Compare commits
205 Commits
master
...
release-0.
Author | SHA1 | Date |
---|---|---|
Roger Dingledine | bec76476ef | |
Roger Dingledine | 94582b1580 | |
Roger Dingledine | d204b04298 | |
Peter Palfrader | 2a824b942a | |
Roger Dingledine | 49d150a9fa | |
Roger Dingledine | b172340245 | |
Roger Dingledine | 421fe0c1c1 | |
Roger Dingledine | a379b03b3c | |
Nick Mathewson | 909f18910e | |
Roger Dingledine | fce6eb1c44 | |
Roger Dingledine | e61c6adfa4 | |
Roger Dingledine | 6abb638954 | |
Roger Dingledine | 78a8df2666 | |
Roger Dingledine | 96226a638b | |
Roger Dingledine | c450e52486 | |
Roger Dingledine | 4f62f420fe | |
Roger Dingledine | c1414cf70c | |
Roger Dingledine | 736fb31d97 | |
Roger Dingledine | 975dd009ec | |
Roger Dingledine | 0daad3e44d | |
Roger Dingledine | d06ea86850 | |
Roger Dingledine | 10d1ac3f9d | |
Roger Dingledine | 66cd361703 | |
Roger Dingledine | 7a55105dcf | |
Roger Dingledine | 6fc281ab2d | |
Roger Dingledine | ac3f516cd5 | |
Roger Dingledine | 5c6a601323 | |
Roger Dingledine | 1614e00a21 | |
Roger Dingledine | aa0c10611b | |
Roger Dingledine | 14e3900393 | |
Roger Dingledine | 30d0319684 | |
Roger Dingledine | 121ae29ed9 | |
Roger Dingledine | 6cd68895fb | |
Roger Dingledine | 0a77d5324f | |
Roger Dingledine | 031ac2a49e | |
Roger Dingledine | 6c02f4d2e3 | |
Roger Dingledine | 43454a872e | |
Roger Dingledine | 98402d0865 | |
Roger Dingledine | 1208c179fb | |
Nick Mathewson | b04388f9e7 | |
Nick Mathewson | 796563f7f3 | |
Nick Mathewson | 7264e0d880 | |
Nick Mathewson | d4b935e77f | |
Nick Mathewson | 2c70ca0e94 | |
Nick Mathewson | ed46539050 | |
Roger Dingledine | 9fdfc10092 | |
Roger Dingledine | 5ad0de1e5d | |
Roger Dingledine | 52789c863e | |
Roger Dingledine | 57db578b81 | |
Roger Dingledine | 842a7a8123 | |
Roger Dingledine | 3f41df3005 | |
Roger Dingledine | 8955b25fc1 | |
Roger Dingledine | 509d7e02e9 | |
Roger Dingledine | 3b39ec40fd | |
Roger Dingledine | da068c9166 | |
Roger Dingledine | f0e1ee98af | |
Roger Dingledine | 30722de8fa | |
Roger Dingledine | b6e3730358 | |
Roger Dingledine | c4eae752f0 | |
Roger Dingledine | 135ad197ae | |
Roger Dingledine | 4901cda1a0 | |
Roger Dingledine | ccd65e06af | |
Roger Dingledine | cf53d77fe1 | |
Roger Dingledine | b5bc84d5ee | |
Roger Dingledine | 176e122b32 | |
Roger Dingledine | dcdccedd24 | |
Roger Dingledine | c2cc180c46 | |
Roger Dingledine | d632c58c7c | |
Roger Dingledine | 403264175d | |
Roger Dingledine | e76f626ff6 | |
Roger Dingledine | ee2efc5c82 | |
Roger Dingledine | 8522652d8e | |
Roger Dingledine | d9ec547452 | |
Roger Dingledine | 8a6a95abb4 | |
Roger Dingledine | a4ed8622c0 | |
Roger Dingledine | 9d1ea45b58 | |
Roger Dingledine | 6d6e87f611 | |
Roger Dingledine | bcd99a2005 | |
Roger Dingledine | d063a809a0 | |
Roger Dingledine | 920d475179 | |
Roger Dingledine | c79db17ec1 | |
Roger Dingledine | 5f93885cde | |
Roger Dingledine | 877e177497 | |
Roger Dingledine | 046b31e130 | |
Roger Dingledine | bf8a890c3b | |
Roger Dingledine | 7fceba42e1 | |
Roger Dingledine | 41fecedbcc | |
Roger Dingledine | 2871dd8bef | |
Roger Dingledine | dd18fcbbae | |
Roger Dingledine | de39b968f7 | |
Roger Dingledine | 50e822741e | |
Nick Mathewson | adea91807e | |
Nick Mathewson | e3adeb6200 | |
Roger Dingledine | 13f1d2f0ec | |
Roger Dingledine | 085c9754cc | |
Roger Dingledine | c29acd09b2 | |
Roger Dingledine | 43caa0a8ec | |
Roger Dingledine | c80df20095 | |
Roger Dingledine | 4cdf6ac336 | |
Roger Dingledine | 0640d09bf4 | |
Roger Dingledine | 1eec073f1b | |
Roger Dingledine | f348c1c6ba | |
Roger Dingledine | 01fdd676ea | |
Roger Dingledine | f0ba3c1f26 | |
Roger Dingledine | 2ea53fc047 | |
Roger Dingledine | 16e8951c7d | |
Roger Dingledine | bfaf3e361a | |
Roger Dingledine | 7cc2b9dc83 | |
Roger Dingledine | 66f847857c | |
Roger Dingledine | e084c6fd14 | |
Roger Dingledine | bb6ba2a17c | |
Roger Dingledine | 7585a09a3b | |
Roger Dingledine | d6d9df241c | |
Roger Dingledine | 66732b764b | |
Roger Dingledine | b586709c54 | |
Roger Dingledine | 688400c596 | |
Roger Dingledine | 67462937a2 | |
Roger Dingledine | 08843175f6 | |
Roger Dingledine | 2bdf8102cd | |
Roger Dingledine | 5269d106d8 | |
Roger Dingledine | 16bfb4d6c7 | |
Roger Dingledine | e3b8457eb3 | |
Roger Dingledine | fa973c4926 | |
Roger Dingledine | 6ade302da9 | |
Roger Dingledine | 16c7b05ac6 | |
Roger Dingledine | 5540434fc1 | |
Roger Dingledine | d188563f72 | |
Roger Dingledine | db3cd62e97 | |
Roger Dingledine | bcd79f7f52 | |
Roger Dingledine | 68c364bbc3 | |
Roger Dingledine | 472cbbc826 | |
Roger Dingledine | 1b14f12086 | |
Roger Dingledine | 026318e9b4 | |
Nick Mathewson | 9525de51a6 | |
Nick Mathewson | aa68c39a12 | |
Nick Mathewson | 3c7291ce0a | |
Nick Mathewson | 89ae844094 | |
Nick Mathewson | c0fae841ec | |
Nick Mathewson | fd105e1048 | |
Roger Dingledine | da805cea47 | |
Roger Dingledine | 2db88eae33 | |
Roger Dingledine | e0f707057b | |
Nick Mathewson | 1dbbc73633 | |
Nick Mathewson | e68f9cc9b8 | |
Nick Mathewson | 10d45f8d45 | |
Nick Mathewson | d715984a04 | |
Nick Mathewson | c2ce18fae1 | |
Nick Mathewson | 95dceffe1b | |
Nick Mathewson | 7afa8a30da | |
Nick Mathewson | d760e91d1d | |
Nick Mathewson | 540c6f12cd | |
Nick Mathewson | 68a169ec55 | |
Roger Dingledine | 79d55f6006 | |
Roger Dingledine | ed80814368 | |
Roger Dingledine | 4bb1f69031 | |
Roger Dingledine | 9ba83862ab | |
Roger Dingledine | ee713b046c | |
Roger Dingledine | 984a6bfeb8 | |
Roger Dingledine | d6b5caa404 | |
Roger Dingledine | caa44c9c76 | |
Roger Dingledine | 4747c84241 | |
Roger Dingledine | 80466eb215 | |
Roger Dingledine | 39cc300303 | |
Roger Dingledine | 0b078d9eda | |
Roger Dingledine | 6459205426 | |
Roger Dingledine | c111adb5fe | |
Roger Dingledine | 7cee98f5fd | |
Roger Dingledine | 101503b6fa | |
Roger Dingledine | c8136bc9b6 | |
Roger Dingledine | c7473adec0 | |
Roger Dingledine | 704a27b029 | |
Roger Dingledine | 626912a81a | |
Roger Dingledine | af04bd489b | |
Roger Dingledine | b85eb949b5 | |
Roger Dingledine | 70a4e6e10a | |
Roger Dingledine | 516426cfd2 | |
Roger Dingledine | 2a8e9aa8e3 | |
Roger Dingledine | fac45b4287 | |
Roger Dingledine | 451a2fac0c | |
Roger Dingledine | 20569f9297 | |
Roger Dingledine | b3820e0d03 | |
Roger Dingledine | 17f873a20b | |
Roger Dingledine | 999c3c97d2 | |
Roger Dingledine | 7360b53bb1 | |
Roger Dingledine | d009160c73 | |
Roger Dingledine | 19cbb741e8 | |
Roger Dingledine | e5e38e55b3 | |
Roger Dingledine | d310597440 | |
Roger Dingledine | 5541610133 | |
Roger Dingledine | da3a4293f8 | |
Roger Dingledine | a7528bbf48 | |
Roger Dingledine | d082e2888d | |
Roger Dingledine | 6d1ddd7865 | |
Roger Dingledine | 5f63f0d631 | |
Roger Dingledine | 4906afa94f | |
Roger Dingledine | 9aba603263 | |
Roger Dingledine | d52b86a6c8 | |
Roger Dingledine | 54777960ce | |
Roger Dingledine | 34d457ea7d | |
Roger Dingledine | 7454fe3d98 | |
Roger Dingledine | d4f10b8343 | |
Roger Dingledine | 9bbe4de5e3 | |
Roger Dingledine | aae58deb2c | |
Roger Dingledine | 625606ed6a | |
Roger Dingledine | 6e5496a240 |
1844
ReleaseNotes
1844
ReleaseNotes
File diff suppressed because it is too large
Load Diff
|
@ -1,8 +0,0 @@
|
|||
o Security fixes:
|
||||
- Don't attach new streams to old rendezvous circuits after SIGNAL
|
||||
NEWNYM. Previously, we would keep using an existing rendezvous
|
||||
circuit if it remained open (i.e. if it were kept open by a
|
||||
long-lived stream or if a new stream were attached to it before
|
||||
Tor could notice that it was old and no longer in use and close
|
||||
it). Bugfix on 0.1.1.15-rc; fixes bug 3375.
|
||||
|
|
@ -1,11 +0,0 @@
|
|||
o Security fixes:
|
||||
- When using the debuging BridgePassword field, a bridge authority
|
||||
now compares alleged passwords by hashing them, then comparing
|
||||
the result to a digest of the expected authenticator. This avoids
|
||||
a potential side-channel attack in the previous code, which
|
||||
had foolishly used strcmp(). Fortunately, the BridgePassword field
|
||||
*is not in use*, but if it had been, the timing
|
||||
behavior of strcmp() might have allowed an adversary to guess the
|
||||
BridgePassword value, and enumerate the bridges. Bugfix on
|
||||
0.2.0.14-alpha. Fixes bug 5543.
|
||||
|
|
@ -1,7 +0,0 @@
|
|||
|
||||
o Major bugfixes:
|
||||
- Fix a heap overflow bug that could occur when trying to pull
|
||||
data into the first chunk of a buffer, when that chunk had
|
||||
already had some data drained from it. Fixes CVE-2011-2778;
|
||||
bugfix on 0.2.0.16-alpha. Reported by "Vektor".
|
||||
|
|
@ -1,8 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- When running with an older Linux kernel that erroneously responds
|
||||
to strange nmap behavior by having accept() return successfully
|
||||
with a zero-length socket, just close the connection. Previously,
|
||||
we would try harder to learn the remote address: but there was no
|
||||
such remote address to learn, and our method for trying to learn
|
||||
it was incorrect. Fixes bugs #1240, #4745, and #4747. Bugfix on
|
||||
0.1.0.3-rc. Reported and diagnosed by "r1eo".
|
|
@ -1,16 +0,0 @@
|
|||
o Major bugfixes:
|
||||
- Apply circuit timeouts to opened hidden-service-related circuits
|
||||
based on the correct start time. Previously, we would apply the
|
||||
circuit build timeout based on time since the circuit's
|
||||
creation; it was supposed to be applied based on time since the
|
||||
circuit entered its current state. Bugfix on 0.0.6; fixes part
|
||||
of bug 1297.
|
||||
- Use the same circuit timeout for client-side introduction
|
||||
circuits as for other four-hop circuits. Previously,
|
||||
client-side introduction circuits were closed after the same
|
||||
timeout as single-hop directory-fetch circuits; this was
|
||||
appropriate with the static circuit build timeout in 0.2.1.x and
|
||||
earlier, but caused many hidden service access attempts to fail
|
||||
with the adaptive CBT introduced in 0.2.2.2-alpha. Bugfix on
|
||||
0.2.2.2-alpha; fixes another part of bug 1297.
|
||||
|
|
@ -1,13 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- On SIGHUP, do not clear out all TrackHostExits mappings, client DNS
|
||||
cache entries, and virtual address mappings: that's what NEWNYM is
|
||||
for. Bugfix on Tor 0.1.0.1-rc; fixes bug 1345.
|
||||
- When TrackHostExits is changed from a controller, remove any
|
||||
mappings for hosts that should no longer have their exits tracked.
|
||||
Bugfix on Tor 0.1.0.1-rc.
|
||||
- When VirtualAddrNetwork option is changed from a controller,
|
||||
remove any mappings for hosts that were automapped to
|
||||
that network. Bugfix on 0.1.1.19-rc.
|
||||
- When one of the AutomapHosts* options is changed from a
|
||||
controller, remove any mappings for hosts that should no longer be
|
||||
automapped. Bugfix on 0.2.0.1-alpha.
|
|
@ -1,4 +0,0 @@
|
|||
o Minor features
|
||||
- Rate-limit a warning about failures to download v2 networkstatus
|
||||
documents. Resolves part of bug 1352.
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
o Major bugfixes:
|
||||
- Don't decide to make a new descriptor when receiving a HUP signal.
|
||||
This bug has caused a lot of relays to disappear from the consensus
|
||||
periodically. Fixes the most common case of triggering bug 1810;
|
||||
bugfix on 0.2.2.7-alpha.
|
||||
|
|
@ -1,8 +0,0 @@
|
|||
o Major features:
|
||||
- If "UseBridges 1" is set and no bridges are configured, Tor will
|
||||
now refuse to build any circuits until some bridges are set.
|
||||
If "UseBridges auto" is set, Tor will use bridges if they are
|
||||
configured and we are not running as a server, but otherwise
|
||||
will make circuits as usual. The new default is "auto". Patch
|
||||
by anonym.
|
||||
|
|
@ -1,7 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- Revert the UseBridges option to its behavior before 0.2.2.28-beta.
|
||||
When we changed the default behavior to "use bridges if any are
|
||||
listed in the torrc", we broke a number of users who had bridges
|
||||
in their torrc files but who didn't actually want to use them.
|
||||
Partial resolution for bug 3354.
|
||||
|
|
@ -1,8 +0,0 @@
|
|||
* Minor bugfixes:
|
||||
|
||||
- Demote the 'replay detected' log message emitted when a hidden
|
||||
service receives the same Diffie-Hellman public key in two
|
||||
different INTRODUCE2 cells to info level. A normal Tor client
|
||||
can cause that log message during its normal operation. Bugfix
|
||||
on 0.2.1.6-alpha; fixes part of bug 2442.
|
||||
|
|
@ -1,8 +0,0 @@
|
|||
* Minor bugfixes:
|
||||
|
||||
- Demote the 'INTRODUCE2 cell is too {old,new}' log message to
|
||||
info level. There is nothing that a hidden service's operator
|
||||
can do to fix its clients' clocks. Bugfix on 0.2.1.6-alpha;
|
||||
fixes part of bug 2442.
|
||||
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Minor features:
|
||||
- When an HTTPS proxy reports "403 Forbidden", we now explain
|
||||
what it means rather than calling it an unexpected status code.
|
||||
Closes bug 2503. Patch from "mikey".
|
|
@ -1,3 +0,0 @@
|
|||
o Minor features:
|
||||
- Allow nameservers with IPv6 address. Fixes bug 2574.
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
o Minor features:
|
||||
- Add a VoteOnHidServDirectoriesV2 configuration option to allow
|
||||
directory authorities to abstain from voting on assignment of
|
||||
the HSDir consensus flag. Related to bug 2649.
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- Change the default required uptime for a relay to be accepted as
|
||||
a HSDir from 24 hours to 25 hours. Bugfix on 0.2.0.10-alpha;
|
||||
fixes bug 2649.
|
||||
|
|
@ -1,7 +0,0 @@
|
|||
o Minor bugfixes
|
||||
- Do not reject hidden service descriptors simply because we don't
|
||||
think we have not been assigned the HSDir flag. Clients and
|
||||
hidden services can have a more up-to-date view of the network
|
||||
consensus, and if they think that the directory authorities
|
||||
list us a HSDir, we might actually be one. Related to bug 2732;
|
||||
bugfix on 0.2.0.10-alpha.
|
|
@ -1,10 +0,0 @@
|
|||
o Minor bugfixes
|
||||
- Remove dead code from rend_cache_lookup_v2_desc_as_dir. Fixes
|
||||
part of bug 2748; bugfix on 0.2.0.10-alpha.
|
||||
- Log malformed requests for rendezvous descriptors as protocol
|
||||
warnings, not warnings. Also, use a more informative log
|
||||
message in case someone sees it at log level warning without
|
||||
prior info-level messages. Fixes the other part of bug 2748;
|
||||
bugfix on 0.2.0.10-alpha.
|
||||
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
o Minor features:
|
||||
- Tor used to limit HttpProxyAuthenticator values to 48 characters.
|
||||
Changed the limit to 512 characters by removing base64 newlines.
|
||||
Fixes bug 2752. Fix by Michael Yakubovich.
|
||||
|
|
@ -1,8 +0,0 @@
|
|||
o Minor features:
|
||||
- Tor now refuses to create a ControlSocket in a directory that is
|
||||
world-readable (or group-readable if ControlSocketsGroupWritable
|
||||
is 0). This is necessary because some operating systems do not
|
||||
check the permissions on an AF_UNIX socket when programs try to
|
||||
connect to it. Checking permissions on the directory holding
|
||||
the socket, however, seems to work everywhere.
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
- Minor features
|
||||
o Set SO_REUSEADDR on all sockets, not just listeners. This should
|
||||
help busy exit nodes avoid running out of useable ports just because
|
||||
all the ports have been used in the near past. Resolves issue 2850.
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
o Minor features:
|
||||
- Allow ControlSockets to be group-writable when the
|
||||
ControlSocksGroupWritable configuration option is turned on. Patch
|
||||
by Jérémy Bobbio; implements ticket 2972.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- Do not reset the bridge descriptor download status every time we
|
||||
re-parse our configuration or get a configuration change. Fixes
|
||||
bug 3019; bugfix on Tor 0.2.0.3-alpha.
|
|
@ -1,6 +0,0 @@
|
|||
o Removed features
|
||||
- Caches no longer download and serve v2 networkstatus documents
|
||||
unless FetchV2Networkstatus flag is set: these documents haven't
|
||||
haven't been used by clients or relays since 0.2.0.x. Resolves
|
||||
bug 3022.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Minor bugfixes (directory authority)
|
||||
- Do not upload our own vote or signature set to ourself. It would
|
||||
tell us nothing new. Also, as of Tor 0.2.2.24-alpha, we started
|
||||
to warn about receiving duplicate votes. Resolves bug 3026.
|
|
@ -1,6 +0,0 @@
|
|||
o Minor features:
|
||||
- Revise most log messages that refer to nodes by nickname to
|
||||
instead use the "$key=nickname at address" format. This should be
|
||||
more useful, especially since nicknames are less and less likely
|
||||
to be unique. Fixes bug 3045.
|
||||
|
|
@ -1,7 +0,0 @@
|
|||
o Security fixes
|
||||
- Replace all potentially sensitive memory comparison operations
|
||||
with versions whose runtime does not depend on the data being
|
||||
compared. This will help resist a class of attacks where an
|
||||
adversary can use variations in timing information to learn
|
||||
sensitive data. Fix for one case of bug 3122. (Safe memcmp
|
||||
implementation by Robert Ransom based partially on code by DJB.)
|
|
@ -1,6 +0,0 @@
|
|||
o Minor bugfixes
|
||||
- Do not crash when our configuration file becomes unreadable
|
||||
(usually due to a permissions change) between when we start
|
||||
up and when a controller calls SAVECONF. Fixes bug 3135;
|
||||
bugfix on 0.0.9pre6.
|
||||
|
|
@ -1,7 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- Resolve an untriggerable issue in smartlist_string_num_isin(),
|
||||
where if the function had ever in the future been used to check
|
||||
for the presence of a too-large number, it would have given an
|
||||
incorrect result. (Fortunately, we only used it for 16-bit
|
||||
values.) Fixes bug 3175; bugfix on Tor 0.1.0.1-rc.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Major bugfixes:
|
||||
- When we configure a new bridge via the controller, don't wait up
|
||||
to ten seconds before trying to fetch its descriptor. Bugfix on
|
||||
0.2.0.3-alpha; fixes bug 3198 (suggested by 2355).
|
|
@ -1,6 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- When a client starts or stops using bridges, never use a circuit
|
||||
that was built before the configuration change. This behavior could
|
||||
put at risk a user who uses bridges to ensure that her traffic
|
||||
only goes to the chosen addresses. Bugfix on 0.2.0.3-alpha; fixes
|
||||
bug 3200.
|
|
@ -1,4 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- Require that onion keys have exponent 65537 in microdescriptors too.
|
||||
Fixes part of bug 3207; bugfix on 0.2.2.25-alpha
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
o Removed options:
|
||||
- Remove undocumented option "-F" from tor-resolve: it hasn't done
|
||||
anything since 0.2.1.16-rc.
|
||||
|
||||
o Minor bugfixes:
|
||||
- Fix warnings from GCC 4.6's "-Wunused-but-set-variable" option.
|
|
@ -1,4 +0,0 @@
|
|||
o Major bugfixes:
|
||||
- Fix a crash bug when changing bridges in a running Tor process.
|
||||
Fixes bug 3213; bugfix on 0.2.2.26-beta.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Major bugfixes:
|
||||
- Don't try to build descriptors if "ORPort auto" is set and we
|
||||
don't know our actual ORPort yet. Fix for bug 3216; bugfix on
|
||||
0.2.2.26-beta.
|
|
@ -1,3 +0,0 @@
|
|||
o Major bugfixes:
|
||||
- Resolve a crash that occured when setting BridgeRelay to 1 with
|
||||
accounting enabled. Fixes bug 3228; bugfix on 0.2.2.18-alpha.
|
|
@ -1,4 +0,0 @@
|
|||
o Minor features:
|
||||
- Relays now log the reason for publishing a new relay descriptor,
|
||||
so we have a better chance of hunting down the root cause of bug
|
||||
1810. Resolves ticket 3252.
|
|
@ -1,4 +0,0 @@
|
|||
o Minor bugfixes
|
||||
- Use a wide type to hold sockets when built for 64-bit Windows builds.
|
||||
Fixes bug 3270.
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- Warn when the user configures two HiddenServiceDir lines that point
|
||||
to the same directory. Bugfix on 0.0.6 (the version introducing
|
||||
HiddenServiceDir); fixes bug 3289.
|
||||
|
|
@ -1,9 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- Make our crypto_rand_int() function check the value of its input
|
||||
correctly. Previously, it accepted values up to UINT_MAX, but
|
||||
could return a negative number if given a value above INT_MAX+1.
|
||||
Found by George Kadianakis. Fixes bug 3306; bugfix on 0.2.2pre14.
|
||||
|
||||
- Avoid a segfault when reading a malformed circuit build state
|
||||
with more than INT_MAX entries. Found by wanoskarnet. Bugfix on
|
||||
0.2.2.4-alpha.
|
|
@ -1,13 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- Clear the table recording the time of the last request for each
|
||||
hidden service descriptor from each HS directory on SIGNAL
|
||||
NEWNYM. Previously, we would clear our HS descriptor cache on
|
||||
SIGNAL NEWNYM, but if we had previously retrieved a descriptor
|
||||
(or tried to) from every directory responsible for it, we would
|
||||
refuse to fetch it again for up to 15 minutes. Bugfix on
|
||||
0.2.2.25-alpha; fixes bug 3309.
|
||||
|
||||
o Minor features:
|
||||
- Log (at info level) when purging pieces of hidden-service-client
|
||||
state on SIGNAL NEWNYM.
|
||||
|
|
@ -1,7 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- Fix a log message that said "bits" while displaying a value in
|
||||
bytes. Found by wanoskarnet. Fixes bug 3318; bugfix on
|
||||
0.2.0.1-alpha.
|
||||
- When checking for 1024-bit keys, check for 1024 bits, not 128
|
||||
bytes. This allows Tor to correctly discard keys of length
|
||||
1017 through 1023. Bugfix on 0.0.9pre5.
|
|
@ -1,7 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- In bug 2511 we fixed a case where you could use an unconfigured
|
||||
bridge if you had configured it as a bridge the last time you ran
|
||||
Tor. Now fix another edge case: if you had configured it as a bridge
|
||||
but then switched to a different bridge via the controller, you
|
||||
would still be willing to use the old one. Bugfix on 0.2.0.1-alpha;
|
||||
fixes bug 3321.
|
|
@ -1,4 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- When asked about a DNS record type we don't support via a
|
||||
client DNSPort, reply with NOTIMPL rather than an empty
|
||||
reply. Patch by intrigeri. Fixes bug 3369; bugfix on 2.0.1-alpha.
|
|
@ -1,5 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- Fix a bug when using ControlSocketsGroupWritable with User. The
|
||||
directory's group would be checked against the current group, not
|
||||
the configured group. Patch by Jérémy Bobbio. Fixes bug3393; bugfix
|
||||
on Tor 0.2.2.26-beta.
|
|
@ -1,6 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
|
||||
- Add BUILDTIMEOUT_SET to the list returned by the 'GETINFO
|
||||
events/names' control-port command. Bugfix on 0.2.2.9-alpha;
|
||||
fixes part of bug 3465.
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- Send a SUCCEEDED stream event to the controller when a reverse
|
||||
resolve succeeded. Fixes bug 3536; bugfix on 0.0.8pre1. Issue
|
||||
discovered by katmagic.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- Allow GETINFO fingerprint to return a fingerprint even when
|
||||
we have not yet built a router descriptor. Fixes bug 3577;
|
||||
bugfix on 0.2.0.1-alpha.
|
|
@ -1,15 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
|
||||
- Write several files in text mode, on OSes that distinguish text
|
||||
mode from binary mode (namely, Windows). These files are:
|
||||
buffer-stats, dirreq-stats, and entry-stats on relays that collect
|
||||
those statistics; client_keys and hostname files for hidden
|
||||
services that use authentication; and (in the tor-gencert utility)
|
||||
newly generated identity and signing keys. Previously, we
|
||||
wouldn't specify text mode or binary mode, leading to an assertion
|
||||
failure. Fixes bug 3607. Bugfix on 0.2.1.1-alpha (when the
|
||||
DirRecordUsageByCountry option which would have triggered the
|
||||
assertion failure was added), although this assertion failure
|
||||
would have occurred in tor-gencert on Windows in 0.2.0.1-alpha.
|
||||
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- Selectively disable deprecation warnings on OS X because Lion started
|
||||
deprecating the shipped copy of openssl. Fixes bug 3643.
|
||||
|
|
@ -1,7 +0,0 @@
|
|||
o Major bugfixes:
|
||||
|
||||
- Remove an extra pair of quotation marks around the error
|
||||
message in control-port STATUS_GENERAL BUG events. Bugfix on
|
||||
0.1.2.6-alpha; fixes bug 3732.
|
||||
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
o Major bugfixes:
|
||||
- Write control ports to disk only after switching UID and
|
||||
creating the data directory. This way, we don't fail when
|
||||
starting up with a nonexistant DataDirectory and a
|
||||
ControlPortWriteToFile setting based on that directory. Fixes
|
||||
bug 3747; bugfix on Tor 0.2.2.26-beta.
|
|
@ -1,4 +0,0 @@
|
|||
o Build fixes:
|
||||
- Clean up some code issues that prevented Tor from building on older
|
||||
BSDs. Fixes bug 3894; reported by grarpamp.
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- Correct the man page to explain that HashedControlPassword and
|
||||
CookieAuthentication can both be set, in which case either method
|
||||
is sufficient to authenticate to Tor. Bugfix on 0.2.0.7-alpha,
|
||||
when we decided to allow these config options to both be set. Issue
|
||||
raised by bug 3898.
|
|
@ -1,3 +0,0 @@
|
|||
o Build fixes:
|
||||
- Search for a platform-specific version of "ar" when cross-compiling.
|
||||
Should fix builds on iOS. Found by Marco Bonetti.
|
|
@ -1,5 +0,0 @@
|
|||
o Major bugfies:
|
||||
- Avoid an assertion failure when reloading a configuration with
|
||||
TrackExitHosts changes. Found and fixed by 'laruldan'. Fixes
|
||||
bug 3923; bugfix on 0.2.2.25-alpha.
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- When configuring, starting, or stopping an NT service, stop
|
||||
immediately after the service configuration attempt has succeeded
|
||||
or failed. Fixes bug3963; bugfix on 0.2.0.7-alpha.
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
o Minor bugfixes (documentation):
|
||||
- Document the GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays
|
||||
directory authority option (introduced in Tor 0.2.2.34).
|
|
@ -1,3 +0,0 @@
|
|||
o Minor features:
|
||||
- Adjust the expiration time on our SSL session certificates to
|
||||
better match SSL certs seen in the wild. Resolves ticket 4014.
|
|
@ -1,5 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- Change an integer overflow check in the OpenBSD_Malloc code so
|
||||
that GCC is less likely to eliminate it as impossible. Patch
|
||||
from Mansour Moufid. Fixes bug 4059.
|
||||
|
|
@ -1,7 +0,0 @@
|
|||
o Security fixes:
|
||||
- Bridge relays now do their directory fetches inside Tor TLS
|
||||
connections, like all the other clients do, rather than connecting
|
||||
directly to the DirPort like public relays do. Removes another
|
||||
avenue for enumerating bridges. Fixes part of bug 4115; bugfix
|
||||
on 0.2.0.35.
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
o Security fixes:
|
||||
- Bridges relays now build circuits for themselves in a more similar
|
||||
way to how clients build them. Removes another avenue for
|
||||
enumerating bridges. Fixes bug 4124; bugfix on 0.2.0.3-alpha,
|
||||
when bridges were introduced.
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- Bridges now skip DNS self-tests, to act a little more stealthily.
|
||||
Fixes bug 4201; bugfix on 0.2.0.3-alpha, which first introduced
|
||||
bridges. Patch by "warms0x".
|
||||
|
|
@ -1,13 +0,0 @@
|
|||
o Major bugfixes:
|
||||
|
||||
- Don't launch a useless circuit after failing to use one of a
|
||||
hidden service's introduction points. Previously, we would
|
||||
launch a new introduction circuit, but not set the hidden
|
||||
service which that circuit was intended to connect to, so it
|
||||
would never actually be used. A different piece of code would
|
||||
then create a new introduction circuit correctly, so this bug
|
||||
was harmless until it caused an assertion in the client-side
|
||||
part of the #3825 fix to fail. Bug reported by katmagic and
|
||||
found by Sebastian Hahn. Bugfix on 0.2.1.13-alpha; fixes bug
|
||||
4212.
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- Resolve an integer overflow bug in smartlist_ensure_capacity.
|
||||
Fixes bug 4230; bugfix on Tor 0.1.0.1-rc. Based on a patch by
|
||||
Mansour Moufid.
|
||||
|
|
@ -1,8 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
|
||||
- When a hidden service turns an extra service-side introduction
|
||||
circuit into a general-purpose circuit, free the rend_data and
|
||||
intro_key fields first, so they won't be leaked if the circuit
|
||||
is cannibalized for use as another service-side introduction
|
||||
circuit. Bugfix on 0.2.1.7-alpha; fixes bug 4251.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Major bugfixes:
|
||||
- Fix a crash bug when changing node restrictions while a DNS lookup
|
||||
is in-progress. Fixes bug 4259; bugfix on 0.2.2.25-alpha. Bugfix
|
||||
by "Tey'".
|
|
@ -1,5 +0,0 @@
|
|||
o Major bugfix:
|
||||
- Do not process cells on a marked-for-close connection. We previously
|
||||
avoided this by not calling read handlers on marked connections, but
|
||||
that's not adequate for the case when cells are very small. Fixes
|
||||
bug 4299; bugfix on 0.2.0.20-rc which first made small cells possible.
|
|
@ -1,5 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- Remove a confusing dollar sign from the example fingerprint in the
|
||||
man page, and also make example fingerprint a valid one. Fixes bug
|
||||
4309; bugfix on 0.2.1.3-alpha.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Trivial fixes:
|
||||
- Fixed a typo in a hibernation-related log message. Fixes bug 4331;
|
||||
bugfix on 0.2.2.23-alpha; found by "tmpname0901".
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
o Major bugfixes:
|
||||
- Don't crash when we're running as a relay and don't have a geoip
|
||||
file. Bugfix on tor-0.2.2.34; fixes bug 4340. This backports a fix
|
||||
we've had in master already.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- When sending a NETINFO cell, include the original address
|
||||
received for the other side, not its canonical address. Found
|
||||
by "troll_un"; fixes bug 4349; bugfix on 0.2.0.10-alpha.
|
|
@ -1,7 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- When running as client without a geoip database, do not print a
|
||||
misleading (and plain wrong) log message that we're collecting
|
||||
dirreq statistics - we're not collecting statistics as clients.
|
||||
Also don't create a useless (because empty) stats file in the
|
||||
stats/ directory. Fixes bug 4353, bugfix on 0.2.2.34.
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- Fix a memleak in launch_direct_bridge_descriptor_fetch() that
|
||||
occured when a client tried to fetch a descriptor for a bridge
|
||||
in ExcludeNodes. Fixes #4383; bugfix on 0.2.2.25-alpha.
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
o Major bugfixes:
|
||||
- Correctly sanity-check that we don't underflow on a memory allocation
|
||||
for introduction point decryption. Bug discovered by Dan Rosenberg.
|
||||
Fixes bug 4410; bugfix on 0.2.1.5-alpha.
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
o Major bugfixes
|
||||
|
||||
- Don't leak memory when we check whether a hidden service
|
||||
descriptor has any usable introduction points left. Fixes bug
|
||||
4424. Bugfix on 0.2.2.25-alpha.
|
||||
|
|
@ -1,8 +0,0 @@
|
|||
o Minor features:
|
||||
|
||||
- When Tor ignores a hidden service specified in its
|
||||
configuration, include the hidden service's directory in the
|
||||
warning message. Previously, we would only tell the user that
|
||||
some hidden service was ignored. Bugfix on 0.0.6; fixes bug
|
||||
4426.
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- Don't warn about unused log_mutex in log.c when building with
|
||||
--disable-threads using a recent GCC. Fixes bug 4437; bugfix on
|
||||
0.1.0.6-rc which introduced --disable-threads.
|
||||
|
|
@ -1,9 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- Initialize Libevent with the EVENT_BASE_FLAG_NOLOCK flag enabled, so
|
||||
that it doesn't attempt to allocate a socketpair. This could cause
|
||||
some problems on windows systems with overzealous firewalls. Fix for
|
||||
bug 4457; workaround for Libevent versions 2.0.1-alpha through
|
||||
2.0.15-stable.
|
||||
|
||||
- Detect failure to initialize Libevent. Better detection for bug 4457.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Minor bugfixes (performance):
|
||||
- Avoid frequent calls to the fairly expensive cull_wedged_cpuworkers
|
||||
function. This was eating up hideously large amounts of time on some
|
||||
busy servers. Fixes bug 4518.
|
|
@ -1,3 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- Backport fixes for a pair of compilation warnings on Windows.
|
||||
Fixes bug 4521; bugfix on 0.2.2.28-beta and on 0.2.2.29-beta.
|
|
@ -1,5 +0,0 @@
|
|||
o Minor bufixes:
|
||||
- If we had ever tried to call tor_addr_to_str on an address of
|
||||
unknown type, we would have done a strdup on an uninitialized
|
||||
buffer. Now we won't. Fixes bug 4529; bugfix on 0.2.1.3-alpha.
|
||||
Reported by "troll_un".
|
|
@ -1,6 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
|
||||
- Correctly detect and handle transient lookup failures from
|
||||
tor_addr_lookup. Fixes bug 4530; bugfix on 0.2.1.5-alpha.
|
||||
Reported by "troll_un".
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Major bugfixes:
|
||||
- Fix null-pointer access that could occur if TLS allocation failed.
|
||||
Fixes bug 4531; bugfix on 0.2.0.20-rc. Found by "troll_un".
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
o Major bugfixes:
|
||||
- Fix the SOCKET_OK test that we use to tell when socket
|
||||
creation fails so that it works on Win64. Fixes part of bug
|
||||
4533; bugfix on 0.2.2.29-beta. Bug found by wanoskarnet.
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- Use tor_socket_t type for listener argument to accept(). Fixes bug
|
||||
4535; bugfix on 0.2.2.28-beta. Found by "troll_un".
|
|
@ -1,9 +0,0 @@
|
|||
- Feature removal:
|
||||
- When sending or relaying a RELAY_EARLY cell, we used to convert
|
||||
it to a RELAY cell if the connection was using the v1 link
|
||||
protocol. This was a workaround for older versions of Tor, which
|
||||
didn't handle RELAY_EARLY cells properly. Now that all supported
|
||||
versions can handle RELAY_EARLY cells, and now that we're
|
||||
enforcing the "no RELAY_EXTEND commands except in RELAY_EARLY
|
||||
cells" rule, we're removing this workaround. Addresses bug 4786.
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
o Minor features (directory server):
|
||||
- Directory servers now reject versions of Tor older than 0.2.1.30,
|
||||
and Tor versions between 0.2.2.1-alpha and 0.2.2.20-alpha
|
||||
(inclusive). These versions accounted for only a small fraction of
|
||||
the Tor network, and have numerous known security issues. Resolves
|
||||
issue #4788.
|
|
@ -1,4 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- Correctly spell "connect" in a log message when creating a controlsocket
|
||||
fails. Fixes bug 4803; bugfix on 0.2.2.26-beta/0.2.3.2-alpha.
|
||||
|
|
@ -1,13 +0,0 @@
|
|||
o Major security workaround:
|
||||
- When building or running with any version of OpenSSL earlier
|
||||
than 0.9.8s or 1.0.0f, disable SSLv3 support. These versions had
|
||||
a bug (CVE-2011-4576) in which their block cipher padding
|
||||
included uninitialized data, potentially leaking sensitive
|
||||
information to any peer with whom they made a SSLv3
|
||||
connection. Tor does not use SSL v3 by default, but a hostile
|
||||
client or server could force an SSLv3 connection in order to
|
||||
gain information that they shouldn't have been able to get. The
|
||||
best solution here is to upgrade to OpenSSL 0.9.8s or 1.0.0f (or
|
||||
later). But when building or running with a non-upgraded
|
||||
OpenSSL, we should instead make sure that the bug can't happen
|
||||
by disabling SSLv3 entirely.
|
|
@ -1,3 +0,0 @@
|
|||
o Trivial bugfixes
|
||||
- Fix a typo in a log message in rend_service_rendezvous_has_opened().
|
||||
Fixes bug 4856; bugfix on Tor 0.0.6.
|
|
@ -1,3 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- Update "ClientOnly" man page entry to explain that there isn't
|
||||
really any point to messing with it. Resolves ticket 5005.
|
|
@ -1,5 +0,0 @@
|
|||
o Major bugfixes:
|
||||
- Fix build if path to sed, openssl or sha1sum contains spaces.
|
||||
This is pretty common on Windows. Fixes bug 5065; bugfix on
|
||||
0.2.2.1-alpha.
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
o Minor bugfixes (usability):
|
||||
- Downgrade the "We're missing a certificate" message from notice
|
||||
to info: people kept mistaking it for a real problem, whereas it
|
||||
is only a problem when we are failing to bootstrap. Fixes bug
|
||||
5067; bugfix on 0.2.10-alpha.
|
|
@ -1,7 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- Detect and reject certain misformed escape sequences in configuration
|
||||
values. Previously, these values would cause us to crash if received
|
||||
in a torrc file or over an (authenticated) control port. Bug found by
|
||||
Esteban Manchado Velázquez. Patch by Alexander Schrijver. Fix for
|
||||
bug 5090; bugfix on 0.2.0.16-alpha.
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
o Documentation fixes:
|
||||
- Clarify the behavior of MaxCircuitDirtiness with hidden service
|
||||
circuits. Fix for issue 5259.
|
|
@ -1,6 +0,0 @@
|
|||
o Major bugfixes:
|
||||
- Fix an edge case where if we fetch or publish a hidden service
|
||||
descriptor, we might build a 4-hop circuit and then use that circuit
|
||||
for exiting afterwards -- even if the new last hop doesn't obey our
|
||||
ExitNodes config option. Fixes bug 5283; bugfix on 0.2.0.10-alpha.
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- Fix a compile warning when using the --enable-openbsd-malloc configure
|
||||
option. Fixes bug 5340; bugfix on 0.2.0.20-rc.
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue