Sort the entries in the 0.3.3.7 CL and RNs
This commit is contained in:
parent
731d4dbc56
commit
b9aa9e6012
18
ChangeLog
18
ChangeLog
|
@ -10,6 +10,11 @@ Changes in version 0.3.3.6 - 2018-05-??
|
||||||
uninitialised buffer. They now log a warning about the empty file
|
uninitialised buffer. They now log a warning about the empty file
|
||||||
instead. Fixes bug 26007; bugfix on 0.2.2.1-alpha.
|
instead. Fixes bug 26007; bugfix on 0.2.2.1-alpha.
|
||||||
|
|
||||||
|
o Major bugfixes (crash, backport from 0.3.4.1-alpha):
|
||||||
|
- Avoid a rare assertion failure in the circuit build timeout code
|
||||||
|
if we fail to allow any circuits to actually complete. Fixes bug
|
||||||
|
25733; bugfix on 0.2.2.2-alpha.
|
||||||
|
|
||||||
o Major bugfixes (onion service, backport from 0.3.4.1-alpha):
|
o Major bugfixes (onion service, backport from 0.3.4.1-alpha):
|
||||||
- Correctly detect when onion services get disabled after HUP.
|
- Correctly detect when onion services get disabled after HUP.
|
||||||
Fixes bug 25761; bugfix on 0.3.2.1.
|
Fixes bug 25761; bugfix on 0.3.2.1.
|
||||||
|
@ -33,11 +38,6 @@ Changes in version 0.3.3.6 - 2018-05-??
|
||||||
- Update geoip and geoip6 to the May 1 2018 Maxmind GeoLite2
|
- Update geoip and geoip6 to the May 1 2018 Maxmind GeoLite2
|
||||||
Country database. Closes ticket 26104.
|
Country database. Closes ticket 26104.
|
||||||
|
|
||||||
o Major bugfixes (crash, backport from 0.3.4.1-alpha):
|
|
||||||
- Avoid a rare assertion failure in the circuit build timeout code
|
|
||||||
if we fail to allow any circuits to actually complete. Fixes bug
|
|
||||||
25733; bugfix on 0.2.2.2-alpha.
|
|
||||||
|
|
||||||
o Minor bugfixes (client, backport from 0.3.4.1-alpha):
|
o Minor bugfixes (client, backport from 0.3.4.1-alpha):
|
||||||
- Don't consider Tor running as a client if the ControlPort is open,
|
- Don't consider Tor running as a client if the ControlPort is open,
|
||||||
but no actual client ports are open. Fixes bug 26062; bugfix
|
but no actual client ports are open. Fixes bug 26062; bugfix
|
||||||
|
@ -56,6 +56,10 @@ Changes in version 0.3.3.6 - 2018-05-??
|
||||||
but we forgot to say so in the man page. Fixes bug 26052; bugfix
|
but we forgot to say so in the man page. Fixes bug 26052; bugfix
|
||||||
on 0.3.2.6-alpha.
|
on 0.3.2.6-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (Linux seccomp2 sandbox, backport from 0.3.4.1-alpha):
|
||||||
|
- Allow the nanosleep() system call, which glibc uses to implement
|
||||||
|
sleep() and usleep(). Fixes bug 24969; bugfix on 0.2.5.1-alpha.
|
||||||
|
|
||||||
o Minor bugfixes (onion service, backport from 0.3.4.1-alpha):
|
o Minor bugfixes (onion service, backport from 0.3.4.1-alpha):
|
||||||
- Fix a memory leak when a v3 onion service is configured and gets a
|
- Fix a memory leak when a v3 onion service is configured and gets a
|
||||||
SIGHUP signal. Fixes bug 25901; bugfix on 0.3.2.1-alpha.
|
SIGHUP signal. Fixes bug 25901; bugfix on 0.3.2.1-alpha.
|
||||||
|
@ -64,10 +68,6 @@ Changes in version 0.3.3.6 - 2018-05-??
|
||||||
allow us to support new fields that might start with "signature".
|
allow us to support new fields that might start with "signature".
|
||||||
Fixes bug 26069; bugfix on 0.3.0.1-alpha.
|
Fixes bug 26069; bugfix on 0.3.0.1-alpha.
|
||||||
|
|
||||||
o Minor bugfixes (Linux seccomp2 sandbox, backport from 0.3.4.1-alpha):
|
|
||||||
- Allow the nanosleep() system call, which glibc uses to implement
|
|
||||||
sleep() and usleep(). Fixes bug 24969; bugfix on 0.2.5.1-alpha.
|
|
||||||
|
|
||||||
o Minor bugfixes (relay, crash, backport from 0.3.4.1-alpha):
|
o Minor bugfixes (relay, crash, backport from 0.3.4.1-alpha):
|
||||||
- Avoid a crash when running with DirPort set but ORPort tuned off.
|
- Avoid a crash when running with DirPort set but ORPort tuned off.
|
||||||
Fixes a case of bug 23693; bugfix on 0.3.1.1-alpha.
|
Fixes a case of bug 23693; bugfix on 0.3.1.1-alpha.
|
||||||
|
|
737
ReleaseNotes
737
ReleaseNotes
|
@ -2,278 +2,16 @@ This document summarizes new features and bugfixes in each stable release
|
||||||
of Tor. If you want to see more detailed descriptions of the changes in
|
of Tor. If you want to see more detailed descriptions of the changes in
|
||||||
each development snapshot, see the ChangeLog file.
|
each development snapshot, see the ChangeLog file.
|
||||||
|
|
||||||
|
|
||||||
Changes in version 0.3.3.6 - 2018-05-??
|
Changes in version 0.3.3.6 - 2018-05-??
|
||||||
BLURB
|
BLURB
|
||||||
|
|
||||||
Below are the changes since the 0.3.2 series. For a list of only the changes
|
Below are the changes since the 0.3.2 series. For a list of only the changes
|
||||||
since 0.3.3.5-rc, see the ChangeLog file.
|
since 0.3.3.5-rc, see the ChangeLog file.
|
||||||
|
|
||||||
o Major bugfixes (directory authorities, security, backport from 0.3.4.1-alpha):
|
|
||||||
- When directory authorities read a zero-byte bandwidth file, they
|
|
||||||
would previously log a warning with the contents of an
|
|
||||||
uninitialised buffer. They now log a warning about the empty file
|
|
||||||
instead. Fixes bug 26007; bugfix on 0.2.2.1-alpha.
|
|
||||||
|
|
||||||
o Major bugfixes (onion service, backport from 0.3.4.1-alpha):
|
|
||||||
- Correctly detect when onion services get disabled after HUP.
|
|
||||||
Fixes bug 25761; bugfix on 0.3.2.1.
|
|
||||||
|
|
||||||
o Major bugfixes (relay, denial of service, backport from 0.3.4.1-alpha):
|
|
||||||
- Impose a limit on circuit cell queue size. The limit can be controlled by
|
|
||||||
a consensus parameter. Fixes bug 25226; bugfix on 0.2.4.14-alpha.
|
|
||||||
|
|
||||||
o Minor features (compatibility, backport from 0.3.4.1-alpha):
|
|
||||||
- Avoid some compilation warnings with recent versions
|
|
||||||
of LibreSSL. Closes ticket 26006.
|
|
||||||
|
|
||||||
o Minor features (continuous integration, backport from 0.3.4.1-alpha):
|
|
||||||
- Our .travis.yml configuration now includes support for testing
|
|
||||||
the results of "make distcheck". (It's not uncommon for "make check" to
|
|
||||||
pass but "make distcheck" to fail.) Closes ticket 25814.
|
|
||||||
- Our Travis CI configuration now integrates with the Coveralls coverage
|
|
||||||
analysis tool. Closes ticket 25818.
|
|
||||||
|
|
||||||
o Minor features (geoip):
|
|
||||||
- Update geoip and geoip6 to the May 1 2018 Maxmind GeoLite2
|
|
||||||
Country database. Closes ticket 26104.
|
|
||||||
|
|
||||||
o Major bugfixes (crash, backport from 0.3.4.1-alpha):
|
|
||||||
- Avoid a rare assertion failure in the circuit build timeout code
|
|
||||||
if we fail to allow any circuits to actually complete. Fixes bug
|
|
||||||
25733; bugfix on 0.2.2.2-alpha.
|
|
||||||
|
|
||||||
o Minor bugfixes (client, backport from 0.3.4.1-alpha):
|
|
||||||
- Don't consider Tor running as a client if the ControlPort is open,
|
|
||||||
but no actual client ports are open. Fixes bug 26062; bugfix
|
|
||||||
on 0.2.9.4-alpha.
|
|
||||||
|
|
||||||
o Minor bugfixes (correctness, client, backport from 0.3.4.1-alpha):
|
|
||||||
- Upon receiving a malformed connected cell, stop processing the cell
|
|
||||||
immediately. Previously we would mark the connection for close, but
|
|
||||||
continue processing the cell as if the connection were open. Fixes bug
|
|
||||||
26072; bugfix on 0.2.4.7-alpha.
|
|
||||||
|
|
||||||
o Minor bugfixes (documentation, backport from 0.3.4.1-alpha):
|
|
||||||
- Stop saying in the manual that clients cache ipv4 dns answers
|
|
||||||
from exit relays. We haven't used them since 0.2.6.3-alpha, and
|
|
||||||
in ticket 24050 we stopped even caching them as of 0.3.2.6-alpha,
|
|
||||||
but we forgot to say so in the man page. Fixes bug 26052; bugfix
|
|
||||||
on 0.3.2.6-alpha.
|
|
||||||
|
|
||||||
o Minor bugfixes (onion service, backport from 0.3.4.1-alpha):
|
|
||||||
- Fix a memory leak when a v3 onion service is configured and gets a
|
|
||||||
SIGHUP signal. Fixes bug 25901; bugfix on 0.3.2.1-alpha.
|
|
||||||
- When parsing the descriptor signature, look for the token plus an
|
|
||||||
extra white-space at the end. This is more correct but also will
|
|
||||||
allow us to support new fields that might start with "signature".
|
|
||||||
Fixes bug 26069; bugfix on 0.3.0.1-alpha.
|
|
||||||
|
|
||||||
o Minor bugfixes (Linux seccomp2 sandbox, backport from 0.3.4.1-alpha):
|
|
||||||
- Allow the nanosleep() system call, which glibc uses to implement
|
|
||||||
sleep() and usleep(). Fixes bug 24969; bugfix on 0.2.5.1-alpha.
|
|
||||||
|
|
||||||
o Minor bugfixes (relay, crash, backport from 0.3.4.1-alpha):
|
|
||||||
- Avoid a crash when running with DirPort set but ORPort tuned off.
|
|
||||||
Fixes a case of bug 23693; bugfix on 0.3.1.1-alpha.
|
|
||||||
|
|
||||||
o Documentation (backport from 0.3.4.1-alpha):
|
|
||||||
- Correct an IPv6 error in the documentation for ExitPolicy.
|
|
||||||
Closes ticket 25857. Patch from "CTassisF".
|
|
||||||
|
|
||||||
|
|
||||||
o Major bugfixes (performance, load balancing):
|
|
||||||
- Directory authorities no longer vote in favor of the Guard flag
|
|
||||||
for relays without directory support. Starting in Tor
|
|
||||||
0.3.0.1-alpha, clients have been avoiding using such relays in the
|
|
||||||
Guard position, leading to increasingly broken load balancing for
|
|
||||||
the 5%-or-so of Guards that don't advertise directory support.
|
|
||||||
Fixes bug 22310; bugfix on 0.3.0.6.
|
|
||||||
|
|
||||||
o Minor feature (continuous integration):
|
|
||||||
- Update the Travis CI configuration to use the stable Rust channel,
|
|
||||||
now that we have decided to require that. Closes ticket 25714.
|
|
||||||
|
|
||||||
o Minor features (config options):
|
|
||||||
- Change the way the default value for MaxMemInQueues is calculated.
|
|
||||||
We now use 40% of the hardware RAM if the system has 8 GB RAM or
|
|
||||||
more. Otherwise we use the former value of 75%. Closes
|
|
||||||
ticket 24782.
|
|
||||||
|
|
||||||
o Minor features (geoip):
|
|
||||||
- Update geoip and geoip6 to the April 3 2018 Maxmind GeoLite2
|
|
||||||
Country database. Closes ticket 25718.
|
|
||||||
|
|
||||||
|
|
||||||
o Minor bugfixes (controller):
|
|
||||||
- Restore the correct operation of the RESOLVE command, which had
|
|
||||||
been broken since we added the ability to enable/disable DNS on
|
|
||||||
specific listener ports. Fixes bug 25617; bugfix on 0.2.9.3-alpha.
|
|
||||||
|
|
||||||
|
|
||||||
o Minor bugfixes (documentation):
|
|
||||||
- Document that the PerConnBW{Rate,Burst} options will fall back to
|
|
||||||
their corresponding consensus parameters only if those parameters
|
|
||||||
are set. Previously we had claimed that these values would always
|
|
||||||
be set in the consensus. Fixes bug 25296; bugfix on 0.2.2.7-alpha.
|
|
||||||
|
|
||||||
|
|
||||||
o Minor bugfixes (exit node DNS retries):
|
|
||||||
- Re-attempt timed-out DNS queries 3 times before failure, since our
|
|
||||||
timeout is 5 seconds for them, but clients wait 10-15. Also allow
|
|
||||||
slightly more timeouts per resolver when an exit has multiple
|
|
||||||
resolvers configured. Fixes bug 21394; bugfix on 0.3.1.9.
|
|
||||||
|
|
||||||
o Code simplification and refactoring:
|
|
||||||
- Move the list of default directory authorities to its own file.
|
|
||||||
Closes ticket 24854. Patch by "beastr0".
|
|
||||||
|
|
||||||
o Documentation (manpage, denial of service):
|
|
||||||
- Provide more detail about the denial-of-service options, by
|
|
||||||
listing each mitigation and explaining how they relate. Closes
|
|
||||||
ticket 25248.
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
o New system requirements:
|
o New system requirements:
|
||||||
- When built with Rust, Tor now depends on version 0.2.39 of the
|
- When built with Rust, Tor now depends on version 0.2.39 of the
|
||||||
libc crate. Closes tickets 25310 and 25664.
|
libc crate. Closes tickets 25310 and 25664.
|
||||||
|
|
||||||
o Major bugfixes (relay, connection):
|
|
||||||
- If we have failed to connect to a relay and received a connection
|
|
||||||
refused, timeout, or similar error (at the TCP level), do not try
|
|
||||||
that same address/port again for 60 seconds after the failure has
|
|
||||||
occurred. Fixes bug 24767; bugfix on 0.0.6.
|
|
||||||
|
|
||||||
o Minor features (geoip):
|
|
||||||
- Update geoip and geoip6 to the March 8 2018 Maxmind GeoLite2
|
|
||||||
Country database. Closes ticket 25469.
|
|
||||||
|
|
||||||
o Minor features (log messages):
|
|
||||||
- Improve log message in the out-of-memory handler to include
|
|
||||||
information about memory usage from the different compression
|
|
||||||
backends. Closes ticket 25372.
|
|
||||||
|
|
||||||
o Minor features (sandbox):
|
|
||||||
- Explicitly permit the poll() system call when the Linux
|
|
||||||
seccomp2-based sandbox is enabled: apparently, some versions of
|
|
||||||
libc use poll() when calling getpwnam(). Closes ticket 25313.
|
|
||||||
|
|
||||||
o Minor bugfixes (C correctness):
|
|
||||||
- Fix a very unlikely (impossible, we believe) null pointer
|
|
||||||
dereference. Fixes bug 25629; bugfix on 0.2.9.15. Found by
|
|
||||||
Coverity; this is CID 1430932.
|
|
||||||
|
|
||||||
o Minor bugfixes (channel, client):
|
|
||||||
- Better identify client connection when reporting to the geoip
|
|
||||||
client cache. Fixes bug 24904; bugfix on 0.3.1.7.
|
|
||||||
|
|
||||||
o Minor bugfixes (compilation):
|
|
||||||
- Fix a C99 compliance issue in our configuration script that caused
|
|
||||||
compilation issues when compiling Tor with certain versions of
|
|
||||||
xtools. Fixes bug 25474; bugfix on 0.3.2.5-alpha.
|
|
||||||
|
|
||||||
o Minor bugfixes (controller, reliability):
|
|
||||||
- Avoid a (nonfatal) assertion failure when extending a one-hop
|
|
||||||
circuit from the controller to become a multihop circuit. Fixes
|
|
||||||
bug 24903; bugfix on 0.2.5.2-alpha.
|
|
||||||
|
|
||||||
o Minor bugfixes (networking):
|
|
||||||
- Tor will no longer reject IPv6 address strings from TorBrowser
|
|
||||||
when they are passed as hostnames in SOCKS5 requests. Fixes bug
|
|
||||||
25036, bugfix on Tor 0.3.1.2.
|
|
||||||
- string_is_valid_hostname() will not consider IP strings to be
|
|
||||||
valid hostnames. Fixes bug 25055; bugfix on Tor 0.2.5.5.
|
|
||||||
|
|
||||||
o Minor bugfixes (onion service v3):
|
|
||||||
- Avoid an assertion failure when the next the next onion service
|
|
||||||
descriptor rotation type is out of sync with the consensus's
|
|
||||||
valid-after time. Instead, log a warning message with extra
|
|
||||||
information, so we can better hunt down the cause of this
|
|
||||||
assertion. Fixes bug 25306; bugfix on 0.3.2.1-alpha.
|
|
||||||
|
|
||||||
o Minor bugfixes (testing):
|
|
||||||
- Avoid intermittent test failures due to a test that had relied on
|
|
||||||
onion service introduction point creation finishing within 5
|
|
||||||
seconds of real clock time. Fixes bug 25450; bugfix
|
|
||||||
on 0.3.1.3-alpha.
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
o Code simplification and refactoring:
|
|
||||||
- Remove the old (deterministic) directory retry logic entirely:
|
|
||||||
We've used exponential backoff exclusively for some time. Closes
|
|
||||||
ticket 23814.
|
|
||||||
|
|
||||||
o Documentation:
|
|
||||||
- Improved the documentation of AccountingStart parameter. Closes
|
|
||||||
ticket 23635.
|
|
||||||
- Update the documentation for "Log" to include the current list of
|
|
||||||
logging domains. Closes ticket 25378.
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
o Major bugfixes (denial-of-service, directory authority):
|
|
||||||
- Fix a protocol-list handling bug that could be used to remotely crash
|
|
||||||
directory authorities with a null-pointer exception. Fixes bug 25074;
|
|
||||||
bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2018-001 and
|
|
||||||
CVE-2018-0490.
|
|
||||||
|
|
||||||
o Minor features (compatibility, OpenSSL):
|
|
||||||
- Tor will now support TLS1.3 once OpenSSL 1.1.1 is released.
|
|
||||||
Previous versions of Tor would not have worked with OpenSSL 1.1.1,
|
|
||||||
since they neither disabled TLS 1.3 nor enabled any of the
|
|
||||||
ciphersuites it requires. Now we enable the TLS 1.3 ciphersuites.
|
|
||||||
Closes ticket 24978.
|
|
||||||
|
|
||||||
o Minor features (logging):
|
|
||||||
- Clarify the log messages produced when getrandom() or a related
|
|
||||||
entropy-generation mechanism gives an error. Closes ticket 25120.
|
|
||||||
|
|
||||||
o Minor features (testing):
|
|
||||||
- Add a "make test-rust" target to run the rust tests only. Closes
|
|
||||||
ticket 25071.
|
|
||||||
|
|
||||||
o Minor bugfixes (denial-of-service):
|
|
||||||
- Fix a possible crash on malformed consensus. If a consensus had
|
|
||||||
contained an unparseable protocol line, it could have made clients
|
|
||||||
and relays crash with a null-pointer exception. To exploit this
|
|
||||||
issue, however, an attacker would need to be able to subvert the
|
|
||||||
directory authority system. Fixes bug 25251; bugfix on
|
|
||||||
0.2.9.4-alpha. Also tracked as TROVE-2018-004.
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
o Minor bugfixes (man page, SocksPort):
|
|
||||||
- Remove dead code from the old "SocksSocket" option, and rename
|
|
||||||
SocksSocketsGroupWritable to UnixSocksGroupWritable. The old option
|
|
||||||
still works, but is deprecated. Fixes bug 24343; bugfix on 0.2.6.3.
|
|
||||||
|
|
||||||
o Minor bugfixes (performance):
|
|
||||||
- Reduce the number of circuits that will be opened at once during
|
|
||||||
the circuit build timeout phase. This is done by increasing the
|
|
||||||
idle timeout to 3 minutes, and lowering the maximum number of
|
|
||||||
concurrent learning circuits to 10. Fixes bug 24769; bugfix
|
|
||||||
on 0.3.1.1-alpha.
|
|
||||||
|
|
||||||
o Minor bugfixes (spec conformance):
|
|
||||||
- Forbid "-0" as a protocol version. Fixes part of bug 25249; bugfix on
|
|
||||||
0.2.9.4-alpha.
|
|
||||||
- Forbid UINT32_MAX as a protocol version. Fixes part of bug 25249;
|
|
||||||
bugfix on 0.2.9.4-alpha.
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
o Code simplification and refactoring:
|
|
||||||
- Update the "rust dependencies" submodule to be a project-level
|
|
||||||
repository, rather than a user repository. Closes ticket 25323.
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
o Major features (denial-of-service mitigation):
|
o Major features (denial-of-service mitigation):
|
||||||
- Give relays some defenses against the recent network overload. We
|
- Give relays some defenses against the recent network overload. We
|
||||||
start with three defenses (default parameters in parentheses).
|
start with three defenses (default parameters in parentheses).
|
||||||
|
@ -288,136 +26,6 @@ Changes in version 0.3.3.6 - 2018-05-??
|
||||||
take guidance from consensus parameters, so there's no need to
|
take guidance from consensus parameters, so there's no need to
|
||||||
configure anything manually. Implements ticket 24902.
|
configure anything manually. Implements ticket 24902.
|
||||||
|
|
||||||
o Major bugfixes (netflow padding):
|
|
||||||
- Stop adding unneeded channel padding right after we finish
|
|
||||||
flushing to a connection that has been trying to flush for many
|
|
||||||
seconds. Instead, treat all partial or complete flushes as
|
|
||||||
activity on the channel, which will defer the time until we need
|
|
||||||
to add padding. This fix should resolve confusing and scary log
|
|
||||||
messages like "Channel padding timeout scheduled 221453ms in the
|
|
||||||
past." Fixes bug 22212; bugfix on 0.3.1.1-alpha.
|
|
||||||
|
|
||||||
o Major bugfixes (protocol versions):
|
|
||||||
- Add Link protocol version 5 to the supported protocols list. Fixes
|
|
||||||
bug 25070; bugfix on 0.3.1.1-alpha.
|
|
||||||
|
|
||||||
o Major bugfixes (scheduler, consensus):
|
|
||||||
- The scheduler subsystem was failing to promptly notice changes in
|
|
||||||
consensus parameters, making it harder to switch schedulers
|
|
||||||
network-wide. Fixes bug 24975; bugfix on 0.3.2.1-alpha.
|
|
||||||
|
|
||||||
o Minor features (denial-of-service avoidance):
|
|
||||||
- Make our OOM handler aware of the geoip client history cache so it
|
|
||||||
doesn't fill up the memory. This check is important for IPv6 and
|
|
||||||
our DoS mitigation subsystem. Closes ticket 25122.
|
|
||||||
|
|
||||||
o Minor features (directory authority):
|
|
||||||
- When directory authorities are unable to add signatures to a
|
|
||||||
pending consensus, log the reason why. Closes ticket 24849.
|
|
||||||
|
|
||||||
o Minor features (geoip):
|
|
||||||
- Update geoip and geoip6 to the February 7 2018 Maxmind GeoLite2
|
|
||||||
Country database.
|
|
||||||
|
|
||||||
o Minor features (logging, diagnostic):
|
|
||||||
- When logging a failure to create an onion service's descriptor,
|
|
||||||
also log what the problem with the descriptor was. Diagnostic for
|
|
||||||
ticket 24972.
|
|
||||||
|
|
||||||
o Minor bugfix (channel connection):
|
|
||||||
- Use the actual observed address of an incoming relay connection,
|
|
||||||
not the canonical address of the relay from its descriptor, when
|
|
||||||
making decisions about how to handle the incoming connection.
|
|
||||||
Fixes bug 24952; bugfix on 0.2.4.11-alpha. Patch by "ffmancera".
|
|
||||||
|
|
||||||
o Minor bugfix (directory authority):
|
|
||||||
- Directory authorities, when refusing a descriptor from a rejected
|
|
||||||
relay, now explicitly tell the relay (in its logs) to set a valid
|
|
||||||
ContactInfo address and contact the bad-relays@ mailing list.
|
|
||||||
Fixes bug 25170; bugfix on 0.2.9.1.
|
|
||||||
|
|
||||||
o Minor bugfixes (all versions of Tor):
|
|
||||||
- Use the "misspell" tool to detect and fix typos throughout the
|
|
||||||
source code. Fixes bug 23650; bugfix on various versions of Tor.
|
|
||||||
Patch from Deepesh Pathak.
|
|
||||||
|
|
||||||
o Minor bugfixes (circuit, cannibalization):
|
|
||||||
- Don't cannibalize preemptively-built circuits if we no longer
|
|
||||||
recognize their first hop. This situation can happen if our Guard
|
|
||||||
relay went off the consensus after the circuit was created. Fixes
|
|
||||||
bug 24469; bugfix on 0.0.6.
|
|
||||||
|
|
||||||
o Minor bugfixes (correctness):
|
|
||||||
- Remove a nonworking, unnecessary check to see whether a circuit
|
|
||||||
hop's identity digest was set when the circuit failed. Fixes bug
|
|
||||||
24927; bugfix on 0.2.4.4-alpha.
|
|
||||||
|
|
||||||
o Minor bugfixes (logging):
|
|
||||||
- Don't treat inability to store a cached consensus object as a bug:
|
|
||||||
it can happen normally when we are out of disk space. Fixes bug
|
|
||||||
24859; bugfix on 0.3.1.1-alpha.
|
|
||||||
- Fix a (mostly harmless) race condition when invoking
|
|
||||||
LOG_PROTOCOL_WARN message from a subthread while the torrc options
|
|
||||||
are changing. Fixes bug 23954; bugfix on 0.1.1.9-alpha.
|
|
||||||
|
|
||||||
o Minor bugfixes (onion services):
|
|
||||||
- Remove a BUG() statement when a client fetches an onion descriptor
|
|
||||||
that has a lower revision counter than the one in its cache. This
|
|
||||||
can happen in normal circumstances due to HSDir desync. Fixes bug
|
|
||||||
24976; bugfix on 0.3.2.1-alpha.
|
|
||||||
- If we are configured to offer a single onion service, don't log
|
|
||||||
long-term established one hop rendezvous points in the heartbeat.
|
|
||||||
Fixes bug 25116; bugfix on 0.2.9.6-rc.
|
|
||||||
|
|
||||||
o Minor bugfixes (performance):
|
|
||||||
- Avoid calling protocol_list_supports_protocol() from inside tight
|
|
||||||
loops when running with cached routerinfo_t objects. Instead,
|
|
||||||
summarize the relevant protocols as flags in the routerinfo_t, as
|
|
||||||
we do for routerstatus_t objects. This change simplifies our code
|
|
||||||
a little, and saves a large amount of short-term memory allocation
|
|
||||||
operations. Fixes bug 25008; bugfix on 0.2.9.4-alpha.
|
|
||||||
|
|
||||||
o Minor bugfixes (Rust FFI):
|
|
||||||
- Fix a minor memory leak which would happen whenever the C code
|
|
||||||
would call the Rust implementation of
|
|
||||||
protover_get_supported_protocols(). This was due to the C version
|
|
||||||
returning a static string, whereas the Rust version newly allocated
|
|
||||||
a CString to pass accross the FFI boundary. Consequently, the C
|
|
||||||
code was not expecting to need to free() what it was given. Fixes
|
|
||||||
bug 25127; bugfix on 0.3.2.1-alpha.
|
|
||||||
|
|
||||||
o Minor bugfixes (scheduler, KIST):
|
|
||||||
- Avoid adding the same channel twice in the KIST scheduler pending
|
|
||||||
list, which would waste CPU cycles. Fixes bug 24700; bugfix
|
|
||||||
on 0.3.2.1-alpha.
|
|
||||||
|
|
||||||
o Minor bugfixes (unit test, monotonic time):
|
|
||||||
- Increase a constant (1msec to 10msec) in the monotonic time test
|
|
||||||
that makes sure the nsec/usec/msec times read are synchronized.
|
|
||||||
This change was needed to accommodate slow systems like armel or
|
|
||||||
when the clock_gettime() is not a VDSO on the running kernel.
|
|
||||||
Fixes bug 25113; bugfix on 0.2.9.1.
|
|
||||||
|
|
||||||
o Minor bugfixes (v3 onion services):
|
|
||||||
- Look at the "HSRend" protocol version, not the "HSDir" protocol
|
|
||||||
version, when deciding whether a consensus entry can support the
|
|
||||||
v3 onion service protocol as a rendezvous point. Fixes bug 25105;
|
|
||||||
bugfix on 0.3.2.1-alpha.
|
|
||||||
|
|
||||||
o Code simplification and refactoring:
|
|
||||||
- Remove the unused nodelist_recompute_all_hsdir_indices(). Closes
|
|
||||||
ticket 25108.
|
|
||||||
- Remove a series of counters used to track circuit extend attempts
|
|
||||||
and connection status but that in reality we aren't using for
|
|
||||||
anything other than stats logged by a SIGUSR1 signal. Closes
|
|
||||||
ticket 25163.
|
|
||||||
|
|
||||||
o Documentation (man page):
|
|
||||||
- The HiddenServiceVersion torrc option accepts only one number:
|
|
||||||
either version 2 or 3. Closes ticket 25026; bugfix
|
|
||||||
on 0.3.2.2-alpha.
|
|
||||||
|
|
||||||
|
|
||||||
o Major features (embedding):
|
o Major features (embedding):
|
||||||
- There is now a documented stable API for programs that need to
|
- There is now a documented stable API for programs that need to
|
||||||
embed Tor. See tor_api.h for full documentation and known bugs.
|
embed Tor. See tor_api.h for full documentation and known bugs.
|
||||||
|
@ -481,6 +89,36 @@ Changes in version 0.3.3.6 - 2018-05-??
|
||||||
able to use IPv6 addresses to connect directly to the rendezvous
|
able to use IPv6 addresses to connect directly to the rendezvous
|
||||||
point. Closes ticket 23577. Patch by Neel Chauhan.
|
point. Closes ticket 23577. Patch by Neel Chauhan.
|
||||||
|
|
||||||
|
o Major bugfixes (directory authorities, security, backport from 0.3.4.1-alpha):
|
||||||
|
- When directory authorities read a zero-byte bandwidth file, they
|
||||||
|
would previously log a warning with the contents of an
|
||||||
|
uninitialised buffer. They now log a warning about the empty file
|
||||||
|
instead. Fixes bug 26007; bugfix on 0.2.2.1-alpha.
|
||||||
|
|
||||||
|
o Major bugfixes (crash, backport from 0.3.4.1-alpha):
|
||||||
|
- Avoid a rare assertion failure in the circuit build timeout code
|
||||||
|
if we fail to allow any circuits to actually complete. Fixes bug
|
||||||
|
25733; bugfix on 0.2.2.2-alpha.
|
||||||
|
|
||||||
|
o Major bugfixes (denial-of-service, directory authority):
|
||||||
|
- Fix a protocol-list handling bug that could be used to remotely crash
|
||||||
|
directory authorities with a null-pointer exception. Fixes bug 25074;
|
||||||
|
bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2018-001 and
|
||||||
|
CVE-2018-0490.
|
||||||
|
|
||||||
|
o Major bugfixes (netflow padding):
|
||||||
|
- Stop adding unneeded channel padding right after we finish
|
||||||
|
flushing to a connection that has been trying to flush for many
|
||||||
|
seconds. Instead, treat all partial or complete flushes as
|
||||||
|
activity on the channel, which will defer the time until we need
|
||||||
|
to add padding. This fix should resolve confusing and scary log
|
||||||
|
messages like "Channel padding timeout scheduled 221453ms in the
|
||||||
|
past." Fixes bug 22212; bugfix on 0.3.1.1-alpha.
|
||||||
|
|
||||||
|
o Major bugfixes (onion service, backport from 0.3.4.1-alpha):
|
||||||
|
- Correctly detect when onion services get disabled after HUP.
|
||||||
|
Fixes bug 25761; bugfix on 0.3.2.1.
|
||||||
|
|
||||||
o Major bugfixes (onion services, retry behavior):
|
o Major bugfixes (onion services, retry behavior):
|
||||||
- Fix an "off by 2" error in counting rendezvous failures on the
|
- Fix an "off by 2" error in counting rendezvous failures on the
|
||||||
onion service side. While we thought we would stop the rendezvous
|
onion service side. While we thought we would stop the rendezvous
|
||||||
|
@ -493,6 +131,28 @@ Changes in version 0.3.3.6 - 2018-05-??
|
||||||
circuit attempts as they could fit in the MAX_REND_TIMEOUT second
|
circuit attempts as they could fit in the MAX_REND_TIMEOUT second
|
||||||
window before giving up. Fixes bug 24894; bugfix on 0.3.2.1-alpha.
|
window before giving up. Fixes bug 24894; bugfix on 0.3.2.1-alpha.
|
||||||
|
|
||||||
|
o Major bugfixes (performance, load balancing):
|
||||||
|
- Directory authorities no longer vote in favor of the Guard flag
|
||||||
|
for relays without directory support. Starting in Tor
|
||||||
|
0.3.0.1-alpha, clients have been avoiding using such relays in the
|
||||||
|
Guard position, leading to increasingly broken load balancing for
|
||||||
|
the 5%-or-so of Guards that don't advertise directory support.
|
||||||
|
Fixes bug 22310; bugfix on 0.3.0.6.
|
||||||
|
|
||||||
|
o Major bugfixes (protocol versions):
|
||||||
|
- Add Link protocol version 5 to the supported protocols list. Fixes
|
||||||
|
bug 25070; bugfix on 0.3.1.1-alpha.
|
||||||
|
|
||||||
|
o Major bugfixes (relay, connection):
|
||||||
|
- If we have failed to connect to a relay and received a connection
|
||||||
|
refused, timeout, or similar error (at the TCP level), do not try
|
||||||
|
that same address/port again for 60 seconds after the failure has
|
||||||
|
occurred. Fixes bug 24767; bugfix on 0.0.6.
|
||||||
|
|
||||||
|
o Major bugfixes (relay, denial of service, backport from 0.3.4.1-alpha):
|
||||||
|
- Impose a limit on circuit cell queue size. The limit can be controlled by
|
||||||
|
a consensus parameter. Fixes bug 25226; bugfix on 0.2.4.14-alpha.
|
||||||
|
|
||||||
o Major bugfixes (relays):
|
o Major bugfixes (relays):
|
||||||
- Fix a set of false positives where relays would consider
|
- Fix a set of false positives where relays would consider
|
||||||
connections to other relays as being client-only connections (and
|
connections to other relays as being client-only connections (and
|
||||||
|
@ -501,6 +161,15 @@ Changes in version 0.3.3.6 - 2018-05-??
|
||||||
initial handshake and whether the connection authenticated as a
|
initial handshake and whether the connection authenticated as a
|
||||||
relay. Fixes bug 24898; bugfix on 0.3.1.1-alpha.
|
relay. Fixes bug 24898; bugfix on 0.3.1.1-alpha.
|
||||||
|
|
||||||
|
o Major bugfixes (scheduler, consensus):
|
||||||
|
- The scheduler subsystem was failing to promptly notice changes in
|
||||||
|
consensus parameters, making it harder to switch schedulers
|
||||||
|
network-wide. Fixes bug 24975; bugfix on 0.3.2.1-alpha.
|
||||||
|
|
||||||
|
o Minor feature (continuous integration):
|
||||||
|
- Update the Travis CI configuration to use the stable Rust channel,
|
||||||
|
now that we have decided to require that. Closes ticket 25714.
|
||||||
|
|
||||||
o Minor feature (IPv6):
|
o Minor feature (IPv6):
|
||||||
- Make IPv6-only clients wait for microdescs for relays, even if we
|
- Make IPv6-only clients wait for microdescs for relays, even if we
|
||||||
were previously using descriptors (or were using them as a bridge)
|
were previously using descriptors (or were using them as a bridge)
|
||||||
|
@ -513,6 +182,30 @@ Changes in version 0.3.3.6 - 2018-05-??
|
||||||
- Tor now deletes the CookieAuthFile and ExtORPortCookieAuthFile
|
- Tor now deletes the CookieAuthFile and ExtORPortCookieAuthFile
|
||||||
when it stops. Closes ticket 23271.
|
when it stops. Closes ticket 23271.
|
||||||
|
|
||||||
|
o Minor features (compatibility, backport from 0.3.4.1-alpha):
|
||||||
|
- Avoid some compilation warnings with recent versions
|
||||||
|
of LibreSSL. Closes ticket 26006.
|
||||||
|
|
||||||
|
o Minor features (compatibility, OpenSSL):
|
||||||
|
- Tor will now support TLS1.3 once OpenSSL 1.1.1 is released.
|
||||||
|
Previous versions of Tor would not have worked with OpenSSL 1.1.1,
|
||||||
|
since they neither disabled TLS 1.3 nor enabled any of the
|
||||||
|
ciphersuites it requires. Now we enable the TLS 1.3 ciphersuites.
|
||||||
|
Closes ticket 24978.
|
||||||
|
|
||||||
|
o Minor features (config options):
|
||||||
|
- Change the way the default value for MaxMemInQueues is calculated.
|
||||||
|
We now use 40% of the hardware RAM if the system has 8 GB RAM or
|
||||||
|
more. Otherwise we use the former value of 75%. Closes
|
||||||
|
ticket 24782.
|
||||||
|
|
||||||
|
o Minor features (continuous integration, backport from 0.3.4.1-alpha):
|
||||||
|
- Our .travis.yml configuration now includes support for testing
|
||||||
|
the results of "make distcheck". (It's not uncommon for "make check" to
|
||||||
|
pass but "make distcheck" to fail.) Closes ticket 25814.
|
||||||
|
- Our Travis CI configuration now integrates with the Coveralls coverage
|
||||||
|
analysis tool. Closes ticket 25818.
|
||||||
|
|
||||||
o Minor features (defensive programming):
|
o Minor features (defensive programming):
|
||||||
- Most of the functions in Tor that free objects have been replaced
|
- Most of the functions in Tor that free objects have been replaced
|
||||||
with macros that free the objects and set the corresponding
|
with macros that free the objects and set the corresponding
|
||||||
|
@ -524,7 +217,14 @@ Changes in version 0.3.3.6 - 2018-05-??
|
||||||
node_get_ed25519_id() before returning them. Implements 24001,
|
node_get_ed25519_id() before returning them. Implements 24001,
|
||||||
patch by "aruna1234".
|
patch by "aruna1234".
|
||||||
|
|
||||||
|
o Minor features (denial-of-service avoidance):
|
||||||
|
- Make our OOM handler aware of the geoip client history cache so it
|
||||||
|
doesn't fill up the memory. This check is important for IPv6 and
|
||||||
|
our DoS mitigation subsystem. Closes ticket 25122.
|
||||||
|
|
||||||
o Minor features (directory authority):
|
o Minor features (directory authority):
|
||||||
|
- When directory authorities are unable to add signatures to a
|
||||||
|
pending consensus, log the reason why. Closes ticket 24849.
|
||||||
- Make the "Exit" flag assignment only depend on whether the exit
|
- Make the "Exit" flag assignment only depend on whether the exit
|
||||||
policy allows connections to ports 80 and 443. Previously relays
|
policy allows connections to ports 80 and 443. Previously relays
|
||||||
would get the Exit flag if they allowed connections to one of
|
would get the Exit flag if they allowed connections to one of
|
||||||
|
@ -593,6 +293,16 @@ Changes in version 0.3.3.6 - 2018-05-??
|
||||||
versions as if they were too old to support ed25519 link
|
versions as if they were too old to support ed25519 link
|
||||||
authentication. Closes ticket 20895.
|
authentication. Closes ticket 20895.
|
||||||
|
|
||||||
|
o Minor features (geoip):
|
||||||
|
- Update geoip and geoip6 to the May 1 2018 Maxmind GeoLite2
|
||||||
|
Country database. Closes ticket 26104.
|
||||||
|
- Update geoip and geoip6 to the April 3 2018 Maxmind GeoLite2
|
||||||
|
Country database. Closes ticket 25718.
|
||||||
|
- Update geoip and geoip6 to the March 8 2018 Maxmind GeoLite2
|
||||||
|
Country database. Closes ticket 25469.
|
||||||
|
- Update geoip and geoip6 to the February 7 2018 Maxmind GeoLite2
|
||||||
|
Country database.
|
||||||
|
|
||||||
o Minor features (heartbeat):
|
o Minor features (heartbeat):
|
||||||
- Add onion service information to our heartbeat logs, displaying
|
- Add onion service information to our heartbeat logs, displaying
|
||||||
stats about the activity of configured onion services. Closes
|
stats about the activity of configured onion services. Closes
|
||||||
|
@ -605,15 +315,27 @@ Changes in version 0.3.3.6 - 2018-05-??
|
||||||
when it's trying to sleep. Closes ticket 24605.
|
when it's trying to sleep. Closes ticket 24605.
|
||||||
|
|
||||||
o Minor features (log messages):
|
o Minor features (log messages):
|
||||||
|
- Improve log message in the out-of-memory handler to include
|
||||||
|
information about memory usage from the different compression
|
||||||
|
backends. Closes ticket 25372.
|
||||||
- Improve a warning message that happens when we fail to re-parse an
|
- Improve a warning message that happens when we fail to re-parse an
|
||||||
old router because of an expired certificate. Closes ticket 20020.
|
old router because of an expired certificate. Closes ticket 20020.
|
||||||
- Make the log more quantitative when we hit MaxMemInQueues
|
- Make the log more quantitative when we hit MaxMemInQueues
|
||||||
threshold exposing some values. Closes ticket 24501.
|
threshold exposing some values. Closes ticket 24501.
|
||||||
|
|
||||||
|
o Minor features (logging):
|
||||||
|
- Clarify the log messages produced when getrandom() or a related
|
||||||
|
entropy-generation mechanism gives an error. Closes ticket 25120.
|
||||||
|
|
||||||
o Minor features (logging, android):
|
o Minor features (logging, android):
|
||||||
- Added support for the Android logging subsystem. Closes
|
- Added support for the Android logging subsystem. Closes
|
||||||
ticket 24362.
|
ticket 24362.
|
||||||
|
|
||||||
|
o Minor features (logging, diagnostic):
|
||||||
|
- When logging a failure to create an onion service's descriptor,
|
||||||
|
also log what the problem with the descriptor was. Diagnostic for
|
||||||
|
ticket 24972.
|
||||||
|
|
||||||
o Minor features (performance):
|
o Minor features (performance):
|
||||||
- Support predictive circuit building for onion service circuits
|
- Support predictive circuit building for onion service circuits
|
||||||
with multiple layers of guards. Closes ticket 23101.
|
with multiple layers of guards. Closes ticket 23101.
|
||||||
|
@ -647,6 +369,15 @@ Changes in version 0.3.3.6 - 2018-05-??
|
||||||
thinking too hard about which ports to allow, this one is for you.
|
thinking too hard about which ports to allow, this one is for you.
|
||||||
Closes ticket 13605. Patch from Neel Chauhan.
|
Closes ticket 13605. Patch from Neel Chauhan.
|
||||||
|
|
||||||
|
o Minor features (sandbox):
|
||||||
|
- Explicitly permit the poll() system call when the Linux
|
||||||
|
seccomp2-based sandbox is enabled: apparently, some versions of
|
||||||
|
libc use poll() when calling getpwnam(). Closes ticket 25313.
|
||||||
|
|
||||||
|
o Minor features (testing):
|
||||||
|
- Add a "make test-rust" target to run the rust tests only. Closes
|
||||||
|
ticket 25071.
|
||||||
|
|
||||||
o Minor features (testing, debugging, embedding):
|
o Minor features (testing, debugging, embedding):
|
||||||
- For development purposes, Tor now has a mode in which it runs for
|
- For development purposes, Tor now has a mode in which it runs for
|
||||||
a few seconds, then stops, and starts again without exiting the
|
a few seconds, then stops, and starts again without exiting the
|
||||||
|
@ -657,11 +388,28 @@ Changes in version 0.3.3.6 - 2018-05-??
|
||||||
really meant for developers only. It will likely be removed in a
|
really meant for developers only. It will likely be removed in a
|
||||||
future release. Implements ticket 24583.
|
future release. Implements ticket 24583.
|
||||||
|
|
||||||
|
o Minor bugfix (channel connection):
|
||||||
|
- Use the actual observed address of an incoming relay connection,
|
||||||
|
not the canonical address of the relay from its descriptor, when
|
||||||
|
making decisions about how to handle the incoming connection.
|
||||||
|
Fixes bug 24952; bugfix on 0.2.4.11-alpha. Patch by "ffmancera".
|
||||||
|
|
||||||
|
o Minor bugfix (directory authority):
|
||||||
|
- Directory authorities, when refusing a descriptor from a rejected
|
||||||
|
relay, now explicitly tell the relay (in its logs) to set a valid
|
||||||
|
ContactInfo address and contact the bad-relays@ mailing list.
|
||||||
|
Fixes bug 25170; bugfix on 0.2.9.1.
|
||||||
|
|
||||||
o Minor bugfix (network IPv6 test):
|
o Minor bugfix (network IPv6 test):
|
||||||
- Tor's test scripts now check if "ping -6 ::1" works when the user
|
- Tor's test scripts now check if "ping -6 ::1" works when the user
|
||||||
runs "make test-network-all". Fixes bug 24677; bugfix on
|
runs "make test-network-all". Fixes bug 24677; bugfix on
|
||||||
0.2.9.3-alpha. Patch by "ffmancera".
|
0.2.9.3-alpha. Patch by "ffmancera".
|
||||||
|
|
||||||
|
o Minor bugfixes (all versions of Tor):
|
||||||
|
- Use the "misspell" tool to detect and fix typos throughout the
|
||||||
|
source code. Fixes bug 23650; bugfix on various versions of Tor.
|
||||||
|
Patch from Deepesh Pathak.
|
||||||
|
|
||||||
o Minor bugfixes (build, rust):
|
o Minor bugfixes (build, rust):
|
||||||
- Fix output of autoconf checks to display success messages for Rust
|
- Fix output of autoconf checks to display success messages for Rust
|
||||||
dependencies and a suitable rustc compiler version. Fixes bug
|
dependencies and a suitable rustc compiler version. Fixes bug
|
||||||
|
@ -676,12 +424,85 @@ Changes in version 0.3.3.6 - 2018-05-??
|
||||||
the TOR_RUST_DEPENDENCIES option set. Fixes bug 22768; bugfix
|
the TOR_RUST_DEPENDENCIES option set. Fixes bug 22768; bugfix
|
||||||
on 0.3.1.7.
|
on 0.3.1.7.
|
||||||
|
|
||||||
|
o Minor bugfixes (C correctness):
|
||||||
|
- Fix a very unlikely (impossible, we believe) null pointer
|
||||||
|
dereference. Fixes bug 25629; bugfix on 0.2.9.15. Found by
|
||||||
|
Coverity; this is CID 1430932.
|
||||||
|
|
||||||
|
o Minor bugfixes (channel, client):
|
||||||
|
- Better identify client connection when reporting to the geoip
|
||||||
|
client cache. Fixes bug 24904; bugfix on 0.3.1.7.
|
||||||
|
|
||||||
|
o Minor bugfixes (circuit, cannibalization):
|
||||||
|
- Don't cannibalize preemptively-built circuits if we no longer
|
||||||
|
recognize their first hop. This situation can happen if our Guard
|
||||||
|
relay went off the consensus after the circuit was created. Fixes
|
||||||
|
bug 24469; bugfix on 0.0.6.
|
||||||
|
|
||||||
|
o Minor bugfixes (client, backport from 0.3.4.1-alpha):
|
||||||
|
- Don't consider Tor running as a client if the ControlPort is open,
|
||||||
|
but no actual client ports are open. Fixes bug 26062; bugfix
|
||||||
|
on 0.2.9.4-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (compilation):
|
||||||
|
- Fix a C99 compliance issue in our configuration script that caused
|
||||||
|
compilation issues when compiling Tor with certain versions of
|
||||||
|
xtools. Fixes bug 25474; bugfix on 0.3.2.5-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (controller):
|
||||||
|
- Restore the correct operation of the RESOLVE command, which had
|
||||||
|
been broken since we added the ability to enable/disable DNS on
|
||||||
|
specific listener ports. Fixes bug 25617; bugfix on 0.2.9.3-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (controller, reliability):
|
||||||
|
- Avoid a (nonfatal) assertion failure when extending a one-hop
|
||||||
|
circuit from the controller to become a multihop circuit. Fixes
|
||||||
|
bug 24903; bugfix on 0.2.5.2-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (correctness):
|
||||||
|
- Remove a nonworking, unnecessary check to see whether a circuit
|
||||||
|
hop's identity digest was set when the circuit failed. Fixes bug
|
||||||
|
24927; bugfix on 0.2.4.4-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (correctness, client, backport from 0.3.4.1-alpha):
|
||||||
|
- Upon receiving a malformed connected cell, stop processing the cell
|
||||||
|
immediately. Previously we would mark the connection for close, but
|
||||||
|
continue processing the cell as if the connection were open. Fixes bug
|
||||||
|
26072; bugfix on 0.2.4.7-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (denial-of-service):
|
||||||
|
- Fix a possible crash on malformed consensus. If a consensus had
|
||||||
|
contained an unparseable protocol line, it could have made clients
|
||||||
|
and relays crash with a null-pointer exception. To exploit this
|
||||||
|
issue, however, an attacker would need to be able to subvert the
|
||||||
|
directory authority system. Fixes bug 25251; bugfix on
|
||||||
|
0.2.9.4-alpha. Also tracked as TROVE-2018-004.
|
||||||
|
|
||||||
o Minor bugfixes (directory authorities, IPv6):
|
o Minor bugfixes (directory authorities, IPv6):
|
||||||
- When creating a routerstatus (vote) from a routerinfo (descriptor),
|
- When creating a routerstatus (vote) from a routerinfo (descriptor),
|
||||||
set the IPv6 address to the unspecified IPv6 address, and
|
set the IPv6 address to the unspecified IPv6 address, and
|
||||||
explicitly initialize the port to zero. Fixes bug 24488; bugfix
|
explicitly initialize the port to zero. Fixes bug 24488; bugfix
|
||||||
on 0.2.4.1-alpha.
|
on 0.2.4.1-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (documentation):
|
||||||
|
- Document that the PerConnBW{Rate,Burst} options will fall back to
|
||||||
|
their corresponding consensus parameters only if those parameters
|
||||||
|
are set. Previously we had claimed that these values would always
|
||||||
|
be set in the consensus. Fixes bug 25296; bugfix on 0.2.2.7-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (documentation, backport from 0.3.4.1-alpha):
|
||||||
|
- Stop saying in the manual that clients cache ipv4 dns answers
|
||||||
|
from exit relays. We haven't used them since 0.2.6.3-alpha, and
|
||||||
|
in ticket 24050 we stopped even caching them as of 0.3.2.6-alpha,
|
||||||
|
but we forgot to say so in the man page. Fixes bug 26052; bugfix
|
||||||
|
on 0.3.2.6-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (exit node DNS retries):
|
||||||
|
- Re-attempt timed-out DNS queries 3 times before failure, since our
|
||||||
|
timeout is 5 seconds for them, but clients wait 10-15. Also allow
|
||||||
|
slightly more timeouts per resolver when an exit has multiple
|
||||||
|
resolvers configured. Fixes bug 21394; bugfix on 0.3.1.9.
|
||||||
|
|
||||||
o Minor bugfixes (fallback directory mirrors):
|
o Minor bugfixes (fallback directory mirrors):
|
||||||
- Make updateFallbackDirs.py search harder for python. (Some OSs
|
- Make updateFallbackDirs.py search harder for python. (Some OSs
|
||||||
don't put it in /usr/bin.) Fixes bug 24708; bugfix
|
don't put it in /usr/bin.) Fixes bug 24708; bugfix
|
||||||
|
@ -714,6 +535,23 @@ Changes in version 0.3.3.6 - 2018-05-??
|
||||||
correctly even when %include was used. Previously we would crash.
|
correctly even when %include was used. Previously we would crash.
|
||||||
Fixes bug 22605; bugfix on 0.3.1. Patch from Daniel Pinto.
|
Fixes bug 22605; bugfix on 0.3.1. Patch from Daniel Pinto.
|
||||||
|
|
||||||
|
o Minor bugfixes (Linux seccomp2 sandbox, backport from 0.3.4.1-alpha):
|
||||||
|
- Allow the nanosleep() system call, which glibc uses to implement
|
||||||
|
sleep() and usleep(). Fixes bug 24969; bugfix on 0.2.5.1-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (logging):
|
||||||
|
- Don't treat inability to store a cached consensus object as a bug:
|
||||||
|
it can happen normally when we are out of disk space. Fixes bug
|
||||||
|
24859; bugfix on 0.3.1.1-alpha.
|
||||||
|
- Fix a (mostly harmless) race condition when invoking
|
||||||
|
LOG_PROTOCOL_WARN message from a subthread while the torrc options
|
||||||
|
are changing. Fixes bug 23954; bugfix on 0.1.1.9-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (man page, SocksPort):
|
||||||
|
- Remove dead code from the old "SocksSocket" option, and rename
|
||||||
|
SocksSocketsGroupWritable to UnixSocksGroupWritable. The old option
|
||||||
|
still works, but is deprecated. Fixes bug 24343; bugfix on 0.2.6.3.
|
||||||
|
|
||||||
o Minor bugfixes (memory leaks):
|
o Minor bugfixes (memory leaks):
|
||||||
- Avoid possible at-exit memory leaks related to use of Libevent's
|
- Avoid possible at-exit memory leaks related to use of Libevent's
|
||||||
event_base_once() function. (This function tends to leak memory if
|
event_base_once() function. (This function tends to leak memory if
|
||||||
|
@ -722,11 +560,55 @@ Changes in version 0.3.3.6 - 2018-05-??
|
||||||
- Fix a harmless memory leak in tor-resolve. Fixes bug 24582; bugfix
|
- Fix a harmless memory leak in tor-resolve. Fixes bug 24582; bugfix
|
||||||
on 0.2.1.1-alpha.
|
on 0.2.1.1-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (networking):
|
||||||
|
- Tor will no longer reject IPv6 address strings from TorBrowser
|
||||||
|
when they are passed as hostnames in SOCKS5 requests. Fixes bug
|
||||||
|
25036, bugfix on Tor 0.3.1.2.
|
||||||
|
- string_is_valid_hostname() will not consider IP strings to be
|
||||||
|
valid hostnames. Fixes bug 25055; bugfix on Tor 0.2.5.5.
|
||||||
|
|
||||||
|
o Minor bugfixes (onion service v3):
|
||||||
|
- Avoid an assertion failure when the next the next onion service
|
||||||
|
descriptor rotation type is out of sync with the consensus's
|
||||||
|
valid-after time. Instead, log a warning message with extra
|
||||||
|
information, so we can better hunt down the cause of this
|
||||||
|
assertion. Fixes bug 25306; bugfix on 0.3.2.1-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (onion service, backport from 0.3.4.1-alpha):
|
||||||
|
- Fix a memory leak when a v3 onion service is configured and gets a
|
||||||
|
SIGHUP signal. Fixes bug 25901; bugfix on 0.3.2.1-alpha.
|
||||||
|
- When parsing the descriptor signature, look for the token plus an
|
||||||
|
extra white-space at the end. This is more correct but also will
|
||||||
|
allow us to support new fields that might start with "signature".
|
||||||
|
Fixes bug 26069; bugfix on 0.3.0.1-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (onion services):
|
||||||
|
- Remove a BUG() statement when a client fetches an onion descriptor
|
||||||
|
that has a lower revision counter than the one in its cache. This
|
||||||
|
can happen in normal circumstances due to HSDir desync. Fixes bug
|
||||||
|
24976; bugfix on 0.3.2.1-alpha.
|
||||||
|
- If we are configured to offer a single onion service, don't log
|
||||||
|
long-term established one hop rendezvous points in the heartbeat.
|
||||||
|
Fixes bug 25116; bugfix on 0.2.9.6-rc.
|
||||||
|
|
||||||
o Minor bugfixes (OSX):
|
o Minor bugfixes (OSX):
|
||||||
- Don't exit the Tor process if setrlimit() fails to change the file
|
- Don't exit the Tor process if setrlimit() fails to change the file
|
||||||
limit (which can happen sometimes on some versions of OSX). Fixes
|
limit (which can happen sometimes on some versions of OSX). Fixes
|
||||||
bug 21074; bugfix on 0.0.9pre5.
|
bug 21074; bugfix on 0.0.9pre5.
|
||||||
|
|
||||||
|
o Minor bugfixes (performance):
|
||||||
|
- Reduce the number of circuits that will be opened at once during
|
||||||
|
the circuit build timeout phase. This is done by increasing the
|
||||||
|
idle timeout to 3 minutes, and lowering the maximum number of
|
||||||
|
concurrent learning circuits to 10. Fixes bug 24769; bugfix
|
||||||
|
on 0.3.1.1-alpha.
|
||||||
|
- Avoid calling protocol_list_supports_protocol() from inside tight
|
||||||
|
loops when running with cached routerinfo_t objects. Instead,
|
||||||
|
summarize the relevant protocols as flags in the routerinfo_t, as
|
||||||
|
we do for routerstatus_t objects. This change simplifies our code
|
||||||
|
a little, and saves a large amount of short-term memory allocation
|
||||||
|
operations. Fixes bug 25008; bugfix on 0.2.9.4-alpha.
|
||||||
|
|
||||||
o Minor bugfixes (performance, fragile-hardening):
|
o Minor bugfixes (performance, fragile-hardening):
|
||||||
- Improve the performance of our consensus-diff application code
|
- Improve the performance of our consensus-diff application code
|
||||||
when Tor is built with the --enable-fragile-hardening option set.
|
when Tor is built with the --enable-fragile-hardening option set.
|
||||||
|
@ -745,13 +627,67 @@ Changes in version 0.3.3.6 - 2018-05-??
|
||||||
from all circuits at the point where they complete their third
|
from all circuits at the point where they complete their third
|
||||||
hop. Fixes bug 23100; bugfix on 0.2.2.2-alpha.
|
hop. Fixes bug 23100; bugfix on 0.2.2.2-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (relay, crash, backport from 0.3.4.1-alpha):
|
||||||
|
- Avoid a crash when running with DirPort set but ORPort tuned off.
|
||||||
|
Fixes a case of bug 23693; bugfix on 0.3.1.1-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (Rust FFI):
|
||||||
|
- Fix a minor memory leak which would happen whenever the C code
|
||||||
|
would call the Rust implementation of
|
||||||
|
protover_get_supported_protocols(). This was due to the C version
|
||||||
|
returning a static string, whereas the Rust version newly allocated
|
||||||
|
a CString to pass accross the FFI boundary. Consequently, the C
|
||||||
|
code was not expecting to need to free() what it was given. Fixes
|
||||||
|
bug 25127; bugfix on 0.3.2.1-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (scheduler, KIST):
|
||||||
|
- Avoid adding the same channel twice in the KIST scheduler pending
|
||||||
|
list, which would waste CPU cycles. Fixes bug 24700; bugfix
|
||||||
|
on 0.3.2.1-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (spec conformance):
|
||||||
|
- Forbid "-0" as a protocol version. Fixes part of bug 25249; bugfix on
|
||||||
|
0.2.9.4-alpha.
|
||||||
|
- Forbid UINT32_MAX as a protocol version. Fixes part of bug 25249;
|
||||||
|
bugfix on 0.2.9.4-alpha.
|
||||||
|
|
||||||
o Minor bugfixes (testing):
|
o Minor bugfixes (testing):
|
||||||
|
- Avoid intermittent test failures due to a test that had relied on
|
||||||
|
onion service introduction point creation finishing within 5
|
||||||
|
seconds of real clock time. Fixes bug 25450; bugfix
|
||||||
|
on 0.3.1.3-alpha.
|
||||||
- Give out Exit flags in bootstrapping networks. Fixes bug 24137;
|
- Give out Exit flags in bootstrapping networks. Fixes bug 24137;
|
||||||
bugfix on 0.2.3.1-alpha.
|
bugfix on 0.2.3.1-alpha.
|
||||||
- Fix a memory leak in the scheduler/loop_kist unit test. Fixes bug
|
- Fix a memory leak in the scheduler/loop_kist unit test. Fixes bug
|
||||||
25005; bugfix on 0.3.2.7-rc.
|
25005; bugfix on 0.3.2.7-rc.
|
||||||
|
|
||||||
|
o Minor bugfixes (unit test, monotonic time):
|
||||||
|
- Increase a constant (1msec to 10msec) in the monotonic time test
|
||||||
|
that makes sure the nsec/usec/msec times read are synchronized.
|
||||||
|
This change was needed to accommodate slow systems like armel or
|
||||||
|
when the clock_gettime() is not a VDSO on the running kernel.
|
||||||
|
Fixes bug 25113; bugfix on 0.2.9.1.
|
||||||
|
|
||||||
|
o Minor bugfixes (v3 onion services):
|
||||||
|
- Look at the "HSRend" protocol version, not the "HSDir" protocol
|
||||||
|
version, when deciding whether a consensus entry can support the
|
||||||
|
v3 onion service protocol as a rendezvous point. Fixes bug 25105;
|
||||||
|
bugfix on 0.3.2.1-alpha.
|
||||||
|
|
||||||
o Code simplification and refactoring:
|
o Code simplification and refactoring:
|
||||||
|
- Move the list of default directory authorities to its own file.
|
||||||
|
Closes ticket 24854. Patch by "beastr0".
|
||||||
|
- Remove the old (deterministic) directory retry logic entirely:
|
||||||
|
We've used exponential backoff exclusively for some time. Closes
|
||||||
|
ticket 23814.
|
||||||
|
- Update the "rust dependencies" submodule to be a project-level
|
||||||
|
repository, rather than a user repository. Closes ticket 25323.
|
||||||
|
- Remove the unused nodelist_recompute_all_hsdir_indices(). Closes
|
||||||
|
ticket 25108.
|
||||||
|
- Remove a series of counters used to track circuit extend attempts
|
||||||
|
and connection status but that in reality we aren't using for
|
||||||
|
anything other than stats logged by a SIGUSR1 signal. Closes
|
||||||
|
ticket 25163.
|
||||||
- Remove /usr/athena from search path in configure.ac. Closes
|
- Remove /usr/athena from search path in configure.ac. Closes
|
||||||
ticket 24363.
|
ticket 24363.
|
||||||
- Remove duplicate code in node_has_curve25519_onion_key() and
|
- Remove duplicate code in node_has_curve25519_onion_key() and
|
||||||
|
@ -778,6 +714,10 @@ Changes in version 0.3.3.6 - 2018-05-??
|
||||||
debugging efforts. Closes ticket 24531.
|
debugging efforts. Closes ticket 24531.
|
||||||
|
|
||||||
o Documentation:
|
o Documentation:
|
||||||
|
- Improved the documentation of AccountingStart parameter. Closes
|
||||||
|
ticket 23635.
|
||||||
|
- Update the documentation for "Log" to include the current list of
|
||||||
|
logging domains. Closes ticket 25378.
|
||||||
- Add documentation on how to build tor with Rust dependencies
|
- Add documentation on how to build tor with Rust dependencies
|
||||||
without having to be online. Closes ticket 22907; bugfix
|
without having to be online. Closes ticket 22907; bugfix
|
||||||
on 0.3.0.3-alpha.
|
on 0.3.0.3-alpha.
|
||||||
|
@ -808,6 +748,19 @@ Changes in version 0.3.3.6 - 2018-05-??
|
||||||
- Make most of the variables in networkstatus_getinfo_by_purpose()
|
- Make most of the variables in networkstatus_getinfo_by_purpose()
|
||||||
const. Implements ticket 24489.
|
const. Implements ticket 24489.
|
||||||
|
|
||||||
|
o Documentation (backport from 0.3.4.1-alpha):
|
||||||
|
- Correct an IPv6 error in the documentation for ExitPolicy.
|
||||||
|
Closes ticket 25857. Patch from "CTassisF".
|
||||||
|
|
||||||
|
o Documentation (man page):
|
||||||
|
- The HiddenServiceVersion torrc option accepts only one number:
|
||||||
|
either version 2 or 3. Closes ticket 25026; bugfix
|
||||||
|
on 0.3.2.2-alpha.
|
||||||
|
|
||||||
|
o Documentation (manpage, denial of service):
|
||||||
|
- Provide more detail about the denial-of-service options, by
|
||||||
|
listing each mitigation and explaining how they relate. Closes
|
||||||
|
ticket 25248.
|
||||||
|
|
||||||
|
|
||||||
Changes in version 0.3.2.9 - 2018-01-09
|
Changes in version 0.3.2.9 - 2018-01-09
|
||||||
|
|
Loading…
Reference in New Issue