mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-23 20:03:31 +01:00
fold in some new changelog stanzas
This commit is contained in:
parent
19c372daf0
commit
36721e940d
150
ChangeLog
150
ChangeLog
@ -1,4 +1,150 @@
|
||||
Changes in version 0.2.3.11-alpha - 201?-??-??
|
||||
Changes in version 0.2.3.11-alpha - 2012-01-0?
|
||||
o Major features:
|
||||
- Now that Tor 0.2.0.x is completely deprecated, enable the final
|
||||
part of "Proposal 110: Avoiding infinite length circuits" by
|
||||
refusing all circuit-extend requests that do not use a relay_early
|
||||
cell. This change helps Tor resist a class of denial-of-service
|
||||
attacks by limiting the maximum circuit length.
|
||||
- Adjust the number of introduction points that a hidden service
|
||||
will try to maintain based on how long its introduction points
|
||||
remain in use and how many introductions they handle. Fixes
|
||||
part of bug 3825.
|
||||
- Try to use system facilities for enumerating local interface
|
||||
addresses, before falling back to our old approach (which was
|
||||
binding a UDP socket, and calling getsockname() on it). That
|
||||
approach was scaring OS X users whose draconian firewall
|
||||
software warned about binding to UDP sockets, regardless of
|
||||
whether packets were sent. Now we try to use getifaddrs(),
|
||||
SIOCGIFCONF, or GetAdaptersAddresses(), depending on what the
|
||||
system supports. Resolves ticket 1827.
|
||||
|
||||
o Major security workaround:
|
||||
- When building or running with any version of OpenSSL earlier
|
||||
than 0.9.8s or 1.0.0f, disable SSLv3 support. These OpenSSL
|
||||
versions have a bug (CVE-2011-4576) in which their block cipher
|
||||
padding includes uninitialized data, potentially leaking sensitive
|
||||
information to any peer with whom they make a SSLv3 connection. Tor
|
||||
does not use SSL v3 by default, but a hostile client or server
|
||||
could force an SSLv3 connection in order to gain information that
|
||||
they shouldn't have been able to get. The best solution here is to
|
||||
upgrade to OpenSSL 0.9.8s or 1.0.0f (or later). But when building
|
||||
or running with a non-upgraded OpenSSL, we disable SSLv3 entirely
|
||||
to make sure that the bug can't happen.
|
||||
|
||||
o Major bugfixes:
|
||||
- Correct our replacements for the timeradd() and timersub() functions
|
||||
on platforms that lack them (for example, Windows). The timersub()
|
||||
function is used when expiring circuits, while timeradd() is
|
||||
currently unused. Bug report and patch by Vektor. Bugfix on
|
||||
0.2.2.24-alpha and 0.2.3.1-alpha; fixes bug 4778.
|
||||
- Do not use OpenSSL 1.0.0's counter mode: it has a critical bug
|
||||
that was fixed in OpenSSL 1.0.0a. Fixes bug 4779; bugfix on
|
||||
Tor 0.2.3.9-alpha. Found by Pascal.
|
||||
|
||||
o Minor features:
|
||||
- Directory servers now reject versions of Tor older than 0.2.1.30,
|
||||
and Tor versions between 0.2.2.1-alpha and 0.2.2.20-alpha
|
||||
(inclusive). These versions accounted for only a small fraction of
|
||||
the Tor network, and have numerous known security issues. Resolves
|
||||
issue 4788.
|
||||
- Use absolute path names when reporting the torrc filename in the
|
||||
control protocol, so a controller can more easily find the torrc
|
||||
file. Resolves bug 1101.
|
||||
- If EntryNodes are given, but UseEntryGuards is set to 0, warn that
|
||||
EntryNodes will have no effect. Resolves issue 2571.
|
||||
- Extend the control protocol to report flags that control a circuit's
|
||||
path selection in CIRC events and in replies to 'GETINFO
|
||||
circuit-status'. Implements part of ticket 2411.
|
||||
- Extend the control protocol to report the hidden service address
|
||||
and current state of a hidden-service-related circuit in CIRC
|
||||
events and in replies to 'GETINFO circuit-status'. Implements part
|
||||
of ticket 2411.
|
||||
- Update to the January 3 2012 Maxmind GeoLite Country database.
|
||||
|
||||
o Minor bugfixes (hidden services):
|
||||
- Don't close hidden service client circuits which have almost
|
||||
finished connecting to their destination when they reach
|
||||
the normal circuit-build timeout. Previously, we would close
|
||||
introduction circuits which are waiting for an acknowledgement
|
||||
from the introduction point, and rendezvous circuits which have
|
||||
been specified in an INTRODUCE1 cell sent to a hidden service,
|
||||
after the normal CBT. Now, we mark them as 'timed out', and launch
|
||||
another rendezvous attempt in parallel. This behavior change can
|
||||
be disabled using the new CloseHSClientCircuitsImmediatelyOnTimeout
|
||||
option. Fixes part of bug 1297.
|
||||
- Don't close hidden-service-side rendezvous circuits when they
|
||||
reach the normal circuit-build timeout. This behaviour change can
|
||||
be disabled using the new
|
||||
CloseHSServiceRendCircuitsImmediatelyOnTimeout option. Fixes the
|
||||
remaining part of bug 1297.
|
||||
- Make sure we never mark the wrong rendezvous circuit as having
|
||||
had its introduction cell acknowleged by the introduction-point
|
||||
relay. Previously, when we received an INTRODUCE_ACK cell on a
|
||||
client-side hidden-service introduction circuit, we might have
|
||||
marked a rendezvous circuit other than the one we specified in
|
||||
the INTRODUCE1 cell as INTRO_ACKED, which would have produced
|
||||
a warning message and interfered with the hidden service
|
||||
connection-establishment process. Bugfix on 0.2.3.3-alpha, when we
|
||||
added the stream-isolation feature which might cause Tor to open
|
||||
multiple rendezvous circuits for the same hidden service. Fixes
|
||||
bug 4759.
|
||||
- Don't trigger an assertion failure when we mark a new client-side
|
||||
hidden-service introduction circuit for close during the process
|
||||
of creating it. Bugfix on 0.2.3.6-alpha. Fixes bug 4796; reported
|
||||
by murb.
|
||||
|
||||
o Minor bugfixes (other):
|
||||
- Fix null-pointer access that could occur if TLS allocation failed.
|
||||
Fixes bug 4531; bugfix on 0.2.0.20-rc. Found by "troll_un". This was
|
||||
erroneously listed as fixed in 0.2.3.9-alpha, but the fix had
|
||||
accidentally been reverted.
|
||||
- Fix an assertion failure when, while running with bufferevents, a
|
||||
connection finishes connecting after it is marked for close, but
|
||||
before it is closed. Fixes bug 4697; bugfix on 0.2.3.1-alpha.
|
||||
- Older Linux kernels erroneously respond to strange nmap behavior
|
||||
by having accept() return successfully with a zero-length
|
||||
socket. When this happens, just close the connection. Previously,
|
||||
we would try harder to learn the remote address: but there was
|
||||
no such remote address to learn, and our method for trying to
|
||||
learn it was incorrect. Fixes bugs 1240, 4745, and 4747. Bugfix
|
||||
on 0.1.0.3-rc. Reported and diagnosed by "r1eo".
|
||||
- test_util_spawn_background_ok() hardcoded the expected value
|
||||
for ENOENT to 2. This isn't portable as error numbers are
|
||||
platform specific, and particularly the hurd has ENOENT at
|
||||
0x40000002. Construct expected string at runtime, using the correct
|
||||
value for ENOENT. Fixes bug 4733; bugfix on 0.2.3.1-alpha.
|
||||
- Correctly spell "connect" in a log message on failure to create a
|
||||
controlsocket. Fixes bug 4803; bugfix on 0.2.2.26-beta and
|
||||
0.2.3.2-alpha.
|
||||
- During configure, search for library containing cos function as
|
||||
libm lives in libcore on some platforms (BeOS/Haiku).
|
||||
Linking against libm was hard-coded before. Bugfix on
|
||||
0.2.2.2-alpha; fixes the first part of bug 4727. Patch and
|
||||
analysis by Martin Hebnes Pedersen.
|
||||
- Preprocessor directives should not be put inside the arguments
|
||||
of a macro. This would break compilation with GCC releases prior
|
||||
to version 3.3. We would never recommend such an old GCC
|
||||
version, but it is apparently required for binary compatibility
|
||||
on some platforms (namely, certain builds of Haiku). Bugfix on
|
||||
0.2.3.3-alpha; fixes the other part of bug 4727. Patch and
|
||||
analysis by Martin Hebnes Pedersen.
|
||||
|
||||
- Feature removal:
|
||||
- When sending or relaying a RELAY_EARLY cell, we used to convert
|
||||
it to a RELAY cell if the connection was using the v1 link
|
||||
protocol. This was a workaround for older versions of Tor, which
|
||||
didn't handle RELAY_EARLY cells properly. Now that all supported
|
||||
versions can handle RELAY_EARLY cells, and now that we're enforcing
|
||||
the "no RELAY_EXTEND commands except in RELAY_EARLY cells" rule,
|
||||
remove this workaround. Addresses bug 4786.
|
||||
|
||||
o Code simplifications and refactoring:
|
||||
- During configure, detect when we're building with clang version
|
||||
3.0 or lower and disable the -Wnormalized=id and -Woverride-init
|
||||
CFLAGS. clang doesn't support them yet.
|
||||
- Use OpenSSL's built-in SSL_state_string_long() instead of our
|
||||
own homebrewed ssl_state_to_string() replacement. Patch from
|
||||
Emile Snyder. Fixes bug 4653.
|
||||
|
||||
|
||||
Changes in version 0.2.3.10-alpha - 2011-12-16
|
||||
@ -786,7 +932,7 @@ Changes in version 0.2.1.31 - 2011-10-26
|
||||
circuit EXTEND request. Now relays can protect clients from the
|
||||
CVE-2011-2768 issue even if the clients haven't upgraded yet.
|
||||
- Bridges now refuse CREATE or CREATE_FAST cells on OR connections
|
||||
that they initiated. Relays could distinguish incoming bridge
|
||||
that they initiated. Relays could distinguish incoming bridge
|
||||
connections from client connections, creating another avenue for
|
||||
enumerating bridges. Fixes CVE-2011-2769. Bugfix on 0.2.0.3-alpha.
|
||||
Found by "frosty_un".
|
||||
|
@ -1,3 +0,0 @@
|
||||
o Minor features:
|
||||
- Use absolute path names when reporting the torrc filename, so
|
||||
that a controller can more easily find it. Resolves bug 1101.
|
@ -1,8 +0,0 @@
|
||||
o Minor bugfixes:
|
||||
- When running with an older Linux kernel that erroneously responds
|
||||
to strange nmap behavior by having accept() return successfully
|
||||
with a zero-length socket, just close the connection. Previously,
|
||||
we would try harder to learn the remote address: but there was no
|
||||
such remote address to learn, and our method for trying to learn
|
||||
it was incorrect. Fixes bugs #1240, #4745, and #4747. Bugfix on
|
||||
0.1.0.3-rc. Reported and diagnosed by "r1eo".
|
@ -1,20 +0,0 @@
|
||||
o Minor bugfixes:
|
||||
|
||||
- Don't close hidden service client circuits which have almost
|
||||
finished connecting to their destination when they reach the
|
||||
normal circuit-build timeout. Previously, we would close
|
||||
introduction circuits which are waiting for an acknowledgement
|
||||
from the introduction-point relay and rendezvous circuits which
|
||||
have been specified in an INTRODUCE1 cell sent to a hidden
|
||||
service after the normal CBT; now, we mark them as 'timed out',
|
||||
and launch another rendezvous attempt in parallel. This
|
||||
behaviour change can be disabled using the new
|
||||
CloseHSClientCircuitsImmediatelyOnTimeout option. Fixes part of
|
||||
bug 1297.
|
||||
|
||||
- Don't close hidden-service-side rendezvous circuits when they
|
||||
reach the normal circuit-build timeout. Previously, we would
|
||||
close them. This behaviour change can be disabled using the new
|
||||
CloseHSServiceRendCircuitsImmediatelyOnTimeout option. Fixes
|
||||
the remaining part of bug 1297.
|
||||
|
@ -1,9 +0,0 @@
|
||||
- Minor features:
|
||||
- Try to use system facilities for enumerating local interface
|
||||
addresses, before falling back to our old approach (which was
|
||||
binding a UDP socket, and calling getsockname() on it). That
|
||||
approach was confusing people whose draconian firewall software
|
||||
didn't like binding to UDP sockets, regardless of whether
|
||||
packets were sent. Now we try to use getifaddrs(), SIOCGIFCONF,
|
||||
or GetAdaptersAddresses(), depending on what the system
|
||||
supports. Resolves ticket #1827.
|
@ -1,3 +0,0 @@
|
||||
- Minor features:
|
||||
- If EntryNodes are given, but UseEntryGuards is set to 0, warn that
|
||||
EntryNodes will have no effect. Resolves issue 2571.
|
@ -1,7 +0,0 @@
|
||||
o Major features:
|
||||
|
||||
- Adjust the number of introduction points that a hidden service
|
||||
will try to maintain based on how long its introduction points
|
||||
remain in use and how many introductions they handle. Fixes
|
||||
part of bug 3825.
|
||||
|
@ -1,5 +0,0 @@
|
||||
o Minor bugfixes:
|
||||
- Fix null-pointer access that could occur if TLS allocation failed.
|
||||
Fixes bug 4531; bugfix on 0.2.0.20-rc. Found by "troll_un". This was
|
||||
erroneously listed as fixed in 0.2.3.9-alpha, but the fix had
|
||||
accidentally been reverted.
|
@ -1,4 +0,0 @@
|
||||
o Code simplification and refactoring:
|
||||
- Use OpenSSL's built-in SSL_state_string_long() instead of our
|
||||
own homebrewed ssl_state_to_string() replacement. Patch from
|
||||
Emile Snyder. Fixes bug 4653.
|
@ -1,5 +0,0 @@
|
||||
o Minor bugfixes:
|
||||
- Fix an assertion failure when, while running with bufferevents, a
|
||||
connection finishes connecting after it is marked for close, but
|
||||
before it is closed. Fix for bug 4697; Bugfix on 0.2.3.1-alpha.
|
||||
|
@ -1,6 +0,0 @@
|
||||
o Minor fix:
|
||||
test_util_spawn_background_ok() hardcoded the expected value
|
||||
for ENOENT to 2. This isn't portable as error numbers are
|
||||
platform specific, and particularly the hurd has ENOENT at
|
||||
0x40000002. Construct expected string at runtime, using the
|
||||
correct value for ENOENT (closes: #4733). Bugfix on 0.2.3.1-alpha.
|
@ -1,14 +0,0 @@
|
||||
o Minor bugfixes:
|
||||
|
||||
- Make sure we never mark the wrong rendezvous circuit as having
|
||||
had its introduction cell acknowleged by the introduction-point
|
||||
relay. Previously, when we received an INTRODUCE_ACK cell on a
|
||||
client-side hidden-service introduction circuit, we might have
|
||||
marked a rendezvous circuit other than the one we specified in
|
||||
the INTRODUCE1 cell as INTRO_ACKED, which would have produced a
|
||||
warning message and interfered with the hidden service
|
||||
connection-establishment process. Bugfix on 0.2.3.3-alpha, when
|
||||
the stream-isolation feature which might cause Tor to open
|
||||
multiple rendezvous circuits for the same hidden service was
|
||||
added. Fixes bug 4759.
|
||||
|
@ -1,4 +0,0 @@
|
||||
o Minor bugfixes:
|
||||
- Do not use OpenSSL 1.0.0's counter mode: it has a critical bug
|
||||
that was fixed in OpenSSL 1.0.0a. Fixes bug 4779; bugfix on
|
||||
Tor 0.2.3.9-alpha. Found by Pascal.
|
@ -1,9 +0,0 @@
|
||||
- Feature removal:
|
||||
- When sending or relaying a RELAY_EARLY cell, we used to convert
|
||||
it to a RELAY cell if the connection was using the v1 link
|
||||
protocol. This was a workaround for older versions of Tor, which
|
||||
didn't handle RELAY_EARLY cells properly. Now that all supported
|
||||
versions can handle RELAY_EARLY cells, and now that we're
|
||||
enforcing the "no RELAY_EXTEND commands except in RELAY_EARLY
|
||||
cells" rule, we're removing this workaround. Addresses bug 4786.
|
||||
|
@ -1,6 +0,0 @@
|
||||
o Minor features (directory server):
|
||||
- Directory servers now reject versions of Tor older than 0.2.1.30,
|
||||
and Tor versions between 0.2.2.1-alpha and 0.2.2.20-alpha
|
||||
(inclusive). These versions accounted for only a small fraction of
|
||||
the Tor network, and have numerous known security issues. Resolves
|
||||
issue #4788.
|
@ -1,7 +0,0 @@
|
||||
o Minor bugfixes:
|
||||
|
||||
- Don't exit with an assertion failure when we mark a new
|
||||
client-side hidden-service introduction circuit for close during
|
||||
the process of creating it. Bugfix on 0.2.3.6-alpha. Fixes bug
|
||||
4796; reported by murb.
|
||||
|
@ -1,4 +0,0 @@
|
||||
o Minor bugfixes:
|
||||
- Correctly spell "connect" in a log message when creating a controlsocket
|
||||
fails. Fixes bug 4803; bugfix on 0.2.2.26-beta/0.2.3.2-alpha.
|
||||
|
@ -1,13 +0,0 @@
|
||||
o Major security workaround:
|
||||
- When building or running with any version of OpenSSL earlier
|
||||
than 0.9.8s or 1.0.0f, disable SSLv3 support. These versions had
|
||||
a bug (CVE-2011-4576) in which their block cipher padding
|
||||
included uninitialized data, potentially leaking sensitive
|
||||
information to any peer with whom they made a SSLv3
|
||||
connection. Tor does not use SSL v3 by default, but a hostile
|
||||
client or server could force an SSLv3 connection in order to
|
||||
gain information that they shouldn't have been able to get. The
|
||||
best solution here is to upgrade to OpenSSL 0.9.8s or 1.0.0f (or
|
||||
later). But when building or running with a non-upgraded
|
||||
OpenSSL, we should instead make sure that the bug can't happen
|
||||
by disabling SSLv3 entirely.
|
@ -1,5 +0,0 @@
|
||||
o Code simplifications and refactoring:
|
||||
- During configure, detect when we're building with clang version 3.0 or
|
||||
lower and disable the -Wnormalized=id and -Woverride-init CFLAGS.
|
||||
clang doesn't support them yet.
|
||||
|
@ -1,12 +0,0 @@
|
||||
o Minor features:
|
||||
|
||||
- Report flags that control a circuit's path selection to
|
||||
controllers in CIRC events and in replies to 'GETINFO
|
||||
circuit-status'. Implements part of ticket 2411.
|
||||
|
||||
- Report the hidden service address and current state of a
|
||||
hidden-service-related circuit to controllers in CIRC events and
|
||||
in replies to 'GETINFO circuit-status'. Implements part of
|
||||
ticket 2411.
|
||||
|
||||
|
@ -1,3 +0,0 @@
|
||||
o Minor features:
|
||||
- Update to the January 3 2012 Maxmind GeoLite Country database.
|
||||
|
@ -1,14 +0,0 @@
|
||||
o Minor buxfixes:
|
||||
- During configure, search for library containing cos function as
|
||||
libm lives in libcore on some platforms (BeOS/Haiku).
|
||||
Linking against libm was hard-coded before. Bugfix on
|
||||
0.2.2.2-alpha, fixes the first part of bug 4727. Patch and
|
||||
analysis by Martin Hebnes Pedersen.
|
||||
- Preprocessor directives should not be put inside the arguments
|
||||
of a macro. This would break compilation with GCC releases prior
|
||||
to version 3.3. We would never recommend such an old GCC
|
||||
version, but it is apparently required for binary compatibility
|
||||
on some platforms (namely, certain builds of Haiku). Bugfix on
|
||||
0.2.3.3-alpha, fixes the other part of bug 4727. Patch and
|
||||
analysis by Martin Hebnes Pedersen.
|
||||
|
@ -1,7 +0,0 @@
|
||||
o Major features:
|
||||
- Now that Tor 0.2.0.x is completely deprecated, we can enable the
|
||||
final part of "Proposal 110: Avoiding infinite length circuits"
|
||||
by refusing all circuit-extend requests that do not appear in a
|
||||
"relay_early" cell. This change helps Tor to resist a class of
|
||||
denial-of-service attacks by limiting the maximum circuit length.
|
||||
|
@ -1,7 +0,0 @@
|
||||
o Major bugfixes:
|
||||
- Provide correct replacements for the timeradd() and timersub() functions
|
||||
for platforms that lack them (for example, windows). The timersub()
|
||||
function is used when expiring circuits, timeradd() is currently unused.
|
||||
Patch written by Vektor, who also reported the bug. Thanks! Bugfix
|
||||
on 0.2.2.24-alpha/0.2.3.1-alpha, fixes bug 4778.
|
||||
|
Loading…
Reference in New Issue
Block a user