Compare commits
143 Commits
master
...
release-0.
Author | SHA1 | Date |
---|---|---|
Nick Mathewson | 279fa65d34 | |
Nick Mathewson | 1d281eb933 | |
Nick Mathewson | 0d63a60643 | |
Nick Mathewson | b2c220a623 | |
Nick Mathewson | 7d1d868ea0 | |
Nick Mathewson | e212c752f2 | |
Nick Mathewson | eb0c7ab433 | |
Nick Mathewson | ba0c0ef771 | |
Nick Mathewson | beeeeb0afa | |
Nick Mathewson | ca19b2115a | |
Nick Mathewson | 20ca62ffb5 | |
Nick Mathewson | 9cb1c2b4ad | |
Nick Mathewson | 7d83cfb3ab | |
Nick Mathewson | b97fb313a9 | |
Nick Mathewson | 4902cfcf19 | |
Nick Mathewson | 6d0f332a2e | |
Nick Mathewson | 6177674a5b | |
Nick Mathewson | e26f387026 | |
Nick Mathewson | 765fd0845f | |
Nick Mathewson | 5a0e73c75b | |
Nick Mathewson | 078604630d | |
Nick Mathewson | 8669a1ea50 | |
Nick Mathewson | 55c918e7d2 | |
Nick Mathewson | 5e1bad3259 | |
Nick Mathewson | 533ae56fcf | |
Nick Mathewson | 558eafe56e | |
Nick Mathewson | e2979ebe25 | |
Nick Mathewson | e17659b701 | |
Nick Mathewson | 4e10ada1e8 | |
Nick Mathewson | 2e2ec4cb5e | |
Nick Mathewson | 0c44446c40 | |
Nick Mathewson | d1340423fa | |
Nick Mathewson | e4d7f97c40 | |
Nick Mathewson | 9c96dbe7b0 | |
Nick Mathewson | e6d77520ef | |
Nick Mathewson | c1195d42bc | |
Nick Mathewson | 24bc8caf35 | |
Nick Mathewson | e14006a545 | |
Nick Mathewson | d9dd67e216 | |
Nick Mathewson | 0a78d2947c | |
Nick Mathewson | 020c003a63 | |
Nick Mathewson | b104ea724d | |
Nick Mathewson | 33b69e6884 | |
Nick Mathewson | 148d76c092 | |
Nick Mathewson | 51ca3dc811 | |
Nick Mathewson | 45245fe29e | |
Nick Mathewson | 5c5298e4ff | |
Nick Mathewson | 30844dd51a | |
Nick Mathewson | 8e0bf7fac1 | |
Nick Mathewson | b909aed534 | |
Nick Mathewson | 7b1762481b | |
Nick Mathewson | a8a1e7e8da | |
Nick Mathewson | c0ff59f870 | |
Nick Mathewson | c0257f14cd | |
Nick Mathewson | 2f6a66a174 | |
Nick Mathewson | 72d9e057c3 | |
Nick Mathewson | 9203b3e4ed | |
Nick Mathewson | 2393e67b2e | |
Nick Mathewson | e89163845a | |
Nick Mathewson | 2e02b59772 | |
Nick Mathewson | 056978c31c | |
Nick Mathewson | 5322713b48 | |
Nick Mathewson | 1ffe29ff8d | |
Nick Mathewson | d27160b407 | |
Nick Mathewson | 53947389a7 | |
Nick Mathewson | 8c2cad52c4 | |
Nick Mathewson | 77abd68855 | |
Nick Mathewson | c0c92c3e2a | |
Nick Mathewson | 01d5921435 | |
Nick Mathewson | c79976bc9b | |
Nick Mathewson | 99d0579ff5 | |
Nick Mathewson | c1237ed516 | |
Nick Mathewson | 5a4caad88d | |
Nick Mathewson | 53a605ee00 | |
Nick Mathewson | cfb61f909a | |
Nick Mathewson | 4dcfc3ded6 | |
Nick Mathewson | 8ba0ea4419 | |
Nick Mathewson | e573a51916 | |
Nick Mathewson | 6bf06c5656 | |
Nick Mathewson | 78d9af302e | |
Nick Mathewson | a286fbd711 | |
Nick Mathewson | 2f962b9309 | |
Nick Mathewson | b0fff2a9c5 | |
Nick Mathewson | 4b54ad017d | |
Nick Mathewson | 1d02f64932 | |
Roger Dingledine | 42b42605f8 | |
Nick Mathewson | 7fd7a2c7c3 | |
Nick Mathewson | 495d201c36 | |
Nick Mathewson | 44b933cf01 | |
Nick Mathewson | 0829e05630 | |
Nick Mathewson | 023ce9e0f8 | |
Nick Mathewson | 334f4f60e8 | |
Nick Mathewson | e6ae154ab4 | |
Nick Mathewson | f69c7a152f | |
Nick Mathewson | 056ff52c53 | |
Nick Mathewson | b82be6cf66 | |
Nick Mathewson | 095080360f | |
Nick Mathewson | 9ffb2d8818 | |
Nick Mathewson | 42336f32f0 | |
Nick Mathewson | 6a58a380f9 | |
Nick Mathewson | e6c16e6267 | |
Nick Mathewson | 6880aaf0a9 | |
Nick Mathewson | dfcdb34b8e | |
Nick Mathewson | f17167ac0a | |
Nick Mathewson | 96f46922c7 | |
Nick Mathewson | c82aaaa48a | |
Nick Mathewson | f77d8901fc | |
Roger Dingledine | a64f3ab3ee | |
Roger Dingledine | 36b979bb8d | |
Roger Dingledine | 347a9f98b8 | |
Roger Dingledine | 9fe7395984 | |
Roger Dingledine | 70762a0e9c | |
Roger Dingledine | 22a82164b1 | |
Roger Dingledine | 0b004ba5c0 | |
Nick Mathewson | 396ac67f62 | |
Roger Dingledine | 40233cadbb | |
Nick Mathewson | 76f72e3b41 | |
Nick Mathewson | 5958261f23 | |
Nick Mathewson | 102c7d7b2c | |
Nick Mathewson | 2fbaa2f9d6 | |
Nick Mathewson | 8e7ee0e2c0 | |
Nick Mathewson | 351f245e2a | |
Nick Mathewson | 04755ff764 | |
Roger Dingledine | 83e069fd52 | |
Nick Mathewson | 32c5806e1c | |
Nick Mathewson | 37516391be | |
Nick Mathewson | 43bf511c31 | |
Nick Mathewson | 06e8f4b370 | |
Nick Mathewson | 475c95f28a | |
Nick Mathewson | b969ee9dad | |
Roger Dingledine | ef89fd142c | |
Nick Mathewson | f8ca81c04f | |
Nick Mathewson | ad8281cb8b | |
Nick Mathewson | 9fc5dd8ae7 | |
Nick Mathewson | 9f950d80c3 | |
Roger Dingledine | 390728d856 | |
Roger Dingledine | 0b586b44dd | |
Roger Dingledine | 6c84b124aa | |
Roger Dingledine | bf372578c1 | |
Roger Dingledine | f4992beb56 | |
Roger Dingledine | 2be259fabf | |
Roger Dingledine | c0411e1c89 | |
Nick Mathewson | d14fcdc5e8 |
711
ChangeLog
711
ChangeLog
|
@ -1,3 +1,714 @@
|
|||
Changes in version 0.2.5.16 - 2017-12-01
|
||||
Tor 0.2.5.13 backports important security and stability bugfixes from
|
||||
later Tor releases. All Tor users should upgrade to this release, or
|
||||
to another of the releases coming out today.
|
||||
|
||||
Note: the Tor 0.2.5 series will no longer be supported after 1 May
|
||||
2018. If you need a release with long-term support, please upgrade to
|
||||
the 0.2.9 series. Otherwise, please upgrade to 0.3.1 or later.
|
||||
|
||||
o Major bugfixes (security, backport from 0.3.2.6-alpha):
|
||||
- Fix a denial of service bug where an attacker could use a
|
||||
malformed directory object to cause a Tor instance to pause while
|
||||
OpenSSL would try to read a passphrase from the terminal. (Tor
|
||||
instances run without a terminal, which is the case for most Tor
|
||||
packages, are not impacted.) Fixes bug 24246; bugfix on every
|
||||
version of Tor. Also tracked as TROVE-2017-011 and CVE-2017-8821.
|
||||
Found by OSS-Fuzz as testcase 6360145429790720.
|
||||
- When checking for replays in the INTRODUCE1 cell data for a
|
||||
(legacy) onion service, correctly detect replays in the RSA-
|
||||
encrypted part of the cell. We were previously checking for
|
||||
replays on the entire cell, but those can be circumvented due to
|
||||
the malleability of Tor's legacy hybrid encryption. This fix helps
|
||||
prevent a traffic confirmation attack. Fixes bug 24244; bugfix on
|
||||
0.2.4.1-alpha. This issue is also tracked as TROVE-2017-009
|
||||
and CVE-2017-8819.
|
||||
|
||||
o Major bugfixes (security, relay, backport from 0.3.2.6-alpha):
|
||||
- When running as a relay, make sure that we never build a path
|
||||
through ourselves, even in the case where we have somehow lost the
|
||||
version of our descriptor appearing in the consensus. Fixes part
|
||||
of bug 21534; bugfix on 0.2.0.1-alpha. This issue is also tracked
|
||||
as TROVE-2017-012 and CVE-2017-8822.
|
||||
|
||||
o Minor features (bridge, backport from 0.3.1.9):
|
||||
- Bridges now include notice in their descriptors that they are
|
||||
bridges, and notice of their distribution status, based on their
|
||||
publication settings. Implements ticket 18329. For more fine-
|
||||
grained control of how a bridge is distributed, upgrade to 0.3.2.x
|
||||
or later.
|
||||
|
||||
o Minor features (geoip):
|
||||
- Update geoip and geoip6 to the November 6 2017 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
||||
|
||||
Changes in version 0.2.5.15 - 2017-10-25
|
||||
Tor 0.2.5.15 backports a collection of bugfixes from later Tor release
|
||||
series. It also adds a new directory authority, Bastet.
|
||||
|
||||
Note: the Tor 0.2.5 series will no longer be supported after 1 May
|
||||
2018. If you need a release with long-term support, please upgrade to
|
||||
the 0.2.9 series. Otherwise, please upgrade to 0.3.1 or later.
|
||||
|
||||
o Directory authority changes:
|
||||
- Add "Bastet" as a ninth directory authority to the default list.
|
||||
Closes ticket 23910.
|
||||
- The directory authority "Longclaw" has changed its IP address.
|
||||
Closes ticket 23592.
|
||||
|
||||
o Major bugfixes (openbsd, denial-of-service, backport from 0.3.1.5-alpha):
|
||||
- Avoid an assertion failure bug affecting our implementation of
|
||||
inet_pton(AF_INET6) on certain OpenBSD systems whose strtol()
|
||||
handling of "0xx" differs from what we had expected. Fixes bug
|
||||
22789; bugfix on 0.2.3.8-alpha. Also tracked as TROVE-2017-007.
|
||||
|
||||
o Minor features (geoip):
|
||||
- Update geoip and geoip6 to the October 4 2017 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
||||
o Minor bugfixes (defensive programming, undefined behavior, backport from 0.3.1.4-alpha):
|
||||
- Fix a memset() off the end of an array when packing cells. This
|
||||
bug should be harmless in practice, since the corrupted bytes are
|
||||
still in the same structure, and are always padding bytes,
|
||||
ignored, or immediately overwritten, depending on compiler
|
||||
behavior. Nevertheless, because the memset()'s purpose is to make
|
||||
sure that any other cell-handling bugs can't expose bytes to the
|
||||
network, we need to fix it. Fixes bug 22737; bugfix on
|
||||
0.2.4.11-alpha. Fixes CID 1401591.
|
||||
|
||||
o Build features (backport from 0.3.1.5-alpha):
|
||||
- Tor's repository now includes a Travis Continuous Integration (CI)
|
||||
configuration file (.travis.yml). This is meant to help new
|
||||
developers and contributors who fork Tor to a Github repository be
|
||||
better able to test their changes, and understand what we expect
|
||||
to pass. To use this new build feature, you must fork Tor to your
|
||||
Github account, then go into the "Integrations" menu in the
|
||||
repository settings for your fork and enable Travis, then push
|
||||
your changes. Closes ticket 22636.
|
||||
|
||||
|
||||
Changes in version 0.2.5.14 - 2017-06-08
|
||||
Tor 0.2.5.14 backports a fix for a bug that would allow an attacker to
|
||||
remotely crash a hidden service with an assertion failure. Anyone
|
||||
running a hidden service should upgrade to this version, or to some
|
||||
other version with fixes for TROVE-2017-005. (Versions before 0.3.0
|
||||
are not affected by TROVE-2017-004.)
|
||||
|
||||
o Major bugfixes (hidden service, relay, security):
|
||||
- Fix a remotely triggerable assertion failure caused by receiving a
|
||||
BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug
|
||||
22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix
|
||||
on 0.2.2.1-alpha.
|
||||
|
||||
o Minor features (geoip):
|
||||
- Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
||||
o Minor bugfixes (correctness):
|
||||
- Avoid undefined behavior when parsing IPv6 entries from the geoip6
|
||||
file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.
|
||||
|
||||
|
||||
Changes in version 0.2.5.13 - 2017-03-03
|
||||
Tor 0.2.5.13 backports a number of security fixes from later Tor
|
||||
releases. Anybody running Tor 0.2.5.13 or earlier should upgrade to
|
||||
this release, if for some reason they cannot upgrade to a later
|
||||
release series.
|
||||
|
||||
Note that support for Tor 0.2.5.x is ending next year: we will not issue
|
||||
any fixes for the Tor 0.2.5.x series after 1 May 2018. If you need
|
||||
a Tor release series with longer-term support, we recommend Tor 0.2.9.x.
|
||||
|
||||
o Directory authority changes (backport from 0.2.8.5-rc):
|
||||
- Urras is no longer a directory authority. Closes ticket 19271.
|
||||
|
||||
o Directory authority changes (backport from 0.2.9.2-alpha):
|
||||
- The "Tonga" bridge authority has been retired; the new bridge
|
||||
authority is "Bifroest". Closes tickets 19728 and 19690.
|
||||
|
||||
o Directory authority key updates (backport from 0.2.8.1-alpha):
|
||||
- Update the V3 identity key for the dannenberg directory authority:
|
||||
it was changed on 18 November 2015. Closes task 17906. Patch
|
||||
by "teor".
|
||||
|
||||
o Major features (security fixes, backport from 0.2.9.4-alpha):
|
||||
- Prevent a class of security bugs caused by treating the contents
|
||||
of a buffer chunk as if they were a NUL-terminated string. At
|
||||
least one such bug seems to be present in all currently used
|
||||
versions of Tor, and would allow an attacker to remotely crash
|
||||
most Tor instances, especially those compiled with extra compiler
|
||||
hardening. With this defense in place, such bugs can't crash Tor,
|
||||
though we should still fix them as they occur. Closes ticket
|
||||
20384 (TROVE-2016-10-001).
|
||||
|
||||
o Major bugfixes (parsing, security, backport from 0.2.9.8):
|
||||
- Fix a bug in parsing that could cause clients to read a single
|
||||
byte past the end of an allocated region. This bug could be used
|
||||
to cause hardened clients (built with --enable-expensive-hardening)
|
||||
to crash if they tried to visit a hostile hidden service. Non-
|
||||
hardened clients are only affected depending on the details of
|
||||
their platform's memory allocator. Fixes bug 21018; bugfix on
|
||||
0.2.0.8-alpha. Found by using libFuzzer. Also tracked as TROVE-
|
||||
2016-12-002 and as CVE-2016-1254.
|
||||
|
||||
o Major bugfixes (security, client, DNS proxy, backport from 0.2.8.3-alpha):
|
||||
- Stop a crash that could occur when a client running with DNSPort
|
||||
received a query with multiple address types, and the first
|
||||
address type was not supported. Found and fixed by Scott Dial.
|
||||
Fixes bug 18710; bugfix on 0.2.5.4-alpha.
|
||||
|
||||
o Major bugfixes (security, correctness, backport from 0.2.7.4-rc):
|
||||
- Fix an error that could cause us to read 4 bytes before the
|
||||
beginning of an openssl string. This bug could be used to cause
|
||||
Tor to crash on systems with unusual malloc implementations, or
|
||||
systems with unusual hardening installed. Fixes bug 17404; bugfix
|
||||
on 0.2.3.6-alpha.
|
||||
|
||||
o Major bugfixes (security, pointers, backport from 0.2.8.2-alpha):
|
||||
- Avoid a difficult-to-trigger heap corruption attack when extending
|
||||
a smartlist to contain over 16GB of pointers. Fixes bug 18162;
|
||||
bugfix on 0.1.1.11-alpha, which fixed a related bug incompletely.
|
||||
Reported by Guido Vranken.
|
||||
|
||||
o Major bugfixes (dns proxy mode, crash, backport from 0.2.8.2-alpha):
|
||||
- Avoid crashing when running as a DNS proxy. Fixes bug 16248;
|
||||
bugfix on 0.2.0.1-alpha. Patch from "cypherpunks".
|
||||
|
||||
o Major bugfixes (guard selection, backport from 0.2.7.6):
|
||||
- Actually look at the Guard flag when selecting a new directory
|
||||
guard. When we implemented the directory guard design, we
|
||||
accidentally started treating all relays as if they have the Guard
|
||||
flag during guard selection, leading to weaker anonymity and worse
|
||||
performance. Fixes bug 17772; bugfix on 0.2.4.8-alpha. Discovered
|
||||
by Mohsen Imani.
|
||||
|
||||
o Major bugfixes (key management, backport from 0.2.8.3-alpha):
|
||||
- If OpenSSL fails to generate an RSA key, do not retain a dangling
|
||||
pointer to the previous (uninitialized) key value. The impact here
|
||||
should be limited to a difficult-to-trigger crash, if OpenSSL is
|
||||
running an engine that makes key generation failures possible, or
|
||||
if OpenSSL runs out of memory. Fixes bug 19152; bugfix on
|
||||
0.2.1.10-alpha. Found by Yuan Jochen Kang, Suman Jana, and
|
||||
Baishakhi Ray.
|
||||
|
||||
o Major bugfixes (parsing, backported from 0.3.0.4-rc):
|
||||
- Fix an integer underflow bug when comparing malformed Tor
|
||||
versions. This bug could crash Tor when built with
|
||||
--enable-expensive-hardening, or on Tor 0.2.9.1-alpha through Tor
|
||||
0.2.9.8, which were built with -ftrapv by default. In other cases
|
||||
it was harmless. Part of TROVE-2017-001. Fixes bug 21278; bugfix
|
||||
on 0.0.8pre1. Found by OSS-Fuzz.
|
||||
|
||||
o Minor features (security, memory erasure, backport from 0.2.8.1-alpha):
|
||||
- Make memwipe() do nothing when passed a NULL pointer or buffer of
|
||||
zero size. Check size argument to memwipe() for underflow. Fixes
|
||||
bug 18089; bugfix on 0.2.3.25 and 0.2.4.6-alpha. Reported by "gk",
|
||||
patch by "teor".
|
||||
|
||||
o Minor features (bug-resistance, backport from 0.2.8.2-alpha):
|
||||
- Make Tor survive errors involving connections without a
|
||||
corresponding event object. Previously we'd fail with an
|
||||
assertion; now we produce a log message. Related to bug 16248.
|
||||
|
||||
o Minor features (geoip):
|
||||
- Update geoip and geoip6 to the February 8 2017 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
||||
o Minor bugfixes (compilation, backport from 0.2.7.6):
|
||||
- Fix a compilation warning with Clang 3.6: Do not check the
|
||||
presence of an address which can never be NULL. Fixes bug 17781.
|
||||
|
||||
o Minor bugfixes (crypto error-handling, backport from 0.2.7.2-alpha):
|
||||
- Check for failures from crypto_early_init, and refuse to continue.
|
||||
A previous typo meant that we could keep going with an
|
||||
uninitialized crypto library, and would have OpenSSL initialize
|
||||
its own PRNG. Fixes bug 16360; bugfix on 0.2.5.2-alpha, introduced
|
||||
when implementing ticket 4900. Patch by "teor".
|
||||
|
||||
o Minor bugfixes (hidden service, backport from 0.2.7.1-alpha):
|
||||
- Fix an out-of-bounds read when parsing invalid INTRODUCE2 cells on
|
||||
a client authorized hidden service. Fixes bug 15823; bugfix
|
||||
on 0.2.1.6-alpha.
|
||||
|
||||
|
||||
Changes in version 0.2.5.12 - 2015-04-06
|
||||
Tor 0.2.5.12 backports two fixes from 0.2.6.7 for security issues that
|
||||
could be used by an attacker to crash hidden services, or crash clients
|
||||
visiting hidden services. Hidden services should upgrade as soon as
|
||||
possible; clients should upgrade whenever packages become available.
|
||||
|
||||
This release also backports a simple improvement to make hidden
|
||||
services a bit less vulnerable to denial-of-service attacks.
|
||||
|
||||
o Major bugfixes (security, hidden service):
|
||||
- Fix an issue that would allow a malicious client to trigger an
|
||||
assertion failure and halt a hidden service. Fixes bug 15600;
|
||||
bugfix on 0.2.1.6-alpha. Reported by "disgleirio".
|
||||
- Fix a bug that could cause a client to crash with an assertion
|
||||
failure when parsing a malformed hidden service descriptor. Fixes
|
||||
bug 15601; bugfix on 0.2.1.5-alpha. Found by "DonnchaC".
|
||||
|
||||
o Minor features (DoS-resistance, hidden service):
|
||||
- Introduction points no longer allow multiple INTRODUCE1 cells to
|
||||
arrive on the same circuit. This should make it more expensive for
|
||||
attackers to overwhelm hidden services with introductions.
|
||||
Resolves ticket 15515.
|
||||
|
||||
|
||||
Changes in version 0.2.5.11 - 2015-03-17
|
||||
Tor 0.2.5.11 is the second stable release in the 0.2.5 series.
|
||||
|
||||
It backports several bugfixes from the 0.2.6 branch, including a
|
||||
couple of medium-level security fixes for relays and exit nodes.
|
||||
It also updates the list of directory authorities.
|
||||
|
||||
o Directory authority changes:
|
||||
- Remove turtles as a directory authority.
|
||||
- Add longclaw as a new (v3) directory authority. This implements
|
||||
ticket 13296. This keeps the directory authority count at 9.
|
||||
- The directory authority Faravahar has a new IP address. This
|
||||
closes ticket 14487.
|
||||
|
||||
o Major bugfixes (crash, OSX, security):
|
||||
- Fix a remote denial-of-service opportunity caused by a bug in
|
||||
OSX's _strlcat_chk() function. Fixes bug 15205; bug first appeared
|
||||
in OSX 10.9.
|
||||
|
||||
o Major bugfixes (relay, stability, possible security):
|
||||
- Fix a bug that could lead to a relay crashing with an assertion
|
||||
failure if a buffer of exactly the wrong layout was passed to
|
||||
buf_pullup() at exactly the wrong time. Fixes bug 15083; bugfix on
|
||||
0.2.0.10-alpha. Patch from 'cypherpunks'.
|
||||
- Do not assert if the 'data' pointer on a buffer is advanced to the
|
||||
very end of the buffer; log a BUG message instead. Only assert if
|
||||
it is past that point. Fixes bug 15083; bugfix on 0.2.0.10-alpha.
|
||||
|
||||
o Major bugfixes (exit node stability):
|
||||
- Fix an assertion failure that could occur under high DNS load.
|
||||
Fixes bug 14129; bugfix on Tor 0.0.7rc1. Found by "jowr";
|
||||
diagnosed and fixed by "cypherpunks".
|
||||
|
||||
o Major bugfixes (Linux seccomp2 sandbox):
|
||||
- Upon receiving sighup with the seccomp2 sandbox enabled, do not
|
||||
crash during attempts to call wait4. Fixes bug 15088; bugfix on
|
||||
0.2.5.1-alpha. Patch from "sanic".
|
||||
|
||||
o Minor features (controller):
|
||||
- New "GETINFO bw-event-cache" to get information about recent
|
||||
bandwidth events. Closes ticket 14128. Useful for controllers to
|
||||
get recent bandwidth history after the fix for ticket 13988.
|
||||
|
||||
o Minor features (geoip):
|
||||
- Update geoip to the March 3 2015 Maxmind GeoLite2 Country database.
|
||||
- Update geoip6 to the March 3 2015 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
||||
o Minor bugfixes (client, automapping):
|
||||
- Avoid crashing on torrc lines for VirtualAddrNetworkIPv[4|6] when
|
||||
no value follows the option. Fixes bug 14142; bugfix on
|
||||
0.2.4.7-alpha. Patch by "teor".
|
||||
- Fix a memory leak when using AutomapHostsOnResolve. Fixes bug
|
||||
14195; bugfix on 0.1.0.1-rc.
|
||||
|
||||
o Minor bugfixes (compilation):
|
||||
- Build without warnings with the stock OpenSSL srtp.h header, which
|
||||
has a duplicate declaration of SSL_get_selected_srtp_profile().
|
||||
Fixes bug 14220; this is OpenSSL's bug, not ours.
|
||||
|
||||
o Minor bugfixes (directory authority):
|
||||
- Allow directory authorities to fetch more data from one another if
|
||||
they find themselves missing lots of votes. Previously, they had
|
||||
been bumping against the 10 MB queued data limit. Fixes bug 14261;
|
||||
bugfix on 0.1.2.5-alpha.
|
||||
- Enlarge the buffer to read bwauth generated files to avoid an
|
||||
issue when parsing the file in dirserv_read_measured_bandwidths().
|
||||
Fixes bug 14125; bugfix on 0.2.2.1-alpha.
|
||||
|
||||
o Minor bugfixes (statistics):
|
||||
- Increase period over which bandwidth observations are aggregated
|
||||
from 15 minutes to 4 hours. Fixes bug 13988; bugfix on 0.0.8pre1.
|
||||
|
||||
o Minor bugfixes (preventative security, C safety):
|
||||
- When reading a hexadecimal, base-32, or base-64 encoded value from
|
||||
a string, always overwrite the whole output buffer. This prevents
|
||||
some bugs where we would look at (but fortunately, not reveal)
|
||||
uninitialized memory on the stack. Fixes bug 14013; bugfix on all
|
||||
versions of Tor.
|
||||
|
||||
|
||||
Changes in version 0.2.4.26 - 2015-03-17
|
||||
Tor 0.2.4.26 includes an updated list of directory authorities. It
|
||||
also backports a couple of stability and security bugfixes from 0.2.5
|
||||
and beyond.
|
||||
|
||||
o Directory authority changes:
|
||||
- Remove turtles as a directory authority.
|
||||
- Add longclaw as a new (v3) directory authority. This implements
|
||||
ticket 13296. This keeps the directory authority count at 9.
|
||||
- The directory authority Faravahar has a new IP address. This
|
||||
closes ticket 14487.
|
||||
|
||||
o Major bugfixes (exit node stability, also in 0.2.6.3-alpha):
|
||||
- Fix an assertion failure that could occur under high DNS load.
|
||||
Fixes bug 14129; bugfix on Tor 0.0.7rc1. Found by "jowr";
|
||||
diagnosed and fixed by "cypherpunks".
|
||||
|
||||
o Major bugfixes (relay, stability, possible security, also in 0.2.6.4-rc):
|
||||
- Fix a bug that could lead to a relay crashing with an assertion
|
||||
failure if a buffer of exactly the wrong layout was passed to
|
||||
buf_pullup() at exactly the wrong time. Fixes bug 15083; bugfix on
|
||||
0.2.0.10-alpha. Patch from 'cypherpunks'.
|
||||
- Do not assert if the 'data' pointer on a buffer is advanced to the
|
||||
very end of the buffer; log a BUG message instead. Only assert if
|
||||
it is past that point. Fixes bug 15083; bugfix on 0.2.0.10-alpha.
|
||||
|
||||
o Minor features (geoip):
|
||||
- Update geoip to the March 3 2015 Maxmind GeoLite2 Country database.
|
||||
- Update geoip6 to the March 3 2015 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
||||
|
||||
Changes in version 0.2.5.10 - 2014-10-24
|
||||
Tor 0.2.5.10 is the first stable release in the 0.2.5 series.
|
||||
|
||||
It adds several new security features, including improved
|
||||
denial-of-service resistance for relays, new compiler hardening
|
||||
options, and a system-call sandbox for hardened installations on Linux
|
||||
(requires seccomp2). The controller protocol has several new features,
|
||||
resolving IPv6 addresses should work better than before, and relays
|
||||
should be a little more CPU-efficient. We've added support for more
|
||||
OpenBSD and FreeBSD transparent proxy types. We've improved the build
|
||||
system and testing infrastructure to allow unit testing of more parts
|
||||
of the Tor codebase. Finally, we've addressed several nagging pluggable
|
||||
transport usability issues, and included numerous other small bugfixes
|
||||
and features mentioned below.
|
||||
|
||||
This release marks end-of-life for Tor 0.2.3.x; those Tor versions
|
||||
have accumulated many known flaws; everyone should upgrade.
|
||||
|
||||
o Deprecated versions:
|
||||
- Tor 0.2.3.x has reached end-of-life; it has received no patches or
|
||||
attention for some while.
|
||||
|
||||
|
||||
Changes in version 0.2.5.9-rc - 2014-10-20
|
||||
Tor 0.2.5.9-rc is the third release candidate for the Tor 0.2.5.x
|
||||
series. It disables SSL3 in response to the recent "POODLE" attack
|
||||
(even though POODLE does not affect Tor). It also works around a crash
|
||||
bug caused by some operating systems' response to the "POODLE" attack
|
||||
(which does affect Tor). It also contains a few miscellaneous fixes.
|
||||
|
||||
o Major security fixes:
|
||||
- Disable support for SSLv3. All versions of OpenSSL in use with Tor
|
||||
today support TLS 1.0 or later, so we can safely turn off support
|
||||
for this old (and insecure) protocol. Fixes bug 13426.
|
||||
|
||||
o Major bugfixes (openssl bug workaround):
|
||||
- Avoid crashing when using OpenSSL version 0.9.8zc, 1.0.0o, or
|
||||
1.0.1j, built with the 'no-ssl3' configuration option. Fixes bug
|
||||
13471. This is a workaround for an OpenSSL bug.
|
||||
|
||||
o Minor bugfixes:
|
||||
- Disable the sandbox name resolver cache when running tor-resolve:
|
||||
tor-resolve doesn't use the sandbox code, and turning it on was
|
||||
breaking attempts to do tor-resolve on a non-default server on
|
||||
Linux. Fixes bug 13295; bugfix on 0.2.5.3-alpha.
|
||||
|
||||
o Compilation fixes:
|
||||
- Build and run correctly on systems like OpenBSD-current that have
|
||||
patched OpenSSL to remove get_cipher_by_char and/or its
|
||||
implementations. Fixes issue 13325.
|
||||
|
||||
o Downgraded warnings:
|
||||
- Downgrade the severity of the 'unexpected sendme cell from client'
|
||||
from 'warn' to 'protocol warning'. Closes ticket 8093.
|
||||
|
||||
|
||||
Changes in version 0.2.4.25 - 2014-10-20
|
||||
Tor 0.2.4.25 disables SSL3 in response to the recent "POODLE" attack
|
||||
(even though POODLE does not affect Tor). It also works around a crash
|
||||
bug caused by some operating systems' response to the "POODLE" attack
|
||||
(which does affect Tor).
|
||||
|
||||
o Major security fixes (also in 0.2.5.9-rc):
|
||||
- Disable support for SSLv3. All versions of OpenSSL in use with Tor
|
||||
today support TLS 1.0 or later, so we can safely turn off support
|
||||
for this old (and insecure) protocol. Fixes bug 13426.
|
||||
|
||||
o Major bugfixes (openssl bug workaround, also in 0.2.5.9-rc):
|
||||
- Avoid crashing when using OpenSSL version 0.9.8zc, 1.0.0o, or
|
||||
1.0.1j, built with the 'no-ssl3' configuration option. Fixes bug
|
||||
13471. This is a workaround for an OpenSSL bug.
|
||||
|
||||
|
||||
Changes in version 0.2.5.8-rc - 2014-09-22
|
||||
Tor 0.2.5.8-rc is the second release candidate for the Tor 0.2.5.x
|
||||
series. It fixes a bug that affects consistency and speed when
|
||||
connecting to hidden services, and it updates the location of one of
|
||||
the directory authorities.
|
||||
|
||||
o Major bugfixes:
|
||||
- Clients now send the correct address for their chosen rendezvous
|
||||
point when trying to access a hidden service. They used to send
|
||||
the wrong address, which would still work some of the time because
|
||||
they also sent the identity digest of the rendezvous point, and if
|
||||
the hidden service happened to try connecting to the rendezvous
|
||||
point from a relay that already had a connection open to it,
|
||||
the relay would reuse that connection. Now connections to hidden
|
||||
services should be more robust and faster. Also, this bug meant
|
||||
that clients were leaking to the hidden service whether they were
|
||||
on a little-endian (common) or big-endian (rare) system, which for
|
||||
some users might have reduced their anonymity. Fixes bug 13151;
|
||||
bugfix on 0.2.1.5-alpha.
|
||||
|
||||
o Directory authority changes:
|
||||
- Change IP address for gabelmoo (v3 directory authority).
|
||||
|
||||
|
||||
Changes in version 0.2.4.24 - 2014-09-22
|
||||
Tor 0.2.4.24 fixes a bug that affects consistency and speed when
|
||||
connecting to hidden services, and it updates the location of one of
|
||||
the directory authorities.
|
||||
|
||||
o Major bugfixes:
|
||||
- Clients now send the correct address for their chosen rendezvous
|
||||
point when trying to access a hidden service. They used to send
|
||||
the wrong address, which would still work some of the time because
|
||||
they also sent the identity digest of the rendezvous point, and if
|
||||
the hidden service happened to try connecting to the rendezvous
|
||||
point from a relay that already had a connection open to it,
|
||||
the relay would reuse that connection. Now connections to hidden
|
||||
services should be more robust and faster. Also, this bug meant
|
||||
that clients were leaking to the hidden service whether they were
|
||||
on a little-endian (common) or big-endian (rare) system, which for
|
||||
some users might have reduced their anonymity. Fixes bug 13151;
|
||||
bugfix on 0.2.1.5-alpha.
|
||||
|
||||
o Directory authority changes:
|
||||
- Change IP address for gabelmoo (v3 directory authority).
|
||||
|
||||
o Minor features (geoip):
|
||||
- Update geoip and geoip6 to the August 7 2014 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
||||
|
||||
Changes in version 0.2.5.7-rc - 2014-09-11
|
||||
Tor 0.2.5.7-rc fixes several regressions from earlier in the 0.2.5.x
|
||||
release series, and some long-standing bugs related to ORPort reachability
|
||||
testing and failure to send CREATE cells. It is the first release
|
||||
candidate for the Tor 0.2.5.x series.
|
||||
|
||||
o Major bugfixes (client, startup):
|
||||
- Start making circuits as soon as DisabledNetwork is turned off.
|
||||
When Tor started with DisabledNetwork set, it would correctly
|
||||
conclude that it shouldn't build circuits, but it would mistakenly
|
||||
cache this conclusion, and continue believing it even when
|
||||
DisableNetwork is set to 0. Fixes the bug introduced by the fix
|
||||
for bug 11200; bugfix on 0.2.5.4-alpha.
|
||||
- Resume expanding abbreviations for command-line options. The fix
|
||||
for bug 4647 accidentally removed our hack from bug 586 that
|
||||
rewrote HashedControlPassword to __HashedControlSessionPassword
|
||||
when it appears on the commandline (which allowed the user to set
|
||||
her own HashedControlPassword in the torrc file while the
|
||||
controller generates a fresh session password for each run). Fixes
|
||||
bug 12948; bugfix on 0.2.5.1-alpha.
|
||||
- Warn about attempts to run hidden services and relays in the same
|
||||
process: that's probably not a good idea. Closes ticket 12908.
|
||||
|
||||
o Major bugfixes (relay):
|
||||
- Avoid queuing or sending destroy cells for circuit ID zero when we
|
||||
fail to send a CREATE cell. Fixes bug 12848; bugfix on 0.0.8pre1.
|
||||
Found and fixed by "cypherpunks".
|
||||
- Fix ORPort reachability detection on relays running behind a
|
||||
proxy, by correctly updating the "local" mark on the controlling
|
||||
channel when changing the address of an or_connection_t after the
|
||||
handshake. Fixes bug 12160; bugfix on 0.2.4.4-alpha.
|
||||
|
||||
o Minor features (bridge):
|
||||
- Add an ExtORPortCookieAuthFileGroupReadable option to make the
|
||||
cookie file for the ExtORPort g+r by default.
|
||||
|
||||
o Minor features (geoip):
|
||||
- Update geoip and geoip6 to the August 7 2014 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
||||
o Minor bugfixes (logging):
|
||||
- Reduce the log severity of the "Pluggable transport proxy does not
|
||||
provide any needed transports and will not be launched." message,
|
||||
since Tor Browser includes several ClientTransportPlugin lines in
|
||||
its torrc-defaults file, leading every Tor Browser user who looks
|
||||
at her logs to see these notices and wonder if they're dangerous.
|
||||
Resolves bug 13124; bugfix on 0.2.5.3-alpha.
|
||||
- Downgrade "Unexpected onionskin length after decryption" warning
|
||||
to a protocol-warn, since there's nothing relay operators can do
|
||||
about a client that sends them a malformed create cell. Resolves
|
||||
bug 12996; bugfix on 0.0.6rc1.
|
||||
- Log more specific warnings when we get an ESTABLISH_RENDEZVOUS
|
||||
cell on a cannibalized or non-OR circuit. Resolves ticket 12997.
|
||||
- When logging information about an EXTEND2 or EXTENDED2 cell, log
|
||||
their names correctly. Fixes part of bug 12700; bugfix
|
||||
on 0.2.4.8-alpha.
|
||||
- When logging information about a relay cell whose command we don't
|
||||
recognize, log its command as an integer. Fixes part of bug 12700;
|
||||
bugfix on 0.2.1.10-alpha.
|
||||
- Escape all strings from the directory connection before logging
|
||||
them. Fixes bug 13071; bugfix on 0.1.1.15. Patch from "teor".
|
||||
|
||||
o Minor bugfixes (controller):
|
||||
- Restore the functionality of CookieAuthFileGroupReadable. Fixes
|
||||
bug 12864; bugfix on 0.2.5.1-alpha.
|
||||
- Actually send TRANSPORT_LAUNCHED and HS_DESC events to
|
||||
controllers. Fixes bug 13085; bugfix on 0.2.5.1-alpha. Patch
|
||||
by "teor".
|
||||
|
||||
o Minor bugfixes (compilation):
|
||||
- Fix compilation of test.h with MSVC. Patch from Gisle Vanem;
|
||||
bugfix on 0.2.5.5-alpha.
|
||||
- Make the nmake make files work again. Fixes bug 13081. Bugfix on
|
||||
0.2.5.1-alpha. Patch from "NewEraCracker".
|
||||
- In routerlist_assert_ok(), don't take the address of a
|
||||
routerinfo's cache_info member unless that routerinfo is non-NULL.
|
||||
Fixes bug 13096; bugfix on 0.1.1.9-alpha. Patch by "teor".
|
||||
- Fix a large number of false positive warnings from the clang
|
||||
analyzer static analysis tool. This should make real warnings
|
||||
easier for clang analyzer to find. Patch from "teor". Closes
|
||||
ticket 13036.
|
||||
|
||||
o Distribution (systemd):
|
||||
- Verify configuration file via ExecStartPre in the systemd unit
|
||||
file. Patch from intrigeri; resolves ticket 12730.
|
||||
- Explicitly disable RunAsDaemon in the systemd unit file. Our
|
||||
current systemd unit uses "Type = simple", so systemd does not
|
||||
expect tor to fork. If the user has "RunAsDaemon 1" in their
|
||||
torrc, then things won't work as expected. This is e.g. the case
|
||||
on Debian (and derivatives), since there we pass "--defaults-torrc
|
||||
/usr/share/tor/tor-service-defaults-torrc" (that contains
|
||||
"RunAsDaemon 1") by default. Patch by intrigeri; resolves
|
||||
ticket 12731.
|
||||
|
||||
o Documentation:
|
||||
- Adjust the URLs in the README to refer to the new locations of
|
||||
several documents on the website. Fixes bug 12830. Patch from
|
||||
Matt Pagan.
|
||||
- Document 'reject6' and 'accept6' ExitPolicy entries. Resolves
|
||||
ticket 12878.
|
||||
|
||||
|
||||
Changes in version 0.2.5.6-alpha - 2014-07-28
|
||||
Tor 0.2.5.6-alpha brings us a big step closer to slowing down the
|
||||
risk from guard rotation, and fixes a variety of other issues to get
|
||||
us closer to a release candidate.
|
||||
|
||||
o Major features (also in 0.2.4.23):
|
||||
- Make the number of entry guards configurable via a new
|
||||
NumEntryGuards consensus parameter, and the number of directory
|
||||
guards configurable via a new NumDirectoryGuards consensus
|
||||
parameter. Implements ticket 12688.
|
||||
|
||||
o Major bugfixes (also in 0.2.4.23):
|
||||
- Fix a bug in the bounds-checking in the 32-bit curve25519-donna
|
||||
implementation that caused incorrect results on 32-bit
|
||||
implementations when certain malformed inputs were used along with
|
||||
a small class of private ntor keys. This bug does not currently
|
||||
appear to allow an attacker to learn private keys or impersonate a
|
||||
Tor server, but it could provide a means to distinguish 32-bit Tor
|
||||
implementations from 64-bit Tor implementations. Fixes bug 12694;
|
||||
bugfix on 0.2.4.8-alpha. Bug found by Robert Ransom; fix from
|
||||
Adam Langley.
|
||||
|
||||
o Major bugfixes:
|
||||
- Perform circuit cleanup operations even when circuit
|
||||
construction operations are disabled (because the network is
|
||||
disabled, or because there isn't enough directory information).
|
||||
Previously, when we were not building predictive circuits, we
|
||||
were not closing expired circuits either. Fixes bug 8387; bugfix on
|
||||
0.1.1.11-alpha. This bug became visible in 0.2.4.10-alpha when we
|
||||
became more strict about when we have "enough directory information
|
||||
to build circuits".
|
||||
|
||||
o Minor features:
|
||||
- Authorities now assign the Guard flag to the fastest 25% of the
|
||||
network (it used to be the fastest 50%). Also raise the consensus
|
||||
weight that guarantees the Guard flag from 250 to 2000. For the
|
||||
current network, this results in about 1100 guards, down from 2500.
|
||||
This step paves the way for moving the number of entry guards
|
||||
down to 1 (proposal 236) while still providing reasonable expected
|
||||
performance for most users. Implements ticket 12690.
|
||||
- Update geoip and geoip6 to the July 10 2014 Maxmind GeoLite2
|
||||
Country database.
|
||||
- Slightly enhance the diagnostic message for bug 12184.
|
||||
|
||||
o Minor bugfixes (also in 0.2.4.23):
|
||||
- Warn and drop the circuit if we receive an inbound 'relay early'
|
||||
cell. Those used to be normal to receive on hidden service circuits
|
||||
due to bug 1038, but the buggy Tor versions are long gone from
|
||||
the network so we can afford to resume watching for them. Resolves
|
||||
the rest of bug 1038; bugfix on 0.2.1.19.
|
||||
- Correct a confusing error message when trying to extend a circuit
|
||||
via the control protocol but we don't know a descriptor or
|
||||
microdescriptor for one of the specified relays. Fixes bug 12718;
|
||||
bugfix on 0.2.3.1-alpha.
|
||||
|
||||
o Minor bugfixes:
|
||||
- Fix compilation when building with bufferevents enabled. (This
|
||||
configuration is still not expected to work, however.)
|
||||
Fixes bugs 12438, 12474, 11578; bugfixes on 0.2.5.1-alpha and
|
||||
0.2.5.3-alpha. Patches from Anthony G. Basile and Sathyanarayanan
|
||||
Gunasekaran.
|
||||
- Compile correctly with builds and forks of OpenSSL (such as
|
||||
LibreSSL) that disable compression. Fixes bug 12602; bugfix on
|
||||
0.2.1.1-alpha. Patch from "dhill".
|
||||
|
||||
|
||||
Changes in version 0.2.4.23 - 2014-07-28
|
||||
Tor 0.2.4.23 brings us a big step closer to slowing down the risk from
|
||||
guard rotation, and also backports several important fixes from the
|
||||
Tor 0.2.5 alpha release series.
|
||||
|
||||
o Major features:
|
||||
- Clients now look at the "usecreatefast" consensus parameter to
|
||||
decide whether to use CREATE_FAST or CREATE cells for the first hop
|
||||
of their circuit. This approach can improve security on connections
|
||||
where Tor's circuit handshake is stronger than the available TLS
|
||||
connection security levels, but the tradeoff is more computational
|
||||
load on guard relays. Implements proposal 221. Resolves ticket 9386.
|
||||
- Make the number of entry guards configurable via a new
|
||||
NumEntryGuards consensus parameter, and the number of directory
|
||||
guards configurable via a new NumDirectoryGuards consensus
|
||||
parameter. Implements ticket 12688.
|
||||
|
||||
o Major bugfixes:
|
||||
- Fix a bug in the bounds-checking in the 32-bit curve25519-donna
|
||||
implementation that caused incorrect results on 32-bit
|
||||
implementations when certain malformed inputs were used along with
|
||||
a small class of private ntor keys. This bug does not currently
|
||||
appear to allow an attacker to learn private keys or impersonate a
|
||||
Tor server, but it could provide a means to distinguish 32-bit Tor
|
||||
implementations from 64-bit Tor implementations. Fixes bug 12694;
|
||||
bugfix on 0.2.4.8-alpha. Bug found by Robert Ransom; fix from
|
||||
Adam Langley.
|
||||
|
||||
o Minor bugfixes:
|
||||
- Warn and drop the circuit if we receive an inbound 'relay early'
|
||||
cell. Those used to be normal to receive on hidden service circuits
|
||||
due to bug 1038, but the buggy Tor versions are long gone from
|
||||
the network so we can afford to resume watching for them. Resolves
|
||||
the rest of bug 1038; bugfix on 0.2.1.19.
|
||||
- Correct a confusing error message when trying to extend a circuit
|
||||
via the control protocol but we don't know a descriptor or
|
||||
microdescriptor for one of the specified relays. Fixes bug 12718;
|
||||
bugfix on 0.2.3.1-alpha.
|
||||
- Avoid an illegal read from stack when initializing the TLS
|
||||
module using a version of OpenSSL without all of the ciphers
|
||||
used by the v2 link handshake. Fixes bug 12227; bugfix on
|
||||
0.2.4.8-alpha. Found by "starlight".
|
||||
|
||||
o Minor features:
|
||||
- Update geoip and geoip6 to the July 10 2014 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
||||
|
||||
Changes in version 0.2.5.5-alpha - 2014-06-18
|
||||
Tor 0.2.5.5-alpha fixes a wide variety of remaining issues in the Tor
|
||||
0.2.5.x release series, including a couple of DoS issues, some
|
||||
|
|
1347
ReleaseNotes
1347
ReleaseNotes
File diff suppressed because it is too large
Load Diff
|
@ -1,5 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- Disable sandbox name resolver cache when running tor-resolve:
|
||||
tor-resolve doesn't use the sandbox code, and turning it on was
|
||||
breaking attempts to do tor-resolve on a non-default server on
|
||||
Linux. Fixes bug 13295; bugfix on 0.2.5.3-alpha.
|
|
@ -1,2 +0,0 @@
|
|||
o Directory authority changes:
|
||||
- Urras is no longer a directory authority. Closes ticket 19271.
|
|
@ -1,3 +0,0 @@
|
|||
o Directory authority changes (also in 0.2.8.7):
|
||||
- The "Tonga" bridge authority has been retired; the new bridge
|
||||
authority is "Bifroest". Closes tickets 19728 and 19690.
|
|
@ -1,6 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- Fix compilation when building with bufferevents enabled. (This
|
||||
configuration is still not expected to work, however.)
|
||||
Fixes bugs 12438, 12474, 11578; bugfixes on 0.2.5.1-alpha and
|
||||
0.2.5.3-alpha. Patches from Anthony G. Basile and Sathyanarayanan
|
||||
Gunasekaran.
|
|
@ -1,6 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- Warn and drop the circuit if we receive an inbound 'relay early'
|
||||
cell. Those used to be normal to receive on hidden service circuits
|
||||
due to bug 1038, but the buggy Tor versions are long gone from
|
||||
the network so we can afford to resume watching for them. Resolves
|
||||
the rest of bug 1038; bugfix on 0.2.1.19.
|
|
@ -1,7 +0,0 @@
|
|||
o Major bugfixes:
|
||||
- When Tor starts with DisabledNetwork set, it would correctly
|
||||
conclude that it shouldn't try making circuits, but it would
|
||||
mistakenly cache this conclusion and continue believing it even
|
||||
when DisableNetwork is set to 0. Fixes the bug introduced by the
|
||||
fix for bug 11200; bugfix on 0.2.5.4-alpha.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Bugfixes
|
||||
- Correctly update the local mark on the controlling channel when changing
|
||||
the address of an or_connection_t after the handshake. Fixes bug #12160;
|
||||
bugfix on 0.2.4.4-alpha.
|
|
@ -1,5 +0,0 @@
|
|||
o Minor bugfixes (portability):
|
||||
- Compile correctly with builds and forks of OpenSSL (such as
|
||||
LibreSSL) that disable compression. Fixes bug 12602; bugfix on
|
||||
0.2.1.1-alpha. Patch from "dhill".
|
||||
|
|
@ -1,10 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- When logging information about an EXTEND2 or EXTENDED2 cell, log
|
||||
their names correctly. Fixes part of bug 12700; bugfix on
|
||||
0.2.4.8-alpha.
|
||||
|
||||
o Minor bugfixes:
|
||||
- When logging information about a relay cell whose command we
|
||||
don't recognize, log its command as an integer. Fixes part of
|
||||
bug 12700; bugfix on 0.2.1.10-alpha.
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- Correct a confusing error message when trying to extend a circuit
|
||||
via the control protocol but we don't know a descriptor or
|
||||
microdescriptor for one of the specified relays. Fixes bug 12718;
|
||||
bugfix on 0.2.3.1-alpha.
|
|
@ -1,3 +0,0 @@
|
|||
o Distribution:
|
||||
- Verify configuration file via ExecStartPre in the systemd unit file.
|
||||
Patch from intrigeri; resolves ticket 12730.
|
|
@ -1,9 +0,0 @@
|
|||
o Distribution:
|
||||
- Explicitly disable RunAsDaemon in the systemd unit file.
|
||||
Our current systemd unit uses "Type = simple", so systemd does
|
||||
not expect tor to fork. If the user has "RunAsDaemon 1" in their
|
||||
torrc, then things won't work as expected. This is e.g. the case
|
||||
on Debian (and derivatives), since there we pass
|
||||
"--defaults-torrc /usr/share/tor/tor-service-defaults-torrc"
|
||||
(that contains "RunAsDaemon 1") by default.
|
||||
Patch by intrigeri; resolves ticket 12731.
|
|
@ -1,4 +0,0 @@
|
|||
o Documentation:
|
||||
- Adjust the URLs in the README to refer to the new locations of
|
||||
several documents on the website. Patch from Matt Pagan. Fixes
|
||||
bug 12830.
|
|
@ -1,4 +0,0 @@
|
|||
o Major bugfixes (relay):
|
||||
- Avoid queuing or sending destroy cells for circuit ID zero when
|
||||
we fail to send a CREATE cell. Fixes bug 12848; bugfix on
|
||||
0.0.8pre1. Found and fixed by "cypherpunks".
|
|
@ -1,7 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- Restore the functionality of CookieAuthFileGroupReadable. Fixes bug
|
||||
12864; bugfix on 0.2.5.1-alpha.
|
||||
|
||||
o Minor features:
|
||||
- Add an ExtORPortCookieAuthFileGroupReadable option to make the
|
||||
cookie file for the ExtORPort g+r by default.
|
|
@ -1,3 +0,0 @@
|
|||
o Documentation:
|
||||
- Document 'reject6' and 'accept6' ExitPolicy entries. Resolves
|
||||
ticket 12878.
|
|
@ -1,4 +0,0 @@
|
|||
o Minor features:
|
||||
- Warn about attempts to run hidden services and relays in the
|
||||
same process: that's probably not a good idea. Closes ticket
|
||||
12908.
|
|
@ -1,8 +0,0 @@
|
|||
o Major bugfixes:
|
||||
- Resume expanding abbreviations for command-line options. The fix
|
||||
for bug 4647 accidentally removed our hack from bug 586 that rewrote
|
||||
HashedControlPassword to __HashedControlSessionPassword when it
|
||||
appears on the commandline (which allowed the user to set her
|
||||
own HashedControlPassword in the torrc file while the controller
|
||||
generates a fresh session password for each run). Fixes bug 12948;
|
||||
bugfix on 0.2.5.1-alpha.
|
|
@ -1,5 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- Downgrade "Unexpected onionskin length after decryption" warning
|
||||
to a protocol-warn, since there's nothing relay operators can do
|
||||
about a client that sends them a malformed create cell. Resolves
|
||||
bug 12996; bugfix on 0.0.6rc1.
|
|
@ -1,3 +0,0 @@
|
|||
o Minor features:
|
||||
- Log more specific warnings when we get an ESTABLISH_RENDEZVOUS cell
|
||||
on a cannibalized or non-OR circuit. Resolves ticket 12997.
|
|
@ -1,3 +0,0 @@
|
|||
o Minor bugfixes (relay):
|
||||
- Escape all strings from the directory connection before logging them.
|
||||
Fixes bug 13071; bugfix on 0.1.1.15. Patch from "teor".
|
|
@ -1,3 +0,0 @@
|
|||
o Compilation fixes:
|
||||
- Make the nmake make files work again. Fixes bug 13081. Bugfix on 0.2.5.1-alpha. Patch
|
||||
from "NewEraCracker".
|
|
@ -1,3 +0,0 @@
|
|||
o Minor bugfixes (controller):
|
||||
- Actually send TRANSPORT_LAUNCHED and HS_DESC events to controllers.
|
||||
Fixes bug 13085; bugfix on 0.2.5.1-alpha. Patch by "teor".
|
|
@ -1,4 +0,0 @@
|
|||
o Minor bugfixes (conformance):
|
||||
- In routerlist_assert_ok(), don't take the address of a routerinfo's
|
||||
cache_info member unless that routerinfo is non-NULL. Fixes bug
|
||||
13096; bugfix on 0.1.1.9-alpha. Patch by "teor".
|
|
@ -1,3 +0,0 @@
|
|||
o Directory authority changes:
|
||||
- Change IP address for gabelmoo (v3 directory authority).
|
||||
|
|
@ -1,8 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- Reduce the log severity of the "Pluggable transport proxy does
|
||||
not provide any needed transports and will not be launched."
|
||||
message, since Tor Browser includes several ClientTransportPlugin
|
||||
lines in its torrc-defaults file, leading every Tor Browser user
|
||||
who looks at her logs to see these notices and wonder if they're
|
||||
dangerous. Resolves bug 13124; bugfix on 0.2.5.3-alpha.
|
||||
|
|
@ -1,13 +0,0 @@
|
|||
o Major bugfixes:
|
||||
- Clients now send the correct address for their chosen rendezvous
|
||||
point when trying to access a hidden service. They used to send
|
||||
the wrong address, which would still work some of the time because
|
||||
they also sent the identity digest of the rendezvous point, and if
|
||||
the hidden service happened to try connecting to the rendezvous
|
||||
point from a relay that already had a connection open to it,
|
||||
the relay would reuse that connection. Now connections to hidden
|
||||
services should be more robust and faster. Also, this bug meant
|
||||
that clients were leaking to the hidden service whether they were
|
||||
on a little-endian (common) or big-endian (rare) system, which for
|
||||
some users might have reduced their anonymity. Fixes bug 13151;
|
||||
bugfix on 0.2.1.5-alpha.
|
|
@ -1,5 +0,0 @@
|
|||
o Directory authority changes:
|
||||
- Remove turtles as a directory authority.
|
||||
- Add longclaw as a new (v3) directory authority. This implements
|
||||
ticket 13296. This keeps the directory authority count at 9.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Compilation fixes:
|
||||
- Build and run correctly on systems like OpenBSD-current that
|
||||
have patched OpenSSL to remove get_cipher_by_char and/or its
|
||||
implementations. Fixes issue 13325.
|
|
@ -1,5 +0,0 @@
|
|||
o Major bugfixes (openssl bug workaround):
|
||||
- Avoid crashing when using OpenSSL version 0.9.8zc, 1.0.0o, or
|
||||
1.0.1j, built with the 'no-ssl3' configuration option. Fixes
|
||||
bug 13471. This is a workaround for an OpenSSL bug.
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
o Minor bugfixes (statistics):
|
||||
- Increase period over which bandwidth observations are aggregated
|
||||
from 15 minutes to 4 hours. Fixes bug 13988; bugfix on 0.0.8pre1.
|
|
@ -1,6 +0,0 @@
|
|||
o Major bugfixes:
|
||||
- When reading a hexadecimal, base-32, or base-64 encoded value
|
||||
from a string, always overwrite the complete output buffer. This
|
||||
prevents some bugs where we would look at (but fortunately, not
|
||||
reveal) uninitialized memory on the stack. Fixes bug 14013;
|
||||
bugfix on all versions of Tor.
|
|
@ -1,5 +0,0 @@
|
|||
o Minor bugfixes (dirauth):
|
||||
- Enlarge the buffer to read bw-auth generated files to avoid an
|
||||
issue when parsing the file in dirserv_read_measured_bandwidths().
|
||||
Bugfix on 0.2.2.1-alpha, fixes #14125.
|
||||
|
|
@ -1,7 +0,0 @@
|
|||
o Major bugfixes (exit node stability):
|
||||
|
||||
- Fix an assertion failure that could occur under high DNS load. Fixes
|
||||
bug 14129; bugfix on Tor 0.0.7rc1. Found by "jowr"; diagnosed and fixed
|
||||
by "cypherpunks".
|
||||
|
||||
|
|
@ -1,7 +0,0 @@
|
|||
o Minor bugfixes (client):
|
||||
- Check for a missing option value in parse_virtual_addr_network
|
||||
before asserting on the NULL in tor_addr_parse_mask_ports.
|
||||
This avoids crashing on torrc lines like
|
||||
Vi[rtualAddrNetworkIPv[4|6]] when no value follows the option.
|
||||
Bugfix on 0.2.3 (de4cc126cbb5 on 24 November 2012), fixes #14142.
|
||||
Patch by "teor".
|
|
@ -1,3 +0,0 @@
|
|||
o Minor bugfixes (client):
|
||||
- Fix a memory leak when using AutomapHostsOnResolve.
|
||||
Fixes bug 14195; bugfix on 0.1.0.1-rc.
|
|
@ -1,4 +0,0 @@
|
|||
o Minor bugfixes (compilation):
|
||||
- Build without warnings with the stock OpenSSL srtp.h header,
|
||||
which has a duplicate declaration of SSL_get_selected_srtp_profile().
|
||||
Fixes bug 14220; this is OpenSSL's bug, not ours.
|
|
@ -1,5 +0,0 @@
|
|||
O Minor bugfixes (directory authority):
|
||||
- Allow directory authorities to fetch more data from one
|
||||
another if they find themselves missing lots of votes.
|
||||
Previously, they had been bumping against the 10 MB queued
|
||||
data limit. Fixes bug 14261. Bugfix on 0.1.2.5-alpha.
|
|
@ -1,10 +0,0 @@
|
|||
o Major bugfixes (relay, stability, possible security):
|
||||
- Fix a bug that could lead to a relay crashing with an assertion
|
||||
failure if a buffer of exactly the wrong layout was passed
|
||||
to buf_pullup() at exactly the wrong time. Fixes bug 15083;
|
||||
bugfix on 0.2.0.10-alpha. Patch from 'cypherpunks'.
|
||||
|
||||
- Do not assert if the 'data' pointer on a buffer is advanced to the very
|
||||
end of the buffer; log a BUG message instead. Only assert if it is
|
||||
past that point. Fixes bug 15083; bugfix on 0.2.0.10-alpha.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Minor bugfixes (Linux seccomp2 sandbox):
|
||||
- Upon receiving sighup, do not crash during attempts to call
|
||||
wait4. Fixes bug 15088; bugfix on 0.2.5.1-alpha. Patch from
|
||||
"sanic".
|
|
@ -1,5 +0,0 @@
|
|||
o Major bugfixes (crash, OSX, security):
|
||||
- Fix a remote denial-of-service opportunity caused by a bug
|
||||
in OSX's _strlcat_chk() function. Fixes bug 15205; bug first
|
||||
appeared in OSX 10.9.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Minor features (DoS-resistance):
|
||||
- Make it harder for attackers to overwhelm hidden services with
|
||||
introductions, by blocking multiple introduction requests on the
|
||||
same circuit. Resolves ticket #15515.
|
|
@ -1,5 +0,0 @@
|
|||
o Major bugfixes (security, hidden service):
|
||||
- Fix an issue that would allow a malicious client to trigger
|
||||
an assertion failure and halt a hidden service. Fixes
|
||||
bug 15600; bugfix on 0.2.1.6-alpha. Reported by "skruffy".
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Major bugfixes (security, hidden service):
|
||||
- Fix a bug that could cause a client to crash with an assertion
|
||||
failure when parsing a malformed hidden service descriptor.
|
||||
Fixes bug 15601; bugfix on 0.2.1.5-alpha. Found by "DonnCha".
|
|
@ -1,4 +0,0 @@
|
|||
o Minor bugfixes (hidden service):
|
||||
- Fix an out-of-bounds read when parsing invalid INTRODUCE2 cells
|
||||
on a client authorized hidden service. Fixes bug 15823; bugfix
|
||||
on 0.2.1.6-alpha.
|
|
@ -1,8 +0,0 @@
|
|||
o Major bugfixes (dns proxy mode, crash):
|
||||
- Avoid crashing when running as a DNS proxy. Closes bug 16248; bugfix on
|
||||
0.2.0.1-alpha. Patch from 'cypherpunks'.
|
||||
|
||||
o Minor features (bug-resistance):
|
||||
- Make Tor survive errors involving connections without a corresponding
|
||||
event object. Previously we'd fail with an assertion; now we produce a
|
||||
log message. Related to bug 16248.
|
|
@ -1,7 +0,0 @@
|
|||
o Minor bugfixes (crypto error-handling):
|
||||
- If crypto_early_init fails, a typo in a return value from tor_init
|
||||
means that tor_main continues running, rather than returning
|
||||
an error value.
|
||||
Fixes bug 16360; bugfix on d3fb846d8c98 in 0.2.5.2-alpha,
|
||||
introduced when implementing #4900.
|
||||
Patch by "teor".
|
|
@ -1,6 +0,0 @@
|
|||
o Major bugfixes (security, correctness):
|
||||
- Fix a programming error that could cause us to read 4 bytes before
|
||||
the beginning of an openssl string. This could be used to provoke
|
||||
a crash on systems with an unusual malloc implementation, or
|
||||
systems with unsual hardening installed. Fixes bug 17404; bugfix
|
||||
on 0.2.3.6-alpha.
|
|
@ -1,7 +0,0 @@
|
|||
o Major bugfixes (guard selection):
|
||||
- Actually look at the Guard flag when selecting a new directory
|
||||
guard. When we implemented the directory guard design, we
|
||||
accidentally started treating all relays as if they have the Guard
|
||||
flag during guard selection, leading to weaker anonymity and worse
|
||||
performance. Fixes bug 17222; bugfix on 0.2.4.8-alpha. Discovered
|
||||
by Mohsen Imani.
|
|
@ -1,3 +0,0 @@
|
|||
o Compilation fixes:
|
||||
- Fix a compilation warning with Clang 3.6: Do not check the
|
||||
presence of an address which can never be NULL. Fixes bug 17781.
|
|
@ -1,4 +0,0 @@
|
|||
o Minor features (authorities):
|
||||
- Update the V3 identity key for dannenberg, it was changed on
|
||||
18 November 2015.
|
||||
Closes task #17906. Patch by "teor".
|
|
@ -1,6 +0,0 @@
|
|||
o Minor fixes (security):
|
||||
- Make memwipe() do nothing when passed a NULL pointer
|
||||
or zero size. Check size argument to memwipe() for underflow.
|
||||
Closes bug #18089. Reported by "gk", patch by "teor".
|
||||
Bugfix on 0.2.3.25 and 0.2.4.6-alpha (#7352),
|
||||
commit 49dd5ef3 on 7 Nov 2012.
|
|
@ -1,7 +0,0 @@
|
|||
o Major bugfixes (security, pointers):
|
||||
|
||||
- Avoid a difficult-to-trigger heap corruption attack when extending
|
||||
a smartlist to contain over 16GB of pointers. Fixes bug #18162;
|
||||
bugfix on Tor 0.1.1.11-alpha, which fixed a related bug
|
||||
incompletely. Reported by Guido Vranken.
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
o Minor features (bridge):
|
||||
- Bridges now include notice in their descriptors that they are bridges,
|
||||
and notice of their distribution status, based on their publication
|
||||
settings. Implements ticket 18329. For more fine-grained control of
|
||||
how a bridge is distributed, upgrade to 0.3.2.x or later.
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
o Major bugfixes (DNS proxy):
|
||||
- Stop a crash that could occur when a client running with DNSPort
|
||||
received a query with multiple address types, where the first
|
||||
address type was not supported. Found and fixed by Scott Dial.
|
||||
Fixes bug 18710; bugfix on 0.2.5.4-alpha.
|
||||
|
|
@ -1,10 +0,0 @@
|
|||
o Major features (security fixes):
|
||||
- Prevent a class of security bugs caused by treating the contents
|
||||
of a buffer chunk as if they were a NUL-terminated string. At
|
||||
least one such bug seems to be present in all currently used
|
||||
versions of Tor, and would allow an attacker to remotely crash
|
||||
most Tor instances, especially those compiled with extra compiler
|
||||
hardening. With this defense in place, such bugs can't crash Tor,
|
||||
though we should still fix them as they occur. Closes ticket
|
||||
20384 (TROVE-2016-10-001).
|
||||
|
|
@ -1,11 +0,0 @@
|
|||
o Major bugfixes (parsing, security):
|
||||
|
||||
- Fix a bug in parsing that could cause clients to read a single
|
||||
byte past the end of an allocated region. This bug could be
|
||||
used to cause hardened clients (built with
|
||||
--enable-expensive-hardening) to crash if they tried to visit
|
||||
a hostile hidden service. Non-hardened clients are only
|
||||
affected depending on the details of their platform's memory
|
||||
allocator. Fixes bug 21018; bugfix on 0.2.0.8-alpha. Found by
|
||||
using libFuzzer. Also tracked as TROVE-2016-12-002 and as
|
||||
CVE-2016-1254.
|
|
@ -1,3 +0,0 @@
|
|||
o Minor bugfixes (correctness):
|
||||
- Avoid undefined behavior when parsing IPv6 entries from the geoip6
|
||||
file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.
|
|
@ -1,8 +0,0 @@
|
|||
o Build features:
|
||||
- Tor's repository now includes a Travis Continuous Integration (CI)
|
||||
configuration file (.travis.yml). This is meant to help new developers and
|
||||
contributors who fork Tor to a Github repository be better able to test
|
||||
their changes, and understand what we expect to pass. To use this new build
|
||||
feature, you must fork Tor to your Github account, then go into the
|
||||
"Integrations" menu in the repository settings for your fork and enable
|
||||
Travis, then push your changes.
|
|
@ -1,12 +0,0 @@
|
|||
o Minor bugfixes (defensive programming, undefined behavior):
|
||||
|
||||
- Fix a memset() off the end of an array when packing cells. This
|
||||
bug should be harmless in practice, since the corrupted bytes
|
||||
are still in the same structure, and are always padding bytes,
|
||||
ignored, or immediately overwritten, depending on compiler
|
||||
behavior. Nevertheless, because the memset()'s purpose is to
|
||||
make sure that any other cell-handling bugs can't expose bytes
|
||||
to the network, we need to fix it. Fixes bug 22737; bugfix on
|
||||
0.2.4.11-alpha. Fixes CID 1401591.
|
||||
|
||||
|
|
@ -1,7 +0,0 @@
|
|||
o Major bugfixes (openbsd, denial-of-service):
|
||||
- Avoid an assertion failure bug affecting our implementation of
|
||||
inet_pton(AF_INET6) on certain OpenBSD systems whose strtol()
|
||||
handling of "0xfoo" differs from what we had expected.
|
||||
Fixes bug 22789; bugfix on 0.2.3.8-alpha. Also tracked as
|
||||
TROVE-2017-007.
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
o Downgraded warnings:
|
||||
- Downgrade the severity of the 'unexpected sendme cell from client' from
|
||||
'warn' to 'protocol warning'. Closes ticket 8093.
|
|
@ -1,11 +0,0 @@
|
|||
o Major bugfixes (client):
|
||||
|
||||
- Perform circuit cleanup operations even when circuit
|
||||
construction operations are disabled (because the network is
|
||||
disabled, or because there isn't enough directory information).
|
||||
Previously, when we were not building predictive circuits, we
|
||||
were not closing expired circuits either.
|
||||
|
||||
Fixes bug 8387; bugfix on 0.1.1.11-alpha. This bug became visible
|
||||
in 0.2.4.10-alpha when we became more strict about when we have
|
||||
"enough directory information to build circuits".
|
|
@ -1,12 +0,0 @@
|
|||
o Major bugfixes:
|
||||
|
||||
- Fix a bug in the bounds-checking in the 32-bit curve25519-donna
|
||||
implementation that caused incorrect results on 32-bit
|
||||
implementations when certain malformed inputs were used along with
|
||||
a small class of private ntor keys. This bug does not currently
|
||||
appear to allow an attacker to learn private keys or impersonate a
|
||||
Tor server, but it could provide a means to distinguish 32-bit Tor
|
||||
implementations from 64-bit Tor implementations. Fixes bug 12694;
|
||||
bugfix on 0.2.4.8-alpha. Bug found by Robert Ransom; fix from
|
||||
Adam Langley.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Major security fixes:
|
||||
- Disable support for SSLv3. All versions of OpenSSL in use with
|
||||
Tor today support TLS 1.0 or later, so we can safely turn off
|
||||
support for this old (and insecure) protocol. Fixes bug 13426.
|
|
@ -1,2 +0,0 @@
|
|||
o Minor features (diagnostic):
|
||||
- Slightly enhance the diagnostic message for bug 12184.
|
|
@ -1,4 +0,0 @@
|
|||
o Minor features (geoip):
|
||||
- Update geoip and geoip6 to the November 6 2017 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
o Minor features:
|
||||
- Update geoip to the April 8 2015 Maxmind GeoLite2 Country database.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Minor features:
|
||||
- Update geoip and geoip6 to the April 5 2016 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Minor features:
|
||||
- Update geoip and geoip6 to the April 4 2017 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
o Minor features:
|
||||
- Update geoip to the August 7 2014 Maxmind GeoLite2 Country database.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Minor features:
|
||||
- Update geoip and geoip6 to the August 2 2016 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Minor features:
|
||||
- Update geoip and geoip6 to the August 3 2017 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Minor features:
|
||||
- Update geoip and geoip6 to the December 1 2015 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Minor features:
|
||||
- Update geoip and geoip6 to the December 7 2016 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Minor features:
|
||||
- Update geoip and geoip6 to the February 2 2016 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Minor features:
|
||||
- Update geoip and geoip6 to the February 8 2017 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
o Minor features:
|
||||
- Update geoip to the January 7 2015 Maxmind GeoLite2 Country database.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Minor features:
|
||||
- Update geoip and geoip6 to the January 5 2016 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Minor features:
|
||||
- Update geoip and geoip6 to the January 4 2017 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
o Minor features:
|
||||
- Update geoip to the July 10 2014 Maxmind GeoLite2 Country database.
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
o Minor features:
|
||||
- Update geoip and geoip6 to the July 8 2015 Maxmind GeoLite2 Country database.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Minor features:
|
||||
- Update geoip and geoip6 to the July 6 2016 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Minor features:
|
||||
- Update geoip and geoip6 to the July 4 2017 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Minor features:
|
||||
- Update geoip and geoip6 to the June 7 2016 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
o Minor features:
|
||||
- Update geoip to the June 3 2015 Maxmind GeoLite2 Country database.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Minor features:
|
||||
- Update geoip and geoip6 to the June 8 2017 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
o Minor features:
|
||||
- Update geoip to the March 3 2015 Maxmind GeoLite2 Country database.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Minor features:
|
||||
- Update geoip and geoip6 to the March 3 2016 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Minor features:
|
||||
- Update geoip and geoip6 to the March 7 2017 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Minor features:
|
||||
- Update geoip and geoip6 to the May 4 2016 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Minor features:
|
||||
- Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
o Minor features:
|
||||
- Update geoip to the November 15 2014 Maxmind GeoLite2 Country database.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Minor features:
|
||||
- Update geoip and geoip6 to the November 3 2016 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
o Minor features:
|
||||
- Update geoip and geoip6 to the October 9 2015 Maxmind GeoLite2 Country database.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Minor features:
|
||||
- Update geoip and geoip6 to the October 4 2016 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Minor features (geoip):
|
||||
- Update geoip and geoip6 to the October 4 2017 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
o Minor features:
|
||||
- Update geoip and geoip6 to the September 3 2015 Maxmind GeoLite2 Country database.
|
||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue