ReleaseNotes 1.1 MB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483148414851486148714881489149014911492149314941495149614971498149915001501150215031504150515061507150815091510151115121513151415151516151715181519152015211522152315241525152615271528152915301531153215331534153515361537153815391540154115421543154415451546154715481549155015511552155315541555155615571558155915601561156215631564156515661567156815691570157115721573157415751576157715781579158015811582158315841585158615871588158915901591159215931594159515961597159815991600160116021603160416051606160716081609161016111612161316141615161616171618161916201621162216231624162516261627162816291630163116321633163416351636163716381639164016411642164316441645164616471648164916501651165216531654165516561657165816591660166116621663166416651666166716681669167016711672167316741675167616771678167916801681168216831684168516861687168816891690169116921693169416951696169716981699170017011702170317041705170617071708170917101711171217131714171517161717171817191720172117221723172417251726172717281729173017311732173317341735173617371738173917401741174217431744174517461747174817491750175117521753175417551756175717581759176017611762176317641765176617671768176917701771177217731774177517761777177817791780178117821783178417851786178717881789179017911792179317941795179617971798179918001801180218031804180518061807180818091810181118121813181418151816181718181819182018211822182318241825182618271828182918301831183218331834183518361837183818391840184118421843184418451846184718481849185018511852185318541855185618571858185918601861186218631864186518661867186818691870187118721873187418751876187718781879188018811882188318841885188618871888188918901891189218931894189518961897189818991900190119021903190419051906190719081909191019111912191319141915191619171918191919201921192219231924192519261927192819291930193119321933193419351936193719381939194019411942194319441945194619471948194919501951195219531954195519561957195819591960196119621963196419651966196719681969197019711972197319741975197619771978197919801981198219831984198519861987198819891990199119921993199419951996199719981999200020012002200320042005200620072008200920102011201220132014201520162017201820192020202120222023202420252026202720282029203020312032203320342035203620372038203920402041204220432044204520462047204820492050205120522053205420552056205720582059206020612062206320642065206620672068206920702071207220732074207520762077207820792080208120822083208420852086208720882089209020912092209320942095209620972098209921002101210221032104210521062107210821092110211121122113211421152116211721182119212021212122212321242125212621272128212921302131213221332134213521362137213821392140214121422143214421452146214721482149215021512152215321542155215621572158215921602161216221632164216521662167216821692170217121722173217421752176217721782179218021812182218321842185218621872188218921902191219221932194219521962197219821992200220122022203220422052206220722082209221022112212221322142215221622172218221922202221222222232224222522262227222822292230223122322233223422352236223722382239224022412242224322442245224622472248224922502251225222532254225522562257225822592260226122622263226422652266226722682269227022712272227322742275227622772278227922802281228222832284228522862287228822892290229122922293229422952296229722982299230023012302230323042305230623072308230923102311231223132314231523162317231823192320232123222323232423252326232723282329233023312332233323342335233623372338233923402341234223432344234523462347234823492350235123522353235423552356235723582359236023612362236323642365236623672368236923702371237223732374237523762377237823792380238123822383238423852386238723882389239023912392239323942395239623972398239924002401240224032404240524062407240824092410241124122413241424152416241724182419242024212422242324242425242624272428242924302431243224332434243524362437243824392440244124422443244424452446244724482449245024512452245324542455245624572458245924602461246224632464246524662467246824692470247124722473247424752476247724782479248024812482248324842485248624872488248924902491249224932494249524962497249824992500250125022503250425052506250725082509251025112512251325142515251625172518251925202521252225232524252525262527252825292530253125322533253425352536253725382539254025412542254325442545254625472548254925502551255225532554255525562557255825592560256125622563256425652566256725682569257025712572257325742575257625772578257925802581258225832584258525862587258825892590259125922593259425952596259725982599260026012602260326042605260626072608260926102611261226132614261526162617261826192620262126222623262426252626262726282629263026312632263326342635263626372638263926402641264226432644264526462647264826492650265126522653265426552656265726582659266026612662266326642665266626672668266926702671267226732674267526762677267826792680268126822683268426852686268726882689269026912692269326942695269626972698269927002701270227032704270527062707270827092710271127122713271427152716271727182719272027212722272327242725272627272728272927302731273227332734273527362737273827392740274127422743274427452746274727482749275027512752275327542755275627572758275927602761276227632764276527662767276827692770277127722773277427752776277727782779278027812782278327842785278627872788278927902791279227932794279527962797279827992800280128022803280428052806280728082809281028112812281328142815281628172818281928202821282228232824282528262827282828292830283128322833283428352836283728382839284028412842284328442845284628472848284928502851285228532854285528562857285828592860286128622863286428652866286728682869287028712872287328742875287628772878287928802881288228832884288528862887288828892890289128922893289428952896289728982899290029012902290329042905290629072908290929102911291229132914291529162917291829192920292129222923292429252926292729282929293029312932293329342935293629372938293929402941294229432944294529462947294829492950295129522953295429552956295729582959296029612962296329642965296629672968296929702971297229732974297529762977297829792980298129822983298429852986298729882989299029912992299329942995299629972998299930003001300230033004300530063007300830093010301130123013301430153016301730183019302030213022302330243025302630273028302930303031303230333034303530363037303830393040304130423043304430453046304730483049305030513052305330543055305630573058305930603061306230633064306530663067306830693070307130723073307430753076307730783079308030813082308330843085308630873088308930903091309230933094309530963097309830993100310131023103310431053106310731083109311031113112311331143115311631173118311931203121312231233124312531263127312831293130313131323133313431353136313731383139314031413142314331443145314631473148314931503151315231533154315531563157315831593160316131623163316431653166316731683169317031713172317331743175317631773178317931803181318231833184318531863187318831893190319131923193319431953196319731983199320032013202320332043205320632073208320932103211321232133214321532163217321832193220322132223223322432253226322732283229323032313232323332343235323632373238323932403241324232433244324532463247324832493250325132523253325432553256325732583259326032613262326332643265326632673268326932703271327232733274327532763277327832793280328132823283328432853286328732883289329032913292329332943295329632973298329933003301330233033304330533063307330833093310331133123313331433153316331733183319332033213322332333243325332633273328332933303331333233333334333533363337333833393340334133423343334433453346334733483349335033513352335333543355335633573358335933603361336233633364336533663367336833693370337133723373337433753376337733783379338033813382338333843385338633873388338933903391339233933394339533963397339833993400340134023403340434053406340734083409341034113412341334143415341634173418341934203421342234233424342534263427342834293430343134323433343434353436343734383439344034413442344334443445344634473448344934503451345234533454345534563457345834593460346134623463346434653466346734683469347034713472347334743475347634773478347934803481348234833484348534863487348834893490349134923493349434953496349734983499350035013502350335043505350635073508350935103511351235133514351535163517351835193520352135223523352435253526352735283529353035313532353335343535353635373538353935403541354235433544354535463547354835493550355135523553355435553556355735583559356035613562356335643565356635673568356935703571357235733574357535763577357835793580358135823583358435853586358735883589359035913592359335943595359635973598359936003601360236033604360536063607360836093610361136123613361436153616361736183619362036213622362336243625362636273628362936303631363236333634363536363637363836393640364136423643364436453646364736483649365036513652365336543655365636573658365936603661366236633664366536663667366836693670367136723673367436753676367736783679368036813682368336843685368636873688368936903691369236933694369536963697369836993700370137023703370437053706370737083709371037113712371337143715371637173718371937203721372237233724372537263727372837293730373137323733373437353736373737383739374037413742374337443745374637473748374937503751375237533754375537563757375837593760376137623763376437653766376737683769377037713772377337743775377637773778377937803781378237833784378537863787378837893790379137923793379437953796379737983799380038013802380338043805380638073808380938103811381238133814381538163817381838193820382138223823382438253826382738283829383038313832383338343835383638373838383938403841384238433844384538463847384838493850385138523853385438553856385738583859386038613862386338643865386638673868386938703871387238733874387538763877387838793880388138823883388438853886388738883889389038913892389338943895389638973898389939003901390239033904390539063907390839093910391139123913391439153916391739183919392039213922392339243925392639273928392939303931393239333934393539363937393839393940394139423943394439453946394739483949395039513952395339543955395639573958395939603961396239633964396539663967396839693970397139723973397439753976397739783979398039813982398339843985398639873988398939903991399239933994399539963997399839994000400140024003400440054006400740084009401040114012401340144015401640174018401940204021402240234024402540264027402840294030403140324033403440354036403740384039404040414042404340444045404640474048404940504051405240534054405540564057405840594060406140624063406440654066406740684069407040714072407340744075407640774078407940804081408240834084408540864087408840894090409140924093409440954096409740984099410041014102410341044105410641074108410941104111411241134114411541164117411841194120412141224123412441254126412741284129413041314132413341344135413641374138413941404141414241434144414541464147414841494150415141524153415441554156415741584159416041614162416341644165416641674168416941704171417241734174417541764177417841794180418141824183418441854186418741884189419041914192419341944195419641974198419942004201420242034204420542064207420842094210421142124213421442154216421742184219422042214222422342244225422642274228422942304231423242334234423542364237423842394240424142424243424442454246424742484249425042514252425342544255425642574258425942604261426242634264426542664267426842694270427142724273427442754276427742784279428042814282428342844285428642874288428942904291429242934294429542964297429842994300430143024303430443054306430743084309431043114312431343144315431643174318431943204321432243234324432543264327432843294330433143324333433443354336433743384339434043414342434343444345434643474348434943504351435243534354435543564357435843594360436143624363436443654366436743684369437043714372437343744375437643774378437943804381438243834384438543864387438843894390439143924393439443954396439743984399440044014402440344044405440644074408440944104411441244134414441544164417441844194420442144224423442444254426442744284429443044314432443344344435443644374438443944404441444244434444444544464447444844494450445144524453445444554456445744584459446044614462446344644465446644674468446944704471447244734474447544764477447844794480448144824483448444854486448744884489449044914492449344944495449644974498449945004501450245034504450545064507450845094510451145124513451445154516451745184519452045214522452345244525452645274528452945304531453245334534453545364537453845394540454145424543454445454546454745484549455045514552455345544555455645574558455945604561456245634564456545664567456845694570457145724573457445754576457745784579458045814582458345844585458645874588458945904591459245934594459545964597459845994600460146024603460446054606460746084609461046114612461346144615461646174618461946204621462246234624462546264627462846294630463146324633463446354636463746384639464046414642464346444645464646474648464946504651465246534654465546564657465846594660466146624663466446654666466746684669467046714672467346744675467646774678467946804681468246834684468546864687468846894690469146924693469446954696469746984699470047014702470347044705470647074708470947104711471247134714471547164717471847194720472147224723472447254726472747284729473047314732473347344735473647374738473947404741474247434744474547464747474847494750475147524753475447554756475747584759476047614762476347644765476647674768476947704771477247734774477547764777477847794780478147824783478447854786478747884789479047914792479347944795479647974798479948004801480248034804480548064807480848094810481148124813481448154816481748184819482048214822482348244825482648274828482948304831483248334834483548364837483848394840484148424843484448454846484748484849485048514852485348544855485648574858485948604861486248634864486548664867486848694870487148724873487448754876487748784879488048814882488348844885488648874888488948904891489248934894489548964897489848994900490149024903490449054906490749084909491049114912491349144915491649174918491949204921492249234924492549264927492849294930493149324933493449354936493749384939494049414942494349444945494649474948494949504951495249534954495549564957495849594960496149624963496449654966496749684969497049714972497349744975497649774978497949804981498249834984498549864987498849894990499149924993499449954996499749984999500050015002500350045005500650075008500950105011501250135014501550165017501850195020502150225023502450255026502750285029503050315032503350345035503650375038503950405041504250435044504550465047504850495050505150525053505450555056505750585059506050615062506350645065506650675068506950705071507250735074507550765077507850795080508150825083508450855086508750885089509050915092509350945095509650975098509951005101510251035104510551065107510851095110511151125113511451155116511751185119512051215122512351245125512651275128512951305131513251335134513551365137513851395140514151425143514451455146514751485149515051515152515351545155515651575158515951605161516251635164516551665167516851695170517151725173517451755176517751785179518051815182518351845185518651875188518951905191519251935194519551965197519851995200520152025203520452055206520752085209521052115212521352145215521652175218521952205221522252235224522552265227522852295230523152325233523452355236523752385239524052415242524352445245524652475248524952505251525252535254525552565257525852595260526152625263526452655266526752685269527052715272527352745275527652775278527952805281528252835284528552865287528852895290529152925293529452955296529752985299530053015302530353045305530653075308530953105311531253135314531553165317531853195320532153225323532453255326532753285329533053315332533353345335533653375338533953405341534253435344534553465347534853495350535153525353535453555356535753585359536053615362536353645365536653675368536953705371537253735374537553765377537853795380538153825383538453855386538753885389539053915392539353945395539653975398539954005401540254035404540554065407540854095410541154125413541454155416541754185419542054215422542354245425542654275428542954305431543254335434543554365437543854395440544154425443544454455446544754485449545054515452545354545455545654575458545954605461546254635464546554665467546854695470547154725473547454755476547754785479548054815482548354845485548654875488548954905491549254935494549554965497549854995500550155025503550455055506550755085509551055115512551355145515551655175518551955205521552255235524552555265527552855295530553155325533553455355536553755385539554055415542554355445545554655475548554955505551555255535554555555565557555855595560556155625563556455655566556755685569557055715572557355745575557655775578557955805581558255835584558555865587558855895590559155925593559455955596559755985599560056015602560356045605560656075608560956105611561256135614561556165617561856195620562156225623562456255626562756285629563056315632563356345635563656375638563956405641564256435644564556465647564856495650565156525653565456555656565756585659566056615662566356645665566656675668566956705671567256735674567556765677567856795680568156825683568456855686568756885689569056915692569356945695569656975698569957005701570257035704570557065707570857095710571157125713571457155716571757185719572057215722572357245725572657275728572957305731573257335734573557365737573857395740574157425743574457455746574757485749575057515752575357545755575657575758575957605761576257635764576557665767576857695770577157725773577457755776577757785779578057815782578357845785578657875788578957905791579257935794579557965797579857995800580158025803580458055806580758085809581058115812581358145815581658175818581958205821582258235824582558265827582858295830583158325833583458355836583758385839584058415842584358445845584658475848584958505851585258535854585558565857585858595860586158625863586458655866586758685869587058715872587358745875587658775878587958805881588258835884588558865887588858895890589158925893589458955896589758985899590059015902590359045905590659075908590959105911591259135914591559165917591859195920592159225923592459255926592759285929593059315932593359345935593659375938593959405941594259435944594559465947594859495950595159525953595459555956595759585959596059615962596359645965596659675968596959705971597259735974597559765977597859795980598159825983598459855986598759885989599059915992599359945995599659975998599960006001600260036004600560066007600860096010601160126013601460156016601760186019602060216022602360246025602660276028602960306031603260336034603560366037603860396040604160426043604460456046604760486049605060516052605360546055605660576058605960606061606260636064606560666067606860696070607160726073607460756076607760786079608060816082608360846085608660876088608960906091609260936094609560966097609860996100610161026103610461056106610761086109611061116112611361146115611661176118611961206121612261236124612561266127612861296130613161326133613461356136613761386139614061416142614361446145614661476148614961506151615261536154615561566157615861596160616161626163616461656166616761686169617061716172617361746175617661776178617961806181618261836184618561866187618861896190619161926193619461956196619761986199620062016202620362046205620662076208620962106211621262136214621562166217621862196220622162226223622462256226622762286229623062316232623362346235623662376238623962406241624262436244624562466247624862496250625162526253625462556256625762586259626062616262626362646265626662676268626962706271627262736274627562766277627862796280628162826283628462856286628762886289629062916292629362946295629662976298629963006301630263036304630563066307630863096310631163126313631463156316631763186319632063216322632363246325632663276328632963306331633263336334633563366337633863396340634163426343634463456346634763486349635063516352635363546355635663576358635963606361636263636364636563666367636863696370637163726373637463756376637763786379638063816382638363846385638663876388638963906391639263936394639563966397639863996400640164026403640464056406640764086409641064116412641364146415641664176418641964206421642264236424642564266427642864296430643164326433643464356436643764386439644064416442644364446445644664476448644964506451645264536454645564566457645864596460646164626463646464656466646764686469647064716472647364746475647664776478647964806481648264836484648564866487648864896490649164926493649464956496649764986499650065016502650365046505650665076508650965106511651265136514651565166517651865196520652165226523652465256526652765286529653065316532653365346535653665376538653965406541654265436544654565466547654865496550655165526553655465556556655765586559656065616562656365646565656665676568656965706571657265736574657565766577657865796580658165826583658465856586658765886589659065916592659365946595659665976598659966006601660266036604660566066607660866096610661166126613661466156616661766186619662066216622662366246625662666276628662966306631663266336634663566366637663866396640664166426643664466456646664766486649665066516652665366546655665666576658665966606661666266636664666566666667666866696670667166726673667466756676667766786679668066816682668366846685668666876688668966906691669266936694669566966697669866996700670167026703670467056706670767086709671067116712671367146715671667176718671967206721672267236724672567266727672867296730673167326733673467356736673767386739674067416742674367446745674667476748674967506751675267536754675567566757675867596760676167626763676467656766676767686769677067716772677367746775677667776778677967806781678267836784678567866787678867896790679167926793679467956796679767986799680068016802680368046805680668076808680968106811681268136814681568166817681868196820682168226823682468256826682768286829683068316832683368346835683668376838683968406841684268436844684568466847684868496850685168526853685468556856685768586859686068616862686368646865686668676868686968706871687268736874687568766877687868796880688168826883688468856886688768886889689068916892689368946895689668976898689969006901690269036904690569066907690869096910691169126913691469156916691769186919692069216922692369246925692669276928692969306931693269336934693569366937693869396940694169426943694469456946694769486949695069516952695369546955695669576958695969606961696269636964696569666967696869696970697169726973697469756976697769786979698069816982698369846985698669876988698969906991699269936994699569966997699869997000700170027003700470057006700770087009701070117012701370147015701670177018701970207021702270237024702570267027702870297030703170327033703470357036703770387039704070417042704370447045704670477048704970507051705270537054705570567057705870597060706170627063706470657066706770687069707070717072707370747075707670777078707970807081708270837084708570867087708870897090709170927093709470957096709770987099710071017102710371047105710671077108710971107111711271137114711571167117711871197120712171227123712471257126712771287129713071317132713371347135713671377138713971407141714271437144714571467147714871497150715171527153715471557156715771587159716071617162716371647165716671677168716971707171717271737174717571767177717871797180718171827183718471857186718771887189719071917192719371947195719671977198719972007201720272037204720572067207720872097210721172127213721472157216721772187219722072217222722372247225722672277228722972307231723272337234723572367237723872397240724172427243724472457246724772487249725072517252725372547255725672577258725972607261726272637264726572667267726872697270727172727273727472757276727772787279728072817282728372847285728672877288728972907291729272937294729572967297729872997300730173027303730473057306730773087309731073117312731373147315731673177318731973207321732273237324732573267327732873297330733173327333733473357336733773387339734073417342734373447345734673477348734973507351735273537354735573567357735873597360736173627363736473657366736773687369737073717372737373747375737673777378737973807381738273837384738573867387738873897390739173927393739473957396739773987399740074017402740374047405740674077408740974107411741274137414741574167417741874197420742174227423742474257426742774287429743074317432743374347435743674377438743974407441744274437444744574467447744874497450745174527453745474557456745774587459746074617462746374647465746674677468746974707471747274737474747574767477747874797480748174827483748474857486748774887489749074917492749374947495749674977498749975007501750275037504750575067507750875097510751175127513751475157516751775187519752075217522752375247525752675277528752975307531753275337534753575367537753875397540754175427543754475457546754775487549755075517552755375547555755675577558755975607561756275637564756575667567756875697570757175727573757475757576757775787579758075817582758375847585758675877588758975907591759275937594759575967597759875997600760176027603760476057606760776087609761076117612761376147615761676177618761976207621762276237624762576267627762876297630763176327633763476357636763776387639764076417642764376447645764676477648764976507651765276537654765576567657765876597660766176627663766476657666766776687669767076717672767376747675767676777678767976807681768276837684768576867687768876897690769176927693769476957696769776987699770077017702770377047705770677077708770977107711771277137714771577167717771877197720772177227723772477257726772777287729773077317732773377347735773677377738773977407741774277437744774577467747774877497750775177527753775477557756775777587759776077617762776377647765776677677768776977707771777277737774777577767777777877797780778177827783778477857786778777887789779077917792779377947795779677977798779978007801780278037804780578067807780878097810781178127813781478157816781778187819782078217822782378247825782678277828782978307831783278337834783578367837783878397840784178427843784478457846784778487849785078517852785378547855785678577858785978607861786278637864786578667867786878697870787178727873787478757876787778787879788078817882788378847885788678877888788978907891789278937894789578967897789878997900790179027903790479057906790779087909791079117912791379147915791679177918791979207921792279237924792579267927792879297930793179327933793479357936793779387939794079417942794379447945794679477948794979507951795279537954795579567957795879597960796179627963796479657966796779687969797079717972797379747975797679777978797979807981798279837984798579867987798879897990799179927993799479957996799779987999800080018002800380048005800680078008800980108011801280138014801580168017801880198020802180228023802480258026802780288029803080318032803380348035803680378038803980408041804280438044804580468047804880498050805180528053805480558056805780588059806080618062806380648065806680678068806980708071807280738074807580768077807880798080808180828083808480858086808780888089809080918092809380948095809680978098809981008101810281038104810581068107810881098110811181128113811481158116811781188119812081218122812381248125812681278128812981308131813281338134813581368137813881398140814181428143814481458146814781488149815081518152815381548155815681578158815981608161816281638164816581668167816881698170817181728173817481758176817781788179818081818182818381848185818681878188818981908191819281938194819581968197819881998200820182028203820482058206820782088209821082118212821382148215821682178218821982208221822282238224822582268227822882298230823182328233823482358236823782388239824082418242824382448245824682478248824982508251825282538254825582568257825882598260826182628263826482658266826782688269827082718272827382748275827682778278827982808281828282838284828582868287828882898290829182928293829482958296829782988299830083018302830383048305830683078308830983108311831283138314831583168317831883198320832183228323832483258326832783288329833083318332833383348335833683378338833983408341834283438344834583468347834883498350835183528353835483558356835783588359836083618362836383648365836683678368836983708371837283738374837583768377837883798380838183828383838483858386838783888389839083918392839383948395839683978398839984008401840284038404840584068407840884098410841184128413841484158416841784188419842084218422842384248425842684278428842984308431843284338434843584368437843884398440844184428443844484458446844784488449845084518452845384548455845684578458845984608461846284638464846584668467846884698470847184728473847484758476847784788479848084818482848384848485848684878488848984908491849284938494849584968497849884998500850185028503850485058506850785088509851085118512851385148515851685178518851985208521852285238524852585268527852885298530853185328533853485358536853785388539854085418542854385448545854685478548854985508551855285538554855585568557855885598560856185628563856485658566856785688569857085718572857385748575857685778578857985808581858285838584858585868587858885898590859185928593859485958596859785988599860086018602860386048605860686078608860986108611861286138614861586168617861886198620862186228623862486258626862786288629863086318632863386348635863686378638863986408641864286438644864586468647864886498650865186528653865486558656865786588659866086618662866386648665866686678668866986708671867286738674867586768677867886798680868186828683868486858686868786888689869086918692869386948695869686978698869987008701870287038704870587068707870887098710871187128713871487158716871787188719872087218722872387248725872687278728872987308731873287338734873587368737873887398740874187428743874487458746874787488749875087518752875387548755875687578758875987608761876287638764876587668767876887698770877187728773877487758776877787788779878087818782878387848785878687878788878987908791879287938794879587968797879887998800880188028803880488058806880788088809881088118812881388148815881688178818881988208821882288238824882588268827882888298830883188328833883488358836883788388839884088418842884388448845884688478848884988508851885288538854885588568857885888598860886188628863886488658866886788688869887088718872887388748875887688778878887988808881888288838884888588868887888888898890889188928893889488958896889788988899890089018902890389048905890689078908890989108911891289138914891589168917891889198920892189228923892489258926892789288929893089318932893389348935893689378938893989408941894289438944894589468947894889498950895189528953895489558956895789588959896089618962896389648965896689678968896989708971897289738974897589768977897889798980898189828983898489858986898789888989899089918992899389948995899689978998899990009001900290039004900590069007900890099010901190129013901490159016901790189019902090219022902390249025902690279028902990309031903290339034903590369037903890399040904190429043904490459046904790489049905090519052905390549055905690579058905990609061906290639064906590669067906890699070907190729073907490759076907790789079908090819082908390849085908690879088908990909091909290939094909590969097909890999100910191029103910491059106910791089109911091119112911391149115911691179118911991209121912291239124912591269127912891299130913191329133913491359136913791389139914091419142914391449145914691479148914991509151915291539154915591569157915891599160916191629163916491659166916791689169917091719172917391749175917691779178917991809181918291839184918591869187918891899190919191929193919491959196919791989199920092019202920392049205920692079208920992109211921292139214921592169217921892199220922192229223922492259226922792289229923092319232923392349235923692379238923992409241924292439244924592469247924892499250925192529253925492559256925792589259926092619262926392649265926692679268926992709271927292739274927592769277927892799280928192829283928492859286928792889289929092919292929392949295929692979298929993009301930293039304930593069307930893099310931193129313931493159316931793189319932093219322932393249325932693279328932993309331933293339334933593369337933893399340934193429343934493459346934793489349935093519352935393549355935693579358935993609361936293639364936593669367936893699370937193729373937493759376937793789379938093819382938393849385938693879388938993909391939293939394939593969397939893999400940194029403940494059406940794089409941094119412941394149415941694179418941994209421942294239424942594269427942894299430943194329433943494359436943794389439944094419442944394449445944694479448944994509451945294539454945594569457945894599460946194629463946494659466946794689469947094719472947394749475947694779478947994809481948294839484948594869487948894899490949194929493949494959496949794989499950095019502950395049505950695079508950995109511951295139514951595169517951895199520952195229523952495259526952795289529953095319532953395349535953695379538953995409541954295439544954595469547954895499550955195529553955495559556955795589559956095619562956395649565956695679568956995709571957295739574957595769577957895799580958195829583958495859586958795889589959095919592959395949595959695979598959996009601960296039604960596069607960896099610961196129613961496159616961796189619962096219622962396249625962696279628962996309631963296339634963596369637963896399640964196429643964496459646964796489649965096519652965396549655965696579658965996609661966296639664966596669667966896699670967196729673967496759676967796789679968096819682968396849685968696879688968996909691969296939694969596969697969896999700970197029703970497059706970797089709971097119712971397149715971697179718971997209721972297239724972597269727972897299730973197329733973497359736973797389739974097419742974397449745974697479748974997509751975297539754975597569757975897599760976197629763976497659766976797689769977097719772977397749775977697779778977997809781978297839784978597869787978897899790979197929793979497959796979797989799980098019802980398049805980698079808980998109811981298139814981598169817981898199820982198229823982498259826982798289829983098319832983398349835983698379838983998409841984298439844984598469847984898499850985198529853985498559856985798589859986098619862986398649865986698679868986998709871987298739874987598769877987898799880988198829883988498859886988798889889989098919892989398949895989698979898989999009901990299039904990599069907990899099910991199129913991499159916991799189919992099219922992399249925992699279928992999309931993299339934993599369937993899399940994199429943994499459946994799489949995099519952995399549955995699579958995999609961996299639964996599669967996899699970997199729973997499759976997799789979998099819982998399849985998699879988998999909991999299939994999599969997999899991000010001100021000310004100051000610007100081000910010100111001210013100141001510016100171001810019100201002110022100231002410025100261002710028100291003010031100321003310034100351003610037100381003910040100411004210043100441004510046100471004810049100501005110052100531005410055100561005710058100591006010061100621006310064100651006610067100681006910070100711007210073100741007510076100771007810079100801008110082100831008410085100861008710088100891009010091100921009310094100951009610097100981009910100101011010210103101041010510106101071010810109101101011110112101131011410115101161011710118101191012010121101221012310124101251012610127101281012910130101311013210133101341013510136101371013810139101401014110142101431014410145101461014710148101491015010151101521015310154101551015610157101581015910160101611016210163101641016510166101671016810169101701017110172101731017410175101761017710178101791018010181101821018310184101851018610187101881018910190101911019210193101941019510196101971019810199102001020110202102031020410205102061020710208102091021010211102121021310214102151021610217102181021910220102211022210223102241022510226102271022810229102301023110232102331023410235102361023710238102391024010241102421024310244102451024610247102481024910250102511025210253102541025510256102571025810259102601026110262102631026410265102661026710268102691027010271102721027310274102751027610277102781027910280102811028210283102841028510286102871028810289102901029110292102931029410295102961029710298102991030010301103021030310304103051030610307103081030910310103111031210313103141031510316103171031810319103201032110322103231032410325103261032710328103291033010331103321033310334103351033610337103381033910340103411034210343103441034510346103471034810349103501035110352103531035410355103561035710358103591036010361103621036310364103651036610367103681036910370103711037210373103741037510376103771037810379103801038110382103831038410385103861038710388103891039010391103921039310394103951039610397103981039910400104011040210403104041040510406104071040810409104101041110412104131041410415104161041710418104191042010421104221042310424104251042610427104281042910430104311043210433104341043510436104371043810439104401044110442104431044410445104461044710448104491045010451104521045310454104551045610457104581045910460104611046210463104641046510466104671046810469104701047110472104731047410475104761047710478104791048010481104821048310484104851048610487104881048910490104911049210493104941049510496104971049810499105001050110502105031050410505105061050710508105091051010511105121051310514105151051610517105181051910520105211052210523105241052510526105271052810529105301053110532105331053410535105361053710538105391054010541105421054310544105451054610547105481054910550105511055210553105541055510556105571055810559105601056110562105631056410565105661056710568105691057010571105721057310574105751057610577105781057910580105811058210583105841058510586105871058810589105901059110592105931059410595105961059710598105991060010601106021060310604106051060610607106081060910610106111061210613106141061510616106171061810619106201062110622106231062410625106261062710628106291063010631106321063310634106351063610637106381063910640106411064210643106441064510646106471064810649106501065110652106531065410655106561065710658106591066010661106621066310664106651066610667106681066910670106711067210673106741067510676106771067810679106801068110682106831068410685106861068710688106891069010691106921069310694106951069610697106981069910700107011070210703107041070510706107071070810709107101071110712107131071410715107161071710718107191072010721107221072310724107251072610727107281072910730107311073210733107341073510736107371073810739107401074110742107431074410745107461074710748107491075010751107521075310754107551075610757107581075910760107611076210763107641076510766107671076810769107701077110772107731077410775107761077710778107791078010781107821078310784107851078610787107881078910790107911079210793107941079510796107971079810799108001080110802108031080410805108061080710808108091081010811108121081310814108151081610817108181081910820108211082210823108241082510826108271082810829108301083110832108331083410835108361083710838108391084010841108421084310844108451084610847108481084910850108511085210853108541085510856108571085810859108601086110862108631086410865108661086710868108691087010871108721087310874108751087610877108781087910880108811088210883108841088510886108871088810889108901089110892108931089410895108961089710898108991090010901109021090310904109051090610907109081090910910109111091210913109141091510916109171091810919109201092110922109231092410925109261092710928109291093010931109321093310934109351093610937109381093910940109411094210943109441094510946109471094810949109501095110952109531095410955109561095710958109591096010961109621096310964109651096610967109681096910970109711097210973109741097510976109771097810979109801098110982109831098410985109861098710988109891099010991109921099310994109951099610997109981099911000110011100211003110041100511006110071100811009110101101111012110131101411015110161101711018110191102011021110221102311024110251102611027110281102911030110311103211033110341103511036110371103811039110401104111042110431104411045110461104711048110491105011051110521105311054110551105611057110581105911060110611106211063110641106511066110671106811069110701107111072110731107411075110761107711078110791108011081110821108311084110851108611087110881108911090110911109211093110941109511096110971109811099111001110111102111031110411105111061110711108111091111011111111121111311114111151111611117111181111911120111211112211123111241112511126111271112811129111301113111132111331113411135111361113711138111391114011141111421114311144111451114611147111481114911150111511115211153111541115511156111571115811159111601116111162111631116411165111661116711168111691117011171111721117311174111751117611177111781117911180111811118211183111841118511186111871118811189111901119111192111931119411195111961119711198111991120011201112021120311204112051120611207112081120911210112111121211213112141121511216112171121811219112201122111222112231122411225112261122711228112291123011231112321123311234112351123611237112381123911240112411124211243112441124511246112471124811249112501125111252112531125411255112561125711258112591126011261112621126311264112651126611267112681126911270112711127211273112741127511276112771127811279112801128111282112831128411285112861128711288112891129011291112921129311294112951129611297112981129911300113011130211303113041130511306113071130811309113101131111312113131131411315113161131711318113191132011321113221132311324113251132611327113281132911330113311133211333113341133511336113371133811339113401134111342113431134411345113461134711348113491135011351113521135311354113551135611357113581135911360113611136211363113641136511366113671136811369113701137111372113731137411375113761137711378113791138011381113821138311384113851138611387113881138911390113911139211393113941139511396113971139811399114001140111402114031140411405114061140711408114091141011411114121141311414114151141611417114181141911420114211142211423114241142511426114271142811429114301143111432114331143411435114361143711438114391144011441114421144311444114451144611447114481144911450114511145211453114541145511456114571145811459114601146111462114631146411465114661146711468114691147011471114721147311474114751147611477114781147911480114811148211483114841148511486114871148811489114901149111492114931149411495114961149711498114991150011501115021150311504115051150611507115081150911510115111151211513115141151511516115171151811519115201152111522115231152411525115261152711528115291153011531115321153311534115351153611537115381153911540115411154211543115441154511546115471154811549115501155111552115531155411555115561155711558115591156011561115621156311564115651156611567115681156911570115711157211573115741157511576115771157811579115801158111582115831158411585115861158711588115891159011591115921159311594115951159611597115981159911600116011160211603116041160511606116071160811609116101161111612116131161411615116161161711618116191162011621116221162311624116251162611627116281162911630116311163211633116341163511636116371163811639116401164111642116431164411645116461164711648116491165011651116521165311654116551165611657116581165911660116611166211663116641166511666116671166811669116701167111672116731167411675116761167711678116791168011681116821168311684116851168611687116881168911690116911169211693116941169511696116971169811699117001170111702117031170411705117061170711708117091171011711117121171311714117151171611717117181171911720117211172211723117241172511726117271172811729117301173111732117331173411735117361173711738117391174011741117421174311744117451174611747117481174911750117511175211753117541175511756117571175811759117601176111762117631176411765117661176711768117691177011771117721177311774117751177611777117781177911780117811178211783117841178511786117871178811789117901179111792117931179411795117961179711798117991180011801118021180311804118051180611807118081180911810118111181211813118141181511816118171181811819118201182111822118231182411825118261182711828118291183011831118321183311834118351183611837118381183911840118411184211843118441184511846118471184811849118501185111852118531185411855118561185711858118591186011861118621186311864118651186611867118681186911870118711187211873118741187511876118771187811879118801188111882118831188411885118861188711888118891189011891118921189311894118951189611897118981189911900119011190211903119041190511906119071190811909119101191111912119131191411915119161191711918119191192011921119221192311924119251192611927119281192911930119311193211933119341193511936119371193811939119401194111942119431194411945119461194711948119491195011951119521195311954119551195611957119581195911960119611196211963119641196511966119671196811969119701197111972119731197411975119761197711978119791198011981119821198311984119851198611987119881198911990119911199211993119941199511996119971199811999120001200112002120031200412005120061200712008120091201012011120121201312014120151201612017120181201912020120211202212023120241202512026120271202812029120301203112032120331203412035120361203712038120391204012041120421204312044120451204612047120481204912050120511205212053120541205512056120571205812059120601206112062120631206412065120661206712068120691207012071120721207312074120751207612077120781207912080120811208212083120841208512086120871208812089120901209112092120931209412095120961209712098120991210012101121021210312104121051210612107121081210912110121111211212113121141211512116121171211812119121201212112122121231212412125121261212712128121291213012131121321213312134121351213612137121381213912140121411214212143121441214512146121471214812149121501215112152121531215412155121561215712158121591216012161121621216312164121651216612167121681216912170121711217212173121741217512176121771217812179121801218112182121831218412185121861218712188121891219012191121921219312194121951219612197121981219912200122011220212203122041220512206122071220812209122101221112212122131221412215122161221712218122191222012221122221222312224122251222612227122281222912230122311223212233122341223512236122371223812239122401224112242122431224412245122461224712248122491225012251122521225312254122551225612257122581225912260122611226212263122641226512266122671226812269122701227112272122731227412275122761227712278122791228012281122821228312284122851228612287122881228912290122911229212293122941229512296122971229812299123001230112302123031230412305123061230712308123091231012311123121231312314123151231612317123181231912320123211232212323123241232512326123271232812329123301233112332123331233412335123361233712338123391234012341123421234312344123451234612347123481234912350123511235212353123541235512356123571235812359123601236112362123631236412365123661236712368123691237012371123721237312374123751237612377123781237912380123811238212383123841238512386123871238812389123901239112392123931239412395123961239712398123991240012401124021240312404124051240612407124081240912410124111241212413124141241512416124171241812419124201242112422124231242412425124261242712428124291243012431124321243312434124351243612437124381243912440124411244212443124441244512446124471244812449124501245112452124531245412455124561245712458124591246012461124621246312464124651246612467124681246912470124711247212473124741247512476124771247812479124801248112482124831248412485124861248712488124891249012491124921249312494124951249612497124981249912500125011250212503125041250512506125071250812509125101251112512125131251412515125161251712518125191252012521125221252312524125251252612527125281252912530125311253212533125341253512536125371253812539125401254112542125431254412545125461254712548125491255012551125521255312554125551255612557125581255912560125611256212563125641256512566125671256812569125701257112572125731257412575125761257712578125791258012581125821258312584125851258612587125881258912590125911259212593125941259512596125971259812599126001260112602126031260412605126061260712608126091261012611126121261312614126151261612617126181261912620126211262212623126241262512626126271262812629126301263112632126331263412635126361263712638126391264012641126421264312644126451264612647126481264912650126511265212653126541265512656126571265812659126601266112662126631266412665126661266712668126691267012671126721267312674126751267612677126781267912680126811268212683126841268512686126871268812689126901269112692126931269412695126961269712698126991270012701127021270312704127051270612707127081270912710127111271212713127141271512716127171271812719127201272112722127231272412725127261272712728127291273012731127321273312734127351273612737127381273912740127411274212743127441274512746127471274812749127501275112752127531275412755127561275712758127591276012761127621276312764127651276612767127681276912770127711277212773127741277512776127771277812779127801278112782127831278412785127861278712788127891279012791127921279312794127951279612797127981279912800128011280212803128041280512806128071280812809128101281112812128131281412815128161281712818128191282012821128221282312824128251282612827128281282912830128311283212833128341283512836128371283812839128401284112842128431284412845128461284712848128491285012851128521285312854128551285612857128581285912860128611286212863128641286512866128671286812869128701287112872128731287412875128761287712878128791288012881128821288312884128851288612887128881288912890128911289212893128941289512896128971289812899129001290112902129031290412905129061290712908129091291012911129121291312914129151291612917129181291912920129211292212923129241292512926129271292812929129301293112932129331293412935129361293712938129391294012941129421294312944129451294612947129481294912950129511295212953129541295512956129571295812959129601296112962129631296412965129661296712968129691297012971129721297312974129751297612977129781297912980129811298212983129841298512986129871298812989129901299112992129931299412995129961299712998129991300013001130021300313004130051300613007130081300913010130111301213013130141301513016130171301813019130201302113022130231302413025130261302713028130291303013031130321303313034130351303613037130381303913040130411304213043130441304513046130471304813049130501305113052130531305413055130561305713058130591306013061130621306313064130651306613067130681306913070130711307213073130741307513076130771307813079130801308113082130831308413085130861308713088130891309013091130921309313094130951309613097130981309913100131011310213103131041310513106131071310813109131101311113112131131311413115131161311713118131191312013121131221312313124131251312613127131281312913130131311313213133131341313513136131371313813139131401314113142131431314413145131461314713148131491315013151131521315313154131551315613157131581315913160131611316213163131641316513166131671316813169131701317113172131731317413175131761317713178131791318013181131821318313184131851318613187131881318913190131911319213193131941319513196131971319813199132001320113202132031320413205132061320713208132091321013211132121321313214132151321613217132181321913220132211322213223132241322513226132271322813229132301323113232132331323413235132361323713238132391324013241132421324313244132451324613247132481324913250132511325213253132541325513256132571325813259132601326113262132631326413265132661326713268132691327013271132721327313274132751327613277132781327913280132811328213283132841328513286132871328813289132901329113292132931329413295132961329713298132991330013301133021330313304133051330613307133081330913310133111331213313133141331513316133171331813319133201332113322133231332413325133261332713328133291333013331133321333313334133351333613337133381333913340133411334213343133441334513346133471334813349133501335113352133531335413355133561335713358133591336013361133621336313364133651336613367133681336913370133711337213373133741337513376133771337813379133801338113382133831338413385133861338713388133891339013391133921339313394133951339613397133981339913400134011340213403134041340513406134071340813409134101341113412134131341413415134161341713418134191342013421134221342313424134251342613427134281342913430134311343213433134341343513436134371343813439134401344113442134431344413445134461344713448134491345013451134521345313454134551345613457134581345913460134611346213463134641346513466134671346813469134701347113472134731347413475134761347713478134791348013481134821348313484134851348613487134881348913490134911349213493134941349513496134971349813499135001350113502135031350413505135061350713508135091351013511135121351313514135151351613517135181351913520135211352213523135241352513526135271352813529135301353113532135331353413535135361353713538135391354013541135421354313544135451354613547135481354913550135511355213553135541355513556135571355813559135601356113562135631356413565135661356713568135691357013571135721357313574135751357613577135781357913580135811358213583135841358513586135871358813589135901359113592135931359413595135961359713598135991360013601136021360313604136051360613607136081360913610136111361213613136141361513616136171361813619136201362113622136231362413625136261362713628136291363013631136321363313634136351363613637136381363913640136411364213643136441364513646136471364813649136501365113652136531365413655136561365713658136591366013661136621366313664136651366613667136681366913670136711367213673136741367513676136771367813679136801368113682136831368413685136861368713688136891369013691136921369313694136951369613697136981369913700137011370213703137041370513706137071370813709137101371113712137131371413715137161371713718137191372013721137221372313724137251372613727137281372913730137311373213733137341373513736137371373813739137401374113742137431374413745137461374713748137491375013751137521375313754137551375613757137581375913760137611376213763137641376513766137671376813769137701377113772137731377413775137761377713778137791378013781137821378313784137851378613787137881378913790137911379213793137941379513796137971379813799138001380113802138031380413805138061380713808138091381013811138121381313814138151381613817138181381913820138211382213823138241382513826138271382813829138301383113832138331383413835138361383713838138391384013841138421384313844138451384613847138481384913850138511385213853138541385513856138571385813859138601386113862138631386413865138661386713868138691387013871138721387313874138751387613877138781387913880138811388213883138841388513886138871388813889138901389113892138931389413895138961389713898138991390013901139021390313904139051390613907139081390913910139111391213913139141391513916139171391813919139201392113922139231392413925139261392713928139291393013931139321393313934139351393613937139381393913940139411394213943139441394513946139471394813949139501395113952139531395413955139561395713958139591396013961139621396313964139651396613967139681396913970139711397213973139741397513976139771397813979139801398113982139831398413985139861398713988139891399013991139921399313994139951399613997139981399914000140011400214003140041400514006140071400814009140101401114012140131401414015140161401714018140191402014021140221402314024140251402614027140281402914030140311403214033140341403514036140371403814039140401404114042140431404414045140461404714048140491405014051140521405314054140551405614057140581405914060140611406214063140641406514066140671406814069140701407114072140731407414075140761407714078140791408014081140821408314084140851408614087140881408914090140911409214093140941409514096140971409814099141001410114102141031410414105141061410714108141091411014111141121411314114141151411614117141181411914120141211412214123141241412514126141271412814129141301413114132141331413414135141361413714138141391414014141141421414314144141451414614147141481414914150141511415214153141541415514156141571415814159141601416114162141631416414165141661416714168141691417014171141721417314174141751417614177141781417914180141811418214183141841418514186141871418814189141901419114192141931419414195141961419714198141991420014201142021420314204142051420614207142081420914210142111421214213142141421514216142171421814219142201422114222142231422414225142261422714228142291423014231142321423314234142351423614237142381423914240142411424214243142441424514246142471424814249142501425114252142531425414255142561425714258142591426014261142621426314264142651426614267142681426914270142711427214273142741427514276142771427814279142801428114282142831428414285142861428714288142891429014291142921429314294142951429614297142981429914300143011430214303143041430514306143071430814309143101431114312143131431414315143161431714318143191432014321143221432314324143251432614327143281432914330143311433214333143341433514336143371433814339143401434114342143431434414345143461434714348143491435014351143521435314354143551435614357143581435914360143611436214363143641436514366143671436814369143701437114372143731437414375143761437714378143791438014381143821438314384143851438614387143881438914390143911439214393143941439514396143971439814399144001440114402144031440414405144061440714408144091441014411144121441314414144151441614417144181441914420144211442214423144241442514426144271442814429144301443114432144331443414435144361443714438144391444014441144421444314444144451444614447144481444914450144511445214453144541445514456144571445814459144601446114462144631446414465144661446714468144691447014471144721447314474144751447614477144781447914480144811448214483144841448514486144871448814489144901449114492144931449414495144961449714498144991450014501145021450314504145051450614507145081450914510145111451214513145141451514516145171451814519145201452114522145231452414525145261452714528145291453014531145321453314534145351453614537145381453914540145411454214543145441454514546145471454814549145501455114552145531455414555145561455714558145591456014561145621456314564145651456614567145681456914570145711457214573145741457514576145771457814579145801458114582145831458414585145861458714588145891459014591145921459314594145951459614597145981459914600146011460214603146041460514606146071460814609146101461114612146131461414615146161461714618146191462014621146221462314624146251462614627146281462914630146311463214633146341463514636146371463814639146401464114642146431464414645146461464714648146491465014651146521465314654146551465614657146581465914660146611466214663146641466514666146671466814669146701467114672146731467414675146761467714678146791468014681146821468314684146851468614687146881468914690146911469214693146941469514696146971469814699147001470114702147031470414705147061470714708147091471014711147121471314714147151471614717147181471914720147211472214723147241472514726147271472814729147301473114732147331473414735147361473714738147391474014741147421474314744147451474614747147481474914750147511475214753147541475514756147571475814759147601476114762147631476414765147661476714768147691477014771147721477314774147751477614777147781477914780147811478214783147841478514786147871478814789147901479114792147931479414795147961479714798147991480014801148021480314804148051480614807148081480914810148111481214813148141481514816148171481814819148201482114822148231482414825148261482714828148291483014831148321483314834148351483614837148381483914840148411484214843148441484514846148471484814849148501485114852148531485414855148561485714858148591486014861148621486314864148651486614867148681486914870148711487214873148741487514876148771487814879148801488114882148831488414885148861488714888148891489014891148921489314894148951489614897148981489914900149011490214903149041490514906149071490814909149101491114912149131491414915149161491714918149191492014921149221492314924149251492614927149281492914930149311493214933149341493514936149371493814939149401494114942149431494414945149461494714948149491495014951149521495314954149551495614957149581495914960149611496214963149641496514966149671496814969149701497114972149731497414975149761497714978149791498014981149821498314984149851498614987149881498914990149911499214993149941499514996149971499814999150001500115002150031500415005150061500715008150091501015011150121501315014150151501615017150181501915020150211502215023150241502515026150271502815029150301503115032150331503415035150361503715038150391504015041150421504315044150451504615047150481504915050150511505215053150541505515056150571505815059150601506115062150631506415065150661506715068150691507015071150721507315074150751507615077150781507915080150811508215083150841508515086150871508815089150901509115092150931509415095150961509715098150991510015101151021510315104151051510615107151081510915110151111511215113151141511515116151171511815119151201512115122151231512415125151261512715128151291513015131151321513315134151351513615137151381513915140151411514215143151441514515146151471514815149151501515115152151531515415155151561515715158151591516015161151621516315164151651516615167151681516915170151711517215173151741517515176151771517815179151801518115182151831518415185151861518715188151891519015191151921519315194151951519615197151981519915200152011520215203152041520515206152071520815209152101521115212152131521415215152161521715218152191522015221152221522315224152251522615227152281522915230152311523215233152341523515236152371523815239152401524115242152431524415245152461524715248152491525015251152521525315254152551525615257152581525915260152611526215263152641526515266152671526815269152701527115272152731527415275152761527715278152791528015281152821528315284152851528615287152881528915290152911529215293152941529515296152971529815299153001530115302153031530415305153061530715308153091531015311153121531315314153151531615317153181531915320153211532215323153241532515326153271532815329153301533115332153331533415335153361533715338153391534015341153421534315344153451534615347153481534915350153511535215353153541535515356153571535815359153601536115362153631536415365153661536715368153691537015371153721537315374153751537615377153781537915380153811538215383153841538515386153871538815389153901539115392153931539415395153961539715398153991540015401154021540315404154051540615407154081540915410154111541215413154141541515416154171541815419154201542115422154231542415425154261542715428154291543015431154321543315434154351543615437154381543915440154411544215443154441544515446154471544815449154501545115452154531545415455154561545715458154591546015461154621546315464154651546615467154681546915470154711547215473154741547515476154771547815479154801548115482154831548415485154861548715488154891549015491154921549315494154951549615497154981549915500155011550215503155041550515506155071550815509155101551115512155131551415515155161551715518155191552015521155221552315524155251552615527155281552915530155311553215533155341553515536155371553815539155401554115542155431554415545155461554715548155491555015551155521555315554155551555615557155581555915560155611556215563155641556515566155671556815569155701557115572155731557415575155761557715578155791558015581155821558315584155851558615587155881558915590155911559215593155941559515596155971559815599156001560115602156031560415605156061560715608156091561015611156121561315614156151561615617156181561915620156211562215623156241562515626156271562815629156301563115632156331563415635156361563715638156391564015641156421564315644156451564615647156481564915650156511565215653156541565515656156571565815659156601566115662156631566415665156661566715668156691567015671156721567315674156751567615677156781567915680156811568215683156841568515686156871568815689156901569115692156931569415695156961569715698156991570015701157021570315704157051570615707157081570915710157111571215713157141571515716157171571815719157201572115722157231572415725157261572715728157291573015731157321573315734157351573615737157381573915740157411574215743157441574515746157471574815749157501575115752157531575415755157561575715758157591576015761157621576315764157651576615767157681576915770157711577215773157741577515776157771577815779157801578115782157831578415785157861578715788157891579015791157921579315794157951579615797157981579915800158011580215803158041580515806158071580815809158101581115812158131581415815158161581715818158191582015821158221582315824158251582615827158281582915830158311583215833158341583515836158371583815839158401584115842158431584415845158461584715848158491585015851158521585315854158551585615857158581585915860158611586215863158641586515866158671586815869158701587115872158731587415875158761587715878158791588015881158821588315884158851588615887158881588915890158911589215893158941589515896158971589815899159001590115902159031590415905159061590715908159091591015911159121591315914159151591615917159181591915920159211592215923159241592515926159271592815929159301593115932159331593415935159361593715938159391594015941159421594315944159451594615947159481594915950159511595215953159541595515956159571595815959159601596115962159631596415965159661596715968159691597015971159721597315974159751597615977159781597915980159811598215983159841598515986159871598815989159901599115992159931599415995159961599715998159991600016001160021600316004160051600616007160081600916010160111601216013160141601516016160171601816019160201602116022160231602416025160261602716028160291603016031160321603316034160351603616037160381603916040160411604216043160441604516046160471604816049160501605116052160531605416055160561605716058160591606016061160621606316064160651606616067160681606916070160711607216073160741607516076160771607816079160801608116082160831608416085160861608716088160891609016091160921609316094160951609616097160981609916100161011610216103161041610516106161071610816109161101611116112161131611416115161161611716118161191612016121161221612316124161251612616127161281612916130161311613216133161341613516136161371613816139161401614116142161431614416145161461614716148161491615016151161521615316154161551615616157161581615916160161611616216163161641616516166161671616816169161701617116172161731617416175161761617716178161791618016181161821618316184161851618616187161881618916190161911619216193161941619516196161971619816199162001620116202162031620416205162061620716208162091621016211162121621316214162151621616217162181621916220162211622216223162241622516226162271622816229162301623116232162331623416235162361623716238162391624016241162421624316244162451624616247162481624916250162511625216253162541625516256162571625816259162601626116262162631626416265162661626716268162691627016271162721627316274162751627616277162781627916280162811628216283162841628516286162871628816289162901629116292162931629416295162961629716298162991630016301163021630316304163051630616307163081630916310163111631216313163141631516316163171631816319163201632116322163231632416325163261632716328163291633016331163321633316334163351633616337163381633916340163411634216343163441634516346163471634816349163501635116352163531635416355163561635716358163591636016361163621636316364163651636616367163681636916370163711637216373163741637516376163771637816379163801638116382163831638416385163861638716388163891639016391163921639316394163951639616397163981639916400164011640216403164041640516406164071640816409164101641116412164131641416415164161641716418164191642016421164221642316424164251642616427164281642916430164311643216433164341643516436164371643816439164401644116442164431644416445164461644716448164491645016451164521645316454164551645616457164581645916460164611646216463164641646516466164671646816469164701647116472164731647416475164761647716478164791648016481164821648316484164851648616487164881648916490164911649216493164941649516496164971649816499165001650116502165031650416505165061650716508165091651016511165121651316514165151651616517165181651916520165211652216523165241652516526165271652816529165301653116532165331653416535165361653716538165391654016541165421654316544165451654616547165481654916550165511655216553165541655516556165571655816559165601656116562165631656416565165661656716568165691657016571165721657316574165751657616577165781657916580165811658216583165841658516586165871658816589165901659116592165931659416595165961659716598165991660016601166021660316604166051660616607166081660916610166111661216613166141661516616166171661816619166201662116622166231662416625166261662716628166291663016631166321663316634166351663616637166381663916640166411664216643166441664516646166471664816649166501665116652166531665416655166561665716658166591666016661166621666316664166651666616667166681666916670166711667216673166741667516676166771667816679166801668116682166831668416685166861668716688166891669016691166921669316694166951669616697166981669916700167011670216703167041670516706167071670816709167101671116712167131671416715167161671716718167191672016721167221672316724167251672616727167281672916730167311673216733167341673516736167371673816739167401674116742167431674416745167461674716748167491675016751167521675316754167551675616757167581675916760167611676216763167641676516766167671676816769167701677116772167731677416775167761677716778167791678016781167821678316784167851678616787167881678916790167911679216793167941679516796167971679816799168001680116802168031680416805168061680716808168091681016811168121681316814168151681616817168181681916820168211682216823168241682516826168271682816829168301683116832168331683416835168361683716838168391684016841168421684316844168451684616847168481684916850168511685216853168541685516856168571685816859168601686116862168631686416865168661686716868168691687016871168721687316874168751687616877168781687916880168811688216883168841688516886168871688816889168901689116892168931689416895168961689716898168991690016901169021690316904169051690616907169081690916910169111691216913169141691516916169171691816919169201692116922169231692416925169261692716928169291693016931169321693316934169351693616937169381693916940169411694216943169441694516946169471694816949169501695116952169531695416955169561695716958169591696016961169621696316964169651696616967169681696916970169711697216973169741697516976169771697816979169801698116982169831698416985169861698716988169891699016991169921699316994169951699616997169981699917000170011700217003170041700517006170071700817009170101701117012170131701417015170161701717018170191702017021170221702317024170251702617027170281702917030170311703217033170341703517036170371703817039170401704117042170431704417045170461704717048170491705017051170521705317054170551705617057170581705917060170611706217063170641706517066170671706817069170701707117072170731707417075170761707717078170791708017081170821708317084170851708617087170881708917090170911709217093170941709517096170971709817099171001710117102171031710417105171061710717108171091711017111171121711317114171151711617117171181711917120171211712217123171241712517126171271712817129171301713117132171331713417135171361713717138171391714017141171421714317144171451714617147171481714917150171511715217153171541715517156171571715817159171601716117162171631716417165171661716717168171691717017171171721717317174171751717617177171781717917180171811718217183171841718517186171871718817189171901719117192171931719417195171961719717198171991720017201172021720317204172051720617207172081720917210172111721217213172141721517216172171721817219172201722117222172231722417225172261722717228172291723017231172321723317234172351723617237172381723917240172411724217243172441724517246172471724817249172501725117252172531725417255172561725717258172591726017261172621726317264172651726617267172681726917270172711727217273172741727517276172771727817279172801728117282172831728417285172861728717288172891729017291172921729317294172951729617297172981729917300173011730217303173041730517306173071730817309173101731117312173131731417315173161731717318173191732017321173221732317324173251732617327173281732917330173311733217333173341733517336173371733817339173401734117342173431734417345173461734717348173491735017351173521735317354173551735617357173581735917360173611736217363173641736517366173671736817369173701737117372173731737417375173761737717378173791738017381173821738317384173851738617387173881738917390173911739217393173941739517396173971739817399174001740117402174031740417405174061740717408174091741017411174121741317414174151741617417174181741917420174211742217423174241742517426174271742817429174301743117432174331743417435174361743717438174391744017441174421744317444174451744617447174481744917450174511745217453174541745517456174571745817459174601746117462174631746417465174661746717468174691747017471174721747317474174751747617477174781747917480174811748217483174841748517486174871748817489174901749117492174931749417495174961749717498174991750017501175021750317504175051750617507175081750917510175111751217513175141751517516175171751817519175201752117522175231752417525175261752717528175291753017531175321753317534175351753617537175381753917540175411754217543175441754517546175471754817549175501755117552175531755417555175561755717558175591756017561175621756317564175651756617567175681756917570175711757217573175741757517576175771757817579175801758117582175831758417585175861758717588175891759017591175921759317594175951759617597175981759917600176011760217603176041760517606176071760817609176101761117612176131761417615176161761717618176191762017621176221762317624176251762617627176281762917630176311763217633176341763517636176371763817639176401764117642176431764417645176461764717648176491765017651176521765317654176551765617657176581765917660176611766217663176641766517666176671766817669176701767117672176731767417675176761767717678176791768017681176821768317684176851768617687176881768917690176911769217693176941769517696176971769817699177001770117702177031770417705177061770717708177091771017711177121771317714177151771617717177181771917720177211772217723177241772517726177271772817729177301773117732177331773417735177361773717738177391774017741177421774317744177451774617747177481774917750177511775217753177541775517756177571775817759177601776117762177631776417765177661776717768177691777017771177721777317774177751777617777177781777917780177811778217783177841778517786177871778817789177901779117792177931779417795177961779717798177991780017801178021780317804178051780617807178081780917810178111781217813178141781517816178171781817819178201782117822178231782417825178261782717828178291783017831178321783317834178351783617837178381783917840178411784217843178441784517846178471784817849178501785117852178531785417855178561785717858178591786017861178621786317864178651786617867178681786917870178711787217873178741787517876178771787817879178801788117882178831788417885178861788717888178891789017891178921789317894178951789617897178981789917900179011790217903179041790517906179071790817909179101791117912179131791417915179161791717918179191792017921179221792317924179251792617927179281792917930179311793217933179341793517936179371793817939179401794117942179431794417945179461794717948179491795017951179521795317954179551795617957179581795917960179611796217963179641796517966179671796817969179701797117972179731797417975179761797717978179791798017981179821798317984179851798617987179881798917990179911799217993179941799517996179971799817999180001800118002180031800418005180061800718008180091801018011180121801318014180151801618017180181801918020180211802218023180241802518026180271802818029180301803118032180331803418035180361803718038180391804018041180421804318044180451804618047180481804918050180511805218053180541805518056180571805818059180601806118062180631806418065180661806718068180691807018071180721807318074180751807618077180781807918080180811808218083180841808518086180871808818089180901809118092180931809418095180961809718098180991810018101181021810318104181051810618107181081810918110181111811218113181141811518116181171811818119181201812118122181231812418125181261812718128181291813018131181321813318134181351813618137181381813918140181411814218143181441814518146181471814818149181501815118152181531815418155181561815718158181591816018161181621816318164181651816618167181681816918170181711817218173181741817518176181771817818179181801818118182181831818418185181861818718188181891819018191181921819318194181951819618197181981819918200182011820218203182041820518206182071820818209182101821118212182131821418215182161821718218182191822018221182221822318224182251822618227182281822918230182311823218233182341823518236182371823818239182401824118242182431824418245182461824718248182491825018251182521825318254182551825618257182581825918260182611826218263182641826518266182671826818269182701827118272182731827418275182761827718278182791828018281182821828318284182851828618287182881828918290182911829218293182941829518296182971829818299183001830118302183031830418305183061830718308183091831018311183121831318314183151831618317183181831918320183211832218323183241832518326183271832818329183301833118332183331833418335183361833718338183391834018341183421834318344183451834618347183481834918350183511835218353183541835518356183571835818359183601836118362183631836418365183661836718368183691837018371183721837318374183751837618377183781837918380183811838218383183841838518386183871838818389183901839118392183931839418395183961839718398183991840018401184021840318404184051840618407184081840918410184111841218413184141841518416184171841818419184201842118422184231842418425184261842718428184291843018431184321843318434184351843618437184381843918440184411844218443184441844518446184471844818449184501845118452184531845418455184561845718458184591846018461184621846318464184651846618467184681846918470184711847218473184741847518476184771847818479184801848118482184831848418485184861848718488184891849018491184921849318494184951849618497184981849918500185011850218503185041850518506185071850818509185101851118512185131851418515185161851718518185191852018521185221852318524185251852618527185281852918530185311853218533185341853518536185371853818539185401854118542185431854418545185461854718548185491855018551185521855318554185551855618557185581855918560185611856218563185641856518566185671856818569185701857118572185731857418575185761857718578185791858018581185821858318584185851858618587185881858918590185911859218593185941859518596185971859818599186001860118602186031860418605186061860718608186091861018611186121861318614186151861618617186181861918620186211862218623186241862518626186271862818629186301863118632186331863418635186361863718638186391864018641186421864318644186451864618647186481864918650186511865218653186541865518656186571865818659186601866118662186631866418665186661866718668186691867018671186721867318674186751867618677186781867918680186811868218683186841868518686186871868818689186901869118692186931869418695186961869718698186991870018701187021870318704187051870618707187081870918710187111871218713187141871518716187171871818719187201872118722187231872418725187261872718728187291873018731187321873318734187351873618737187381873918740187411874218743187441874518746187471874818749187501875118752187531875418755187561875718758187591876018761187621876318764187651876618767187681876918770187711877218773187741877518776187771877818779187801878118782187831878418785187861878718788187891879018791187921879318794187951879618797187981879918800188011880218803188041880518806188071880818809188101881118812188131881418815188161881718818188191882018821188221882318824188251882618827188281882918830188311883218833188341883518836188371883818839188401884118842188431884418845188461884718848188491885018851188521885318854188551885618857188581885918860188611886218863188641886518866188671886818869188701887118872188731887418875188761887718878188791888018881188821888318884188851888618887188881888918890188911889218893188941889518896188971889818899189001890118902189031890418905189061890718908189091891018911189121891318914189151891618917189181891918920189211892218923189241892518926189271892818929189301893118932189331893418935189361893718938189391894018941189421894318944189451894618947189481894918950189511895218953189541895518956189571895818959189601896118962189631896418965189661896718968189691897018971189721897318974189751897618977189781897918980189811898218983189841898518986189871898818989189901899118992189931899418995189961899718998189991900019001190021900319004190051900619007190081900919010190111901219013190141901519016190171901819019190201902119022190231902419025190261902719028190291903019031190321903319034190351903619037190381903919040190411904219043190441904519046190471904819049190501905119052190531905419055190561905719058190591906019061190621906319064190651906619067190681906919070190711907219073190741907519076190771907819079190801908119082190831908419085190861908719088190891909019091190921909319094190951909619097190981909919100191011910219103191041910519106191071910819109191101911119112191131911419115191161911719118191191912019121191221912319124191251912619127191281912919130191311913219133191341913519136191371913819139191401914119142191431914419145191461914719148191491915019151191521915319154191551915619157191581915919160191611916219163191641916519166191671916819169191701917119172191731917419175191761917719178191791918019181191821918319184191851918619187191881918919190191911919219193191941919519196191971919819199192001920119202192031920419205192061920719208192091921019211192121921319214192151921619217192181921919220192211922219223192241922519226192271922819229192301923119232192331923419235192361923719238192391924019241192421924319244192451924619247192481924919250192511925219253192541925519256192571925819259192601926119262192631926419265192661926719268192691927019271192721927319274192751927619277192781927919280192811928219283192841928519286192871928819289192901929119292192931929419295192961929719298192991930019301193021930319304193051930619307193081930919310193111931219313193141931519316193171931819319193201932119322193231932419325193261932719328193291933019331193321933319334193351933619337193381933919340193411934219343193441934519346193471934819349193501935119352193531935419355193561935719358193591936019361193621936319364193651936619367193681936919370193711937219373193741937519376193771937819379193801938119382193831938419385193861938719388193891939019391193921939319394193951939619397193981939919400194011940219403194041940519406194071940819409194101941119412194131941419415194161941719418194191942019421194221942319424194251942619427194281942919430194311943219433194341943519436194371943819439194401944119442194431944419445194461944719448194491945019451194521945319454194551945619457194581945919460194611946219463194641946519466194671946819469194701947119472194731947419475194761947719478194791948019481194821948319484194851948619487194881948919490194911949219493194941949519496194971949819499195001950119502195031950419505195061950719508195091951019511195121951319514195151951619517195181951919520195211952219523195241952519526195271952819529195301953119532195331953419535195361953719538195391954019541195421954319544195451954619547195481954919550195511955219553195541955519556195571955819559195601956119562195631956419565195661956719568195691957019571195721957319574195751957619577195781957919580195811958219583195841958519586195871958819589195901959119592195931959419595195961959719598195991960019601196021960319604196051960619607196081960919610196111961219613196141961519616196171961819619196201962119622196231962419625196261962719628196291963019631196321963319634196351963619637196381963919640196411964219643196441964519646196471964819649196501965119652196531965419655196561965719658196591966019661196621966319664196651966619667196681966919670196711967219673196741967519676196771967819679196801968119682196831968419685196861968719688196891969019691196921969319694196951969619697196981969919700197011970219703197041970519706197071970819709197101971119712197131971419715197161971719718197191972019721197221972319724197251972619727197281972919730197311973219733197341973519736197371973819739197401974119742197431974419745197461974719748197491975019751197521975319754197551975619757197581975919760197611976219763197641976519766197671976819769197701977119772197731977419775197761977719778197791978019781197821978319784197851978619787197881978919790197911979219793197941979519796197971979819799198001980119802198031980419805198061980719808198091981019811198121981319814198151981619817198181981919820198211982219823198241982519826198271982819829198301983119832198331983419835198361983719838198391984019841198421984319844198451984619847198481984919850198511985219853198541985519856198571985819859198601986119862198631986419865198661986719868198691987019871198721987319874198751987619877198781987919880198811988219883198841988519886198871988819889198901989119892198931989419895198961989719898198991990019901199021990319904199051990619907199081990919910199111991219913199141991519916199171991819919199201992119922199231992419925199261992719928199291993019931199321993319934199351993619937199381993919940199411994219943199441994519946199471994819949199501995119952199531995419955199561995719958199591996019961199621996319964199651996619967199681996919970199711997219973199741997519976199771997819979199801998119982199831998419985199861998719988199891999019991199921999319994199951999619997199981999920000200012000220003200042000520006200072000820009200102001120012200132001420015200162001720018200192002020021200222002320024200252002620027200282002920030200312003220033200342003520036200372003820039200402004120042200432004420045200462004720048200492005020051200522005320054200552005620057200582005920060200612006220063200642006520066200672006820069200702007120072200732007420075200762007720078200792008020081200822008320084200852008620087200882008920090200912009220093200942009520096200972009820099201002010120102201032010420105201062010720108201092011020111201122011320114201152011620117201182011920120201212012220123201242012520126201272012820129201302013120132201332013420135201362013720138201392014020141201422014320144201452014620147201482014920150201512015220153201542015520156201572015820159201602016120162201632016420165201662016720168201692017020171201722017320174201752017620177201782017920180201812018220183201842018520186201872018820189201902019120192201932019420195201962019720198201992020020201202022020320204202052020620207202082020920210202112021220213202142021520216202172021820219202202022120222202232022420225202262022720228202292023020231202322023320234202352023620237202382023920240202412024220243202442024520246202472024820249202502025120252202532025420255202562025720258202592026020261202622026320264202652026620267202682026920270202712027220273202742027520276202772027820279202802028120282202832028420285202862028720288202892029020291202922029320294202952029620297202982029920300203012030220303203042030520306203072030820309203102031120312203132031420315203162031720318203192032020321203222032320324203252032620327203282032920330203312033220333203342033520336203372033820339203402034120342203432034420345203462034720348203492035020351203522035320354203552035620357203582035920360203612036220363203642036520366203672036820369203702037120372203732037420375203762037720378203792038020381203822038320384203852038620387203882038920390203912039220393203942039520396203972039820399204002040120402204032040420405204062040720408204092041020411204122041320414204152041620417204182041920420204212042220423204242042520426204272042820429204302043120432204332043420435204362043720438204392044020441204422044320444204452044620447204482044920450204512045220453204542045520456204572045820459204602046120462204632046420465204662046720468204692047020471204722047320474204752047620477204782047920480204812048220483204842048520486204872048820489204902049120492204932049420495204962049720498204992050020501205022050320504205052050620507205082050920510205112051220513205142051520516205172051820519205202052120522205232052420525205262052720528205292053020531205322053320534205352053620537205382053920540205412054220543205442054520546205472054820549205502055120552205532055420555205562055720558205592056020561205622056320564205652056620567205682056920570205712057220573205742057520576205772057820579205802058120582205832058420585205862058720588205892059020591205922059320594205952059620597205982059920600206012060220603206042060520606206072060820609206102061120612206132061420615206162061720618206192062020621206222062320624206252062620627206282062920630206312063220633206342063520636206372063820639206402064120642206432064420645206462064720648206492065020651206522065320654206552065620657206582065920660206612066220663206642066520666206672066820669206702067120672206732067420675206762067720678206792068020681206822068320684206852068620687206882068920690206912069220693206942069520696206972069820699207002070120702207032070420705207062070720708207092071020711207122071320714207152071620717207182071920720207212072220723207242072520726207272072820729207302073120732207332073420735207362073720738207392074020741207422074320744207452074620747207482074920750207512075220753207542075520756207572075820759207602076120762207632076420765207662076720768207692077020771207722077320774207752077620777207782077920780207812078220783207842078520786207872078820789207902079120792207932079420795207962079720798207992080020801208022080320804208052080620807208082080920810208112081220813208142081520816208172081820819208202082120822208232082420825208262082720828208292083020831208322083320834208352083620837208382083920840208412084220843208442084520846208472084820849208502085120852208532085420855208562085720858208592086020861208622086320864208652086620867208682086920870208712087220873208742087520876208772087820879208802088120882208832088420885208862088720888208892089020891208922089320894208952089620897208982089920900209012090220903209042090520906209072090820909209102091120912209132091420915209162091720918209192092020921209222092320924209252092620927209282092920930209312093220933209342093520936209372093820939209402094120942209432094420945209462094720948209492095020951209522095320954209552095620957209582095920960209612096220963209642096520966209672096820969209702097120972209732097420975209762097720978209792098020981209822098320984209852098620987209882098920990209912099220993209942099520996209972099820999210002100121002210032100421005210062100721008210092101021011210122101321014210152101621017210182101921020210212102221023210242102521026210272102821029210302103121032210332103421035210362103721038210392104021041210422104321044210452104621047210482104921050210512105221053210542105521056210572105821059210602106121062210632106421065210662106721068210692107021071210722107321074210752107621077210782107921080210812108221083210842108521086210872108821089210902109121092210932109421095210962109721098210992110021101211022110321104211052110621107211082110921110211112111221113211142111521116211172111821119211202112121122211232112421125211262112721128211292113021131211322113321134211352113621137211382113921140211412114221143211442114521146211472114821149211502115121152211532115421155211562115721158211592116021161211622116321164211652116621167211682116921170211712117221173211742117521176211772117821179211802118121182211832118421185211862118721188211892119021191211922119321194211952119621197211982119921200212012120221203212042120521206212072120821209212102121121212212132121421215212162121721218212192122021221212222122321224212252122621227212282122921230212312123221233212342123521236212372123821239212402124121242212432124421245212462124721248212492125021251212522125321254212552125621257212582125921260212612126221263212642126521266212672126821269212702127121272212732127421275212762127721278212792128021281212822128321284212852128621287212882128921290212912129221293212942129521296212972129821299213002130121302213032130421305213062130721308213092131021311213122131321314213152131621317213182131921320213212132221323213242132521326213272132821329213302133121332213332133421335213362133721338213392134021341213422134321344213452134621347213482134921350213512135221353213542135521356213572135821359213602136121362213632136421365213662136721368213692137021371213722137321374213752137621377213782137921380213812138221383213842138521386213872138821389213902139121392213932139421395213962139721398213992140021401214022140321404214052140621407214082140921410214112141221413214142141521416214172141821419214202142121422214232142421425214262142721428214292143021431214322143321434214352143621437214382143921440214412144221443214442144521446214472144821449214502145121452214532145421455214562145721458214592146021461214622146321464214652146621467214682146921470214712147221473214742147521476214772147821479214802148121482214832148421485214862148721488214892149021491214922149321494214952149621497214982149921500215012150221503
  1. This document summarizes new features and bugfixes in each stable
  2. release of Tor. If you want to see more detailed descriptions of the
  3. changes in each development snapshot, see the ChangeLog file.
  4. Changes in version 0.3.3.11 - 2019-01-07
  5. Tor 0.3.3.11 backports numerous fixes from later versions of Tor.
  6. numerous fixes, including an important fix for anyone using OpenSSL
  7. 1.1.1. Anyone running an earlier version of Tor 0.3.3 should upgrade
  8. to this version, or to a later series.
  9. As a reminder, support the Tor 0.3.3 series will end on 22 Feb 2019.
  10. We anticipate that this will be the last release of Tor 0.3.3, unless
  11. some major bug is before then. Some time between now and then, users
  12. should switch to either the Tor 0.3.4 series (supported until at least
  13. 10 June 2019), or the Tor 0.3.5 series, which will receive long-term
  14. support until at least 1 Feb 2022.
  15. o Major bugfixes (OpenSSL, portability, backport from 0.3.5.5-alpha):
  16. - Fix our usage of named groups when running as a TLS 1.3 client in
  17. OpenSSL 1.1.1. Previously, we only initialized EC groups when
  18. running as a relay, which caused clients to fail to negotiate TLS
  19. 1.3 with relays. Fixes bug 28245; bugfix on 0.2.9.15 (when TLS 1.3
  20. support was added).
  21. o Major bugfixes (restart-in-process, backport from 0.3.5.1-alpha):
  22. - Fix a use-after-free error that could be caused by passing Tor an
  23. impossible set of options that would fail during options_act().
  24. Fixes bug 27708; bugfix on 0.3.3.1-alpha.
  25. o Minor features (continuous integration, backport from 0.3.5.1-alpha):
  26. - Only run one online rust build in Travis, to reduce network
  27. errors. Skip offline rust builds on Travis for Linux gcc, because
  28. they're redundant. Implements ticket 27252.
  29. - Skip gcc on OSX in Travis CI, because it's rarely used. Skip a
  30. duplicate hardening-off build in Travis on Tor 0.2.9. Skip gcc on
  31. Linux with default settings, because all the non-default builds
  32. use gcc on Linux. Implements ticket 27252.
  33. o Minor features (continuous integration, backport from 0.3.5.3-alpha):
  34. - Use the Travis Homebrew addon to install packages on macOS during
  35. Travis CI. The package list is the same, but the Homebrew addon
  36. does not do a `brew update` by default. Implements ticket 27738.
  37. o Minor features (fallback directory list, backport from 0.3.5.6-rc):
  38. - Replace the 150 fallbacks originally introduced in Tor
  39. 0.3.3.1-alpha in January 2018 (of which ~115 were still
  40. functional), with a list of 157 fallbacks (92 new, 65 existing, 85
  41. removed) generated in December 2018. Closes ticket 24803.
  42. o Minor features (geoip):
  43. - Update geoip and geoip6 to the January 3 2019 Maxmind GeoLite2
  44. Country database. Closes ticket 29012.
  45. o Minor features (OpenSSL bug workaround, backport from 0.3.5.7):
  46. - Work around a bug in OpenSSL 1.1.1a, which prevented the TLS 1.3
  47. key export function from handling long labels. When this bug is
  48. detected, Tor will disable TLS 1.3. We recommend upgrading to a
  49. version of OpenSSL without this bug when it becomes available.
  50. Closes ticket 28973.
  51. o Minor bugfixes (relay statistics, backport from 0.3.5.7):
  52. - Update relay descriptor on bandwidth changes only when the uptime
  53. is smaller than 24h, in order to reduce the efficiency of guard
  54. discovery attacks. Fixes bug 24104; bugfix on 0.1.1.6-alpha.
  55. o Minor bugfixes (C correctness, backport from 0.3.5.4-alpha):
  56. - Avoid undefined behavior in an end-of-string check when parsing
  57. the BEGIN line in a directory object. Fixes bug 28202; bugfix
  58. on 0.2.0.3-alpha.
  59. o Minor bugfixes (code safety, backport from 0.3.5.3-alpha):
  60. - Rewrite our assertion macros so that they no longer suppress the
  61. compiler's -Wparentheses warnings. Fixes bug 27709; bugfix
  62. o Minor bugfixes (compilation, backport from 0.3.5.5-alpha):
  63. - Initialize a variable unconditionally in aes_new_cipher(), since
  64. some compilers cannot tell that we always initialize it before
  65. use. Fixes bug 28413; bugfix on 0.2.9.3-alpha.
  66. o Minor bugfixes (directory authority, backport from 0.3.5.4-alpha):
  67. - Log additional info when we get a relay that shares an ed25519 ID
  68. with a different relay, instead making a BUG() warning. Fixes bug
  69. 27800; bugfix on 0.3.2.1-alpha.
  70. o Minor bugfixes (directory permissions, backport form 0.3.5.3-alpha):
  71. - When a user requests a group-readable DataDirectory, give it to
  72. them. Previously, when the DataDirectory and the CacheDirectory
  73. were the same, the default setting (0) for
  74. CacheDirectoryGroupReadable would override the setting for
  75. DataDirectoryGroupReadable. Fixes bug 26913; bugfix
  76. on 0.3.3.1-alpha.
  77. o Minor bugfixes (onion service v3, backport from 0.3.5.1-alpha):
  78. - When the onion service directory can't be created or has the wrong
  79. permissions, do not log a stack trace. Fixes bug 27335; bugfix
  80. on 0.3.2.1-alpha.
  81. o Minor bugfixes (onion service v3, backport from 0.3.5.2-alpha):
  82. - Close all SOCKS request (for the same .onion) if the newly fetched
  83. descriptor is unusable. Before that, we would close only the first
  84. one leaving the other hanging and let to time out by themselves.
  85. Fixes bug 27410; bugfix on 0.3.2.1-alpha.
  86. o Minor bugfixes (onion service v3, backport from 0.3.5.3-alpha):
  87. - Don't warn so loudly when Tor is unable to decode an onion
  88. descriptor. This can now happen as a normal use case if a client
  89. gets a descriptor with client authorization but the client is not
  90. authorized. Fixes bug 27550; bugfix on 0.3.5.1-alpha.
  91. o Minor bugfixes (onion service v3, backport from 0.3.5.6-rc):
  92. - When deleting an ephemeral onion service (DEL_ONION), do not close
  93. any rendezvous circuits in order to let the existing client
  94. connections finish by themselves or closed by the application. The
  95. HS v2 is doing that already so now we have the same behavior for
  96. all versions. Fixes bug 28619; bugfix on 0.3.3.1-alpha.
  97. o Minor bugfixes (HTTP tunnel):
  98. - Fix a bug warning when closing an HTTP tunnel connection due to
  99. an HTTP request we couldn't handle. Fixes bug 26470; bugfix on
  100. 0.3.2.1-alpha.
  101. o Minor bugfixes (memory leaks, backport from 0.3.5.5-alpha):
  102. - Fix a harmless memory leak in libtorrunner.a. Fixes bug 28419;
  103. bugfix on 0.3.3.1-alpha. Patch from Martin Kepplinger.
  104. o Minor bugfixes (netflow padding, backport from 0.3.5.1-alpha):
  105. - Ensure circuitmux queues are empty before scheduling or sending
  106. padding. Fixes bug 25505; bugfix on 0.3.1.1-alpha.
  107. o Minor bugfixes (protover, backport from 0.3.5.3-alpha):
  108. - Reject protocol names containing bytes other than alphanumeric
  109. characters and hyphens ([A-Za-z0-9-]). Fixes bug 27316; bugfix
  110. on 0.2.9.4-alpha.
  111. o Minor bugfixes (rust, backport from 0.3.5.1-alpha):
  112. - Compute protover votes correctly in the rust version of the
  113. protover code. Previously, the protover rewrite in 24031 allowed
  114. repeated votes from the same voter for the same protocol version
  115. to be counted multiple times in protover_compute_vote(). Fixes bug
  116. 27649; bugfix on 0.3.3.5-rc.
  117. - Reject protover names that contain invalid characters. Fixes bug
  118. 27687; bugfix on 0.3.3.1-alpha.
  119. o Minor bugfixes (rust, backport from 0.3.5.2-alpha):
  120. - protover_all_supported() would attempt to allocate up to 16GB on
  121. some inputs, leading to a potential memory DoS. Fixes bug 27206;
  122. bugfix on 0.3.3.5-rc.
  123. o Minor bugfixes (rust, backport from 0.3.5.4-alpha):
  124. - Fix a potential null dereference in protover_all_supported(). Add
  125. a test for it. Fixes bug 27804; bugfix on 0.3.3.1-alpha.
  126. - Return a string that can be safely freed by C code, not one
  127. created by the rust allocator, in protover_all_supported(). Fixes
  128. bug 27740; bugfix on 0.3.3.1-alpha.
  129. - Fix an API mismatch in the rust implementation of
  130. protover_compute_vote(). This bug could have caused crashes on any
  131. directory authorities running Tor with Rust (which we do not yet
  132. recommend). Fixes bug 27741; bugfix on 0.3.3.6.
  133. o Minor bugfixes (testing, backport from 0.3.5.1-alpha):
  134. - If a unit test running in a subprocess exits abnormally or with a
  135. nonzero status code, treat the test as having failed, even if the
  136. test reported success. Without this fix, memory leaks don't cause
  137. the tests to fail, even with LeakSanitizer. Fixes bug 27658;
  138. bugfix on 0.2.2.4-alpha.
  139. o Minor bugfixes (testing, backport from 0.3.5.4-alpha):
  140. - Treat backtrace test failures as expected on BSD-derived systems
  141. (NetBSD, OpenBSD, and macOS/Darwin) until we solve bug 17808.
  142. (FreeBSD failures have been treated as expected since 18204 in
  143. 0.2.8.) Fixes bug 27948; bugfix on 0.2.5.2-alpha.
  144. o Minor bugfixes (unit tests, guard selection, backport from 0.3.5.6-rc):
  145. - Stop leaking memory in an entry guard unit test. Fixes bug 28554;
  146. bugfix on 0.3.0.1-alpha.
  147. Changes in version 0.3.4.10 - 2019-01-07
  148. Tor 0.3.4.9 is the second stable release in its series; it backports
  149. numerous fixes, including an important fix for relays, and for anyone
  150. using OpenSSL 1.1.1. Anyone running an earlier version of Tor 0.3.4
  151. should upgrade.
  152. As a reminder, the Tor 0.3.4 series will be supported until 10 June
  153. 2019. Some time between now and then, users should switch to the Tor
  154. 0.3.5 series, which will receive long-term support until at least 1
  155. Feb 2022.
  156. o Major bugfixes (OpenSSL, portability, backport from 0.3.5.5-alpha):
  157. - Fix our usage of named groups when running as a TLS 1.3 client in
  158. OpenSSL 1.1.1. Previously, we only initialized EC groups when
  159. running as a relay, which caused clients to fail to negotiate TLS
  160. 1.3 with relays. Fixes bug 28245; bugfix on 0.2.9.15 (when TLS 1.3
  161. support was added).
  162. o Major bugfixes (relay, directory, backport from 0.3.5.7):
  163. - Always reactivate linked connections in the main loop so long as
  164. any linked connection has been active. Previously, connections
  165. serving directory information wouldn't get reactivated after the
  166. first chunk of data was sent (usually 32KB), which would prevent
  167. clients from bootstrapping. Fixes bug 28912; bugfix on
  168. 0.3.4.1-alpha. Patch by "cypherpunks3".
  169. o Minor features (continuous integration, Windows, backport from 0.3.5.6-rc):
  170. - Always show the configure and test logs, and upload them as build
  171. artifacts, when building for Windows using Appveyor CI.
  172. Implements 28459.
  173. o Minor features (controller, backport from 0.3.5.1-alpha):
  174. - For purposes of CIRC_BW-based dropped cell detection, track half-
  175. closed stream ids, and allow their ENDs, SENDMEs, DATA and path
  176. bias check cells to arrive without counting it as dropped until
  177. either the END arrives, or the windows are empty. Closes
  178. ticket 25573.
  179. o Minor features (fallback directory list, backport from 0.3.5.6-rc):
  180. - Replace the 150 fallbacks originally introduced in Tor
  181. 0.3.3.1-alpha in January 2018 (of which ~115 were still
  182. functional), with a list of 157 fallbacks (92 new, 65 existing, 85
  183. removed) generated in December 2018. Closes ticket 24803.
  184. o Minor features (geoip):
  185. - Update geoip and geoip6 to the November 6 2018 Maxmind GeoLite2
  186. Country database. Closes ticket 28395.
  187. o Minor features (OpenSSL bug workaround, backport from 0.3.5.7):
  188. - Work around a bug in OpenSSL 1.1.1a, which prevented the TLS 1.3
  189. key export function from handling long labels. When this bug is
  190. detected, Tor will disable TLS 1.3. We recommend upgrading to a
  191. version of OpenSSL without this bug when it becomes available.
  192. Closes ticket 28973.
  193. o Minor bugfixes (compilation, backport from 0.3.5.5-alpha):
  194. - Initialize a variable unconditionally in aes_new_cipher(), since
  195. some compilers cannot tell that we always initialize it before
  196. use. Fixes bug 28413; bugfix on 0.2.9.3-alpha.
  197. o Minor bugfixes (connection, relay, backport from 0.3.5.5-alpha):
  198. - Avoid a logging a BUG() stacktrace when closing connection held
  199. open because the write side is rate limited but not the read side.
  200. Now, the connection read side is simply shut down until Tor is
  201. able to flush the connection and close it. Fixes bug 27750; bugfix
  202. on 0.3.4.1-alpha.
  203. o Minor bugfixes (continuous integration, Windows, backport from 0.3.5.5-alpha):
  204. - Manually configure the zstd compiler options, when building using
  205. mingw on Appveyor Windows CI. The MSYS2 mingw zstd package does
  206. not come with a pkg-config file. Fixes bug 28454; bugfix
  207. on 0.3.4.1-alpha.
  208. - Stop using an external OpenSSL install, and stop installing MSYS2
  209. packages, when building using mingw on Appveyor Windows CI. Fixes
  210. bug 28399; bugfix on 0.3.4.1-alpha.
  211. o Minor bugfixes (continuous integration, Windows, backport from 0.3.5.6-rc):
  212. - Explicitly specify the path to the OpenSSL library and do not
  213. download OpenSSL from Pacman, but instead use the library that is
  214. already provided by AppVeyor. Fixes bug 28574; bugfix on master.
  215. o Minor bugfixes (directory permissions, backport form 0.3.5.3-alpha):
  216. - When a user requests a group-readable DataDirectory, give it to
  217. them. Previously, when the DataDirectory and the CacheDirectory
  218. were the same, the default setting (0) for
  219. CacheDirectoryGroupReadable would override the setting for
  220. DataDirectoryGroupReadable. Fixes bug 26913; bugfix
  221. on 0.3.3.1-alpha.
  222. o Minor bugfixes (memory leaks, backport from 0.3.5.5-alpha):
  223. - Fix a harmless memory leak in libtorrunner.a. Fixes bug 28419;
  224. bugfix on 0.3.3.1-alpha. Patch from Martin Kepplinger.
  225. o Minor bugfixes (onion service v3, backport from 0.3.5.3-alpha):
  226. - Don't warn so loudly when Tor is unable to decode an onion
  227. descriptor. This can now happen as a normal use case if a client
  228. gets a descriptor with client authorization but the client is not
  229. authorized. Fixes bug 27550; bugfix on 0.3.5.1-alpha.
  230. o Minor bugfixes (onion service v3, backport from 0.3.5.6-rc):
  231. - When deleting an ephemeral onion service (DEL_ONION), do not close
  232. any rendezvous circuits in order to let the existing client
  233. connections finish by themselves or closed by the application. The
  234. HS v2 is doing that already so now we have the same behavior for
  235. all versions. Fixes bug 28619; bugfix on 0.3.3.1-alpha.
  236. o Minor bugfixes (relay statistics, backport from 0.3.5.7):
  237. - Update relay descriptor on bandwidth changes only when the uptime
  238. is smaller than 24h, in order to reduce the efficiency of guard
  239. discovery attacks. Fixes bug 24104; bugfix on 0.1.1.6-alpha.
  240. o Minor bugfixes (unit tests, guard selection, backport from 0.3.5.6-rc):
  241. - Stop leaking memory in an entry guard unit test. Fixes bug 28554;
  242. bugfix on 0.3.0.1-alpha.
  243. Changes in version 0.3.5.7 - 2019-01-07
  244. Tor 0.3.5.7 is the first stable release in its series; it includes
  245. compilation and portability fixes, and a fix for a severe problem
  246. affecting directory caches.
  247. The Tor 0.3.5 series includes several new features and performance
  248. improvements, including client authorization for v3 onion services,
  249. cleanups to bootstrap reporting, support for improved bandwidth-
  250. measurement tools, experimental support for NSS in place of OpenSSL,
  251. and much more. It also begins a full reorganization of Tor's code
  252. layout, for improved modularity and maintainability in the future.
  253. Finally, there is the usual set of performance improvements and
  254. bugfixes that we try to do in every release series.
  255. There are a couple of changes in the 0.3.5 that may affect
  256. compatibility. First, the default version for newly created onion
  257. services is now v3. Use the HiddenServiceVersion option if you want to
  258. override this. Second, some log messages related to bootstrapping have
  259. changed; if you use stem, you may need to update to the latest version
  260. so it will recognize them.
  261. We have designated 0.3.5 as a "long-term support" (LTS) series: we
  262. will continue to patch major bugs in typical configurations of 0.3.5
  263. until at least 1 Feb 2022. (We do not plan to provide long-term
  264. support for embedding, Rust support, NSS support, running a directory
  265. authority, or unsupported platforms. For these, you will need to stick
  266. with the latest stable release.)
  267. Below are the changes since 0.3.4.9. For a complete list of changes
  268. since 0.3.5.6-rc, see the ChangeLog file.
  269. o Major features (bootstrap):
  270. - Don't report directory progress until after a connection to a
  271. relay or bridge has succeeded. Previously, we'd report 80%
  272. progress based on cached directory information when we couldn't
  273. even connect to the network. Closes ticket 27169.
  274. o Major features (new code layout):
  275. - Nearly all of Tor's source code has been moved around into more
  276. logical places. The "common" directory is now divided into a set
  277. of libraries in "lib", and files in the "or" directory have been
  278. split into "core" (logic absolutely needed for onion routing),
  279. "feature" (independent modules in Tor), and "app" (to configure
  280. and invoke the rest of Tor). See doc/HACKING/CodeStructure.md for
  281. more information. Closes ticket 26481.
  282. This refactoring is not complete: although the libraries have been
  283. refactored to be acyclic, the main body of Tor is still too
  284. interconnected. We will attempt to improve this in the future.
  285. o Major features (onion services v3):
  286. - Implement onion service client authorization at the descriptor
  287. level: only authorized clients can decrypt a service's descriptor
  288. to find out how to contact it. A new torrc option was added to
  289. control this client side: ClientOnionAuthDir <path>. On the
  290. service side, if the "authorized_clients/" directory exists in the
  291. onion service directory path, client configurations are read from
  292. the files within. See the manpage for more details. Closes ticket
  293. 27547. Patch done by Suphanat Chunhapanya (haxxpop).
  294. - Improve revision counter generation in next-gen onion services.
  295. Onion services can now scale by hosting multiple instances on
  296. different hosts without synchronization between them, which was
  297. previously impossible because descriptors would get rejected by
  298. HSDirs. Addresses ticket 25552.
  299. - Version 3 onion services can now use the per-service
  300. HiddenServiceExportCircuitID option to differentiate client
  301. circuits. It communicates with the service by using the HAProxy
  302. protocol to assign virtual IP addresses to inbound client
  303. circuits. Closes ticket 4700. Patch by Mahrud Sayrafi.
  304. o Major features (onion services, UI change):
  305. - For a newly created onion service, the default version is now 3.
  306. Tor still supports existing version 2 services, but the operator
  307. now needs to set "HiddenServiceVersion 2" in order to create a new
  308. version 2 service. For existing services, Tor now learns the
  309. version by reading the key file. Closes ticket 27215.
  310. o Major features (portability, cryptography, experimental, TLS):
  311. - Tor now has the option to compile with the NSS library instead of
  312. OpenSSL. This feature is experimental, and we expect that bugs may
  313. remain. It is mainly intended for environments where Tor's
  314. performance is not CPU-bound, and where NSS is already known to be
  315. installed. To try it out, configure Tor with the --enable-nss
  316. flag. Closes tickets 26631, 26815, and 26816.
  317. If you are experimenting with this option and using an old cached
  318. consensus, Tor may fail to start. To solve this, delete your
  319. "cached-consensus" and "cached-microdesc-consensus" files,
  320. (if present), and restart Tor.
  321. o Major features (relay, UI change):
  322. - Relays no longer run as exits by default. If the "ExitRelay"
  323. option is auto (or unset), and no exit policy is specified with
  324. ExitPolicy or ReducedExitPolicy, we now treat ExitRelay as 0.
  325. Previously in this case, we allowed exit traffic and logged a
  326. warning message. Closes ticket 21530. Patch by Neel Chauhan.
  327. - Tor now validates that the ContactInfo config option is valid UTF-
  328. 8 when parsing torrc. Closes ticket 27428.
  329. o Major bugfixes (compilation):
  330. - Fix compilation on ARM (and other less-used CPUs) when compiling
  331. with OpenSSL before 1.1. Fixes bug 27781; bugfix on 0.3.4.1-alpha.
  332. o Major bugfixes (compilation, rust):
  333. - Rust tests can now build and run successfully with the
  334. --enable-fragile-hardening option enabled. Doing this currently
  335. requires the rust beta channel; it will be possible with stable
  336. rust once Rust version 1.31 is released. Patch from Alex Crichton.
  337. Fixes bugs 27272, 27273, and 27274. Bugfix on 0.3.1.1-alpha.
  338. o Major bugfixes (directory authority):
  339. - Actually check that the address we get from DirAuthority
  340. configuration line is valid IPv4. Explicitly disallow DirAuthority
  341. address to be a DNS hostname. Fixes bug 26488; bugfix
  342. on 0.1.2.10-rc.
  343. o Major bugfixes (embedding, main loop):
  344. - When DisableNetwork becomes set, actually disable periodic events
  345. that are already enabled. (Previously, we would refrain from
  346. enabling new ones, but we would leave the old ones turned on.)
  347. Fixes bug 28348; bugfix on 0.3.4.1-alpha.
  348. o Major bugfixes (main loop, bootstrap):
  349. - Make sure Tor bootstraps and works properly if only the
  350. ControlPort is set. Prior to this fix, Tor would only bootstrap
  351. when a client port was set (Socks, Trans, NATD, DNS or HTTPTunnel
  352. port). Fixes bug 27849; bugfix on 0.3.4.1-alpha.
  353. o Major bugfixes (onion service v3):
  354. - On an intro point for a version 3 onion service, stop closing
  355. introduction circuits on a NACK. This lets the client decide
  356. whether to reuse the circuit or discard it. Previously, we closed
  357. intro circuits when sending NACKs. Fixes bug 27841; bugfix on
  358. 0.3.2.1-alpha. Patch by Neel Chaunan.
  359. o Major bugfixes (OpenSSL, portability):
  360. - Fix our usage of named groups when running as a TLS 1.3 client in
  361. OpenSSL 1.1.1. Previously, we only initialized EC groups when
  362. running as a relay, which caused clients to fail to negotiate TLS
  363. 1.3 with relays. Fixes bug 28245; bugfix on 0.2.9.15 (when TLS 1.3
  364. support was added).
  365. o Major bugfixes (relay bandwidth statistics):
  366. - When we close relayed circuits, report the data in the circuit
  367. queues as being written in our relay bandwidth stats. This
  368. mitigates guard discovery and other attacks that close circuits
  369. for the explicit purpose of noticing this discrepancy in
  370. statistics. Fixes bug 23512; bugfix on 0.0.8pre3.
  371. o Major bugfixes (relay):
  372. - When our write bandwidth limit is exhausted, stop writing on the
  373. connection. Previously, we had a typo in the code that would make
  374. us stop reading instead, leading to relay connections being stuck
  375. indefinitely and consuming kernel RAM. Fixes bug 28089; bugfix
  376. on 0.3.4.1-alpha.
  377. - Always reactivate linked connections in the main loop so long as
  378. any linked connection has been active. Previously, connections
  379. serving directory information wouldn't get reactivated after the
  380. first chunk of data was sent (usually 32KB), which would prevent
  381. clients from bootstrapping. Fixes bug 28912; bugfix on
  382. 0.3.4.1-alpha. Patch by "cypherpunks3".
  383. o Major bugfixes (restart-in-process):
  384. - Fix a use-after-free error that could be caused by passing Tor an
  385. impossible set of options that would fail during options_act().
  386. Fixes bug 27708; bugfix on 0.3.3.1-alpha.
  387. o Minor features (admin tools):
  388. - Add a new --key-expiration option to print the expiration date of
  389. the signing cert in an ed25519_signing_cert file. Resolves
  390. issue 19506.
  391. o Minor features (build):
  392. - If you pass the "--enable-pic" option to configure, Tor will try
  393. to tell the compiler to build position-independent code suitable
  394. to link into a dynamic library. (The default remains -fPIE, for
  395. code suitable for a relocatable executable.) Closes ticket 23846.
  396. o Minor features (code correctness, testing):
  397. - Tor's build process now includes a "check-includes" make target to
  398. verify that no module of Tor relies on any headers from a higher-
  399. level module. We hope to use this feature over time to help
  400. refactor our codebase. Closes ticket 26447.
  401. o Minor features (code layout):
  402. - We have a new "lowest-level" error-handling API for use by code
  403. invoked from within the logging module. With this interface, the
  404. logging code is no longer at risk of calling into itself if a
  405. failure occurs while it is trying to log something. Closes
  406. ticket 26427.
  407. o Minor features (compilation):
  408. - When possible, place our warning flags in a separate file, to
  409. avoid flooding verbose build logs. Closes ticket 28924.
  410. - Tor's configure script now supports a --with-malloc= option to
  411. select your malloc implementation. Supported options are
  412. "tcmalloc", "jemalloc", "openbsd" (deprecated), and "system" (the
  413. default). Addresses part of ticket 20424. Based on a patch from
  414. Alex Xu.
  415. o Minor features (config):
  416. - The "auto" keyword in torrc is now case-insensitive. Closes
  417. ticket 26663.
  418. o Minor features (continuous integration):
  419. - Add a Travis CI build for --enable-nss on Linux gcc. Closes
  420. ticket 27751.
  421. - Add new CI job to Travis configuration to run stem-based
  422. integration tests. Closes ticket 27913.
  423. - Use the Travis Homebrew addon to install packages on macOS during
  424. Travis CI. The package list is the same, but the Homebrew addon
  425. does not do a `brew update` by default. Implements ticket 27738.
  426. - Report what program produced the mysterious core file that we
  427. occasionally see on Travis CI during make distcheck. Closes
  428. ticket 28024.
  429. - Don't do a distcheck with --disable-module-dirauth in Travis.
  430. Implements ticket 27252.
  431. - Install libcap-dev and libseccomp2-dev so these optional
  432. dependencies get tested on Travis CI. Closes ticket 26560.
  433. - Only run one online rust build in Travis, to reduce network
  434. errors. Skip offline rust builds on Travis for Linux gcc, because
  435. they're redundant. Implements ticket 27252.
  436. - Skip gcc on OSX in Travis CI, because it's rarely used. Skip a
  437. duplicate hardening-off build in Travis on Tor 0.2.9. Skip gcc on
  438. Linux with default settings, because all the non-default builds
  439. use gcc on Linux. Implements ticket 27252.
  440. o Minor features (continuous integration, Windows):
  441. - Always show the configure and test logs, and upload them as build
  442. artifacts, when building for Windows using Appveyor CI.
  443. Implements 28459.
  444. - Build tor on Windows Server 2012 R2 and Windows Server 2016 using
  445. Appveyor's CI. Closes ticket 28318.
  446. o Minor features (controller):
  447. - Emit CIRC_BW events as soon as we detect that we processed an
  448. invalid or otherwise dropped cell on a circuit. This allows
  449. vanguards and other controllers to react more quickly to dropped
  450. cells. Closes ticket 27678.
  451. - For purposes of CIRC_BW-based dropped cell detection, track half-
  452. closed stream ids, and allow their ENDs, SENDMEs, DATA and path
  453. bias check cells to arrive without counting it as dropped until
  454. either the END arrives, or the windows are empty. Closes
  455. ticket 25573.
  456. - Implement a 'GETINFO md/all' controller command to enable getting
  457. all known microdescriptors. Closes ticket 8323.
  458. - The GETINFO command now support an "uptime" argument, to return
  459. Tor's uptime in seconds. Closes ticket 25132.
  460. o Minor features (denial-of-service avoidance):
  461. - Make our OOM handler aware of the DNS cache so that it doesn't
  462. fill up the memory. This check is important for our DoS mitigation
  463. subsystem. Closes ticket 18642. Patch by Neel Chauhan.
  464. o Minor features (development):
  465. - Tor's makefile now supports running the "clippy" Rust style tool
  466. on our Rust code. Closes ticket 22156.
  467. o Minor features (directory authority):
  468. - There is no longer an artificial upper limit on the length of
  469. bandwidth lines. Closes ticket 26223.
  470. - When a bandwidth file is used to obtain the bandwidth measurements,
  471. include this bandwidth file headers in the votes. Closes
  472. ticket 3723.
  473. - Improved support for networks with only a single authority or a
  474. single fallback directory. Patch from Gabriel Somlo. Closes
  475. ticket 25928.
  476. o Minor features (embedding API):
  477. - The Tor controller API now supports a function to launch Tor with
  478. a preconstructed owning controller FD, so that embedding
  479. applications don't need to manage controller ports and
  480. authentication. Closes ticket 24204.
  481. - The Tor controller API now has a function that returns the name
  482. and version of the backend implementing the API. Closes
  483. ticket 26947.
  484. o Minor features (fallback directory list):
  485. - Replace the 150 fallbacks originally introduced in Tor
  486. 0.3.3.1-alpha in January 2018 (of which ~115 were still
  487. functional), with a list of 157 fallbacks (92 new, 65 existing, 85
  488. removed) generated in December 2018. Closes ticket 24803.
  489. o Minor features (geoip):
  490. - Update geoip and geoip6 to the January 3 2019 Maxmind GeoLite2
  491. Country database. Closes ticket 29012.
  492. o Minor features (memory management):
  493. - Get Libevent to use the same memory allocator as Tor, by calling
  494. event_set_mem_functions() during initialization. Resolves
  495. ticket 8415.
  496. o Minor features (memory usage):
  497. - When not using them, store legacy TAP public onion keys in DER-
  498. encoded format, rather than as expanded public keys. This should
  499. save several megabytes on typical clients. Closes ticket 27246.
  500. o Minor features (OpenSSL bug workaround):
  501. - Work around a bug in OpenSSL 1.1.1a, which prevented the TLS 1.3
  502. key export function from handling long labels. When this bug is
  503. detected, Tor will disable TLS 1.3. We recommend upgrading to a
  504. version of OpenSSL without this bug when it becomes available.
  505. Closes ticket 28973.
  506. o Minor features (OpenSSL):
  507. - When possible, use RFC5869 HKDF implementation from OpenSSL rather
  508. than our own. Resolves ticket 19979.
  509. o Minor features (performance):
  510. - Remove about 96% of the work from the function that we run at
  511. startup to test our curve25519_basepoint implementation. Since
  512. this function has yet to find an actual failure, we now only run
  513. it for 8 iterations instead of 200. Based on our profile
  514. information, this change should save around 8% of our startup time
  515. on typical desktops, and may have a similar effect on other
  516. platforms. Closes ticket 28838.
  517. - Stop re-validating our hardcoded Diffie-Hellman parameters on
  518. every startup. Doing this wasted time and cycles, especially on
  519. low-powered devices. Closes ticket 28851.
  520. o Minor features (Rust, code quality):
  521. - Improve rust code quality in the rust protover implementation by
  522. making it more idiomatic. Includes changing an internal API to
  523. take &str instead of &String. Closes ticket 26492.
  524. o Minor features (testing):
  525. - Add scripts/test/chutney-git-bisect.sh, for bisecting using
  526. chutney. Implements ticket 27211.
  527. o Minor features (tor-resolve):
  528. - The tor-resolve utility can now be used with IPv6 SOCKS proxies.
  529. Side-effect of the refactoring for ticket 26526.
  530. o Minor features (UI):
  531. - Log each included configuration file or directory as we read it,
  532. to provide more visibility about where Tor is reading from. Patch
  533. from Unto Sten; closes ticket 27186.
  534. - Lower log level of "Scheduler type KIST has been enabled" to INFO.
  535. Closes ticket 26703.
  536. o Minor bugfixes (32-bit OSX and iOS, timing):
  537. - Fix an integer overflow bug in our optimized 32-bit millisecond-
  538. difference algorithm for 32-bit Apple platforms. Previously, it
  539. would overflow when calculating the difference between two times
  540. more than 47 days apart. Fixes part of bug 27139; bugfix
  541. on 0.3.4.1-alpha.
  542. - Improve the precision of our 32-bit millisecond difference
  543. algorithm for 32-bit Apple platforms. Fixes part of bug 27139;
  544. bugfix on 0.3.4.1-alpha.
  545. - Relax the tolerance on the mainloop/update_time_jumps test when
  546. running on 32-bit Apple platforms. Fixes part of bug 27139; bugfix
  547. on 0.3.4.1-alpha.
  548. o Minor bugfixes (bootstrap):
  549. - Try harder to get descriptors in non-exit test networks, by using
  550. the mid weight for the third hop when there are no exits. Fixes
  551. bug 27237; bugfix on 0.2.6.2-alpha.
  552. o Minor bugfixes (C correctness):
  553. - Avoid casting smartlist index to int implicitly, as it may trigger
  554. a warning (-Wshorten-64-to-32). Fixes bug 26282; bugfix on
  555. 0.2.3.13-alpha, 0.2.7.1-alpha and 0.2.1.1-alpha.
  556. - Use time_t for all values in
  557. predicted_ports_prediction_time_remaining(). Rework the code that
  558. computes difference between durations/timestamps. Fixes bug 27165;
  559. bugfix on 0.3.1.1-alpha.
  560. o Minor bugfixes (client, memory usage):
  561. - When not running as a directory cache, there is no need to store
  562. the text of the current consensus networkstatus in RAM.
  563. Previously, however, clients would store it anyway, at a cost of
  564. over 5 MB. Now, they do not. Fixes bug 27247; bugfix
  565. on 0.3.0.1-alpha.
  566. o Minor bugfixes (client, ReachableAddresses):
  567. - Instead of adding a "reject *:*" line to ReachableAddresses when
  568. loading the configuration, add one to the policy after parsing it
  569. in parse_reachable_addresses(). This prevents extra "reject *.*"
  570. lines from accumulating on reloads. Fixes bug 20874; bugfix on
  571. 0.1.1.5-alpha. Patch by Neel Chauhan.
  572. o Minor bugfixes (code quality):
  573. - Rename sandbox_getaddrinfo() and other functions to no longer
  574. misleadingly suggest that they are sandbox-only. Fixes bug 26525;
  575. bugfix on 0.2.7.1-alpha.
  576. o Minor bugfixes (code safety):
  577. - Rewrite our assertion macros so that they no longer suppress the
  578. compiler's -Wparentheses warnings. Fixes bug 27709; bugfix
  579. on 0.0.6.
  580. o Minor bugfixes (compilation):
  581. - Initialize a variable unconditionally in aes_new_cipher(), since
  582. some compilers cannot tell that we always initialize it before
  583. use. Fixes bug 28413; bugfix on 0.2.9.3-alpha.
  584. o Minor bugfixes (configuration):
  585. - Refuse to start with relative file paths and RunAsDaemon set
  586. (regression from the fix for bug 22731). Fixes bug 28298; bugfix
  587. on 0.3.3.1-alpha.
  588. o Minor bugfixes (configuration, Onion Services):
  589. - In rend_service_parse_port_config(), disallow any input to remain
  590. after address-port pair was parsed. This will catch address and
  591. port being whitespace-separated by mistake of the user. Fixes bug
  592. 27044; bugfix on 0.2.9.10.
  593. o Minor bugfixes (connection, relay):
  594. - Avoid a logging a BUG() stacktrace when closing connection held
  595. open because the write side is rate limited but not the read side.
  596. Now, the connection read side is simply shut down until Tor is
  597. able to flush the connection and close it. Fixes bug 27750; bugfix
  598. on 0.3.4.1-alpha.
  599. o Minor bugfixes (continuous integration, Windows):
  600. - Stop reinstalling identical packages in our Windows CI. Fixes bug
  601. 27464; bugfix on 0.3.4.1-alpha.
  602. - Install only the necessary mingw packages during our appveyor
  603. builds. This change makes the build a little faster, and prevents
  604. a conflict with a preinstalled mingw openssl that appveyor now
  605. ships. Fixes bugs 27765 and 27943; bugfix on 0.3.4.2-alpha.
  606. - Explicitly specify the path to the OpenSSL library and do not
  607. download OpenSSL from Pacman, but instead use the library that is
  608. already provided by AppVeyor. Fixes bug 28574; bugfix on master.
  609. - Manually configure the zstd compiler options, when building using
  610. mingw on Appveyor Windows CI. The MSYS2 mingw zstd package does
  611. not come with a pkg-config file. Fixes bug 28454; bugfix
  612. on 0.3.4.1-alpha.
  613. - Stop using an external OpenSSL install, and stop installing MSYS2
  614. packages, when building using mingw on Appveyor Windows CI. Fixes
  615. bug 28399; bugfix on 0.3.4.1-alpha.
  616. o Minor bugfixes (controller):
  617. - Consider all routerinfo errors other than "not a server" to be
  618. transient for the purpose of "GETINFO exit-policy/*" controller
  619. request. Print stacktrace in the unlikely case of failing to
  620. recompute routerinfo digest. Fixes bug 27034; bugfix
  621. on 0.3.4.1-alpha.
  622. o Minor bugfixes (correctness):
  623. - Fix an unreached code path where we checked the value of
  624. "hostname" inside send_resolved_hostname_cell(). Previously, we
  625. used it before checking it; now we check it first. Fixes bug
  626. 28879; bugfix on 0.1.2.7-alpha.
  627. o Minor bugfixes (directory connection shutdown):
  628. - Avoid a double-close when shutting down a stalled directory
  629. connection. Fixes bug 26896; bugfix on 0.3.4.1-alpha.
  630. o Minor bugfixes (directory permissions):
  631. - When a user requests a group-readable DataDirectory, give it to
  632. them. Previously, when the DataDirectory and the CacheDirectory
  633. were the same, the default setting (0) for
  634. CacheDirectoryGroupReadable would override the setting for
  635. DataDirectoryGroupReadable. Fixes bug 26913; bugfix
  636. on 0.3.3.1-alpha.
  637. o Minor bugfixes (HTTP tunnel):
  638. - Fix a bug warning when closing an HTTP tunnel connection due to an
  639. HTTP request we couldn't handle. Fixes bug 26470; bugfix
  640. on 0.3.2.1-alpha.
  641. o Minor bugfixes (ipv6):
  642. - In addrs_in_same_network_family(), we choose the subnet size based
  643. on the IP version (IPv4 or IPv6). Previously, we chose a fixed
  644. subnet size of /16 for both IPv4 and IPv6 addresses. Fixes bug
  645. 15518; bugfix on 0.2.3.1-alpha. Patch by Neel Chauhan.
  646. o Minor bugfixes (Linux seccomp2 sandbox):
  647. - Permit the "shutdown()" system call, which is apparently used by
  648. OpenSSL under some circumstances. Fixes bug 28183; bugfix
  649. on 0.2.5.1-alpha.
  650. o Minor bugfixes (logging):
  651. - Stop talking about the Named flag in log messages. Clients have
  652. ignored the Named flag since 0.3.2. Fixes bug 28441; bugfix
  653. on 0.3.2.1-alpha.
  654. - As a precaution, do an early return from log_addr_has_changed() if
  655. Tor is running as client. Also, log a stack trace for debugging as
  656. this function should only be called when Tor runs as server. Fixes
  657. bug 26892; bugfix on 0.1.1.9-alpha.
  658. - Refrain from mentioning bug 21018 in the logs, as it is already
  659. fixed. Fixes bug 25477; bugfix on 0.2.9.8.
  660. o Minor bugfixes (logging, documentation):
  661. - When SafeLogging is enabled, scrub IP address in
  662. channel_tls_process_netinfo_cell(). Also, add a note to manpage
  663. that scrubbing is not guaranteed on loglevels below Notice. Fixes
  664. bug 26882; bugfix on 0.2.4.10-alpha.
  665. o Minor bugfixes (memory leaks):
  666. - Fix a harmless memory leak in libtorrunner.a. Fixes bug 28419;
  667. bugfix on 0.3.3.1-alpha. Patch from Martin Kepplinger.
  668. - Fix a small memory leak when calling Tor with --dump-config. Fixes
  669. bug 27893; bugfix on 0.3.2.1-alpha.
  670. o Minor bugfixes (netflow padding):
  671. - Ensure circuitmux queues are empty before scheduling or sending
  672. padding. Fixes bug 25505; bugfix on 0.3.1.1-alpha.
  673. o Minor bugfixes (onion service v2):
  674. - Log at level "info", not "warning", in the case that we do not
  675. have a consensus when a .onion request comes in. This can happen
  676. normally while bootstrapping. Fixes bug 27040; bugfix
  677. on 0.2.8.2-alpha.
  678. o Minor bugfixes (onion service v3):
  679. - When deleting an ephemeral onion service (DEL_ONION), do not close
  680. any rendezvous circuits in order to let the existing client
  681. connections finish by themselves or closed by the application. The
  682. HS v2 is doing that already so now we have the same behavior for
  683. all versions. Fixes bug 28619; bugfix on 0.3.3.1-alpha.
  684. - Build the service descriptor's signing key certificate before
  685. uploading, so we always have a fresh one: leaving no chances for
  686. it to expire service side. Fixes bug 27838; bugfix
  687. on 0.3.2.1-alpha.
  688. - Stop dumping a stack trace when trying to connect to an intro
  689. point without having a descriptor for it. Fixes bug 27774; bugfix
  690. on 0.3.2.1-alpha.
  691. - When selecting a v3 rendezvous point, don't only look at the
  692. protover, but also check whether the curve25519 onion key is
  693. present. This way we avoid picking a relay that supports the v3
  694. rendezvous but for which we don't have the microdescriptor. Fixes
  695. bug 27797; bugfix on 0.3.2.1-alpha.
  696. - Close all SOCKS request (for the same .onion) if the newly fetched
  697. descriptor is unusable. Before that, we would close only the first
  698. one leaving the other hanging and let to time out by themselves.
  699. Fixes bug 27410; bugfix on 0.3.2.1-alpha.
  700. - When the onion service directory can't be created or has the wrong
  701. permissions, do not log a stack trace. Fixes bug 27335; bugfix
  702. on 0.3.2.1-alpha.
  703. - When replacing a descriptor in the client cache, make sure to
  704. close all client introduction circuits for the old descriptor, so
  705. we don't end up with unusable leftover circuits. Fixes bug 27471;
  706. bugfix on 0.3.2.1-alpha.
  707. o Minor bugfixes (OS compatibility):
  708. - Properly handle configuration changes that move a listener to/from
  709. wildcard IP address. If the first attempt to bind a socket fails,
  710. close the old listener and try binding the socket again. Fixes bug
  711. 17873; bugfix on 0.0.8pre-1.
  712. o Minor bugfixes (performance)::
  713. - Rework node_is_a_configured_bridge() to no longer call
  714. node_get_all_orports(), which was performing too many memory
  715. allocations. Fixes bug 27224; bugfix on 0.2.3.9.
  716. o Minor bugfixes (protover):
  717. - Reject protocol names containing bytes other than alphanumeric
  718. characters and hyphens ([A-Za-z0-9-]). Fixes bug 27316; bugfix
  719. on 0.2.9.4-alpha.
  720. o Minor bugfixes (protover, rust):
  721. - Reject extra commas in version strings. Fixes bug 27197; bugfix
  722. on 0.3.3.3-alpha.
  723. - protover_all_supported() would attempt to allocate up to 16GB on
  724. some inputs, leading to a potential memory DoS. Fixes bug 27206;
  725. bugfix on 0.3.3.5-rc.
  726. - Compute protover votes correctly in the rust version of the
  727. protover code. Previously, the protover rewrite in 24031 allowed
  728. repeated votes from the same voter for the same protocol version
  729. to be counted multiple times in protover_compute_vote(). Fixes bug
  730. 27649; bugfix on 0.3.3.5-rc.
  731. - Reject protover names that contain invalid characters. Fixes bug
  732. 27687; bugfix on 0.3.3.1-alpha.
  733. o Minor bugfixes (relay shutdown, systemd):
  734. - Notify systemd of ShutdownWaitLength so it can be set to longer
  735. than systemd's TimeoutStopSec. In Tor's systemd service file, set
  736. TimeoutSec to 60 seconds to allow Tor some time to shut down.
  737. Fixes bug 28113; bugfix on 0.2.6.2-alpha.
  738. o Minor bugfixes (relay statistics):
  739. - Update relay descriptor on bandwidth changes only when the uptime
  740. is smaller than 24h, in order to reduce the efficiency of guard
  741. discovery attacks. Fixes bug 24104; bugfix on 0.1.1.6-alpha.
  742. o Minor bugfixes (relay):
  743. - Consider the fact that we'll be making direct connections to our
  744. entry and guard nodes when computing the fraction of nodes that
  745. have their descriptors. Also, if we are using bridges and there is
  746. at least one bridge with a full descriptor, treat the fraction of
  747. guards available as 100%. Fixes bug 25886; bugfix on 0.2.4.10-alpha.
  748. Patch by Neel Chauhan.
  749. - Update the message logged on relays when DirCache is disabled.
  750. Since 0.3.3.5-rc, authorities require DirCache (V2Dir) for the
  751. Guard flag. Fixes bug 24312; bugfix on 0.3.3.5-rc.
  752. o Minor bugfixes (testing):
  753. - Stop running stem's unit tests as part of "make test-stem", but
  754. continue to run stem's unit and online tests during "make test-
  755. stem-full". Fixes bug 28568; bugfix on 0.2.6.3-alpha.
  756. - Stop leaking memory in an entry guard unit test. Fixes bug 28554;
  757. bugfix on 0.3.0.1-alpha.
  758. - Make the hs_service tests use the same time source when creating
  759. the introduction point and when testing it. Now tests work better
  760. on very slow systems like ARM or Travis. Fixes bug 27810; bugfix
  761. on 0.3.2.1-alpha.
  762. - Revise the "conditionvar_timeout" test so that it succeeds even on
  763. heavily loaded systems where the test threads are not scheduled
  764. within 200 msec. Fixes bug 27073; bugfix on 0.2.6.3-alpha.
  765. - Fix two unit tests to work when HOME environment variable is not
  766. set. Fixes bug 27096; bugfix on 0.2.8.1-alpha.
  767. - If a unit test running in a subprocess exits abnormally or with a
  768. nonzero status code, treat the test as having failed, even if the
  769. test reported success. Without this fix, memory leaks don't cause
  770. the tests to fail, even with LeakSanitizer. Fixes bug 27658;
  771. bugfix on 0.2.2.4-alpha.
  772. - When logging a version mismatch in our openssl_version tests,
  773. report the actual offending version strings. Fixes bug 26152;
  774. bugfix on 0.2.9.1-alpha.
  775. - Fix forking tests on Windows when there is a space somewhere in
  776. the path. Fixes bug 26437; bugfix on 0.2.2.4-alpha.
  777. o Minor bugfixes (Windows):
  778. - Correctly identify Windows 8.1, Windows 10, and Windows Server
  779. 2008 and later from their NT versions. Fixes bug 28096; bugfix on
  780. 0.2.2.34; reported by Keifer Bly.
  781. - On recent Windows versions, the GetVersionEx() function may report
  782. an earlier Windows version than the running OS. To avoid user
  783. confusion, add "[or later]" to Tor's version string on affected
  784. versions of Windows. Fixes bug 28096; bugfix on 0.2.2.34; reported
  785. by Keifer Bly.
  786. - Remove Windows versions that were never supported by the
  787. GetVersionEx() function. Stop duplicating the latest Windows
  788. version in get_uname(). Fixes bug 28096; bugfix on 0.2.2.34;
  789. reported by Keifer Bly.
  790. o Code simplification and refactoring:
  791. - When parsing a port configuration, make it more obvious to static
  792. analyzer tools that we always initialize the address. Closes
  793. ticket 28881.
  794. - Divide more large Tor source files -- especially ones that span
  795. multiple areas of functionality -- into smaller parts, including
  796. onion.c and main.c. Closes ticket 26747.
  797. - Divide the "routerparse.c" module into separate modules for each
  798. group of parsed objects. Closes ticket 27924.
  799. - Move protover_rust.c to the same place protover.c was moved to.
  800. Closes ticket 27814.
  801. - Split directory.c into separate pieces for client, server, and
  802. common functionality. Closes ticket 26744.
  803. - Split the non-statistics-related parts from the rephist.c and
  804. geoip.c modules. Closes ticket 27892.
  805. - Split the router.c file into relay-only and shared components, to
  806. help with future modularization. Closes ticket 27864.
  807. - Divide the routerlist.c and dirserv.c modules into smaller parts.
  808. Closes ticket 27799.
  809. - 'updateFallbackDirs.py' now ignores the blacklist file, as it's not
  810. longer needed. Closes ticket 26502.
  811. - Include paths to header files within Tor are now qualified by
  812. directory within the top-level src directory.
  813. - Many structures have been removed from the centralized "or.h"
  814. header, and moved into their own headers. This will allow us to
  815. reduce the number of places in the code that rely on each
  816. structure's contents and layout. Closes ticket 26383.
  817. - Remove ATTR_NONNULL macro from codebase. Resolves ticket 26527.
  818. - Remove GetAdaptersAddresses_fn_t. The code that used it was
  819. removed as part of the 26481 refactor. Closes ticket 27467.
  820. - Rework Tor SOCKS server code to use Trunnel and benefit from
  821. autogenerated functions for parsing and generating SOCKS wire
  822. format. New implementation is cleaner, more maintainable and
  823. should be less prone to heartbleed-style vulnerabilities.
  824. Implements a significant fraction of ticket 3569.
  825. - Split sampled_guards_update_from_consensus() and
  826. select_entry_guard_for_circuit() into subfunctions. In
  827. entry_guards_update_primary() unite three smartlist enumerations
  828. into one and move smartlist comparison code out of the function.
  829. Closes ticket 21349.
  830. - Tor now assumes that you have standards-conformant stdint.h and
  831. inttypes.h headers when compiling. Closes ticket 26626.
  832. - Unify our bloom filter logic. Previously we had two copies of this
  833. code: one for routerlist filtering, and one for address set
  834. calculations. Closes ticket 26510.
  835. - Use the simpler strcmpstart() helper in
  836. rend_parse_v2_service_descriptor instead of strncmp(). Closes
  837. ticket 27630.
  838. - Utility functions that can perform a DNS lookup are now wholly
  839. separated from those that can't, in separate headers and C
  840. modules. Closes ticket 26526.
  841. o Documentation:
  842. - In the tor-resolve(1) manpage, fix the reference to socks-
  843. extensions.txt by adding a web URL. Resolves ticket 27853.
  844. - Mention that we require Python to be 2.7 or newer for some
  845. integration tests that we ship with Tor. Resolves ticket 27677.
  846. - Copy paragraph and URL to Tor's code of conduct document from
  847. CONTRIBUTING to new CODE_OF_CONDUCT file. Resolves ticket 26638.
  848. - Remove old instructions from INSTALL document. Closes ticket 26588.
  849. - Warn users that they should not include MyFamily line(s) in their
  850. torrc when running Tor bridge. Closes ticket 26908.
  851. o Removed features:
  852. - Tor no longer supports building with the dmalloc library. For
  853. debugging memory issues, we suggest using gperftools or msan
  854. instead. Closes ticket 26426.
  855. - Tor no longer attempts to run on Windows environments without the
  856. GetAdaptersAddresses() function. This function has existed since
  857. Windows XP, which is itself already older than we support.
  858. - Remove Tor2web functionality for version 2 onion services. The
  859. Tor2webMode and Tor2webRendezvousPoints options are now obsolete.
  860. (This feature was never shipped in vanilla Tor and it was only
  861. possible to use this feature by building the support at compile
  862. time. Tor2webMode is not implemented for version 3 onion services.)
  863. Closes ticket 26367.
  864. o Testing:
  865. - Increase logging and tag all log entries with timestamps in
  866. test_rebind.py. Provides diagnostics for issue 28229.
  867. o Code simplification and refactoring (shared random, dirauth):
  868. - Change many tor_assert() to use BUG() instead. The idea is to not
  869. crash a dirauth but rather scream loudly with a stacktrace and let
  870. it continue run. The shared random subsystem is very resilient and
  871. if anything wrong happens with it, at worst a non coherent value
  872. will be put in the vote and discarded by the other authorities.
  873. Closes ticket 19566.
  874. o Documentation (onion services):
  875. - Improve HSv3 client authorization by making some options more
  876. explicit and detailed. Closes ticket 28026. Patch by Mike Tigas.
  877. - Document in the man page that changing ClientOnionAuthDir value or
  878. adding a new file in the directory will not work at runtime upon
  879. sending a HUP if Sandbox 1. Closes ticket 28128.
  880. - Note in the man page that the only real way to fully revoke an
  881. onion service v3 client authorization is by restarting the tor
  882. process. Closes ticket 28275.
  883. Changes in version 0.3.4.9 - 2018-11-02
  884. Tor 0.3.4.9 is the second stable release in its series; it backports
  885. numerous fixes, including a fix for a bandwidth management bug that
  886. was causing memory exhaustion on relays. Anyone running an earlier
  887. version of Tor 0.3.4.9 should upgrade.
  888. o Major bugfixes (compilation, backport from 0.3.5.3-alpha):
  889. - Fix compilation on ARM (and other less-used CPUs) when compiling
  890. with OpenSSL before 1.1. Fixes bug 27781; bugfix on 0.3.4.1-alpha.
  891. o Major bugfixes (mainloop, bootstrap, backport from 0.3.5.3-alpha):
  892. - Make sure Tor bootstraps and works properly if only the
  893. ControlPort is set. Prior to this fix, Tor would only bootstrap
  894. when a client port was set (Socks, Trans, NATD, DNS or HTTPTunnel
  895. port). Fixes bug 27849; bugfix on 0.3.4.1-alpha.
  896. o Major bugfixes (relay, backport from 0.3.5.3-alpha):
  897. - When our write bandwidth limit is exhausted, stop writing on the
  898. connection. Previously, we had a typo in the code that would make
  899. us stop reading instead, leading to relay connections being stuck
  900. indefinitely and consuming kernel RAM. Fixes bug 28089; bugfix
  901. on 0.3.4.1-alpha.
  902. o Major bugfixes (restart-in-process, backport from 0.3.5.1-alpha):
  903. - Fix a use-after-free error that could be caused by passing Tor an
  904. impossible set of options that would fail during options_act().
  905. Fixes bug 27708; bugfix on 0.3.3.1-alpha.
  906. o Minor features (continuous integration, backport from 0.3.5.1-alpha):
  907. - Don't do a distcheck with --disable-module-dirauth in Travis.
  908. Implements ticket 27252.
  909. - Only run one online rust build in Travis, to reduce network
  910. errors. Skip offline rust builds on Travis for Linux gcc, because
  911. they're redundant. Implements ticket 27252.
  912. - Skip gcc on OSX in Travis CI, because it's rarely used. Skip a
  913. duplicate hardening-off build in Travis on Tor 0.2.9. Skip gcc on
  914. Linux with default settings, because all the non-default builds
  915. use gcc on Linux. Implements ticket 27252.
  916. o Minor features (continuous integration, backport from 0.3.5.3-alpha):
  917. - Use the Travis Homebrew addon to install packages on macOS during
  918. Travis CI. The package list is the same, but the Homebrew addon
  919. does not do a `brew update` by default. Implements ticket 27738.
  920. o Minor features (geoip):
  921. - Update geoip and geoip6 to the October 9 2018 Maxmind GeoLite2
  922. Country database. Closes ticket 27991.
  923. o Minor bugfixes (32-bit OSX and iOS, timing, backport from 0.3.5.2-alpha):
  924. - Fix an integer overflow bug in our optimized 32-bit millisecond-
  925. difference algorithm for 32-bit Apple platforms. Previously, it
  926. would overflow when calculating the difference between two times
  927. more than 47 days apart. Fixes part of bug 27139; bugfix
  928. on 0.3.4.1-alpha.
  929. - Improve the precision of our 32-bit millisecond difference
  930. algorithm for 32-bit Apple platforms. Fixes part of bug 27139;
  931. bugfix on 0.3.4.1-alpha.
  932. - Relax the tolerance on the mainloop/update_time_jumps test when
  933. running on 32-bit Apple platforms. Fixes part of bug 27139; bugfix
  934. on 0.3.4.1-alpha.
  935. o Minor bugfixes (C correctness, to appear in 0.3.5.4-alpha):
  936. - Avoid undefined behavior in an end-of-string check when parsing
  937. the BEGIN line in a directory object. Fixes bug 28202; bugfix
  938. on 0.2.0.3-alpha.
  939. o Minor bugfixes (CI, appveyor, to appear in 0.3.5.4-alpha):
  940. - Only install the necessary mingw packages during our appveyor
  941. builds. This change makes the build a little faster, and prevents
  942. a conflict with a preinstalled mingw openssl that appveyor now
  943. ships. Fixes bugs 27943 and 27765; bugfix on 0.3.4.2-alpha.
  944. o Minor bugfixes (code safety, backport from 0.3.5.3-alpha):
  945. - Rewrite our assertion macros so that they no longer suppress the
  946. compiler's -Wparentheses warnings. Fixes bug 27709; bugfix
  947. o Minor bugfixes (continuous integration, backport from 0.3.5.1-alpha):
  948. - Stop reinstalling identical packages in our Windows CI. Fixes bug
  949. 27464; bugfix on 0.3.4.1-alpha.
  950. o Minor bugfixes (directory authority, to appear in 0.3.5.4-alpha):
  951. - Log additional info when we get a relay that shares an ed25519 ID
  952. with a different relay, instead making a BUG() warning. Fixes bug
  953. 27800; bugfix on 0.3.2.1-alpha.
  954. o Minor bugfixes (directory connection shutdown, backport from 0.3.5.1-alpha):
  955. - Avoid a double-close when shutting down a stalled directory
  956. connection. Fixes bug 26896; bugfix on 0.3.4.1-alpha.
  957. o Minor bugfixes (HTTP tunnel, backport from 0.3.5.1-alpha):
  958. - Fix a bug warning when closing an HTTP tunnel connection due to an
  959. HTTP request we couldn't handle. Fixes bug 26470; bugfix
  960. on 0.3.2.1-alpha.
  961. o Minor bugfixes (netflow padding, backport from 0.3.5.1-alpha):
  962. - Ensure circuitmux queues are empty before scheduling or sending
  963. padding. Fixes bug 25505; bugfix on 0.3.1.1-alpha.
  964. o Minor bugfixes (onion service v3, backport from 0.3.5.1-alpha):
  965. - When the onion service directory can't be created or has the wrong
  966. permissions, do not log a stack trace. Fixes bug 27335; bugfix
  967. on 0.3.2.1-alpha.
  968. o Minor bugfixes (onion service v3, backport from 0.3.5.2-alpha):
  969. - Close all SOCKS request (for the same .onion) if the newly fetched
  970. descriptor is unusable. Before that, we would close only the first
  971. one leaving the other hanging and let to time out by themselves.
  972. Fixes bug 27410; bugfix on 0.3.2.1-alpha.
  973. o Minor bugfixes (onion service v3, backport from 0.3.5.3-alpha):
  974. - When selecting a v3 rendezvous point, don't only look at the
  975. protover, but also check whether the curve25519 onion key is
  976. present. This way we avoid picking a relay that supports the v3
  977. rendezvous but for which we don't have the microdescriptor. Fixes
  978. bug 27797; bugfix on 0.3.2.1-alpha.
  979. o Minor bugfixes (protover, backport from 0.3.5.3-alpha):
  980. - Reject protocol names containing bytes other than alphanumeric
  981. characters and hyphens ([A-Za-z0-9-]). Fixes bug 27316; bugfix
  982. on 0.2.9.4-alpha.
  983. o Minor bugfixes (rust, backport from 0.3.5.1-alpha):
  984. - Compute protover votes correctly in the rust version of the
  985. protover code. Previously, the protover rewrite in 24031 allowed
  986. repeated votes from the same voter for the same protocol version
  987. to be counted multiple times in protover_compute_vote(). Fixes bug
  988. 27649; bugfix on 0.3.3.5-rc.
  989. - Reject protover names that contain invalid characters. Fixes bug
  990. 27687; bugfix on 0.3.3.1-alpha.
  991. o Minor bugfixes (rust, backport from 0.3.5.2-alpha):
  992. - protover_all_supported() would attempt to allocate up to 16GB on
  993. some inputs, leading to a potential memory DoS. Fixes bug 27206;
  994. bugfix on 0.3.3.5-rc.
  995. o Minor bugfixes (rust, directory authority, to appear in 0.3.5.4-alpha):
  996. - Fix an API mismatch in the rust implementation of
  997. protover_compute_vote(). This bug could have caused crashes on any
  998. directory authorities running Tor with Rust (which we do not yet
  999. recommend). Fixes bug 27741; bugfix on 0.3.3.6.
  1000. o Minor bugfixes (rust, to appear in 0.3.5.4-alpha):
  1001. - Fix a potential null dereference in protover_all_supported(). Add
  1002. a test for it. Fixes bug 27804; bugfix on 0.3.3.1-alpha.
  1003. - Return a string that can be safely freed by C code, not one
  1004. created by the rust allocator, in protover_all_supported(). Fixes
  1005. bug 27740; bugfix on 0.3.3.1-alpha.
  1006. o Minor bugfixes (testing, backport from 0.3.5.1-alpha):
  1007. - If a unit test running in a subprocess exits abnormally or with a
  1008. nonzero status code, treat the test as having failed, even if the
  1009. test reported success. Without this fix, memory leaks don't cause
  1010. the tests to fail, even with LeakSanitizer. Fixes bug 27658;
  1011. bugfix on 0.2.2.4-alpha.
  1012. o Minor bugfixes (testing, backport from 0.3.5.3-alpha):
  1013. - Make the hs_service tests use the same time source when creating
  1014. the introduction point and when testing it. Now tests work better
  1015. on very slow systems like ARM or Travis. Fixes bug 27810; bugfix
  1016. on 0.3.2.1-alpha.
  1017. o Minor bugfixes (testing, to appear in 0.3.5.4-alpha):
  1018. - Treat backtrace test failures as expected on BSD-derived systems
  1019. (NetBSD, OpenBSD, and macOS/Darwin) until we solve bug 17808.
  1020. (FreeBSD failures have been treated as expected since 18204 in
  1021. 0.2.8.) Fixes bug 27948; bugfix on 0.2.5.2-alpha.
  1022. Changes in version 0.2.9.17 - 2018-09-10
  1023. Tor 0.2.9.17 backports numerous bugfixes from later versions of Tor.
  1024. o Minor features (compatibility, backport from 0.3.4.8):
  1025. - Tell OpenSSL to maintain backward compatibility with previous
  1026. RSA1024/DH1024 users in Tor. With OpenSSL 1.1.1-pre6, these
  1027. ciphers are disabled by default. Closes ticket 27344.
  1028. o Minor features (continuous integration, backport from 0.3.4.7-rc):
  1029. - Enable macOS builds in our Travis CI configuration. Closes
  1030. ticket 24629.
  1031. - Install libcap-dev and libseccomp2-dev so these optional
  1032. dependencies get tested on Travis CI. Closes ticket 26560.
  1033. - Run asciidoc during Travis CI. Implements ticket 27087.
  1034. - Use ccache in our Travis CI configuration. Closes ticket 26952.
  1035. o Minor features (geoip):
  1036. - Update geoip and geoip6 to the August 7 2018 Maxmind GeoLite2
  1037. Country database. Closes ticket 27089.
  1038. o Minor bugfixes (compilation, backport from 0.3.4.6-rc):
  1039. - When compiling with --enable-openbsd-malloc or --enable-tcmalloc,
  1040. tell the compiler not to include the system malloc implementation.
  1041. Fixes bug 20424; bugfix on 0.2.0.20-rc.
  1042. o Minor bugfixes (compilation, backport from 0.3.4.7-rc):
  1043. - Silence a spurious compiler warning on the GetAdaptersAddresses
  1044. function pointer cast. This issue is already fixed by 26481 in
  1045. 0.3.5 and later, by removing the lookup and cast. Fixes bug 27465;
  1046. bugfix on 0.2.3.11-alpha.
  1047. - Stop calling SetProcessDEPPolicy() on 64-bit Windows. It is not
  1048. supported, and always fails. Some compilers warn about the
  1049. function pointer cast on 64-bit Windows. Fixes bug 27461; bugfix
  1050. on 0.2.2.23-alpha.
  1051. o Minor bugfixes (compilation, windows, backport from 0.3.4.7-rc):
  1052. - Don't link or search for pthreads when building for Windows, even
  1053. if we are using build environment (like mingw) that provides a
  1054. pthreads library. Fixes bug 27081; bugfix on 0.1.0.1-rc.
  1055. o Minor bugfixes (continuous integration, backport from 0.3.4.6-rc):
  1056. - Skip a pair of unreliable key generation tests on Windows, until
  1057. the underlying issue in bug 26076 is resolved. Fixes bug 26830 and
  1058. bug 26853; bugfix on 0.2.7.3-rc and 0.3.2.1-alpha respectively.
  1059. o Minor bugfixes (continuous integration, backport from 0.3.4.7-rc):
  1060. - Pass the module flags to distcheck configure, and log the flags
  1061. before running configure. (Backported to 0.2.9 and later as a
  1062. precaution.) Fixes bug 27088; bugfix on 0.3.4.1-alpha.
  1063. o Minor bugfixes (continuous integration, backport from 0.3.4.8):
  1064. - When a Travis build fails, and showing a log fails, keep trying to
  1065. show the other logs. Fixes bug 27453; bugfix on 0.3.4.7-rc.
  1066. - When we use echo in Travis, don't pass a --flag as the first
  1067. argument. Fixes bug 27418; bugfix on 0.3.4.7-rc.
  1068. o Minor bugfixes (directory authority, backport from 0.3.4.6-rc):
  1069. - When voting for recommended versions, make sure that all of the
  1070. versions are well-formed and parsable. Fixes bug 26485; bugfix
  1071. on 0.1.1.6-alpha.
  1072. o Minor bugfixes (linux seccomp2 sandbox, backport from 0.3.4.7-rc):
  1073. - Fix a bug in out sandboxing rules for the openat() syscall.
  1074. Previously, no openat() call would be permitted, which would break
  1075. filesystem operations on recent glibc versions. Fixes bug 25440;
  1076. bugfix on 0.2.9.15. Diagnosis and patch from Daniel Pinto.
  1077. o Minor bugfixes (onion services, backport from 0.3.4.8):
  1078. - Silence a spurious compiler warning in
  1079. rend_client_send_introduction(). Fixes bug 27463; bugfix
  1080. on 0.1.1.2-alpha.
  1081. o Minor bugfixes (single onion services, Tor2web, backport from 0.3.4.6-rc):
  1082. - Log a protocol warning when single onion services or Tor2web clients
  1083. fail to authenticate direct connections to relays.
  1084. Fixes bug 26924; bugfix on 0.2.9.1-alpha.
  1085. o Minor bugfixes (testing, backport from 0.3.4.6-rc):
  1086. - Disable core dumps in test_bt.sh, to avoid failures in "make
  1087. distcheck". Fixes bug 26787; bugfix on 0.2.5.2-alpha.
  1088. o Minor bugfixes (testing, chutney, backport from 0.3.4.8):
  1089. - Before running make test-network-all, delete old logs and test
  1090. result files, to avoid spurious failures. Fixes bug 27295; bugfix
  1091. on 0.2.7.3-rc.
  1092. o Minor bugfixes (testing, openssl compatibility, backport from 0.3.4.7-rc):
  1093. - Our "tortls/cert_matches_key" unit test no longer relies on
  1094. OpenSSL internals. Previously, it relied on unsupported OpenSSL
  1095. behavior in a way that caused it to crash with OpenSSL 1.0.2p.
  1096. Fixes bug 27226; bugfix on 0.2.5.1-alpha.
  1097. o Minor bugfixes (Windows, compilation, backport from 0.3.4.7-rc):
  1098. - Silence a compilation warning on MSVC 2017 and clang-cl. Fixes bug
  1099. 27185; bugfix on 0.2.2.2-alpha.
  1100. Changes in version 0.3.2.12 - 2018-09-10
  1101. Tor 0.3.2.12 backport numerous fixes from later versions of Tor.
  1102. o Minor features (compatibility, backport from 0.3.4.8):
  1103. - Tell OpenSSL to maintain backward compatibility with previous
  1104. RSA1024/DH1024 users in Tor. With OpenSSL 1.1.1-pre6, these
  1105. ciphers are disabled by default. Closes ticket 27344.
  1106. o Minor features (continuous integration, backport from 0.3.4.7-rc):
  1107. - Enable macOS builds in our Travis CI configuration. Closes
  1108. ticket 24629.
  1109. - Install libcap-dev and libseccomp2-dev so these optional
  1110. dependencies get tested on Travis CI. Closes ticket 26560.
  1111. - Run asciidoc during Travis CI. Implements ticket 27087.
  1112. - Use ccache in our Travis CI configuration. Closes ticket 26952.
  1113. o Minor features (continuous integration, rust, backport from 0.3.4.7-rc):
  1114. - Use cargo cache in our Travis CI configuration. Closes
  1115. ticket 26952.
  1116. o Minor features (controller, backport from 0.3.4.6-rc):
  1117. - The control port now exposes the list of HTTPTunnelPorts and
  1118. ExtOrPorts via GETINFO net/listeners/httptunnel and
  1119. net/listeners/extor respectively. Closes ticket 26647.
  1120. o Minor features (directory authorities, backport from 0.3.4.7-rc):
  1121. - Authorities no longer vote to make the subprotocol version
  1122. "LinkAuth=1" a requirement: it is unsupportable with NSS, and
  1123. hasn't been needed since Tor 0.3.0.1-alpha. Closes ticket 27286.
  1124. o Minor features (geoip):
  1125. - Update geoip and geoip6 to the August 7 2018 Maxmind GeoLite2
  1126. Country database. Closes ticket 27089.
  1127. o Minor bugfixes (compilation, backport from 0.3.4.6-rc):
  1128. - When compiling with --enable-openbsd-malloc or --enable-tcmalloc,
  1129. tell the compiler not to include the system malloc implementation.
  1130. Fixes bug 20424; bugfix on 0.2.0.20-rc.
  1131. - Don't try to use a pragma to temporarily disable the
  1132. -Wunused-const-variable warning if the compiler doesn't support
  1133. it. Fixes bug 26785; bugfix on 0.3.2.11.
  1134. o Minor bugfixes (compilation, backport from 0.3.4.7-rc):
  1135. - Silence a spurious compiler warning on the GetAdaptersAddresses
  1136. function pointer cast. This issue is already fixed by 26481 in
  1137. 0.3.5 and later, by removing the lookup and cast. Fixes bug 27465;
  1138. bugfix on 0.2.3.11-alpha.
  1139. - Stop calling SetProcessDEPPolicy() on 64-bit Windows. It is not
  1140. supported, and always fails. Some compilers warn about the
  1141. function pointer cast on 64-bit Windows. Fixes bug 27461; bugfix
  1142. on 0.2.2.23-alpha.
  1143. o Minor bugfixes (compilation, windows, backport from 0.3.4.7-rc):
  1144. - Don't link or search for pthreads when building for Windows, even
  1145. if we are using build environment (like mingw) that provides a
  1146. pthreads library. Fixes bug 27081; bugfix on 0.1.0.1-rc.
  1147. o Minor bugfixes (continuous integration, backport from 0.3.4.6-rc):
  1148. - Skip a pair of unreliable key generation tests on Windows, until
  1149. the underlying issue in bug 26076 is resolved. Fixes bug 26830 and
  1150. bug 26853; bugfix on 0.2.7.3-rc and 0.3.2.1-alpha respectively.
  1151. o Minor bugfixes (continuous integration, backport from 0.3.4.7-rc):
  1152. - Build with zstd on macOS. Fixes bug 27090; bugfix on 0.3.1.5-alpha.
  1153. - Pass the module flags to distcheck configure, and log the flags
  1154. before running configure. (Backported to 0.2.9 and later as a
  1155. precaution.) Fixes bug 27088; bugfix on 0.3.4.1-alpha.
  1156. o Minor bugfixes (continuous integration, backport from 0.3.4.8):
  1157. - When a Travis build fails, and showing a log fails, keep trying to
  1158. show the other logs. Fixes bug 27453; bugfix on 0.3.4.7-rc.
  1159. - When we use echo in Travis, don't pass a --flag as the first
  1160. argument. Fixes bug 27418; bugfix on 0.3.4.7-rc.
  1161. o Minor bugfixes (directory authority, backport from 0.3.4.6-rc):
  1162. - When voting for recommended versions, make sure that all of the
  1163. versions are well-formed and parsable. Fixes bug 26485; bugfix
  1164. on 0.1.1.6-alpha.
  1165. o Minor bugfixes (linux seccomp2 sandbox, backport from 0.3.4.7-rc):
  1166. - Fix a bug in out sandboxing rules for the openat() syscall.
  1167. Previously, no openat() call would be permitted, which would break
  1168. filesystem operations on recent glibc versions. Fixes bug 25440;
  1169. bugfix on 0.2.9.15. Diagnosis and patch from Daniel Pinto.
  1170. o Minor bugfixes (logging, backport from 0.3.4.6-rc):
  1171. - Improve the log message when connection initiators fail to
  1172. authenticate direct connections to relays. Fixes bug 26927; bugfix
  1173. on 0.3.0.1-alpha.
  1174. o Minor bugfixes (onion services, backport from 0.3.4.7-rc):
  1175. - Fix bug that causes services to not ever rotate their descriptors
  1176. if they were getting SIGHUPed often. Fixes bug 26932; bugfix
  1177. on 0.3.2.1-alpha.
  1178. o Minor bugfixes (onion services, backport from 0.3.4.8):
  1179. - Silence a spurious compiler warning in
  1180. rend_client_send_introduction(). Fixes bug 27463; bugfix
  1181. on 0.1.1.2-alpha.
  1182. o Minor bugfixes (rust, backport from 0.3.4.7-rc):
  1183. - Backport test_rust.sh from master. Fixes bug 26497; bugfix
  1184. on 0.3.1.5-alpha.
  1185. - Consistently use ../../.. as a fallback for $abs_top_srcdir in
  1186. test_rust.sh. Fixes bug 27093; bugfix on 0.3.4.3-alpha.
  1187. - Stop setting $CARGO_HOME. cargo will use the user's $CARGO_HOME, or
  1188. $HOME/.cargo by default. Fixes bug 26497; bugfix on 0.3.1.5-alpha.
  1189. o Minor bugfixes (single onion services, Tor2web, backport from 0.3.4.6-rc):
  1190. - Log a protocol warning when single onion services or Tor2web clients
  1191. fail to authenticate direct connections to relays.
  1192. Fixes bug 26924; bugfix on 0.2.9.1-alpha.
  1193. o Minor bugfixes (testing, backport from 0.3.4.6-rc):
  1194. - Disable core dumps in test_bt.sh, to avoid failures in "make
  1195. distcheck". Fixes bug 26787; bugfix on 0.2.5.2-alpha.
  1196. o Minor bugfixes (testing, chutney, backport from 0.3.4.8):
  1197. - When running make test-network-all, use the mixed+hs-v2 network.
  1198. (A previous fix to chutney removed v3 onion services from the
  1199. mixed+hs-v23 network, so seeing "mixed+hs-v23" in tests is
  1200. confusing.) Fixes bug 27345; bugfix on 0.3.2.1-alpha.
  1201. - Before running make test-network-all, delete old logs and test
  1202. result files, to avoid spurious failures. Fixes bug 27295; bugfix
  1203. on 0.2.7.3-rc.
  1204. o Minor bugfixes (testing, openssl compatibility):
  1205. - Our "tortls/cert_matches_key" unit test no longer relies on OpenSSL
  1206. internals. Previously, it relied on unsupported OpenSSL behavior in
  1207. a way that caused it to crash with OpenSSL 1.0.2p. Fixes bug 27226;
  1208. bugfix on 0.2.5.1-alpha.
  1209. o Minor bugfixes (testing, openssl compatibility, backport from 0.3.4.7-rc):
  1210. - Our "tortls/cert_matches_key" unit test no longer relies on
  1211. OpenSSL internals. Previously, it relied on unsupported OpenSSL
  1212. behavior in a way that caused it to crash with OpenSSL 1.0.2p.
  1213. Fixes bug 27226; bugfix on 0.2.5.1-alpha.
  1214. o Minor bugfixes (Windows, compilation, backport from 0.3.4.7-rc):
  1215. - Silence a compilation warning on MSVC 2017 and clang-cl. Fixes bug
  1216. 27185; bugfix on 0.2.2.2-alpha.
  1217. Changes in version 0.3.3.10 - 2018-09-10
  1218. Tor 0.3.3.10 backports numerous fixes from later versions of Tor.
  1219. o Minor features (bug workaround, backport from 0.3.4.7-rc):
  1220. - Compile correctly on systems that provide the C11 stdatomic.h
  1221. header, but where C11 atomic functions don't actually compile.
  1222. Closes ticket 26779; workaround for Debian issue 903709.
  1223. o Minor features (compatibility, backport from 0.3.4.8):
  1224. - Tell OpenSSL to maintain backward compatibility with previous
  1225. RSA1024/DH1024 users in Tor. With OpenSSL 1.1.1-pre6, these
  1226. ciphers are disabled by default. Closes ticket 27344.
  1227. o Minor features (continuous integration, backport from 0.3.4.7-rc):
  1228. - Backport Travis rust distcheck to 0.3.3. Closes ticket 24629.
  1229. - Enable macOS builds in our Travis CI configuration. Closes
  1230. ticket 24629.
  1231. - Install libcap-dev and libseccomp2-dev so these optional
  1232. dependencies get tested on Travis CI. Closes ticket 26560.
  1233. - Run asciidoc during Travis CI. Implements ticket 27087.
  1234. - Use ccache in our Travis CI configuration. Closes ticket 26952.
  1235. o Minor features (continuous integration, rust, backport from 0.3.4.7-rc):
  1236. - Use cargo cache in our Travis CI configuration. Closes
  1237. ticket 26952.
  1238. o Minor features (controller, backport from 0.3.4.6-rc):
  1239. - The control port now exposes the list of HTTPTunnelPorts and
  1240. ExtOrPorts via GETINFO net/listeners/httptunnel and
  1241. net/listeners/extor respectively. Closes ticket 26647.
  1242. o Minor features (directory authorities, backport from 0.3.4.7-rc):
  1243. - Authorities no longer vote to make the subprotocol version
  1244. "LinkAuth=1" a requirement: it is unsupportable with NSS, and
  1245. hasn't been needed since Tor 0.3.0.1-alpha. Closes ticket 27286.
  1246. o Minor features (geoip):
  1247. - Update geoip and geoip6 to the August 7 2018 Maxmind GeoLite2
  1248. Country database. Closes ticket 27089.
  1249. o Minor bugfixes (compilation, backport from 0.3.4.6-rc):
  1250. - When compiling with --enable-openbsd-malloc or --enable-tcmalloc,
  1251. tell the compiler not to include the system malloc implementation.
  1252. Fixes bug 20424; bugfix on 0.2.0.20-rc.
  1253. - Don't try to use a pragma to temporarily disable the
  1254. -Wunused-const-variable warning if the compiler doesn't support
  1255. it. Fixes bug 26785; bugfix on 0.3.2.11.
  1256. o Minor bugfixes (compilation, backport from 0.3.4.7-rc):
  1257. - Silence a spurious compiler warning on the GetAdaptersAddresses
  1258. function pointer cast. This issue is already fixed by 26481 in
  1259. 0.3.5 and later, by removing the lookup and cast. Fixes bug 27465;
  1260. bugfix on 0.2.3.11-alpha.
  1261. - Stop calling SetProcessDEPPolicy() on 64-bit Windows. It is not
  1262. supported, and always fails. Some compilers warn about the
  1263. function pointer cast on 64-bit Windows. Fixes bug 27461; bugfix
  1264. on 0.2.2.23-alpha.
  1265. o Minor bugfixes (compilation, windows, backport from 0.3.4.7-rc):
  1266. - Don't link or search for pthreads when building for Windows, even
  1267. if we are using build environment (like mingw) that provides a
  1268. pthreads library. Fixes bug 27081; bugfix on 0.1.0.1-rc.
  1269. o Minor bugfixes (continuous integration, backport from 0.3.4.6-rc):
  1270. - Skip a pair of unreliable key generation tests on Windows, until
  1271. the underlying issue in bug 26076 is resolved. Fixes bug 26830 and
  1272. bug 26853; bugfix on 0.2.7.3-rc and 0.3.2.1-alpha respectively.
  1273. o Minor bugfixes (continuous integration, backport from 0.3.4.7-rc):
  1274. - Build with zstd on macOS. Fixes bug 27090; bugfix on 0.3.1.5-alpha.
  1275. - Pass the module flags to distcheck configure, and log the flags
  1276. before running configure. (Backported to 0.2.9 and later as a
  1277. precaution.) Fixes bug 27088; bugfix on 0.3.4.1-alpha.
  1278. o Minor bugfixes (continuous integration, backport from 0.3.4.8):
  1279. - When a Travis build fails, and showing a log fails, keep trying to
  1280. show the other logs. Fixes bug 27453; bugfix on 0.3.4.7-rc.
  1281. - When we use echo in Travis, don't pass a --flag as the first
  1282. argument. Fixes bug 27418; bugfix on 0.3.4.7-rc.
  1283. o Minor bugfixes (directory authority, backport from 0.3.4.6-rc):
  1284. - When voting for recommended versions, make sure that all of the
  1285. versions are well-formed and parsable. Fixes bug 26485; bugfix
  1286. on 0.1.1.6-alpha.
  1287. o Minor bugfixes (in-process restart, backport from 0.3.4.7-rc):
  1288. - Always call tor_free_all() when leaving tor_run_main(). When we
  1289. did not, restarting tor in-process would cause an assertion
  1290. failure. Fixes bug 26948; bugfix on 0.3.3.1-alpha.
  1291. o Minor bugfixes (linux seccomp2 sandbox, backport from 0.3.4.7-rc):
  1292. - Fix a bug in our sandboxing rules for the openat() syscall.
  1293. Previously, no openat() call would be permitted, which would break
  1294. filesystem operations on recent glibc versions. Fixes bug 25440;
  1295. bugfix on 0.2.9.15. Diagnosis and patch from Daniel Pinto.
  1296. o Minor bugfixes (logging, backport from 0.3.4.6-rc):
  1297. - Improve the log message when connection initiators fail to
  1298. authenticate direct connections to relays. Fixes bug 26927; bugfix
  1299. on 0.3.0.1-alpha.
  1300. o Minor bugfixes (onion services, backport from 0.3.4.7-rc):
  1301. - Fix bug that causes services to not ever rotate their descriptors
  1302. if they were getting SIGHUPed often. Fixes bug 26932; bugfix
  1303. on 0.3.2.1-alpha.
  1304. o Minor bugfixes (onion services, backport from 0.3.4.8):
  1305. - Silence a spurious compiler warning in
  1306. rend_client_send_introduction(). Fixes bug 27463; bugfix
  1307. on 0.1.1.2-alpha.
  1308. o Minor bugfixes (portability, backport from 0.3.4.6-rc):
  1309. - Work around two different bugs in the OS X 10.10 and later SDKs
  1310. that would prevent us from successfully targeting earlier versions
  1311. of OS X. Fixes bug 26876; bugfix on 0.3.3.1-alpha.
  1312. o Minor bugfixes (portability, backport from 0.3.4.7-rc):
  1313. - Fix compilation of the unit tests on GNU/Hurd, which does not
  1314. define PATH_MAX. Fixes bug 26873; bugfix on 0.3.3.1-alpha. Patch
  1315. from "paulusASol".
  1316. o Minor bugfixes (rust, backport from 0.3.4.7-rc):
  1317. - Backport test_rust.sh from master. Fixes bug 26497; bugfix
  1318. on 0.3.1.5-alpha.
  1319. - Consistently use ../../.. as a fallback for $abs_top_srcdir in
  1320. test_rust.sh. Fixes bug 27093; bugfix on 0.3.4.3-alpha.
  1321. - Protover parsing was accepting the presence of whitespace in
  1322. version strings, which the C implementation would choke on, e.g.
  1323. "Desc=1\t,2". Fixes bug 27177; bugfix on 0.3.3.5-rc.
  1324. - Protover parsing was ignoring a 2nd hyphen and everything after
  1325. it, accepting entries like "Link=1-5-foo". Fixes bug 27164; bugfix
  1326. on 0.3.3.1-alpha.
  1327. - Stop setting $CARGO_HOME. cargo will use the user's $CARGO_HOME, or
  1328. $HOME/.cargo by default. Fixes bug 26497; bugfix on 0.3.1.5-alpha.
  1329. - cd to ${abs_top_builddir}/src/rust before running cargo in
  1330. src/test/test_rust.sh. This makes the working directory consistent
  1331. between builds and tests. Fixes bug 26497; bugfix on 0.3.3.2-alpha.
  1332. o Minor bugfixes (single onion services, Tor2web, backport from 0.3.4.6-rc):
  1333. - Log a protocol warning when single onion services or Tor2web clients
  1334. fail to authenticate direct connections to relays.
  1335. Fixes bug 26924; bugfix on 0.2.9.1-alpha.
  1336. o Minor bugfixes (testing, backport from 0.3.4.6-rc):
  1337. - Disable core dumps in test_bt.sh, to avoid failures in "make
  1338. distcheck". Fixes bug 26787; bugfix on 0.2.5.2-alpha.
  1339. o Minor bugfixes (testing, chutney, backport from 0.3.4.8):
  1340. - When running make test-network-all, use the mixed+hs-v2 network.
  1341. (A previous fix to chutney removed v3 onion services from the
  1342. mixed+hs-v23 network, so seeing "mixed+hs-v23" in tests is
  1343. confusing.) Fixes bug 27345; bugfix on 0.3.2.1-alpha.
  1344. - Before running make test-network-all, delete old logs and test
  1345. result files, to avoid spurious failures. Fixes bug 27295; bugfix
  1346. on 0.2.7.3-rc.
  1347. o Minor bugfixes (testing, openssl compatibility, backport from 0.3.4.7-rc):
  1348. - Our "tortls/cert_matches_key" unit test no longer relies on
  1349. OpenSSL internals. Previously, it relied on unsupported OpenSSL
  1350. behavior in a way that caused it to crash with OpenSSL 1.0.2p.
  1351. Fixes bug 27226; bugfix on 0.2.5.1-alpha.
  1352. o Minor bugfixes (v3 onion services, backport from 0.3.4.6-rc):
  1353. - Stop sending ed25519 link specifiers in v3 onion service introduce
  1354. cells and descriptors, when the rendezvous or introduction point
  1355. doesn't support ed25519 link authentication. Fixes bug 26627;
  1356. bugfix on 0.3.2.4-alpha.
  1357. o Minor bugfixes (Windows, compilation, backport from 0.3.4.7-rc):
  1358. - Silence a compilation warning on MSVC 2017 and clang-cl. Fixes bug
  1359. 27185; bugfix on 0.2.2.2-alpha.
  1360. Changes in version 0.3.4.8 - 2018-09-10
  1361. Tor 0.3.4.8 is the first stable release in its series; it includes
  1362. compilation and portability fixes.
  1363. The Tor 0.3.4 series includes improvements for running Tor in
  1364. low-power and embedded environments, which should help performance in
  1365. general. We've begun work on better modularity, and included preliminary
  1366. changes on the directory authority side to accommodate a new bandwidth
  1367. measurement system. We've also integrated more continuous-integration
  1368. systems into our development process, and made corresponding changes to
  1369. Tor's testing infrastructure. Finally, we've continued to refine
  1370. our anti-denial-of-service code.
  1371. Below are the changes since 0.3.3.9. For a list of only the changes
  1372. since 0.3.4.7-rc, see the ChangeLog file.
  1373. o New system requirements:
  1374. - Tor no longer tries to support old operating systems without
  1375. mmap() or some local equivalent. Apparently, compilation on such
  1376. systems has been broken for some time, without anybody noticing or
  1377. complaining. Closes ticket 25398.
  1378. o Major features (directory authority, modularization):
  1379. - The directory authority subsystem has been modularized. The code
  1380. is now located in src/or/dirauth/, and is compiled in by default.
  1381. To disable the module, the configure option
  1382. --disable-module-dirauth has been added. This module may be
  1383. disabled by default in some future release. Closes ticket 25610.
  1384. o Major features (main loop, CPU usage):
  1385. - When Tor is disabled (via DisableNetwork or via hibernation), it
  1386. no longer needs to run any per-second events. This change should
  1387. make it easier for mobile applications to disable Tor while the
  1388. device is sleeping, or Tor is not running. Closes ticket 26063.
  1389. - Tor no longer enables all of its periodic events by default.
  1390. Previously, Tor would enable all possible main loop events,
  1391. regardless of whether it needed them. Furthermore, many of these
  1392. events are now disabled when Tor is hibernating or DisableNetwork
  1393. is set. This is a big step towards reducing client CPU usage by
  1394. reducing the amount of wake-ups the daemon does. Closes tickets
  1395. 25376 and 25762.
  1396. - The bandwidth-limitation logic has been refactored so that
  1397. bandwidth calculations are performed on-demand, rather than every
  1398. TokenBucketRefillInterval milliseconds. This change should improve
  1399. the granularity of our bandwidth calculations, and limit the
  1400. number of times that the Tor process needs to wake up when it is
  1401. idle. Closes ticket 25373.
  1402. - Move responsibility for many operations from a once-per-second
  1403. callback to a callback that is only scheduled as needed. Moving
  1404. this functionality has allowed us to disable the callback when
  1405. Tor's network is disabled. Once enough items are removed from our
  1406. once-per-second callback, we can eliminate it entirely to conserve
  1407. CPU when idle. The functionality removed includes: closing
  1408. connections, circuits, and channels (ticket 25932); consensus
  1409. voting (25937); flushing log callbacks (25951); honoring delayed
  1410. SIGNEWNYM requests (25949); rescanning the consensus cache
  1411. (25931); saving the state file to disk (25948); warning relay
  1412. operators about unreachable ports (25952); and keeping track of
  1413. Tor's uptime (26009).
  1414. o Minor features (accounting):
  1415. - When Tor becomes dormant, it now uses a scheduled event to wake up
  1416. at the right time. Previously, we would use the per-second timer
  1417. to check whether to wake up, but we no longer have any per-second
  1418. timers enabled when the network is disabled. Closes ticket 26064.
  1419. o Minor features (bug workaround):
  1420. - Compile correctly on systems that provide the C11 stdatomic.h
  1421. header, but where C11 atomic functions don't actually compile.
  1422. Closes ticket 26779; workaround for Debian issue 903709.
  1423. o Minor features (code quality):
  1424. - Add optional spell-checking for the Tor codebase, using the
  1425. "misspell" program. To use this feature, run "make check-typos".
  1426. Closes ticket 25024.
  1427. o Minor features (compatibility):
  1428. - Tell OpenSSL to maintain backward compatibility with previous
  1429. RSA1024/DH1024 users in Tor. With OpenSSL 1.1.1-pre6, these
  1430. ciphers are disabled by default. Closes ticket 27344.
  1431. - Tor now detects versions of OpenSSL 1.1.0 and later compiled with
  1432. the no-deprecated option, and builds correctly with them. Closes
  1433. tickets 19429, 19981, and 25353.
  1434. o Minor features (compilation):
  1435. - When compiling with --enable-openbsd-malloc or --enable-tcmalloc,
  1436. tell the compiler not to include the system malloc implementation.
  1437. Fixes bug 20424; bugfix on 0.2.0.20-rc.
  1438. - Don't try to use a pragma to temporarily disable the
  1439. -Wunused-const-variable warning if the compiler doesn't support
  1440. it. Fixes bug 26785; bugfix on 0.3.2.11.
  1441. - When building Tor, prefer to use Python 3 over Python 2, and more
  1442. recent (contemplated) versions over older ones. Closes
  1443. ticket 26372.
  1444. o Minor features (compression, zstd):
  1445. - When running with zstd, Tor now considers using advanced functions
  1446. that the zstd maintainers have labeled as potentially unstable. To
  1447. prevent breakage, Tor will only use this functionality when the
  1448. runtime version of the zstd library matches the version with which
  1449. Tor was compiled. Closes ticket 25162.
  1450. o Minor features (configuration):
  1451. - The "DownloadSchedule" options have been renamed to end with
  1452. "DownloadInitialDelay". The old names are still allowed, but will
  1453. produce a warning. Comma-separated lists are still permitted for
  1454. these options, but all values after the first are ignored (as they
  1455. have been since 0.2.9). Closes ticket 23354.
  1456. o Minor features (continuous integration):
  1457. - Log the compiler path and version during Appveyor builds.
  1458. Implements ticket 27449.
  1459. - Show config.log and test-suite.log after failed Appveyor builds.
  1460. Also upload the zipped full logs as a build artifact. Implements
  1461. ticket 27430.
  1462. - Backport Travis rust distcheck to 0.3.3. Closes ticket 24629.
  1463. - Enable macOS builds in our Travis CI configuration. Closes
  1464. ticket 24629.
  1465. - Install libcap-dev and libseccomp2-dev so these optional
  1466. dependencies get tested on Travis CI. Closes ticket 26560.
  1467. - Only post Appveyor IRC notifications when the build fails.
  1468. Implements ticket 27275.
  1469. - Run asciidoc during Travis CI. Implements ticket 27087.
  1470. - Use ccache in our Travis CI configuration. Closes ticket 26952.
  1471. - Add the necessary configuration files for continuous integration
  1472. testing on Windows, via the Appveyor platform. Closes ticket
  1473. 25549. Patches from Marcin Cieślak and Isis Lovecruft.
  1474. o Minor features (continuous integration, rust):
  1475. - Use cargo cache in our Travis CI configuration. Closes
  1476. ticket 26952.
  1477. o Minor features (control port):
  1478. - Introduce GETINFO "current-time/{local,utc}" to return the local
  1479. and UTC times respectively in ISO format. This helps a controller
  1480. like Tor Browser detect a time-related error. Closes ticket 25511.
  1481. Patch by Neel Chauhan.
  1482. - Introduce new fields to the CIRC_BW event. There are two new
  1483. fields in each of the read and written directions. The DELIVERED
  1484. fields report the total valid data on the circuit, as measured by
  1485. the payload sizes of verified and error-checked relay command
  1486. cells. The OVERHEAD fields report the total unused bytes in each
  1487. of these cells. Closes ticket 25903.
  1488. o Minor features (controller):
  1489. - The control port now exposes the list of HTTPTunnelPorts and
  1490. ExtOrPorts via GETINFO net/listeners/httptunnel and
  1491. net/listeners/extor respectively. Closes ticket 26647.
  1492. o Minor features (directory authorities):
  1493. - Stop warning about incomplete bw lines before the first complete
  1494. bw line has been found, so that additional header lines can be
  1495. ignored. Fixes bug 25960; bugfix on 0.2.2.1-alpha
  1496. - Authorities no longer vote to make the subprotocol version
  1497. "LinkAuth=1" a requirement: it is unsupportable with NSS, and
  1498. hasn't been needed since Tor 0.3.0.1-alpha. Closes ticket 27286.
  1499. o Minor features (directory authority):
  1500. - Directory authorities now open their key-pinning files as O_SYNC,
  1501. to limit their chances of accidentally writing partial lines.
  1502. Closes ticket 23909.
  1503. o Minor features (directory authority, forward compatibility):
  1504. - Make the lines of the measured bandwidth file able to contain
  1505. their entries in any order. Previously, the node_id entry needed
  1506. to come first. Closes ticket 26004.
  1507. o Minor features (entry guards):
  1508. - Introduce a new torrc option NumPrimaryGuards for controlling the
  1509. number of primary guards. Closes ticket 25843.
  1510. o Minor features (geoip):
  1511. - Update geoip and geoip6 to the August 7 2018 Maxmind GeoLite2
  1512. Country database. Closes ticket 27089.
  1513. o Minor features (performance):
  1514. - Avoid a needless call to malloc() when processing an incoming
  1515. relay cell. Closes ticket 24914.
  1516. - Make our timing-wheel code run a tiny bit faster on 32-bit
  1517. platforms, by preferring 32-bit math to 64-bit. Closes
  1518. ticket 24688.
  1519. - Avoid a needless malloc()/free() pair every time we handle an ntor
  1520. handshake. Closes ticket 25150.
  1521. o Minor features (Rust, portability):
  1522. - Rust cross-compilation is now supported. Closes ticket 25895.
  1523. o Minor features (testing):
  1524. - Add a unit test for voting_schedule_get_start_of_next_interval().
  1525. Closes ticket 26014, and helps make unit test coverage
  1526. more deterministic.
  1527. - A new unittests module specifically for testing the functions in
  1528. the (new-ish) bridges.c module has been created with new
  1529. unittests, raising the code coverage percentages. Closes 25425.
  1530. - We now have improved testing for addressmap_get_virtual_address()
  1531. function. This should improve our test coverage, and make our test
  1532. coverage more deterministic. Closes ticket 25993.
  1533. o Minor features (timekeeping, circuit scheduling):
  1534. - When keeping track of how busy each circuit have been recently on
  1535. a given connection, use coarse-grained monotonic timers rather
  1536. than gettimeofday(). This change should marginally increase
  1537. accuracy and performance. Implements part of ticket 25927.
  1538. o Minor features (unit tests):
  1539. - Test complete bandwidth measurements files, and test that
  1540. incomplete bandwidth lines only give warnings when the end of the
  1541. header has not been detected. Fixes bug 25947; bugfix
  1542. on 0.2.2.1-alpha
  1543. o Minor bugfixes (bandwidth management):
  1544. - Consider ourselves "low on write bandwidth" if we have exhausted
  1545. our write bandwidth some time in the last second. This was the
  1546. documented behavior before, but the actual behavior was to change
  1547. this value every TokenBucketRefillInterval. Fixes bug 25828;
  1548. bugfix on 0.2.3.5-alpha.
  1549. o Minor bugfixes (C correctness):
  1550. - Add a missing lock acquisition in the shutdown code of the control
  1551. subsystem. Fixes bug 25675; bugfix on 0.2.7.3-rc. Found by
  1552. Coverity; this is CID 1433643.
  1553. o Minor bugfixes (code style):
  1554. - Fixed multiple includes of transports.h in src/or/connection.c
  1555. Fixes bug 25261; bugfix on 0.2.5.1-alpha.
  1556. - Remove the unused variable n_possible from the function
  1557. channel_get_for_extend(). Fixes bug 25645; bugfix on 0.2.4.4-alpha
  1558. o Minor bugfixes (compilation):
  1559. - Silence a spurious compiler warning on the GetAdaptersAddresses
  1560. function pointer cast. This issue is already fixed by 26481 in
  1561. 0.3.5 and later, by removing the lookup and cast. Fixes bug 27465;
  1562. bugfix on 0.2.3.11-alpha.
  1563. - Stop calling SetProcessDEPPolicy() on 64-bit Windows. It is not
  1564. supported, and always fails. Some compilers warn about the
  1565. function pointer cast on 64-bit Windows. Fixes bug 27461; bugfix
  1566. on 0.2.2.23-alpha.
  1567. - Fix a compilation warning on some versions of GCC when building
  1568. code that calls routerinfo_get_my_routerinfo() twice, assuming
  1569. that the second call will succeed if the first one did. Fixes bug
  1570. 26269; bugfix on 0.2.8.2-alpha.
  1571. - Refrain from compiling unit testing related object files when
  1572. --disable-unittests is set to configure script. Fixes bug 24891;
  1573. bugfix on 0.2.5.1-alpha.
  1574. - The --enable-fatal-warnings flag now affects Rust code as well.
  1575. Closes ticket 26245.
  1576. - Avoid a compiler warning when casting the return value of
  1577. smartlist_len() to double with DEBUG_SMARTLIST enabled. Fixes bug
  1578. 26283; bugfix on 0.2.4.10-alpha.
  1579. o Minor bugfixes (compilation, windows):
  1580. - Don't link or search for pthreads when building for Windows, even
  1581. if we are using build environment (like mingw) that provides a
  1582. pthreads library. Fixes bug 27081; bugfix on 0.1.0.1-rc.
  1583. o Minor bugfixes (continuous integration):
  1584. - Build with zstd on macOS. Fixes bug 27090; bugfix on 0.3.1.5-alpha.
  1585. - Skip a pair of unreliable key generation tests on Windows, until
  1586. the underlying issue in bug 26076 is resolved. Fixes bug 26830 and
  1587. bug 26853; bugfix on 0.2.7.3-rc and 0.3.2.1-alpha respectively.
  1588. o Minor bugfixes (control port):
  1589. - Respond with more human-readable error messages to GETINFO exit-
  1590. policy/* requests. Also, let controller know if an error is
  1591. transient (response code 551) or not (response code 552). Fixes
  1592. bug 25852; bugfix on 0.2.8.1-alpha.
  1593. - Parse the "HSADDRESS=" parameter in HSPOST commands properly.
  1594. Previously, it was misparsed and ignored. Fixes bug 26523; bugfix
  1595. on 0.3.3.1-alpha. Patch by "akwizgran".
  1596. - Make CIRC_BW event reflect the total of all data sent on a
  1597. circuit, including padding and dropped cells. Also fix a mis-
  1598. counting bug when STREAM_BW events were enabled. Fixes bug 25400;
  1599. bugfix on 0.2.5.2-alpha.
  1600. o Minor bugfixes (correctness, flow control):
  1601. - Upon receiving a stream-level SENDME cell, verify that our window
  1602. has not grown too large. Fixes bug 26214; bugfix on svn
  1603. r54 (pre-0.0.1).
  1604. o Minor bugfixes (directory authority):
  1605. - When voting for recommended versions, make sure that all of the
  1606. versions are well-formed and parsable. Fixes bug 26485; bugfix
  1607. on 0.1.1.6-alpha.
  1608. o Minor bugfixes (directory client):
  1609. - When unverified-consensus is verified, rename it to cached-
  1610. consenus. Fixes bug 4187; bugfix on 0.2.0.3-alpha.
  1611. - Fixed launching a certificate fetch always during the scheduled
  1612. periodic consensus fetch by fetching only in those cases when
  1613. consensus are waiting for certs. Fixes bug 24740; bugfix
  1614. on 0.2.9.1-alpha.
  1615. o Minor bugfixes (error reporting):
  1616. - Improve tolerance for directory authorities with skewed clocks.
  1617. Previously, an authority with a clock more than 60 seconds ahead
  1618. could cause a client with a correct clock to warn that the
  1619. client's clock was behind. Now the clocks of a majority of
  1620. directory authorities have to be ahead of the client before this
  1621. warning will occur. Fixes bug 25756; bugfix on 0.2.2.25-alpha.
  1622. o Minor bugfixes (in-process restart):
  1623. - Always call tor_free_all() when leaving tor_run_main(). When we
  1624. did not, restarting tor in-process would cause an assertion
  1625. failure. Fixes bug 26948; bugfix on 0.3.3.1-alpha.
  1626. o Minor bugfixes (Linux seccomp2 sandbox):
  1627. - Fix a bug in our sandboxing rules for the openat() syscall.
  1628. Previously, no openat() call would be permitted, which would break
  1629. filesystem operations on recent glibc versions. Fixes bug 25440;
  1630. bugfix on 0.2.9.15. Diagnosis and patch from Daniel Pinto.
  1631. o Minor bugfixes (logging):
  1632. - Improve the log message when connection initiators fail to
  1633. authenticate direct connections to relays. Fixes bug 26927; bugfix
  1634. on 0.3.0.1-alpha.
  1635. o Minor bugfixes (onion services):
  1636. - Silence a spurious compiler warning in
  1637. rend_client_send_introduction(). Fixes bug 27463; bugfix
  1638. on 0.1.1.2-alpha.
  1639. - Fix bug that causes services to not ever rotate their descriptors
  1640. if they were getting SIGHUPed often. Fixes bug 26932; bugfix
  1641. on 0.3.2.1-alpha.
  1642. - Recompute some consensus information after detecting a clock jump,
  1643. or after transitioning from a non-live consensus to a live
  1644. consensus. We do this to avoid having an outdated state, and
  1645. miscalculating the index for next-generation onion services. Fixes
  1646. bug 24977; bugfix on 0.3.2.1-alpha.
  1647. o Minor bugfixes (portability):
  1648. - Fix compilation of the unit tests on GNU/Hurd, which does not
  1649. define PATH_MAX. Fixes bug 26873; bugfix on 0.3.3.1-alpha. Patch
  1650. from "paulusASol".
  1651. - Work around two different bugs in the OS X 10.10 and later SDKs
  1652. that would prevent us from successfully targeting earlier versions
  1653. of OS X. Fixes bug 26876; bugfix on 0.3.3.1-alpha.
  1654. - Do not align mmap length, as it is not required by POSIX, and the
  1655. getpagesize function is deprecated. Fixes bug 25399; bugfix
  1656. on 0.1.1.23.
  1657. o Minor bugfixes (portability, FreeBSD):
  1658. - In have_enough_mem_for_dircache(), the variable DIRCACHE_MIN_MEM_MB
  1659. does not stringify on FreeBSD, so we switch to tor_asprintf().
  1660. Fixes bug 20887; bugfix on 0.2.8.1-alpha. Patch by Neel Chauhan.
  1661. o Minor bugfixes (relay statistics):
  1662. - When a relay is collecting internal statistics about how many
  1663. create cell requests it has seen of each type, accurately count
  1664. the requests from relays that temporarily fall out of the
  1665. consensus. (To be extra conservative, we were already ignoring
  1666. requests from clients in our counts, and we continue ignoring them
  1667. here.) Fixes bug 24910; bugfix on 0.2.4.17-rc.
  1668. o Minor bugfixes (rust):
  1669. - Backport test_rust.sh from master. Fixes bug 26497; bugfix
  1670. on 0.3.1.5-alpha.
  1671. - Protover parsing was accepting the presence of whitespace in
  1672. version strings, which the C implementation would choke on, e.g.
  1673. "Desc=1\t,2". Fixes bug 27177; bugfix on 0.3.3.5-rc.
  1674. - Protover parsing was ignoring a 2nd hyphen and everything after
  1675. it, accepting entries like "Link=1-5-foo". Fixes bug 27164; bugfix
  1676. on 0.3.3.1-alpha.
  1677. - Stop setting $CARGO_HOME. cargo will use the user's $CARGO_HOME, or
  1678. $HOME/.cargo by default. Fixes bug 26497; bugfix on 0.3.1.5-alpha.
  1679. - cd to ${abs_top_builddir}/src/rust before running cargo in
  1680. src/test/test_rust.sh. This makes the working directory consistent
  1681. between builds and tests. Fixes bug 26497; bugfix on 0.3.3.2-alpha.
  1682. o Minor bugfixes (single onion services, Tor2web):
  1683. - Log a protocol warning when single onion services or Tor2web
  1684. clients fail to authenticate direct connections to relays. Fixes
  1685. bug 26924; bugfix on 0.2.9.1-alpha.
  1686. o Minor bugfixes (test coverage tools):
  1687. - Update our "cov-diff" script to handle output from the latest
  1688. version of gcov, and to remove extraneous timestamp information
  1689. from its output. Fixes bugs 26101 and 26102; bugfix
  1690. on 0.2.5.1-alpha.
  1691. o Minor bugfixes (testing):
  1692. - Disable core dumps in test_bt.sh, to avoid failures in "make
  1693. distcheck". Fixes bug 26787; bugfix on 0.2.5.2-alpha.
  1694. - When testing workqueue event-cancellation, make sure that we
  1695. actually cancel an event, and that cancel each event with equal
  1696. probability. (It was previously possible, though extremely
  1697. unlikely, for our event-canceling test not to cancel any events.)
  1698. Fixes bug 26008; bugfix on 0.2.6.3-alpha.
  1699. - Repeat part of the test in test_client_pick_intro() a number of
  1700. times, to give it consistent coverage. Fixes bug 25996; bugfix
  1701. on 0.3.2.1-alpha.
  1702. - Remove randomness from the hs_common/responsible_hsdirs test, so
  1703. that it always takes the same path through the function it tests.
  1704. Fixes bug 25997; bugfix on 0.3.2.1-alpha.
  1705. - Change the behavior of the "channel/outbound" test so that it
  1706. never causes a 10-second rollover for the EWMA circuitmux code.
  1707. Previously, this behavior would happen randomly, and result in
  1708. fluctuating test coverage. Fixes bug 25994; bugfix
  1709. on 0.3.3.1-alpha.
  1710. - Use X509_new() to allocate certificates that will be freed later
  1711. with X509_free(). Previously, some parts of the unit tests had
  1712. used tor_malloc_zero(), which is incorrect, and which caused test
  1713. failures on Windows when they were built with extra hardening.
  1714. Fixes bugs 25943 and 25944; bugfix on 0.2.8.1-alpha. Patch by
  1715. Marcin Cieślak.
  1716. - While running the circuit_timeout test, fix the PRNG to a
  1717. deterministic AES stream, so that the test coverage from this test
  1718. will itself be deterministic. Fixes bug 25995; bugfix
  1719. on 0.2.2.2-alpha.
  1720. o Minor bugfixes (testing, bootstrap):
  1721. - When calculating bootstrap progress, check exit policies and the
  1722. exit flag. Previously, Tor would only check the exit flag, which
  1723. caused race conditions in small and fast networks like chutney.
  1724. Fixes bug 27236; bugfix on 0.2.6.3-alpha.
  1725. o Minor bugfixes (testing, chutney):
  1726. - When running make test-network-all, use the mixed+hs-v2 network.
  1727. (A previous fix to chutney removed v3 onion services from the
  1728. mixed+hs-v23 network, so seeing "mixed+hs-v23" in tests is
  1729. confusing.) Fixes bug 27345; bugfix on 0.3.2.1-alpha.
  1730. - Before running make test-network-all, delete old logs and test
  1731. result files, to avoid spurious failures. Fixes bug 27295; bugfix
  1732. on 0.2.7.3-rc.
  1733. o Minor bugfixes (testing, openssl compatibility):
  1734. - Our "tortls/cert_matches_key" unit test no longer relies on
  1735. OpenSSL internals. Previously, it relied on unsupported OpenSSL
  1736. behavior in a way that caused it to crash with OpenSSL 1.0.2p.
  1737. Fixes bug 27226; bugfix on 0.2.5.1-alpha.
  1738. o Minor bugfixes (v3 onion services):
  1739. - Stop sending ed25519 link specifiers in v3 onion service introduce
  1740. cells and descriptors, when the rendezvous or introduction point
  1741. doesn't support ed25519 link authentication. Fixes bug 26627;
  1742. bugfix on 0.3.2.4-alpha.
  1743. o Minor bugfixes (vanguards):
  1744. - Allow the last hop in a vanguard circuit to be the same as our
  1745. first, to prevent the adversary from influencing guard node choice
  1746. by choice of last hop. Also prevent the creation of A - B - A
  1747. paths, or A - A paths, which are forbidden by relays. Fixes bug
  1748. 25870; bugfix on 0.3.3.1-alpha.
  1749. o Minor bugfixes (Windows, compilation):
  1750. - Silence a compilation warning on MSVC 2017 and clang-cl. Fixes bug
  1751. 27185; bugfix on 0.2.2.2-alpha.
  1752. o Code simplification and refactoring:
  1753. - Remove duplicate code in parse_{c,s}method_line and bootstrap
  1754. their functionalities into a single function. Fixes bug 6236;
  1755. bugfix on 0.2.3.6-alpha.
  1756. - We remove the PortForwsrding and PortForwardingHelper options,
  1757. related functions, and the port_forwarding tests. These options
  1758. were used by the now-deprecated Vidalia to help ordinary users
  1759. become Tor relays or bridges. Closes ticket 25409. Patch by
  1760. Neel Chauhan.
  1761. - In order to make the OR and dir checking function in router.c less
  1762. confusing we renamed some functions and
  1763. consider_testing_reachability() has been split into
  1764. router_should_check_reachability() and
  1765. router_do_reachability_checks(). Also we improved the documentation
  1766. in some functions. Closes ticket 18918.
  1767. - Initial work to isolate Libevent usage to a handful of modules in
  1768. our codebase, to simplify our call structure, and so that we can
  1769. more easily change event loops in the future if needed. Closes
  1770. ticket 23750.
  1771. - Introduce a function to call getsockname() and return tor_addr_t,
  1772. to save a little complexity throughout the codebase. Closes
  1773. ticket 18105.
  1774. - Make hsdir_index in node_t a hsdir_index_t rather than a pointer
  1775. as hsdir_index is always present. Also, we move hsdir_index_t into
  1776. or.h. Closes ticket 23094. Patch by Neel Chauhan.
  1777. - Merge functions used for describing nodes and suppress the
  1778. functions that do not allocate memory for the output buffer
  1779. string. NODE_DESC_BUF_LEN constant and format_node_description()
  1780. function cannot be used externally from router.c module anymore.
  1781. Closes ticket 25432. Patch by valentecaio.
  1782. - Our main loop has been simplified so that all important operations
  1783. happen inside events. Previously, some operations had to happen
  1784. outside the event loop, to prevent infinite sequences of event
  1785. activations. Closes ticket 25374.
  1786. - Put a SHA1 public key digest in hs_service_intro_point_t, and use
  1787. it in register_intro_circ() and service_intro_point_new(). This
  1788. prevents the digest from being re-calculated each time. Closes
  1789. ticket 23107. Patch by Neel Chauhan.
  1790. - Refactor token-bucket implementations to use a common backend.
  1791. Closes ticket 25766.
  1792. - Remove extern declaration of stats_n_seconds_working variable from
  1793. main, protecting its accesses with get_uptime() and reset_uptime()
  1794. functions. Closes ticket 25081, patch by “valentecaio”.
  1795. - Remove our previous logic for "cached gettimeofday()" -- our
  1796. coarse monotonic timers are fast enough for this purpose, and far
  1797. less error-prone. Implements part of ticket 25927.
  1798. - Remove the return value for fascist_firewall_choose_address_base(),
  1799. and sister functions such as fascist_firewall_choose_address_node()
  1800. and fascist_firewall_choose_address_rs(). Also, while we're here,
  1801. initialize the ap argument as leaving it uninitialized can pose a
  1802. security hazard. Closes ticket 24734. Patch by Neel Chauhan.
  1803. - Rename two fields of connection_t struct. timestamp_lastwritten is
  1804. renamed to timestamp_last_write_allowed and timestamp_lastread is
  1805. renamed to timestamp_last_read_allowed. Closes ticket 24714, patch
  1806. by "valentecaio".
  1807. - Since Tor requires C99, remove our old workaround code for libc
  1808. implementations where free(NULL) doesn't work. Closes ticket 24484.
  1809. - Use our standard rate-limiting code to deal with excessive
  1810. libevent failures, rather than the hand-rolled logic we had
  1811. before. Closes ticket 26016.
  1812. - We remove the return value of node_get_prim_orport() and
  1813. node_get_prim_dirport(), and introduce node_get_prim_orport() in
  1814. node_ipv6_or_preferred() and node_ipv6_dir_preferred() in order to
  1815. check for a null address. Closes ticket 23873. Patch by
  1816. Neel Chauhan.
  1817. - We switch to should_record_bridge_info() in
  1818. geoip_note_client_seen() and options_need_geoip_info() instead of
  1819. accessing the configuration values directly. Fixes bug 25290;
  1820. bugfix on 0.2.1.6-alpha. Patch by Neel Chauhan.
  1821. o Deprecated features:
  1822. - As we are not recommending 0.2.5 anymore, we require relays that
  1823. once had an ed25519 key associated with their RSA key to always
  1824. have that key, instead of allowing them to drop back to a version
  1825. that didn't support ed25519. This means they need to use a new RSA
  1826. key if they want to downgrade to an older version of tor without
  1827. ed25519. Closes ticket 20522.
  1828. o Removed features:
  1829. - Directory authorities will no longer support voting according to
  1830. any consensus method before consensus method 25. This keeps
  1831. authorities compatible with all authorities running 0.2.9.8 and
  1832. later, and does not break any clients or relays. Implements ticket
  1833. 24378 and proposal 290.
  1834. - The PortForwarding and PortForwardingHelper features have been
  1835. removed. The reasoning is, given that implementations of NAT
  1836. traversal protocols within common consumer grade routers are
  1837. frequently buggy, and that the target audience for a NAT punching
  1838. feature is a perhaps less-technically-inclined relay operator,
  1839. when the helper fails to setup traversal the problems are usually
  1840. deep, ugly, and very router specific, making them horrendously
  1841. impossible for technical support to reliable assist with, and thus
  1842. resulting in frustration all around. Unfortunately, relay
  1843. operators who would like to run relays behind NATs will need to
  1844. become more familiar with the port forwarding configurations on
  1845. their local router. Closes 25409.
  1846. - The TestingEnableTbEmptyEvent option has been removed. It was used
  1847. in testing simulations to measure how often connection buckets
  1848. were emptied, in order to improve our scheduling, but it has not
  1849. been actively used in years. Closes ticket 25760.
  1850. - The old "round-robin" circuit multiplexer (circuitmux)
  1851. implementation has been removed, along with a fairly large set of
  1852. code that existed to support it. It has not been the default
  1853. circuitmux since we introduced the "EWMA" circuitmux in 0.2.4.x,
  1854. but it still required an unreasonable amount of memory and CPU.
  1855. Closes ticket 25268.
  1856. Changes in version 0.3.3.9 - 2018-07-13
  1857. Tor 0.3.3.9 moves to a new bridge authority, meaning people running
  1858. bridge relays should upgrade.
  1859. o Directory authority changes:
  1860. - The "Bifroest" bridge authority has been retired; the new bridge
  1861. authority is "Serge", and it is operated by George from the
  1862. TorBSD project. Closes ticket 26771.
  1863. Changes in version 0.3.2.11 - 2018-07-13
  1864. Tor 0.3.2.11 moves to a new bridge authority, meaning people running
  1865. bridge relays should upgrade. We also take this opportunity to backport
  1866. other minor fixes.
  1867. o Directory authority changes:
  1868. - The "Bifroest" bridge authority has been retired; the new bridge
  1869. authority is "Serge", and it is operated by George from the
  1870. TorBSD project. Closes ticket 26771.
  1871. o Directory authority changes (backport from 0.3.3.7):
  1872. - Add an IPv6 address for the "dannenberg" directory authority.
  1873. Closes ticket 26343.
  1874. o Major bugfixes (directory authorities, backport from 0.3.4.1-alpha):
  1875. - When directory authorities read a zero-byte bandwidth file, they
  1876. would previously log a warning with the contents of an
  1877. uninitialised buffer. They now log a warning about the empty file
  1878. instead. Fixes bug 26007; bugfix on 0.2.2.1-alpha.
  1879. o Major bugfixes (onion service, backport from 0.3.4.1-alpha):
  1880. - Correctly detect when onion services get disabled after HUP. Fixes
  1881. bug 25761; bugfix on 0.3.2.1.
  1882. o Minor features (sandbox, backport from 0.3.3.4-alpha):
  1883. - Explicitly permit the poll() system call when the Linux
  1884. seccomp2-based sandbox is enabled: apparently, some versions of
  1885. libc use poll() when calling getpwnam(). Closes ticket 25313.
  1886. o Minor feature (continuous integration, backport from 0.3.3.5-rc):
  1887. - Update the Travis CI configuration to use the stable Rust channel,
  1888. now that we have decided to require that. Closes ticket 25714.
  1889. o Minor features (continuous integration, backport from 0.3.4.1-alpha):
  1890. - Our .travis.yml configuration now includes support for testing the
  1891. results of "make distcheck". (It's not uncommon for "make check"
  1892. to pass but "make distcheck" to fail.) Closes ticket 25814.
  1893. - Our Travis CI configuration now integrates with the Coveralls
  1894. coverage analysis tool. Closes ticket 25818.
  1895. o Minor features (relay, diagnostic, backport from 0.3.4.3-alpha):
  1896. - Add several checks to detect whether Tor relays are uploading
  1897. their descriptors without specifying why they regenerated them.
  1898. Diagnostic for ticket 25686.
  1899. o Minor features (compilation, backport from 0.3.4.4-rc):
  1900. - When building Tor, prefer to use Python 3 over Python 2, and more
  1901. recent (contemplated) versions over older ones. Closes
  1902. ticket 26372.
  1903. o Minor features (geoip):
  1904. - Update geoip and geoip6 to the July 3 2018 Maxmind GeoLite2
  1905. Country database. Closes ticket 26674.
  1906. o Minor bugfixes (correctness, client, backport from 0.3.4.1-alpha):
  1907. - Upon receiving a malformed connected cell, stop processing the
  1908. cell immediately. Previously we would mark the connection for
  1909. close, but continue processing the cell as if the connection were
  1910. open. Fixes bug 26072; bugfix on 0.2.4.7-alpha.
  1911. o Minor bugfixes (Linux seccomp2 sandbox, backport from 0.3.4.1-alpha):
  1912. - Allow the nanosleep() system call, which glibc uses to implement
  1913. sleep() and usleep(). Fixes bug 24969; bugfix on 0.2.5.1-alpha.
  1914. o Minor bugfixes (testing, compatibility, backport from 0.3.4.4-rc):
  1915. - When running the hs_ntor_ref.py test, make sure only to pass
  1916. strings (rather than "bytes" objects) to the Python subprocess
  1917. module. Python 3 on Windows seems to require this. Fixes bug
  1918. 26535; bugfix on 0.3.1.1-alpha.
  1919. - When running the ntor_ref.py test, make sure only to pass strings
  1920. (rather than "bytes" objects) to the Python subprocess module.
  1921. Python 3 on Windows seems to require this. Fixes bug 26535; bugfix
  1922. on 0.2.5.5-alpha.
  1923. o Minor bugfixes (compatibility, openssl, backport from 0.3.4.2-alpha):
  1924. - Work around a change in OpenSSL 1.1.1 where return values that
  1925. would previously indicate "no password" now indicate an empty
  1926. password. Without this workaround, Tor instances running with
  1927. OpenSSL 1.1.1 would accept descriptors that other Tor instances
  1928. would reject. Fixes bug 26116; bugfix on 0.2.5.16.
  1929. o Minor bugfixes (documentation, backport from 0.3.3.5-rc):
  1930. - Document that the PerConnBW{Rate,Burst} options will fall back to
  1931. their corresponding consensus parameters only if those parameters
  1932. are set. Previously we had claimed that these values would always
  1933. be set in the consensus. Fixes bug 25296; bugfix on 0.2.2.7-alpha.
  1934. o Minor bugfixes (compilation, backport from 0.3.4.4-rc):
  1935. - Fix a compilation warning on some versions of GCC when building
  1936. code that calls routerinfo_get_my_routerinfo() twice, assuming
  1937. that the second call will succeed if the first one did. Fixes bug
  1938. 26269; bugfix on 0.2.8.2-alpha.
  1939. o Minor bugfixes (client, backport from 0.3.4.1-alpha):
  1940. - Don't consider Tor running as a client if the ControlPort is open,
  1941. but no actual client ports are open. Fixes bug 26062; bugfix
  1942. on 0.2.9.4-alpha.
  1943. o Minor bugfixes (hardening, backport from 0.3.4.2-alpha):
  1944. - Prevent a possible out-of-bounds smartlist read in
  1945. protover_compute_vote(). Fixes bug 26196; bugfix on 0.2.9.4-alpha.
  1946. o Minor bugfixes (C correctness, backport from 0.3.3.4-alpha):
  1947. - Fix a very unlikely (impossible, we believe) null pointer
  1948. dereference. Fixes bug 25629; bugfix on 0.2.9.15. Found by
  1949. Coverity; this is CID 1430932.
  1950. o Minor bugfixes (onion service, backport from 0.3.4.1-alpha):
  1951. - Fix a memory leak when a v3 onion service is configured and gets a
  1952. SIGHUP signal. Fixes bug 25901; bugfix on 0.3.2.1-alpha.
  1953. - When parsing the descriptor signature, look for the token plus an
  1954. extra white-space at the end. This is more correct but also will
  1955. allow us to support new fields that might start with "signature".
  1956. Fixes bug 26069; bugfix on 0.3.0.1-alpha.
  1957. o Minor bugfixes (relay, backport from 0.3.4.3-alpha):
  1958. - Relays now correctly block attempts to re-extend to the previous
  1959. relay by Ed25519 identity. Previously they would warn in this
  1960. case, but not actually reject the attempt. Fixes bug 26158; bugfix
  1961. on 0.3.0.1-alpha.
  1962. o Minor bugfixes (relay, crash, backport from 0.3.4.1-alpha):
  1963. - Avoid a crash when running with DirPort set but ORPort turned off.
  1964. Fixes a case of bug 23693; bugfix on 0.3.1.1-alpha.
  1965. o Minor bugfixes (compilation, backport from 0.3.4.2-alpha):
  1966. - Silence unused-const-variable warnings in zstd.h with some GCC
  1967. versions. Fixes bug 26272; bugfix on 0.3.1.1-alpha.
  1968. o Minor bugfixes (testing, backport from 0.3.3.4-alpha):
  1969. - Avoid intermittent test failures due to a test that had relied on
  1970. onion service introduction point creation finishing within 5
  1971. seconds of real clock time. Fixes bug 25450; bugfix
  1972. on 0.3.1.3-alpha.
  1973. o Minor bugfixes (compilation, backport from 0.3.3.4-alpha):
  1974. - Fix a C99 compliance issue in our configuration script that caused
  1975. compilation issues when compiling Tor with certain versions of
  1976. xtools. Fixes bug 25474; bugfix on 0.3.2.5-alpha.
  1977. o Minor bugfixes (memory, correctness, backport from 0.3.4.4-rc):
  1978. - Fix a number of small memory leaks identified by coverity. Fixes
  1979. bug 26467; bugfix on numerous Tor versions.
  1980. o Code simplification and refactoring (backport from 0.3.3.5-rc):
  1981. - Move the list of default directory authorities to its own file.
  1982. Closes ticket 24854. Patch by "beastr0".
  1983. Changes in version 0.2.9.16 - 2018-07-13
  1984. Tor 0.2.9.16 moves to a new bridge authority, meaning people running
  1985. bridge relays should upgrade. We also take this opportunity to backport
  1986. other minor fixes.
  1987. o Directory authority changes:
  1988. - The "Bifroest" bridge authority has been retired; the new bridge
  1989. authority is "Serge", and it is operated by George from the
  1990. TorBSD project. Closes ticket 26771.
  1991. o Directory authority changes (backport from 0.3.3.7):
  1992. - Add an IPv6 address for the "dannenberg" directory authority.
  1993. Closes ticket 26343.
  1994. o Major bugfixes (directory authorities, backport from 0.3.4.1-alpha):
  1995. - When directory authorities read a zero-byte bandwidth file, they
  1996. would previously log a warning with the contents of an
  1997. uninitialised buffer. They now log a warning about the empty file
  1998. instead. Fixes bug 26007; bugfix on 0.2.2.1-alpha.
  1999. o Minor features (sandbox, backport from 0.3.3.4-alpha):
  2000. - Explicitly permit the poll() system call when the Linux
  2001. seccomp2-based sandbox is enabled: apparently, some versions of
  2002. libc use poll() when calling getpwnam(). Closes ticket 25313.
  2003. o Minor features (continuous integration, backport from 0.3.4.1-alpha):
  2004. - Our .travis.yml configuration now includes support for testing the
  2005. results of "make distcheck". (It's not uncommon for "make check"
  2006. to pass but "make distcheck" to fail.) Closes ticket 25814.
  2007. - Our Travis CI configuration now integrates with the Coveralls
  2008. coverage analysis tool. Closes ticket 25818.
  2009. o Minor features (compilation, backport from 0.3.4.4-rc):
  2010. - When building Tor, prefer to use Python 3 over Python 2, and more
  2011. recent (contemplated) versions over older ones. Closes
  2012. ticket 26372.
  2013. o Minor features (geoip):
  2014. - Update geoip and geoip6 to the July 3 2018 Maxmind GeoLite2
  2015. Country database. Closes ticket 26674.
  2016. o Minor bugfixes (correctness, client, backport from 0.3.4.1-alpha):
  2017. - Upon receiving a malformed connected cell, stop processing the
  2018. cell immediately. Previously we would mark the connection for
  2019. close, but continue processing the cell as if the connection were
  2020. open. Fixes bug 26072; bugfix on 0.2.4.7-alpha.
  2021. o Minor bugfixes (Linux seccomp2 sandbox, backport from 0.3.4.1-alpha):
  2022. - Allow the nanosleep() system call, which glibc uses to implement
  2023. sleep() and usleep(). Fixes bug 24969; bugfix on 0.2.5.1-alpha.
  2024. o Minor bugfixes (testing, compatibility, backport from 0.3.4.4-rc):
  2025. - When running the ntor_ref.py test, make sure only to pass strings
  2026. (rather than "bytes" objects) to the Python subprocess module.
  2027. Python 3 on Windows seems to require this. Fixes bug 26535; bugfix
  2028. on 0.2.5.5-alpha.
  2029. o Minor bugfixes (compatibility, openssl, backport from 0.3.4.2-alpha):
  2030. - Work around a change in OpenSSL 1.1.1 where return values that
  2031. would previously indicate "no password" now indicate an empty
  2032. password. Without this workaround, Tor instances running with
  2033. OpenSSL 1.1.1 would accept descriptors that other Tor instances
  2034. would reject. Fixes bug 26116; bugfix on 0.2.5.16.
  2035. o Minor bugfixes (compilation, backport from 0.3.4.4-rc):
  2036. - Fix a compilation warning on some versions of GCC when building
  2037. code that calls routerinfo_get_my_routerinfo() twice, assuming
  2038. that the second call will succeed if the first one did. Fixes bug
  2039. 26269; bugfix on 0.2.8.2-alpha.
  2040. o Minor bugfixes (client, backport from 0.3.4.1-alpha):
  2041. - Don't consider Tor running as a client if the ControlPort is open,
  2042. but no actual client ports are open. Fixes bug 26062; bugfix
  2043. on 0.2.9.4-alpha.
  2044. o Minor bugfixes (hardening, backport from 0.3.4.2-alpha):
  2045. - Prevent a possible out-of-bounds smartlist read in
  2046. protover_compute_vote(). Fixes bug 26196; bugfix on 0.2.9.4-alpha.
  2047. o Minor bugfixes (C correctness, backport from 0.3.3.4-alpha):
  2048. - Fix a very unlikely (impossible, we believe) null pointer
  2049. dereference. Fixes bug 25629; bugfix on 0.2.9.15. Found by
  2050. Coverity; this is CID 1430932.
  2051. o Minor bugfixes (memory, correctness, backport from 0.3.4.4-rc):
  2052. - Fix a number of small memory leaks identified by coverity. Fixes
  2053. bug 26467; bugfix on numerous Tor versions.
  2054. o Code simplification and refactoring (backport from 0.3.3.5-rc):
  2055. - Move the list of default directory authorities to its own file.
  2056. Closes ticket 24854. Patch by "beastr0".
  2057. Changes in version 0.3.3.8 - 2018-07-09
  2058. Tor 0.3.3.8 backports several changes from the 0.3.4.x series, including
  2059. fixes for a memory leak affecting directory authorities.
  2060. o Major bugfixes (directory authority, backport from 0.3.4.3-alpha):
  2061. - Stop leaking memory on directory authorities when planning to
  2062. vote. This bug was crashing authorities by exhausting their
  2063. memory. Fixes bug 26435; bugfix on 0.3.3.6.
  2064. o Major bugfixes (rust, testing, backport from 0.3.4.3-alpha):
  2065. - Make sure that failing tests in Rust will actually cause the build
  2066. to fail: previously, they were ignored. Fixes bug 26258; bugfix
  2067. on 0.3.3.4-alpha.
  2068. o Minor features (compilation, backport from 0.3.4.4-rc):
  2069. - When building Tor, prefer to use Python 3 over Python 2, and more
  2070. recent (contemplated) versions over older ones. Closes
  2071. ticket 26372.
  2072. o Minor features (geoip):
  2073. - Update geoip and geoip6 to the July 3 2018 Maxmind GeoLite2
  2074. Country database. Closes ticket 26674.
  2075. o Minor features (relay, diagnostic, backport from 0.3.4.3-alpha):
  2076. - Add several checks to detect whether Tor relays are uploading
  2077. their descriptors without specifying why they regenerated them.
  2078. Diagnostic for ticket 25686.
  2079. o Minor bugfixes (circuit path selection, backport from 0.3.4.1-alpha):
  2080. - Don't count path selection failures as circuit build failures.
  2081. This change should eliminate cases where Tor blames its guard or
  2082. the network for situations like insufficient microdescriptors
  2083. and/or overly restrictive torrc settings. Fixes bug 25705; bugfix
  2084. on 0.3.3.1-alpha.
  2085. o Minor bugfixes (compilation, backport from 0.3.4.4-rc):
  2086. - Fix a compilation warning on some versions of GCC when building
  2087. code that calls routerinfo_get_my_routerinfo() twice, assuming
  2088. that the second call will succeed if the first one did. Fixes bug
  2089. 26269; bugfix on 0.2.8.2-alpha.
  2090. o Minor bugfixes (control port, backport from 0.3.4.4-rc):
  2091. - Handle the HSADDRESS= argument to the HSPOST command properly.
  2092. (Previously, this argument was misparsed and thus ignored.) Fixes
  2093. bug 26523; bugfix on 0.3.3.1-alpha. Patch by "akwizgran".
  2094. o Minor bugfixes (memory, correctness, backport from 0.3.4.4-rc):
  2095. - Fix a number of small memory leaks identified by coverity. Fixes
  2096. bug 26467; bugfix on numerous Tor versions.
  2097. o Minor bugfixes (relay, backport from 0.3.4.3-alpha):
  2098. - Relays now correctly block attempts to re-extend to the previous
  2099. relay by Ed25519 identity. Previously they would warn in this
  2100. case, but not actually reject the attempt. Fixes bug 26158; bugfix
  2101. on 0.3.0.1-alpha.
  2102. o Minor bugfixes (restart-in-process, backport from 0.3.4.1-alpha):
  2103. - When shutting down, Tor now clears all the flags in the control.c
  2104. module. This should prevent a bug where authentication cookies are
  2105. not generated on restart. Fixes bug 25512; bugfix on 0.3.3.1-alpha.
  2106. o Minor bugfixes (testing, compatibility, backport from 0.3.4.4-rc):
  2107. - When running the hs_ntor_ref.py test, make sure only to pass
  2108. strings (rather than "bytes" objects) to the Python subprocess
  2109. module. Python 3 on Windows seems to require this. Fixes bug
  2110. 26535; bugfix on 0.3.1.1-alpha.
  2111. - When running the ntor_ref.py test, make sure only to pass strings
  2112. (rather than "bytes" objects) to the Python subprocess module.
  2113. Python 3 on Windows seems to require this. Fixes bug 26535; bugfix
  2114. on 0.2.5.5-alpha.
  2115. Changes in version 0.3.3.7 - 2018-06-12
  2116. Tor 0.3.3.7 backports several changes from the 0.3.4.x series, including
  2117. fixes for bugs affecting compatibility and stability.
  2118. o Directory authority changes:
  2119. - Add an IPv6 address for the "dannenberg" directory authority.
  2120. Closes ticket 26343.
  2121. o Minor features (geoip):
  2122. - Update geoip and geoip6 to the June 7 2018 Maxmind GeoLite2
  2123. Country database. Closes ticket 26351.
  2124. o Minor bugfixes (compatibility, openssl, backport from 0.3.4.2-alpha):
  2125. - Work around a change in OpenSSL 1.1.1 where return values that
  2126. would previously indicate "no password" now indicate an empty
  2127. password. Without this workaround, Tor instances running with
  2128. OpenSSL 1.1.1 would accept descriptors that other Tor instances
  2129. would reject. Fixes bug 26116; bugfix on 0.2.5.16.
  2130. o Minor bugfixes (compilation, backport from 0.3.4.2-alpha):
  2131. - Silence unused-const-variable warnings in zstd.h with some GCC
  2132. versions. Fixes bug 26272; bugfix on 0.3.1.1-alpha.
  2133. o Minor bugfixes (controller, backport from 0.3.4.2-alpha):
  2134. - Improve accuracy of the BUILDTIMEOUT_SET control port event's
  2135. TIMEOUT_RATE and CLOSE_RATE fields. (We were previously
  2136. miscounting the total number of circuits for these field values.)
  2137. Fixes bug 26121; bugfix on 0.3.3.1-alpha.
  2138. o Minor bugfixes (hardening, backport from 0.3.4.2-alpha):
  2139. - Prevent a possible out-of-bounds smartlist read in
  2140. protover_compute_vote(). Fixes bug 26196; bugfix on 0.2.9.4-alpha.
  2141. o Minor bugfixes (path selection, backport from 0.3.4.1-alpha):
  2142. - Only select relays when they have the descriptors we prefer to use
  2143. for them. This change fixes a bug where we could select a relay
  2144. because it had _some_ descriptor, but reject it later with a
  2145. nonfatal assertion error because it didn't have the exact one we
  2146. wanted. Fixes bugs 25691 and 25692; bugfix on 0.3.3.4-alpha.
  2147. Changes in version 0.3.3.6 - 2018-05-22
  2148. Tor 0.3.3.6 is the first stable release in the 0.3.3 series. It
  2149. backports several important fixes from the 0.3.4.1-alpha.
  2150. The Tor 0.3.3 series includes controller support and other
  2151. improvements for v3 onion services, official support for embedding Tor
  2152. within other applications, and our first non-trivial module written in
  2153. the Rust programming language. (Rust is still not enabled by default
  2154. when building Tor.) And as usual, there are numerous other smaller
  2155. bugfixes, features, and improvements.
  2156. Below are the changes since 0.3.2.10. For a list of only the changes
  2157. since 0.3.3.5-rc, see the ChangeLog file.
  2158. o New system requirements:
  2159. - When built with Rust, Tor now depends on version 0.2.39 of the
  2160. libc crate. Closes tickets 25310 and 25664.
  2161. o Major features (embedding):
  2162. - There is now a documented stable API for programs that need to
  2163. embed Tor. See tor_api.h for full documentation and known bugs.
  2164. Closes ticket 23684.
  2165. - Tor now has support for restarting in the same process.
  2166. Controllers that run Tor using the "tor_api.h" interface can now
  2167. restart Tor after Tor has exited. This support is incomplete,
  2168. however: we fixed crash bugs that prevented it from working at
  2169. all, but many bugs probably remain, including a possibility of
  2170. security issues. Implements ticket 24581.
  2171. o Major features (IPv6, directory documents):
  2172. - Add consensus method 27, which adds IPv6 ORPorts to the microdesc
  2173. consensus. This information makes it easier for IPv6 clients to
  2174. bootstrap and choose reachable entry guards. Implements
  2175. ticket 23826.
  2176. - Add consensus method 28, which removes IPv6 ORPorts from
  2177. microdescriptors. Now that the consensus contains IPv6 ORPorts,
  2178. they are redundant in microdescs. This change will be used by Tor
  2179. clients on 0.2.8.x and later. (That is to say, with all Tor
  2180. clients that have IPv6 bootstrap and guard support.) Implements
  2181. ticket 23828.
  2182. - Expand the documentation for AuthDirHasIPv6Connectivity when it is
  2183. set by different numbers of authorities. Fixes 23870
  2184. on 0.2.4.1-alpha.
  2185. o Major features (onion service v3, control port):
  2186. - The control port now supports commands and events for v3 onion
  2187. services. It is now possible to create ephemeral v3 services using
  2188. ADD_ONION. Additionally, several events (HS_DESC, HS_DESC_CONTENT,
  2189. CIRC and CIRC_MINOR) and commands (GETINFO, HSPOST, ADD_ONION and
  2190. DEL_ONION) have been extended to support v3 onion services. Closes
  2191. ticket 20699; implements proposal 284.
  2192. o Major features (onion services):
  2193. - Provide torrc options to pin the second and third hops of onion
  2194. service circuits to a list of nodes. The option HSLayer2Guards
  2195. pins the second hop, and the option HSLayer3Guards pins the third
  2196. hop. These options are for use in conjunction with experiments
  2197. with "vanguards" for preventing guard enumeration attacks. Closes
  2198. ticket 13837.
  2199. - When v3 onion service clients send introduce cells, they now
  2200. include the IPv6 address of the rendezvous point, if it has one.
  2201. Current v3 onion services running 0.3.2 ignore IPv6 addresses, but
  2202. in future Tor versions, IPv6-only v3 single onion services will be
  2203. able to use IPv6 addresses to connect directly to the rendezvous
  2204. point. Closes ticket 23577. Patch by Neel Chauhan.
  2205. o Major features (relay):
  2206. - Implement an option, ReducedExitPolicy, to allow an Tor exit relay
  2207. operator to use a more reasonable ("reduced") exit policy, rather
  2208. than the default one. If you want to run an exit node without
  2209. thinking too hard about which ports to allow, this one is for you.
  2210. Closes ticket 13605. Patch from Neel Chauhan.
  2211. o Major features (rust, portability, experimental):
  2212. - Tor now ships with an optional implementation of one of its
  2213. smaller modules (protover.c) in the Rust programming language. To
  2214. try it out, install a Rust build environment, and configure Tor
  2215. with "--enable-rust --enable-cargo-online-mode". This should not
  2216. cause any user-visible changes, but should help us gain more
  2217. experience with Rust, and plan future Rust integration work.
  2218. Implementation by Chelsea Komlo. Closes ticket 22840.
  2219. o Major bugfixes (directory authorities, security, backport from 0.3.4.1-alpha):
  2220. - When directory authorities read a zero-byte bandwidth file, they
  2221. would previously log a warning with the contents of an
  2222. uninitialised buffer. They now log a warning about the empty file
  2223. instead. Fixes bug 26007; bugfix on 0.2.2.1-alpha.
  2224. o Major bugfixes (security, directory authority, denial-of-service):
  2225. - Fix a bug that could have allowed an attacker to force a directory
  2226. authority to use up all its RAM by passing it a maliciously
  2227. crafted protocol versions string. Fixes bug 25517; bugfix on
  2228. 0.2.9.4-alpha. This issue is also tracked as TROVE-2018-005.
  2229. o Major bugfixes (crash, backport from 0.3.4.1-alpha):
  2230. - Avoid a rare assertion failure in the circuit build timeout code
  2231. if we fail to allow any circuits to actually complete. Fixes bug
  2232. 25733; bugfix on 0.2.2.2-alpha.
  2233. o Major bugfixes (netflow padding):
  2234. - Stop adding unneeded channel padding right after we finish
  2235. flushing to a connection that has been trying to flush for many
  2236. seconds. Instead, treat all partial or complete flushes as
  2237. activity on the channel, which will defer the time until we need
  2238. to add padding. This fix should resolve confusing and scary log
  2239. messages like "Channel padding timeout scheduled 221453ms in the
  2240. past." Fixes bug 22212; bugfix on 0.3.1.1-alpha.
  2241. o Major bugfixes (networking):
  2242. - Tor will no longer reject IPv6 address strings from Tor Browser
  2243. when they are passed as hostnames in SOCKS5 requests. Fixes bug
  2244. 25036, bugfix on Tor 0.3.1.2.
  2245. o Major bugfixes (onion service, backport from 0.3.4.1-alpha):
  2246. - Correctly detect when onion services get disabled after HUP. Fixes
  2247. bug 25761; bugfix on 0.3.2.1.
  2248. o Major bugfixes (performance, load balancing):
  2249. - Directory authorities no longer vote in favor of the Guard flag
  2250. for relays without directory support. Starting in Tor
  2251. 0.3.0.1-alpha, clients have been avoiding using such relays in the
  2252. Guard position, leading to increasingly broken load balancing for
  2253. the 5%-or-so of Guards that don't advertise directory support.
  2254. Fixes bug 22310; bugfix on 0.3.0.6.
  2255. o Major bugfixes (relay):
  2256. - If we have failed to connect to a relay and received a connection
  2257. refused, timeout, or similar error (at the TCP level), do not try
  2258. that same address/port again for 60 seconds after the failure has
  2259. occurred. Fixes bug 24767; bugfix on 0.0.6.
  2260. o Major bugfixes (relay, denial of service, backport from 0.3.4.1-alpha):
  2261. - Impose a limit on circuit cell queue size. The limit can be
  2262. controlled by a consensus parameter. Fixes bug 25226; bugfix
  2263. on 0.2.4.14-alpha.
  2264. o Minor features (cleanup):
  2265. - Tor now deletes the CookieAuthFile and ExtORPortCookieAuthFile
  2266. when it stops. Closes ticket 23271.
  2267. o Minor features (compatibility, backport from 0.3.4.1-alpha):
  2268. - Avoid some compilation warnings with recent versions of LibreSSL.
  2269. Closes ticket 26006.
  2270. o Minor features (config options):
  2271. - Change the way the default value for MaxMemInQueues is calculated.
  2272. We now use 40% of the hardware RAM if the system has 8 GB RAM or
  2273. more. Otherwise we use the former value of 75%. Closes
  2274. ticket 24782.
  2275. o Minor features (continuous integration):
  2276. - Update the Travis CI configuration to use the stable Rust channel,
  2277. now that we have decided to require that. Closes ticket 25714.
  2278. o Minor features (continuous integration, backport from 0.3.4.1-alpha):
  2279. - Our .travis.yml configuration now includes support for testing the
  2280. results of "make distcheck". (It's not uncommon for "make check"
  2281. to pass but "make distcheck" to fail.) Closes ticket 25814.
  2282. - Our Travis CI configuration now integrates with the Coveralls
  2283. coverage analysis tool. Closes ticket 25818.
  2284. o Minor features (defensive programming):
  2285. - Most of the functions in Tor that free objects have been replaced
  2286. with macros that free the objects and set the corresponding
  2287. pointers to NULL. This change should help prevent a large class of
  2288. dangling pointer bugs. Closes ticket 24337.
  2289. - Where possible, the tor_free() macro now only evaluates its input
  2290. once. Part of ticket 24337.
  2291. - Check that microdesc ed25519 ids are non-zero in
  2292. node_get_ed25519_id() before returning them. Implements ticket
  2293. 24001, patch by "aruna1234".
  2294. o Minor features (directory authority):
  2295. - When directory authorities are unable to add signatures to a
  2296. pending consensus, log the reason why. Closes ticket 24849.
  2297. o Minor features (embedding):
  2298. - Tor can now start with a preauthenticated control connection
  2299. created by the process that launched it. This feature is meant for
  2300. use by programs that want to launch and manage a Tor process
  2301. without allowing other programs to manage it as well. For more
  2302. information, see the __OwningControllerFD option documented in
  2303. control-spec.txt. Closes ticket 23900.
  2304. - On most errors that would cause Tor to exit, it now tries to
  2305. return from the tor_main() function, rather than calling the
  2306. system exit() function. Most users won't notice a difference here,
  2307. but it should be significant for programs that run Tor inside a
  2308. separate thread: they should now be able to survive Tor's exit
  2309. conditions rather than having Tor shut down the entire process.
  2310. Closes ticket 23848.
  2311. - Applications that want to embed Tor can now tell Tor not to
  2312. register any of its own POSIX signal handlers, using the
  2313. __DisableSignalHandlers option. Closes ticket 24588.
  2314. o Minor features (fallback directory list):
  2315. - Avoid selecting fallbacks that change their IP addresses too
  2316. often. Select more fallbacks by ignoring the Guard flag, and
  2317. allowing lower cutoffs for the Running and V2Dir flags. Also allow
  2318. a lower bandwidth, and a higher number of fallbacks per operator
  2319. (5% of the list). Implements ticket 24785.
  2320. - Update the fallback whitelist and blacklist based on opt-ins and
  2321. relay changes. Closes tickets 22321, 24678, 22527, 24135,
  2322. and 24695.
  2323. o Minor features (fallback directory mirror configuration):
  2324. - Add a nickname to each fallback in a C comment. This makes it
  2325. easier for operators to find their relays, and allows stem to use
  2326. nicknames to identify fallbacks. Implements ticket 24600.
  2327. - Add a type and version header to the fallback directory mirror
  2328. file. Also add a delimiter to the end of each fallback entry. This
  2329. helps external parsers like stem and Relay Search. Implements
  2330. ticket 24725.
  2331. - Add an extrainfo cache flag for each fallback in a C comment. This
  2332. allows stem to use fallbacks to fetch extra-info documents, rather
  2333. than using authorities. Implements ticket 22759.
  2334. - Add the generateFallbackDirLine.py script for automatically
  2335. generating fallback directory mirror lines from relay fingerprints.
  2336. No more typos! Add the lookupFallbackDirContact.py script for
  2337. automatically looking up operator contact info from relay
  2338. fingerprints. Implements ticket 24706, patch by teor and atagar.
  2339. - Reject any fallback directory mirror that serves an expired
  2340. consensus. Implements ticket 20942, patch by "minik".
  2341. - Remove commas and equals signs from external string inputs to the
  2342. fallback list. This avoids format confusion attacks. Implements
  2343. ticket 24726.
  2344. - Remove the "weight=10" line from fallback directory mirror
  2345. entries. Ticket 24681 will maintain the current fallback weights
  2346. by changing Tor's default fallback weight to 10. Implements
  2347. ticket 24679.
  2348. - Stop logging excessive information about fallback netblocks.
  2349. Implements ticket 24791.
  2350. o Minor features (forward-compatibility):
  2351. - If a relay supports some link authentication protocol that we do
  2352. not recognize, then include that relay's ed25519 key when telling
  2353. other relays to extend to it. Previously, we treated future
  2354. versions as if they were too old to support ed25519 link
  2355. authentication. Closes ticket 20895.
  2356. o Minor features (geoip):
  2357. - Update geoip and geoip6 to the May 1 2018 Maxmind GeoLite2 Country
  2358. database. Closes ticket 26104.
  2359. o Minor features (heartbeat):
  2360. - Add onion service information to our heartbeat logs, displaying
  2361. stats about the activity of configured onion services. Closes
  2362. ticket 24896.
  2363. o Minor features (instrumentation, development):
  2364. - Add the MainloopStats option to allow developers to get
  2365. instrumentation information from the main event loop via the
  2366. heartbeat messages. We hope to use this to improve Tor's behavior
  2367. when it's trying to sleep. Closes ticket 24605.
  2368. o Minor features (IPv6):
  2369. - Make IPv6-only clients wait for microdescs for relays, even if we
  2370. were previously using descriptors (or were using them as a bridge)
  2371. and have a cached descriptor for them. Implements ticket 23827.
  2372. - When a consensus has IPv6 ORPorts, make IPv6-only clients use
  2373. them, rather than waiting to download microdescriptors. Implements
  2374. ticket 23827.
  2375. o Minor features (log messages):
  2376. - Improve log message in the out-of-memory handler to include
  2377. information about memory usage from the different compression
  2378. backends. Closes ticket 25372.
  2379. - Improve a warning message that happens when we fail to re-parse an
  2380. old router because of an expired certificate. Closes ticket 20020.
  2381. - Make the log more quantitative when we hit MaxMemInQueues
  2382. threshold exposing some values. Closes ticket 24501.
  2383. o Minor features (logging):
  2384. - Clarify the log messages produced when getrandom() or a related
  2385. entropy-generation mechanism gives an error. Closes ticket 25120.
  2386. - Added support for the Android logging subsystem. Closes
  2387. ticket 24362.
  2388. o Minor features (performance):
  2389. - Support predictive circuit building for onion service circuits
  2390. with multiple layers of guards. Closes ticket 23101.
  2391. - Use stdatomic.h where available, rather than mutexes, to implement
  2392. atomic_counter_t. Closes ticket 23953.
  2393. o Minor features (performance, 32-bit):
  2394. - Improve performance on 32-bit systems by avoiding 64-bit division
  2395. when calculating the timestamp in milliseconds for channel padding
  2396. computations. Implements ticket 24613.
  2397. - Improve performance on 32-bit systems by avoiding 64-bit division
  2398. when timestamping cells and buffer chunks for OOM calculations.
  2399. Implements ticket 24374.
  2400. o Minor features (performance, OSX, iOS):
  2401. - Use the mach_approximate_time() function (when available) to
  2402. implement coarse monotonic time. Having a coarse time function
  2403. should avoid a large number of system calls, and improve
  2404. performance slightly, especially under load. Closes ticket 24427.
  2405. o Minor features (performance, windows):
  2406. - Improve performance on Windows Vista and Windows 7 by adjusting
  2407. TCP send window size according to the recommendation from
  2408. SIO_IDEAL_SEND_BACKLOG_QUERY. Closes ticket 22798. Patch
  2409. from Vort.
  2410. o Minor features (sandbox):
  2411. - Explicitly permit the poll() system call when the Linux
  2412. seccomp2-based sandbox is enabled: apparently, some versions of
  2413. libc use poll() when calling getpwnam(). Closes ticket 25313.
  2414. o Minor features (storage, configuration):
  2415. - Users can store cached directory documents somewhere other than
  2416. the DataDirectory by using the CacheDirectory option. Similarly,
  2417. the storage location for relay's keys can be overridden with the
  2418. KeyDirectory option. Closes ticket 22703.
  2419. o Minor features (testing):
  2420. - Add a "make test-rust" target to run the rust tests only. Closes
  2421. ticket 25071.
  2422. o Minor features (testing, debugging, embedding):
  2423. - For development purposes, Tor now has a mode in which it runs for
  2424. a few seconds, then stops, and starts again without exiting the
  2425. process. This mode is meant to help us debug various issues with
  2426. ticket 23847. To use this feature, compile with
  2427. --enable-restart-debugging, and set the TOR_DEBUG_RESTART
  2428. environment variable. This is expected to crash a lot, and is
  2429. really meant for developers only. It will likely be removed in a
  2430. future release. Implements ticket 24583.
  2431. o Minor bugfixes (build, rust):
  2432. - Fix output of autoconf checks to display success messages for Rust
  2433. dependencies and a suitable rustc compiler version. Fixes bug
  2434. 24612; bugfix on 0.3.1.3-alpha.
  2435. - Don't pass the --quiet option to cargo: it seems to suppress some
  2436. errors, which is not what we want to do when building. Fixes bug
  2437. 24518; bugfix on 0.3.1.7.
  2438. - Build correctly when building from outside Tor's source tree with
  2439. the TOR_RUST_DEPENDENCIES option set. Fixes bug 22768; bugfix
  2440. on 0.3.1.7.
  2441. o Minor bugfixes (C correctness):
  2442. - Fix a very unlikely (impossible, we believe) null pointer
  2443. dereference. Fixes bug 25629; bugfix on 0.2.9.15. Found by
  2444. Coverity; this is CID 1430932.
  2445. o Minor bugfixes (channel, client):
  2446. - Better identify client connection when reporting to the geoip
  2447. client cache. Fixes bug 24904; bugfix on 0.3.1.7.
  2448. o Minor bugfixes (circuit, cannibalization):
  2449. - Don't cannibalize preemptively-built circuits if we no longer
  2450. recognize their first hop. This situation can happen if our Guard
  2451. relay went off the consensus after the circuit was created. Fixes
  2452. bug 24469; bugfix on 0.0.6.
  2453. o Minor bugfixes (client, backport from 0.3.4.1-alpha):
  2454. - Don't consider Tor running as a client if the ControlPort is open,
  2455. but no actual client ports are open. Fixes bug 26062; bugfix
  2456. on 0.2.9.4-alpha.
  2457. o Minor bugfixes (compilation):
  2458. - Fix a C99 compliance issue in our configuration script that caused
  2459. compilation issues when compiling Tor with certain versions of
  2460. xtools. Fixes bug 25474; bugfix on 0.3.2.5-alpha.
  2461. o Minor bugfixes (controller):
  2462. - Restore the correct operation of the RESOLVE command, which had
  2463. been broken since we added the ability to enable/disable DNS on
  2464. specific listener ports. Fixes bug 25617; bugfix on 0.2.9.3-alpha.
  2465. - Avoid a (nonfatal) assertion failure when extending a one-hop
  2466. circuit from the controller to become a multihop circuit. Fixes
  2467. bug 24903; bugfix on 0.2.5.2-alpha.
  2468. o Minor bugfixes (correctness):
  2469. - Remove a nonworking, unnecessary check to see whether a circuit
  2470. hop's identity digest was set when the circuit failed. Fixes bug
  2471. 24927; bugfix on 0.2.4.4-alpha.
  2472. o Minor bugfixes (correctness, client, backport from 0.3.4.1-alpha):
  2473. - Upon receiving a malformed connected cell, stop processing the
  2474. cell immediately. Previously we would mark the connection for
  2475. close, but continue processing the cell as if the connection were
  2476. open. Fixes bug 26072; bugfix on 0.2.4.7-alpha.
  2477. o Minor bugfixes (directory authorities, IPv6):
  2478. - When creating a routerstatus (vote) from a routerinfo (descriptor),
  2479. set the IPv6 address to the unspecified IPv6 address, and
  2480. explicitly initialize the port to zero. Fixes bug 24488; bugfix
  2481. on 0.2.4.1-alpha.
  2482. o Minor bugfixes (documentation):
  2483. - Document that the PerConnBW{Rate,Burst} options will fall back to
  2484. their corresponding consensus parameters only if those parameters
  2485. are set. Previously we had claimed that these values would always
  2486. be set in the consensus. Fixes bug 25296; bugfix on 0.2.2.7-alpha.
  2487. o Minor bugfixes (documentation, backport from 0.3.4.1-alpha):
  2488. - Stop saying in the manual that clients cache ipv4 dns answers from
  2489. exit relays. We haven't used them since 0.2.6.3-alpha, and in
  2490. ticket 24050 we stopped even caching them as of 0.3.2.6-alpha, but
  2491. we forgot to say so in the man page. Fixes bug 26052; bugfix
  2492. on 0.3.2.6-alpha.
  2493. o Minor bugfixes (exit relay DNS retries):
  2494. - Re-attempt timed-out DNS queries 3 times before failure, since our
  2495. timeout is 5 seconds for them, but clients wait 10-15. Also allow
  2496. slightly more timeouts per resolver when an exit has multiple
  2497. resolvers configured. Fixes bug 21394; bugfix on 0.3.1.9.
  2498. o Minor bugfixes (fallback directory mirrors):
  2499. - Make updateFallbackDirs.py search harder for python. (Some OSs
  2500. don't put it in /usr/bin.) Fixes bug 24708; bugfix
  2501. on 0.2.8.1-alpha.
  2502. o Minor bugfixes (hibernation, bandwidth accounting, shutdown):
  2503. - When hibernating, close connections normally and allow them to
  2504. flush. Fixes bug 23571; bugfix on 0.2.4.7-alpha. Also fixes
  2505. bug 7267.
  2506. - Do not attempt to launch self-reachability tests when entering
  2507. hibernation. Fixes a case of bug 12062; bugfix on 0.0.9pre5.
  2508. - Resolve several bugs related to descriptor fetching on bridge
  2509. clients with bandwidth accounting enabled. (This combination is
  2510. not recommended!) Fixes a case of bug 12062; bugfix
  2511. on 0.2.0.3-alpha.
  2512. - When hibernating, do not attempt to launch DNS checks. Fixes a
  2513. case of bug 12062; bugfix on 0.1.2.2-alpha.
  2514. - When hibernating, do not try to upload or download descriptors.
  2515. Fixes a case of bug 12062; bugfix on 0.0.9pre5.
  2516. o Minor bugfixes (IPv6, bridges):
  2517. - Tor now always sets IPv6 preferences for bridges. Fixes bug 24573;
  2518. bugfix on 0.2.8.2-alpha.
  2519. - Tor now sets IPv6 address in the routerstatus as well as in the
  2520. router descriptors when updating addresses for a bridge. Closes
  2521. ticket 24572; bugfix on 0.2.4.5-alpha. Patch by "ffmancera".
  2522. o Minor bugfixes (Linux seccomp2 sandbox):
  2523. - When running with the sandbox enabled, reload configuration files
  2524. correctly even when %include was used. Previously we would crash.
  2525. Fixes bug 22605; bugfix on 0.3.1. Patch from Daniel Pinto.
  2526. o Minor bugfixes (Linux seccomp2 sandbox, backport from 0.3.4.1-alpha):
  2527. - Allow the nanosleep() system call, which glibc uses to implement
  2528. sleep() and usleep(). Fixes bug 24969; bugfix on 0.2.5.1-alpha.
  2529. o Minor bugfixes (logging):
  2530. - Fix a (mostly harmless) race condition when invoking
  2531. LOG_PROTOCOL_WARN message from a subthread while the torrc options
  2532. are changing. Fixes bug 23954; bugfix on 0.1.1.9-alpha.
  2533. o Minor bugfixes (man page, SocksPort):
  2534. - Remove dead code from the old "SocksSocket" option, and rename
  2535. SocksSocketsGroupWritable to UnixSocksGroupWritable. The old
  2536. option still works, but is deprecated. Fixes bug 24343; bugfix
  2537. on 0.2.6.3.
  2538. o Minor bugfixes (memory leaks):
  2539. - Avoid possible at-exit memory leaks related to use of Libevent's
  2540. event_base_once() function. (This function tends to leak memory if
  2541. the event_base is closed before the event fires.) Fixes bug 24584;
  2542. bugfix on 0.2.8.1-alpha.
  2543. - Fix a harmless memory leak in tor-resolve. Fixes bug 24582; bugfix
  2544. on 0.2.1.1-alpha.
  2545. o Minor bugfixes (network IPv6 test):
  2546. - Tor's test scripts now check if "ping -6 ::1" works when the user
  2547. runs "make test-network-all". Fixes bug 24677; bugfix on
  2548. 0.2.9.3-alpha. Patch by "ffmancera".
  2549. o Minor bugfixes (networking):
  2550. - string_is_valid_hostname() will not consider IP strings to be
  2551. valid hostnames. Fixes bug 25055; bugfix on Tor 0.2.5.5.
  2552. o Minor bugfixes (onion service v3):
  2553. - Avoid an assertion failure when the next onion service descriptor
  2554. rotation type is out of sync with the consensus's valid-after
  2555. time. Instead, log a warning message with extra information, so we
  2556. can better hunt down the cause of this assertion. Fixes bug 25306;
  2557. bugfix on 0.3.2.1-alpha.
  2558. o Minor bugfixes (onion service, backport from 0.3.4.1-alpha):
  2559. - Fix a memory leak when a v3 onion service is configured and gets a
  2560. SIGHUP signal. Fixes bug 25901; bugfix on 0.3.2.1-alpha.
  2561. - When parsing the descriptor signature, look for the token plus an
  2562. extra white-space at the end. This is more correct but also will
  2563. allow us to support new fields that might start with "signature".
  2564. Fixes bug 26069; bugfix on 0.3.0.1-alpha.
  2565. o Minor bugfixes (onion services):
  2566. - If we are configured to offer a single onion service, don't log
  2567. long-term established one hop rendezvous points in the heartbeat.
  2568. Fixes bug 25116; bugfix on 0.2.9.6-rc.
  2569. o Minor bugfixes (performance):
  2570. - Reduce the number of circuits that will be opened at once during
  2571. the circuit build timeout phase. This is done by increasing the
  2572. idle timeout to 3 minutes, and lowering the maximum number of
  2573. concurrent learning circuits to 10. Fixes bug 24769; bugfix
  2574. on 0.3.1.1-alpha.
  2575. - Avoid calling protocol_list_supports_protocol() from inside tight
  2576. loops when running with cached routerinfo_t objects. Instead,
  2577. summarize the relevant protocols as flags in the routerinfo_t, as
  2578. we do for routerstatus_t objects. This change simplifies our code
  2579. a little, and saves a large amount of short-term memory allocation
  2580. operations. Fixes bug 25008; bugfix on 0.2.9.4-alpha.
  2581. o Minor bugfixes (performance, timeouts):
  2582. - Consider circuits for timeout as soon as they complete a hop. This
  2583. is more accurate than applying the timeout in
  2584. circuit_expire_building() because that function is only called
  2585. once per second, which is now too slow for typical timeouts on the
  2586. current network. Fixes bug 23114; bugfix on 0.2.2.2-alpha.
  2587. - Use onion service circuits (and other circuits longer than 3 hops)
  2588. to calculate a circuit build timeout. Previously, Tor only
  2589. calculated its build timeout based on circuits that planned to be
  2590. exactly 3 hops long. With this change, we include measurements
  2591. from all circuits at the point where they complete their third
  2592. hop. Fixes bug 23100; bugfix on 0.2.2.2-alpha.
  2593. o Minor bugfixes (relay, crash, backport from 0.3.4.1-alpha):
  2594. - Avoid a crash when running with DirPort set but ORPort turned off.
  2595. Fixes a case of bug 23693; bugfix on 0.3.1.1-alpha.
  2596. o Minor bugfixes (Rust FFI):
  2597. - Fix a minor memory leak which would happen whenever the C code
  2598. would call the Rust implementation of
  2599. protover_get_supported_protocols(). This was due to the C version
  2600. returning a static string, whereas the Rust version newly allocated
  2601. a CString to pass across the FFI boundary. Consequently, the C
  2602. code was not expecting to need to free() what it was given. Fixes
  2603. bug 25127; bugfix on 0.3.2.1-alpha.
  2604. o Minor bugfixes (spelling):
  2605. - Use the "misspell" tool to detect and fix typos throughout the
  2606. source code. Fixes bug 23650; bugfix on various versions of Tor.
  2607. Patch from Deepesh Pathak.
  2608. o Minor bugfixes (testing):
  2609. - Avoid intermittent test failures due to a test that had relied on
  2610. onion service introduction point creation finishing within 5
  2611. seconds of real clock time. Fixes bug 25450; bugfix
  2612. on 0.3.1.3-alpha.
  2613. - Give out Exit flags in bootstrapping networks. Fixes bug 24137;
  2614. bugfix on 0.2.3.1-alpha.
  2615. o Minor bugfixes (unit test, monotonic time):
  2616. - Increase a constant (1msec to 10msec) in the monotonic time test
  2617. that makes sure the nsec/usec/msec times read are synchronized.
  2618. This change was needed to accommodate slow systems like armel or
  2619. when the clock_gettime() is not a VDSO on the running kernel.
  2620. Fixes bug 25113; bugfix on 0.2.9.1.
  2621. o Code simplification and refactoring:
  2622. - Move the list of default directory authorities to its own file.
  2623. Closes ticket 24854. Patch by "beastr0".
  2624. - Remove the old (deterministic) directory retry logic entirely:
  2625. We've used exponential backoff exclusively for some time. Closes
  2626. ticket 23814.
  2627. - Remove the unused nodelist_recompute_all_hsdir_indices(). Closes
  2628. ticket 25108.
  2629. - Remove a series of counters used to track circuit extend attempts
  2630. and connection status but that in reality we aren't using for
  2631. anything other than stats logged by a SIGUSR1 signal. Closes
  2632. ticket 25163.
  2633. - Remove /usr/athena from search path in configure.ac. Closes
  2634. ticket 24363.
  2635. - Remove duplicate code in node_has_curve25519_onion_key() and
  2636. node_get_curve25519_onion_key(), and add a check for a zero
  2637. microdesc curve25519 onion key. Closes ticket 23966, patch by
  2638. "aruna1234" and teor.
  2639. - Rewrite channel_rsa_id_group_set_badness to reduce temporary
  2640. memory allocations with large numbers of OR connections (e.g.
  2641. relays). Closes ticket 24119.
  2642. - Separate the function that deletes ephemeral files when Tor
  2643. stops gracefully.
  2644. - Small changes to Tor's buf_t API to make it suitable for use as a
  2645. general-purpose safe string constructor. Closes ticket 22342.
  2646. - Switch -Wnormalized=id to -Wnormalized=nfkc in configure.ac to
  2647. avoid source code identifier confusion. Closes ticket 24467.
  2648. - The tor_git_revision[] constant no longer needs to be redeclared
  2649. by everything that links against the rest of Tor. Done as part of
  2650. ticket 23845, to simplify our external API.
  2651. - We make extend_info_from_node() use node_get_curve25519_onion_key()
  2652. introduced in ticket 23577 to access the curve25519 public keys
  2653. rather than accessing it directly. Closes ticket 23760. Patch by
  2654. Neel Chauhan.
  2655. - Add a function to log channels' scheduler state changes to aid
  2656. debugging efforts. Closes ticket 24531.
  2657. o Documentation:
  2658. - Improved the documentation of AccountingStart parameter. Closes
  2659. ticket 23635.
  2660. - Update the documentation for "Log" to include the current list of
  2661. logging domains. Closes ticket 25378.
  2662. - Add documentation on how to build tor with Rust dependencies
  2663. without having to be online. Closes ticket 22907; bugfix
  2664. on 0.3.0.3-alpha.
  2665. - Clarify the behavior of RelayBandwidth{Rate,Burst} with client
  2666. traffic. Closes ticket 24318.
  2667. - Document that OutboundBindAddress doesn't apply to DNS requests.
  2668. Closes ticket 22145. Patch from Aruna Maurya.
  2669. o Code simplification and refactoring (channels):
  2670. - Remove the incoming and outgoing channel queues. These were never
  2671. used, but still took up a step in our fast path.
  2672. - The majority of the channel unit tests have been rewritten and the
  2673. code coverage has now been raised to 83.6% for channel.c. Closes
  2674. ticket 23709.
  2675. - Remove other dead code from the channel subsystem: All together,
  2676. this cleanup has removed more than 1500 lines of code overall and
  2677. adding very little except for unit test.
  2678. o Code simplification and refactoring (circuit rendezvous):
  2679. - Split the client-side rendezvous circuit lookup into two
  2680. functions: one that returns only established circuits and another
  2681. that returns all kinds of circuits. Closes ticket 23459.
  2682. o Code simplification and refactoring (controller):
  2683. - Make most of the variables in networkstatus_getinfo_by_purpose()
  2684. const. Implements ticket 24489.
  2685. o Documentation (backport from 0.3.4.1-alpha):
  2686. - Correct an IPv6 error in the documentation for ExitPolicy. Closes
  2687. ticket 25857. Patch from "CTassisF".
  2688. o Documentation (man page):
  2689. - The HiddenServiceVersion torrc option accepts only one number:
  2690. either version 2 or 3. Closes ticket 25026; bugfix
  2691. on 0.3.2.2-alpha.
  2692. o Documentation (manpage, denial of service):
  2693. - Provide more detail about the denial-of-service options, by
  2694. listing each mitigation and explaining how they relate. Closes
  2695. ticket 25248.
  2696. Changes in version 0.3.1.10 - 2018-03-03
  2697. Tor 0.3.1.10 backports a number of bugfixes, including important fixes for
  2698. security issues.
  2699. It includes an important security fix for a remote crash attack
  2700. against directory authorities, tracked as TROVE-2018-001.
  2701. This release also backports our new system for improved resistance to
  2702. denial-of-service attacks against relays.
  2703. This release also fixes several minor bugs and annoyances from
  2704. earlier releases.
  2705. All directory authorities should upgrade to one of the versions
  2706. released today. Relays running 0.3.1.x may wish to update to one of
  2707. the versions released today, for the DoS mitigations.
  2708. Please note: according to our release calendar, Tor 0.3.1 will no
  2709. longer be supported after 1 July 2018. If you will be running Tor
  2710. after that date, you should make sure to plan to upgrade to the latest
  2711. stable version, or downgrade to 0.2.9 (which will receive long-term
  2712. support).
  2713. o Major bugfixes (denial-of-service, directory authority, backport from 0.3.3.3-alpha):
  2714. - Fix a protocol-list handling bug that could be used to remotely crash
  2715. directory authorities with a null-pointer exception. Fixes bug 25074;
  2716. bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2018-001 and
  2717. CVE-2018-0490.
  2718. o Major features (denial-of-service mitigation, backport from 0.3.3.2-alpha):
  2719. - Give relays some defenses against the recent network overload. We
  2720. start with three defenses (default parameters in parentheses).
  2721. First: if a single client address makes too many concurrent
  2722. connections (>100), hang up on further connections. Second: if a
  2723. single client address makes circuits too quickly (more than 3 per
  2724. second, with an allowed burst of 90) while also having too many
  2725. connections open (3), refuse new create cells for the next while
  2726. (1-2 hours). Third: if a client asks to establish a rendezvous
  2727. point to you directly, ignore the request. These defenses can be
  2728. manually controlled by new torrc options, but relays will also
  2729. take guidance from consensus parameters, so there's no need to
  2730. configure anything manually. Implements ticket 24902.
  2731. o Minor features (linux seccomp2 sandbox, backport from 0.3.2.5-alpha):
  2732. - Update the sandbox rules so that they should now work correctly
  2733. with Glibc 2.26. Closes ticket 24315.
  2734. o Major bugfixes (onion services, retry behavior, backport from 0.3.3.1-alpha):
  2735. - Fix an "off by 2" error in counting rendezvous failures on the
  2736. onion service side. While we thought we would stop the rendezvous
  2737. attempt after one failed circuit, we were actually making three
  2738. circuit attempts before giving up. Now switch to a default of 2,
  2739. and allow the consensus parameter "hs_service_max_rdv_failures" to
  2740. override. Fixes bug 24895; bugfix on 0.0.6.
  2741. o Major bugfixes (protocol versions, backport from 0.3.3.2-alpha):
  2742. - Add Link protocol version 5 to the supported protocols list. Fixes
  2743. bug 25070; bugfix on 0.3.1.1-alpha.
  2744. o Major bugfixes (relay, backport from 0.3.3.1-alpha):
  2745. - Fix a set of false positives where relays would consider
  2746. connections to other relays as being client-only connections (and
  2747. thus e.g. deserving different link padding schemes) if those
  2748. relays fell out of the consensus briefly. Now we look only at the
  2749. initial handshake and whether the connection authenticated as a
  2750. relay. Fixes bug 24898; bugfix on 0.3.1.1-alpha.
  2751. o Minor features (denial-of-service avoidance, backport from 0.3.3.2-alpha):
  2752. - Make our OOM handler aware of the geoip client history cache so it
  2753. doesn't fill up the memory. This check is important for IPv6 and
  2754. our DoS mitigation subsystem. Closes ticket 25122.
  2755. o Minor feature (relay statistics, backport from 0.3.2.6-alpha):
  2756. - Change relay bandwidth reporting stats interval from 4 hours to 24
  2757. hours in order to reduce the efficiency of guard discovery
  2758. attacks. Fixes ticket 23856.
  2759. o Minor features (compatibility, OpenSSL, backport from 0.3.3.3-alpha):
  2760. - Tor will now support TLS1.3 once OpenSSL 1.1.1 is released.
  2761. Previous versions of Tor would not have worked with OpenSSL 1.1.1,
  2762. since they neither disabled TLS 1.3 nor enabled any of the
  2763. ciphersuites it requires. Now we enable the TLS 1.3 ciphersuites.
  2764. Closes ticket 24978.
  2765. o Minor features (fallback directory mirrors, backport from 0.3.2.9):
  2766. - The fallback directory list has been re-generated based on the
  2767. current status of the network. Tor uses fallback directories to
  2768. bootstrap when it doesn't yet have up-to-date directory
  2769. information. Closes ticket 24801.
  2770. - Make the default DirAuthorityFallbackRate 0.1, so that clients
  2771. prefer to bootstrap from fallback directory mirrors. This is a
  2772. follow-up to 24679, which removed weights from the default
  2773. fallbacks. Implements ticket 24681.
  2774. o Minor features (geoip):
  2775. - Update geoip and geoip6 to the February 7 2018 Maxmind GeoLite2
  2776. Country database.
  2777. o Minor bugfix (channel connection, backport from 0.3.3.2-alpha):
  2778. - Use the actual observed address of an incoming relay connection,
  2779. not the canonical address of the relay from its descriptor, when
  2780. making decisions about how to handle the incoming connection.
  2781. Fixes bug 24952; bugfix on 0.2.4.11-alpha. Patch by "ffmancera".
  2782. o Minor bugfix (directory authority, backport from 0.3.3.2-alpha):
  2783. - Directory authorities, when refusing a descriptor from a rejected
  2784. relay, now explicitly tell the relay (in its logs) to set a valid
  2785. ContactInfo address and contact the bad-relays@ mailing list.
  2786. Fixes bug 25170; bugfix on 0.2.9.1.
  2787. o Minor bugfixes (address selection, backport from 0.3.2.9):
  2788. - When the fascist_firewall_choose_address_ functions don't find a
  2789. reachable address, set the returned address to the null address
  2790. and port. This is a precautionary measure, because some callers do
  2791. not check the return value. Fixes bug 24736; bugfix
  2792. on 0.2.8.2-alpha.
  2793. o Major bugfixes (bootstrapping, backport from 0.3.2.5-alpha):
  2794. - Fetch descriptors aggressively whenever we lack enough to build
  2795. circuits, regardless of how many descriptors we are missing.
  2796. Previously, we would delay launching the fetch when we had fewer
  2797. than 15 missing descriptors, even if some of those descriptors
  2798. were blocking circuits from building. Fixes bug 23985; bugfix on
  2799. 0.1.1.11-alpha. The effects of this bug became worse in
  2800. 0.3.0.3-alpha, when we began treating missing descriptors from our
  2801. primary guards as a reason to delay circuits.
  2802. - Don't try fetching microdescriptors from relays that have failed
  2803. to deliver them in the past. Fixes bug 23817; bugfix
  2804. on 0.3.0.1-alpha.
  2805. o Minor bugfixes (compilation, backport from 0.3.2.7-rc):
  2806. - Fix a signed/unsigned comparison warning introduced by our fix to
  2807. TROVE-2017-009. Fixes bug 24480; bugfix on 0.2.5.16.
  2808. o Minor bugfixes (control port, linux seccomp2 sandbox, backport from 0.3.2.5-alpha):
  2809. - Avoid a crash when attempting to use the seccomp2 sandbox together
  2810. with the OwningControllerProcess feature. Fixes bug 24198; bugfix
  2811. on 0.2.5.1-alpha.
  2812. o Minor bugfixes (denial-of-service, backport from 0.3.3.3-alpha):
  2813. - Fix a possible crash on malformed consensus. If a consensus had
  2814. contained an unparseable protocol line, it could have made clients
  2815. and relays crash with a null-pointer exception. To exploit this
  2816. issue, however, an attacker would need to be able to subvert the
  2817. directory authority system. Fixes bug 25251; bugfix on
  2818. 0.2.9.4-alpha. Also tracked as TROVE-2018-004.
  2819. o Minor bugfixes (directory cache, backport from 0.3.2.5-alpha):
  2820. - Recover better from empty or corrupt files in the consensus cache
  2821. directory. Fixes bug 24099; bugfix on 0.3.1.1-alpha.
  2822. - When a consensus diff calculation is only partially successful,
  2823. only record the successful parts as having succeeded. Partial
  2824. success can happen if (for example) one compression method fails
  2825. but the others succeed. Previously we misrecorded all the
  2826. calculations as having succeeded, which would later cause a
  2827. nonfatal assertion failure. Fixes bug 24086; bugfix
  2828. on 0.3.1.1-alpha.
  2829. o Minor bugfixes (entry guards, backport from 0.3.2.3-alpha):
  2830. - Tor now updates its guard state when it reads a consensus
  2831. regardless of whether it's missing descriptors. That makes tor use
  2832. its primary guards to fetch descriptors in some edge cases where
  2833. it would previously have used fallback directories. Fixes bug
  2834. 23862; bugfix on 0.3.0.1-alpha.
  2835. o Minor bugfixes (logging, backport from 0.3.3.2-alpha):
  2836. - Don't treat inability to store a cached consensus object as a bug:
  2837. it can happen normally when we are out of disk space. Fixes bug
  2838. 24859; bugfix on 0.3.1.1-alpha.
  2839. o Minor bugfixes (memory usage, backport from 0.3.2.8-rc):
  2840. - When queuing DESTROY cells on a channel, only queue the circuit-id
  2841. and reason fields: not the entire 514-byte cell. This fix should
  2842. help mitigate any bugs or attacks that fill up these queues, and
  2843. free more RAM for other uses. Fixes bug 24666; bugfix
  2844. on 0.2.5.1-alpha.
  2845. o Minor bugfixes (network layer, backport from 0.3.2.5-alpha):
  2846. - When closing a connection via close_connection_immediately(), we
  2847. mark it as "not blocked on bandwidth", to prevent later calls from
  2848. trying to unblock it, and give it permission to read. This fixes a
  2849. backtrace warning that can happen on relays under various
  2850. circumstances. Fixes bug 24167; bugfix on 0.1.0.1-rc.
  2851. o Minor bugfixes (path selection, backport from 0.3.2.4-alpha):
  2852. - When selecting relays by bandwidth, avoid a rounding error that
  2853. could sometimes cause load to be imbalanced incorrectly.
  2854. Previously, we would always round upwards; now, we round towards
  2855. the nearest integer. This had the biggest effect when a relay's
  2856. weight adjustments should have given it weight 0, but it got
  2857. weight 1 instead. Fixes bug 23318; bugfix on 0.2.4.3-alpha.
  2858. - When calculating the fraction of nodes that have descriptors, and
  2859. all nodes in the network have zero bandwidths, count the number of
  2860. nodes instead. Fixes bug 23318; bugfix on 0.2.4.10-alpha.
  2861. - Actually log the total bandwidth in compute_weighted_bandwidths().
  2862. Fixes bug 24170; bugfix on 0.2.4.3-alpha.
  2863. o Minor bugfixes (performance, fragile-hardening, backport from 0.3.3.1-alpha):
  2864. - Improve the performance of our consensus-diff application code
  2865. when Tor is built with the --enable-fragile-hardening option set.
  2866. Fixes bug 24826; bugfix on 0.3.1.1-alpha.
  2867. o Minor bugfixes (OSX, backport from 0.3.3.1-alpha):
  2868. - Don't exit the Tor process if setrlimit() fails to change the file
  2869. limit (which can happen sometimes on some versions of OSX). Fixes
  2870. bug 21074; bugfix on 0.0.9pre5.
  2871. o Minor bugfixes (portability, msvc, backport from 0.3.2.9):
  2872. - Fix a bug in the bit-counting parts of our timing-wheel code on
  2873. MSVC. (Note that MSVC is still not a supported build platform, due
  2874. to cyptographic timing channel risks.) Fixes bug 24633; bugfix
  2875. on 0.2.9.1-alpha.
  2876. o Minor bugfixes (relay, partial backport):
  2877. - Make the internal channel_is_client() function look at what sort
  2878. of connection handshake the other side used, rather than whether
  2879. the other side ever sent a create_fast cell to us. Backports part
  2880. of the fixes from bugs 22805 and 24898.
  2881. o Minor bugfixes (spec conformance, backport from 0.3.3.3-alpha):
  2882. - Forbid "-0" as a protocol version. Fixes part of bug 25249; bugfix on
  2883. 0.2.9.4-alpha.
  2884. - Forbid UINT32_MAX as a protocol version. Fixes part of bug 25249;
  2885. bugfix on 0.2.9.4-alpha.
  2886. o Code simplification and refactoring (backport from 0.3.3.3-alpha):
  2887. - Update the "rust dependencies" submodule to be a project-level
  2888. repository, rather than a user repository. Closes ticket 25323.
  2889. Changes in version 0.2.9.15 - 2018-03-03
  2890. Tor 0.2.9.15 backports important security and stability bugfixes from
  2891. later Tor releases.
  2892. It includes an important security fix for a remote crash attack
  2893. against directory authorities, tracked as TROVE-2018-001.
  2894. This release also backports our new system for improved resistance to
  2895. denial-of-service attacks against relays.
  2896. This release also fixes several minor bugs and annoyances from
  2897. earlier releases.
  2898. All directory authorities should upgrade to one of the versions
  2899. released today. Relays running 0.2.9.x may wish to update to one of
  2900. the versions released today, for the DoS mitigations.
  2901. o Major bugfixes (denial-of-service, directory authority, backport from 0.3.3.3-alpha):
  2902. - Fix a protocol-list handling bug that could be used to remotely crash
  2903. directory authorities with a null-pointer exception. Fixes bug 25074;
  2904. bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2018-001 and
  2905. CVE-2018-0490.
  2906. o Major features (denial-of-service mitigation):
  2907. - Give relays some defenses against the recent network overload. We
  2908. start with three defenses (default parameters in parentheses).
  2909. First: if a single client address makes too many concurrent
  2910. connections (>100), hang up on further connections. Second: if a
  2911. single client address makes circuits too quickly (more than 3 per
  2912. second, with an allowed burst of 90) while also having too many
  2913. connections open (3), refuse new create cells for the next while
  2914. (1-2 hours). Third: if a client asks to establish a rendezvous
  2915. point to you directly, ignore the request. These defenses can be
  2916. manually controlled by new torrc options, but relays will also
  2917. take guidance from consensus parameters, so there's no need to
  2918. configure anything manually. Implements ticket 24902.
  2919. o Major bugfixes (bootstrapping):
  2920. - Fetch descriptors aggressively whenever we lack enough to build
  2921. circuits, regardless of how many descriptors we are missing.
  2922. Previously, we would delay launching the fetch when we had fewer
  2923. than 15 missing descriptors, even if some of those descriptors
  2924. were blocking circuits from building. Fixes bug 23985; bugfix on
  2925. 0.1.1.11-alpha. The effects of this bug became worse in
  2926. 0.3.0.3-alpha, when we began treating missing descriptors from our
  2927. primary guards as a reason to delay circuits.
  2928. o Major bugfixes (onion services, retry behavior):
  2929. - Fix an "off by 2" error in counting rendezvous failures on the
  2930. onion service side. While we thought we would stop the rendezvous
  2931. attempt after one failed circuit, we were actually making three
  2932. circuit attempts before giving up. Now switch to a default of 2,
  2933. and allow the consensus parameter "hs_service_max_rdv_failures" to
  2934. override. Fixes bug 24895; bugfix on 0.0.6.
  2935. o Minor feature (relay statistics):
  2936. - Change relay bandwidth reporting stats interval from 4 hours to 24
  2937. hours in order to reduce the efficiency of guard discovery
  2938. attacks. Fixes ticket 23856.
  2939. o Minor features (compatibility, OpenSSL):
  2940. - Tor will now support TLS1.3 once OpenSSL 1.1.1 is released.
  2941. Previous versions of Tor would not have worked with OpenSSL 1.1.1,
  2942. since they neither disabled TLS 1.3 nor enabled any of the
  2943. ciphersuites it requires. Now we enable the TLS 1.3 ciphersuites.
  2944. Closes ticket 24978.
  2945. o Minor features (denial-of-service avoidance):
  2946. - Make our OOM handler aware of the geoip client history cache so it
  2947. doesn't fill up the memory. This check is important for IPv6 and
  2948. our DoS mitigation subsystem. Closes ticket 25122.
  2949. o Minor features (fallback directory mirrors):
  2950. - The fallback directory list has been re-generated based on the
  2951. current status of the network. Tor uses fallback directories to
  2952. bootstrap when it doesn't yet have up-to-date directory
  2953. information. Closes ticket 24801.
  2954. - Make the default DirAuthorityFallbackRate 0.1, so that clients
  2955. prefer to bootstrap from fallback directory mirrors. This is a
  2956. follow-up to 24679, which removed weights from the default
  2957. fallbacks. Implements ticket 24681.
  2958. o Minor features (geoip):
  2959. - Update geoip and geoip6 to the February 7 2018 Maxmind GeoLite2
  2960. Country database.
  2961. o Minor features (linux seccomp2 sandbox):
  2962. - Update the sandbox rules so that they should now work correctly
  2963. with Glibc 2.26. Closes ticket 24315.
  2964. o Minor bugfix (channel connection):
  2965. - Use the actual observed address of an incoming relay connection,
  2966. not the canonical address of the relay from its descriptor, when
  2967. making decisions about how to handle the incoming connection.
  2968. Fixes bug 24952; bugfix on 0.2.4.11-alpha. Patch by "ffmancera".
  2969. o Minor bugfix (directory authority):
  2970. - Directory authorities, when refusing a descriptor from a rejected
  2971. relay, now explicitly tell the relay (in its logs) to set a valid
  2972. ContactInfo address and contact the bad-relays@ mailing list.
  2973. Fixes bug 25170; bugfix on 0.2.9.1.
  2974. o Minor bugfixes (address selection):
  2975. - When the fascist_firewall_choose_address_ functions don't find a
  2976. reachable address, set the returned address to the null address
  2977. and port. This is a precautionary measure, because some callers do
  2978. not check the return value. Fixes bug 24736; bugfix
  2979. on 0.2.8.2-alpha.
  2980. o Minor bugfixes (compilation):
  2981. - Fix a signed/unsigned comparison warning introduced by our fix to
  2982. TROVE-2017-009. Fixes bug 24480; bugfix on 0.2.5.16.
  2983. o Minor bugfixes (control port, linux seccomp2 sandbox):
  2984. - Avoid a crash when attempting to use the seccomp2 sandbox together
  2985. with the OwningControllerProcess feature. Fixes bug 24198; bugfix
  2986. on 0.2.5.1-alpha.
  2987. o Minor bugfixes (denial-of-service, backport from 0.3.3.3-alpha):
  2988. - Fix a possible crash on malformed consensus. If a consensus had
  2989. contained an unparseable protocol line, it could have made clients
  2990. and relays crash with a null-pointer exception. To exploit this
  2991. issue, however, an attacker would need to be able to subvert the
  2992. directory authority system. Fixes bug 25251; bugfix on
  2993. 0.2.9.4-alpha. Also tracked as TROVE-2018-004.
  2994. o Minor bugfixes (memory usage):
  2995. - When queuing DESTROY cells on a channel, only queue the circuit-id
  2996. and reason fields: not the entire 514-byte cell. This fix should
  2997. help mitigate any bugs or attacks that fill up these queues, and
  2998. free more RAM for other uses. Fixes bug 24666; bugfix
  2999. on 0.2.5.1-alpha.
  3000. o Minor bugfixes (network layer):
  3001. - When closing a connection via close_connection_immediately(), we
  3002. mark it as "not blocked on bandwidth", to prevent later calls from
  3003. trying to unblock it, and give it permission to read. This fixes a
  3004. backtrace warning that can happen on relays under various
  3005. circumstances. Fixes bug 24167; bugfix on 0.1.0.1-rc.
  3006. o Minor bugfixes (OSX):
  3007. - Don't exit the Tor process if setrlimit() fails to change the file
  3008. limit (which can happen sometimes on some versions of OSX). Fixes
  3009. bug 21074; bugfix on 0.0.9pre5.
  3010. o Minor bugfixes (path selection):
  3011. - When selecting relays by bandwidth, avoid a rounding error that
  3012. could sometimes cause load to be imbalanced incorrectly.
  3013. Previously, we would always round upwards; now, we round towards
  3014. the nearest integer. This had the biggest effect when a relay's
  3015. weight adjustments should have given it weight 0, but it got
  3016. weight 1 instead. Fixes bug 23318; bugfix on 0.2.4.3-alpha.
  3017. - When calculating the fraction of nodes that have descriptors, and
  3018. all nodes in the network have zero bandwidths, count the number of
  3019. nodes instead. Fixes bug 23318; bugfix on 0.2.4.10-alpha.
  3020. - Actually log the total bandwidth in compute_weighted_bandwidths().
  3021. Fixes bug 24170; bugfix on 0.2.4.3-alpha.
  3022. o Minor bugfixes (portability, msvc):
  3023. - Fix a bug in the bit-counting parts of our timing-wheel code on
  3024. MSVC. (Note that MSVC is still not a supported build platform, due
  3025. to cryptographic timing channel risks.) Fixes bug 24633; bugfix
  3026. on 0.2.9.1-alpha.
  3027. o Minor bugfixes (relay):
  3028. - Make the internal channel_is_client() function look at what sort
  3029. of connection handshake the other side used, rather than whether
  3030. the other side ever sent a create_fast cell to us. Backports part
  3031. of the fixes from bugs 22805 and 24898.
  3032. o Minor bugfixes (spec conformance, backport from 0.3.3.3-alpha):
  3033. - Forbid "-0" as a protocol version. Fixes part of bug 25249; bugfix on
  3034. 0.2.9.4-alpha.
  3035. - Forbid UINT32_MAX as a protocol version. Fixes part of bug 25249;
  3036. bugfix on 0.2.9.4-alpha.
  3037. Changes in version 0.3.2.10 - 2018-03-03
  3038. Tor 0.3.2.10 is the second stable release in the 0.3.2 series. It
  3039. backports a number of bugfixes, including important fixes for security
  3040. issues.
  3041. It includes an important security fix for a remote crash attack
  3042. against directory authorities, tracked as TROVE-2018-001.
  3043. Additionally, it backports a fix for a bug whose severity we have
  3044. upgraded: Bug 24700, which was fixed in 0.3.3.2-alpha, can be remotely
  3045. triggered in order to crash relays with a use-after-free pattern. As
  3046. such, we are now tracking that bug as TROVE-2018-002 and
  3047. CVE-2018-0491, and backporting it to earlier releases. This bug
  3048. affected versions 0.3.2.1-alpha through 0.3.2.9, as well as version
  3049. 0.3.3.1-alpha.
  3050. This release also backports our new system for improved resistance to
  3051. denial-of-service attacks against relays.
  3052. This release also fixes several minor bugs and annoyances from
  3053. earlier releases.
  3054. Relays running 0.3.2.x SHOULD upgrade to one of the versions released
  3055. today, for the fix to TROVE-2018-002. Directory authorities should
  3056. also upgrade. (Relays on earlier versions might want to update too for
  3057. the DoS mitigations.)
  3058. o Major bugfixes (denial-of-service, directory authority, backport from 0.3.3.3-alpha):
  3059. - Fix a protocol-list handling bug that could be used to remotely crash
  3060. directory authorities with a null-pointer exception. Fixes bug 25074;
  3061. bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2018-001 and
  3062. CVE-2018-0490.
  3063. o Major bugfixes (scheduler, KIST, denial-of-service, backport from 0.3.3.2-alpha):
  3064. - Avoid adding the same channel twice in the KIST scheduler pending
  3065. list, which could lead to remote denial-of-service use-after-free
  3066. attacks against relays. Fixes bug 24700; bugfix on 0.3.2.1-alpha.
  3067. o Major features (denial-of-service mitigation, backport from 0.3.3.2-alpha):
  3068. - Give relays some defenses against the recent network overload. We
  3069. start with three defenses (default parameters in parentheses).
  3070. First: if a single client address makes too many concurrent
  3071. connections (>100), hang up on further connections. Second: if a
  3072. single client address makes circuits too quickly (more than 3 per
  3073. second, with an allowed burst of 90) while also having too many
  3074. connections open (3), refuse new create cells for the next while
  3075. (1-2 hours). Third: if a client asks to establish a rendezvous
  3076. point to you directly, ignore the request. These defenses can be
  3077. manually controlled by new torrc options, but relays will also
  3078. take guidance from consensus parameters, so there's no need to
  3079. configure anything manually. Implements ticket 24902.
  3080. o Major bugfixes (onion services, retry behavior, backport from 0.3.3.1-alpha):
  3081. - Fix an "off by 2" error in counting rendezvous failures on the
  3082. onion service side. While we thought we would stop the rendezvous
  3083. attempt after one failed circuit, we were actually making three
  3084. circuit attempts before giving up. Now switch to a default of 2,
  3085. and allow the consensus parameter "hs_service_max_rdv_failures" to
  3086. override. Fixes bug 24895; bugfix on 0.0.6.
  3087. - New-style (v3) onion services now obey the "max rendezvous circuit
  3088. attempts" logic. Previously they would make as many rendezvous
  3089. circuit attempts as they could fit in the MAX_REND_TIMEOUT second
  3090. window before giving up. Fixes bug 24894; bugfix on 0.3.2.1-alpha.
  3091. o Major bugfixes (protocol versions, backport from 0.3.3.2-alpha):
  3092. - Add Link protocol version 5 to the supported protocols list. Fixes
  3093. bug 25070; bugfix on 0.3.1.1-alpha.
  3094. o Major bugfixes (relay, backport from 0.3.3.1-alpha):
  3095. - Fix a set of false positives where relays would consider
  3096. connections to other relays as being client-only connections (and
  3097. thus e.g. deserving different link padding schemes) if those
  3098. relays fell out of the consensus briefly. Now we look only at the
  3099. initial handshake and whether the connection authenticated as a
  3100. relay. Fixes bug 24898; bugfix on 0.3.1.1-alpha.
  3101. o Major bugfixes (scheduler, consensus, backport from 0.3.3.2-alpha):
  3102. - The scheduler subsystem was failing to promptly notice changes in
  3103. consensus parameters, making it harder to switch schedulers
  3104. network-wide. Fixes bug 24975; bugfix on 0.3.2.1-alpha.
  3105. o Minor features (denial-of-service avoidance, backport from 0.3.3.2-alpha):
  3106. - Make our OOM handler aware of the geoip client history cache so it
  3107. doesn't fill up the memory. This check is important for IPv6 and
  3108. our DoS mitigation subsystem. Closes ticket 25122.
  3109. o Minor features (compatibility, OpenSSL, backport from 0.3.3.3-alpha):
  3110. - Tor will now support TLS1.3 once OpenSSL 1.1.1 is released.
  3111. Previous versions of Tor would not have worked with OpenSSL 1.1.1,
  3112. since they neither disabled TLS 1.3 nor enabled any of the
  3113. ciphersuites it requires. Now we enable the TLS 1.3 ciphersuites.
  3114. Closes ticket 24978.
  3115. o Minor features (geoip):
  3116. - Update geoip and geoip6 to the February 7 2018 Maxmind GeoLite2
  3117. Country database.
  3118. o Minor features (logging, diagnostic, backport from 0.3.3.2-alpha):
  3119. - When logging a failure to create an onion service's descriptor,
  3120. also log what the problem with the descriptor was. Diagnostic
  3121. for ticket 24972.
  3122. o Minor bugfix (channel connection, backport from 0.3.3.2-alpha):
  3123. - Use the actual observed address of an incoming relay connection,
  3124. not the canonical address of the relay from its descriptor, when
  3125. making decisions about how to handle the incoming connection.
  3126. Fixes bug 24952; bugfix on 0.2.4.11-alpha. Patch by "ffmancera".
  3127. o Minor bugfixes (denial-of-service, backport from 0.3.3.3-alpha):
  3128. - Fix a possible crash on malformed consensus. If a consensus had
  3129. contained an unparseable protocol line, it could have made clients
  3130. and relays crash with a null-pointer exception. To exploit this
  3131. issue, however, an attacker would need to be able to subvert the
  3132. directory authority system. Fixes bug 25251; bugfix on
  3133. 0.2.9.4-alpha. Also tracked as TROVE-2018-004.
  3134. o Minor bugfix (directory authority, backport from 0.3.3.2-alpha):
  3135. - Directory authorities, when refusing a descriptor from a rejected
  3136. relay, now explicitly tell the relay (in its logs) to set a valid
  3137. ContactInfo address and contact the bad-relays@ mailing list.
  3138. Fixes bug 25170; bugfix on 0.2.9.1.
  3139. o Minor bugfixes (build, rust, backport from 0.3.3.1-alpha):
  3140. - When building with Rust on OSX, link against libresolv, to work
  3141. around the issue at https://github.com/rust-lang/rust/issues/46797.
  3142. Fixes bug 24652; bugfix on 0.3.1.1-alpha.
  3143. o Minor bugfixes (onion services, backport from 0.3.3.2-alpha):
  3144. - Remove a BUG() statement when a client fetches an onion descriptor
  3145. that has a lower revision counter than the one in its cache. This
  3146. can happen in normal circumstances due to HSDir desync. Fixes bug
  3147. 24976; bugfix on 0.3.2.1-alpha.
  3148. o Minor bugfixes (logging, backport from 0.3.3.2-alpha):
  3149. - Don't treat inability to store a cached consensus object as a bug:
  3150. it can happen normally when we are out of disk space. Fixes bug
  3151. 24859; bugfix on 0.3.1.1-alpha.
  3152. o Minor bugfixes (performance, fragile-hardening, backport from 0.3.3.1-alpha):
  3153. - Improve the performance of our consensus-diff application code
  3154. when Tor is built with the --enable-fragile-hardening option set.
  3155. Fixes bug 24826; bugfix on 0.3.1.1-alpha.
  3156. o Minor bugfixes (OSX, backport from 0.3.3.1-alpha):
  3157. - Don't exit the Tor process if setrlimit() fails to change the file
  3158. limit (which can happen sometimes on some versions of OSX). Fixes
  3159. bug 21074; bugfix on 0.0.9pre5.
  3160. o Minor bugfixes (spec conformance, backport from 0.3.3.3-alpha):
  3161. - Forbid "-0" as a protocol version. Fixes part of bug 25249; bugfix on
  3162. 0.2.9.4-alpha.
  3163. - Forbid UINT32_MAX as a protocol version. Fixes part of bug 25249;
  3164. bugfix on 0.2.9.4-alpha.
  3165. o Minor bugfixes (testing, backport from 0.3.3.1-alpha):
  3166. - Fix a memory leak in the scheduler/loop_kist unit test. Fixes bug
  3167. 25005; bugfix on 0.3.2.7-rc.
  3168. o Minor bugfixes (v3 onion services, backport from 0.3.3.2-alpha):
  3169. - Look at the "HSRend" protocol version, not the "HSDir" protocol
  3170. version, when deciding whether a consensus entry can support the
  3171. v3 onion service protocol as a rendezvous point. Fixes bug 25105;
  3172. bugfix on 0.3.2.1-alpha.
  3173. o Code simplification and refactoring (backport from 0.3.3.3-alpha):
  3174. - Update the "rust dependencies" submodule to be a project-level
  3175. repository, rather than a user repository. Closes ticket 25323.
  3176. o Documentation (backport from 0.3.3.1-alpha)
  3177. - Document that operators who run more than one relay or bridge are
  3178. expected to set MyFamily and ContactInfo correctly. Closes
  3179. ticket 24526.
  3180. Changes in version 0.3.2.9 - 2018-01-09
  3181. Tor 0.3.2.9 is the first stable release in the 0.3.2 series.
  3182. The 0.3.2 series includes our long-anticipated new onion service
  3183. design, with numerous security features. (For more information, see
  3184. our blog post at https://blog.torproject.org/fall-harvest.) We also
  3185. have a new circuit scheduler algorithm for improved performance on
  3186. relays everywhere (see https://blog.torproject.org/kist-and-tell),
  3187. along with many smaller features and bugfixes.
  3188. Per our stable release policy, we plan to support each stable release
  3189. series for at least the next nine months, or for three months after
  3190. the first stable release of the next series: whichever is longer. If
  3191. you need a release with long-term support, we recommend that you stay
  3192. with the 0.2.9 series.
  3193. Below is a list of the changes since 0.3.1.7. For a list of all
  3194. changes since 0.3.2.8-rc, see the ChangeLog file.
  3195. o Directory authority changes:
  3196. - Add "Bastet" as a ninth directory authority to the default list.
  3197. Closes ticket 23910.
  3198. - The directory authority "Longclaw" has changed its IP address.
  3199. Closes ticket 23592.
  3200. - Remove longclaw's IPv6 address, as it will soon change. Authority
  3201. IPv6 addresses were originally added in 0.2.8.1-alpha. This leaves
  3202. 3/8 directory authorities with IPv6 addresses, but there are also
  3203. 52 fallback directory mirrors with IPv6 addresses. Resolves 19760.
  3204. - Add an IPv6 address for the "bastet" directory authority. Closes
  3205. ticket 24394.
  3206. o Major features (next-generation onion services):
  3207. - Tor now supports the next-generation onion services protocol for
  3208. clients and services! As part of this release, the core of
  3209. proposal 224 has been implemented and is available for
  3210. experimentation and testing by our users. This newer version of
  3211. onion services ("v3") features many improvements over the legacy
  3212. system, including:
  3213. a) Better crypto (replaced SHA1/DH/RSA1024
  3214. with SHA3/ed25519/curve25519)
  3215. b) Improved directory protocol, leaking much less information to
  3216. directory servers.
  3217. c) Improved directory protocol, with smaller surface for
  3218. targeted attacks.
  3219. d) Better onion address security against impersonation.
  3220. e) More extensible introduction/rendezvous protocol.
  3221. f) A cleaner and more modular codebase.
  3222. You can identify a next-generation onion address by its length:
  3223. they are 56 characters long, as in
  3224. "4acth47i6kxnvkewtm6q7ib2s3ufpo5sqbsnzjpbi7utijcltosqemad.onion".
  3225. In the future, we will release more options and features for v3
  3226. onion services, but we first need a testing period, so that the
  3227. current codebase matures and becomes more robust. Planned features
  3228. include: offline keys, advanced client authorization, improved
  3229. guard algorithms, and statistics. For full details, see
  3230. proposal 224.
  3231. Legacy ("v2") onion services will still work for the foreseeable
  3232. future, and will remain the default until this new codebase gets
  3233. tested and hardened. Service operators who want to experiment with
  3234. the new system can use the 'HiddenServiceVersion 3' torrc
  3235. directive along with the regular onion service configuration
  3236. options. For more information, see our blog post at
  3237. "https://blog.torproject.org/fall-harvest". Enjoy!
  3238. o Major feature (scheduler, channel):
  3239. - Tor now uses new schedulers to decide which circuits should
  3240. deliver cells first, in order to improve congestion at relays. The
  3241. first type is called "KIST" ("Kernel Informed Socket Transport"),
  3242. and is only available on Linux-like systems: it uses feedback from
  3243. the kernel to prevent the kernel's TCP buffers from growing too
  3244. full. The second new scheduler type is called "KISTLite": it
  3245. behaves the same as KIST, but runs on systems without kernel
  3246. support for inspecting TCP implementation details. The old
  3247. scheduler is still available, under the name "Vanilla". To change
  3248. the default scheduler preference order, use the new "Schedulers"
  3249. option. (The default preference order is "KIST,KISTLite,Vanilla".)
  3250. Matt Traudt implemented KIST, based on research by Rob Jansen,
  3251. John Geddes, Christ Wacek, Micah Sherr, and Paul Syverson. For
  3252. more information, see the design paper at
  3253. http://www.robgjansen.com/publications/kist-sec2014.pdf and the
  3254. followup implementation paper at https://arxiv.org/abs/1709.01044.
  3255. Closes ticket 12541. For more information, see our blog post at
  3256. "https://blog.torproject.org/kist-and-tell".
  3257. o Major bugfixes (security, general):
  3258. - Fix a denial of service bug where an attacker could use a
  3259. malformed directory object to cause a Tor instance to pause while
  3260. OpenSSL would try to read a passphrase from the terminal. (Tor
  3261. instances run without a terminal, which is the case for most Tor
  3262. packages, are not impacted.) Fixes bug 24246; bugfix on every
  3263. version of Tor. Also tracked as TROVE-2017-011 and CVE-2017-8821.
  3264. Found by OSS-Fuzz as testcase 6360145429790720.
  3265. o Major bugfixes (security, directory authority):
  3266. - Fix a denial of service issue where an attacker could crash a
  3267. directory authority using a malformed router descriptor. Fixes bug
  3268. 24245; bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2017-010
  3269. and CVE-2017-8820.
  3270. o Major bugfixes (security, onion service v2):
  3271. - Fix a use-after-free error that could crash v2 Tor onion services
  3272. when they failed to open circuits while expiring introduction
  3273. points. Fixes bug 24313; bugfix on 0.2.7.2-alpha. This issue is
  3274. also tracked as TROVE-2017-013 and CVE-2017-8823.
  3275. - When checking for replays in the INTRODUCE1 cell data for a
  3276. (legacy) onion service, correctly detect replays in the RSA-
  3277. encrypted part of the cell. We were previously checking for
  3278. replays on the entire cell, but those can be circumvented due to
  3279. the malleability of Tor's legacy hybrid encryption. This fix helps
  3280. prevent a traffic confirmation attack. Fixes bug 24244; bugfix on
  3281. 0.2.4.1-alpha. This issue is also tracked as TROVE-2017-009
  3282. and CVE-2017-8819.
  3283. o Major bugfixes (security, relay):
  3284. - When running as a relay, make sure that we never build a path
  3285. through ourselves, even in the case where we have somehow lost the
  3286. version of our descriptor appearing in the consensus. Fixes part
  3287. of bug 21534; bugfix on 0.2.0.1-alpha. This issue is also tracked
  3288. as TROVE-2017-012 and CVE-2017-8822.
  3289. - When running as a relay, make sure that we never choose ourselves
  3290. as a guard. Fixes part of bug 21534; bugfix on 0.3.0.1-alpha. This
  3291. issue is also tracked as TROVE-2017-012 and CVE-2017-8822.
  3292. o Major bugfixes (bootstrapping):
  3293. - Fetch descriptors aggressively whenever we lack enough to build
  3294. circuits, regardless of how many descriptors we are missing.
  3295. Previously, we would delay launching the fetch when we had fewer
  3296. than 15 missing descriptors, even if some of those descriptors
  3297. were blocking circuits from building. Fixes bug 23985; bugfix on
  3298. 0.1.1.11-alpha. The effects of this bug became worse in
  3299. 0.3.0.3-alpha, when we began treating missing descriptors from our
  3300. primary guards as a reason to delay circuits.
  3301. - Don't try fetching microdescriptors from relays that have failed
  3302. to deliver them in the past. Fixes bug 23817; bugfix
  3303. on 0.3.0.1-alpha.
  3304. o Major bugfixes (circuit prediction):
  3305. - Fix circuit prediction logic so that a client doesn't treat a port
  3306. as being "handled" by a circuit if that circuit already has
  3307. isolation settings on it. This change should make Tor clients more
  3308. responsive by improving their chances of having a pre-created
  3309. circuit ready for use when a request arrives. Fixes bug 18859;
  3310. bugfix on 0.2.3.3-alpha.
  3311. o Major bugfixes (exit relays, DNS):
  3312. - Fix an issue causing DNS to fail on high-bandwidth exit nodes,
  3313. making them nearly unusable. Fixes bugs 21394 and 18580; bugfix on
  3314. 0.1.2.2-alpha, which introduced eventdns. Thanks to Dhalgren for
  3315. identifying and finding a workaround to this bug and to Moritz,
  3316. Arthur Edelstein, and Roger for helping to track it down and
  3317. analyze it.
  3318. o Major bugfixes (relay, crash, assertion failure):
  3319. - Fix a timing-based assertion failure that could occur when the
  3320. circuit out-of-memory handler freed a connection's output buffer.
  3321. Fixes bug 23690; bugfix on 0.2.6.1-alpha.
  3322. o Major bugfixes (usability, control port):
  3323. - Report trusted clock skew indications as bootstrap errors, so
  3324. controllers can more easily alert users when their clocks are
  3325. wrong. Fixes bug 23506; bugfix on 0.1.2.6-alpha.
  3326. o Minor features (bridge):
  3327. - Bridge relays can now set the BridgeDistribution config option to
  3328. add a "bridge-distribution-request" line to their bridge
  3329. descriptor, which tells BridgeDB how they'd like their bridge
  3330. address to be given out. (Note that as of Oct 2017, BridgeDB does
  3331. not yet implement this feature.) As a side benefit, this feature
  3332. provides a way to distinguish bridge descriptors from non-bridge
  3333. descriptors. Implements tickets 18329.
  3334. - When handling the USERADDR command on an ExtOrPort, warn when the
  3335. transports provides a USERADDR with no port. In a future version,
  3336. USERADDR commands of this format may be rejected. Detects problems
  3337. related to ticket 23080.
  3338. o Minor features (bug detection):
  3339. - Log a warning message with a stack trace for any attempt to call
  3340. get_options() during option validation. This pattern has caused
  3341. subtle bugs in the past. Closes ticket 22281.
  3342. o Minor features (build, compilation):
  3343. - The "check-changes" feature is now part of the "make check" tests;
  3344. we'll use it to try to prevent misformed changes files from
  3345. accumulating. Closes ticket 23564.
  3346. - Tor builds should now fail if there are any mismatches between the
  3347. C type representing a configuration variable and the C type the
  3348. data-driven parser uses to store a value there. Previously, we
  3349. needed to check these by hand, which sometimes led to mistakes.
  3350. Closes ticket 23643.
  3351. o Minor features (client):
  3352. - You can now use Tor as a tunneled HTTP proxy: use the new
  3353. HTTPTunnelPort option to open a port that accepts HTTP CONNECT
  3354. requests. Closes ticket 22407.
  3355. - Add an extra check to make sure that we always use the newer guard
  3356. selection code for picking our guards. Closes ticket 22779.
  3357. - When downloading (micro)descriptors, don't split the list into
  3358. multiple requests unless we want at least 32 descriptors.
  3359. Previously, we split at 4, not 32, which led to significant
  3360. overhead in HTTP request size and degradation in compression
  3361. performance. Closes ticket 23220.
  3362. - Improve log messages when missing descriptors for primary guards.
  3363. Resolves ticket 23670.
  3364. o Minor features (command line):
  3365. - Add a new commandline option, --key-expiration, which prints when
  3366. the current signing key is going to expire. Implements ticket
  3367. 17639; patch by Isis Lovecruft.
  3368. o Minor features (control port):
  3369. - If an application tries to use the control port as an HTTP proxy,
  3370. respond with a meaningful "This is the Tor control port" message,
  3371. and log the event. Closes ticket 1667. Patch from Ravi
  3372. Chandra Padmala.
  3373. - Provide better error message for GETINFO desc/(id|name) when not
  3374. fetching router descriptors. Closes ticket 5847. Patch by
  3375. Kevin Butler.
  3376. - Add GETINFO "{desc,md}/download-enabled", to inform the controller
  3377. whether Tor will try to download router descriptors and
  3378. microdescriptors respectively. Closes ticket 22684.
  3379. - Added new GETINFO targets "ip-to-country/{ipv4,ipv6}-available",
  3380. so controllers can tell whether the geoip databases are loaded.
  3381. Closes ticket 23237.
  3382. - Adds a timestamp field to the CIRC_BW and STREAM_BW bandwidth
  3383. events. Closes ticket 19254. Patch by "DonnchaC".
  3384. o Minor features (development support):
  3385. - Developers can now generate a call-graph for Tor using the
  3386. "calltool" python program, which post-processes object dumps. It
  3387. should work okay on many Linux and OSX platforms, and might work
  3388. elsewhere too. To run it, install calltool from
  3389. https://gitweb.torproject.org/user/nickm/calltool.git and run
  3390. "make callgraph". Closes ticket 19307.
  3391. o Minor features (directory authority):
  3392. - Make the "Exit" flag assignment only depend on whether the exit
  3393. policy allows connections to ports 80 and 443. Previously relays
  3394. would get the Exit flag if they allowed connections to one of
  3395. these ports and also port 6667. Resolves ticket 23637.
  3396. o Minor features (ed25519):
  3397. - Add validation function to checks for torsion components in
  3398. ed25519 public keys, used by prop224 client-side code. Closes
  3399. ticket 22006. Math help by Ian Goldberg.
  3400. o Minor features (exit relay, DNS):
  3401. - Improve the clarity and safety of the log message from evdns when
  3402. receiving an apparently spoofed DNS reply. Closes ticket 3056.
  3403. o Minor features (fallback directory mirrors):
  3404. - The fallback directory list has been re-generated based on the
  3405. current status of the network. Tor uses fallback directories to
  3406. bootstrap when it doesn't yet have up-to-date directory
  3407. information. Closes ticket 24801.
  3408. - Make the default DirAuthorityFallbackRate 0.1, so that clients
  3409. prefer to bootstrap from fallback directory mirrors. This is a
  3410. follow-up to 24679, which removed weights from the default
  3411. fallbacks. Implements ticket 24681.
  3412. o Minor features (geoip):
  3413. - Update geoip and geoip6 to the January 5 2018 Maxmind GeoLite2
  3414. Country database.
  3415. o Minor features (integration, hardening):
  3416. - Add a new NoExec option to prevent Tor from running other
  3417. programs. When this option is set to 1, Tor will never try to run
  3418. another program, regardless of the settings of
  3419. PortForwardingHelper, ClientTransportPlugin, or
  3420. ServerTransportPlugin. Once NoExec is set, it cannot be disabled
  3421. without restarting Tor. Closes ticket 22976.
  3422. o Minor features (linux seccomp2 sandbox):
  3423. - Update the sandbox rules so that they should now work correctly
  3424. with Glibc 2.26. Closes ticket 24315.
  3425. o Minor features (logging):
  3426. - Provide better warnings when the getrandom() syscall fails. Closes
  3427. ticket 24500.
  3428. - Downgrade a pair of log messages that could occur when an exit's
  3429. resolver gave us an unusual (but not forbidden) response. Closes
  3430. ticket 24097.
  3431. - Improve the message we log when re-enabling circuit build timeouts
  3432. after having received a consensus. Closes ticket 20963.
  3433. - Log more circuit information whenever we are about to try to
  3434. package a relay cell on a circuit with a nonexistent n_chan.
  3435. Attempt to diagnose ticket 8185.
  3436. - Improve info-level log identification of particular circuits, to
  3437. help with debugging. Closes ticket 23645.
  3438. - Improve the warning message for specifying a relay by nickname.
  3439. The previous message implied that nickname registration was still
  3440. part of the Tor network design, which it isn't. Closes
  3441. ticket 20488.
  3442. - If the sandbox filter fails to load, suggest to the user that
  3443. their kernel might not support seccomp2. Closes ticket 23090.
  3444. o Minor features (onion service, circuit, logging):
  3445. - Improve logging of many callsite in the circuit subsystem to print
  3446. the circuit identifier(s).
  3447. - Log when we cleanup an intro point from a service so we know when
  3448. and for what reason it happened. Closes ticket 23604.
  3449. o Minor features (portability):
  3450. - Tor now compiles correctly on arm64 with libseccomp-dev installed.
  3451. (It doesn't yet work with the sandbox enabled.) Closes
  3452. ticket 24424.
  3453. - Check at configure time whether uint8_t is the same type as
  3454. unsigned char. Lots of existing code already makes this
  3455. assumption, and there could be strict aliasing issues if the
  3456. assumption is violated. Closes ticket 22410.
  3457. o Minor features (relay):
  3458. - When choosing which circuits can be expired as unused, consider
  3459. circuits from clients even if those clients used regular CREATE
  3460. cells to make them; and do not consider circuits from relays even
  3461. if they were made with CREATE_FAST. Part of ticket 22805.
  3462. - Reject attempts to use relative file paths when RunAsDaemon is
  3463. set. Previously, Tor would accept these, but the directory-
  3464. changing step of RunAsDaemon would give strange and/or confusing
  3465. results. Closes ticket 22731.
  3466. o Minor features (relay statistics):
  3467. - Change relay bandwidth reporting stats interval from 4 hours to 24
  3468. hours in order to reduce the efficiency of guard discovery
  3469. attacks. Fixes ticket 23856.
  3470. o Minor features (reverted deprecations):
  3471. - The ClientDNSRejectInternalAddresses flag can once again be set in
  3472. non-testing Tor networks, so long as they do not use the default
  3473. directory authorities. This change also removes the deprecation of
  3474. this flag from 0.2.9.2-alpha. Closes ticket 21031.
  3475. o Minor features (robustness):
  3476. - Change several fatal assertions when flushing buffers into non-
  3477. fatal assertions, to prevent any recurrence of 23690.
  3478. o Minor features (startup, safety):
  3479. - When configured to write a PID file, Tor now exits if it is unable
  3480. to do so. Previously, it would warn and continue. Closes
  3481. ticket 20119.
  3482. o Minor features (static analysis):
  3483. - The BUG() macro has been changed slightly so that Coverity no
  3484. longer complains about dead code if the bug is impossible. Closes
  3485. ticket 23054.
  3486. o Minor features (testing):
  3487. - Our fuzzing tests now test the encrypted portions of v3 onion
  3488. service descriptors. Implements more of 21509.
  3489. - Add a unit test to make sure that our own generated platform
  3490. string will be accepted by directory authorities. Closes
  3491. ticket 22109.
  3492. - The default chutney network tests now include tests for the v3
  3493. onion service design. Make sure you have the latest version of
  3494. chutney if you want to run these. Closes ticket 22437.
  3495. - Add a unit test to verify that we can parse a hardcoded v2 onion
  3496. service descriptor. Closes ticket 15554.
  3497. o Minor bugfixes (address selection):
  3498. - When the fascist_firewall_choose_address_ functions don't find a
  3499. reachable address, set the returned address to the null address
  3500. and port. This is a precautionary measure, because some callers do
  3501. not check the return value. Fixes bug 24736; bugfix
  3502. on 0.2.8.2-alpha.
  3503. o Minor bugfixes (bootstrapping):
  3504. - When warning about state file clock skew, report the correct
  3505. direction for the detected skew. Fixes bug 23606; bugfix
  3506. on 0.2.8.1-alpha.
  3507. o Minor bugfixes (bridge clients, bootstrap):
  3508. - Retry directory downloads when we get our first bridge descriptor
  3509. during bootstrap or while reconnecting to the network. Keep
  3510. retrying every time we get a bridge descriptor, until we have a
  3511. reachable bridge. Fixes part of bug 24367; bugfix on 0.2.0.3-alpha.
  3512. - Stop delaying bridge descriptor fetches when we have cached bridge
  3513. descriptors. Instead, only delay bridge descriptor fetches when we
  3514. have at least one reachable bridge. Fixes part of bug 24367;
  3515. bugfix on 0.2.0.3-alpha.
  3516. - Stop delaying directory fetches when we have cached bridge
  3517. descriptors. Instead, only delay bridge descriptor fetches when
  3518. all our bridges are definitely unreachable. Fixes part of bug
  3519. 24367; bugfix on 0.2.0.3-alpha.
  3520. o Minor bugfixes (bridge):
  3521. - Overwrite the bridge address earlier in the process of retrieving
  3522. its descriptor, to make sure we reach it on the configured
  3523. address. Fixes bug 20532; bugfix on 0.2.0.10-alpha.
  3524. o Minor bugfixes (build, compilation):
  3525. - Fix a compilation warning when building with zstd support on
  3526. 32-bit platforms. Fixes bug 23568; bugfix on 0.3.1.1-alpha. Found
  3527. and fixed by Andreas Stieger.
  3528. - When searching for OpenSSL, don't accept any OpenSSL library that
  3529. lacks TLSv1_1_method(): Tor doesn't build with those versions.
  3530. Additionally, look in /usr/local/opt/openssl, if it's present.
  3531. These changes together repair the default build on OSX systems
  3532. with Homebrew installed. Fixes bug 23602; bugfix on 0.2.7.2-alpha.
  3533. - Fix a signed/unsigned comparison warning introduced by our fix to
  3534. TROVE-2017-009. Fixes bug 24480; bugfix on 0.2.5.16.
  3535. - Fix a memory leak warning in one of the libevent-related
  3536. configuration tests that could occur when manually specifying
  3537. -fsanitize=address. Fixes bug 24279; bugfix on 0.3.0.2-alpha.
  3538. Found and patched by Alex Xu.
  3539. - Fix unused-variable warnings in donna's Curve25519 SSE2 code.
  3540. Fixes bug 22895; bugfix on 0.2.7.2-alpha.
  3541. o Minor bugfixes (certificate handling):
  3542. - Fix a time handling bug in Tor certificates set to expire after
  3543. the year 2106. Fixes bug 23055; bugfix on 0.3.0.1-alpha. Found by
  3544. Coverity as CID 1415728.
  3545. o Minor bugfixes (client):
  3546. - By default, do not enable storage of client-side DNS values. These
  3547. values were unused by default previously, but they should not have
  3548. been cached at all. Fixes bug 24050; bugfix on 0.2.6.3-alpha.
  3549. o Minor bugfixes (client, usability):
  3550. - Refrain from needlessly rejecting SOCKS5-with-hostnames and
  3551. SOCKS4a requests that contain IP address strings, even when
  3552. SafeSocks in enabled, as this prevents user from connecting to
  3553. known IP addresses without relying on DNS for resolving. SafeSocks
  3554. still rejects SOCKS connections that connect to IP addresses when
  3555. those addresses are _not_ encoded as hostnames. Fixes bug 22461;
  3556. bugfix on Tor 0.2.6.2-alpha.
  3557. o Minor bugfixes (code correctness):
  3558. - Call htons() in extend_cell_format() for encoding a 16-bit value.
  3559. Previously we used ntohs(), which happens to behave the same on
  3560. all the platforms we support, but which isn't really correct.
  3561. Fixes bug 23106; bugfix on 0.2.4.8-alpha.
  3562. - For defense-in-depth, make the controller's write_escaped_data()
  3563. function robust to extremely long inputs. Fixes bug 19281; bugfix
  3564. on 0.1.1.1-alpha. Reported by Guido Vranken.
  3565. - Fix several places in our codebase where a C compiler would be
  3566. likely to eliminate a check, based on assuming that undefined
  3567. behavior had not happened elsewhere in the code. These cases are
  3568. usually a sign of redundant checking or dubious arithmetic. Found
  3569. by Georg Koppen using the "STACK" tool from Wang, Zeldovich,
  3570. Kaashoek, and Solar-Lezama. Fixes bug 24423; bugfix on various
  3571. Tor versions.
  3572. o Minor bugfixes (compression):
  3573. - Handle a pathological case when decompressing Zstandard data when
  3574. the output buffer size is zero. Fixes bug 23551; bugfix
  3575. on 0.3.1.1-alpha.
  3576. o Minor bugfixes (consensus expiry):
  3577. - Check for adequate directory information correctly. Previously, Tor
  3578. would reconsider whether it had sufficient directory information
  3579. every 2 minutes. Fixes bug 23091; bugfix on 0.2.0.19-alpha.
  3580. o Minor bugfixes (control port, linux seccomp2 sandbox):
  3581. - Avoid a crash when attempting to use the seccomp2 sandbox together
  3582. with the OwningControllerProcess feature. Fixes bug 24198; bugfix
  3583. on 0.2.5.1-alpha.
  3584. o Minor bugfixes (control port, onion services):
  3585. - Report "FAILED" instead of "UPLOAD_FAILED" "FAILED" for the
  3586. HS_DESC event when a service is not able to upload a descriptor.
  3587. Fixes bug 24230; bugfix on 0.2.7.1-alpha.
  3588. o Minor bugfixes (directory cache):
  3589. - Recover better from empty or corrupt files in the consensus cache
  3590. directory. Fixes bug 24099; bugfix on 0.3.1.1-alpha.
  3591. - When a consensus diff calculation is only partially successful,
  3592. only record the successful parts as having succeeded. Partial
  3593. success can happen if (for example) one compression method fails
  3594. but the others succeed. Previously we misrecorded all the
  3595. calculations as having succeeded, which would later cause a
  3596. nonfatal assertion failure. Fixes bug 24086; bugfix
  3597. on 0.3.1.1-alpha.
  3598. o Minor bugfixes (directory client):
  3599. - On failure to download directory information, delay retry attempts
  3600. by a random amount based on the "decorrelated jitter" algorithm.
  3601. Our previous delay algorithm tended to produce extra-long delays
  3602. too easily. Fixes bug 23816; bugfix on 0.2.9.1-alpha.
  3603. o Minor bugfixes (directory protocol):
  3604. - Directory servers now include a "Date:" http header for response
  3605. codes other than 200. Clients starting with a skewed clock and a
  3606. recent consensus were getting "304 Not modified" responses from
  3607. directory authorities, so without the Date header, the client
  3608. would never hear about a wrong clock. Fixes bug 23499; bugfix
  3609. on 0.0.8rc1.
  3610. - Make clients wait for 6 seconds before trying to download a
  3611. consensus from an authority. Fixes bug 17750; bugfix
  3612. on 0.2.8.1-alpha.
  3613. o Minor bugfixes (documentation):
  3614. - Document better how to read gcov, and what our gcov postprocessing
  3615. scripts do. Fixes bug 23739; bugfix on 0.2.9.1-alpha.
  3616. - Fix manpage to not refer to the obsolete (and misspelled)
  3617. UseEntryGuardsAsDirectoryGuards parameter in the description of
  3618. NumDirectoryGuards. Fixes bug 23611; bugfix on 0.2.4.8-alpha.
  3619. o Minor bugfixes (DoS-resistance):
  3620. - If future code asks if there are any running bridges, without
  3621. checking if bridges are enabled, log a BUG warning rather than
  3622. crashing. Fixes bug 23524; bugfix on 0.3.0.1-alpha.
  3623. o Minor bugfixes (entry guards):
  3624. - Tor now updates its guard state when it reads a consensus
  3625. regardless of whether it's missing descriptors. That makes tor use
  3626. its primary guards to fetch descriptors in some edge cases where
  3627. it would previously have used fallback directories. Fixes bug
  3628. 23862; bugfix on 0.3.0.1-alpha.
  3629. o Minor bugfixes (format strictness):
  3630. - Restrict several data formats to decimal. Previously, the
  3631. BuildTimeHistogram entries in the state file, the "bw=" entries in
  3632. the bandwidth authority file, and the process IDs passed to the
  3633. __OwningControllerProcess option could all be specified in hex or
  3634. octal as well as in decimal. This was not an intentional feature.
  3635. Fixes bug 22802; bugfixes on 0.2.2.1-alpha, 0.2.2.2-alpha,
  3636. and 0.2.2.28-beta.
  3637. o Minor bugfixes (heartbeat):
  3638. - If we fail to write a heartbeat message, schedule a retry for the
  3639. minimum heartbeat interval number of seconds in the future. Fixes
  3640. bug 19476; bugfix on 0.2.3.1-alpha.
  3641. o Minor bugfixes (logging):
  3642. - Suppress a log notice when relay descriptors arrive. We already
  3643. have a bootstrap progress for this so no need to log notice
  3644. everytime tor receives relay descriptors. Microdescriptors behave
  3645. the same. Fixes bug 23861; bugfix on 0.2.8.2-alpha.
  3646. - Remove duplicate log messages regarding opening non-local
  3647. SocksPorts upon parsing config and opening listeners at startup.
  3648. Fixes bug 4019; bugfix on 0.2.3.3-alpha.
  3649. - Use a more comprehensible log message when telling the user
  3650. they've excluded every running exit node. Fixes bug 7890; bugfix
  3651. on 0.2.2.25-alpha.
  3652. - When logging the number of descriptors we intend to download per
  3653. directory request, do not log a number higher than then the number
  3654. of descriptors we're fetching in total. Fixes bug 19648; bugfix
  3655. on 0.1.1.8-alpha.
  3656. - When warning about a directory owned by the wrong user, log the
  3657. actual name of the user owning the directory. Previously, we'd log
  3658. the name of the process owner twice. Fixes bug 23487; bugfix
  3659. on 0.2.9.1-alpha.
  3660. - Fix some messages on unexpected errors from the seccomp2 library.
  3661. Fixes bug 22750; bugfix on 0.2.5.1-alpha. Patch from "cypherpunks".
  3662. - The tor specification says hop counts are 1-based, so fix two log
  3663. messages that mistakenly logged 0-based hop counts. Fixes bug
  3664. 18982; bugfix on 0.2.6.2-alpha and 0.2.4.5-alpha. Patch by teor.
  3665. Credit to Xiaofan Li for reporting this issue.
  3666. o Minor bugfixes (logging, relay shutdown, annoyance):
  3667. - When a circuit is marked for close, do not attempt to package any
  3668. cells for channels on that circuit. Previously, we would detect
  3669. this condition lower in the call stack, when we noticed that the
  3670. circuit had no attached channel, and log an annoying message.
  3671. Fixes bug 8185; bugfix on 0.2.5.4-alpha.
  3672. o Minor bugfixes (memory safety, defensive programming):
  3673. - Clear the target address when node_get_prim_orport() returns
  3674. early. Fixes bug 23874; bugfix on 0.2.8.2-alpha.
  3675. o Minor bugfixes (memory usage):
  3676. - When queuing DESTROY cells on a channel, only queue the circuit-id
  3677. and reason fields: not the entire 514-byte cell. This fix should
  3678. help mitigate any bugs or attacks that fill up these queues, and
  3679. free more RAM for other uses. Fixes bug 24666; bugfix
  3680. on 0.2.5.1-alpha.
  3681. o Minor bugfixes (network layer):
  3682. - When closing a connection via close_connection_immediately(), we
  3683. mark it as "not blocked on bandwidth", to prevent later calls from
  3684. trying to unblock it, and give it permission to read. This fixes a
  3685. backtrace warning that can happen on relays under various
  3686. circumstances. Fixes bug 24167; bugfix on 0.1.0.1-rc.
  3687. o Minor bugfixes (onion services):
  3688. - The introduction circuit was being timed out too quickly while
  3689. waiting for the rendezvous circuit to complete. Keep the intro
  3690. circuit around longer instead of timing out and reopening new ones
  3691. constantly. Fixes bug 23681; bugfix on 0.2.4.8-alpha.
  3692. - Rename the consensus parameter "hsdir-interval" to "hsdir_interval"
  3693. so it matches dir-spec.txt. Fixes bug 24262; bugfix
  3694. on 0.3.1.1-alpha.
  3695. - When handling multiple SOCKS request for the same .onion address,
  3696. only fetch the service descriptor once.
  3697. - Avoid a possible double close of a circuit by the intro point on
  3698. error of sending the INTRO_ESTABLISHED cell. Fixes bug 23610;
  3699. bugfix on 0.3.0.1-alpha.
  3700. - When reloading configured onion services, copy all information
  3701. from the old service object. Previously, some data was omitted,
  3702. causing delays in descriptor upload, and other bugs. Fixes bug
  3703. 23790; bugfix on 0.2.1.9-alpha.
  3704. o Minor bugfixes (path selection):
  3705. - When selecting relays by bandwidth, avoid a rounding error that
  3706. could sometimes cause load to be imbalanced incorrectly.
  3707. Previously, we would always round upwards; now, we round towards
  3708. the nearest integer. This had the biggest effect when a relay's
  3709. weight adjustments should have given it weight 0, but it got
  3710. weight 1 instead. Fixes bug 23318; bugfix on 0.2.4.3-alpha.
  3711. - When calculating the fraction of nodes that have descriptors, and
  3712. all nodes in the network have zero bandwidths, count the number of
  3713. nodes instead. Fixes bug 23318; bugfix on 0.2.4.10-alpha.
  3714. - Actually log the total bandwidth in compute_weighted_bandwidths().
  3715. Fixes bug 24170; bugfix on 0.2.4.3-alpha.
  3716. o Minor bugfixes (portability):
  3717. - Stop using the PATH_MAX variable, which is not defined on GNU
  3718. Hurd. Fixes bug 23098; bugfix on 0.3.1.1-alpha.
  3719. - Fix a bug in the bit-counting parts of our timing-wheel code on
  3720. MSVC. (Note that MSVC is still not a supported build platform, due
  3721. to cryptographic timing channel risks.) Fixes bug 24633; bugfix
  3722. on 0.2.9.1-alpha.
  3723. o Minor bugfixes (relay):
  3724. - When uploading our descriptor for the first time after startup,
  3725. report the reason for uploading as "Tor just started" rather than
  3726. leaving it blank. Fixes bug 22885; bugfix on 0.2.3.4-alpha.
  3727. - Avoid unnecessary calls to directory_fetches_from_authorities() on
  3728. relays, to prevent spurious address resolutions and descriptor
  3729. rebuilds. This is a mitigation for bug 21789. Fixes bug 23470;
  3730. bugfix on in 0.2.8.1-alpha.
  3731. - Avoid a crash when transitioning from client mode to bridge mode.
  3732. Previously, we would launch the worker threads whenever our
  3733. "public server" mode changed, but not when our "server" mode
  3734. changed. Fixes bug 23693; bugfix on 0.2.6.3-alpha.
  3735. o Minor bugfixes (testing):
  3736. - Fix a spurious fuzzing-only use of an uninitialized value. Found
  3737. by Brian Carpenter. Fixes bug 24082; bugfix on 0.3.0.3-alpha.
  3738. - Test that IPv6-only clients can use microdescriptors when running
  3739. "make test-network-all". Requires chutney master 61c28b9 or later.
  3740. Closes ticket 24109.
  3741. - Prevent scripts/test/coverage from attempting to move gcov output
  3742. to the root directory. Fixes bug 23741; bugfix on 0.2.5.1-alpha.
  3743. - Capture and detect several "Result does not fit" warnings in unit
  3744. tests on platforms with 32-bit time_t. Fixes bug 21800; bugfix
  3745. on 0.2.9.3-alpha.
  3746. - Fix additional channelpadding unit test failures by using mocked
  3747. time instead of actual time for all tests. Fixes bug 23608; bugfix
  3748. on 0.3.1.1-alpha.
  3749. - Fix a bug in our fuzzing mock replacement for crypto_pk_checksig(),
  3750. to correctly handle cases where a caller gives it an RSA key of
  3751. under 160 bits. (This is not actually a bug in Tor itself, but
  3752. rather in our fuzzing code.) Fixes bug 24247; bugfix on
  3753. 0.3.0.3-alpha. Found by OSS-Fuzz as issue 4177.
  3754. - Fix a broken unit test for the OutboundAddress option: the parsing
  3755. function was never returning an error on failure. Fixes bug 23366;
  3756. bugfix on 0.3.0.3-alpha.
  3757. - Fix a signed-integer overflow in the unit tests for
  3758. dir/download_status_random_backoff, which was untriggered until we
  3759. fixed bug 17750. Fixes bug 22924; bugfix on 0.2.9.1-alpha.
  3760. o Minor bugfixes (usability, control port):
  3761. - Stop making an unnecessary routerlist check in NETINFO clock skew
  3762. detection; this was preventing clients from reporting NETINFO clock
  3763. skew to controllers. Fixes bug 23532; bugfix on 0.2.4.4-alpha.
  3764. o Code simplification and refactoring:
  3765. - Remove various ways of testing circuits and connections for
  3766. "clientness"; instead, favor channel_is_client(). Part of
  3767. ticket 22805.
  3768. - Extract the code for handling newly-open channels into a separate
  3769. function from the general code to handle channel state
  3770. transitions. This change simplifies our callgraph, reducing the
  3771. size of the largest strongly connected component by roughly a
  3772. factor of two. Closes ticket 22608.
  3773. - Remove dead code for largely unused statistics on the number of
  3774. times we've attempted various public key operations. Fixes bug
  3775. 19871; bugfix on 0.1.2.4-alpha. Fix by Isis Lovecruft.
  3776. - Remove several now-obsolete functions for asking about old
  3777. variants directory authority status. Closes ticket 22311; patch
  3778. from "huyvq".
  3779. - Remove some of the code that once supported "Named" and "Unnamed"
  3780. routers. Authorities no longer vote for these flags. Closes
  3781. ticket 22215.
  3782. - Rename the obsolete malleable hybrid_encrypt functions used in TAP
  3783. and old hidden services, to indicate that they aren't suitable for
  3784. new protocols or formats. Closes ticket 23026.
  3785. - Replace our STRUCT_OFFSET() macro with offsetof(). Closes ticket
  3786. 22521. Patch from Neel Chauhan.
  3787. - Split the enormous circuit_send_next_onion_skin() function into
  3788. multiple subfunctions. Closes ticket 22804.
  3789. - Split the portions of the buffer.c module that handle particular
  3790. protocols into separate modules. Part of ticket 23149.
  3791. - Use our test macros more consistently, to produce more useful
  3792. error messages when our unit tests fail. Add coccinelle patches to
  3793. allow us to re-check for test macro uses. Closes ticket 22497.
  3794. o Deprecated features:
  3795. - The ReachableDirAddresses and ClientPreferIPv6DirPort options are
  3796. now deprecated; they do not apply to relays, and they have had no
  3797. effect on clients since 0.2.8.x. Closes ticket 19704.
  3798. - Deprecate HTTPProxy/HTTPProxyAuthenticator config options. They
  3799. only applies to direct unencrypted HTTP connections to your
  3800. directory server, which your Tor probably isn't using. Closes
  3801. ticket 20575.
  3802. o Documentation:
  3803. - Add notes in man page regarding OS support for the various
  3804. scheduler types. Attempt to use less jargon in the scheduler
  3805. section. Closes ticket 24254.
  3806. - Clarify that the Address option is entirely about setting an
  3807. advertised IPv4 address. Closes ticket 18891.
  3808. - Clarify the manpage's use of the term "address" to clarify what
  3809. kind of address is intended. Closes ticket 21405.
  3810. - Document that onion service subdomains are allowed, and ignored.
  3811. Closes ticket 18736.
  3812. - Clarify in the manual that "Sandbox 1" is only supported on Linux
  3813. kernels. Closes ticket 22677.
  3814. - Document all values of PublishServerDescriptor in the manpage.
  3815. Closes ticket 15645.
  3816. - Improve the documentation for the directory port part of the
  3817. DirAuthority line. Closes ticket 20152.
  3818. - Restore documentation for the authorities' "approved-routers"
  3819. file. Closes ticket 21148.
  3820. o Removed features:
  3821. - The AllowDotExit option has been removed as unsafe. It has been
  3822. deprecated since 0.2.9.2-alpha. Closes ticket 23426.
  3823. - The ClientDNSRejectInternalAddresses flag can no longer be set on
  3824. non-testing networks. It has been deprecated since 0.2.9.2-alpha.
  3825. Closes ticket 21031.
  3826. - The controller API no longer includes an AUTHDIR_NEWDESCS event:
  3827. nobody was using it any longer. Closes ticket 22377.
  3828. Changes in version 0.3.1.9 - 2017-12-01:
  3829. Tor 0.3.1.9 backports important security and stability fixes from the
  3830. 0.3.2 development series. All Tor users should upgrade to this
  3831. release, or to another of the releases coming out today.
  3832. o Major bugfixes (security, backport from 0.3.2.6-alpha):
  3833. - Fix a denial of service bug where an attacker could use a
  3834. malformed directory object to cause a Tor instance to pause while
  3835. OpenSSL would try to read a passphrase from the terminal. (Tor
  3836. instances run without a terminal, which is the case for most Tor
  3837. packages, are not impacted.) Fixes bug 24246; bugfix on every
  3838. version of Tor. Also tracked as TROVE-2017-011 and CVE-2017-8821.
  3839. Found by OSS-Fuzz as testcase 6360145429790720.
  3840. - Fix a denial of service issue where an attacker could crash a
  3841. directory authority using a malformed router descriptor. Fixes bug
  3842. 24245; bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2017-010
  3843. and CVE-2017-8820.
  3844. - When checking for replays in the INTRODUCE1 cell data for a
  3845. (legacy) onion service, correctly detect replays in the RSA-
  3846. encrypted part of the cell. We were previously checking for
  3847. replays on the entire cell, but those can be circumvented due to
  3848. the malleability of Tor's legacy hybrid encryption. This fix helps
  3849. prevent a traffic confirmation attack. Fixes bug 24244; bugfix on
  3850. 0.2.4.1-alpha. This issue is also tracked as TROVE-2017-009
  3851. and CVE-2017-8819.
  3852. o Major bugfixes (security, onion service v2, backport from 0.3.2.6-alpha):
  3853. - Fix a use-after-free error that could crash v2 Tor onion services
  3854. when they failed to open circuits while expiring introduction
  3855. points. Fixes bug 24313; bugfix on 0.2.7.2-alpha. This issue is
  3856. also tracked as TROVE-2017-013 and CVE-2017-8823.
  3857. o Major bugfixes (security, relay, backport from 0.3.2.6-alpha):
  3858. - When running as a relay, make sure that we never build a path
  3859. through ourselves, even in the case where we have somehow lost the
  3860. version of our descriptor appearing in the consensus. Fixes part
  3861. of bug 21534; bugfix on 0.2.0.1-alpha. This issue is also tracked
  3862. as TROVE-2017-012 and CVE-2017-8822.
  3863. - When running as a relay, make sure that we never choose ourselves
  3864. as a guard. Fixes part of bug 21534; bugfix on 0.3.0.1-alpha. This
  3865. issue is also tracked as TROVE-2017-012 and CVE-2017-8822.
  3866. o Major bugfixes (exit relays, DNS, backport from 0.3.2.4-alpha):
  3867. - Fix an issue causing DNS to fail on high-bandwidth exit nodes,
  3868. making them nearly unusable. Fixes bugs 21394 and 18580; bugfix on
  3869. 0.1.2.2-alpha, which introduced eventdns. Thanks to Dhalgren for
  3870. identifying and finding a workaround to this bug and to Moritz,
  3871. Arthur Edelstein, and Roger for helping to track it down and
  3872. analyze it.
  3873. o Minor features (bridge):
  3874. - Bridges now include notice in their descriptors that they are
  3875. bridges, and notice of their distribution status, based on their
  3876. publication settings. Implements ticket 18329. For more fine-
  3877. grained control of how a bridge is distributed, upgrade to 0.3.2.x
  3878. or later.
  3879. o Minor features (directory authority, backport from 0.3.2.6-alpha):
  3880. - Add an IPv6 address for the "bastet" directory authority. Closes
  3881. ticket 24394.
  3882. o Minor features (geoip):
  3883. - Update geoip and geoip6 to the November 6 2017 Maxmind GeoLite2
  3884. Country database.
  3885. o Minor bugfix (relay address resolution, backport from 0.3.2.1-alpha):
  3886. - Avoid unnecessary calls to directory_fetches_from_authorities() on
  3887. relays, to prevent spurious address resolutions and descriptor
  3888. rebuilds. This is a mitigation for bug 21789. Fixes bug 23470;
  3889. bugfix on in 0.2.8.1-alpha.
  3890. o Minor bugfixes (compilation, backport from 0.3.2.1-alpha):
  3891. - Fix unused variable warnings in donna's Curve25519 SSE2 code.
  3892. Fixes bug 22895; bugfix on 0.2.7.2-alpha.
  3893. o Minor bugfixes (logging, relay shutdown, annoyance, backport from 0.3.2.2-alpha):
  3894. - When a circuit is marked for close, do not attempt to package any
  3895. cells for channels on that circuit. Previously, we would detect
  3896. this condition lower in the call stack, when we noticed that the
  3897. circuit had no attached channel, and log an annoying message.
  3898. Fixes bug 8185; bugfix on 0.2.5.4-alpha.
  3899. o Minor bugfixes (onion service, backport from 0.3.2.5-alpha):
  3900. - Rename the consensus parameter "hsdir-interval" to "hsdir_interval"
  3901. so it matches dir-spec.txt. Fixes bug 24262; bugfix
  3902. on 0.3.1.1-alpha.
  3903. o Minor bugfixes (relay, crash, backport from 0.3.2.4-alpha):
  3904. - Avoid a crash when transitioning from client mode to bridge mode.
  3905. Previously, we would launch the worker threads whenever our
  3906. "public server" mode changed, but not when our "server" mode
  3907. changed. Fixes bug 23693; bugfix on 0.2.6.3-alpha.
  3908. Changes in version 0.3.0.13 - 2017-12-01
  3909. Tor 0.3.0.13 backports important security and stability bugfixes from
  3910. later Tor releases. All Tor users should upgrade to this release, or
  3911. to another of the releases coming out today.
  3912. Note: the Tor 0.3.0 series will no longer be supported after 26 Jan
  3913. 2018. If you need a release with long-term support, please stick with
  3914. the 0.2.9 series. Otherwise, please upgrade to 0.3.1 or later.
  3915. o Major bugfixes (security, backport from 0.3.2.6-alpha):
  3916. - Fix a denial of service bug where an attacker could use a
  3917. malformed directory object to cause a Tor instance to pause while
  3918. OpenSSL would try to read a passphrase from the terminal. (Tor
  3919. instances run without a terminal, which is the case for most Tor
  3920. packages, are not impacted.) Fixes bug 24246; bugfix on every
  3921. version of Tor. Also tracked as TROVE-2017-011 and CVE-2017-8821.
  3922. Found by OSS-Fuzz as testcase 6360145429790720.
  3923. - Fix a denial of service issue where an attacker could crash a
  3924. directory authority using a malformed router descriptor. Fixes bug
  3925. 24245; bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2017-010
  3926. and CVE-2017-8820.
  3927. - When checking for replays in the INTRODUCE1 cell data for a
  3928. (legacy) onion service, correctly detect replays in the RSA-
  3929. encrypted part of the cell. We were previously checking for
  3930. replays on the entire cell, but those can be circumvented due to
  3931. the malleability of Tor's legacy hybrid encryption. This fix helps
  3932. prevent a traffic confirmation attack. Fixes bug 24244; bugfix on
  3933. 0.2.4.1-alpha. This issue is also tracked as TROVE-2017-009
  3934. and CVE-2017-8819.
  3935. o Major bugfixes (security, onion service v2, backport from 0.3.2.6-alpha):
  3936. - Fix a use-after-free error that could crash v2 Tor onion services
  3937. when they failed to open circuits while expiring introduction
  3938. points. Fixes bug 24313; bugfix on 0.2.7.2-alpha. This issue is
  3939. also tracked as TROVE-2017-013 and CVE-2017-8823.
  3940. o Major bugfixes (security, relay, backport from 0.3.2.6-alpha):
  3941. - When running as a relay, make sure that we never build a path
  3942. through ourselves, even in the case where we have somehow lost the
  3943. version of our descriptor appearing in the consensus. Fixes part
  3944. of bug 21534; bugfix on 0.2.0.1-alpha. This issue is also tracked
  3945. as TROVE-2017-012 and CVE-2017-8822.
  3946. - When running as a relay, make sure that we never choose ourselves
  3947. as a guard. Fixes part of bug 21534; bugfix on 0.3.0.1-alpha. This
  3948. issue is also tracked as TROVE-2017-012 and CVE-2017-8822.
  3949. o Major bugfixes (exit relays, DNS, backport from 0.3.2.4-alpha):
  3950. - Fix an issue causing DNS to fail on high-bandwidth exit nodes,
  3951. making them nearly unusable. Fixes bugs 21394 and 18580; bugfix on
  3952. 0.1.2.2-alpha, which introduced eventdns. Thanks to Dhalgren for
  3953. identifying and finding a workaround to this bug and to Moritz,
  3954. Arthur Edelstein, and Roger for helping to track it down and
  3955. analyze it.
  3956. o Minor features (security, windows, backport from 0.3.1.1-alpha):
  3957. - Enable a couple of pieces of Windows hardening: one
  3958. (HeapEnableTerminationOnCorruption) that has been on-by-default
  3959. since Windows 8, and unavailable before Windows 7; and one
  3960. (PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION) which we believe doesn't
  3961. affect us, but shouldn't do any harm. Closes ticket 21953.
  3962. o Minor features (bridge, backport from 0.3.1.9):
  3963. - Bridges now include notice in their descriptors that they are
  3964. bridges, and notice of their distribution status, based on their
  3965. publication settings. Implements ticket 18329. For more fine-
  3966. grained control of how a bridge is distributed, upgrade to 0.3.2.x
  3967. or later.
  3968. o Minor features (directory authority, backport from 0.3.2.6-alpha):
  3969. - Add an IPv6 address for the "bastet" directory authority. Closes
  3970. ticket 24394.
  3971. o Minor features (geoip):
  3972. - Update geoip and geoip6 to the November 6 2017 Maxmind GeoLite2
  3973. Country database.
  3974. o Minor bugfix (relay address resolution, backport from 0.3.2.1-alpha):
  3975. - Avoid unnecessary calls to directory_fetches_from_authorities() on
  3976. relays, to prevent spurious address resolutions and descriptor
  3977. rebuilds. This is a mitigation for bug 21789. Fixes bug 23470;
  3978. bugfix on in 0.2.8.1-alpha.
  3979. o Minor bugfixes (compilation, backport from 0.3.2.1-alpha):
  3980. - Fix unused variable warnings in donna's Curve25519 SSE2 code.
  3981. Fixes bug 22895; bugfix on 0.2.7.2-alpha.
  3982. o Minor bugfixes (logging, relay shutdown, annoyance, backport from 0.3.2.2-alpha):
  3983. - When a circuit is marked for close, do not attempt to package any
  3984. cells for channels on that circuit. Previously, we would detect
  3985. this condition lower in the call stack, when we noticed that the
  3986. circuit had no attached channel, and log an annoying message.
  3987. Fixes bug 8185; bugfix on 0.2.5.4-alpha.
  3988. o Minor bugfixes (relay, crash, backport from 0.3.2.4-alpha):
  3989. - Avoid a crash when transitioning from client mode to bridge mode.
  3990. Previously, we would launch the worker threads whenever our
  3991. "public server" mode changed, but not when our "server" mode
  3992. changed. Fixes bug 23693; bugfix on 0.2.6.3-alpha.
  3993. o Minor bugfixes (testing, backport from 0.3.1.6-rc):
  3994. - Fix an undersized buffer in test-memwipe.c. Fixes bug 23291;
  3995. bugfix on 0.2.7.2-alpha. Found and patched by Ties Stuij.
  3996. Changes in version 0.2.9.14 - 2017-12-01
  3997. Tor 0.3.0.13 backports important security and stability bugfixes from
  3998. later Tor releases. All Tor users should upgrade to this release, or
  3999. to another of the releases coming out today.
  4000. o Major bugfixes (exit relays, DNS, backport from 0.3.2.4-alpha):
  4001. - Fix an issue causing DNS to fail on high-bandwidth exit nodes,
  4002. making them nearly unusable. Fixes bugs 21394 and 18580; bugfix on
  4003. 0.1.2.2-alpha, which introduced eventdns. Thanks to Dhalgren for
  4004. identifying and finding a workaround to this bug and to Moritz,
  4005. Arthur Edelstein, and Roger for helping to track it down and
  4006. analyze it.
  4007. o Major bugfixes (security, backport from 0.3.2.6-alpha):
  4008. - Fix a denial of service bug where an attacker could use a
  4009. malformed directory object to cause a Tor instance to pause while
  4010. OpenSSL would try to read a passphrase from the terminal. (Tor
  4011. instances run without a terminal, which is the case for most Tor
  4012. packages, are not impacted.) Fixes bug 24246; bugfix on every
  4013. version of Tor. Also tracked as TROVE-2017-011 and CVE-2017-8821.
  4014. Found by OSS-Fuzz as testcase 6360145429790720.
  4015. - Fix a denial of service issue where an attacker could crash a
  4016. directory authority using a malformed router descriptor. Fixes bug
  4017. 24245; bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2017-010
  4018. and CVE-2017-8820.
  4019. - When checking for replays in the INTRODUCE1 cell data for a
  4020. (legacy) onion service, correctly detect replays in the RSA-
  4021. encrypted part of the cell. We were previously checking for
  4022. replays on the entire cell, but those can be circumvented due to
  4023. the malleability of Tor's legacy hybrid encryption. This fix helps
  4024. prevent a traffic confirmation attack. Fixes bug 24244; bugfix on
  4025. 0.2.4.1-alpha. This issue is also tracked as TROVE-2017-009
  4026. and CVE-2017-8819.
  4027. o Major bugfixes (security, onion service v2, backport from 0.3.2.6-alpha):
  4028. - Fix a use-after-free error that could crash v2 Tor onion services
  4029. when they failed to open circuits while expiring introduction
  4030. points. Fixes bug 24313; bugfix on 0.2.7.2-alpha. This issue is
  4031. also tracked as TROVE-2017-013 and CVE-2017-8823.
  4032. o Major bugfixes (security, relay, backport from 0.3.2.6-alpha):
  4033. - When running as a relay, make sure that we never build a path
  4034. through ourselves, even in the case where we have somehow lost the
  4035. version of our descriptor appearing in the consensus. Fixes part
  4036. of bug 21534; bugfix on 0.2.0.1-alpha. This issue is also tracked
  4037. as TROVE-2017-012 and CVE-2017-8822.
  4038. o Minor features (bridge, backport from 0.3.1.9):
  4039. - Bridges now include notice in their descriptors that they are
  4040. bridges, and notice of their distribution status, based on their
  4041. publication settings. Implements ticket 18329. For more fine-
  4042. grained control of how a bridge is distributed, upgrade to 0.3.2.x
  4043. or later.
  4044. o Minor features (directory authority, backport from 0.3.2.6-alpha):
  4045. - Add an IPv6 address for the "bastet" directory authority. Closes
  4046. ticket 24394.
  4047. o Minor features (geoip):
  4048. - Update geoip and geoip6 to the November 6 2017 Maxmind GeoLite2
  4049. Country database.
  4050. o Minor features (security, windows, backport from 0.3.1.1-alpha):
  4051. - Enable a couple of pieces of Windows hardening: one
  4052. (HeapEnableTerminationOnCorruption) that has been on-by-default
  4053. since Windows 8, and unavailable before Windows 7; and one
  4054. (PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION) which we believe doesn't
  4055. affect us, but shouldn't do any harm. Closes ticket 21953.
  4056. o Minor bugfix (relay address resolution, backport from 0.3.2.1-alpha):
  4057. - Avoid unnecessary calls to directory_fetches_from_authorities() on
  4058. relays, to prevent spurious address resolutions and descriptor
  4059. rebuilds. This is a mitigation for bug 21789. Fixes bug 23470;
  4060. bugfix on in 0.2.8.1-alpha.
  4061. o Minor bugfixes (compilation, backport from 0.3.2.1-alpha):
  4062. - Fix unused variable warnings in donna's Curve25519 SSE2 code.
  4063. Fixes bug 22895; bugfix on 0.2.7.2-alpha.
  4064. o Minor bugfixes (logging, relay shutdown, annoyance, backport from 0.3.2.2-alpha):
  4065. - When a circuit is marked for close, do not attempt to package any
  4066. cells for channels on that circuit. Previously, we would detect
  4067. this condition lower in the call stack, when we noticed that the
  4068. circuit had no attached channel, and log an annoying message.
  4069. Fixes bug 8185; bugfix on 0.2.5.4-alpha.
  4070. o Minor bugfixes (relay, crash, backport from 0.3.2.4-alpha):
  4071. - Avoid a crash when transitioning from client mode to bridge mode.
  4072. Previously, we would launch the worker threads whenever our
  4073. "public server" mode changed, but not when our "server" mode
  4074. changed. Fixes bug 23693; bugfix on 0.2.6.3-alpha.
  4075. o Minor bugfixes (testing, backport from 0.3.1.6-rc):
  4076. - Fix an undersized buffer in test-memwipe.c. Fixes bug 23291;
  4077. bugfix on 0.2.7.2-alpha. Found and patched by Ties Stuij.
  4078. Changes in version 0.2.8.17 - 2017-12-01
  4079. Tor 0.2.8.17 backports important security and stability bugfixes from
  4080. later Tor releases. All Tor users should upgrade to this release, or
  4081. to another of the releases coming out today.
  4082. Note: the Tor 0.2.8 series will no longer be supported after 1 Jan
  4083. 2018. If you need a release with long-term support, please upgrade with
  4084. the 0.2.9 series. Otherwise, please upgrade to 0.3.1 or later.
  4085. o Major bugfixes (security, backport from 0.3.2.6-alpha):
  4086. - Fix a denial of service bug where an attacker could use a
  4087. malformed directory object to cause a Tor instance to pause while
  4088. OpenSSL would try to read a passphrase from the terminal. (Tor
  4089. instances run without a terminal, which is the case for most Tor
  4090. packages, are not impacted.) Fixes bug 24246; bugfix on every
  4091. version of Tor. Also tracked as TROVE-2017-011 and CVE-2017-8821.
  4092. Found by OSS-Fuzz as testcase 6360145429790720.
  4093. - When checking for replays in the INTRODUCE1 cell data for a
  4094. (legacy) onion service, correctly detect replays in the RSA-
  4095. encrypted part of the cell. We were previously checking for
  4096. replays on the entire cell, but those can be circumvented due to
  4097. the malleability of Tor's legacy hybrid encryption. This fix helps
  4098. prevent a traffic confirmation attack. Fixes bug 24244; bugfix on
  4099. 0.2.4.1-alpha. This issue is also tracked as TROVE-2017-009
  4100. and CVE-2017-8819.
  4101. o Major bugfixes (security, onion service v2, backport from 0.3.2.6-alpha):
  4102. - Fix a use-after-free error that could crash v2 Tor onion services
  4103. when they failed to open circuits while expiring introduction
  4104. points. Fixes bug 24313; bugfix on 0.2.7.2-alpha. This issue is
  4105. also tracked as TROVE-2017-013 and CVE-2017-8823.
  4106. o Major bugfixes (security, relay, backport from 0.3.2.6-alpha):
  4107. - When running as a relay, make sure that we never build a path through
  4108. ourselves, even in the case where we have somehow lost the version of
  4109. our descriptor appearing in the consensus. Fixes part of bug 21534;
  4110. bugfix on 0.2.0.1-alpha. This issue is also tracked as TROVE-2017-012
  4111. and CVE-2017-8822.
  4112. o Minor