mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-27 13:53:31 +01:00
Run "formatChangelog"
This commit is contained in:
Nick Mathewson
parent
4bb432f633
commit
34d429f243
258
ChangeLog
258
ChangeLog
@ -1,28 +1,16 @@
|
||||
Changes in version 0.2.8.2-rc - 2016-03-??
|
||||
Tor 0.2.8.1-alpha is the first release candidate in its series.
|
||||
XXXX write more here XXXX
|
||||
Tor 0.2.8.1-alpha is the first release candidate in its series. XXXX
|
||||
write more here XXXX
|
||||
|
||||
o New system requirements:
|
||||
- Tor no longer supports versions of OpenSSL with a broken
|
||||
implementation of counter mode. (This bug was present in OpenSSL
|
||||
1.0.0, and was fixed in OpenSSL 1.0.0a.) Tor still detects, but
|
||||
no longer runs with, these versions.
|
||||
- Tor no longer attempts to support platforms where the "time_t" type
|
||||
is unsigned. (To the best of our knowledge, only OpenVMS does this,
|
||||
and Tor has never actually built on OpenVMS.) Closes ticket 18184.
|
||||
|
||||
o Removed features:
|
||||
- Streamline relay-side hsdir handling: when relays consider whether
|
||||
to accept an uploaded hidden service descriptor, they no longer
|
||||
check whether they are one of the relays in the network that is
|
||||
"supposed" to handle that descriptor. Implements ticket 18332.
|
||||
- We no longer maintain an internal freelist in memarea.c. Allocators
|
||||
should be good enough to make this code unnecessary, and it's doubtful
|
||||
that it ever had any performance benefit.
|
||||
|
||||
o Major bugfixes (dns proxy mode, crash):
|
||||
- Avoid crashing when running as a DNS proxy. Fixes bug 16248; bugfix on
|
||||
0.2.0.1-alpha. Patch from 'cypherpunks'.
|
||||
implementation of counter mode. (This bug was present in OpenSSL
|
||||
1.0.0, and was fixed in OpenSSL 1.0.0a.) Tor still detects, but no
|
||||
longer runs with, these versions.
|
||||
- Tor no longer attempts to support platforms where the "time_t"
|
||||
type is unsigned. (To the best of our knowledge, only OpenVMS does
|
||||
this, and Tor has never actually built on OpenVMS.) Closes
|
||||
ticket 18184.
|
||||
|
||||
o Major bugfixes (security, pointers):
|
||||
- Avoid a difficult-to-trigger heap corruption attack when extending
|
||||
@ -31,20 +19,28 @@ Changes in version 0.2.8.2-rc - 2016-03-??
|
||||
incompletely. Reported by Guido Vranken.
|
||||
|
||||
o Major bugfixes (compilation):
|
||||
- Repair hardened builds under the clang compiler. Previously,
|
||||
our use of _FORTIFY_SOURCE would conflict with clang's address
|
||||
- Repair hardened builds under the clang compiler. Previously, our
|
||||
use of _FORTIFY_SOURCE would conflict with clang's address
|
||||
sanitizer. Fixes bug 14821; bugfix on 0.2.5.4-alpha.
|
||||
|
||||
o Major bugfixes (crash on shutdown):
|
||||
- Correctly handle detaching circuits from cmuxes when doing
|
||||
circuit_free_all() on shutdown. Fixes bug 18116; bugfix on
|
||||
0.2.8.1-alpha.
|
||||
circuit_free_all() on shutdown. Fixes bug 18116; bugfix
|
||||
on 0.2.8.1-alpha.
|
||||
|
||||
o Major bugfixes (dns proxy mode, crash):
|
||||
- Avoid crashing when running as a DNS proxy. Fixes bug 16248;
|
||||
bugfix on 0.2.0.1-alpha. Patch from 'cypherpunks'.
|
||||
|
||||
o Major bugfixes (relays, bridge clients):
|
||||
- Ensure relays always allow IPv4 OR and Dir connections.
|
||||
Ensure bridge clients use the address configured in the bridge line.
|
||||
Fixes bug 18348; bugfix on 0.2.8.1-alpha.
|
||||
Reported by sysrqb, patch by teor.
|
||||
- Ensure relays always allow IPv4 OR and Dir connections. Ensure
|
||||
bridge clients use the address configured in the bridge line.
|
||||
Fixes bug 18348; bugfix on 0.2.8.1-alpha. Reported by sysrqb,
|
||||
patch by teor.
|
||||
|
||||
o Minor features:
|
||||
- Update geoip and geoip6 to the February 2 2016 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
||||
o Minor feature (IPv6):
|
||||
- Add ClientPreferIPv6DirPort, which is set to 0 by default. If set
|
||||
@ -53,22 +49,21 @@ Changes in version 0.2.8.2-rc - 2016-03-??
|
||||
avoids using IPv4 for client OR and directory connections.
|
||||
- Try harder to fulfil IP version restrictions ClientUseIPv4 0 and
|
||||
ClientUseIPv6 0; and the preferences ClientPreferIPv6ORPort and
|
||||
ClientPreferIPv6DirPort.
|
||||
Closes ticket 17840; patch by "teor".
|
||||
ClientPreferIPv6DirPort. Closes ticket 17840; patch by "teor".
|
||||
|
||||
o Minor features (bug-resistance):
|
||||
- Make Tor survive errors involving connections without a corresponding
|
||||
event object. Previously we'd fail with an assertion; now we produce a
|
||||
log message. Related to bug 16248.
|
||||
- Make Tor survive errors involving connections without a
|
||||
corresponding event object. Previously we'd fail with an
|
||||
assertion; now we produce a log message. Related to bug 16248.
|
||||
|
||||
o Minor features (build):
|
||||
- Detect systems with FreeBSD-derived kernels (such as GNU/kFreeBSD) as
|
||||
having possible IPfW support. Closes ticket 18448. Patch from
|
||||
- Detect systems with FreeBSD-derived kernels (such as GNU/kFreeBSD)
|
||||
as having possible IPfW support. Closes ticket 18448. Patch from
|
||||
Steven Chamberlain.
|
||||
|
||||
o Minor features (code hardening):
|
||||
- Use tor_snprintf() and tor_vsnprintf() even in external and
|
||||
low-level code, to harden against accidental failures to NUL-
|
||||
- Use tor_snprintf() and tor_vsnprintf() even in external and low-
|
||||
level code, to harden against accidental failures to NUL-
|
||||
terminate. Part of ticket 17852. Patch from 'jsturgix'. Found
|
||||
with Flawfinder.
|
||||
|
||||
@ -77,11 +72,11 @@ Changes in version 0.2.8.2-rc - 2016-03-??
|
||||
appropriate locations. Closes ticket 17732.
|
||||
|
||||
o Minor features (crypto):
|
||||
- Fix a segfault during startup: If unix socket was configured as
|
||||
- Fix a segfault during startup: If unix socket was configured as
|
||||
listener (such as a ControlSocket or a SocksPort unix socket), and
|
||||
tor was started as root but not configured to switch to another
|
||||
user, tor would segfault while trying to string compare a NULL
|
||||
value. Fixes bug 18261; bugfix on 0.2.8.1-alpha. Patch by weasel.
|
||||
value. Fixes bug 18261; bugfix on 0.2.8.1-alpha. Patch by weasel.
|
||||
- Validate the Diffie-Hellman hard coded parameters and ensure that
|
||||
p is a safe prime, and g is suitable. Closes ticket 18221.
|
||||
|
||||
@ -90,41 +85,57 @@ Changes in version 0.2.8.2-rc - 2016-03-??
|
||||
Country database.
|
||||
|
||||
o Minor features (robustness):
|
||||
- Exit immediately with an error message if the code attempts to
|
||||
use libevent without having initialized it. This should resolve
|
||||
some frequently-made mistakes in our unit tests. Closes ticket
|
||||
18241.
|
||||
- Exit immediately with an error message if the code attempts to use
|
||||
libevent without having initialized it. This should resolve some
|
||||
frequently-made mistakes in our unit tests. Closes ticket 18241.
|
||||
|
||||
o Minor features (unix domain sockets):
|
||||
- Since some operating systems do not consider the actual modes on a
|
||||
UNIX domain socket itself, tor does not allow creating such a
|
||||
socket in a directory that is group or world accessible if it is
|
||||
supposed to be private. Likewise, it will not allow only group
|
||||
accessible sockets in a world accessible directory.
|
||||
However, on some operating systems this is unnecessary, so
|
||||
add a per-socket option called RelaxDirModeCheck.
|
||||
Closes ticket 18458. Patch by weasel.
|
||||
supposed to be private. Likewise, it will not allow only group
|
||||
accessible sockets in a world accessible directory. However, on
|
||||
some operating systems this is unnecessary, so add a per-socket
|
||||
option called RelaxDirModeCheck. Closes ticket 18458. Patch
|
||||
by weasel.
|
||||
|
||||
o Minor features:
|
||||
- Update geoip and geoip6 to the February 2 2016 Maxmind GeoLite2
|
||||
Country database.
|
||||
o Minor bugfixes (exit policies, security):
|
||||
- Refresh an exit relay's exit policy when interface addresses
|
||||
change. Previously, tor only refreshed the exit policy when the
|
||||
configured external address changed. Fixes bug 18208; bugfix on
|
||||
tor 0.2.7.3. Patch by "teor".
|
||||
|
||||
o Minor bugfixes (security, hidden services):
|
||||
- Prevent hidden services connecting to client-supplied rendezvous
|
||||
addresses that are reserved as internal or multicast. Fixes bug
|
||||
8976; bugfix on b7c172c9e in tor-0.2.3.21. Patch by "dgoulet"
|
||||
and "teor".
|
||||
|
||||
o Minor bugfixes (security, win32):
|
||||
- Set SO_EXCLUSIVEADDRUSE on Win32 to avoid a local port-stealing
|
||||
attack. Fixes bug 18123; bugfix on all tor versions. Patch
|
||||
by "teor".
|
||||
|
||||
o Minor bugfixes:
|
||||
- Bridges now refuse "rendezvous2" (hidden service descriptor)
|
||||
publish attempts. Suggested by ticket 18332.
|
||||
|
||||
o Minor bugfixes (build):
|
||||
- Do not link the unit tests against both the testing and non-testing
|
||||
versions of the static libraries. Fixes bug 18490; bugfix on
|
||||
0.2.7.1-alpha.
|
||||
- Do not link the unit tests against both the testing and non-
|
||||
testing versions of the static libraries. Fixes bug 18490; bugfix
|
||||
on 0.2.7.1-alpha.
|
||||
|
||||
o Minor bugfixes (client):
|
||||
- Count receipt of new microdescriptors as progress towards
|
||||
bootstrapping. Now, when a user who has set EntryNodes finishes
|
||||
bootstrapping, Tor automatically repopulates the guard set based
|
||||
on this new directory information. Fixes bug 16825; bugfix on
|
||||
0.2.3.1-alpha.
|
||||
on this new directory information. Fixes bug 16825; bugfix
|
||||
on 0.2.3.1-alpha.
|
||||
|
||||
o Minor bugfixes (code correctness):
|
||||
- Update to the latest version of Trunnel, which tries harder
|
||||
to avoid generating code that can invoke memcpy(p,NULL,0).
|
||||
Bug found by clang address sanitizer. Fixes bug 18373; bugfix
|
||||
- Update to the latest version of Trunnel, which tries harder to
|
||||
avoid generating code that can invoke memcpy(p,NULL,0). Bug found
|
||||
by clang address sanitizer. Fixes bug 18373; bugfix
|
||||
on 0.2.7.2-alpha.
|
||||
|
||||
o Minor bugfixes (configuration):
|
||||
@ -134,44 +145,37 @@ Changes in version 0.2.8.2-rc - 2016-03-??
|
||||
o Minor bugfixes (containers):
|
||||
- If we somehow attempt to construct a heap with more than
|
||||
1073741822 elements, avoid an integer overflow when maintaining
|
||||
the heap property. Fixes bug 18296; bugfix on 0.1.2.1-alpha.
|
||||
the heap property. Fixes bug 18296; bugfix on 0.1.2.1-alpha.
|
||||
|
||||
o Minor bugfixes (correctness):
|
||||
- Fix a bad memory handling bug that would occur if we had queued
|
||||
a cell on a channel's incoming queue. Fortunately, we can't actually
|
||||
queue a cell like that as our code is constructed today, but it's best
|
||||
to avoid this kind of error, even if there isn't any code that triggers
|
||||
it today. Fixes bug 18570; bugfix on 0.2.4.4-alpha.
|
||||
- Fix a bad memory handling bug that would occur if we had queued a
|
||||
cell on a channel's incoming queue. Fortunately, we can't actually
|
||||
queue a cell like that as our code is constructed today, but it's
|
||||
best to avoid this kind of error, even if there isn't any code
|
||||
that triggers it today. Fixes bug 18570; bugfix on 0.2.4.4-alpha.
|
||||
|
||||
o Minor bugfixes (crypto, static analysis):
|
||||
- Silence spurious clang-scan warnings in the ed25519_donna code
|
||||
by explicitly initialising some objects.
|
||||
Fixes bug 18384; bugfix on 0f3eeca9 in 0.2.7.2-alpha.
|
||||
Patch by "teor".
|
||||
- Silence spurious clang-scan warnings in the ed25519_donna code by
|
||||
explicitly initialising some objects. Fixes bug 18384; bugfix on
|
||||
0f3eeca9 in 0.2.7.2-alpha. Patch by "teor".
|
||||
|
||||
o Minor bugfixes (directory):
|
||||
- When generating a URL for a directory server on an IPv6 address,
|
||||
wrap the IPv6 address in square brackets. Fixes bug 18051;
|
||||
bugfix on 0.2.3.9-alpha. Patch from Malek.
|
||||
|
||||
o Minor bugfixes (exit policies, security):
|
||||
- Refresh an exit relay's exit policy when interface addresses change.
|
||||
Previously, tor only refreshed the exit policy when the configured
|
||||
external address changed.
|
||||
Fixes bug 18208; bugfix on tor 0.2.7.3. Patch by "teor".
|
||||
wrap the IPv6 address in square brackets. Fixes bug 18051; bugfix
|
||||
on 0.2.3.9-alpha. Patch from Malek.
|
||||
|
||||
o Minor bugfixes (hidden service client):
|
||||
- Seven very fast consecutive requests to the same .onion address
|
||||
triggers 7 descriptor fetches. The first six each pick a directory
|
||||
(there are 6 overall) and the seventh one wasn't able to pick one
|
||||
which was triggering a close on all current directory connections. It
|
||||
has been fixed by not closing them if we have pending directory fetch.
|
||||
Fixes bug 15937; bugfix on tor-0.2.7.1-alpha.
|
||||
which was triggering a close on all current directory connections.
|
||||
It has been fixed by not closing them if we have pending directory
|
||||
fetch. Fixes bug 15937; bugfix on tor-0.2.7.1-alpha.
|
||||
|
||||
o Minor bugfixes (hidden service, control port):
|
||||
- Add the onion address to the HS_DESC event for the UPLOADED action
|
||||
both on success or failure. It was previously hardcoded with UNKNOWN.
|
||||
Fixes bug 16023; bugfix on 0.2.7.2-alpha.
|
||||
both on success or failure. It was previously hardcoded with
|
||||
UNKNOWN. Fixes bug 16023; bugfix on 0.2.7.2-alpha.
|
||||
|
||||
o Minor bugfixes (logging):
|
||||
- Scrub service in from "unrecognized service ID" log messages.
|
||||
@ -179,77 +183,69 @@ Changes in version 0.2.8.2-rc - 2016-03-??
|
||||
|
||||
o Minor bugfixes (memory safety):
|
||||
- Avoid freeing an uninitialised pointer when opening a socket fails
|
||||
in get_interface_addresses_ioctl.
|
||||
Fixes bug 18454; bugfix on 9f06ec0c in tor-0.2.3.11-alpha.
|
||||
Reported by "toralf" and "cypherpunks", patch by "teor".
|
||||
in get_interface_addresses_ioctl. Fixes bug 18454; bugfix on
|
||||
9f06ec0c in tor-0.2.3.11-alpha. Reported by "toralf" and
|
||||
"cypherpunks", patch by "teor".
|
||||
- Correctly duplicate addresses in get_interface_address6_list.
|
||||
Fixes bug 18454; bugfix on 110765f5 in tor-0.2.8.1-alpha.
|
||||
Reported by "toralf", patch by "cypherpunks".
|
||||
Fixes bug 18454; bugfix on 110765f5 in tor-0.2.8.1-alpha. Reported
|
||||
by "toralf", patch by "cypherpunks".
|
||||
|
||||
o Minor bugfixes (private directory):
|
||||
- Prevent a race condition when creating private directories.
|
||||
Fixes part of bug 17852; bugfix on 0.2pre13. Part of ticket
|
||||
17852. Patch from 'jsturgix'. Found with Flawfinder.
|
||||
- Prevent a race condition when creating private directories. Fixes
|
||||
part of bug 17852; bugfix on 0.2pre13. Part of ticket 17852. Patch
|
||||
from 'jsturgix'. Found with Flawfinder.
|
||||
|
||||
o Minor bugfixes (sandbox):
|
||||
- Allow the setrlimit syscall, and the prlimit and prlimit64 syscalls,
|
||||
which some libc implementations
|
||||
use under the hood. Fixes bug 15221; bugfix on 0.2.5.1-alpha.
|
||||
|
||||
o Minor bugfixes (security, hidden services):
|
||||
- Prevent hidden services connecting to client-supplied rendezvous
|
||||
addresses that are reserved as internal or multicast.
|
||||
Fixes bug 8976; bugfix on b7c172c9e in tor-0.2.3.21.
|
||||
Patch by "dgoulet" and "teor".
|
||||
|
||||
o Minor bugfixes (security, win32):
|
||||
- Set SO_EXCLUSIVEADDRUSE on Win32 to avoid a local port-stealing
|
||||
attack.
|
||||
Fixes bug 18123; bugfix on all tor versions. Patch by "teor".
|
||||
- Allow the setrlimit syscall, and the prlimit and prlimit64
|
||||
syscalls, which some libc implementations use under the hood.
|
||||
Fixes bug 15221; bugfix on 0.2.5.1-alpha.
|
||||
|
||||
o Minor bugfixes (test networks, IPv6):
|
||||
- Allow internal IPv6 addresses in descriptors in test networks.
|
||||
Fixes bug 17153; bugfix on 6b4af1071 in 0.2.3.16-alpha.
|
||||
Patch by "teor", reported by "karsten".
|
||||
Fixes bug 17153; bugfix on 6b4af1071 in 0.2.3.16-alpha. Patch by
|
||||
"teor", reported by "karsten".
|
||||
|
||||
o Minor bugfixes (testing):
|
||||
- We no longer disable assertions in the unit tests when coverage
|
||||
is enabled. Instead, we require you to say --disable-asserts-in-tests
|
||||
- We no longer disable assertions in the unit tests when coverage is
|
||||
enabled. Instead, we require you to say --disable-asserts-in-tests
|
||||
to the configure script if you need assertions disabled in the
|
||||
unit tests (for example, if you want to perform branch coverage).
|
||||
Fixes bug 18242; bugfix on 0.2.7.1-alpha.
|
||||
|
||||
o Minor bugfixes:
|
||||
- Bridges now refuse "rendezvous2" (hidden service descriptor)
|
||||
publish attempts. Suggested by ticket 18332.
|
||||
|
||||
o Code simplification and refactoring:
|
||||
- Quote all the string interpolations in configure.ac -- even
|
||||
those which we are pretty sure can't contain spaces. Closes
|
||||
ticket 17744. Patch from "zerosion".
|
||||
- Remove specialized code for non-inplace AES_CTR. 99% of our AES
|
||||
is inplace, so there's no need to have a separate implementation
|
||||
for the non-inplace code. Closes ticket 18258. Patch from
|
||||
Malek.
|
||||
- Quote all the string interpolations in configure.ac -- even those
|
||||
which we are pretty sure can't contain spaces. Closes ticket
|
||||
17744. Patch from "zerosion".
|
||||
- Remove specialized code for non-inplace AES_CTR. 99% of our AES is
|
||||
inplace, so there's no need to have a separate implementation for
|
||||
the non-inplace code. Closes ticket 18258. Patch from Malek.
|
||||
- Simplify return types for some crypto functions that can't
|
||||
actually fail. Patch from Hassan Alsibyani. Closes ticket
|
||||
18259.
|
||||
actually fail. Patch from Hassan Alsibyani. Closes ticket 18259.
|
||||
|
||||
o Dependency updates:
|
||||
- Tor now uses Autoconf version 2.63 or later, and Automake 1.11 or later
|
||||
(released in 2008 and 2009 respectively). If you are building Tor from
|
||||
the git repository instead of from the source distribution, and your
|
||||
tools are older than this, you will need to upgrade.
|
||||
Closes ticket 17732.
|
||||
- Tor now uses Autoconf version 2.63 or later, and Automake 1.11 or
|
||||
later (released in 2008 and 2009 respectively). If you are
|
||||
building Tor from the git repository instead of from the source
|
||||
distribution, and your tools are older than this, you will need to
|
||||
upgrade. Closes ticket 17732.
|
||||
|
||||
o Documentation:
|
||||
- Change build messages to refer to "Fedora" instead of "Fedora Core",
|
||||
and "dnf" instead of "yum". Closes tickets 18459 and 18426.
|
||||
- Change build messages to refer to "Fedora" instead of "Fedora
|
||||
Core", and "dnf" instead of "yum". Closes tickets 18459 and 18426.
|
||||
Patches from "icanhasaccount" and "cypherpunks".
|
||||
|
||||
o Removed features:
|
||||
- Streamline relay-side hsdir handling: when relays consider whether
|
||||
to accept an uploaded hidden service descriptor, they no longer
|
||||
check whether they are one of the relays in the network that is
|
||||
"supposed" to handle that descriptor. Implements ticket 18332.
|
||||
- We no longer maintain an internal freelist in memarea.c.
|
||||
Allocators should be good enough to make this code unnecessary,
|
||||
and it's doubtful that it ever had any performance benefit.
|
||||
|
||||
o Testing:
|
||||
- Fix several warnings from clang's address sanitizer produced in the
|
||||
unit tests.
|
||||
- Fix several warnings from clang's address sanitizer produced in
|
||||
the unit tests.
|
||||
- Treat backtrace test failures as expected on FreeBSD until we
|
||||
solve bug 17808. Closes ticket 18204.
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user