Compare commits
214 Commits
master
...
release-0.
Author | SHA1 | Date |
---|---|---|
Nick Mathewson | 4843d5349d | |
Nick Mathewson | 3f8fe441cf | |
Nick Mathewson | 12e465344e | |
Nick Mathewson | 90e7364e7e | |
Nick Mathewson | d47da40058 | |
Nick Mathewson | 5fd8f3b71d | |
Nick Mathewson | 9ca9e6a1f7 | |
Nick Mathewson | 8ddd84707e | |
Nick Mathewson | 3bf89fb85f | |
Nick Mathewson | edf721f8f0 | |
Nick Mathewson | beaaeecd20 | |
Nick Mathewson | 3f2cf1c0f5 | |
Nick Mathewson | 28dc7a519c | |
Nick Mathewson | 02ac1822ab | |
Nick Mathewson | ae0ee02026 | |
Nick Mathewson | 8eb9aaf4f6 | |
Nick Mathewson | 347b38d6d9 | |
Nick Mathewson | 04007557fb | |
Nick Mathewson | cbea95ae67 | |
Nick Mathewson | e9ec63d1ac | |
Nick Mathewson | 72db4f836a | |
Nick Mathewson | 35179a8c05 | |
Nick Mathewson | 1eb7041ef1 | |
Nick Mathewson | e3966d47c7 | |
Nick Mathewson | 21cea2c9de | |
Nick Mathewson | 19602bffbe | |
Nick Mathewson | babd102f0b | |
Nick Mathewson | b6b239ce0c | |
Nick Mathewson | ce9df228a5 | |
Nick Mathewson | ff679ee066 | |
Nick Mathewson | 60d3a3c754 | |
Nick Mathewson | 7e2e8ac245 | |
Nick Mathewson | 7e4623a235 | |
Nick Mathewson | f0f22ad92c | |
Nick Mathewson | b9b7013062 | |
Nick Mathewson | 0f4b1020af | |
Nick Mathewson | 97c988c431 | |
Nick Mathewson | c93f69af58 | |
Nick Mathewson | cf55f0516c | |
Nick Mathewson | ed13a7f625 | |
Nick Mathewson | abd6205384 | |
Nick Mathewson | 6f238a44d8 | |
Nick Mathewson | 6d0309e48b | |
Nick Mathewson | d83d1c7a89 | |
Nick Mathewson | 76b73013e2 | |
Nick Mathewson | 0e0baad5e8 | |
Nick Mathewson | c30d2daae0 | |
Nick Mathewson | 256cd9d877 | |
Nick Mathewson | 83648ef077 | |
Nick Mathewson | f9fe48989b | |
Nick Mathewson | 0e5140320b | |
Nick Mathewson | e9a102ff5e | |
Nick Mathewson | ed304a052f | |
Nick Mathewson | a8a060cdb3 | |
Nick Mathewson | 45b1c6bc8b | |
Nick Mathewson | 40faebd45b | |
Nick Mathewson | 1723138fcd | |
Nick Mathewson | bda3c54447 | |
Nick Mathewson | ee1bbe21ab | |
Nick Mathewson | b63cbec65e | |
Nick Mathewson | 74ce41d4d4 | |
Nick Mathewson | 2edad42fd8 | |
Nick Mathewson | fbb74fb37c | |
Nick Mathewson | 24f7698320 | |
Nick Mathewson | d3048a8f5b | |
Nick Mathewson | 9703b41480 | |
Nick Mathewson | 727d3f1b5e | |
Nick Mathewson | 94ad23deb2 | |
Nick Mathewson | d8d52f2b73 | |
Nick Mathewson | 14746dfba2 | |
Nick Mathewson | 7c548437cc | |
Nick Mathewson | bedd32e5d1 | |
Nick Mathewson | 3c0150aa46 | |
Nick Mathewson | 70fcbd5f83 | |
Nick Mathewson | d96f7f38e8 | |
Nick Mathewson | 5355b99dc0 | |
Nick Mathewson | 5c98411663 | |
Nick Mathewson | fe5d607d6b | |
Nick Mathewson | ba1db0c797 | |
Nick Mathewson | fb1c191e54 | |
Nick Mathewson | 6155f76691 | |
Nick Mathewson | 987f628b73 | |
Nick Mathewson | ad5027f7dc | |
Nick Mathewson | 4a49e134bc | |
Nick Mathewson | ee70e2ed6d | |
Nick Mathewson | af51ac47e0 | |
Nick Mathewson | d5e3b6e6b7 | |
Nick Mathewson | ce8d60674d | |
Nick Mathewson | ebedb5e06f | |
Nick Mathewson | 602f9565a9 | |
Nick Mathewson | 5f78775a8a | |
Nick Mathewson | 11abdccc75 | |
Nick Mathewson | 2fee12a96a | |
Nick Mathewson | 919286be05 | |
Nick Mathewson | adb7b92ca3 | |
Nick Mathewson | af5454e01c | |
Nick Mathewson | ecc84d8780 | |
Nick Mathewson | db4651469d | |
Nick Mathewson | 29b459a637 | |
Nick Mathewson | 2074984c34 | |
Nick Mathewson | e2ddc8b547 | |
Nick Mathewson | 5bf84b1f00 | |
Nick Mathewson | 7ef22d0bf0 | |
Nick Mathewson | 61d0f65cf0 | |
Nick Mathewson | 1115200d97 | |
Nick Mathewson | ac21fb8c68 | |
Nick Mathewson | 6babd3d9ba | |
Nick Mathewson | 9d35ddf110 | |
Nick Mathewson | 17e67dce81 | |
Nick Mathewson | ee2e3e852a | |
Nick Mathewson | d7eef61147 | |
Nick Mathewson | b05226f05c | |
Nick Mathewson | fd8d526f0d | |
Nick Mathewson | 2894ac304c | |
Nick Mathewson | dc01695810 | |
Nick Mathewson | 5e37c7d780 | |
Nick Mathewson | 44c2973224 | |
Nick Mathewson | 3c6034eaac | |
Nick Mathewson | 8230b0768b | |
Nick Mathewson | c61e919ec2 | |
Nick Mathewson | a040b05890 | |
Nick Mathewson | 3747807333 | |
Nick Mathewson | 931b2dbae5 | |
Nick Mathewson | 77a848b9d4 | |
Nick Mathewson | 8b4ff0168a | |
Nick Mathewson | 4d4e2fc224 | |
Nick Mathewson | 6108499c99 | |
Nick Mathewson | 636b5d19ae | |
Nick Mathewson | f0fa7a3420 | |
Nick Mathewson | c4ecb8f867 | |
Nick Mathewson | efc306c59a | |
Nick Mathewson | cf0124b238 | |
Nick Mathewson | b9c29105f1 | |
Nick Mathewson | bebf7eb54e | |
Nick Mathewson | c515fbc732 | |
Nick Mathewson | 3a5cf9aa2f | |
Nick Mathewson | faa28d40ec | |
Nick Mathewson | 1da84c63eb | |
Nick Mathewson | 526211949e | |
Nick Mathewson | 7ed8037495 | |
Nick Mathewson | ff2c31093a | |
Nick Mathewson | 51d14b3d47 | |
Nick Mathewson | 1dd0be75c2 | |
Nick Mathewson | 882dd4de0b | |
Nick Mathewson | 9944fd92ce | |
Nick Mathewson | 4d5e8378be | |
Nick Mathewson | 47e7a167d2 | |
Nick Mathewson | cbcff6759d | |
Nick Mathewson | f248a4a38e | |
Nick Mathewson | 8e451c5c7c | |
Nick Mathewson | e084fa419a | |
Nick Mathewson | 3938692f32 | |
Nick Mathewson | 4872c28afa | |
Nick Mathewson | 9409d98ee9 | |
Nick Mathewson | ef592d1331 | |
Nick Mathewson | 83389502ee | |
Nick Mathewson | c1b411109e | |
Nick Mathewson | 6ddc4d5e27 | |
Nick Mathewson | 026882fa3d | |
Nick Mathewson | 61ceb26229 | |
Nick Mathewson | 883d1957f6 | |
Nick Mathewson | 09f5077d48 | |
Nick Mathewson | 72aa33c017 | |
Nick Mathewson | 949c62c771 | |
Nick Mathewson | 31417631cb | |
Nick Mathewson | 66801bc90c | |
Nick Mathewson | 2faee019e2 | |
Nick Mathewson | 2e166d8684 | |
Nick Mathewson | 75eaca4e81 | |
Nick Mathewson | 3205700bc4 | |
Nick Mathewson | 8c2ccf9370 | |
Nick Mathewson | a2a5bd83f0 | |
Nick Mathewson | 180e21fbc0 | |
Nick Mathewson | a2d7033195 | |
Nick Mathewson | 4557f3f908 | |
Nick Mathewson | 3ada086d38 | |
Nick Mathewson | 745ffd6d3a | |
Nick Mathewson | f1431f4393 | |
Nick Mathewson | 4db33ecc04 | |
Nick Mathewson | 5eefa43137 | |
Nick Mathewson | 05ca8ab5b6 | |
Nick Mathewson | 11b2d36db3 | |
Nick Mathewson | 4d52b740f9 | |
Nick Mathewson | d5c1b7f185 | |
Nick Mathewson | 9665bad777 | |
Nick Mathewson | 47982cdc09 | |
Nick Mathewson | 0be10dde5a | |
Nick Mathewson | ab1c182127 | |
Nick Mathewson | 251316c5d8 | |
Nick Mathewson | f6a36996db | |
Nick Mathewson | 02030009c5 | |
Nick Mathewson | adae5d3b69 | |
Nick Mathewson | c8e6b2e4bf | |
Nick Mathewson | d9663a2513 | |
Nick Mathewson | fe2a9cb389 | |
Nick Mathewson | 402f4bcef1 | |
Nick Mathewson | ba45eec743 | |
Nick Mathewson | 26c9afc386 | |
Nick Mathewson | fab91a290d | |
Nick Mathewson | 26fd00418c | |
Nick Mathewson | 7377c0bc06 | |
Nick Mathewson | 01de8edd27 | |
Nick Mathewson | 2b393776cf | |
Nick Mathewson | 07862d8435 | |
Nick Mathewson | d9c230e712 | |
Nick Mathewson | 173dc174bf | |
Nick Mathewson | 20a46bdce6 | |
Nick Mathewson | b2ae5fc96b | |
Nick Mathewson | 62c87f857b | |
Nick Mathewson | ce64ab2f09 | |
Nick Mathewson | 27688994a9 | |
Nick Mathewson | 1bf3ef1c28 | |
Nick Mathewson | 403969a3a7 | |
Nick Mathewson | ac89262b1c |
791
ChangeLog
791
ChangeLog
|
@ -1,3 +1,794 @@
|
||||||
|
Changes in version 0.3.1.10 - 2018-03-03
|
||||||
|
Tor 0.3.1.10 backports a number of bugfixes, including important fixes for
|
||||||
|
security issues.
|
||||||
|
|
||||||
|
It includes an important security fix for a remote crash attack
|
||||||
|
against directory authorities, tracked as TROVE-2018-001.
|
||||||
|
|
||||||
|
This release also backports our new system for improved resistance to
|
||||||
|
denial-of-service attacks against relays.
|
||||||
|
|
||||||
|
This release also fixes several minor bugs and annoyances from
|
||||||
|
earlier releases.
|
||||||
|
|
||||||
|
All directory authorities should upgrade to one of the versions
|
||||||
|
released today. Relays running 0.3.1.x may wish to update to one of
|
||||||
|
the versions released today, for the DoS mitigations.
|
||||||
|
|
||||||
|
Please note: according to our release calendar, Tor 0.3.1 will no
|
||||||
|
longer be supported after 1 July 2018. If you will be running Tor
|
||||||
|
after that date, you should make sure to plan to upgrade to the latest
|
||||||
|
stable version, or downgrade to 0.2.9 (which will receive long-term
|
||||||
|
support).
|
||||||
|
|
||||||
|
o Major bugfixes (denial-of-service, directory authority, backport from 0.3.3.3-alpha):
|
||||||
|
- Fix a protocol-list handling bug that could be used to remotely crash
|
||||||
|
directory authorities with a null-pointer exception. Fixes bug 25074;
|
||||||
|
bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2018-001 and
|
||||||
|
CVE-2018-0490.
|
||||||
|
|
||||||
|
o Major features (denial-of-service mitigation, backport from 0.3.3.2-alpha):
|
||||||
|
- Give relays some defenses against the recent network overload. We
|
||||||
|
start with three defenses (default parameters in parentheses).
|
||||||
|
First: if a single client address makes too many concurrent
|
||||||
|
connections (>100), hang up on further connections. Second: if a
|
||||||
|
single client address makes circuits too quickly (more than 3 per
|
||||||
|
second, with an allowed burst of 90) while also having too many
|
||||||
|
connections open (3), refuse new create cells for the next while
|
||||||
|
(1-2 hours). Third: if a client asks to establish a rendezvous
|
||||||
|
point to you directly, ignore the request. These defenses can be
|
||||||
|
manually controlled by new torrc options, but relays will also
|
||||||
|
take guidance from consensus parameters, so there's no need to
|
||||||
|
configure anything manually. Implements ticket 24902.
|
||||||
|
|
||||||
|
o Minor features (linux seccomp2 sandbox, backport from 0.3.2.5-alpha):
|
||||||
|
- Update the sandbox rules so that they should now work correctly
|
||||||
|
with Glibc 2.26. Closes ticket 24315.
|
||||||
|
|
||||||
|
o Major bugfixes (onion services, retry behavior, backport from 0.3.3.1-alpha):
|
||||||
|
- Fix an "off by 2" error in counting rendezvous failures on the
|
||||||
|
onion service side. While we thought we would stop the rendezvous
|
||||||
|
attempt after one failed circuit, we were actually making three
|
||||||
|
circuit attempts before giving up. Now switch to a default of 2,
|
||||||
|
and allow the consensus parameter "hs_service_max_rdv_failures" to
|
||||||
|
override. Fixes bug 24895; bugfix on 0.0.6.
|
||||||
|
|
||||||
|
o Major bugfixes (protocol versions, backport from 0.3.3.2-alpha):
|
||||||
|
- Add Link protocol version 5 to the supported protocols list. Fixes
|
||||||
|
bug 25070; bugfix on 0.3.1.1-alpha.
|
||||||
|
|
||||||
|
o Major bugfixes (relay, backport from 0.3.3.1-alpha):
|
||||||
|
- Fix a set of false positives where relays would consider
|
||||||
|
connections to other relays as being client-only connections (and
|
||||||
|
thus e.g. deserving different link padding schemes) if those
|
||||||
|
relays fell out of the consensus briefly. Now we look only at the
|
||||||
|
initial handshake and whether the connection authenticated as a
|
||||||
|
relay. Fixes bug 24898; bugfix on 0.3.1.1-alpha.
|
||||||
|
|
||||||
|
o Minor features (denial-of-service avoidance, backport from 0.3.3.2-alpha):
|
||||||
|
- Make our OOM handler aware of the geoip client history cache so it
|
||||||
|
doesn't fill up the memory. This check is important for IPv6 and
|
||||||
|
our DoS mitigation subsystem. Closes ticket 25122.
|
||||||
|
|
||||||
|
o Minor feature (relay statistics, backport from 0.3.2.6-alpha):
|
||||||
|
- Change relay bandwidth reporting stats interval from 4 hours to 24
|
||||||
|
hours in order to reduce the efficiency of guard discovery
|
||||||
|
attacks. Fixes ticket 23856.
|
||||||
|
|
||||||
|
o Minor features (compatibility, OpenSSL, backport from 0.3.3.3-alpha):
|
||||||
|
- Tor will now support TLS1.3 once OpenSSL 1.1.1 is released.
|
||||||
|
Previous versions of Tor would not have worked with OpenSSL 1.1.1,
|
||||||
|
since they neither disabled TLS 1.3 nor enabled any of the
|
||||||
|
ciphersuites it requires. Now we enable the TLS 1.3 ciphersuites.
|
||||||
|
Closes ticket 24978.
|
||||||
|
|
||||||
|
o Minor features (fallback directory mirrors, backport from 0.3.2.9):
|
||||||
|
- The fallback directory list has been re-generated based on the
|
||||||
|
current status of the network. Tor uses fallback directories to
|
||||||
|
bootstrap when it doesn't yet have up-to-date directory
|
||||||
|
information. Closes ticket 24801.
|
||||||
|
- Make the default DirAuthorityFallbackRate 0.1, so that clients
|
||||||
|
prefer to bootstrap from fallback directory mirrors. This is a
|
||||||
|
follow-up to 24679, which removed weights from the default
|
||||||
|
fallbacks. Implements ticket 24681.
|
||||||
|
|
||||||
|
o Minor features (geoip):
|
||||||
|
- Update geoip and geoip6 to the February 7 2018 Maxmind GeoLite2
|
||||||
|
Country database.
|
||||||
|
|
||||||
|
o Minor bugfix (channel connection, backport from 0.3.3.2-alpha):
|
||||||
|
- Use the actual observed address of an incoming relay connection,
|
||||||
|
not the canonical address of the relay from its descriptor, when
|
||||||
|
making decisions about how to handle the incoming connection.
|
||||||
|
Fixes bug 24952; bugfix on 0.2.4.11-alpha. Patch by "ffmancera".
|
||||||
|
|
||||||
|
o Minor bugfix (directory authority, backport from 0.3.3.2-alpha):
|
||||||
|
- Directory authorities, when refusing a descriptor from a rejected
|
||||||
|
relay, now explicitly tell the relay (in its logs) to set a valid
|
||||||
|
ContactInfo address and contact the bad-relays@ mailing list.
|
||||||
|
Fixes bug 25170; bugfix on 0.2.9.1.
|
||||||
|
|
||||||
|
o Minor bugfixes (address selection, backport from 0.3.2.9):
|
||||||
|
- When the fascist_firewall_choose_address_ functions don't find a
|
||||||
|
reachable address, set the returned address to the null address
|
||||||
|
and port. This is a precautionary measure, because some callers do
|
||||||
|
not check the return value. Fixes bug 24736; bugfix
|
||||||
|
on 0.2.8.2-alpha.
|
||||||
|
|
||||||
|
o Major bugfixes (bootstrapping, backport from 0.3.2.5-alpha):
|
||||||
|
- Fetch descriptors aggressively whenever we lack enough to build
|
||||||
|
circuits, regardless of how many descriptors we are missing.
|
||||||
|
Previously, we would delay launching the fetch when we had fewer
|
||||||
|
than 15 missing descriptors, even if some of those descriptors
|
||||||
|
were blocking circuits from building. Fixes bug 23985; bugfix on
|
||||||
|
0.1.1.11-alpha. The effects of this bug became worse in
|
||||||
|
0.3.0.3-alpha, when we began treating missing descriptors from our
|
||||||
|
primary guards as a reason to delay circuits.
|
||||||
|
- Don't try fetching microdescriptors from relays that have failed
|
||||||
|
to deliver them in the past. Fixes bug 23817; bugfix
|
||||||
|
on 0.3.0.1-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (compilation, backport from 0.3.2.7-rc):
|
||||||
|
- Fix a signed/unsigned comparison warning introduced by our fix to
|
||||||
|
TROVE-2017-009. Fixes bug 24480; bugfix on 0.2.5.16.
|
||||||
|
|
||||||
|
o Minor bugfixes (control port, linux seccomp2 sandbox, backport from 0.3.2.5-alpha):
|
||||||
|
- Avoid a crash when attempting to use the seccomp2 sandbox together
|
||||||
|
with the OwningControllerProcess feature. Fixes bug 24198; bugfix
|
||||||
|
on 0.2.5.1-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (denial-of-service, backport from 0.3.3.3-alpha):
|
||||||
|
- Fix a possible crash on malformed consensus. If a consensus had
|
||||||
|
contained an unparseable protocol line, it could have made clients
|
||||||
|
and relays crash with a null-pointer exception. To exploit this
|
||||||
|
issue, however, an attacker would need to be able to subvert the
|
||||||
|
directory authority system. Fixes bug 25251; bugfix on
|
||||||
|
0.2.9.4-alpha. Also tracked as TROVE-2018-004.
|
||||||
|
|
||||||
|
o Minor bugfixes (directory cache, backport from 0.3.2.5-alpha):
|
||||||
|
- Recover better from empty or corrupt files in the consensus cache
|
||||||
|
directory. Fixes bug 24099; bugfix on 0.3.1.1-alpha.
|
||||||
|
- When a consensus diff calculation is only partially successful,
|
||||||
|
only record the successful parts as having succeeded. Partial
|
||||||
|
success can happen if (for example) one compression method fails
|
||||||
|
but the others succeed. Previously we misrecorded all the
|
||||||
|
calculations as having succeeded, which would later cause a
|
||||||
|
nonfatal assertion failure. Fixes bug 24086; bugfix
|
||||||
|
on 0.3.1.1-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (entry guards, backport from 0.3.2.3-alpha):
|
||||||
|
- Tor now updates its guard state when it reads a consensus
|
||||||
|
regardless of whether it's missing descriptors. That makes tor use
|
||||||
|
its primary guards to fetch descriptors in some edge cases where
|
||||||
|
it would previously have used fallback directories. Fixes bug
|
||||||
|
23862; bugfix on 0.3.0.1-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (logging, backport from 0.3.3.2-alpha):
|
||||||
|
- Don't treat inability to store a cached consensus object as a bug:
|
||||||
|
it can happen normally when we are out of disk space. Fixes bug
|
||||||
|
24859; bugfix on 0.3.1.1-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (memory usage, backport from 0.3.2.8-rc):
|
||||||
|
- When queuing DESTROY cells on a channel, only queue the circuit-id
|
||||||
|
and reason fields: not the entire 514-byte cell. This fix should
|
||||||
|
help mitigate any bugs or attacks that fill up these queues, and
|
||||||
|
free more RAM for other uses. Fixes bug 24666; bugfix
|
||||||
|
on 0.2.5.1-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (network layer, backport from 0.3.2.5-alpha):
|
||||||
|
- When closing a connection via close_connection_immediately(), we
|
||||||
|
mark it as "not blocked on bandwidth", to prevent later calls from
|
||||||
|
trying to unblock it, and give it permission to read. This fixes a
|
||||||
|
backtrace warning that can happen on relays under various
|
||||||
|
circumstances. Fixes bug 24167; bugfix on 0.1.0.1-rc.
|
||||||
|
|
||||||
|
o Minor bugfixes (path selection, backport from 0.3.2.4-alpha):
|
||||||
|
- When selecting relays by bandwidth, avoid a rounding error that
|
||||||
|
could sometimes cause load to be imbalanced incorrectly.
|
||||||
|
Previously, we would always round upwards; now, we round towards
|
||||||
|
the nearest integer. This had the biggest effect when a relay's
|
||||||
|
weight adjustments should have given it weight 0, but it got
|
||||||
|
weight 1 instead. Fixes bug 23318; bugfix on 0.2.4.3-alpha.
|
||||||
|
- When calculating the fraction of nodes that have descriptors, and
|
||||||
|
all nodes in the network have zero bandwidths, count the number of
|
||||||
|
nodes instead. Fixes bug 23318; bugfix on 0.2.4.10-alpha.
|
||||||
|
- Actually log the total bandwidth in compute_weighted_bandwidths().
|
||||||
|
Fixes bug 24170; bugfix on 0.2.4.3-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (performance, fragile-hardening, backport from 0.3.3.1-alpha):
|
||||||
|
- Improve the performance of our consensus-diff application code
|
||||||
|
when Tor is built with the --enable-fragile-hardening option set.
|
||||||
|
Fixes bug 24826; bugfix on 0.3.1.1-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (OSX, backport from 0.3.3.1-alpha):
|
||||||
|
- Don't exit the Tor process if setrlimit() fails to change the file
|
||||||
|
limit (which can happen sometimes on some versions of OSX). Fixes
|
||||||
|
bug 21074; bugfix on 0.0.9pre5.
|
||||||
|
|
||||||
|
o Minor bugfixes (portability, msvc, backport from 0.3.2.9):
|
||||||
|
- Fix a bug in the bit-counting parts of our timing-wheel code on
|
||||||
|
MSVC. (Note that MSVC is still not a supported build platform, due
|
||||||
|
to cyptographic timing channel risks.) Fixes bug 24633; bugfix
|
||||||
|
on 0.2.9.1-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (relay, partial backport):
|
||||||
|
- Make the internal channel_is_client() function look at what sort
|
||||||
|
of connection handshake the other side used, rather than whether
|
||||||
|
the other side ever sent a create_fast cell to us. Backports part
|
||||||
|
of the fixes from bugs 22805 and 24898.
|
||||||
|
|
||||||
|
o Minor bugfixes (spec conformance, backport from 0.3.3.3-alpha):
|
||||||
|
- Forbid "-0" as a protocol version. Fixes part of bug 25249; bugfix on
|
||||||
|
0.2.9.4-alpha.
|
||||||
|
- Forbid UINT32_MAX as a protocol version. Fixes part of bug 25249;
|
||||||
|
bugfix on 0.2.9.4-alpha.
|
||||||
|
|
||||||
|
o Code simplification and refactoring (backport from 0.3.3.3-alpha):
|
||||||
|
- Update the "rust dependencies" submodule to be a project-level
|
||||||
|
repository, rather than a user repository. Closes ticket 25323.
|
||||||
|
|
||||||
|
|
||||||
|
Changes in version 0.3.1.9 - 2017-12-01:
|
||||||
|
Tor 0.3.1.9 backports important security and stability fixes from the
|
||||||
|
0.3.2 development series. All Tor users should upgrade to this
|
||||||
|
release, or to another of the releases coming out today.
|
||||||
|
|
||||||
|
o Major bugfixes (security, backport from 0.3.2.6-alpha):
|
||||||
|
- Fix a denial of service bug where an attacker could use a
|
||||||
|
malformed directory object to cause a Tor instance to pause while
|
||||||
|
OpenSSL would try to read a passphrase from the terminal. (Tor
|
||||||
|
instances run without a terminal, which is the case for most Tor
|
||||||
|
packages, are not impacted.) Fixes bug 24246; bugfix on every
|
||||||
|
version of Tor. Also tracked as TROVE-2017-011 and CVE-2017-8821.
|
||||||
|
Found by OSS-Fuzz as testcase 6360145429790720.
|
||||||
|
- Fix a denial of service issue where an attacker could crash a
|
||||||
|
directory authority using a malformed router descriptor. Fixes bug
|
||||||
|
24245; bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2017-010
|
||||||
|
and CVE-2017-8820.
|
||||||
|
- When checking for replays in the INTRODUCE1 cell data for a
|
||||||
|
(legacy) onion service, correctly detect replays in the RSA-
|
||||||
|
encrypted part of the cell. We were previously checking for
|
||||||
|
replays on the entire cell, but those can be circumvented due to
|
||||||
|
the malleability of Tor's legacy hybrid encryption. This fix helps
|
||||||
|
prevent a traffic confirmation attack. Fixes bug 24244; bugfix on
|
||||||
|
0.2.4.1-alpha. This issue is also tracked as TROVE-2017-009
|
||||||
|
and CVE-2017-8819.
|
||||||
|
|
||||||
|
o Major bugfixes (security, onion service v2, backport from 0.3.2.6-alpha):
|
||||||
|
- Fix a use-after-free error that could crash v2 Tor onion services
|
||||||
|
when they failed to open circuits while expiring introduction
|
||||||
|
points. Fixes bug 24313; bugfix on 0.2.7.2-alpha. This issue is
|
||||||
|
also tracked as TROVE-2017-013 and CVE-2017-8823.
|
||||||
|
|
||||||
|
o Major bugfixes (security, relay, backport from 0.3.2.6-alpha):
|
||||||
|
- When running as a relay, make sure that we never build a path
|
||||||
|
through ourselves, even in the case where we have somehow lost the
|
||||||
|
version of our descriptor appearing in the consensus. Fixes part
|
||||||
|
of bug 21534; bugfix on 0.2.0.1-alpha. This issue is also tracked
|
||||||
|
as TROVE-2017-012 and CVE-2017-8822.
|
||||||
|
- When running as a relay, make sure that we never choose ourselves
|
||||||
|
as a guard. Fixes part of bug 21534; bugfix on 0.3.0.1-alpha. This
|
||||||
|
issue is also tracked as TROVE-2017-012 and CVE-2017-8822.
|
||||||
|
|
||||||
|
o Major bugfixes (exit relays, DNS, backport from 0.3.2.4-alpha):
|
||||||
|
- Fix an issue causing DNS to fail on high-bandwidth exit nodes,
|
||||||
|
making them nearly unusable. Fixes bugs 21394 and 18580; bugfix on
|
||||||
|
0.1.2.2-alpha, which introduced eventdns. Thanks to Dhalgren for
|
||||||
|
identifying and finding a workaround to this bug and to Moritz,
|
||||||
|
Arthur Edelstein, and Roger for helping to track it down and
|
||||||
|
analyze it.
|
||||||
|
|
||||||
|
o Minor features (bridge):
|
||||||
|
- Bridges now include notice in their descriptors that they are
|
||||||
|
bridges, and notice of their distribution status, based on their
|
||||||
|
publication settings. Implements ticket 18329. For more fine-
|
||||||
|
grained control of how a bridge is distributed, upgrade to 0.3.2.x
|
||||||
|
or later.
|
||||||
|
|
||||||
|
o Minor features (directory authority, backport from 0.3.2.6-alpha):
|
||||||
|
- Add an IPv6 address for the "bastet" directory authority. Closes
|
||||||
|
ticket 24394.
|
||||||
|
|
||||||
|
o Minor features (geoip):
|
||||||
|
- Update geoip and geoip6 to the November 6 2017 Maxmind GeoLite2
|
||||||
|
Country database.
|
||||||
|
|
||||||
|
o Minor bugfix (relay address resolution, backport from 0.3.2.1-alpha):
|
||||||
|
- Avoid unnecessary calls to directory_fetches_from_authorities() on
|
||||||
|
relays, to prevent spurious address resolutions and descriptor
|
||||||
|
rebuilds. This is a mitigation for bug 21789. Fixes bug 23470;
|
||||||
|
bugfix on in 0.2.8.1-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (compilation, backport from 0.3.2.1-alpha):
|
||||||
|
- Fix unused variable warnings in donna's Curve25519 SSE2 code.
|
||||||
|
Fixes bug 22895; bugfix on 0.2.7.2-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (logging, relay shutdown, annoyance, backport from 0.3.2.2-alpha):
|
||||||
|
- When a circuit is marked for close, do not attempt to package any
|
||||||
|
cells for channels on that circuit. Previously, we would detect
|
||||||
|
this condition lower in the call stack, when we noticed that the
|
||||||
|
circuit had no attached channel, and log an annoying message.
|
||||||
|
Fixes bug 8185; bugfix on 0.2.5.4-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (onion service, backport from 0.3.2.5-alpha):
|
||||||
|
- Rename the consensus parameter "hsdir-interval" to "hsdir_interval"
|
||||||
|
so it matches dir-spec.txt. Fixes bug 24262; bugfix
|
||||||
|
on 0.3.1.1-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (relay, crash, backport from 0.3.2.4-alpha):
|
||||||
|
- Avoid a crash when transitioning from client mode to bridge mode.
|
||||||
|
Previously, we would launch the worker threads whenever our
|
||||||
|
"public server" mode changed, but not when our "server" mode
|
||||||
|
changed. Fixes bug 23693; bugfix on 0.2.6.3-alpha.
|
||||||
|
|
||||||
|
|
||||||
|
Changes in version 0.3.1.8 - 2017-10-25
|
||||||
|
Tor 0.3.1.8 is the second stable release in the 0.3.1 series.
|
||||||
|
It includes several bugfixes, including a bugfix for a crash issue
|
||||||
|
that had affected relays under memory pressure. It also adds
|
||||||
|
a new directory authority, Bastet.
|
||||||
|
|
||||||
|
o Directory authority changes:
|
||||||
|
- Add "Bastet" as a ninth directory authority to the default list.
|
||||||
|
Closes ticket 23910.
|
||||||
|
- The directory authority "Longclaw" has changed its IP address.
|
||||||
|
Closes ticket 23592.
|
||||||
|
|
||||||
|
o Major bugfixes (relay, crash, assertion failure, backport from 0.3.2.2-alpha):
|
||||||
|
- Fix a timing-based assertion failure that could occur when the
|
||||||
|
circuit out-of-memory handler freed a connection's output buffer.
|
||||||
|
Fixes bug 23690; bugfix on 0.2.6.1-alpha.
|
||||||
|
|
||||||
|
o Minor features (directory authorities, backport from 0.3.2.2-alpha):
|
||||||
|
- Remove longclaw's IPv6 address, as it will soon change. Authority
|
||||||
|
IPv6 addresses were originally added in 0.2.8.1-alpha. This leaves
|
||||||
|
3/8 directory authorities with IPv6 addresses, but there are also
|
||||||
|
52 fallback directory mirrors with IPv6 addresses. Resolves 19760.
|
||||||
|
|
||||||
|
o Minor features (geoip):
|
||||||
|
- Update geoip and geoip6 to the October 4 2017 Maxmind GeoLite2
|
||||||
|
Country database.
|
||||||
|
|
||||||
|
o Minor bugfixes (compilation, backport from 0.3.2.2-alpha):
|
||||||
|
- Fix a compilation warning when building with zstd support on
|
||||||
|
32-bit platforms. Fixes bug 23568; bugfix on 0.3.1.1-alpha. Found
|
||||||
|
and fixed by Andreas Stieger.
|
||||||
|
|
||||||
|
o Minor bugfixes (compression, backport from 0.3.2.2-alpha):
|
||||||
|
- Handle a pathological case when decompressing Zstandard data when
|
||||||
|
the output buffer size is zero. Fixes bug 23551; bugfix
|
||||||
|
on 0.3.1.1-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (directory authority, backport from 0.3.2.1-alpha):
|
||||||
|
- Remove the length limit on HTTP status lines that authorities can
|
||||||
|
send in their replies. Fixes bug 23499; bugfix on 0.3.1.6-rc.
|
||||||
|
|
||||||
|
o Minor bugfixes (hidden service, relay, backport from 0.3.2.2-alpha):
|
||||||
|
- Avoid a possible double close of a circuit by the intro point on
|
||||||
|
error of sending the INTRO_ESTABLISHED cell. Fixes bug 23610;
|
||||||
|
bugfix on 0.3.0.1-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (memory safety, backport from 0.3.2.3-alpha):
|
||||||
|
- Clear the address when node_get_prim_orport() returns early.
|
||||||
|
Fixes bug 23874; bugfix on 0.2.8.2-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (unit tests, backport from 0.3.2.2-alpha):
|
||||||
|
- Fix additional channelpadding unit test failures by using mocked
|
||||||
|
time instead of actual time for all tests. Fixes bug 23608; bugfix
|
||||||
|
on 0.3.1.1-alpha.
|
||||||
|
|
||||||
|
|
||||||
|
Changes in version 0.3.1.7 - 2017-09-18
|
||||||
|
Tor 0.3.1.7 is the first stable release in the 0.3.1 series.
|
||||||
|
|
||||||
|
With the 0.3.1 series, Tor now serves and downloads directory
|
||||||
|
information in more compact formats, to save on bandwidth overhead. It
|
||||||
|
also contains a new padding system to resist netflow-based traffic
|
||||||
|
analysis, and experimental support for building parts of Tor in Rust
|
||||||
|
(though no parts of Tor are in Rust yet). There are also numerous
|
||||||
|
small features, bugfixes on earlier release series, and groundwork for
|
||||||
|
the hidden services revamp of 0.3.2.
|
||||||
|
|
||||||
|
This release also includes a fix for TROVE-2017-008, a security bug
|
||||||
|
that affects hidden services running with the SafeLogging option
|
||||||
|
disabled. For more information, see
|
||||||
|
https://trac.torproject.org/projects/tor/ticket/23490
|
||||||
|
|
||||||
|
Per our stable release policy, we plan to support each stable release
|
||||||
|
series for at least the next nine months, or for three months after
|
||||||
|
the first stable release of the next series: whichever is longer. If
|
||||||
|
you need a release with long-term support, we recommend that you stay
|
||||||
|
with the 0.2.9 series.
|
||||||
|
|
||||||
|
Below is a list of the changes since 0.3.1.6-rc. For a list of all
|
||||||
|
changes since 0.3.0, see the ReleaseNotes file.
|
||||||
|
|
||||||
|
o Major bugfixes (security, hidden services, loggging):
|
||||||
|
- Fix a bug where we could log uninitialized stack when a certain
|
||||||
|
hidden service error occurred while SafeLogging was disabled.
|
||||||
|
Fixes bug #23490; bugfix on 0.2.7.2-alpha. This is also tracked as
|
||||||
|
TROVE-2017-008 and CVE-2017-0380.
|
||||||
|
|
||||||
|
o Minor features (defensive programming):
|
||||||
|
- Create a pair of consensus parameters, nf_pad_tor2web and
|
||||||
|
nf_pad_single_onion, to disable netflow padding in the consensus
|
||||||
|
for non-anonymous connections in case the overhead is high. Closes
|
||||||
|
ticket 17857.
|
||||||
|
|
||||||
|
o Minor features (diagnostic):
|
||||||
|
- Add a stack trace to the bug warnings that can be logged when
|
||||||
|
trying to send an outgoing relay cell with n_chan == 0. Diagnostic
|
||||||
|
attempt for bug 23105.
|
||||||
|
|
||||||
|
o Minor features (geoip):
|
||||||
|
- Update geoip and geoip6 to the September 6 2017 Maxmind GeoLite2
|
||||||
|
Country database.
|
||||||
|
|
||||||
|
o Minor bugfixes (compilation):
|
||||||
|
- Avoid compiler warnings in the unit tests for calling tor_sscanf()
|
||||||
|
with wide string outputs. Fixes bug 15582; bugfix on 0.2.6.2-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (controller):
|
||||||
|
- Do not crash when receiving a HSPOST command with an empty body.
|
||||||
|
Fixes part of bug 22644; bugfix on 0.2.7.1-alpha.
|
||||||
|
- Do not crash when receiving a POSTDESCRIPTOR command with an empty
|
||||||
|
body. Fixes part of bug 22644; bugfix on 0.2.0.1-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (relay):
|
||||||
|
- Inform the geoip and rephist modules about all requests, even on
|
||||||
|
relays that are only fetching microdescriptors. Fixes a bug
|
||||||
|
related to 21585; bugfix on 0.3.0.1-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (unit tests):
|
||||||
|
- Fix a channelpadding unit test failure on slow systems by using
|
||||||
|
mocked time instead of actual time. Fixes bug 23077; bugfix
|
||||||
|
on 0.3.1.1-alpha.
|
||||||
|
|
||||||
|
|
||||||
|
Changes in version 0.3.1.6-rc - 2017-09-05
|
||||||
|
Tor 0.3.1.6-rc fixes a few small bugs and annoyances in the 0.3.1
|
||||||
|
release series, including a bug that produced weird behavior on
|
||||||
|
Windows directory caches.
|
||||||
|
|
||||||
|
This is the first release candidate in the Tor 0.3.1 series. If we
|
||||||
|
find no new bugs or regressions here, the first stable 0.3.1 release
|
||||||
|
will be nearly identical to it.
|
||||||
|
|
||||||
|
o Major bugfixes (windows, directory cache):
|
||||||
|
- On Windows, do not try to delete cached consensus documents and
|
||||||
|
diffs before they are unmapped from memory--Windows won't allow
|
||||||
|
that. Instead, allow the consensus cache directory to grow larger,
|
||||||
|
to hold files that might need to stay around longer. Fixes bug
|
||||||
|
22752; bugfix on 0.3.1.1-alpha.
|
||||||
|
|
||||||
|
o Minor features (directory authority):
|
||||||
|
- Improve the message that authorities report to relays that present
|
||||||
|
RSA/Ed25519 keypairs that conflict with previously pinned keys.
|
||||||
|
Closes ticket 22348.
|
||||||
|
|
||||||
|
o Minor features (geoip):
|
||||||
|
- Update geoip and geoip6 to the August 3 2017 Maxmind GeoLite2
|
||||||
|
Country database.
|
||||||
|
|
||||||
|
o Minor features (testing):
|
||||||
|
- Add more tests for compression backend initialization. Closes
|
||||||
|
ticket 22286.
|
||||||
|
|
||||||
|
o Minor bugfixes (directory cache):
|
||||||
|
- Fix a memory leak when recovering space in the consensus cache.
|
||||||
|
Fixes bug 23139; bugfix on 0.3.1.1-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (hidden service):
|
||||||
|
- Increase the number of circuits that a service is allowed to
|
||||||
|
open over a specific period of time. The value was lower than it
|
||||||
|
should be (8 vs 12) in the normal case of 3 introduction points.
|
||||||
|
Fixes bug 22159; bugfix on 0.3.0.5-rc.
|
||||||
|
- Fix a BUG warning during HSv3 descriptor decoding that could be
|
||||||
|
cause by a specially crafted descriptor. Fixes bug 23233; bugfix
|
||||||
|
on 0.3.0.1-alpha. Bug found by "haxxpop".
|
||||||
|
- Rate-limit the log messages if we exceed the maximum number of
|
||||||
|
allowed intro circuits. Fixes bug 22159; bugfix on 0.3.1.1-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (logging, relay):
|
||||||
|
- Remove a forgotten debugging message when an introduction point
|
||||||
|
successfully establishes a hidden service prop224 circuit with
|
||||||
|
a client.
|
||||||
|
- Change three other log_warn() for an introduction point to
|
||||||
|
protocol warnings, because they can be failure from the network
|
||||||
|
and are not relevant to the operator. Fixes bug 23078; bugfix on
|
||||||
|
0.3.0.1-alpha and 0.3.0.2-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (relay):
|
||||||
|
- When a relay is not running as a directory cache, it will no
|
||||||
|
longer generate compressed consensuses and consensus diff
|
||||||
|
information. Previously, this was a waste of disk and CPU. Fixes
|
||||||
|
bug 23275; bugfix on 0.3.1.1-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (robustness, error handling):
|
||||||
|
- Improve our handling of the cases where OpenSSL encounters a
|
||||||
|
memory error while encoding keys and certificates. We haven't
|
||||||
|
observed these errors in the wild, but if they do happen, we now
|
||||||
|
detect and respond better. Fixes bug 19418; bugfix on all versions
|
||||||
|
of Tor. Reported by Guido Vranken.
|
||||||
|
|
||||||
|
o Minor bugfixes (stability):
|
||||||
|
- Avoid crashing on a double-free when unable to load or process an
|
||||||
|
included file. Fixes bug 23155; bugfix on 0.3.1.1-alpha. Found
|
||||||
|
with the clang static analyzer.
|
||||||
|
|
||||||
|
o Minor bugfixes (testing):
|
||||||
|
- Fix an undersized buffer in test-memwipe.c. Fixes bug 23291;
|
||||||
|
bugfix on 0.2.7.2-alpha. Found and patched by Ties Stuij.
|
||||||
|
- Port the hs_ntor handshake test to work correctly with recent
|
||||||
|
versions of the pysha3 module. Fixes bug 23071; bugfix
|
||||||
|
on 0.3.1.1-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (Windows service):
|
||||||
|
- When running as a Windows service, set the ID of the main thread
|
||||||
|
correctly. Failure to do so made us fail to send log messages to
|
||||||
|
the controller in 0.2.1.16-rc, slowed down controller event
|
||||||
|
delivery in 0.2.7.3-rc and later, and crash with an assertion
|
||||||
|
failure in 0.3.1.1-alpha. Fixes bug 23081; bugfix on 0.2.1.6-alpha.
|
||||||
|
Patch and diagnosis from "Vort".
|
||||||
|
|
||||||
|
|
||||||
|
Changes in version 0.3.1.5-alpha - 2017-08-01
|
||||||
|
Tor 0.3.1.5-alpha improves the performance of consensus diff
|
||||||
|
calculation, fixes a crash bug on older versions of OpenBSD, and fixes
|
||||||
|
several other bugs. If no serious bugs are found in this version, the
|
||||||
|
next version will be a release candidate.
|
||||||
|
|
||||||
|
This release also marks the end of support for the Tor 0.2.4.x,
|
||||||
|
0.2.6.x, and 0.2.7.x release series. Those releases will receive no
|
||||||
|
further bug or security fixes. Anyone still running or distributing
|
||||||
|
one of those versions should upgrade.
|
||||||
|
|
||||||
|
o Major features (build system, continuous integration):
|
||||||
|
- Tor's repository now includes a Travis Continuous Integration (CI)
|
||||||
|
configuration file (.travis.yml). This is meant to help new
|
||||||
|
developers and contributors who fork Tor to a Github repository be
|
||||||
|
better able to test their changes, and understand what we expect
|
||||||
|
to pass. To use this new build feature, you must fork Tor to your
|
||||||
|
Github account, then go into the "Integrations" menu in the
|
||||||
|
repository settings for your fork and enable Travis, then push
|
||||||
|
your changes. Closes ticket 22636.
|
||||||
|
|
||||||
|
o Major bugfixes (openbsd, denial-of-service):
|
||||||
|
- Avoid an assertion failure bug affecting our implementation of
|
||||||
|
inet_pton(AF_INET6) on certain OpenBSD systems whose strtol()
|
||||||
|
handling of "0xfoo" differs from what we had expected. Fixes bug
|
||||||
|
22789; bugfix on 0.2.3.8-alpha. Also tracked as TROVE-2017-007.
|
||||||
|
|
||||||
|
o Major bugfixes (relay, performance):
|
||||||
|
- Perform circuit handshake operations at a higher priority than we
|
||||||
|
use for consensus diff creation and compression. This should
|
||||||
|
prevent circuits from starving when a relay or bridge receives a
|
||||||
|
new consensus, especially on lower-powered machines. Fixes bug
|
||||||
|
22883; bugfix on 0.3.1.1-alpha.
|
||||||
|
|
||||||
|
o Minor features (bridge authority):
|
||||||
|
- Add "fingerprint" lines to the networkstatus-bridges file produced
|
||||||
|
by bridge authorities. Closes ticket 22207.
|
||||||
|
|
||||||
|
o Minor features (directory cache, consensus diff):
|
||||||
|
- Add a new MaxConsensusAgeForDiffs option to allow directory cache
|
||||||
|
operators with low-resource environments to adjust the number of
|
||||||
|
consensuses they'll store and generate diffs from. Most cache
|
||||||
|
operators should leave it unchanged. Helps to work around
|
||||||
|
bug 22883.
|
||||||
|
|
||||||
|
o Minor features (geoip):
|
||||||
|
- Update geoip and geoip6 to the July 4 2017 Maxmind GeoLite2
|
||||||
|
Country database.
|
||||||
|
|
||||||
|
o Minor features (relay, performance):
|
||||||
|
- Always start relays with at least two worker threads, to prevent
|
||||||
|
priority inversion on slow tasks. Part of the fix for bug 22883.
|
||||||
|
- Allow background work to be queued with different priorities, so
|
||||||
|
that a big pile of slow low-priority jobs will not starve out
|
||||||
|
higher priority jobs. This lays the groundwork for a fix for
|
||||||
|
bug 22883.
|
||||||
|
|
||||||
|
o Minor bugfixes (build system, rust):
|
||||||
|
- Fix a problem where Rust toolchains were not being found when
|
||||||
|
building without --enable-cargo-online-mode, due to setting the
|
||||||
|
$HOME environment variable instead of $CARGO_HOME. Fixes bug
|
||||||
|
22830; bugfix on 0.3.1.1-alpha. Fix by Chelsea Komlo.
|
||||||
|
|
||||||
|
o Minor bugfixes (compatibility, zstd):
|
||||||
|
- Write zstd epilogues correctly when the epilogue requires
|
||||||
|
reallocation of the output buffer, even with zstd 1.3.0.
|
||||||
|
(Previously, we worked on 1.2.0 and failed with 1.3.0). Fixes bug
|
||||||
|
22927; bugfix on 0.3.1.1-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (compilation warnings):
|
||||||
|
- Suppress -Wdouble-promotion warnings with clang 4.0. Fixes bug
|
||||||
|
22915; bugfix on 0.2.8.1-alpha.
|
||||||
|
- Fix warnings when building with libscrypt and openssl scrypt
|
||||||
|
support on Clang. Fixes bug 22916; bugfix on 0.2.7.2-alpha.
|
||||||
|
- Compile correctly when both openssl 1.1.0 and libscrypt are
|
||||||
|
detected. Previously this would cause an error. Fixes bug 22892;
|
||||||
|
bugfix on 0.3.1.1-alpha.
|
||||||
|
- When building with certain versions of the mingw C header files,
|
||||||
|
avoid float-conversion warnings when calling the C functions
|
||||||
|
isfinite(), isnan(), and signbit(). Fixes bug 22801; bugfix
|
||||||
|
on 0.2.8.1-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (coverity build support):
|
||||||
|
- Avoid Coverity build warnings related to our BUG() macro. By
|
||||||
|
default, Coverity treats BUG() as the Linux kernel does: an
|
||||||
|
instant abort(). We need to override that so our BUG() macro
|
||||||
|
doesn't prevent Coverity from analyzing functions that use it.
|
||||||
|
Fixes bug 23030; bugfix on 0.2.9.1-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (directory authority):
|
||||||
|
- When a directory authority rejects a descriptor or extrainfo with
|
||||||
|
a given digest, mark that digest as undownloadable, so that we do
|
||||||
|
not attempt to download it again over and over. We previously
|
||||||
|
tried to avoid downloading such descriptors by other means, but we
|
||||||
|
didn't notice if we accidentally downloaded one anyway. This
|
||||||
|
behavior became problematic in 0.2.7.2-alpha, when authorities
|
||||||
|
began pinning Ed25519 keys. Fixes bug 22349; bugfix
|
||||||
|
on 0.2.1.19-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (error reporting, windows):
|
||||||
|
- When formatting Windows error messages, use the English format to
|
||||||
|
avoid codepage issues. Fixes bug 22520; bugfix on 0.1.2.8-alpha.
|
||||||
|
Patch from "Vort".
|
||||||
|
|
||||||
|
o Minor bugfixes (file limits, osx):
|
||||||
|
- When setting the maximum number of connections allowed by the OS,
|
||||||
|
always allow some extra file descriptors for other files. Fixes
|
||||||
|
bug 22797; bugfix on 0.2.0.10-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (linux seccomp2 sandbox):
|
||||||
|
- Avoid a sandbox failure when trying to re-bind to a socket and
|
||||||
|
mark it as IPv6-only. Fixes bug 20247; bugfix on 0.2.5.1-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (memory leaks):
|
||||||
|
- Fix a small memory leak when validating a configuration that uses
|
||||||
|
two or more AF_UNIX sockets for the same port type. Fixes bug
|
||||||
|
23053; bugfix on 0.2.6.3-alpha. This is CID 1415725.
|
||||||
|
|
||||||
|
o Minor bugfixes (unit tests):
|
||||||
|
- test_consdiff_base64cmp would fail on OS X because while OS X
|
||||||
|
follows the standard of (less than zero/zero/greater than zero),
|
||||||
|
it doesn't follow the convention of (-1/0/+1). Make the test
|
||||||
|
comply with the standard. Fixes bug 22870; bugfix on 0.3.1.1-alpha.
|
||||||
|
- Fix a memory leak in the link-handshake/certs_ok_ed25519 test.
|
||||||
|
Fixes bug 22803; bugfix on 0.3.0.1-alpha.
|
||||||
|
|
||||||
|
|
||||||
|
Changes in version 0.3.1.4-alpha - 2017-06-29
|
||||||
|
Tor 0.3.1.4-alpha fixes a path selection bug that would allow a client
|
||||||
|
to use a guard that was in the same network family as a chosen exit
|
||||||
|
relay. This is a security regression; all clients running earlier
|
||||||
|
versions of 0.3.0.x or 0.3.1.x should upgrade to 0.3.0.9
|
||||||
|
or 0.3.1.4-alpha.
|
||||||
|
|
||||||
|
This release also fixes several other bugs introduced in 0.3.0.x
|
||||||
|
and 0.3.1.x, including others that can affect bandwidth usage
|
||||||
|
and correctness.
|
||||||
|
|
||||||
|
o New dependencies:
|
||||||
|
- To build with zstd and lzma support, Tor now requires the
|
||||||
|
pkg-config tool at build time. (This requirement was new in
|
||||||
|
0.3.1.1-alpha, but was not noted at the time. Noting it here to
|
||||||
|
close ticket 22623.)
|
||||||
|
|
||||||
|
o Major bugfixes (path selection, security):
|
||||||
|
- When choosing which guard to use for a circuit, avoid the exit's
|
||||||
|
family along with the exit itself. Previously, the new guard
|
||||||
|
selection logic avoided the exit, but did not consider its family.
|
||||||
|
Fixes bug 22753; bugfix on 0.3.0.1-alpha. Tracked as TROVE-2017-
|
||||||
|
006 and CVE-2017-0377.
|
||||||
|
|
||||||
|
o Major bugfixes (compression, zstd):
|
||||||
|
- Correctly detect a full buffer when decompressing a large zstd-
|
||||||
|
compressed input. Previously, we would sometimes treat a full
|
||||||
|
buffer as an error. Fixes bug 22628; bugfix on 0.3.1.1-alpha.
|
||||||
|
|
||||||
|
o Major bugfixes (directory protocol):
|
||||||
|
- Ensure that we send "304 Not modified" as HTTP status code when a
|
||||||
|
client is attempting to fetch a consensus or consensus diff, and
|
||||||
|
the best one we can send them is one they already have. Fixes bug
|
||||||
|
22702; bugfix on 0.3.1.1-alpha.
|
||||||
|
|
||||||
|
o Major bugfixes (entry guards):
|
||||||
|
- When starting with an old consensus, do not add new entry guards
|
||||||
|
unless the consensus is "reasonably live" (under 1 day old). Fixes
|
||||||
|
one root cause of bug 22400; bugfix on 0.3.0.1-alpha.
|
||||||
|
|
||||||
|
o Minor features (bug mitigation, diagnostics, logging):
|
||||||
|
- Avoid an assertion failure, and log a better error message, when
|
||||||
|
unable to remove a file from the consensus cache on Windows.
|
||||||
|
Attempts to mitigate and diagnose bug 22752.
|
||||||
|
|
||||||
|
o Minor features (geoip):
|
||||||
|
- Update geoip and geoip6 to the June 8 2017 Maxmind GeoLite2
|
||||||
|
Country database.
|
||||||
|
|
||||||
|
o Minor bugfixes (compression):
|
||||||
|
- When compressing or decompressing a buffer, check for a failure to
|
||||||
|
create a compression object. Fixes bug 22626; bugfix
|
||||||
|
on 0.3.1.1-alpha.
|
||||||
|
- When decompressing a buffer, check for extra data after the end of
|
||||||
|
the compressed data. Fixes bug 22629; bugfix on 0.3.1.1-alpha.
|
||||||
|
- When decompressing an object received over an anonymous directory
|
||||||
|
connection, if we have already decompressed it using an acceptable
|
||||||
|
compression method, do not reject it for looking like an
|
||||||
|
unacceptable compression method. Fixes part of bug 22670; bugfix
|
||||||
|
on 0.3.1.1-alpha.
|
||||||
|
- When serving directory votes compressed with zlib, do not claim to
|
||||||
|
have compressed them with zstd. Fixes bug 22669; bugfix
|
||||||
|
on 0.3.1.1-alpha.
|
||||||
|
- When spooling compressed data to an output buffer, don't try to
|
||||||
|
spool more data when there is no more data to spool and we are not
|
||||||
|
trying to flush the input. Previously, we would sometimes launch
|
||||||
|
compression requests with nothing to do, which interferes with our
|
||||||
|
22672 checks. Fixes bug 22719; bugfix on 0.2.0.16-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (defensive programming):
|
||||||
|
- Detect and break out of infinite loops in our compression code. We
|
||||||
|
don't think that any such loops exist now, but it's best to be
|
||||||
|
safe. Closes ticket 22672.
|
||||||
|
- Fix a memset() off the end of an array when packing cells. This
|
||||||
|
bug should be harmless in practice, since the corrupted bytes are
|
||||||
|
still in the same structure, and are always padding bytes,
|
||||||
|
ignored, or immediately overwritten, depending on compiler
|
||||||
|
behavior. Nevertheless, because the memset()'s purpose is to make
|
||||||
|
sure that any other cell-handling bugs can't expose bytes to the
|
||||||
|
network, we need to fix it. Fixes bug 22737; bugfix on
|
||||||
|
0.2.4.11-alpha. Fixes CID 1401591.
|
||||||
|
|
||||||
|
o Minor bugfixes (linux seccomp2 sandbox):
|
||||||
|
- Permit the fchmod system call, to avoid crashing on startup when
|
||||||
|
starting with the seccomp2 sandbox and an unexpected set of
|
||||||
|
permissions on the data directory or its contents. Fixes bug
|
||||||
|
22516; bugfix on 0.2.5.4-alpha.
|
||||||
|
- Fix a crash in the LZMA module, when the sandbox was enabled, and
|
||||||
|
liblzma would allocate more than 16 MB of memory. We solve this by
|
||||||
|
bumping the mprotect() limit in the sandbox module from 16 MB to
|
||||||
|
20 MB. Fixes bug 22751; bugfix on 0.3.1.1-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (logging):
|
||||||
|
- When decompressing, do not warn if we fail to decompress using a
|
||||||
|
compression method that we merely guessed. Fixes part of bug
|
||||||
|
22670; bugfix on 0.1.1.14-alpha.
|
||||||
|
- When decompressing, treat mismatch between content-encoding and
|
||||||
|
actual compression type as a protocol warning. Fixes part of bug
|
||||||
|
22670; bugfix on 0.1.1.9-alpha.
|
||||||
|
- Downgrade "assigned_to_cpuworker failed" message to info-level
|
||||||
|
severity. In every case that can reach it, either a better warning
|
||||||
|
has already been logged, or no warning is warranted. Fixes bug
|
||||||
|
22356; bugfix on 0.2.6.3-alpha.
|
||||||
|
- Demote a warn that was caused by libevent delays to info if
|
||||||
|
netflow padding is less than 4.5 seconds late, or to notice
|
||||||
|
if it is more (4.5 seconds is the amount of time that a netflow
|
||||||
|
record might be emitted after, if we chose the maximum timeout).
|
||||||
|
Fixes bug 22212; bugfix on 0.3.1.1-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (process behavior):
|
||||||
|
- When exiting because of an error, always exit with a nonzero exit
|
||||||
|
status. Previously, we would fail to report an error in our exit
|
||||||
|
status in cases related to __OwningControllerProcess failure,
|
||||||
|
lockfile contention, and Ed25519 key initialization. Fixes bug
|
||||||
|
22720; bugfix on versions 0.2.1.6-alpha, 0.2.2.28-beta, and
|
||||||
|
0.2.7.2-alpha respectively. Reported by "f55jwk4f"; patch
|
||||||
|
from "huyvq".
|
||||||
|
|
||||||
|
o Documentation:
|
||||||
|
- Add a manpage description for the key-pinning-journal file. Closes
|
||||||
|
ticket 22347.
|
||||||
|
- Correctly note that bandwidth accounting values are stored in the
|
||||||
|
state file, and the bw_accounting file is now obsolete. Closes
|
||||||
|
ticket 16082.
|
||||||
|
- Document more of the files in the Tor data directory, including
|
||||||
|
cached-extrainfo, secret_onion_key{,_ntor}.old, hidserv-stats,
|
||||||
|
approved-routers, sr-random, and diff-cache. Found while fixing
|
||||||
|
ticket 22347.
|
||||||
|
|
||||||
|
|
||||||
Changes in version 0.3.1.3-alpha - 2017-06-08
|
Changes in version 0.3.1.3-alpha - 2017-06-08
|
||||||
Tor 0.3.1.3-alpha fixes a pair of bugs that would allow an attacker to
|
Tor 0.3.1.3-alpha fixes a pair of bugs that would allow an attacker to
|
||||||
remotely crash a hidden service with an assertion failure. Anyone
|
remotely crash a hidden service with an assertion failure. Anyone
|
||||||
|
|
1037
ReleaseNotes
1037
ReleaseNotes
File diff suppressed because it is too large
Load Diff
|
@ -1,4 +0,0 @@
|
||||||
o Minor features (directory authority):
|
|
||||||
- Add an IPv6 address for the "bastet" directory authority.
|
|
||||||
Closes ticket 24394.
|
|
||||||
|
|
|
@ -1,4 +0,0 @@
|
||||||
o Minor bugfixes (compilation):
|
|
||||||
- Avoid compiler warnings in the unit tests for running tor_sscanf()
|
|
||||||
with wide string outputs. Fixes bug 15582; bugfix on 0.2.6.2-alpha.
|
|
||||||
|
|
|
@ -1,4 +0,0 @@
|
||||||
o Documentation:
|
|
||||||
- Correctly note that bandwidth accounting values are stored in the
|
|
||||||
state file, and the bw_accounting file is now obsolete. Closes
|
|
||||||
ticket 16082.
|
|
|
@ -1,6 +0,0 @@
|
||||||
o Minor features (defensive programming):
|
|
||||||
- Create a pair of consensus parameters nf_pad_tor2web and
|
|
||||||
nf_pad_single_onion that allow us to disable netflow padding in the
|
|
||||||
consensus for non-anonymous connections, in case the overhead is high.
|
|
||||||
Closes #17857.
|
|
||||||
|
|
|
@ -1,6 +0,0 @@
|
||||||
o Minor features (bridge):
|
|
||||||
- Bridges now include notice in their descriptors that they are bridges,
|
|
||||||
and notice of their distribution status, based on their publication
|
|
||||||
settings. Implements ticket 18329. For more fine-grained control of
|
|
||||||
how a bridge is distributed, upgrade to 0.3.2.x or later.
|
|
||||||
|
|
|
@ -1,7 +0,0 @@
|
||||||
o Minor bugfixes (robustness, error handling):
|
|
||||||
- Improve our handling of the cases where OpenSSL encounters a
|
|
||||||
memory error while encoding keys and certificates. We haven't
|
|
||||||
observed these happening in the wild, but if they do happen,
|
|
||||||
we now detect and respond better. Fixes bug 19418; bugfix
|
|
||||||
on all versions of Tor. Reported by Guido Vranken.
|
|
||||||
|
|
|
@ -1,4 +0,0 @@
|
||||||
o Minor bugfixes (linux seccomp2 sandbox):
|
|
||||||
- Avoid a sandbox failure when trying to re-bind to a socket and mark
|
|
||||||
it as IPv6-only. Fixes bug 20247; bugfix on 0.2.5.1-alpha.
|
|
||||||
|
|
|
@ -1,4 +0,0 @@
|
||||||
o Minor bugfixes (portability):
|
|
||||||
- Don't exit the Tor process if setrlimit() fails to change the file
|
|
||||||
limit (which can happen sometimes on some versions of OSX). Fixes
|
|
||||||
bug 21074; bugfix on 0.0.9pre5.
|
|
|
@ -1,9 +0,0 @@
|
||||||
o Major bugfixes (Exit nodes):
|
|
||||||
- Fix an issue causing high-bandwidth exit nodes to fail a majority
|
|
||||||
or all of their DNS requests, making them basically unsuitable for
|
|
||||||
regular usage in Tor circuits. The problem is related to
|
|
||||||
libevent's DNS handling, but we can work around it in Tor. Fixes
|
|
||||||
bugs 21394 and 18580; bugfix on 0.1.2.2-alpha which introduced
|
|
||||||
eventdns. Credit goes to Dhalgren for identifying and finding a
|
|
||||||
workaround to this bug and to gamambel, arthuredelstein and
|
|
||||||
arma in helping to track it down and analyze it.
|
|
|
@ -1,7 +0,0 @@
|
||||||
o Minor bugfixes (hidden service):
|
|
||||||
- A service is allowed to open a maximum number of circuits for a specific
|
|
||||||
period of time. That value was lower than it should be (8 vs 12) in the
|
|
||||||
normal case of 3 introduction points. Fixes bug 22159.; bugfix on
|
|
||||||
tor-0.3.0.5-rc.
|
|
||||||
- Rate limit the log if we ever go above the maximum number of allowed
|
|
||||||
intro circuits. Fixes bug 22159.; bugfix on tor-0.3.1.1-alpha.
|
|
|
@ -1,5 +0,0 @@
|
||||||
o Minor bugfixes (netflow padding logging):
|
|
||||||
- Demote a warn that was caused by libevent delays to info if
|
|
||||||
the padding is less than 4.5 seconds late, or notice if it is more
|
|
||||||
(4.5 seconds is the amount of time that a netflow record might
|
|
||||||
be emitted after, if we chose the maximum timeout). Fixes bug #22212.
|
|
|
@ -1,3 +0,0 @@
|
||||||
o Minor features (tests):
|
|
||||||
- Add a couple more tests for compression backend initialization.
|
|
||||||
Closes ticket 22286.
|
|
|
@ -1,2 +0,0 @@
|
||||||
o Documentation:
|
|
||||||
- Add a manpage description for the key-pinning-journal file.
|
|
|
@ -1,9 +0,0 @@
|
||||||
o Minor bugfixes (directory authority):
|
|
||||||
- When a directory authority rejects a descriptor or extrainfo with
|
|
||||||
a given digest, mark that digest as undownloadable, so that we
|
|
||||||
do not attempt to download it again over and over. We previously
|
|
||||||
tried to avoid downloading such descriptors by other means, but
|
|
||||||
we didn't notice if we accidentally downloaded one anyway. This
|
|
||||||
behavior became problematic in 0.2.7.2-alpha, when authorities
|
|
||||||
began pinning Ed25519 keys. Fixes ticket
|
|
||||||
22349; bugfix on 0.2.1.19-alpha.
|
|
|
@ -1,5 +0,0 @@
|
||||||
o Minor bugfixes (logging, relay):
|
|
||||||
- Downgrade "assigned_to_cpuworker failed" message to INFO-level
|
|
||||||
severity. In every case that can reach it, either a better warning
|
|
||||||
has already been logged, or no warning is warranted. Fixes bug 22356;
|
|
||||||
bugfix on 0.2.6.3-alpha.
|
|
|
@ -1,4 +0,0 @@
|
||||||
o Major bugfixes (entry guards):
|
|
||||||
- When starting with an old consensus, do not add new entry guards
|
|
||||||
unless the consensus is "reasonably live" (under 1 day old). Fixes
|
|
||||||
one root cause of bug 22400; bugfix on 0.3.0.1-alpha.
|
|
|
@ -1,4 +0,0 @@
|
||||||
o Minor features (code style, backport from 0.3.1.3-alpha):
|
|
||||||
- Add "Falls through" comments to our codebase, in order to silence
|
|
||||||
GCC 7's -Wimplicit-fallthrough warnings. Patch from Andreas
|
|
||||||
Stieger. Closes ticket 22446.
|
|
|
@ -1,12 +0,0 @@
|
||||||
o Major bugfixes (compression, zstd):
|
|
||||||
- Correctly detect a full buffer when decompessing a large
|
|
||||||
zstd-compressed input. Fixes bug 22628; bugfix on 0.3.1.1-alpha.
|
|
||||||
|
|
||||||
o Minor bugfixes (compression):
|
|
||||||
- When compressing or decompressing a buffer, check for a failure to
|
|
||||||
create a compression object. Fixes bug 22626; bugfix on
|
|
||||||
0.3.1.1-alpha.
|
|
||||||
|
|
||||||
- When decompressing a buffer, check for extra data after the end of
|
|
||||||
the compressed data. Fixes bug 22629; bugfix on 0.3.1.1-alpha.
|
|
||||||
|
|
|
@ -1,5 +0,0 @@
|
||||||
o Minor bugfixes (linux seccomp2 sandbox):
|
|
||||||
- Permit the fchmod system call, to avoid crashing on startup when
|
|
||||||
starting with the seccomp2 sandbox and an unexpected set of permissions
|
|
||||||
on the data directory or its contents. Fixes bug 22516; bugfix on
|
|
||||||
0.2.5.4-alpha.
|
|
|
@ -1,5 +0,0 @@
|
||||||
o Minor bugfixes (error reporting, windows):
|
|
||||||
- When formatting Windows error messages, use the English format
|
|
||||||
to avoid codepage issues. Fixes bug 22520; bugfix on
|
|
||||||
0.1.2.8-alpha. Patch from "Vort".
|
|
||||||
|
|
|
@ -1,8 +0,0 @@
|
||||||
o Build features:
|
|
||||||
- Tor's repository now includes a Travis Continuous Integration (CI)
|
|
||||||
configuration file (.travis.yml). This is meant to help new developers and
|
|
||||||
contributors who fork Tor to a Github repository be better able to test
|
|
||||||
their changes, and understand what we expect to pass. To use this new build
|
|
||||||
feature, you must fork Tor to your Github account, then go into the
|
|
||||||
"Integrations" menu in the repository settings for your fork and enable
|
|
||||||
Travis, then push your changes.
|
|
|
@ -1,5 +0,0 @@
|
||||||
o Minor bugfixes (controller):
|
|
||||||
- Do not crash when receiving a POSTDESCRIPTOR command with an
|
|
||||||
empty body. Fixes part of bug 22644; bugfix on 0.2.0.1-alpha.
|
|
||||||
- Do not crash when receiving a HSPOST command with an empty body.
|
|
||||||
Fixes part of bug 22644; bugfix on 0.2.7.1-alpha.
|
|
|
@ -1,4 +0,0 @@
|
||||||
o Minor bugfixes (compression):
|
|
||||||
- When serving directory votes compressed with zlib,
|
|
||||||
do not claim to have compressed them with zstd. Fixes bug 22669;
|
|
||||||
bugfix on 0.3.1.1-alpha.
|
|
|
@ -1,4 +0,0 @@
|
||||||
o Minor bugfixes (logging, compression):
|
|
||||||
- When decompressing, do not warn if we fail to decompress using a
|
|
||||||
compression method that we merely guessed. Fixes part of
|
|
||||||
bug 22670; bugfix on 0.1.1.14-alpha.
|
|
|
@ -1,4 +0,0 @@
|
||||||
o Minor bugfixes (logging, compression):
|
|
||||||
- When decompressing, treat mismatch between content-encoding and
|
|
||||||
actual compression type as a protocol warning. Fixes part of bug
|
|
||||||
22670; bugfix on 0.1.1.9-alpha.
|
|
|
@ -1,6 +0,0 @@
|
||||||
o Minor bugfixes (compression):
|
|
||||||
- When decompressing an object received over an anonymous directory
|
|
||||||
connection, if we have already successfully decompressed it using an
|
|
||||||
acceptable compression method, do not reject it for looking like an
|
|
||||||
unacceptable compression method. Fixes part of bug 22670; bugfix on
|
|
||||||
0.3.1.1-alpha.
|
|
|
@ -1,5 +0,0 @@
|
||||||
o Minor features (compression, defensive programming):
|
|
||||||
- Detect and break out of infinite loops in our compression code.
|
|
||||||
We don't think that any such loops exist now, but it's best to be
|
|
||||||
safe. Closes ticket 22672.
|
|
||||||
|
|
|
@ -1,5 +0,0 @@
|
||||||
o Major bugfixes (directory protocol):
|
|
||||||
- Ensure that we sent "304 Not modified" as HTTP status code when a
|
|
||||||
client is attempting to fetch a consensus or consensus diff that
|
|
||||||
matches the latest consensus we have available. Fixes bug 22702;
|
|
||||||
bugfix on 0.3.1.1-alpha.
|
|
|
@ -1,7 +0,0 @@
|
||||||
o Minor bugfixes (compression):
|
|
||||||
- When spooling compressed data to an output buffer, don't try to
|
|
||||||
spool more data when there is no more data to spool and we are
|
|
||||||
not trying to flush the input. Previously, we would sometimes
|
|
||||||
launch compression requests with nothing to do, which interferes
|
|
||||||
with our 22672 checks. Fixes bug 22719; bugfix on 0.2.0.16-alpha.
|
|
||||||
|
|
|
@ -1,9 +0,0 @@
|
||||||
o Minor bugfixes (process behavior):
|
|
||||||
- When exiting because of an error, always exit with a nonzero
|
|
||||||
exit status. Previously, we would fail to report an error in
|
|
||||||
our exit status in cases related to lockfile contention,
|
|
||||||
__OwningControllerProcess failure, and Ed25519 key
|
|
||||||
initialization. Fixes bug 22720; bugfix on versions
|
|
||||||
0.2.1.6-alpha, 0.2.2.28-beta, and 0.2.7.2-alpha
|
|
||||||
respectively. Reported by "f55jwk4f"; patch from "huyvq".
|
|
||||||
|
|
|
@ -1,12 +0,0 @@
|
||||||
o Minor bugfixes (defensive programming, undefined behavior):
|
|
||||||
|
|
||||||
- Fix a memset() off the end of an array when packing cells. This
|
|
||||||
bug should be harmless in practice, since the corrupted bytes
|
|
||||||
are still in the same structure, and are always padding bytes,
|
|
||||||
ignored, or immediately overwritten, depending on compiler
|
|
||||||
behavior. Nevertheless, because the memset()'s purpose is to
|
|
||||||
make sure that any other cell-handling bugs can't expose bytes
|
|
||||||
to the network, we need to fix it. Fixes bug 22737; bugfix on
|
|
||||||
0.2.4.11-alpha. Fixes CID 1401591.
|
|
||||||
|
|
||||||
|
|
|
@ -1,5 +0,0 @@
|
||||||
o Major bugfixes (compression):
|
|
||||||
- Fix crash in LZMA module, when the Sandbox is enabled, where
|
|
||||||
liblzma would allocate more than 16 MB of memory. We solve this
|
|
||||||
by bumping the mprotect() limit in the Sandbox module from 16 MB
|
|
||||||
to 20 MB. Fixes bug 22751; bugfix on 0.3.1.1-alpha.
|
|
|
@ -1,6 +0,0 @@
|
||||||
o Major bugfixes (windows, directory cache):
|
|
||||||
- On windows, do not try to delete cached consensus documents and
|
|
||||||
diffs, until they unmapped from memory. Allow the diff storage
|
|
||||||
directory to grow larger in order to handle files that might
|
|
||||||
need to stay around longer. Fixes bug 22752; bugfix on
|
|
||||||
0.3.1.1-alpha.
|
|
|
@ -1,7 +0,0 @@
|
||||||
o Major bugfixes (path selection, security):
|
|
||||||
- When choosing which guard to use for a circuit, avoid the
|
|
||||||
exit's family along with the exit itself. Previously, the new
|
|
||||||
guard selection logic avoided the exit, but did not consider
|
|
||||||
its family. Fixes bug 22753; bugfix on 0.3.0.1-alpha. Tracked
|
|
||||||
as TROVE-2016-006 and CVE-2017-0377.
|
|
||||||
|
|
|
@ -1,7 +0,0 @@
|
||||||
o Major bugfixes (openbsd, denial-of-service):
|
|
||||||
- Avoid an assertion failure bug affecting our implementation of
|
|
||||||
inet_pton(AF_INET6) on certain OpenBSD systems whose strtol()
|
|
||||||
handling of "0xfoo" differs from what we had expected.
|
|
||||||
Fixes bug 22789; bugfix on 0.2.3.8-alpha. Also tracked as
|
|
||||||
TROVE-2017-007.
|
|
||||||
|
|
|
@ -1,4 +0,0 @@
|
||||||
o Minor bugfixes (file limits):
|
|
||||||
- When setting the maximum number of connections allowed by the OS,
|
|
||||||
always allow some extra file descriptors for other files.
|
|
||||||
Fixes bug 22797; bugfix on 0.2.0.10-alpha.
|
|
|
@ -1,5 +0,0 @@
|
||||||
o Minor bugfixes (compilation):
|
|
||||||
- When building with certain versions the mingw C header files, avoid
|
|
||||||
float-conversion warnings when calling the C functions isfinite(),
|
|
||||||
isnan(), and signbit(). Fixes bug 22801; bugfix on 0.2.8.1-alpha.
|
|
||||||
|
|
|
@ -1,3 +0,0 @@
|
||||||
o Minor bugfixes (unit tests):
|
|
||||||
- Fix a memory leak in the link-handshake/certs_ok_ed25519 test.
|
|
||||||
Fixes bug 22803; bugfix on 0.3.0.1-alpha.
|
|
|
@ -1,5 +0,0 @@
|
||||||
o Minor bugfixes:
|
|
||||||
- Fix a problem with Rust toolchains not being found when building
|
|
||||||
without --enable-cargo-online-mode, due to setting the $HOME
|
|
||||||
environment variable instead of $CARGO_HOME. Fixes bug 22830;
|
|
||||||
fix by Chelsea Komlo. Bugfix on 0.3.1.1-alpha.
|
|
|
@ -1,7 +0,0 @@
|
||||||
o Minor features (directory cache, consensus diff):
|
|
||||||
- Add a new MaxConsensusAgeForDiffs option to allow directory cache
|
|
||||||
operators with low-resource environments to adjust the number of
|
|
||||||
consensuses they'll store and generate diffs from. Most cache operators
|
|
||||||
should leave it unchanged. Helps to work around bug 22883.
|
|
||||||
|
|
||||||
|
|
|
@ -1,8 +0,0 @@
|
||||||
o Major bugfixes (relay, performance):
|
|
||||||
|
|
||||||
- Perform circuit handshake operations at a higher priority than we use
|
|
||||||
for consensus diff creation and compression. This should prevent
|
|
||||||
circuits from starving when a relay or bridge receive a new consensus,
|
|
||||||
especially on lower-powered machines. Fixes bug 22883; bugfix on
|
|
||||||
0.3.1.1-alpha.
|
|
||||||
|
|
|
@ -1,4 +0,0 @@
|
||||||
o Minor bugfixes (compilation):
|
|
||||||
- Compile correctly when both openssl 1.1.0 and libscrypt are detected.
|
|
||||||
Previously this would cause an error. Fixes bug 22892; bugfix on
|
|
||||||
0.3.1.1-alpha.
|
|
|
@ -1,3 +0,0 @@
|
||||||
o Minor bugfixes (compilation warnings):
|
|
||||||
- Suppress -Wdouble-promotion warnings with clang 4.0. Fixes bug 22915;
|
|
||||||
bugfix on 0.2.8.1-alpha.
|
|
|
@ -1,3 +0,0 @@
|
||||||
o Minor bugfixes (Compilation):
|
|
||||||
- Fix warnings when building with libscrypt and openssl scrypt support
|
|
||||||
on Clang. Fixes bug 22916; bugfix on 0.2.7.2-alpha.
|
|
|
@ -1,6 +0,0 @@
|
||||||
o Minor bugfixes (compatibility, zstd):
|
|
||||||
- Write zstd epilogues correctly when the epilogue requires reallocation
|
|
||||||
of the output buffer, even with zstd 1.3.0. (Previously,
|
|
||||||
we worked on 1.2.0 and failed with 1.3.0). Fixes bug 22927; bugfix on
|
|
||||||
0.3.1.1-alpha.
|
|
||||||
|
|
|
@ -1,7 +0,0 @@
|
||||||
o Minor bugfixes (coverity builds):
|
|
||||||
- Avoid Coverity build warnings related to our BUG() macro. By
|
|
||||||
default, Coverity treats BUG() as the Linux kernel does: an
|
|
||||||
instant abort(). We need to override that so our BUG() macro
|
|
||||||
doesn't prevent Coverity from analyzing functions that use it.
|
|
||||||
Fixes bug 23030; bugfix on 0.2.9.1-alpha.
|
|
||||||
|
|
|
@ -1,5 +0,0 @@
|
||||||
o Minor bugfixes (memory leak):
|
|
||||||
- Fix a small memory leak when validating a configuration that
|
|
||||||
uses two or more AF_UNIX sockets for the same port type.
|
|
||||||
Fixes bug 23053; bugfix on 0.2.6.3-alpha. This is CID
|
|
||||||
1415725.
|
|
|
@ -1,5 +0,0 @@
|
||||||
o Minor bugfixes (tests):
|
|
||||||
- Port the hs_ntor handshake test to work correctly with recent
|
|
||||||
versions of the pysha3 module. Fixes bug 23071; bugfix on
|
|
||||||
0.3.1.1-alpha.
|
|
||||||
|
|
|
@ -1,4 +0,0 @@
|
||||||
o Minor bugfixes (unit tests):
|
|
||||||
- Fix a channelpadding unit test failure on extremely slow systems
|
|
||||||
by using mocked time instead of actual time. Fixes bug 23077; bugfix on
|
|
||||||
0.3.1.1-alpha.
|
|
|
@ -1,7 +0,0 @@
|
||||||
o Minor bugfixes (logging, relay):
|
|
||||||
- Remove a log_warn() that has been forgotten when an introduction point
|
|
||||||
successfully established a hidden service prop224 circuit with a client.
|
|
||||||
- Three other log_warn() for an introduction point have been changed to
|
|
||||||
protocol warning because they can be failure from the network and are
|
|
||||||
not relevant to the operator. Fixes bug 23078; bugfix on
|
|
||||||
tor-0.3.0.1-alpha and tor-0.3.0.2-alpha.
|
|
|
@ -1,8 +0,0 @@
|
||||||
o Minor bugfixes (Windows service):
|
|
||||||
- When running as a Windows service, set the ID of the main thread
|
|
||||||
correctly. Failure to do so made us fail to send log messages
|
|
||||||
to the controller in 0.2.1.16-rc, slowed down controller
|
|
||||||
event delivery in 0.2.7.3-rc and later, and crash with an assertion
|
|
||||||
failure in 0.3.1.1-alpha. Fixes bug 23081; bugfix on 0.2.1.6-alpha.
|
|
||||||
Patch and diagnosis from "Vort".
|
|
||||||
|
|
|
@ -1,4 +0,0 @@
|
||||||
o Minor features (diagnostic):
|
|
||||||
- Add a stack trace to the bug warnings that can be logged when
|
|
||||||
trying to send an outgoing relay cell with n_chan == 0.
|
|
||||||
Diagnostic attempt for bug 23105.
|
|
|
@ -1,3 +0,0 @@
|
||||||
o Minor bugfixes (directory cache):
|
|
||||||
- Fix a memory leak in the code that recovers space in the consensus
|
|
||||||
directory cache. Fixes bug 23139; bugfix on 0.3.1.1-alpha.
|
|
|
@ -1,4 +0,0 @@
|
||||||
o Minor bugfixes (stability):
|
|
||||||
- Avoid crashing on double-free when unable to load or process
|
|
||||||
an included file. Fixes bug 23155; bugfix on 0.3.1.1-alpha.
|
|
||||||
Found with the clang static analyzer.
|
|
|
@ -1,4 +0,0 @@
|
||||||
o Minor bugfixes (hidden service):
|
|
||||||
- Fix a BUG alert during HSv3 descriptor decoding that could trigger with a
|
|
||||||
specially crafted descriptor. Fixes bug #23233; bugfix on 0.3.0.1-alpha.
|
|
||||||
Bug found by "haxxpop".
|
|
|
@ -1,5 +0,0 @@
|
||||||
o Minor bugfixes (relay):
|
|
||||||
- When a relay is not running as a directory cache, it will no longer
|
|
||||||
generate compressed consensuses and consensus diff information.
|
|
||||||
Previously, this was a waste of disk and CPU. Fixes bug 23275;
|
|
||||||
bugfix on 0.3.1.1-alpha.
|
|
|
@ -1,3 +0,0 @@
|
||||||
o Minor bugfixes (testing):
|
|
||||||
- Fix an undersized buffer in test-memwipe.c. Fixes bug 23291; bugfix on
|
|
||||||
0.2.7.2-alpha. Found and patched by Ties Stuij.
|
|
|
@ -1,11 +0,0 @@
|
||||||
o Minor bugfixes (path selection):
|
|
||||||
- When selecting relays by bandwidth, avoid a rounding error that
|
|
||||||
could sometimes cause load to be imbalanced incorrectly. Previously,
|
|
||||||
we would always round upwards; now, we round towards the nearest
|
|
||||||
integer. This had the biggest effect when a relay's weight adjustments
|
|
||||||
should have given it weight 0, but it got weight 1 instead.
|
|
||||||
Fixes bug 23318; bugfix on 0.2.4.3-alpha.
|
|
||||||
- When calculating the fraction of nodes that have descriptors, and all
|
|
||||||
all nodes in the network have zero bandwidths, count the number of nodes
|
|
||||||
instead.
|
|
||||||
Fixes bug 23318; bugfix on 0.2.4.10-alpha.
|
|
|
@ -1,6 +0,0 @@
|
||||||
o Minor bugfix (relay address resolution):
|
|
||||||
- Avoid unnecessary calls to directory_fetches_from_authorities()
|
|
||||||
on relays. This avoids spurious address resolutions and
|
|
||||||
descriptor rebuilds. This is a mitigation for 21789. The original
|
|
||||||
bug was introduced in commit 35bbf2e as part of prop210.
|
|
||||||
Fixes 23470 in 0.2.8.1-alpha.
|
|
|
@ -1,4 +0,0 @@
|
||||||
o Minor bugfixes (relay):
|
|
||||||
- Inform the geoip and rephist modules about all requests, even
|
|
||||||
on relays that are only fetching microdescriptors. Fixes a bug related
|
|
||||||
to 21585; bugfix on 0.3.0.1-alpha.
|
|
|
@ -1,3 +0,0 @@
|
||||||
o Minor bugfixes (compression):
|
|
||||||
- Handle a pathological case when decompressing Zstandard data when the
|
|
||||||
output buffer size is zero. Fixes bug 23551; bugfix on 0.3.1.1-alpha.
|
|
|
@ -1,4 +0,0 @@
|
||||||
o Minor bugfixes (compilation):
|
|
||||||
- Fix a compilation warning when building with zstd support
|
|
||||||
on 32-bit platforms. Fixes bug 23568; bugfix on 0.3.1.1-alpha.
|
|
||||||
Found and fixed by Andreas Stieger.
|
|
|
@ -1,4 +0,0 @@
|
||||||
o Minor bugfixes (unit tests):
|
|
||||||
- Fix additional channelpadding unit test failures by using mocked time
|
|
||||||
instead of actual time for all tests. Fixes bug 23608;
|
|
||||||
bugfix on 0.3.1.1-alpha.
|
|
|
@ -1,4 +0,0 @@
|
||||||
o Minor bugfixes (hidden service, relay):
|
|
||||||
- Avoid a possible double close of a circuit by the intro point on error
|
|
||||||
of sending the INTRO_ESTABLISHED cell. Fixes ticket 23610; bugfix on
|
|
||||||
0.3.0.1-alpha.
|
|
|
@ -1,5 +0,0 @@
|
||||||
o Major bugfixes (relay, crash, assertion failure):
|
|
||||||
- Fix a timing-based assertion failure that could occur when the
|
|
||||||
circuit out-of-memory handler freed a connection's output buffer.
|
|
||||||
Fixes bug 23690; bugfix on 0.2.6.1-alpha.
|
|
||||||
|
|
|
@ -1,6 +0,0 @@
|
||||||
o Minor bugfixes (relay, crash):
|
|
||||||
- Avoid a crash when transitioning from client mode to bridge mode.
|
|
||||||
Previously, we would launch the worker threads whenever our "public
|
|
||||||
server" mode changed, but not when our "server" mode changed.
|
|
||||||
Fixes bug 23693; bugfix on 0.2.6.3-alpha.
|
|
||||||
|
|
|
@ -1,3 +0,0 @@
|
||||||
o Minor bugfixes (descriptors):
|
|
||||||
- Don't try fetching microdescriptors from relays that have failed to
|
|
||||||
deliver them in the past. Fixes bug 23817; bugfix on 0.3.0.1-alpha.
|
|
|
@ -1,5 +0,0 @@
|
||||||
o Minor bugfixes (entry guards):
|
|
||||||
- Tor now updates its guard state when it reads a consensus regardless of
|
|
||||||
whether it's missing descriptors. That makes tor use its primary guards
|
|
||||||
to fetch descriptors in some edge cases where it would have used fallback
|
|
||||||
directories in the past. Fixes bug 23862; bugfix on 0.3.0.1-alpha.
|
|
|
@ -1,3 +0,0 @@
|
||||||
o Minor bugfixes (memory safety):
|
|
||||||
- Clear the address when node_get_prim_orport() returns early.
|
|
||||||
Fixes bug 23874; bugfix on 0.2.8.2-alpha.
|
|
|
@ -1,3 +0,0 @@
|
||||||
o Minor bugfixes (directory authority, backport from 0.3.2.1-alpha):
|
|
||||||
- Remove the length limit on HTTP status lines that authorities can send
|
|
||||||
in their replies. Fixes bug 23499; bugfix on 0.3.1.6-rc.
|
|
|
@ -1,9 +0,0 @@
|
||||||
o Minor bugfixes (bootstrapping):
|
|
||||||
- Fetch descriptors aggressively whenever we lack enough
|
|
||||||
to build circuits, regardless of how many descriptors we are missing.
|
|
||||||
Previously, we would delay launching the fetch when we had fewer than
|
|
||||||
15 missing descriptors, even if some of those descriptors were
|
|
||||||
blocking circuits from building. Fixes bug 23985; bugfix on
|
|
||||||
0.1.1.11-alpha. The effects of this bug became worse in 0.3.0.3-alpha,
|
|
||||||
when we began treating missing descriptors from our primary guards
|
|
||||||
as a reason to delay circuits.
|
|
|
@ -1,7 +0,0 @@
|
||||||
o Minor bugfixes (directory cache):
|
|
||||||
- When a consensus diff calculation is only partially successful, only
|
|
||||||
record the successful parts as having succeeded. Partial success
|
|
||||||
can happen if (for example) one compression method fails but
|
|
||||||
the others succeed. Previously we misrecorded all the calculations as
|
|
||||||
having succeeded, which would later cause a nonfatal assertion failure.
|
|
||||||
Fixes bug 24086; bugfix on 0.3.1.1-alpha.
|
|
|
@ -1,4 +0,0 @@
|
||||||
o Minor bugfixes (directory cache):
|
|
||||||
- Recover better from empty or corrupt files in the consensus cache
|
|
||||||
directory. Fixes bug 24099; bugfix on 0.3.1.1-alpha.
|
|
||||||
|
|
|
@ -1,7 +0,0 @@
|
||||||
o Minor bugfixes (network layer):
|
|
||||||
- When closing a connection via close_connection_immediately(), we
|
|
||||||
mark it as "not blocked on bandwidth", to prevent later calls
|
|
||||||
from trying to unblock it, and give it permission to read. This
|
|
||||||
fixes a backtrace warning that can happen on relays under various
|
|
||||||
circumstances. Fixes bug 24167; bugfix on 0.1.0.1-rc.
|
|
||||||
|
|
|
@ -1,3 +0,0 @@
|
||||||
o Minor bugfixes (path selection):
|
|
||||||
- Actually log the total bandwidth in compute_weighted_bandwidths().
|
|
||||||
Fixes bug 24170; bugfix on 0.2.4.3-alpha.
|
|
|
@ -1,4 +0,0 @@
|
||||||
o Minor bugfixes (controller, linux seccomp2 sandbox):
|
|
||||||
- Avoid a crash when attempting to use the seccomp2 sandbox
|
|
||||||
together with the OwningControllerProcess feature.
|
|
||||||
Fixes bug 24198; bugfix on 0.2.5.1-alpha.
|
|
|
@ -1,3 +0,0 @@
|
||||||
o Minor bugfixes (hidden service):
|
|
||||||
- Fix the consensus parameter "hsdir-interval" to "hsdir_interval" so it
|
|
||||||
matches the dir-spec.txt. Fixes bug 24262; bugfix on 0.3.1.1-alpha.
|
|
|
@ -1,5 +0,0 @@
|
||||||
o Major bugfixes (security, hidden service v2):
|
|
||||||
- Fix a use-after-free error that could crash v2 Tor hidden services
|
|
||||||
when it failed to open circuits while expiring introductions
|
|
||||||
points. Fixes bug 24313; bugfix on 0.2.7.2-alpha. This
|
|
||||||
issue is also tracked as TROVE-2017-013 and CVE-2017-8823.
|
|
|
@ -1,3 +0,0 @@
|
||||||
o Minor bugfixes (compilation):
|
|
||||||
- Fix a signed/unsigned comparison warning introduced by our
|
|
||||||
fix to TROVE-2017-009. Fixes bug 24480; bugfix on 0.2.5.16.
|
|
|
@ -1,5 +0,0 @@
|
||||||
o Minor bugfixes (portability, msvc):
|
|
||||||
- Fix a bug in the bit-counting parts of our timing-wheel code on
|
|
||||||
MSVC. (Note that MSVC is still not a supported build platform,
|
|
||||||
due to cyptographic timing channel risks.) Fixes bug 24633;
|
|
||||||
bugfix on 0.2.9.1-alpha.
|
|
|
@ -1,7 +0,0 @@
|
||||||
o Minor bugfixes (memory usage):
|
|
||||||
|
|
||||||
- When queuing DESTROY cells on a channel, only queue the
|
|
||||||
circuit-id and reason fields: not the entire 514-byte
|
|
||||||
cell. This fix should help mitigate any bugs or attacks that
|
|
||||||
fill up these queues, and free more RAM for other uses. Fixes
|
|
||||||
bug 24666; bugfix on 0.2.5.1-alpha.
|
|
|
@ -1,6 +0,0 @@
|
||||||
o Minor bugfixes (address selection):
|
|
||||||
- When the fascist_firewall_choose_address_ functions don't find a
|
|
||||||
reachable address, set the returned address to the null address and port.
|
|
||||||
This is a precautionary measure, because some callers do not check the
|
|
||||||
return value.
|
|
||||||
Fixes bug 24736; bugfix on 0.2.8.2-alpha.
|
|
|
@ -1,4 +0,0 @@
|
||||||
o Minor bugfixes (performance, fragile-hardening):
|
|
||||||
- Improve the performance of our consensus-diff application code when Tor
|
|
||||||
is built with the --enable-fragile-hardening option set. Fixes bug
|
|
||||||
24826; bugfix on 0.3.1.1-alpha.
|
|
|
@ -1,4 +0,0 @@
|
||||||
o Minor bugfixes (logging):
|
|
||||||
- Don't treat inability to store a cached consensus object as a
|
|
||||||
bug: it can happen normally when we are out of disk space.
|
|
||||||
Fixes bug 24859; bugfix on 0.3.1.1-alpha.
|
|
|
@ -1,8 +0,0 @@
|
||||||
o Major bugfixes (onion services):
|
|
||||||
- Fix an "off by 2" error in counting rendezvous failures on the onion
|
|
||||||
service side. While we thought we would stop the rendezvous attempt
|
|
||||||
after one failed circuit, we were actually making three circuit attempts
|
|
||||||
before giving up. Now switch to a default of 2, and allow the consensus
|
|
||||||
parameter "hs_service_max_rdv_failures" to override. Fixes bug 24895;
|
|
||||||
bugfix on 0.0.6.
|
|
||||||
|
|
|
@ -1,8 +0,0 @@
|
||||||
o Major bugfixes (relays):
|
|
||||||
- Fix a set of false positives where relays would consider connections
|
|
||||||
to other relays as being client-only connections (and thus e.g.
|
|
||||||
deserving different link padding schemes) if those relays fell out
|
|
||||||
of the consensus briefly. Now we look only at the initial handshake
|
|
||||||
and whether the connection authenticated as a relay. Fixes bug
|
|
||||||
24898; bugfix on 0.3.1.1-alpha.
|
|
||||||
|
|
|
@ -1,6 +0,0 @@
|
||||||
o Minor bugfixes (relay):
|
|
||||||
- Make the internal channel_is_client() function look at what sort
|
|
||||||
of connection handshake the other side used, rather than whether
|
|
||||||
the other side ever sent a create_fast cell to us. Backports part
|
|
||||||
of the fixes from bugs 22805 and 24898.
|
|
||||||
|
|
|
@ -1,5 +0,0 @@
|
||||||
o Minor bugfix (channel connection):
|
|
||||||
- The accurate address of a connection is real_addr, not the addr member.
|
|
||||||
TLS Channel remote address is now real_addr content instead of addr
|
|
||||||
member. Fixes bug 24952; bugfix on 707c1e2e26 in 0.2.4.11-alpha.
|
|
||||||
Patch by "ffmancera".
|
|
|
@ -1,7 +0,0 @@
|
||||||
o Minor features (compatibility, OpenSSL):
|
|
||||||
- Tor will now support TLS1.3 once OpenSSL 1.1.1 is released.
|
|
||||||
Previous versions of Tor would not have worked with OpenSSL
|
|
||||||
1.1.1, since they neither disabled TLS 1.3 nor enabled any of the
|
|
||||||
ciphersuites it requires. Here we enable the TLS 1.3 ciphersuites.
|
|
||||||
Closes ticket 24978.
|
|
||||||
|
|
|
@ -1,3 +0,0 @@
|
||||||
o Major bugfixes (protocol versions):
|
|
||||||
- Add Link protocol version 5 to the supported protocols list.
|
|
||||||
Fixes bug 25070; bugfix on 0.3.1.1-alpha.
|
|
|
@ -1,4 +0,0 @@
|
||||||
o Minor bugfixes (DoS mitigation):
|
|
||||||
- Make sure we don't modify consensus parameters if we aren't a public
|
|
||||||
relay when a new consensus arrives. Fixes bug 25223; bugfix on
|
|
||||||
0.3.3.2-alpha.
|
|
|
@ -1,3 +0,0 @@
|
||||||
o Minor bugfixes (spec conformance):
|
|
||||||
- Forbid "-0" as a protocol version. Fixes part of bug 25249; bugfix on
|
|
||||||
0.2.9.4-alpha.
|
|
|
@ -1,3 +0,0 @@
|
||||||
o Minor bugfixes (spec conformance):
|
|
||||||
- Forbid UINT32_MAX as a protocol version. Fixes part of bug 25249;
|
|
||||||
bugfix on 0.2.9.4-alpha.
|
|
|
@ -1,6 +0,0 @@
|
||||||
o Minor bugfixes (logging, relay shutdown, annoyance):
|
|
||||||
- When a circuit is marked for close, do not attempt to package any cells
|
|
||||||
for channels on that circuit. Previously, we would detect this
|
|
||||||
condition lower in the call stack, when we noticed that the circuit had
|
|
||||||
no attached channel, and log an annoying message. Fixes bug 8185;
|
|
||||||
bugfix on 0.2.5.4-alpha.
|
|
|
@ -1,4 +0,0 @@
|
||||||
o Minor features (bug mitigation, diagnostics, logging):
|
|
||||||
- Avoid an assertion failure, and log a better error message,
|
|
||||||
when unable to remove a file from the consensus cache on
|
|
||||||
Windows. Attempts to mitigate and diagnose bug 22752.
|
|
|
@ -1,4 +0,0 @@
|
||||||
o Minor features (geoip):
|
|
||||||
- Update geoip and geoip6 to the November 6 2017 Maxmind GeoLite2
|
|
||||||
Country database.
|
|
||||||
|
|
|
@ -1,4 +0,0 @@
|
||||||
o Minor features (geoip):
|
|
||||||
- Update geoip and geoip6 to the December 6 2017 Maxmind GeoLite2
|
|
||||||
Country database.
|
|
||||||
|
|
|
@ -1,4 +0,0 @@
|
||||||
o Minor features (geoip):
|
|
||||||
- Update geoip and geoip6 to the January 5 2018 Maxmind GeoLite2
|
|
||||||
Country database.
|
|
||||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue