mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-12-11 21:23:35 +01:00
Start on 0.2.6 release notes
I made these mostly mechanically, by collating all the 0.2.6.x changelogs and removing all the items that were bugfixes on 0.2.6.x.
This commit is contained in:
parent
2224780fc5
commit
0f0b83815f
975
ReleaseNotes
975
ReleaseNotes
@ -3,6 +3,981 @@ This document summarizes new features and bugfixes in each stable release
|
|||||||
of Tor. If you want to see more detailed descriptions of the changes in
|
of Tor. If you want to see more detailed descriptions of the changes in
|
||||||
each development snapshot, see the ChangeLog file.
|
each development snapshot, see the ChangeLog file.
|
||||||
|
|
||||||
|
|
||||||
|
Changes in version 0.2.6.???
|
||||||
|
|
||||||
|
Write a blurb here.
|
||||||
|
|
||||||
|
o New compiler and system requirements:
|
||||||
|
- Tor 0.2.6.x requires that your compiler support more of the C99
|
||||||
|
language standard than before. The 'configure' script now detects
|
||||||
|
whether your compiler supports C99 mid-block declarations and
|
||||||
|
designated initializers. If it does not, Tor will not compile.
|
||||||
|
|
||||||
|
We may revisit this requirement if it turns out that a significant
|
||||||
|
number of people need to build Tor with compilers that don't
|
||||||
|
bother implementing a 15-year-old standard. Closes ticket 13233.
|
||||||
|
- Tor no longer supports systems without threading support. When we
|
||||||
|
began working on Tor, there were several systems that didn't have
|
||||||
|
threads, or where the thread support wasn't able to run the
|
||||||
|
threads of a single process on multiple CPUs. That no longer
|
||||||
|
holds: every system where Tor needs to run well now has threading
|
||||||
|
support. Resolves ticket 12439.
|
||||||
|
|
||||||
|
o Deprecated versions and removed support:
|
||||||
|
- Tor relays older than 0.2.4.18-rc are no longer allowed to
|
||||||
|
advertise themselves on the network. Closes ticket 13555.
|
||||||
|
- Tor clients no longer support connecting to hidden services
|
||||||
|
running on Tor 0.2.2.x and earlier; the Support022HiddenServices
|
||||||
|
option has been removed. (There shouldn't be any hidden services
|
||||||
|
running these versions on the network.) Closes ticket 7803.
|
||||||
|
|
||||||
|
o Directory authority changes:
|
||||||
|
- The directory authority Faravahar has a new IP address. This
|
||||||
|
closes ticket 14487.
|
||||||
|
- Remove turtles as a directory authority.
|
||||||
|
- Add longclaw as a new (v3) directory authority. This implements
|
||||||
|
ticket 13296. This keeps the directory authority count at 9.
|
||||||
|
|
||||||
|
o Major features (bridges):
|
||||||
|
- Expose the outgoing upstream HTTP/SOCKS proxy to pluggable
|
||||||
|
transports if they are configured via the "TOR_PT_PROXY"
|
||||||
|
environment variable. Implements proposal 232. Resolves
|
||||||
|
ticket 8402.
|
||||||
|
|
||||||
|
o Major features (changed defaults):
|
||||||
|
- Prevent relay operators from unintentionally running exits: When a
|
||||||
|
relay is configured as an exit node, we now warn the user unless
|
||||||
|
the "ExitRelay" option is set to 1. We warn even more loudly if
|
||||||
|
the relay is configured with the default exit policy, since this
|
||||||
|
can indicate accidental misconfiguration. Setting "ExitRelay 0"
|
||||||
|
stops Tor from running as an exit relay. Closes ticket 10067.
|
||||||
|
|
||||||
|
o Major features (client performance, hidden services):
|
||||||
|
- Allow clients to use optimistic data when connecting to a hidden
|
||||||
|
service, which should remove a round-trip from hidden service
|
||||||
|
initialization. See proposal 181 for details. Implements
|
||||||
|
ticket 13211.
|
||||||
|
|
||||||
|
o Major features (directory system):
|
||||||
|
- Upon receiving an unparseable directory object, if its digest
|
||||||
|
matches what we expected, then don't try to download it again.
|
||||||
|
Previously, when we got a descriptor we didn't like, we would keep
|
||||||
|
trying to download it over and over. Closes ticket 11243.
|
||||||
|
- When downloading server- or microdescriptors from a directory
|
||||||
|
server, we no longer launch multiple simultaneous requests to the
|
||||||
|
same server. This reduces load on the directory servers,
|
||||||
|
especially when directory guards are in use. Closes ticket 9969.
|
||||||
|
- When downloading server- or microdescriptors over a tunneled
|
||||||
|
connection, do not limit the length of our requests to what the
|
||||||
|
Squid proxy is willing to handle. Part of ticket 9969.
|
||||||
|
- Authorities can now vote on the correct digests and latest
|
||||||
|
versions for different software packages. This allows packages
|
||||||
|
that include Tor to use the Tor authority system as a way to get
|
||||||
|
notified of updates and their correct digests. Implements proposal
|
||||||
|
227. Closes ticket 10395.
|
||||||
|
|
||||||
|
o Major features (guards):
|
||||||
|
- Introduce the Guardfraction feature to improves load balancing on
|
||||||
|
guard nodes. Specifically, it aims to reduce the traffic gap that
|
||||||
|
guard nodes experience when they first get the Guard flag. This is
|
||||||
|
a required step if we want to increase the guard lifetime to 9
|
||||||
|
months or greater. Closes ticket 9321.
|
||||||
|
|
||||||
|
o Major features (hidden services):
|
||||||
|
- Make HS port scanning more difficult by immediately closing the
|
||||||
|
circuit when a user attempts to connect to a nonexistent port.
|
||||||
|
Closes ticket 13667.
|
||||||
|
- Add a HiddenServiceStatistics option that allows Tor relays to
|
||||||
|
gather and publish statistics about the overall size and volume of
|
||||||
|
hidden service usage. Specifically, when this option is turned on,
|
||||||
|
an HSDir will publish an approximate number of hidden services
|
||||||
|
that have published descriptors to it the past 24 hours. Also, if
|
||||||
|
a relay has acted as a hidden service rendezvous point, it will
|
||||||
|
publish the approximate amount of rendezvous cells it has relayed
|
||||||
|
the past 24 hours. The statistics themselves are obfuscated so
|
||||||
|
that the exact values cannot be derived. For more details see
|
||||||
|
proposal 238, "Better hidden service stats from Tor relays". This
|
||||||
|
feature is currently disabled by default. Implements feature 13192.
|
||||||
|
|
||||||
|
o Major features (performance):
|
||||||
|
- Make the CPU worker implementation more efficient by avoiding the
|
||||||
|
kernel and lengthening pipelines. The original implementation used
|
||||||
|
sockets to transfer data from the main thread to the workers, and
|
||||||
|
didn't allow any thread to be assigned more than a single piece of
|
||||||
|
work at once. The new implementation avoids communications
|
||||||
|
overhead by making requests in shared memory, avoiding kernel IO
|
||||||
|
where possible, and keeping more requests in flight at once.
|
||||||
|
Implements ticket 9682.
|
||||||
|
|
||||||
|
o Major features (relay):
|
||||||
|
- Raise the minimum acceptable configured bandwidth rate for bridges
|
||||||
|
to 50 KiB/sec and for relays to 75 KiB/sec. (The old values were
|
||||||
|
20 KiB/sec.) Closes ticket 13822.
|
||||||
|
- Complete revision of the code that relays use to decide which cell
|
||||||
|
to send next. Formerly, we selected the best circuit to write on
|
||||||
|
each channel, but we didn't select among channels in any
|
||||||
|
sophisticated way. Now, we choose the best circuits globally from
|
||||||
|
among those whose channels are ready to deliver traffic.
|
||||||
|
|
||||||
|
This patch implements a new inter-cmux comparison API, a global
|
||||||
|
high/low watermark mechanism and a global scheduler loop for
|
||||||
|
transmission prioritization across all channels as well as among
|
||||||
|
circuits on one channel. This schedule is currently tuned to
|
||||||
|
(tolerantly) avoid making changes in network performance, but it
|
||||||
|
should form the basis for major circuit performance increases in
|
||||||
|
the future. Code by Andrea; tuning by Rob Jansen; implements
|
||||||
|
ticket 9262.
|
||||||
|
|
||||||
|
o Major features (sample torrc):
|
||||||
|
- Add a new, infrequently-changed "torrc.minimal". This file is
|
||||||
|
similar to torrc.sample, but it will change as infrequently as
|
||||||
|
possible, for the benefit of users whose systems prompt them for
|
||||||
|
intervention whenever a default configuration file is changed.
|
||||||
|
Making this change allows us to update torrc.sample to be a more
|
||||||
|
generally useful "sample torrc".
|
||||||
|
|
||||||
|
o Major features (security, unix domain sockets):
|
||||||
|
- Allow SocksPort to be an AF_UNIX Unix Domain Socket. Now high risk
|
||||||
|
applications can reach Tor without having to create AF_INET or
|
||||||
|
AF_INET6 sockets, meaning they can completely disable their
|
||||||
|
ability to make non-Tor network connections. To create a socket of
|
||||||
|
this type, use "SocksPort unix:/path/to/socket". Implements
|
||||||
|
ticket 12585.
|
||||||
|
- Support mapping hidden service virtual ports to AF_UNIX sockets.
|
||||||
|
The syntax is "HiddenServicePort 80 unix:/path/to/socket".
|
||||||
|
Implements ticket 11485.
|
||||||
|
|
||||||
|
o Major bugfixes (client, automap):
|
||||||
|
- Repair automapping with IPv6 addresses. This automapping should
|
||||||
|
have worked previously, but one piece of debugging code that we
|
||||||
|
inserted to detect a regression actually caused the regression to
|
||||||
|
manifest itself again. Fixes bug 13811 and bug 12831; bugfix on
|
||||||
|
0.2.4.7-alpha. Diagnosed and fixed by Francisco Blas
|
||||||
|
Izquierdo Riera.
|
||||||
|
|
||||||
|
o Major bugfixes (crash, OSX, security):
|
||||||
|
- Fix a remote denial-of-service opportunity caused by a bug in
|
||||||
|
OSX's _strlcat_chk() function. Fixes bug 15205; bug first appeared
|
||||||
|
in OSX 10.9.
|
||||||
|
|
||||||
|
o Major bugfixes (directory authorities):
|
||||||
|
- Do not assign the HSDir flag to relays if they are not Valid, or
|
||||||
|
currently hibernating. Fixes 12573; bugfix on 0.2.0.10-alpha.
|
||||||
|
|
||||||
|
o Major bugfixes (directory bandwidth performance):
|
||||||
|
- Don't flush the zlib buffer aggressively when compressing
|
||||||
|
directory information for clients. This should save about 7% of
|
||||||
|
the bandwidth currently used for compressed descriptors and
|
||||||
|
microdescriptors. Fixes bug 11787; bugfix on 0.1.1.23.
|
||||||
|
|
||||||
|
o Major bugfixes (exit node stability):
|
||||||
|
- Fix an assertion failure that could occur under high DNS load.
|
||||||
|
Fixes bug 14129; bugfix on Tor 0.0.7rc1. Found by "jowr";
|
||||||
|
diagnosed and fixed by "cypherpunks".
|
||||||
|
|
||||||
|
o Major bugfixes (FreeBSD IPFW transparent proxy):
|
||||||
|
- Fix address detection with FreeBSD transparent proxies, when
|
||||||
|
"TransProxyType ipfw" is in use. Fixes bug 15064; bugfix
|
||||||
|
on 0.2.5.4-alpha.
|
||||||
|
|
||||||
|
o Major bugfixes (hidden services):
|
||||||
|
- When closing an introduction circuit that was opened in parallel
|
||||||
|
with others, don't mark the introduction point as unreachable.
|
||||||
|
Previously, the first successful connection to an introduction
|
||||||
|
point would make the other introduction points get marked as
|
||||||
|
having timed out. Fixes bug 13698; bugfix on 0.0.6rc2.
|
||||||
|
|
||||||
|
o Major bugfixes (Linux seccomp2 sandbox):
|
||||||
|
- Upon receiving sighup with the seccomp2 sandbox enabled, do not
|
||||||
|
crash during attempts to call wait4. Fixes bug 15088; bugfix on
|
||||||
|
0.2.5.1-alpha. Patch from "sanic".
|
||||||
|
|
||||||
|
o Major bugfixes (mixed relay-client operation):
|
||||||
|
- When running as a relay and client at the same time (not
|
||||||
|
recommended), if we decide not to use a new guard because we want
|
||||||
|
to retry older guards, only close the locally-originating circuits
|
||||||
|
passing through that guard. Previously we would close all the
|
||||||
|
circuits through that guard. Fixes bug 9819; bugfix on
|
||||||
|
0.2.1.1-alpha. Reported by "skruffy".
|
||||||
|
|
||||||
|
o Major bugfixes (relay, stability, possible security):
|
||||||
|
- Fix a bug that could lead to a relay crashing with an assertion
|
||||||
|
failure if a buffer of exactly the wrong layout is passed to
|
||||||
|
buf_pullup() at exactly the wrong time. Fixes bug 15083; bugfix on
|
||||||
|
0.2.0.10-alpha. Patch from "cypherpunks".
|
||||||
|
- Do not assert if the 'data' pointer on a buffer is advanced to the
|
||||||
|
very end of the buffer; log a BUG message instead. Only assert if
|
||||||
|
it is past that point. Fixes bug 15083; bugfix on 0.2.0.10-alpha.
|
||||||
|
|
||||||
|
o Minor features (build):
|
||||||
|
- New --disable-system-torrc compile-time option to prevent Tor from
|
||||||
|
looking for the system-wide torrc or torrc-defaults files.
|
||||||
|
Resolves ticket 13037.
|
||||||
|
|
||||||
|
o Minor features (client):
|
||||||
|
- Clients are now willing to send optimistic data (before they
|
||||||
|
receive a 'connected' cell) to relays of any version. (Relays
|
||||||
|
without support for optimistic data are no longer supported on the
|
||||||
|
Tor network.) Resolves ticket 13153.
|
||||||
|
|
||||||
|
o Minor features (client):
|
||||||
|
- Validate hostnames in SOCKS5 requests more strictly. If SafeSocks
|
||||||
|
is enabled, reject requests with IP addresses as hostnames.
|
||||||
|
Resolves ticket 13315.
|
||||||
|
|
||||||
|
o Minor features (controller):
|
||||||
|
- Add a "SIGNAL HEARTBEAT" controller command that tells Tor to
|
||||||
|
write an unscheduled heartbeat message to the log. Implements
|
||||||
|
feature 9503.
|
||||||
|
- Include SOCKS_USERNAME and SOCKS_PASSWORD values in controller
|
||||||
|
events so controllers can observe circuit isolation inputs. Closes
|
||||||
|
ticket 8405.
|
||||||
|
- ControlPort now supports the unix:/path/to/socket syntax as an
|
||||||
|
alternative to the ControlSocket option, for consistency with
|
||||||
|
SocksPort and HiddenServicePort. Closes ticket 14451.
|
||||||
|
- New "GETINFO bw-event-cache" to get information about recent
|
||||||
|
bandwidth events. Closes ticket 14128. Useful for controllers to
|
||||||
|
get recent bandwidth history after the fix for ticket 13988.
|
||||||
|
- Messages about problems in the bootstrap process now include
|
||||||
|
information about the server we were trying to connect to when we
|
||||||
|
noticed the problem. Closes ticket 15006.
|
||||||
|
|
||||||
|
o Minor features (Denial of service resistance):
|
||||||
|
- Count the total number of bytes used storing hidden service
|
||||||
|
descriptors against the value of MaxMemInQueues. If we're low on
|
||||||
|
memory, and more than 20% of our memory is used holding hidden
|
||||||
|
service descriptors, free them until no more than 10% of our
|
||||||
|
memory holds hidden service descriptors. Free the least recently
|
||||||
|
fetched descriptors first. Resolves ticket 13806.
|
||||||
|
- When we have recently been under memory pressure (over 3/4 of
|
||||||
|
MaxMemInQueues is allocated), then allocate smaller zlib objects
|
||||||
|
for small requests. Closes ticket 11791.
|
||||||
|
|
||||||
|
o Minor features (directory authorities):
|
||||||
|
- Don't list relays with a bandwidth estimate of 0 in the consensus.
|
||||||
|
Implements a feature proposed during discussion of bug 13000.
|
||||||
|
- In tor-gencert, report an error if the user provides the same
|
||||||
|
argument more than once.
|
||||||
|
- If a directory authority can't find a best consensus method in the
|
||||||
|
votes that it holds, it now falls back to its favorite consensus
|
||||||
|
method. Previously, it fell back to method 1. Neither of these is
|
||||||
|
likely to get enough signatures, but "fall back to favorite"
|
||||||
|
doesn't require us to maintain support an obsolete consensus
|
||||||
|
method. Implements part of proposal 215.
|
||||||
|
|
||||||
|
o Minor features (geoip):
|
||||||
|
- Update geoip to the March 3 2015 Maxmind GeoLite2 Country database.
|
||||||
|
- Update geoip6 to the March 3 2015 Maxmind GeoLite2
|
||||||
|
Country database.
|
||||||
|
|
||||||
|
o Minor features (guard nodes):
|
||||||
|
- Reduce the time delay before saving guard status to disk from 10
|
||||||
|
minutes to 30 seconds (or from one hour to 10 minutes if
|
||||||
|
AvoidDiskWrites is set). Closes ticket 12485.
|
||||||
|
|
||||||
|
o Minor features (hidden service):
|
||||||
|
- Make Sybil attacks against hidden services harder by changing the
|
||||||
|
minimum time required to get the HSDir flag from 25 hours up to 96
|
||||||
|
hours. Addresses ticket 14149.
|
||||||
|
- New option "HiddenServiceAllowUnknownPorts" to allow hidden
|
||||||
|
services to disable the anti-scanning feature introduced in
|
||||||
|
0.2.6.2-alpha. With this option not set, a connection to an
|
||||||
|
unlisted port closes the circuit. With this option set, only a
|
||||||
|
RELAY_DONE cell is sent. Closes ticket 14084.
|
||||||
|
- When re-enabling the network, don't try to build introduction
|
||||||
|
circuits until we have successfully built a circuit. This makes
|
||||||
|
hidden services come up faster when the network is re-enabled.
|
||||||
|
Patch from "akwizgran". Closes ticket 13447.
|
||||||
|
- When we fail to retrieve a hidden service descriptor, send the
|
||||||
|
controller an "HS_DESC FAILED" controller event. Implements
|
||||||
|
feature 13212.
|
||||||
|
- New HiddenServiceDirGroupReadable option to cause hidden service
|
||||||
|
directories and hostname files to be created group-readable. Patch
|
||||||
|
from "anon", David Stainton, and "meejah". Closes ticket 11291.
|
||||||
|
|
||||||
|
o Minor features (interface):
|
||||||
|
- Implement "-f -" command-line option to read torrc configuration
|
||||||
|
from standard input, if you don't want to store the torrc file in
|
||||||
|
the file system. Implements feature 13865.
|
||||||
|
|
||||||
|
o Minor features (logging):
|
||||||
|
- Add a count of unique clients to the bridge heartbeat message.
|
||||||
|
Resolves ticket 6852.
|
||||||
|
- Suppress "router info incompatible with extra info" message when
|
||||||
|
reading extrainfo documents from cache. (This message got loud
|
||||||
|
around when we closed bug 9812 in 0.2.6.2-alpha.) Closes
|
||||||
|
ticket 13762.
|
||||||
|
- Elevate hidden service authorized-client message from DEBUG to
|
||||||
|
INFO. Closes ticket 14015.
|
||||||
|
- On Unix-like systems, you can now use named pipes as the target of
|
||||||
|
the Log option, and other options that try to append to files.
|
||||||
|
Closes ticket 12061. Patch from "carlo von lynX".
|
||||||
|
- When opening a log file at startup, send it every log message that
|
||||||
|
we generated between startup and opening it. Previously, log
|
||||||
|
messages that were generated before opening the log file were only
|
||||||
|
logged to stdout. Closes ticket 6938.
|
||||||
|
- Add a TruncateLogFile option to overwrite logs instead of
|
||||||
|
appending to them. Closes ticket 5583.
|
||||||
|
- Quiet some log messages in the heartbeat and at startup. Closes
|
||||||
|
ticket 14950.
|
||||||
|
|
||||||
|
o Minor features (portability, Solaris):
|
||||||
|
- Threads are no longer disabled by default on Solaris; we believe
|
||||||
|
that the versions of Solaris with broken threading support are all
|
||||||
|
obsolete by now. Resolves ticket 9495.
|
||||||
|
|
||||||
|
o Minor features (relay):
|
||||||
|
- Re-check our address after we detect a changed IP address from
|
||||||
|
getsockname(). This ensures that the controller command "GETINFO
|
||||||
|
address" will report the correct value. Resolves ticket 11582.
|
||||||
|
Patch from "ra".
|
||||||
|
- A new AccountingRule option lets Relays set whether they'd like
|
||||||
|
AccountingMax to be applied separately to inbound and outbound
|
||||||
|
traffic, or applied to the sum of inbound and outbound traffic.
|
||||||
|
Resolves ticket 961. Patch by "chobe".
|
||||||
|
- When identity keypair is generated for first time, log a
|
||||||
|
congratulatory message that links to the new relay lifecycle
|
||||||
|
document. Implements feature 10427.
|
||||||
|
|
||||||
|
o Minor features (security, memory wiping):
|
||||||
|
- Ensure we securely wipe keys from memory after
|
||||||
|
crypto_digest_get_digest and init_curve25519_keypair_from_file
|
||||||
|
have finished using them. Resolves ticket 13477.
|
||||||
|
|
||||||
|
o Minor features (security, out-of-memory handling):
|
||||||
|
- When handling an out-of-memory condition, allocate less memory for
|
||||||
|
temporary data structures. Fixes issue 10115.
|
||||||
|
- When handling an out-of-memory condition, consider more types of
|
||||||
|
buffers, including those on directory connections, and zlib
|
||||||
|
buffers. Resolves ticket 11792.
|
||||||
|
|
||||||
|
o Minor features (stability):
|
||||||
|
- Add assertions in our hash-table iteration code to check for
|
||||||
|
corrupted values that could cause infinite loops. Closes
|
||||||
|
ticket 11737.
|
||||||
|
|
||||||
|
o Minor features (systemd):
|
||||||
|
- Various improvements and modernizations in systemd hardening
|
||||||
|
support. Closes ticket 13805. Patch from Craig Andrews.
|
||||||
|
- Where supported, when running with systemd, report successful
|
||||||
|
startup to systemd. Part of ticket 11016. Patch by Michael Scherer.
|
||||||
|
- When running with systemd, support systemd watchdog messages. Part
|
||||||
|
of ticket 11016. Patch by Michael Scherer.
|
||||||
|
|
||||||
|
o Minor features (testing networks):
|
||||||
|
- Add the TestingDirAuthVoteExit option, which lists nodes to assign
|
||||||
|
the "Exit" flag regardless of their uptime, bandwidth, or exit
|
||||||
|
policy. TestingTorNetwork must be set for this option to have any
|
||||||
|
effect. Previously, authorities would take up to 35 minutes to
|
||||||
|
give nodes the Exit flag in a test network. Partially implements
|
||||||
|
ticket 13161.
|
||||||
|
- Drop the minimum RendPostPeriod on a testing network to 5 seconds,
|
||||||
|
and the default on a testing network to 2 minutes. Drop the
|
||||||
|
MIN_REND_INITIAL_POST_DELAY on a testing network to 5 seconds, but
|
||||||
|
keep the default on a testing network at 30 seconds. This reduces
|
||||||
|
HS bootstrap time to around 25 seconds. Also, change the default
|
||||||
|
time in test-network.sh to match. Closes ticket 13401. Patch
|
||||||
|
by "teor".
|
||||||
|
- Create TestingDirAuthVoteHSDir to correspond to
|
||||||
|
TestingDirAuthVoteExit/Guard. Ensures that authorities vote the
|
||||||
|
HSDir flag for the listed relays regardless of uptime or ORPort
|
||||||
|
connectivity. Respects the value of VoteOnHidServDirectoriesV2.
|
||||||
|
Partial implementation for ticket 14067. Patch by "teor".
|
||||||
|
|
||||||
|
o Minor features (tor2web mode):
|
||||||
|
- Introduce the config option Tor2webRendezvousPoints, which allows
|
||||||
|
clients in Tor2webMode to select a specific Rendezvous Point to be
|
||||||
|
used in HS circuits. This might allow better performance for
|
||||||
|
Tor2Web nodes. Implements ticket 12844.
|
||||||
|
|
||||||
|
o Minor features (transparent proxy):
|
||||||
|
- Update the transparent proxy option checks to allow for both ipfw
|
||||||
|
and pf on OS X. Closes ticket 14002.
|
||||||
|
- Use the correct option when using IPv6 with transparent proxy
|
||||||
|
support on Linux. Resolves 13808. Patch by Francisco Blas
|
||||||
|
Izquierdo Riera.
|
||||||
|
|
||||||
|
o Minor features (validation):
|
||||||
|
- Check all date/time values passed to tor_timegm and
|
||||||
|
parse_rfc1123_time for validity, taking leap years into account.
|
||||||
|
Improves HTTP header validation. Implemented with bug 13476.
|
||||||
|
- In correct_tm(), limit the range of values returned by system
|
||||||
|
localtime(_r) and gmtime(_r) to be between the years 1 and 8099.
|
||||||
|
This means we don't have to deal with negative or too large dates,
|
||||||
|
even if a clock is wrong. Otherwise we might fail to read a file
|
||||||
|
written by us which includes such a date. Fixes bug 13476.
|
||||||
|
- Stop allowing invalid address patterns like "*/24" that contain
|
||||||
|
both a wildcard address and a bit prefix length. This affects all
|
||||||
|
our address-range parsing code. Fixes bug 7484; bugfix
|
||||||
|
on 0.0.2pre14.
|
||||||
|
|
||||||
|
o Minor bugfixes (bridge clients):
|
||||||
|
- When configured to use a bridge without an identity digest (not
|
||||||
|
recommended), avoid launching an extra channel to it when
|
||||||
|
bootstrapping. Fixes bug 7733; bugfix on 0.2.4.4-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (bridges):
|
||||||
|
- When DisableNetwork is set, do not launch pluggable transport
|
||||||
|
plugins, and if any are running, terminate them. Fixes bug 13213;
|
||||||
|
bugfix on 0.2.3.6-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (C correctness):
|
||||||
|
- Fix several instances of possible integer overflow/underflow/NaN.
|
||||||
|
Fixes bug 13104; bugfix on 0.2.3.1-alpha and later. Patches
|
||||||
|
from "teor".
|
||||||
|
- In circuit_build_times_calculate_timeout() in circuitstats.c,
|
||||||
|
avoid dividing by zero in the pareto calculations. This traps
|
||||||
|
under clang's "undefined-trap" sanitizer. Fixes bug 13290; bugfix
|
||||||
|
on 0.2.2.2-alpha.
|
||||||
|
- Fix an integer overflow in format_time_interval(). Fixes bug
|
||||||
|
13393; bugfix on 0.2.0.10-alpha.
|
||||||
|
- Set the correct day of year value when the system's localtime(_r)
|
||||||
|
or gmtime(_r) functions fail to set struct tm. Not externally
|
||||||
|
visible. Fixes bug 13476; bugfix on 0.0.2pre14.
|
||||||
|
- Avoid unlikely signed integer overflow in tor_timegm on systems
|
||||||
|
with 32-bit time_t. Fixes bug 13476; bugfix on 0.0.2pre14.
|
||||||
|
|
||||||
|
o Minor bugfixes (certificate handling):
|
||||||
|
- If an authority operator accidentally makes a signing certificate
|
||||||
|
with a future publication time, do not discard its real signing
|
||||||
|
certificates. Fixes bug 11457; bugfix on 0.2.0.3-alpha.
|
||||||
|
- Remove any old authority certificates that have been superseded
|
||||||
|
for at least two days. Previously, we would keep superseded
|
||||||
|
certificates until they expired, if they were published close in
|
||||||
|
time to the certificate that superseded them. Fixes bug 11454;
|
||||||
|
bugfix on 0.2.1.8-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (client):
|
||||||
|
- Fix smartlist_choose_node_by_bandwidth() so that relays with the
|
||||||
|
BadExit flag are not considered worthy candidates. Fixes bug
|
||||||
|
13066; bugfix on 0.1.2.3-alpha.
|
||||||
|
- Use the consensus schedule for downloading consensuses, and not
|
||||||
|
the generic schedule. Fixes bug 11679; bugfix on 0.2.2.6-alpha.
|
||||||
|
- Handle unsupported or malformed SOCKS5 requests properly by
|
||||||
|
responding with the appropriate error message before closing the
|
||||||
|
connection. Fixes bugs 12971 and 13314; bugfix on 0.0.2pre13.
|
||||||
|
|
||||||
|
o Minor bugfixes (client, automapping):
|
||||||
|
- Avoid crashing on torrc lines for VirtualAddrNetworkIPv[4|6] when
|
||||||
|
no value follows the option. Fixes bug 14142; bugfix on
|
||||||
|
0.2.4.7-alpha. Patch by "teor".
|
||||||
|
- Fix a memory leak when using AutomapHostsOnResolve. Fixes bug
|
||||||
|
14195; bugfix on 0.1.0.1-rc.
|
||||||
|
- Prevent changes to other options from removing the wildcard value
|
||||||
|
"." from "AutomapHostsSuffixes". Fixes bug 12509; bugfix
|
||||||
|
on 0.2.0.1-alpha.
|
||||||
|
- Allow MapAddress and AutomapHostsOnResolve to work together when
|
||||||
|
an address is mapped into another address type (like .onion) that
|
||||||
|
must be automapped at resolve time. Fixes bug 7555; bugfix
|
||||||
|
on 0.2.0.1-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (client, bridges):
|
||||||
|
- When we are using bridges and we had a network connectivity
|
||||||
|
problem, only retry connecting to our currently configured
|
||||||
|
bridges, not all bridges we know about and remember using. Fixes
|
||||||
|
bug 14216; bugfix on 0.2.2.17-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (client, DNS):
|
||||||
|
- Report the correct cached DNS expiration times on SOCKS port or in
|
||||||
|
DNS replies. Previously, we would report everything as "never
|
||||||
|
expires." Fixes bug 14193; bugfix on 0.2.3.17-beta.
|
||||||
|
- Avoid a small memory leak when we find a cached answer for a
|
||||||
|
reverse DNS lookup in a client-side DNS cache. (Remember, client-
|
||||||
|
side DNS caching is off by default, and is not recommended.) Fixes
|
||||||
|
bug 14259; bugfix on 0.2.0.1-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (client, IPv6):
|
||||||
|
- Reject socks requests to literal IPv6 addresses when IPv6Traffic
|
||||||
|
flag is not set; and not because the NoIPv4Traffic flag was set.
|
||||||
|
Previously we'd looked at the NoIPv4Traffic flag for both types of
|
||||||
|
literal addresses. Fixes bug 14280; bugfix on 0.2.4.7-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (client, microdescriptors):
|
||||||
|
- Use a full 256 bits of the SHA256 digest of a microdescriptor when
|
||||||
|
computing which microdescriptors to download. This keeps us from
|
||||||
|
erroneous download behavior if two microdescriptor digests ever
|
||||||
|
have the same first 160 bits. Fixes part of bug 13399; bugfix
|
||||||
|
on 0.2.3.1-alpha.
|
||||||
|
- Reset a router's status if its microdescriptor digest changes,
|
||||||
|
even if the first 160 bits remain the same. Fixes part of bug
|
||||||
|
13399; bugfix on 0.2.3.1-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (client, torrc):
|
||||||
|
- Stop modifying the value of our DirReqStatistics torrc option just
|
||||||
|
because we're not a bridge or relay. This bug was causing Tor
|
||||||
|
Browser users to write "DirReqStatistics 0" in their torrc files
|
||||||
|
as if they had chosen to change the config. Fixes bug 4244; bugfix
|
||||||
|
on 0.2.3.1-alpha.
|
||||||
|
- When GeoIPExcludeUnknown is enabled, do not incorrectly decide
|
||||||
|
that our options have changed every time we SIGHUP. Fixes bug
|
||||||
|
9801; bugfix on 0.2.4.10-alpha. Patch from "qwerty1".
|
||||||
|
|
||||||
|
o Minor bugfixes (compilation):
|
||||||
|
- Fix a compilation warning on s390. Fixes bug 14988; bugfix
|
||||||
|
on 0.2.5.2-alpha.
|
||||||
|
- Silence clang warnings under --enable-expensive-hardening,
|
||||||
|
including implicit truncation of 64 bit values to 32 bit, const
|
||||||
|
char assignment to self, tautological compare, and additional
|
||||||
|
parentheses around equality tests. Fixes bug 13577; bugfix
|
||||||
|
on 0.2.5.4-alpha.
|
||||||
|
- Fix a clang warning about checking whether an address in the
|
||||||
|
middle of a structure is NULL. Fixes bug 14001; bugfix
|
||||||
|
on 0.2.1.2-alpha.
|
||||||
|
- The address of an array in the middle of a structure will always
|
||||||
|
be non-NULL. clang recognises this and complains. Disable the
|
||||||
|
tautologous and redundant check to silence this warning. Fixes bug
|
||||||
|
14001; bugfix on 0.2.1.2-alpha.
|
||||||
|
- Compile correctly with (unreleased) OpenSSL 1.1.0 headers.
|
||||||
|
Addresses ticket 14188.
|
||||||
|
- Build without warnings with the stock OpenSSL srtp.h header, which
|
||||||
|
has a duplicate declaration of SSL_get_selected_srtp_profile().
|
||||||
|
Fixes bug 14220; this is OpenSSL's bug, not ours.
|
||||||
|
- Do not compile any code related to Tor2Web mode when Tor2Web mode
|
||||||
|
is not enabled at compile time. Previously, this code was included
|
||||||
|
in a disabled state. See discussion on ticket 12844.
|
||||||
|
- Allow our configure script to build correctly with autoconf 2.62
|
||||||
|
again. Fixes bug 12693; bugfix on 0.2.5.2-alpha.
|
||||||
|
- Improve the error message from ./configure to make it clear that
|
||||||
|
when asciidoc has not been found, the user will have to either add
|
||||||
|
--disable-asciidoc argument or install asciidoc. Resolves
|
||||||
|
ticket 13228.
|
||||||
|
|
||||||
|
o Minor bugfixes (controller):
|
||||||
|
- Report "down" in response to the "GETINFO entry-guards" command
|
||||||
|
when relays are down with an unreachable_since value. Previously,
|
||||||
|
we would report "up". Fixes bug 14184; bugfix on 0.1.2.2-alpha.
|
||||||
|
- Avoid crashing on a malformed EXTENDCIRCUIT command. Fixes bug
|
||||||
|
14116; bugfix on 0.2.2.9-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (controller):
|
||||||
|
- Return an error when the second or later arguments of the
|
||||||
|
"setevents" controller command are invalid events. Previously we
|
||||||
|
would return success while silently skipping invalid events. Fixes
|
||||||
|
bug 13205; bugfix on 0.2.3.2-alpha. Reported by "fpxnns".
|
||||||
|
|
||||||
|
o Minor bugfixes (directory authority):
|
||||||
|
- Allow directory authorities to fetch more data from one another if
|
||||||
|
they find themselves missing lots of votes. Previously, they had
|
||||||
|
been bumping against the 10 MB queued data limit. Fixes bug 14261;
|
||||||
|
bugfix on 0.1.2.5-alpha.
|
||||||
|
- Do not attempt to download extrainfo documents which we will be
|
||||||
|
unable to validate with a matching server descriptor. Fixes bug
|
||||||
|
13762; bugfix on 0.2.0.1-alpha.
|
||||||
|
- Fix a bug that was truncating AUTHDIR_NEWDESC events sent to the
|
||||||
|
control port. Fixes bug 14953; bugfix on 0.2.0.1-alpha.
|
||||||
|
- Enlarge the buffer to read bwauth generated files to avoid an
|
||||||
|
issue when parsing the file in dirserv_read_measured_bandwidths().
|
||||||
|
Fixes bug 14125; bugfix on 0.2.2.1-alpha.
|
||||||
|
- When running as a v3 directory authority, advertise that you serve
|
||||||
|
extra-info documents so that clients who want them can find them
|
||||||
|
from you too. Fixes part of bug 11683; bugfix on 0.2.0.1-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (directory system):
|
||||||
|
- Always believe that v3 directory authorities serve extra-info
|
||||||
|
documents, whether they advertise "caches-extra-info" or not.
|
||||||
|
Fixes part of bug 11683; bugfix on 0.2.0.1-alpha.
|
||||||
|
- Check the BRIDGE_DIRINFO flag bitwise rather than using equality.
|
||||||
|
Previously, directories offering BRIDGE_DIRINFO and some other
|
||||||
|
flag (i.e. microdescriptors or extrainfo) would be ignored when
|
||||||
|
looking for bridges. Partially fixes bug 13163; bugfix
|
||||||
|
on 0.2.0.7-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (file handling):
|
||||||
|
- Stop failing when key files are zero-length. Instead, generate new
|
||||||
|
keys, and overwrite the empty key files. Fixes bug 13111; bugfix
|
||||||
|
on all versions of Tor. Patch by "teor".
|
||||||
|
- Stop generating a fresh .old RSA onion key file when the .old file
|
||||||
|
is missing. Fixes part of 13111; bugfix on 0.0.6rc1.
|
||||||
|
- Avoid overwriting .old key files with empty key files.
|
||||||
|
- Skip loading zero-length extrainfo store, router store, stats,
|
||||||
|
state, and key files.
|
||||||
|
- Avoid crashing when trying to reload a torrc specified as a
|
||||||
|
relative path with RunAsDaemon turned on. Fixes bug 13397; bugfix
|
||||||
|
on 0.2.3.11-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (hidden services):
|
||||||
|
- Close the introduction circuit when we have no more usable intro
|
||||||
|
points, instead of waiting for it to time out. This also ensures
|
||||||
|
that no follow-up HS descriptor fetch is triggered when the
|
||||||
|
circuit eventually times out. Fixes bug 14224; bugfix on 0.0.6.
|
||||||
|
- When fetching a hidden service descriptor for a down service that
|
||||||
|
was recently up, do not keep refetching until we try the same
|
||||||
|
replica twice in a row. Fixes bug 14219; bugfix on 0.2.0.10-alpha.
|
||||||
|
- Correctly send a controller event when we find that a rendezvous
|
||||||
|
circuit has finished. Fixes bug 13936; bugfix on 0.1.1.5-alpha.
|
||||||
|
- Pre-check directory permissions for new hidden-services to avoid
|
||||||
|
at least one case of "Bug: Acting on config options left us in a
|
||||||
|
broken state. Dying." Fixes bug 13942; bugfix on 0.0.6pre1.
|
||||||
|
- When fetching hidden service descriptors, we now check not only
|
||||||
|
for whether we got the hidden service we had in mind, but also
|
||||||
|
whether we got the particular descriptors we wanted. This prevents
|
||||||
|
a class of inefficient but annoying DoS attacks by hidden service
|
||||||
|
directories. Fixes bug 13214; bugfix on 0.2.1.6-alpha. Reported
|
||||||
|
by "special".
|
||||||
|
|
||||||
|
o Minor bugfixes (Linux seccomp2 sandbox):
|
||||||
|
- Make transparent proxy support work along with the seccomp2
|
||||||
|
sandbox. Fixes part of bug 13808; bugfix on 0.2.5.1-alpha. Patch
|
||||||
|
by Francisco Blas Izquierdo Riera.
|
||||||
|
- Fix a memory leak in tor-resolve when running with the sandbox
|
||||||
|
enabled. Fixes bug 14050; bugfix on 0.2.5.9-rc.
|
||||||
|
- Allow glibc fatal errors to be sent to stderr before Tor exits.
|
||||||
|
Previously, glibc would try to write them to /dev/tty, and the
|
||||||
|
sandbox would trap the call and make Tor exit prematurely. Fixes
|
||||||
|
bug 14759; bugfix on 0.2.5.1-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (logging):
|
||||||
|
- Avoid crashing when there are more log domains than entries in
|
||||||
|
domain_list. Bugfix on 0.2.3.1-alpha.
|
||||||
|
- Downgrade warnings about RSA signature failures to info log level.
|
||||||
|
Emit a warning when an extra info document is found incompatible
|
||||||
|
with a corresponding router descriptor. Fixes bug 9812; bugfix
|
||||||
|
on 0.0.6rc3.
|
||||||
|
- Make connection_ap_handshake_attach_circuit() log the circuit ID
|
||||||
|
correctly. Fixes bug 13701; bugfix on 0.0.6.
|
||||||
|
|
||||||
|
o Minor bugfixes (networking):
|
||||||
|
- Check for orconns and use connection_or_close_for_error() rather
|
||||||
|
than connection_mark_for_close() directly in the getsockopt()
|
||||||
|
failure case of connection_handle_write_impl(). Fixes bug 11302;
|
||||||
|
bugfix on 0.2.4.4-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (parsing):
|
||||||
|
- Stop accepting milliseconds (or other junk) at the end of
|
||||||
|
descriptor publication times. Fixes bug 9286; bugfix on 0.0.2pre25.
|
||||||
|
- Support two-number and three-number version numbers correctly, in
|
||||||
|
case we change the Tor versioning system in the future. Fixes bug
|
||||||
|
13661; bugfix on 0.0.8pre1.
|
||||||
|
|
||||||
|
o Minor bugfixes (portability):
|
||||||
|
- Fix the ioctl()-based network interface lookup code so that it
|
||||||
|
will work on systems that have variable-length struct ifreq, for
|
||||||
|
example Mac OS X.
|
||||||
|
|
||||||
|
o Minor bugfixes (preventative security, C safety):
|
||||||
|
- When reading a hexadecimal, base-32, or base-64 encoded value from
|
||||||
|
a string, always overwrite the whole output buffer. This prevents
|
||||||
|
some bugs where we would look at (but fortunately, not reveal)
|
||||||
|
uninitialized memory on the stack. Fixes bug 14013; bugfix on all
|
||||||
|
versions of Tor.
|
||||||
|
- Clear all memory targetted by tor_addr_{to,from}_sockaddr(), not
|
||||||
|
just the part that's used. This makes it harder for data leak bugs
|
||||||
|
to occur in the event of other programming failures. Resolves
|
||||||
|
ticket 14041.
|
||||||
|
|
||||||
|
o Minor bugfixes (relay):
|
||||||
|
- When generating our family list, remove spaces from around the
|
||||||
|
entries. Fixes bug 12728; bugfix on 0.2.1.7-alpha.
|
||||||
|
- If our previous bandwidth estimate was 0 bytes, allow publishing a
|
||||||
|
new relay descriptor immediately. Fixes bug 13000; bugfix
|
||||||
|
on 0.1.1.6-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (shutdown):
|
||||||
|
- When shutting down, always call event_del() on lingering read or
|
||||||
|
write events before freeing them. Otherwise, we risk double-frees
|
||||||
|
or read-after-frees in event_base_free(). Fixes bug 12985; bugfix
|
||||||
|
on 0.1.0.2-rc.
|
||||||
|
|
||||||
|
o Minor bugfixes (small memory leaks):
|
||||||
|
- Avoid leaking memory when using IPv6 virtual address mappings.
|
||||||
|
Fixes bug 14123; bugfix on 0.2.4.7-alpha. Patch by Tom van
|
||||||
|
der Woerdt.
|
||||||
|
|
||||||
|
o Minor bugfixes (statistics):
|
||||||
|
- Increase period over which bandwidth observations are aggregated
|
||||||
|
from 15 minutes to 4 hours. Fixes bug 13988; bugfix on 0.0.8pre1.
|
||||||
|
|
||||||
|
o Minor bugfixes (systemd support):
|
||||||
|
- Run correctly under systemd with the RunAsDaemon option set. Fixes
|
||||||
|
part of bug 14141; bugfix on 0.2.5.7-rc. Patch from Tomasz Torcz.
|
||||||
|
- Inform the systemd supervisor about more changes in the Tor
|
||||||
|
process status. Implements part of ticket 14141. Patch from
|
||||||
|
Tomasz Torcz.
|
||||||
|
|
||||||
|
o Minor bugfixes (testing networks):
|
||||||
|
- Fix TestingDirAuthVoteGuard to properly give out Guard flags in a
|
||||||
|
testing network. Fixes bug 13064; bugfix on 0.2.5.2-alpha.
|
||||||
|
- Stop using the default authorities in networks which provide both
|
||||||
|
AlternateDirAuthority and AlternateBridgeAuthority. Partially
|
||||||
|
fixes bug 13163; bugfix on 0.2.0.13-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (testing networks, fast startup):
|
||||||
|
- Allow Tor to build circuits using a consensus with no exits. If
|
||||||
|
the consensus has no exits (typical of a bootstrapping test
|
||||||
|
network), allow Tor to build circuits once enough descriptors have
|
||||||
|
been downloaded. This assists in bootstrapping a testing Tor
|
||||||
|
network. Fixes bug 13718; bugfix on 0.2.4.10-alpha. Patch
|
||||||
|
by "teor".
|
||||||
|
- When V3AuthVotingInterval is low, give a lower If-Modified-Since
|
||||||
|
header to directory servers. This allows us to obtain consensuses
|
||||||
|
promptly when the consensus interval is very short. This assists
|
||||||
|
in bootstrapping a testing Tor network. Fixes parts of bugs 13718
|
||||||
|
and 13963; bugfix on 0.2.0.3-alpha. Patch by "teor".
|
||||||
|
- Stop assuming that private addresses are local when checking
|
||||||
|
reachability in a TestingTorNetwork. Instead, when testing, assume
|
||||||
|
all OR connections are remote. (This is necessary due to many test
|
||||||
|
scenarios running all relays on localhost.) This assists in
|
||||||
|
bootstrapping a testing Tor network. Fixes bug 13924; bugfix on
|
||||||
|
0.1.0.1-rc. Patch by "teor".
|
||||||
|
- Avoid building exit circuits from a consensus with no exits. Now
|
||||||
|
thanks to our fix for 13718, we accept a no-exit network as not
|
||||||
|
wholly lost, but we need to remember not to try to build exit
|
||||||
|
circuits on it. Closes ticket 13814; patch by "teor".
|
||||||
|
- Stop requiring exits to have non-zero bandwithcapacity in a
|
||||||
|
TestingTorNetwork. Instead, when TestingMinExitFlagThreshold is 0,
|
||||||
|
ignore exit bandwidthcapacity. This assists in bootstrapping a
|
||||||
|
testing Tor network. Fixes parts of bugs 13718 and 13839; bugfix
|
||||||
|
on 0.2.0.3-alpha. Patch by "teor".
|
||||||
|
- Add "internal" to some bootstrap statuses when no exits are
|
||||||
|
available. If the consensus does not contain Exits, Tor will only
|
||||||
|
build internal circuits. In this case, relevant statuses will
|
||||||
|
contain the word "internal" as indicated in the Tor control-
|
||||||
|
spec.txt. When bootstrap completes, Tor will be ready to build
|
||||||
|
internal circuits. If a future consensus contains Exits, exit
|
||||||
|
circuits may become available. Fixes part of bug 13718; bugfix on
|
||||||
|
0.2.4.10-alpha. Patch by "teor".
|
||||||
|
- Decrease minimum consensus interval to 10 seconds when
|
||||||
|
TestingTorNetwork is set, or 5 seconds for the first consensus.
|
||||||
|
Fix assumptions throughout the code that assume larger intervals.
|
||||||
|
Fixes bugs 13718 and 13823; bugfix on 0.2.0.3-alpha. Patch
|
||||||
|
by "teor".
|
||||||
|
- Avoid excluding guards from path building in minimal test
|
||||||
|
networks, when we're in a test network and excluding guards would
|
||||||
|
exclude all relays. This typically occurs in incredibly small tor
|
||||||
|
networks, and those using "TestingAuthVoteGuard *". Fixes part of
|
||||||
|
bug 13718; bugfix on 0.1.1.11-alpha. Patch by "teor".
|
||||||
|
|
||||||
|
o Minor bugfixes (testing):
|
||||||
|
- Avoid a side-effect in a tor_assert() in the unit tests. Fixes bug
|
||||||
|
15188; bugfix on 0.1.2.3-alpha. Patch from Tom van der Woerdt.
|
||||||
|
- Stop spawn test failures due to a race condition between the
|
||||||
|
SIGCHLD handler updating the process status, and the test reading
|
||||||
|
it. Fixes bug 13291; bugfix on 0.2.3.3-alpha.
|
||||||
|
- Avoid passing an extra backslash when creating a temporary
|
||||||
|
directory for running the unit tests on Windows. Fixes bug 12392;
|
||||||
|
bugfix on 0.2.2.25-alpha. Patch from Gisle Vanem.
|
||||||
|
|
||||||
|
o Minor bugfixes (TLS):
|
||||||
|
- Check more thoroughly throughout the TLS code for possible
|
||||||
|
unlogged TLS errors. Possible diagnostic or fix for bug 13319.
|
||||||
|
|
||||||
|
o Minor bugfixes (transparent proxy):
|
||||||
|
- Use getsockname, not getsockopt, to retrieve the address for a
|
||||||
|
TPROXY-redirected connection. Fixes bug 13796; bugfix
|
||||||
|
on 0.2.5.2-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (windows):
|
||||||
|
- Remove code to special-case handling of NTE_BAD_KEYSET when
|
||||||
|
acquiring windows CryptoAPI context. This error can't actually
|
||||||
|
occur for the parameters we're providing. Fixes bug 10816; bugfix
|
||||||
|
on 0.0.2pre26.
|
||||||
|
|
||||||
|
o Minor bugfixes (zlib):
|
||||||
|
- Avoid truncating a zlib stream when trying to finalize it with an
|
||||||
|
empty output buffer. Fixes bug 11824; bugfix on 0.1.1.23.
|
||||||
|
|
||||||
|
o Code simplification and refactoring:
|
||||||
|
- Change the entry_is_live() function to take named bitfield
|
||||||
|
elements instead of an unnamed list of booleans. Closes
|
||||||
|
ticket 12202.
|
||||||
|
- Refactor and unit-test entry_is_time_to_retry() in entrynodes.c.
|
||||||
|
Resolves ticket 12205.
|
||||||
|
- Use calloc and reallocarray functions instead of multiply-
|
||||||
|
then-malloc. This makes it less likely for us to fall victim to an
|
||||||
|
integer overflow attack when allocating. Resolves ticket 12855.
|
||||||
|
- Use the standard macro name SIZE_MAX, instead of our
|
||||||
|
own SIZE_T_MAX.
|
||||||
|
- Document usage of the NO_DIRINFO and ALL_DIRINFO flags clearly in
|
||||||
|
functions which take them as arguments. Replace 0 with NO_DIRINFO
|
||||||
|
in a function call for clarity. Seeks to prevent future issues
|
||||||
|
like 13163.
|
||||||
|
- Avoid 4 null pointer errors under clang static analysis by using
|
||||||
|
tor_assert() to prove that the pointers aren't null. Fixes
|
||||||
|
bug 13284.
|
||||||
|
- Rework the API of policies_parse_exit_policy() to use a bitmask to
|
||||||
|
represent parsing options, instead of a confusing mess of
|
||||||
|
booleans. Resolves ticket 8197.
|
||||||
|
- Introduce a helper function to parse ExitPolicy in
|
||||||
|
or_options_t structure.
|
||||||
|
- Move fields related to isolating and configuring client ports into
|
||||||
|
a shared structure. Previously, they were duplicated across
|
||||||
|
port_cfg_t, listener_connection_t, and edge_connection_t. Failure
|
||||||
|
to copy them correctly had been the cause of at least one bug in
|
||||||
|
the past. Closes ticket 8546.
|
||||||
|
- Refactor the get_interface_addresses_raw() doom-function into
|
||||||
|
multiple smaller and simpler subfunctions. Cover the resulting
|
||||||
|
subfunctions with unit-tests. Fixes a significant portion of
|
||||||
|
issue 12376.
|
||||||
|
- Remove workaround in dirserv_thinks_router_is_hs_dir() that was
|
||||||
|
only for version <= 0.2.2.24 which is now deprecated. Closes
|
||||||
|
ticket 14202.
|
||||||
|
- Remove a test for a long-defunct broken version-one
|
||||||
|
directory server.
|
||||||
|
|
||||||
|
o Code simplification and refactoring:
|
||||||
|
- Stop using can_complete_circuits as a global variable; access it
|
||||||
|
with a function instead.
|
||||||
|
- Avoid using operators directly as macro arguments: this lets us
|
||||||
|
apply coccinelle transformations to our codebase more directly.
|
||||||
|
Closes ticket 13172.
|
||||||
|
- Combine the functions used to parse ClientTransportPlugin and
|
||||||
|
ServerTransportPlugin into a single function. Closes ticket 6456.
|
||||||
|
- Add inline functions and convenience macros for inspecting channel
|
||||||
|
state. Refactor the code to use convenience macros instead of
|
||||||
|
checking channel state directly. Fixes issue 7356.
|
||||||
|
- Document all members of was_router_added_t and rename
|
||||||
|
ROUTER_WAS_NOT_NEW to ROUTER_IS_ALREADY_KNOWN to make it less
|
||||||
|
confusable with ROUTER_WAS_TOO_OLD. Fixes issue 13644.
|
||||||
|
- In connection_exit_begin_conn(), use END_CIRC_REASON_TORPROTOCOL
|
||||||
|
constant instead of hardcoded value. Fixes issue 13840.
|
||||||
|
- Refactor our generic strmap and digestmap types into a single
|
||||||
|
implementation, so that we can add a new digest256map
|
||||||
|
type trivially.
|
||||||
|
- Add a doc/TUNING document with tips for handling large numbers of
|
||||||
|
TCP connections when running busy Tor relay. Update the warning
|
||||||
|
message to point to this file when running out of sockets
|
||||||
|
operating system is allowing to use simultaneously. Resolves
|
||||||
|
ticket 9708.
|
||||||
|
- Adding section on OpenBSD to our TUNING document. Thanks to mmcc
|
||||||
|
for writing the OpenBSD-specific tips. Resolves ticket 13702.
|
||||||
|
- Make the tor-resolve documentation match its help string and its
|
||||||
|
options. Resolves part of ticket 14325.
|
||||||
|
- Log a more useful error message from tor-resolve when failing to
|
||||||
|
look up a hidden service address. Resolves part of ticket 14325.
|
||||||
|
- Document the bridge-authority-only 'networkstatus-bridges' file.
|
||||||
|
Closes ticket 13713; patch from "tom".
|
||||||
|
- Fix typo in PredictedPortsRelevanceTime option description in
|
||||||
|
manpage. Resolves issue 13707.
|
||||||
|
- Stop suggesting that users specify relays by nickname: it isn't a
|
||||||
|
good idea. Also, properly cross-reference how to specify relays in
|
||||||
|
all parts of manual documenting options that take a list of
|
||||||
|
relays. Closes ticket 13381.
|
||||||
|
- Clarify the HiddenServiceDir option description in manpage to make
|
||||||
|
it clear that relative paths are taken with respect to the current
|
||||||
|
working directory. Also clarify that this behavior is not
|
||||||
|
guaranteed to remain indefinitely. Fixes issue 13913.
|
||||||
|
|
||||||
|
o Distribution (systemd):
|
||||||
|
- systemd unit file: only allow tor to write to /var/lib/tor and
|
||||||
|
/var/log/tor. The rest of the filesystem is accessible for reading
|
||||||
|
only. Patch by intrigeri; resolves ticket 12751.
|
||||||
|
- systemd unit file: ensure that the process and all its children
|
||||||
|
can never gain new privileges. Patch by intrigeri; resolves
|
||||||
|
ticket 12939.
|
||||||
|
- systemd unit file: set up /var/run/tor as writable for the Tor
|
||||||
|
service. Patch by intrigeri; resolves ticket 13196.
|
||||||
|
|
||||||
|
o Downgraded warnings:
|
||||||
|
- Don't warn when we've attempted to contact a relay using the wrong
|
||||||
|
ntor onion key. Closes ticket 9635.
|
||||||
|
|
||||||
|
o Removed code:
|
||||||
|
- Remove some lingering dead code that once supported mempools.
|
||||||
|
Mempools were disabled by default in 0.2.5, and removed entirely
|
||||||
|
in 0.2.6.3-alpha. Closes more of ticket 14848; patch
|
||||||
|
by "cypherpunks".
|
||||||
|
|
||||||
|
o Removed features (directory authorities):
|
||||||
|
- Remove code that prevented authorities from listing Tor relays
|
||||||
|
affected by CVE-2011-2769 as guards. These relays are already
|
||||||
|
rejected altogether due to the minimum version requirement of
|
||||||
|
0.2.3.16-alpha. Closes ticket 13152.
|
||||||
|
- The "AuthDirRejectUnlisted" option no longer has any effect, as
|
||||||
|
the fingerprints file (approved-routers) has been deprecated.
|
||||||
|
- Directory authorities do not support being Naming dirauths anymore.
|
||||||
|
The "NamingAuthoritativeDir" config option is now obsolete.
|
||||||
|
- Directory authorities do not support giving out the BadDirectory
|
||||||
|
flag anymore.
|
||||||
|
- Directory authorities no longer advertise or support consensus
|
||||||
|
methods 1 through 12 inclusive. These consensus methods were
|
||||||
|
obsolete and/or insecure: maintaining the ability to support them
|
||||||
|
served no good purpose. Implements part of proposal 215; closes
|
||||||
|
ticket 10163.
|
||||||
|
|
||||||
|
o Removed features:
|
||||||
|
- To avoid confusion with the "ExitRelay" option, "ExitNode" is no
|
||||||
|
longer silently accepted as an alias for "ExitNodes".
|
||||||
|
- The --enable-mempool and --enable-buf-freelists options, which
|
||||||
|
were originally created to work around bad malloc implementations,
|
||||||
|
no longer exist. They were off-by-default in 0.2.5. Closes
|
||||||
|
ticket 14848.
|
||||||
|
- We no longer remind the user about configuration options that have
|
||||||
|
been obsolete since 0.2.3.x or earlier. Patch by Adrien Bak.
|
||||||
|
- Remove our old, non-weighted bandwidth-based node selection code.
|
||||||
|
Previously, we used it as a fallback when we couldn't perform
|
||||||
|
weighted bandwidth-based node selection. But that would only
|
||||||
|
happen in the cases where we had no consensus, or when we had a
|
||||||
|
consensus generated by buggy or ancient directory authorities. In
|
||||||
|
either case, it's better to use the more modern, better maintained
|
||||||
|
algorithm, with reasonable defaults for the weights. Closes
|
||||||
|
ticket 13126.
|
||||||
|
- Remove the --disable-curve25519 configure option. Relays and
|
||||||
|
clients now are required to support curve25519 and the
|
||||||
|
ntor handshake.
|
||||||
|
- The old "StrictEntryNodes" and "StrictExitNodes" options, which
|
||||||
|
used to be deprecated synonyms for "StrictNodes", are now marked
|
||||||
|
obsolete. Resolves ticket 12226.
|
||||||
|
- Clients don't understand the BadDirectory flag in the consensus
|
||||||
|
anymore, and ignore it.
|
||||||
|
|
||||||
|
o Removed platform support:
|
||||||
|
- We no longer include special code to build on Windows CE; as far
|
||||||
|
as we know, nobody has used Tor on Windows CE in a very long time.
|
||||||
|
Closes ticket 11446.
|
||||||
|
|
||||||
|
o Testing (test-network.sh):
|
||||||
|
- Stop using "echo -n", as some shells' built-in echo doesn't
|
||||||
|
support "-n". Instead, use "/bin/echo -n". Partially fixes
|
||||||
|
bug 13161.
|
||||||
|
- Stop an apparent test-network hang when used with make -j2. Fixes
|
||||||
|
bug 13331.
|
||||||
|
- Add a --delay option to test-network.sh, which configures the
|
||||||
|
delay before the chutney network tests for data transmission.
|
||||||
|
Partially implements ticket 13161.
|
||||||
|
|
||||||
|
o Testing:
|
||||||
|
- Test that tor does not fail when key files are zero-length. Check
|
||||||
|
that tor generates new keys, and overwrites the empty key files.
|
||||||
|
- Test that tor generates new keys when keys are missing
|
||||||
|
(existing behavior).
|
||||||
|
- Test that tor does not overwrite key files that already contain
|
||||||
|
data (existing behavior). Tests bug 13111. Patch by "teor".
|
||||||
|
- New "make test-stem" target to run stem integration tests.
|
||||||
|
Requires that the "STEM_SOURCE_DIR" environment variable be set.
|
||||||
|
Closes ticket 14107.
|
||||||
|
- Make the test_cmdline_args.py script work correctly on Windows.
|
||||||
|
Patch from Gisle Vanem.
|
||||||
|
- Move the slower unit tests into a new "./src/test/test-slow"
|
||||||
|
binary that can be run independently of the other tests. Closes
|
||||||
|
ticket 13243.
|
||||||
|
- New tests for many parts of channel, relay, and circuitmux
|
||||||
|
functionality. Code by Andrea; part of 9262.
|
||||||
|
- New tests for parse_transport_line(). Part of ticket 6456.
|
||||||
|
- In the unit tests, use chgrp() to change the group of the unit
|
||||||
|
test temporary directory to the current user, so that the sticky
|
||||||
|
bit doesn't interfere with tests that check directory groups.
|
||||||
|
Closes 13678.
|
||||||
|
- Add unit tests for resolve_my_addr(). Part of ticket 12376; patch
|
||||||
|
by 'rl1987'.
|
||||||
|
- Refactor the function that chooses guard nodes so that it can more
|
||||||
|
easily be tested; write some tests for it.
|
||||||
|
- Fix and re-enable the fgets_eagain unit test. Fixes bug 12503;
|
||||||
|
bugfix on 0.2.3.1-alpha. Patch from "cypherpunks."
|
||||||
|
- Create unit tests for format_time_interval(). With bug 13393.
|
||||||
|
- Add unit tests for tor_timegm signed overflow, tor_timegm and
|
||||||
|
parse_rfc1123_time validity checks, correct_tm year clamping. Unit
|
||||||
|
tests (visible) fixes in bug 13476.
|
||||||
|
- Add a "coverage-html" make target to generate HTML-visualized
|
||||||
|
coverage results when building with --enable-coverage. (Requires
|
||||||
|
lcov.) Patch from Kevin Murray.
|
||||||
|
- Enable the backtrace handler (where supported) when running the
|
||||||
|
unit tests.
|
||||||
|
- Revise all unit tests that used the legacy test_* macros to
|
||||||
|
instead use the recommended tt_* macros. This patch was generated
|
||||||
|
with coccinelle, to avoid manual errors. Closes ticket 13119.
|
||||||
|
|
||||||
|
|
||||||
Changes in version 0.2.5.10 - 2014-10-24
|
Changes in version 0.2.5.10 - 2014-10-24
|
||||||
Tor 0.2.5.10 is the first stable release in the 0.2.5 series.
|
Tor 0.2.5.10 is the first stable release in the 0.2.5 series.
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user