Compare commits
162 Commits
master
...
release-0.
Author | SHA1 | Date |
---|---|---|
Nick Mathewson | af082895ec | |
Nick Mathewson | b346d43c97 | |
Nick Mathewson | 8374e3e194 | |
Nick Mathewson | 37abaa5a14 | |
Nick Mathewson | 0331e28774 | |
Nick Mathewson | 6a3622154e | |
Nick Mathewson | 404a094142 | |
Nick Mathewson | b2cab96029 | |
Nick Mathewson | f833164576 | |
Nick Mathewson | 5ac469d795 | |
Nick Mathewson | cdb58af90d | |
Nick Mathewson | 98f610068f | |
Nick Mathewson | df23e280c4 | |
Nick Mathewson | cdc960b538 | |
Nick Mathewson | d92e622b41 | |
Nick Mathewson | 64bc1490ea | |
Nick Mathewson | 16bbbe82e4 | |
Nick Mathewson | 70840ea6d5 | |
Nick Mathewson | e9d45f63aa | |
Nick Mathewson | d1dc3d0154 | |
Nick Mathewson | 5c139d2491 | |
Nick Mathewson | a84f923e89 | |
Nick Mathewson | 2e03c02b74 | |
Nick Mathewson | 3f5eec8dd7 | |
Nick Mathewson | 2afdf8de2f | |
Nick Mathewson | 92f8b56e27 | |
Nick Mathewson | 8bcc14f62e | |
Nick Mathewson | 9c5ff56659 | |
Nick Mathewson | a2192a671c | |
Nick Mathewson | 040d7cecf3 | |
Nick Mathewson | d7810bb4a3 | |
Nick Mathewson | 956c61ec23 | |
Nick Mathewson | ec3df7cbd2 | |
Nick Mathewson | ce12cde92c | |
Nick Mathewson | bd44053716 | |
Nick Mathewson | 0e2f18868c | |
Nick Mathewson | fd6ba23f7b | |
Nick Mathewson | ef996c91b8 | |
Nick Mathewson | 8e6174e389 | |
Nick Mathewson | 7bb4422a93 | |
Nick Mathewson | a378b22394 | |
Nick Mathewson | 55492e7d5a | |
Nick Mathewson | 85169a121e | |
Nick Mathewson | 7d5ddde487 | |
Nick Mathewson | da8505205d | |
Nick Mathewson | 44b48a9b67 | |
Nick Mathewson | d461e7036f | |
Nick Mathewson | 34b616ce39 | |
Nick Mathewson | 22bdc69429 | |
Nick Mathewson | 9e44ed47ac | |
Nick Mathewson | 5ba8ab5a88 | |
Nick Mathewson | ef5f2b3606 | |
Nick Mathewson | b70a0a01ec | |
Nick Mathewson | dc06c071a4 | |
Nick Mathewson | 1f5b228ee8 | |
Nick Mathewson | a8d6eb30b8 | |
Nick Mathewson | 6b2ed1a905 | |
Nick Mathewson | 7ce4192d1d | |
Nick Mathewson | b783ed3b5c | |
Nick Mathewson | 0c8acf1198 | |
Nick Mathewson | d1c6b2cf11 | |
Roger Dingledine | f48def202c | |
Roger Dingledine | 929dd87c35 | |
Roger Dingledine | 598c61362f | |
Roger Dingledine | 9ac1695844 | |
Roger Dingledine | eccda448a7 | |
Roger Dingledine | 637b4e62d1 | |
Roger Dingledine | 911fb9399f | |
Roger Dingledine | dd4f5bc8a7 | |
Roger Dingledine | 2998d384ec | |
Roger Dingledine | 9959bc54e1 | |
Nick Mathewson | 2ee56e4c2c | |
Nick Mathewson | 1e7416771e | |
Roger Dingledine | a7d700aa04 | |
Roger Dingledine | 9aba2117e2 | |
Roger Dingledine | ca085ba341 | |
Nick Mathewson | 0fed6ad45b | |
Nick Mathewson | 1b37d8bef0 | |
Nick Mathewson | 6932f87ae1 | |
Nick Mathewson | 3dfd8dd97b | |
Nick Mathewson | 20d569882f | |
Nick Mathewson | 183c861e9a | |
Nick Mathewson | 75e10f58a9 | |
Roger Dingledine | 4e0bd24287 | |
Roger Dingledine | 505962724c | |
Roger Dingledine | 8ab7e151dd | |
Roger Dingledine | 168da9129d | |
Roger Dingledine | ed960eaa16 | |
Roger Dingledine | dab4656c85 | |
Roger Dingledine | 4ef52cc167 | |
Roger Dingledine | 4428a14616 | |
Roger Dingledine | cf2a78248f | |
Roger Dingledine | 911e0a71a6 | |
Roger Dingledine | d9c111d954 | |
Roger Dingledine | 3cb5c70bee | |
Roger Dingledine | ce43072831 | |
Roger Dingledine | 9f7be021f3 | |
Roger Dingledine | 8eb617dca3 | |
Roger Dingledine | 00285acca3 | |
Roger Dingledine | 2349833f71 | |
Roger Dingledine | e719d05fd2 | |
Roger Dingledine | 7c3f1d29af | |
Roger Dingledine | f4c7d062f2 | |
Roger Dingledine | 8377a5f6d7 | |
Roger Dingledine | 1cda452bc1 | |
Roger Dingledine | 5f4748933d | |
Roger Dingledine | 5d1a004e0d | |
Roger Dingledine | f503f30436 | |
Roger Dingledine | 6837a27025 | |
Roger Dingledine | 33b86071b7 | |
Roger Dingledine | 00f95c208e | |
Roger Dingledine | 7067f53d42 | |
Roger Dingledine | fd35354441 | |
Roger Dingledine | b9d11bd87c | |
Roger Dingledine | 63bef6c6ab | |
Roger Dingledine | 8fd9644f17 | |
Roger Dingledine | 00fb525b23 | |
Roger Dingledine | b01028e87e | |
Roger Dingledine | cf744acae9 | |
Roger Dingledine | 60f13485eb | |
Roger Dingledine | 63b91189e0 | |
Roger Dingledine | 6cf02b9ad6 | |
Roger Dingledine | 20d4356c3d | |
Roger Dingledine | a1963695ca | |
Nick Mathewson | 00ca2cc5b9 | |
Roger Dingledine | 889e9bd529 | |
Roger Dingledine | addbe6f2f3 | |
Roger Dingledine | c2150628fd | |
Roger Dingledine | 42335972d5 | |
Roger Dingledine | a2ea9df498 | |
Roger Dingledine | 27fbfbbe7c | |
Roger Dingledine | f473dec1e0 | |
Roger Dingledine | 4a1d9726f4 | |
Roger Dingledine | 2b9fb51ac6 | |
Roger Dingledine | bc6c7ea74e | |
Roger Dingledine | e7b435872c | |
Roger Dingledine | 8b8e3476c0 | |
Roger Dingledine | e9f0cdf55f | |
Nick Mathewson | 7b29838891 | |
Nick Mathewson | f5729b8c1d | |
Nick Mathewson | cee6a991d2 | |
Nick Mathewson | fd9ba5ed56 | |
Nick Mathewson | ce168e7800 | |
Nick Mathewson | 4a9ccb5d59 | |
Roger Dingledine | dcb4f22506 | |
Roger Dingledine | 110a75130e | |
Roger Dingledine | d78bb2df0e | |
Roger Dingledine | e86f122265 | |
Roger Dingledine | b4b14921da | |
Roger Dingledine | a7958a7a2e | |
Roger Dingledine | 34c70ba9e6 | |
Roger Dingledine | 2d4aebaf76 | |
Roger Dingledine | 91b8bc26f1 | |
Roger Dingledine | afe3dd51a2 | |
Roger Dingledine | 0d896c1e64 | |
Roger Dingledine | 0eb141c416 | |
Roger Dingledine | b4d81f182c | |
Roger Dingledine | 887eba9895 | |
Roger Dingledine | fcd9248387 | |
Roger Dingledine | 790ddd6e0a | |
Roger Dingledine | f0a5f91b13 | |
Roger Dingledine | 53e11977e4 |
1498
ReleaseNotes
1498
ReleaseNotes
File diff suppressed because it is too large
Load Diff
|
@ -1,7 +0,0 @@
|
|||
- Minor bugfixes:
|
||||
|
||||
- Treat ENETUNREACH, EACCES, and EPERM at an exit node as a
|
||||
NOROUTE error, not an INTERNAL error, since they can apparently
|
||||
happen when trying to connect to the wrong sort of
|
||||
netblocks. Fixes a part of bug 10777; bugfix on 0.1.0.1-rc.
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
o Directory authority changes:
|
||||
- Urras is no longer a directory authority. Closes ticket 19271.
|
|
@ -1,6 +0,0 @@
|
|||
o Major features (deprecation):
|
||||
- There's now a "DisableV2DirectoryInfo_" option that prevents us
|
||||
from serving any directory requests for v2 directory information.
|
||||
This is for us to test disabling the old deprecated V2 directory
|
||||
format, so that we can see whether doing so has any effect on
|
||||
network load. Part of a fix for bug 6783.
|
|
@ -1,3 +0,0 @@
|
|||
o Documentation fixes:
|
||||
- Clarify the usage and risks of ContactInfo. Resolves ticket 9854.
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
o Directory authority changes (also in 0.2.8.7):
|
||||
- The "Tonga" bridge authority has been retired; the new bridge
|
||||
authority is "Bifroest". Closes tickets 19728 and 19690.
|
|
@ -1,3 +0,0 @@
|
|||
o Documentation:
|
||||
- Replace remaining references to DirServer in man page and
|
||||
log entries. Resolves ticket 10124.
|
|
@ -1,6 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- Warn and drop the circuit if we receive an inbound 'relay early'
|
||||
cell. Those used to be normal to receive on hidden service circuits
|
||||
due to bug 1038, but the buggy Tor versions are long gone from
|
||||
the network so we can afford to resume watching for them. Resolves
|
||||
the rest of bug 1038; bugfix on 0.2.1.19.
|
|
@ -1,11 +0,0 @@
|
|||
o Major bugfixes:
|
||||
- Do not allow OpenSSL engines to replace the PRNG, even when
|
||||
HardwareAccel is set. The only default builtin PRNG engine uses
|
||||
the Intel RDRAND instruction to replace the entire PRNG, and
|
||||
ignores all attempts to seed it with more entropy. That's
|
||||
cryptographically stupid: the right response to a new alleged
|
||||
entropy source is never to discard all previously used entropy
|
||||
sources. Fixes bug 10402; works around behavior introduced in
|
||||
OpenSSL 1.0.0. Diagnosis and investigation thanks to "coderman"
|
||||
and "rl1987".
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- Avoid a crash bug when starting with a corrupted microdescriptor
|
||||
cache file. Fix for bug 10406; bugfix on 0.2.2.6-alpha.
|
|
@ -1,4 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- If we fail to dump a previously cached microdescriptor to disk, avoid
|
||||
freeing duplicate data later on. Fix for bug 10423; bugfix on
|
||||
0.2.4.13-alpha. Spotted by "bobnomnom".
|
|
@ -1,6 +0,0 @@
|
|||
o Major bugfixes:
|
||||
- Avoid launching spurious extra circuits when a stream is pending.
|
||||
This fixes a bug where any circuit that _wasn't_ unusable for new
|
||||
streams would be treated as if it were, causing extra circuits to
|
||||
be launched. Fixes bug 10456; bugfix on 0.2.4.12-alpha.
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
o Major bugfixes:
|
||||
- Fix assertion failure when AutomapHostsOnResolve yields an IPv6
|
||||
address. Fixes bug 10465; bugfix on 0.2.4.7-alpha.
|
|
@ -1,4 +0,0 @@
|
|||
o Documentation fixes:
|
||||
- Note that all but one DirPort entry must have the NoAdvertise flag
|
||||
set. Fix for #10470.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- Move message about circuit handshake counts into the heartbeat
|
||||
message where it belongs, instead of logging it once per hour
|
||||
unconditionally. Fixes bug 10485; bugfix on 0.2.4.17-rc.
|
|
@ -1,4 +0,0 @@
|
|||
o Major bugfixes:
|
||||
- Do not treat END_STREAM_REASON_INTERNAL as indicating a definite
|
||||
circuit failure, since it could also indicate an ENETUNREACH
|
||||
error. Fixes part of bug 10777; bugfix on 0.2.4.8-alpha.
|
|
@ -1,4 +0,0 @@
|
|||
o Minor features (security):
|
||||
- Always clear OpenSSL bignums before freeing them--even bignums
|
||||
that don't contain secrets. Resolves ticket 10793. Patch by
|
||||
Florent Daigniere.
|
|
@ -1,4 +0,0 @@
|
|||
o Minor bugfixes (testing):
|
||||
- Fix a segmentation fault in our benchmark code when running with
|
||||
Fedora's OpenSSL package, or any other OpenSSL that provides
|
||||
ECDH but not P224. Fixes bug 10835; bugfix on 0.2.4.8-alpha.
|
|
@ -1,6 +0,0 @@
|
|||
o Major bugfixes:
|
||||
- When running a hidden service, do not allow TunneledDirConns 0;
|
||||
this will keep the hidden service from running, and also
|
||||
make it publish its descriptors directly over HTTP. Fixes bug 10849;
|
||||
bugfix on 0.2.1.1-alpha.
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
o Code simplification and refactoring:
|
||||
- Remove data structures which were introduced to implement the
|
||||
CellStatistics option: they are now redundant with the addition
|
||||
of timestamp to the regular packed_cell_t data structure, which
|
||||
we did in 0.2.4.18-rc in order to resolve #9093. Fixes bug
|
||||
10870.
|
|
@ -1,5 +0,0 @@
|
|||
o Minor bugfixes (compilation):
|
||||
- Build without warnings under clang 3.4. (We have some macros that
|
||||
define static functions only some of which will get used later in
|
||||
the module. Starting with clang 3.4, these give a warning unless the
|
||||
unused attribute is set on them.)
|
|
@ -1,6 +0,0 @@
|
|||
- Minor bugfixes:
|
||||
- Fix build warnings about missing "a2x" comment when building the
|
||||
manpages from scratch on OpenBSD; OpenBSD calls it "a2x.py".
|
||||
Fixes bug 10929; bugfix on tor-0.2.2.9-alpha. Patch from
|
||||
Dana Koch.
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- Stop leaking memory when we successfully resolve a PTR record.
|
||||
Fixes bug 11437; bugfix on 0.2.4.7-alpha.
|
|
@ -1,5 +0,0 @@
|
|||
o Major features (security):
|
||||
- Block authority signing keys that were used on an authorities
|
||||
vulnerable to the "heartbleed" bug in openssl (CVE-2014-0160).
|
||||
(We don't have any evidence that these keys _were_ compromised;
|
||||
we're doing this to be prudent.) Resolves ticket 11464.
|
|
@ -1,12 +0,0 @@
|
|||
o Major bugfixes:
|
||||
- Generate the server's preference list for ciphersuites
|
||||
automatically based on uniform criteria, and considering all
|
||||
OpenSSL ciphersuites with acceptable strength and forward
|
||||
secrecy. (The sort order is: prefer AES to 3DES; break ties by
|
||||
preferring ECDHE to DHE; break ties by preferring GCM to CBC;
|
||||
break ties by preferring SHA384 to SHA256 to SHA1; and finally,
|
||||
break ties by preferring AES256 to AES128.) This resolves bugs
|
||||
#11513, #11492, #11498, #11499. Bugs reported by 'cypherpunks'.
|
||||
Bugfix on 0.2.4.8-alpha.
|
||||
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- Avoid sending an garbage value to the controller when a circuit is
|
||||
cannibalized. Fixes bug 11519; bugfix on 0.2.3.11-alpha.
|
|
@ -1,5 +0,0 @@
|
|||
o Minor features:
|
||||
- When we run out of usable circuit IDs on a channel, log only one
|
||||
warning for the whole channel, and include a description of
|
||||
how many circuits there were on the channel. Fix for part of ticket
|
||||
#11553.
|
|
@ -1,5 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- Avoid an illegal read from stack when initializing the TLS
|
||||
module using a version of OpenSSL without all of the ciphers
|
||||
used by the v2 link handshake. Fixes bug 12227; bugfix on
|
||||
0.2.4.8-alpha. Found by "starlight".
|
|
@ -1,5 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- Correct a confusing error message when trying to extend a circuit
|
||||
via the control protocol but we don't know a descriptor or
|
||||
microdescriptor for one of the specified relays. Fixes bug 12718;
|
||||
bugfix on 0.2.3.1-alpha.
|
|
@ -1,3 +0,0 @@
|
|||
o Directory authority changes:
|
||||
- Change IP address for gabelmoo (v3 directory authority).
|
||||
|
|
@ -1,13 +0,0 @@
|
|||
o Major bugfixes:
|
||||
- Clients now send the correct address for their chosen rendezvous
|
||||
point when trying to access a hidden service. They used to send
|
||||
the wrong address, which would still work some of the time because
|
||||
they also sent the identity digest of the rendezvous point, and if
|
||||
the hidden service happened to try connecting to the rendezvous
|
||||
point from a relay that already had a connection open to it,
|
||||
the relay would reuse that connection. Now connections to hidden
|
||||
services should be more robust and faster. Also, this bug meant
|
||||
that clients were leaking to the hidden service whether they were
|
||||
on a little-endian (common) or big-endian (rare) system, which for
|
||||
some users might have reduced their anonymity. Fixes bug 13151;
|
||||
bugfix on 0.2.1.5-alpha.
|
|
@ -1,5 +0,0 @@
|
|||
o Directory authority changes:
|
||||
- Remove turtles as a directory authority.
|
||||
- Add longclaw as a new (v3) directory authority. This implements
|
||||
ticket 13296. This keeps the directory authority count at 9.
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
o Major bugfixes (openssl bug workaround):
|
||||
- Avoid crashing when using OpenSSL version 0.9.8zc, 1.0.0o, or
|
||||
1.0.1j, built with the 'no-ssl3' configuration option. Fixes
|
||||
bug 13471. This is a workaround for an OpenSSL bug.
|
||||
|
|
@ -1,7 +0,0 @@
|
|||
o Major bugfixes (exit node stability):
|
||||
|
||||
- Fix an assertion failure that could occur under high DNS load. Fixes
|
||||
bug 14129; bugfix on Tor 0.0.7rc1. Found by "jowr"; diagnosed and fixed
|
||||
by "cypherpunks".
|
||||
|
||||
|
|
@ -1,10 +0,0 @@
|
|||
o Major bugfixes (relay, stability, possible security):
|
||||
- Fix a bug that could lead to a relay crashing with an assertion
|
||||
failure if a buffer of exactly the wrong layout was passed
|
||||
to buf_pullup() at exactly the wrong time. Fixes bug 15083;
|
||||
bugfix on 0.2.0.10-alpha. Patch from 'cypherpunks'.
|
||||
|
||||
- Do not assert if the 'data' pointer on a buffer is advanced to the very
|
||||
end of the buffer; log a BUG message instead. Only assert if it is
|
||||
past that point. Fixes bug 15083; bugfix on 0.2.0.10-alpha.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Minor features (DoS-resistance):
|
||||
- Make it harder for attackers to overwhelm hidden services with
|
||||
introductions, by blocking multiple introduction requests on the
|
||||
same circuit. Resolves ticket #15515.
|
|
@ -1,5 +0,0 @@
|
|||
o Major bugfixes (security, hidden service):
|
||||
- Fix an issue that would allow a malicious client to trigger
|
||||
an assertion failure and halt a hidden service. Fixes
|
||||
bug 15600; bugfix on 0.2.1.6-alpha. Reported by "skruffy".
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Major bugfixes (security, hidden service):
|
||||
- Fix a bug that could cause a client to crash with an assertion
|
||||
failure when parsing a malformed hidden service descriptor.
|
||||
Fixes bug 15601; bugfix on 0.2.1.5-alpha. Found by "DonnCha".
|
|
@ -1,4 +0,0 @@
|
|||
o Minor bugfixes (hidden service):
|
||||
- Fix an out-of-bounds read when parsing invalid INTRODUCE2 cells
|
||||
on a client authorized hidden service. Fixes bug 15823; bugfix
|
||||
on 0.2.1.6-alpha.
|
|
@ -1,8 +0,0 @@
|
|||
o Major bugfixes (dns proxy mode, crash):
|
||||
- Avoid crashing when running as a DNS proxy. Closes bug 16248; bugfix on
|
||||
0.2.0.1-alpha. Patch from 'cypherpunks'.
|
||||
|
||||
o Minor features (bug-resistance):
|
||||
- Make Tor survive errors involving connections without a corresponding
|
||||
event object. Previously we'd fail with an assertion; now we produce a
|
||||
log message. Related to bug 16248.
|
|
@ -1,6 +0,0 @@
|
|||
o Major bugfixes (security, correctness):
|
||||
- Fix a programming error that could cause us to read 4 bytes before
|
||||
the beginning of an openssl string. This could be used to provoke
|
||||
a crash on systems with an unusual malloc implementation, or
|
||||
systems with unsual hardening installed. Fixes bug 17404; bugfix
|
||||
on 0.2.3.6-alpha.
|
|
@ -1,7 +0,0 @@
|
|||
o Major bugfixes (guard selection):
|
||||
- Actually look at the Guard flag when selecting a new directory
|
||||
guard. When we implemented the directory guard design, we
|
||||
accidentally started treating all relays as if they have the Guard
|
||||
flag during guard selection, leading to weaker anonymity and worse
|
||||
performance. Fixes bug 17222; bugfix on 0.2.4.8-alpha. Discovered
|
||||
by Mohsen Imani.
|
|
@ -1,3 +0,0 @@
|
|||
o Compilation fixes:
|
||||
- Fix a compilation warning with Clang 3.6: Do not check the
|
||||
presence of an address which can never be NULL. Fixes bug 17781.
|
|
@ -1,4 +0,0 @@
|
|||
o Minor features (authorities):
|
||||
- Update the V3 identity key for dannenberg, it was changed on
|
||||
18 November 2015.
|
||||
Closes task #17906. Patch by "teor".
|
|
@ -1,6 +0,0 @@
|
|||
o Minor fixes (security):
|
||||
- Make memwipe() do nothing when passed a NULL pointer
|
||||
or zero size. Check size argument to memwipe() for underflow.
|
||||
Closes bug #18089. Reported by "gk", patch by "teor".
|
||||
Bugfix on 0.2.3.25 and 0.2.4.6-alpha (#7352),
|
||||
commit 49dd5ef3 on 7 Nov 2012.
|
|
@ -1,7 +0,0 @@
|
|||
o Major bugfixes (security, pointers):
|
||||
|
||||
- Avoid a difficult-to-trigger heap corruption attack when extending
|
||||
a smartlist to contain over 16GB of pointers. Fixes bug #18162;
|
||||
bugfix on Tor 0.1.1.11-alpha, which fixed a related bug
|
||||
incompletely. Reported by Guido Vranken.
|
||||
|
|
@ -1,11 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- Stop trying to resolve our hostname so often (e.g. every time we
|
||||
think about doing a directory fetch). Now we reuse the cached
|
||||
answer in some cases. Fixes bugs 1992 (bugfix on 0.2.0.20-rc)
|
||||
and 2410 (bugfix on 0.1.2.2-alpha).
|
||||
|
||||
o Minor features:
|
||||
- Make bridge relays check once a minute for whether their IP
|
||||
address has changed, rather than only every 15 minutes. Resolves
|
||||
bugs 1913 and 1992.
|
||||
|
|
@ -1,10 +0,0 @@
|
|||
o Major features (security fixes):
|
||||
- Prevent a class of security bugs caused by treating the contents
|
||||
of a buffer chunk as if they were a NUL-terminated string. At
|
||||
least one such bug seems to be present in all currently used
|
||||
versions of Tor, and would allow an attacker to remotely crash
|
||||
most Tor instances, especially those compiled with extra compiler
|
||||
hardening. With this defense in place, such bugs can't crash Tor,
|
||||
though we should still fix them as they occur. Closes ticket
|
||||
20384 (TROVE-2016-10-001).
|
||||
|
|
@ -1,11 +0,0 @@
|
|||
o Major bugfixes (parsing, security):
|
||||
|
||||
- Fix a bug in parsing that could cause clients to read a single
|
||||
byte past the end of an allocated region. This bug could be
|
||||
used to cause hardened clients (built with
|
||||
--enable-expensive-hardening) to crash if they tried to visit
|
||||
a hostile hidden service. Non-hardened clients are only
|
||||
affected depending on the details of their platform's memory
|
||||
allocator. Fixes bug 21018; bugfix on 0.2.0.8-alpha. Found by
|
||||
using libFuzzer. Also tracked as TROVE-2016-12-002 and as
|
||||
CVE-2016-1254.
|
|
@ -1,3 +0,0 @@
|
|||
o Minor bugfixes (correctness):
|
||||
- Avoid undefined behavior when parsing IPv6 entries from the geoip6
|
||||
file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.
|
|
@ -1,5 +0,0 @@
|
|||
o Major features (directory authority):
|
||||
- Directory authorities now support a new consensus method (17)
|
||||
where they cap the published bandwidth of servers for which
|
||||
insufficient bandwidth measurements exist. Fixes part of bug
|
||||
2286.
|
|
@ -1,8 +0,0 @@
|
|||
o Critical bugfixes:
|
||||
- Distinguish downloading an authority certificate by identity digest from
|
||||
downloading one by identity digest/signing key digest pair; formerly we
|
||||
always request them only by identity digest and get the newest one even
|
||||
when we wanted one with a different signing key. Then we would complain
|
||||
about being given a certificate we already had, and never get the one we
|
||||
really wanted. Now we use the "fp-sk/" resource as well as the "fp/"
|
||||
resource to request the one we want. Fixes bug 5595.
|
|
@ -1,5 +0,0 @@
|
|||
o Major bugfixes:
|
||||
- Avoid a bug where our response to TLS renegotation under certain
|
||||
network conditions could lead to a busy-loop, with 100% CPU
|
||||
consumption. Fixes bug 5650; bugfix on 0.2.0.16-alpha.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- Relays now treat a changed IPv6 ORPort as sufficient reason to
|
||||
publish an updated descriptor. Fix for bug 6026; bugfix for
|
||||
0.2.4.1-alpha.
|
|
@ -1,6 +0,0 @@
|
|||
o Major enhancements:
|
||||
- Re-enable TLS 1.1 and 1.2 when built with OpenSSL 1.0.1e or later.
|
||||
(OpenSSL before 1.0.1 didn't have TLS 1.1 or 1.2. OpenSSL from 1.0.1
|
||||
through 1.0.1d had bugs that prevented renegotiation from working
|
||||
with TLS 1.1 or 1.2, so we disabled them to solve bug 6033.) Fix for
|
||||
issue #6055.
|
|
@ -1,6 +0,0 @@
|
|||
o Major bugfixes:
|
||||
- When we mark a circuit as unusable for new circuits, have it
|
||||
continue to be unusable for new circuits even if MaxCircuitDirtiness
|
||||
is increased too much at the wrong time, or the system clock jumped
|
||||
backwards. Fix for bug 6174; bugfix on 0.0.2pre26.
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- Always check the return values of functions fcntl() and
|
||||
setsockopt(). We don't believe these are ever actually failing in
|
||||
practice, but better safe than sorry. Also, checking these return
|
||||
values should please some analysis tools (like Coverity). Patch
|
||||
from 'flupzor'. Fix for bug 8206; bugfix on all versions of Tor.
|
|
@ -1,4 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- Behave correctly when the user disables LearnCircuitBuildTimeout
|
||||
but doesn't tell us what they would like the timeout to be. Fixes
|
||||
bug 6304; bugfix on 0.2.2.14-alpha.
|
|
@ -1,4 +0,0 @@
|
|||
o Minor bugfixes (log messages)
|
||||
- Use circuit creation time for network liveness evaluation. This
|
||||
should eliminate warning log messages about liveness caused by
|
||||
changes in timeout evaluation. Fixes bug 6572; bugfix on 0.2.4.8-alpha.
|
|
@ -1,4 +0,0 @@
|
|||
o Minor features (build):
|
||||
- Detect and reject attempts to build Tor with threading support
|
||||
when OpenSSL have been compiled with threading support disabled.
|
||||
Fixes bug 6673.
|
|
@ -1,4 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- Fix an assertion failure that would occur when disabling the
|
||||
ORPort setting on a running Tor process while accounting was
|
||||
enabled. Fixes bug 6979; bugfix on 0.2.2.18-alpha.
|
|
@ -1,4 +0,0 @@
|
|||
o Minor bugfixes (man page):
|
||||
- Say "KBytes" rather than "KB" in the man page (for various values
|
||||
of K), to further reduce confusion about whether Tor counts in
|
||||
units of memory or fractions of units of memory. Fixes bug 7054.
|
|
@ -1,5 +0,0 @@
|
|||
o Minor bugfix (log cleanups):
|
||||
- Eliminate several instances where we use Nickname=ID to refer to
|
||||
nodes in logs. Use Nickname (ID) instead. (Elsewhere, we still use
|
||||
$ID=Nickname, which is also acceptable.) Fixes bug #7065. Bugfix
|
||||
on 0.2.3.21-rc, 0.2.4.5-alpha, 0.2.4.8-alpha, and 0.2.4.10-alpha.
|
|
@ -1,4 +0,0 @@
|
|||
o Minor bugfixes (build):
|
||||
- Add the old src/or/micro-revision.i filename to CLEANFILES.
|
||||
On the off chance that somebody has one, it will go away as soon
|
||||
as they run "make clean". Fix for bug 7143; bugfix on 0.2.4.1-alpha.
|
|
@ -1,4 +0,0 @@
|
|||
o Minor features (bug diagnostic):
|
||||
- If we fail to free a microdescriptor because of bug #7164, log
|
||||
the filename and line number from which we tried to free it.
|
||||
This should help us finally fix #7164.
|
|
@ -1,6 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- Downgrade the warning severity for the the "md was still referenced 1
|
||||
node(s)" warning. Tor 0.2.5.4-alpha has better code for trying to
|
||||
diagnose this bug, and the current warning in earlier versions of
|
||||
tor achieves nothing useful. Addresses warning from bug 7164.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- Fix some bugs in tor-fw-helper-natpmp when trying to build and
|
||||
run it on Windows. More bugs likely remain. Patch from Gisle Vanem.
|
||||
Fixes bug 7280; bugfix on 0.2.3.1-alpha.
|
|
@ -1,11 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- Don't log inappropriate heartbeat messages when hibernating: a
|
||||
hibernating node is _expected_ to drop out of the consensus,
|
||||
decide it isn't bootstrapped, and so forth. Fixes part of bug
|
||||
7302; bugfix on 0.2.3.1-alpha.
|
||||
|
||||
- Don't complain about bootstrapping problems while hibernating.
|
||||
These complaints reflect a general code problems, but not one
|
||||
with any problematic effects. (No connections are actually
|
||||
opened.) Fixes part of bug 7302; bugfix on 0.2.3.2-alpha.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Major bugfixes:
|
||||
- Avoid an assertion when we discover that we'd like to write a cell
|
||||
onto a closing connection: just discard the cell. Fixes another
|
||||
case of bug 7350; bugfix on 0.2.4.4-alpha.
|
|
@ -1,9 +0,0 @@
|
|||
o Major bugfixes:
|
||||
|
||||
- When an exit node tells us that it is rejecting because of its
|
||||
exit policy a stream we expected it to accept (because of its exit
|
||||
policy), do not mark the node as useless for exiting if our
|
||||
expectation was only based on an exit policy summary. Instead,
|
||||
mark the circuit as unsuitable for that particular address. Fixes
|
||||
part of bug 7582; bugfix on 0.2.3.2-alpha.
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
o Minor features:
|
||||
- Add another diagnostic to the heartbeat message: track and log
|
||||
overhead that TLS is adding to the data we write. If this is
|
||||
high, we are sending too little data to SSL_write at a time.
|
||||
Diagnostic for bug 7707.
|
|
@ -1,3 +0,0 @@
|
|||
o Documentation fixes:
|
||||
- Update tor-fw-helper.1.txt and tor-fw-helper.c to make option
|
||||
names match. Fixes bug 7768.
|
|
@ -1,7 +0,0 @@
|
|||
o Minor changes (log clarification)
|
||||
- Add more detail to a log message about relaxed timeouts. Hopefully
|
||||
this additional detail will allow us to diagnose the cause of bug 7799.
|
||||
o Minor bugfixes
|
||||
- Don't attempt to relax the timeout of already opened 1-hop circuits.
|
||||
They might never timeout. This should eliminate some/all cases of
|
||||
the relaxed timeout log message.
|
|
@ -1,13 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- When choosing which stream on a formerly stalled circuit to wake
|
||||
first, make better use of the platform's weak RNG. Previously, we
|
||||
had been using the % ("modulo") operator to try to generate a 1/N
|
||||
chance of picking each stream, but this behaves badly with many
|
||||
platforms' choice of weak RNG. Fix for bug 7801; bugfix on
|
||||
0.2.2.20-alpha.
|
||||
- Use our own weak RNG when we need a weak RNG. Windows's rand()
|
||||
and Irix's random() only return 15 bits; Solaris's random()
|
||||
returns more bits but its RAND_MAX says it only returns 15, and
|
||||
so on. Fixes another aspect of bug 7801; bugfix on
|
||||
0.2.2.20-alpha.
|
||||
|
|
@ -1,8 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- Avoid leaking IPv6 policy content if we fail to format it into
|
||||
a router descriptor. Spotted by Coverity. Fixes part of 7816;
|
||||
bugfix on 0.2.4.7-alpha.
|
||||
|
||||
- Avoid leaking memory if we fail to compute a consensus signature
|
||||
or we generated a consensus we couldn't parse. Spotted by Coverity.
|
||||
Fixes part of 7816; bugfix on 0.2.0.5-alpha.
|
|
@ -1,7 +0,0 @@
|
|||
o Minor bugfixes (memory leak, controller):
|
||||
- Fix a memory leak during safe-cookie controller authentication.
|
||||
Spotted by Coverity. Fixes part of bug 7816; bugfix on 0.2.3.13-alpha.
|
||||
|
||||
o Minor bugfixes (memory leak, HTTPS proxy support):
|
||||
- Fix a memory leak when receiving headers from an HTTPS proxy.
|
||||
Spotted by Coverity. Fixes part of bug 7816; bugfix on 0.2.1.1-alpha.
|
|
@ -1,3 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- Fix various places where we leak file descriptors or memory on
|
||||
error cases. Spotted by coverity. Fixes parts of bug 7816.
|
|
@ -1,7 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- When we receive a RELAY_END cell with the reason DONE, or with no
|
||||
reason, before receiving a RELAY_CONNECTED cell, report the SOCKS
|
||||
status as "connection refused." Previously we reporting these
|
||||
cases as success but then immediately closing the connection.
|
||||
Fixes bug 7902; bugfix on 0.1.0.1-rc. Reported by "oftc_must_
|
||||
be_destroyed."
|
|
@ -1,4 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- Fix the handling of a TRUNCATE cell when it arrives while the circuit
|
||||
extension is in progress. Fixes bug 7947; bugfix on 0.0.7.1.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- When rejecting a configuration because we were unable to parse a
|
||||
quoted string, log an actual error message. Fix for bug 7950;
|
||||
bugfix on 0.2.0.16-alpha.
|
|
@ -1,3 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- Copy-paste description for PathBias params from man page into or.h
|
||||
comment. Fixes bug 7982.
|
|
@ -1,5 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- When autodetecting the number of CPUs, use the number of available
|
||||
CPUs in preferernce to the number of configured CPUs. Inform the
|
||||
user if this reduces the number of avialable CPUs. Fix for bug 8002.
|
||||
Bugfix on 0.2.3.1-alpha.
|
|
@ -1,5 +0,0 @@
|
|||
o Minor usability improvements (build):
|
||||
- Clarify that when autconf is checking for nacl, it is checking
|
||||
specifically for nacl with a fast curve25519 implementation.
|
||||
Fixes bug 8014.
|
||||
|
|
@ -1,7 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- Use direct writes rather than stdio when building microdescriptor
|
||||
caches, in an attempt to mitigate bug 8031, or at least make it
|
||||
less common.
|
||||
- Warn more aggressively when flushing microdescriptors to a
|
||||
microdescriptor cache fails, in an attempt to mitegate bug 8031,
|
||||
or at least make it more diagnosable.
|
|
@ -1,8 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- Correctly store microdescriptors and extrainfo descriptors with
|
||||
an internal NUL byte. Fixes bug 8037; bugfix on 0.2.0.1-alpha.
|
||||
Bug reported by "cypherpunks".
|
||||
|
||||
o Minor features:
|
||||
- Reject as invalid most directory objects containing a
|
||||
NUL. Belt-and-suspender fix for bug 8037.
|
|
@ -1,6 +0,0 @@
|
|||
o Minor bugfixes (protocol conformance):
|
||||
- Fix a misframing issue when reading the version numbers in a
|
||||
VERSIONS cell. Previously we would recognize [00 01 00 02] as
|
||||
'version 1, version 2, and version 0x100', when it should have
|
||||
only included versions 1 and 2. Fixes bug 8059; bugfix on
|
||||
0.2.0.10-alpha. Reported pseudonymously.
|
|
@ -1,5 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- Increase the width of the field used to remember a connection's
|
||||
link protocol version to two bytes. Harmless for now, since the
|
||||
only currently recognized versions are one byte long. Reported
|
||||
pseudynmously. Fixes bug 8062, bugfix on 0.2.0.10-alpha.
|
|
@ -1,6 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- Downgrade an assertion in connection_ap_expire_beginning to
|
||||
an LD_BUG message. The fix for bug 8024 should prevent this
|
||||
message from displaying, but just in case a warn that we can
|
||||
diagnose is better than more assert crashes. Fix for bug 8065;
|
||||
bugfix on 0.2.4.8-alpha.
|
|
@ -1,3 +0,0 @@
|
|||
o Minor features:
|
||||
- Downgrade "unexpected SENDME" warnings to protocol-warn for 0.2.4,
|
||||
for bug 8093.
|
|
@ -1,13 +0,0 @@
|
|||
o Major bugfixes:
|
||||
|
||||
- Many SOCKS5 clients, when configured to offer a username/password,
|
||||
offer both username/password authentication and "no authentication".
|
||||
Tor had previously preferred no authentication, but this was
|
||||
problematic when trying to make applications get proper stream
|
||||
isolation with IsolateSOCKSAuth. Now, on any SOCKS port with
|
||||
IsolateSOCKSAuth turned on (which is the default), Tor selects
|
||||
username/password authentication if it's offered. If this confuses your
|
||||
application, you can disable it on a per-SOCKSPort basis via
|
||||
PreferSOCKSNoAuth. Fixes bug 8117; bugfix on 0.2.3.3-alpha.
|
||||
|
||||
|
|
@ -1,7 +0,0 @@
|
|||
o Minor features:
|
||||
- Clear the high bit on curve25519 public keys before passing them to
|
||||
our backend, in case we ever wind up using a backend that doesn't do
|
||||
so itself. If we used such a backend, and *didn't* clear the high bit,
|
||||
we could wind up in a situation where users with such backends would
|
||||
be distinguishable from users without. Fix for bug 8121; bugfix on
|
||||
0.2.4.8-alpha.
|
|
@ -1,5 +0,0 @@
|
|||
o Minor features (directory authority):
|
||||
- Include inside each vote a statement of the performance
|
||||
thresholds that made the authority vote for its flags. Implements
|
||||
ticket 8151.
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- Use less space when formatting identical microdescriptor lines in
|
||||
directory votes. Fixes bug 8158; bugfix on 0.2.4.1-alpha.
|
|
@ -1,6 +0,0 @@
|
|||
o Minor changes:
|
||||
- Lower path use bias thresholds to .80 for notice and .60 for warn.
|
||||
Fixes bug #8161; bugfix on 0.2.4.10-alpa.
|
||||
- Make the rate limiting flags for the path use bias log messages
|
||||
independent from the original path bias flags. Fixes bug #8161;
|
||||
bugfix on 0.2.4.10-alpha.
|
|
@ -1,7 +0,0 @@
|
|||
o Minor bugfixes (security usability):
|
||||
- Elevate the severity of the warning message when setting
|
||||
EntryNodes but disabling UseGuardNodes to an error. The outcome
|
||||
of letting Tor procede with those options enabled (which causes
|
||||
EntryNodes to get ignored) is sufficiently different from what
|
||||
was expected that it's best to just refuse to proceed. Fixes bug
|
||||
8180; bugfix on 0.2.3.11-alpha.
|
|
@ -1,3 +0,0 @@
|
|||
o Minor features:
|
||||
- Improve debugging output to attempt to diagnose the underlying
|
||||
cause of bug 8185.
|
|
@ -1,5 +0,0 @@
|
|||
o Minor bugfix:
|
||||
- Stop sending a stray "(null)" in some cases for the server status
|
||||
"EXTERNAL_ADDRESS" controller event. Resolves bug 8200; bugfix
|
||||
on 0.1.2.6-alpha.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- Make the format and order of STREAM events for DNS lookups consistent
|
||||
among the various ways to launch DNS lookups. Fix for bug 8203;
|
||||
bugfix on 0.2.0.24-rc. Patch by "Desoxy."
|
|
@ -1,7 +0,0 @@
|
|||
o Major bugfixes (hidden services):
|
||||
- Allow hidden service authentication to succeed again. When we
|
||||
refactored the hidden service introduction code back in 0.2.4.1-alpha,
|
||||
we didn't update the code that checks whether authentication
|
||||
information is present, causing all authentication checks to
|
||||
return "false". Fix for bug 8207; bugfix on 0.2.4.1-alpha. Found by
|
||||
Coverity; this is CID 718615.
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue