Sort changes files into changelog. (4bb432f6) · Commits · The Tor Project / Core / Tor

ChangeLog

+256 −0

Original line number	Diff line number	Diff line
		Changes in version 0.2.8.2-rc - 2016-03-??
		Tor 0.2.8.1-alpha is the first release candidate in its series.
		XXXX write more here XXXX

		o New system requirements:
		- Tor no longer supports versions of OpenSSL with a broken
		implementation of counter mode. (This bug was present in OpenSSL
		1.0.0, and was fixed in OpenSSL 1.0.0a.) Tor still detects, but
		no longer runs with, these versions.
		- Tor no longer attempts to support platforms where the "time_t" type
		is unsigned. (To the best of our knowledge, only OpenVMS does this,
		and Tor has never actually built on OpenVMS.) Closes ticket 18184.

		o Removed features:
		- Streamline relay-side hsdir handling: when relays consider whether
		to accept an uploaded hidden service descriptor, they no longer
		check whether they are one of the relays in the network that is
		"supposed" to handle that descriptor. Implements ticket 18332.
		- We no longer maintain an internal freelist in memarea.c. Allocators
		should be good enough to make this code unnecessary, and it's doubtful
		that it ever had any performance benefit.

		o Major bugfixes (dns proxy mode, crash):
		- Avoid crashing when running as a DNS proxy. Fixes bug 16248; bugfix on
		0.2.0.1-alpha. Patch from 'cypherpunks'.

		o Major bugfixes (security, pointers):
		- Avoid a difficult-to-trigger heap corruption attack when extending
		a smartlist to contain over 16GB of pointers. Fixes bug 18162;
		bugfix on Tor 0.1.1.11-alpha, which fixed a related bug
		incompletely. Reported by Guido Vranken.

		o Major bugfixes (compilation):
		- Repair hardened builds under the clang compiler. Previously,
		our use of _FORTIFY_SOURCE would conflict with clang's address
		sanitizer. Fixes bug 14821; bugfix on 0.2.5.4-alpha.

		o Major bugfixes (crash on shutdown):
		- Correctly handle detaching circuits from cmuxes when doing
		circuit_free_all() on shutdown. Fixes bug 18116; bugfix on
		0.2.8.1-alpha.

		o Major bugfixes (relays, bridge clients):
		- Ensure relays always allow IPv4 OR and Dir connections.
		Ensure bridge clients use the address configured in the bridge line.
		Fixes bug 18348; bugfix on 0.2.8.1-alpha.
		Reported by sysrqb, patch by teor.

		o Minor feature (IPv6):
		- Add ClientPreferIPv6DirPort, which is set to 0 by default. If set
		to 1, tor prefers IPv6 directory addresses.
		- Add ClientUseIPv4, which is set to 1 by default. If set to 0, tor
		avoids using IPv4 for client OR and directory connections.
		- Try harder to fulfil IP version restrictions ClientUseIPv4 0 and
		ClientUseIPv6 0; and the preferences ClientPreferIPv6ORPort and
		ClientPreferIPv6DirPort.
		Closes ticket 17840; patch by "teor".

		o Minor features (bug-resistance):
		- Make Tor survive errors involving connections without a corresponding
		event object. Previously we'd fail with an assertion; now we produce a
		log message. Related to bug 16248.

		o Minor features (build):
		- Detect systems with FreeBSD-derived kernels (such as GNU/kFreeBSD) as
		having possible IPfW support. Closes ticket 18448. Patch from
		Steven Chamberlain.

		o Minor features (code hardening):
		- Use tor_snprintf() and tor_vsnprintf() even in external and
		low-level code, to harden against accidental failures to NUL-
		terminate. Part of ticket 17852. Patch from 'jsturgix'. Found
		with Flawfinder.

		o Minor features (compilation):
		- Note our minimum required autoconf/automake versions in the
		appropriate locations. Closes ticket 17732.

		o Minor features (crypto):
		- Fix a segfault during startup: If unix socket was configured as
		listener (such as a ControlSocket or a SocksPort unix socket), and
		tor was started as root but not configured to switch to another
		user, tor would segfault while trying to string compare a NULL
		value. Fixes bug 18261; bugfix on 0.2.8.1-alpha. Patch by weasel.
		- Validate the Diffie-Hellman hard coded parameters and ensure that
		p is a safe prime, and g is suitable. Closes ticket 18221.

		o Minor features (geoip):
		- Update geoip and geoip6 to the March 3 2016 Maxmind GeoLite2
		Country database.

		o Minor features (robustness):
		- Exit immediately with an error message if the code attempts to
		use libevent without having initialized it. This should resolve
		some frequently-made mistakes in our unit tests. Closes ticket
		18241.

		o Minor features (unix domain sockets):
		- Since some operating systems do not consider the actual modes on a
		UNIX domain socket itself, tor does not allow creating such a
		socket in a directory that is group or world accessible if it is
		supposed to be private. Likewise, it will not allow only group
		accessible sockets in a world accessible directory.
		However, on some operating systems this is unnecessary, so
		add a per-socket option called RelaxDirModeCheck.
		Closes ticket 18458. Patch by weasel.

		o Minor features:
		- Update geoip and geoip6 to the February 2 2016 Maxmind GeoLite2
		Country database.

		o Minor bugfixes (build):
		- Do not link the unit tests against both the testing and non-testing
		versions of the static libraries. Fixes bug 18490; bugfix on
		0.2.7.1-alpha.

		o Minor bugfixes (client):
		- Count receipt of new microdescriptors as progress towards
		bootstrapping. Now, when a user who has set EntryNodes finishes
		bootstrapping, Tor automatically repopulates the guard set based
		on this new directory information. Fixes bug 16825; bugfix on
		0.2.3.1-alpha.

		o Minor bugfixes (code correctness):
		- Update to the latest version of Trunnel, which tries harder
		to avoid generating code that can invoke memcpy(p,NULL,0).
		Bug found by clang address sanitizer. Fixes bug 18373; bugfix
		on 0.2.7.2-alpha.

		o Minor bugfixes (configuration):
		- Fix a tiny memory leak when parsing a port configuration ending in
		":auto". Fixes bug 18374; bugfix on 0.2.3.3-alpha.

		o Minor bugfixes (containers):
		- If we somehow attempt to construct a heap with more than
		1073741822 elements, avoid an integer overflow when maintaining
		the heap property. Fixes bug 18296; bugfix on 0.1.2.1-alpha.

		o Minor bugfixes (correctness):
		- Fix a bad memory handling bug that would occur if we had queued
		a cell on a channel's incoming queue. Fortunately, we can't actually
		queue a cell like that as our code is constructed today, but it's best
		to avoid this kind of error, even if there isn't any code that triggers
		it today. Fixes bug 18570; bugfix on 0.2.4.4-alpha.

		o Minor bugfixes (crypto, static analysis):
		- Silence spurious clang-scan warnings in the ed25519_donna code
		by explicitly initialising some objects.
		Fixes bug 18384; bugfix on 0f3eeca9 in 0.2.7.2-alpha.
		Patch by "teor".

		o Minor bugfixes (directory):
		- When generating a URL for a directory server on an IPv6 address,
		wrap the IPv6 address in square brackets. Fixes bug 18051;
		bugfix on 0.2.3.9-alpha. Patch from Malek.

		o Minor bugfixes (exit policies, security):
		- Refresh an exit relay's exit policy when interface addresses change.
		Previously, tor only refreshed the exit policy when the configured
		external address changed.
		Fixes bug 18208; bugfix on tor 0.2.7.3. Patch by "teor".

		o Minor bugfixes (hidden service client):
		- Seven very fast consecutive requests to the same .onion address
		triggers 7 descriptor fetches. The first six each pick a directory
		(there are 6 overall) and the seventh one wasn't able to pick one
		which was triggering a close on all current directory connections. It
		has been fixed by not closing them if we have pending directory fetch.
		Fixes bug 15937; bugfix on tor-0.2.7.1-alpha.

		o Minor bugfixes (hidden service, control port):
		- Add the onion address to the HS_DESC event for the UPLOADED action
		both on success or failure. It was previously hardcoded with UNKNOWN.
		Fixes bug 16023; bugfix on 0.2.7.2-alpha.

		o Minor bugfixes (logging):
		- Scrub service in from "unrecognized service ID" log messages.
		Fixes bug 18600; bugfix on 0.2.4.11-alpha.

		o Minor bugfixes (memory safety):
		- Avoid freeing an uninitialised pointer when opening a socket fails
		in get_interface_addresses_ioctl.
		Fixes bug 18454; bugfix on 9f06ec0c in tor-0.2.3.11-alpha.
		Reported by "toralf" and "cypherpunks", patch by "teor".
		- Correctly duplicate addresses in get_interface_address6_list.
		Fixes bug 18454; bugfix on 110765f5 in tor-0.2.8.1-alpha.
		Reported by "toralf", patch by "cypherpunks".

		o Minor bugfixes (private directory):
		- Prevent a race condition when creating private directories.
		Fixes part of bug 17852; bugfix on 0.2pre13. Part of ticket
		17852. Patch from 'jsturgix'. Found with Flawfinder.

		o Minor bugfixes (sandbox):
		- Allow the setrlimit syscall, and the prlimit and prlimit64 syscalls,
		which some libc implementations
		use under the hood. Fixes bug 15221; bugfix on 0.2.5.1-alpha.

		o Minor bugfixes (security, hidden services):
		- Prevent hidden services connecting to client-supplied rendezvous
		addresses that are reserved as internal or multicast.
		Fixes bug 8976; bugfix on b7c172c9e in tor-0.2.3.21.
		Patch by "dgoulet" and "teor".

		o Minor bugfixes (security, win32):
		- Set SO_EXCLUSIVEADDRUSE on Win32 to avoid a local port-stealing
		attack.
		Fixes bug 18123; bugfix on all tor versions. Patch by "teor".

		o Minor bugfixes (test networks, IPv6):
		- Allow internal IPv6 addresses in descriptors in test networks.
		Fixes bug 17153; bugfix on 6b4af1071 in 0.2.3.16-alpha.
		Patch by "teor", reported by "karsten".

		o Minor bugfixes (testing):
		- We no longer disable assertions in the unit tests when coverage
		is enabled. Instead, we require you to say --disable-asserts-in-tests
		to the configure script if you need assertions disabled in the
		unit tests (for example, if you want to perform branch coverage).
		Fixes bug 18242; bugfix on 0.2.7.1-alpha.

		o Minor bugfixes:
		- Bridges now refuse "rendezvous2" (hidden service descriptor)
		publish attempts. Suggested by ticket 18332.

		o Code simplification and refactoring:
		- Quote all the string interpolations in configure.ac -- even
		those which we are pretty sure can't contain spaces. Closes
		ticket 17744. Patch from "zerosion".
		- Remove specialized code for non-inplace AES_CTR. 99% of our AES
		is inplace, so there's no need to have a separate implementation
		for the non-inplace code. Closes ticket 18258. Patch from
		Malek.
		- Simplify return types for some crypto functions that can't
		actually fail. Patch from Hassan Alsibyani. Closes ticket
		18259.

		o Dependency updates:
		- Tor now uses Autoconf version 2.63 or later, and Automake 1.11 or later
		(released in 2008 and 2009 respectively). If you are building Tor from
		the git repository instead of from the source distribution, and your
		tools are older than this, you will need to upgrade.
		Closes ticket 17732.

		o Documentation:
		- Change build messages to refer to "Fedora" instead of "Fedora Core",
		and "dnf" instead of "yum". Closes tickets 18459 and 18426.
		Patches from "icanhasaccount" and "cypherpunks".

		o Testing:
		- Fix several warnings from clang's address sanitizer produced in the
		unit tests.
		- Treat backtrace test failures as expected on FreeBSD until we
		solve bug 17808. Closes ticket 18204.


		Changes in version 0.2.8.1-alpha - 2016-02-04
		Tor 0.2.8.1-alpha is the first alpha release in its series. It
		includes numerous small features and bugfixes against previous Tor

changes/assert_event_base

deleted100644 → 0

+0 −5

Original line number	Diff line number	Diff line
		o Minor features (robustness):
		- Exit immediately with an error message if the code attempts to
		use libevent without having initialized it. This should resolve
		some frequently-made mistakes in our unit tests. Closes ticket
		18241.

changes/bug14821

deleted100644 → 0

+0 −4

Original line number	Diff line number	Diff line
		o Major bugfixes (compilation):
		- Repair hardened builds under the clang compiler. Previously,
		our use of _FORTIFY_SOURCE would conflict with clang's address
		sanitizer. Fixes bug 14821; bugfix on 0.2.5.4-alpha.

changes/bug15221

deleted100644 → 0

+0 −4

Original line number	Diff line number	Diff line
		o Minor bugfixes (sandbox):
		- Allow the setrlimit syscall, and the prlimit and prlimit64 syscalls,
		which some libc implementations
		use under the hood. Fixes bug 15221; bugfix on 0.2.5.1-alpha.

changes/bug15937

deleted100644 → 0

+0 −7

Original line number	Diff line number	Diff line
		o Minor bugfixes (hidden service client):
		- Seven very fast consecutive requests to the same .onion address
		triggers 7 descriptor fetches. The first six each pick a directory
		(there are 6 overall) and the seventh one wasn't able to pick one
		which was triggering a close on all current directory connections. It
		has been fixed by not closing them if we have pending directory fetch.
		Fixes bug 15937; bugfix on tor-0.2.7.1-alpha.