Compare commits
177 Commits
master
...
release-0.
Author | SHA1 | Date |
---|---|---|
Nick Mathewson | d07e069c97 | |
Nick Mathewson | b2b59b06c8 | |
Nick Mathewson | 2ffdf43e70 | |
Nick Mathewson | f3ea412110 | |
Nick Mathewson | 7c411bba8a | |
Nick Mathewson | 72c2292efc | |
Nick Mathewson | 698e4a4780 | |
Nick Mathewson | bcf033047d | |
Nick Mathewson | 1fe6e318f1 | |
Nick Mathewson | 1ff7c60759 | |
Nick Mathewson | ad3b01e056 | |
Nick Mathewson | e11830b2b4 | |
Nick Mathewson | ebf4f3f823 | |
Nick Mathewson | 87de19eff4 | |
Nick Mathewson | df1bae8f0f | |
Nick Mathewson | 27b04b8bad | |
Nick Mathewson | e5e3f13640 | |
Nick Mathewson | b734f871b7 | |
Nick Mathewson | 2b716e8599 | |
Nick Mathewson | f1cbb09e35 | |
Nick Mathewson | b1c543cf4d | |
Nick Mathewson | 98b28e789e | |
Nick Mathewson | 5926f14ecf | |
Nick Mathewson | 7b93939c77 | |
Nick Mathewson | fa3cad363e | |
Nick Mathewson | f5bd987c75 | |
Nick Mathewson | 100ff4a928 | |
Nick Mathewson | f02007a3e4 | |
Nick Mathewson | abff196c6a | |
Nick Mathewson | c346c892a4 | |
Nick Mathewson | 4d73ed10c4 | |
Nick Mathewson | 700c654d70 | |
Nick Mathewson | 4d308789e2 | |
Nick Mathewson | 0ad7317107 | |
Nick Mathewson | 2244838ec0 | |
Nick Mathewson | 658cd486ba | |
Nick Mathewson | 0f1b510b60 | |
Nick Mathewson | fe022f3ab0 | |
Nick Mathewson | 00322a9ba9 | |
Nick Mathewson | 385a44bac5 | |
Nick Mathewson | bea47fde59 | |
Nick Mathewson | 78b8274679 | |
Nick Mathewson | ee3d83dbf7 | |
Nick Mathewson | 44019d73ff | |
Nick Mathewson | 87b2047f9e | |
Nick Mathewson | 5df265ae55 | |
Nick Mathewson | 2db94810bf | |
Nick Mathewson | b594455ddd | |
Nick Mathewson | 5cb83c9425 | |
Nick Mathewson | d9bc1cdd1c | |
Nick Mathewson | 881307dc77 | |
Nick Mathewson | eebf93dfdc | |
Nick Mathewson | 61f3fe0418 | |
Nick Mathewson | fdcb065bf7 | |
Nick Mathewson | 070e82a02d | |
Nick Mathewson | 9c8b07c5eb | |
Nick Mathewson | c3debdfe6c | |
Nick Mathewson | 3a7e2ce1b6 | |
Nick Mathewson | 4c21daa9e2 | |
Nick Mathewson | 923efa3db8 | |
Nick Mathewson | 75e0843893 | |
Nick Mathewson | abe5b07c13 | |
Nick Mathewson | c33db290a9 | |
Nick Mathewson | 514212ed66 | |
Nick Mathewson | df16f89a8a | |
Nick Mathewson | a0d0e8842c | |
Nick Mathewson | 33d693fc74 | |
Nick Mathewson | 59cd249335 | |
Nick Mathewson | 93d376d8b3 | |
Nick Mathewson | 7902c2fa05 | |
Nick Mathewson | 136fb78f40 | |
Nick Mathewson | bc4a44e426 | |
Nick Mathewson | 388ed4c815 | |
Nick Mathewson | ef1d939751 | |
Nick Mathewson | df58a97f40 | |
Nick Mathewson | a2523196a4 | |
Nick Mathewson | ea5368026d | |
Nick Mathewson | c90ea4ee18 | |
Nick Mathewson | ce2f38f054 | |
Nick Mathewson | 72f06fc59c | |
Nick Mathewson | 7ebec27e72 | |
Nick Mathewson | 58e39a5596 | |
Nick Mathewson | 10ac393293 | |
Nick Mathewson | 036e60aa6e | |
Nick Mathewson | 1fb2e467d5 | |
Nick Mathewson | 03539b76cf | |
Nick Mathewson | 2e3c5296ff | |
Nick Mathewson | 22b3bf094e | |
Nick Mathewson | 3e5d9ae31a | |
Nick Mathewson | c552ce0e17 | |
Nick Mathewson | 7444f2daf9 | |
Nick Mathewson | 50cc49dd7f | |
Nick Mathewson | 4da0fe0234 | |
Nick Mathewson | 315667c448 | |
Nick Mathewson | 723f0487e9 | |
Nick Mathewson | 48ff8bb49b | |
Nick Mathewson | e23084bc6a | |
Nick Mathewson | 1bf534c8b3 | |
Nick Mathewson | b4ae31e2b7 | |
Nick Mathewson | db96d1b6b0 | |
Nick Mathewson | 802d30d9b7 | |
Nick Mathewson | 2664156a34 | |
Nick Mathewson | 03b91ac8c9 | |
Nick Mathewson | 63d0426af5 | |
Nick Mathewson | 916791f0be | |
Nick Mathewson | 17c61d98e4 | |
Nick Mathewson | 9390ec043b | |
Nick Mathewson | 2d26802524 | |
Nick Mathewson | 624bccc35e | |
Nick Mathewson | fae8bcba9e | |
Nick Mathewson | 0e8e775a40 | |
Nick Mathewson | 1ef83505db | |
Nick Mathewson | 10c33a6af2 | |
Nick Mathewson | 2ab1de9f3b | |
Roger Dingledine | 384457912f | |
Nick Mathewson | 94b5128395 | |
Nick Mathewson | 647fa4bdf4 | |
Nick Mathewson | bd62f78ebd | |
Nick Mathewson | 4663bec513 | |
Nick Mathewson | cfd9c1bdc0 | |
Nick Mathewson | 2da783ac84 | |
Nick Mathewson | 1dc4e86e41 | |
Nick Mathewson | 695425db0c | |
Nick Mathewson | 1fbd1e526c | |
Nick Mathewson | e4f29dc61a | |
Roger Dingledine | f8f34a8220 | |
Nick Mathewson | 6758549fe8 | |
Nick Mathewson | 7372315d56 | |
Nick Mathewson | a6cf5f6014 | |
Nick Mathewson | 75e22561a1 | |
Nick Mathewson | 47d2e4f06e | |
Nick Mathewson | 6f9af94757 | |
Nick Mathewson | d7c55e6700 | |
Nick Mathewson | a172303484 | |
Nick Mathewson | 43a0ae395d | |
Nick Mathewson | cab3aafcb3 | |
Nick Mathewson | 37c966db04 | |
Nick Mathewson | ddccc0f9b4 | |
Nick Mathewson | 03e5216700 | |
Nick Mathewson | e9a315c2df | |
Nick Mathewson | 4048c08332 | |
Nick Mathewson | 11f8342586 | |
Nick Mathewson | 5eb2786600 | |
Nick Mathewson | b44bb249a4 | |
Nick Mathewson | fe3cb4a337 | |
Nick Mathewson | b2e500f95b | |
Nick Mathewson | 91c60d77d6 | |
Nick Mathewson | 7257d41aa7 | |
Nick Mathewson | 3e463312df | |
Nick Mathewson | f50363e37a | |
Nick Mathewson | 0c0f8ad061 | |
Nick Mathewson | e1718c2dc0 | |
Nick Mathewson | 698984c180 | |
Nick Mathewson | 0e101e6545 | |
Nick Mathewson | 0c58627c1c | |
Nick Mathewson | 51ae5d8440 | |
Nick Mathewson | 7ec17188fe | |
Nick Mathewson | 7ffef14d33 | |
Nick Mathewson | 2e3645d026 | |
Nick Mathewson | 4ed142ae9b | |
Nick Mathewson | 92944a65be | |
Nick Mathewson | ea95c6d1ba | |
Nick Mathewson | 9e574fce98 | |
Nick Mathewson | d1054b09b9 | |
Nick Mathewson | f0dab06fca | |
Nick Mathewson | 18a4a4d7fd | |
Nick Mathewson | 26997ef9ae | |
Nick Mathewson | 23d365f3ae | |
Nick Mathewson | d66c184e3f | |
Nick Mathewson | 9ea09d15ab | |
Nick Mathewson | 9094936040 | |
Nick Mathewson | cf9844fcfa | |
Nick Mathewson | d6b6257121 | |
Nick Mathewson | 35ea6fb580 | |
Nick Mathewson | 96e471693f | |
Nick Mathewson | 46e096f2eb | |
Nick Mathewson | a9217bf6a5 |
711
ChangeLog
711
ChangeLog
|
@ -1,4 +1,713 @@
|
|||
Changes in version 0.3.0.4-??? - 2017-02-??
|
||||
Changes in version 0.3.0.13 - 2017-12-01
|
||||
Tor 0.3.0.13 backports important security and stability bugfixes from
|
||||
later Tor releases. All Tor users should upgrade to this release, or
|
||||
to another of the releases coming out today.
|
||||
|
||||
Note: the Tor 0.3.0 series will no longer be supported after 26 Jan
|
||||
2018. If you need a release with long-term support, please stick with
|
||||
the 0.2.9 series. Otherwise, please upgrade to 0.3.1 or later.
|
||||
|
||||
o Major bugfixes (security, backport from 0.3.2.6-alpha):
|
||||
- Fix a denial of service bug where an attacker could use a
|
||||
malformed directory object to cause a Tor instance to pause while
|
||||
OpenSSL would try to read a passphrase from the terminal. (Tor
|
||||
instances run without a terminal, which is the case for most Tor
|
||||
packages, are not impacted.) Fixes bug 24246; bugfix on every
|
||||
version of Tor. Also tracked as TROVE-2017-011 and CVE-2017-8821.
|
||||
Found by OSS-Fuzz as testcase 6360145429790720.
|
||||
- Fix a denial of service issue where an attacker could crash a
|
||||
directory authority using a malformed router descriptor. Fixes bug
|
||||
24245; bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2017-010
|
||||
and CVE-2017-8820.
|
||||
- When checking for replays in the INTRODUCE1 cell data for a
|
||||
(legacy) onion service, correctly detect replays in the RSA-
|
||||
encrypted part of the cell. We were previously checking for
|
||||
replays on the entire cell, but those can be circumvented due to
|
||||
the malleability of Tor's legacy hybrid encryption. This fix helps
|
||||
prevent a traffic confirmation attack. Fixes bug 24244; bugfix on
|
||||
0.2.4.1-alpha. This issue is also tracked as TROVE-2017-009
|
||||
and CVE-2017-8819.
|
||||
|
||||
o Major bugfixes (security, onion service v2, backport from 0.3.2.6-alpha):
|
||||
- Fix a use-after-free error that could crash v2 Tor onion services
|
||||
when they failed to open circuits while expiring introduction
|
||||
points. Fixes bug 24313; bugfix on 0.2.7.2-alpha. This issue is
|
||||
also tracked as TROVE-2017-013 and CVE-2017-8823.
|
||||
|
||||
o Major bugfixes (security, relay, backport from 0.3.2.6-alpha):
|
||||
- When running as a relay, make sure that we never build a path
|
||||
through ourselves, even in the case where we have somehow lost the
|
||||
version of our descriptor appearing in the consensus. Fixes part
|
||||
of bug 21534; bugfix on 0.2.0.1-alpha. This issue is also tracked
|
||||
as TROVE-2017-012 and CVE-2017-8822.
|
||||
- When running as a relay, make sure that we never choose ourselves
|
||||
as a guard. Fixes part of bug 21534; bugfix on 0.3.0.1-alpha. This
|
||||
issue is also tracked as TROVE-2017-012 and CVE-2017-8822.
|
||||
|
||||
o Major bugfixes (exit relays, DNS, backport from 0.3.2.4-alpha):
|
||||
- Fix an issue causing DNS to fail on high-bandwidth exit nodes,
|
||||
making them nearly unusable. Fixes bugs 21394 and 18580; bugfix on
|
||||
0.1.2.2-alpha, which introduced eventdns. Thanks to Dhalgren for
|
||||
identifying and finding a workaround to this bug and to Moritz,
|
||||
Arthur Edelstein, and Roger for helping to track it down and
|
||||
analyze it.
|
||||
|
||||
o Minor features (security, windows, backport from 0.3.1.1-alpha):
|
||||
- Enable a couple of pieces of Windows hardening: one
|
||||
(HeapEnableTerminationOnCorruption) that has been on-by-default
|
||||
since Windows 8, and unavailable before Windows 7; and one
|
||||
(PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION) which we believe doesn't
|
||||
affect us, but shouldn't do any harm. Closes ticket 21953.
|
||||
|
||||
o Minor features (bridge, backport from 0.3.1.9):
|
||||
- Bridges now include notice in their descriptors that they are
|
||||
bridges, and notice of their distribution status, based on their
|
||||
publication settings. Implements ticket 18329. For more fine-
|
||||
grained control of how a bridge is distributed, upgrade to 0.3.2.x
|
||||
or later.
|
||||
|
||||
o Minor features (directory authority, backport from 0.3.2.6-alpha):
|
||||
- Add an IPv6 address for the "bastet" directory authority. Closes
|
||||
ticket 24394.
|
||||
|
||||
o Minor features (geoip):
|
||||
- Update geoip and geoip6 to the November 6 2017 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
||||
o Minor bugfix (relay address resolution, backport from 0.3.2.1-alpha):
|
||||
- Avoid unnecessary calls to directory_fetches_from_authorities() on
|
||||
relays, to prevent spurious address resolutions and descriptor
|
||||
rebuilds. This is a mitigation for bug 21789. Fixes bug 23470;
|
||||
bugfix on in 0.2.8.1-alpha.
|
||||
|
||||
o Minor bugfixes (compilation, backport from 0.3.2.1-alpha):
|
||||
- Fix unused variable warnings in donna's Curve25519 SSE2 code.
|
||||
Fixes bug 22895; bugfix on 0.2.7.2-alpha.
|
||||
|
||||
o Minor bugfixes (logging, relay shutdown, annoyance, backport from 0.3.2.2-alpha):
|
||||
- When a circuit is marked for close, do not attempt to package any
|
||||
cells for channels on that circuit. Previously, we would detect
|
||||
this condition lower in the call stack, when we noticed that the
|
||||
circuit had no attached channel, and log an annoying message.
|
||||
Fixes bug 8185; bugfix on 0.2.5.4-alpha.
|
||||
|
||||
o Minor bugfixes (relay, crash, backport from 0.3.2.4-alpha):
|
||||
- Avoid a crash when transitioning from client mode to bridge mode.
|
||||
Previously, we would launch the worker threads whenever our
|
||||
"public server" mode changed, but not when our "server" mode
|
||||
changed. Fixes bug 23693; bugfix on 0.2.6.3-alpha.
|
||||
|
||||
o Minor bugfixes (testing, backport from 0.3.1.6-rc):
|
||||
- Fix an undersized buffer in test-memwipe.c. Fixes bug 23291;
|
||||
bugfix on 0.2.7.2-alpha. Found and patched by Ties Stuij.
|
||||
|
||||
|
||||
Changes in version 0.3.0.12 - 2017-10-25
|
||||
Tor 0.3.0.12 backports a collection of bugfixes from later Tor release
|
||||
series, including a bugfix for a crash issue that had affected relays
|
||||
under memory pressure. It also adds a new directory authority, Bastet.
|
||||
|
||||
Note: the Tor 0.3.0 series will no longer be supported after 26 Jan
|
||||
2018. If you need a release with long-term support, please stick with
|
||||
the 0.2.9 series. Otherwise, please upgrade to 0.3.1 or later.
|
||||
|
||||
o Directory authority changes:
|
||||
- Add "Bastet" as a ninth directory authority to the default list.
|
||||
Closes ticket 23910.
|
||||
- The directory authority "Longclaw" has changed its IP address.
|
||||
Closes ticket 23592.
|
||||
|
||||
o Major bugfixes (relay, crash, assertion failure, backport from 0.3.2.2-alpha):
|
||||
- Fix a timing-based assertion failure that could occur when the
|
||||
circuit out-of-memory handler freed a connection's output buffer.
|
||||
Fixes bug 23690; bugfix on 0.2.6.1-alpha.
|
||||
|
||||
o Minor features (directory authorities, backport from 0.3.2.2-alpha):
|
||||
- Remove longclaw's IPv6 address, as it will soon change. Authority
|
||||
IPv6 addresses were originally added in 0.2.8.1-alpha. This leaves
|
||||
3/8 directory authorities with IPv6 addresses, but there are also
|
||||
52 fallback directory mirrors with IPv6 addresses. Resolves 19760.
|
||||
|
||||
o Minor features (geoip):
|
||||
- Update geoip and geoip6 to the October 4 2017 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
||||
o Minor bugfixes (directory authority, backport from 0.3.1.5-alpha):
|
||||
- When a directory authority rejects a descriptor or extrainfo with
|
||||
a given digest, mark that digest as undownloadable, so that we do
|
||||
not attempt to download it again over and over. We previously
|
||||
tried to avoid downloading such descriptors by other means, but we
|
||||
didn't notice if we accidentally downloaded one anyway. This
|
||||
behavior became problematic in 0.2.7.2-alpha, when authorities
|
||||
began pinning Ed25519 keys. Fixes bug 22349; bugfix
|
||||
on 0.2.1.19-alpha.
|
||||
|
||||
o Minor bugfixes (hidden service, relay, backport from 0.3.2.2-alpha):
|
||||
- Avoid a possible double close of a circuit by the intro point on
|
||||
error of sending the INTRO_ESTABLISHED cell. Fixes bug 23610;
|
||||
bugfix on 0.3.0.1-alpha.
|
||||
|
||||
o Minor bugfixes (memory safety, backport from 0.3.2.3-alpha):
|
||||
- Clear the address when node_get_prim_orport() returns early.
|
||||
Fixes bug 23874; bugfix on 0.2.8.2-alpha.
|
||||
|
||||
o Minor bugfixes (Windows service, backport from 0.3.1.6-rc):
|
||||
- When running as a Windows service, set the ID of the main thread
|
||||
correctly. Failure to do so made us fail to send log messages to
|
||||
the controller in 0.2.1.16-rc, slowed down controller event
|
||||
delivery in 0.2.7.3-rc and later, and crash with an assertion
|
||||
failure in 0.3.1.1-alpha. Fixes bug 23081; bugfix on 0.2.1.6-alpha.
|
||||
Patch and diagnosis from "Vort".
|
||||
|
||||
|
||||
Changes in version 0.3.0.11 - 2017-09-18
|
||||
Tor 0.3.0.11 backports a collection of bugfixes from Tor the 0.3.1
|
||||
series.
|
||||
|
||||
Most significantly, it includes a fix for TROVE-2017-008, a
|
||||
security bug that affects hidden services running with the
|
||||
SafeLogging option disabled. For more information, see
|
||||
https://trac.torproject.org/projects/tor/ticket/23490
|
||||
|
||||
o Minor features (code style, backport from 0.3.1.7):
|
||||
- Add "Falls through" comments to our codebase, in order to silence
|
||||
GCC 7's -Wimplicit-fallthrough warnings. Patch from Andreas
|
||||
Stieger. Closes ticket 22446.
|
||||
|
||||
o Minor features:
|
||||
- Update geoip and geoip6 to the September 6 2017 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
||||
o Minor bugfixes (compilation, backport from 0.3.1.7):
|
||||
- Avoid compiler warnings in the unit tests for calling tor_sscanf()
|
||||
with wide string outputs. Fixes bug 15582; bugfix on 0.2.6.2-alpha.
|
||||
|
||||
o Minor bugfixes (controller, backport from 0.3.1.7):
|
||||
- Do not crash when receiving a HSPOST command with an empty body.
|
||||
Fixes part of bug 22644; bugfix on 0.2.7.1-alpha.
|
||||
- Do not crash when receiving a POSTDESCRIPTOR command with an empty
|
||||
body. Fixes part of bug 22644; bugfix on 0.2.0.1-alpha.
|
||||
|
||||
o Minor bugfixes (file limits, osx, backport from 0.3.1.5-alpha):
|
||||
- When setting the maximum number of connections allowed by the OS,
|
||||
always allow some extra file descriptors for other files. Fixes
|
||||
bug 22797; bugfix on 0.2.0.10-alpha.
|
||||
|
||||
o Minor bugfixes (logging, relay, backport from 0.3.1.6-rc):
|
||||
- Remove a forgotten debugging message when an introduction point
|
||||
successfully establishes a hidden service prop224 circuit with
|
||||
a client.
|
||||
- Change three other log_warn() for an introduction point to
|
||||
protocol warnings, because they can be failure from the network
|
||||
and are not relevant to the operator. Fixes bug 23078; bugfix on
|
||||
0.3.0.1-alpha and 0.3.0.2-alpha.
|
||||
|
||||
|
||||
Changes in version 0.3.0.10 - 2017-08-02
|
||||
Tor 0.3.0.10 backports a collection of small-to-medium bugfixes
|
||||
from the current Tor alpha series. OpenBSD users and TPROXY users
|
||||
should upgrade; others are probably okay sticking with 0.3.0.9.
|
||||
|
||||
o Major features (build system, continuous integration, backport from 0.3.1.5-alpha):
|
||||
- Tor's repository now includes a Travis Continuous Integration (CI)
|
||||
configuration file (.travis.yml). This is meant to help new
|
||||
developers and contributors who fork Tor to a Github repository be
|
||||
better able to test their changes, and understand what we expect
|
||||
to pass. To use this new build feature, you must fork Tor to your
|
||||
Github account, then go into the "Integrations" menu in the
|
||||
repository settings for your fork and enable Travis, then push
|
||||
your changes. Closes ticket 22636.
|
||||
|
||||
o Major bugfixes (linux TPROXY support, backport from 0.3.1.1-alpha):
|
||||
- Fix a typo that had prevented TPROXY-based transparent proxying
|
||||
from working under Linux. Fixes bug 18100; bugfix on 0.2.6.3-alpha.
|
||||
Patch from "d4fq0fQAgoJ".
|
||||
|
||||
o Major bugfixes (openbsd, denial-of-service, backport from 0.3.1.5-alpha):
|
||||
- Avoid an assertion failure bug affecting our implementation of
|
||||
inet_pton(AF_INET6) on certain OpenBSD systems whose strtol()
|
||||
handling of "0xfoo" differs from what we had expected. Fixes bug
|
||||
22789; bugfix on 0.2.3.8-alpha. Also tracked as TROVE-2017-007.
|
||||
|
||||
o Minor features (backport from 0.3.1.5-alpha):
|
||||
- Update geoip and geoip6 to the July 4 2017 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
||||
o Minor bugfixes (bandwidth accounting, backport from 0.3.1.2-alpha):
|
||||
- Roll over monthly accounting at the configured hour and minute,
|
||||
rather than always at 00:00. Fixes bug 22245; bugfix on 0.0.9rc1.
|
||||
Found by Andrey Karpov with PVS-Studio.
|
||||
|
||||
o Minor bugfixes (compilation warnings, backport from 0.3.1.5-alpha):
|
||||
- Suppress -Wdouble-promotion warnings with clang 4.0. Fixes bug 22915;
|
||||
bugfix on 0.2.8.1-alpha.
|
||||
- Fix warnings when building with libscrypt and openssl scrypt
|
||||
support on Clang. Fixes bug 22916; bugfix on 0.2.7.2-alpha.
|
||||
- When building with certain versions of the mingw C header files,
|
||||
avoid float-conversion warnings when calling the C functions
|
||||
isfinite(), isnan(), and signbit(). Fixes bug 22801; bugfix
|
||||
on 0.2.8.1-alpha.
|
||||
|
||||
o Minor bugfixes (compilation, mingw, backport from 0.3.1.1-alpha):
|
||||
- Backport a fix for an "unused variable" warning that appeared
|
||||
in some versions of mingw. Fixes bug 22838; bugfix on
|
||||
0.2.8.1-alpha.
|
||||
|
||||
o Minor bugfixes (coverity build support, backport from 0.3.1.5-alpha):
|
||||
- Avoid Coverity build warnings related to our BUG() macro. By
|
||||
default, Coverity treats BUG() as the Linux kernel does: an
|
||||
instant abort(). We need to override that so our BUG() macro
|
||||
doesn't prevent Coverity from analyzing functions that use it.
|
||||
Fixes bug 23030; bugfix on 0.2.9.1-alpha.
|
||||
|
||||
o Minor bugfixes (directory authority, backport from 0.3.1.1-alpha):
|
||||
- When rejecting a router descriptor for running an obsolete version
|
||||
of Tor without ntor support, warn about the obsolete tor version,
|
||||
not the missing ntor key. Fixes bug 20270; bugfix on 0.2.9.3-alpha.
|
||||
|
||||
o Minor bugfixes (linux seccomp2 sandbox, backport from 0.3.1.5-alpha):
|
||||
- Avoid a sandbox failure when trying to re-bind to a socket and
|
||||
mark it as IPv6-only. Fixes bug 20247; bugfix on 0.2.5.1-alpha.
|
||||
|
||||
o Minor bugfixes (unit tests, backport from 0.3.1.5-alpha)
|
||||
- Fix a memory leak in the link-handshake/certs_ok_ed25519 test.
|
||||
Fixes bug 22803; bugfix on 0.3.0.1-alpha.
|
||||
|
||||
|
||||
Changes in version 0.3.0.9 - 2017-06-29
|
||||
Tor 0.3.0.9 fixes a path selection bug that would allow a client
|
||||
to use a guard that was in the same network family as a chosen exit
|
||||
relay. This is a security regression; all clients running earlier
|
||||
versions of 0.3.0.x or 0.3.1.x should upgrade to 0.3.0.9 or
|
||||
0.3.1.4-alpha.
|
||||
|
||||
This release also backports several other bugfixes from the 0.3.1.x
|
||||
series.
|
||||
|
||||
o Major bugfixes (path selection, security, backport from 0.3.1.4-alpha):
|
||||
- When choosing which guard to use for a circuit, avoid the exit's
|
||||
family along with the exit itself. Previously, the new guard
|
||||
selection logic avoided the exit, but did not consider its family.
|
||||
Fixes bug 22753; bugfix on 0.3.0.1-alpha. Tracked as TROVE-2017-
|
||||
006 and CVE-2017-0377.
|
||||
|
||||
o Major bugfixes (entry guards, backport from 0.3.1.1-alpha):
|
||||
- Don't block bootstrapping when a primary bridge is offline and we
|
||||
can't get its descriptor. Fixes bug 22325; fixes one case of bug
|
||||
21969; bugfix on 0.3.0.3-alpha.
|
||||
|
||||
o Major bugfixes (entry guards, backport from 0.3.1.4-alpha):
|
||||
- When starting with an old consensus, do not add new entry guards
|
||||
unless the consensus is "reasonably live" (under 1 day old). Fixes
|
||||
one root cause of bug 22400; bugfix on 0.3.0.1-alpha.
|
||||
|
||||
o Minor features (geoip):
|
||||
- Update geoip and geoip6 to the June 8 2017 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
||||
o Minor bugfixes (voting consistency, backport from 0.3.1.1-alpha):
|
||||
- Reject version numbers with non-numeric prefixes (such as +, -, or
|
||||
whitespace). Disallowing whitespace prevents differential version
|
||||
parsing between POSIX-based and Windows platforms. Fixes bug 21507
|
||||
and part of 21508; bugfix on 0.0.8pre1.
|
||||
|
||||
o Minor bugfixes (linux seccomp2 sandbox, backport from 0.3.1.4-alpha):
|
||||
- Permit the fchmod system call, to avoid crashing on startup when
|
||||
starting with the seccomp2 sandbox and an unexpected set of
|
||||
permissions on the data directory or its contents. Fixes bug
|
||||
22516; bugfix on 0.2.5.4-alpha.
|
||||
|
||||
o Minor bugfixes (defensive programming, backport from 0.3.1.4-alpha):
|
||||
- Fix a memset() off the end of an array when packing cells. This
|
||||
bug should be harmless in practice, since the corrupted bytes are
|
||||
still in the same structure, and are always padding bytes,
|
||||
ignored, or immediately overwritten, depending on compiler
|
||||
behavior. Nevertheless, because the memset()'s purpose is to make
|
||||
sure that any other cell-handling bugs can't expose bytes to the
|
||||
network, we need to fix it. Fixes bug 22737; bugfix on
|
||||
0.2.4.11-alpha. Fixes CID 1401591.
|
||||
|
||||
|
||||
Changes in version 0.3.0.8 - 2017-06-08
|
||||
Tor 0.3.0.8 fixes a pair of bugs that would allow an attacker to
|
||||
remotely crash a hidden service with an assertion failure. Anyone
|
||||
running a hidden service should upgrade to this version, or to some
|
||||
other version with fixes for TROVE-2017-004 and TROVE-2017-005.
|
||||
|
||||
Tor 0.3.0.8 also includes fixes for several key management bugs
|
||||
that sometimes made relays unreliable, as well as several other
|
||||
bugfixes described below.
|
||||
|
||||
o Major bugfixes (hidden service, relay, security, backport
|
||||
from 0.3.1.3-alpha):
|
||||
- Fix a remotely triggerable assertion failure when a hidden service
|
||||
handles a malformed BEGIN cell. Fixes bug 22493, tracked as
|
||||
TROVE-2017-004 and as CVE-2017-0375; bugfix on 0.3.0.1-alpha.
|
||||
- Fix a remotely triggerable assertion failure caused by receiving a
|
||||
BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug
|
||||
22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix
|
||||
on 0.2.2.1-alpha.
|
||||
|
||||
o Major bugfixes (relay, link handshake, backport from 0.3.1.3-alpha):
|
||||
- When performing the v3 link handshake on a TLS connection, report
|
||||
that we have the x509 certificate that we actually used on that
|
||||
connection, even if we have changed certificates since that
|
||||
connection was first opened. Previously, we would claim to have
|
||||
used our most recent x509 link certificate, which would sometimes
|
||||
make the link handshake fail. Fixes one case of bug 22460; bugfix
|
||||
on 0.2.3.6-alpha.
|
||||
|
||||
o Major bugfixes (relays, key management, backport from 0.3.1.3-alpha):
|
||||
- Regenerate link and authentication certificates whenever the key
|
||||
that signs them changes; also, regenerate link certificates
|
||||
whenever the signed key changes. Previously, these processes were
|
||||
only weakly coupled, and we relays could (for minutes to hours)
|
||||
wind up with an inconsistent set of keys and certificates, which
|
||||
other relays would not accept. Fixes two cases of bug 22460;
|
||||
bugfix on 0.3.0.1-alpha.
|
||||
- When sending an Ed25519 signing->link certificate in a CERTS cell,
|
||||
send the certificate that matches the x509 certificate that we
|
||||
used on the TLS connection. Previously, there was a race condition
|
||||
if the TLS context rotated after we began the TLS handshake but
|
||||
before we sent the CERTS cell. Fixes a case of bug 22460; bugfix
|
||||
on 0.3.0.1-alpha.
|
||||
|
||||
o Major bugfixes (hidden service v3, backport from 0.3.1.1-alpha):
|
||||
- Stop rejecting v3 hidden service descriptors because their size
|
||||
did not match an old padding rule. Fixes bug 22447; bugfix on
|
||||
tor-0.3.0.1-alpha.
|
||||
|
||||
o Minor features (fallback directory list, backport from 0.3.1.3-alpha):
|
||||
- Replace the 177 fallbacks originally introduced in Tor 0.2.9.8 in
|
||||
December 2016 (of which ~126 were still functional) with a list of
|
||||
151 fallbacks (32 new, 119 unchanged, 58 removed) generated in May
|
||||
2017. Resolves ticket 21564.
|
||||
|
||||
o Minor bugfixes (configuration, backport from 0.3.1.1-alpha):
|
||||
- Do not crash when starting with LearnCircuitBuildTimeout 0. Fixes
|
||||
bug 22252; bugfix on 0.2.9.3-alpha.
|
||||
|
||||
o Minor bugfixes (correctness, backport from 0.3.1.3-alpha):
|
||||
- Avoid undefined behavior when parsing IPv6 entries from the geoip6
|
||||
file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.
|
||||
|
||||
o Minor bugfixes (link handshake, backport from 0.3.1.3-alpha):
|
||||
- Lower the lifetime of the RSA->Ed25519 cross-certificate to six
|
||||
months, and regenerate it when it is within one month of expiring.
|
||||
Previously, we had generated this certificate at startup with a
|
||||
ten-year lifetime, but that could lead to weird behavior when Tor
|
||||
was started with a grossly inaccurate clock. Mitigates bug 22466;
|
||||
mitigation on 0.3.0.1-alpha.
|
||||
|
||||
o Minor bugfixes (memory leak, directory authority, backport from
|
||||
0.3.1.2-alpha):
|
||||
- When directory authorities reject a router descriptor due to
|
||||
keypinning, free the router descriptor rather than leaking the
|
||||
memory. Fixes bug 22370; bugfix on 0.2.7.2-alpha.
|
||||
|
||||
|
||||
|
||||
Changes in version 0.3.0.7 - 2017-05-15
|
||||
Tor 0.3.0.7 fixes a medium-severity security bug in earlier versions
|
||||
of Tor 0.3.0.x, where an attacker could cause a Tor relay process to
|
||||
exit. Relays running earlier versions of Tor 0.3.0.x should upgrade;
|
||||
clients are not affected.
|
||||
|
||||
o Major bugfixes (hidden service directory, security):
|
||||
- Fix an assertion failure in the hidden service directory code,
|
||||
which could be used by an attacker to remotely cause a Tor relay
|
||||
process to exit. Relays running earlier versions of Tor 0.3.0.x
|
||||
should upgrade. This security issue is tracked as TROVE-2017-002.
|
||||
Fixes bug 22246; bugfix on 0.3.0.1-alpha.
|
||||
|
||||
o Minor features:
|
||||
- Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
||||
o Minor features (future-proofing):
|
||||
- Tor no longer refuses to download microdescriptors or descriptors
|
||||
if they are listed as "published in the future". This change will
|
||||
eventually allow us to stop listing meaningful "published" dates
|
||||
in microdescriptor consensuses, and thereby allow us to reduce the
|
||||
resources required to download consensus diffs by over 50%.
|
||||
Implements part of ticket 21642; implements part of proposal 275.
|
||||
|
||||
o Minor bugfixes (Linux seccomp2 sandbox):
|
||||
- The getpid() system call is now permitted under the Linux seccomp2
|
||||
sandbox, to avoid crashing with versions of OpenSSL (and other
|
||||
libraries) that attempt to learn the process's PID by using the
|
||||
syscall rather than the VDSO code. Fixes bug 21943; bugfix
|
||||
on 0.2.5.1-alpha.
|
||||
|
||||
|
||||
Changes in version 0.3.0.6 - 2017-04-26
|
||||
Tor 0.3.0.6 is the first stable release of the Tor 0.3.0 series.
|
||||
|
||||
With the 0.3.0 series, clients and relays now use Ed25519 keys to
|
||||
authenticate their link connections to relays, rather than the old
|
||||
RSA1024 keys that they used before. (Circuit crypto has been
|
||||
Curve25519-authenticated since 0.2.4.8-alpha.) We have also replaced
|
||||
the guard selection and replacement algorithm to behave more robustly
|
||||
in the presence of unreliable networks, and to resist guard-
|
||||
capture attacks.
|
||||
|
||||
This series also includes numerous other small features and bugfixes,
|
||||
along with more groundwork for the upcoming hidden-services revamp.
|
||||
|
||||
Per our stable release policy, we plan to support the Tor 0.3.0
|
||||
release series for at least the next nine months, or for three months
|
||||
after the first stable release of the 0.3.1 series: whichever is
|
||||
longer. If you need a release with long-term support, we recommend
|
||||
that you stay with the 0.2.9 series.
|
||||
|
||||
Below are the changes since 0.3.0.5-rc. For a list of all changes
|
||||
since 0.2.9, see the ReleaseNotes file.
|
||||
|
||||
o Minor features (geoip):
|
||||
- Update geoip and geoip6 to the April 4 2017 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
||||
o Minor bugfixes (control port):
|
||||
- The GETINFO extra-info/digest/<digest> command was broken because
|
||||
of a wrong base16 decode return value check, introduced when
|
||||
refactoring that API. Fixes bug 22034; bugfix on 0.2.9.1-alpha.
|
||||
|
||||
o Minor bugfixes (crash prevention):
|
||||
- Fix a (currently untriggerable, but potentially dangerous) crash
|
||||
bug when base32-encoding inputs whose sizes are not a multiple of
|
||||
5. Fixes bug 21894; bugfix on 0.2.9.1-alpha.
|
||||
|
||||
|
||||
Changes in version 0.3.0.5-rc - 2017-04-05
|
||||
Tor 0.3.0.5-rc fixes a few remaining bugs, large and small, in the
|
||||
0.3.0 release series.
|
||||
|
||||
This is the second release candidate in the Tor 0.3.0 series, and has
|
||||
much fewer changes than the first. If we find no new bugs or
|
||||
regressions here, the first stable 0.3.0 release will be nearly
|
||||
identical to it.
|
||||
|
||||
o Major bugfixes (crash, directory connections):
|
||||
- Fix a rare crash when sending a begin cell on a circuit whose
|
||||
linked directory connection had already been closed. Fixes bug
|
||||
21576; bugfix on 0.2.9.3-alpha. Reported by Alec Muffett.
|
||||
|
||||
o Major bugfixes (guard selection):
|
||||
- Fix a guard selection bug where Tor would refuse to bootstrap in
|
||||
some cases if the user swapped a bridge for another bridge in
|
||||
their configuration file. Fixes bug 21771; bugfix on 0.3.0.1-alpha.
|
||||
Reported by "torvlnt33r".
|
||||
|
||||
o Minor features (geoip):
|
||||
- Update geoip and geoip6 to the March 7 2017 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
||||
o Minor bugfix (compilation):
|
||||
- Fix a warning when compiling hs_service.c. Previously, it had no
|
||||
exported symbols when compiled for libor.a, resulting in a
|
||||
compilation warning from clang. Fixes bug 21825; bugfix
|
||||
on 0.3.0.1-alpha.
|
||||
|
||||
o Minor bugfixes (hidden services):
|
||||
- Make hidden services check for failed intro point connections,
|
||||
even when they have exceeded their intro point creation limit.
|
||||
Fixes bug 21596; bugfix on 0.2.7.2-alpha. Reported by Alec Muffett.
|
||||
- Make hidden services with 8 to 10 introduction points check for
|
||||
failed circuits immediately after startup. Previously, they would
|
||||
wait for 5 minutes before performing their first checks. Fixes bug
|
||||
21594; bugfix on 0.2.3.9-alpha. Reported by Alec Muffett.
|
||||
|
||||
o Minor bugfixes (memory leaks):
|
||||
- Fix a memory leak when using GETCONF on a port option. Fixes bug
|
||||
21682; bugfix on 0.3.0.3-alpha.
|
||||
|
||||
o Minor bugfixes (relay):
|
||||
- Avoid a double-marked-circuit warning that could happen when we
|
||||
receive DESTROY cells under heavy load. Fixes bug 20059; bugfix
|
||||
on 0.1.0.1-rc.
|
||||
|
||||
o Minor bugfixes (tests):
|
||||
- Run the entry_guard_parse_from_state_full() test with the time set
|
||||
to a specific date. (The guard state that this test was parsing
|
||||
contained guards that had expired since the test was first
|
||||
written.) Fixes bug 21799; bugfix on 0.3.0.1-alpha.
|
||||
|
||||
o Documentation:
|
||||
- Update the description of the directory server options in the
|
||||
manual page, to clarify that a relay no longer needs to set
|
||||
DirPort in order to be a directory cache. Closes ticket 21720.
|
||||
|
||||
|
||||
Changes in version 0.3.0.4-rc - 2017-03-01
|
||||
Tor 0.3.0.4-rc fixes some remaining bugs, large and small, in the
|
||||
0.3.0 release series, and introduces a few reliability features to
|
||||
keep them from coming back.
|
||||
|
||||
This is the first release candidate in the Tor 0.3.0 series. If we
|
||||
find no new bugs or regressions here, the first stable 0.3.0 release
|
||||
will be nearly identical to it.
|
||||
|
||||
o Major bugfixes (bridges):
|
||||
- When the same bridge is configured multiple times with the same
|
||||
identity, but at different address:port combinations, treat those
|
||||
bridge instances as separate guards. This fix restores the ability
|
||||
of clients to configure the same bridge with multiple pluggable
|
||||
transports. Fixes bug 21027; bugfix on 0.3.0.1-alpha.
|
||||
|
||||
o Major bugfixes (hidden service directory v3):
|
||||
- Stop crashing on a failed v3 hidden service descriptor lookup
|
||||
failure. Fixes bug 21471; bugfixes on tor-0.3.0.1-alpha.
|
||||
|
||||
o Major bugfixes (parsing):
|
||||
- When parsing a malformed content-length field from an HTTP
|
||||
message, do not read off the end of the buffer. This bug was a
|
||||
potential remote denial-of-service attack against Tor clients and
|
||||
relays. A workaround was released in October 2016, to prevent this
|
||||
bug from crashing Tor. This is a fix for the underlying issue,
|
||||
which should no longer matter (if you applied the earlier patch).
|
||||
Fixes bug 20894; bugfix on 0.2.0.16-alpha. Bug found by fuzzing
|
||||
using AFL (http://lcamtuf.coredump.cx/afl/).
|
||||
- Fix an integer underflow bug when comparing malformed Tor
|
||||
versions. This bug could crash Tor when built with
|
||||
--enable-expensive-hardening, or on Tor 0.2.9.1-alpha through Tor
|
||||
0.2.9.8, which were built with -ftrapv by default. In other cases
|
||||
it was harmless. Part of TROVE-2017-001. Fixes bug 21278; bugfix
|
||||
on 0.0.8pre1. Found by OSS-Fuzz.
|
||||
|
||||
o Minor feature (protocol versioning):
|
||||
- Add new protocol version for proposal 224. HSIntro now advertises
|
||||
version "3-4" and HSDir version "1-2". Fixes ticket 20656.
|
||||
|
||||
o Minor features (directory authorities):
|
||||
- Directory authorities now reject descriptors that claim to be
|
||||
malformed versions of Tor. Helps prevent exploitation of
|
||||
bug 21278.
|
||||
- Reject version numbers with components that exceed INT32_MAX.
|
||||
Otherwise 32-bit and 64-bit platforms would behave inconsistently.
|
||||
Fixes bug 21450; bugfix on 0.0.8pre1.
|
||||
|
||||
o Minor features (geoip):
|
||||
- Update geoip and geoip6 to the February 8 2017 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
||||
o Minor features (reliability, crash):
|
||||
- Try better to detect problems in buffers where they might grow (or
|
||||
think they have grown) over 2 GB in size. Diagnostic for
|
||||
bug 21369.
|
||||
|
||||
o Minor features (testing):
|
||||
- During 'make test-network-all', if tor logs any warnings, ask
|
||||
chutney to output them. Requires a recent version of chutney with
|
||||
the 21572 patch. Implements 21570.
|
||||
|
||||
o Minor bugfixes (certificate expiration time):
|
||||
- Avoid using link certificates that don't become valid till some
|
||||
time in the future. Fixes bug 21420; bugfix on 0.2.4.11-alpha
|
||||
|
||||
o Minor bugfixes (code correctness):
|
||||
- Repair a couple of (unreachable or harmless) cases of the risky
|
||||
comparison-by-subtraction pattern that caused bug 21278.
|
||||
- Remove a redundant check for the UseEntryGuards option from the
|
||||
options_transition_affects_guards() function. Fixes bug 21492;
|
||||
bugfix on 0.3.0.1-alpha.
|
||||
|
||||
o Minor bugfixes (directory mirrors):
|
||||
- Allow relays to use directory mirrors without a DirPort: these
|
||||
relays need to be contacted over their ORPorts using a begindir
|
||||
connection. Fixes one case of bug 20711; bugfix on 0.2.8.2-alpha.
|
||||
- Clarify the message logged when a remote relay is unexpectedly
|
||||
missing an ORPort or DirPort: users were confusing this with a
|
||||
local port. Fixes another case of bug 20711; bugfix
|
||||
on 0.2.8.2-alpha.
|
||||
|
||||
o Minor bugfixes (guards):
|
||||
- Don't warn about a missing guard state on timeout-measurement
|
||||
circuits: they aren't supposed to be using guards. Fixes an
|
||||
instance of bug 21007; bugfix on 0.3.0.1-alpha.
|
||||
- Silence a BUG() warning when attempting to use a guard whose
|
||||
descriptor we don't know, and make this scenario less likely to
|
||||
happen. Fixes bug 21415; bugfix on 0.3.0.1-alpha.
|
||||
|
||||
o Minor bugfixes (hidden service):
|
||||
- Pass correct buffer length when encoding legacy ESTABLISH_INTRO
|
||||
cells. Previously, we were using sizeof() on a pointer, instead of
|
||||
the real destination buffer. Fortunately, that value was only used
|
||||
to double-check that there was enough room--which was already
|
||||
enforced elsewhere. Fixes bug 21553; bugfix on 0.3.0.1-alpha.
|
||||
|
||||
o Minor bugfixes (testing):
|
||||
- Fix Raspbian build issues related to missing socket errno in
|
||||
test_util.c. Fixes bug 21116; bugfix on tor-0.2.8.2. Patch
|
||||
by "hein".
|
||||
- Rename "make fuzz" to "make test-fuzz-corpora", since it doesn't
|
||||
actually fuzz anything. Fixes bug 21447; bugfix on 0.3.0.3-alpha.
|
||||
- Use bash in src/test/test-network.sh. This ensures we reliably
|
||||
call chutney's newer tools/test-network.sh when available. Fixes
|
||||
bug 21562; bugfix on 0.2.9.1-alpha.
|
||||
|
||||
o Documentation:
|
||||
- Small fixes to the fuzzing documentation. Closes ticket 21472.
|
||||
|
||||
|
||||
Changes in version 0.2.9.10 - 2017-03-01
|
||||
Tor 0.2.9.10 backports a security fix from later Tor release. It also
|
||||
includes fixes for some major issues affecting directory authorities,
|
||||
LibreSSL compatibility, and IPv6 correctness.
|
||||
|
||||
The Tor 0.2.9.x release series is now marked as a long-term-support
|
||||
series. We intend to backport security fixes to 0.2.9.x until at
|
||||
least January of 2020.
|
||||
|
||||
o Major bugfixes (directory authority, 0.3.0.3-alpha):
|
||||
- During voting, when marking a relay as a probable sybil, do not
|
||||
clear its BadExit flag: sybils can still be bad in other ways
|
||||
too. (We still clear the other flags.) Fixes bug 21108; bugfix
|
||||
on 0.2.0.13-alpha.
|
||||
|
||||
o Major bugfixes (IPv6 Exits, backport from 0.3.0.3-alpha):
|
||||
- Stop rejecting all IPv6 traffic on Exits whose exit policy rejects
|
||||
any IPv6 addresses. Instead, only reject a port over IPv6 if the
|
||||
exit policy rejects that port on more than an IPv6 /16 of
|
||||
addresses. This bug was made worse by 17027 in 0.2.8.1-alpha,
|
||||
which rejected a relay's own IPv6 address by default. Fixes bug
|
||||
21357; bugfix on commit 004f3f4e53 in 0.2.4.7-alpha.
|
||||
|
||||
o Major bugfixes (parsing, also in 0.3.0.4-rc):
|
||||
- Fix an integer underflow bug when comparing malformed Tor
|
||||
versions. This bug could crash Tor when built with
|
||||
--enable-expensive-hardening, or on Tor 0.2.9.1-alpha through Tor
|
||||
0.2.9.8, which were built with -ftrapv by default. In other cases
|
||||
it was harmless. Part of TROVE-2017-001. Fixes bug 21278; bugfix
|
||||
on 0.0.8pre1. Found by OSS-Fuzz.
|
||||
|
||||
o Minor features (directory authorities, also in 0.3.0.4-rc):
|
||||
- Directory authorities now reject descriptors that claim to be
|
||||
malformed versions of Tor. Helps prevent exploitation of
|
||||
bug 21278.
|
||||
- Reject version numbers with components that exceed INT32_MAX.
|
||||
Otherwise 32-bit and 64-bit platforms would behave inconsistently.
|
||||
Fixes bug 21450; bugfix on 0.0.8pre1.
|
||||
|
||||
o Minor features (geoip):
|
||||
- Update geoip and geoip6 to the February 8 2017 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
||||
o Minor features (portability, compilation, backport from 0.3.0.3-alpha):
|
||||
- Autoconf now checks to determine if OpenSSL structures are opaque,
|
||||
instead of explicitly checking for OpenSSL version numbers. Part
|
||||
of ticket 21359.
|
||||
- Support building with recent LibreSSL code that uses opaque
|
||||
structures. Closes ticket 21359.
|
||||
|
||||
o Minor bugfixes (code correctness, also in 0.3.0.4-rc):
|
||||
- Repair a couple of (unreachable or harmless) cases of the risky
|
||||
comparison-by-subtraction pattern that caused bug 21278.
|
||||
|
||||
o Minor bugfixes (tor-resolve, backport from 0.3.0.3-alpha):
|
||||
- The tor-resolve command line tool now rejects hostnames over 255
|
||||
characters in length. Previously, it would silently truncate them,
|
||||
which could lead to bugs. Fixes bug 21280; bugfix on 0.0.9pre5.
|
||||
Patch by "junglefowl".
|
||||
|
||||
|
||||
Changes in version 0.3.0.3-alpha - 2017-02-03
|
||||
|
|
1099
ReleaseNotes
1099
ReleaseNotes
File diff suppressed because it is too large
Load Diff
|
@ -1,4 +0,0 @@
|
|||
o Minor features (directory authority):
|
||||
- Add an IPv6 address for the "bastet" directory authority.
|
||||
Closes ticket 24394.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Minor bugfixes (compilation):
|
||||
- Avoid compiler warnings in the unit tests for running tor_sscanf()
|
||||
with wide string outputs. Fixes bug 15582; bugfix on 0.2.6.2-alpha.
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
o Major bugfixes (linux TPROXY support):
|
||||
- Fix a typo that had prevented TPROXY-based transparent proxying from
|
||||
working under Linux. Fixes bug 18100; bugfix on 0.2.6.3-alpha.
|
||||
Patch from "d4fq0fQAgoJ".
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
o Minor features (bridge):
|
||||
- Bridges now include notice in their descriptors that they are bridges,
|
||||
and notice of their distribution status, based on their publication
|
||||
settings. Implements ticket 18329. For more fine-grained control of
|
||||
how a bridge is distributed, upgrade to 0.3.2.x or later.
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
o Minor bugfixes (relay):
|
||||
- Avoid a double-marked-circuit warning that can happen when we receive
|
||||
DESTROY cells under heavy load. Fixes bug 20059; bugfix on 0.1.0.1-rc.
|
|
@ -1,4 +0,0 @@
|
|||
o Minor bugfixes (linux seccomp2 sandbox):
|
||||
- Avoid a sandbox failure when trying to re-bind to a socket and mark
|
||||
it as IPv6-only. Fixes bug 20247; bugfix on 0.2.5.1-alpha.
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
o Minor bugfixes (directory authority):
|
||||
- When rejecting a router descriptor because the relay is running an
|
||||
obsolete version of Tor without ntor support, warn about the obsolete
|
||||
tor version, not the missing ntor key. Fixes bug 20270;
|
||||
bugfix on 0.2.9.3-alpha.
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
o Minor features:
|
||||
- Directory authorities now reject relays running versions
|
||||
0.2.9.1-alpha through 0.2.9.4-alpha, because those relays
|
||||
suffer from bug 20499 and don't keep their consensus cache
|
||||
up-to-date. Resolves ticket 20509.
|
|
@ -1,7 +0,0 @@
|
|||
o Minor bugfixes (directory mirrors):
|
||||
- Allow relays to use directory mirrors without a DirPort: these relays
|
||||
need to be contacted over their ORPorts using a begindir connection.
|
||||
Fixes bug 20711; bugfix on 0.2.8.2-alpha.
|
||||
- Clarify the message logged when a remote relay is unexpectedly missing
|
||||
an ORPort or DirPort: users were confusing this with a local port.
|
||||
Fixes bug 20711; bugfix on 0.2.8.2-alpha.
|
|
@ -1,9 +0,0 @@
|
|||
o Major bugfixes (HTTP, parsing):
|
||||
- When parsing a malformed content-length field from an HTTP message,
|
||||
do not read off the end of the buffer. This bug was a potential
|
||||
remote denial-of-service attack against Tor clients and relays.
|
||||
A workaround was released in October 2016, which prevents this
|
||||
bug from crashing Tor. This is a fix for the underlying issue,
|
||||
which should no longer matter (if you applied the earlier patch).
|
||||
Fixes bug 20894; bugfix on 0.2.0.16-alpha. Bug found by fuzzing
|
||||
using AFL (http://lcamtuf.coredump.cx/afl/).
|
|
@ -1,4 +0,0 @@
|
|||
o Minor bugfixes (guards):
|
||||
- Don't warn about a missing guard state on timeout-measurement
|
||||
circuits: they aren't supposed to be using guards. Fixes an
|
||||
instance of bug 21007; bugfix on 0.3.0.1-alpha.
|
|
@ -1,8 +0,0 @@
|
|||
o Major bugfixes (bridges):
|
||||
|
||||
- When the same bridge is configured multiple times at different
|
||||
address:port combinations (but with the same identity), treat
|
||||
those bridge instances as separate guards. This allows clients to
|
||||
configure the same bridge with multiple pluggable transports, once
|
||||
again. Fixes bug 21027; bugfix on 0.3.0.1-alpha.
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
o Minor bugfixes (test):
|
||||
- Fix Raspbian build missing socket errno in test util. Fixes bug 21116.;
|
||||
bugfix on tor-0.2.8.2. Patch by "hein".
|
|
@ -1,3 +0,0 @@
|
|||
o Minor bugfixes (code correctness):
|
||||
- Repair a couple of (unreachable or harmless) cases of the risky
|
||||
comparison-by-subtraction pattern that caused bug 21278.
|
|
@ -1,4 +0,0 @@
|
|||
o Minor features (directory authority):
|
||||
- Directory authorities now reject descriptors that claim to be
|
||||
malformed versions of Tor. Helps prevent exploitation of bug 21278.
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
o Minor features (reliability, crash):
|
||||
- Try better to detect problems in buffers where they might grow (or
|
||||
think they have grown) over 2 GB in size. Diagnostic for bug 21369.
|
|
@ -1,9 +0,0 @@
|
|||
o Major bugfixes (Exit nodes):
|
||||
- Fix an issue causing high-bandwidth exit nodes to fail a majority
|
||||
or all of their DNS requests, making them basically unsuitable for
|
||||
regular usage in Tor circuits. The problem is related to
|
||||
libevent's DNS handling, but we can work around it in Tor. Fixes
|
||||
bugs 21394 and 18580; bugfix on 0.1.2.2-alpha which introduced
|
||||
eventdns. Credit goes to Dhalgren for identifying and finding a
|
||||
workaround to this bug and to gamambel, arthuredelstein and
|
||||
arma in helping to track it down and analyze it.
|
|
@ -1,4 +0,0 @@
|
|||
o Minor bugfix (entry guards):
|
||||
- Silence a BUG() warning when attempting to use a guard whose descriptor
|
||||
we don't know and make this scenario more unlikely to happen. Fixes bug
|
||||
21415; bugfix on 0.3.0.1-alpha.
|
|
@ -1,3 +0,0 @@
|
|||
o Minor bugfixes (certificate expiration time):
|
||||
- Avoid using link certificates that don't become valid till
|
||||
some time in the future. Fixes bug 21420; bugfix on 0.2.4.11-alpha
|
|
@ -1,4 +0,0 @@
|
|||
o Minor bugfixes (testing):
|
||||
- Rename "make fuzz" to "make test-fuzz-corpora", since it doesn't
|
||||
actually fuzz anything. Fixes bug 21447; bugfix on 0.3.0.3-alpha.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Minor bugfixes (voting consistency):
|
||||
- Reject version numbers with components that exceed INT32_MAX.
|
||||
Otherwise 32-bit and 64-bit platforms would behave inconsistently.
|
||||
Fixes bug 21450; bugfix on 0.0.8pre1.
|
|
@ -1,5 +0,0 @@
|
|||
o Major bugfixes (hidden service directory v3):
|
||||
- When a descriptor lookup was done and it was not found in the directory
|
||||
cache, it would crash on a NULL pointer instead of returning the 404
|
||||
code back to the client like it was suppose to. Fixes bug 21471.;
|
||||
bugfixes on tor-0.3.0.1-alpha.
|
|
@ -1,3 +0,0 @@
|
|||
o Documentation:
|
||||
- Small fixes to the fuzzing documentation. Closes ticket
|
||||
21472.
|
|
@ -1,5 +0,0 @@
|
|||
o Minor bugfixes (correctness):
|
||||
- Remove a redundant check for the UseEntryGuards option from the
|
||||
options_transition_affects_guards() function. Fixes bug 21492;
|
||||
bugfix on 0.3.0.1-alpha.
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
o Minor bugfixes (voting consistency):
|
||||
- Reject version numbers with non-numeric prefixes (such as +, -, and
|
||||
whitespace). Disallowing whitespace prevents differential version
|
||||
parsing between POSIX-based and Windows platforms.
|
||||
Fixes bug 21507 and part of 21508; bugfix on 0.0.8pre1.
|
|
@ -1,7 +0,0 @@
|
|||
o Minor bugfixes (hidden service):
|
||||
- When encoding a legacy ESTABLISH_INTRO cell, we were using the sizeof()
|
||||
on a pointer instead of real size of the destination buffer leading to
|
||||
an overflow passing an enormous value to the signing digest function.
|
||||
Fortunately, that value was only used to make sure the destination
|
||||
buffer length was big enough for the key size and in this case it was.
|
||||
Fixes bug 21553; bugfix on tor-0.3.0.1-alpha.
|
|
@ -1,4 +0,0 @@
|
|||
o Minor bugfixes (testing):
|
||||
- Use bash in src/test/test-network.sh. This ensures we reliably call
|
||||
chutney's newer tools/test-network.sh when available.
|
||||
Fixes bug 21562; bugfix on tor-0.2.9.1-alpha.
|
|
@ -1,4 +0,0 @@
|
|||
o Major bugfixes (crash, directory connections):
|
||||
- Fix a rare crash when sending a begin cell on a circuit whose linked
|
||||
directory connection has already been closed. Fixes bug 21576;
|
||||
bugfix on Tor 0.2.9.3-alpha. Reported by alecmuffett.
|
|
@ -1,5 +0,0 @@
|
|||
o Minor bugfixes (testing):
|
||||
- Restore support for test-network.sh on BSD and other systems without
|
||||
bash. (But use bash if it's available.) This is a workaround until we
|
||||
remove bash-specific code in 19699.
|
||||
Fixes bug 21581; bugfix on 21562, not in any released version of tor.
|
|
@ -1,5 +0,0 @@
|
|||
o Minor bugfixes (hidden services):
|
||||
- Make hidden services with 8 to 10 introduction points check for failed
|
||||
circuits immediately after startup. Previously, they would wait for 5
|
||||
minutes before performing their first checks. Fixes bug 21594; bugfix on
|
||||
commit 190aac0eab9 in Tor 0.2.3.9-alpha. Reported by alecmuffett.
|
|
@ -1,5 +0,0 @@
|
|||
o Minor bugfixes (hidden services):
|
||||
- Make hidden services check for failed intro point connections, even when
|
||||
they have exceeded their intro point creation limit. Fixes bug 21596;
|
||||
bugfix on commit d67bf8b2f23 in Tor 0.2.7.2-alpha. Reported by
|
||||
alecmuffett.
|
|
@ -1,3 +0,0 @@
|
|||
o Minor bugfixes (memory leaks):
|
||||
- Fix a memory leak when using GETCONF on a port option.
|
||||
Fixes bug 21682; bugfix on 0.3.0.3-alpha.
|
|
@ -1,5 +0,0 @@
|
|||
o Documentation:
|
||||
- Update the description of the directory server options in the manual
|
||||
page, to clarify that DirPort is no longer necessary to be a directory
|
||||
cache. Closes ticket 21720.
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
o Minor bugfixes (guard selection):
|
||||
- Fix a guard selection bug where Tor would refuse to bootstrap in some
|
||||
cases if the user swapped a bridge for another bridge in their
|
||||
configuration file.
|
||||
Fixes bug 21771; bugfix on 0.3.0.1-alpha. Reported by "torvlnt33r".
|
|
@ -1,6 +0,0 @@
|
|||
o Minor bugfixes (tests):
|
||||
- Run the entry_guard_parse_from_state_full test with the time set
|
||||
to a specific date. (The guard state that this test was parsing
|
||||
contained guards that had expired since the test was first
|
||||
written.) Fixes bug 21799; bugfix on 0.3.0.1-alpha.
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
o Minor bugfix (compilation):
|
||||
- Functions in hs_service.c was only compiled for unit test making the
|
||||
created object (.o) contain no symbols in src/or/libor.a resulting in a
|
||||
compilation warning from clang. We now expose those functions for the
|
||||
unit tests. This will be changed in 0.3.2 release. Fixes bug 21825.;
|
||||
bugfix on tor-0.3.0.1-alpha.
|
|
@ -1,5 +0,0 @@
|
|||
o Minor bugfixes (crash prevention):
|
||||
- Fix an (currently untriggerable, but potentially dangerous) crash
|
||||
bug when base32-encoding inputs whose sizes are not a multiple of
|
||||
5. Fixes bug 21894; bugfix on 0.2.9.1-alpha.
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
o Minor bugfixes (Linux seccomp2 sandbox):
|
||||
- The getpid() system call is now permitted under the Linux seccomp2
|
||||
sandbox, to avoid crashing with versions of OpenSSL (and other
|
||||
libraries) that attempt to learn the process's PID by using the
|
||||
syscall rather than the VDSO code. Fixes bug 21943; bugfix on
|
||||
0.2.5.1-alpha.
|
|
@ -1,3 +0,0 @@
|
|||
o Major bugfixes (entry guards):
|
||||
- Don't block bootstrapping when a primary bridge is offline and we can't
|
||||
get its descriptor. Fixes bug 21969; bugfix on 0.3.0.3-alpha.
|
|
@ -1,4 +0,0 @@
|
|||
o Minor bugfixes (control port, regression):
|
||||
- The GETINFO extra-info/digest/<digest> command was broken because of a
|
||||
wrong base16 decode return value check. In was introduced in a refactor
|
||||
of that API. Fixex bug #22034; bugfix on tor-0.2.9.1-alpha.
|
|
@ -1,5 +0,0 @@
|
|||
o Minor bugfixes (bandwidth accounting):
|
||||
- Roll over monthly accounting at the configured hour and minute,
|
||||
rather than always at 00:00.
|
||||
Fixes bug 22245; bugfix on 0.0.9rc1.
|
||||
Found by Andrey Karpov with PVS-Studio.
|
|
@ -1,6 +0,0 @@
|
|||
o Major bugfixes (hidden service directory, security):
|
||||
- Fix an assertion failure in the hidden service directory code, which
|
||||
could be used by an attacker to remotely cause a Tor relay process to
|
||||
exit. Relays running earlier versions of Tor 0.3.0.x should upgrade.
|
||||
This security issue is tracked as tracked as
|
||||
TROVE-2017-002. Fixes bug 22246; bugfix on 0.3.0.1-alpha.
|
|
@ -1,3 +0,0 @@
|
|||
o Minor bugfixes (configuration):
|
||||
- Do not crash when starting with LearnCircuitBuildTimeout 0.
|
||||
Fixes bug 22252; bugfix on 0.2.9.3-alpha.
|
|
@ -1,9 +0,0 @@
|
|||
o Minor bugfixes (directory authority):
|
||||
- When a directory authority rejects a descriptor or extrainfo with
|
||||
a given digest, mark that digest as undownloadable, so that we
|
||||
do not attempt to download it again over and over. We previously
|
||||
tried to avoid downloading such descriptors by other means, but
|
||||
we didn't notice if we accidentally downloaded one anyway. This
|
||||
behavior became problematic in 0.2.7.2-alpha, when authorities
|
||||
began pinning Ed25519 keys. Fixes ticket
|
||||
22349; bugfix on 0.2.1.19-alpha.
|
|
@ -1,4 +0,0 @@
|
|||
o Minor bugfixes (memory handling):
|
||||
- When directory authorities reject a router descriptor due to keypinning,
|
||||
free the router descriptor rather than leaking the memory.
|
||||
Fixes bug 22370; bugfix on 0.2.7.2-alpha.
|
|
@ -1,4 +0,0 @@
|
|||
o Major bugfixes (entry guards):
|
||||
- When starting with an old consensus, do not add new entry guards
|
||||
unless the consensus is "reasonably live" (under 1 day old). Fixes
|
||||
one root cause of bug 22400; bugfix on 0.3.0.1-alpha.
|
|
@ -1,4 +0,0 @@
|
|||
o Minor features (code style, backport from 0.3.1.3-alpha):
|
||||
- Add "Falls through" comments to our codebase, in order to silence
|
||||
GCC 7's -Wimplicit-fallthrough warnings. Patch from Andreas
|
||||
Stieger. Closes ticket 22446.
|
|
@ -1,3 +0,0 @@
|
|||
o Major bugfixes (hidden service v3):
|
||||
- HSDir failed to validate the encrypted size of a v3 descriptor and thus
|
||||
rejecting it. Fixes bug 22447; bugfix on tor-0.3.0.1-alpha.
|
|
@ -1,16 +0,0 @@
|
|||
o Major bugfixes (relays, key management):
|
||||
- Regenerate link and authentication certificates whenever the key that
|
||||
signs them changes; also, regenerate link certificates whenever the
|
||||
signed key changes. Previously, these processes were only weakly
|
||||
coupled, and we relays could (for minutes to hours) wind up with an
|
||||
inconsistent set of keys and certificates, which other relays
|
||||
would not accept. Fixes two cases of bug 22460; bugfix on
|
||||
0.3.0.1-alpha.
|
||||
- When sending an Ed25519 signing->link certificate in a CERTS cell,
|
||||
send the certificate that matches the x509 certificate that we used
|
||||
on the TLS connection. Previously, there was a race condition if
|
||||
the TLS context rotated after we began the TLS handshake but
|
||||
before we sent the CERTS cell. Fixes a case of bug 22460; bugfix
|
||||
on 0.3.0.1-alpha.
|
||||
|
||||
|
|
@ -1,8 +0,0 @@
|
|||
o Major bugfixes (relay, link handshake):
|
||||
|
||||
- When performing the v3 link handshake on a TLS connection, report that
|
||||
we have the x509 certificate that we actually used on that connection,
|
||||
even if we have changed certificates since that connection was first
|
||||
opened. Previously, we would claim to have used our most recent x509
|
||||
link certificate, which would sometimes make the link handshake fail.
|
||||
Fixes one case of bug 22460; bugfix on 0.2.3.6-alpha.
|
|
@ -1,8 +0,0 @@
|
|||
o Minor bugfixes (link handshake):
|
||||
- Lower the lifetime of the RSA->Ed25519 cross-certificate to
|
||||
six months, and regenerate it when it is within one month of expiring.
|
||||
Previously, we had generated this certificate at startup with
|
||||
a ten-year lifetime, but that could lead to weird behavior when
|
||||
Tor was started with a grossly inaccurate clock. Mitigates
|
||||
bug 22466; mitigation on 0.3.0.1-alpha.
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
o Minor bugfixes (correctness):
|
||||
- Avoid undefined behavior when parsing IPv6 entries from the geoip6
|
||||
file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.
|
|
@ -1,5 +0,0 @@
|
|||
o Minor bugfixes (linux seccomp2 sandbox):
|
||||
- Permit the fchmod system call, to avoid crashing on startup when
|
||||
starting with the seccomp2 sandbox and an unexpected set of permissions
|
||||
on the data directory or its contents. Fixes bug 22516; bugfix on
|
||||
0.2.5.4-alpha.
|
|
@ -1,8 +0,0 @@
|
|||
o Build features:
|
||||
- Tor's repository now includes a Travis Continuous Integration (CI)
|
||||
configuration file (.travis.yml). This is meant to help new developers and
|
||||
contributors who fork Tor to a Github repository be better able to test
|
||||
their changes, and understand what we expect to pass. To use this new build
|
||||
feature, you must fork Tor to your Github account, then go into the
|
||||
"Integrations" menu in the repository settings for your fork and enable
|
||||
Travis, then push your changes.
|
|
@ -1,5 +0,0 @@
|
|||
o Minor bugfixes (controller):
|
||||
- Do not crash when receiving a POSTDESCRIPTOR command with an
|
||||
empty body. Fixes part of bug 22644; bugfix on 0.2.0.1-alpha.
|
||||
- Do not crash when receiving a HSPOST command with an empty body.
|
||||
Fixes part of bug 22644; bugfix on 0.2.7.1-alpha.
|
|
@ -1,12 +0,0 @@
|
|||
o Minor bugfixes (defensive programming, undefined behavior):
|
||||
|
||||
- Fix a memset() off the end of an array when packing cells. This
|
||||
bug should be harmless in practice, since the corrupted bytes
|
||||
are still in the same structure, and are always padding bytes,
|
||||
ignored, or immediately overwritten, depending on compiler
|
||||
behavior. Nevertheless, because the memset()'s purpose is to
|
||||
make sure that any other cell-handling bugs can't expose bytes
|
||||
to the network, we need to fix it. Fixes bug 22737; bugfix on
|
||||
0.2.4.11-alpha. Fixes CID 1401591.
|
||||
|
||||
|
|
@ -1,7 +0,0 @@
|
|||
o Major bugfixes (path selection, security):
|
||||
- When choosing which guard to use for a circuit, avoid the
|
||||
exit's family along with the exit itself. Previously, the new
|
||||
guard selection logic avoided the exit, but did not consider
|
||||
its family. Fixes bug 22753; bugfix on 0.3.0.1-alpha. Tracked
|
||||
as TROVE-2016-006 and CVE-2017-0377.
|
||||
|
|
@ -1,7 +0,0 @@
|
|||
o Major bugfixes (openbsd, denial-of-service):
|
||||
- Avoid an assertion failure bug affecting our implementation of
|
||||
inet_pton(AF_INET6) on certain OpenBSD systems whose strtol()
|
||||
handling of "0xfoo" differs from what we had expected.
|
||||
Fixes bug 22789; bugfix on 0.2.3.8-alpha. Also tracked as
|
||||
TROVE-2017-007.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Minor bugfixes (file limits):
|
||||
- When setting the maximum number of connections allowed by the OS,
|
||||
always allow some extra file descriptors for other files.
|
||||
Fixes bug 22797; bugfix on 0.2.0.10-alpha.
|
|
@ -1,5 +0,0 @@
|
|||
o Minor bugfixes (compilation):
|
||||
- When building with certain versions the mingw C header files, avoid
|
||||
float-conversion warnings when calling the C functions isfinite(),
|
||||
isnan(), and signbit(). Fixes bug 22801; bugfix on 0.2.8.1-alpha.
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
o Minor bugfixes (unit tests):
|
||||
- Fix a memory leak in the link-handshake/certs_ok_ed25519 test.
|
||||
Fixes bug 22803; bugfix on 0.3.0.1-alpha.
|
|
@ -1,5 +0,0 @@
|
|||
o Minor bugfixes (compilation, mingw, backport from 0.3.1.1-alpha):
|
||||
- Backport a fix for an "unused variable" warning that appeared
|
||||
in some versions of mingw. Fixes bug 22838; bugfix on
|
||||
0.2.8.1-alpha.
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
o Minor bugfixes (compilation warnings):
|
||||
- Suppress -Wdouble-promotion warnings with clang 4.0. Fixes bug 22915;
|
||||
bugfix on 0.2.8.1-alpha.
|
|
@ -1,3 +0,0 @@
|
|||
o Minor bugfixes (Compilation):
|
||||
- Fix warnings when building with libscrypt and openssl scrypt support
|
||||
on Clang. Fixes bug 22916; bugfix on 0.2.7.2-alpha.
|
|
@ -1,7 +0,0 @@
|
|||
o Minor bugfixes (coverity builds):
|
||||
- Avoid Coverity build warnings related to our BUG() macro. By
|
||||
default, Coverity treats BUG() as the Linux kernel does: an
|
||||
instant abort(). We need to override that so our BUG() macro
|
||||
doesn't prevent Coverity from analyzing functions that use it.
|
||||
Fixes bug 23030; bugfix on 0.2.9.1-alpha.
|
||||
|
|
@ -1,7 +0,0 @@
|
|||
o Minor bugfixes (logging, relay):
|
||||
- Remove a log_warn() that has been forgotten when an introduction point
|
||||
successfully established a hidden service prop224 circuit with a client.
|
||||
- Three other log_warn() for an introduction point have been changed to
|
||||
protocol warning because they can be failure from the network and are
|
||||
not relevant to the operator. Fixes bug 23078; bugfix on
|
||||
tor-0.3.0.1-alpha and tor-0.3.0.2-alpha.
|
|
@ -1,8 +0,0 @@
|
|||
o Minor bugfixes (Windows service):
|
||||
- When running as a Windows service, set the ID of the main thread
|
||||
correctly. Failure to do so made us fail to send log messages
|
||||
to the controller in 0.2.1.16-rc, slowed down controller
|
||||
event delivery in 0.2.7.3-rc and later, and crash with an assertion
|
||||
failure in 0.3.1.1-alpha. Fixes bug 23081; bugfix on 0.2.1.6-alpha.
|
||||
Patch and diagnosis from "Vort".
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
o Minor bugfixes (testing):
|
||||
- Fix an undersized buffer in test-memwipe.c. Fixes bug 23291; bugfix on
|
||||
0.2.7.2-alpha. Found and patched by Ties Stuij.
|
|
@ -1,6 +0,0 @@
|
|||
o Minor bugfix (relay address resolution):
|
||||
- Avoid unnecessary calls to directory_fetches_from_authorities()
|
||||
on relays. This avoids spurious address resolutions and
|
||||
descriptor rebuilds. This is a mitigation for 21789. The original
|
||||
bug was introduced in commit 35bbf2e as part of prop210.
|
||||
Fixes 23470 in 0.2.8.1-alpha.
|
|
@ -1,4 +0,0 @@
|
|||
o Minor bugfixes (hidden service, relay):
|
||||
- Avoid a possible double close of a circuit by the intro point on error
|
||||
of sending the INTRO_ESTABLISHED cell. Fixes ticket 23610; bugfix on
|
||||
0.3.0.1-alpha.
|
|
@ -1,5 +0,0 @@
|
|||
o Major bugfixes (relay, crash, assertion failure):
|
||||
- Fix a timing-based assertion failure that could occur when the
|
||||
circuit out-of-memory handler freed a connection's output buffer.
|
||||
Fixes bug 23690; bugfix on 0.2.6.1-alpha.
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
o Minor bugfixes (relay, crash):
|
||||
- Avoid a crash when transitioning from client mode to bridge mode.
|
||||
Previously, we would launch the worker threads whenever our "public
|
||||
server" mode changed, but not when our "server" mode changed.
|
||||
Fixes bug 23693; bugfix on 0.2.6.3-alpha.
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
o Minor bugfixes (memory safety):
|
||||
- Clear the address when node_get_prim_orport() returns early.
|
||||
Fixes bug 23874; bugfix on 0.2.8.2-alpha.
|
|
@ -1,5 +0,0 @@
|
|||
o Major bugfixes (security, hidden service v2):
|
||||
- Fix a use-after-free error that could crash v2 Tor hidden services
|
||||
when it failed to open circuits while expiring introductions
|
||||
points. Fixes bug 24313; bugfix on 0.2.7.2-alpha. This
|
||||
issue is also tracked as TROVE-2017-013 and CVE-2017-8823.
|
|
@ -1,6 +0,0 @@
|
|||
o Minor bugfixes (logging, relay shutdown, annoyance):
|
||||
- When a circuit is marked for close, do not attempt to package any cells
|
||||
for channels on that circuit. Previously, we would detect this
|
||||
condition lower in the call stack, when we noticed that the circuit had
|
||||
no attached channel, and log an annoying message. Fixes bug 8185;
|
||||
bugfix on 0.2.5.4-alpha.
|
|
@ -1,5 +0,0 @@
|
|||
o Minor features (testing):
|
||||
- During 'make test-network-all', if tor logs any warnings, ask chutney
|
||||
to output them. Requires a recent version of chutney with the 21572
|
||||
patch.
|
||||
Implements 21570.
|
|
@ -1,4 +0,0 @@
|
|||
o Minor features (geoip):
|
||||
- Update geoip and geoip6 to the November 6 2017 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Minor features:
|
||||
- Update geoip and geoip6 to the April 4 2017 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Minor features:
|
||||
- Update geoip and geoip6 to the August 3 2017 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Minor features:
|
||||
- Update geoip and geoip6 to the February 8 2017 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Minor features:
|
||||
- Update geoip and geoip6 to the July 4 2017 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Minor features:
|
||||
- Update geoip and geoip6 to the June 8 2017 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Minor features:
|
||||
- Update geoip and geoip6 to the March 7 2017 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Minor features:
|
||||
- Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Minor features (geoip):
|
||||
- Update geoip and geoip6 to the October 4 2017 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Minor features:
|
||||
- Update geoip and geoip6 to the September 6 2017 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
o Minor features (directory authorities):
|
||||
- Remove longclaw's IPv6 address, as it will soon change.
|
||||
Authority IPv6 addresses were originally added in 0.2.8.1-alpha.
|
||||
This leaves 3/8 directory authorities with IPv6 addresses, but there
|
||||
are also 52 fallback directory mirrors with IPv6 addresses.
|
||||
Resolves 19760.
|
|
@ -1,3 +0,0 @@
|
|||
o Directory authority changes:
|
||||
- The directory authority "Longclaw" has changed its IP address.
|
||||
Closes ticket 23592.
|
|
@ -1,9 +0,0 @@
|
|||
o Minor features (future-proofing):
|
||||
|
||||
- Tor no longer refuses to download microdescriptors or descriptors if
|
||||
they are listed as "published in the future". This change will
|
||||
eventually allow us to stop listing meaningful "published" dates
|
||||
in microdescriptor consensuses, and thereby allow us to reduce the
|
||||
resources required to download consensus diffs by over 50%.
|
||||
Implements part of ticket 21642; implements part of proposal 275.
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
o Minor feature (protover):
|
||||
- Add new protocol version for proposal 224. HSIntro now advertises
|
||||
version "3-4" and HSDir version "1-2". Fixes ticket 20656.
|
|
@ -1,6 +0,0 @@
|
|||
o Minor features (fallback directory list):
|
||||
- Replace the 177 fallbacks originally introduced in Tor 0.2.9.8 in
|
||||
December 2016 (of which ~126 were still functional), with a list of
|
||||
151 fallbacks (32 new, 119 existing, 58 removed) generated in
|
||||
May 2017.
|
||||
Resolves ticket 21564.
|
|
@ -1,6 +0,0 @@
|
|||
o Minor features:
|
||||
- Enable a couple of pieces of Windows hardening: one
|
||||
(HeapEnableTerminationOnCorruption) that has been on-by-default since
|
||||
Windows 8, and unavailable before Windows 7, and one
|
||||
(PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION) which we believe doesn't
|
||||
affect us, but shouldn't do any harm. Closes ticket 21953.
|
|
@ -1,3 +0,0 @@
|
|||
o Minor bugfixes (compilation):
|
||||
- Fix unused variable warnings in donna's Curve25519 SSE2 code.
|
||||
Fixes bug 22895; bugfix on 0.2.7.2-alpha.
|
|
@ -1,3 +0,0 @@
|
|||
o Directory authority changes:
|
||||
- Add bastet as a ninth directory authority to the default list. Closes
|
||||
ticket 23910.
|
|
@ -1,8 +0,0 @@
|
|||
o Major bugfixes (parsing):
|
||||
- Fix an integer underflow bug when comparing malformed Tor versions.
|
||||
This bug is harmless, except when Tor has been built with
|
||||
--enable-expensive-hardening, which would turn it into a crash;
|
||||
or on Tor 0.2.9.1-alpha through Tor 0.2.9.8, which were built with
|
||||
-ftrapv by default.
|
||||
Part of TROVE-2017-001. Fixes bug 21278; bugfix on
|
||||
0.0.8pre1. Found by OSS-Fuzz.
|
|
@ -1,6 +0,0 @@
|
|||
o Major bugfixes (hidden service, relay, security):
|
||||
- Fix an assertion failure when a hidden service handles a
|
||||
malformed BEGIN cell. This bug resulted in the service crashing
|
||||
triggered by a tor_assert(). Fixes bug 22493, tracked as
|
||||
TROVE-2017-004 and as CVE-2017-0375; bugfix on 0.3.0.1-alpha.
|
||||
Found by armadev.
|
|
@ -1,7 +0,0 @@
|
|||
o Major bugfixes (hidden service, relay, security):
|
||||
- Fix an assertion failure caused by receiving a BEGIN_DIR cell on
|
||||
a hidden service rendezvous circuit. Fixes bug 22494, tracked as
|
||||
TROVE-2017-005 and CVE-2017-0376; bugfix on 0.2.2.1-alpha. Found
|
||||
by armadev.
|
||||
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
o Major bugfixes (security, hidden services, loggging):
|
||||
- Fix a bug where we could log uninitialized stack when a certain
|
||||
hidden service error occurred while SafeLogging was disabled.
|
||||
Fixes bug #23490; bugfix on 0.2.7.2-alpha.
|
||||
This is also tracked as TROVE-2017-008 and CVE-2017-0380.
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue