diff --git a/ChangeLog b/ChangeLog index 271a674a7d..1343aba49d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,31 +1,30 @@ Changes in version 0.2.6.3-alpha - 2015-02-?? - blah blah blah - o Major features (changed defaults): - - Prevent relay operators from unintentionally running exits: When - a relay is configured as an exit node, we now warn the user - unless the 'ExitRelay' option is set to 1. We warn even more - loudly if the relay is configured with the default exit policy, - since this tends to indicate accidental misconfiguration. - Setting 'ExitRelay' to 0 stops Tor from running as an exit relay. - Closes ticket 10067. + o Major features (security): + - Implementation of an AF_UNIX socket option to implement a SOCKS + proxy reachable by Unix Domain Socket. This allows client + applications to communicate with Tor without having the ability to + create AF_INET or AF_INET6 family sockets. If an application has + permission to create a socket with AF_UNIX, it may directly + communicate with Tor as if it were an other SOCKS proxy. This + should allow high risk applications to be entirely prevented from + connecting directly with TCP/IP, they will be able to only connect + to the internet through AF_UNIX and only through Tor. To create a + socket of this type, use the syntax "unix:/path/to/socket". Closes + ticket 12585. - o Major features (security) - - Implementation of an AF_UNIX socket option to implement a SOCKS - proxy reachable by Unix Domain Socket. This allows client applications to - communicate with Tor without having the ability to create AF_INET or - AF_INET6 family sockets. If an application has permission to create a socket - with AF_UNIX, it may directly communicate with Tor as if it were an other - SOCKS proxy. This should allow high risk applications to be entirely prevented - from connecting directly with TCP/IP, they will be able to only connect to the - internet through AF_UNIX and only through Tor. - To create a socket of this type, use the syntax "unix:/path/to/socket". - Closes ticket 12585. + o Major features (changed defaults): + - Prevent relay operators from unintentionally running exits: When a + relay is configured as an exit node, we now warn the user unless + the 'ExitRelay' option is set to 1. We warn even more loudly if + the relay is configured with the default exit policy, since this + tends to indicate accidental misconfiguration. Setting 'ExitRelay' + to 0 stops Tor from running as an exit relay. Closes ticket 10067. o Major features (hidden services): - Support mapping hidden service virtual ports to AF_UNIX sockets on - suitable platforms. Resolves ticket #11485. + suitable platforms. Resolves ticket #11485. o Major features (performance): - Refactor the CPU worker implementation for better performance by @@ -37,35 +36,31 @@ Changes in version 0.2.6.3-alpha - 2015-02-?? memory, avoiding kernel IO where possible, and keeping more request in flight at once. Resolves issue #9682. - o Removed features: - - To avoid confusion with the 'ExitRelay' option, 'ExitNode' is no - longer silently accepted as an alias for 'ExitNodes'. - o Major bugfixes (client): - - Allow MapAddress and AutomapHostsOnResolve to work together when an - address is mapped into another address type that must be - automapped at resolve time. Fixes bug 7555; bugfix on - 0.2.0.1-alpha. + - Allow MapAddress and AutomapHostsOnResolve to work together when + an address is mapped into another address type that must be + automapped at resolve time. Fixes bug 7555; bugfix + on 0.2.0.1-alpha. o Major bugfixes (exit node stability): - - Fix an assertion failure that could occur under high DNS load. Fixes - bug 14129; bugfix on Tor 0.0.7rc1. Found by "jowr"; diagnosed and fixed - by "cypherpunks". + - Fix an assertion failure that could occur under high DNS load. + Fixes bug 14129; bugfix on Tor 0.0.7rc1. Found by "jowr"; + diagnosed and fixed by "cypherpunks". o Major bugfixes (mixed relay-client operation): - When running as a relay and a client at the same time (not - recommended), if we decide not to use a new guard because we - want to retry older guards, only close the locally-originating - circuits passing through that guard. Previously we would close - all the circuits. Fixes bug 9819; bugfix on - 0.2.1.1-alpha. Reported by "skruffy". + recommended), if we decide not to use a new guard because we want + to retry older guards, only close the locally-originating circuits + passing through that guard. Previously we would close all the + circuits. Fixes bug 9819; bugfix on 0.2.1.1-alpha. Reported + by "skruffy". o Minor features (authorities, testing): - Create TestingDirAuthVoteHSDir like TestingDirAuthVoteExit/Guard. - Ensures that authorities vote the HSDir flag for the listed - relays regardless of uptime or ORPort connectivity. - Respects the value of VoteOnHidServDirectoriesV2. - Partial implementation for ticket 14067. Patch by "teor". + Ensures that authorities vote the HSDir flag for the listed relays + regardless of uptime or ORPort connectivity. Respects the value of + VoteOnHidServDirectoriesV2. Partial implementation for ticket + 14067. Patch by "teor". o Minor features (build): - New --disable-system-torrc compile-time option to prevent Tor from @@ -74,51 +69,54 @@ Changes in version 0.2.6.3-alpha - 2015-02-?? o Minor features (controller): - Include SOCKS_USERNAME and SOCKS_PASSWORD values in controller - events to let controllers observe circuit isolation inputs. - Closes ticket 8405. - - ControlPort now supports the unix:/path/to/dir syntax as an alternative - to the ControlSocket option, for consistency with SocksPort and - hidden services. Closes ticket 14451. - - New "GETINFO bw-event-cache" to get information about recent bandwidth - events. Closes ticket 14128. Useful for controllers to get recent - bandwidth history after the fix for 13988. + events to let controllers observe circuit isolation inputs. Closes + ticket 8405. + - ControlPort now supports the unix:/path/to/dir syntax as an + alternative to the ControlSocket option, for consistency with + SocksPort and hidden services. Closes ticket 14451. + - New "GETINFO bw-event-cache" to get information about recent + bandwidth events. Closes ticket 14128. Useful for controllers to + get recent bandwidth history after the fix for 13988. o Minor features (directory client): - - When downloading server- or microdescriptors from a directory server, - we no longer launch multiple simultaneous requests to the same server. - This reduces load on the directory servers, especially when directory - guards are in use. Closes ticket 9969. + - When downloading server- or microdescriptors from a directory + server, we no longer launch multiple simultaneous requests to the + same server. This reduces load on the directory servers, + especially when directory guards are in use. Closes ticket 9969. - When downloading server- or microdescriptors over a tunneled - connection, do not limit the length of our request to what the Squid - proxy is willing to handle. Part of ticket 9969. + connection, do not limit the length of our request to what the + Squid proxy is willing to handle. Part of ticket 9969. o Minor features (directory system): - - Authorities can now vote on the correct digests and latest versions for - different software packages. This allows packages that include Tor to use - the Tor authority system as a way to get notified of updates and their - correct digests. Implements proposal 227. Closes ticket 10395. + - Authorities can now vote on the correct digests and latest + versions for different software packages. This allows packages + that include Tor to use the Tor authority system as a way to get + notified of updates and their correct digests. Implements proposal + 227. Closes ticket 10395. o Minor features (directory, memory usage): - When we have recently been under memory pressure (over 3/4 of - MaxMemInQueues is allocated), then allocate smaller zlib objects for - small requests. Closes ticket 11791. + MaxMemInQueues is allocated), then allocate smaller zlib objects + for small requests. Closes ticket 11791. o Minor features (DOS resistance): - - Count the total number of bytes used storing hidden service descriptors - against the value of MaxMemInQueues. If we're low on memory, and more - than 20% of our memory is used holding hidden service descriptors, free - them until no more than 10% of our memory holds hidden service - descriptors. Free the least recently fetched descriptors first. - Resolves ticket 13806. + - Count the total number of bytes used storing hidden service + descriptors against the value of MaxMemInQueues. If we're low on + memory, and more than 20% of our memory is used holding hidden + service descriptors, free them until no more than 10% of our + memory holds hidden service descriptors. Free the least recently + fetched descriptors first. Resolves ticket 13806. o Minor features (geoip): - - Update geoip to the January 7 2015 Maxmind GeoLite2 Country database. - - Update geoip6 to the January 7 2015 Maxmind GeoLite2 Country database. + - Update geoip to the January 7 2015 Maxmind GeoLite2 + Country database. + - Update geoip6 to the January 7 2015 Maxmind GeoLite2 + Country database. o Minor features (Guard nodes): - Reduce the time delay before saving guard status to disk from 10 minute to 30 seconds (or from one hour to 10 minutes if - AvoidDiskWrites is set). Closes ticket 12485. + AvoidDiskWrites is set). Closes ticket 12485. o Minor features (hidden service): - Make hidden service Sybil attacks harder by changing the minimum @@ -127,201 +125,201 @@ Changes in version 0.2.6.3-alpha - 2015-02-?? - New option "HiddenServiceAllowUnknownPorts" to allow hidden services to disable the anti-scanning feature introduced in 0.2.6.2-alpha. With this option not set, a connection to an - unlisted port closes the circuit. With this option set, only a - RELAY_DONE cell is sent. Closes ticket #14084. + unlisted port closes the circuit. With this option set, only a + RELAY_DONE cell is sent. Closes ticket #14084. o Minor features (interface): - - Implement '-f -' CLI suboption to allow torrc to be read - from standard input, thus not requiring to store torrc in file - system. Implements feature 13865. + - Implement '-f -' CLI suboption to allow torrc to be read from + standard input, thus not requiring to store torrc in file system. + Implements feature 13865. o Minor features (logging): - - Add a count of unique clients to the bridge heartbeat message. Resolves - ticket 6852. + - Add a count of unique clients to the bridge heartbeat message. + Resolves ticket 6852. - Suppress "router info incompatible with extra info" message when reading extrainfo documents from cache. (This message got loud - around when we closed bug 9812 in 0.2.6.2-alpha.) Closes ticket - 13762. + around when we closed bug 9812 in 0.2.6.2-alpha.) Closes + ticket 13762. - Elevate authorized-client message from DEBUG to INFO. Closes ticket 14015. - o Minor features (systemd): - - Various improvements and modernizations in systemd hardening support. - Closes ticket 13805. Patch from Craig Andrews. - o Minor features (stability): - Prevent bugs from causing infinite loops in our hash-table iteration code by adding assertions that cached hash values have not been corrupted. Closes ticket 11737. + o Minor features (systemd): + - Various improvements and modernizations in systemd hardening + support. Closes ticket 13805. Patch from Craig Andrews. + o Minor features (testing networks): - Drop the minimum RendPostPeriod on a testing network to 5 seconds, - and the default to 2 minutes. Closes ticket 13401. Patch by "nickm". - - Drop the MIN_REND_INITIAL_POST_DELAY on a testing network to 5 seconds, - but keep the default at 30 seconds. This reduces HS bootstrap time to - around 25 seconds. Change src/test/test-network.sh default time to match. - Closes ticket 13401. Patch by "teor". + and the default to 2 minutes. Closes ticket 13401. Patch + by "nickm". + - Drop the MIN_REND_INITIAL_POST_DELAY on a testing network to 5 + seconds, but keep the default at 30 seconds. This reduces HS + bootstrap time to around 25 seconds. Change src/test/test- + network.sh default time to match. Closes ticket 13401. Patch + by "teor". o Minor bugfixes (automapping): - - Prevent changes to other options from removing the wildcard value "." - from "AutomapHostsSuffixes". - Fixes bug 12509; bugfix on 0.2.0.1-alpha. + - Prevent changes to other options from removing the wildcard value + "." from "AutomapHostsSuffixes". Fixes bug 12509; bugfix + on 0.2.0.1-alpha. o Minor bugfixes (build): - - Avoid warnings when building with systemd 209 or later. - Fixes bug 14072; bugfix on 0.2.6.2-alpha. Patch from "h.venev". + - Avoid warnings when building with systemd 209 or later. Fixes bug + 14072; bugfix on 0.2.6.2-alpha. Patch from "h.venev". o Minor bugfixes (client DNS): - Report the correct cached DNS expiration times. Previously, we - would report everything as "never expires." Fixes bug 14193; + would report everything as "never expires." Fixes bug 14193; bugfix on 0.2.3.17-beta. - - Avoid a small memory leak when we find a cached answer for a reverse - DNS lookup in a client-side DNS cache. (Remember, client-side DNS - caching is off by default, and is not recommended.) Fixes bug 14259; - bugfix on 0.2.0.1-alpha. + - Avoid a small memory leak when we find a cached answer for a + reverse DNS lookup in a client-side DNS cache. (Remember, client- + side DNS caching is off by default, and is not recommended.) Fixes + bug 14259; bugfix on 0.2.0.1-alpha. o Minor bugfixes (client, automapping): - Check for a missing option value in parse_virtual_addr_network - before asserting on the NULL in tor_addr_parse_mask_ports. - This avoids crashing on torrc lines like - Vi[rtualAddrNetworkIPv[4|6]] when no value follows the option. - Fixes bug 14142; bugfix on 0.2.4.7-alpha. - Patch by "teor". - - Fix a memory leak when using AutomapHostsOnResolve. - Fixes bug 14195; bugfix on 0.1.0.1-rc. + before asserting on the NULL in tor_addr_parse_mask_ports. This + avoids crashing on torrc lines like Vi[rtualAddrNetworkIPv[4|6]] + when no value follows the option. Fixes bug 14142; bugfix on + 0.2.4.7-alpha. Patch by "teor". + - Fix a memory leak when using AutomapHostsOnResolve. Fixes bug + 14195; bugfix on 0.1.0.1-rc. + + o Minor bugfixes (client, bridges): + - When we are using bridges and we had a network connectivity + problem, only retry connecting to our currently configured + bridges, not all bridges we know about and remember using. Fixes + bug 14216; bugfix on tor-0.2.2.17-alpha. Patch from arma. o Minor bugfixes (client, IPV6): - Reject socks requests to literal IPv6 addresses when IPv6Traffic flag is not set; and not because the NoIPv4Traffic flag was set. - Previously we'd looked at the NoIPv4Traffic flag for both types - of literal addresses. Fixes bug 14280; bugfix on 0.2.4.7-alpha. - - o Minor bugfixes (client, bridges): - - When we are using bridges and we had a network connectivity problem, only - retry connecting to our currently configured bridges, not all bridges we - know about and remember using. - Fixes bug 14216; bugfix on tor-0.2.2.17-alpha. Patch from arma. + Previously we'd looked at the NoIPv4Traffic flag for both types of + literal addresses. Fixes bug 14280; bugfix on 0.2.4.7-alpha. o Minor bugfixes (compilation): - - Build without warnings with the stock OpenSSL srtp.h header, - which has a duplicate declaration of SSL_get_selected_srtp_profile(). + - Build without warnings with the stock OpenSSL srtp.h header, which + has a duplicate declaration of SSL_get_selected_srtp_profile(). Fixes bug 14220; this is OpenSSL's bug, not ours. - - The address of an array in the middle of a structure will - always be non-NULL. clang recognises this and complains. - Disable the tautologous and redundant check to silence - this warning. - Fixes bug 14001; bugfix on 0.2.1.2-alpha. + - The address of an array in the middle of a structure will always + be non-NULL. clang recognises this and complains. Disable the + tautologous and redundant check to silence this warning. Fixes bug + 14001; bugfix on 0.2.1.2-alpha. - Compile correctly with (unreleased) OpenSSL 1.1.0 headers. Addresses ticket 14188. o Minor bugfixes (controller): - Add a code for the END_CIRC_REASON_IP_NOW_REDUNDANT circuit close - reason. Fixes bug 14207; bugfix on 0.2.6.2-alpha. - - Avoid crashing on a malformed EXTENDCIRCUIT command. Fixes bug 14116; - bugfix on 0.2.2.9-alpha. + reason. Fixes bug 14207; bugfix on 0.2.6.2-alpha. + - Avoid crashing on a malformed EXTENDCIRCUIT command. Fixes bug + 14116; bugfix on 0.2.2.9-alpha. o Minor bugfixes (directory authority): - - Allow directory authorities to fetch more data from one - another if they find themselves missing lots of votes. - Previously, they had been bumping against the 10 MB queued - data limit. Fixes bug 14261; bugfix on 0.1.2.5-alpha. + - Allow directory authorities to fetch more data from one another if + they find themselves missing lots of votes. Previously, they had + been bumping against the 10 MB queued data limit. Fixes bug 14261; + bugfix on 0.1.2.5-alpha. - Enlarge the buffer to read bw-auth generated files to avoid an issue when parsing the file in dirserv_read_measured_bandwidths(). Fixes bug 14125; bugfix on 0.2.2.1-alpha. o Minor bugfixes (file handling): - Stop failing when key files are zero-length. Instead, generate new - keys, and overwrite the empty key files. - Fixes bug 13111; bugfix on all versions of Tor. Patch by "teor". + keys, and overwrite the empty key files. Fixes bug 13111; bugfix + on all versions of Tor. Patch by "teor". - Stop generating a fresh .old RSA key file when the .old file is missing. Fixes part of 13111; bugfix on 0.0.6rc1. - Avoid overwriting .old key files with empty key files. - - Skip loading zero-length extra info store, router store, stats, state, - and key files. - - Avoid crashing when trying to reload a torrc specified as a relative - path with RunAsDaemon turned on. Fixes bug 13397; bugfix on - 0.2.3.11-alpha. + - Skip loading zero-length extra info store, router store, stats, + state, and key files. + - Avoid crashing when trying to reload a torrc specified as a + relative path with RunAsDaemon turned on. Fixes bug 13397; bugfix + on 0.2.3.11-alpha. o Minor bugfixes (hidden services): - Close the intro circuit once we don't have any more usable intro - points instead of making it timeout at some point. This also make sure - no extra HS descriptor fetch is triggered. - Fixes bug 14224; bugfix on 0.0.6. - - When fetching a hidden service descriptor for a down service that we - recently up, do not keep refetching until we try the same replica twice - in a row. Fixes bug 14219; bugfix on 0.2.0.10-alpha. - - Successfully launch Tor with a nonexistent hidden service directory. - Our fix for bug 13942 didn't catch this case. Fixes bug 14106; - bugfix on 0.2.6.2-alpha. + points instead of making it timeout at some point. This also make + sure no extra HS descriptor fetch is triggered. Fixes bug 14224; + bugfix on 0.0.6. + - When fetching a hidden service descriptor for a down service that + we recently up, do not keep refetching until we try the same + replica twice in a row. Fixes bug 14219; bugfix on 0.2.0.10-alpha. + - Successfully launch Tor with a nonexistent hidden service + directory. Our fix for bug 13942 didn't catch this case. Fixes bug + 14106; bugfix on 0.2.6.2-alpha. o Minor bugfixes (logging): - Avoid crashing when there are more log domains than entries in - domain_list. Bugfix on 0.2.3.1-alpha. - - Add a string representation for LD_SCHED. Fixes bug 14740; - bugfix on 0.2.6.1-alpha. + domain_list. Bugfix on 0.2.3.1-alpha. + - Add a string representation for LD_SCHED. Fixes bug 14740; bugfix + on 0.2.6.1-alpha. o Minor bugfixes (parsing): - Stop accepting milliseconds (or other junk) at the end of - descriptor publication times. Fixes bug 9286; bugfix on - 0.0.2pre25. + descriptor publication times. Fixes bug 9286; bugfix on 0.0.2pre25. - Support two-number and three-number version numbers correctly, in - case we change the Tor versioning system in the future. Fixes bug + case we change the Tor versioning system in the future. Fixes bug 13661; bugfix on 0.0.8pre1. o Minor bugfixes (portability): - - Fix the ioctl()-based network interface lookup code so that it will - work on systems that have variable-length struct ifreq, for example - Mac OS X. + - Fix the ioctl()-based network interface lookup code so that it + will work on systems that have variable-length struct ifreq, for + example Mac OS X. o Minor bugfixes (shutdown): - When shutting down, always call event_del() on lingering read or write events before freeing them. Otherwise, we risk double-frees - or read-after-frees in event_base_free(). Fixes bug 12985; bugfix on - 0.1.0.2-rc. + or read-after-frees in event_base_free(). Fixes bug 12985; bugfix + on 0.1.0.2-rc. o Minor bugfixes (small memory leaks): - Avoid leaking memory when using IPv6 virtual address mappings. - Fixes bug 14123; bugfix on 0.2.4.7-alpha. Patch by Tom van der - Woerdt. + Fixes bug 14123; bugfix on 0.2.4.7-alpha. Patch by Tom van + der Woerdt. o Minor bugfixes (statistics): - Increase period over which bandwidth observations are aggregated from 15 minutes to 4 hours. Fixes bug 13988; bugfix on 0.0.8pre1. o Minor bugfixes (systemd support): - - Fix detection and operation of systemd watchdog. Fixes part of - bug 14141; bugfix on 0.2.6.2-alpha. Patch from Tomasz Torcz. - - Run correctly under systemd with the RunAsDaemon option set. - Fixes part of bug 14141; bugfix on 0.2.5.7-rc. Patch from Tomasz - Torcz. - - Inform the systemd supervisor about more changes in the Tor process - status. Implements part of ticket 14141. Patch from Tomasz Torcz. + - Fix detection and operation of systemd watchdog. Fixes part of bug + 14141; bugfix on 0.2.6.2-alpha. Patch from Tomasz Torcz. + - Run correctly under systemd with the RunAsDaemon option set. Fixes + part of bug 14141; bugfix on 0.2.5.7-rc. Patch from Tomasz Torcz. + - Inform the systemd supervisor about more changes in the Tor + process status. Implements part of ticket 14141. Patch from + Tomasz Torcz. - Cause the "--disable-systemd" option to actually disable systemd - support. Fixes bug 14350; bugfix on 0.2.6.2-alpha. Patch from - "blueness". + support. Fixes bug 14350; bugfix on 0.2.6.2-alpha. Patch + from "blueness". o Minor bugfixes (TLS): - - Check more thoroughly throughout the TLS code for possible unlogged - TLS errors. Possible diagnostic or fix for bug 13319. + - Check more thoroughly throughout the TLS code for possible + unlogged TLS errors. Possible diagnostic or fix for bug 13319. o Code simplification and refactoring: - - Move fields related to isolating and configuring client ports - into a shared structure. Previously, they were duplicated across - port_cfg_t, listener_connection_t, and edge_connection_t. - Failure to copy one of them correctly had been the cause of at - least one bug in the past. Closes ticket 8546. + - Move fields related to isolating and configuring client ports into + a shared structure. Previously, they were duplicated across + port_cfg_t, listener_connection_t, and edge_connection_t. Failure + to copy one of them correctly had been the cause of at least one + bug in the past. Closes ticket 8546. - Refactor the get_interface_addresses_raw() Doom-function into multiple smaller and easier to understand subfunctions. Cover the - resulting subfunctions with unit-tests. Fixes a significant portion - of issue 12376. - - Remove workaround in dirserv_thinks_router_is_hs_dir() that was only - for version <= 0.2.2.24 which is now deprecated. Closes ticket 14202. - - Remove a test for a long-defunct broken version-one directory server. + resulting subfunctions with unit-tests. Fixes a significant + portion of issue 12376. + - Remove workaround in dirserv_thinks_router_is_hs_dir() that was + only for version <= 0.2.2.24 which is now deprecated. Closes + ticket 14202. + - Remove a test for a long-defunct broken version-one + directory server. o Documentation: - - Adding section on OpenBSD to our TUNING document. Thanks to - mmcc for writing the OpenBSD-specific tips. Resolves ticket - 13702. + - Adding section on OpenBSD to our TUNING document. Thanks to mmcc + for writing the OpenBSD-specific tips. Resolves ticket 13702. - Make the tor-resolve documentation match its help string and its options. Resolves part of ticket 14325. - Log a more useful error message from tor-resolve when failing to @@ -331,29 +329,32 @@ Changes in version 0.2.6.3-alpha - 2015-02-?? - Don't warn when we've attempted to contact a relay using the wrong ntor onion key. Closes ticket 9635. + o Removed features: + - To avoid confusion with the 'ExitRelay' option, 'ExitNode' is no + longer silently accepted as an alias for 'ExitNodes'. + o Testing: - Make the checkdir/perms test complete successfully even if the global umask is not 022. Fixes bug 14215; bugfix on 0.2.6.2-alpha. - - Test that tor does not fail when key files are zero-length. - Check that tor generates new keys, and overwrites the empty key files. - - Test that tor generates new keys when keys are missing (existing - behaviour). - - Test that tor does not overwrite key files that already contain data + - Test that tor does not fail when key files are zero-length. Check + that tor generates new keys, and overwrites the empty key files. + - Test that tor generates new keys when keys are missing (existing behaviour). - Tests bug 13111. Patch by "teor". + - Test that tor does not overwrite key files that already contain + data (existing behaviour). Tests bug 13111. Patch by "teor". - New "make test-stem" target to run stem integration tests. Requires that the "STEM_SOURCE_DIR" environment variable be set. Closes ticket 14107. - Make the test_cmdline_args.py script work correctly on Windows. Patch from Gisle Vanem. - - Move the slower unit tests into a new "./src/test/test-slow" binary - that can be run independently of the other tests. Closes ticket 13243. + - Move the slower unit tests into a new "./src/test/test-slow" + binary that can be run independently of the other tests. Closes + ticket 13243. - Avoid undefined behavior when sampling huge values from the Laplace distribution. This made unittests fail on Raspberry Pi. Bug found by Device. Fixes bug 14090; bugfix on 0.2.6.2-alpha. - Changes in version 0.2.6.2-alpha - 2014-12-31 Tor 0.2.6.2-alpha is the second alpha release in the 0.2.6.x series. It introduces a major new backend for deciding when to send cells on