sarah
/
tor
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Combine and rename and sort some sections in the releasenotes

This commit is contained in:
Nick Mathewson 2016-08-02 10:19:51 -04:00
parent 64591c3e55
commit 98a9e2fb86
1 changed files with 62 additions and 89 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

151
ReleaseNotes
View File

@ -76,15 +76,27 @@ Changes in version 0.2.8.6 - 2015-08-02
rather than the more aggressive client retry count. Fixes part of
ticket 18809.
o Major bugfixes (compilation):
- Repair hardened builds under the clang compiler. Previously, our
use of _FORTIFY_SOURCE would conflict with clang's address
sanitizer. Fixes bug 14821; bugfix on 0.2.5.4-alpha.
o Major bugfixes (dns proxy mode, crash):
- Avoid crashing when running as a DNS proxy. Fixes bug 16248;
bugfix on 0.2.0.1-alpha. Patch from "cypherpunks".
o Major bugfixes (ed25519, voting):
- Actually enable support for authorities to match routers by their
Ed25519 identities. Previously, the code had been written, but
some debugging code that had accidentally been left in the
codebase made it stay turned off. Fixes bug 17702; bugfix
on 0.2.7.2-alpha.
- When collating votes by Ed25519 identities, authorities now
include a "NoEdConsensus" flag if the ed25519 value (or lack
thereof) for a server does not reflect the majority consensus.
Related to bug 17668; bugfix on 0.2.7.2-alpha.
- When generating a vote with keypinning disabled, never include two
entries for the same ed25519 identity. This bug was causing
authorities to generate votes that they could not parse when a
router violated key pinning by changing its RSA identity but
keeping its Ed25519 identity. Fixes bug 17668; fixes part of bug
18318. Bugfix on 0.2.7.2-alpha.
o Major bugfixes (key management):
- If OpenSSL fails to generate an RSA key, do not retain a dangling
pointer to the previous (uninitialized) key value. The impact here
@ -106,6 +118,9 @@ Changes in version 0.2.8.6 - 2015-08-02
cause a compiler warning, thereby making other checks fail, and
needlessly disabling compiler-hardening support. Fixes one case of
bug 18841; bugfix on 0.2.3.17-beta. Patch from "trudokal".
- Repair hardened builds under the clang compiler. Previously, our
use of _FORTIFY_SOURCE would conflict with clang's address
sanitizer. Fixes bug 14821; bugfix on 0.2.5.4-alpha.
o Major bugfixes (security, pointers):
- Avoid a difficult-to-trigger heap corruption attack when extending
@ -122,23 +137,6 @@ Changes in version 0.2.8.6 - 2015-08-02
by nickname, and one such relay is found, but it is not officially
Named. Fixes bug 19203; bugfix on 0.2.3.1-alpha.
o Major bugfixes (voting):
- Actually enable support for authorities to match routers by their
Ed25519 identities. Previously, the code had been written, but
some debugging code that had accidentally been left in the
codebase made it stay turned off. Fixes bug 17702; bugfix
on 0.2.7.2-alpha.
- When collating votes by Ed25519 identities, authorities now
include a "NoEdConsensus" flag if the ed25519 value (or lack
thereof) for a server does not reflect the majority consensus.
Related to bug 17668; bugfix on 0.2.7.2-alpha.
- When generating a vote with keypinning disabled, never include two
entries for the same ed25519 identity. This bug was causing
authorities to generate votes that they could not parse when a
router violated key pinning by changing its RSA identity but
keeping its Ed25519 identity. Fixes bug 17668; fixes part of bug
18318. Bugfix on 0.2.7.2-alpha.
o Minor features (accounting):
- Added two modes to the AccountingRule option: One for limiting
only the number of bytes sent ("AccountingRule out"), and one for
@ -149,6 +147,10 @@ Changes in version 0.2.8.6 - 2015-08-02
- Make Tor survive errors involving connections without a
corresponding event object. Previously we'd fail with an
assertion; now we produce a log message. Related to bug 16248.
- Use tor_snprintf() and tor_vsnprintf() even in external and low-
level code, to harden against accidental failures to NUL-
terminate. Part of ticket 17852. Patch from jsturgix. Found
with Flawfinder.
o Minor features (build):
- Detect systems with FreeBSD-derived kernels (such as GNU/kFreeBSD)
@ -158,12 +160,10 @@ Changes in version 0.2.8.6 - 2015-08-02
force "make dist" to depend on "make check". Closes ticket 17893;
patch from "cypherpunks".
- Tor now builds once again with the recent OpenSSL 1.1 development
branch (tested against 1.1.0-pre5 and 1.1.0-pre6-dev).
- Tor now builds successfully with the recent OpenSSL 1.1
development branch, and with the latest LibreSSL. Closes tickets
17549, 17921, and 17984.
- Tor now again builds with the recent OpenSSL 1.1 development
branch (tested against 1.1.0-pre6-dev). Closes ticket 19499.
branch (tested against 1.1.0-pre5 and 1.1.0-pre6-dev). We have been
tracking OpenSSL 1.1 development as it has progressed, and fixing
numerous compatibility issues as they arose. See tickets
17549, 17921, 17984, 19499, and 18286.
- When building manual pages, set the timezone to "UTC", so that the
output is reproducible. Fixes bug 19558; bugfix on 0.2.2.9-alpha.
Patch from intrigeri.
@ -173,12 +173,6 @@ Changes in version 0.2.8.6 - 2015-08-02
encrypted begindir connection for directory requests. Resolves
ticket 18483. Patch by teor.
o Minor features (code hardening):
- Use tor_snprintf() and tor_vsnprintf() even in external and low-
level code, to harden against accidental failures to NUL-
terminate. Part of ticket 17852. Patch from jsturgix. Found
with Flawfinder.
o Minor features (controller):
- Add 'GETINFO exit-policy/reject-private/[default,relay]', so
controllers can examine the the reject rules added by
@ -249,7 +243,7 @@ Changes in version 0.2.8.6 - 2015-08-02
- routerset_parse now accepts IPv6 literal addresses. Fixes bug
17060; bugfix on 0.2.1.3-alpha. Patch by teor.
o Minor features (linux seccomp2 sandbox):
o Minor features (Linux seccomp2 sandbox):
- Reject attempts to change our Address with "Sandbox 1" enabled.
Changing Address with Sandbox turned on would never actually work,
but previously it would fail in strange and confusing ways. Found
@ -387,28 +381,6 @@ Changes in version 0.2.8.6 - 2015-08-02
- When libscrypt.h is found, but no libscrypt library can be linked,
treat libscrypt as absent. Fixes bug 19161; bugfix
on 0.2.6.1-alpha.
o Minor bugfixes (client, bootstrap):
- Count receipt of new microdescriptors as progress towards
bootstrapping. Previously, with EntryNodes set, Tor might not
successfully repopulate the guard set on bootstrapping. Fixes bug
16825; bugfix on 0.2.3.1-alpha.
o Minor bugfixes (code correctness):
- Assert that allocated memory held by the reputation code is freed
according to its internal counters. Fixes bug 17753; bugfix
on 0.1.1.1-alpha.
- Assert when the TLS contexts fail to initialize. Fixes bug 17683;
bugfix on 0.0.6.
- Update to the latest version of Trunnel, which tries harder to
avoid generating code that can invoke memcpy(p,NULL,0). Bug found
by clang address sanitizer. Fixes bug 18373; bugfix
on 0.2.7.2-alpha.
- When closing an entry connection, generate a warning if we should
have sent an end cell for it but we haven't. Fixes bug 17876;
bugfix on 0.2.3.2-alpha.
o Minor bugfixes (compilation):
- Cause the unit tests to compile correctly on mingw64 versions that
lack sscanf. Fixes bug 19213; bugfix on 0.2.7.1-alpha.
- Don't try to use the pthread_condattr_setclock() function unless
@ -428,6 +400,34 @@ Changes in version 0.2.8.6 - 2015-08-02
Fixes bug 17924; bugfix on 0.2.4.1-alpha.
- Replace usage of 'INLINE' with 'inline'. Fixes bug 17804; bugfix
on 0.0.2pre8.
- Remove an #endif from configure.ac so that we correctly detect the
presence of in6_addr.s6_addr32. Fixes bug 17923; bugfix
on 0.2.0.13-alpha.
o Minor bugfixes (client, bootstrap):
- Count receipt of new microdescriptors as progress towards
bootstrapping. Previously, with EntryNodes set, Tor might not
successfully repopulate the guard set on bootstrapping. Fixes bug
16825; bugfix on 0.2.3.1-alpha.
o Minor bugfixes (code correctness):
- Fix a bad memory handling bug that would occur if we had queued a
cell on a channel's incoming queue. Fortunately, we can't actually
queue a cell like that as our code is constructed today, but it's
best to avoid this kind of error, even if there isn't any code
that triggers it today. Fixes bug 18570; bugfix on 0.2.4.4-alpha.
- Assert that allocated memory held by the reputation code is freed
according to its internal counters. Fixes bug 17753; bugfix
on 0.1.1.1-alpha.
- Assert when the TLS contexts fail to initialize. Fixes bug 17683;
bugfix on 0.0.6.
- Update to the latest version of Trunnel, which tries harder to
avoid generating code that can invoke memcpy(p,NULL,0). Bug found
by clang address sanitizer. Fixes bug 18373; bugfix
on 0.2.7.2-alpha.
- When closing an entry connection, generate a warning if we should
have sent an end cell for it but we haven't. Fixes bug 17876;
bugfix on 0.2.3.2-alpha.
o Minor bugfixes (configuration):
- Fix a tiny memory leak when parsing a port configuration ending in
@ -444,30 +444,16 @@ Changes in version 0.2.8.6 - 2015-08-02
consensus..." when not caching consensuses. Fixes bug 18920;
bugfix on 0.2.2.6-alpha.
o Minor bugfixes (correctness):
- Fix a bad memory handling bug that would occur if we had queued a
cell on a channel's incoming queue. Fortunately, we can't actually
queue a cell like that as our code is constructed today, but it's
best to avoid this kind of error, even if there isn't any code
that triggers it today. Fixes bug 18570; bugfix on 0.2.4.4-alpha.
o Minor bugfixes (crypto):
- Check the return value of HMAC() and assert on failure. Fixes bug
17658; bugfix on 0.2.3.6-alpha. Patch by teor.
o Minor bugfixes (crypto, portability):
- Tor now builds again with the recent OpenSSL 1.1 development
branch (tested against 1.1.0-pre4 and 1.1.0-pre5-dev). Closes
ticket 18286.
o Minor bugfixes (directories):
- When fetching extrainfo documents, compare their SHA256 digests
and Ed25519 signing key certificates with the routerinfo that led
us to fetch them, rather than with the most recent routerinfo.
Otherwise we generate many spurious warnings about mismatches.
Fixes bug 17150; bugfix on 0.2.7.2-alpha.
o Minor bugfixes (directory):
- When generating a URL for a directory server on an IPv6 address,
wrap the IPv6 address in square brackets. Fixes bug 18051; bugfix
on 0.2.3.9-alpha. Patch from Malek.
@ -488,8 +474,6 @@ Changes in version 0.2.8.6 - 2015-08-02
- Mark fallbacks as "too busy" when they return a 503 response,
rather than just marking authorities. Fixes bug 17572; bugfix on
0.2.4.7-alpha. Patch by teor.
o Minor bugfixes (fallback directory mirrors):
- When requesting extrainfo descriptors from a trusted directory
server, check whether it is an authority or a fallback directory
which supports extrainfo descriptors. Fixes bug 18489; bugfix on
@ -519,7 +503,7 @@ Changes in version 0.2.8.6 - 2015-08-02
- Update the limits in max_dl_per_request for IPv6 address length.
Fixes bug 17573; bugfix on 0.2.1.5-alpha.
o Minor bugfixes (linux seccomp2 sandbox):
o Minor bugfixes (Linux seccomp2 sandbox):
- Allow more syscalls when running with "Sandbox 1" enabled:
sysinfo, getsockopt(SO_SNDBUF), and setsockopt(SO_SNDBUFFORCE). On
some systems, these are required for Tor to start. Fixes bug
@ -555,6 +539,9 @@ Changes in version 0.2.8.6 - 2015-08-02
- When we can't generate a signing key because OfflineMasterKey is
set, do not imply that we should have been able to load it. Fixes
bug 18133; bugfix on 0.2.7.2-alpha.
- When logging a malformed hostname received through socks4, scrub
it if SafeLogging says we should. Fixes bug 17419; bugfix
on 0.1.1.16-rc.
o Minor bugfixes (memory safety):
- Avoid freeing an uninitialized pointer when opening a socket fails
@ -579,11 +566,6 @@ Changes in version 0.2.8.6 - 2015-08-02
Fixes bug 19150; bugfix on 0.2.1.1-alpha. Bug found by
Guido Vranken.
o Minor bugfixes (portability):
- Remove an #endif from configure.ac so that we correctly detect the
presence of in6_addr.s6_addr32. Fixes bug 17923; bugfix
on 0.2.0.13-alpha.
o Minor bugfixes (private directory):
- Prevent a race condition when creating private directories. Fixes
part of bug 17852; bugfix on 0.0.2pre13. Part of ticket 17852.
@ -605,17 +587,12 @@ Changes in version 0.2.8.6 - 2015-08-02
then refuse to send any cells to a private address. Fixes bugs
17674 and 8976; bugfix on 0.2.3.21-rc. Patch by teor.
o Minor bugfixes (safe logging):
- When logging a malformed hostname received through socks4, scrub
it if SafeLogging says we should. Fixes bug 17419; bugfix
on 0.1.1.16-rc.
o Minor bugfixes (security, hidden services):
- Prevent hidden services connecting to client-supplied rendezvous
addresses that are reserved as internal or multicast. Fixes bug
8976; bugfix on 0.2.3.21-rc. Patch by dgoulet and teor.
o Minor bugfixes (statistics code):
o Minor bugfixes (statistics):
- Consistently check for overflow in round_*_to_next_multiple_of
functions, and add unit tests with additional and maximal values.
Fixes part of bug 13192; bugfix on 0.2.2.1-alpha.
@ -624,8 +601,6 @@ Changes in version 0.2.8.6 - 2015-08-02
conversion warnings using round and trunc. Add unit tests for edge
cases with maximal values. Fixes part of bug 13192; bugfix
on 0.2.6.2-alpha.
o Minor bugfixes (statistics):
- We now include consensus downloads via IPv6 in our directory-
request statistics. Fixes bug 18460; bugfix on 0.2.3.14-alpha.
@ -660,8 +635,6 @@ Changes in version 0.2.8.6 - 2015-08-02
- When correcting a corrupt 'struct tm' value, fill in the tm_wday
field. Otherwise, our unit tests crash on Windows. Fixes bug
18977; bugfix on 0.2.2.25-alpha.
o Minor bugfixes (time parsing):
- Avoid overflow in tor_timegm when parsing dates in and after 2038
on platforms with 32-bit time_t. Fixes bug 18479; bugfix on
0.0.2pre14. Patch by teor.