October 2014 - tor-commits - lists.torproject.org

[tor-browser-spec/master] Update with most of the fingerprinting changes.
by mikeperry＠torproject.org 28 Oct '14

28 Oct '14

commit 5c22ae627b30e147bc54f8a4b2ea957bbe32afbc Author: Mike Perry <mikeperry-git(a)torproject.org> Date: Mon Oct 27 18:50:34 2014 -0700 Update with most of the fingerprinting changes. More work still remains. --- design-doc/design.xml | 220 ++++++++++++++++++++++++++++++++++++------------- 1 file changed, 164 insertions(+), 56 deletions(-) diff --git a/design-doc/design.xml b/design-doc/design.xml index 8f12ae4..b469f2a 100644 --- a/design-doc/design.xml +++ b/design-doc/design.xml @@ -1044,7 +1044,7 @@ features if they so desire. </sect3> <sect3> <title>Implementation Status:</title> - <blockquote> + <blockquote> We achieve this goal through several mechanisms. First, we set the Firefox Private Browsing preference @@ -1052,15 +1052,18 @@ Private Browsing preference Private Browsing Mode is enabled. We need to <ulink -url="https://gitweb.torproject.org/tor-browser.git/commit/4ebc3cda4b704c0149fb9e…">prevent -the permissions manager from recording HTTPS STS state</ulink>, -<ulink -url="https://gitweb.torproject.org/tor-browser.git/commit/8904bfc10cd537bd35be5d…">prevent -intermediate SSL certificates from being recorded</ulink>, -and +url="https://gitweb.torproject.org/tor-browser.git/commitdiff/4ebc3cda4b704c0149…">prevent +the permissions manager from recording HTTPS STS state</ulink>, <ulink +url="https://gitweb.torproject.org/tor-browser.git/commitdiff/8904bfc10cd537bd35…">prevent +intermediate SSL certificates from being recorded</ulink>, <ulink +url="https://gitweb.torproject.org/tor-browser.git/commitdiff/86f6bc9dc28b6f8d7e…">prevent +the clipboard cache from being written to disk for large pastes</ulink>, and <ulink -url="https://gitweb.torproject.org/tor-browser.git/commit/d5da6f8b7de089335e49e2…">prevent -the content preferences service from recording site zoom</ulink>. +url="https://gitweb.torproject.org/tor-browser.git/commitdiff/d5da6f8b7de089335e…">prevent +the content preferences service from recording site zoom</ulink>. We also had +to disable the media cache with the pref <command>media.cache_size</command>, +to prevent HTML5 videos from being written to the OS temporary directory, +which happened regardless of the private browsing mode setting. </blockquote> <blockquote> @@ -1117,7 +1120,6 @@ $HOME environment variable to be the TBB extraction directory. --> <sect2 id="identifier-linkability"> <title>Cross-Origin Identifier Unlinkability</title> -  <para> The Tor Browser MUST prevent a user's activity on one site from being linked @@ -1445,11 +1447,14 @@ determine how many bits of identifying information each attribute provided. </para> <para> -Many browser features have been added since the EFF first ran their experiment -and collected their data. To avoid an infinite sinkhole, we reduce the efforts -for fingerprinting resistance by only concerning ourselves with reducing the -fingerprintable differences <emphasis>among</emphasis> Tor Browser users. We -do not believe it is possible to solve cross-browser fingerprinting issues. +Because fingerprinting is problem that potentially touches every aspect of the +browser, we reduce the efforts for fingerprinting resistance by only +concerning ourselves with reducing the fingerprintable differences +<emphasis>among</emphasis> Tor Browser users. We do not believe it is possible +to solve cross-browser fingerprinting issues. Similarly, we prioritize issues +that differentiate only MacOS, Windows, and Linux lower than those that +differentiate aspects of the hardware, third party installed software, and +configuration differences in those operating systems. </para> <para> @@ -1470,7 +1475,6 @@ Panopticlick to allow us to run our own version for this reason. </para> <sect3 id="fingerprinting-defenses"> <title>Fingerprinting defenses in the Tor Browser</title> - <orderedlist> <listitem>Plugins <para> @@ -1488,7 +1492,9 @@ barrier. Additionally, version information should be reduced or obfuscated until the plugin object is loaded. For flash, we wish to <ulink url="https://trac.torproject.org/projects/tor/ticket/3974">provide a settings.sol file</ulink> to disable Flash cookies, and to restrict P2P -features that are likely to bypass proxy settings. +features that are likely to bypass proxy settings. We'd also like to restrict +access to fonts and other system information (such as IP address and MAC +address) in such a sandbox. </para> <para><command>Implementation Status:</command> @@ -1526,13 +1532,54 @@ image can be used almost identically to a tracking cookie by the web server. <para> To reduce the threat from this vector, we have patched Firefox to <ulink -url="https://gitweb.torproject.org/torbrowser.git/blob/maint-2.4:/src/current-pa…">prompt -before returning valid image data</ulink> to the Canvas APIs. If the user -hasn't previously allowed the site in the URL bar to access Canvas image data, -pure white image data is returned to the Javascript APIs. +url="https://gitweb.torproject.org/tor-browser.git/commitdiff/3b53f525cfb68880e6…">prompt +before returning valid image data</ulink> to the Canvas APIs, and for <ulink +url="https://gitweb.torproject.org/tor-browser.git/commitdiff/fb9f463fe3a69499d6…">access +to isPointInPath and related functions</ulink>. If the user hasn't previously +allowed the site in the URL bar to access Canvas image data, pure white image +data is returned to the Javascript APIs. </para> </listitem> + <listitem>Open Local Port Fingerprinting + <para> + +In Firefox, by using either WebSockets or XHR, it is possible for remote +content to <ulink url="http://www.andlabs.org/tools/jsrecon.html">enumerate +the list of TCP ports open on 127.0.0.1</ulink>. In other browsers, this can +be accomplished by DOM events on image tags. This open vs filtered vs closed +port list can provide a very unique fingerprint of a machine. + + </para> + + <para><command>Implementation Status:</command> We prevent access to +127.0.0.1/localhost by ensuring that even these requests are still sent by +Firefox to our SOCKS proxy (ie we set +<command>network.proxy.no_proxies_on</command> to the empty string). The local +Tor client then rejects them, since it is configured to proxy for internal IP +addresses by default. + </para> + + </listitem> + <listitem>USB Device ID enumeration + <para> +The GamePad API <ulink +url="https://developer.mozilla.org/en-US/docs/Web/Guide/API/Gamepad#querying">provides +web pages with the USB device id, product id, and driver name</ulink> of all +connected game controllers, as well as detailed information about their +capabilities. This API should be behind a site permission in Private Browsing +Modes. We simply disable it via the pref +<command>dom.gamepad.enabled</command>. + </para> + </listitem> + <listitem>Invasive Authentication Mechanisms (NTLM and SPNEGO) + <para> +Both NTLM and SPNEGO authentication mechansisms can leak the hostname, and in +some cases the machine username. These authentication mechanisms should either +be disabled, or placed behind a site permission before their use. We simply +disable them. + </para> + </listitem> <listitem>WebGL <para> @@ -1575,24 +1622,25 @@ font for every language, typeface, and style in use in the world, and to only use those fonts at the exclusion of system fonts. However, this set may be impractically large. It is possible that a smaller <ulink url="https://secure.wikimedia.org/wikipedia/en/wiki/Unicode_typeface#List_of_Uni…">common -subset</ulink> may be found that provides total coverage. However, we believe -that with strong url bar origin identifier isolation, a simpler approach can reduce the -number of bits available to the adversary while avoiding the rendering and -language issues of supporting a global font set. +subset</ulink> may be found that provides total coverage. Right now, it +appears that the major languages on Wikipedia can be supported for about 3MB +of additional distribution size, using the DejaVu font set. + </para> <para><command>Implementation Status:</command> -We disable plugins, which prevents font enumeration. Additionally, we limit -both the number of font queries from CSS, as well as the total number of -fonts that can be used in a document <ulink +In the meantime while we investigate shipping our own fonts, we disable +plugins, which prevents font enumeration. Additionally, we limit both the +number of font queries from CSS, as well as the total number of fonts that can +be used in a document <ulink url="https://gitweb.torproject.org/torbrowser.git/blob/maint-2.4:/src/current-pa…">with a Firefox patch</ulink>. We create two prefs, <command>browser.display.max_font_attempts</command> and <command>browser.display.max_font_count</command> for this purpose. Once these limits are reached, the browser behaves as if -<command>browser.display.use_document_fonts</command> was set. We are -still working to determine optimal values for these prefs. +<command>browser.display.use_document_fonts</command> was set. We are still +working to determine optimal values for these prefs. </para> <para> @@ -1604,52 +1652,81 @@ font (in any order), we use that font instead of any of the named local fonts. </para> </listitem> - <listitem>Desktop resolution, CSS Media Queries, and System Colors + <listitem>Monitor and Desktop resolution <para> Both CSS and Javascript have access to a lot of information about the screen resolution, usable desktop size, OS widget size, toolbar size, title bar size, -system theme colors, and other desktop features that are not at all relevant +screen orientation, and other desktop features that are not at all relevant to rendering and serve only to provide information for fingerprinting. </para> <para><command>Design Goal:</command> Our design goal here is to reduce the resolution information down to the bare -minimum required for properly rendering inside a content window. We intend to +minimum required for properly rendering inside a content window. We intend to report all rendering information correctly with respect to the size and properties of the content window, but report an effective size of 0 for all -border material, and also report that the desktop is only as big as the -inner content window. Additionally, new browser windows are sized such that -their content windows are one of a few fixed sizes based on the user's -desktop resolution. +border material, and also report that the desktop is only as big as the inner +content window. Additionally, new browser windows are sized such that their +content windows are one of a few fixed sizes based on the user's desktop +resolution. The user should also be informed that maximizing their windows can +lead to fingerprintability under this scheme. To further reduce +resolution-based fingerprinting, we are <ulink +url="https://trac.torproject.org/projects/tor/ticket/7256">investigating +zoom/viewport-based mechanisms</ulink> that might allow us to always report +the same desktop resolution regardless of the actual size of the content +window, and simply scale to make up the difference. </para> <para><command>Implementation Status:</command> + We have implemented the above strategy using a window observer to <ulink -url="https://gitweb.torproject.org/torbutton.git/blob/HEAD:/src/chrome/content/t…">resize +url="https://gitweb.torproject.org/torbutton.git/blob/HEAD:/src/chrome/content/t…">resize new windows based on desktop resolution</ulink>. Additionally, we patch Firefox to use the client content window size <ulink -url="https://gitweb.torproject.org/torbrowser.git/blob/maint-2.4:/src/current-pa…">for -window.screen</ulink> and <ulink -url="https://gitweb.torproject.org/torbrowser.git/blob/maint-2.4:/src/current-pa…">for -CSS Media Queries</ulink>. Similarly, we <ulink -url="https://gitweb.torproject.org/torbrowser.git/blob/maint-2.4:/src/current-pa…">patch -DOM events to return content window relative points</ulink>. We also patch -Firefox to <ulink -url="https://gitweb.torproject.org/torbrowser.git/blob/maint-2.4:/src/current-pa…">report -a fixed set of system colors to content window CSS</ulink>. +url="https://gitweb.torproject.org/tor-browser.git/commitdiff/8fc2421becd0ab0cfb…">for +window.screen</ulink>. Similarly, we <ulink +url="https://gitweb.torproject.org/tor-browser.git/commitdiff/81e7fc3a10d27b1d8f…">patch +DOM events to return content window relative points</ulink>. We also force +popups to open in new tabs (via +<command>browser.link.open_newwindow.restriction</command>), to avoid +full-screen popups inferring information about the browser resolution. In +addition, we prevent auto-maximizing on browser start, and are investigating a +user-friendly way of informing users that maximized windows are deterimental +to privacy in this mode. </para> + </listitem> + <listitem>CSS Media Queries <para> -To further reduce resolution-based fingerprinting, we are <ulink -url="https://trac.torproject.org/projects/tor/ticket/7256">investigating -zoom/viewport-based mechanisms</ulink> that might allow us to always report -the same desktop resolution regardless of the actual size of the content -window, and simply scale to make up the difference. However, the complexity -and rendering impact of such a change is not yet known. +Both CSS and Javascript have access to a lot of information about the screen +resolution, usable desktop size, OS widget size, toolbar size, title bar size, +system theme colors, and other desktop features that are not at all relevant +to rendering and serve only to provide information for fingerprinting. + + </para> + <para><command>Design Goal:</command> + + +In Private Browsing Mode, CSS should not be able infer anything that the user +has configured about their computer. Additionally, it should not be able to +infer machine-specific details such as screen orientation or type. + + </para> + <para><command>Implementation Status:</command> + +We patch +Firefox to <ulink +url="https://gitweb.torproject.org/tor-browser.git/commitdiff/30dc2c4290698af81c…">report +a fixed set of system colors to content window CSS</ulink>, and <ulink +url="https://gitweb.torproject.org/tor-browser.git/commitdiff/8f6e979d30598569de…">prevent +detection of font smoothing on OSX</ulink>. We also always +<ulink +url="https://gitweb.torproject.org/tor-browser.git/commitdiff/09561f0e5452305b9e…">report +landscape-primary</ulink> for the screen orientation. </para> </listitem> @@ -1674,6 +1751,11 @@ url="http://pseudo-flaw.net/tor/torbutton/fingerprint-firefox.html">can be used</ulink> to fingerprint OS, platform, and Firefox minor version. </para> </listitem> + <listitem>Locale Fingerprinting + <para> +XXX: 2. bug 10703: force the default charset to avoid locale fingerprinting + </para> + </listitem> <listitem>Timezone and clock offset <para><command>Design Goal:</command> @@ -1696,6 +1778,29 @@ use. </para> </listitem> + <listitem>Timezone and Clock skew fingerprinting + <para> + +While the latency in Tor connections varies anywhere from milliseconds to +several seconds, it is still possible for the remote site to detect large +differences between the user's clock and an official reference timesource. + </para> + + <para><command>Design Goal:</command> Ideally, the browser would be +able to correct the source of this clock drift using an external time source, +either through something like tlsdate, or directly through the Tor protocol. +Additionally, the timezone should be set to UTC. + + </para> + <para><command>Implementation Status:</command> + +Right now, we currently set the timezone to UTC via the +<command>TZ</command> environment variable, and randomize the TLS Hello +timestamp. However, we have not yet integrated tlsdate or an external +timesource. + + </para> + </listitem> <listitem>Javascript performance fingerprinting <para> @@ -1724,6 +1829,8 @@ optimum trade-off between quantization+jitter and amortization time. </para> <para><command>Implementation Status:</command> + + Currently, the only mitigation against performance fingerprinting is to disable <ulink url="http://www.w3.org/TR/navigation-timing/">Navigation Timing</ulink> through the Firefox preference @@ -1790,7 +1897,7 @@ All linkable identifiers and browser state MUST be cleared by this feature. <sect3> <title>Implementation Status:</title> - <blockquote> + <blockquote> <para> First, Torbutton disables Javascript in all open tabs and windows by using @@ -1814,8 +1921,9 @@ url="https://developer.mozilla.org/en-US/docs/Supporting_private_browsing_mode#P state), and then manually clear the following state: searchbox and findbox text, HTTP auth, SSL state, OCSP state, site-specific content preferences (including HSTS state), content and image cache, offline cache, Cookies, DOM -storage, DOM local storage, the safe browsing key, and the Google wifi geolocation -token (if it exists). +storage, crypto tokens, DOM local storage, the safe browsing key, and the +Google wifi geolocation token (if it exists). We also clear NoScript's site +and temporary permissions. </para> <para>

1 0

[translation/https_everywhere_completed] Update translations for https_everywhere_completed
by translation＠torproject.org 27 Oct '14

27 Oct '14

commit 27113f21df6345b399240acebcae8aca21e7aebc Author: Translation commit bot <translation(a)torproject.org> Date: Mon Oct 27 20:45:22 2014 +0000 Update translations for https_everywhere_completed --- el/https-everywhere.dtd | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/el/https-everywhere.dtd b/el/https-everywhere.dtd index 57f6e22..8355656 100644 --- a/el/https-everywhere.dtd +++ b/el/https-everywhere.dtd @@ -1,4 +1,4 @@ -<!ENTITY https-everywhere.about.title "Σχετικά με το HTTPS Everywhere"> +<!ENTITY https-everywhere.about.title "Σχετικά με το HTTPS Παντού"> <!ENTITY https-everywhere.about.ext_name "HTTPS Everywhere"> <!ENTITY https-everywhere.about.ext_description "Κρυπτογραφήστε τον Παγκόσμιο Ιστό! Χρησιμοποιήστε ασφάλεια HTTPS σε πολλούς δικτυακούς τόπους."> <!ENTITY https-everywhere.about.version "Έκδοση">

1 0

[translation/https_everywhere] Update translations for https_everywhere
by translation＠torproject.org 27 Oct '14

27 Oct '14

commit f8d1c496f9c04460fcc8ec2709e896a1a10da117 Author: Translation commit bot <translation(a)torproject.org> Date: Mon Oct 27 20:45:16 2014 +0000 Update translations for https_everywhere --- el/https-everywhere.dtd | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/el/https-everywhere.dtd b/el/https-everywhere.dtd index 57f6e22..8355656 100644 --- a/el/https-everywhere.dtd +++ b/el/https-everywhere.dtd @@ -1,4 +1,4 @@ -<!ENTITY https-everywhere.about.title "Σχετικά με το HTTPS Everywhere"> +<!ENTITY https-everywhere.about.title "Σχετικά με το HTTPS Παντού"> <!ENTITY https-everywhere.about.ext_name "HTTPS Everywhere"> <!ENTITY https-everywhere.about.ext_description "Κρυπτογραφήστε τον Παγκόσμιο Ιστό! Χρησιμοποιήστε ασφάλεια HTTPS σε πολλούς δικτυακούς τόπους."> <!ENTITY https-everywhere.about.version "Έκδοση">

1 0

[translation/tails-misc] Update translations for tails-misc
by translation＠torproject.org 27 Oct '14

27 Oct '14

commit cc7770a70c8ae8152ab8e75eb66f52ec152e4c99 Author: Translation commit bot <translation(a)torproject.org> Date: Mon Oct 27 20:15:37 2014 +0000 Update translations for tails-misc --- el.po | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/el.po b/el.po index e0ead7f..6cd47c4 100644 --- a/el.po +++ b/el.po @@ -14,7 +14,7 @@ msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2014-10-15 17:57+0200\n" -"PO-Revision-Date: 2014-10-27 19:31+0000\n" +"PO-Revision-Date: 2014-10-27 20:01+0000\n" "Last-Translator: Ellie El <ellie29(a)gmail.com>\n" "Language-Team: Greek (http://www.transifex.com/projects/p/torproject/language/el/)\n" "MIME-Version: 1.0\n" @@ -449,7 +449,7 @@ msgstr "Κάτι δεν πήγε καλά όταν ξεκινούσε το I2P. #: config/chroot_local-includes/usr/local/sbin/tails-i2p:42 msgid "I2P's router console is ready" -msgstr "" +msgstr "Η κονσόλα του δρομολογητή I2P είναι έτοιμη" #: config/chroot_local-includes/usr/local/sbin/tails-i2p:43 msgid "You can now access I2P's router console on http://127.0.0.1:7657." @@ -457,7 +457,7 @@ msgstr "" #: config/chroot_local-includes/usr/local/sbin/tails-i2p:48 msgid "I2P is not ready" -msgstr "" +msgstr "Ο I2P δεν είναι έτοιμος" #: config/chroot_local-includes/usr/local/sbin/tails-i2p:49 msgid "" @@ -468,7 +468,7 @@ msgstr "" #: config/chroot_local-includes/usr/local/sbin/tails-i2p:59 msgid "I2P is ready" -msgstr "" +msgstr "Ο I2P είναι έτοιμος" #: config/chroot_local-includes/usr/local/sbin/tails-i2p:60 msgid "You can now access services on I2P." @@ -521,7 +521,7 @@ msgstr "Tor Browser" #: ../config/chroot_local-includes/usr/share/applications/tor-browser.desktop.in.h:2 msgid "Anonymous Web Browser" -msgstr "" +msgstr "Ανώνυμο Πρόγραμμα Περιήγησης Ιστού" #: ../config/chroot_local-includes/usr/share/applications/unsafe-browser.desktop.in.h:2 msgid "Browse the World Wide Web without anonymity"

1 0

[translation/tails-misc] Update translations for tails-misc
by translation＠torproject.org 27 Oct '14

27 Oct '14

commit 1c2eab38bb75bb1b292b9caa54e5c6912dcb8099 Author: Translation commit bot <translation(a)torproject.org> Date: Mon Oct 27 19:45:38 2014 +0000 Update translations for tails-misc --- el.po | 43 ++++++++++++++++++++++--------------------- 1 file changed, 22 insertions(+), 21 deletions(-) diff --git a/el.po b/el.po index 5954fbd..e0ead7f 100644 --- a/el.po +++ b/el.po @@ -7,14 +7,15 @@ # Alex <hestia(a)riseup.net>, 2013 # andromeas <andromeas(a)hotmail.com>, 2014 # firespin <dartworldgr(a)hotmail.com>, 2014 +# Ellie El <ellie29(a)gmail.com>, 2014 # kotkotkot <kotakota(a)gmail.com>, 2013 msgid "" msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2014-10-10 13:00+0200\n" -"PO-Revision-Date: 2014-10-15 17:12+0000\n" -"Last-Translator: runasand <runa.sandvik(a)gmail.com>\n" +"POT-Creation-Date: 2014-10-15 17:57+0200\n" +"PO-Revision-Date: 2014-10-27 19:31+0000\n" +"Last-Translator: Ellie El <ellie29(a)gmail.com>\n" "Language-Team: Greek (http://www.transifex.com/projects/p/torproject/language/el/)\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" @@ -306,12 +307,12 @@ msgid "" msgstr "MAC πλαστογράφηση απέτυχε για την κάρτα δικτύου $ {nic_name} ($ {} nic). Η ανάκαμψη του λάθους επίσης απέτυχε, επομένως η δικτύωση είναι απενεργοποιημένη. \nΊσως προτιμάτε να κάνετε επανεκκίνηση του Tails και να απενεργοποιήσετε την πλαστογράφηση MAC. Δείτε την <a href='file:///usr/share/doc/first_steps/startup_options/mac_spoofing.en.html'>τεκμηρίωση</a>." #: config/chroot_local-includes/usr/local/bin/tails-upgrade-frontend-wrapper:19 -#: config/chroot_local-includes/usr/local/sbin/unsafe-browser:60 +#: config/chroot_local-includes/usr/local/sbin/unsafe-browser:62 msgid "error:" msgstr "σφάλμα:" #: config/chroot_local-includes/usr/local/bin/tails-upgrade-frontend-wrapper:20 -#: config/chroot_local-includes/usr/local/sbin/unsafe-browser:61 +#: config/chroot_local-includes/usr/local/sbin/unsafe-browser:63 msgid "Error" msgstr "Σφάλμα" @@ -361,63 +362,63 @@ msgstr "Εκκίνηση του Tor Browser" msgid "Cancel" msgstr "Άκυρον" -#: config/chroot_local-includes/usr/local/sbin/unsafe-browser:71 +#: config/chroot_local-includes/usr/local/sbin/unsafe-browser:73 msgid "Do you really want to launch the Unsafe Browser?" msgstr "Θέλετε πραγματικά να ξεκινήσετε τον μη ασφαλή Browser;" -#: config/chroot_local-includes/usr/local/sbin/unsafe-browser:73 +#: config/chroot_local-includes/usr/local/sbin/unsafe-browser:75 msgid "" "Network activity within the Unsafe Browser is not anonymous. Only use" " the Unsafe Browser if necessary, for example if you have to login or " "register to activate your Internet connection." msgstr "Η δικτυακή δραστηριότητα μέσω του μη ασφαλή Browser δεν είναι ασφαλής. Χρησιμοποιείστε τον Ανασφαλή Browser μόνο αν είναι απαραίτητο, για παράδειγμα εάν χρειάζεται να κάνετε login ή εγγραφή για να ενεργοποιήσετε τη συνδεσή σας στο διαδίκτυο." -#: config/chroot_local-includes/usr/local/sbin/unsafe-browser:74 +#: config/chroot_local-includes/usr/local/sbin/unsafe-browser:76 msgid "_Launch" msgstr "_Εκκίνηση" -#: config/chroot_local-includes/usr/local/sbin/unsafe-browser:75 +#: config/chroot_local-includes/usr/local/sbin/unsafe-browser:77 msgid "_Exit" msgstr "_Έξοδος" -#: config/chroot_local-includes/usr/local/sbin/unsafe-browser:85 +#: config/chroot_local-includes/usr/local/sbin/unsafe-browser:87 msgid "Starting the Unsafe Browser..." msgstr "Εκκίνηση του μη ασφαλή Browser..." -#: config/chroot_local-includes/usr/local/sbin/unsafe-browser:86 +#: config/chroot_local-includes/usr/local/sbin/unsafe-browser:88 msgid "This may take a while, so please be patient." msgstr "Αυτό μπορεί να πάρει λίγο χρόνο, παρακαλούμε κάντε υπομονή." -#: config/chroot_local-includes/usr/local/sbin/unsafe-browser:104 +#: config/chroot_local-includes/usr/local/sbin/unsafe-browser:106 msgid "Failed to setup chroot." msgstr "Αποτυχία ρύθμισης chroot." -#: config/chroot_local-includes/usr/local/sbin/unsafe-browser:184 +#: config/chroot_local-includes/usr/local/sbin/unsafe-browser:180 #: ../config/chroot_local-includes/usr/share/applications/unsafe-browser.desktop.in.h:1 msgid "Unsafe Browser" msgstr "Μη ασφαλής Browser" -#: config/chroot_local-includes/usr/local/sbin/unsafe-browser:240 +#: config/chroot_local-includes/usr/local/sbin/unsafe-browser:236 msgid "Shutting down the Unsafe Browser..." msgstr "Κλείσιμο του μη ασφαλή Browser..." -#: config/chroot_local-includes/usr/local/sbin/unsafe-browser:241 +#: config/chroot_local-includes/usr/local/sbin/unsafe-browser:237 msgid "" "This may take a while, and you may not restart the Unsafe Browser until it " "is properly shut down." msgstr "Αυτό μπορεί να πάρει λίγη ώρα, και δεν πρέπει να επανεκκινήσετε τον μη ασφαλή Browser μέχρι να κλείσει μόνος του σωστά." -#: config/chroot_local-includes/usr/local/sbin/unsafe-browser:253 +#: config/chroot_local-includes/usr/local/sbin/unsafe-browser:249 msgid "Failed to restart Tor." msgstr "Αποτυχία επανεκκίνησης του Tor." -#: config/chroot_local-includes/usr/local/sbin/unsafe-browser:261 +#: config/chroot_local-includes/usr/local/sbin/unsafe-browser:257 msgid "" "Another Unsafe Browser is currently running, or being cleaned up. Please " "retry in a while." msgstr "Ένας άλλος Μη-Ασφαλής Browser εκτελείται αυτή τη στιγμή, ή του γίνεται εκκαθάριση. Παρακαλώ δοκιμάστε ξανά σε λίγο." -#: config/chroot_local-includes/usr/local/sbin/unsafe-browser:274 +#: config/chroot_local-includes/usr/local/sbin/unsafe-browser:270 msgid "" "No DNS server was obtained through DHCP or manually configured in " "NetworkManager." @@ -425,7 +426,7 @@ msgstr "Δεν αποκτήθηκε DNS server μέσω DHCP ή μέσω χει #: config/chroot_local-includes/usr/share/tails/truecrypt-wrapper.disabled:11 msgid "TrueCrypt will be removed in Tails 1.2.1" -msgstr "" +msgstr "Το TrueCrypt θα αφαιρεθεί στην Tails 1.2.1" #: config/chroot_local-includes/usr/share/tails/truecrypt-wrapper.disabled:12 msgid "" @@ -434,7 +435,7 @@ msgid "" "recommend that you learn how to <a " "href='file:///usr/share/doc/tails/website/doc/encryption_and_privacy/truecrypt.en.html#cryptsetup'>open" " TrueCrypt volumes with cryptsetup</a> as soon as possible." -msgstr "" +msgstr "To TrueCrypt δεν υποστηρίζεται πια και οι ίδιοι οι δημιουργοί του λένε ότι δεν είναι ασφαλές. Γι' αυτό το λόγο θα αφαιρεθεί στην Tails 1.2.1 (25 Νοεμβρίου). Σας προτείνουμε να μάθετε πως να<a href='file:///usr/share/doc/tails/website/doc/encryption_and_privacy/truecrypt.en.html#cryptsetup'>ανοίγετε τόμους TrueCrypt με το cryptsetup όσο πιό σύντομα γίνεται." #: config/chroot_local-includes/usr/local/sbin/tails-i2p:30 msgid "I2P failed to start" @@ -444,7 +445,7 @@ msgstr "Το I2P απέτυχε να ξεκινήσει" msgid "" "Something went wrong when I2P was starting. Check the logs in /var/log/i2p " "for more information." -msgstr "" +msgstr "Κάτι δεν πήγε καλά όταν ξεκινούσε το I2P. Για περισσότερες πληροφορίες ελέγξτε τα αρχεία καταγραφής στο /var/log/i2p." #: config/chroot_local-includes/usr/local/sbin/tails-i2p:42 msgid "I2P's router console is ready"

1 0

[tor/master] Remove configure option to disable curve25519
by nickm＠torproject.org 27 Oct '14

27 Oct '14

commit 909aa51b3f4411b30bccbbf1dd9f876d150167fd Author: Sebastian Hahn <sebastian(a)torproject.org> Date: Mon Oct 27 14:37:50 2014 +0100 Remove configure option to disable curve25519 By now, support in the network is widespread and it's time to require more modern crypto on all Tor instances, whether they're clients or servers. By doing this early in 0.2.6, we can be sure that at some point all clients will have reasonable support. --- changes/bug13286 | 2 + configure.ac | 170 +++++++++++++++++++--------------------- src/common/crypto_curve25519.h | 2 - src/common/crypto_ed25519.h | 3 - src/common/include.am | 11 +-- src/or/circuitbuild.c | 20 ----- src/or/include.am | 8 +- src/or/onion.c | 22 ------ src/or/onion.h | 2 - src/or/onion_ntor.h | 3 - src/or/or.h | 2 - src/or/router.c | 22 ------ src/or/router.h | 2 - src/test/bench.c | 7 +- src/test/include.am | 6 -- src/test/test.c | 6 -- src/test/test_cell_formats.c | 8 -- src/test/test_crypto.c | 6 -- src/test/test_dir.c | 4 - src/test/test_ntor_cl.c | 4 - src/win32/orconfig.h | 1 - 21 files changed, 86 insertions(+), 225 deletions(-) diff --git a/changes/bug13286 b/changes/bug13286 new file mode 100644 index 0000000..0a7f9d7 --- /dev/null +++ b/changes/bug13286 @@ -0,0 +1,2 @@ + o Removed features: + Remove the --disable-curve25519 configure option. diff --git a/configure.ac b/configure.ac index 4c7da5d..b722854 100644 --- a/configure.ac +++ b/configure.ac @@ -39,8 +39,6 @@ AC_ARG_ENABLE(static-zlib, AS_HELP_STRING(--enable-static-zlib, Link against a static zlib library. Requires --with-zlib-dir)) AC_ARG_ENABLE(static-tor, AS_HELP_STRING(--enable-static-tor, Create an entirely static Tor binary. Requires --with-openssl-dir and --with-libevent-dir and --with-zlib-dir)) -AC_ARG_ENABLE(curve25519, - AS_HELP_STRING(--disable-curve25519, Build Tor with no curve25519 elliptic-curve crypto support)) AC_ARG_ENABLE(unittests, AS_HELP_STRING(--disable-unittests, [Don't build unit tests for Tor. Risky!])) AC_ARG_ENABLE(coverage, @@ -765,101 +763,92 @@ dnl ============================================================ dnl We need an implementation of curve25519. dnl set these defaults. -have_a_curve25519=no build_curve25519_donna=no build_curve25519_donna_c64=no use_curve25519_donna=no use_curve25519_nacl=no CURVE25519_LIBS= -if test x$enable_curve25519 != xno; then - - dnl The best choice is using curve25519-donna-c64, but that requires - dnl that we - AC_CACHE_CHECK([whether we can use curve25519-donna-c64], - tor_cv_can_use_curve25519_donna_c64, - [AC_RUN_IFELSE( - [AC_LANG_PROGRAM([dnl - #include <stdint.h> - typedef unsigned uint128_t __attribute__((mode(TI))); - int func(uint64_t a, uint64_t b) { - uint128_t c = ((uint128_t)a) * b; - int ok = ((uint64_t)(c>>96)) == 522859 && - (((uint64_t)(c>>64))&0xffffffffL) == 3604448702L && - (((uint64_t)(c>>32))&0xffffffffL) == 2351960064L && - (((uint64_t)(c))&0xffffffffL) == 0; - return ok; - } - ], [dnl - int ok = func( ((uint64_t)2000000000) * 1000000000, - ((uint64_t)1234567890) << 24); - return !ok; - ])], - [tor_cv_can_use_curve25519_donna_c64=yes], - [tor_cv_can_use_curve25519_donna_c64=no], - [AC_LINK_IFELSE( - [AC_LANG_PROGRAM([dnl - #include <stdint.h> - typedef unsigned uint128_t __attribute__((mode(TI))); - int func(uint64_t a, uint64_t b) { - uint128_t c = ((uint128_t)a) * b; - int ok = ((uint64_t)(c>>96)) == 522859 && - (((uint64_t)(c>>64))&0xffffffffL) == 3604448702L && - (((uint64_t)(c>>32))&0xffffffffL) == 2351960064L && - (((uint64_t)(c))&0xffffffffL) == 0; - return ok; - } - ], [dnl - int ok = func( ((uint64_t)2000000000) * 1000000000, - ((uint64_t)1234567890) << 24); - return !ok; - ])], - [tor_cv_can_use_curve25519_donna_c64=cross], - [tor_cv_can_use_curve25519_donna_c64=no])])]) - - AC_CHECK_HEADERS([crypto_scalarmult_curve25519.h \ - nacl/crypto_scalarmult_curve25519.h]) - - AC_CACHE_CHECK([for nacl compiled with a fast curve25519 implementation], - tor_cv_can_use_curve25519_nacl, - [tor_saved_LIBS="$LIBS" - LIBS="$LIBS -lnacl" - AC_LINK_IFELSE( - [AC_LANG_PROGRAM([dnl - #ifdef HAVE_CRYPTO_SCALARMULT_CURVE25519_H - #include <crypto_scalarmult_curve25519.h> - #elif defined(HAVE_NACL_CRYPTO_SCALARMULT_CURVE25519_H) - #include <nacl/crypto_scalarmult_curve25519.h> - #endif - #ifdef crypto_scalarmult_curve25519_ref_BYTES - #error Hey, this is the reference implementation! That's not fast. - #endif - ], [ - unsigned char *a, *b, *c; crypto_scalarmult_curve25519(a,b,c); - ])], [tor_cv_can_use_curve25519_nacl=yes], - [tor_cv_can_use_curve25519_nacl=no]) - LIBS="$tor_saved_LIBS" ]) - - dnl Okay, now we need to figure out which one to actually use. Fall back - dnl to curve25519-donna.c - - if test x$tor_cv_can_use_curve25519_donna_c64 != xno; then - build_curve25519_donna_c64=yes - use_curve25519_donna=yes - elif test x$tor_cv_can_use_curve25519_nacl = xyes; then - use_curve25519_nacl=yes - CURVE25519_LIBS=-lnacl - else - build_curve25519_donna=yes - use_curve25519_donna=yes - fi - have_a_curve25519=yes -fi +dnl The best choice is using curve25519-donna-c64, but that requires +dnl that we +AC_CACHE_CHECK([whether we can use curve25519-donna-c64], + tor_cv_can_use_curve25519_donna_c64, + [AC_RUN_IFELSE( + [AC_LANG_PROGRAM([dnl + #include <stdint.h> + typedef unsigned uint128_t __attribute__((mode(TI))); + int func(uint64_t a, uint64_t b) { + uint128_t c = ((uint128_t)a) * b; + int ok = ((uint64_t)(c>>96)) == 522859 && + (((uint64_t)(c>>64))&0xffffffffL) == 3604448702L && + (((uint64_t)(c>>32))&0xffffffffL) == 2351960064L && + (((uint64_t)(c))&0xffffffffL) == 0; + return ok; + } + ], [dnl + int ok = func( ((uint64_t)2000000000) * 1000000000, + ((uint64_t)1234567890) << 24); + return !ok; + ])], + [tor_cv_can_use_curve25519_donna_c64=yes], + [tor_cv_can_use_curve25519_donna_c64=no], + [AC_LINK_IFELSE( + [AC_LANG_PROGRAM([dnl + #include <stdint.h> + typedef unsigned uint128_t __attribute__((mode(TI))); + int func(uint64_t a, uint64_t b) { + uint128_t c = ((uint128_t)a) * b; + int ok = ((uint64_t)(c>>96)) == 522859 && + (((uint64_t)(c>>64))&0xffffffffL) == 3604448702L && + (((uint64_t)(c>>32))&0xffffffffL) == 2351960064L && + (((uint64_t)(c))&0xffffffffL) == 0; + return ok; + } + ], [dnl + int ok = func( ((uint64_t)2000000000) * 1000000000, + ((uint64_t)1234567890) << 24); + return !ok; + ])], + [tor_cv_can_use_curve25519_donna_c64=cross], + [tor_cv_can_use_curve25519_donna_c64=no])])]) + +AC_CHECK_HEADERS([crypto_scalarmult_curve25519.h \ + nacl/crypto_scalarmult_curve25519.h]) + +AC_CACHE_CHECK([for nacl compiled with a fast curve25519 implementation], + tor_cv_can_use_curve25519_nacl, + [tor_saved_LIBS="$LIBS" + LIBS="$LIBS -lnacl" + AC_LINK_IFELSE( + [AC_LANG_PROGRAM([dnl + #ifdef HAVE_CRYPTO_SCALARMULT_CURVE25519_H + #include <crypto_scalarmult_curve25519.h> + #elif defined(HAVE_NACL_CRYPTO_SCALARMULT_CURVE25519_H) + #include <nacl/crypto_scalarmult_curve25519.h> + #endif + #ifdef crypto_scalarmult_curve25519_ref_BYTES + #error Hey, this is the reference implementation! That's not fast. + #endif + ], [ + unsigned char *a, *b, *c; crypto_scalarmult_curve25519(a,b,c); + ])], [tor_cv_can_use_curve25519_nacl=yes], + [tor_cv_can_use_curve25519_nacl=no]) + LIBS="$tor_saved_LIBS" ]) + + dnl Okay, now we need to figure out which one to actually use. Fall back + dnl to curve25519-donna.c + + if test x$tor_cv_can_use_curve25519_donna_c64 != xno; then + build_curve25519_donna_c64=yes + use_curve25519_donna=yes + elif test x$tor_cv_can_use_curve25519_nacl = xyes; then + use_curve25519_nacl=yes + CURVE25519_LIBS=-lnacl + else + build_curve25519_donna=yes + use_curve25519_donna=yes + fi -if test x$have_a_curve25519 = xyes; then - AC_DEFINE(CURVE25519_ENABLED, 1, - [Defined if we have a curve25519 implementation]) -fi if test x$use_curve25519_donna = xyes; then AC_DEFINE(USE_CURVE25519_DONNA, 1, [Defined if we should use an internal curve25519_donna{,_c64} implementation]) @@ -870,7 +859,6 @@ if test x$use_curve25519_nacl = xyes; then fi AM_CONDITIONAL(BUILD_CURVE25519_DONNA, test x$build_curve25519_donna = xyes) AM_CONDITIONAL(BUILD_CURVE25519_DONNA_C64, test x$build_curve25519_donna_c64 = xyes) -AM_CONDITIONAL(CURVE25519_ENABLED, test x$have_a_curve25519 = xyes) AC_SUBST(CURVE25519_LIBS) dnl Make sure to enable support for large off_t if available. diff --git a/src/common/crypto_curve25519.h b/src/common/crypto_curve25519.h index 404f99c..11254c8 100644 --- a/src/common/crypto_curve25519.h +++ b/src/common/crypto_curve25519.h @@ -30,7 +30,6 @@ typedef struct curve25519_keypair_t { curve25519_secret_key_t seckey; } curve25519_keypair_t; -#ifdef CURVE25519_ENABLED /* These functions require that we actually know how to use curve25519 keys. * The other data structures and functions in this header let us parse them, * store them, and move them around. @@ -63,7 +62,6 @@ int curve25519_rand_seckey_bytes(uint8_t *out, int extra_strong); STATIC int curve25519_impl(uint8_t *output, const uint8_t *secret, const uint8_t *basepoint); #endif -#endif #define CURVE25519_BASE64_PADDED_LEN 44 diff --git a/src/common/crypto_ed25519.h b/src/common/crypto_ed25519.h index 13b05c7..1a481b4 100644 --- a/src/common/crypto_ed25519.h +++ b/src/common/crypto_ed25519.h @@ -39,7 +39,6 @@ typedef struct { ed25519_secret_key_t seckey; } ed25519_keypair_t; -#ifdef CURVE25519_ENABLED int ed25519_secret_key_generate(ed25519_secret_key_t *seckey_out, int extra_strong); int ed25519_secret_key_from_seed(ed25519_secret_key_t *seckey_out, @@ -88,8 +87,6 @@ int ed25519_public_blind(ed25519_public_key_t *out, const ed25519_public_key_t *inp, const uint8_t *param); -#endif - #define ED25519_BASE64_LEN 43 int ed25519_public_from_base64(ed25519_public_key_t *pkey, diff --git a/src/common/include.am b/src/common/include.am index 5c000e8..6441596 100644 --- a/src/common/include.am +++ b/src/common/include.am @@ -54,12 +54,6 @@ endif LIBDONNA += $(LIBED25519_REF10) -if CURVE25519_ENABLED -libcrypto_extra_source = \ - src/common/crypto_curve25519.c \ - src/common/crypto_ed25519.c -endif - LIBOR_A_SOURCES = \ src/common/address.c \ src/common/backtrace.c \ @@ -85,8 +79,9 @@ LIBOR_CRYPTO_A_SOURCES = \ src/common/crypto_format.c \ src/common/torgzip.c \ src/common/tortls.c \ - src/trunnel/pwbox.c \ - $(libcrypto_extra_source) + src/trunnel/pwbox.c \ + src/common/crypto_curve25519.c \ + src/common/crypto_ed25519.c LIBOR_EVENT_A_SOURCES = \ src/common/compat_libevent.c \ diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c index edf7d28..c345ef1 100644 --- a/src/or/circuitbuild.c +++ b/src/or/circuitbuild.c @@ -59,9 +59,7 @@ static crypt_path_t *onion_next_hop_in_cpath(crypt_path_t *cpath); static int onion_extend_cpath(origin_circuit_t *circ); static int count_acceptable_nodes(smartlist_t *routers); static int onion_append_hop(crypt_path_t **head_ptr, extend_info_t *choice); -#ifdef CURVE25519_ENABLED static int circuits_can_use_ntor(void); -#endif /** This function tries to get a channel to the specified endpoint, * and then calls command_setup_channel() to give it the right @@ -368,7 +366,6 @@ circuit_rep_hist_note_result(origin_circuit_t *circ) } while (hop!=circ->cpath); } -#ifdef CURVE25519_ENABLED /** Return 1 iff at least one node in circ's cpath supports ntor. */ static int circuit_cpath_supports_ntor(const origin_circuit_t *circ) @@ -388,9 +385,6 @@ circuit_cpath_supports_ntor(const origin_circuit_t *circ) return 0; } -#else -#define circuit_cpath_supports_ntor(circ) 0 -#endif /** Pick all the entries in our cpath. Stop and return 0 when we're * happy, or return -1 if an error occurs. */ @@ -398,11 +392,7 @@ static int onion_populate_cpath(origin_circuit_t *circ) { int n_tries = 0; -#ifdef CURVE25519_ENABLED const int using_ntor = circuits_can_use_ntor(); -#else - const int using_ntor = 0; -#endif #define MAX_POPULATE_ATTEMPTS 32 @@ -772,7 +762,6 @@ circuit_timeout_want_to_count_circ(origin_circuit_t *circ) && circ->build_state->desired_path_len == DEFAULT_ROUTE_LEN; } -#ifdef CURVE25519_ENABLED /** Return true if the ntor handshake is enabled in the configuration, or if * it's been set to "auto" in the configuration and it's enabled in the * consensus. */ @@ -784,7 +773,6 @@ circuits_can_use_ntor(void) return options->UseNTorHandshake; return networkstatus_get_param(NULL, "UseNTorHandshake", 0, 0, 1); } -#endif /** Decide whether to use a TAP or ntor handshake for connecting to ei * directly, and set *cell_type_out and *handshake_type_out @@ -794,7 +782,6 @@ circuit_pick_create_handshake(uint8_t *cell_type_out, uint16_t *handshake_type_out, const extend_info_t *ei) { -#ifdef CURVE25519_ENABLED if (!tor_mem_is_zero((const char*)ei->curve25519_onion_key.public_key, CURVE25519_PUBKEY_LEN) && circuits_can_use_ntor()) { @@ -802,9 +789,6 @@ circuit_pick_create_handshake(uint8_t *cell_type_out, *handshake_type_out = ONION_HANDSHAKE_TYPE_NTOR; return; } -#else - (void) ei; -#endif *cell_type_out = CELL_CREATE; *handshake_type_out = ONION_HANDSHAKE_TYPE_TAP; @@ -2198,13 +2182,9 @@ extend_info_new(const char *nickname, const char *digest, strlcpy(info->nickname, nickname, sizeof(info->nickname)); if (onion_key) info->onion_key = crypto_pk_dup_key(onion_key); -#ifdef CURVE25519_ENABLED if (curve25519_key) memcpy(&info->curve25519_onion_key, curve25519_key, sizeof(curve25519_public_key_t)); -#else - (void)curve25519_key; -#endif tor_addr_copy(&info->addr, addr); info->port = port; return info; diff --git a/src/or/include.am b/src/or/include.am index 47bdd09..0f53f00 100644 --- a/src/or/include.am +++ b/src/or/include.am @@ -23,12 +23,6 @@ else evdns_source=src/ext/eventdns.c endif -if CURVE25519_ENABLED -onion_ntor_source=src/or/onion_ntor.c -else -onion_ntor_source= -endif - LIBTOR_A_SOURCES = \ src/or/addressmap.c \ src/or/buffers.c \ @@ -82,9 +76,9 @@ LIBTOR_A_SOURCES = \ src/or/routerset.c \ src/or/statefile.c \ src/or/status.c \ + src/or/onion_ntor.c \ $(evdns_source) \ $(tor_platform_source) \ - $(onion_ntor_source) \ src/or/config_codedigest.c src_or_libtor_a_SOURCES = $(LIBTOR_A_SOURCES) diff --git a/src/or/onion.c b/src/or/onion.c index ae39f45..fb00448 100644 --- a/src/or/onion.c +++ b/src/or/onion.c @@ -111,15 +111,11 @@ have_room_for_onionskin(uint16_t type) (uint64_t)options->MaxOnionQueueDelay) return 0; -#ifdef CURVE25519_ENABLED /* If we support the ntor handshake, then don't let TAP handshakes use * more than 2/3 of the space on the queue. */ if (type == ONION_HANDSHAKE_TYPE_TAP && tap_usec / 1000 > (uint64_t)options->MaxOnionQueueDelay * 2 / 3) return 0; -#else - (void) type; -#endif return 1; } @@ -353,11 +349,9 @@ setup_server_onion_keys(server_onion_keys_t *keys) memset(keys, 0, sizeof(server_onion_keys_t)); memcpy(keys->my_identity, router_get_my_id_digest(), DIGEST_LEN); dup_onion_keys(&keys->onion_key, &keys->last_onion_key); -#ifdef CURVE25519_ENABLED keys->curve25519_key_map = construct_ntor_key_map(); keys->junk_keypair = tor_malloc_zero(sizeof(curve25519_keypair_t)); curve25519_keypair_generate(keys->junk_keypair, 0); -#endif } /** Release all storage held in keys, but do not free keys @@ -370,10 +364,8 @@ release_server_onion_keys(server_onion_keys_t *keys) crypto_pk_free(keys->onion_key); crypto_pk_free(keys->last_onion_key); -#ifdef CURVE25519_ENABLED ntor_key_map_free(keys->curve25519_key_map); tor_free(keys->junk_keypair); -#endif memset(keys, 0, sizeof(server_onion_keys_t)); } @@ -391,12 +383,10 @@ onion_handshake_state_release(onion_handshake_state_t *state) fast_handshake_state_free(state->u.fast); state->u.fast = NULL; break; -#ifdef CURVE25519_ENABLED case ONION_HANDSHAKE_TYPE_NTOR: ntor_handshake_state_free(state->u.ntor); state->u.ntor = NULL; break; -#endif default: log_warn(LD_BUG, "called with unknown handshake state type %d", (int)state->tag); @@ -436,7 +426,6 @@ onion_skin_create(int type, r = CREATE_FAST_LEN; break; case ONION_HANDSHAKE_TYPE_NTOR: -#ifdef CURVE25519_ENABLED if (tor_mem_is_zero((const char*)node->curve25519_onion_key.public_key, CURVE25519_PUBKEY_LEN)) return -1; @@ -447,9 +436,6 @@ onion_skin_create(int type, return -1; r = NTOR_ONIONSKIN_LEN; -#else - return -1; -#endif break; default: log_warn(LD_BUG, "called with unknown handshake state type %d", type); @@ -501,7 +487,6 @@ onion_skin_server_handshake(int type, memcpy(rend_nonce_out, reply_out+DIGEST_LEN, DIGEST_LEN); break; case ONION_HANDSHAKE_TYPE_NTOR: -#ifdef CURVE25519_ENABLED if (onionskin_len < NTOR_ONIONSKIN_LEN) return -1; { @@ -522,9 +507,6 @@ onion_skin_server_handshake(int type, tor_free(keys_tmp); r = NTOR_REPLY_LEN; } -#else - return -1; -#endif break; default: log_warn(LD_BUG, "called with unknown handshake state type %d", type); @@ -577,7 +559,6 @@ onion_skin_client_handshake(int type, memcpy(rend_authenticator_out, reply+DIGEST_LEN, DIGEST_LEN); return 0; -#ifdef CURVE25519_ENABLED case ONION_HANDSHAKE_TYPE_NTOR: if (reply_len < NTOR_REPLY_LEN) { log_warn(LD_CIRC, "ntor reply was not of the correct length."); @@ -598,7 +579,6 @@ onion_skin_client_handshake(int type, tor_free(keys_tmp); } return 0; -#endif default: log_warn(LD_BUG, "called with unknown handshake state type %d", type); tor_fragile_assert(); @@ -637,12 +617,10 @@ check_create_cell(const create_cell_t *cell, int unknown_ok) if (cell->handshake_len != CREATE_FAST_LEN) return -1; break; -#ifdef CURVE25519_ENABLED case ONION_HANDSHAKE_TYPE_NTOR: if (cell->handshake_len != NTOR_ONIONSKIN_LEN) return -1; break; -#endif default: if (! unknown_ok) return -1; diff --git a/src/or/onion.h b/src/or/onion.h index d62f032..3620019 100644 --- a/src/or/onion.h +++ b/src/or/onion.h @@ -23,10 +23,8 @@ typedef struct server_onion_keys_t { uint8_t my_identity[DIGEST_LEN]; crypto_pk_t *onion_key; crypto_pk_t *last_onion_key; -#ifdef CURVE25519_ENABLED di_digest256_map_t *curve25519_key_map; curve25519_keypair_t *junk_keypair; -#endif } server_onion_keys_t; #define MAX_ONIONSKIN_CHALLENGE_LEN 255 diff --git a/src/or/onion_ntor.h b/src/or/onion_ntor.h index c942e6e..349c944 100644 --- a/src/or/onion_ntor.h +++ b/src/or/onion_ntor.h @@ -17,7 +17,6 @@ typedef struct ntor_handshake_state_t ntor_handshake_state_t; /** Length of an ntor reply, as sent from server to client. */ #define NTOR_REPLY_LEN 64 -#ifdef CURVE25519_ENABLED void ntor_handshake_state_free(ntor_handshake_state_t *state); int onion_skin_ntor_create(const uint8_t *router_id, @@ -59,5 +58,3 @@ struct ntor_handshake_state_t { #endif -#endif - diff --git a/src/or/or.h b/src/or/or.h index 3adec7a..115b92d 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -2554,9 +2554,7 @@ typedef struct extend_info_t { uint16_t port; /**< OR port. */ tor_addr_t addr; /**< IP address. */ crypto_pk_t *onion_key; /**< Current onionskin key. */ -#ifdef CURVE25519_ENABLED curve25519_public_key_t curve25519_onion_key; -#endif } extend_info_t; /** Certificate for v3 directory protocol: binds long-term authority identity diff --git a/src/or/router.c b/src/or/router.c index bbbf9c4..2a21b81 100644 --- a/src/or/router.c +++ b/src/or/router.c @@ -55,13 +55,11 @@ static crypto_pk_t *onionkey=NULL; /** Previous private onionskin decryption key: used to decode CREATE cells * generated by clients that have an older version of our descriptor. */ static crypto_pk_t *lastonionkey=NULL; -#ifdef CURVE25519_ENABLED /** Current private ntor secret key: used to perform the ntor handshake. */ static curve25519_keypair_t curve25519_onion_key; /** Previous private ntor secret key: used to perform the ntor handshake * with clients that have an older version of our descriptor. */ static curve25519_keypair_t last_curve25519_onion_key; -#endif /** Private server "identity key": used to sign directory info and TLS * certificates. Never changes. */ static crypto_pk_t *server_identitykey=NULL; @@ -134,7 +132,6 @@ dup_onion_keys(crypto_pk_t **key, crypto_pk_t **last) tor_mutex_release(key_lock); } -#ifdef CURVE25519_ENABLED /** Return the current secret onion key for the ntor handshake. Must only * be called from the main thread. */ static const curve25519_keypair_t * @@ -181,7 +178,6 @@ ntor_key_map_free(di_digest256_map_t *map) return; dimap_free(map, ntor_key_map_free_helper); } -#endif /** Return the time when the onion key was last set. This is either the time * when the process launched, or the time of the most recent key rotation since @@ -313,9 +309,7 @@ rotate_onion_key(void) char *fname, *fname_prev; crypto_pk_t *prkey = NULL; or_state_t *state = get_or_state(); -#ifdef CURVE25519_ENABLED curve25519_keypair_t new_curve25519_keypair; -#endif time_t now; fname = get_datadir_fname2("keys", "secret_onion_key"); fname_prev = get_datadir_fname2("keys", "secret_onion_key.old"); @@ -335,7 +329,6 @@ rotate_onion_key(void) log_err(LD_FS,"Couldn't write generated onion key to \"%s\".", fname); goto error; } -#ifdef CURVE25519_ENABLED tor_free(fname); tor_free(fname_prev); fname = get_datadir_fname2("keys", "secret_onion_key_ntor"); @@ -351,18 +344,15 @@ rotate_onion_key(void) log_err(LD_FS,"Couldn't write curve25519 onion key to \"%s\".",fname); goto error; } -#endif log_info(LD_GENERAL, "Rotating onion key"); tor_mutex_acquire(key_lock); crypto_pk_free(lastonionkey); lastonionkey = onionkey; onionkey = prkey; -#ifdef CURVE25519_ENABLED memcpy(&last_curve25519_onion_key, &curve25519_onion_key, sizeof(curve25519_keypair_t)); memcpy(&curve25519_onion_key, &new_curve25519_keypair, sizeof(curve25519_keypair_t)); -#endif now = time(NULL); state->LastRotatedOnionKey = onionkey_set_at = now; tor_mutex_release(key_lock); @@ -374,9 +364,7 @@ rotate_onion_key(void) if (prkey) crypto_pk_free(prkey); done: -#ifdef CURVE25519_ENABLED memwipe(&new_curve25519_keypair, 0, sizeof(new_curve25519_keypair)); -#endif tor_free(fname); tor_free(fname_prev); } @@ -450,7 +438,6 @@ init_key_from_file(const char *fname, int generate, int severity) return NULL; } -#ifdef CURVE25519_ENABLED /** Load a curve25519 keypair from the file fname, writing it into * keys_out. If the file isn't found and generate is true, * create a new keypair and write it into the file. If there are errors, log @@ -519,7 +506,6 @@ init_curve25519_keypair_from_file(curve25519_keypair_t *keys_out, error: return -1; } -#endif /** Try to load the vote-signing private key and certificate for being a v3 * directory authority, and make sure they match. If legacy, load a @@ -875,7 +861,6 @@ init_keys(void) } tor_free(keydir); -#ifdef CURVE25519_ENABLED { /* 2b. Load curve25519 onion keys. */ int r; @@ -896,7 +881,6 @@ init_keys(void) } tor_free(keydir); } -#endif /* 3. Initialize link key and TLS context. */ if (router_initialize_tls_context() < 0) { @@ -1806,11 +1790,9 @@ router_rebuild_descriptor(int force) ri->cache_info.published_on = time(NULL); ri->onion_pkey = crypto_pk_dup_key(get_onion_key()); /* must invoke from * main thread */ -#ifdef CURVE25519_ENABLED ri->onion_curve25519_pkey = tor_memdup(&get_current_curve25519_keypair()->pubkey, sizeof(curve25519_public_key_t)); -#endif /* For now, at most one IPv6 or-address is being advertised. */ { @@ -2389,7 +2371,6 @@ router_dump_router_to_string(routerinfo_t *router, smartlist_add_asprintf(chunks, "contact %s\n", ci); } -#ifdef CURVE25519_ENABLED if (router->onion_curve25519_pkey) { char kbuf[128]; base64_encode(kbuf, sizeof(kbuf), @@ -2397,7 +2378,6 @@ router_dump_router_to_string(routerinfo_t *router, CURVE25519_PUBKEY_LEN); smartlist_add_asprintf(chunks, "ntor-onion-key %s", kbuf); } -#endif /* Write the exit policy to the end of 's'. */ if (!router->exit_policy || !smartlist_len(router->exit_policy)) { @@ -3073,10 +3053,8 @@ router_free_all(void) crypto_pk_free(legacy_signing_key); authority_cert_free(legacy_key_certificate); -#ifdef CURVE25519_ENABLED memwipe(&curve25519_onion_key, 0, sizeof(curve25519_onion_key)); memwipe(&last_curve25519_onion_key, 0, sizeof(last_curve25519_onion_key)); -#endif if (warned_nonexistent_family) { SMARTLIST_FOREACH(warned_nonexistent_family, char *, cp, tor_free(cp)); diff --git a/src/or/router.h b/src/or/router.h index d18ff06..cedbc08 100644 --- a/src/or/router.h +++ b/src/or/router.h @@ -32,10 +32,8 @@ crypto_pk_t *init_key_from_file(const char *fname, int generate, int severity); void v3_authority_check_key_expiry(void); -#ifdef CURVE25519_ENABLED di_digest256_map_t *construct_ntor_key_map(void); void ntor_key_map_free(di_digest256_map_t *map); -#endif int router_initialize_tls_context(void); int init_keys(void); diff --git a/src/test/bench.c b/src/test/bench.c index 8252998..3a9432b 100644 --- a/src/test/bench.c +++ b/src/test/bench.c @@ -26,10 +26,8 @@ const char tor_git_revision[] = ""; #endif #include "config.h" -#ifdef CURVE25519_ENABLED #include "crypto_curve25519.h" #include "onion_ntor.h" -#endif #include "crypto_ed25519.h" #if defined(HAVE_CLOCK_GETTIME) && defined(CLOCK_PROCESS_CPUTIME_ID) @@ -179,7 +177,6 @@ bench_onion_TAP(void) crypto_pk_free(key2); } -#ifdef CURVE25519_ENABLED static void bench_onion_ntor(void) { @@ -293,7 +290,6 @@ bench_ed25519(void) printf("Blind a public key: %.2f usec\n", MICROCOUNT(start, end, iters)); } -#endif static void bench_cell_aes(void) @@ -573,10 +569,9 @@ static struct benchmark_t benchmarks[] = { ENT(siphash), ENT(aes), ENT(onion_TAP), -#ifdef CURVE25519_ENABLED ENT(onion_ntor), ENT(ed25519), -#endif + ENT(cell_aes), ENT(cell_ops), ENT(dh), diff --git a/src/test/include.am b/src/test/include.am index 8d05b3b..d0f3224 100644 --- a/src/test/include.am +++ b/src/test/include.am @@ -80,7 +80,6 @@ noinst_HEADERS+= \ src/test/failing_routerdescs.inc \ src/test/ed25519_vectors.inc -if CURVE25519_ENABLED noinst_PROGRAMS+= src/test/test-ntor-cl src_test_test_ntor_cl_SOURCES = src/test/test_ntor_cl.c src_test_test_ntor_cl_LDFLAGS = @TOR_LDFLAGS_zlib@ @TOR_LDFLAGS_openssl@ @@ -91,9 +90,6 @@ src_test_test_ntor_cl_LDADD = src/or/libtor.a src/common/libor.a \ src_test_test_ntor_cl_AM_CPPFLAGS = \ -I"$(top_srcdir)/src/or" NTOR_TEST_DEPS=src/test/test-ntor-cl -else -NTOR_TEST_DEPS= -endif if COVERAGE_ENABLED CMDLINE_TEST_TOR = ./src/or/tor-cov @@ -113,10 +109,8 @@ src_test_test_bt_cl_CPPFLAGS= $(src_test_AM_CPPFLAGS) check-local: $(NTOR_TEST_DEPS) $(CMDLINE_TEST_TOR) if USEPYTHON $(PYTHON) $(top_srcdir)/src/test/test_cmdline_args.py $(CMDLINE_TEST_TOR) "${top_srcdir}" -if CURVE25519_ENABLED $(PYTHON) $(top_srcdir)/src/test/ntor_ref.py test-tor $(PYTHON) $(top_srcdir)/src/test/ntor_ref.py self-test -endif ./src/test/test-bt-cl assert | $(PYTHON) $(top_srcdir)/src/test/bt_test.py ./src/test/test-bt-cl crash | $(PYTHON) $(top_srcdir)/src/test/bt_test.py endif diff --git a/src/test/test.c b/src/test/test.c index 16ad6f3..9878d13 100644 --- a/src/test/test.c +++ b/src/test/test.c @@ -64,10 +64,8 @@ double fabs(double x); #include "rephist.h" #include "routerparse.h" #include "statefile.h" -#ifdef CURVE25519_ENABLED #include "crypto_curve25519.h" #include "onion_ntor.h" -#endif #ifdef USE_DMALLOC #include <dmalloc.h> @@ -365,7 +363,6 @@ test_bad_onion_handshake(void *arg) crypto_pk_free(pk2); } -#ifdef CURVE25519_ENABLED static void test_ntor_handshake(void *arg) { @@ -417,7 +414,6 @@ test_ntor_handshake(void *arg) ntor_handshake_state_free(c_state); dimap_free(s_keymap, NULL); } -#endif /** Run unit tests for the onion queues. */ static void @@ -1267,9 +1263,7 @@ static struct testcase_t test_array[] = { ENT(onion_handshake), { "bad_onion_handshake", test_bad_onion_handshake, 0, NULL, NULL }, ENT(onion_queues), -#ifdef CURVE25519_ENABLED { "ntor_handshake", test_ntor_handshake, 0, NULL, NULL }, -#endif ENT(circuit_timeout), ENT(rend_fns), ENT(geoip), diff --git a/src/test/test_cell_formats.c b/src/test/test_cell_formats.c index 995e519..211eebc 100644 --- a/src/test/test_cell_formats.c +++ b/src/test/test_cell_formats.c @@ -445,7 +445,6 @@ test_cfmt_create_cells(void *arg) cell.command = CELL_CREATE2; memcpy(cell.payload, "\x00\x02\x00\x54", 4); /* ntor, 84 bytes long */ memcpy(cell.payload+4, b, NTOR_ONIONSKIN_LEN); -#ifdef CURVE25519_ENABLED tt_int_op(0, ==, create_cell_parse(&cc, &cell)); tt_int_op(CELL_CREATE2, ==, cc.cell_type); tt_int_op(ONION_HANDSHAKE_TYPE_NTOR, ==, cc.handshake_type); @@ -454,9 +453,6 @@ test_cfmt_create_cells(void *arg) tt_int_op(0, ==, create_cell_format(&cell2, &cc)); tt_int_op(cell.command, ==, cell2.command); tt_mem_op(cell.payload,==, cell2.payload, CELL_PAYLOAD_SIZE); -#else - tt_int_op(-1, ==, create_cell_parse(&cc, &cell)); -#endif /* A valid create cell with an ntor payload, in legacy format. */ memset(&cell, 0, sizeof(cell)); @@ -465,7 +461,6 @@ test_cfmt_create_cells(void *arg) cell.command = CELL_CREATE; memcpy(cell.payload, "ntorNTORntorNTOR", 16); memcpy(cell.payload+16, b, NTOR_ONIONSKIN_LEN); -#ifdef CURVE25519_ENABLED tt_int_op(0, ==, create_cell_parse(&cc, &cell)); tt_int_op(CELL_CREATE, ==, cc.cell_type); tt_int_op(ONION_HANDSHAKE_TYPE_NTOR, ==, cc.handshake_type); @@ -474,9 +469,6 @@ test_cfmt_create_cells(void *arg) tt_int_op(0, ==, create_cell_format(&cell2, &cc)); tt_int_op(cell.command, ==, cell2.command); tt_mem_op(cell.payload,==, cell2.payload, CELL_PAYLOAD_SIZE); -#else - tt_int_op(-1, ==, create_cell_parse(&cc, &cell)); -#endif /* == Okay, now let's try to parse some impossible stuff. */ diff --git a/src/test/test_crypto.c b/src/test/test_crypto.c index 795c603..45370c1 100644 --- a/src/test/test_crypto.c +++ b/src/test/test_crypto.c @@ -11,9 +11,7 @@ #include "aes.h" #include "util.h" #include "siphash.h" -#ifdef CURVE25519_ENABLED #include "crypto_curve25519.h" -#endif #include "crypto_ed25519.h" #include "ed25519_vectors.inc" #include "crypto_s2k.h" @@ -1332,7 +1330,6 @@ test_crypto_hkdf_sha256(void *arg) #undef EXPAND } -#ifdef CURVE25519_ENABLED static void test_crypto_curve25519_impl(void *arg) { @@ -1876,7 +1873,6 @@ test_crypto_ed25519_testvectors(void *arg) done: tor_free(mem_op_hex_tmp); } -#endif /* CURVE25519_ENABLED */ static void test_crypto_siphash(void *arg) @@ -2025,7 +2021,6 @@ struct testcase_t crypto_tests[] = { CRYPTO_LEGACY(base32_decode), { "kdf_TAP", test_crypto_kdf_TAP, 0, NULL, NULL }, { "hkdf_sha256", test_crypto_hkdf_sha256, 0, NULL, NULL }, -#ifdef CURVE25519_ENABLED { "curve25519_impl", test_crypto_curve25519_impl, 0, NULL, NULL }, { "curve25519_impl_hibit", test_crypto_curve25519_impl, 0, NULL, (void*)"y"}, { "curve25519_wrappers", test_crypto_curve25519_wrappers, 0, NULL, NULL }, @@ -2037,7 +2032,6 @@ struct testcase_t crypto_tests[] = { { "ed25519_convert", test_crypto_ed25519_convert, 0, NULL, NULL }, { "ed25519_blinding", test_crypto_ed25519_blinding, 0, NULL, NULL }, { "ed25519_testvectors", test_crypto_ed25519_testvectors, 0, NULL, NULL }, -#endif { "siphash", test_crypto_siphash, 0, NULL, NULL }, END_OF_TESTCASES }; diff --git a/src/test/test_dir.c b/src/test/test_dir.c index e03efbe..d17f0b7 100644 --- a/src/test/test_dir.c +++ b/src/test/test_dir.c @@ -216,10 +216,8 @@ test_dir_formats(void *arg) strlcat(buf2, "signing-key\n", sizeof(buf2)); strlcat(buf2, pk1_str, sizeof(buf2)); strlcat(buf2, "hidden-service-dir\n", sizeof(buf2)); -#ifdef CURVE25519_ENABLED strlcat(buf2, "ntor-onion-key " "skyinAnvardNostarsNomoonNowindormistsorsnow=\n", sizeof(buf2)); -#endif strlcat(buf2, "accept *:80\nreject 18.0.0.0/8:24\n", sizeof(buf2)); strlcat(buf2, "router-signature\n", sizeof(buf2)); @@ -239,11 +237,9 @@ test_dir_formats(void *arg) tt_int_op(rp2->bandwidthrate,==, r2->bandwidthrate); tt_int_op(rp2->bandwidthburst,==, r2->bandwidthburst); tt_int_op(rp2->bandwidthcapacity,==, r2->bandwidthcapacity); -#ifdef CURVE25519_ENABLED tt_mem_op(rp2->onion_curve25519_pkey->public_key,==, r2->onion_curve25519_pkey->public_key, CURVE25519_PUBKEY_LEN); -#endif tt_assert(crypto_pk_cmp_keys(rp2->onion_pkey, pk2) == 0); tt_assert(crypto_pk_cmp_keys(rp2->identity_pkey, pk1) == 0); diff --git a/src/test/test_ntor_cl.c b/src/test/test_ntor_cl.c index f2b7a72..873fae0 100644 --- a/src/test/test_ntor_cl.c +++ b/src/test/test_ntor_cl.c @@ -13,10 +13,6 @@ #include "crypto_curve25519.h" #include "onion_ntor.h" -#ifndef CURVE25519_ENABLED -#error "This isn't going to work without curve25519." -#endif - #define N_ARGS(n) STMT_BEGIN { \ if (argc < (n)) { \ fprintf(stderr, "%s needs %d arguments.\n",argv[1],n); \ diff --git a/src/win32/orconfig.h b/src/win32/orconfig.h index aa29d0c..01f1307 100644 --- a/src/win32/orconfig.h +++ b/src/win32/orconfig.h @@ -244,7 +244,6 @@ #define SHARE_DATADIR "" #define HAVE_EVENT2_DNS_H #define HAVE_EVENT_BASE_LOOPEXIT -#define CURVE25519_ENABLED #define USE_CURVE25519_DONNA #define ENUM_VALS_ARE_SIGNED 1

1 0

[tor/master] Merge remote-tracking branch 'sebastian/bug13286'
by nickm＠torproject.org 27 Oct '14

27 Oct '14

1 0

[tor/master] Start on an 0.2.6.1-alpha changelog
by nickm＠torproject.org 27 Oct '14

27 Oct '14

commit 682c154cc49a4219ee9828cb9b0cc4339102cbc5 Author: Nick Mathewson <nickm(a)torproject.org> Date: Mon Oct 27 11:27:52 2014 -0400 Start on an 0.2.6.1-alpha changelog I concatenated the remaining changes/* files, removed them, made the headings more uniform, then told format_changelog.py to sort, collate, and wrap them. --- ChangeLog | 349 ++++++++++++++++++++ changes/12207 | 4 - changes/bug10116 | 3 - changes/bug10816 | 6 - changes/bug11302 | 4 - changes/bug11679 | 3 - changes/bug11683 | 8 - changes/bug11787 | 5 - changes/bug11792 | 15 - changes/bug11824 | 5 - changes/bug12061 | 4 - changes/bug12202 | 3 - changes/bug12205 | 4 - changes/bug12226 | 4 - changes/bug12392 | 4 - changes/bug12503 | 3 - changes/bug12573 | 5 - changes/bug12693 | 3 - changes/bug12728 | 4 - changes/bug12751-systemd-filesystem-sandbox | 5 - changes/bug12855 | 5 - changes/bug12899 | 7 - changes/bug12939-systemd-no-new-privileges | 4 - changes/bug12971 | 5 - changes/bug13000 | 7 - changes/bug13060 | 6 - changes/bug13064 | 3 - changes/bug13102 | 2 - changes/bug13104 | 4 - changes/bug13152 | 5 - changes/bug13161-test-network-echo-n | 3 - changes/bug13163-bitwise-check-BRIDGE-DIRINFO | 5 - ...ateAuthorities-always-using-default-authorities | 4 - changes/bug13196-systemd-writable-run-directory | 3 - changes/bug13205 | 5 - changes/bug13213 | 4 - changes/bug13228 | 5 - changes/bug13285-disable-curve25519-build-errors | 3 - .../bug13290-avoid-div-zero-circuitstatus-pareto | 5 - changes/bug13291-spawn-test-race-condition | 4 - changes/bug13314 | 4 - changes/bug13331-make-j2-test-network-hang | 3 - .../bug13393-format-time-interval-overflow-test | 6 - changes/bug13476-improve-time-handling | 20 -- changes/bug13477-memwipe-more-keys | 5 - changes/bug4244 | 6 - changes/bug7733a | 4 - changes/bug8197 | 6 - changes/bug8402 | 5 - changes/bug9801 | 5 - changes/check_dup_args_gencert | 3 - changes/coverage-html | 5 - changes/crash_handler_in_tests | 3 - changes/feature13153 | 5 - changes/feature13161-TestingDirAuthVoteExit | 7 - changes/feature13161-test-network-delay-option | 4 - changes/feature13211 | 6 - changes/feature5583 | 2 - changes/issue13163-improve-DIRINFO-flags-comments | 5 - ...ssue13284-spurious-clang-shallow-analyze-errors | 3 - changes/no-wince | 4 - changes/prop215 | 16 - changes/require-c99 | 10 - changes/threads-required | 12 - changes/ticket11144 | 8 - changes/ticket11243 | 7 - changes/ticket11582 | 5 - changes/ticket12884 | 3 - changes/ticket6938 | 4 - changes/ticket961 | 5 - changes/ticket_13119 | 6 - 71 files changed, 349 insertions(+), 368 deletions(-) diff --git a/ChangeLog b/ChangeLog index 32a4ab3..5f8b662 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,353 @@ Changes in version 0.2.6.1-alpha - 2014-??-?? + o Major features (bridges): + - Expose the outgoing upstream HTTP/SOCKS proxy to pluggable + transports if they are configured via the "TOR_PT_PROXY" enviorment + variable. Implements proposal 232. Resolves ticket 8402. + + o Major features (client performance, hidden services): + - Allow clients to use optimistic data when connecting to a hidden + service, which should cut out the initial round-trip for client- + side programs including Tor Browser. (Now that Tor 0.2.2.x is + obsolete, all hidden services should support server-side + optimistic data.) See proposal 181 for details. Implements ticket + 13211. - Add an option to overwrite logs (TruncateLogFile). Closes + ticket #5583. + + o Major features (directory system): + - Upon receiving a server descriptor, microdescriptor, extrainfo + document, or other object that is unparseable, if its digest + matches what we expected, then mark it as not to be downloaded + again. Previously, when we got a descriptor we didn't like, we + would keep trying to download it over and over. Closes + ticket 11243. + + o Major features (sample torrc): + - Add a new, infrequently-changed "torrc.minimal". This file's + purpose is similar to torrc.sample, but it is meant to be small + and change as infrequently as possible, for the benefit of users + whose systems prompt them for intervention whenever a default + configuration file is changed. Making this change allows us to + update torrc.sample to be a more generally useful "sample torrc". + + o Major bugfixes (directory authorities): + - Relays should not be assigned the HSDir flag if they are + considered invalid. Also, do not assign the HSDir flag to relays + that are currently hibernating. Fixes #12573. Bugfix + on tor-0.2.0.10-alpha + + o Major bugfixes (directory bandwidth performance): + - Don't flush the zlib buffer aggressively when compressing + directory information for clients. This should save about 7% of + the bandwidth currently used for compressed descriptors and + microdescriptors. Fixes bug 11787; bugfix on 0.1.1.23. + + o Minor features (security, memory wiping): + - Ensure we securely wipe keys from memory after + crypto_digest_get_digest and init_curve25519_keypair_from_file + have finished using them. Fixes bug 13477. + + o Minor features (security, out-of-memory handling): + - When handling a low-memory situation, allocate less memory for + teporary data structures. Fixes issue 10115. + - When closing an edge connection because we've run out of memory, + also count the amount of memory that any tunnelled directory + connection attached to that connection had consumed. Part of + ticket 11792. + - When considering whether we're running low on memory, consider + memory that was allocated as part of zlib buffers as well. Count + that memory as reclaimed by our OOM handler. Part of ticket 11792. + - When handling out-of-memory conditions, also look at non-tunnneled + directory connections, and kill the ones that have had data + sitting on them for the longest. Part of ticket 11792. + + o Minor features (client): + - Clients are now willing to send optimistic circuit data (before + they receive a 'connected' cell) to relays of any version. We used + to only do it for relays running 0.2.3.1-alpha or later, but now + all relays are new enough. Resolves ticket 13153. + + o Minor features (directory authorities): + - Don't list relays with a bandwidth estimate of 0 in the consensus. + Implements a feature proposed during discussion of bug 13000. + - In tor-gencert, report an error if the user provides the same + argument more than once. + - If a directory authority can't find a best consensus method in the + votes that it holds, it now falls back to its favorite consensus + method. Previously, it fell back to method 1. Neither of these is + likely to get enough signatures, but "fall back to favorite" + doesn't require us to maintain support an obsolete consensus + method. Implements another part of proposal 215. + + o Minor features (logging): + - On unix, you can now use named pipes as the target of the Log + option, and other options that try to append to files. Closes + ticket 12061. Patch from "carlo von lynX". + - When opening a log file at startup, send it every log message that + we generated between startup and opening it. Closes ticket 6938. + + o Minor features (portability, Solaris): + - Threads are no longer disabled by default on Solaris; we believe + that the versions of Solaris with broken threading support are all + obsolete by now. Resolves ticket 9495. + + o Minor features (relay): + - Re-check our address after we detect a changed IP address from + getsockname(). This ensures that the controller command "GETINFO + address" will report the correct value. Resolves ticket 11582. + Patch from "ra". + - A new AccountingRule option lets you set whether you'd like the + AccountingMax value to be applied separately to inbound and + outbound traffic, or applied to the sum of inbound and outbound + traffic. Resolves ticket 961. Patch by "chobe". + + o Minor features (testing networks): + - Add the TestingDirAuthVoteExit option, a list of nodes to vote + Exit for regardless of their uptime, bandwidth, or exit policy. + TestingTorNetwork must be set for this option to have any effect. + Works around an issue where authorities would take up to 35 + minutes to give nodes the Exit flag in a test network, despite + short consensus intervals. Partially implements ticket 13161. + + o Minor features (validation): + - Check all date/time values passed to tor_timegm and + parse_rfc1123_time for validity, taking leap years into account. + Improves HTTP header validation. Implemented with bug 13476. + - Clamp year values returned by system localtime(_r) and gmtime(_r) + to year 1 in correct_tm. This ensures tor can read any values it + writes out. Fixes bug 13476. + + o Minor bugfixes (bridge clients): + - When a bridge has been configured without an identity digest (not + recommended), avoid launching an extra channel to it when + bootstrapping. Fixes bug 7733; bugfix on 0.2.4.4-alpha. + + o Minor bugfixes (bridges): + - When DisableNetwork is set, do not launch pluggable transport + plugins, and if any are running already, terminate the existing + instances. Resolves ticket 13213. + + o Minor bugfixes (C correctness): + - Fix several instances of possible integer overflow/underflow/NaN. + Fixes bug 13104; bugfix on 0.2.3.1-alpha and later. Patches + from "teor". + - In circuit_build_times_calculate_timeout() in circuitstats.c, + avoid dividing by zero in the pareto calculations. This traps + under clang -fsanitize=undefined-trap + -fsanitize-undefined-trap-on-error. Fixes bug 13290; bugfix + on tor-0.2.2.2-alpha. + - Fix an instance of integer overflow in format_time_interval(). + Fixes bug 13393. + - Set the correct day of year value when the system's localtime(_r) + or gmtime(_r) functions fail to set struct tm. Not externally + visible. Fixes bug 13476. + - Avoid unlikely signed integer overflow in tor_timegm on systems + with 32-bit time_t. Fixes bug 13476. + + o Minor bugfixes (client): + - Use the consensus schedule for downloading consensuses, and not + the generic schedule. Fixes bug 11679; bugfix on 0.2.2.6-alpha. + - Handle unsupported SOCKS5 requests properly by responding with + 'Command not supported' reply message before closing a TCP + connection to the user. Fixes bug 12971. + - Handle malformed SOCKS5 requests properly by responding with an + appropriate error message before closing a TCP connection to the + user. Fixes bug 13314. + + o Minor bugfixes (client, torrc): + - Stop modifying the value of our DirReqStatistics torrc option just + because we're not a bridge or relay. This bug was causing Tor + Browser users to write "DirReqStatistics 0" in their torrc files + as if they had chosen to change the config. Fixes bug 4244; bugfix + on 0.2.3.1-alpha. + - When GeoIPExcludeUnkonwn is enabled, do not incorrectly decide + that our options have changed every time we SIGHUP. Fixes bug + 9801; bugfix on 0.2.4.10-alpha. Patch from "qwerty1". + + o Minor bugfixes (controller): + - Return an error when the second or later arguments of the + "setevents" controller command are invalid events. Previously we + would return success while silently skipping invalid events. Fixes + bug 13205; bugfix on 0.2.3.2-alpha. Reported by "fpxnns". + + o Minor bugfixes (directory system): + - Always believe that v3 directory authorities serve extra-info + documents, regardless of whether their server descriptor contains + a "caches-extra-info" line or not. Fixes part of #11683. Bugfix + on 0.2.0.1-alpha. + - When running as a v3 directory authority, advertise that you serve + extra-info documents so that clients who want them can find them + from you too. Fixes part of bug #11683. Bugfix on 0.2.0.1-alpha. + - Bitwise check the BRIDGE_DIRINFO flag rather than using equality. + Fixes a (potential) bug where directories offering BRIDGE_DIRINFO + and some other flag (i.e. microdescriptors or extrainfo) would be + ignored when looking for bridge directories. Partially fixes + bug 13163. + + o Minor bugfixes (networking): + - Check for orconns and use connection_or_close_for_error() rather + than connection_mark_for_close() directly in the getsockopt() + failure case of connection_handle_write_impl(). Fixes bug #11302. + + o Minor bugfixes (relay): + - When generating our family list, remove spaces from around the + entries there. Fixes bug 12728; bugfix on 0.2.1.7-alpha. + - If our previous bandwidth estimate was 0 bytes, allow publishing a + new relay descriptor immediately. Fixes bug 13000; bugfix + on 0.1.1.6-alpha. + + o Minor bugfixes (testing networks): + - Fix TestingDirAuthVoteGuard to properly give out Guard flags in a + testing network. Fixes bug 13064; bugfix on 0.2.5.2-alpha. + - Stop using the default authorities in networks which provide both + AlternateDirAuthority and AlternateBridgeAuthority. Partially + fixes bug 13163. + + o Minor bugfixes (testing): + - Stop spawn test failures due to a race condition between the + SIGCHLD handler updating the process status, and the test reading + it. Fixes bug 13291; bugfix on 0.2.3.3-alpha. + + o Minor bugfixes (testing, Windows): + - Avoid passing an extra backslash when creating a temporary + directory for running the unit tests on Windows. Fixes bug 12392; + bugfix on 0.2.2.25-alpha. Patch from Gisle Vanem. + + o Minor bugfixes (windows): + - Remove code to special-case handling of NTE_BAD_KEYSET when + acquiring windows CryptoAPI context. This error can't actually + occur for the parameters we're providing. Fixes bug 10816; bugfix + on 0.0.2pre26. + + o Minor bugfixes (zlib): + - When trying to finalize a zlib stream where we have already + exhausted all the input bytes and we need more bytes in the output + buffer, do not report the write as successful. Fixes bug 11824; + bugfix on 0.1.1.23. + + o Build fixes: + - Allow our configure script to build correctly with autoconf 2.62 + again. Fixes bug 12693; bugfix on 0.2.5.2-alpha. + - Improve configure script error message to make it clear that + compilation has failed and that user has to either add + --disable-asciidoc argument or install asciidoc. Resolves + ticket 13228. + - Stop test & bench build failures with --disable-curve25519. Fixes + bug 13285. + + o Code simplification and refactoring: + - Change the entry_is_live() function to take named bitfield + elements instead of an unnamed list of booleans. Closes + ticket 12202. + - Refactoring and unit-testing entry_is_time_to_retry() in + entrynodes.c. Resolves ticket 12205. + - Use calloc and reallocarray functions in preference to multiply- + then-malloc. This makes it less likely for us to fall victim to an + integer overflow attack when allocating. Resolves ticket 12855. + - Use the standard macro name SIZE_MAX, instead of our + own SIZE_T_MAX. + - Document usage of the NO_DIRINFO and ALL_DIRINFO flags clearly in + functions which take them as arguments. Replace 0 with NO_DIRINFO + in a function call for clarity. Seeks to prevent future issues + like 13163. + - Avoid 4 null pointer errors under clang shallow analysis by using + tor_assert() to prove that the pointers aren't null. Fixes + bug 13284. + + o Code simplifications and refactoring: + - Reworking API of policies_parse_exit_policy() function to use a + bitmask to represent parsing options instead of a confusing mess + of booleans. Resolves ticket 8197. + - Introducing helper function to parse ExitPolicy in + or_options_t structure. + + o New compiler requirements: + - Tor 0.2.6.x requires that your compiler support more of the C99 + language standard than before. The 'configure' script now detects + whether your compiler supports C99 mid-block declarations and + designated initializers. If it does not, Tor will not compile. + + We may revisit this requirement if it turns out that a significant + number of people need to build Tor with compilers that don't + bother implementing a 15-year-old standard. Closes ticket 13233. + + o Removed code: + - We no longer remind the user about obsolete configuration options + that have been obsolete since 0.2.3.x or later. Patch by + Adrien Bak. + + o Removed features: + - The old "StrictEntryNodes" and "StrictExitNodes" options, which + used to be deprecated synonyms for "StrictNodes", are now marked + obsolete. Resolves ticket 12226. + - The "AuthDirRejectUnlisted" option no longer has any effect, as + the fingerprints file (approved-routers) has been deprecated. + - Directory authorities do not support being Naming dirauths + anymore. The "NamingAuthoritativeDir" config option has + been obsoleted. + - Directory authorities do not support giving out the BadDirectory + flag anymore. + - Clients don't understand the BadDirectory flag in the consensus + anymore, and ignore it. + - Tor no longer supports systems without threading support. When we + began working on Tor, there were several systems that didn't have + threads, or where the thread support wasn't able to run the + threads of a single process on multiple CPUs. That no longer + holds: every system where Tor needs to run well now has threading + support. Resolves ticket 12439. + + o Removed platform support: + - We no longer include special code to build on Windows CE; as far + as we know, nobody has used Tor on Windows CE in a very long time. + Closes ticket 11446. + + o Testing: + - Refactor the function that chooses guard nodes so that it can more + easily be tested; write some tests for it. + - Fix and re-enable the fgets_eagain unit test. Fixes bug 12503; + bugfix on 0.2.3.1-alpha. Patch from "cypherpunks." + - Create unit tests for format_time_interval(). With bug 13393. + - Add unit tests for tor_timegm signed overflow, tor_timegm and + parse_rfc1123_time validity checks, correct_tm year clamping. Unit + tests (visible) fixes in bug 13476. + - Add a "coverage-html" make target to generate HTML-visualized + coverage results when building with --enable-coverage. (Requires + lcov.) Patch from Kevin Murray. + - Enable the backtrace handler (where supported) when running the + unit tests. + - Revise all unit tests that used the legacy test_* macros to + instead use the recommended tt_* macros. This patch was generated + with coccinelle, to avoid manual errors. Closes ticket 13119. + + o Distribution (systemd): + - systemd unit file: only allow tor to write to /var/lib/tor and + /var/log/tor. The rest of the filesystem is accessible for reading + only. Patch by intrigeri; resolves ticket 12751. + - systemd unit file: ensures that the process and all its children + can never gain new privileges. Patch by intrigeri; resolves + ticket 12939. + - systemd unit file: set up /var/run/tor as writable for the Tor + service. Patch by intrigeri; resolves ticket 13196. + + o Removed features (directory authorities): + - Remove code that prevented authorities from listing Tor servers + affected by CVE-2011-2769 as guards. These servers are already + rejected altogether due to the minimum version requirement of + 0.2.3.16-alpha. Closes ticket 13152. + - Directory authorities no longer advertise or support consensus + methods 1 through 12 inclusive. These consensus methods were + obsolete and/or insecure: maintaining the ability to support them + served no good purpose. Implements part of proposal 215; closes + ticket 10163. + + o Testing (test-network.sh): + - Stop using "echo -n", as some shells' built-in echo doesn't + support "-n". Instead, use "/bin/echo -n". Partially fixes + bug 13161. + - Stop an apparent test-network hang when used with make -j2. Fixes + bug 13331. + - Add a --delay option to test-network.sh, which configures the + delay before the chutney network tests for data transmission. + Partially implements ticket 13161. Changes in version 0.2.5.10 - 2014-10-24 diff --git a/changes/12207 b/changes/12207 deleted file mode 100644 index 53c14a4..0000000 --- a/changes/12207 +++ /dev/null @@ -1,4 +0,0 @@ - - Testing: - - Refactor the function that chooses guard nodes so that it can - more easily be tested; write some tests for it. - diff --git a/changes/bug10116 b/changes/bug10116 deleted file mode 100644 index db7f765..0000000 --- a/changes/bug10116 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - When handling a low-memory situation, allocate less memory - for teporary data structures. Fixes issue 10115. diff --git a/changes/bug10816 b/changes/bug10816 deleted file mode 100644 index 1185f3c..0000000 --- a/changes/bug10816 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (windows): - - Remove code to special-case handling of NTE_BAD_KEYSET when - acquiring windows CryptoAPI context. This error can't actually - occur for the parameters we're providing. Fixes bug 10816; - bugfix on 0.0.2pre26. - diff --git a/changes/bug11302 b/changes/bug11302 deleted file mode 100644 index 7416c69..0000000 --- a/changes/bug11302 +++ /dev/null @@ -1,4 +0,0 @@ - o Bugfixes: - - Check for orconns and use connection_or_close_for_error() rather than - connection_mark_for_close() directly in the getsockopt() failure case - of connection_handle_write_impl(). Fixes bug #11302. diff --git a/changes/bug11679 b/changes/bug11679 deleted file mode 100644 index 3a191ce..0000000 --- a/changes/bug11679 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (client): - - Use the consensus schedule for downloading consensuses, and not the - generic schedule. Fixes bug 11679; bugfix on 0.2.2.6-alpha. diff --git a/changes/bug11683 b/changes/bug11683 deleted file mode 100644 index ccbd2a5..0000000 --- a/changes/bug11683 +++ /dev/null @@ -1,8 +0,0 @@ - o Minor bugfixes: - - Always believe that v3 directory authorities serve extra-info - documents, regardless of whether their server descriptor contains a - "caches-extra-info" line or not. Fixes part of #11683. Bugfix on - 0.2.0.1-alpha. - - When running as a v3 directory authority, advertise that you serve - extra-info documents so that clients who want them can find them from - you too. Fixes part of bug #11683. Bugfix on 0.2.0.1-alpha. diff --git a/changes/bug11787 b/changes/bug11787 deleted file mode 100644 index 014662d..0000000 --- a/changes/bug11787 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (directory bandwidth performance): - - Don't flush the zlib buffer aggressively when compressing - directory information for clients. This should save about 7% of - the bandwidth currently used for compressed descriptors and - microdescriptors. Fixes bug 11787; bugfix on 0.1.1.23. diff --git a/changes/bug11792 b/changes/bug11792 deleted file mode 100644 index 66f7df8..0000000 --- a/changes/bug11792 +++ /dev/null @@ -1,15 +0,0 @@ - o Minor features (security, OOM): - - When closing an edge connection because we've run out of memory, - also count the amount of memory that any tunnelled directory - connection attached to that connection had consumed. Part of - ticket 11792. - - - When considering whether we're running low on memory, consider - memory that was allocated as part of zlib buffers as well. - Count that memory as reclaimed by our OOM handler. Part of - ticket 11792. - - - When handling out-of-memory conditions, also look at - non-tunnneled directory connections, and kill the ones that have - had data sitting on them for the longest. Part of ticket 11792. - diff --git a/changes/bug11824 b/changes/bug11824 deleted file mode 100644 index 03d7dfc..0000000 --- a/changes/bug11824 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - When trying to finalize a zlib stream where we have already - exhausted all the input bytes and we need more bytes in the - output buffer, do not report the write as successful. - Fixes bug 11824; bugfix on 0.1.1.23. diff --git a/changes/bug12061 b/changes/bug12061 deleted file mode 100644 index 308417c..0000000 --- a/changes/bug12061 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - On unix, you can now use named pipes as the target of the Log - option, and other options that try to append to files. Closes - ticket 12061. Patch from "carlo von lynX". diff --git a/changes/bug12202 b/changes/bug12202 deleted file mode 100644 index 566d37e..0000000 --- a/changes/bug12202 +++ /dev/null @@ -1,3 +0,0 @@ - o Code simplification and refactoring: - - Change the entry_is_live() function to take named bitfield elements - instead of an unnamed list of booleans. Closes ticket 12202. diff --git a/changes/bug12205 b/changes/bug12205 deleted file mode 100644 index f71ba41..0000000 --- a/changes/bug12205 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor refactoring: - - Refactoring and unit-testing entry_is_time_to_retry() in - entrynodes.c. Resolves ticket 12205. - diff --git a/changes/bug12226 b/changes/bug12226 deleted file mode 100644 index 0058b83..0000000 --- a/changes/bug12226 +++ /dev/null @@ -1,4 +0,0 @@ - o Removed features: - - The old "StrictEntryNodes" and "StrictExitNodes" options, which - used to be deprecated synonyms for "StrictNodes", are now marked - obsolete. Resolves ticket 12226. diff --git a/changes/bug12392 b/changes/bug12392 deleted file mode 100644 index f096aa8..0000000 --- a/changes/bug12392 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (testing, Windows): - - Avoid passing an extra backslash when creating a temporary - directory for running the unit tests on Windows. Fixes bug 12392; - bugfix on 0.2.2.25-alpha. Patch from Gisle Vanem. diff --git a/changes/bug12503 b/changes/bug12503 deleted file mode 100644 index ff96fa2..0000000 --- a/changes/bug12503 +++ /dev/null @@ -1,3 +0,0 @@ - o Testing: - - Fix and re-enable the fgets_eagain unit test. Fixes bug 12503; - bugfix on 0.2.3.1-alpha. Patch from "cypherpunks." diff --git a/changes/bug12573 b/changes/bug12573 deleted file mode 100644 index 46e3ee2..0000000 --- a/changes/bug12573 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes: - - Relays should not be assigned the HSDir flag if they are - considered invalid. Also, do not assign the HSDir flag to relays - that are currently hibernating. Fixes #12573. Bugfix on - tor-0.2.0.10-alpha diff --git a/changes/bug12693 b/changes/bug12693 deleted file mode 100644 index 11dfe78..0000000 --- a/changes/bug12693 +++ /dev/null @@ -1,3 +0,0 @@ - o Build fixes: - - Allow our configure script to build correctly with autoconf 2.62 - again. Fixes bug 12693; bugfix on 0.2.5.2-alpha. diff --git a/changes/bug12728 b/changes/bug12728 deleted file mode 100644 index ee39245..0000000 --- a/changes/bug12728 +++ /dev/null @@ -1,4 +0,0 @@ - - o Minor bugfixes: - - When generating our family list, remove spaces from around the - entries there. Fixes bug 12728; bugfix on 0.2.1.7-alpha. diff --git a/changes/bug12751-systemd-filesystem-sandbox b/changes/bug12751-systemd-filesystem-sandbox deleted file mode 100644 index 0abaa4c..0000000 --- a/changes/bug12751-systemd-filesystem-sandbox +++ /dev/null @@ -1,5 +0,0 @@ - o Distribution: - - systemd unit file: only allow tor to write to /var/lib/tor - and /var/log/tor. The rest of the filesystem is accessible - for reading only. - Patch by intrigeri; resolves ticket 12751. diff --git a/changes/bug12855 b/changes/bug12855 deleted file mode 100644 index 8d8c10d..0000000 --- a/changes/bug12855 +++ /dev/null @@ -1,5 +0,0 @@ - o Code simplification and refactoring - - Use calloc and reallocarray functions in preference to - multiply-then-malloc. This makes it less likely for us to fall - victim to an integer overflow attack when allocating. Resolves - ticket 12855. diff --git a/changes/bug12899 b/changes/bug12899 deleted file mode 100644 index 491f3eb..0000000 --- a/changes/bug12899 +++ /dev/null @@ -1,7 +0,0 @@ - o Removed features: - - The "AuthDirRejectUnlisted" option no longer has any effect, as - the fingerprints file (approved-routers) has been deprecated. - - Directory authorities do not support being Naming dirauths - anymore. The "NamingAuthoritativeDir" config option has been - obsoleted. - diff --git a/changes/bug12939-systemd-no-new-privileges b/changes/bug12939-systemd-no-new-privileges deleted file mode 100644 index d9103b7..0000000 --- a/changes/bug12939-systemd-no-new-privileges +++ /dev/null @@ -1,4 +0,0 @@ - o Distribution: - - systemd unit file: ensures that the process and all its children - can never gain new privileges. - Patch by intrigeri; resolves ticket 12939. diff --git a/changes/bug12971 b/changes/bug12971 deleted file mode 100644 index e548bbf..0000000 --- a/changes/bug12971 +++ /dev/null @@ -1,5 +0,0 @@ - o Bugfixes: - - Handle unsupported SOCKS5 requests properly by responding with - 'Command not supported' reply message before closing a TCP connection - to the user. Fixes bug 12971. - diff --git a/changes/bug13000 b/changes/bug13000 deleted file mode 100644 index 731b4d0..0000000 --- a/changes/bug13000 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes: - - If our previous bandwidth estimate was 0 bytes, allow publishing a - new relay descriptor immediately. Fixes bug 13000; bugfix on - 0.1.1.6-alpha. - o Minor features: - - Don't list relays with a bandwidth estimate of 0 in the consensus. - Implements a feature proposed during discussion of bug 13000. diff --git a/changes/bug13060 b/changes/bug13060 deleted file mode 100644 index 58bd2b2..0000000 --- a/changes/bug13060 +++ /dev/null @@ -1,6 +0,0 @@ - o Removed features: - - Directory authorities do not support giving out the BadDirectory - flag anymore. - - Clients don't understand the BadDirectory flag in the consensus - anymore, and ignore it. - diff --git a/changes/bug13064 b/changes/bug13064 deleted file mode 100644 index c35b9a8..0000000 --- a/changes/bug13064 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes: - - Fix TestingDirAuthVoteGuard to properly give out Guard flags in - a testing network. Fixes bug 13064; bugfix on 0.2.5.2-alpha. diff --git a/changes/bug13102 b/changes/bug13102 deleted file mode 100644 index f66d38c..0000000 --- a/changes/bug13102 +++ /dev/null @@ -1,2 +0,0 @@ - o Code refactoring: - - Use the standard macro name SIZE_MAX, instead of our own SIZE_T_MAX. diff --git a/changes/bug13104 b/changes/bug13104 deleted file mode 100644 index 331db64..0000000 --- a/changes/bug13104 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes: - - Fix several instances of possible integer overflow/underflow/NaN. - Fixes bug 13104; bugfix on 0.2.3.1-alpha and later. Patches from - "teor". diff --git a/changes/bug13152 b/changes/bug13152 deleted file mode 100644 index c6f3d61..0000000 --- a/changes/bug13152 +++ /dev/null @@ -1,5 +0,0 @@ - o Removed features (directory authority): - - Remove code that prevented authorities from listing Tor servers - affected by CVE-2011-2769 as guards. These servers are already - rejected altogether due to the minimum version requirement of - 0.2.3.16-alpha. Closes ticket 13152. diff --git a/changes/bug13161-test-network-echo-n b/changes/bug13161-test-network-echo-n deleted file mode 100644 index 501ebdd..0000000 --- a/changes/bug13161-test-network-echo-n +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes: - - Stop using "echo -n", as some shells' built-in echo doesn't support - "-n". Instead, use "/bin/echo -n". Partially fixes bug 13161. diff --git a/changes/bug13163-bitwise-check-BRIDGE-DIRINFO b/changes/bug13163-bitwise-check-BRIDGE-DIRINFO deleted file mode 100644 index 7f5ec05..0000000 --- a/changes/bug13163-bitwise-check-BRIDGE-DIRINFO +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - Bitwise check the BRIDGE_DIRINFO flag rather than using equality. - Fixes a (potential) bug where directories offering BRIDGE_DIRINFO and - some other flag (i.e. microdescriptors or extrainfo) would be ignored - when looking for bridge directories. Partially fixes bug 13163. diff --git a/changes/bug13163-stop-AlternateAuthorities-always-using-default-authorities b/changes/bug13163-stop-AlternateAuthorities-always-using-default-authorities deleted file mode 100644 index eeaca92..0000000 --- a/changes/bug13163-stop-AlternateAuthorities-always-using-default-authorities +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes: - - Stop using the default authorities in networks which provide both - AlternateDirAuthority and AlternateBridgeAuthority. - Partially fixes bug 13163. diff --git a/changes/bug13196-systemd-writable-run-directory b/changes/bug13196-systemd-writable-run-directory deleted file mode 100644 index 737c354..0000000 --- a/changes/bug13196-systemd-writable-run-directory +++ /dev/null @@ -1,3 +0,0 @@ - o Distribution: - - systemd unit file: set up /var/run/tor as writable for the Tor service. - Patch by intrigeri; resolves ticket 13196. diff --git a/changes/bug13205 b/changes/bug13205 deleted file mode 100644 index 446ffcf..0000000 --- a/changes/bug13205 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - Return an error when the second or later arguments of the - "setevents" controller command are invalid events. Previously we - would return success while silently skipping invalid events. Fixes - bug 13205; bugfix on 0.2.3.2-alpha. Reported by "fpxnns". diff --git a/changes/bug13213 b/changes/bug13213 deleted file mode 100644 index 6dae8b0..0000000 --- a/changes/bug13213 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (Bridges): - - When DisableNetwork is set, do not launch pluggable transport - plugins, and if any are running already, terminate the existing - instances. Resolves ticket 13213. diff --git a/changes/bug13228 b/changes/bug13228 deleted file mode 100644 index 0de013c..0000000 --- a/changes/bug13228 +++ /dev/null @@ -1,5 +0,0 @@ - o Build fixes: - - Improve configure script error message to make it clear - that compilation has failed and that user has to either - add --disable-asciidoc argument or install asciidoc. - Resolves ticket 13228. diff --git a/changes/bug13285-disable-curve25519-build-errors b/changes/bug13285-disable-curve25519-build-errors deleted file mode 100644 index 285b642..0000000 --- a/changes/bug13285-disable-curve25519-build-errors +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes: - - Stop test & bench build failures with --disable-curve25519. - Fixes bug 13285. diff --git a/changes/bug13290-avoid-div-zero-circuitstatus-pareto b/changes/bug13290-avoid-div-zero-circuitstatus-pareto deleted file mode 100644 index cb175a7..0000000 --- a/changes/bug13290-avoid-div-zero-circuitstatus-pareto +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - In circuit_build_times_calculate_timeout() in circuitstats.c, avoid - dividing by zero in the pareto calculations. This traps under - clang -fsanitize=undefined-trap -fsanitize-undefined-trap-on-error. - Fixes bug 13290; bugfix on tor-0.2.2.2-alpha. diff --git a/changes/bug13291-spawn-test-race-condition b/changes/bug13291-spawn-test-race-condition deleted file mode 100644 index bedd799..0000000 --- a/changes/bug13291-spawn-test-race-condition +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes: - - Stop spawn test failures due to a race condition between the SIGCHLD - handler updating the process status, and the test reading it. - Fixes bug 13291; bugfix on 0.2.3.3-alpha. diff --git a/changes/bug13314 b/changes/bug13314 deleted file mode 100644 index e9017fa..0000000 --- a/changes/bug13314 +++ /dev/null @@ -1,4 +0,0 @@ - o Bugfixes: - - Handle malformed SOCKS5 requests properly by responding with an - appropriate error message before closing a TCP connection to the - user. Fixes bug 13314. diff --git a/changes/bug13331-make-j2-test-network-hang b/changes/bug13331-make-j2-test-network-hang deleted file mode 100644 index 85c0ad8..0000000 --- a/changes/bug13331-make-j2-test-network-hang +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes: - - Stop an apparent test-network hang when used with make -j2. - Fixes bug 13331. diff --git a/changes/bug13393-format-time-interval-overflow-test b/changes/bug13393-format-time-interval-overflow-test deleted file mode 100644 index cc15572..0000000 --- a/changes/bug13393-format-time-interval-overflow-test +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes: - - Fix an instance of integer overflow in format_time_interval(). - Fixes bug 13393. - - o Minor features (test): - - Create unit tests for format_time_interval(). With bug 13393. diff --git a/changes/bug13476-improve-time-handling b/changes/bug13476-improve-time-handling deleted file mode 100644 index 94ab95b..0000000 --- a/changes/bug13476-improve-time-handling +++ /dev/null @@ -1,20 +0,0 @@ - o Minor bugfixes: - - Set the correct day of year value when the system's localtime(_r) - or gmtime(_r) functions fail to set struct tm. Not externally visible. - Fixes bug 13476. - - Avoid unlikely signed integer overflow in tor_timegm on systems with - 32-bit time_t. - Fixes bug 13476. - o Minor enhancements (validation): - - Check all date/time values passed to tor_timegm and parse_rfc1123_time - for validity, taking leap years into account. - Improves HTTP header validation. - Implemented with bug 13476. - - Clamp year values returned by system localtime(_r) and gmtime(_r) - to year 1 in correct_tm. This ensures tor can read any values it - writes out. - Fixes bug 13476. - o Minor enhancements (testing): - - Add unit tests for tor_timegm signed overflow, tor_timegm and - parse_rfc1123_time validity checks, correct_tm year clamping. - Unit tests (visible) fixes in bug 13476. diff --git a/changes/bug13477-memwipe-more-keys b/changes/bug13477-memwipe-more-keys deleted file mode 100644 index cf8e0a9..0000000 --- a/changes/bug13477-memwipe-more-keys +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - Ensure we securely wipe keys from memory after - crypto_digest_get_digest and init_curve25519_keypair_from_file - have finished using them. - Fixes bug 13477. diff --git a/changes/bug4244 b/changes/bug4244 deleted file mode 100644 index 2b228dd..0000000 --- a/changes/bug4244 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes: - - Stop modifying the value of our DirReqStatistics torrc option just - because we're not a bridge or relay. This bug was causing Tor - Browser users to write "DirReqStatistics 0" in their torrc files - as if they had chosen to change the config. Fixes bug 4244; bugfix - on 0.2.3.1-alpha. diff --git a/changes/bug7733a b/changes/bug7733a deleted file mode 100644 index 183c009..0000000 --- a/changes/bug7733a +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes: - - When a bridge has been configured without an identity digest - (not recommended), avoid launching an extra channel to it when - bootstrapping. Fixes bug 7733; bugfix on 0.2.4.4-alpha. diff --git a/changes/bug8197 b/changes/bug8197 deleted file mode 100644 index b8e467d..0000000 --- a/changes/bug8197 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor refactoring: - - Reworking API of policies_parse_exit_policy() function to use a - bitmask to represent parsing options instead of a confusing mess - of booleans. Resolves ticket 8197. - - Introducing helper function to parse ExitPolicy in or_options_t - structure. diff --git a/changes/bug8402 b/changes/bug8402 deleted file mode 100644 index 96a3084..0000000 --- a/changes/bug8402 +++ /dev/null @@ -1,5 +0,0 @@ - o Major features (bridges): - - Expose the outgoing upstream HTTP/SOCKS proxy to pluggable - transports if they are configured via the "TOR_PT_PROXY" - enviorment variable. Implements proposal 232. Resolves - ticket 8402. diff --git a/changes/bug9801 b/changes/bug9801 deleted file mode 100644 index 6b23b71..0000000 --- a/changes/bug9801 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - When GeoIPExcludeUnkonwn is enabled, do not incorrectly decide - that our options have changed every time we SIGHUP. Fixes bug - 9801; bugfix on 0.2.4.10-alpha. Patch from "qwerty1". - diff --git a/changes/check_dup_args_gencert b/changes/check_dup_args_gencert deleted file mode 100644 index d0925df..0000000 --- a/changes/check_dup_args_gencert +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - In tor-gencert, report an error if the user provides the same - argument more than once. diff --git a/changes/coverage-html b/changes/coverage-html deleted file mode 100644 index 1c38c76..0000000 --- a/changes/coverage-html +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features (testing): - - - Add a "coverage-html" make target to generate HTML-visualized - coverage results when building with --enable-coverage. (Requires lcov.) - Patch from Kevin Murray. diff --git a/changes/crash_handler_in_tests b/changes/crash_handler_in_tests deleted file mode 100644 index d2bfdde..0000000 --- a/changes/crash_handler_in_tests +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Enable the backtrace handler (where supported) when running the - unit tests. diff --git a/changes/feature13153 b/changes/feature13153 deleted file mode 100644 index 15f8fe8..0000000 --- a/changes/feature13153 +++ /dev/null @@ -1,5 +0,0 @@ - o Code simplication: - - Clients are now willing to send optimistic circuit data (before they - receive a 'connected' cell) to relays of any version. We used to - only do it for relays running 0.2.3.1-alpha or later, but now all - relays are new enough. Resolves ticket 13153. diff --git a/changes/feature13161-TestingDirAuthVoteExit b/changes/feature13161-TestingDirAuthVoteExit deleted file mode 100644 index d6c8f41..0000000 --- a/changes/feature13161-TestingDirAuthVoteExit +++ /dev/null @@ -1,7 +0,0 @@ - o Minor features (testing): - - Add the TestingDirAuthVoteExit option, a list of nodes to vote - Exit for regardless of their uptime, bandwidth, or exit policy. - TestingTorNetwork must be set for this option to have any effect. - Works around an issue where authorities would take up to 35 minutes - to give nodes the Exit flag in a test network, despite short - consensus intervals. Partially implements ticket 13161. diff --git a/changes/feature13161-test-network-delay-option b/changes/feature13161-test-network-delay-option deleted file mode 100644 index 1cf2e71..0000000 --- a/changes/feature13161-test-network-delay-option +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (testing): - - Add a --delay option to test-network.sh, which configures the delay - before the chutney network tests for data transmission. - Partially implements ticket 13161. diff --git a/changes/feature13211 b/changes/feature13211 deleted file mode 100644 index dcb0196..0000000 --- a/changes/feature13211 +++ /dev/null @@ -1,6 +0,0 @@ - o Major features (performance): - - Allow clients to use optimistic data when connecting to a hidden - service, which should cut out the initial round-trip for client-side - programs including Tor Browser. (Now that Tor 0.2.2.x is obsolete, - all hidden services should support server-side optimistic - data.) See proposal 181 for details. Implements ticket 13211. diff --git a/changes/feature5583 b/changes/feature5583 deleted file mode 100644 index cd5eb69..0000000 --- a/changes/feature5583 +++ /dev/null @@ -1,2 +0,0 @@ - o Minor features: - - Add an option to overwrite logs (TruncateLogFile). Closes ticket #5583. diff --git a/changes/issue13163-improve-DIRINFO-flags-comments b/changes/issue13163-improve-DIRINFO-flags-comments deleted file mode 100644 index 3acb1f3..0000000 --- a/changes/issue13163-improve-DIRINFO-flags-comments +++ /dev/null @@ -1,5 +0,0 @@ - o Minor refactoring: - - Document usage of the NO_DIRINFO and ALL_DIRINFO flags clearly in - functions which take them as arguments. Replace 0 with NO_DIRINFO - in a function call for clarity. - Seeks to prevent future issues like 13163. diff --git a/changes/issue13284-spurious-clang-shallow-analyze-errors b/changes/issue13284-spurious-clang-shallow-analyze-errors deleted file mode 100644 index c08fa1f..0000000 --- a/changes/issue13284-spurious-clang-shallow-analyze-errors +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes: - - Avoid 4 null pointer errors under clang shallow analysis by using - tor_assert() to prove that the pointers aren't null. Fixes bug 13284. diff --git a/changes/no-wince b/changes/no-wince deleted file mode 100644 index 833bf46..0000000 --- a/changes/no-wince +++ /dev/null @@ -1,4 +0,0 @@ - o Removed platform support: - - We no longer include special code to build on Windows CE; as far - as we know, nobody has used Tor on Windows CE in a very long - time. Closes ticket 11446. diff --git a/changes/prop215 b/changes/prop215 deleted file mode 100644 index 214e576..0000000 --- a/changes/prop215 +++ /dev/null @@ -1,16 +0,0 @@ - o Removed features (directory authorities): - - - Directory authorities no longer advertise or support consensus - methods 1 through 12 inclusive. These consensus methods were - obsolete and/or insecure: maintaining the ability to support them - served no good purpose. Implements part of proposal 215; - closes ticket 10163. - - o Minor features (directory authorities) - - If a directory authority can't find a best consensus method in the - votes that it holds, it now falls back to its favorite consensus - method. Previously, it fell back to method 1. Neither of these is - likely to get enough signatures, but "fall back to favorite" - doesn't require us to maintain support an obsolete consensus - method. Implements another part of proposal 215. - diff --git a/changes/require-c99 b/changes/require-c99 deleted file mode 100644 index 61d9612..0000000 --- a/changes/require-c99 +++ /dev/null @@ -1,10 +0,0 @@ - o New compiler requirements: - - Tor 0.2.6.x requires that your compiler support more of the C99 - language standard than before. The 'configure' script now detects - whether your compiler supports C99 mid-block declarations and - designated initializers. If it does not, Tor will not compile. - - We may revisit this requirement if it turns out that a significant - number of people need to build Tor with compilers that don't - bother implementing a 15-year-old standard. Closes ticket 13233. - diff --git a/changes/threads-required b/changes/threads-required deleted file mode 100644 index a56cfe3..0000000 --- a/changes/threads-required +++ /dev/null @@ -1,12 +0,0 @@ - o Removed features: - - Tor no longer supports systems without threading support. - When we began working on Tor, there were several systems that didn't - have threads, or where the thread support wasn't able to run the - threads of a single process on multiple CPUs. That no longer holds: - every system where Tor needs to run well now has threading support. - Resolves ticket 12439. - - o Minor features: - - Threads are no longer disabled by default on Solaris; we believe that - the versions of Solaris with broken threading support are all obsolete - by now. Resolves ticket 9495. diff --git a/changes/ticket11144 b/changes/ticket11144 deleted file mode 100644 index 265481b..0000000 --- a/changes/ticket11144 +++ /dev/null @@ -1,8 +0,0 @@ - o New features (sample torrc): - - Add a new, infrequently-changed "torrc.minimal". This file's - purpose is similar to torrc.sample, but it is meant to be small - and change as infrequently as possible, for the benefit of - users whose systems prompt them for intervention whenever a - default configuration file is changed. Making this change - allows us to update torrc.sample to be a more generally useful - "sample torrc". diff --git a/changes/ticket11243 b/changes/ticket11243 deleted file mode 100644 index 0b470ba..0000000 --- a/changes/ticket11243 +++ /dev/null @@ -1,7 +0,0 @@ - o Major features (downloading): - - Upon receiving a server descriptor, microdescriptor, extrainfo - document, or other object that is unparseable, if its digest - matches what we expected, then mark it as not to be downloaded - again. Previously, when we got a descriptor we didn't like, we - would keep trying to download it over and over. Closes ticket - 11243. diff --git a/changes/ticket11582 b/changes/ticket11582 deleted file mode 100644 index e54f779..0000000 --- a/changes/ticket11582 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features: - - Re-check our address after we detect a changed IP address from - getsockname(). This ensures that the controller command "GETINFO - address" will report the correct value. Resolves ticket 11582. - Patch from "ra". \ No newline at end of file diff --git a/changes/ticket12884 b/changes/ticket12884 deleted file mode 100644 index cd7e87c..0000000 --- a/changes/ticket12884 +++ /dev/null @@ -1,3 +0,0 @@ - o Removed code: - - We no longer remind the user about obsolete configuration options - that have been obsolete since 0.2.3.x or later. Patch by Adrien Bak. diff --git a/changes/ticket6938 b/changes/ticket6938 deleted file mode 100644 index 4e3979a..0000000 --- a/changes/ticket6938 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - - When opening a log file at startup, send it every log message that we - generated between startup and opening it. Closes ticket 6938. diff --git a/changes/ticket961 b/changes/ticket961 deleted file mode 100644 index 018f265..0000000 --- a/changes/ticket961 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features: - - A new AccountingRule option lets you set whether you'd like the - AccountingMax value to be applied separately to inbound and - outbound traffic, or applied to the sum of inbound and outbound - traffic. Resolves ticket 961. Patch by "chobe". diff --git a/changes/ticket_13119 b/changes/ticket_13119 deleted file mode 100644 index 042106e..0000000 --- a/changes/ticket_13119 +++ /dev/null @@ -1,6 +0,0 @@ - o Code refactoring: - - Revise all unit tests that used the legacy test_* macros to - instead use the recommended tt_* macros. This patch was - generated with coccinelle, to avoid manual errors. Closes - ticket 13119. -

1 0

[tor/master] Remove changes files that have already been merged in release-0.2.5
by nickm＠torproject.org 27 Oct '14

27 Oct '14

commit a477d7c66665284d384091e5faae6a88c15c7fcf Author: Nick Mathewson <nickm(a)torproject.org> Date: Mon Oct 27 11:09:41 2014 -0400 Remove changes files that have already been merged in release-0.2.5 (This means that changes/* is now "everything that changed since 0.2.5.10".) --- changes/13295 | 5 ----- changes/bufferevent_compilation | 6 ------ changes/bug1038-3 | 6 ------ changes/bug11200-caching | 7 ------- changes/bug12160 | 4 ---- changes/bug12602 | 5 ----- changes/bug12700 | 10 ---------- changes/bug12718 | 5 ----- changes/bug12730-systemd-verify-config | 3 --- changes/bug12731-systemd-no-run-as-daemon | 9 --------- changes/bug12830 | 4 ---- changes/bug12848 | 4 ---- changes/bug12864 | 7 ------- changes/bug12878 | 3 --- changes/bug12908 | 4 ---- changes/bug12948 | 8 -------- changes/bug12996 | 5 ----- changes/bug12997 | 3 --- changes/bug13071 | 3 --- changes/bug13081 | 3 --- changes/bug13085 | 3 --- changes/bug13096 | 4 ---- changes/bug13100 | 3 --- changes/bug13124 | 8 -------- changes/bug13151-client | 13 ------------- changes/bug13325 | 4 ---- changes/bug13471 | 5 ----- changes/bug8093 | 3 --- changes/bug8387 | 11 ----------- changes/curve25519-donna32-bug | 12 ------------ changes/disable_sslv3 | 4 ---- changes/further-12184-diagnostic | 2 -- changes/geoip-august2014 | 3 --- changes/geoip-july2014 | 3 --- changes/geoip6-august2014 | 3 --- changes/geoip6-july2014 | 2 -- changes/test.h_msvc | 3 --- changes/ticket12688 | 6 ------ changes/ticket12690 | 9 --------- changes/ticket13036 | 5 ----- 40 files changed, 210 deletions(-) diff --git a/changes/13295 b/changes/13295 deleted file mode 100644 index 4334325..0000000 --- a/changes/13295 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - Disable sandbox name resolver cache when running tor-resolve: - tor-resolve doesn't use the sandbox code, and turning it on was - breaking attempts to do tor-resolve on a non-default server on - Linux. Fixes bug 13295; bugfix on 0.2.5.3-alpha. diff --git a/changes/bufferevent_compilation b/changes/bufferevent_compilation deleted file mode 100644 index 3a32873..0000000 --- a/changes/bufferevent_compilation +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes: - - Fix compilation when building with bufferevents enabled. (This - configuration is still not expected to work, however.) - Fixes bugs 12438, 12474, 11578; bugfixes on 0.2.5.1-alpha and - 0.2.5.3-alpha. Patches from Anthony G. Basile and Sathyanarayanan - Gunasekaran. diff --git a/changes/bug1038-3 b/changes/bug1038-3 deleted file mode 100644 index 5af4afa..0000000 --- a/changes/bug1038-3 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes: - - Warn and drop the circuit if we receive an inbound 'relay early' - cell. Those used to be normal to receive on hidden service circuits - due to bug 1038, but the buggy Tor versions are long gone from - the network so we can afford to resume watching for them. Resolves - the rest of bug 1038; bugfix on 0.2.1.19. diff --git a/changes/bug11200-caching b/changes/bug11200-caching deleted file mode 100644 index e3fbaec..0000000 --- a/changes/bug11200-caching +++ /dev/null @@ -1,7 +0,0 @@ - o Major bugfixes: - - When Tor starts with DisabledNetwork set, it would correctly - conclude that it shouldn't try making circuits, but it would - mistakenly cache this conclusion and continue believing it even - when DisableNetwork is set to 0. Fixes the bug introduced by the - fix for bug 11200; bugfix on 0.2.5.4-alpha. - diff --git a/changes/bug12160 b/changes/bug12160 deleted file mode 100644 index 2a7ace3..0000000 --- a/changes/bug12160 +++ /dev/null @@ -1,4 +0,0 @@ - o Bugfixes - - Correctly update the local mark on the controlling channel when changing - the address of an or_connection_t after the handshake. Fixes bug #12160; - bugfix on 0.2.4.4-alpha. diff --git a/changes/bug12602 b/changes/bug12602 deleted file mode 100644 index 29fa49a..0000000 --- a/changes/bug12602 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (portability): - - Compile correctly with builds and forks of OpenSSL (such as - LibreSSL) that disable compression. Fixes bug 12602; bugfix on - 0.2.1.1-alpha. Patch from "dhill". - diff --git a/changes/bug12700 b/changes/bug12700 deleted file mode 100644 index 1d8caeb..0000000 --- a/changes/bug12700 +++ /dev/null @@ -1,10 +0,0 @@ - o Minor bugfixes: - - When logging information about an EXTEND2 or EXTENDED2 cell, log - their names correctly. Fixes part of bug 12700; bugfix on - 0.2.4.8-alpha. - - o Minor bugfixes: - - When logging information about a relay cell whose command we - don't recognize, log its command as an integer. Fixes part of - bug 12700; bugfix on 0.2.1.10-alpha. - diff --git a/changes/bug12718 b/changes/bug12718 deleted file mode 100644 index 0c5f708..0000000 --- a/changes/bug12718 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - Correct a confusing error message when trying to extend a circuit - via the control protocol but we don't know a descriptor or - microdescriptor for one of the specified relays. Fixes bug 12718; - bugfix on 0.2.3.1-alpha. diff --git a/changes/bug12730-systemd-verify-config b/changes/bug12730-systemd-verify-config deleted file mode 100644 index 221633c..0000000 --- a/changes/bug12730-systemd-verify-config +++ /dev/null @@ -1,3 +0,0 @@ - o Distribution: - - Verify configuration file via ExecStartPre in the systemd unit file. - Patch from intrigeri; resolves ticket 12730. diff --git a/changes/bug12731-systemd-no-run-as-daemon b/changes/bug12731-systemd-no-run-as-daemon deleted file mode 100644 index f92e5af..0000000 --- a/changes/bug12731-systemd-no-run-as-daemon +++ /dev/null @@ -1,9 +0,0 @@ - o Distribution: - - Explicitly disable RunAsDaemon in the systemd unit file. - Our current systemd unit uses "Type = simple", so systemd does - not expect tor to fork. If the user has "RunAsDaemon 1" in their - torrc, then things won't work as expected. This is e.g. the case - on Debian (and derivatives), since there we pass - "--defaults-torrc /usr/share/tor/tor-service-defaults-torrc" - (that contains "RunAsDaemon 1") by default. - Patch by intrigeri; resolves ticket 12731. diff --git a/changes/bug12830 b/changes/bug12830 deleted file mode 100644 index 835ebe2..0000000 --- a/changes/bug12830 +++ /dev/null @@ -1,4 +0,0 @@ - o Documentation: - - Adjust the URLs in the README to refer to the new locations of - several documents on the website. Patch from Matt Pagan. Fixes - bug 12830. diff --git a/changes/bug12848 b/changes/bug12848 deleted file mode 100644 index 7aa79c3..0000000 --- a/changes/bug12848 +++ /dev/null @@ -1,4 +0,0 @@ - o Major bugfixes (relay): - - Avoid queuing or sending destroy cells for circuit ID zero when - we fail to send a CREATE cell. Fixes bug 12848; bugfix on - 0.0.8pre1. Found and fixed by "cypherpunks". diff --git a/changes/bug12864 b/changes/bug12864 deleted file mode 100644 index 79e751f..0000000 --- a/changes/bug12864 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes: - - Restore the functionality of CookieAuthFileGroupReadable. Fixes bug - 12864; bugfix on 0.2.5.1-alpha. - - o Minor features: - - Add an ExtORPortCookieAuthFileGroupReadable option to make the - cookie file for the ExtORPort g+r by default. diff --git a/changes/bug12878 b/changes/bug12878 deleted file mode 100644 index a05fc44..0000000 --- a/changes/bug12878 +++ /dev/null @@ -1,3 +0,0 @@ - o Documentation: - - Document 'reject6' and 'accept6' ExitPolicy entries. Resolves - ticket 12878. diff --git a/changes/bug12908 b/changes/bug12908 deleted file mode 100644 index bd6784c..0000000 --- a/changes/bug12908 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - Warn about attempts to run hidden services and relays in the - same process: that's probably not a good idea. Closes ticket - 12908. diff --git a/changes/bug12948 b/changes/bug12948 deleted file mode 100644 index 431c0a1..0000000 --- a/changes/bug12948 +++ /dev/null @@ -1,8 +0,0 @@ - o Major bugfixes: - - Resume expanding abbreviations for command-line options. The fix - for bug 4647 accidentally removed our hack from bug 586 that rewrote - HashedControlPassword to __HashedControlSessionPassword when it - appears on the commandline (which allowed the user to set her - own HashedControlPassword in the torrc file while the controller - generates a fresh session password for each run). Fixes bug 12948; - bugfix on 0.2.5.1-alpha. diff --git a/changes/bug12996 b/changes/bug12996 deleted file mode 100644 index 4b4fb0d..0000000 --- a/changes/bug12996 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - Downgrade "Unexpected onionskin length after decryption" warning - to a protocol-warn, since there's nothing relay operators can do - about a client that sends them a malformed create cell. Resolves - bug 12996; bugfix on 0.0.6rc1. diff --git a/changes/bug12997 b/changes/bug12997 deleted file mode 100644 index fb6e7a8..0000000 --- a/changes/bug12997 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Log more specific warnings when we get an ESTABLISH_RENDEZVOUS cell - on a cannibalized or non-OR circuit. Resolves ticket 12997. diff --git a/changes/bug13071 b/changes/bug13071 deleted file mode 100644 index 8212b6c..0000000 --- a/changes/bug13071 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (relay): - - Escape all strings from the directory connection before logging them. - Fixes bug 13071; bugfix on 0.1.1.15. Patch from "teor". diff --git a/changes/bug13081 b/changes/bug13081 deleted file mode 100644 index 154f73f..0000000 --- a/changes/bug13081 +++ /dev/null @@ -1,3 +0,0 @@ - o Compilation fixes: - - Make the nmake make files work again. Fixes bug 13081. Bugfix on 0.2.5.1-alpha. Patch - from "NewEraCracker". diff --git a/changes/bug13085 b/changes/bug13085 deleted file mode 100644 index a46457c..0000000 --- a/changes/bug13085 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (controller): - - Actually send TRANSPORT_LAUNCHED and HS_DESC events to controllers. - Fixes bug 13085; bugfix on 0.2.5.1-alpha. Patch by "teor". diff --git a/changes/bug13096 b/changes/bug13096 deleted file mode 100644 index 521faaf..0000000 --- a/changes/bug13096 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (conformance): - - In routerlist_assert_ok(), don't take the address of a routerinfo's - cache_info member unless that routerinfo is non-NULL. Fixes bug - 13096; bugfix on 0.1.1.9-alpha. Patch by "teor". diff --git a/changes/bug13100 b/changes/bug13100 deleted file mode 100644 index bbe43e6..0000000 --- a/changes/bug13100 +++ /dev/null @@ -1,3 +0,0 @@ - o Directory authority changes: - - Change IP address for gabelmoo (v3 directory authority). - diff --git a/changes/bug13124 b/changes/bug13124 deleted file mode 100644 index be7df70..0000000 --- a/changes/bug13124 +++ /dev/null @@ -1,8 +0,0 @@ - o Minor bugfixes: - - Reduce the log severity of the "Pluggable transport proxy does - not provide any needed transports and will not be launched." - message, since Tor Browser includes several ClientTransportPlugin - lines in its torrc-defaults file, leading every Tor Browser user - who looks at her logs to see these notices and wonder if they're - dangerous. Resolves bug 13124; bugfix on 0.2.5.3-alpha. - diff --git a/changes/bug13151-client b/changes/bug13151-client deleted file mode 100644 index 1218dfd..0000000 --- a/changes/bug13151-client +++ /dev/null @@ -1,13 +0,0 @@ - o Major bugfixes: - - Clients now send the correct address for their chosen rendezvous - point when trying to access a hidden service. They used to send - the wrong address, which would still work some of the time because - they also sent the identity digest of the rendezvous point, and if - the hidden service happened to try connecting to the rendezvous - point from a relay that already had a connection open to it, - the relay would reuse that connection. Now connections to hidden - services should be more robust and faster. Also, this bug meant - that clients were leaking to the hidden service whether they were - on a little-endian (common) or big-endian (rare) system, which for - some users might have reduced their anonymity. Fixes bug 13151; - bugfix on 0.2.1.5-alpha. diff --git a/changes/bug13325 b/changes/bug13325 deleted file mode 100644 index b1da4d0..0000000 --- a/changes/bug13325 +++ /dev/null @@ -1,4 +0,0 @@ - o Compilation fixes: - - Build and run correctly on systems like OpenBSD-current that - have patched OpenSSL to remove get_cipher_by_char and/or its - implementations. Fixes issue 13325. diff --git a/changes/bug13471 b/changes/bug13471 deleted file mode 100644 index c116a4a..0000000 --- a/changes/bug13471 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes (openssl bug workaround): - - Avoid crashing when using OpenSSL version 0.9.8zc, 1.0.0o, or - 1.0.1j, built with the 'no-ssl3' configuration option. Fixes - bug 13471. This is a workaround for an OpenSSL bug. - diff --git a/changes/bug8093 b/changes/bug8093 deleted file mode 100644 index f0fbc61..0000000 --- a/changes/bug8093 +++ /dev/null @@ -1,3 +0,0 @@ - o Downgraded warnings: - - Downgrade the severity of the 'unexpected sendme cell from client' from - 'warn' to 'protocol warning'. Closes ticket 8093. diff --git a/changes/bug8387 b/changes/bug8387 deleted file mode 100644 index 2ec0487..0000000 --- a/changes/bug8387 +++ /dev/null @@ -1,11 +0,0 @@ - o Major bugfixes (client): - - - Perform circuit cleanup operations even when circuit - construction operations are disabled (because the network is - disabled, or because there isn't enough directory information). - Previously, when we were not building predictive circuits, we - were not closing expired circuits either. - - Fixes bug 8387; bugfix on 0.1.1.11-alpha. This bug became visible - in 0.2.4.10-alpha when we became more strict about when we have - "enough directory information to build circuits". diff --git a/changes/curve25519-donna32-bug b/changes/curve25519-donna32-bug deleted file mode 100644 index 7fccab1..0000000 --- a/changes/curve25519-donna32-bug +++ /dev/null @@ -1,12 +0,0 @@ - o Major bugfixes: - - - Fix a bug in the bounds-checking in the 32-bit curve25519-donna - implementation that caused incorrect results on 32-bit - implementations when certain malformed inputs were used along with - a small class of private ntor keys. This bug does not currently - appear to allow an attacker to learn private keys or impersonate a - Tor server, but it could provide a means to distinguish 32-bit Tor - implementations from 64-bit Tor implementations. Fixes bug 12694; - bugfix on 0.2.4.8-alpha. Bug found by Robert Ransom; fix from - Adam Langley. - diff --git a/changes/disable_sslv3 b/changes/disable_sslv3 deleted file mode 100644 index bb4c2df..0000000 --- a/changes/disable_sslv3 +++ /dev/null @@ -1,4 +0,0 @@ - o Major security fixes: - - Disable support for SSLv3. All versions of OpenSSL in use with - Tor today support TLS 1.0 or later, so we can safely turn off - support for this old (and insecure) protocol. Fixes bug 13426. diff --git a/changes/further-12184-diagnostic b/changes/further-12184-diagnostic deleted file mode 100644 index 89e9f46..0000000 --- a/changes/further-12184-diagnostic +++ /dev/null @@ -1,2 +0,0 @@ - o Minor features (diagnostic): - - Slightly enhance the diagnostic message for bug 12184. diff --git a/changes/geoip-august2014 b/changes/geoip-august2014 deleted file mode 100644 index 90d8ecb..0000000 --- a/changes/geoip-august2014 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update geoip to the August 7 2014 Maxmind GeoLite2 Country database. - diff --git a/changes/geoip-july2014 b/changes/geoip-july2014 deleted file mode 100644 index a0523ec..0000000 --- a/changes/geoip-july2014 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update geoip to the July 10 2014 Maxmind GeoLite2 Country database. - diff --git a/changes/geoip6-august2014 b/changes/geoip6-august2014 deleted file mode 100644 index 7e7c9a9..0000000 --- a/changes/geoip6-august2014 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update geoip6 to the August 7 2014 Maxmind GeoLite2 Country database. - diff --git a/changes/geoip6-july2014 b/changes/geoip6-july2014 deleted file mode 100644 index 155788e..0000000 --- a/changes/geoip6-july2014 +++ /dev/null @@ -1,2 +0,0 @@ - o Minor features: - - Update geoip6 to the July 10 2014 Maxmind GeoLite2 Country database. diff --git a/changes/test.h_msvc b/changes/test.h_msvc deleted file mode 100644 index 3afbc13..0000000 --- a/changes/test.h_msvc +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (compilation): - - Fix compilation of test.h with MSVC. Patch from Gisle Vanem; - bugfix on 0.2.5.5-alpha. diff --git a/changes/ticket12688 b/changes/ticket12688 deleted file mode 100644 index 88228e5..0000000 --- a/changes/ticket12688 +++ /dev/null @@ -1,6 +0,0 @@ - Major features: - - Make the number of entry guards configurable via a new - NumEntryGuards consensus parameter, and the number of directory - guards configurable via a new NumDirectoryGuards consensus - parameter. Implements ticket 12688. - diff --git a/changes/ticket12690 b/changes/ticket12690 deleted file mode 100644 index 5091883..0000000 --- a/changes/ticket12690 +++ /dev/null @@ -1,9 +0,0 @@ - o Minor features: - - Authorities now assign the Guard flag to the fastest 25% of the - network (it used to be the fastest 50%). Also raise the consensus - weight that guarantees the Guard flag from 250 to 2000. For the - current network, this results in about 1100 guards, down from 2500. - This step paves the way for moving the number of entry guards - down to 1 (proposal 236) while still providing reasonable expected - performance for most users. Implements ticket 12690. - diff --git a/changes/ticket13036 b/changes/ticket13036 deleted file mode 100644 index 1b47843..0000000 --- a/changes/ticket13036 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - Fix a large number of false positive warnings from the clang - analyzer static analysis tool. This should make real warnings - easier for clang analyzer to find. Patch from "teor". Closes - ticket 13036.

1 0

[tor/master] Teach format_changelog.py to emit HTML.
by nickm＠torproject.org 27 Oct '14

27 Oct '14

commit 4e7046cfb2fe3b4b4d916ae456c09a90b7e49983 Author: Nick Mathewson <nickm(a)torproject.org> Date: Mon Oct 27 10:32:25 2014 -0400 Teach format_changelog.py to emit HTML. --- scripts/maint/format_changelog.py | 132 +++++++++++++++++++++++++++++++++---- 1 file changed, 119 insertions(+), 13 deletions(-) diff --git a/scripts/maint/format_changelog.py b/scripts/maint/format_changelog.py index b1a0988..3a95c3a 100755 --- a/scripts/maint/format_changelog.py +++ b/scripts/maint/format_changelog.py @@ -235,7 +235,7 @@ def head_score(s): return score class ChangeLog(object): - def __init__(self, wrapText=True): + def __init__(self, wrapText=True, blogOrder=True): self.prehead = [] self.mainhead = None self.headtext = [] @@ -244,6 +244,7 @@ class ChangeLog(object): self.cursection = None self.lineno = 0 self.wrapText = wrapText + self.blogOrder = blogOrder def addLine(self, tp, line): self.lineno += 1 @@ -312,6 +313,38 @@ class ChangeLog(object): initial_indent=" "*indent1, subsequent_indent=" "*indent2)) + def dumpPreheader(self, graf): + self.dumpGraf(graf, 0) + print + + def dumpMainhead(self, head): + print head + + def dumpHeadGraf(self, graf): + self.dumpGraf(graf, 2) + print + + def dumpSectionHeader(self, header): + print header + + def dumpStartOfSections(self): + pass + + def dumpEndOfSections(self): + pass + + def dumpEndOfSection(self): + print + + def dumpEndOfChangelog(self): + print + + def dumpItem(self, grafs): + self.dumpGraf(grafs[0],4,6) + for par in grafs[1:]: + print + self.dumpGraf(par,6,6) + def collateAndSortSections(self): heads = [] sectionsByHead = { } @@ -330,23 +363,79 @@ class ChangeLog(object): def dump(self): if self.prehead: - self.dumpGraf(self.prehead, 0) - print - print self.mainhead + self.dumpPreheader(self.prehead) + + if not self.blogOrder: + self.dumpMainhead(self.mainhead) + for par in self.headtext: - self.dumpGraf(par, 2) - print + self.dumpHeadGraf(par) + + if self.blogOrder: + self.dumpMainhead(self.mainhead) + + self.dumpStartOfSections() for _,head,items in self.sections: if not head.endswith(':'): print >>sys.stderr, "adding : to %r"%head head = head + ":" - print head + self.dumpSectionHeader(head) for _,grafs in items: - self.dumpGraf(grafs[0],4,6) - for par in grafs[1:]: - print - self.dumpGraf(par,6,6) - print + self.dumpItem(grafs) + self.dumpEndOfSection() + self.dumpEndOfSections() + self.dumpEndOfChangelog() + +class HTMLChangeLog(ChangeLog): + def __init__(self, *args, **kwargs): + ChangeLog.__init__(self, *args, **kwargs) + + def htmlText(self, graf): + for line in graf: + line = line.rstrip().replace("&","&") + line = line.rstrip().replace("<","<").replace(">",">") + sys.stdout.write(line.strip()) + sys.stdout.write(" ") + + def htmlPar(self, graf): + sys.stdout.write("") + self.htmlText(graf) + sys.stdout.write("\n") + + def dumpPreheader(self, graf): + self.htmlPar(graf) + + def dumpMainhead(self, head): + sys.stdout.write("<h2>%s</h2>"%head) + + def dumpHeadGraf(self, graf): + self.htmlPar(graf) + + def dumpSectionHeader(self, header): + header = header.replace(" o ", "", 1).lstrip() + sys.stdout.write(" <li>%s\n"%header) + sys.stdout.write(" <ul>\n") + + def dumpEndOfSection(self): + sys.stdout.write(" </ul>\n\n") + + def dumpEndOfChangelog(self): + pass + + def dumpStartOfSections(self): + print "<ul>\n" + + def dumpEndOfSections(self): + print "</ul>\n" + + def dumpItem(self, grafs): + grafs[0][0] = grafs[0][0].replace(" - ", "", 1).lstrip() + sys.stdout.write(" <li>") + if len(grafs) > 1: + for par in grafs: + self.htmlPar(par) + else: + self.htmlText(grafs[0]) print op = optparse.OptionParser(usage="usage: %prog [options] [filename]") @@ -358,6 +447,15 @@ op.add_option('-S', '--no-sort', action='store_false', help='Do not sort or collate sections') op.add_option('-o', '--output', dest='output', default=None, metavar='FILE', help="write output to FILE") +op.add_option('-H', '--html', action='store_true', + dest='html', default=False, + help="generate an HTML fragment") +op.add_option('-1', '--first', action='store_true', + dest='firstOnly', default=False, + help="write only the first section") +op.add_option('-b', '--blog-format', action='store_true', + dest='blogOrder', default=False, + help="Write the header in blog order") options,args = op.parse_args() @@ -376,7 +474,12 @@ if fname != '-': nextline = None -CL = ChangeLog(wrapText=options.wrapText) +if options.html: + ChangeLogClass = HTMLChangeLog +else: + ChangeLogClass = ChangeLog + +CL = ChangeLogClass(wrapText=options.wrapText, blogOrder=options.blogOrder) parser = head_parser for line in sys.stdin: @@ -405,6 +508,9 @@ if options.sort: CL.dump() +if options.firstOnly: + sys.exit(0) + if nextline is not None: print nextline

1 0