mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-27 22:03:31 +01:00
Start on an 0.2.6.1-alpha changelog
I concatenated the remaining changes/* files, removed them, made the headings more uniform, then told format_changelog.py to sort, collate, and wrap them.
This commit is contained in:
parent
a477d7c666
commit
682c154cc4
349
ChangeLog
349
ChangeLog
@ -1,4 +1,353 @@
|
|||||||
Changes in version 0.2.6.1-alpha - 2014-??-??
|
Changes in version 0.2.6.1-alpha - 2014-??-??
|
||||||
|
o Major features (bridges):
|
||||||
|
- Expose the outgoing upstream HTTP/SOCKS proxy to pluggable
|
||||||
|
transports if they are configured via the "TOR_PT_PROXY" enviorment
|
||||||
|
variable. Implements proposal 232. Resolves ticket 8402.
|
||||||
|
|
||||||
|
o Major features (client performance, hidden services):
|
||||||
|
- Allow clients to use optimistic data when connecting to a hidden
|
||||||
|
service, which should cut out the initial round-trip for client-
|
||||||
|
side programs including Tor Browser. (Now that Tor 0.2.2.x is
|
||||||
|
obsolete, all hidden services should support server-side
|
||||||
|
optimistic data.) See proposal 181 for details. Implements ticket
|
||||||
|
13211. - Add an option to overwrite logs (TruncateLogFile). Closes
|
||||||
|
ticket #5583.
|
||||||
|
|
||||||
|
o Major features (directory system):
|
||||||
|
- Upon receiving a server descriptor, microdescriptor, extrainfo
|
||||||
|
document, or other object that is unparseable, if its digest
|
||||||
|
matches what we expected, then mark it as not to be downloaded
|
||||||
|
again. Previously, when we got a descriptor we didn't like, we
|
||||||
|
would keep trying to download it over and over. Closes
|
||||||
|
ticket 11243.
|
||||||
|
|
||||||
|
o Major features (sample torrc):
|
||||||
|
- Add a new, infrequently-changed "torrc.minimal". This file's
|
||||||
|
purpose is similar to torrc.sample, but it is meant to be small
|
||||||
|
and change as infrequently as possible, for the benefit of users
|
||||||
|
whose systems prompt them for intervention whenever a default
|
||||||
|
configuration file is changed. Making this change allows us to
|
||||||
|
update torrc.sample to be a more generally useful "sample torrc".
|
||||||
|
|
||||||
|
o Major bugfixes (directory authorities):
|
||||||
|
- Relays should not be assigned the HSDir flag if they are
|
||||||
|
considered invalid. Also, do not assign the HSDir flag to relays
|
||||||
|
that are currently hibernating. Fixes #12573. Bugfix
|
||||||
|
on tor-0.2.0.10-alpha
|
||||||
|
|
||||||
|
o Major bugfixes (directory bandwidth performance):
|
||||||
|
- Don't flush the zlib buffer aggressively when compressing
|
||||||
|
directory information for clients. This should save about 7% of
|
||||||
|
the bandwidth currently used for compressed descriptors and
|
||||||
|
microdescriptors. Fixes bug 11787; bugfix on 0.1.1.23.
|
||||||
|
|
||||||
|
o Minor features (security, memory wiping):
|
||||||
|
- Ensure we securely wipe keys from memory after
|
||||||
|
crypto_digest_get_digest and init_curve25519_keypair_from_file
|
||||||
|
have finished using them. Fixes bug 13477.
|
||||||
|
|
||||||
|
o Minor features (security, out-of-memory handling):
|
||||||
|
- When handling a low-memory situation, allocate less memory for
|
||||||
|
teporary data structures. Fixes issue 10115.
|
||||||
|
- When closing an edge connection because we've run out of memory,
|
||||||
|
also count the amount of memory that any tunnelled directory
|
||||||
|
connection attached to that connection had consumed. Part of
|
||||||
|
ticket 11792.
|
||||||
|
- When considering whether we're running low on memory, consider
|
||||||
|
memory that was allocated as part of zlib buffers as well. Count
|
||||||
|
that memory as reclaimed by our OOM handler. Part of ticket 11792.
|
||||||
|
- When handling out-of-memory conditions, also look at non-tunnneled
|
||||||
|
directory connections, and kill the ones that have had data
|
||||||
|
sitting on them for the longest. Part of ticket 11792.
|
||||||
|
|
||||||
|
o Minor features (client):
|
||||||
|
- Clients are now willing to send optimistic circuit data (before
|
||||||
|
they receive a 'connected' cell) to relays of any version. We used
|
||||||
|
to only do it for relays running 0.2.3.1-alpha or later, but now
|
||||||
|
all relays are new enough. Resolves ticket 13153.
|
||||||
|
|
||||||
|
o Minor features (directory authorities):
|
||||||
|
- Don't list relays with a bandwidth estimate of 0 in the consensus.
|
||||||
|
Implements a feature proposed during discussion of bug 13000.
|
||||||
|
- In tor-gencert, report an error if the user provides the same
|
||||||
|
argument more than once.
|
||||||
|
- If a directory authority can't find a best consensus method in the
|
||||||
|
votes that it holds, it now falls back to its favorite consensus
|
||||||
|
method. Previously, it fell back to method 1. Neither of these is
|
||||||
|
likely to get enough signatures, but "fall back to favorite"
|
||||||
|
doesn't require us to maintain support an obsolete consensus
|
||||||
|
method. Implements another part of proposal 215.
|
||||||
|
|
||||||
|
o Minor features (logging):
|
||||||
|
- On unix, you can now use named pipes as the target of the Log
|
||||||
|
option, and other options that try to append to files. Closes
|
||||||
|
ticket 12061. Patch from "carlo von lynX".
|
||||||
|
- When opening a log file at startup, send it every log message that
|
||||||
|
we generated between startup and opening it. Closes ticket 6938.
|
||||||
|
|
||||||
|
o Minor features (portability, Solaris):
|
||||||
|
- Threads are no longer disabled by default on Solaris; we believe
|
||||||
|
that the versions of Solaris with broken threading support are all
|
||||||
|
obsolete by now. Resolves ticket 9495.
|
||||||
|
|
||||||
|
o Minor features (relay):
|
||||||
|
- Re-check our address after we detect a changed IP address from
|
||||||
|
getsockname(). This ensures that the controller command "GETINFO
|
||||||
|
address" will report the correct value. Resolves ticket 11582.
|
||||||
|
Patch from "ra".
|
||||||
|
- A new AccountingRule option lets you set whether you'd like the
|
||||||
|
AccountingMax value to be applied separately to inbound and
|
||||||
|
outbound traffic, or applied to the sum of inbound and outbound
|
||||||
|
traffic. Resolves ticket 961. Patch by "chobe".
|
||||||
|
|
||||||
|
o Minor features (testing networks):
|
||||||
|
- Add the TestingDirAuthVoteExit option, a list of nodes to vote
|
||||||
|
Exit for regardless of their uptime, bandwidth, or exit policy.
|
||||||
|
TestingTorNetwork must be set for this option to have any effect.
|
||||||
|
Works around an issue where authorities would take up to 35
|
||||||
|
minutes to give nodes the Exit flag in a test network, despite
|
||||||
|
short consensus intervals. Partially implements ticket 13161.
|
||||||
|
|
||||||
|
o Minor features (validation):
|
||||||
|
- Check all date/time values passed to tor_timegm and
|
||||||
|
parse_rfc1123_time for validity, taking leap years into account.
|
||||||
|
Improves HTTP header validation. Implemented with bug 13476.
|
||||||
|
- Clamp year values returned by system localtime(_r) and gmtime(_r)
|
||||||
|
to year 1 in correct_tm. This ensures tor can read any values it
|
||||||
|
writes out. Fixes bug 13476.
|
||||||
|
|
||||||
|
o Minor bugfixes (bridge clients):
|
||||||
|
- When a bridge has been configured without an identity digest (not
|
||||||
|
recommended), avoid launching an extra channel to it when
|
||||||
|
bootstrapping. Fixes bug 7733; bugfix on 0.2.4.4-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (bridges):
|
||||||
|
- When DisableNetwork is set, do not launch pluggable transport
|
||||||
|
plugins, and if any are running already, terminate the existing
|
||||||
|
instances. Resolves ticket 13213.
|
||||||
|
|
||||||
|
o Minor bugfixes (C correctness):
|
||||||
|
- Fix several instances of possible integer overflow/underflow/NaN.
|
||||||
|
Fixes bug 13104; bugfix on 0.2.3.1-alpha and later. Patches
|
||||||
|
from "teor".
|
||||||
|
- In circuit_build_times_calculate_timeout() in circuitstats.c,
|
||||||
|
avoid dividing by zero in the pareto calculations. This traps
|
||||||
|
under clang -fsanitize=undefined-trap
|
||||||
|
-fsanitize-undefined-trap-on-error. Fixes bug 13290; bugfix
|
||||||
|
on tor-0.2.2.2-alpha.
|
||||||
|
- Fix an instance of integer overflow in format_time_interval().
|
||||||
|
Fixes bug 13393.
|
||||||
|
- Set the correct day of year value when the system's localtime(_r)
|
||||||
|
or gmtime(_r) functions fail to set struct tm. Not externally
|
||||||
|
visible. Fixes bug 13476.
|
||||||
|
- Avoid unlikely signed integer overflow in tor_timegm on systems
|
||||||
|
with 32-bit time_t. Fixes bug 13476.
|
||||||
|
|
||||||
|
o Minor bugfixes (client):
|
||||||
|
- Use the consensus schedule for downloading consensuses, and not
|
||||||
|
the generic schedule. Fixes bug 11679; bugfix on 0.2.2.6-alpha.
|
||||||
|
- Handle unsupported SOCKS5 requests properly by responding with
|
||||||
|
'Command not supported' reply message before closing a TCP
|
||||||
|
connection to the user. Fixes bug 12971.
|
||||||
|
- Handle malformed SOCKS5 requests properly by responding with an
|
||||||
|
appropriate error message before closing a TCP connection to the
|
||||||
|
user. Fixes bug 13314.
|
||||||
|
|
||||||
|
o Minor bugfixes (client, torrc):
|
||||||
|
- Stop modifying the value of our DirReqStatistics torrc option just
|
||||||
|
because we're not a bridge or relay. This bug was causing Tor
|
||||||
|
Browser users to write "DirReqStatistics 0" in their torrc files
|
||||||
|
as if they had chosen to change the config. Fixes bug 4244; bugfix
|
||||||
|
on 0.2.3.1-alpha.
|
||||||
|
- When GeoIPExcludeUnkonwn is enabled, do not incorrectly decide
|
||||||
|
that our options have changed every time we SIGHUP. Fixes bug
|
||||||
|
9801; bugfix on 0.2.4.10-alpha. Patch from "qwerty1".
|
||||||
|
|
||||||
|
o Minor bugfixes (controller):
|
||||||
|
- Return an error when the second or later arguments of the
|
||||||
|
"setevents" controller command are invalid events. Previously we
|
||||||
|
would return success while silently skipping invalid events. Fixes
|
||||||
|
bug 13205; bugfix on 0.2.3.2-alpha. Reported by "fpxnns".
|
||||||
|
|
||||||
|
o Minor bugfixes (directory system):
|
||||||
|
- Always believe that v3 directory authorities serve extra-info
|
||||||
|
documents, regardless of whether their server descriptor contains
|
||||||
|
a "caches-extra-info" line or not. Fixes part of #11683. Bugfix
|
||||||
|
on 0.2.0.1-alpha.
|
||||||
|
- When running as a v3 directory authority, advertise that you serve
|
||||||
|
extra-info documents so that clients who want them can find them
|
||||||
|
from you too. Fixes part of bug #11683. Bugfix on 0.2.0.1-alpha.
|
||||||
|
- Bitwise check the BRIDGE_DIRINFO flag rather than using equality.
|
||||||
|
Fixes a (potential) bug where directories offering BRIDGE_DIRINFO
|
||||||
|
and some other flag (i.e. microdescriptors or extrainfo) would be
|
||||||
|
ignored when looking for bridge directories. Partially fixes
|
||||||
|
bug 13163.
|
||||||
|
|
||||||
|
o Minor bugfixes (networking):
|
||||||
|
- Check for orconns and use connection_or_close_for_error() rather
|
||||||
|
than connection_mark_for_close() directly in the getsockopt()
|
||||||
|
failure case of connection_handle_write_impl(). Fixes bug #11302.
|
||||||
|
|
||||||
|
o Minor bugfixes (relay):
|
||||||
|
- When generating our family list, remove spaces from around the
|
||||||
|
entries there. Fixes bug 12728; bugfix on 0.2.1.7-alpha.
|
||||||
|
- If our previous bandwidth estimate was 0 bytes, allow publishing a
|
||||||
|
new relay descriptor immediately. Fixes bug 13000; bugfix
|
||||||
|
on 0.1.1.6-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (testing networks):
|
||||||
|
- Fix TestingDirAuthVoteGuard to properly give out Guard flags in a
|
||||||
|
testing network. Fixes bug 13064; bugfix on 0.2.5.2-alpha.
|
||||||
|
- Stop using the default authorities in networks which provide both
|
||||||
|
AlternateDirAuthority and AlternateBridgeAuthority. Partially
|
||||||
|
fixes bug 13163.
|
||||||
|
|
||||||
|
o Minor bugfixes (testing):
|
||||||
|
- Stop spawn test failures due to a race condition between the
|
||||||
|
SIGCHLD handler updating the process status, and the test reading
|
||||||
|
it. Fixes bug 13291; bugfix on 0.2.3.3-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (testing, Windows):
|
||||||
|
- Avoid passing an extra backslash when creating a temporary
|
||||||
|
directory for running the unit tests on Windows. Fixes bug 12392;
|
||||||
|
bugfix on 0.2.2.25-alpha. Patch from Gisle Vanem.
|
||||||
|
|
||||||
|
o Minor bugfixes (windows):
|
||||||
|
- Remove code to special-case handling of NTE_BAD_KEYSET when
|
||||||
|
acquiring windows CryptoAPI context. This error can't actually
|
||||||
|
occur for the parameters we're providing. Fixes bug 10816; bugfix
|
||||||
|
on 0.0.2pre26.
|
||||||
|
|
||||||
|
o Minor bugfixes (zlib):
|
||||||
|
- When trying to finalize a zlib stream where we have already
|
||||||
|
exhausted all the input bytes and we need more bytes in the output
|
||||||
|
buffer, do not report the write as successful. Fixes bug 11824;
|
||||||
|
bugfix on 0.1.1.23.
|
||||||
|
|
||||||
|
o Build fixes:
|
||||||
|
- Allow our configure script to build correctly with autoconf 2.62
|
||||||
|
again. Fixes bug 12693; bugfix on 0.2.5.2-alpha.
|
||||||
|
- Improve configure script error message to make it clear that
|
||||||
|
compilation has failed and that user has to either add
|
||||||
|
--disable-asciidoc argument or install asciidoc. Resolves
|
||||||
|
ticket 13228.
|
||||||
|
- Stop test & bench build failures with --disable-curve25519. Fixes
|
||||||
|
bug 13285.
|
||||||
|
|
||||||
|
o Code simplification and refactoring:
|
||||||
|
- Change the entry_is_live() function to take named bitfield
|
||||||
|
elements instead of an unnamed list of booleans. Closes
|
||||||
|
ticket 12202.
|
||||||
|
- Refactoring and unit-testing entry_is_time_to_retry() in
|
||||||
|
entrynodes.c. Resolves ticket 12205.
|
||||||
|
- Use calloc and reallocarray functions in preference to multiply-
|
||||||
|
then-malloc. This makes it less likely for us to fall victim to an
|
||||||
|
integer overflow attack when allocating. Resolves ticket 12855.
|
||||||
|
- Use the standard macro name SIZE_MAX, instead of our
|
||||||
|
own SIZE_T_MAX.
|
||||||
|
- Document usage of the NO_DIRINFO and ALL_DIRINFO flags clearly in
|
||||||
|
functions which take them as arguments. Replace 0 with NO_DIRINFO
|
||||||
|
in a function call for clarity. Seeks to prevent future issues
|
||||||
|
like 13163.
|
||||||
|
- Avoid 4 null pointer errors under clang shallow analysis by using
|
||||||
|
tor_assert() to prove that the pointers aren't null. Fixes
|
||||||
|
bug 13284.
|
||||||
|
|
||||||
|
o Code simplifications and refactoring:
|
||||||
|
- Reworking API of policies_parse_exit_policy() function to use a
|
||||||
|
bitmask to represent parsing options instead of a confusing mess
|
||||||
|
of booleans. Resolves ticket 8197.
|
||||||
|
- Introducing helper function to parse ExitPolicy in
|
||||||
|
or_options_t structure.
|
||||||
|
|
||||||
|
o New compiler requirements:
|
||||||
|
- Tor 0.2.6.x requires that your compiler support more of the C99
|
||||||
|
language standard than before. The 'configure' script now detects
|
||||||
|
whether your compiler supports C99 mid-block declarations and
|
||||||
|
designated initializers. If it does not, Tor will not compile.
|
||||||
|
|
||||||
|
We may revisit this requirement if it turns out that a significant
|
||||||
|
number of people need to build Tor with compilers that don't
|
||||||
|
bother implementing a 15-year-old standard. Closes ticket 13233.
|
||||||
|
|
||||||
|
o Removed code:
|
||||||
|
- We no longer remind the user about obsolete configuration options
|
||||||
|
that have been obsolete since 0.2.3.x or later. Patch by
|
||||||
|
Adrien Bak.
|
||||||
|
|
||||||
|
o Removed features:
|
||||||
|
- The old "StrictEntryNodes" and "StrictExitNodes" options, which
|
||||||
|
used to be deprecated synonyms for "StrictNodes", are now marked
|
||||||
|
obsolete. Resolves ticket 12226.
|
||||||
|
- The "AuthDirRejectUnlisted" option no longer has any effect, as
|
||||||
|
the fingerprints file (approved-routers) has been deprecated.
|
||||||
|
- Directory authorities do not support being Naming dirauths
|
||||||
|
anymore. The "NamingAuthoritativeDir" config option has
|
||||||
|
been obsoleted.
|
||||||
|
- Directory authorities do not support giving out the BadDirectory
|
||||||
|
flag anymore.
|
||||||
|
- Clients don't understand the BadDirectory flag in the consensus
|
||||||
|
anymore, and ignore it.
|
||||||
|
- Tor no longer supports systems without threading support. When we
|
||||||
|
began working on Tor, there were several systems that didn't have
|
||||||
|
threads, or where the thread support wasn't able to run the
|
||||||
|
threads of a single process on multiple CPUs. That no longer
|
||||||
|
holds: every system where Tor needs to run well now has threading
|
||||||
|
support. Resolves ticket 12439.
|
||||||
|
|
||||||
|
o Removed platform support:
|
||||||
|
- We no longer include special code to build on Windows CE; as far
|
||||||
|
as we know, nobody has used Tor on Windows CE in a very long time.
|
||||||
|
Closes ticket 11446.
|
||||||
|
|
||||||
|
o Testing:
|
||||||
|
- Refactor the function that chooses guard nodes so that it can more
|
||||||
|
easily be tested; write some tests for it.
|
||||||
|
- Fix and re-enable the fgets_eagain unit test. Fixes bug 12503;
|
||||||
|
bugfix on 0.2.3.1-alpha. Patch from "cypherpunks."
|
||||||
|
- Create unit tests for format_time_interval(). With bug 13393.
|
||||||
|
- Add unit tests for tor_timegm signed overflow, tor_timegm and
|
||||||
|
parse_rfc1123_time validity checks, correct_tm year clamping. Unit
|
||||||
|
tests (visible) fixes in bug 13476.
|
||||||
|
- Add a "coverage-html" make target to generate HTML-visualized
|
||||||
|
coverage results when building with --enable-coverage. (Requires
|
||||||
|
lcov.) Patch from Kevin Murray.
|
||||||
|
- Enable the backtrace handler (where supported) when running the
|
||||||
|
unit tests.
|
||||||
|
- Revise all unit tests that used the legacy test_* macros to
|
||||||
|
instead use the recommended tt_* macros. This patch was generated
|
||||||
|
with coccinelle, to avoid manual errors. Closes ticket 13119.
|
||||||
|
|
||||||
|
o Distribution (systemd):
|
||||||
|
- systemd unit file: only allow tor to write to /var/lib/tor and
|
||||||
|
/var/log/tor. The rest of the filesystem is accessible for reading
|
||||||
|
only. Patch by intrigeri; resolves ticket 12751.
|
||||||
|
- systemd unit file: ensures that the process and all its children
|
||||||
|
can never gain new privileges. Patch by intrigeri; resolves
|
||||||
|
ticket 12939.
|
||||||
|
- systemd unit file: set up /var/run/tor as writable for the Tor
|
||||||
|
service. Patch by intrigeri; resolves ticket 13196.
|
||||||
|
|
||||||
|
o Removed features (directory authorities):
|
||||||
|
- Remove code that prevented authorities from listing Tor servers
|
||||||
|
affected by CVE-2011-2769 as guards. These servers are already
|
||||||
|
rejected altogether due to the minimum version requirement of
|
||||||
|
0.2.3.16-alpha. Closes ticket 13152.
|
||||||
|
- Directory authorities no longer advertise or support consensus
|
||||||
|
methods 1 through 12 inclusive. These consensus methods were
|
||||||
|
obsolete and/or insecure: maintaining the ability to support them
|
||||||
|
served no good purpose. Implements part of proposal 215; closes
|
||||||
|
ticket 10163.
|
||||||
|
|
||||||
|
o Testing (test-network.sh):
|
||||||
|
- Stop using "echo -n", as some shells' built-in echo doesn't
|
||||||
|
support "-n". Instead, use "/bin/echo -n". Partially fixes
|
||||||
|
bug 13161.
|
||||||
|
- Stop an apparent test-network hang when used with make -j2. Fixes
|
||||||
|
bug 13331.
|
||||||
|
- Add a --delay option to test-network.sh, which configures the
|
||||||
|
delay before the chutney network tests for data transmission.
|
||||||
|
Partially implements ticket 13161.
|
||||||
|
|
||||||
|
|
||||||
Changes in version 0.2.5.10 - 2014-10-24
|
Changes in version 0.2.5.10 - 2014-10-24
|
||||||
|
@ -1,4 +0,0 @@
|
|||||||
- Testing:
|
|
||||||
- Refactor the function that chooses guard nodes so that it can
|
|
||||||
more easily be tested; write some tests for it.
|
|
||||||
|
|
@ -1,3 +0,0 @@
|
|||||||
o Minor features:
|
|
||||||
- When handling a low-memory situation, allocate less memory
|
|
||||||
for teporary data structures. Fixes issue 10115.
|
|
@ -1,6 +0,0 @@
|
|||||||
o Minor bugfixes (windows):
|
|
||||||
- Remove code to special-case handling of NTE_BAD_KEYSET when
|
|
||||||
acquiring windows CryptoAPI context. This error can't actually
|
|
||||||
occur for the parameters we're providing. Fixes bug 10816;
|
|
||||||
bugfix on 0.0.2pre26.
|
|
||||||
|
|
@ -1,4 +0,0 @@
|
|||||||
o Bugfixes:
|
|
||||||
- Check for orconns and use connection_or_close_for_error() rather than
|
|
||||||
connection_mark_for_close() directly in the getsockopt() failure case
|
|
||||||
of connection_handle_write_impl(). Fixes bug #11302.
|
|
@ -1,3 +0,0 @@
|
|||||||
o Minor bugfixes (client):
|
|
||||||
- Use the consensus schedule for downloading consensuses, and not the
|
|
||||||
generic schedule. Fixes bug 11679; bugfix on 0.2.2.6-alpha.
|
|
@ -1,8 +0,0 @@
|
|||||||
o Minor bugfixes:
|
|
||||||
- Always believe that v3 directory authorities serve extra-info
|
|
||||||
documents, regardless of whether their server descriptor contains a
|
|
||||||
"caches-extra-info" line or not. Fixes part of #11683. Bugfix on
|
|
||||||
0.2.0.1-alpha.
|
|
||||||
- When running as a v3 directory authority, advertise that you serve
|
|
||||||
extra-info documents so that clients who want them can find them from
|
|
||||||
you too. Fixes part of bug #11683. Bugfix on 0.2.0.1-alpha.
|
|
@ -1,5 +0,0 @@
|
|||||||
o Minor bugfixes (directory bandwidth performance):
|
|
||||||
- Don't flush the zlib buffer aggressively when compressing
|
|
||||||
directory information for clients. This should save about 7% of
|
|
||||||
the bandwidth currently used for compressed descriptors and
|
|
||||||
microdescriptors. Fixes bug 11787; bugfix on 0.1.1.23.
|
|
@ -1,15 +0,0 @@
|
|||||||
o Minor features (security, OOM):
|
|
||||||
- When closing an edge connection because we've run out of memory,
|
|
||||||
also count the amount of memory that any tunnelled directory
|
|
||||||
connection attached to that connection had consumed. Part of
|
|
||||||
ticket 11792.
|
|
||||||
|
|
||||||
- When considering whether we're running low on memory, consider
|
|
||||||
memory that was allocated as part of zlib buffers as well.
|
|
||||||
Count that memory as reclaimed by our OOM handler. Part of
|
|
||||||
ticket 11792.
|
|
||||||
|
|
||||||
- When handling out-of-memory conditions, also look at
|
|
||||||
non-tunnneled directory connections, and kill the ones that have
|
|
||||||
had data sitting on them for the longest. Part of ticket 11792.
|
|
||||||
|
|
@ -1,5 +0,0 @@
|
|||||||
o Minor bugfixes:
|
|
||||||
- When trying to finalize a zlib stream where we have already
|
|
||||||
exhausted all the input bytes and we need more bytes in the
|
|
||||||
output buffer, do not report the write as successful.
|
|
||||||
Fixes bug 11824; bugfix on 0.1.1.23.
|
|
@ -1,4 +0,0 @@
|
|||||||
o Minor features:
|
|
||||||
- On unix, you can now use named pipes as the target of the Log
|
|
||||||
option, and other options that try to append to files. Closes
|
|
||||||
ticket 12061. Patch from "carlo von lynX".
|
|
@ -1,3 +0,0 @@
|
|||||||
o Code simplification and refactoring:
|
|
||||||
- Change the entry_is_live() function to take named bitfield elements
|
|
||||||
instead of an unnamed list of booleans. Closes ticket 12202.
|
|
@ -1,4 +0,0 @@
|
|||||||
o Minor refactoring:
|
|
||||||
- Refactoring and unit-testing entry_is_time_to_retry() in
|
|
||||||
entrynodes.c. Resolves ticket 12205.
|
|
||||||
|
|
@ -1,4 +0,0 @@
|
|||||||
o Removed features:
|
|
||||||
- The old "StrictEntryNodes" and "StrictExitNodes" options, which
|
|
||||||
used to be deprecated synonyms for "StrictNodes", are now marked
|
|
||||||
obsolete. Resolves ticket 12226.
|
|
@ -1,4 +0,0 @@
|
|||||||
o Minor bugfixes (testing, Windows):
|
|
||||||
- Avoid passing an extra backslash when creating a temporary
|
|
||||||
directory for running the unit tests on Windows. Fixes bug 12392;
|
|
||||||
bugfix on 0.2.2.25-alpha. Patch from Gisle Vanem.
|
|
@ -1,3 +0,0 @@
|
|||||||
o Testing:
|
|
||||||
- Fix and re-enable the fgets_eagain unit test. Fixes bug 12503;
|
|
||||||
bugfix on 0.2.3.1-alpha. Patch from "cypherpunks."
|
|
@ -1,5 +0,0 @@
|
|||||||
o Major bugfixes:
|
|
||||||
- Relays should not be assigned the HSDir flag if they are
|
|
||||||
considered invalid. Also, do not assign the HSDir flag to relays
|
|
||||||
that are currently hibernating. Fixes #12573. Bugfix on
|
|
||||||
tor-0.2.0.10-alpha
|
|
@ -1,3 +0,0 @@
|
|||||||
o Build fixes:
|
|
||||||
- Allow our configure script to build correctly with autoconf 2.62
|
|
||||||
again. Fixes bug 12693; bugfix on 0.2.5.2-alpha.
|
|
@ -1,4 +0,0 @@
|
|||||||
|
|
||||||
o Minor bugfixes:
|
|
||||||
- When generating our family list, remove spaces from around the
|
|
||||||
entries there. Fixes bug 12728; bugfix on 0.2.1.7-alpha.
|
|
@ -1,5 +0,0 @@
|
|||||||
o Distribution:
|
|
||||||
- systemd unit file: only allow tor to write to /var/lib/tor
|
|
||||||
and /var/log/tor. The rest of the filesystem is accessible
|
|
||||||
for reading only.
|
|
||||||
Patch by intrigeri; resolves ticket 12751.
|
|
@ -1,5 +0,0 @@
|
|||||||
o Code simplification and refactoring
|
|
||||||
- Use calloc and reallocarray functions in preference to
|
|
||||||
multiply-then-malloc. This makes it less likely for us to fall
|
|
||||||
victim to an integer overflow attack when allocating. Resolves
|
|
||||||
ticket 12855.
|
|
@ -1,7 +0,0 @@
|
|||||||
o Removed features:
|
|
||||||
- The "AuthDirRejectUnlisted" option no longer has any effect, as
|
|
||||||
the fingerprints file (approved-routers) has been deprecated.
|
|
||||||
- Directory authorities do not support being Naming dirauths
|
|
||||||
anymore. The "NamingAuthoritativeDir" config option has been
|
|
||||||
obsoleted.
|
|
||||||
|
|
@ -1,4 +0,0 @@
|
|||||||
o Distribution:
|
|
||||||
- systemd unit file: ensures that the process and all its children
|
|
||||||
can never gain new privileges.
|
|
||||||
Patch by intrigeri; resolves ticket 12939.
|
|
@ -1,5 +0,0 @@
|
|||||||
o Bugfixes:
|
|
||||||
- Handle unsupported SOCKS5 requests properly by responding with
|
|
||||||
'Command not supported' reply message before closing a TCP connection
|
|
||||||
to the user. Fixes bug 12971.
|
|
||||||
|
|
@ -1,7 +0,0 @@
|
|||||||
o Minor bugfixes:
|
|
||||||
- If our previous bandwidth estimate was 0 bytes, allow publishing a
|
|
||||||
new relay descriptor immediately. Fixes bug 13000; bugfix on
|
|
||||||
0.1.1.6-alpha.
|
|
||||||
o Minor features:
|
|
||||||
- Don't list relays with a bandwidth estimate of 0 in the consensus.
|
|
||||||
Implements a feature proposed during discussion of bug 13000.
|
|
@ -1,6 +0,0 @@
|
|||||||
o Removed features:
|
|
||||||
- Directory authorities do not support giving out the BadDirectory
|
|
||||||
flag anymore.
|
|
||||||
- Clients don't understand the BadDirectory flag in the consensus
|
|
||||||
anymore, and ignore it.
|
|
||||||
|
|
@ -1,3 +0,0 @@
|
|||||||
o Minor bugfixes:
|
|
||||||
- Fix TestingDirAuthVoteGuard to properly give out Guard flags in
|
|
||||||
a testing network. Fixes bug 13064; bugfix on 0.2.5.2-alpha.
|
|
@ -1,2 +0,0 @@
|
|||||||
o Code refactoring:
|
|
||||||
- Use the standard macro name SIZE_MAX, instead of our own SIZE_T_MAX.
|
|
@ -1,4 +0,0 @@
|
|||||||
o Minor bugfixes:
|
|
||||||
- Fix several instances of possible integer overflow/underflow/NaN.
|
|
||||||
Fixes bug 13104; bugfix on 0.2.3.1-alpha and later. Patches from
|
|
||||||
"teor".
|
|
@ -1,5 +0,0 @@
|
|||||||
o Removed features (directory authority):
|
|
||||||
- Remove code that prevented authorities from listing Tor servers
|
|
||||||
affected by CVE-2011-2769 as guards. These servers are already
|
|
||||||
rejected altogether due to the minimum version requirement of
|
|
||||||
0.2.3.16-alpha. Closes ticket 13152.
|
|
@ -1,3 +0,0 @@
|
|||||||
o Minor bugfixes:
|
|
||||||
- Stop using "echo -n", as some shells' built-in echo doesn't support
|
|
||||||
"-n". Instead, use "/bin/echo -n". Partially fixes bug 13161.
|
|
@ -1,5 +0,0 @@
|
|||||||
o Minor bugfixes:
|
|
||||||
- Bitwise check the BRIDGE_DIRINFO flag rather than using equality.
|
|
||||||
Fixes a (potential) bug where directories offering BRIDGE_DIRINFO and
|
|
||||||
some other flag (i.e. microdescriptors or extrainfo) would be ignored
|
|
||||||
when looking for bridge directories. Partially fixes bug 13163.
|
|
@ -1,4 +0,0 @@
|
|||||||
o Minor bugfixes:
|
|
||||||
- Stop using the default authorities in networks which provide both
|
|
||||||
AlternateDirAuthority and AlternateBridgeAuthority.
|
|
||||||
Partially fixes bug 13163.
|
|
@ -1,3 +0,0 @@
|
|||||||
o Distribution:
|
|
||||||
- systemd unit file: set up /var/run/tor as writable for the Tor service.
|
|
||||||
Patch by intrigeri; resolves ticket 13196.
|
|
@ -1,5 +0,0 @@
|
|||||||
o Minor bugfixes:
|
|
||||||
- Return an error when the second or later arguments of the
|
|
||||||
"setevents" controller command are invalid events. Previously we
|
|
||||||
would return success while silently skipping invalid events. Fixes
|
|
||||||
bug 13205; bugfix on 0.2.3.2-alpha. Reported by "fpxnns".
|
|
@ -1,4 +0,0 @@
|
|||||||
o Minor bugfixes (Bridges):
|
|
||||||
- When DisableNetwork is set, do not launch pluggable transport
|
|
||||||
plugins, and if any are running already, terminate the existing
|
|
||||||
instances. Resolves ticket 13213.
|
|
@ -1,5 +0,0 @@
|
|||||||
o Build fixes:
|
|
||||||
- Improve configure script error message to make it clear
|
|
||||||
that compilation has failed and that user has to either
|
|
||||||
add --disable-asciidoc argument or install asciidoc.
|
|
||||||
Resolves ticket 13228.
|
|
@ -1,3 +0,0 @@
|
|||||||
o Minor bugfixes:
|
|
||||||
- Stop test & bench build failures with --disable-curve25519.
|
|
||||||
Fixes bug 13285.
|
|
@ -1,5 +0,0 @@
|
|||||||
o Minor bugfixes:
|
|
||||||
- In circuit_build_times_calculate_timeout() in circuitstats.c, avoid
|
|
||||||
dividing by zero in the pareto calculations. This traps under
|
|
||||||
clang -fsanitize=undefined-trap -fsanitize-undefined-trap-on-error.
|
|
||||||
Fixes bug 13290; bugfix on tor-0.2.2.2-alpha.
|
|
@ -1,4 +0,0 @@
|
|||||||
o Minor bugfixes:
|
|
||||||
- Stop spawn test failures due to a race condition between the SIGCHLD
|
|
||||||
handler updating the process status, and the test reading it.
|
|
||||||
Fixes bug 13291; bugfix on 0.2.3.3-alpha.
|
|
@ -1,4 +0,0 @@
|
|||||||
o Bugfixes:
|
|
||||||
- Handle malformed SOCKS5 requests properly by responding with an
|
|
||||||
appropriate error message before closing a TCP connection to the
|
|
||||||
user. Fixes bug 13314.
|
|
@ -1,3 +0,0 @@
|
|||||||
o Minor bugfixes:
|
|
||||||
- Stop an apparent test-network hang when used with make -j2.
|
|
||||||
Fixes bug 13331.
|
|
@ -1,6 +0,0 @@
|
|||||||
o Minor bugfixes:
|
|
||||||
- Fix an instance of integer overflow in format_time_interval().
|
|
||||||
Fixes bug 13393.
|
|
||||||
|
|
||||||
o Minor features (test):
|
|
||||||
- Create unit tests for format_time_interval(). With bug 13393.
|
|
@ -1,20 +0,0 @@
|
|||||||
o Minor bugfixes:
|
|
||||||
- Set the correct day of year value when the system's localtime(_r)
|
|
||||||
or gmtime(_r) functions fail to set struct tm. Not externally visible.
|
|
||||||
Fixes bug 13476.
|
|
||||||
- Avoid unlikely signed integer overflow in tor_timegm on systems with
|
|
||||||
32-bit time_t.
|
|
||||||
Fixes bug 13476.
|
|
||||||
o Minor enhancements (validation):
|
|
||||||
- Check all date/time values passed to tor_timegm and parse_rfc1123_time
|
|
||||||
for validity, taking leap years into account.
|
|
||||||
Improves HTTP header validation.
|
|
||||||
Implemented with bug 13476.
|
|
||||||
- Clamp year values returned by system localtime(_r) and gmtime(_r)
|
|
||||||
to year 1 in correct_tm. This ensures tor can read any values it
|
|
||||||
writes out.
|
|
||||||
Fixes bug 13476.
|
|
||||||
o Minor enhancements (testing):
|
|
||||||
- Add unit tests for tor_timegm signed overflow, tor_timegm and
|
|
||||||
parse_rfc1123_time validity checks, correct_tm year clamping.
|
|
||||||
Unit tests (visible) fixes in bug 13476.
|
|
@ -1,5 +0,0 @@
|
|||||||
o Minor bugfixes:
|
|
||||||
- Ensure we securely wipe keys from memory after
|
|
||||||
crypto_digest_get_digest and init_curve25519_keypair_from_file
|
|
||||||
have finished using them.
|
|
||||||
Fixes bug 13477.
|
|
@ -1,6 +0,0 @@
|
|||||||
o Minor bugfixes:
|
|
||||||
- Stop modifying the value of our DirReqStatistics torrc option just
|
|
||||||
because we're not a bridge or relay. This bug was causing Tor
|
|
||||||
Browser users to write "DirReqStatistics 0" in their torrc files
|
|
||||||
as if they had chosen to change the config. Fixes bug 4244; bugfix
|
|
||||||
on 0.2.3.1-alpha.
|
|
@ -1,4 +0,0 @@
|
|||||||
o Minor bugfixes:
|
|
||||||
- When a bridge has been configured without an identity digest
|
|
||||||
(not recommended), avoid launching an extra channel to it when
|
|
||||||
bootstrapping. Fixes bug 7733; bugfix on 0.2.4.4-alpha.
|
|
@ -1,6 +0,0 @@
|
|||||||
o Minor refactoring:
|
|
||||||
- Reworking API of policies_parse_exit_policy() function to use a
|
|
||||||
bitmask to represent parsing options instead of a confusing mess
|
|
||||||
of booleans. Resolves ticket 8197.
|
|
||||||
- Introducing helper function to parse ExitPolicy in or_options_t
|
|
||||||
structure.
|
|
@ -1,5 +0,0 @@
|
|||||||
o Major features (bridges):
|
|
||||||
- Expose the outgoing upstream HTTP/SOCKS proxy to pluggable
|
|
||||||
transports if they are configured via the "TOR_PT_PROXY"
|
|
||||||
enviorment variable. Implements proposal 232. Resolves
|
|
||||||
ticket 8402.
|
|
@ -1,5 +0,0 @@
|
|||||||
o Minor bugfixes:
|
|
||||||
- When GeoIPExcludeUnkonwn is enabled, do not incorrectly decide
|
|
||||||
that our options have changed every time we SIGHUP. Fixes bug
|
|
||||||
9801; bugfix on 0.2.4.10-alpha. Patch from "qwerty1".
|
|
||||||
|
|
@ -1,3 +0,0 @@
|
|||||||
o Minor features:
|
|
||||||
- In tor-gencert, report an error if the user provides the same
|
|
||||||
argument more than once.
|
|
@ -1,5 +0,0 @@
|
|||||||
o Minor features (testing):
|
|
||||||
|
|
||||||
- Add a "coverage-html" make target to generate HTML-visualized
|
|
||||||
coverage results when building with --enable-coverage. (Requires lcov.)
|
|
||||||
Patch from Kevin Murray.
|
|
@ -1,3 +0,0 @@
|
|||||||
o Minor features:
|
|
||||||
- Enable the backtrace handler (where supported) when running the
|
|
||||||
unit tests.
|
|
@ -1,5 +0,0 @@
|
|||||||
o Code simplication:
|
|
||||||
- Clients are now willing to send optimistic circuit data (before they
|
|
||||||
receive a 'connected' cell) to relays of any version. We used to
|
|
||||||
only do it for relays running 0.2.3.1-alpha or later, but now all
|
|
||||||
relays are new enough. Resolves ticket 13153.
|
|
@ -1,7 +0,0 @@
|
|||||||
o Minor features (testing):
|
|
||||||
- Add the TestingDirAuthVoteExit option, a list of nodes to vote
|
|
||||||
Exit for regardless of their uptime, bandwidth, or exit policy.
|
|
||||||
TestingTorNetwork must be set for this option to have any effect.
|
|
||||||
Works around an issue where authorities would take up to 35 minutes
|
|
||||||
to give nodes the Exit flag in a test network, despite short
|
|
||||||
consensus intervals. Partially implements ticket 13161.
|
|
@ -1,4 +0,0 @@
|
|||||||
o Minor features (testing):
|
|
||||||
- Add a --delay option to test-network.sh, which configures the delay
|
|
||||||
before the chutney network tests for data transmission.
|
|
||||||
Partially implements ticket 13161.
|
|
@ -1,6 +0,0 @@
|
|||||||
o Major features (performance):
|
|
||||||
- Allow clients to use optimistic data when connecting to a hidden
|
|
||||||
service, which should cut out the initial round-trip for client-side
|
|
||||||
programs including Tor Browser. (Now that Tor 0.2.2.x is obsolete,
|
|
||||||
all hidden services should support server-side optimistic
|
|
||||||
data.) See proposal 181 for details. Implements ticket 13211.
|
|
@ -1,2 +0,0 @@
|
|||||||
o Minor features:
|
|
||||||
- Add an option to overwrite logs (TruncateLogFile). Closes ticket #5583.
|
|
@ -1,5 +0,0 @@
|
|||||||
o Minor refactoring:
|
|
||||||
- Document usage of the NO_DIRINFO and ALL_DIRINFO flags clearly in
|
|
||||||
functions which take them as arguments. Replace 0 with NO_DIRINFO
|
|
||||||
in a function call for clarity.
|
|
||||||
Seeks to prevent future issues like 13163.
|
|
@ -1,3 +0,0 @@
|
|||||||
o Minor bugfixes:
|
|
||||||
- Avoid 4 null pointer errors under clang shallow analysis by using
|
|
||||||
tor_assert() to prove that the pointers aren't null. Fixes bug 13284.
|
|
@ -1,4 +0,0 @@
|
|||||||
o Removed platform support:
|
|
||||||
- We no longer include special code to build on Windows CE; as far
|
|
||||||
as we know, nobody has used Tor on Windows CE in a very long
|
|
||||||
time. Closes ticket 11446.
|
|
@ -1,16 +0,0 @@
|
|||||||
o Removed features (directory authorities):
|
|
||||||
|
|
||||||
- Directory authorities no longer advertise or support consensus
|
|
||||||
methods 1 through 12 inclusive. These consensus methods were
|
|
||||||
obsolete and/or insecure: maintaining the ability to support them
|
|
||||||
served no good purpose. Implements part of proposal 215;
|
|
||||||
closes ticket 10163.
|
|
||||||
|
|
||||||
o Minor features (directory authorities)
|
|
||||||
- If a directory authority can't find a best consensus method in the
|
|
||||||
votes that it holds, it now falls back to its favorite consensus
|
|
||||||
method. Previously, it fell back to method 1. Neither of these is
|
|
||||||
likely to get enough signatures, but "fall back to favorite"
|
|
||||||
doesn't require us to maintain support an obsolete consensus
|
|
||||||
method. Implements another part of proposal 215.
|
|
||||||
|
|
@ -1,10 +0,0 @@
|
|||||||
o New compiler requirements:
|
|
||||||
- Tor 0.2.6.x requires that your compiler support more of the C99
|
|
||||||
language standard than before. The 'configure' script now detects
|
|
||||||
whether your compiler supports C99 mid-block declarations and
|
|
||||||
designated initializers. If it does not, Tor will not compile.
|
|
||||||
|
|
||||||
We may revisit this requirement if it turns out that a significant
|
|
||||||
number of people need to build Tor with compilers that don't
|
|
||||||
bother implementing a 15-year-old standard. Closes ticket 13233.
|
|
||||||
|
|
@ -1,12 +0,0 @@
|
|||||||
o Removed features:
|
|
||||||
- Tor no longer supports systems without threading support.
|
|
||||||
When we began working on Tor, there were several systems that didn't
|
|
||||||
have threads, or where the thread support wasn't able to run the
|
|
||||||
threads of a single process on multiple CPUs. That no longer holds:
|
|
||||||
every system where Tor needs to run well now has threading support.
|
|
||||||
Resolves ticket 12439.
|
|
||||||
|
|
||||||
o Minor features:
|
|
||||||
- Threads are no longer disabled by default on Solaris; we believe that
|
|
||||||
the versions of Solaris with broken threading support are all obsolete
|
|
||||||
by now. Resolves ticket 9495.
|
|
@ -1,8 +0,0 @@
|
|||||||
o New features (sample torrc):
|
|
||||||
- Add a new, infrequently-changed "torrc.minimal". This file's
|
|
||||||
purpose is similar to torrc.sample, but it is meant to be small
|
|
||||||
and change as infrequently as possible, for the benefit of
|
|
||||||
users whose systems prompt them for intervention whenever a
|
|
||||||
default configuration file is changed. Making this change
|
|
||||||
allows us to update torrc.sample to be a more generally useful
|
|
||||||
"sample torrc".
|
|
@ -1,7 +0,0 @@
|
|||||||
o Major features (downloading):
|
|
||||||
- Upon receiving a server descriptor, microdescriptor, extrainfo
|
|
||||||
document, or other object that is unparseable, if its digest
|
|
||||||
matches what we expected, then mark it as not to be downloaded
|
|
||||||
again. Previously, when we got a descriptor we didn't like, we
|
|
||||||
would keep trying to download it over and over. Closes ticket
|
|
||||||
11243.
|
|
@ -1,5 +0,0 @@
|
|||||||
o Minor features:
|
|
||||||
- Re-check our address after we detect a changed IP address from
|
|
||||||
getsockname(). This ensures that the controller command "GETINFO
|
|
||||||
address" will report the correct value. Resolves ticket 11582.
|
|
||||||
Patch from "ra".
|
|
@ -1,3 +0,0 @@
|
|||||||
o Removed code:
|
|
||||||
- We no longer remind the user about obsolete configuration options
|
|
||||||
that have been obsolete since 0.2.3.x or later. Patch by Adrien Bak.
|
|
@ -1,4 +0,0 @@
|
|||||||
o Minor features:
|
|
||||||
|
|
||||||
- When opening a log file at startup, send it every log message that we
|
|
||||||
generated between startup and opening it. Closes ticket 6938.
|
|
@ -1,5 +0,0 @@
|
|||||||
o Minor features:
|
|
||||||
- A new AccountingRule option lets you set whether you'd like the
|
|
||||||
AccountingMax value to be applied separately to inbound and
|
|
||||||
outbound traffic, or applied to the sum of inbound and outbound
|
|
||||||
traffic. Resolves ticket 961. Patch by "chobe".
|
|
@ -1,6 +0,0 @@
|
|||||||
o Code refactoring:
|
|
||||||
- Revise all unit tests that used the legacy test_* macros to
|
|
||||||
instead use the recommended tt_* macros. This patch was
|
|
||||||
generated with coccinelle, to avoid manual errors. Closes
|
|
||||||
ticket 13119.
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user