the
- service side, if the "authorized_clients/" directory exists in the
- onion service directory path, client configurations are read from
- the files within. See the manpage for more details. Closes ticket
- 27547. Patch done by Suphanat Chunhapanya (haxxpop).
- - Improve revision counter generation in next-gen onion services.
- Onion services can now scale by hosting multiple instances on
- different hosts without synchronization between them, which was
- previously impossible because descriptors would get rejected by
- HSDirs. Addresses ticket 25552.
- - Version 3 onion services can now use the per-service
- HiddenServiceExportCircuitID option to differentiate client
- circuits. It communicates with the service by using the HAProxy
- protocol to assign virtual IP addresses to inbound client
- circuits. Closes ticket 4700. Patch by Mahrud Sayrafi.
- o Major features (onion services, UI change):
- - For a newly created onion service, the default version is now 3.
- Tor still supports existing version 2 services, but the operator
- now needs to set "HiddenServiceVersion 2" in order to create a new
- version 2 service. For existing services, Tor now learns the
- version by reading the key file. Closes ticket 27215.
- o Major features (portability, cryptography, experimental, TLS):
- - Tor now has the option to compile with the NSS library instead of
- OpenSSL. This feature is experimental, and we expect that bugs may
- remain. It is mainly intended for environments where Tor's
- performance is not CPU-bound, and where NSS is already known to be
- installed. To try it out, configure Tor with the --enable-nss
- flag. Closes tickets 26631, 26815, and 26816.
- If you are experimenting with this option and using an old cached
- consensus, Tor may fail to start. To solve this, delete your
- "cached-consensus" and "cached-microdesc-consensus" files,
- (if present), and restart Tor.
- o Major features (relay, UI change):
- - Relays no longer run as exits by default. If the "ExitRelay"
- option is auto (or unset), and no exit policy is specified with
- ExitPolicy or ReducedExitPolicy, we now treat ExitRelay as 0.
- Previously in this case, we allowed exit traffic and logged a
- warning message. Closes ticket 21530. Patch by Neel Chauhan.
- - Tor now validates that the ContactInfo config option is valid UTF-
- 8 when parsing torrc. Closes ticket 27428.
- o Major bugfixes (compilation):
- - Fix compilation on ARM (and other less-used CPUs) when compiling
- with OpenSSL before 1.1. Fixes bug 27781; bugfix on 0.3.4.1-alpha.
- o Major bugfixes (compilation, rust):
- - Rust tests can now build and run successfully with the
- --enable-fragile-hardening option enabled. Doing this currently
- requires the rust beta channel; it will be possible with stable
- rust once Rust version 1.31 is released. Patch from Alex Crichton.
- Fixes bugs 27272, 27273, and 27274. Bugfix on 0.3.1.1-alpha.
- o Major bugfixes (directory authority):
- - Actually check that the address we get from DirAuthority
- configuration line is valid IPv4. Explicitly disallow DirAuthority
- address to be a DNS hostname. Fixes bug 26488; bugfix
- on 0.1.2.10-rc.
- o Major bugfixes (embedding, main loop):
- - When DisableNetwork becomes set, actually disable periodic events
- that are already enabled. (Previously, we would refrain from
- enabling new ones, but we would leave the old ones turned on.)
- Fixes bug 28348; bugfix on 0.3.4.1-alpha.
- o Major bugfixes (main loop, bootstrap):
- - Make sure Tor bootstraps and works properly if only the
- ControlPort is set. Prior to this fix, Tor would only bootstrap
- when a client port was set (Socks, Trans, NATD, DNS or HTTPTunnel
- port). Fixes bug 27849; bugfix on 0.3.4.1-alpha.
- o Major bugfixes (onion service v3):
- - On an intro point for a version 3 onion service, stop closing
- introduction circuits on a NACK. This lets the client decide
- whether to reuse the circuit or discard it. Previously, we closed
- intro circuits when sending NACKs. Fixes bug 27841; bugfix on
- 0.3.2.1-alpha. Patch by Neel Chaunan.
- o Major bugfixes (OpenSSL, portability):
- - Fix our usage of named groups when running as a TLS 1.3 client in
- OpenSSL 1.1.1. Previously, we only initialized EC groups when
- running as a relay, which caused clients to fail to negotiate TLS
- 1.3 with relays. Fixes bug 28245; bugfix on 0.2.9.15 (when TLS 1.3
- support was added).
- o Major bugfixes (relay bandwidth statistics):
- - When we close relayed circuits, report the data in the circuit
- queues as being written in our relay bandwidth stats. This
- mitigates guard discovery and other attacks that close circuits
- for the explicit purpose of noticing this discrepancy in
- statistics. Fixes bug 23512; bugfix on 0.0.8pre3.
- o Major bugfixes (relay):
- - When our write bandwidth limit is exhausted, stop writing on the
- connection. Previously, we had a typo in the code that would make
- us stop reading instead, leading to relay connections being stuck
- indefinitely and consuming kernel RAM. Fixes bug 28089; bugfix
- on 0.3.4.1-alpha.
- - Always reactivate linked connections in the main loop so long as
- any linked connection has been active. Previously, connections
- serving directory information wouldn't get reactivated after the
- first chunk of data was sent (usually 32KB), which would prevent
- clients from bootstrapping. Fixes bug 28912; bugfix on
- 0.3.4.1-alpha. Patch by "cypherpunks3".
- o Major bugfixes (restart-in-process):
- - Fix a use-after-free error that could be caused by passing Tor an
- impossible set of options that would fail during options_act().
- Fixes bug 27708; bugfix on 0.3.3.1-alpha.
- o Minor features (admin tools):
- - Add a new --key-expiration option to print the expiration date of
- the signing cert in an ed25519_signing_cert file. Resolves
- issue 19506.
- o Minor features (build):
- - If you pass the "--enable-pic" option to configure, Tor will try
- to tell the compiler to build position-independent code suitable
- to link into a dynamic library. (The default remains -fPIE, for
- code suitable for a relocatable executable.) Closes ticket 23846.
- o Minor features (code correctness, testing):
- - Tor's build process now includes a "check-includes" make target to
- verify that no module of Tor relies on any headers from a higher-
- level module. We hope to use this feature over time to help
- refactor our codebase. Closes ticket 26447.
- o Minor features (code layout):
- - We have a new "lowest-level" error-handling API for use by code
- invoked from within the logging module. With this interface, the
- logging code is no longer at risk of calling into itself if a
- failure occurs while it is trying to log something. Closes
- ticket 26427.
- o Minor features (compilation):
- - When possible, place our warning flags in a separate file, to
- avoid flooding verbose build logs. Closes ticket 28924.
- - Tor's configure script now supports a --with-malloc= option to
- select your malloc implementation. Supported options are
- "tcmalloc", "jemalloc", "openbsd" (deprecated), and "system" (the
- default). Addresses part of ticket 20424. Based on a patch from
- Alex Xu.
- o Minor features (config):
- - The "auto" keyword in torrc is now case-insensitive. Closes
- ticket 26663.
- o Minor features (continuous integration):
- - Add a Travis CI build for --enable-nss on Linux gcc. Closes
- ticket 27751.
- - Add new CI job to Travis configuration to run stem-based
- integration tests. Closes ticket 27913.
- - Use the Travis Homebrew addon to install packages on macOS during
- Travis CI. The package list is the same, but the Homebrew addon
- does not do a `brew update` by default. Implements ticket 27738.
- - Report what program produced the mysterious core file that we
- occasionally see on Travis CI during make distcheck. Closes
- ticket 28024.
- - Don't do a distcheck with --disable-module-dirauth in Travis.
- Implements ticket 27252.
- - Install libcap-dev and libseccomp2-dev so these optional
- dependencies get tested on Travis CI. Closes ticket 26560.
- - Only run one online rust build in Travis, to reduce network
- errors. Skip offline rust builds on Travis for Linux gcc, because
- they're redundant. Implements ticket 27252.
- - Skip gcc on OSX in Travis CI, because it's rarely used. Skip a
- duplicate hardening-off build in Travis on Tor 0.2.9. Skip gcc on
- Linux with default settings, because all the non-default builds
- use gcc on Linux. Implements ticket 27252.
- o Minor features (continuous integration, Windows):
- - Always show the configure and test logs, and upload them as build
- artifacts, when building for Windows using Appveyor CI.
- Implements 28459.
- - Build tor on Windows Server 2012 R2 and Windows Server 2016 using
- Appveyor's CI. Closes ticket 28318.
- o Minor features (controller):
- - Emit CIRC_BW events as soon as we detect that we processed an
- invalid or otherwise dropped cell on a circuit. This allows
- vanguards and other controllers to react more quickly to dropped
- cells. Closes ticket 27678.
- - For purposes of CIRC_BW-based dropped cell detection, track half-
- closed stream ids, and allow their ENDs, SENDMEs, DATA and path
- bias check cells to arrive without counting it as dropped until
- either the END arrives, or the windows are empty. Closes
- ticket 25573.
- - Implement a 'GETINFO md/all' controller command to enable getting
- all known microdescriptors. Closes ticket 8323.
- - The GETINFO command now support an "uptime" argument, to return
- Tor's uptime in seconds. Closes ticket 25132.
- o Minor features (denial-of-service avoidance):
- - Make our OOM handler aware of the DNS cache so that it doesn't
- fill up the memory. This check is important for our DoS mitigation
- subsystem. Closes ticket 18642. Patch by Neel Chauhan.
- o Minor features (development):
- - Tor's makefile now supports running the "clippy" Rust style tool
- on our Rust code. Closes ticket 22156.
- o Minor features (directory authority):
- - There is no longer an artificial upper limit on the length of
- bandwidth lines. Closes ticket 26223.
- - When a bandwidth file is used to obtain the bandwidth measurements,
- include this bandwidth file headers in the votes. Closes
- ticket 3723.
- - Improved support for networks with only a single authority or a
- single fallback directory. Patch from Gabriel Somlo. Closes
- ticket 25928.
- o Minor features (embedding API):
- - The Tor controller API now supports a function to launch Tor with
- a preconstructed owning controller FD, so that embedding
- applications don't need to manage controller ports and
- authentication. Closes ticket 24204.
- - The Tor controller API now has a function that returns the name
- and version of the backend implementing the API. Closes
- ticket 26947.
- o Minor features (fallback directory list):
- - Replace the 150 fallbacks originally introduced in Tor
- 0.3.3.1-alpha in January 2018 (of which ~115 were still
- functional), with a list of 157 fallbacks (92 new, 65 existing, 85
- removed) generated in December 2018. Closes ticket 24803.
- o Minor features (geoip):
- - Update geoip and geoip6 to the January 3 2019 Maxmind GeoLite2
- Country database. Closes ticket 29012.
- o Minor features (memory management):
- - Get Libevent to use the same memory allocator as Tor, by calling
- event_set_mem_functions() during initialization. Resolves
- ticket 8415.
- o Minor features (memory usage):
- - When not using them, store legacy TAP public onion keys in DER-
- encoded format, rather than as expanded public keys. This should
- save several megabytes on typical clients. Closes ticket 27246.
- o Minor features (OpenSSL bug workaround):
- - Work around a bug in OpenSSL 1.1.1a, which prevented the TLS 1.3
- key export function from handling long labels. When this bug is
- detected, Tor will disable TLS 1.3. We recommend upgrading to a
- version of OpenSSL without this bug when it becomes available.
- Closes ticket 28973.
- o Minor features (OpenSSL):
- - When possible, use RFC5869 HKDF implementation from OpenSSL rather
- than our own. Resolves ticket 19979.
- o Minor features (performance):
- - Remove about 96% of the work from the function that we run at
- startup to test our curve25519_basepoint implementation. Since
- this function has yet to find an actual failure, we now only run
- it for 8 iterations instead of 200. Based on our profile
- information, this change should save around 8% of our startup time
- on typical desktops, and may have a similar effect on other
- platforms. Closes ticket 28838.
- - Stop re-validating our hardcoded Diffie-Hellman parameters on
- every startup. Doing this wasted time and cycles, especially on
- low-powered devices. Closes ticket 28851.
- o Minor features (Rust, code quality):
- - Improve rust code quality in the rust protover implementation by
- making it more idiomatic. Includes changing an internal API to
- take &str instead of &String. Closes ticket 26492.
- o Minor features (testing):
- - Add scripts/test/chutney-git-bisect.sh, for bisecting using
- chutney. Implements ticket 27211.
- o Minor features (tor-resolve):
- - The tor-resolve utility can now be used with IPv6 SOCKS proxies.
- Side-effect of the refactoring for ticket 26526.
- o Minor features (UI):
- - Log each included configuration file or directory as we read it,
- to provide more visibility about where Tor is reading from. Patch
- from Unto Sten; closes ticket 27186.
- - Lower log level of "Scheduler type KIST has been enabled" to INFO.
- Closes ticket 26703.
- o Minor bugfixes (32-bit OSX and iOS, timing):
- - Fix an integer overflow bug in our optimized 32-bit millisecond-
- difference algorithm for 32-bit Apple platforms. Previously, it
- would overflow when calculating the difference between two times
- more than 47 days apart. Fixes part of bug 27139; bugfix
- on 0.3.4.1-alpha.
- - Improve the precision of our 32-bit millisecond difference
- algorithm for 32-bit Apple platforms. Fixes part of bug 27139;
- bugfix on 0.3.4.1-alpha.
- - Relax the tolerance on the mainloop/update_time_jumps test when
- running on 32-bit Apple platforms. Fixes part of bug 27139; bugfix
- on 0.3.4.1-alpha.
- o Minor bugfixes (bootstrap):
- - Try harder to get descriptors in non-exit test networks, by using
- the mid weight for the third hop when there are no exits. Fixes
- bug 27237; bugfix on 0.2.6.2-alpha.
- o Minor bugfixes (C correctness):
- - Avoid casting smartlist index to int implicitly, as it may trigger
- a warning (-Wshorten-64-to-32). Fixes bug 26282; bugfix on
- 0.2.3.13-alpha, 0.2.7.1-alpha and 0.2.1.1-alpha.
- - Use time_t for all values in
- predicted_ports_prediction_time_remaining(). Rework the code that
- computes difference between durations/timestamps. Fixes bug 27165;
- bugfix on 0.3.1.1-alpha.
- o Minor bugfixes (client, memory usage):
- - When not running as a directory cache, there is no need to store
- the text of the current consensus networkstatus in RAM.
- Previously, however, clients would store it anyway, at a cost of
- over 5 MB. Now, they do not. Fixes bug 27247; bugfix
- on 0.3.0.1-alpha.
- o Minor bugfixes (client, ReachableAddresses):
- - Instead of adding a "reject *:*" line to ReachableAddresses when
- loading the configuration, add one to the policy after parsing it
- in parse_reachable_addresses(). This prevents extra "reject *.*"
- lines from accumulating on reloads. Fixes bug 20874; bugfix on
- 0.1.1.5-alpha. Patch by Neel Chauhan.
- o Minor bugfixes (code quality):
- - Rename sandbox_getaddrinfo() and other functions to no longer
- misleadingly suggest that they are sandbox-only. Fixes bug 26525;
- bugfix on 0.2.7.1-alpha.
- o Minor bugfixes (code safety):
- - Rewrite our assertion macros so that they no longer suppress the
- compiler's -Wparentheses warnings. Fixes bug 27709; bugfix
- on 0.0.6.
- o Minor bugfixes (compilation):
- - Initialize a variable unconditionally in aes_new_cipher(), since
- some compilers cannot tell that we always initialize it before
- use. Fixes bug 28413; bugfix on 0.2.9.3-alpha.
- o Minor bugfixes (configuration):
- - Refuse to start with relative file paths and RunAsDaemon set
- (regression from the fix for bug 22731). Fixes bug 28298; bugfix
- on 0.3.3.1-alpha.
- o Minor bugfixes (configuration, Onion Services):
- - In rend_service_parse_port_config(), disallow any input to remain
- after address-port pair was parsed. This will catch address and
- port being whitespace-separated by mistake of the user. Fixes bug
- 27044; bugfix on 0.2.9.10.
- o Minor bugfixes (connection, relay):
- - Avoid a logging a BUG() stacktrace when closing connection held
- open because the write side is rate limited but not the read side.
- Now, the connection read side is simply shut down until Tor is
- able to flush the connection and close it. Fixes bug 27750; bugfix
- on 0.3.4.1-alpha.
- o Minor bugfixes (continuous integration, Windows):
- - Stop reinstalling identical packages in our Windows CI. Fixes bug
- 27464; bugfix on 0.3.4.1-alpha.
- - Install only the necessary mingw packages during our appveyor
- builds. This change makes the build a little faster, and prevents
- a conflict with a preinstalled mingw openssl that appveyor now
- ships. Fixes bugs 27765 and 27943; bugfix on 0.3.4.2-alpha.
- - Explicitly specify the path to the OpenSSL library and do not
- download OpenSSL from Pacman, but instead use the library that is
- already provided by AppVeyor. Fixes bug 28574; bugfix on master.
- - Manually configure the zstd compiler options, when building using
- mingw on Appveyor Windows CI. The MSYS2 mingw zstd package does
- not come with a pkg-config file. Fixes bug 28454; bugfix
- on 0.3.4.1-alpha.
- - Stop using an external OpenSSL install, and stop installing MSYS2
- packages, when building using mingw on Appveyor Windows CI. Fixes
- bug 28399; bugfix on 0.3.4.1-alpha.
- o Minor bugfixes (controller):
- - Consider all routerinfo errors other than "not a server" to be
- transient for the purpose of "GETINFO exit-policy/*" controller
- request. Print stacktrace in the unlikely case of failing to
- recompute routerinfo digest. Fixes bug 27034; bugfix
- on 0.3.4.1-alpha.
- o Minor bugfixes (correctness):
- - Fix an unreached code path where we checked the value of
- "hostname" inside send_resolved_hostname_cell(). Previously, we
- used it before checking it; now we check it first. Fixes bug
- 28879; bugfix on 0.1.2.7-alpha.
- o Minor bugfixes (directory connection shutdown):
- - Avoid a double-close when shutting down a stalled directory
- connection. Fixes bug 26896; bugfix on 0.3.4.1-alpha.
- o Minor bugfixes (directory permissions):
- - When a user requests a group-readable DataDirectory, give it to
- them. Previously, when the DataDirectory and the CacheDirectory
- were the same, the default setting (0) for
- CacheDirectoryGroupReadable would override the setting for
- DataDirectoryGroupReadable. Fixes bug 26913; bugfix
- on 0.3.3.1-alpha.
- o Minor bugfixes (HTTP tunnel):
- - Fix a bug warning when closing an HTTP tunnel connection due to an
- HTTP request we couldn't handle. Fixes bug 26470; bugfix
- on 0.3.2.1-alpha.
- o Minor bugfixes (ipv6):
- - In addrs_in_same_network_family(), we choose the subnet size based
- on the IP version (IPv4 or IPv6). Previously, we chose a fixed
- subnet size of /16 for both IPv4 and IPv6 addresses. Fixes bug
- 15518; bugfix on 0.2.3.1-alpha. Patch by Neel Chauhan.
- o Minor bugfixes (Linux seccomp2 sandbox):
- - Permit the "shutdown()" system call, which is apparently used by
- OpenSSL under some circumstances. Fixes bug 28183; bugfix
- on 0.2.5.1-alpha.
- o Minor bugfixes (logging):
- - Stop talking about the Named flag in log messages. Clients have
- ignored the Named flag since 0.3.2. Fixes bug 28441; bugfix
- on 0.3.2.1-alpha.
- - As a precaution, do an early return from log_addr_has_changed() if
- Tor is running as client. Also, log a stack trace for debugging as
- this function should only be called when Tor runs as server. Fixes
- bug 26892; bugfix on 0.1.1.9-alpha.
- - Refrain from mentioning bug 21018 in the logs, as it is already
- fixed. Fixes bug 25477; bugfix on 0.2.9.8.
- o Minor bugfixes (logging, documentation):
- - When SafeLogging is enabled, scrub IP address in
- channel_tls_process_netinfo_cell(). Also, add a note to manpage
- that scrubbing is not guaranteed on loglevels below Notice. Fixes
- bug 26882; bugfix on 0.2.4.10-alpha.
- o Minor bugfixes (memory leaks):
- - Fix a harmless memory leak in libtorrunner.a. Fixes bug 28419;
- bugfix on 0.3.3.1-alpha. Patch from Martin Kepplinger.
- - Fix a small memory leak when calling Tor with --dump-config. Fixes
- bug 27893; bugfix on 0.3.2.1-alpha.
- o Minor bugfixes (netflow padding):
- - Ensure circuitmux queues are empty before scheduling or sending
- padding. Fixes bug 25505; bugfix on 0.3.1.1-alpha.
- o Minor bugfixes (onion service v2):
- - Log at level "info", not "warning", in the case that we do not
- have a consensus when a .onion request comes in. This can happen
- normally while bootstrapping. Fixes bug 27040; bugfix
- on 0.2.8.2-alpha.
- o Minor bugfixes (onion service v3):
- - When deleting an ephemeral onion service (DEL_ONION), do not close
- any rendezvous circuits in order to let the existing client
- connections finish by themselves or closed by the application. The
- HS v2 is doing that already so now we have the same behavior for
- all versions. Fixes bug 28619; bugfix on 0.3.3.1-alpha.
- - Build the service descriptor's signing key certificate before
- uploading, so we always have a fresh one: leaving no chances for
- it to expire service side. Fixes bug 27838; bugfix
- on 0.3.2.1-alpha.
- - Stop dumping a stack trace when trying to connect to an intro
- point without having a descriptor for it. Fixes bug 27774; bugfix
- on 0.3.2.1-alpha.
- - When selecting a v3 rendezvous point, don't only look at the
- protover, but also check whether the curve25519 onion key is
- present. This way we avoid picking a relay that supports the v3
- rendezvous but for which we don't have the microdescriptor. Fixes
- bug 27797; bugfix on 0.3.2.1-alpha.
- - Close all SOCKS request (for the same .onion) if the newly fetched
- descriptor is unusable. Before that, we would close only the first
- one leaving the other hanging and let to time out by themselves.
- Fixes bug 27410; bugfix on 0.3.2.1-alpha.
- - When the onion service directory can't be created or has the wrong
- permissions, do not log a stack trace. Fixes bug 27335; bugfix
- on 0.3.2.1-alpha.
- - When replacing a descriptor in the client cache, make sure to
- close all client introduction circuits for the old descriptor, so
- we don't end up with unusable leftover circuits. Fixes bug 27471;
- bugfix on 0.3.2.1-alpha.
- o Minor bugfixes (OS compatibility):
- - Properly handle configuration changes that move a listener to/from
- wildcard IP address. If the first attempt to bind a socket fails,
- close the old listener and try binding the socket again. Fixes bug
- 17873; bugfix on 0.0.8pre-1.
- o Minor bugfixes (performance)::
- - Rework node_is_a_configured_bridge() to no longer call
- node_get_all_orports(), which was performing too many memory
- allocations. Fixes bug 27224; bugfix on 0.2.3.9.
- o Minor bugfixes (protover):
- - Reject protocol names containing bytes other than alphanumeric
- characters and hyphens ([A-Za-z0-9-]). Fixes bug 27316; bugfix
- on 0.2.9.4-alpha.
- o Minor bugfixes (protover, rust):
- - Reject extra commas in version strings. Fixes bug 27197; bugfix
- on 0.3.3.3-alpha.
- - protover_all_supported() would attempt to allocate up to 16GB on
- some inputs, leading to a potential memory DoS. Fixes bug 27206;
- bugfix on 0.3.3.5-rc.
- - Compute protover votes correctly in the rust version of the
- protover code. Previously, the protover rewrite in 24031 allowed
- repeated votes from the same voter for the same protocol version
- to be counted multiple times in protover_compute_vote(). Fixes bug
- 27649; bugfix on 0.3.3.5-rc.
- - Reject protover names that contain invalid characters. Fixes bug
- 27687; bugfix on 0.3.3.1-alpha.
- o Minor bugfixes (relay shutdown, systemd):
- - Notify systemd of ShutdownWaitLength so it can be set to longer
- than systemd's TimeoutStopSec. In Tor's systemd service file, set
- TimeoutSec to 60 seconds to allow Tor some time to shut down.
- Fixes bug 28113; bugfix on 0.2.6.2-alpha.
- o Minor bugfixes (relay statistics):
- - Update relay descriptor on bandwidth changes only when the uptime
- is smaller than 24h, in order to reduce the efficiency of guard
- discovery attacks. Fixes bug 24104; bugfix on 0.1.1.6-alpha.
- o Minor bugfixes (relay):
- - Consider the fact that we'll be making direct connections to our
- entry and guard nodes when computing the fraction of nodes that
- have their descriptors. Also, if we are using bridges and there is
- at least one bridge with a full descriptor, treat the fraction of
- guards available as 100%. Fixes bug 25886; bugfix on 0.2.4.10-alpha.
- Patch by Neel Chauhan.
- - Update the message logged on relays when DirCache is disabled.
- Since 0.3.3.5-rc, authorities require DirCache (V2Dir) for the
- Guard flag. Fixes bug 24312; bugfix on 0.3.3.5-rc.
- o Minor bugfixes (testing):
- - Stop running stem's unit tests as part of "make test-stem", but
- continue to run stem's unit and online tests during "make test-
- stem-full". Fixes bug 28568; bugfix on 0.2.6.3-alpha.
- - Stop leaking memory in an entry guard unit test. Fixes bug 28554;
- bugfix on 0.3.0.1-alpha.
- - Make the hs_service tests use the same time source when creating
- the introduction point and when testing it. Now tests work better
- on very slow systems like ARM or Travis. Fixes bug 27810; bugfix
- on 0.3.2.1-alpha.
- - Revise the "conditionvar_timeout" test so that it succeeds even on
- heavily loaded systems where the test threads are not scheduled
- within 200 msec. Fixes bug 27073; bugfix on 0.2.6.3-alpha.
- - Fix two unit tests to work when HOME environment variable is not
- set. Fixes bug 27096; bugfix on 0.2.8.1-alpha.
- - If a unit test running in a subprocess exits abnormally or with a
- nonzero status code, treat the test as having failed, even if the
- test reported success. Without this fix, memory leaks don't cause
- the tests to fail, even with LeakSanitizer. Fixes bug 27658;
- bugfix on 0.2.2.4-alpha.
- - When logging a version mismatch in our openssl_version tests,
- report the actual offending version strings. Fixes bug 26152;
- bugfix on 0.2.9.1-alpha.
- - Fix forking tests on Windows when there is a space somewhere in
- the path. Fixes bug 26437; bugfix on 0.2.2.4-alpha.
- o Minor bugfixes (Windows):
- - Correctly identify Windows 8.1, Windows 10, and Windows Server
- 2008 and later from their NT versions. Fixes bug 28096; bugfix on
- 0.2.2.34; reported by Keifer Bly.
- - On recent Windows versions, the GetVersionEx() function may report
- an earlier Windows version than the running OS. To avoid user
- confusion, add "[or later]" to Tor's version string on affected
- versions of Windows. Fixes bug 28096; bugfix on 0.2.2.34; reported
- by Keifer Bly.
- - Remove Windows versions that were never supported by the
- GetVersionEx() function. Stop duplicating the latest Windows
- version in get_uname(). Fixes bug 28096; bugfix on 0.2.2.34;
- reported by Keifer Bly.
- o Code simplification and refactoring:
- - When parsing a port configuration, make it more obvious to static
- analyzer tools that we always initialize the address. Closes
- ticket 28881.
- - Divide more large Tor source files -- especially ones that span
- multiple areas of functionality -- into smaller parts, including
- onion.c and main.c. Closes ticket 26747.
- - Divide the "routerparse.c" module into separate modules for each
- group of parsed objects. Closes ticket 27924.
- - Move protover_rust.c to the same place protover.c was moved to.
- Closes ticket 27814.
- - Split directory.c into separate pieces for client, server, and
- common functionality. Closes ticket 26744.
- - Split the non-statistics-related parts from the rephist.c and
- geoip.c modules. Closes ticket 27892.
- - Split the router.c file into relay-only and shared components, to
- help with future modularization. Closes ticket 27864.
- - Divide the routerlist.c and dirserv.c modules into smaller parts.
- Closes ticket 27799.
- - 'updateFallbackDirs.py' now ignores the blacklist file, as it's not
- longer needed. Closes ticket 26502.
- - Include paths to header files within Tor are now qualified by
- directory within the top-level src directory.
- - Many structures have been removed from the centralized "or.h"
- header, and moved into their own headers. This will allow us to
- reduce the number of places in the code that rely on each
- structure's contents and layout. Closes ticket 26383.
- - Remove ATTR_NONNULL macro from codebase. Resolves ticket 26527.
- - Remove GetAdaptersAddresses_fn_t. The code that used it was
- removed as part of the 26481 refactor. Closes ticket 27467.
- - Rework Tor SOCKS server code to use Trunnel and benefit from
- autogenerated functions for parsing and generating SOCKS wire
- format. New implementation is cleaner, more maintainable and
- should be less prone to heartbleed-style vulnerabilities.
- Implements a significant fraction of ticket 3569.
- - Split sampled_guards_update_from_consensus() and
- select_entry_guard_for_circuit() into subfunctions. In
- entry_guards_update_primary() unite three smartlist enumerations
- into one and move smartlist comparison code out of the function.
- Closes ticket 21349.
- - Tor now assumes that you have standards-conformant stdint.h and
- inttypes.h headers when compiling. Closes ticket 26626.
- - Unify our bloom filter logic. Previously we had two copies of this
- code: one for routerlist filtering, and one for address set
- calculations. Closes ticket 26510.
- - Use the simpler strcmpstart() helper in
- rend_parse_v2_service_descriptor instead of strncmp(). Closes
- ticket 27630.
- - Utility functions that can perform a DNS lookup are now wholly
- separated from those that can't, in separate headers and C
- modules. Closes ticket 26526.
- o Documentation:
- - In the tor-resolve(1) manpage, fix the reference to socks-
- extensions.txt by adding a web URL. Resolves ticket 27853.
- - Mention that we require Python to be 2.7 or newer for some
- integration tests that we ship with Tor. Resolves ticket 27677.
- - Copy paragraph and URL to Tor's code of conduct document from
- CONTRIBUTING to new CODE_OF_CONDUCT file. Resolves ticket 26638.
- - Remove old instructions from INSTALL document. Closes ticket 26588.
- - Warn users that they should not include MyFamily line(s) in their
- torrc when running Tor bridge. Closes ticket 26908.
- o Removed features:
- - Tor no longer supports building with the dmalloc library. For
- debugging memory issues, we suggest using gperftools or msan
- instead. Closes ticket 26426.
- - Tor no longer attempts to run on Windows environments without the
- GetAdaptersAddresses() function. This function has existed since
- Windows XP, which is itself already older than we support.
- - Remove Tor2web functionality for version 2 onion services. The
- Tor2webMode and Tor2webRendezvousPoints options are now obsolete.
- (This feature was never shipped in vanilla Tor and it was only
- possible to use this feature by building the support at compile
- time. Tor2webMode is not implemented for version 3 onion services.)
- Closes ticket 26367.
- o Testing:
- - Increase logging and tag all log entries with timestamps in
- test_rebind.py. Provides diagnostics for issue 28229.
- o Code simplification and refactoring (shared random, dirauth):
- - Change many tor_assert() to use BUG() instead. The idea is to not
- crash a dirauth but rather scream loudly with a stacktrace and let
- it continue run. The shared random subsystem is very resilient and
- if anything wrong happens with it, at worst a non coherent value
- will be put in the vote and discarded by the other authorities.
- Closes ticket 19566.
- o Documentation (onion services):
- - Improve HSv3 client authorization by making some options more
- explicit and detailed. Closes ticket 28026. Patch by Mike Tigas.
- - Document in the man page that changing ClientOnionAuthDir value or
- adding a new file in the directory will not work at runtime upon
- sending a HUP if Sandbox 1. Closes ticket 28128.
- - Note in the man page that the only real way to fully revoke an
- onion service v3 client authorization is by restarting the tor
- process. Closes ticket 28275.
- Changes in version 0.3.4.9 - 2018-11-02
- Tor 0.3.4.9 is the second stable release in its series; it backports
- numerous fixes, including a fix for a bandwidth management bug that
- was causing memory exhaustion on relays. Anyone running an earlier
- version of Tor 0.3.4.9 should upgrade.
- o Major bugfixes (compilation, backport from 0.3.5.3-alpha):
- - Fix compilation on ARM (and other less-used CPUs) when compiling
- with OpenSSL before 1.1. Fixes bug 27781; bugfix on 0.3.4.1-alpha.
- o Major bugfixes (mainloop, bootstrap, backport from 0.3.5.3-alpha):
- - Make sure Tor bootstraps and works properly if only the
- ControlPort is set. Prior to this fix, Tor would only bootstrap
- when a client port was set (Socks, Trans, NATD, DNS or HTTPTunnel
- port). Fixes bug 27849; bugfix on 0.3.4.1-alpha.
- o Major bugfixes (relay, backport from 0.3.5.3-alpha):
- - When our write bandwidth limit is exhausted, stop writing on the
- connection. Previously, we had a typo in the code that would make
- us stop reading instead, leading to relay connections being stuck
- indefinitely and consuming kernel RAM. Fixes bug 28089; bugfix
- on 0.3.4.1-alpha.
- o Major bugfixes (restart-in-process, backport from 0.3.5.1-alpha):
- - Fix a use-after-free error that could be caused by passing Tor an
- impossible set of options that would fail during options_act().
- Fixes bug 27708; bugfix on 0.3.3.1-alpha.
- o Minor features (continuous integration, backport from 0.3.5.1-alpha):
- - Don't do a distcheck with --disable-module-dirauth in Travis.
- Implements ticket 27252.
- - Only run one online rust build in Travis, to reduce network
- errors. Skip offline rust builds on Travis for Linux gcc, because
- they're redundant. Implements ticket 27252.
- - Skip gcc on OSX in Travis CI, because it's rarely used. Skip a
- duplicate hardening-off build in Travis on Tor 0.2.9. Skip gcc on
- Linux with default settings, because all the non-default builds
- use gcc on Linux. Implements ticket 27252.
- o Minor features (continuous integration, backport from 0.3.5.3-alpha):
- - Use the Travis Homebrew addon to install packages on macOS during
- Travis CI. The package list is the same, but the Homebrew addon
- does not do a `brew update` by default. Implements ticket 27738.
- o Minor features (geoip):
- - Update geoip and geoip6 to the October 9 2018 Maxmind GeoLite2
- Country database. Closes ticket 27991.
- o Minor bugfixes (32-bit OSX and iOS, timing, backport from 0.3.5.2-alpha):
- - Fix an integer overflow bug in our optimized 32-bit millisecond-
- difference algorithm for 32-bit Apple platforms. Previously, it
- would overflow when calculating the difference between two times
- more than 47 days apart. Fixes part of bug 27139; bugfix
- on 0.3.4.1-alpha.
- - Improve the precision of our 32-bit millisecond difference
- algorithm for 32-bit Apple platforms. Fixes part of bug 27139;
- bugfix on 0.3.4.1-alpha.
- - Relax the tolerance on the mainloop/update_time_jumps test when
- running on 32-bit Apple platforms. Fixes part of bug 27139; bugfix
- on 0.3.4.1-alpha.
- o Minor bugfixes (C correctness, to appear in 0.3.5.4-alpha):
- - Avoid undefined behavior in an end-of-string check when parsing
- the BEGIN line in a directory object. Fixes bug 28202; bugfix
- on 0.2.0.3-alpha.
- o Minor bugfixes (CI, appveyor, to appear in 0.3.5.4-alpha):
- - Only install the necessary mingw packages during our appveyor
- builds. This change makes the build a little faster, and prevents
- a conflict with a preinstalled mingw openssl that appveyor now
- ships. Fixes bugs 27943 and 27765; bugfix on 0.3.4.2-alpha.
- o Minor bugfixes (code safety, backport from 0.3.5.3-alpha):
- - Rewrite our assertion macros so that they no longer suppress the
- compiler's -Wparentheses warnings. Fixes bug 27709; bugfix
- o Minor bugfixes (continuous integration, backport from 0.3.5.1-alpha):
- - Stop reinstalling identical packages in our Windows CI. Fixes bug
- 27464; bugfix on 0.3.4.1-alpha.
- o Minor bugfixes (directory authority, to appear in 0.3.5.4-alpha):
- - Log additional info when we get a relay that shares an ed25519 ID
- with a different relay, instead making a BUG() warning. Fixes bug
- 27800; bugfix on 0.3.2.1-alpha.
- o Minor bugfixes (directory connection shutdown, backport from 0.3.5.1-alpha):
- - Avoid a double-close when shutting down a stalled directory
- connection. Fixes bug 26896; bugfix on 0.3.4.1-alpha.
- o Minor bugfixes (HTTP tunnel, backport from 0.3.5.1-alpha):
- - Fix a bug warning when closing an HTTP tunnel connection due to an
- HTTP request we couldn't handle. Fixes bug 26470; bugfix
- on 0.3.2.1-alpha.
- o Minor bugfixes (netflow padding, backport from 0.3.5.1-alpha):
- - Ensure circuitmux queues are empty before scheduling or sending
- padding. Fixes bug 25505; bugfix on 0.3.1.1-alpha.
- o Minor bugfixes (onion service v3, backport from 0.3.5.1-alpha):
- - When the onion service directory can't be created or has the wrong
- permissions, do not log a stack trace. Fixes bug 27335; bugfix
- on 0.3.2.1-alpha.
- o Minor bugfixes (onion service v3, backport from 0.3.5.2-alpha):
- - Close all SOCKS request (for the same .onion) if the newly fetched
- descriptor is unusable. Before that, we would close only the first
- one leaving the other hanging and let to time out by themselves.
- Fixes bug 27410; bugfix on 0.3.2.1-alpha.
- o Minor bugfixes (onion service v3, backport from 0.3.5.3-alpha):
- - When selecting a v3 rendezvous point, don't only look at the
- protover, but also check whether the curve25519 onion key is
- present. This way we avoid picking a relay that supports the v3
- rendezvous but for which we don't have the microdescriptor. Fixes
- bug 27797; bugfix on 0.3.2.1-alpha.
- o Minor bugfixes (protover, backport from 0.3.5.3-alpha):
- - Reject protocol names containing bytes other than alphanumeric
- characters and hyphens ([A-Za-z0-9-]). Fixes bug 27316; bugfix
- on 0.2.9.4-alpha.
- o Minor bugfixes (rust, backport from 0.3.5.1-alpha):
- - Compute protover votes correctly in the rust version of the
- protover code. Previously, the protover rewrite in 24031 allowed
- repeated votes from the same voter for the same protocol version
- to be counted multiple times in protover_compute_vote(). Fixes bug
- 27649; bugfix on 0.3.3.5-rc.
- - Reject protover names that contain invalid characters. Fixes bug
- 27687; bugfix on 0.3.3.1-alpha.
- o Minor bugfixes (rust, backport from 0.3.5.2-alpha):
- - protover_all_supported() would attempt to allocate up to 16GB on
- some inputs, leading to a potential memory DoS. Fixes bug 27206;
- bugfix on 0.3.3.5-rc.
- o Minor bugfixes (rust, directory authority, to appear in 0.3.5.4-alpha):
- - Fix an API mismatch in the rust implementation of
- protover_compute_vote(). This bug could have caused crashes on any
- directory authorities running Tor with Rust (which we do not yet
- recommend). Fixes bug 27741; bugfix on 0.3.3.6.
- o Minor bugfixes (rust, to appear in 0.3.5.4-alpha):
- - Fix a potential null dereference in protover_all_supported(). Add
- a test for it. Fixes bug 27804; bugfix on 0.3.3.1-alpha.
- - Return a string that can be safely freed by C code, not one
- created by the rust allocator, in protover_all_supported(). Fixes
- bug 27740; bugfix on 0.3.3.1-alpha.
- o Minor bugfixes (testing, backport from 0.3.5.1-alpha):
- - If a unit test running in a subprocess exits abnormally or with a
- nonzero status code, treat the test as having failed, even if the
- test reported success. Without this fix, memory leaks don't cause
- the tests to fail, even with LeakSanitizer. Fixes bug 27658;
- bugfix on 0.2.2.4-alpha.
- o Minor bugfixes (testing, backport from 0.3.5.3-alpha):
- - Make the hs_service tests use the same time source when creating
- the introduction point and when testing it. Now tests work better
- on very slow systems like ARM or Travis. Fixes bug 27810; bugfix
- on 0.3.2.1-alpha.
- o Minor bugfixes (testing, to appear in 0.3.5.4-alpha):
- - Treat backtrace test failures as expected on BSD-derived systems
- (NetBSD, OpenBSD, and macOS/Darwin) until we solve bug 17808.
- (FreeBSD failures have been treated as expected since 18204 in
- 0.2.8.) Fixes bug 27948; bugfix on 0.2.5.2-alpha.
- Changes in version 0.2.9.17 - 2018-09-10
- Tor 0.2.9.17 backports numerous bugfixes from later versions of Tor.
- o Minor features (compatibility, backport from 0.3.4.8):
- - Tell OpenSSL to maintain backward compatibility with previous
- RSA1024/DH1024 users in Tor. With OpenSSL 1.1.1-pre6, these
- ciphers are disabled by default. Closes ticket 27344.
- o Minor features (continuous integration, backport from 0.3.4.7-rc):
- - Enable macOS builds in our Travis CI configuration. Closes
- ticket 24629.
- - Install libcap-dev and libseccomp2-dev so these optional
- dependencies get tested on Travis CI. Closes ticket 26560.
- - Run asciidoc during Travis CI. Implements ticket 27087.
- - Use ccache in our Travis CI configuration. Closes ticket 26952.
- o Minor features (geoip):
- - Update geoip and geoip6 to the August 7 2018 Maxmind GeoLite2
- Country database. Closes ticket 27089.
- o Minor bugfixes (compilation, backport from 0.3.4.6-rc):
- - When compiling with --enable-openbsd-malloc or --enable-tcmalloc,
- tell the compiler not to include the system malloc implementation.
- Fixes bug 20424; bugfix on 0.2.0.20-rc.
- o Minor bugfixes (compilation, backport from 0.3.4.7-rc):
- - Silence a spurious compiler warning on the GetAdaptersAddresses
- function pointer cast. This issue is already fixed by 26481 in
- 0.3.5 and later, by removing the lookup and cast. Fixes bug 27465;
- bugfix on 0.2.3.11-alpha.
- - Stop calling SetProcessDEPPolicy() on 64-bit Windows. It is not
- supported, and always fails. Some compilers warn about the
- function pointer cast on 64-bit Windows. Fixes bug 27461; bugfix
- on 0.2.2.23-alpha.
- o Minor bugfixes (compilation, windows, backport from 0.3.4.7-rc):
- - Don't link or search for pthreads when building for Windows, even
- if we are using build environment (like mingw) that provides a
- pthreads library. Fixes bug 27081; bugfix on 0.1.0.1-rc.
- o Minor bugfixes (continuous integration, backport from 0.3.4.6-rc):
- - Skip a pair of unreliable key generation tests on Windows, until
- the underlying issue in bug 26076 is resolved. Fixes bug 26830 and
- bug 26853; bugfix on 0.2.7.3-rc and 0.3.2.1-alpha respectively.
- o Minor bugfixes (continuous integration, backport from 0.3.4.7-rc):
- - Pass the module flags to distcheck configure, and log the flags
- before running configure. (Backported to 0.2.9 and later as a
- precaution.) Fixes bug 27088; bugfix on 0.3.4.1-alpha.
- o Minor bugfixes (continuous integration, backport from 0.3.4.8):
- - When a Travis build fails, and showing a log fails, keep trying to
- show the other logs. Fixes bug 27453; bugfix on 0.3.4.7-rc.
- - When we use echo in Travis, don't pass a --flag as the first
- argument. Fixes bug 27418; bugfix on 0.3.4.7-rc.
- o Minor bugfixes (directory authority, backport from 0.3.4.6-rc):
- - When voting for recommended versions, make sure that all of the
- versions are well-formed and parsable. Fixes bug 26485; bugfix
- on 0.1.1.6-alpha.
- o Minor bugfixes (linux seccomp2 sandbox, backport from 0.3.4.7-rc):
- - Fix a bug in out sandboxing rules for the openat() syscall.
- Previously, no openat() call would be permitted, which would break
- filesystem operations on recent glibc versions. Fixes bug 25440;
- bugfix on 0.2.9.15. Diagnosis and patch from Daniel Pinto.
- o Minor bugfixes (onion services, backport from 0.3.4.8):
- - Silence a spurious compiler warning in
- rend_client_send_introduction(). Fixes bug 27463; bugfix
- on 0.1.1.2-alpha.
- o Minor bugfixes (single onion services, Tor2web, backport from 0.3.4.6-rc):
- - Log a protocol warning when single onion services or Tor2web clients
- fail to authenticate direct connections to relays.
- Fixes bug 26924; bugfix on 0.2.9.1-alpha.
- o Minor bugfixes (testing, backport from 0.3.4.6-rc):
- - Disable core dumps in test_bt.sh, to avoid failures in "make
- distcheck". Fixes bug 26787; bugfix on 0.2.5.2-alpha.
- o Minor bugfixes (testing, chutney, backport from 0.3.4.8):
- - Before running make test-network-all, delete old logs and test
- result files, to avoid spurious failures. Fixes bug 27295; bugfix
- on 0.2.7.3-rc.
- o Minor bugfixes (testing, openssl compatibility, backport from 0.3.4.7-rc):
- - Our "tortls/cert_matches_key" unit test no longer relies on
- OpenSSL internals. Previously, it relied on unsupported OpenSSL
- behavior in a way that caused it to crash with OpenSSL 1.0.2p.
- Fixes bug 27226; bugfix on 0.2.5.1-alpha.
- o Minor bugfixes (Windows, compilation, backport from 0.3.4.7-rc):
- - Silence a compilation warning on MSVC 2017 and clang-cl. Fixes bug
- 27185; bugfix on 0.2.2.2-alpha.
- Changes in version 0.3.2.12 - 2018-09-10
- Tor 0.3.2.12 backport numerous fixes from later versions of Tor.
- o Minor features (compatibility, backport from 0.3.4.8):
- - Tell OpenSSL to maintain backward compatibility with previous
- RSA1024/DH1024 users in Tor. With OpenSSL 1.1.1-pre6, these
- ciphers are disabled by default. Closes ticket 27344.
- o Minor features (continuous integration, backport from 0.3.4.7-rc):
- - Enable macOS builds in our Travis CI configuration. Closes
- ticket 24629.
- - Install libcap-dev and libseccomp2-dev so these optional
- dependencies get tested on Travis CI. Closes ticket 26560.
- - Run asciidoc during Travis CI. Implements ticket 27087.
- - Use ccache in our Travis CI configuration. Closes ticket 26952.
- o Minor features (continuous integration, rust, backport from 0.3.4.7-rc):
- - Use cargo cache in our Travis CI configuration. Closes
- ticket 26952.
- o Minor features (controller, backport from 0.3.4.6-rc):
- - The control port now exposes the list of HTTPTunnelPorts and
- ExtOrPorts via GETINFO net/listeners/httptunnel and
- net/listeners/extor respectively. Closes ticket 26647.
- o Minor features (directory authorities, backport from 0.3.4.7-rc):
- - Authorities no longer vote to make the subprotocol version
- "LinkAuth=1" a requirement: it is unsupportable with NSS, and
- hasn't been needed since Tor 0.3.0.1-alpha. Closes ticket 27286.
- o Minor features (geoip):
- - Update geoip and geoip6 to the August 7 2018 Maxmind GeoLite2
- Country database. Closes ticket 27089.
- o Minor bugfixes (compilation, backport from 0.3.4.6-rc):
- - When compiling with --enable-openbsd-malloc or --enable-tcmalloc,
- tell the compiler not to include the system malloc implementation.
- Fixes bug 20424; bugfix on 0.2.0.20-rc.
- - Don't try to use a pragma to temporarily disable the
- -Wunused-const-variable warning if the compiler doesn't support
- it. Fixes bug 26785; bugfix on 0.3.2.11.
- o Minor bugfixes (compilation, backport from 0.3.4.7-rc):
- - Silence a spurious compiler warning on the GetAdaptersAddresses
- function pointer cast. This issue is already fixed by 26481 in
- 0.3.5 and later, by removing the lookup and cast. Fixes bug 27465;
- bugfix on 0.2.3.11-alpha.
- - Stop calling SetProcessDEPPolicy() on 64-bit Windows. It is not
- supported, and always fails. Some compilers warn about the
- function pointer cast on 64-bit Windows. Fixes bug 27461; bugfix
- on 0.2.2.23-alpha.
- o Minor bugfixes (compilation, windows, backport from 0.3.4.7-rc):
- - Don't link or search for pthreads when building for Windows, even
- if we are using build environment (like mingw) that provides a
- pthreads library. Fixes bug 27081; bugfix on 0.1.0.1-rc.
- o Minor bugfixes (continuous integration, backport from 0.3.4.6-rc):
- - Skip a pair of unreliable key generation tests on Windows, until
- the underlying issue in bug 26076 is resolved. Fixes bug 26830 and
- bug 26853; bugfix on 0.2.7.3-rc and 0.3.2.1-alpha respectively.
- o Minor bugfixes (continuous integration, backport from 0.3.4.7-rc):
- - Build with zstd on macOS. Fixes bug 27090; bugfix on 0.3.1.5-alpha.
- - Pass the module flags to distcheck configure, and log the flags
- before running configure. (Backported to 0.2.9 and later as a
- precaution.) Fixes bug 27088; bugfix on 0.3.4.1-alpha.
- o Minor bugfixes (continuous integration, backport from 0.3.4.8):
- - When a Travis build fails, and showing a log fails, keep trying to
- show the other logs. Fixes bug 27453; bugfix on 0.3.4.7-rc.
- - When we use echo in Travis, don't pass a --flag as the first
- argument. Fixes bug 27418; bugfix on 0.3.4.7-rc.
- o Minor bugfixes (directory authority, backport from 0.3.4.6-rc):
- - When voting for recommended versions, make sure that all of the
- versions are well-formed and parsable. Fixes bug 26485; bugfix
- on 0.1.1.6-alpha.
- o Minor bugfixes (linux seccomp2 sandbox, backport from 0.3.4.7-rc):
- - Fix a bug in out sandboxing rules for the openat() syscall.
- Previously, no openat() call would be permitted, which would break
- filesystem operations on recent glibc versions. Fixes bug 25440;
- bugfix on 0.2.9.15. Diagnosis and patch from Daniel Pinto.
- o Minor bugfixes (logging, backport from 0.3.4.6-rc):
- - Improve the log message when connection initiators fail to
- authenticate direct connections to relays. Fixes bug 26927; bugfix
- on 0.3.0.1-alpha.
- o Minor bugfixes (onion services, backport from 0.3.4.7-rc):
- - Fix bug that causes services to not ever rotate their descriptors
- if they were getting SIGHUPed often. Fixes bug 26932; bugfix
- on 0.3.2.1-alpha.
- o Minor bugfixes (onion services, backport from 0.3.4.8):
- - Silence a spurious compiler warning in
- rend_client_send_introduction(). Fixes bug 27463; bugfix
- on 0.1.1.2-alpha.
- o Minor bugfixes (rust, backport from 0.3.4.7-rc):
- - Backport test_rust.sh from master. Fixes bug 26497; bugfix
- on 0.3.1.5-alpha.
- - Consistently use ../../.. as a fallback for $abs_top_srcdir in
- test_rust.sh. Fixes bug 27093; bugfix on 0.3.4.3-alpha.
- - Stop setting $CARGO_HOME. cargo will use the user's $CARGO_HOME, or
- $HOME/.cargo by default. Fixes bug 26497; bugfix on 0.3.1.5-alpha.
- o Minor bugfixes (single onion services, Tor2web, backport from 0.3.4.6-rc):
- - Log a protocol warning when single onion services or Tor2web clients
- fail to authenticate direct connections to relays.
- Fixes bug 26924; bugfix on 0.2.9.1-alpha.
- o Minor bugfixes (testing, backport from 0.3.4.6-rc):
- - Disable core dumps in test_bt.sh, to avoid failures in "make
- distcheck". Fixes bug 26787; bugfix on 0.2.5.2-alpha.
- o Minor bugfixes (testing, chutney, backport from 0.3.4.8):
- - When running make test-network-all, use the mixed+hs-v2 network.
- (A previous fix to chutney removed v3 onion services from the
- mixed+hs-v23 network, so seeing "mixed+hs-v23" in tests is
- confusing.) Fixes bug 27345; bugfix on 0.3.2.1-alpha.
- - Before running make test-network-all, delete old logs and test
- result files, to avoid spurious failures. Fixes bug 27295; bugfix
- on 0.2.7.3-rc.
- o Minor bugfixes (testing, openssl compatibility):
- - Our "tortls/cert_matches_key" unit test no longer relies on OpenSSL
- internals. Previously, it relied on unsupported OpenSSL behavior in
- a way that caused it to crash with OpenSSL 1.0.2p. Fixes bug 27226;
- bugfix on 0.2.5.1-alpha.
- o Minor bugfixes (testing, openssl compatibility, backport from 0.3.4.7-rc):
- - Our "tortls/cert_matches_key" unit test no longer relies on
- OpenSSL internals. Previously, it relied on unsupported OpenSSL
- behavior in a way that caused it to crash with OpenSSL 1.0.2p.
- Fixes bug 27226; bugfix on 0.2.5.1-alpha.
- o Minor bugfixes (Windows, compilation, backport from 0.3.4.7-rc):
- - Silence a compilation warning on MSVC 2017 and clang-cl. Fixes bug
- 27185; bugfix on 0.2.2.2-alpha.
- Changes in version 0.3.3.10 - 2018-09-10
- Tor 0.3.3.10 backports numerous fixes from later versions of Tor.
- o Minor features (bug workaround, backport from 0.3.4.7-rc):
- - Compile correctly on systems that provide the C11 stdatomic.h
- header, but where C11 atomic functions don't actually compile.
- Closes ticket 26779; workaround for Debian issue 903709.
- o Minor features (compatibility, backport from 0.3.4.8):
- - Tell OpenSSL to maintain backward compatibility with previous
- RSA1024/DH1024 users in Tor. With OpenSSL 1.1.1-pre6, these
- ciphers are disabled by default. Closes ticket 27344.
- o Minor features (continuous integration, backport from 0.3.4.7-rc):
- - Backport Travis rust distcheck to 0.3.3. Closes ticket 24629.
- - Enable macOS builds in our Travis CI configuration. Closes
- ticket 24629.
- - Install libcap-dev and libseccomp2-dev so these optional
- dependencies get tested on Travis CI. Closes ticket 26560.
- - Run asciidoc during Travis CI. Implements ticket 27087.
- - Use ccache in our Travis CI configuration. Closes ticket 26952.
- o Minor features (continuous integration, rust, backport from 0.3.4.7-rc):
- - Use cargo cache in our Travis CI configuration. Closes
- ticket 26952.
- o Minor features (controller, backport from 0.3.4.6-rc):
- - The control port now exposes the list of HTTPTunnelPorts and
- ExtOrPorts via GETINFO net/listeners/httptunnel and
- net/listeners/extor respectively. Closes ticket 26647.
- o Minor features (directory authorities, backport from 0.3.4.7-rc):
- - Authorities no longer vote to make the subprotocol version
- "LinkAuth=1" a requirement: it is unsupportable with NSS, and
- hasn't been needed since Tor 0.3.0.1-alpha. Closes ticket 27286.
- o Minor features (geoip):
- - Update geoip and geoip6 to the August 7 2018 Maxmind GeoLite2
- Country database. Closes ticket 27089.
- o Minor bugfixes (compilation, backport from 0.3.4.6-rc):
- - When compiling with --enable-openbsd-malloc or --enable-tcmalloc,
- tell the compiler not to include the system malloc implementation.
- Fixes bug 20424; bugfix on 0.2.0.20-rc.
- - Don't try to use a pragma to temporarily disable the
- -Wunused-const-variable warning if the compiler doesn't support
- it. Fixes bug 26785; bugfix on 0.3.2.11.
- o Minor bugfixes (compilation, backport from 0.3.4.7-rc):
- - Silence a spurious compiler warning on the GetAdaptersAddresses
- function pointer cast. This issue is already fixed by 26481 in
- 0.3.5 and later, by removing the lookup and cast. Fixes bug 27465;
- bugfix on 0.2.3.11-alpha.
- - Stop calling SetProcessDEPPolicy() on 64-bit Windows. It is not
- supported, and always fails. Some compilers warn about the
- function pointer cast on 64-bit Windows. Fixes bug 27461; bugfix
- on 0.2.2.23-alpha.
- o Minor bugfixes (compilation, windows, backport from 0.3.4.7-rc):
- - Don't link or search for pthreads when building for Windows, even
- if we are using build environment (like mingw) that provides a
- pthreads library. Fixes bug 27081; bugfix on 0.1.0.1-rc.
- o Minor bugfixes (continuous integration, backport from 0.3.4.6-rc):
- - Skip a pair of unreliable key generation tests on Windows, until
- the underlying issue in bug 26076 is resolved. Fixes bug 26830 and
- bug 26853; bugfix on 0.2.7.3-rc and 0.3.2.1-alpha respectively.
- o Minor bugfixes (continuous integration, backport from 0.3.4.7-rc):
- - Build with zstd on macOS. Fixes bug 27090; bugfix on 0.3.1.5-alpha.
- - Pass the module flags to distcheck configure, and log the flags
- before running configure. (Backported to 0.2.9 and later as a
- precaution.) Fixes bug 27088; bugfix on 0.3.4.1-alpha.
- o Minor bugfixes (continuous integration, backport from 0.3.4.8):
- - When a Travis build fails, and showing a log fails, keep trying to
- show the other logs. Fixes bug 27453; bugfix on 0.3.4.7-rc.
- - When we use echo in Travis, don't pass a --flag as the first
- argument. Fixes bug 27418; bugfix on 0.3.4.7-rc.
- o Minor bugfixes (directory authority, backport from 0.3.4.6-rc):
- - When voting for recommended versions, make sure that all of the
- versions are well-formed and parsable. Fixes bug 26485; bugfix
- on 0.1.1.6-alpha.
- o Minor bugfixes (in-process restart, backport from 0.3.4.7-rc):
- - Always call tor_free_all() when leaving tor_run_main(). When we
- did not, restarting tor in-process would cause an assertion
- failure. Fixes bug 26948; bugfix on 0.3.3.1-alpha.
- o Minor bugfixes (linux seccomp2 sandbox, backport from 0.3.4.7-rc):
- - Fix a bug in our sandboxing rules for the openat() syscall.
- Previously, no openat() call would be permitted, which would break
- filesystem operations on recent glibc versions. Fixes bug 25440;
- bugfix on 0.2.9.15. Diagnosis and patch from Daniel Pinto.
- o Minor bugfixes (logging, backport from 0.3.4.6-rc):
- - Improve the log message when connection initiators fail to
- authenticate direct connections to relays. Fixes bug 26927; bugfix
- on 0.3.0.1-alpha.
- o Minor bugfixes (onion services, backport from 0.3.4.7-rc):
- - Fix bug that causes services to not ever rotate their descriptors
- if they were getting SIGHUPed often. Fixes bug 26932; bugfix
- on 0.3.2.1-alpha.
- o Minor bugfixes (onion services, backport from 0.3.4.8):
- - Silence a spurious compiler warning in
- rend_client_send_introduction(). Fixes bug 27463; bugfix
- on 0.1.1.2-alpha.
- o Minor bugfixes (portability, backport from 0.3.4.6-rc):
- - Work around two different bugs in the OS X 10.10 and later SDKs
- that would prevent us from successfully targeting earlier versions
- of OS X. Fixes bug 26876; bugfix on 0.3.3.1-alpha.
- o Minor bugfixes (portability, backport from 0.3.4.7-rc):
- - Fix compilation of the unit tests on GNU/Hurd, which does not
- define PATH_MAX. Fixes bug 26873; bugfix on 0.3.3.1-alpha. Patch
- from "paulusASol".
- o Minor bugfixes (rust, backport from 0.3.4.7-rc):
- - Backport test_rust.sh from master. Fixes bug 26497; bugfix
- on 0.3.1.5-alpha.
- - Consistently use ../../.. as a fallback for $abs_top_srcdir in
- test_rust.sh. Fixes bug 27093; bugfix on 0.3.4.3-alpha.
- - Protover parsing was accepting the presence of whitespace in
- version strings, which the C implementation would choke on, e.g.
- "Desc=1\t,2". Fixes bug 27177; bugfix on 0.3.3.5-rc.
- - Protover parsing was ignoring a 2nd hyphen and everything after
- it, accepting entries like "Link=1-5-foo". Fixes bug 27164; bugfix
- on 0.3.3.1-alpha.
- - Stop setting $CARGO_HOME. cargo will use the user's $CARGO_HOME, or
- $HOME/.cargo by default. Fixes bug 26497; bugfix on 0.3.1.5-alpha.
- - cd to ${abs_top_builddir}/src/rust before running cargo in
- src/test/test_rust.sh. This makes the working directory consistent
- between builds and tests. Fixes bug 26497; bugfix on 0.3.3.2-alpha.
- o Minor bugfixes (single onion services, Tor2web, backport from 0.3.4.6-rc):
- - Log a protocol warning when single onion services or Tor2web clients
- fail to authenticate direct connections to relays.
- Fixes bug 26924; bugfix on 0.2.9.1-alpha.
- o Minor bugfixes (testing, backport from 0.3.4.6-rc):
- - Disable core dumps in test_bt.sh, to avoid failures in "make
- distcheck". Fixes bug 26787; bugfix on 0.2.5.2-alpha.
- o Minor bugfixes (testing, chutney, backport from 0.3.4.8):
- - When running make test-network-all, use the mixed+hs-v2 network.
- (A previous fix to chutney removed v3 onion services from the
- mixed+hs-v23 network, so seeing "mixed+hs-v23" in tests is
- confusing.) Fixes bug 27345; bugfix on 0.3.2.1-alpha.
- - Before running make test-network-all, delete old logs and test
- result files, to avoid spurious failures. Fixes bug 27295; bugfix
- on 0.2.7.3-rc.
- o Minor bugfixes (testing, openssl compatibility, backport from 0.3.4.7-rc):
- - Our "tortls/cert_matches_key" unit test no longer relies on
- OpenSSL internals. Previously, it relied on unsupported OpenSSL
- behavior in a way that caused it to crash with OpenSSL 1.0.2p.
- Fixes bug 27226; bugfix on 0.2.5.1-alpha.
- o Minor bugfixes (v3 onion services, backport from 0.3.4.6-rc):
- - Stop sending ed25519 link specifiers in v3 onion service introduce
- cells and descriptors, when the rendezvous or introduction point
- doesn't support ed25519 link authentication. Fixes bug 26627;
- bugfix on 0.3.2.4-alpha.
- o Minor bugfixes (Windows, compilation, backport from 0.3.4.7-rc):
- - Silence a compilation warning on MSVC 2017 and clang-cl. Fixes bug
- 27185; bugfix on 0.2.2.2-alpha.
- Changes in version 0.3.4.8 - 2018-09-10
- Tor 0.3.4.8 is the first stable release in its series; it includes
- compilation and portability fixes.
- The Tor 0.3.4 series includes improvements for running Tor in
- low-power and embedded environments, which should help performance in
- general. We've begun work on better modularity, and included preliminary
- changes on the directory authority side to accommodate a new bandwidth
- measurement system. We've also integrated more continuous-integration
- systems into our development process, and made corresponding changes to
- Tor's testing infrastructure. Finally, we've continued to refine
- our anti-denial-of-service code.
- Below are the changes since 0.3.3.9. For a list of only the changes
- since 0.3.4.7-rc, see the ChangeLog file.
- o New system requirements:
- - Tor no longer tries to support old operating systems without
- mmap() or some local equivalent. Apparently, compilation on such
- systems has been broken for some time, without anybody noticing or
- complaining. Closes ticket 25398.
- o Major features (directory authority, modularization):
- - The directory authority subsystem has been modularized. The code
- is now located in src/or/dirauth/, and is compiled in by default.
- To disable the module, the configure option
- --disable-module-dirauth has been added. This module may be
- disabled by default in some future release. Closes ticket 25610.
- o Major features (main loop, CPU usage):
- - When Tor is disabled (via DisableNetwork or via hibernation), it
- no longer needs to run any per-second events. This change should
- make it easier for mobile applications to disable Tor while the
- device is sleeping, or Tor is not running. Closes ticket 26063.
- - Tor no longer enables all of its periodic events by default.
- Previously, Tor would enable all possible main loop events,
- regardless of whether it needed them. Furthermore, many of these
- events are now disabled when Tor is hibernating or DisableNetwork
- is set. This is a big step towards reducing client CPU usage by
- reducing the amount of wake-ups the daemon does. Closes tickets
- 25376 and 25762.
- - The bandwidth-limitation logic has been refactored so that
- bandwidth calculations are performed on-demand, rather than every
- TokenBucketRefillInterval milliseconds. This change should improve
- the granularity of our bandwidth calculations, and limit the
- number of times that the Tor process needs to wake up when it is
- idle. Closes ticket 25373.
- - Move responsibility for many operations from a once-per-second
- callback to a callback that is only scheduled as needed. Moving
- this functionality has allowed us to disable the callback when
- Tor's network is disabled. Once enough items are removed from our
- once-per-second callback, we can eliminate it entirely to conserve
- CPU when idle. The functionality removed includes: closing
- connections, circuits, and channels (ticket 25932); consensus
- voting (25937); flushing log callbacks (25951); honoring delayed
- SIGNEWNYM requests (25949); rescanning the consensus cache
- (25931); saving the state file to disk (25948); warning relay
- operators about unreachable ports (25952); and keeping track of
- Tor's uptime (26009).
- o Minor features (accounting):
- - When Tor becomes dormant, it now uses a scheduled event to wake up
- at the right time. Previously, we would use the per-second timer
- to check whether to wake up, but we no longer have any per-second
- timers enabled when the network is disabled. Closes ticket 26064.
- o Minor features (bug workaround):
- - Compile correctly on systems that provide the C11 stdatomic.h
- header, but where C11 atomic functions don't actually compile.
- Closes ticket 26779; workaround for Debian issue 903709.
- o Minor features (code quality):
- - Add optional spell-checking for the Tor codebase, using the
- "misspell" program. To use this feature, run "make check-typos".
- Closes ticket 25024.
- o Minor features (compatibility):
- - Tell OpenSSL to maintain backward compatibility with previous
- RSA1024/DH1024 users in Tor. With OpenSSL 1.1.1-pre6, these
- ciphers are disabled by default. Closes ticket 27344.
- - Tor now detects versions of OpenSSL 1.1.0 and later compiled with
- the no-deprecated option, and builds correctly with them. Closes
- tickets 19429, 19981, and 25353.
- o Minor features (compilation):
- - When compiling with --enable-openbsd-malloc or --enable-tcmalloc,
- tell the compiler not to include the system malloc implementation.
- Fixes bug 20424; bugfix on 0.2.0.20-rc.
- - Don't try to use a pragma to temporarily disable the
- -Wunused-const-variable warning if the compiler doesn't support
- it. Fixes bug 26785; bugfix on 0.3.2.11.
- - When building Tor, prefer to use Python 3 over Python 2, and more
- recent (contemplated) versions over older ones. Closes
- ticket 26372.
- o Minor features (compression, zstd):
- - When running with zstd, Tor now considers using advanced functions
- that the zstd maintainers have labeled as potentially unstable. To
- prevent breakage, Tor will only use this functionality when the
- runtime version of the zstd library matches the version with which
- Tor was compiled. Closes ticket 25162.
- o Minor features (configuration):
- - The "DownloadSchedule" options have been renamed to end with
- "DownloadInitialDelay". The old names are still allowed, but will
- produce a warning. Comma-separated lists are still permitted for
- these options, but all values after the first are ignored (as they
- have been since 0.2.9). Closes ticket 23354.
- o Minor features (continuous integration):
- - Log the compiler path and version during Appveyor builds.
- Implements ticket 27449.
- - Show config.log and test-suite.log after failed Appveyor builds.
- Also upload the zipped full logs as a build artifact. Implements
- ticket 27430.
- - Backport Travis rust distcheck to 0.3.3. Closes ticket 24629.
- - Enable macOS builds in our Travis CI configuration. Closes
- ticket 24629.
- - Install libcap-dev and libseccomp2-dev so these optional
- dependencies get tested on Travis CI. Closes ticket 26560.
- - Only post Appveyor IRC notifications when the build fails.
- Implements ticket 27275.
- - Run asciidoc during Travis CI. Implements ticket 27087.
- - Use ccache in our Travis CI configuration. Closes ticket 26952.
- - Add the necessary configuration files for continuous integration
- testing on Windows, via the Appveyor platform. Closes ticket
- 25549. Patches from Marcin Cieślak and Isis Lovecruft.
- o Minor features (continuous integration, rust):
- - Use cargo cache in our Travis CI configuration. Closes
- ticket 26952.
- o Minor features (control port):
- - Introduce GETINFO "current-time/{local,utc}" to return the local
- and UTC times respectively in ISO format. This helps a controller
- like Tor Browser detect a time-related error. Closes ticket 25511.
- Patch by Neel Chauhan.
- - Introduce new fields to the CIRC_BW event. There are two new
- fields in each of the read and written directions. The DELIVERED
- fields report the total valid data on the circuit, as measured by
- the payload sizes of verified and error-checked relay command
- cells. The OVERHEAD fields report the total unused bytes in each
- of these cells. Closes ticket 25903.
- o Minor features (controller):
- - The control port now exposes the list of HTTPTunnelPorts and
- ExtOrPorts via GETINFO net/listeners/httptunnel and
- net/listeners/extor respectively. Closes ticket 26647.
- o Minor features (directory authorities):
- - Stop warning about incomplete bw lines before the first complete
- bw line has been found, so that additional header lines can be
- ignored. Fixes bug 25960; bugfix on 0.2.2.1-alpha
- - Authorities no longer vote to make the subprotocol version
- "LinkAuth=1" a requirement: it is unsupportable with NSS, and
- hasn't been needed since Tor 0.3.0.1-alpha. Closes ticket 27286.
- o Minor features (directory authority):
- - Directory authorities now open their key-pinning files as O_SYNC,
- to limit their chances of accidentally writing partial lines.
- Closes ticket 23909.
- o Minor features (directory authority, forward compatibility):
- - Make the lines of the measured bandwidth file able to contain
- their entries in any order. Previously, the node_id entry needed
- to come first. Closes ticket 26004.
- o Minor features (entry guards):
- - Introduce a new torrc option NumPrimaryGuards for controlling the
- number of primary guards. Closes ticket 25843.
- o Minor features (geoip):
- - Update geoip and geoip6 to the August 7 2018 Maxmind GeoLite2
- Country database. Closes ticket 27089.
- o Minor features (performance):
- - Avoid a needless call to malloc() when processing an incoming
- relay cell. Closes ticket 24914.
- - Make our timing-wheel code run a tiny bit faster on 32-bit
- platforms, by preferring 32-bit math to 64-bit. Closes
- ticket 24688.
- - Avoid a needless malloc()/free() pair every time we handle an ntor
- handshake. Closes ticket 25150.
- o Minor features (Rust, portability):
- - Rust cross-compilation is now supported. Closes ticket 25895.
- o Minor features (testing):
- - Add a unit test for voting_schedule_get_start_of_next_interval().
- Closes ticket 26014, and helps make unit test coverage
- more deterministic.
- - A new unittests module specifically for testing the functions in
- the (new-ish) bridges.c module has been created with new
- unittests, raising the code coverage percentages. Closes 25425.
- - We now have improved testing for addressmap_get_virtual_address()
- function. This should improve our test coverage, and make our test
- coverage more deterministic. Closes ticket 25993.
- o Minor features (timekeeping, circuit scheduling):
- - When keeping track of how busy each circuit have been recently on
- a given connection, use coarse-grained monotonic timers rather
- than gettimeofday(). This change should marginally increase
- accuracy and performance. Implements part of ticket 25927.
- o Minor features (unit tests):
- - Test complete bandwidth measurements files, and test that
- incomplete bandwidth lines only give warnings when the end of the
- header has not been detected. Fixes bug 25947; bugfix
- on 0.2.2.1-alpha
- o Minor bugfixes (bandwidth management):
- - Consider ourselves "low on write bandwidth" if we have exhausted
- our write bandwidth some time in the last second. This was the
- documented behavior before, but the actual behavior was to change
- this value every TokenBucketRefillInterval. Fixes bug 25828;
- bugfix on 0.2.3.5-alpha.
- o Minor bugfixes (C correctness):
- - Add a missing lock acquisition in the shutdown code of the control
- subsystem. Fixes bug 25675; bugfix on 0.2.7.3-rc. Found by
- Coverity; this is CID 1433643.
- o Minor bugfixes (code style):
- - Fixed multiple includes of transports.h in src/or/connection.c
- Fixes bug 25261; bugfix on 0.2.5.1-alpha.
- - Remove the unused variable n_possible from the function
- channel_get_for_extend(). Fixes bug 25645; bugfix on 0.2.4.4-alpha
- o Minor bugfixes (compilation):
- - Silence a spurious compiler warning on the GetAdaptersAddresses
- function pointer cast. This issue is already fixed by 26481 in
- 0.3.5 and later, by removing the lookup and cast. Fixes bug 27465;
- bugfix on 0.2.3.11-alpha.
- - Stop calling SetProcessDEPPolicy() on 64-bit Windows. It is not
- supported, and always fails. Some compilers warn about the
- function pointer cast on 64-bit Windows. Fixes bug 27461; bugfix
- on 0.2.2.23-alpha.
- - Fix a compilation warning on some versions of GCC when building
- code that calls routerinfo_get_my_routerinfo() twice, assuming
- that the second call will succeed if the first one did. Fixes bug
- 26269; bugfix on 0.2.8.2-alpha.
- - Refrain from compiling unit testing related object files when
- --disable-unittests is set to configure script. Fixes bug 24891;
- bugfix on 0.2.5.1-alpha.
- - The --enable-fatal-warnings flag now affects Rust code as well.
- Closes ticket 26245.
- - Avoid a compiler warning when casting the return value of
- smartlist_len() to double with DEBUG_SMARTLIST enabled. Fixes bug
- 26283; bugfix on 0.2.4.10-alpha.
- o Minor bugfixes (compilation, windows):
- - Don't link or search for pthreads when building for Windows, even
- if we are using build environment (like mingw) that provides a
- pthreads library. Fixes bug 27081; bugfix on 0.1.0.1-rc.
- o Minor bugfixes (continuous integration):
- - Build with zstd on macOS. Fixes bug 27090; bugfix on 0.3.1.5-alpha.
- - Skip a pair of unreliable key generation tests on Windows, until
- the underlying issue in bug 26076 is resolved. Fixes bug 26830 and
- bug 26853; bugfix on 0.2.7.3-rc and 0.3.2.1-alpha respectively.
- o Minor bugfixes (control port):
- - Respond with more human-readable error messages to GETINFO exit-
- policy/* requests. Also, let controller know if an error is
- transient (response code 551) or not (response code 552). Fixes
- bug 25852; bugfix on 0.2.8.1-alpha.
- - Parse the "HSADDRESS=" parameter in HSPOST commands properly.
- Previously, it was misparsed and ignored. Fixes bug 26523; bugfix
- on 0.3.3.1-alpha. Patch by "akwizgran".
- - Make CIRC_BW event reflect the total of all data sent on a
- circuit, including padding and dropped cells. Also fix a mis-
- counting bug when STREAM_BW events were enabled. Fixes bug 25400;
- bugfix on 0.2.5.2-alpha.
- o Minor bugfixes (correctness, flow control):
- - Upon receiving a stream-level SENDME cell, verify that our window
- has not grown too large. Fixes bug 26214; bugfix on svn
- r54 (pre-0.0.1).
- o Minor bugfixes (directory authority):
- - When voting for recommended versions, make sure that all of the
- versions are well-formed and parsable. Fixes bug 26485; bugfix
- on 0.1.1.6-alpha.
- o Minor bugfixes (directory client):
- - When unverified-consensus is verified, rename it to cached-
- consenus. Fixes bug 4187; bugfix on 0.2.0.3-alpha.
- - Fixed launching a certificate fetch always during the scheduled
- periodic consensus fetch by fetching only in those cases when
- consensus are waiting for certs. Fixes bug 24740; bugfix
- on 0.2.9.1-alpha.
- o Minor bugfixes (error reporting):
- - Improve tolerance for directory authorities with skewed clocks.
- Previously, an authority with a clock more than 60 seconds ahead
- could cause a client with a correct clock to warn that the
- client's clock was behind. Now the clocks of a majority of
- directory authorities have to be ahead of the client before this
- warning will occur. Fixes bug 25756; bugfix on 0.2.2.25-alpha.
- o Minor bugfixes (in-process restart):
- - Always call tor_free_all() when leaving tor_run_main(). When we
- did not, restarting tor in-process would cause an assertion
- failure. Fixes bug 26948; bugfix on 0.3.3.1-alpha.
- o Minor bugfixes (Linux seccomp2 sandbox):
- - Fix a bug in our sandboxing rules for the openat() syscall.
- Previously, no openat() call would be permitted, which would break
- filesystem operations on recent glibc versions. Fixes bug 25440;
- bugfix on 0.2.9.15. Diagnosis and patch from Daniel Pinto.
- o Minor bugfixes (logging):
- - Improve the log message when connection initiators fail to
- authenticate direct connections to relays. Fixes bug 26927; bugfix
- on 0.3.0.1-alpha.
- o Minor bugfixes (onion services):
- - Silence a spurious compiler warning in
- rend_client_send_introduction(). Fixes bug 27463; bugfix
- on 0.1.1.2-alpha.
- - Fix bug that causes services to not ever rotate their descriptors
- if they were getting SIGHUPed often. Fixes bug 26932; bugfix
- on 0.3.2.1-alpha.
- - Recompute some consensus information after detecting a clock jump,
- or after transitioning from a non-live consensus to a live
- consensus. We do this to avoid having an outdated state, and
- miscalculating the index for next-generation onion services. Fixes
- bug 24977; bugfix on 0.3.2.1-alpha.
- o Minor bugfixes (portability):
- - Fix compilation of the unit tests on GNU/Hurd, which does not
- define PATH_MAX. Fixes bug 26873; bugfix on 0.3.3.1-alpha. Patch
- from "paulusASol".
- - Work around two different bugs in the OS X 10.10 and later SDKs
- that would prevent us from successfully targeting earlier versions
- of OS X. Fixes bug 26876; bugfix on 0.3.3.1-alpha.
- - Do not align mmap length, as it is not required by POSIX, and the
- getpagesize function is deprecated. Fixes bug 25399; bugfix
- on 0.1.1.23.
- o Minor bugfixes (portability, FreeBSD):
- - In have_enough_mem_for_dircache(), the variable DIRCACHE_MIN_MEM_MB
- does not stringify on FreeBSD, so we switch to tor_asprintf().
- Fixes bug 20887; bugfix on 0.2.8.1-alpha. Patch by Neel Chauhan.
- o Minor bugfixes (relay statistics):
- - When a relay is collecting internal statistics about how many
- create cell requests it has seen of each type, accurately count
- the requests from relays that temporarily fall out of the
- consensus. (To be extra conservative, we were already ignoring
- requests from clients in our counts, and we continue ignoring them
- here.) Fixes bug 24910; bugfix on 0.2.4.17-rc.
- o Minor bugfixes (rust):
- - Backport test_rust.sh from master. Fixes bug 26497; bugfix
- on 0.3.1.5-alpha.
- - Protover parsing was accepting the presence of whitespace in
- version strings, which the C implementation would choke on, e.g.
- "Desc=1\t,2". Fixes bug 27177; bugfix on 0.3.3.5-rc.
- - Protover parsing was ignoring a 2nd hyphen and everything after
- it, accepting entries like "Link=1-5-foo". Fixes bug 27164; bugfix
- on 0.3.3.1-alpha.
- - Stop setting $CARGO_HOME. cargo will use the user's $CARGO_HOME, or
- $HOME/.cargo by default. Fixes bug 26497; bugfix on 0.3.1.5-alpha.
- - cd to ${abs_top_builddir}/src/rust before running cargo in
- src/test/test_rust.sh. This makes the working directory consistent
- between builds and tests. Fixes bug 26497; bugfix on 0.3.3.2-alpha.
- o Minor bugfixes (single onion services, Tor2web):
- - Log a protocol warning when single onion services or Tor2web
- clients fail to authenticate direct connections to relays. Fixes
- bug 26924; bugfix on 0.2.9.1-alpha.
- o Minor bugfixes (test coverage tools):
- - Update our "cov-diff" script to handle output from the latest
- version of gcov, and to remove extraneous timestamp information
- from its output. Fixes bugs 26101 and 26102; bugfix
- on 0.2.5.1-alpha.
- o Minor bugfixes (testing):
- - Disable core dumps in test_bt.sh, to avoid failures in "make
- distcheck". Fixes bug 26787; bugfix on 0.2.5.2-alpha.
- - When testing workqueue event-cancellation, make sure that we
- actually cancel an event, and that cancel each event with equal
- probability. (It was previously possible, though extremely
- unlikely, for our event-canceling test not to cancel any events.)
- Fixes bug 26008; bugfix on 0.2.6.3-alpha.
- - Repeat part of the test in test_client_pick_intro() a number of
- times, to give it consistent coverage. Fixes bug 25996; bugfix
- on 0.3.2.1-alpha.
- - Remove randomness from the hs_common/responsible_hsdirs test, so
- that it always takes the same path through the function it tests.
- Fixes bug 25997; bugfix on 0.3.2.1-alpha.
- - Change the behavior of the "channel/outbound" test so that it
- never causes a 10-second rollover for the EWMA circuitmux code.
- Previously, this behavior would happen randomly, and result in
- fluctuating test coverage. Fixes bug 25994; bugfix
- on 0.3.3.1-alpha.
- - Use X509_new() to allocate certificates that will be freed later
- with X509_free(). Previously, some parts of the unit tests had
- used tor_malloc_zero(), which is incorrect, and which caused test
- failures on Windows when they were built with extra hardening.
- Fixes bugs 25943 and 25944; bugfix on 0.2.8.1-alpha. Patch by
- Marcin Cieślak.
- - While running the circuit_timeout test, fix the PRNG to a
- deterministic AES stream, so that the test coverage from this test
- will itself be deterministic. Fixes bug 25995; bugfix
- on 0.2.2.2-alpha.
- o Minor bugfixes (testing, bootstrap):
- - When calculating bootstrap progress, check exit policies and the
- exit flag. Previously, Tor would only check the exit flag, which
- caused race conditions in small and fast networks like chutney.
- Fixes bug 27236; bugfix on 0.2.6.3-alpha.
- o Minor bugfixes (testing, chutney):
- - When running make test-network-all, use the mixed+hs-v2 network.
- (A previous fix to chutney removed v3 onion services from the
- mixed+hs-v23 network, so seeing "mixed+hs-v23" in tests is
- confusing.) Fixes bug 27345; bugfix on 0.3.2.1-alpha.
- - Before running make test-network-all, delete old logs and test
- result files, to avoid spurious failures. Fixes bug 27295; bugfix
- on 0.2.7.3-rc.
- o Minor bugfixes (testing, openssl compatibility):
- - Our "tortls/cert_matches_key" unit test no longer relies on
- OpenSSL internals. Previously, it relied on unsupported OpenSSL
- behavior in a way that caused it to crash with OpenSSL 1.0.2p.
- Fixes bug 27226; bugfix on 0.2.5.1-alpha.
- o Minor bugfixes (v3 onion services):
- - Stop sending ed25519 link specifiers in v3 onion service introduce
- cells and descriptors, when the rendezvous or introduction point
- doesn't support ed25519 link authentication. Fixes bug 26627;
- bugfix on 0.3.2.4-alpha.
- o Minor bugfixes (vanguards):
- - Allow the last hop in a vanguard circuit to be the same as our
- first, to prevent the adversary from influencing guard node choice
- by choice of last hop. Also prevent the creation of A - B - A
- paths, or A - A paths, which are forbidden by relays. Fixes bug
- 25870; bugfix on 0.3.3.1-alpha.
- o Minor bugfixes (Windows, compilation):
- - Silence a compilation warning on MSVC 2017 and clang-cl. Fixes bug
- 27185; bugfix on 0.2.2.2-alpha.
- o Code simplification and refactoring:
- - Remove duplicate code in parse_{c,s}method_line and bootstrap
- their functionalities into a single function. Fixes bug 6236;
- bugfix on 0.2.3.6-alpha.
- - We remove the PortForwsrding and PortForwardingHelper options,
- related functions, and the port_forwarding tests. These options
- were used by the now-deprecated Vidalia to help ordinary users
- become Tor relays or bridges. Closes ticket 25409. Patch by
- Neel Chauhan.
- - In order to make the OR and dir checking function in router.c less
- confusing we renamed some functions and
- consider_testing_reachability() has been split into
- router_should_check_reachability() and
- router_do_reachability_checks(). Also we improved the documentation
- in some functions. Closes ticket 18918.
- - Initial work to isolate Libevent usage to a handful of modules in
- our codebase, to simplify our call structure, and so that we can
- more easily change event loops in the future if needed. Closes
- ticket 23750.
- - Introduce a function to call getsockname() and return tor_addr_t,
- to save a little complexity throughout the codebase. Closes
- ticket 18105.
- - Make hsdir_index in node_t a hsdir_index_t rather than a pointer
- as hsdir_index is always present. Also, we move hsdir_index_t into
- or.h. Closes ticket 23094. Patch by Neel Chauhan.
- - Merge functions used for describing nodes and suppress the
- functions that do not allocate memory for the output buffer
- string. NODE_DESC_BUF_LEN constant and format_node_description()
- function cannot be used externally from router.c module anymore.
- Closes ticket 25432. Patch by valentecaio.
- - Our main loop has been simplified so that all important operations
- happen inside events. Previously, some operations had to happen
- outside the event loop, to prevent infinite sequences of event
- activations. Closes ticket 25374.
- - Put a SHA1 public key digest in hs_service_intro_point_t, and use
- it in register_intro_circ() and service_intro_point_new(). This
- prevents the digest from being re-calculated each time. Closes
- ticket 23107. Patch by Neel Chauhan.
- - Refactor token-bucket implementations to use a common backend.
- Closes ticket 25766.
- - Remove extern declaration of stats_n_seconds_working variable from
- main, protecting its accesses with get_uptime() and reset_uptime()
- functions. Closes ticket 25081, patch by “valentecaio”.
- - Remove our previous logic for "cached gettimeofday()" -- our
- coarse monotonic timers are fast enough for this purpose, and far
- less error-prone. Implements part of ticket 25927.
- - Remove the return value for fascist_firewall_choose_address_base(),
- and sister functions such as fascist_firewall_choose_address_node()
- and fascist_firewall_choose_address_rs(). Also, while we're here,
- initialize the ap argument as leaving it uninitialized can pose a
- security hazard. Closes ticket 24734. Patch by Neel Chauhan.
- - Rename two fields of connection_t struct. timestamp_lastwritten is
- renamed to timestamp_last_write_allowed and timestamp_lastread is
- renamed to timestamp_last_read_allowed. Closes ticket 24714, patch
- by "valentecaio".
- - Since Tor requires C99, remove our old workaround code for libc
- implementations where free(NULL) doesn't work. Closes ticket 24484.
- - Use our standard rate-limiting code to deal with excessive
- libevent failures, rather than the hand-rolled logic we had
- before. Closes ticket 26016.
- - We remove the return value of node_get_prim_orport() and
- node_get_prim_dirport(), and introduce node_get_prim_orport() in
- node_ipv6_or_preferred() and node_ipv6_dir_preferred() in order to
- check for a null address. Closes ticket 23873. Patch by
- Neel Chauhan.
- - We switch to should_record_bridge_info() in
- geoip_note_client_seen() and options_need_geoip_info() instead of
- accessing the configuration values directly. Fixes bug 25290;
- bugfix on 0.2.1.6-alpha. Patch by Neel Chauhan.
- o Deprecated features:
- - As we are not recommending 0.2.5 anymore, we require relays that
- once had an ed25519 key associated with their RSA key to always
- have that key, instead of allowing them to drop back to a version
- that didn't support ed25519. This means they need to use a new RSA
- key if they want to downgrade to an older version of tor without
- ed25519. Closes ticket 20522.
- o Removed features:
- - Directory authorities will no longer support voting according to
- any consensus method before consensus method 25. This keeps
- authorities compatible with all authorities running 0.2.9.8 and
- later, and does not break any clients or relays. Implements ticket
- 24378 and proposal 290.
- - The PortForwarding and PortForwardingHelper features have been
- removed. The reasoning is, given that implementations of NAT
- traversal protocols within common consumer grade routers are
- frequently buggy, and that the target audience for a NAT punching
- feature is a perhaps less-technically-inclined relay operator,
- when the helper fails to setup traversal the problems are usually
- deep, ugly, and very router specific, making them horrendously
- impossible for technical support to reliable assist with, and thus
- resulting in frustration all around. Unfortunately, relay
- operators who would like to run relays behind NATs will need to
- become more familiar with the port forwarding configurations on
- their local router. Closes 25409.
- - The TestingEnableTbEmptyEvent option has been removed. It was used
- in testing simulations to measure how often connection buckets
- were emptied, in order to improve our scheduling, but it has not
- been actively used in years. Closes ticket 25760.
- - The old "round-robin" circuit multiplexer (circuitmux)
- implementation has been removed, along with a fairly large set of
- code that existed to support it. It has not been the default
- circuitmux since we introduced the "EWMA" circuitmux in 0.2.4.x,
- but it still required an unreasonable amount of memory and CPU.
- Closes ticket 25268.
- Changes in version 0.3.3.9 - 2018-07-13
- Tor 0.3.3.9 moves to a new bridge authority, meaning people running
- bridge relays should upgrade.
- o Directory authority changes:
- - The "Bifroest" bridge authority has been retired; the new bridge
- authority is "Serge", and it is operated by George from the
- TorBSD project. Closes ticket 26771.
- Changes in version 0.3.2.11 - 2018-07-13
- Tor 0.3.2.11 moves to a new bridge authority, meaning people running
- bridge relays should upgrade. We also take this opportunity to backport
- other minor fixes.
- o Directory authority changes:
- - The "Bifroest" bridge authority has been retired; the new bridge
- authority is "Serge", and it is operated by George from the
- TorBSD project. Closes ticket 26771.
- o Directory authority changes (backport from 0.3.3.7):
- - Add an IPv6 address for the "dannenberg" directory authority.
- Closes ticket 26343.
- o Major bugfixes (directory authorities, backport from 0.3.4.1-alpha):
- - When directory authorities read a zero-byte bandwidth file, they
- would previously log a warning with the contents of an
- uninitialised buffer. They now log a warning about the empty file
- instead. Fixes bug 26007; bugfix on 0.2.2.1-alpha.
- o Major bugfixes (onion service, backport from 0.3.4.1-alpha):
- - Correctly detect when onion services get disabled after HUP. Fixes
- bug 25761; bugfix on 0.3.2.1.
- o Minor features (sandbox, backport from 0.3.3.4-alpha):
- - Explicitly permit the poll() system call when the Linux
- seccomp2-based sandbox is enabled: apparently, some versions of
- libc use poll() when calling getpwnam(). Closes ticket 25313.
- o Minor feature (continuous integration, backport from 0.3.3.5-rc):
- - Update the Travis CI configuration to use the stable Rust channel,
- now that we have decided to require that. Closes ticket 25714.
- o Minor features (continuous integration, backport from 0.3.4.1-alpha):
- - Our .travis.yml configuration now includes support for testing the
- results of "make distcheck". (It's not uncommon for "make check"
- to pass but "make distcheck" to fail.) Closes ticket 25814.
- - Our Travis CI configuration now integrates with the Coveralls
- coverage analysis tool. Closes ticket 25818.
- o Minor features (relay, diagnostic, backport from 0.3.4.3-alpha):
- - Add several checks to detect whether Tor relays are uploading
- their descriptors without specifying why they regenerated them.
- Diagnostic for ticket 25686.
- o Minor features (compilation, backport from 0.3.4.4-rc):
- - When building Tor, prefer to use Python 3 over Python 2, and more
- recent (contemplated) versions over older ones. Closes
- ticket 26372.
- o Minor features (geoip):
- - Update geoip and geoip6 to the July 3 2018 Maxmind GeoLite2
- Country database. Closes ticket 26674.
- o Minor bugfixes (correctness, client, backport from 0.3.4.1-alpha):
- - Upon receiving a malformed connected cell, stop processing the
- cell immediately. Previously we would mark the connection for
- close, but continue processing the cell as if the connection were
- open. Fixes bug 26072; bugfix on 0.2.4.7-alpha.
- o Minor bugfixes (Linux seccomp2 sandbox, backport from 0.3.4.1-alpha):
- - Allow the nanosleep() system call, which glibc uses to implement
- sleep() and usleep(). Fixes bug 24969; bugfix on 0.2.5.1-alpha.
- o Minor bugfixes (testing, compatibility, backport from 0.3.4.4-rc):
- - When running the hs_ntor_ref.py test, make sure only to pass
- strings (rather than "bytes" objects) to the Python subprocess
- module. Python 3 on Windows seems to require this. Fixes bug
- 26535; bugfix on 0.3.1.1-alpha.
- - When running the ntor_ref.py test, make sure only to pass strings
- (rather than "bytes" objects) to the Python subprocess module.
- Python 3 on Windows seems to require this. Fixes bug 26535; bugfix
- on 0.2.5.5-alpha.
- o Minor bugfixes (compatibility, openssl, backport from 0.3.4.2-alpha):
- - Work around a change in OpenSSL 1.1.1 where return values that
- would previously indicate "no password" now indicate an empty
- password. Without this workaround, Tor instances running with
- OpenSSL 1.1.1 would accept descriptors that other Tor instances
- would reject. Fixes bug 26116; bugfix on 0.2.5.16.
- o Minor bugfixes (documentation, backport from 0.3.3.5-rc):
- - Document that the PerConnBW{Rate,Burst} options will fall back to
- their corresponding consensus parameters only if those parameters
- are set. Previously we had claimed that these values would always
- be set in the consensus. Fixes bug 25296; bugfix on 0.2.2.7-alpha.
- o Minor bugfixes (compilation, backport from 0.3.4.4-rc):
- - Fix a compilation warning on some versions of GCC when building
- code that calls routerinfo_get_my_routerinfo() twice, assuming
- that the second call will succeed if the first one did. Fixes bug
- 26269; bugfix on 0.2.8.2-alpha.
- o Minor bugfixes (client, backport from 0.3.4.1-alpha):
- - Don't consider Tor running as a client if the ControlPort is open,
- but no actual client ports are open. Fixes bug 26062; bugfix
- on 0.2.9.4-alpha.
- o Minor bugfixes (hardening, backport from 0.3.4.2-alpha):
- - Prevent a possible out-of-bounds smartlist read in
- protover_compute_vote(). Fixes bug 26196; bugfix on 0.2.9.4-alpha.
- o Minor bugfixes (C correctness, backport from 0.3.3.4-alpha):
- - Fix a very unlikely (impossible, we believe) null pointer
- dereference. Fixes bug 25629; bugfix on 0.2.9.15. Found by
- Coverity; this is CID 1430932.
- o Minor bugfixes (onion service, backport from 0.3.4.1-alpha):
- - Fix a memory leak when a v3 onion service is configured and gets a
- SIGHUP signal. Fixes bug 25901; bugfix on 0.3.2.1-alpha.
- - When parsing the descriptor signature, look for the token plus an
- extra white-space at the end. This is more correct but also will
- allow us to support new fields that might start with "signature".
- Fixes bug 26069; bugfix on 0.3.0.1-alpha.
- o Minor bugfixes (relay, backport from 0.3.4.3-alpha):
- - Relays now correctly block attempts to re-extend to the previous
- relay by Ed25519 identity. Previously they would warn in this
- case, but not actually reject the attempt. Fixes bug 26158; bugfix
- on 0.3.0.1-alpha.
- o Minor bugfixes (relay, crash, backport from 0.3.4.1-alpha):
- - Avoid a crash when running with DirPort set but ORPort turned off.
- Fixes a case of bug 23693; bugfix on 0.3.1.1-alpha.
- o Minor bugfixes (compilation, backport from 0.3.4.2-alpha):
- - Silence unused-const-variable warnings in zstd.h with some GCC
- versions. Fixes bug 26272; bugfix on 0.3.1.1-alpha.
- o Minor bugfixes (testing, backport from 0.3.3.4-alpha):
- - Avoid intermittent test failures due to a test that had relied on
- onion service introduction point creation finishing within 5
- seconds of real clock time. Fixes bug 25450; bugfix
- on 0.3.1.3-alpha.
- o Minor bugfixes (compilation, backport from 0.3.3.4-alpha):
- - Fix a C99 compliance issue in our configuration script that caused
- compilation issues when compiling Tor with certain versions of
- xtools. Fixes bug 25474; bugfix on 0.3.2.5-alpha.
- o Minor bugfixes (memory, correctness, backport from 0.3.4.4-rc):
- - Fix a number of small memory leaks identified by coverity. Fixes
- bug 26467; bugfix on numerous Tor versions.
- o Code simplification and refactoring (backport from 0.3.3.5-rc):
- - Move the list of default directory authorities to its own file.
- Closes ticket 24854. Patch by "beastr0".
- Changes in version 0.2.9.16 - 2018-07-13
- Tor 0.2.9.16 moves to a new bridge authority, meaning people running
- bridge relays should upgrade. We also take this opportunity to backport
- other minor fixes.
- o Directory authority changes:
- - The "Bifroest" bridge authority has been retired; the new bridge
- authority is "Serge", and it is operated by George from the
- TorBSD project. Closes ticket 26771.
- o Directory authority changes (backport from 0.3.3.7):
- - Add an IPv6 address for the "dannenberg" directory authority.
- Closes ticket 26343.
- o Major bugfixes (directory authorities, backport from 0.3.4.1-alpha):
- - When directory authorities read a zero-byte bandwidth file, they
- would previously log a warning with the contents of an
- uninitialised buffer. They now log a warning about the empty file
- instead. Fixes bug 26007; bugfix on 0.2.2.1-alpha.
- o Minor features (sandbox, backport from 0.3.3.4-alpha):
- - Explicitly permit the poll() system call when the Linux
- seccomp2-based sandbox is enabled: apparently, some versions of
- libc use poll() when calling getpwnam(). Closes ticket 25313.
- o Minor features (continuous integration, backport from 0.3.4.1-alpha):
- - Our .travis.yml configuration now includes support for testing the
- results of "make distcheck". (It's not uncommon for "make check"
- to pass but "make distcheck" to fail.) Closes ticket 25814.
- - Our Travis CI configuration now integrates with the Coveralls
- coverage analysis tool. Closes ticket 25818.
- o Minor features (compilation, backport from 0.3.4.4-rc):
- - When building Tor, prefer to use Python 3 over Python 2, and more
- recent (contemplated) versions over older ones. Closes
- ticket 26372.
- o Minor features (geoip):
- - Update geoip and geoip6 to the July 3 2018 Maxmind GeoLite2
- Country database. Closes ticket 26674.
- o Minor bugfixes (correctness, client, backport from 0.3.4.1-alpha):
- - Upon receiving a malformed connected cell, stop processing the
- cell immediately. Previously we would mark the connection for
- close, but continue processing the cell as if the connection were
- open. Fixes bug 26072; bugfix on 0.2.4.7-alpha.
- o Minor bugfixes (Linux seccomp2 sandbox, backport from 0.3.4.1-alpha):
- - Allow the nanosleep() system call, which glibc uses to implement
- sleep() and usleep(). Fixes bug 24969; bugfix on 0.2.5.1-alpha.
- o Minor bugfixes (testing, compatibility, backport from 0.3.4.4-rc):
- - When running the ntor_ref.py test, make sure only to pass strings
- (rather than "bytes" objects) to the Python subprocess module.
- Python 3 on Windows seems to require this. Fixes bug 26535; bugfix
- on 0.2.5.5-alpha.
- o Minor bugfixes (compatibility, openssl, backport from 0.3.4.2-alpha):
- - Work around a change in OpenSSL 1.1.1 where return values that
- would previously indicate "no password" now indicate an empty
- password. Without this workaround, Tor instances running with
- OpenSSL 1.1.1 would accept descriptors that other Tor instances
- would reject. Fixes bug 26116; bugfix on 0.2.5.16.
- o Minor bugfixes (compilation, backport from 0.3.4.4-rc):
- - Fix a compilation warning on some versions of GCC when building
- code that calls routerinfo_get_my_routerinfo() twice, assuming
- that the second call will succeed if the first one did. Fixes bug
- 26269; bugfix on 0.2.8.2-alpha.
- o Minor bugfixes (client, backport from 0.3.4.1-alpha):
- - Don't consider Tor running as a client if the ControlPort is open,
- but no actual client ports are open. Fixes bug 26062; bugfix
- on 0.2.9.4-alpha.
- o Minor bugfixes (hardening, backport from 0.3.4.2-alpha):
- - Prevent a possible out-of-bounds smartlist read in
- protover_compute_vote(). Fixes bug 26196; bugfix on 0.2.9.4-alpha.
- o Minor bugfixes (C correctness, backport from 0.3.3.4-alpha):
- - Fix a very unlikely (impossible, we believe) null pointer
- dereference. Fixes bug 25629; bugfix on 0.2.9.15. Found by
- Coverity; this is CID 1430932.
- o Minor bugfixes (memory, correctness, backport from 0.3.4.4-rc):
- - Fix a number of small memory leaks identified by coverity. Fixes
- bug 26467; bugfix on numerous Tor versions.
- o Code simplification and refactoring (backport from 0.3.3.5-rc):
- - Move the list of default directory authorities to its own file.
- Closes ticket 24854. Patch by "beastr0".
- Changes in version 0.3.3.8 - 2018-07-09
- Tor 0.3.3.8 backports several changes from the 0.3.4.x series, including
- fixes for a memory leak affecting directory authorities.
- o Major bugfixes (directory authority, backport from 0.3.4.3-alpha):
- - Stop leaking memory on directory authorities when planning to
- vote. This bug was crashing authorities by exhausting their
- memory. Fixes bug 26435; bugfix on 0.3.3.6.
- o Major bugfixes (rust, testing, backport from 0.3.4.3-alpha):
- - Make sure that failing tests in Rust will actually cause the build
- to fail: previously, they were ignored. Fixes bug 26258; bugfix
- on 0.3.3.4-alpha.
- o Minor features (compilation, backport from 0.3.4.4-rc):
- - When building Tor, prefer to use Python 3 over Python 2, and more
- recent (contemplated) versions over older ones. Closes
- ticket 26372.
- o Minor features (geoip):
- - Update geoip and geoip6 to the July 3 2018 Maxmind GeoLite2
- Country database. Closes ticket 26674.
- o Minor features (relay, diagnostic, backport from 0.3.4.3-alpha):
- - Add several checks to detect whether Tor relays are uploading
- their descriptors without specifying why they regenerated them.
- Diagnostic for ticket 25686.
- o Minor bugfixes (circuit path selection, backport from 0.3.4.1-alpha):
- - Don't count path selection failures as circuit build failures.
- This change should eliminate cases where Tor blames its guard or
- the network for situations like insufficient microdescriptors
- and/or overly restrictive torrc settings. Fixes bug 25705; bugfix
- on 0.3.3.1-alpha.
- o Minor bugfixes (compilation, backport from 0.3.4.4-rc):
- - Fix a compilation warning on some versions of GCC when building
- code that calls routerinfo_get_my_routerinfo() twice, assuming
- that the second call will succeed if the first one did. Fixes bug
- 26269; bugfix on 0.2.8.2-alpha.
- o Minor bugfixes (control port, backport from 0.3.4.4-rc):
- - Handle the HSADDRESS= argument to the HSPOST command properly.
- (Previously, this argument was misparsed and thus ignored.) Fixes
- bug 26523; bugfix on 0.3.3.1-alpha. Patch by "akwizgran".
- o Minor bugfixes (memory, correctness, backport from 0.3.4.4-rc):
- - Fix a number of small memory leaks identified by coverity. Fixes
- bug 26467; bugfix on numerous Tor versions.
- o Minor bugfixes (relay, backport from 0.3.4.3-alpha):
- - Relays now correctly block attempts to re-extend to the previous
- relay by Ed25519 identity. Previously they would warn in this
- case, but not actually reject the attempt. Fixes bug 26158; bugfix
- on 0.3.0.1-alpha.
- o Minor bugfixes (restart-in-process, backport from 0.3.4.1-alpha):
- - When shutting down, Tor now clears all the flags in the control.c
- module. This should prevent a bug where authentication cookies are
- not generated on restart. Fixes bug 25512; bugfix on 0.3.3.1-alpha.
- o Minor bugfixes (testing, compatibility, backport from 0.3.4.4-rc):
- - When running the hs_ntor_ref.py test, make sure only to pass
- strings (rather than "bytes" objects) to the Python subprocess
- module. Python 3 on Windows seems to require this. Fixes bug
- 26535; bugfix on 0.3.1.1-alpha.
- - When running the ntor_ref.py test, make sure only to pass strings
- (rather than "bytes" objects) to the Python subprocess module.
- Python 3 on Windows seems to require this. Fixes bug 26535; bugfix
- on 0.2.5.5-alpha.
- Changes in version 0.3.3.7 - 2018-06-12
- Tor 0.3.3.7 backports several changes from the 0.3.4.x series, including
- fixes for bugs affecting compatibility and stability.
- o Directory authority changes:
- - Add an IPv6 address for the "dannenberg" directory authority.
- Closes ticket 26343.
- o Minor features (geoip):
- - Update geoip and geoip6 to the June 7 2018 Maxmind GeoLite2
- Country database. Closes ticket 26351.
- o Minor bugfixes (compatibility, openssl, backport from 0.3.4.2-alpha):
- - Work around a change in OpenSSL 1.1.1 where return values that
- would previously indicate "no password" now indicate an empty
- password. Without this workaround, Tor instances running with
- OpenSSL 1.1.1 would accept descriptors that other Tor instances
- would reject. Fixes bug 26116; bugfix on 0.2.5.16.
- o Minor bugfixes (compilation, backport from 0.3.4.2-alpha):
- - Silence unused-const-variable warnings in zstd.h with some GCC
- versions. Fixes bug 26272; bugfix on 0.3.1.1-alpha.
- o Minor bugfixes (controller, backport from 0.3.4.2-alpha):
- - Improve accuracy of the BUILDTIMEOUT_SET control port event's
- TIMEOUT_RATE and CLOSE_RATE fields. (We were previously
- miscounting the total number of circuits for these field values.)
- Fixes bug 26121; bugfix on 0.3.3.1-alpha.
- o Minor bugfixes (hardening, backport from 0.3.4.2-alpha):
- - Prevent a possible out-of-bounds smartlist read in
- protover_compute_vote(). Fixes bug 26196; bugfix on 0.2.9.4-alpha.
- o Minor bugfixes (path selection, backport from 0.3.4.1-alpha):
- - Only select relays when they have the descriptors we prefer to use
- for them. This change fixes a bug where we could select a relay
- because it had _some_ descriptor, but reject it later with a
- nonfatal assertion error because it didn't have the exact one we
- wanted. Fixes bugs 25691 and 25692; bugfix on 0.3.3.4-alpha.
- Changes in version 0.3.3.6 - 2018-05-22
- Tor 0.3.3.6 is the first stable release in the 0.3.3 series. It
- backports several important fixes from the 0.3.4.1-alpha.
- The Tor 0.3.3 series includes controller support and other
- improvements for v3 onion services, official support for embedding Tor
- within other applications, and our first non-trivial module written in
- the Rust programming language. (Rust is still not enabled by default
- when building Tor.) And as usual, there are numerous other smaller
- bugfixes, features, and improvements.
- Below are the changes since 0.3.2.10. For a list of only the changes
- since 0.3.3.5-rc, see the ChangeLog file.
- o New system requirements:
- - When built with Rust, Tor now depends on version 0.2.39 of the
- libc crate. Closes tickets 25310 and 25664.
- o Major features (embedding):
- - There is now a documented stable API for programs that need to
- embed Tor. See tor_api.h for full documentation and known bugs.
- Closes ticket 23684.
- - Tor now has support for restarting in the same process.
- Controllers that run Tor using the "tor_api.h" interface can now
- restart Tor after Tor has exited. This support is incomplete,
- however: we fixed crash bugs that prevented it from working at
- all, but many bugs probably remain, including a possibility of
- security issues. Implements ticket 24581.
- o Major features (IPv6, directory documents):
- - Add consensus method 27, which adds IPv6 ORPorts to the microdesc
- consensus. This information makes it easier for IPv6 clients to
- bootstrap and choose reachable entry guards. Implements
- ticket 23826.
- - Add consensus method 28, which removes IPv6 ORPorts from
- microdescriptors. Now that the consensus contains IPv6 ORPorts,
- they are redundant in microdescs. This change will be used by Tor
- clients on 0.2.8.x and later. (That is to say, with all Tor
- clients that have IPv6 bootstrap and guard support.) Implements
- ticket 23828.
- - Expand the documentation for AuthDirHasIPv6Connectivity when it is
- set by different numbers of authorities. Fixes 23870
- on 0.2.4.1-alpha.
- o Major features (onion service v3, control port):
- - The control port now supports commands and events for v3 onion
- services. It is now possible to create ephemeral v3 services using
- ADD_ONION. Additionally, several events (HS_DESC, HS_DESC_CONTENT,
- CIRC and CIRC_MINOR) and commands (GETINFO, HSPOST, ADD_ONION and
- DEL_ONION) have been extended to support v3 onion services. Closes
- ticket 20699; implements proposal 284.
- o Major features (onion services):
- - Provide torrc options to pin the second and third hops of onion
- service circuits to a list of nodes. The option HSLayer2Guards
- pins the second hop, and the option HSLayer3Guards pins the third
- hop. These options are for use in conjunction with experiments
- with "vanguards" for preventing guard enumeration attacks. Closes
- ticket 13837.
- - When v3 onion service clients send introduce cells, they now
- include the IPv6 address of the rendezvous point, if it has one.
- Current v3 onion services running 0.3.2 ignore IPv6 addresses, but
- in future Tor versions, IPv6-only v3 single onion services will be
- able to use IPv6 addresses to connect directly to the rendezvous
- point. Closes ticket 23577. Patch by Neel Chauhan.
- o Major features (relay):
- - Implement an option, ReducedExitPolicy, to allow an Tor exit relay
- operator to use a more reasonable ("reduced") exit policy, rather
- than the default one. If you want to run an exit node without
- thinking too hard about which ports to allow, this one is for you.
- Closes ticket 13605. Patch from Neel Chauhan.
- o Major features (rust, portability, experimental):
- - Tor now ships with an optional implementation of one of its
- smaller modules (protover.c) in the Rust programming language. To
- try it out, install a Rust build environment, and configure Tor
- with "--enable-rust --enable-cargo-online-mode". This should not
- cause any user-visible changes, but should help us gain more
- experience with Rust, and plan future Rust integration work.
- Implementation by Chelsea Komlo. Closes ticket 22840.
- o Major bugfixes (directory authorities, security, backport from 0.3.4.1-alpha):
- - When directory authorities read a zero-byte bandwidth file, they
- would previously log a warning with the contents of an
- uninitialised buffer. They now log a warning about the empty file
- instead. Fixes bug 26007; bugfix on 0.2.2.1-alpha.
- o Major bugfixes (security, directory authority, denial-of-service):
- - Fix a bug that could have allowed an attacker to force a directory
- authority to use up all its RAM by passing it a maliciously
- crafted protocol versions string. Fixes bug 25517; bugfix on
- 0.2.9.4-alpha. This issue is also tracked as TROVE-2018-005.
- o Major bugfixes (crash, backport from 0.3.4.1-alpha):
- - Avoid a rare assertion failure in the circuit build timeout code
- if we fail to allow any circuits to actually complete. Fixes bug
- 25733; bugfix on 0.2.2.2-alpha.
- o Major bugfixes (netflow padding):
- - Stop adding unneeded channel padding right after we finish
- flushing to a connection that has been trying to flush for many
- seconds. Instead, treat all partial or complete flushes as
- activity on the channel, which will defer the time until we need
- to add padding. This fix should resolve confusing and scary log
- messages like "Channel padding timeout scheduled 221453ms in the
- past." Fixes bug 22212; bugfix on 0.3.1.1-alpha.
- o Major bugfixes (networking):
- - Tor will no longer reject IPv6 address strings from Tor Browser
- when they are passed as hostnames in SOCKS5 requests. Fixes bug
- 25036, bugfix on Tor 0.3.1.2.
- o Major bugfixes (onion service, backport from 0.3.4.1-alpha):
- - Correctly detect when onion services get disabled after HUP. Fixes
- bug 25761; bugfix on 0.3.2.1.
- o Major bugfixes (performance, load balancing):
- - Directory authorities no longer vote in favor of the Guard flag
- for relays without directory support. Starting in Tor
- 0.3.0.1-alpha, clients have been avoiding using such relays in the
- Guard position, leading to increasingly broken load balancing for
- the 5%-or-so of Guards that don't advertise directory support.
- Fixes bug 22310; bugfix on 0.3.0.6.
- o Major bugfixes (relay):
- - If we have failed to connect to a relay and received a connection
- refused, timeout, or similar error (at the TCP level), do not try
- that same address/port again for 60 seconds after the failure has
- occurred. Fixes bug 24767; bugfix on 0.0.6.
- o Major bugfixes (relay, denial of service, backport from 0.3.4.1-alpha):
- - Impose a limit on circuit cell queue size. The limit can be
- controlled by a consensus parameter. Fixes bug 25226; bugfix
- on 0.2.4.14-alpha.
- o Minor features (cleanup):
- - Tor now deletes the CookieAuthFile and ExtORPortCookieAuthFile
- when it stops. Closes ticket 23271.
- o Minor features (compatibility, backport from 0.3.4.1-alpha):
- - Avoid some compilation warnings with recent versions of LibreSSL.
- Closes ticket 26006.
- o Minor features (config options):
- - Change the way the default value for MaxMemInQueues is calculated.
- We now use 40% of the hardware RAM if the system has 8 GB RAM or
- more. Otherwise we use the former value of 75%. Closes
- ticket 24782.
- o Minor features (continuous integration):
- - Update the Travis CI configuration to use the stable Rust channel,
- now that we have decided to require that. Closes ticket 25714.
- o Minor features (continuous integration, backport from 0.3.4.1-alpha):
- - Our .travis.yml configuration now includes support for testing the
- results of "make distcheck". (It's not uncommon for "make check"
- to pass but "make distcheck" to fail.) Closes ticket 25814.
- - Our Travis CI configuration now integrates with the Coveralls
- coverage analysis tool. Closes ticket 25818.
- o Minor features (defensive programming):
- - Most of the functions in Tor that free objects have been replaced
- with macros that free the objects and set the corresponding
- pointers to NULL. This change should help prevent a large class of
- dangling pointer bugs. Closes ticket 24337.
- - Where possible, the tor_free() macro now only evaluates its input
- once. Part of ticket 24337.
- - Check that microdesc ed25519 ids are non-zero in
- node_get_ed25519_id() before returning them. Implements ticket
- 24001, patch by "aruna1234".
- o Minor features (directory authority):
- - When directory authorities are unable to add signatures to a
- pending consensus, log the reason why. Closes ticket 24849.
- o Minor features (embedding):
- - Tor can now start with a preauthenticated control connection
- created by the process that launched it. This feature is meant for
- use by programs that want to launch and manage a Tor process
- without allowing other programs to manage it as well. For more
- information, see the __OwningControllerFD option documented in
- control-spec.txt. Closes ticket 23900.
- - On most errors that would cause Tor to exit, it now tries to
- return from the tor_main() function, rather than calling the
- system exit() function. Most users won't notice a difference here,
- but it should be significant for programs that run Tor inside a
- separate thread: they should now be able to survive Tor's exit
- conditions rather than having Tor shut down the entire process.
- Closes ticket 23848.
- - Applications that want to embed Tor can now tell Tor not to
- register any of its own POSIX signal handlers, using the
- __DisableSignalHandlers option. Closes ticket 24588.
- o Minor features (fallback directory list):
- - Avoid selecting fallbacks that change their IP addresses too
- often. Select more fallbacks by ignoring the Guard flag, and
- allowing lower cutoffs for the Running and V2Dir flags. Also allow
- a lower bandwidth, and a higher number of fallbacks per operator
- (5% of the list). Implements ticket 24785.
- - Update the fallback whitelist and blacklist based on opt-ins and
- relay changes. Closes tickets 22321, 24678, 22527, 24135,
- and 24695.
- o Minor features (fallback directory mirror configuration):
- - Add a nickname to each fallback in a C comment. This makes it
- easier for operators to find their relays, and allows stem to use
- nicknames to identify fallbacks. Implements ticket 24600.
- - Add a type and version header to the fallback directory mirror
- file. Also add a delimiter to the end of each fallback entry. This
- helps external parsers like stem and Relay Search. Implements
- ticket 24725.
- - Add an extrainfo cache flag for each fallback in a C comment. This
- allows stem to use fallbacks to fetch extra-info documents, rather
- than using authorities. Implements ticket 22759.
- - Add the generateFallbackDirLine.py script for automatically
- generating fallback directory mirror lines from relay fingerprints.
- No more typos! Add the lookupFallbackDirContact.py script for
- automatically looking up operator contact info from relay
- fingerprints. Implements ticket 24706, patch by teor and atagar.
- - Reject any fallback directory mirror that serves an expired
- consensus. Implements ticket 20942, patch by "minik".
- - Remove commas and equals signs from external string inputs to the
- fallback list. This avoids format confusion attacks. Implements
- ticket 24726.
- - Remove the "weight=10" line from fallback directory mirror
- entries. Ticket 24681 will maintain the current fallback weights
- by changing Tor's default fallback weight to 10. Implements
- ticket 24679.
- - Stop logging excessive information about fallback netblocks.
- Implements ticket 24791.
- o Minor features (forward-compatibility):
- - If a relay supports some link authentication protocol that we do
- not recognize, then include that relay's ed25519 key when telling
- other relays to extend to it. Previously, we treated future
- versions as if they were too old to support ed25519 link
- authentication. Closes ticket 20895.
- o Minor features (geoip):
- - Update geoip and geoip6 to the May 1 2018 Maxmind GeoLite2 Country
- database. Closes ticket 26104.
- o Minor features (heartbeat):
- - Add onion service information to our heartbeat logs, displaying
- stats about the activity of configured onion services. Closes
- ticket 24896.
- o Minor features (instrumentation, development):
- - Add the MainloopStats option to allow developers to get
- instrumentation information from the main event loop via the
- heartbeat messages. We hope to use this to improve Tor's behavior
- when it's trying to sleep. Closes ticket 24605.
- o Minor features (IPv6):
- - Make IPv6-only clients wait for microdescs for relays, even if we
- were previously using descriptors (or were using them as a bridge)
- and have a cached descriptor for them. Implements ticket 23827.
- - When a consensus has IPv6 ORPorts, make IPv6-only clients use
- them, rather than waiting to download microdescriptors. Implements
- ticket 23827.
- o Minor features (log messages):
- - Improve log message in the out-of-memory handler to include
- information about memory usage from the different compression
- backends. Closes ticket 25372.
- - Improve a warning message that happens when we fail to re-parse an
- old router because of an expired certificate. Closes ticket 20020.
- - Make the log more quantitative when we hit MaxMemInQueues
- threshold exposing some values. Closes ticket 24501.
- o Minor features (logging):
- - Clarify the log messages produced when getrandom() or a related
- entropy-generation mechanism gives an error. Closes ticket 25120.
- - Added support for the Android logging subsystem. Closes
- ticket 24362.
- o Minor features (performance):
- - Support predictive circuit building for onion service circuits
- with multiple layers of guards. Closes ticket 23101.
- - Use stdatomic.h where available, rather than mutexes, to implement
- atomic_counter_t. Closes ticket 23953.
- o Minor features (performance, 32-bit):
- - Improve performance on 32-bit systems by avoiding 64-bit division
- when calculating the timestamp in milliseconds for channel padding
- computations. Implements ticket 24613.
- - Improve performance on 32-bit systems by avoiding 64-bit division
- when timestamping cells and buffer chunks for OOM calculations.
- Implements ticket 24374.
- o Minor features (performance, OSX, iOS):
- - Use the mach_approximate_time() function (when available) to
- implement coarse monotonic time. Having a coarse time function
- should avoid a large number of system calls, and improve
- performance slightly, especially under load. Closes ticket 24427.
- o Minor features (performance, windows):
- - Improve performance on Windows Vista and Windows 7 by adjusting
- TCP send window size according to the recommendation from
- SIO_IDEAL_SEND_BACKLOG_QUERY. Closes ticket 22798. Patch
- from Vort.
- o Minor features (sandbox):
- - Explicitly permit the poll() system call when the Linux
- seccomp2-based sandbox is enabled: apparently, some versions of
- libc use poll() when calling getpwnam(). Closes ticket 25313.
- o Minor features (storage, configuration):
- - Users can store cached directory documents somewhere other than
- the DataDirectory by using the CacheDirectory option. Similarly,
- the storage location for relay's keys can be overridden with the
- KeyDirectory option. Closes ticket 22703.
- o Minor features (testing):
- - Add a "make test-rust" target to run the rust tests only. Closes
- ticket 25071.
- o Minor features (testing, debugging, embedding):
- - For development purposes, Tor now has a mode in which it runs for
- a few seconds, then stops, and starts again without exiting the
- process. This mode is meant to help us debug various issues with
- ticket 23847. To use this feature, compile with
- --enable-restart-debugging, and set the TOR_DEBUG_RESTART
- environment variable. This is expected to crash a lot, and is
- really meant for developers only. It will likely be removed in a
- future release. Implements ticket 24583.
- o Minor bugfixes (build, rust):
- - Fix output of autoconf checks to display success messages for Rust
- dependencies and a suitable rustc compiler version. Fixes bug
- 24612; bugfix on 0.3.1.3-alpha.
- - Don't pass the --quiet option to cargo: it seems to suppress some
- errors, which is not what we want to do when building. Fixes bug
- 24518; bugfix on 0.3.1.7.
- - Build correctly when building from outside Tor's source tree with
- the TOR_RUST_DEPENDENCIES option set. Fixes bug 22768; bugfix
- on 0.3.1.7.
- o Minor bugfixes (C correctness):
- - Fix a very unlikely (impossible, we believe) null pointer
- dereference. Fixes bug 25629; bugfix on 0.2.9.15. Found by
- Coverity; this is CID 1430932.
- o Minor bugfixes (channel, client):
- - Better identify client connection when reporting to the geoip
- client cache. Fixes bug 24904; bugfix on 0.3.1.7.
- o Minor bugfixes (circuit, cannibalization):
- - Don't cannibalize preemptively-built circuits if we no longer
- recognize their first hop. This situation can happen if our Guard
- relay went off the consensus after the circuit was created. Fixes
- bug 24469; bugfix on 0.0.6.
- o Minor bugfixes (client, backport from 0.3.4.1-alpha):
- - Don't consider Tor running as a client if the ControlPort is open,
- but no actual client ports are open. Fixes bug 26062; bugfix
- on 0.2.9.4-alpha.
- o Minor bugfixes (compilation):
- - Fix a C99 compliance issue in our configuration script that caused
- compilation issues when compiling Tor with certain versions of
- xtools. Fixes bug 25474; bugfix on 0.3.2.5-alpha.
- o Minor bugfixes (controller):
- - Restore the correct operation of the RESOLVE command, which had
- been broken since we added the ability to enable/disable DNS on
- specific listener ports. Fixes bug 25617; bugfix on 0.2.9.3-alpha.
- - Avoid a (nonfatal) assertion failure when extending a one-hop
- circuit from the controller to become a multihop circuit. Fixes
- bug 24903; bugfix on 0.2.5.2-alpha.
- o Minor bugfixes (correctness):
- - Remove a nonworking, unnecessary check to see whether a circuit
- hop's identity digest was set when the circuit failed. Fixes bug
- 24927; bugfix on 0.2.4.4-alpha.
- o Minor bugfixes (correctness, client, backport from 0.3.4.1-alpha):
- - Upon receiving a malformed connected cell, stop processing the
- cell immediately. Previously we would mark the connection for
- close, but continue processing the cell as if the connection were
- open. Fixes bug 26072; bugfix on 0.2.4.7-alpha.
- o Minor bugfixes (directory authorities, IPv6):
- - When creating a routerstatus (vote) from a routerinfo (descriptor),
- set the IPv6 address to the unspecified IPv6 address, and
- explicitly initialize the port to zero. Fixes bug 24488; bugfix
- on 0.2.4.1-alpha.
- o Minor bugfixes (documentation):
- - Document that the PerConnBW{Rate,Burst} options will fall back to
- their corresponding consensus parameters only if those parameters
- are set. Previously we had claimed that these values would always
- be set in the consensus. Fixes bug 25296; bugfix on 0.2.2.7-alpha.
- o Minor bugfixes (documentation, backport from 0.3.4.1-alpha):
- - Stop saying in the manual that clients cache ipv4 dns answers from
- exit relays. We haven't used them since 0.2.6.3-alpha, and in
- ticket 24050 we stopped even caching them as of 0.3.2.6-alpha, but
- we forgot to say so in the man page. Fixes bug 26052; bugfix
- on 0.3.2.6-alpha.
- o Minor bugfixes (exit relay DNS retries):
- - Re-attempt timed-out DNS queries 3 times before failure, since our
- timeout is 5 seconds for them, but clients wait 10-15. Also allow
- slightly more timeouts per resolver when an exit has multiple
- resolvers configured. Fixes bug 21394; bugfix on 0.3.1.9.
- o Minor bugfixes (fallback directory mirrors):
- - Make updateFallbackDirs.py search harder for python. (Some OSs
- don't put it in /usr/bin.) Fixes bug 24708; bugfix
- on 0.2.8.1-alpha.
- o Minor bugfixes (hibernation, bandwidth accounting, shutdown):
- - When hibernating, close connections normally and allow them to
- flush. Fixes bug 23571; bugfix on 0.2.4.7-alpha. Also fixes
- bug 7267.
- - Do not attempt to launch self-reachability tests when entering
- hibernation. Fixes a case of bug 12062; bugfix on 0.0.9pre5.
- - Resolve several bugs related to descriptor fetching on bridge
- clients with bandwidth accounting enabled. (This combination is
- not recommended!) Fixes a case of bug 12062; bugfix
- on 0.2.0.3-alpha.
- - When hibernating, do not attempt to launch DNS checks. Fixes a
- case of bug 12062; bugfix on 0.1.2.2-alpha.
- - When hibernating, do not try to upload or download descriptors.
- Fixes a case of bug 12062; bugfix on 0.0.9pre5.
- o Minor bugfixes (IPv6, bridges):
- - Tor now always sets IPv6 preferences for bridges. Fixes bug 24573;
- bugfix on 0.2.8.2-alpha.
- - Tor now sets IPv6 address in the routerstatus as well as in the
- router descriptors when updating addresses for a bridge. Closes
- ticket 24572; bugfix on 0.2.4.5-alpha. Patch by "ffmancera".
- o Minor bugfixes (Linux seccomp2 sandbox):
- - When running with the sandbox enabled, reload configuration files
- correctly even when %include was used. Previously we would crash.
- Fixes bug 22605; bugfix on 0.3.1. Patch from Daniel Pinto.
- o Minor bugfixes (Linux seccomp2 sandbox, backport from 0.3.4.1-alpha):
- - Allow the nanosleep() system call, which glibc uses to implement
- sleep() and usleep(). Fixes bug 24969; bugfix on 0.2.5.1-alpha.
- o Minor bugfixes (logging):
- - Fix a (mostly harmless) race condition when invoking
- LOG_PROTOCOL_WARN message from a subthread while the torrc options
- are changing. Fixes bug 23954; bugfix on 0.1.1.9-alpha.
- o Minor bugfixes (man page, SocksPort):
- - Remove dead code from the old "SocksSocket" option, and rename
- SocksSocketsGroupWritable to UnixSocksGroupWritable. The old
- option still works, but is deprecated. Fixes bug 24343; bugfix
- on 0.2.6.3.
- o Minor bugfixes (memory leaks):
- - Avoid possible at-exit memory leaks related to use of Libevent's
- event_base_once() function. (This function tends to leak memory if
- the event_base is closed before the event fires.) Fixes bug 24584;
- bugfix on 0.2.8.1-alpha.
- - Fix a harmless memory leak in tor-resolve. Fixes bug 24582; bugfix
- on 0.2.1.1-alpha.
- o Minor bugfixes (network IPv6 test):
- - Tor's test scripts now check if "ping -6 ::1" works when the user
- runs "make test-network-all". Fixes bug 24677; bugfix on
- 0.2.9.3-alpha. Patch by "ffmancera".
- o Minor bugfixes (networking):
- - string_is_valid_hostname() will not consider IP strings to be
- valid hostnames. Fixes bug 25055; bugfix on Tor 0.2.5.5.
- o Minor bugfixes (onion service v3):
- - Avoid an assertion failure when the next onion service descriptor
- rotation type is out of sync with the consensus's valid-after
- time. Instead, log a warning message with extra information, so we
- can better hunt down the cause of this assertion. Fixes bug 25306;
- bugfix on 0.3.2.1-alpha.
- o Minor bugfixes (onion service, backport from 0.3.4.1-alpha):
- - Fix a memory leak when a v3 onion service is configured and gets a
- SIGHUP signal. Fixes bug 25901; bugfix on 0.3.2.1-alpha.
- - When parsing the descriptor signature, look for the token plus an
- extra white-space at the end. This is more correct but also will
- allow us to support new fields that might start with "signature".
- Fixes bug 26069; bugfix on 0.3.0.1-alpha.
- o Minor bugfixes (onion services):
- - If we are configured to offer a single onion service, don't log
- long-term established one hop rendezvous points in the heartbeat.
- Fixes bug 25116; bugfix on 0.2.9.6-rc.
- o Minor bugfixes (performance):
- - Reduce the number of circuits that will be opened at once during
- the circuit build timeout phase. This is done by increasing the
- idle timeout to 3 minutes, and lowering the maximum number of
- concurrent learning circuits to 10. Fixes bug 24769; bugfix
- on 0.3.1.1-alpha.
- - Avoid calling protocol_list_supports_protocol() from inside tight
- loops when running with cached routerinfo_t objects. Instead,
- summarize the relevant protocols as flags in the routerinfo_t, as
- we do for routerstatus_t objects. This change simplifies our code
- a little, and saves a large amount of short-term memory allocation
- operations. Fixes bug 25008; bugfix on 0.2.9.4-alpha.
- o Minor bugfixes (performance, timeouts):
- - Consider circuits for timeout as soon as they complete a hop. This
- is more accurate than applying the timeout in
- circuit_expire_building() because that function is only called
- once per second, which is now too slow for typical timeouts on the
- current network. Fixes bug 23114; bugfix on 0.2.2.2-alpha.
- - Use onion service circuits (and other circuits longer than 3 hops)
- to calculate a circuit build timeout. Previously, Tor only
- calculated its build timeout based on circuits that planned to be
- exactly 3 hops long. With this change, we include measurements
- from all circuits at the point where they complete their third
- hop. Fixes bug 23100; bugfix on 0.2.2.2-alpha.
- o Minor bugfixes (relay, crash, backport from 0.3.4.1-alpha):
- - Avoid a crash when running with DirPort set but ORPort turned off.
- Fixes a case of bug 23693; bugfix on 0.3.1.1-alpha.
- o Minor bugfixes (Rust FFI):
- - Fix a minor memory leak which would happen whenever the C code
- would call the Rust implementation of
- protover_get_supported_protocols(). This was due to the C version
- returning a static string, whereas the Rust version newly allocated
- a CString to pass across the FFI boundary. Consequently, the C
- code was not expecting to need to free() what it was given. Fixes
- bug 25127; bugfix on 0.3.2.1-alpha.
- o Minor bugfixes (spelling):
- - Use the "misspell" tool to detect and fix typos throughout the
- source code. Fixes bug 23650; bugfix on various versions of Tor.
- Patch from Deepesh Pathak.
- o Minor bugfixes (testing):
- - Avoid intermittent test failures due to a test that had relied on
- onion service introduction point creation finishing within 5
- seconds of real clock time. Fixes bug 25450; bugfix
- on 0.3.1.3-alpha.
- - Give out Exit flags in bootstrapping networks. Fixes bug 24137;
- bugfix on 0.2.3.1-alpha.
- o Minor bugfixes (unit test, monotonic time):
- - Increase a constant (1msec to 10msec) in the monotonic time test
- that makes sure the nsec/usec/msec times read are synchronized.
- This change was needed to accommodate slow systems like armel or
- when the clock_gettime() is not a VDSO on the running kernel.
- Fixes bug 25113; bugfix on 0.2.9.1.
- o Code simplification and refactoring:
- - Move the list of default directory authorities to its own file.
- Closes ticket 24854. Patch by "beastr0".
- - Remove the old (deterministic) directory retry logic entirely:
- We've used exponential backoff exclusively for some time. Closes
- ticket 23814.
- - Remove the unused nodelist_recompute_all_hsdir_indices(). Closes
- ticket 25108.
- - Remove a series of counters used to track circuit extend attempts
- and connection status but that in reality we aren't using for
- anything other than stats logged by a SIGUSR1 signal. Closes
- ticket 25163.
- - Remove /usr/athena from search path in configure.ac. Closes
- ticket 24363.
- - Remove duplicate code in node_has_curve25519_onion_key() and
- node_get_curve25519_onion_key(), and add a check for a zero
- microdesc curve25519 onion key. Closes ticket 23966, patch by
- "aruna1234" and teor.
- - Rewrite channel_rsa_id_group_set_badness to reduce temporary
- memory allocations with large numbers of OR connections (e.g.
- relays). Closes ticket 24119.
- - Separate the function that deletes ephemeral files when Tor
- stops gracefully.
- - Small changes to Tor's buf_t API to make it suitable for use as a
- general-purpose safe string constructor. Closes ticket 22342.
- - Switch -Wnormalized=id to -Wnormalized=nfkc in configure.ac to
- avoid source code identifier confusion. Closes ticket 24467.
- - The tor_git_revision[] constant no longer needs to be redeclared
- by everything that links against the rest of Tor. Done as part of
- ticket 23845, to simplify our external API.
- - We make extend_info_from_node() use node_get_curve25519_onion_key()
- introduced in ticket 23577 to access the curve25519 public keys
- rather than accessing it directly. Closes ticket 23760. Patch by
- Neel Chauhan.
- - Add a function to log channels' scheduler state changes to aid
- debugging efforts. Closes ticket 24531.
- o Documentation:
- - Improved the documentation of AccountingStart parameter. Closes
- ticket 23635.
- - Update the documentation for "Log" to include the current list of
- logging domains. Closes ticket 25378.
- - Add documentation on how to build tor with Rust dependencies
- without having to be online. Closes ticket 22907; bugfix
- on 0.3.0.3-alpha.
- - Clarify the behavior of RelayBandwidth{Rate,Burst} with client
- traffic. Closes ticket 24318.
- - Document that OutboundBindAddress doesn't apply to DNS requests.
- Closes ticket 22145. Patch from Aruna Maurya.
- o Code simplification and refactoring (channels):
- - Remove the incoming and outgoing channel queues. These were never
- used, but still took up a step in our fast path.
- - The majority of the channel unit tests have been rewritten and the
- code coverage has now been raised to 83.6% for channel.c. Closes
- ticket 23709.
- - Remove other dead code from the channel subsystem: All together,
- this cleanup has removed more than 1500 lines of code overall and
- adding very little except for unit test.
- o Code simplification and refactoring (circuit rendezvous):
- - Split the client-side rendezvous circuit lookup into two
- functions: one that returns only established circuits and another
- that returns all kinds of circuits. Closes ticket 23459.
- o Code simplification and refactoring (controller):
- - Make most of the variables in networkstatus_getinfo_by_purpose()
- const. Implements ticket 24489.
- o Documentation (backport from 0.3.4.1-alpha):
- - Correct an IPv6 error in the documentation for ExitPolicy. Closes
- ticket 25857. Patch from "CTassisF".
- o Documentation (man page):
- - The HiddenServiceVersion torrc option accepts only one number:
- either version 2 or 3. Closes ticket 25026; bugfix
- on 0.3.2.2-alpha.
- o Documentation (manpage, denial of service):
- - Provide more detail about the denial-of-service options, by
- listing each mitigation and explaining how they relate. Closes
- ticket 25248.
- Changes in version 0.3.1.10 - 2018-03-03
- Tor 0.3.1.10 backports a number of bugfixes, including important fixes for
- security issues.
- It includes an important security fix for a remote crash attack
- against directory authorities, tracked as TROVE-2018-001.
- This release also backports our new system for improved resistance to
- denial-of-service attacks against relays.
- This release also fixes several minor bugs and annoyances from
- earlier releases.
- All directory authorities should upgrade to one of the versions
- released today. Relays running 0.3.1.x may wish to update to one of
- the versions released today, for the DoS mitigations.
- Please note: according to our release calendar, Tor 0.3.1 will no
- longer be supported after 1 July 2018. If you will be running Tor
- after that date, you should make sure to plan to upgrade to the latest
- stable version, or downgrade to 0.2.9 (which will receive long-term
- support).
- o Major bugfixes (denial-of-service, directory authority, backport from 0.3.3.3-alpha):
- - Fix a protocol-list handling bug that could be used to remotely crash
- directory authorities with a null-pointer exception. Fixes bug 25074;
- bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2018-001 and
- CVE-2018-0490.
- o Major features (denial-of-service mitigation, backport from 0.3.3.2-alpha):
- - Give relays some defenses against the recent network overload. We
- start with three defenses (default parameters in parentheses).
- First: if a single client address makes too many concurrent
- connections (>100), hang up on further connections. Second: if a
- single client address makes circuits too quickly (more than 3 per
- second, with an allowed burst of 90) while also having too many
- connections open (3), refuse new create cells for the next while
- (1-2 hours). Third: if a client asks to establish a rendezvous
- point to you directly, ignore the request. These defenses can be
- manually controlled by new torrc options, but relays will also
- take guidance from consensus parameters, so there's no need to
- configure anything manually. Implements ticket 24902.
- o Minor features (linux seccomp2 sandbox, backport from 0.3.2.5-alpha):
- - Update the sandbox rules so that they should now work correctly
- with Glibc 2.26. Closes ticket 24315.
- o Major bugfixes (onion services, retry behavior, backport from 0.3.3.1-alpha):
- - Fix an "off by 2" error in counting rendezvous failures on the
- onion service side. While we thought we would stop the rendezvous
- attempt after one failed circuit, we were actually making three
- circuit attempts before giving up. Now switch to a default of 2,
- and allow the consensus parameter "hs_service_max_rdv_failures" to
- override. Fixes bug 24895; bugfix on 0.0.6.
- o Major bugfixes (protocol versions, backport from 0.3.3.2-alpha):
- - Add Link protocol version 5 to the supported protocols list. Fixes
- bug 25070; bugfix on 0.3.1.1-alpha.
- o Major bugfixes (relay, backport from 0.3.3.1-alpha):
- - Fix a set of false positives where relays would consider
- connections to other relays as being client-only connections (and
- thus e.g. deserving different link padding schemes) if those
- relays fell out of the consensus briefly. Now we look only at the
- initial handshake and whether the connection authenticated as a
- relay. Fixes bug 24898; bugfix on 0.3.1.1-alpha.
- o Minor features (denial-of-service avoidance, backport from 0.3.3.2-alpha):
- - Make our OOM handler aware of the geoip client history cache so it
- doesn't fill up the memory. This check is important for IPv6 and
- our DoS mitigation subsystem. Closes ticket 25122.
- o Minor feature (relay statistics, backport from 0.3.2.6-alpha):
- - Change relay bandwidth reporting stats interval from 4 hours to 24
- hours in order to reduce the efficiency of guard discovery
- attacks. Fixes ticket 23856.
- o Minor features (compatibility, OpenSSL, backport from 0.3.3.3-alpha):
- - Tor will now support TLS1.3 once OpenSSL 1.1.1 is released.
- Previous versions of Tor would not have worked with OpenSSL 1.1.1,
- since they neither disabled TLS 1.3 nor enabled any of the
- ciphersuites it requires. Now we enable the TLS 1.3 ciphersuites.
- Closes ticket 24978.
- o Minor features (fallback directory mirrors, backport from 0.3.2.9):
- - The fallback directory list has been re-generated based on the
- current status of the network. Tor uses fallback directories to
- bootstrap when it doesn't yet have up-to-date directory
- information. Closes ticket 24801.
- - Make the default DirAuthorityFallbackRate 0.1, so that clients
- prefer to bootstrap from fallback directory mirrors. This is a
- follow-up to 24679, which removed weights from the default
- fallbacks. Implements ticket 24681.
- o Minor features (geoip):
- - Update geoip and geoip6 to the February 7 2018 Maxmind GeoLite2
- Country database.
- o Minor bugfix (channel connection, backport from 0.3.3.2-alpha):
- - Use the actual observed address of an incoming relay connection,
- not the canonical address of the relay from its descriptor, when
- making decisions about how to handle the incoming connection.
- Fixes bug 24952; bugfix on 0.2.4.11-alpha. Patch by "ffmancera".
- o Minor bugfix (directory authority, backport from 0.3.3.2-alpha):
- - Directory authorities, when refusing a descriptor from a rejected
- relay, now explicitly tell the relay (in its logs) to set a valid
- ContactInfo address and contact the bad-relays@ mailing list.
- Fixes bug 25170; bugfix on 0.2.9.1.
- o Minor bugfixes (address selection, backport from 0.3.2.9):
- - When the fascist_firewall_choose_address_ functions don't find a
- reachable address, set the returned address to the null address
- and port. This is a precautionary measure, because some callers do
- not check the return value. Fixes bug 24736; bugfix
- on 0.2.8.2-alpha.
- o Major bugfixes (bootstrapping, backport from 0.3.2.5-alpha):
- - Fetch descriptors aggressively whenever we lack enough to build
- circuits, regardless of how many descriptors we are missing.
- Previously, we would delay launching the fetch when we had fewer
- than 15 missing descriptors, even if some of those descriptors
- were blocking circuits from building. Fixes bug 23985; bugfix on
- 0.1.1.11-alpha. The effects of this bug became worse in
- 0.3.0.3-alpha, when we began treating missing descriptors from our
- primary guards as a reason to delay circuits.
- - Don't try fetching microdescriptors from relays that have failed
- to deliver them in the past. Fixes bug 23817; bugfix
- on 0.3.0.1-alpha.
- o Minor bugfixes (compilation, backport from 0.3.2.7-rc):
- - Fix a signed/unsigned comparison warning introduced by our fix to
- TROVE-2017-009. Fixes bug 24480; bugfix on 0.2.5.16.
- o Minor bugfixes (control port, linux seccomp2 sandbox, backport from 0.3.2.5-alpha):
- - Avoid a crash when attempting to use the seccomp2 sandbox together
- with the OwningControllerProcess feature. Fixes bug 24198; bugfix
- on 0.2.5.1-alpha.
- o Minor bugfixes (denial-of-service, backport from 0.3.3.3-alpha):
- - Fix a possible crash on malformed consensus. If a consensus had
- contained an unparseable protocol line, it could have made clients
- and relays crash with a null-pointer exception. To exploit this
- issue, however, an attacker would need to be able to subvert the
- directory authority system. Fixes bug 25251; bugfix on
- 0.2.9.4-alpha. Also tracked as TROVE-2018-004.
- o Minor bugfixes (directory cache, backport from 0.3.2.5-alpha):
- - Recover better from empty or corrupt files in the consensus cache
- directory. Fixes bug 24099; bugfix on 0.3.1.1-alpha.
- - When a consensus diff calculation is only partially successful,
- only record the successful parts as having succeeded. Partial
- success can happen if (for example) one compression method fails
- but the others succeed. Previously we misrecorded all the
- calculations as having succeeded, which would later cause a
- nonfatal assertion failure. Fixes bug 24086; bugfix
- on 0.3.1.1-alpha.
- o Minor bugfixes (entry guards, backport from 0.3.2.3-alpha):
- - Tor now updates its guard state when it reads a consensus
- regardless of whether it's missing descriptors. That makes tor use
- its primary guards to fetch descriptors in some edge cases where
- it would previously have used fallback directories. Fixes bug
- 23862; bugfix on 0.3.0.1-alpha.
- o Minor bugfixes (logging, backport from 0.3.3.2-alpha):
- - Don't treat inability to store a cached consensus object as a bug:
- it can happen normally when we are out of disk space. Fixes bug
- 24859; bugfix on 0.3.1.1-alpha.
- o Minor bugfixes (memory usage, backport from 0.3.2.8-rc):
- - When queuing DESTROY cells on a channel, only queue the circuit-id
- and reason fields: not the entire 514-byte cell. This fix should
- help mitigate any bugs or attacks that fill up these queues, and
- free more RAM for other uses. Fixes bug 24666; bugfix
- on 0.2.5.1-alpha.
- o Minor bugfixes (network layer, backport from 0.3.2.5-alpha):
- - When closing a connection via close_connection_immediately(), we
- mark it as "not blocked on bandwidth", to prevent later calls from
- trying to unblock it, and give it permission to read. This fixes a
- backtrace warning that can happen on relays under various
- circumstances. Fixes bug 24167; bugfix on 0.1.0.1-rc.
- o Minor bugfixes (path selection, backport from 0.3.2.4-alpha):
- - When selecting relays by bandwidth, avoid a rounding error that
- could sometimes cause load to be imbalanced incorrectly.
- Previously, we would always round upwards; now, we round towards
- the nearest integer. This had the biggest effect when a relay's
- weight adjustments should have given it weight 0, but it got
- weight 1 instead. Fixes bug 23318; bugfix on 0.2.4.3-alpha.
- - When calculating the fraction of nodes that have descriptors, and
- all nodes in the network have zero bandwidths, count the number of
- nodes instead. Fixes bug 23318; bugfix on 0.2.4.10-alpha.
- - Actually log the total bandwidth in compute_weighted_bandwidths().
- Fixes bug 24170; bugfix on 0.2.4.3-alpha.
- o Minor bugfixes (performance, fragile-hardening, backport from 0.3.3.1-alpha):
- - Improve the performance of our consensus-diff application code
- when Tor is built with the --enable-fragile-hardening option set.
- Fixes bug 24826; bugfix on 0.3.1.1-alpha.
- o Minor bugfixes (OSX, backport from 0.3.3.1-alpha):
- - Don't exit the Tor process if setrlimit() fails to change the file
- limit (which can happen sometimes on some versions of OSX). Fixes
- bug 21074; bugfix on 0.0.9pre5.
- o Minor bugfixes (portability, msvc, backport from 0.3.2.9):
- - Fix a bug in the bit-counting parts of our timing-wheel code on
- MSVC. (Note that MSVC is still not a supported build platform, due
- to cyptographic timing channel risks.) Fixes bug 24633; bugfix
- on 0.2.9.1-alpha.
- o Minor bugfixes (relay, partial backport):
- - Make the internal channel_is_client() function look at what sort
- of connection handshake the other side used, rather than whether
- the other side ever sent a create_fast cell to us. Backports part
- of the fixes from bugs 22805 and 24898.
- o Minor bugfixes (spec conformance, backport from 0.3.3.3-alpha):
- - Forbid "-0" as a protocol version. Fixes part of bug 25249; bugfix on
- 0.2.9.4-alpha.
- - Forbid UINT32_MAX as a protocol version. Fixes part of bug 25249;
- bugfix on 0.2.9.4-alpha.
- o Code simplification and refactoring (backport from 0.3.3.3-alpha):
- - Update the "rust dependencies" submodule to be a project-level
- repository, rather than a user repository. Closes ticket 25323.
- Changes in version 0.2.9.15 - 2018-03-03
- Tor 0.2.9.15 backports important security and stability bugfixes from
- later Tor releases.
- It includes an important security fix for a remote crash attack
- against directory authorities, tracked as TROVE-2018-001.
- This release also backports our new system for improved resistance to
- denial-of-service attacks against relays.
- This release also fixes several minor bugs and annoyances from
- earlier releases.
- All directory authorities should upgrade to one of the versions
- released today. Relays running 0.2.9.x may wish to update to one of
- the versions released today, for the DoS mitigations.
- o Major bugfixes (denial-of-service, directory authority, backport from 0.3.3.3-alpha):
- - Fix a protocol-list handling bug that could be used to remotely crash
- directory authorities with a null-pointer exception. Fixes bug 25074;
- bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2018-001 and
- CVE-2018-0490.
- o Major features (denial-of-service mitigation):
- - Give relays some defenses against the recent network overload. We
- start with three defenses (default parameters in parentheses).
- First: if a single client address makes too many concurrent
- connections (>100), hang up on further connections. Second: if a
- single client address makes circuits too quickly (more than 3 per
- second, with an allowed burst of 90) while also having too many
- connections open (3), refuse new create cells for the next while
- (1-2 hours). Third: if a client asks to establish a rendezvous
- point to you directly, ignore the request. These defenses can be
- manually controlled by new torrc options, but relays will also
- take guidance from consensus parameters, so there's no need to
- configure anything manually. Implements ticket 24902.
- o Major bugfixes (bootstrapping):
- - Fetch descriptors aggressively whenever we lack enough to build
- circuits, regardless of how many descriptors we are missing.
- Previously, we would delay launching the fetch when we had fewer
- than 15 missing descriptors, even if some of those descriptors
- were blocking circuits from building. Fixes bug 23985; bugfix on
- 0.1.1.11-alpha. The effects of this bug became worse in
- 0.3.0.3-alpha, when we began treating missing descriptors from our
- primary guards as a reason to delay circuits.
- o Major bugfixes (onion services, retry behavior):
- - Fix an "off by 2" error in counting rendezvous failures on the
- onion service side. While we thought we would stop the rendezvous
- attempt after one failed circuit, we were actually making three
- circuit attempts before giving up. Now switch to a default of 2,
- and allow the consensus parameter "hs_service_max_rdv_failures" to
- override. Fixes bug 24895; bugfix on 0.0.6.
- o Minor feature (relay statistics):
- - Change relay bandwidth reporting stats interval from 4 hours to 24
- hours in order to reduce the efficiency of guard discovery
- attacks. Fixes ticket 23856.
- o Minor features (compatibility, OpenSSL):
- - Tor will now support TLS1.3 once OpenSSL 1.1.1 is released.
- Previous versions of Tor would not have worked with OpenSSL 1.1.1,
- since they neither disabled TLS 1.3 nor enabled any of the
- ciphersuites it requires. Now we enable the TLS 1.3 ciphersuites.
- Closes ticket 24978.
- o Minor features (denial-of-service avoidance):
- - Make our OOM handler aware of the geoip client history cache so it
- doesn't fill up the memory. This check is important for IPv6 and
- our DoS mitigation subsystem. Closes ticket 25122.
- o Minor features (fallback directory mirrors):
- - The fallback directory list has been re-generated based on the
- current status of the network. Tor uses fallback directories to
- bootstrap when it doesn't yet have up-to-date directory
- information. Closes ticket 24801.
- - Make the default DirAuthorityFallbackRate 0.1, so that clients
- prefer to bootstrap from fallback directory mirrors. This is a
- follow-up to 24679, which removed weights from the default
- fallbacks. Implements ticket 24681.
- o Minor features (geoip):
- - Update geoip and geoip6 to the February 7 2018 Maxmind GeoLite2
- Country database.
- o Minor features (linux seccomp2 sandbox):
- - Update the sandbox rules so that they should now work correctly
- with Glibc 2.26. Closes ticket 24315.
- o Minor bugfix (channel connection):
- - Use the actual observed address of an incoming relay connection,
- not the canonical address of the relay from its descriptor, when
- making decisions about how to handle the incoming connection.
- Fixes bug 24952; bugfix on 0.2.4.11-alpha. Patch by "ffmancera".
- o Minor bugfix (directory authority):
- - Directory authorities, when refusing a descriptor from a rejected
- relay, now explicitly tell the relay (in its logs) to set a valid
- ContactInfo address and contact the bad-relays@ mailing list.
- Fixes bug 25170; bugfix on 0.2.9.1.
- o Minor bugfixes (address selection):
- - When the fascist_firewall_choose_address_ functions don't find a
- reachable address, set the returned address to the null address
- and port. This is a precautionary measure, because some callers do
- not check the return value. Fixes bug 24736; bugfix
- on 0.2.8.2-alpha.
- o Minor bugfixes (compilation):
- - Fix a signed/unsigned comparison warning introduced by our fix to
- TROVE-2017-009. Fixes bug 24480; bugfix on 0.2.5.16.
- o Minor bugfixes (control port, linux seccomp2 sandbox):
- - Avoid a crash when attempting to use the seccomp2 sandbox together
- with the OwningControllerProcess feature. Fixes bug 24198; bugfix
- on 0.2.5.1-alpha.
- o Minor bugfixes (denial-of-service, backport from 0.3.3.3-alpha):
- - Fix a possible crash on malformed consensus. If a consensus had
- contained an unparseable protocol line, it could have made clients
- and relays crash with a null-pointer exception. To exploit this
- issue, however, an attacker would need to be able to subvert the
- directory authority system. Fixes bug 25251; bugfix on
- 0.2.9.4-alpha. Also tracked as TROVE-2018-004.
- o Minor bugfixes (memory usage):
- - When queuing DESTROY cells on a channel, only queue the circuit-id
- and reason fields: not the entire 514-byte cell. This fix should
- help mitigate any bugs or attacks that fill up these queues, and
- free more RAM for other uses. Fixes bug 24666; bugfix
- on 0.2.5.1-alpha.
- o Minor bugfixes (network layer):
- - When closing a connection via close_connection_immediately(), we
- mark it as "not blocked on bandwidth", to prevent later calls from
- trying to unblock it, and give it permission to read. This fixes a
- backtrace warning that can happen on relays under various
- circumstances. Fixes bug 24167; bugfix on 0.1.0.1-rc.
- o Minor bugfixes (OSX):
- - Don't exit the Tor process if setrlimit() fails to change the file
- limit (which can happen sometimes on some versions of OSX). Fixes
- bug 21074; bugfix on 0.0.9pre5.
- o Minor bugfixes (path selection):
- - When selecting relays by bandwidth, avoid a rounding error that
- could sometimes cause load to be imbalanced incorrectly.
- Previously, we would always round upwards; now, we round towards
- the nearest integer. This had the biggest effect when a relay's
- weight adjustments should have given it weight 0, but it got
- weight 1 instead. Fixes bug 23318; bugfix on 0.2.4.3-alpha.
- - When calculating the fraction of nodes that have descriptors, and
- all nodes in the network have zero bandwidths, count the number of
- nodes instead. Fixes bug 23318; bugfix on 0.2.4.10-alpha.
- - Actually log the total bandwidth in compute_weighted_bandwidths().
- Fixes bug 24170; bugfix on 0.2.4.3-alpha.
- o Minor bugfixes (portability, msvc):
- - Fix a bug in the bit-counting parts of our timing-wheel code on
- MSVC. (Note that MSVC is still not a supported build platform, due
- to cryptographic timing channel risks.) Fixes bug 24633; bugfix
- on 0.2.9.1-alpha.
- o Minor bugfixes (relay):
- - Make the internal channel_is_client() function look at what sort
- of connection handshake the other side used, rather than whether
- the other side ever sent a create_fast cell to us. Backports part
- of the fixes from bugs 22805 and 24898.
- o Minor bugfixes (spec conformance, backport from 0.3.3.3-alpha):
- - Forbid "-0" as a protocol version. Fixes part of bug 25249; bugfix on
- 0.2.9.4-alpha.
- - Forbid UINT32_MAX as a protocol version. Fixes part of bug 25249;
- bugfix on 0.2.9.4-alpha.
- Changes in version 0.3.2.10 - 2018-03-03
- Tor 0.3.2.10 is the second stable release in the 0.3.2 series. It
- backports a number of bugfixes, including important fixes for security
- issues.
- It includes an important security fix for a remote crash attack
- against directory authorities, tracked as TROVE-2018-001.
- Additionally, it backports a fix for a bug whose severity we have
- upgraded: Bug 24700, which was fixed in 0.3.3.2-alpha, can be remotely
- triggered in order to crash relays with a use-after-free pattern. As
- such, we are now tracking that bug as TROVE-2018-002 and
- CVE-2018-0491, and backporting it to earlier releases. This bug
- affected versions 0.3.2.1-alpha through 0.3.2.9, as well as version
- 0.3.3.1-alpha.
- This release also backports our new system for improved resistance to
- denial-of-service attacks against relays.
- This release also fixes several minor bugs and annoyances from
- earlier releases.
- Relays running 0.3.2.x SHOULD upgrade to one of the versions released
- today, for the fix to TROVE-2018-002. Directory authorities should
- also upgrade. (Relays on earlier versions might want to update too for
- the DoS mitigations.)
- o Major bugfixes (denial-of-service, directory authority, backport from 0.3.3.3-alpha):
- - Fix a protocol-list handling bug that could be used to remotely crash
- directory authorities with a null-pointer exception. Fixes bug 25074;
- bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2018-001 and
- CVE-2018-0490.
- o Major bugfixes (scheduler, KIST, denial-of-service, backport from 0.3.3.2-alpha):
- - Avoid adding the same channel twice in the KIST scheduler pending
- list, which could lead to remote denial-of-service use-after-free
- attacks against relays. Fixes bug 24700; bugfix on 0.3.2.1-alpha.
- o Major features (denial-of-service mitigation, backport from 0.3.3.2-alpha):
- - Give relays some defenses against the recent network overload. We
- start with three defenses (default parameters in parentheses).
- First: if a single client address makes too many concurrent
- connections (>100), hang up on further connections. Second: if a
- single client address makes circuits too quickly (more than 3 per
- second, with an allowed burst of 90) while also having too many
- connections open (3), refuse new create cells for the next while
- (1-2 hours). Third: if a client asks to establish a rendezvous
- point to you directly, ignore the request. These defenses can be
- manually controlled by new torrc options, but relays will also
- take guidance from consensus parameters, so there's no need to
- configure anything manually. Implements ticket 24902.
- o Major bugfixes (onion services, retry behavior, backport from 0.3.3.1-alpha):
- - Fix an "off by 2" error in counting rendezvous failures on the
- onion service side. While we thought we would stop the rendezvous
- attempt after one failed circuit, we were actually making three
- circuit attempts before giving up. Now switch to a default of 2,
- and allow the consensus parameter "hs_service_max_rdv_failures" to
- override. Fixes bug 24895; bugfix on 0.0.6.
- - New-style (v3) onion services now obey the "max rendezvous circuit
- attempts" logic. Previously they would make as many rendezvous
- circuit attempts as they could fit in the MAX_REND_TIMEOUT second
- window before giving up. Fixes bug 24894; bugfix on 0.3.2.1-alpha.
- o Major bugfixes (protocol versions, backport from 0.3.3.2-alpha):
- - Add Link protocol version 5 to the supported protocols list. Fixes
- bug 25070; bugfix on 0.3.1.1-alpha.
- o Major bugfixes (relay, backport from 0.3.3.1-alpha):
- - Fix a set of false positives where relays would consider
- connections to other relays as being client-only connections (and
- thus e.g. deserving different link padding schemes) if those
- relays fell out of the consensus briefly. Now we look only at the
- initial handshake and whether the connection authenticated as a
- relay. Fixes bug 24898; bugfix on 0.3.1.1-alpha.
- o Major bugfixes (scheduler, consensus, backport from 0.3.3.2-alpha):
- - The scheduler subsystem was failing to promptly notice changes in
- consensus parameters, making it harder to switch schedulers
- network-wide. Fixes bug 24975; bugfix on 0.3.2.1-alpha.
- o Minor features (denial-of-service avoidance, backport from 0.3.3.2-alpha):
- - Make our OOM handler aware of the geoip client history cache so it
- doesn't fill up the memory. This check is important for IPv6 and
- our DoS mitigation subsystem. Closes ticket 25122.
- o Minor features (compatibility, OpenSSL, backport from 0.3.3.3-alpha):
- - Tor will now support TLS1.3 once OpenSSL 1.1.1 is released.
- Previous versions of Tor would not have worked with OpenSSL 1.1.1,
- since they neither disabled TLS 1.3 nor enabled any of the
- ciphersuites it requires. Now we enable the TLS 1.3 ciphersuites.
- Closes ticket 24978.
- o Minor features (geoip):
- - Update geoip and geoip6 to the February 7 2018 Maxmind GeoLite2
- Country database.
- o Minor features (logging, diagnostic, backport from 0.3.3.2-alpha):
- - When logging a failure to create an onion service's descriptor,
- also log what the problem with the descriptor was. Diagnostic
- for ticket 24972.
- o Minor bugfix (channel connection, backport from 0.3.3.2-alpha):
- - Use the actual observed address of an incoming relay connection,
- not the canonical address of the relay from its descriptor, when
- making decisions about how to handle the incoming connection.
- Fixes bug 24952; bugfix on 0.2.4.11-alpha. Patch by "ffmancera".
- o Minor bugfixes (denial-of-service, backport from 0.3.3.3-alpha):
- - Fix a possible crash on malformed consensus. If a consensus had
- contained an unparseable protocol line, it could have made clients
- and relays crash with a null-pointer exception. To exploit this
- issue, however, an attacker would need to be able to subvert the
- directory authority system. Fixes bug 25251; bugfix on
- 0.2.9.4-alpha. Also tracked as TROVE-2018-004.
- o Minor bugfix (directory authority, backport from 0.3.3.2-alpha):
- - Directory authorities, when refusing a descriptor from a rejected
- relay, now explicitly tell the relay (in its logs) to set a valid
- ContactInfo address and contact the bad-relays@ mailing list.
- Fixes bug 25170; bugfix on 0.2.9.1.
- o Minor bugfixes (build, rust, backport from 0.3.3.1-alpha):
- - When building with Rust on OSX, link against libresolv, to work
- around the issue at https://github.com/rust-lang/rust/issues/46797.
- Fixes bug 24652; bugfix on 0.3.1.1-alpha.
- o Minor bugfixes (onion services, backport from 0.3.3.2-alpha):
- - Remove a BUG() statement when a client fetches an onion descriptor
- that has a lower revision counter than the one in its cache. This
- can happen in normal circumstances due to HSDir desync. Fixes bug
- 24976; bugfix on 0.3.2.1-alpha.
- o Minor bugfixes (logging, backport from 0.3.3.2-alpha):
- - Don't treat inability to store a cached consensus object as a bug:
- it can happen normally when we are out of disk space. Fixes bug
- 24859; bugfix on 0.3.1.1-alpha.
- o Minor bugfixes (performance, fragile-hardening, backport from 0.3.3.1-alpha):
- - Improve the performance of our consensus-diff application code
- when Tor is built with the --enable-fragile-hardening option set.
- Fixes bug 24826; bugfix on 0.3.1.1-alpha.
- o Minor bugfixes (OSX, backport from 0.3.3.1-alpha):
- - Don't exit the Tor process if setrlimit() fails to change the file
- limit (which can happen sometimes on some versions of OSX). Fixes
- bug 21074; bugfix on 0.0.9pre5.
- o Minor bugfixes (spec conformance, backport from 0.3.3.3-alpha):
- - Forbid "-0" as a protocol version. Fixes part of bug 25249; bugfix on
- 0.2.9.4-alpha.
- - Forbid UINT32_MAX as a protocol version. Fixes part of bug 25249;
- bugfix on 0.2.9.4-alpha.
- o Minor bugfixes (testing, backport from 0.3.3.1-alpha):
- - Fix a memory leak in the scheduler/loop_kist unit test. Fixes bug
- 25005; bugfix on 0.3.2.7-rc.
- o Minor bugfixes (v3 onion services, backport from 0.3.3.2-alpha):
- - Look at the "HSRend" protocol version, not the "HSDir" protocol
- version, when deciding whether a consensus entry can support the
- v3 onion service protocol as a rendezvous point. Fixes bug 25105;
- bugfix on 0.3.2.1-alpha.
- o Code simplification and refactoring (backport from 0.3.3.3-alpha):
- - Update the "rust dependencies" submodule to be a project-level
- repository, rather than a user repository. Closes ticket 25323.
- o Documentation (backport from 0.3.3.1-alpha)
- - Document that operators who run more than one relay or bridge are
- expected to set MyFamily and ContactInfo correctly. Closes
- ticket 24526.
- Changes in version 0.3.2.9 - 2018-01-09
- Tor 0.3.2.9 is the first stable release in the 0.3.2 series.
- The 0.3.2 series includes our long-anticipated new onion service
- design, with numerous security features. (For more information, see
- our blog post at https://blog.torproject.org/fall-harvest.) We also
- have a new circuit scheduler algorithm for improved performance on
- relays everywhere (see https://blog.torproject.org/kist-and-tell),
- along with many smaller features and bugfixes.
- Per our stable release policy, we plan to support each stable release
- series for at least the next nine months, or for three months after
- the first stable release of the next series: whichever is longer. If
- you need a release with long-term support, we recommend that you stay
- with the 0.2.9 series.
- Below is a list of the changes since 0.3.1.7. For a list of all
- changes since 0.3.2.8-rc, see the ChangeLog file.
- o Directory authority changes:
- - Add "Bastet" as a ninth directory authority to the default list.
- Closes ticket 23910.
- - The directory authority "Longclaw" has changed its IP address.
- Closes ticket 23592.
- - Remove longclaw's IPv6 address, as it will soon change. Authority
- IPv6 addresses were originally added in 0.2.8.1-alpha. This leaves
- 3/8 directory authorities with IPv6 addresses, but there are also
- 52 fallback directory mirrors with IPv6 addresses. Resolves 19760.
- - Add an IPv6 address for the "bastet" directory authority. Closes
- ticket 24394.
- o Major features (next-generation onion services):
- - Tor now supports the next-generation onion services protocol for
- clients and services! As part of this release, the core of
- proposal 224 has been implemented and is available for
- experimentation and testing by our users. This newer version of
- onion services ("v3") features many improvements over the legacy
- system, including:
- a) Better crypto (replaced SHA1/DH/RSA1024
- with SHA3/ed25519/curve25519)
- b) Improved directory protocol, leaking much less information to
- directory servers.
- c) Improved directory protocol, with smaller surface for
- targeted attacks.
- d) Better onion address security against impersonation.
- e) More extensible introduction/rendezvous protocol.
- f) A cleaner and more modular codebase.
- You can identify a next-generation onion address by its length:
- they are 56 characters long, as in
- "4acth47i6kxnvkewtm6q7ib2s3ufpo5sqbsnzjpbi7utijcltosqemad.onion".
- In the future, we will release more options and features for v3
- onion services, but we first need a testing period, so that the
- current codebase matures and becomes more robust. Planned features
- include: offline keys, advanced client authorization, improved
- guard algorithms, and statistics. For full details, see
- proposal 224.
- Legacy ("v2") onion services will still work for the foreseeable
- future, and will remain the default until this new codebase gets
- tested and hardened. Service operators who want to experiment with
- the new system can use the 'HiddenServiceVersion 3' torrc
- directive along with the regular onion service configuration
- options. For more information, see our blog post at
- "https://blog.torproject.org/fall-harvest". Enjoy!
- o Major feature (scheduler, channel):
- - Tor now uses new schedulers to decide which circuits should
- deliver cells first, in order to improve congestion at relays. The
- first type is called "KIST" ("Kernel Informed Socket Transport"),
- and is only available on Linux-like systems: it uses feedback from
- the kernel to prevent the kernel's TCP buffers from growing too
- full. The second new scheduler type is called "KISTLite": it
- behaves the same as KIST, but runs on systems without kernel
- support for inspecting TCP implementation details. The old
- scheduler is still available, under the name "Vanilla". To change
- the default scheduler preference order, use the new "Schedulers"
- option. (The default preference order is "KIST,KISTLite,Vanilla".)
- Matt Traudt implemented KIST, based on research by Rob Jansen,
- John Geddes, Christ Wacek, Micah Sherr, and Paul Syverson. For
- more information, see the design paper at
- http://www.robgjansen.com/publications/kist-sec2014.pdf and the
- followup implementation paper at https://arxiv.org/abs/1709.01044.
- Closes ticket 12541. For more information, see our blog post at
- "https://blog.torproject.org/kist-and-tell".
- o Major bugfixes (security, general):
- - Fix a denial of service bug where an attacker could use a
- malformed directory object to cause a Tor instance to pause while
- OpenSSL would try to read a passphrase from the terminal. (Tor
- instances run without a terminal, which is the case for most Tor
- packages, are not impacted.) Fixes bug 24246; bugfix on every
- version of Tor. Also tracked as TROVE-2017-011 and CVE-2017-8821.
- Found by OSS-Fuzz as testcase 6360145429790720.
- o Major bugfixes (security, directory authority):
- - Fix a denial of service issue where an attacker could crash a
- directory authority using a malformed router descriptor. Fixes bug
- 24245; bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2017-010
- and CVE-2017-8820.
- o Major bugfixes (security, onion service v2):
- - Fix a use-after-free error that could crash v2 Tor onion services
- when they failed to open circuits while expiring introduction
- points. Fixes bug 24313; bugfix on 0.2.7.2-alpha. This issue is
- also tracked as TROVE-2017-013 and CVE-2017-8823.
- - When checking for replays in the INTRODUCE1 cell data for a
- (legacy) onion service, correctly detect replays in the RSA-
- encrypted part of the cell. We were previously checking for
- replays on the entire cell, but those can be circumvented due to
- the malleability of Tor's legacy hybrid encryption. This fix helps
- prevent a traffic confirmation attack. Fixes bug 24244; bugfix on
- 0.2.4.1-alpha. This issue is also tracked as TROVE-2017-009
- and CVE-2017-8819.
- o Major bugfixes (security, relay):
- - When running as a relay, make sure that we never build a path
- through ourselves, even in the case where we have somehow lost the
- version of our descriptor appearing in the consensus. Fixes part
- of bug 21534; bugfix on 0.2.0.1-alpha. This issue is also tracked
- as TROVE-2017-012 and CVE-2017-8822.
- - When running as a relay, make sure that we never choose ourselves
- as a guard. Fixes part of bug 21534; bugfix on 0.3.0.1-alpha. This
- issue is also tracked as TROVE-2017-012 and CVE-2017-8822.
- o Major bugfixes (bootstrapping):
- - Fetch descriptors aggressively whenever we lack enough to build
- circuits, regardless of how many descriptors we are missing.
- Previously, we would delay launching the fetch when we had fewer
- than 15 missing descriptors, even if some of those descriptors
- were blocking circuits from building. Fixes bug 23985; bugfix on
- 0.1.1.11-alpha. The effects of this bug became worse in
- 0.3.0.3-alpha, when we began treating missing descriptors from our
- primary guards as a reason to delay circuits.
- - Don't try fetching microdescriptors from relays that have failed
- to deliver them in the past. Fixes bug 23817; bugfix
- on 0.3.0.1-alpha.
- o Major bugfixes (circuit prediction):
- - Fix circuit prediction logic so that a client doesn't treat a port
- as being "handled" by a circuit if that circuit already has
- isolation settings on it. This change should make Tor clients more
- responsive by improving their chances of having a pre-created
- circuit ready for use when a request arrives. Fixes bug 18859;
- bugfix on 0.2.3.3-alpha.
- o Major bugfixes (exit relays, DNS):
- - Fix an issue causing DNS to fail on high-bandwidth exit nodes,
- making them nearly unusable. Fixes bugs 21394 and 18580; bugfix on
- 0.1.2.2-alpha, which introduced eventdns. Thanks to Dhalgren for
- identifying and finding a workaround to this bug and to Moritz,
- Arthur Edelstein, and Roger for helping to track it down and
- analyze it.
- o Major bugfixes (relay, crash, assertion failure):
- - Fix a timing-based assertion failure that could occur when the
- circuit out-of-memory handler freed a connection's output buffer.
- Fixes bug 23690; bugfix on 0.2.6.1-alpha.
- o Major bugfixes (usability, control port):
- - Report trusted clock skew indications as bootstrap errors, so
- controllers can more easily alert users when their clocks are
- wrong. Fixes bug 23506; bugfix on 0.1.2.6-alpha.
- o Minor features (bridge):
- - Bridge relays can now set the BridgeDistribution config option to
- add a "bridge-distribution-request" line to their bridge
- descriptor, which tells BridgeDB how they'd like their bridge
- address to be given out. (Note that as of Oct 2017, BridgeDB does
- not yet implement this feature.) As a side benefit, this feature
- provides a way to distinguish bridge descriptors from non-bridge
- descriptors. Implements tickets 18329.
- - When handling the USERADDR command on an ExtOrPort, warn when the
- transports provides a USERADDR with no port. In a future version,
- USERADDR commands of this format may be rejected. Detects problems
- related to ticket 23080.
- o Minor features (bug detection):
- - Log a warning message with a stack trace for any attempt to call
- get_options() during option validation. This pattern has caused
- subtle bugs in the past. Closes ticket 22281.
- o Minor features (build, compilation):
- - The "check-changes" feature is now part of the "make check" tests;
- we'll use it to try to prevent misformed changes files from
- accumulating. Closes ticket 23564.
- - Tor builds should now fail if there are any mismatches between the
- C type representing a configuration variable and the C type the
- data-driven parser uses to store a value there. Previously, we
- needed to check these by hand, which sometimes led to mistakes.
- Closes ticket 23643.
- o Minor features (client):
- - You can now use Tor as a tunneled HTTP proxy: use the new
- HTTPTunnelPort option to open a port that accepts HTTP CONNECT
- requests. Closes ticket 22407.
- - Add an extra check to make sure that we always use the newer guard
- selection code for picking our guards. Closes ticket 22779.
- - When downloading (micro)descriptors, don't split the list into
- multiple requests unless we want at least 32 descriptors.
- Previously, we split at 4, not 32, which led to significant
- overhead in HTTP request size and degradation in compression
- performance. Closes ticket 23220.
- - Improve log messages when missing descriptors for primary guards.
- Resolves ticket 23670.
- o Minor features (command line):
- - Add a new commandline option, --key-expiration, which prints when
- the current signing key is going to expire. Implements ticket
- 17639; patch by Isis Lovecruft.
- o Minor features (control port):
- - If an application tries to use the control port as an HTTP proxy,
- respond with a meaningful "This is the Tor control port" message,
- and log the event. Closes ticket 1667. Patch from Ravi
- Chandra Padmala.
- - Provide better error message for GETINFO desc/(id|name) when not
- fetching router descriptors. Closes ticket 5847. Patch by
- Kevin Butler.
- - Add GETINFO "{desc,md}/download-enabled", to inform the controller
- whether Tor will try to download router descriptors and
- microdescriptors respectively. Closes ticket 22684.
- - Added new GETINFO targets "ip-to-country/{ipv4,ipv6}-available",
- so controllers can tell whether the geoip databases are loaded.
- Closes ticket 23237.
- - Adds a timestamp field to the CIRC_BW and STREAM_BW bandwidth
- events. Closes ticket 19254. Patch by "DonnchaC".
- o Minor features (development support):
- - Developers can now generate a call-graph for Tor using the
- "calltool" python program, which post-processes object dumps. It
- should work okay on many Linux and OSX platforms, and might work
- elsewhere too. To run it, install calltool from
- https://gitweb.torproject.org/user/nickm/calltool.git and run
- "make callgraph". Closes ticket 19307.
- o Minor features (directory authority):
- - Make the "Exit" flag assignment only depend on whether the exit
- policy allows connections to ports 80 and 443. Previously relays
- would get the Exit flag if they allowed connections to one of
- these ports and also port 6667. Resolves ticket 23637.
- o Minor features (ed25519):
- - Add validation function to checks for torsion components in
- ed25519 public keys, used by prop224 client-side code. Closes
- ticket 22006. Math help by Ian Goldberg.
- o Minor features (exit relay, DNS):
- - Improve the clarity and safety of the log message from evdns when
- receiving an apparently spoofed DNS reply. Closes ticket 3056.
- o Minor features (fallback directory mirrors):
- - The fallback directory list has been re-generated based on the
- current status of the network. Tor uses fallback directories to
- bootstrap when it doesn't yet have up-to-date directory
- information. Closes ticket 24801.
- - Make the default DirAuthorityFallbackRate 0.1, so that clients
- prefer to bootstrap from fallback directory mirrors. This is a
- follow-up to 24679, which removed weights from the default
- fallbacks. Implements ticket 24681.
- o Minor features (geoip):
- - Update geoip and geoip6 to the January 5 2018 Maxmind GeoLite2
- Country database.
- o Minor features (integration, hardening):
- - Add a new NoExec option to prevent Tor from running other
- programs. When this option is set to 1, Tor will never try to run
- another program, regardless of the settings of
- PortForwardingHelper, ClientTransportPlugin, or
- ServerTransportPlugin. Once NoExec is set, it cannot be disabled
- without restarting Tor. Closes ticket 22976.
- o Minor features (linux seccomp2 sandbox):
- - Update the sandbox rules so that they should now work correctly
- with Glibc 2.26. Closes ticket 24315.
- o Minor features (logging):
- - Provide better warnings when the getrandom() syscall fails. Closes
- ticket 24500.
- - Downgrade a pair of log messages that could occur when an exit's
- resolver gave us an unusual (but not forbidden) response. Closes
- ticket 24097.
- - Improve the message we log when re-enabling circuit build timeouts
- after having received a consensus. Closes ticket 20963.
- - Log more circuit information whenever we are about to try to
- package a relay cell on a circuit with a nonexistent n_chan.
- Attempt to diagnose ticket 8185.
- - Improve info-level log identification of particular circuits, to
- help with debugging. Closes ticket 23645.
- - Improve the warning message for specifying a relay by nickname.
- The previous message implied that nickname registration was still
- part of the Tor network design, which it isn't. Closes
- ticket 20488.
- - If the sandbox filter fails to load, suggest to the user that
- their kernel might not support seccomp2. Closes ticket 23090.
- o Minor features (onion service, circuit, logging):
- - Improve logging of many callsite in the circuit subsystem to print
- the circuit identifier(s).
- - Log when we cleanup an intro point from a service so we know when
- and for what reason it happened. Closes ticket 23604.
- o Minor features (portability):
- - Tor now compiles correctly on arm64 with libseccomp-dev installed.
- (It doesn't yet work with the sandbox enabled.) Closes
- ticket 24424.
- - Check at configure time whether uint8_t is the same type as
- unsigned char. Lots of existing code already makes this
- assumption, and there could be strict aliasing issues if the
- assumption is violated. Closes ticket 22410.
- o Minor features (relay):
- - When choosing which circuits can be expired as unused, consider
- circuits from clients even if those clients used regular CREATE
- cells to make them; and do not consider circuits from relays even
- if they were made with CREATE_FAST. Part of ticket 22805.
- - Reject attempts to use relative file paths when RunAsDaemon is
- set. Previously, Tor would accept these, but the directory-
- changing step of RunAsDaemon would give strange and/or confusing
- results. Closes ticket 22731.
- o Minor features (relay statistics):
- - Change relay bandwidth reporting stats interval from 4 hours to 24
- hours in order to reduce the efficiency of guard discovery
- attacks. Fixes ticket 23856.
- o Minor features (reverted deprecations):
- - The ClientDNSRejectInternalAddresses flag can once again be set in
- non-testing Tor networks, so long as they do not use the default
- directory authorities. This change also removes the deprecation of
- this flag from 0.2.9.2-alpha. Closes ticket 21031.
- o Minor features (robustness):
- - Change several fatal assertions when flushing buffers into non-
- fatal assertions, to prevent any recurrence of 23690.
- o Minor features (startup, safety):
- - When configured to write a PID file, Tor now exits if it is unable
- to do so. Previously, it would warn and continue. Closes
- ticket 20119.
- o Minor features (static analysis):
- - The BUG() macro has been changed slightly so that Coverity no
- longer complains about dead code if the bug is impossible. Closes
- ticket 23054.
- o Minor features (testing):
- - Our fuzzing tests now test the encrypted portions of v3 onion
- service descriptors. Implements more of 21509.
- - Add a unit test to make sure that our own generated platform
- string will be accepted by directory authorities. Closes
- ticket 22109.
- - The default chutney network tests now include tests for the v3
- onion service design. Make sure you have the latest version of
- chutney if you want to run these. Closes ticket 22437.
- - Add a unit test to verify that we can parse a hardcoded v2 onion
- service descriptor. Closes ticket 15554.
- o Minor bugfixes (address selection):
- - When the fascist_firewall_choose_address_ functions don't find a
- reachable address, set the returned address to the null address
- and port. This is a precautionary measure, because some callers do
- not check the return value. Fixes bug 24736; bugfix
- on 0.2.8.2-alpha.
- o Minor bugfixes (bootstrapping):
- - When warning about state file clock skew, report the correct
- direction for the detected skew. Fixes bug 23606; bugfix
- on 0.2.8.1-alpha.
- o Minor bugfixes (bridge clients, bootstrap):
- - Retry directory downloads when we get our first bridge descriptor
- during bootstrap or while reconnecting to the network. Keep
- retrying every time we get a bridge descriptor, until we have a
- reachable bridge. Fixes part of bug 24367; bugfix on 0.2.0.3-alpha.
- - Stop delaying bridge descriptor fetches when we have cached bridge
- descriptors. Instead, only delay bridge descriptor fetches when we
- have at least one reachable bridge. Fixes part of bug 24367;
- bugfix on 0.2.0.3-alpha.
- - Stop delaying directory fetches when we have cached bridge
- descriptors. Instead, only delay bridge descriptor fetches when
- all our bridges are definitely unreachable. Fixes part of bug
- 24367; bugfix on 0.2.0.3-alpha.
- o Minor bugfixes (bridge):
- - Overwrite the bridge address earlier in the process of retrieving
- its descriptor, to make sure we reach it on the configured
- address. Fixes bug 20532; bugfix on 0.2.0.10-alpha.
- o Minor bugfixes (build, compilation):
- - Fix a compilation warning when building with zstd support on
- 32-bit platforms. Fixes bug 23568; bugfix on 0.3.1.1-alpha. Found
- and fixed by Andreas Stieger.
- - When searching for OpenSSL, don't accept any OpenSSL library that
- lacks TLSv1_1_method(): Tor doesn't build with those versions.
- Additionally, look in /usr/local/opt/openssl, if it's present.
- These changes together repair the default build on OSX systems
- with Homebrew installed. Fixes bug 23602; bugfix on 0.2.7.2-alpha.
- - Fix a signed/unsigned comparison warning introduced by our fix to
- TROVE-2017-009. Fixes bug 24480; bugfix on 0.2.5.16.
- - Fix a memory leak warning in one of the libevent-related
- configuration tests that could occur when manually specifying
- -fsanitize=address. Fixes bug 24279; bugfix on 0.3.0.2-alpha.
- Found and patched by Alex Xu.
- - Fix unused-variable warnings in donna's Curve25519 SSE2 code.
- Fixes bug 22895; bugfix on 0.2.7.2-alpha.
- o Minor bugfixes (certificate handling):
- - Fix a time handling bug in Tor certificates set to expire after
- the year 2106. Fixes bug 23055; bugfix on 0.3.0.1-alpha. Found by
- Coverity as CID 1415728.
- o Minor bugfixes (client):
- - By default, do not enable storage of client-side DNS values. These
- values were unused by default previously, but they should not have
- been cached at all. Fixes bug 24050; bugfix on 0.2.6.3-alpha.
- o Minor bugfixes (client, usability):
- - Refrain from needlessly rejecting SOCKS5-with-hostnames and
- SOCKS4a requests that contain IP address strings, even when
- SafeSocks in enabled, as this prevents user from connecting to
- known IP addresses without relying on DNS for resolving. SafeSocks
- still rejects SOCKS connections that connect to IP addresses when
- those addresses are _not_ encoded as hostnames. Fixes bug 22461;
- bugfix on Tor 0.2.6.2-alpha.
- o Minor bugfixes (code correctness):
- - Call htons() in extend_cell_format() for encoding a 16-bit value.
- Previously we used ntohs(), which happens to behave the same on
- all the platforms we support, but which isn't really correct.
- Fixes bug 23106; bugfix on 0.2.4.8-alpha.
- - For defense-in-depth, make the controller's write_escaped_data()
- function robust to extremely long inputs. Fixes bug 19281; bugfix
- on 0.1.1.1-alpha. Reported by Guido Vranken.
- - Fix several places in our codebase where a C compiler would be
- likely to eliminate a check, based on assuming that undefined
- behavior had not happened elsewhere in the code. These cases are
- usually a sign of redundant checking or dubious arithmetic. Found
- by Georg Koppen using the "STACK" tool from Wang, Zeldovich,
- Kaashoek, and Solar-Lezama. Fixes bug 24423; bugfix on various
- Tor versions.
- o Minor bugfixes (compression):
- - Handle a pathological case when decompressing Zstandard data when
- the output buffer size is zero. Fixes bug 23551; bugfix
- on 0.3.1.1-alpha.
- o Minor bugfixes (consensus expiry):
- - Check for adequate directory information correctly. Previously, Tor
- would reconsider whether it had sufficient directory information
- every 2 minutes. Fixes bug 23091; bugfix on 0.2.0.19-alpha.
- o Minor bugfixes (control port, linux seccomp2 sandbox):
- - Avoid a crash when attempting to use the seccomp2 sandbox together
- with the OwningControllerProcess feature. Fixes bug 24198; bugfix
- on 0.2.5.1-alpha.
- o Minor bugfixes (control port, onion services):
- - Report "FAILED" instead of "UPLOAD_FAILED" "FAILED" for the
- HS_DESC event when a service is not able to upload a descriptor.
- Fixes bug 24230; bugfix on 0.2.7.1-alpha.
- o Minor bugfixes (directory cache):
- - Recover better from empty or corrupt files in the consensus cache
- directory. Fixes bug 24099; bugfix on 0.3.1.1-alpha.
- - When a consensus diff calculation is only partially successful,
- only record the successful parts as having succeeded. Partial
- success can happen if (for example) one compression method fails
- but the others succeed. Previously we misrecorded all the
- calculations as having succeeded, which would later cause a
- nonfatal assertion failure. Fixes bug 24086; bugfix
- on 0.3.1.1-alpha.
- o Minor bugfixes (directory client):
- - On failure to download directory information, delay retry attempts
- by a random amount based on the "decorrelated jitter" algorithm.
- Our previous delay algorithm tended to produce extra-long delays
- too easily. Fixes bug 23816; bugfix on 0.2.9.1-alpha.
- o Minor bugfixes (directory protocol):
- - Directory servers now include a "Date:" http header for response
- codes other than 200. Clients starting with a skewed clock and a
- recent consensus were getting "304 Not modified" responses from
- directory authorities, so without the Date header, the client
- would never hear about a wrong clock. Fixes bug 23499; bugfix
- on 0.0.8rc1.
- - Make clients wait for 6 seconds before trying to download a
- consensus from an authority. Fixes bug 17750; bugfix
- on 0.2.8.1-alpha.
- o Minor bugfixes (documentation):
- - Document better how to read gcov, and what our gcov postprocessing
- scripts do. Fixes bug 23739; bugfix on 0.2.9.1-alpha.
- - Fix manpage to not refer to the obsolete (and misspelled)
- UseEntryGuardsAsDirectoryGuards parameter in the description of
- NumDirectoryGuards. Fixes bug 23611; bugfix on 0.2.4.8-alpha.
- o Minor bugfixes (DoS-resistance):
- - If future code asks if there are any running bridges, without
- checking if bridges are enabled, log a BUG warning rather than
- crashing. Fixes bug 23524; bugfix on 0.3.0.1-alpha.
- o Minor bugfixes (entry guards):
- - Tor now updates its guard state when it reads a consensus
- regardless of whether it's missing descriptors. That makes tor use
- its primary guards to fetch descriptors in some edge cases where
- it would previously have used fallback directories. Fixes bug
- 23862; bugfix on 0.3.0.1-alpha.
- o Minor bugfixes (format strictness):
- - Restrict several data formats to decimal. Previously, the
- BuildTimeHistogram entries in the state file, the "bw=" entries in
- the bandwidth authority file, and the process IDs passed to the
- __OwningControllerProcess option could all be specified in hex or
- octal as well as in decimal. This was not an intentional feature.
- Fixes bug 22802; bugfixes on 0.2.2.1-alpha, 0.2.2.2-alpha,
- and 0.2.2.28-beta.
- o Minor bugfixes (heartbeat):
- - If we fail to write a heartbeat message, schedule a retry for the
- minimum heartbeat interval number of seconds in the future. Fixes
- bug 19476; bugfix on 0.2.3.1-alpha.
- o Minor bugfixes (logging):
- - Suppress a log notice when relay descriptors arrive. We already
- have a bootstrap progress for this so no need to log notice
- everytime tor receives relay descriptors. Microdescriptors behave
- the same. Fixes bug 23861; bugfix on 0.2.8.2-alpha.
- - Remove duplicate log messages regarding opening non-local
- SocksPorts upon parsing config and opening listeners at startup.
- Fixes bug 4019; bugfix on 0.2.3.3-alpha.
- - Use a more comprehensible log message when telling the user
- they've excluded every running exit node. Fixes bug 7890; bugfix
- on 0.2.2.25-alpha.
- - When logging the number of descriptors we intend to download per
- directory request, do not log a number higher than then the number
- of descriptors we're fetching in total. Fixes bug 19648; bugfix
- on 0.1.1.8-alpha.
- - When warning about a directory owned by the wrong user, log the
- actual name of the user owning the directory. Previously, we'd log
- the name of the process owner twice. Fixes bug 23487; bugfix
- on 0.2.9.1-alpha.
- - Fix some messages on unexpected errors from the seccomp2 library.
- Fixes bug 22750; bugfix on 0.2.5.1-alpha. Patch from "cypherpunks".
- - The tor specification says hop counts are 1-based, so fix two log
- messages that mistakenly logged 0-based hop counts. Fixes bug
- 18982; bugfix on 0.2.6.2-alpha and 0.2.4.5-alpha. Patch by teor.
- Credit to Xiaofan Li for reporting this issue.
- o Minor bugfixes (logging, relay shutdown, annoyance):
- - When a circuit is marked for close, do not attempt to package any
- cells for channels on that circuit. Previously, we would detect
- this condition lower in the call stack, when we noticed that the
- circuit had no attached channel, and log an annoying message.
- Fixes bug 8185; bugfix on 0.2.5.4-alpha.
- o Minor bugfixes (memory safety, defensive programming):
- - Clear the target address when node_get_prim_orport() returns
- early. Fixes bug 23874; bugfix on 0.2.8.2-alpha.
- o Minor bugfixes (memory usage):
- - When queuing DESTROY cells on a channel, only queue the circuit-id
- and reason fields: not the entire 514-byte cell. This fix should
- help mitigate any bugs or attacks that fill up these queues, and
- free more RAM for other uses. Fixes bug 24666; bugfix
- on 0.2.5.1-alpha.
- o Minor bugfixes (network layer):
- - When closing a connection via close_connection_immediately(), we
- mark it as "not blocked on bandwidth", to prevent later calls from
- trying to unblock it, and give it permission to read. This fixes a
- backtrace warning that can happen on relays under various
- circumstances. Fixes bug 24167; bugfix on 0.1.0.1-rc.
- o Minor bugfixes (onion services):
- - The introduction circuit was being timed out too quickly while
- waiting for the rendezvous circuit to complete. Keep the intro
- circuit around longer instead of timing out and reopening new ones
- constantly. Fixes bug 23681; bugfix on 0.2.4.8-alpha.
- - Rename the consensus parameter "hsdir-interval" to "hsdir_interval"
- so it matches dir-spec.txt. Fixes bug 24262; bugfix
- on 0.3.1.1-alpha.
- - When handling multiple SOCKS request for the same .onion address,
- only fetch the service descriptor once.
- - Avoid a possible double close of a circuit by the intro point on
- error of sending the INTRO_ESTABLISHED cell. Fixes bug 23610;
- bugfix on 0.3.0.1-alpha.
- - When reloading configured onion services, copy all information
- from the old service object. Previously, some data was omitted,
- causing delays in descriptor upload, and other bugs. Fixes bug
- 23790; bugfix on 0.2.1.9-alpha.
- o Minor bugfixes (path selection):
- - When selecting relays by bandwidth, avoid a rounding error that
- could sometimes cause load to be imbalanced incorrectly.
- Previously, we would always round upwards; now, we round towards
- the nearest integer. This had the biggest effect when a relay's
- weight adjustments should have given it weight 0, but it got
- weight 1 instead. Fixes bug 23318; bugfix on 0.2.4.3-alpha.
- - When calculating the fraction of nodes that have descriptors, and
- all nodes in the network have zero bandwidths, count the number of
- nodes instead. Fixes bug 23318; bugfix on 0.2.4.10-alpha.
- - Actually log the total bandwidth in compute_weighted_bandwidths().
- Fixes bug 24170; bugfix on 0.2.4.3-alpha.
- o Minor bugfixes (portability):
- - Stop using the PATH_MAX variable, which is not defined on GNU
- Hurd. Fixes bug 23098; bugfix on 0.3.1.1-alpha.
- - Fix a bug in the bit-counting parts of our timing-wheel code on
- MSVC. (Note that MSVC is still not a supported build platform, due
- to cryptographic timing channel risks.) Fixes bug 24633; bugfix
- on 0.2.9.1-alpha.
- o Minor bugfixes (relay):
- - When uploading our descriptor for the first time after startup,
- report the reason for uploading as "Tor just started" rather than
- leaving it blank. Fixes bug 22885; bugfix on 0.2.3.4-alpha.
- - Avoid unnecessary calls to directory_fetches_from_authorities() on
- relays, to prevent spurious address resolutions and descriptor
- rebuilds. This is a mitigation for bug 21789. Fixes bug 23470;
- bugfix on in 0.2.8.1-alpha.
- - Avoid a crash when transitioning from client mode to bridge mode.
- Previously, we would launch the worker threads whenever our
- "public server" mode changed, but not when our "server" mode
- changed. Fixes bug 23693; bugfix on 0.2.6.3-alpha.
- o Minor bugfixes (testing):
- - Fix a spurious fuzzing-only use of an uninitialized value. Found
- by Brian Carpenter. Fixes bug 24082; bugfix on 0.3.0.3-alpha.
- - Test that IPv6-only clients can use microdescriptors when running
- "make test-network-all". Requires chutney master 61c28b9 or later.
- Closes ticket 24109.
- - Prevent scripts/test/coverage from attempting to move gcov output
- to the root directory. Fixes bug 23741; bugfix on 0.2.5.1-alpha.
- - Capture and detect several "Result does not fit" warnings in unit
- tests on platforms with 32-bit time_t. Fixes bug 21800; bugfix
- on 0.2.9.3-alpha.
- - Fix additional channelpadding unit test failures by using mocked
- time instead of actual time for all tests. Fixes bug 23608; bugfix
- on 0.3.1.1-alpha.
- - Fix a bug in our fuzzing mock replacement for crypto_pk_checksig(),
- to correctly handle cases where a caller gives it an RSA key of
- under 160 bits. (This is not actually a bug in Tor itself, but
- rather in our fuzzing code.) Fixes bug 24247; bugfix on
- 0.3.0.3-alpha. Found by OSS-Fuzz as issue 4177.
- - Fix a broken unit test for the OutboundAddress option: the parsing
- function was never returning an error on failure. Fixes bug 23366;
- bugfix on 0.3.0.3-alpha.
- - Fix a signed-integer overflow in the unit tests for
- dir/download_status_random_backoff, which was untriggered until we
- fixed bug 17750. Fixes bug 22924; bugfix on 0.2.9.1-alpha.
- o Minor bugfixes (usability, control port):
- - Stop making an unnecessary routerlist check in NETINFO clock skew
- detection; this was preventing clients from reporting NETINFO clock
- skew to controllers. Fixes bug 23532; bugfix on 0.2.4.4-alpha.
- o Code simplification and refactoring:
- - Remove various ways of testing circuits and connections for
- "clientness"; instead, favor channel_is_client(). Part of
- ticket 22805.
- - Extract the code for handling newly-open channels into a separate
- function from the general code to handle channel state
- transitions. This change simplifies our callgraph, reducing the
- size of the largest strongly connected component by roughly a
- factor of two. Closes ticket 22608.
- - Remove dead code for largely unused statistics on the number of
- times we've attempted various public key operations. Fixes bug
- 19871; bugfix on 0.1.2.4-alpha. Fix by Isis Lovecruft.
- - Remove several now-obsolete functions for asking about old
- variants directory authority status. Closes ticket 22311; patch
- from "huyvq".
- - Remove some of the code that once supported "Named" and "Unnamed"
- routers. Authorities no longer vote for these flags. Closes
- ticket 22215.
- - Rename the obsolete malleable hybrid_encrypt functions used in TAP
- and old hidden services, to indicate that they aren't suitable for
- new protocols or formats. Closes ticket 23026.
- - Replace our STRUCT_OFFSET() macro with offsetof(). Closes ticket
- 22521. Patch from Neel Chauhan.
- - Split the enormous circuit_send_next_onion_skin() function into
- multiple subfunctions. Closes ticket 22804.
- - Split the portions of the buffer.c module that handle particular
- protocols into separate modules. Part of ticket 23149.
- - Use our test macros more consistently, to produce more useful
- error messages when our unit tests fail. Add coccinelle patches to
- allow us to re-check for test macro uses. Closes ticket 22497.
- o Deprecated features:
- - The ReachableDirAddresses and ClientPreferIPv6DirPort options are
- now deprecated; they do not apply to relays, and they have had no
- effect on clients since 0.2.8.x. Closes ticket 19704.
- - Deprecate HTTPProxy/HTTPProxyAuthenticator config options. They
- only applies to direct unencrypted HTTP connections to your
- directory server, which your Tor probably isn't using. Closes
- ticket 20575.
- o Documentation:
- - Add notes in man page regarding OS support for the various
- scheduler types. Attempt to use less jargon in the scheduler
- section. Closes ticket 24254.
- - Clarify that the Address option is entirely about setting an
- advertised IPv4 address. Closes ticket 18891.
- - Clarify the manpage's use of the term "address" to clarify what
- kind of address is intended. Closes ticket 21405.
- - Document that onion service subdomains are allowed, and ignored.
- Closes ticket 18736.
- - Clarify in the manual that "Sandbox 1" is only supported on Linux
- kernels. Closes ticket 22677.
- - Document all values of PublishServerDescriptor in the manpage.
- Closes ticket 15645.
- - Improve the documentation for the directory port part of the
- DirAuthority line. Closes ticket 20152.
- - Restore documentation for the authorities' "approved-routers"
- file. Closes ticket 21148.
- o Removed features:
- - The AllowDotExit option has been removed as unsafe. It has been
- deprecated since 0.2.9.2-alpha. Closes ticket 23426.
- - The ClientDNSRejectInternalAddresses flag can no longer be set on
- non-testing networks. It has been deprecated since 0.2.9.2-alpha.
- Closes ticket 21031.
- - The controller API no longer includes an AUTHDIR_NEWDESCS event:
- nobody was using it any longer. Closes ticket 22377.
- Changes in version 0.3.1.9 - 2017-12-01:
- Tor 0.3.1.9 backports important security and stability fixes from the
- 0.3.2 development series. All Tor users should upgrade to this
- release, or to another of the releases coming out today.
- o Major bugfixes (security, backport from 0.3.2.6-alpha):
- - Fix a denial of service bug where an attacker could use a
- malformed directory object to cause a Tor instance to pause while
- OpenSSL would try to read a passphrase from the terminal. (Tor
- instances run without a terminal, which is the case for most Tor
- packages, are not impacted.) Fixes bug 24246; bugfix on every
- version of Tor. Also tracked as TROVE-2017-011 and CVE-2017-8821.
- Found by OSS-Fuzz as testcase 6360145429790720.
- - Fix a denial of service issue where an attacker could crash a
- directory authority using a malformed router descriptor. Fixes bug
- 24245; bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2017-010
- and CVE-2017-8820.
- - When checking for replays in the INTRODUCE1 cell data for a
- (legacy) onion service, correctly detect replays in the RSA-
- encrypted part of the cell. We were previously checking for
- replays on the entire cell, but those can be circumvented due to
- the malleability of Tor's legacy hybrid encryption. This fix helps
- prevent a traffic confirmation attack. Fixes bug 24244; bugfix on
- 0.2.4.1-alpha. This issue is also tracked as TROVE-2017-009
- and CVE-2017-8819.
- o Major bugfixes (security, onion service v2, backport from 0.3.2.6-alpha):
- - Fix a use-after-free error that could crash v2 Tor onion services
- when they failed to open circuits while expiring introduction
- points. Fixes bug 24313; bugfix on 0.2.7.2-alpha. This issue is
- also tracked as TROVE-2017-013 and CVE-2017-8823.
- o Major bugfixes (security, relay, backport from 0.3.2.6-alpha):
- - When running as a relay, make sure that we never build a path
- through ourselves, even in the case where we have somehow lost the
- version of our descriptor appearing in the consensus. Fixes part
- of bug 21534; bugfix on 0.2.0.1-alpha. This issue is also tracked
- as TROVE-2017-012 and CVE-2017-8822.
- - When running as a relay, make sure that we never choose ourselves
- as a guard. Fixes part of bug 21534; bugfix on 0.3.0.1-alpha. This
- issue is also tracked as TROVE-2017-012 and CVE-2017-8822.
- o Major bugfixes (exit relays, DNS, backport from 0.3.2.4-alpha):
- - Fix an issue causing DNS to fail on high-bandwidth exit nodes,
- making them nearly unusable. Fixes bugs 21394 and 18580; bugfix on
- 0.1.2.2-alpha, which introduced eventdns. Thanks to Dhalgren for
- identifying and finding a workaround to this bug and to Moritz,
- Arthur Edelstein, and Roger for helping to track it down and
- analyze it.
- o Minor features (bridge):
- - Bridges now include notice in their descriptors that they are
- bridges, and notice of their distribution status, based on their
- publication settings. Implements ticket 18329. For more fine-
- grained control of how a bridge is distributed, upgrade to 0.3.2.x
- or later.
- o Minor features (directory authority, backport from 0.3.2.6-alpha):
- - Add an IPv6 address for the "bastet" directory authority. Closes
- ticket 24394.
- o Minor features (geoip):
- - Update geoip and geoip6 to the November 6 2017 Maxmind GeoLite2
- Country database.
- o Minor bugfix (relay address resolution, backport from 0.3.2.1-alpha):
- - Avoid unnecessary calls to directory_fetches_from_authorities() on
- relays, to prevent spurious address resolutions and descriptor
- rebuilds. This is a mitigation for bug 21789. Fixes bug 23470;
- bugfix on in 0.2.8.1-alpha.
- o Minor bugfixes (compilation, backport from 0.3.2.1-alpha):
- - Fix unused variable warnings in donna's Curve25519 SSE2 code.
- Fixes bug 22895; bugfix on 0.2.7.2-alpha.
- o Minor bugfixes (logging, relay shutdown, annoyance, backport from 0.3.2.2-alpha):
- - When a circuit is marked for close, do not attempt to package any
- cells for channels on that circuit. Previously, we would detect
- this condition lower in the call stack, when we noticed that the
- circuit had no attached channel, and log an annoying message.
- Fixes bug 8185; bugfix on 0.2.5.4-alpha.
- o Minor bugfixes (onion service, backport from 0.3.2.5-alpha):
- - Rename the consensus parameter "hsdir-interval" to "hsdir_interval"
- so it matches dir-spec.txt. Fixes bug 24262; bugfix
- on 0.3.1.1-alpha.
- o Minor bugfixes (relay, crash, backport from 0.3.2.4-alpha):
- - Avoid a crash when transitioning from client mode to bridge mode.
- Previously, we would launch the worker threads whenever our
- "public server" mode changed, but not when our "server" mode
- changed. Fixes bug 23693; bugfix on 0.2.6.3-alpha.
- Changes in version 0.3.0.13 - 2017-12-01
- Tor 0.3.0.13 backports important security and stability bugfixes from
- later Tor releases. All Tor users should upgrade to this release, or
- to another of the releases coming out today.
- Note: the Tor 0.3.0 series will no longer be supported after 26 Jan
- 2018. If you need a release with long-term support, please stick with
- the 0.2.9 series. Otherwise, please upgrade to 0.3.1 or later.
- o Major bugfixes (security, backport from 0.3.2.6-alpha):
- - Fix a denial of service bug where an attacker could use a
- malformed directory object to cause a Tor instance to pause while
- OpenSSL would try to read a passphrase from the terminal. (Tor
- instances run without a terminal, which is the case for most Tor
- packages, are not impacted.) Fixes bug 24246; bugfix on every
- version of Tor. Also tracked as TROVE-2017-011 and CVE-2017-8821.
- Found by OSS-Fuzz as testcase 6360145429790720.
- - Fix a denial of service issue where an attacker could crash a
- directory authority using a malformed router descriptor. Fixes bug
- 24245; bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2017-010
- and CVE-2017-8820.
- - When checking for replays in the INTRODUCE1 cell data for a
- (legacy) onion service, correctly detect replays in the RSA-
- encrypted part of the cell. We were previously checking for
- replays on the entire cell, but those can be circumvented due to
- the malleability of Tor's legacy hybrid encryption. This fix helps
- prevent a traffic confirmation attack. Fixes bug 24244; bugfix on
- 0.2.4.1-alpha. This issue is also tracked as TROVE-2017-009
- and CVE-2017-8819.
- o Major bugfixes (security, onion service v2, backport from 0.3.2.6-alpha):
- - Fix a use-after-free error that could crash v2 Tor onion services
- when they failed to open circuits while expiring introduction
- points. Fixes bug 24313; bugfix on 0.2.7.2-alpha. This issue is
- also tracked as TROVE-2017-013 and CVE-2017-8823.
- o Major bugfixes (security, relay, backport from 0.3.2.6-alpha):
- - When running as a relay, make sure that we never build a path
- through ourselves, even in the case where we have somehow lost the
- version of our descriptor appearing in the consensus. Fixes part
- of bug 21534; bugfix on 0.2.0.1-alpha. This issue is also tracked
- as TROVE-2017-012 and CVE-2017-8822.
- - When running as a relay, make sure that we never choose ourselves
- as a guard. Fixes part of bug 21534; bugfix on 0.3.0.1-alpha. This
- issue is also tracked as TROVE-2017-012 and CVE-2017-8822.
- o Major bugfixes (exit relays, DNS, backport from 0.3.2.4-alpha):
- - Fix an issue causing DNS to fail on high-bandwidth exit nodes,
- making them nearly unusable. Fixes bugs 21394 and 18580; bugfix on
- 0.1.2.2-alpha, which introduced eventdns. Thanks to Dhalgren for
- identifying and finding a workaround to this bug and to Moritz,
- Arthur Edelstein, and Roger for helping to track it down and
- analyze it.
- o Minor features (security, windows, backport from 0.3.1.1-alpha):
- - Enable a couple of pieces of Windows hardening: one
- (HeapEnableTerminationOnCorruption) that has been on-by-default
- since Windows 8, and unavailable before Windows 7; and one
- (PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION) which we believe doesn't
- affect us, but shouldn't do any harm. Closes ticket 21953.
- o Minor features (bridge, backport from 0.3.1.9):
- - Bridges now include notice in their descriptors that they are
- bridges, and notice of their distribution status, based on their
- publication settings. Implements ticket 18329. For more fine-
- grained control of how a bridge is distributed, upgrade to 0.3.2.x
- or later.
- o Minor features (directory authority, backport from 0.3.2.6-alpha):
- - Add an IPv6 address for the "bastet" directory authority. Closes
- ticket 24394.
- o Minor features (geoip):
- - Update geoip and geoip6 to the November 6 2017 Maxmind GeoLite2
- Country database.
- o Minor bugfix (relay address resolution, backport from 0.3.2.1-alpha):
- - Avoid unnecessary calls to directory_fetches_from_authorities() on
- relays, to prevent spurious address resolutions and descriptor
- rebuilds. This is a mitigation for bug 21789. Fixes bug 23470;
- bugfix on in 0.2.8.1-alpha.
- o Minor bugfixes (compilation, backport from 0.3.2.1-alpha):
- - Fix unused variable warnings in donna's Curve25519 SSE2 code.
- Fixes bug 22895; bugfix on 0.2.7.2-alpha.
- o Minor bugfixes (logging, relay shutdown, annoyance, backport from 0.3.2.2-alpha):
- - When a circuit is marked for close, do not attempt to package any
- cells for channels on that circuit. Previously, we would detect
- this condition lower in the call stack, when we noticed that the
- circuit had no attached channel, and log an annoying message.
- Fixes bug 8185; bugfix on 0.2.5.4-alpha.
- o Minor bugfixes (relay, crash, backport from 0.3.2.4-alpha):
- - Avoid a crash when transitioning from client mode to bridge mode.
- Previously, we would launch the worker threads whenever our
- "public server" mode changed, but not when our "server" mode
- changed. Fixes bug 23693; bugfix on 0.2.6.3-alpha.
- o Minor bugfixes (testing, backport from 0.3.1.6-rc):
- - Fix an undersized buffer in test-memwipe.c. Fixes bug 23291;
- bugfix on 0.2.7.2-alpha. Found and patched by Ties Stuij.
- Changes in version 0.2.9.14 - 2017-12-01
- Tor 0.3.0.13 backports important security and stability bugfixes from
- later Tor releases. All Tor users should upgrade to this release, or
- to another of the releases coming out today.
- o Major bugfixes (exit relays, DNS, backport from 0.3.2.4-alpha):
- - Fix an issue causing DNS to fail on high-bandwidth exit nodes,
- making them nearly unusable. Fixes bugs 21394 and 18580; bugfix on
- 0.1.2.2-alpha, which introduced eventdns. Thanks to Dhalgren for
- identifying and finding a workaround to this bug and to Moritz,
- Arthur Edelstein, and Roger for helping to track it down and
- analyze it.
- o Major bugfixes (security, backport from 0.3.2.6-alpha):
- - Fix a denial of service bug where an attacker could use a
- malformed directory object to cause a Tor instance to pause while
- OpenSSL would try to read a passphrase from the terminal. (Tor
- instances run without a terminal, which is the case for most Tor
- packages, are not impacted.) Fixes bug 24246; bugfix on every
- version of Tor. Also tracked as TROVE-2017-011 and CVE-2017-8821.
- Found by OSS-Fuzz as testcase 6360145429790720.
- - Fix a denial of service issue where an attacker could crash a
- directory authority using a malformed router descriptor. Fixes bug
- 24245; bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2017-010
- and CVE-2017-8820.
- - When checking for replays in the INTRODUCE1 cell data for a
- (legacy) onion service, correctly detect replays in the RSA-
- encrypted part of the cell. We were previously checking for
- replays on the entire cell, but those can be circumvented due to
- the malleability of Tor's legacy hybrid encryption. This fix helps
- prevent a traffic confirmation attack. Fixes bug 24244; bugfix on
- 0.2.4.1-alpha. This issue is also tracked as TROVE-2017-009
- and CVE-2017-8819.
- o Major bugfixes (security, onion service v2, backport from 0.3.2.6-alpha):
- - Fix a use-after-free error that could crash v2 Tor onion services
- when they failed to open circuits while expiring introduction
- points. Fixes bug 24313; bugfix on 0.2.7.2-alpha. This issue is
- also tracked as TROVE-2017-013 and CVE-2017-8823.
- o Major bugfixes (security, relay, backport from 0.3.2.6-alpha):
- - When running as a relay, make sure that we never build a path
- through ourselves, even in the case where we have somehow lost the
- version of our descriptor appearing in the consensus. Fixes part
- of bug 21534; bugfix on 0.2.0.1-alpha. This issue is also tracked
- as TROVE-2017-012 and CVE-2017-8822.
- o Minor features (bridge, backport from 0.3.1.9):
- - Bridges now include notice in their descriptors that they are
- bridges, and notice of their distribution status, based on their
- publication settings. Implements ticket 18329. For more fine-
- grained control of how a bridge is distributed, upgrade to 0.3.2.x
- or later.
- o Minor features (directory authority, backport from 0.3.2.6-alpha):
- - Add an IPv6 address for the "bastet" directory authority. Closes
- ticket 24394.
- o Minor features (geoip):
- - Update geoip and geoip6 to the November 6 2017 Maxmind GeoLite2
- Country database.
- o Minor features (security, windows, backport from 0.3.1.1-alpha):
- - Enable a couple of pieces of Windows hardening: one
- (HeapEnableTerminationOnCorruption) that has been on-by-default
- since Windows 8, and unavailable before Windows 7; and one
- (PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION) which we believe doesn't
- affect us, but shouldn't do any harm. Closes ticket 21953.
- o Minor bugfix (relay address resolution, backport from 0.3.2.1-alpha):
- - Avoid unnecessary calls to directory_fetches_from_authorities() on
- relays, to prevent spurious address resolutions and descriptor
- rebuilds. This is a mitigation for bug 21789. Fixes bug 23470;
- bugfix on in 0.2.8.1-alpha.
- o Minor bugfixes (compilation, backport from 0.3.2.1-alpha):
- - Fix unused variable warnings in donna's Curve25519 SSE2 code.
- Fixes bug 22895; bugfix on 0.2.7.2-alpha.
- o Minor bugfixes (logging, relay shutdown, annoyance, backport from 0.3.2.2-alpha):
- - When a circuit is marked for close, do not attempt to package any
- cells for channels on that circuit. Previously, we would detect
- this condition lower in the call stack, when we noticed that the
- circuit had no attached channel, and log an annoying message.
- Fixes bug 8185; bugfix on 0.2.5.4-alpha.
- o Minor bugfixes (relay, crash, backport from 0.3.2.4-alpha):
- - Avoid a crash when transitioning from client mode to bridge mode.
- Previously, we would launch the worker threads whenever our
- "public server" mode changed, but not when our "server" mode
- changed. Fixes bug 23693; bugfix on 0.2.6.3-alpha.
- o Minor bugfixes (testing, backport from 0.3.1.6-rc):
- - Fix an undersized buffer in test-memwipe.c. Fixes bug 23291;
- bugfix on 0.2.7.2-alpha. Found and patched by Ties Stuij.
- Changes in version 0.2.8.17 - 2017-12-01
- Tor 0.2.8.17 backports important security and stability bugfixes from
- later Tor releases. All Tor users should upgrade to this release, or
- to another of the releases coming out today.
- Note: the Tor 0.2.8 series will no longer be supported after 1 Jan
- 2018. If you need a release with long-term support, please upgrade with
- the 0.2.9 series. Otherwise, please upgrade to 0.3.1 or later.
- o Major bugfixes (security, backport from 0.3.2.6-alpha):
- - Fix a denial of service bug where an attacker could use a
- malformed directory object to cause a Tor instance to pause while
- OpenSSL would try to read a passphrase from the terminal. (Tor
- instances run without a terminal, which is the case for most Tor
- packages, are not impacted.) Fixes bug 24246; bugfix on every
- version of Tor. Also tracked as TROVE-2017-011 and CVE-2017-8821.
- Found by OSS-Fuzz as testcase 6360145429790720.
- - When checking for replays in the INTRODUCE1 cell data for a
- (legacy) onion service, correctly detect replays in the RSA-
- encrypted part of the cell. We were previously checking for
- replays on the entire cell, but those can be circumvented due to
- the malleability of Tor's legacy hybrid encryption. This fix helps
- prevent a traffic confirmation attack. Fixes bug 24244; bugfix on
- 0.2.4.1-alpha. This issue is also tracked as TROVE-2017-009
- and CVE-2017-8819.
- o Major bugfixes (security, onion service v2, backport from 0.3.2.6-alpha):
- - Fix a use-after-free error that could crash v2 Tor onion services
- when they failed to open circuits while expiring introduction
- points. Fixes bug 24313; bugfix on 0.2.7.2-alpha. This issue is
- also tracked as TROVE-2017-013 and CVE-2017-8823.
- o Major bugfixes (security, relay, backport from 0.3.2.6-alpha):
- - When running as a relay, make sure that we never build a path through
- ourselves, even in the case where we have somehow lost the version of
- our descriptor appearing in the consensus. Fixes part of bug 21534;
- bugfix on 0.2.0.1-alpha. This issue is also tracked as TROVE-2017-012
- and CVE-2017-8822.
- o Minor
|