Newer
Older
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
2031
2032
2033
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
2060
2061
2062
2063
2064
2065
2066
2067
2068
2069
2070
2071
2072
2073
2074
2075
2076
2077
2078
2079
2080
2081
2082
2083
2084
2085
2086
2087
2088
2089
2090
2091
2092
2093
2094
2095
2096
2097
2098
2099
2100
2101
2102
2103
2104
2105
2106
2107
2108
2109
2110
2111
2112
2113
2114
2115
2116
2117
2118
2119
2120
2121
2122
2123
2124
2125
2126
2127
2128
2129
2130
2131
2132
2133
2134
2135
2136
2137
2138
2139
2140
2141
2142
2143
2144
2145
2146
2147
2148
2149
2150
2151
2152
2153
2154
2155
2156
2157
2158
2159
2160
2161
2162
2163
2164
2165
2166
2167
2168
2169
2170
2171
2172
2173
2174
2175
2176
2177
2178
2179
2180
2181
2182
2183
2184
2185
2186
2187
2188
2189
2190
2191
2192
2193
2194
2195
2196
2197
2198
2199
2200
2201
2202
2203
2204
2205
2206
2207
2208
2209
2210
2211
2212
2213
2214
2215
2216
2217
2218
2219
2220
2221
2222
2223
2224
2225
2226
2227
2228
2229
2230
2231
2232
2233
2234
2235
2236
2237
2238
2239
2240
2241
2242
2243
2244
2245
2246
2247
2248
2249
2250
2251
2252
2253
2254
2255
2256
2257
2258
2259
2260
2261
2262
2263
2264
2265
2266
2267
2268
2269
2270
2271
2272
2273
2274
2275
2276
2277
2278
2279
2280
2281
2282
2283
2284
2285
2286
bugfix on 0.4.0.1-alpha.
- The circuit padding subsystem will no longer schedule padding if
dormant mode is enabled. Fixes bug 28636; bugfix on 0.4.0.1-alpha.
- Inspect a circuit-level cell queue before sending padding, to
avoid sending padding while too much data is already queued. Fixes
bug 29204; bugfix on 0.4.0.1-alpha.
- Avoid calling monotime_absolute_usec() in circuit padding machines
that do not use token removal or circuit RTT estimation. Fixes bug
29085; bugfix on 0.4.0.1-alpha.
o Minor bugfixes (clock skew detection):
- Don't believe clock skew results from NETINFO cells that appear to
arrive before we sent the VERSIONS cells they are responding to.
Previously, we would accept them up to 3 minutes "in the past".
Fixes bug 31343; bugfix on 0.2.4.4-alpha.
o Minor bugfixes (compatibility, standards compliance):
- Fix a bug that would invoke undefined behavior on certain
operating systems when trying to asprintf() a string exactly
INT_MAX bytes long. We don't believe this is exploitable, but it's
better to fix it anyway. Fixes bug 31001; bugfix on 0.2.2.11-alpha.
Found and fixed by Tobias Stoeckmann.
o Minor bugfixes (compilation warning):
- Fix a compilation warning on Windows about casting a function
pointer for GetTickCount64(). Fixes bug 31374; bugfix on
0.2.9.1-alpha.
o Minor bugfixes (compilation):
- Avoid using labs() on time_t, which can cause compilation warnings
on 64-bit Windows builds. Fixes bug 31343; bugfix on 0.2.4.4-alpha.
o Minor bugfixes (compilation, unusual configurations):
- Avoid failures when building with the ALL_BUGS_ARE_FATAL option
due to missing declarations of abort(), and prevent other such
failures in the future. Fixes bug 30189; bugfix on 0.3.4.1-alpha.
o Minor bugfixes (configuration, proxies):
- Fix a bug that prevented us from supporting SOCKS5 proxies that
want authentication along with configured (but unused!)
ClientTransportPlugins. Fixes bug 29670; bugfix on 0.2.6.1-alpha.
o Minor bugfixes (continuous integration):
- Allow the test-stem job to fail in Travis, because it sometimes
hangs. Fixes bug 30744; bugfix on 0.3.5.4-alpha.
- Skip test_rebind on macOS in Travis, because it is unreliable on
macOS on Travis. Fixes bug 30713; bugfix on 0.3.5.1-alpha.
- Skip test_rebind when the TOR_SKIP_TEST_REBIND environment
variable is set. Fixes bug 30713; bugfix on 0.3.5.1-alpha.
o Minor bugfixes (controller protocol):
- Teach the controller parser to distinguish an object preceded by
an argument list from one without. Previously, it couldn't
distinguish an argument list from the first line of a multiline
object. Fixes bug 29984; bugfix on 0.2.3.8-alpha.
o Minor bugfixes (crash on exit):
- Avoid a set of possible code paths that could try to use freed
memory in routerlist_free() while Tor was exiting. Fixes bug
31003; bugfix on 0.1.2.2-alpha.
o Minor bugfixes (developer tooling):
- Fix pre-push hook to allow fixup and squash commits when pushing
to non-upstream git remote. Fixes bug 30286; bugfix
on 0.4.0.1-alpha.
o Minor bugfixes (directory authorities):
- Stop crashing after parsing an unknown descriptor purpose
annotation. We think this bug can only be triggered by modifying a
local file. Fixes bug 30781; bugfix on 0.2.0.8-alpha.
- Move the "bandwidth-file-headers" line in directory authority
votes so that it conforms to dir-spec.txt. Fixes bug 30316; bugfix
on 0.3.5.1-alpha.
- Directory authorities with IPv6 support now always mark themselves
as reachable via IPv6. Fixes bug 24338; bugfix on 0.2.4.1-alpha.
Patch by Neel Chauhan.
o Minor bugfixes (documentation):
- Improve the documentation for using MapAddress with ".exit". Fixes
bug 30109; bugfix on 0.1.0.1-rc.
- Improve the monotonic time module and function documentation to
explain what "monotonic" actually means, and document some results
that have surprised people. Fixes bug 29640; bugfix
on 0.2.9.1-alpha.
- Use proper formatting when providing an example on quoting options
that contain whitespace. Fixes bug 29635; bugfix on 0.2.3.18-rc.
o Minor bugfixes (logging):
- Do not log a warning when running with an OpenSSL version other
than the one Tor was compiled with, if the two versions should be
compatible. Previously, we would warn whenever the version was
different. Fixes bug 30190; bugfix on 0.2.4.2-alpha.
- Warn operators when the MyFamily option is set but ContactInfo is
missing, as the latter should be set too. Fixes bug 25110; bugfix
on 0.3.3.1-alpha.
o Minor bugfixes (memory leaks):
- Avoid a minor memory leak that could occur on relays when failing
to create a "keys" directory. Fixes bug 30148; bugfix
on 0.3.3.1-alpha.
- Fix a trivial memory leak when parsing an invalid value from a
download schedule in the configuration. Fixes bug 30894; bugfix
on 0.3.4.1-alpha.
o Minor bugfixes (NetBSD):
- Fix usage of minherit() on NetBSD and other platforms that define
MAP_INHERIT_{ZERO,NONE} instead of INHERIT_{ZERO,NONE}. Fixes bug
30614; bugfix on 0.4.0.2-alpha. Patch from Taylor Campbell.
o Minor bugfixes (onion services):
- Avoid a GCC 9.1.1 warning (and possible crash depending on libc
implemenation) when failing to load an onion service client
authorization file. Fixes bug 30475; bugfix on 0.3.5.1-alpha.
- When refusing to launch a controller's HSFETCH request because of
rate-limiting, respond to the controller with a new response,
"QUERY_RATE_LIMITED". Previously, we would log QUERY_NO_HSDIR for
this case. Fixes bug 28269; bugfix on 0.3.1.1-alpha. Patch by
Neel Chauhan.
- When relaunching a circuit to a rendezvous service, mark the
circuit as needing high-uptime routers as appropriate. Fixes bug
17357; bugfix on 0.1.0.1-rc. Patch by Neel Chauhan.
- Stop ignoring IPv6 link specifiers sent to v3 onion services.
(IPv6 support for v3 onion services is still incomplete: see
ticket 23493 for details.) Fixes bug 23588; bugfix on
0.3.2.1-alpha. Patch by Neel Chauhan.
o Minor bugfixes (onion services, performance):
- When building circuits to onion services, call tor_addr_parse()
less often. Previously, we called tor_addr_parse() in
circuit_is_acceptable() even if its output wasn't used. This
change should improve performance when building circuits. Fixes
bug 22210; bugfix on 0.2.8.12. Patch by Neel Chauhan.
o Minor bugfixes (out-of-memory handler):
- When purging the DNS cache because of an out-of-memory condition,
try purging just the older entries at first. Previously, we would
always purge the whole thing. Fixes bug 29617; bugfix
on 0.3.5.1-alpha.
o Minor bugfixes (performance):
- When checking whether a node is a bridge, use a fast check to make
sure that its identity is set. Previously, we used a constant-time
check, which is not necessary in this case. Fixes bug 30308;
bugfix on 0.3.5.1-alpha.
o Minor bugfixes (pluggable transports):
- Tor now sets TOR_PT_EXIT_ON_STDIN_CLOSE=1 for client transports as
well as servers. Fixes bug 25614; bugfix on 0.2.7.1-alpha.
o Minor bugfixes (portability):
- Avoid crashing in our tor_vasprintf() implementation on systems
that define neither vasprintf() nor _vscprintf(). (This bug has
been here long enough that we question whether people are running
Tor on such systems, but we're applying the fix out of caution.)
Fixes bug 30561; bugfix on 0.2.8.2-alpha. Found and fixed by
Tobias Stoeckmann.
o Minor bugfixes (probability distributions):
- Refactor and improve parts of the probability distribution code
that made Coverity complain. Fixes bug 29805; bugfix
on 0.4.0.1-alpha.
o Minor bugfixes (python):
- Stop assuming that /usr/bin/python3 exists. For scripts that work
with python2, use /usr/bin/python. Otherwise, use /usr/bin/env
python3. Fixes bug 29913; bugfix on 0.2.5.3-alpha.
o Minor bugfixes (relay):
- When running as a relay, if IPv6Exit is set to 1 while ExitRelay
is auto, act as if ExitRelay is 1. Previously, we would ignore
IPv6Exit if ExitRelay was 0 or auto. Fixes bug 29613; bugfix on
0.3.5.1-alpha. Patch by Neel Chauhan.
o Minor bugfixes (static analysis):
- Fix several spurious Coverity warnings about the unit tests, to
lower our chances of missing real warnings in the future. Fixes
bug 30150; bugfix on 0.3.5.1-alpha and various other Tor versions.
o Minor bugfixes (stats):
- When ExtraInfoStatistics is 0, stop including bandwidth usage
statistics, GeoIPFile hashes, ServerTransportPlugin lines, and
bridge statistics by country in extra-info documents. Fixes bug
29018; bugfix on 0.2.4.1-alpha.
o Minor bugfixes (testing):
- Call setrlimit() to disable core dumps in test_bt_cl.c. Previously
we used `ulimit -c` in test_bt.sh, which violates POSIX shell
compatibility. Fixes bug 29061; bugfix on 0.3.5.1-alpha.
- Fix some incorrect code in the v3 onion service unit tests. Fixes
bug 29243; bugfix on 0.3.2.1-alpha.
- In the "routerkeys/*" tests, check the return values of mkdir()
for possible failures. Fixes bug 29939; bugfix on 0.2.7.2-alpha.
Found by Coverity as CID 1444254.
- Split test_utils_general() into several smaller test functions.
This makes it easier to perform resource deallocation on assert
failure, and fixes Coverity warnings CID 1444117 and CID 1444118.
Fixes bug 29823; bugfix on 0.2.9.1-alpha.
o Minor bugfixes (tor-resolve):
- Fix a memory leak in tor-resolve that could happen if Tor gave it
a malformed SOCKS response. (Memory leaks in tor-resolve don't
actually matter, but it's good to fix them anyway.) Fixes bug
30151; bugfix on 0.4.0.1-alpha.
o Code simplification and refactoring:
- Abstract out the low-level formatting of replies on the control
port. Implements ticket 30007.
- Add several assertions in an attempt to fix some Coverity
warnings. Closes ticket 30149.
- Introduce a connection_dir_buf_add() helper function that checks
for compress_state of dir_connection_t and automatically writes a
string to directory connection with or without compression.
Resolves issue 28816.
- Make the base32_decode() API return the number of bytes written,
for consistency with base64_decode(). Closes ticket 28913.
- Move most relay-only periodic events out of mainloop.c into the
relay subsystem. Closes ticket 30414.
- Refactor and encapsulate parts of the codebase that manipulate
crypt_path_t objects. Resolves issue 30236.
- Refactor several places in our code that Coverity incorrectly
believed might have memory leaks. Closes ticket 30147.
- Remove redundant return values in crypto_format, and the
associated return value checks elsewhere in the code. Make the
implementations in crypto_format consistent, and remove redundant
code. Resolves ticket 29660.
- Rename tor_mem_is_zero() to fast_mem_is_zero(), to emphasize that
it is not a constant-time function. Closes ticket 30309.
- Replace hs_desc_link_specifier_t with link_specifier_t, and remove
all hs_desc_link_specifier_t-specific code. Fixes bug 22781;
bugfix on 0.3.2.1-alpha.
- Simplify v3 onion service link specifier handling code. Fixes bug
23576; bugfix on 0.3.2.1-alpha.
- Split crypto_digest.c into NSS code, OpenSSL code, and shared
code. Resolves ticket 29108.
- Split control.c into several submodules, in preparation for
distributing its current responsibilities throughout the codebase.
Closes ticket 29894.
- Start to move responsibility for knowing about periodic events to
the appropriate subsystems, so that the mainloop doesn't need to
know all the periodic events in the rest of the codebase.
Implements tickets 30293 and 30294.
o Documentation:
- Mention URLs for Travis/Appveyor/Jenkins in ReleasingTor.md.
Closes ticket 30630.
- Document how to find git commits and tags for bug fixes in
CodingStandards.md. Update some file documentation. Closes
ticket 30261.
o Removed features:
- Remove the linux-tor-prio.sh script from contrib/operator-tools
directory. Resolves issue 29434.
- Remove the obsolete OpenSUSE initscript. Resolves issue 30076.
- Remove the obsolete script at contrib/dist/tor.sh.in. Resolves
issue 30075.
o Testing:
- Specify torrc paths (with empty files) when launching tor in
integration tests; refrain from reading user and system torrcs.
Resolves issue 29702.
o Code simplification and refactoring (shell scripts):
- Clean up many of our shell scripts to fix shellcheck warnings.
These include autogen.sh (ticket 26069), test_keygen.sh (ticket
29062), test_switch_id.sh (ticket 29065), test_rebind.sh (ticket
29063), src/test/fuzz/minimize.sh (ticket 30079), test_rust.sh
(ticket 29064), torify (ticket 29070), asciidoc-helper.sh (29926),
fuzz_multi.sh (30077), fuzz_static_testcases.sh (ticket 29059),
nagios-check-tor-authority-cert (ticket 29071),
src/test/fuzz/fixup_filenames.sh (ticket 30078), test-network.sh
(ticket 29060), test_key_expiration.sh (ticket 30002),
zero_length_keys.sh (ticket 29068), and test_workqueue_*.sh
(ticket 29067).
o Testing (chutney):
- In "make test-network-all", test IPv6-only v3 single onion
services, using the chutney network single-onion-v23-ipv6-md.
Closes ticket 27251.
o Testing (continuous integration):
- In Travis, make stem log a controller trace to the console, and tail
stem's tor log after failure. Closes ticket 30591.
- In Travis, only run the stem tests that use a tor binary.
Closes ticket 30694.
2287
2288
2289
2290
2291
2292
2293
2294
2295
2296
2297
2298
2299
2300
2301
2302
2303
2304
2305
2306
2307
2308
2309
2310
2311
2312
2313
2314
2315
2316
2317
2318
2319
2320
2321
2322
2323
2324
2325
2326
2327
2328
2329
2330
2331
2332
2333
2334
2335
2336
2337
2338
2339
2340
2341
2342
2343
2344
2345
2346
2347
2348
2349
2350
2351
2352
2353
2354
2355
Changes in version 0.4.0.5 - 2019-05-02
This is the first stable release in the 0.4.0.x series. It contains
improvements for power management and bootstrap reporting, as well as
preliminary backend support for circuit padding to prevent some kinds
of traffic analysis. It also continues our work in refactoring Tor for
long-term maintainability.
Per our support policy, we will support the 0.4.0.x series for nine
months, or until three months after the release of a stable 0.4.1.x:
whichever is longer. If you need longer-term support, please stick
with 0.3.5.x, which will we plan to support until Feb 2022.
Below are the changes since 0.3.5.7. For a complete list of changes
since 0.4.0.4-rc, see the ChangeLog file.
o Major features (battery management, client, dormant mode):
- When Tor is running as a client, and it is unused for a long time,
it can now enter a "dormant" state. When Tor is dormant, it avoids
network and CPU activity until it is reawoken either by a user
request or by a controller command. For more information, see the
configuration options starting with "Dormant". Implements tickets
2149 and 28335.
- The client's memory of whether it is "dormant", and how long it
has spent idle, persists across invocations. Implements
ticket 28624.
- There is a DormantOnFirstStartup option that integrators can use
if they expect that in many cases, Tor will be installed but
not used.
o Major features (bootstrap reporting):
- When reporting bootstrap progress, report the first connection
uniformly, regardless of whether it's a connection for building
application circuits. This allows finer-grained reporting of early
progress than previously possible, with the improvements of ticket
27169. Closes tickets 27167 and 27103. Addresses ticket 27308.
- When reporting bootstrap progress, treat connecting to a proxy or
pluggable transport as separate from having successfully used that
proxy or pluggable transport to connect to a relay. Closes tickets
27100 and 28884.
o Major features (circuit padding):
- Implement preliminary support for the circuit padding portion of
Proposal 254. The implementation supports Adaptive Padding (aka
WTF-PAD) state machines for use between experimental clients and
relays. Support is also provided for APE-style state machines that
use probability distributions instead of histograms to specify
inter-packet delay. At the moment, Tor does not provide any
padding state machines that are used in normal operation: for now,
this feature exists solely for experimentation. Closes
ticket 28142.
o Major features (refactoring):
- Tor now uses an explicit list of its own subsystems when
initializing and shutting down. Previously, these systems were
managed implicitly in various places throughout the codebase.
(There may still be some subsystems using the old system.) Closes
ticket 28330.
o Major bugfixes (cell scheduler, KIST, security):
- Make KIST consider the outbuf length when computing what it can
put in the outbuf. Previously, KIST acted as though the outbuf
were empty, which could lead to the outbuf becoming too full. It
is possible that an attacker could exploit this bug to cause a Tor
client or relay to run out of memory and crash. Fixes bug 29168;
bugfix on 0.3.2.1-alpha. This issue is also being tracked as
TROVE-2019-001 and CVE-2019-8955.
o Major bugfixes (networking):
- Gracefully handle empty username/password fields in SOCKS5
username/password auth message and allow SOCKS5 handshake to
2357
2358
2359
2360
2361
2362
2363
2364
2365
2366
2367
2368
2369
2370
2371
2372
2373
2374
2375
2376
2377
2378
2379
2380
2381
2382
2383
2384
2385
2386
2387
2388
2389
2390
2391
2392
2393
2394
2395
2396
2397
2398
2399
2400
2401
2402
2403
2404
2405
2406
2407
2408
2409
2410
2411
2412
2413
2414
2415
2416
2417
2418
2419
2420
2421
2422
2423
2424
continue. Previously, we had rejected these handshakes, breaking
certain applications. Fixes bug 29175; bugfix on 0.3.5.1-alpha.
o Major bugfixes (NSS, relay):
- When running with NSS, disable TLS 1.2 ciphersuites that use
SHA384 for their PRF. Due to an NSS bug, the TLS key exporters for
these ciphersuites don't work -- which caused relays to fail to
handshake with one another when these ciphersuites were enabled.
Fixes bug 29241; bugfix on 0.3.5.1-alpha.
o Major bugfixes (windows, startup):
- When reading a consensus file from disk, detect whether it was
written in text mode, and re-read it in text mode if so. Always
write consensus files in binary mode so that we can map them into
memory later. Previously, we had written in text mode, which
confused us when we tried to map the file on windows. Fixes bug
28614; bugfix on 0.4.0.1-alpha.
o Minor features (address selection):
- Treat the subnet 100.64.0.0/10 as public for some purposes;
private for others. This subnet is the RFC 6598 (Carrier Grade
NAT) IP range, and is deployed by many ISPs as an alternative to
RFC 1918 that does not break existing internal networks. Tor now
blocks SOCKS and control ports on these addresses and warns users
if client ports or ExtORPorts are listening on a RFC 6598 address.
Closes ticket 28525. Patch by Neel Chauhan.
o Minor features (bandwidth authority):
- Make bandwidth authorities ignore relays that are reported in the
bandwidth file with the flag "vote=0". This change allows us to
report unmeasured relays for diagnostic reasons without including
their bandwidth in the bandwidth authorities' vote. Closes
ticket 29806.
- When a directory authority is using a bandwidth file to obtain the
bandwidth values that will be included in the next vote, serve
this bandwidth file at /tor/status-vote/next/bandwidth. Closes
ticket 21377.
o Minor features (bootstrap reporting):
- When reporting bootstrap progress, stop distinguishing between
situations where only internal paths are available and situations
where external paths are available. Previously, Tor would often
erroneously report that it had only internal paths. Closes
ticket 27402.
o Minor features (compilation):
- Compile correctly when OpenSSL is built with engine support
disabled, or with deprecated APIs disabled. Closes ticket 29026.
Patches from "Mangix".
o Minor features (continuous integration):
- On Travis Rust builds, cleanup Rust registry and refrain from
caching the "target/" directory to speed up builds. Resolves
issue 29962.
- Log Python version during each Travis CI job. Resolves
issue 28551.
- In Travis, tell timelimit to use stem's backtrace signals, and
launch python directly from timelimit, so python receives the
signals from timelimit, rather than make. Closes ticket 30117.
o Minor features (controller):
- Add a DROPOWNERSHIP command to undo the effects of TAKEOWNERSHIP.
Implements ticket 28843.
o Minor features (developer tooling):
- Check that bugfix versions in changes files look like Tor versions
from the versions spec. Warn when bugfixes claim to be on a future
release. Closes ticket 27761.
- Provide a git pre-commit hook that disallows committing if we have
2426
2427
2428
2429
2430
2431
2432
2433
2434
2435
2436
2437
2438
2439
2440
2441
2442
2443
2444
2445
2446
2447
2448
2449
2450
2451
2452
2453
2454
2455
2456
2457
2458
2459
2460
2461
2462
2463
2464
2465
2466
2467
2468
2469
2470
2471
2472
2473
2474
2475
2476
2477
2478
2479
2480
2481
2482
2483
2484
2485
2486
2487
2488
2489
2490
2491
2492
2493
2494
2495
2496
2497
2498
2499
2500
2501
2502
2503
2504
2505
2506
2507
2508
2509
2510
2511
2512
2513
2514
2515
2516
2517
2518
2519
2520
2521
2522
2523
2524
2525
2526
2527
2528
2529
2530
2531
2532
2533
2534
2535
2536
2537
2538
2539
2540
2541
2542
2543
2544
2545
2546
2547
2548
2549
2550
2551
2552
2553
2554
2555
2556
2557
2558
2559
2560
2561
2562
2563
2564
2565
2566
2567
2568
2569
2570
2571
2572
2573
2574
2575
2576
2577
2578
2579
2580
2581
2582
2583
2584
2585
2586
2587
2588
2589
2590
2591
2592
2593
2594
2595
2596
2597
2598
2599
2600
2601
2602
2603
2604
2605
2606
2607
2608
2609
2610
2611
2612
2613
2614
2615
2616
2617
2618
2619
2620
2621
2622
2623
2624
2625
2626
2627
2628
2629
2630
2631
2632
2633
2634
2635
2636
2637
2638
2639
2640
2641
2642
2643
2644
any failures in our code and changelog formatting checks. It is
now available in scripts/maint/pre-commit.git-hook. Implements
feature 28976.
- Provide a git hook script to prevent "fixup!" and "squash!"
commits from ending up in the master branch, as scripts/main/pre-
push.git-hook. Closes ticket 27993.
o Minor features (diagnostic):
- Add more diagnostic log messages in an attempt to solve the issue
of NUL bytes appearing in a microdescriptor cache. Related to
ticket 28223.
o Minor features (directory authority):
- When a directory authority is using a bandwidth file to obtain
bandwidth values, include the digest of that file in the vote.
Closes ticket 26698.
- Directory authorities support a new consensus algorithm, under
which the family lines in microdescriptors are encoded in a
canonical form. This change makes family lines more compressible
in transit, and on the client. Closes ticket 28266; implements
proposal 298.
o Minor features (directory authority, relay):
- Authorities now vote on a "StaleDesc" flag to indicate that a
relay's descriptor is so old that the relay should upload again
soon. Relays treat this flag as a signal to upload a new
descriptor. This flag will eventually let us remove the
'published' date from routerstatus entries, and make our consensus
diffs much smaller. Closes ticket 26770; implements proposal 293.
o Minor features (dormant mode):
- Add a DormantCanceledByStartup option to tell Tor that it should
treat a startup event as cancelling any previous dormant state.
Integrators should use this option with caution: it should only be
used if Tor is being started because of something that the user
did, and not if Tor is being automatically started in the
background. Closes ticket 29357.
o Minor features (fallback directory mirrors):
- Update the fallback whitelist based on operator opt-ins and opt-
outs. Closes ticket 24805, patch by Phoul.
o Minor features (FreeBSD):
- On FreeBSD-based systems, warn relay operators if the
"net.inet.ip.random_id" sysctl (IP ID randomization) is disabled.
Closes ticket 28518.
o Minor features (geoip):
- Update geoip and geoip6 to the April 2 2019 Maxmind GeoLite2
Country database. Closes ticket 29992.
o Minor features (HTTP standards compliance):
- Stop sending the header "Content-type: application/octet-stream"
along with transparently compressed documents: this confused
browsers. Closes ticket 28100.
o Minor features (IPv6):
- We add an option ClientAutoIPv6ORPort, to make clients randomly
prefer a node's IPv4 or IPv6 ORPort. The random preference is set
every time a node is loaded from a new consensus or bridge config.
We expect that this option will enable clients to bootstrap more
quickly without having to determine whether they support IPv4,
IPv6, or both. Closes ticket 27490. Patch by Neel Chauhan.
- When using addrs_in_same_network_family(), avoid choosing circuit
paths that pass through the same IPv6 subnet more than once.
Previously, we only checked IPv4 subnets. Closes ticket 24393.
Patch by Neel Chauhan.
o Minor features (log messages):
- Improve log message in v3 onion services that could print out
negative revision counters. Closes ticket 27707. Patch
by "ffmancera".
o Minor features (memory usage):
- Save memory by storing microdescriptor family lists with a more
compact representation. Closes ticket 27359.
- Tor clients now use mmap() to read consensus files from disk, so
that they no longer need keep the full text of a consensus in
memory when parsing it or applying a diff. Closes ticket 27244.
o Minor features (NSS, diagnostic):
- Try to log an error from NSS (if there is any) and a more useful
description of our situation if we are using NSS and a call to
SSL_ExportKeyingMaterial() fails. Diagnostic for ticket 29241.
o Minor features (parsing):
- Directory authorities now validate that router descriptors and
ExtraInfo documents are in a valid subset of UTF-8, and reject
them if they are not. Closes ticket 27367.
o Minor features (performance):
- Cache the results of summarize_protocol_flags(), so that we don't
have to parse the same protocol-versions string over and over.
This should save us a huge number of malloc calls on startup, and
may reduce memory fragmentation with some allocators. Closes
ticket 27225.
- Remove a needless memset() call from get_token_arguments, thereby
speeding up the tokenization of directory objects by about 20%.
Closes ticket 28852.
- Replace parse_short_policy() with a faster implementation, to
improve microdescriptor parsing time. Closes ticket 28853.
- Speed up directory parsing a little by avoiding use of the non-
inlined strcmp_len() function. Closes ticket 28856.
- Speed up microdescriptor parsing by about 30%, to help improve
startup time. Closes ticket 28839.
o Minor features (pluggable transports):
- Add support for emitting STATUS updates to Tor's control port from
a pluggable transport process. Closes ticket 28846.
- Add support for logging to Tor's logging subsystem from a
pluggable transport process. Closes ticket 28180.
o Minor features (process management):
- Add a new process API for handling child processes. This new API
allows Tor to have bi-directional communication with child
processes on both Unix and Windows. Closes ticket 28179.
- Use the subsystem manager to initialize and shut down the process
module. Closes ticket 28847.
o Minor features (relay):
- When listing relay families, list them in canonical form including
the relay's own identity, and try to give a more useful set of
warnings. Part of ticket 28266 and proposal 298.
o Minor features (required protocols):
- Before exiting because of a missing required protocol, Tor will
now check the publication time of the consensus, and not exit
unless the consensus is newer than the Tor program's own release
date. Previously, Tor would not check the consensus publication
time, and so might exit because of a missing protocol that might
no longer be required in a current consensus. Implements proposal
297; closes ticket 27735.
o Minor features (testing):
- Treat all unexpected ERR and BUG messages as test failures. Closes
ticket 28668.
- Allow a HeartbeatPeriod of less than 30 minutes in testing Tor
networks. Closes ticket 28840. Patch by Rob Jansen.
- Use the approx_time() function when setting the "Expires" header
in directory replies, to make them more testable. Needed for
ticket 30001.
o Minor bugfixes (security):
- Fix a potential double free bug when reading huge bandwidth files.
The issue is not exploitable in the current Tor network because
the vulnerable code is only reached when directory authorities
read bandwidth files, but bandwidth files come from a trusted
source (usually the authorities themselves). Furthermore, the
issue is only exploitable in rare (non-POSIX) 32-bit architectures,
which are not used by any of the current authorities. Fixes bug
30040; bugfix on 0.3.5.1-alpha. Bug found and fixed by
Tobias Stoeckmann.
- Verify in more places that we are not about to create a buffer
with more than INT_MAX bytes, to avoid possible OOB access in the
event of bugs. Fixes bug 30041; bugfix on 0.2.0.16. Found and
fixed by Tobias Stoeckmann.
o Minor bugfix (continuous integration):
- Reset coverage state on disk after Travis CI has finished. This
should prevent future coverage merge errors from causing the test
suite for the "process" subsystem to fail. The process subsystem
was introduced in 0.4.0.1-alpha. Fixes bug 29036; bugfix
on 0.2.9.15.
- Terminate test-stem if it takes more than 9.5 minutes to run.
(Travis terminates the job after 10 minutes of no output.)
Diagnostic for 29437. Fixes bug 30011; bugfix on 0.3.5.4-alpha.
o Minor bugfixes (build, compatibility, rust):
- Update Cargo.lock file to match the version made by the latest
version of Rust, so that "make distcheck" will pass again. Fixes
bug 29244; bugfix on 0.3.3.4-alpha.
o Minor bugfixes (C correctness):
- Fix an unlikely memory leak in consensus_diff_apply(). Fixes bug
29824; bugfix on 0.3.1.1-alpha. This is Coverity warning
CID 1444119.
o Minor bugfixes (client, clock skew):
- Bootstrap successfully even when Tor's clock is behind the clocks
on the authorities. Fixes bug 28591; bugfix on 0.2.0.9-alpha.
- Select guards even if the consensus has expired, as long as the
consensus is still reasonably live. Fixes bug 24661; bugfix
on 0.3.0.1-alpha.
o Minor bugfixes (compilation):
- Fix compilation warnings in test_circuitpadding.c. Fixes bug
29169; bugfix on 0.4.0.1-alpha.
- Silence a compiler warning in test-memwipe.c on OpenBSD. Fixes bug
29145; bugfix on 0.2.9.3-alpha. Patch from Kris Katterjohn.
- Compile correctly on OpenBSD; previously, we were missing some
headers required in order to detect it properly. Fixes bug 28938;
bugfix on 0.3.5.1-alpha. Patch from Kris Katterjohn.
o Minor bugfixes (directory clients):
- Mark outdated dirservers when Tor only has a reasonably live
consensus. Fixes bug 28569; bugfix on 0.3.2.5-alpha.
o Minor bugfixes (directory mirrors):
- Even when a directory mirror's clock is behind the clocks on the
authorities, we now allow the mirror to serve "future"
consensuses. Fixes bug 28654; bugfix on 0.3.0.1-alpha.
o Minor bugfixes (DNS):
- Gracefully handle an empty or absent resolve.conf file by falling
back to using "localhost" as a DNS server (and hoping it works).
Previously, we would just stop running as an exit. Fixes bug
21900; bugfix on 0.2.1.10-alpha.
o Minor bugfixes (documentation):
- Describe the contents of the v3 onion service client authorization
files correctly: They hold public keys, not private keys. Fixes
bug 28979; bugfix on 0.3.5.1-alpha. Spotted by "Felixix".
o Minor bugfixes (guards):
- In count_acceptable_nodes(), the minimum number is now one bridge
or guard node, and two non-guard nodes for a circuit. Previously,
we had added up the sum of all nodes with a descriptor, but that
could cause us to build failing circuits when we had either too
many bridges or not enough guard nodes. Fixes bug 25885; bugfix on
0.2.3.1-alpha. Patch by Neel Chauhan.
2646
2647
2648
2649
2650
2651
2652
2653
2654
2655
2656
2657
2658
2659
2660
2661
2662
2663
2664
2665
2666
2667
2668
2669
2670
2671
2672
2673
2674
2675
2676
2677
2678
2679
2680
2681
2682
2683
2684
2685
2686
2687
2688
2689
2690
2691
2692
2693
2694
2695
2696
2697
2698
2699
2700
2701
2702
2703
2704
2705
2706
2707
2708
2709
2710
2711
2712
2713
2714
2715
2716
2717
2718
2719
2720
2721
2722
2723
2724
2725
2726
2727
2728
2729
2730
2731
2732
2733
2734
2735
2736
2737
2738
2739
2740
2741
2742
2743
2744
2745
2746
2747
2748
2749
2750
2751
2752
2753
2754
2755
2756
2757
2758
2759
2760
2761
2762
2763
2764
2765
2766
2767
2768
2769
2770
2771
2772
2773
2774
2775
2776
2777
2778
2779
2780
2781
2782
2783
2784
2785
2786
2787
2788
2789
2790
2791
2792
2793
2794
2795
2796
2797
2798
2799
2800
2801
2802
2803
2804
2805
2806
2807
2808
2809
2810
2811
2812
2813
2814
2815
2816
2817
2818
2819
2820
2821
2822
2823
2824
2825
2826
2827
2828
2829
2830
2831
2832
2833
2834
2835
2836
2837
2838
2839
2840
2841
2842
2843
2844
2845
2846
2847
2848
2849
2850
2851
2852
2853
2854
2855
2856
2857
2858
2859
2860
2861
2862
2863
2864
2865
2866
2867
2868
2869
2870
2871
2872
2873
2874
2875
2876
2877
2878
2879
2880
2881
2882
2883
2884
2885
o Minor bugfixes (IPv6):
- Fix tor_ersatz_socketpair on IPv6-only systems. Previously, the
IPv6 socket was bound using an address family of AF_INET instead
of AF_INET6. Fixes bug 28995; bugfix on 0.3.5.1-alpha. Patch from
Kris Katterjohn.
o Minor bugfixes (linux seccomp sandbox):
- Fix startup crash when experimental sandbox support is enabled.
Fixes bug 29150; bugfix on 0.4.0.1-alpha. Patch by Peter Gerber.
o Minor bugfixes (logging):
- Correct a misleading error message when IPv4Only or IPv6Only is
used but the resolved address can not be interpreted as an address
of the specified IP version. Fixes bug 13221; bugfix on
0.2.3.9-alpha. Patch from Kris Katterjohn.
- Log the correct port number for listening sockets when "auto" is
used to let Tor pick the port number. Previously, port 0 was
logged instead of the actual port number. Fixes bug 29144; bugfix
on 0.3.5.1-alpha. Patch from Kris Katterjohn.
- Stop logging a BUG() warning when Tor is waiting for exit
descriptors. Fixes bug 28656; bugfix on 0.3.5.1-alpha.
- Avoid logging that we are relaxing a circuit timeout when that
timeout is fixed. Fixes bug 28698; bugfix on 0.2.4.7-alpha.
- Log more information at "warning" level when unable to read a
private key; log more information at "info" level when unable to
read a public key. We had warnings here before, but they were lost
during our NSS work. Fixes bug 29042; bugfix on 0.3.5.1-alpha.
- Rework rep_hist_log_link_protocol_counts() to iterate through all
link protocol versions when logging incoming/outgoing connection
counts. Tor no longer skips version 5, and we won't have to
remember to update this function when new link protocol version is
developed. Fixes bug 28920; bugfix on 0.2.6.10.
o Minor bugfixes (memory management):
- Refactor the shared random state's memory management so that it
actually takes ownership of the shared random value pointers.
Fixes bug 29706; bugfix on 0.2.9.1-alpha.
- Stop leaking parts of the shared random state in the shared-random
unit tests. Fixes bug 29599; bugfix on 0.2.9.1-alpha.
o Minor bugfixes (misc):
- The amount of total available physical memory is now determined
using the sysctl identifier HW_PHYSMEM (rather than HW_USERMEM)
when it is defined and a 64-bit variant is not available. Fixes
bug 28981; bugfix on 0.2.5.4-alpha. Patch from Kris Katterjohn.
o Minor bugfixes (networking):
- Introduce additional checks into tor_addr_parse() to reject
certain incorrect inputs that previously were not detected. Fixes
bug 23082; bugfix on 0.2.0.10-alpha.
o Minor bugfixes (onion service v3, client):
- Stop logging a "BUG()" warning and stacktrace when we find a SOCKS
connection waiting for a descriptor that we actually have in the
cache. It turns out that this can actually happen, though it is
rare. Now, tor will recover and retry the descriptor. Fixes bug
28669; bugfix on 0.3.2.4-alpha.
o Minor bugfixes (onion services):
- Avoid crashing if ClientOnionAuthDir (incorrectly) contains more
than one private key for a hidden service. Fixes bug 29040; bugfix
on 0.3.5.1-alpha.
- In hs_cache_store_as_client() log an HSDesc we failed to parse at
"debug" level. Tor used to log it as a warning, which caused very
long log lines to appear for some users. Fixes bug 29135; bugfix
on 0.3.2.1-alpha.
- Stop logging "Tried to establish rendezvous on non-OR circuit..."
as a warning. Instead, log it as a protocol warning, because there
is nothing that relay operators can do to fix it. Fixes bug 29029;
bugfix on 0.2.5.7-rc.
o Minor bugfixes (periodic events):
- Refrain from calling routerlist_remove_old_routers() from
check_descriptor_callback(). Instead, create a new hourly periodic
event. Fixes bug 27929; bugfix on 0.2.8.1-alpha.
o Minor bugfixes (pluggable transports):
- Make sure that data is continously read from standard output and
standard error pipes of a pluggable transport child-process, to
avoid deadlocking when a pipe's buffer is full. Fixes bug 26360;
bugfix on 0.2.3.6-alpha.
o Minor bugfixes (rust):
- Abort on panic in all build profiles, instead of potentially
unwinding into C code. Fixes bug 27199; bugfix on 0.3.3.1-alpha.
o Minor bugfixes (scheduler):
- When re-adding channels to the pending list, check the correct
channel's sched_heap_idx. This issue has had no effect in mainline
Tor, but could have led to bugs down the road in improved versions
of our circuit scheduling code. Fixes bug 29508; bugfix
on 0.3.2.10.
o Minor bugfixes (shellcheck):
- Look for scripts in their correct locations during "make
shellcheck". Previously we had looked in the wrong place during
out-of-tree builds. Fixes bug 30263; bugfix on 0.4.0.1-alpha.
o Minor bugfixes (single onion services):
- Allow connections to single onion services to remain idle without
being disconnected. Previously, relays acting as rendezvous points
for single onion services were mistakenly closing idle rendezvous
circuits after 60 seconds, thinking that they were unused
directory-fetching circuits that had served their purpose. Fixes
bug 29665; bugfix on 0.2.1.26.
o Minor bugfixes (stats):
- When ExtraInfoStatistics is 0, stop including PaddingStatistics in
relay and bridge extra-info documents. Fixes bug 29017; bugfix
on 0.3.1.1-alpha.
o Minor bugfixes (testing):
- Backport the 0.3.4 src/test/test-network.sh to 0.2.9. We need a
recent test-network.sh to use new chutney features in CI. Fixes
bug 29703; bugfix on 0.2.9.1-alpha.
- Fix a test failure on Windows caused by an unexpected "BUG"
warning in our tests for tor_gmtime_r(-1). Fixes bug 29922; bugfix
on 0.2.9.3-alpha.
- Downgrade some LOG_ERR messages in the address/* tests to
warnings. The LOG_ERR messages were occurring when we had no
configured network. We were failing the unit tests, because we
backported 28668 to 0.3.5.8, but did not backport 29530. Fixes bug
29530; bugfix on 0.3.5.8.
- Fix our gcov wrapper script to look for object files at the
correct locations. Fixes bug 29435; bugfix on 0.3.5.1-alpha.
- Decrease the false positive rate of stochastic probability
distribution tests. Fixes bug 29693; bugfix on 0.4.0.1-alpha.
- Fix intermittent failures on an adaptive padding test. Fixes one
case of bug 29122; bugfix on 0.4.0.1-alpha.
- Disable an unstable circuit-padding test that was failing
intermittently because of an ill-defined small histogram. Such
histograms will be allowed again after 29298 is implemented. Fixes
a second case of bug 29122; bugfix on 0.4.0.1-alpha.
- Detect and suppress "bug" warnings from the util/time test on
Windows. Fixes bug 29161; bugfix on 0.2.9.3-alpha.
- Do not log an error-level message if we fail to find an IPv6
network interface from the unit tests. Fixes bug 29160; bugfix
on 0.2.7.3-rc.
- Instead of relying on hs_free_all() to clean up all onion service
objects in test_build_descriptors(), we now deallocate them one by
one. This lets Coverity know that we are not leaking memory there
and fixes CID 1442277. Fixes bug 28989; bugfix on 0.3.5.1-alpha.
- Check the time in the "Expires" header using approx_time(). Fixes
bug 30001; bugfix on 0.4.0.4-rc.
o Minor bugfixes (TLS protocol):
- When classifying a client's selection of TLS ciphers, if the
client ciphers are not yet available, do not cache the result.
Previously, we had cached the unavailability of the cipher list
and never looked again, which in turn led us to assume that the
client only supported the ancient V1 link protocol. This, in turn,
was causing Stem integration tests to stall in some cases. Fixes
bug 30021; bugfix on 0.2.4.8-alpha.
o Minor bugfixes (UI):
- Lower log level of unlink() errors during bootstrap. Fixes bug
29930; bugfix on 0.4.0.1-alpha.
o Minor bugfixes (usability):
- Stop saying "Your Guard ..." in pathbias_measure_{use,close}_rate().
Some users took this phrasing to mean that the mentioned guard was
under their control or responsibility, which it is not. Fixes bug
28895; bugfix on Tor 0.3.0.1-alpha.
o Minor bugfixes (Windows, CI):
- Skip the Appveyor 32-bit Windows Server 2016 job, and 64-bit
Windows Server 2012 R2 job. The remaining 2 jobs still provide
coverage of 64/32-bit, and Windows Server 2016/2012 R2. Also set
fast_finish, so failed jobs terminate the build immediately. Fixes
bug 29601; bugfix on 0.3.5.4-alpha.
o Code simplification and refactoring:
- Introduce a connection_dir_buf_add() helper function that detects
whether compression is in use, and adds a string accordingly.
Resolves issue 28816.
- Refactor handle_get_next_bandwidth() to use
connection_dir_buf_add(). Implements ticket 29897.
- Reimplement NETINFO cell parsing and generation to rely on
trunnel-generated wire format handling code. Closes ticket 27325.
- Remove unnecessary unsafe code from the Rust macro "cstr!". Closes
ticket 28077.
- Rework SOCKS wire format handling to rely on trunnel-generated
parsing/generation code. Resolves ticket 27620.
- Split out bootstrap progress reporting from control.c into a
separate file. Part of ticket 27402.
- The .may_include files that we use to describe our directory-by-
directory dependency structure now describe a noncircular
dependency graph over the directories that they cover. Our
checkIncludes.py tool now enforces this noncircularity. Closes
ticket 28362.
o Documentation:
- Clarify that Tor performs stream isolation among *Port listeners
by default. Resolves issue 29121.
- In the manpage entry describing MapAddress torrc setting, use
example IP addresses from ranges specified for use in documentation
by RFC 5737. Resolves issue 28623.
- Mention that you cannot add a new onion service if Tor is already
running with Sandbox enabled. Closes ticket 28560.
- Improve ControlPort documentation. Mention that it accepts
address:port pairs, and can be used multiple times. Closes
ticket 28805.
- Document the exact output of "tor --version". Closes ticket 28889.
o Removed features:
- Remove the old check-tor script. Resolves issue 29072.
- Stop responding to the 'GETINFO status/version/num-concurring' and
'GETINFO status/version/num-versioning' control port commands, as
those were deprecated back in 0.2.0.30. Also stop listing them in
output of 'GETINFO info/names'. Resolves ticket 28757.
- The scripts used to generate and maintain the list of fallback
directories have been extracted into a new "fallback-scripts"
repository. Closes ticket 27914.
o Testing:
- Run shellcheck for scripts in the in scripts/ directory. Closes
ticket 28058.
- Add unit tests for tokenize_string() and get_next_token()
functions. Resolves ticket 27625.
o Code simplification and refactoring (onion service v3):
- Consolidate the authorized client descriptor cookie computation
code from client and service into one function. Closes
ticket 27549.
o Code simplification and refactoring (shell scripts):
- Cleanup scan-build.sh to silence shellcheck warnings. Closes
ticket 28007.
- Fix issues that shellcheck found in chutney-git-bisect.sh.
Resolves ticket 28006.
- Fix issues that shellcheck found in updateRustDependencies.sh.
Resolves ticket 28012.
- Fix shellcheck warnings in cov-diff script. Resolves issue 28009.
- Fix shellcheck warnings in run_calltool.sh. Resolves ticket 28011.
- Fix shellcheck warnings in run_trunnel.sh. Resolves issue 28010.
- Fix shellcheck warnings in scripts/test/coverage. Resolves
issue 28008.
Changes in version 0.3.5.8 - 2019-02-21
Tor 0.3.5.8 backports several fixes from later releases, including fixes
2888
2889
2890
2891
2892
2893
2894
2895
2896
2897
2898
2899
2900
2901
2902
2903
2904
2905
2906
2907
2908
2909
2910
2911
2912
2913
2914
2915
2916
2917
2918
2919
2920
2921
2922
2923
2924
2925
2926
2927
2928
2929
2930
2931
2932
2933
2934
2935
2936
2937
2938
2939
2940
2941
2942
2943
2944
2945
2946
2947
2948
2949
2950
2951
2952
2953
2954
2955
2956
2957
2958
2959
2960
2961
2962
2963
2964
2965
2966
2967
2968
2969
2970
2971
2972
2973
2974
2975
2976
2977
2978
2979
2980
2981
2982
2983
2984
2985
2986
2987
2988
2989
2990
2991
2992
2993
2994
2995
2996
2997
2998
2999
3000
for an annoying SOCKS-parsing bug that affected users in earlier 0.3.5.x
releases.
It also includes a fix for a medium-severity security bug affecting Tor
0.3.2.1-alpha and later. All Tor instances running an affected release
should upgrade to 0.3.3.12, 0.3.4.11, 0.3.5.8, or 0.4.0.2-alpha.
o Major bugfixes (cell scheduler, KIST, security):
- Make KIST consider the outbuf length when computing what it can
put in the outbuf. Previously, KIST acted as though the outbuf
were empty, which could lead to the outbuf becoming too full. It
is possible that an attacker could exploit this bug to cause a Tor
client or relay to run out of memory and crash. Fixes bug 29168;
bugfix on 0.3.2.1-alpha. This issue is also being tracked as
TROVE-2019-001 and CVE-2019-8955.
o Major bugfixes (networking, backport from 0.4.0.2-alpha):
- Gracefully handle empty username/password fields in SOCKS5
username/password auth messsage and allow SOCKS5 handshake to
continue. Previously, we had rejected these handshakes, breaking
certain applications. Fixes bug 29175; bugfix on 0.3.5.1-alpha.
o Minor features (compilation, backport from 0.4.0.2-alpha):
- Compile correctly when OpenSSL is built with engine support
disabled, or with deprecated APIs disabled. Closes ticket 29026.
Patches from "Mangix".
o Minor features (geoip):
- Update geoip and geoip6 to the February 5 2019 Maxmind GeoLite2
Country database. Closes ticket 29478.
o Minor features (testing, backport from 0.4.0.2-alpha):
- Treat all unexpected ERR and BUG messages as test failures. Closes
ticket 28668.
o Minor bugfixes (onion service v3, client, backport from 0.4.0.1-alpha):
- Stop logging a "BUG()" warning and stacktrace when we find a SOCKS
connection waiting for a descriptor that we actually have in the
cache. It turns out that this can actually happen, though it is
rare. Now, tor will recover and retry the descriptor. Fixes bug
28669; bugfix on 0.3.2.4-alpha.
o Minor bugfixes (IPv6, backport from 0.4.0.1-alpha):
- Fix tor_ersatz_socketpair on IPv6-only systems. Previously, the
IPv6 socket was bound using an address family of AF_INET instead
of AF_INET6. Fixes bug 28995; bugfix on 0.3.5.1-alpha. Patch from
Kris Katterjohn.
o Minor bugfixes (build, compatibility, rust, backport from 0.4.0.2-alpha):
- Update Cargo.lock file to match the version made by the latest
version of Rust, so that "make distcheck" will pass again. Fixes
bug 29244; bugfix on 0.3.3.4-alpha.
o Minor bugfixes (client, clock skew, backport from 0.4.0.1-alpha):
- Select guards even if the consensus has expired, as long as the
consensus is still reasonably live. Fixes bug 24661; bugfix
on 0.3.0.1-alpha.
o Minor bugfixes (compilation, backport from 0.4.0.1-alpha):
- Compile correctly on OpenBSD; previously, we were missing some
headers required in order to detect it properly. Fixes bug 28938;
bugfix on 0.3.5.1-alpha. Patch from Kris Katterjohn.
o Minor bugfixes (documentation, backport from 0.4.0.2-alpha):
- Describe the contents of the v3 onion service client authorization
files correctly: They hold public keys, not private keys. Fixes
bug 28979; bugfix on 0.3.5.1-alpha. Spotted by "Felixix".
o Minor bugfixes (logging, backport from 0.4.0.1-alpha):
- Rework rep_hist_log_link_protocol_counts() to iterate through all
link protocol versions when logging incoming/outgoing connection
counts. Tor no longer skips version 5, and we won't have to
remember to update this function when new link protocol version is
developed. Fixes bug 28920; bugfix on 0.2.6.10.
o Minor bugfixes (logging, backport from 0.4.0.2-alpha):
- Log more information at "warning" level when unable to read a
private key; log more information at "info" level when unable to
read a public key. We had warnings here before, but they were lost
during our NSS work. Fixes bug 29042; bugfix on 0.3.5.1-alpha.
o Minor bugfixes (misc, backport from 0.4.0.2-alpha):
- The amount of total available physical memory is now determined
using the sysctl identifier HW_PHYSMEM (rather than HW_USERMEM)
when it is defined and a 64-bit variant is not available. Fixes
bug 28981; bugfix on 0.2.5.4-alpha. Patch from Kris Katterjohn.
o Minor bugfixes (onion services, backport from 0.4.0.2-alpha):
- Avoid crashing if ClientOnionAuthDir (incorrectly) contains more
than one private key for a hidden service. Fixes bug 29040; bugfix
on 0.3.5.1-alpha.
- In hs_cache_store_as_client() log an HSDesc we failed to parse at
"debug" level. Tor used to log it as a warning, which caused very
long log lines to appear for some users. Fixes bug 29135; bugfix
on 0.3.2.1-alpha.
- Stop logging "Tried to establish rendezvous on non-OR circuit..."
as a warning. Instead, log it as a protocol warning, because there
is nothing that relay operators can do to fix it. Fixes bug 29029;
bugfix on 0.2.5.7-rc.
o Minor bugfixes (tests, directory clients, backport from 0.4.0.1-alpha):
- Mark outdated dirservers when Tor only has a reasonably live
consensus. Fixes bug 28569; bugfix on 0.3.2.5-alpha.
o Minor bugfixes (tests, backport from 0.4.0.2-alpha):
- Detect and suppress "bug" warnings from the util/time test on
Windows. Fixes bug 29161; bugfix on 0.2.9.3-alpha.
- Do not log an error-level message if we fail to find an IPv6
network interface from the unit tests. Fixes bug 29160; bugfix
on 0.2.7.3-rc.
o Minor bugfixes (usability, backport from 0.4.0.1-alpha):
- Stop saying "Your Guard ..." in pathbias_measure_{use,close}_rate().