Compare commits
107 Commits
master
...
release-0.
Author | SHA1 | Date |
---|---|---|
Nick Mathewson | 3ae8b32cc9 | |
Nick Mathewson | c47ab7863c | |
Nick Mathewson | 2e9fbab843 | |
Nick Mathewson | 07d44bea0b | |
Nick Mathewson | 332c637f24 | |
Nick Mathewson | 1fd9d5ef37 | |
Nick Mathewson | eb4ca1c16e | |
Nick Mathewson | 8a556f996c | |
Nick Mathewson | 21a9e5371d | |
Nick Mathewson | 6937ec7857 | |
Nick Mathewson | 2b34b2323a | |
Nick Mathewson | 48bd659214 | |
Nick Mathewson | 0978889563 | |
Nick Mathewson | 183a62d8ce | |
Nick Mathewson | 49670ed4a0 | |
Nick Mathewson | 73371db4b9 | |
Nick Mathewson | c0c68547ea | |
Nick Mathewson | d525d7aada | |
Nick Mathewson | 249126ff13 | |
Nick Mathewson | 1f0909fd34 | |
Nick Mathewson | cb328f61a3 | |
Nick Mathewson | 9689b93990 | |
Nick Mathewson | 48c4bbe9c7 | |
Nick Mathewson | 102b2e7f8b | |
Nick Mathewson | bf4559c848 | |
Nick Mathewson | 0c18b2dc76 | |
Nick Mathewson | f9be4b9636 | |
Nick Mathewson | 535e034004 | |
Nick Mathewson | 56451e8b98 | |
Nick Mathewson | db61ae2c84 | |
Nick Mathewson | 50911ddb37 | |
Nick Mathewson | 83b46f11ac | |
Nick Mathewson | 4dc5475e3d | |
Nick Mathewson | 0b571cff23 | |
Nick Mathewson | a49be99eda | |
Nick Mathewson | f20ec6a322 | |
Nick Mathewson | 28e42f6fff | |
Nick Mathewson | f84a5e8a91 | |
Nick Mathewson | 4f7b4b21b9 | |
Nick Mathewson | 1f6b918466 | |
Nick Mathewson | 6ba5480bc1 | |
Nick Mathewson | 9aa7ebca29 | |
Nick Mathewson | 58c51dc608 | |
Nick Mathewson | 3c4cbcb073 | |
Nick Mathewson | 014f860205 | |
Roger Dingledine | 24f056c25d | |
Nick Mathewson | 4bae17e57d | |
Nick Mathewson | 3085343783 | |
Nick Mathewson | aff40531cb | |
Nick Mathewson | e02a643009 | |
Nick Mathewson | 2cdef2bb34 | |
Nick Mathewson | 23a95986ce | |
Nick Mathewson | d41ab97294 | |
Nick Mathewson | 5bf688ee0f | |
Andrea Shepard | 0e939c1e00 | |
Andrea Shepard | 2f17b91ae2 | |
Andrea Shepard | b616aea074 | |
Nick Mathewson | 376171104c | |
Nick Mathewson | e8758dba8f | |
Nick Mathewson | f591ce17e8 | |
Andrea Shepard | 5dc6f758d6 | |
Nick Mathewson | 41db4bffd6 | |
Nick Mathewson | 602e328dc3 | |
Nick Mathewson | 2fe3afccb6 | |
Nick Mathewson | 2a38a3f92b | |
Nick Mathewson | 5c8440b13b | |
Nick Mathewson | a45526c230 | |
Nick Mathewson | e1366d907a | |
Nick Mathewson | dad3522712 | |
Nick Mathewson | 407441c652 | |
Nick Mathewson | 9ccf019b16 | |
Nick Mathewson | 39c056e207 | |
Nick Mathewson | c4e63b6705 | |
Nick Mathewson | 8725e6c7bc | |
Nick Mathewson | ee774b0253 | |
Nick Mathewson | a5df309d89 | |
Nick Mathewson | 164c8349fb | |
Nick Mathewson | b3f24b5de3 | |
rl1987 | db769b6407 | |
Nick Mathewson | 461a0de3ca | |
Nick Mathewson | bb8c4e69ca | |
Nick Mathewson | 5ebe7f2160 | |
Nick Mathewson | 6ce1a82132 | |
Nick Mathewson | 3eff8f38a5 | |
Nick Mathewson | 97ca0257e1 | |
Nick Mathewson | d8b2b1168e | |
Nick Mathewson | e0b77cd319 | |
Nick Mathewson | eea90546f6 | |
Nick Mathewson | 90a0a0ca7a | |
Nick Mathewson | bbf304be26 | |
Nick Mathewson | 91f7771fe5 | |
Nick Mathewson | bfde3cd6d1 | |
Nick Mathewson | 4619fd4a20 | |
Nick Mathewson | 7eb84e10e3 | |
Nick Mathewson | 0f0b83815f | |
Nick Mathewson | 2224780fc5 | |
Nick Mathewson | 74f861b295 | |
Nick Mathewson | 0c2e4aec7b | |
Nick Mathewson | ff1f6c417c | |
Nick Mathewson | 5e5b82febb | |
Nick Mathewson | 98fa3956ac | |
Nick Mathewson | cee716a1ff | |
Nick Mathewson | b86eaa9dab | |
Nick Mathewson | 101d299f1e | |
Nick Mathewson | e56263bf20 | |
Nick Mathewson | 0cbef8be88 | |
Nick Mathewson | 65ef97a546 |
521
ChangeLog
521
ChangeLog
|
@ -1,5 +1,517 @@
|
|||
Changes in version 0.2.6.4-?? - 2015-0?-??
|
||||
Changes in version 0.2.6.12 - 2017-06-08
|
||||
Tor 0.2.6.12 backports a fix for a bug that would allow an attacker to
|
||||
remotely crash a hidden service with an assertion failure. Anyone
|
||||
running a hidden service should upgrade to this version, or to some
|
||||
other version with fixes for TROVE-2017-005. (Versions before 0.3.0
|
||||
are not affected by TROVE-2017-004.)
|
||||
|
||||
o Major bugfixes (hidden service, relay, security):
|
||||
- Fix a remotely triggerable assertion failure caused by receiving a
|
||||
BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug
|
||||
22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix
|
||||
on 0.2.2.1-alpha.
|
||||
|
||||
o Minor features (geoip):
|
||||
- Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
||||
o Minor bugfixes (correctness):
|
||||
- Avoid undefined behavior when parsing IPv6 entries from the geoip6
|
||||
file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.
|
||||
|
||||
|
||||
Changes in version 0.2.6.11 - 2017-03-03
|
||||
Tor 0.2.6.11 backports a number of security fixes from later Tor
|
||||
releases. Anybody running Tor 0.2.6.10 or earlier should upgrade to
|
||||
this release, if for some reason they cannot upgrade to a later
|
||||
release series.
|
||||
|
||||
Note that support for Tor 0.2.6.x is ending this year: we will not issue
|
||||
any fixes for the Tor 0.2.6.x series after 1 August 2017. If you need
|
||||
a Tor release series with longer-term support, we recommend Tor 0.2.9.x.
|
||||
|
||||
o Directory authority changes (backport from 0.2.8.5-rc):
|
||||
- Urras is no longer a directory authority. Closes ticket 19271.
|
||||
|
||||
o Directory authority changes (backport from 0.2.9.2-alpha):
|
||||
- The "Tonga" bridge authority has been retired; the new bridge
|
||||
authority is "Bifroest". Closes tickets 19728 and 19690.
|
||||
|
||||
o Directory authority key updates (backport from 0.2.8.1-alpha):
|
||||
- Update the V3 identity key for the dannenberg directory authority:
|
||||
it was changed on 18 November 2015. Closes task 17906. Patch
|
||||
by "teor".
|
||||
|
||||
o Major features (security fixes, backport from 0.2.9.4-alpha):
|
||||
- Prevent a class of security bugs caused by treating the contents
|
||||
of a buffer chunk as if they were a NUL-terminated string. At
|
||||
least one such bug seems to be present in all currently used
|
||||
versions of Tor, and would allow an attacker to remotely crash
|
||||
most Tor instances, especially those compiled with extra compiler
|
||||
hardening. With this defense in place, such bugs can't crash Tor,
|
||||
though we should still fix them as they occur. Closes ticket
|
||||
20384 (TROVE-2016-10-001).
|
||||
|
||||
o Major bugfixes (parsing, security, backport from 0.2.9.8):
|
||||
- Fix a bug in parsing that could cause clients to read a single
|
||||
byte past the end of an allocated region. This bug could be used
|
||||
to cause hardened clients (built with --enable-expensive-hardening)
|
||||
to crash if they tried to visit a hostile hidden service. Non-
|
||||
hardened clients are only affected depending on the details of
|
||||
their platform's memory allocator. Fixes bug 21018; bugfix on
|
||||
0.2.0.8-alpha. Found by using libFuzzer. Also tracked as TROVE-
|
||||
2016-12-002 and as CVE-2016-1254.
|
||||
|
||||
o Major bugfixes (security, client, DNS proxy, backport from 0.2.8.3-alpha):
|
||||
- Stop a crash that could occur when a client running with DNSPort
|
||||
received a query with multiple address types, and the first
|
||||
address type was not supported. Found and fixed by Scott Dial.
|
||||
Fixes bug 18710; bugfix on 0.2.5.4-alpha.
|
||||
|
||||
o Major bugfixes (security, correctness, backport from 0.2.7.4-rc):
|
||||
- Fix an error that could cause us to read 4 bytes before the
|
||||
beginning of an openssl string. This bug could be used to cause
|
||||
Tor to crash on systems with unusual malloc implementations, or
|
||||
systems with unusual hardening installed. Fixes bug 17404; bugfix
|
||||
on 0.2.3.6-alpha.
|
||||
|
||||
o Major bugfixes (security, pointers, backport from 0.2.8.2-alpha):
|
||||
- Avoid a difficult-to-trigger heap corruption attack when extending
|
||||
a smartlist to contain over 16GB of pointers. Fixes bug 18162;
|
||||
bugfix on 0.1.1.11-alpha, which fixed a related bug incompletely.
|
||||
Reported by Guido Vranken.
|
||||
|
||||
o Major bugfixes (dns proxy mode, crash, backport from 0.2.8.2-alpha):
|
||||
- Avoid crashing when running as a DNS proxy. Fixes bug 16248;
|
||||
bugfix on 0.2.0.1-alpha. Patch from "cypherpunks".
|
||||
|
||||
o Major bugfixes (guard selection, backport from 0.2.7.6):
|
||||
- Actually look at the Guard flag when selecting a new directory
|
||||
guard. When we implemented the directory guard design, we
|
||||
accidentally started treating all relays as if they have the Guard
|
||||
flag during guard selection, leading to weaker anonymity and worse
|
||||
performance. Fixes bug 17772; bugfix on 0.2.4.8-alpha. Discovered
|
||||
by Mohsen Imani.
|
||||
|
||||
o Major bugfixes (key management, backport from 0.2.8.3-alpha):
|
||||
- If OpenSSL fails to generate an RSA key, do not retain a dangling
|
||||
pointer to the previous (uninitialized) key value. The impact here
|
||||
should be limited to a difficult-to-trigger crash, if OpenSSL is
|
||||
running an engine that makes key generation failures possible, or
|
||||
if OpenSSL runs out of memory. Fixes bug 19152; bugfix on
|
||||
0.2.1.10-alpha. Found by Yuan Jochen Kang, Suman Jana, and
|
||||
Baishakhi Ray.
|
||||
|
||||
o Major bugfixes (parsing, backported from 0.3.0.4-rc):
|
||||
- Fix an integer underflow bug when comparing malformed Tor
|
||||
versions. This bug could crash Tor when built with
|
||||
--enable-expensive-hardening, or on Tor 0.2.9.1-alpha through Tor
|
||||
0.2.9.8, which were built with -ftrapv by default. In other cases
|
||||
it was harmless. Part of TROVE-2017-001. Fixes bug 21278; bugfix
|
||||
on 0.0.8pre1. Found by OSS-Fuzz.
|
||||
|
||||
o Minor features (security, memory erasure, backport from 0.2.8.1-alpha):
|
||||
- Make memwipe() do nothing when passed a NULL pointer or buffer of
|
||||
zero size. Check size argument to memwipe() for underflow. Fixes
|
||||
bug 18089; bugfix on 0.2.3.25 and 0.2.4.6-alpha. Reported by "gk",
|
||||
patch by "teor".
|
||||
|
||||
o Minor features (bug-resistance, backport from 0.2.8.2-alpha):
|
||||
- Make Tor survive errors involving connections without a
|
||||
corresponding event object. Previously we'd fail with an
|
||||
assertion; now we produce a log message. Related to bug 16248.
|
||||
|
||||
o Minor features (geoip):
|
||||
- Update geoip and geoip6 to the February 8 2017 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
||||
o Minor bugfixes (compilation, backport from 0.2.7.6):
|
||||
- Fix a compilation warning with Clang 3.6: Do not check the
|
||||
presence of an address which can never be NULL. Fixes bug 17781.
|
||||
|
||||
|
||||
Changes in version 0.2.6.10 - 2015-07-12
|
||||
Tor version 0.2.6.10 fixes some significant stability and hidden
|
||||
service client bugs, bulletproofs the cryptography init process, and
|
||||
fixes a bug when using the sandbox code with some older versions of
|
||||
Linux. Everyone running an older version, especially an older version
|
||||
of 0.2.6, should upgrade.
|
||||
|
||||
o Major bugfixes (hidden service clients, stability):
|
||||
- Stop refusing to store updated hidden service descriptors on a
|
||||
client. This reverts commit 9407040c59218 (which indeed fixed bug
|
||||
14219, but introduced a major hidden service reachability
|
||||
regression detailed in bug 16381). This is a temporary fix since
|
||||
we can live with the minor issue in bug 14219 (it just results in
|
||||
some load on the network) but the regression of 16381 is too much
|
||||
of a setback. First-round fix for bug 16381; bugfix
|
||||
on 0.2.6.3-alpha.
|
||||
|
||||
o Major bugfixes (stability):
|
||||
- Stop crashing with an assertion failure when parsing certain kinds
|
||||
of malformed or truncated microdescriptors. Fixes bug 16400;
|
||||
bugfix on 0.2.6.1-alpha. Found by "torkeln"; fix based on a patch
|
||||
by "cypherpunks_backup".
|
||||
- Stop random client-side assertion failures that could occur when
|
||||
connecting to a busy hidden service, or connecting to a hidden
|
||||
service while a NEWNYM is in progress. Fixes bug 16013; bugfix
|
||||
on 0.1.0.1-rc.
|
||||
|
||||
o Minor features (geoip):
|
||||
- Update geoip to the June 3 2015 Maxmind GeoLite2 Country database.
|
||||
- Update geoip6 to the June 3 2015 Maxmind GeoLite2 Country database.
|
||||
|
||||
o Minor bugfixes (crypto error-handling):
|
||||
- Check for failures from crypto_early_init, and refuse to continue.
|
||||
A previous typo meant that we could keep going with an
|
||||
uninitialized crypto library, and would have OpenSSL initialize
|
||||
its own PRNG. Fixes bug 16360; bugfix on 0.2.5.2-alpha, introduced
|
||||
when implementing ticket 4900. Patch by "teor".
|
||||
|
||||
o Minor bugfixes (Linux seccomp2 sandbox):
|
||||
- Allow pipe() and pipe2() syscalls in the seccomp2 sandbox: we need
|
||||
these when eventfd2() support is missing. Fixes bug 16363; bugfix
|
||||
on 0.2.6.3-alpha. Patch from "teor".
|
||||
|
||||
|
||||
Changes in version 0.2.6.9 - 2015-06-11
|
||||
Tor 0.2.6.9 fixes a regression in the circuit isolation code, increases the
|
||||
requirements for receiving an HSDir flag, and addresses some other small
|
||||
bugs in the systemd and sandbox code. Clients using circuit isolation
|
||||
should upgrade; all directory authorities should upgrade.
|
||||
|
||||
o Major bugfixes (client-side privacy):
|
||||
- Properly separate out each SOCKSPort when applying stream
|
||||
isolation. The error occurred because each port's session group was
|
||||
being overwritten by a default value when the listener connection
|
||||
was initialized. Fixes bug 16247; bugfix on 0.2.6.3-alpha. Patch
|
||||
by "jojelino".
|
||||
|
||||
o Minor feature (directory authorities, security):
|
||||
- The HSDir flag given by authorities now requires the Stable flag.
|
||||
For the current network, this results in going from 2887 to 2806
|
||||
HSDirs. Also, it makes it harder for an attacker to launch a sybil
|
||||
attack by raising the effort for a relay to become Stable which
|
||||
takes at the very least 7 days to do so and by keeping the 96
|
||||
hours uptime requirement for HSDir. Implements ticket 8243.
|
||||
|
||||
o Minor bugfixes (compilation):
|
||||
- Build with --enable-systemd correctly when libsystemd is
|
||||
installed, but systemd is not. Fixes bug 16164; bugfix on
|
||||
0.2.6.3-alpha. Patch from Peter Palfrader.
|
||||
|
||||
o Minor bugfixes (Linux seccomp2 sandbox):
|
||||
- Fix sandboxing to work when running as a relaymby renaming of
|
||||
secret_id_key, and allowing the eventfd2 and futex syscalls. Fixes
|
||||
bug 16244; bugfix on 0.2.6.1-alpha. Patch by Peter Palfrader.
|
||||
- Allow systemd connections to work with the Linux seccomp2 sandbox
|
||||
code. Fixes bug 16212; bugfix on 0.2.6.2-alpha. Patch by
|
||||
Peter Palfrader.
|
||||
|
||||
o Minor bugfixes (tests):
|
||||
- Fix a crash in the unit tests when built with MSVC2013. Fixes bug
|
||||
16030; bugfix on 0.2.6.2-alpha. Patch from "NewEraCracker".
|
||||
|
||||
|
||||
Changes in version 0.2.6.8 - 2015-05-21
|
||||
Tor 0.2.6.8 fixes a bit of dodgy code in parsing INTRODUCE2 cells, and
|
||||
fixes an authority-side bug in assigning the HSDir flag. All directory
|
||||
authorities should upgrade.
|
||||
|
||||
o Major bugfixes (hidden services, backport from 0.2.7.1-alpha):
|
||||
- Revert commit that made directory authorities assign the HSDir
|
||||
flag to relay without a DirPort; this was bad because such relays
|
||||
can't handle BEGIN_DIR cells. Fixes bug 15850; bugfix
|
||||
on tor-0.2.6.3-alpha.
|
||||
|
||||
o Minor bugfixes (hidden service, backport from 0.2.7.1-alpha):
|
||||
- Fix an out-of-bounds read when parsing invalid INTRODUCE2 cells on
|
||||
a client authorized hidden service. Fixes bug 15823; bugfix
|
||||
on 0.2.1.6-alpha.
|
||||
|
||||
o Minor features (geoip):
|
||||
- Update geoip to the April 8 2015 Maxmind GeoLite2 Country database.
|
||||
- Update geoip6 to the April 8 2015 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
||||
Changes in version 0.2.6.7 - 2015-04-06
|
||||
Tor 0.2.6.7 fixes two security issues that could be used by an
|
||||
attacker to crash hidden services, or crash clients visiting hidden
|
||||
services. Hidden services should upgrade as soon as possible; clients
|
||||
should upgrade whenever packages become available.
|
||||
|
||||
This release also contains two simple improvements to make hidden
|
||||
services a bit less vulnerable to denial-of-service attacks.
|
||||
|
||||
o Major bugfixes (security, hidden service):
|
||||
- Fix an issue that would allow a malicious client to trigger an
|
||||
assertion failure and halt a hidden service. Fixes bug 15600;
|
||||
bugfix on 0.2.1.6-alpha. Reported by "disgleirio".
|
||||
- Fix a bug that could cause a client to crash with an assertion
|
||||
failure when parsing a malformed hidden service descriptor. Fixes
|
||||
bug 15601; bugfix on 0.2.1.5-alpha. Found by "DonnchaC".
|
||||
|
||||
o Minor features (DoS-resistance, hidden service):
|
||||
- Introduction points no longer allow multiple INTRODUCE1 cells to
|
||||
arrive on the same circuit. This should make it more expensive for
|
||||
attackers to overwhelm hidden services with introductions.
|
||||
Resolves ticket 15515.
|
||||
- Decrease the amount of reattempts that a hidden service performs
|
||||
when its rendezvous circuits fail. This reduces the computational
|
||||
cost for running a hidden service under heavy load. Resolves
|
||||
ticket 11447.
|
||||
|
||||
|
||||
Changes in version 0.2.6.6 - 2015-03-24
|
||||
Tor 0.2.6.6 is the first stable release in the 0.2.6 series.
|
||||
|
||||
It adds numerous safety, security, correctness, and performance
|
||||
improvements. Client programs can be configured to use more kinds of
|
||||
sockets, AutomapHosts works better, the multithreading backend is
|
||||
improved, cell transmission is refactored, test coverage is much
|
||||
higher, more denial-of-service attacks are handled, guard selection is
|
||||
improved to handle long-term guards better, pluggable transports
|
||||
should work a bit better, and some annoying hidden service performance
|
||||
bugs should be addressed.
|
||||
|
||||
o Minor bugfixes (portability):
|
||||
- Use the correct datatype in the SipHash-2-4 function to prevent
|
||||
compilers from assuming any sort of alignment. Fixes bug 15436;
|
||||
bugfix on 0.2.5.3-alpha.
|
||||
|
||||
|
||||
Changes in version 0.2.6.5-rc - 2015-03-18
|
||||
Tor 0.2.6.5-rc is the second and (hopefully) last release candidate in
|
||||
the 0.2.6. It fixes a small number of bugs found in 0.2.6.4-rc.
|
||||
|
||||
o Major bugfixes (client):
|
||||
- Avoid crashing when making certain configuration option changes on
|
||||
clients. Fixes bug 15245; bugfix on 0.2.6.3-alpha. Reported
|
||||
by "anonym".
|
||||
|
||||
o Major bugfixes (pluggable transports):
|
||||
- Initialize the extended OR Port authentication cookie before
|
||||
launching pluggable transports. This prevents a race condition
|
||||
that occured when server-side pluggable transports would cache the
|
||||
authentication cookie before it has been (re)generated. Fixes bug
|
||||
15240; bugfix on 0.2.5.1-alpha.
|
||||
|
||||
o Major bugfixes (portability):
|
||||
- Do not crash on startup when running on Solaris. Fixes a bug
|
||||
related to our fix for 9495; bugfix on 0.2.6.1-alpha. Reported
|
||||
by "ruebezahl".
|
||||
|
||||
o Minor features (heartbeat):
|
||||
- On relays, report how many connections we negotiated using each
|
||||
version of the Tor link protocols. This information will let us
|
||||
know if removing support for very old versions of the Tor
|
||||
protocols is harming the network. Closes ticket 15212.
|
||||
|
||||
o Code simplification and refactoring:
|
||||
- Refactor main loop to extract the 'loop' part. This makes it
|
||||
easier to run Tor under Shadow. Closes ticket 15176.
|
||||
|
||||
|
||||
Changes in version 0.2.5.11 - 2015-03-17
|
||||
Tor 0.2.5.11 is the second stable release in the 0.2.5 series.
|
||||
|
||||
It backports several bugfixes from the 0.2.6 branch, including a
|
||||
couple of medium-level security fixes for relays and exit nodes.
|
||||
It also updates the list of directory authorities.
|
||||
|
||||
o Directory authority changes:
|
||||
- Remove turtles as a directory authority.
|
||||
- Add longclaw as a new (v3) directory authority. This implements
|
||||
ticket 13296. This keeps the directory authority count at 9.
|
||||
- The directory authority Faravahar has a new IP address. This
|
||||
closes ticket 14487.
|
||||
|
||||
o Major bugfixes (crash, OSX, security):
|
||||
- Fix a remote denial-of-service opportunity caused by a bug in
|
||||
OSX's _strlcat_chk() function. Fixes bug 15205; bug first appeared
|
||||
in OSX 10.9.
|
||||
|
||||
o Major bugfixes (relay, stability, possible security):
|
||||
- Fix a bug that could lead to a relay crashing with an assertion
|
||||
failure if a buffer of exactly the wrong layout was passed to
|
||||
buf_pullup() at exactly the wrong time. Fixes bug 15083; bugfix on
|
||||
0.2.0.10-alpha. Patch from 'cypherpunks'.
|
||||
- Do not assert if the 'data' pointer on a buffer is advanced to the
|
||||
very end of the buffer; log a BUG message instead. Only assert if
|
||||
it is past that point. Fixes bug 15083; bugfix on 0.2.0.10-alpha.
|
||||
|
||||
o Major bugfixes (exit node stability):
|
||||
- Fix an assertion failure that could occur under high DNS load.
|
||||
Fixes bug 14129; bugfix on Tor 0.0.7rc1. Found by "jowr";
|
||||
diagnosed and fixed by "cypherpunks".
|
||||
|
||||
o Major bugfixes (Linux seccomp2 sandbox):
|
||||
- Upon receiving sighup with the seccomp2 sandbox enabled, do not
|
||||
crash during attempts to call wait4. Fixes bug 15088; bugfix on
|
||||
0.2.5.1-alpha. Patch from "sanic".
|
||||
|
||||
o Minor features (controller):
|
||||
- New "GETINFO bw-event-cache" to get information about recent
|
||||
bandwidth events. Closes ticket 14128. Useful for controllers to
|
||||
get recent bandwidth history after the fix for ticket 13988.
|
||||
|
||||
o Minor features (geoip):
|
||||
- Update geoip to the March 3 2015 Maxmind GeoLite2 Country database.
|
||||
- Update geoip6 to the March 3 2015 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
||||
o Minor bugfixes (client, automapping):
|
||||
- Avoid crashing on torrc lines for VirtualAddrNetworkIPv[4|6] when
|
||||
no value follows the option. Fixes bug 14142; bugfix on
|
||||
0.2.4.7-alpha. Patch by "teor".
|
||||
- Fix a memory leak when using AutomapHostsOnResolve. Fixes bug
|
||||
14195; bugfix on 0.1.0.1-rc.
|
||||
|
||||
o Minor bugfixes (compilation):
|
||||
- Build without warnings with the stock OpenSSL srtp.h header, which
|
||||
has a duplicate declaration of SSL_get_selected_srtp_profile().
|
||||
Fixes bug 14220; this is OpenSSL's bug, not ours.
|
||||
|
||||
o Minor bugfixes (directory authority):
|
||||
- Allow directory authorities to fetch more data from one another if
|
||||
they find themselves missing lots of votes. Previously, they had
|
||||
been bumping against the 10 MB queued data limit. Fixes bug 14261;
|
||||
bugfix on 0.1.2.5-alpha.
|
||||
- Enlarge the buffer to read bwauth generated files to avoid an
|
||||
issue when parsing the file in dirserv_read_measured_bandwidths().
|
||||
Fixes bug 14125; bugfix on 0.2.2.1-alpha.
|
||||
|
||||
o Minor bugfixes (statistics):
|
||||
- Increase period over which bandwidth observations are aggregated
|
||||
from 15 minutes to 4 hours. Fixes bug 13988; bugfix on 0.0.8pre1.
|
||||
|
||||
o Minor bugfixes (preventative security, C safety):
|
||||
- When reading a hexadecimal, base-32, or base-64 encoded value from
|
||||
a string, always overwrite the whole output buffer. This prevents
|
||||
some bugs where we would look at (but fortunately, not reveal)
|
||||
uninitialized memory on the stack. Fixes bug 14013; bugfix on all
|
||||
versions of Tor.
|
||||
|
||||
|
||||
Changes in version 0.2.4.26 - 2015-03-17
|
||||
Tor 0.2.4.26 includes an updated list of directory authorities. It
|
||||
also backports a couple of stability and security bugfixes from 0.2.5
|
||||
and beyond.
|
||||
|
||||
o Directory authority changes:
|
||||
- Remove turtles as a directory authority.
|
||||
- Add longclaw as a new (v3) directory authority. This implements
|
||||
ticket 13296. This keeps the directory authority count at 9.
|
||||
- The directory authority Faravahar has a new IP address. This
|
||||
closes ticket 14487.
|
||||
|
||||
o Major bugfixes (exit node stability, also in 0.2.6.3-alpha):
|
||||
- Fix an assertion failure that could occur under high DNS load.
|
||||
Fixes bug 14129; bugfix on Tor 0.0.7rc1. Found by "jowr";
|
||||
diagnosed and fixed by "cypherpunks".
|
||||
|
||||
o Major bugfixes (relay, stability, possible security, also in 0.2.6.4-rc):
|
||||
- Fix a bug that could lead to a relay crashing with an assertion
|
||||
failure if a buffer of exactly the wrong layout was passed to
|
||||
buf_pullup() at exactly the wrong time. Fixes bug 15083; bugfix on
|
||||
0.2.0.10-alpha. Patch from 'cypherpunks'.
|
||||
- Do not assert if the 'data' pointer on a buffer is advanced to the
|
||||
very end of the buffer; log a BUG message instead. Only assert if
|
||||
it is past that point. Fixes bug 15083; bugfix on 0.2.0.10-alpha.
|
||||
|
||||
o Minor features (geoip):
|
||||
- Update geoip to the March 3 2015 Maxmind GeoLite2 Country database.
|
||||
- Update geoip6 to the March 3 2015 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
||||
|
||||
Changes in version 0.2.6.4-rc - 2015-03-09
|
||||
Tor 0.2.6.4-alpha fixes an issue in the directory code that an
|
||||
attacker might be able to use in order to crash certain Tor
|
||||
directories. It also resolves some minor issues left over from, or
|
||||
introduced in, Tor 0.2.6.3-alpha or earlier.
|
||||
|
||||
o Major bugfixes (crash, OSX, security):
|
||||
- Fix a remote denial-of-service opportunity caused by a bug in
|
||||
OSX's _strlcat_chk() function. Fixes bug 15205; bug first appeared
|
||||
in OSX 10.9.
|
||||
|
||||
o Major bugfixes (relay, stability, possible security):
|
||||
- Fix a bug that could lead to a relay crashing with an assertion
|
||||
failure if a buffer of exactly the wrong layout is passed to
|
||||
buf_pullup() at exactly the wrong time. Fixes bug 15083; bugfix on
|
||||
0.2.0.10-alpha. Patch from "cypherpunks".
|
||||
- Do not assert if the 'data' pointer on a buffer is advanced to the
|
||||
very end of the buffer; log a BUG message instead. Only assert if
|
||||
it is past that point. Fixes bug 15083; bugfix on 0.2.0.10-alpha.
|
||||
|
||||
o Major bugfixes (FreeBSD IPFW transparent proxy):
|
||||
- Fix address detection with FreeBSD transparent proxies, when
|
||||
"TransProxyType ipfw" is in use. Fixes bug 15064; bugfix
|
||||
on 0.2.5.4-alpha.
|
||||
|
||||
o Major bugfixes (Linux seccomp2 sandbox):
|
||||
- Pass IPPROTO_TCP rather than 0 to socket(), so that the Linux
|
||||
seccomp2 sandbox doesn't fail. Fixes bug 14989; bugfix
|
||||
on 0.2.6.3-alpha.
|
||||
- Allow AF_UNIX hidden services to be used with the seccomp2
|
||||
sandbox. Fixes bug 15003; bugfix on 0.2.6.3-alpha.
|
||||
- Upon receiving sighup with the seccomp2 sandbox enabled, do not
|
||||
crash during attempts to call wait4. Fixes bug 15088; bugfix on
|
||||
0.2.5.1-alpha. Patch from "sanic".
|
||||
|
||||
o Minor features (controller):
|
||||
- Messages about problems in the bootstrap process now include
|
||||
information about the server we were trying to connect to when we
|
||||
noticed the problem. Closes ticket 15006.
|
||||
|
||||
o Minor features (geoip):
|
||||
- Update geoip to the March 3 2015 Maxmind GeoLite2 Country database.
|
||||
- Update geoip6 to the March 3 2015 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
||||
o Minor features (logs):
|
||||
- Quiet some log messages in the heartbeat and at startup. Closes
|
||||
ticket 14950.
|
||||
|
||||
o Minor bugfixes (certificate handling):
|
||||
- If an authority operator accidentally makes a signing certificate
|
||||
with a future publication time, do not discard its real signing
|
||||
certificates. Fixes bug 11457; bugfix on 0.2.0.3-alpha.
|
||||
- Remove any old authority certificates that have been superseded
|
||||
for at least two days. Previously, we would keep superseded
|
||||
certificates until they expired, if they were published close in
|
||||
time to the certificate that superseded them. Fixes bug 11454;
|
||||
bugfix on 0.2.1.8-alpha.
|
||||
|
||||
o Minor bugfixes (compilation):
|
||||
- Fix a compilation warning on s390. Fixes bug 14988; bugfix
|
||||
on 0.2.5.2-alpha.
|
||||
- Fix a compilation warning on FreeBSD. Fixes bug 15151; bugfix
|
||||
on 0.2.6.2-alpha.
|
||||
|
||||
o Minor bugfixes (testing):
|
||||
- Fix endianness issues in unit test for resolve_my_address() to
|
||||
have it pass on big endian systems. Fixes bug 14980; bugfix on
|
||||
Tor 0.2.6.3-alpha.
|
||||
- Avoid a side-effect in a tor_assert() in the unit tests. Fixes bug
|
||||
15188; bugfix on 0.1.2.3-alpha. Patch from Tom van der Woerdt.
|
||||
- When running the new 'make test-stem' target, use the configured
|
||||
python binary. Fixes bug 15037; bugfix on 0.2.6.3-alpha. Patch
|
||||
from "cypherpunks".
|
||||
- When running the zero-length-keys tests, do not use the default
|
||||
torrc file. Fixes bug 15033; bugfix on 0.2.6.3-alpha. Reported
|
||||
by "reezer".
|
||||
|
||||
o Directory authority IP change:
|
||||
- The directory authority Faravahar has a new IP address. This
|
||||
closes ticket 14487.
|
||||
|
||||
o Removed code:
|
||||
- Remove some lingering dead code that once supported mempools.
|
||||
Mempools were disabled by default in 0.2.5, and removed entirely
|
||||
in 0.2.6.3-alpha. Closes more of ticket 14848; patch
|
||||
by "cypherpunks".
|
||||
|
||||
|
||||
Changes in version 0.2.6.3-alpha - 2015-02-19
|
||||
|
@ -49,6 +561,13 @@ Changes in version 0.2.6.3-alpha - 2015-02-19
|
|||
notified of updates and their correct digests. Implements proposal
|
||||
227. Closes ticket 10395.
|
||||
|
||||
o Major features (guards):
|
||||
- Introduce the Guardfraction feature to improves load balancing on
|
||||
guard nodes. Specifically, it aims to reduce the traffic gap that
|
||||
guard nodes experience when they first get the Guard flag. This is
|
||||
a required step if we want to increase the guard lifetime to 9
|
||||
months or greater. Closes ticket 9321.
|
||||
|
||||
o Major features (performance):
|
||||
- Make the CPU worker implementation more efficient by avoiding the
|
||||
kernel and lengthening pipelines. The original implementation used
|
||||
|
|
1377
ReleaseNotes
1377
ReleaseNotes
File diff suppressed because it is too large
Load Diff
|
@ -1,3 +0,0 @@
|
|||
o Minor bugfixes (testing):
|
||||
- Avoid a side-effect in a tor_assert() in the unit tests. Fixes bug
|
||||
15188; bugfix on 0.1.2.3-alpha. Patch from Tom van der Woerdt.
|
|
@ -1,2 +0,0 @@
|
|||
o Directory authority changes:
|
||||
- Urras is no longer a directory authority. Closes ticket 19271.
|
|
@ -1,3 +0,0 @@
|
|||
o Directory authority changes (also in 0.2.8.7):
|
||||
- The "Tonga" bridge authority has been retired; the new bridge
|
||||
authority is "Bifroest". Closes tickets 19728 and 19690.
|
|
@ -1,11 +0,0 @@
|
|||
o Major features (security fixes):
|
||||
|
||||
- Prevent a class of security bugs caused by treating the contents
|
||||
of a buffer chunk as if they were a NUL-terminated string. At
|
||||
least one such bug seems to be present in all currently used
|
||||
versions of Tor, and would allow an attacker to remotely crash
|
||||
most Tor instances, especially those compiled with extra compiler
|
||||
hardening. With this defense in place, such bugs can't crash Tor,
|
||||
though we should still fix them as they occur. Closes ticket 20384
|
||||
(TROVE-2016-10-001).
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
o Minor features (DoS-resistance):
|
||||
- Decrease the amount of reattempts that a hidden service is
|
||||
willing to perform when its rendezvous circuits fail. This
|
||||
reduces the computational cost for hidden service under heavy
|
||||
load. Resolves ticket #11447.
|
|
@ -1,6 +0,0 @@
|
|||
o Minor bugfixes (certificate handling):
|
||||
- Remove any old authority certificates that have been superseded
|
||||
for at least two days. Previously, we would keep superseded
|
||||
certificates until they expired, if they were published close
|
||||
in time to the certificate that superseded them.
|
||||
Fixes bug 11454; bugfix on 0.2.1.8-alpha.
|
|
@ -1,5 +0,0 @@
|
|||
o Minor bugfixes (certificate handling):
|
||||
- If an authority operator accidentally makes a signing certificate with
|
||||
a future publication time, do not discard its real signing
|
||||
certificates. Fixes bug 11457; bugfix on 0.2.0.3-alpha.
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
o Removed code:
|
||||
- Remove some lingering dead code that once supported mempools. Mempools
|
||||
were disabled by default in 0.2.5, and removed entirely in
|
||||
0.2.6.3-alpha. Closes more of ticket 14848; patch by "cypherpunks".
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
o Minor features (logs):
|
||||
- Quiet some log messages in the heartbeat and at startup. Closes
|
||||
ticket 14950.
|
|
@ -1,4 +0,0 @@
|
|||
o Minor bugfixes (testing):
|
||||
- Fix endianness issues in unit test for resolve_my_address() to
|
||||
have it pass on big endian systems. Fixes bug 14980; bugfix on
|
||||
Tor 0.2.6.3-alpha.
|
|
@ -1,4 +0,0 @@
|
|||
o Minor bugfixes (compilation):
|
||||
- Fix a compilation warning on s390. Fixes bug 14988; bugfix on
|
||||
0.2.5.2-alpha.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Major bugfixes (Linux seccomp2 sandbox):
|
||||
- Pass IPPROTO_TCP rather than 0 to socket(), so that the
|
||||
Linux seccomp2 sandbox doesn't fail. Fixes bug 14989;
|
||||
bugfix on 0.2.6.3-alpha.
|
|
@ -1,3 +0,0 @@
|
|||
o Major bugfixes (linux seccomp2 sandbox):
|
||||
- Allow AF_UNIX hidden services to be used with the seccomp2 sandbox.
|
||||
Fixes bug 15003; bugfix on 0.2.6.3-alpha.
|
|
@ -1,4 +0,0 @@
|
|||
o Minor bugfixes (tests):
|
||||
- When running the zero-length-keys check, do not use the default
|
||||
torrc file. Fixes bug 15033; bugfix on 0.2.6.3-alpha. Reported
|
||||
by "reezer".
|
|
@ -1,4 +0,0 @@
|
|||
o Minor bugfixes (testing):
|
||||
- When running the new 'make test-stem' target, use the configured
|
||||
python binary. Fixes bug 15037; bugfix on 0.2.6.3-alpha. Patch
|
||||
from "cypherpunks".
|
|
@ -1,4 +0,0 @@
|
|||
o Major bugfixes (FreeBSD IPFW transparent proxy):
|
||||
- Fix address detection with FreeBSD transparent proxies,
|
||||
when "TransProxyType ipfw" is in use.
|
||||
Fixes bug 15064; bugfix on 0.2.5.4-alpha.
|
|
@ -1,10 +0,0 @@
|
|||
o Major bugfixes (relay, stability, possible security):
|
||||
- Fix a bug that could lead to a relay crashing with an assertion
|
||||
failure if a buffer of exactly the wrong layout was passed
|
||||
to buf_pullup() at exactly the wrong time. Fixes bug 15083;
|
||||
bugfix on 0.2.0.10-alpha. Patch from 'cypherpunks'.
|
||||
|
||||
- Do not assert if the 'data' pointer on a buffer is advanced to the very
|
||||
end of the buffer; log a BUG message instead. Only assert if it is
|
||||
past that point. Fixes bug 15083; bugfix on 0.2.0.10-alpha.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Minor bugfixes (Linux seccomp2 sandbox):
|
||||
- Upon receiving sighup, do not crash during attempts to call
|
||||
wait4. Fixes bug 15088; bugfix on 0.2.5.1-alpha. Patch from
|
||||
"sanic".
|
|
@ -1,3 +0,0 @@
|
|||
o Minor bugfixes (compilation):
|
||||
- Fix a compilation warning on FreeBSD. Fixes bug 15151; bugfix on
|
||||
0.2.6.2-alpha.
|
|
@ -1,5 +0,0 @@
|
|||
o Major bugfixes (crash, OSX, security):
|
||||
- Fix a remote denial-of-service opportunity caused by a bug
|
||||
in OSX's _strlcat_chk() function. Fixes bug 15205; bug first
|
||||
appeared in OSX 10.9.
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
o Minor bugfixes (pluggable transports):
|
||||
- Initialize the extended OR Port authentication cookie before launching
|
||||
pluggable transports. This prevents a race condition that occured when
|
||||
server-side pluggable transports would cache the authentication cookie
|
||||
before it has been (re)generated. Fixes bug 15240; bugfix on
|
||||
0.2.5.1-alpha.
|
|
@ -1,5 +0,0 @@
|
|||
o Major bugfixes:
|
||||
- Avoid crashing when making certain configuration option changes
|
||||
on clients. Fixes bug 15245; bugfix on 0.2.6.3-alpha. Reported
|
||||
by "anonym".
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Minor bugfixes (portability):
|
||||
- Use the correct datatype in the SipHash-2-4 function to prevent compilers
|
||||
from assuming any sort of alignment. Fixes bug 15436; bugfix on
|
||||
0.2.5.3-alpha.
|
|
@ -1,4 +0,0 @@
|
|||
o Minor features (DoS-resistance):
|
||||
- Make it harder for attackers to overwhelm hidden services with
|
||||
introductions, by blocking multiple introduction requests on the
|
||||
same circuit. Resolves ticket #15515.
|
|
@ -1,5 +0,0 @@
|
|||
o Major bugfixes (security, hidden service):
|
||||
- Fix an issue that would allow a malicious client to trigger
|
||||
an assertion failure and halt a hidden service. Fixes
|
||||
bug 15600; bugfix on 0.2.1.6-alpha. Reported by "skruffy".
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Major bugfixes (security, hidden service):
|
||||
- Fix a bug that could cause a client to crash with an assertion
|
||||
failure when parsing a malformed hidden service descriptor.
|
||||
Fixes bug 15601; bugfix on 0.2.1.5-alpha. Found by "DonnCha".
|
|
@ -1,4 +0,0 @@
|
|||
o Minor bugfixes (hidden service):
|
||||
- Fix an out-of-bounds read when parsing invalid INTRODUCE2 cells
|
||||
on a client authorized hidden service. Fixes bug 15823; bugfix
|
||||
on 0.2.1.6-alpha.
|
|
@ -1,4 +0,0 @@
|
|||
o Major bugfix
|
||||
- Revert commit that made directory authority assign the HSDir flag to
|
||||
relay without a DirPort which is bad because relay can't handle
|
||||
BEGIN_DIR cells. Fixes #15850. Bugfix on tor-0.2.6.3-alpha;
|
|
@ -1,5 +0,0 @@
|
|||
o Major bugfixes (hidden service, stability):
|
||||
- Stop randomly crashing with an assertion failure when connecting to a
|
||||
busy hidden service, or connecting to a hidden service while a NEWNYM
|
||||
is in progress. Fixes bug 16013; bugfix on 0.1.0.1-rc.
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
o Minor bugfixes (tests):
|
||||
- Fix a crash in the unit tests on MSVC2013. Fixes bug 16030; bugfix on
|
||||
0.2.6.2-alpha. Patch from "NewEraCracker".
|
|
@ -1,4 +0,0 @@
|
|||
o Minor bugfixes (compilation):
|
||||
- Build with --enable-systemd correctly when libsystemd is installed,
|
||||
but systemd is not. Fixes bug 16164, bugfix on 0.2.6.3-alpha. Patch
|
||||
from Peter Palfrader.
|
|
@ -1,5 +0,0 @@
|
|||
o Minor bugfixes (sandbox, systemd):
|
||||
- Allow systemd connections to work with the Linux seccomp2 sandbox
|
||||
code. Fixes bug 16212; bugfix on 0.2.6.2-alpha.
|
||||
Patch by Peter Palfrader.
|
||||
|
|
@ -1,7 +0,0 @@
|
|||
o Minor bugfixes (sandbox, relay):
|
||||
- Fix sandboxing to work when running as a relay again. This
|
||||
includes correctly allowing renaming secret_id_key and
|
||||
allowing the eventfd2 and futex syscalls.
|
||||
Fixes bug 16244; bugfix on 0.2.6.1-alpha.
|
||||
Patch by Peter Palfrader.
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
o Minor bugfixes (client-side privacy):
|
||||
- Properly separate out each SOCKSPort when applying stream isolation.
|
||||
The error occured because each port's session group was being
|
||||
overwritten by a default value. Fixes bug 16247; bugfix on
|
||||
0.2.6.3-alpha. Patch by "jojelino".
|
|
@ -1,8 +0,0 @@
|
|||
o Major bugfixes (dns proxy mode, crash):
|
||||
- Avoid crashing when running as a DNS proxy. Closes bug 16248; bugfix on
|
||||
0.2.0.1-alpha. Patch from 'cypherpunks'.
|
||||
|
||||
o Minor features (bug-resistance):
|
||||
- Make Tor survive errors involving connections without a corresponding
|
||||
event object. Previously we'd fail with an assertion; now we produce a
|
||||
log message. Related to bug 16248.
|
|
@ -1,7 +0,0 @@
|
|||
o Minor bugfixes (crypto error-handling):
|
||||
- If crypto_early_init fails, a typo in a return value from tor_init
|
||||
means that tor_main continues running, rather than returning
|
||||
an error value.
|
||||
Fixes bug 16360; bugfix on d3fb846d8c98 in 0.2.5.2-alpha,
|
||||
introduced when implementing #4900.
|
||||
Patch by "teor".
|
|
@ -1,4 +0,0 @@
|
|||
o Minor bugfixes (Linux seccomp2 sandbox):
|
||||
- Allow pipe() and pipe2() syscalls; we need these when eventfd2()
|
||||
support is missing. Fixes bug 16363; bugfix on 0.2.6.3-alpha.
|
||||
Patch from "teor".
|
|
@ -1,13 +0,0 @@
|
|||
o Major bugfix (Hidden service client)
|
||||
- Revert commit 9407040c592184e05e45a3c1a00739c2dd302288 of bug #14219
|
||||
that indeed fixed an issue but introduced a major hidden service
|
||||
reachability regression detailed in bug #16381. This is a temporary
|
||||
fix since we can live with the minor issue in #14219 but the
|
||||
regression introduced is too much of a set back.
|
||||
|
||||
To be clear, #14219 bug just results in some load on the network, and
|
||||
some delay for the client when visiting a hidden service that will
|
||||
ultimately fail.
|
||||
|
||||
This is only a bandaid for #16381 thus it does _not_ fixes it. bugfix
|
||||
on tor-0.2.6.3-alpha~138.
|
|
@ -1,5 +0,0 @@
|
|||
o Major bugfixes:
|
||||
- Do not crash with an assertion error when parsing certain kinds
|
||||
of malformed or truncated microdescriptors. Fixes bug 16400;
|
||||
bugfix on 0.2.6.1-alpha. Found by "torkeln"; fix based on a patch by
|
||||
"cypherpunks_backup".
|
|
@ -1,6 +0,0 @@
|
|||
o Major bugfixes (security, correctness):
|
||||
- Fix a programming error that could cause us to read 4 bytes before
|
||||
the beginning of an openssl string. This could be used to provoke
|
||||
a crash on systems with an unusual malloc implementation, or
|
||||
systems with unsual hardening installed. Fixes bug 17404; bugfix
|
||||
on 0.2.3.6-alpha.
|
|
@ -1,7 +0,0 @@
|
|||
o Major bugfixes (guard selection):
|
||||
- Actually look at the Guard flag when selecting a new directory
|
||||
guard. When we implemented the directory guard design, we
|
||||
accidentally started treating all relays as if they have the Guard
|
||||
flag during guard selection, leading to weaker anonymity and worse
|
||||
performance. Fixes bug 17222; bugfix on 0.2.4.8-alpha. Discovered
|
||||
by Mohsen Imani.
|
|
@ -1,3 +0,0 @@
|
|||
o Compilation fixes:
|
||||
- Fix a compilation warning with Clang 3.6: Do not check the
|
||||
presence of an address which can never be NULL. Fixes bug 17781.
|
|
@ -1,4 +0,0 @@
|
|||
o Minor features (authorities):
|
||||
- Update the V3 identity key for dannenberg, it was changed on
|
||||
18 November 2015.
|
||||
Closes task #17906. Patch by "teor".
|
|
@ -1,6 +0,0 @@
|
|||
o Minor fixes (security):
|
||||
- Make memwipe() do nothing when passed a NULL pointer
|
||||
or zero size. Check size argument to memwipe() for underflow.
|
||||
Closes bug #18089. Reported by "gk", patch by "teor".
|
||||
Bugfix on 0.2.3.25 and 0.2.4.6-alpha (#7352),
|
||||
commit 49dd5ef3 on 7 Nov 2012.
|
|
@ -1,7 +0,0 @@
|
|||
o Major bugfixes (security, pointers):
|
||||
|
||||
- Avoid a difficult-to-trigger heap corruption attack when extending
|
||||
a smartlist to contain over 16GB of pointers. Fixes bug #18162;
|
||||
bugfix on Tor 0.1.1.11-alpha, which fixed a related bug
|
||||
incompletely. Reported by Guido Vranken.
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
o Major bugfixes (DNS proxy):
|
||||
- Stop a crash that could occur when a client running with DNSPort
|
||||
received a query with multiple address types, where the first
|
||||
address type was not supported. Found and fixed by Scott Dial.
|
||||
Fixes bug 18710; bugfix on 0.2.5.4-alpha.
|
||||
|
|
@ -1,10 +0,0 @@
|
|||
o Major features (security fixes):
|
||||
- Prevent a class of security bugs caused by treating the contents
|
||||
of a buffer chunk as if they were a NUL-terminated string. At
|
||||
least one such bug seems to be present in all currently used
|
||||
versions of Tor, and would allow an attacker to remotely crash
|
||||
most Tor instances, especially those compiled with extra compiler
|
||||
hardening. With this defense in place, such bugs can't crash Tor,
|
||||
though we should still fix them as they occur. Closes ticket
|
||||
20384 (TROVE-2016-10-001).
|
||||
|
|
@ -1,11 +0,0 @@
|
|||
o Major bugfixes (parsing, security):
|
||||
|
||||
- Fix a bug in parsing that could cause clients to read a single
|
||||
byte past the end of an allocated region. This bug could be
|
||||
used to cause hardened clients (built with
|
||||
--enable-expensive-hardening) to crash if they tried to visit
|
||||
a hostile hidden service. Non-hardened clients are only
|
||||
affected depending on the details of their platform's memory
|
||||
allocator. Fixes bug 21018; bugfix on 0.2.0.8-alpha. Found by
|
||||
using libFuzzer. Also tracked as TROVE-2016-12-002 and as
|
||||
CVE-2016-1254.
|
|
@ -1,3 +0,0 @@
|
|||
o Minor bugfixes (correctness):
|
||||
- Avoid undefined behavior when parsing IPv6 entries from the geoip6
|
||||
file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.
|
|
@ -1,4 +0,0 @@
|
|||
o Major bugfixes (portability):
|
||||
- Do not crash on startup when running on Solaris. Fixes a bug
|
||||
related to our fix for 9495; bugfix on 0.2.6.1-alpha. Reported
|
||||
by "ruebezahl".
|
|
@ -1,4 +0,0 @@
|
|||
o Minor features (controller):
|
||||
- Messages about problems in the bootstrap process now include
|
||||
information about the server we were trying to connect to when we
|
||||
noticed the problem. Closes ticket 15006.
|
|
@ -1,3 +0,0 @@
|
|||
o Minor features:
|
||||
- Update geoip to the April 8 2015 Maxmind GeoLite2 Country database.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Minor features:
|
||||
- Update geoip and geoip6 to the April 5 2016 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Minor features:
|
||||
- Update geoip and geoip6 to the April 4 2017 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Minor features:
|
||||
- Update geoip and geoip6 to the August 2 2016 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Minor features:
|
||||
- Update geoip and geoip6 to the December 1 2015 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Minor features:
|
||||
- Update geoip and geoip6 to the December 7 2016 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Minor features:
|
||||
- Update geoip and geoip6 to the February 2 2016 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Minor features:
|
||||
- Update geoip and geoip6 to the February 8 2017 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Minor features:
|
||||
- Update geoip and geoip6 to the January 5 2016 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Minor features:
|
||||
- Update geoip and geoip6 to the January 4 2017 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
o Minor features:
|
||||
- Update geoip and geoip6 to the July 8 2015 Maxmind GeoLite2 Country database.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Minor features:
|
||||
- Update geoip and geoip6 to the July 6 2016 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Minor features:
|
||||
- Update geoip and geoip6 to the June 7 2016 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
o Minor features:
|
||||
- Update geoip to the June 3 2015 Maxmind GeoLite2 Country database.
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
o Minor features:
|
||||
- Update geoip to the March 3 2015 Maxmind GeoLite2 Country database.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Minor features:
|
||||
- Update geoip and geoip6 to the March 3 2016 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Minor features:
|
||||
- Update geoip and geoip6 to the March 7 2017 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Minor features:
|
||||
- Update geoip and geoip6 to the May 4 2016 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Minor features:
|
||||
- Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Minor features:
|
||||
- Update geoip and geoip6 to the November 3 2016 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
o Minor features:
|
||||
- Update geoip and geoip6 to the October 9 2015 Maxmind GeoLite2 Country database.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Minor features:
|
||||
- Update geoip and geoip6 to the October 4 2016 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
o Minor features:
|
||||
- Update geoip and geoip6 to the September 3 2015 Maxmind GeoLite2 Country database.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Minor features:
|
||||
- Update geoip and geoip6 to the September 6 2016 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
o Minor features:
|
||||
- Update geoip6 to the April 8 2015 Maxmind GeoLite2 Country database.
|
|
@ -1,3 +0,0 @@
|
|||
o Minor features:
|
||||
- Update geoip6 to the June 3 2015 Maxmind GeoLite2 Country database.
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
o Minor features:
|
||||
- Update geoip6 to the March 3 2015 Maxmind GeoLite2 Country database.
|
||||
|
|
@ -1,7 +0,0 @@
|
|||
o Major bugfixes (key management):
|
||||
- If OpenSSL fails to generate an RSA key, do not retain a dangling pointer
|
||||
to the previous (uninitialized) key value. The impact here should be
|
||||
limited to a difficult-to-trigger crash, if OpenSSL is running an
|
||||
engine that makes key generation failures possible, or if OpenSSL runs
|
||||
out of memory. Fixes bug 19152; bugfix on 0.2.1.10-alpha. Found by
|
||||
Yuan Jochen Kang, Suman Jana, and Baishakhi Ray.
|
|
@ -1,3 +0,0 @@
|
|||
o Directory authority IP change:
|
||||
- The directory authority Faravahar has a new IP address. Closes
|
||||
ticket 14487.
|
|
@ -1,3 +0,0 @@
|
|||
o Code simplification and refactoring:
|
||||
- Refactor main loop to extract the 'loop' part. This makes it easier
|
||||
to run Tor under Shadow. Closes ticket 15176.
|
|
@ -1,6 +0,0 @@
|
|||
o Minor features (heartbeat):
|
||||
|
||||
- On relays, report how many connections we negotiated using each
|
||||
version of the Tor link protocols. This information will let us
|
||||
know if removing support for very old versions of the Tor
|
||||
protocols is harming the network. Closes ticket 15212.
|
|
@ -1,7 +0,0 @@
|
|||
o Minor feature:
|
||||
- The HSDir flag given by authorities now requires the Stable flag. For
|
||||
the current network, this results in going from 2887 to 2806 HSDirs.
|
||||
Also, it makes it harder for an attacker to launch a sybil attack by
|
||||
raising the effort for a relay to become Stable which takes at the
|
||||
very least 7 days to do so and by keeping the 96 hours uptime
|
||||
requirement for HSDir. Implements ticket #8243.
|
|
@ -1,8 +0,0 @@
|
|||
o Major bugfixes (parsing):
|
||||
- Fix an integer underflow bug when comparing malformed Tor versions.
|
||||
This bug is harmless, except when Tor has been built with
|
||||
--enable-expensive-hardening, which would turn it into a crash;
|
||||
or on Tor 0.2.9.1-alpha through Tor 0.2.9.8, which were built with
|
||||
-ftrapv by default.
|
||||
Part of TROVE-2017-001. Fixes bug 21278; bugfix on
|
||||
0.0.8pre1. Found by OSS-Fuzz.
|
|
@ -1,7 +0,0 @@
|
|||
o Major bugfixes (hidden service, relay, security):
|
||||
- Fix an assertion failure caused by receiving a BEGIN_DIR cell on
|
||||
a hidden service rendezvous circuit. Fixes bug 22494, tracked as
|
||||
TROVE-2017-005 and CVE-2017-0376; bugfix on 0.2.2.1-alpha. Found
|
||||
by armadev.
|
||||
|
||||
|
|
@ -235,7 +235,6 @@
|
|||
#define VERSION "0.2.6.12-dev"
|
||||
|
||||
|
||||
|
||||
#define HAVE_STRUCT_SOCKADDR_IN6
|
||||
#define HAVE_STRUCT_IN6_ADDR
|
||||
#define RSHIFT_DOES_SIGN_EXTEND
|
||||
|
|
Loading…
Reference in New Issue