December 2016 - tor-commits - lists.torproject.org

[torspec/master] remove extraneous word
by arma＠torproject.org 18 Dec '16

18 Dec '16

commit beee999a29c6e0c2a28044a6af70736530646505 Author: Roger Dingledine <arma(a)torproject.org> Date: Sun Dec 18 03:27:34 2016 -0500 remove extraneous word --- tor-spec.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tor-spec.txt b/tor-spec.txt index e7be756..af929d8 100644 --- a/tor-spec.txt +++ b/tor-spec.txt @@ -1298,7 +1298,7 @@ see tor-design.pdf. entire circuit rather than a particular stream use a StreamID of zero -- they are marked in the table above as "[control]" style cells. (Sendme cells are marked as "sometimes control" because they - can take include a StreamID or not depending on their purpose -- see + can include a StreamID or not depending on their purpose -- see Section 7.) The 'Length' field of a relay cell contains the number of bytes in

1 0

[torspec/master] fix typo in name
by arma＠torproject.org 18 Dec '16

18 Dec '16

commit 459882e322992436bfc210be2cb867aef38e381b Author: Roger Dingledine <arma(a)torproject.org> Date: Sun Dec 18 03:25:31 2016 -0500 fix typo in name (unless i'm wrong and this is a different sebastian) --- proposals/235-kill-named-flag.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/proposals/235-kill-named-flag.txt b/proposals/235-kill-named-flag.txt index 25849c5..3d03a91 100644 --- a/proposals/235-kill-named-flag.txt +++ b/proposals/235-kill-named-flag.txt @@ -1,6 +1,6 @@ Filename: 235-kill-named-flag.txt Title: Stop assigning (and eventually supporting) the Named flag -Authors: Sebastian Hahnn +Authors: Sebastian Hahn Created: 10 April 2014 Implemented-In: 0.2.6, 0.2.7 Status: Finished

1 0

[sandboxed-tor-browser/master] Fixed another comment. (No functional changes).
by yawning＠torproject.org 18 Dec '16

18 Dec '16

commit 99496ed70e2b891ede1b3c561c1d9a16335e74f3 Author: Yawning Angel <yawning(a)schwanenlied.me> Date: Sun Dec 18 06:27:32 2016 +0000 Fixed another comment. (No functional changes). --- src/cmd/sandboxed-tor-browser/internal/ui/config/config.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/cmd/sandboxed-tor-browser/internal/ui/config/config.go b/src/cmd/sandboxed-tor-browser/internal/ui/config/config.go index aa5a05a..ff5ef9e 100644 --- a/src/cmd/sandboxed-tor-browser/internal/ui/config/config.go +++ b/src/cmd/sandboxed-tor-browser/internal/ui/config/config.go @@ -313,7 +313,7 @@ type Config struct { // FirstLaunch is set for the first launch post install. FirstLaunch bool `json:"firstLaunch"` - // LastVersion is the last `sandboxed-tor`browser` version that wrote + // LastVersion is the last `sandboxed-tor-browser` version that wrote // the config file. LastVersion string `json:"lastVersion"`

1 0

[sandboxed-tor-browser/master] Fix a spelling mistake. (No functional changes).
by yawning＠torproject.org 18 Dec '16

18 Dec '16

commit 10550c8c2fc4b71cd83f28d131fe0d4317a80714 Author: Yawning Angel <yawning(a)schwanenlied.me> Date: Sun Dec 18 06:21:24 2016 +0000 Fix a spelling mistake. (No functional changes). --- src/cmd/sandboxed-tor-browser/internal/ui/config/config.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/cmd/sandboxed-tor-browser/internal/ui/config/config.go b/src/cmd/sandboxed-tor-browser/internal/ui/config/config.go index f9a0b1a..aa5a05a 100644 --- a/src/cmd/sandboxed-tor-browser/internal/ui/config/config.go +++ b/src/cmd/sandboxed-tor-browser/internal/ui/config/config.go @@ -310,7 +310,7 @@ type Config struct { // Sandbox is the sandbox configuration. Sandbox Sandbox `json:"sandbox,omitEmpty"` - // FirstLuach is set for the first launch post install. + // FirstLaunch is set for the first launch post install. FirstLaunch bool `json:"firstLaunch"` // LastVersion is the last `sandboxed-tor`browser` version that wrote

1 0

[sandboxed-tor-browser/master] Set the security slider to "High" by default on a fresh install.
by yawning＠torproject.org 18 Dec '16

18 Dec '16

commit d8c9273d27489353a6250a106c34951fc2aa4322 Author: Yawning Angel <yawning(a)schwanenlied.me> Date: Sun Dec 18 05:15:56 2016 +0000 Set the security slider to "High" by default on a fresh install. Before really fixing #21011, at least set the security slider to a more sensible default ("High"), on a fresh install. Users that update will see no difference, assuming they already set a value. --- ChangeLog | 1 + data/installer/mozilla.cfg | 3 +++ 2 files changed, 4 insertions(+) diff --git a/ChangeLog b/ChangeLog index 68d5376..956608f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,7 @@ Changes in version 0.0.3 - UNRELEASED: on certain pages. * Bug 20973: Silence Gdk warnings on systems with integrated png loader. * Bug 20806: Try even harder to exclude gstreamer. + * Set the security slider to "High" by default on a fresh install. * Store the version of the sandbox in the config file, and re-Sync() the config, and reinstall the `mozilla.cfg` when things change. * Include the git revision as a static asset, and display it as part of diff --git a/data/installer/mozilla.cfg b/data/installer/mozilla.cfg index 0943a24..1a63f7e 100644 --- a/data/installer/mozilla.cfg +++ b/data/installer/mozilla.cfg @@ -16,3 +16,6 @@ lockPref("extensions.torbutton.versioncheck_enabled", false); // Disable extension auto update. lockPref("extensions.update.enabled", false); lockPref("extensions.update.autoUpdateDefault", false); + +// Set the security slider to "High" by default. +pref("extensions.torbutton.security_slider", 1);

1 0

[sandboxed-tor-browser/master] Store the version of the sandbox in the config file, and re-Sync() the config, and reinstall the `mozilla.cfg` when things change.
by yawning＠torproject.org 18 Dec '16

18 Dec '16

commit c168f0854cec19a55d5401ae822c450e64760ef7 Author: Yawning Angel <yawning(a)schwanenlied.me> Date: Sun Dec 18 03:57:12 2016 +0000 Store the version of the sandbox in the config file, and re-Sync() the config, and reinstall the `mozilla.cfg` when things change. This is version + revision based, which should aid in debugging, and help to ensure that the various configuration bits and peices are in a coherent state. --- ChangeLog | 2 ++ .../sandboxed-tor-browser/internal/ui/config/config.go | 17 ++++++++++++++--- src/cmd/sandboxed-tor-browser/internal/ui/ui.go | 10 +++++++++- 3 files changed, 25 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 5555cce..68d5376 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,8 @@ Changes in version 0.0.3 - UNRELEASED: on certain pages. * Bug 20973: Silence Gdk warnings on systems with integrated png loader. * Bug 20806: Try even harder to exclude gstreamer. + * Store the version of the sandbox in the config file, and re-Sync() the + config, and reinstall the `mozilla.cfg` when things change. * Include the git revision as a static asset, and display it as part of the `--version` output. * Fix a nil pointer deref on SIGINT received durring bootstrap. diff --git a/src/cmd/sandboxed-tor-browser/internal/ui/config/config.go b/src/cmd/sandboxed-tor-browser/internal/ui/config/config.go index d0af260..f9a0b1a 100644 --- a/src/cmd/sandboxed-tor-browser/internal/ui/config/config.go +++ b/src/cmd/sandboxed-tor-browser/internal/ui/config/config.go @@ -313,6 +313,10 @@ type Config struct { // FirstLuach is set for the first launch post install. FirstLaunch bool `json:"firstLaunch"` + // LastVersion is the last `sandboxed-tor`browser` version that wrote + // the config file. + LastVersion string `json:"lastVersion"` + // UseSystemTor indicates if a system tor daemon should be used. UseSystemTor bool `json:"-"` @@ -337,6 +341,10 @@ type Config struct { // ConfigDir is `XDG_CONFIG_HOME/appDir`. ConfigDir string `json:"-"` + // ConfigVersionChanged indicates that the config file was from an old + // version. + ConfigVersionChanged bool `json:"-"` + isDirty bool path string manifestPath string @@ -417,7 +425,7 @@ func (cfg *Config) ResetDirty() { // New creates a new config object and populates it with the configuration // from disk if available, default values otherwise. -func New() (*Config, error) { +func New(version string) (*Config, error) { const ( envControlPort = "TOR_CONTROL_PORT" envRuntimeDir = "XDG_RUNTIME_DIR" @@ -483,16 +491,19 @@ func New() (*Config, error) { } // Load the config file. + cfg.isDirty = true if b, err := ioutil.ReadFile(cfg.path); err != nil { // File not found, or failed to read. if !os.IsNotExist(err) { return nil, err } - cfg.isDirty = true } else if err = json.Unmarshal(b, &cfg); err != nil { return nil, err + } else if cfg.LastVersion != version { + // The version changed, we want to re-Sync(). + cfg.LastVersion = version + cfg.ConfigVersionChanged = true } else { - // File exists and was successfully deserialized. cfg.isDirty = false } diff --git a/src/cmd/sandboxed-tor-browser/internal/ui/ui.go b/src/cmd/sandboxed-tor-browser/internal/ui/ui.go index 969d7c0..cd3767c 100644 --- a/src/cmd/sandboxed-tor-browser/internal/ui/ui.go +++ b/src/cmd/sandboxed-tor-browser/internal/ui/ui.go @@ -122,7 +122,7 @@ func (c *Common) Init() error { flag.StringVar(&c.logPath, "l", "", "Specify a log file.") // Initialize/load the config file. - if c.Cfg, err = config.New(); err != nil { + if c.Cfg, err = config.New(Version + "-" + Revision); err != nil { return err } if c.Manif, err = config.LoadManifest(c.Cfg); err != nil { @@ -140,6 +140,14 @@ func (c *Common) Init() error { BundleChannels[c.Cfg.Architecture] = channels } + // If the config is clearly from an old version, re-assert our will over + // firefox, by re-writing the autoconfig files. + if c.Cfg.ConfigVersionChanged { + if err = writeAutoconfig(c.Cfg); err != nil { + return err + } + } + if c.Manif != nil { if err = c.Manif.Sync(); err != nil { return err

1 0

[sandboxed-tor-browser/master] fixup! Include the git revision as a static asset, and display it as part of the `--version` output.
by yawning＠torproject.org 18 Dec '16

18 Dec '16

commit 0d8036073452a3528fad5ea553adffb91147fdfe Author: Yawning Angel <yawning(a)schwanenlied.me> Date: Sun Dec 18 03:33:37 2016 +0000 fixup! Include the git revision as a static asset, and display it as part of the `--version` output. --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index 88d2e2d..5555cce 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,8 @@ Changes in version 0.0.3 - UNRELEASED: on certain pages. * Bug 20973: Silence Gdk warnings on systems with integrated png loader. * Bug 20806: Try even harder to exclude gstreamer. + * Include the git revision as a static asset, and display it as part of + the `--version` output. * Fix a nil pointer deref on SIGINT received durring bootstrap. * Per the browser developers, the initial 7.0 alpha builds will not be ESR52 based, with a switch mid-alpha series, so keep the Grsec PaX override

1 0

[translation/https_everywhere_completed] Update translations for https_everywhere_completed
by translation＠torproject.org 18 Dec '16

18 Dec '16

commit e1f8f08388047af7d9a6351a534c9d502963baac Author: Translation commit bot <translation(a)torproject.org> Date: Sun Dec 18 01:45:36 2016 +0000 Update translations for https_everywhere_completed --- pt_BR/ssl-observatory.dtd | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pt_BR/ssl-observatory.dtd b/pt_BR/ssl-observatory.dtd index cbabb52..928e8de 100644 --- a/pt_BR/ssl-observatory.dtd +++ b/pt_BR/ssl-observatory.dtd @@ -41,7 +41,7 @@ to turn it on?">--> "Quando você vir um novo certificado, comunique ao Observatório o ISP ao qual você estiver conectado"> <!ENTITY ssl-observatory.prefs.asn_tooltip -"Isto irá buscar e enviar o “O número do Sistema Autônomo” da sua rede. Isto irá nos ajudar a localizar ataques contra o HTTPS, e a determinar se nós temos observações das redes localizadas em lugares como o Irã e a Síria, onde estes ataques são relativamente mais comuns."> +"Isto irá buscar e enviar o “O número do Sistema Autônomo” da sua rede. Isto nos ajudará a localizar ataques contra o HTTPS, e a determinar se nós temos observações das redes localizadas em lugares como o Irã e a Síria, onde estes ataques são relativamente mais comuns."> <!ENTITY ssl-observatory.prefs.show_cert_warning "Mostrar uma advertência quando o Observatório detectar um certificado revogado e não identificado pelo seu navegador"> @@ -52,7 +52,7 @@ to turn it on?">--> <!ENTITY ssl-observatory.prefs.done "Pronto"> <!ENTITY ssl-observatory.prefs.explanation -"O HTTPS Everywhere pode usar o Observatório SSL da EFFs para realizar duas funções: (1) Enviar cópias dos certificados HTTPS ao Observatório, o que nos ajuda +"O HTTPS Everywhere pode usar o Observatório SSL da EFFs. Isto para realizar duas funções: (1) Enviar cópias dos certificados HTTPS ao Observatório, para nos ajudar a detectar o "homem do meio" destes ataques e melhorar a segurança da Web; e (2) Avisar-nos sobre possíveis conexões não-confiáveis ou ataques ao seu navegador."> @@ -78,7 +78,7 @@ recebido pelo Observatório indicará que alguém visitou esse site, mas não qu "Submeter e verificar os certificados para nomes de DNS que não sejam públicos"> <!ENTITY ssl-observatory.prefs.priv_dns_tooltip -"A não ser que esta opção esteja ativada, o Observatório não registrará os certificados de nomes impossíveis de processar através do sistema DNS."> +"A não ser que esta opção esteja ativada, o Observatório não registrará os certificados de nomes que são impossíveis de processar através do sistema DNS."> <!ENTITY ssl-observatory.prefs.show "Mostrar opções avançadas"> @@ -86,7 +86,7 @@ recebido pelo Observatório indicará que alguém visitou esse site, mas não qu <!ENTITY ssl-observatory.prefs.use "Usar este Observatório?"> <!ENTITY ssl-observatory.warning.title "AVISO do Observatório SSL de EFF"> -<!ENTITY ssl-observatory.warning.showcert "Mostrar a corrente do certificado"> +<!ENTITY ssl-observatory.warning.showcert "Mostrar a cadeia de certificado"> <!ENTITY ssl-observatory.warning.okay "Eu entendo"> <!ENTITY ssl-observatory.warning.text "O Observatório SSL de EFF emitiu um aviso sobre o(s) certificados(s) HTTPS para este site:"> <!ENTITY ssl-observatory.warning.defense "Se você estiver registrado neste site, é conselhável trocar a sua senha assim que você tiver uma conexão segura. (Essas advertências podem ser desabilitadas na opção "Observatório SSL" na seção Preferências da caixa de diálogo do HTTP Everywhere).">

1 0

[translation/https_everywhere] Update translations for https_everywhere
by translation＠torproject.org 18 Dec '16

18 Dec '16

commit 819b4f3f8a84c5590ef10d637dc84d52c65ee883 Author: Translation commit bot <translation(a)torproject.org> Date: Sun Dec 18 01:45:29 2016 +0000 Update translations for https_everywhere --- pt_BR/ssl-observatory.dtd | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pt_BR/ssl-observatory.dtd b/pt_BR/ssl-observatory.dtd index cbabb52..928e8de 100644 --- a/pt_BR/ssl-observatory.dtd +++ b/pt_BR/ssl-observatory.dtd @@ -41,7 +41,7 @@ to turn it on?">--> "Quando você vir um novo certificado, comunique ao Observatório o ISP ao qual você estiver conectado"> <!ENTITY ssl-observatory.prefs.asn_tooltip -"Isto irá buscar e enviar o “O número do Sistema Autônomo” da sua rede. Isto irá nos ajudar a localizar ataques contra o HTTPS, e a determinar se nós temos observações das redes localizadas em lugares como o Irã e a Síria, onde estes ataques são relativamente mais comuns."> +"Isto irá buscar e enviar o “O número do Sistema Autônomo” da sua rede. Isto nos ajudará a localizar ataques contra o HTTPS, e a determinar se nós temos observações das redes localizadas em lugares como o Irã e a Síria, onde estes ataques são relativamente mais comuns."> <!ENTITY ssl-observatory.prefs.show_cert_warning "Mostrar uma advertência quando o Observatório detectar um certificado revogado e não identificado pelo seu navegador"> @@ -52,7 +52,7 @@ to turn it on?">--> <!ENTITY ssl-observatory.prefs.done "Pronto"> <!ENTITY ssl-observatory.prefs.explanation -"O HTTPS Everywhere pode usar o Observatório SSL da EFFs para realizar duas funções: (1) Enviar cópias dos certificados HTTPS ao Observatório, o que nos ajuda +"O HTTPS Everywhere pode usar o Observatório SSL da EFFs. Isto para realizar duas funções: (1) Enviar cópias dos certificados HTTPS ao Observatório, para nos ajudar a detectar o "homem do meio" destes ataques e melhorar a segurança da Web; e (2) Avisar-nos sobre possíveis conexões não-confiáveis ou ataques ao seu navegador."> @@ -78,7 +78,7 @@ recebido pelo Observatório indicará que alguém visitou esse site, mas não qu "Submeter e verificar os certificados para nomes de DNS que não sejam públicos"> <!ENTITY ssl-observatory.prefs.priv_dns_tooltip -"A não ser que esta opção esteja ativada, o Observatório não registrará os certificados de nomes impossíveis de processar através do sistema DNS."> +"A não ser que esta opção esteja ativada, o Observatório não registrará os certificados de nomes que são impossíveis de processar através do sistema DNS."> <!ENTITY ssl-observatory.prefs.show "Mostrar opções avançadas"> @@ -86,7 +86,7 @@ recebido pelo Observatório indicará que alguém visitou esse site, mas não qu <!ENTITY ssl-observatory.prefs.use "Usar este Observatório?"> <!ENTITY ssl-observatory.warning.title "AVISO do Observatório SSL de EFF"> -<!ENTITY ssl-observatory.warning.showcert "Mostrar a corrente do certificado"> +<!ENTITY ssl-observatory.warning.showcert "Mostrar a cadeia de certificado"> <!ENTITY ssl-observatory.warning.okay "Eu entendo"> <!ENTITY ssl-observatory.warning.text "O Observatório SSL de EFF emitiu um aviso sobre o(s) certificados(s) HTTPS para este site:"> <!ENTITY ssl-observatory.warning.defense "Se você estiver registrado neste site, é conselhável trocar a sua senha assim que você tiver uma conexão segura. (Essas advertências podem ser desabilitadas na opção "Observatório SSL" na seção Preferências da caixa de diálogo do HTTP Everywhere).">

1 0

[tor/release-0.2.9] Blurb for 029; tighten releasenotes sections.
by nickm＠torproject.org 17 Dec '16

17 Dec '16

commit a708518ecbd7256e4c0467ef1dc26894df8ceb3f Author: Nick Mathewson <nickm(a)torproject.org> Date: Sat Dec 17 16:43:38 2016 -0500 Blurb for 029; tighten releasenotes sections. --- ReleaseNotes.029 | 214 +++++++++++++++++++++++++------------------------------ 1 file changed, 98 insertions(+), 116 deletions(-) diff --git a/ReleaseNotes.029 b/ReleaseNotes.029 index 53842ea..40d2a02 100644 --- a/ReleaseNotes.029 +++ b/ReleaseNotes.029 @@ -3,11 +3,55 @@ into the ReleaseNotes file before stable.] [These are changes since 0.2.8.11] + Tor 0.2.9.8 is the first stable release of Tor 0.2.9. - o Required libraries: + The Tor 0.2.9 series makes mandatory a number of security features + that were formerly optional. It includes support for a new + shared-randomness protocol that will form the basis for next + generation hidden services, includes a single-hop hidden service + mode for optimizing .onion services that don't actually want to be + hidden, tries harder not to overload the directory authorities with + excessive downloads, and supports a better protocol versioniing + scheme for improved compatibility with other implementations of the + Tor protocol. + + And of course, there are other bugfixes and improvements, listed + here. Below are listed the changes since Tor 0.2.8.11. + + o New system requirements: - When building with OpenSSL, Tor now requires version 1.0.1 or later. OpenSSL 1.0.0 and earlier are no longer supported by the OpenSSL team, and should not be used. Closes ticket 20303. + - Tor now requires Libevent version 2.0.10-stable or later. Older + versions of Libevent have less efficient backends for several + platforms, and lack the DNS code that we use for our server-side + DNS support. This implements ticket 19554. + - Tor now requires zlib version 1.2 or later, for security, + efficiency, and (eventually) gzip support. (Back when we started, + zlib 1.1 and zlib 1.0 were still found in the wild. 1.2 was + released in 2003. We recommend the latest version.) + + o Deprecated features: + - A number of DNS-cache-related sub-options for client ports are now + deprecated for security reasons, and may be removed in a future + version of Tor. (We believe that client-side DNS cacheing is a bad + idea for anonymity, and you should not turn it on.) The options + are: CacheDNS, CacheIPv4DNS, CacheIPv6DNS, UseDNSCache, + UseIPv4Cache, and UseIPv6Cache. + - A number of options are deprecated for security reasons, and may + be removed in a future version of Tor. The options are: + AllowDotExit, AllowInvalidNodes, AllowSingleHopCircuits, + AllowSingleHopExits, ClientDNSRejectInternalAddresses, + CloseHSClientCircuitsImmediatelyOnTimeout, + CloseHSServiceRendCircuitsImmediatelyOnTimeout, + ExcludeSingleHopRelays, FastFirstHopPK, TLSECGroup, + UseNTorHandshake, and WarnUnsafeSocks. + - The *ListenAddress options are now deprecated as unnecessary: the + corresponding *Port options should be used instead. These options + may someday be removed. The affected options are: + ControlListenAddress, DNSListenAddress, DirListenAddress, + NATDListenAddress, ORListenAddress, SocksListenAddress, + and TransListenAddress. o Major features (build, hardening): - Tor now builds with -ftrapv by default on compilers that support @@ -91,22 +135,15 @@ into the ReleaseNotes file before stable.] releases of Tor itself. Closes ticket 19958; implements part of proposal 264. - o Major features (user interface): - - Tor now supports the ability to declare options deprecated, so - that we can recommend that people stop using them. Previously, - this was done in an ad-hoc way. Closes ticket 19820. - o Major bugfixes (circuit building): - Hidden service client-to-intro-point and service-to-rendezvous- point cicruits use the TAP key supplied by the protocol, to avoid epistemic attacks. Fixes bug 19163; bugfix on 0.2.4.18-rc. - o Major bugfixes (directory downloads): + o Major bugfixes (download scheduling): - Avoid resetting download status for consensuses hourly, since we already have another, smarter retry mechanism. Fixes bug 8625; bugfix on 0.2.0.9-alpha. - - o Major bugfixes (download scheduling): - If a consensus expires while we are waiting for certificates to download, stop waiting for certificates. - If we stop waiting for certificates less than a minute after we @@ -125,13 +162,11 @@ into the ReleaseNotes file before stable.] ExitPolicyRejectLocalInterfaces is set. Fixes bug 18456; bugfix on 0.2.7.2-alpha. Patch by teor. - o Major bugfixes (hidden service client): + o Major bugfixes (hidden services): - Allow Tor clients with appropriate controllers to work with FetchHidServDescriptors set to 0. Previously, this option also disabled descriptor cache lookup, thus breaking hidden services entirely. Fixes bug 18704; bugfix on 0.2.0.20-rc. Patch by "twim". - - o Major bugfixes (hidden services): - Clients now require hidden services to include the TAP keys for their intro points in the hidden service descriptor. This prevents an inadvertent upgrade to ntor, which a malicious hidden service @@ -276,23 +311,6 @@ into the ReleaseNotes file before stable.] we don't count them when we're generating test coverage data. Update our coverage tools to understand this convention. Closes ticket 16792. - - o Minor features (testing, ipv6): - - Add the hs-ipv6 chutney target to make test-network-all's IPv6 - tests. Remove bridges+hs, as it's somewhat redundant. This - requires a recent chutney version that supports IPv6 clients, - relays, and authorities. Closes ticket 20069; patch by teor. - - Add the single-onion and single-onion-ipv6 chutney targets to - "make test-network-all". This requires a recent chutney version - with the single onion network flavours (git c72a652 or later). - Closes ticket 20072; patch by teor. - - o Minor features (Tor2web): - - Make Tor2web clients respect ReachableAddresses. This feature was - inadvertently enabled in 0.2.8.6, then removed by bugfix 19973 on - 0.2.8.7. Implements feature 20034. Patch by teor. - - o Minor features (unit tests): - Our link-handshake unit tests now check that when invalid handshakes fail, they fail with the error messages we expected. - Our unit testing code that captures log messages no longer @@ -311,6 +329,21 @@ into the ReleaseNotes file before stable.] assertion as a test failure. - We've done significant work to make the unit tests run faster. + o Minor features (testing, ipv6): + - Add the hs-ipv6 chutney target to make test-network-all's IPv6 + tests. Remove bridges+hs, as it's somewhat redundant. This + requires a recent chutney version that supports IPv6 clients, + relays, and authorities. Closes ticket 20069; patch by teor. + - Add the single-onion and single-onion-ipv6 chutney targets to + "make test-network-all". This requires a recent chutney version + with the single onion network flavours (git c72a652 or later). + Closes ticket 20072; patch by teor. + + o Minor features (Tor2web): + - Make Tor2web clients respect ReachableAddresses. This feature was + inadvertently enabled in 0.2.8.6, then removed by bugfix 19973 on + 0.2.8.7. Implements feature 20034. Patch by teor. + o Minor features (unix domain sockets): - When configuring a unix domain socket for a SocksPort, ControlPort, or Hidden service, you can now wrap the address in @@ -318,6 +351,9 @@ into the ReleaseNotes file before stable.] domain socket paths to contain spaces. o Minor features (user interface): + - Tor now supports the ability to declare options deprecated, so + that we can recommend that people stop using them. Previously, + this was done in an ad-hoc way. Closes ticket 19820. - There is a new --list-deprecated-options command-line option to list all of the deprecated options. Implemented as part of ticket 19820. @@ -358,12 +394,6 @@ into the ReleaseNotes file before stable.] certificates. This change improves bootstrapping performance. Fixes bug 18963; bugfix on 0.2.8.1-alpha. - o Minor bugfixes (build): - - The test-stem and test-network makefile targets now depend only on - the tor binary that they are testing. Previously, they depended on - "make all". Fixes bug 18240; bugfix on 0.2.8.2-alpha. Based on a - patch from "cypherpunks". - o Minor bugfixes (circuits): - Make sure extend_info_from_router() is only called on servers. Fixes bug 19639; bugfix on 0.2.8.1-alpha. @@ -388,11 +418,11 @@ into the ReleaseNotes file before stable.] - When building with Clang, use a full set of GCC warnings. (Previously, we included only a subset, because of the way we detected them.) Fixes bug 19216; bugfix on 0.2.0.1-alpha. - - o Minor bugfixes (compilation, OpenBSD): - Detect Libevent2 functions correctly on systems that provide libevent2, but where libevent1 is linked with -levent. Fixes bug 19904; bugfix on 0.2.2.24-alpha. Patch from Rubiate. + - Run correctly when built on Windows build environments that + require _vcsprintf(). Fixes bug 20560; bugfix on 0.2.2.11-alpha. o Minor bugfixes (configuration): - When parsing quoted configuration values from the torrc file, @@ -415,26 +445,6 @@ into the ReleaseNotes file before stable.] order to avoid comparing bytes out-of-bounds with a smaller digest length such as SHA1. Fixes bug 19066; bugfix on 0.2.2.6-alpha. - o Minor bugfixes (documentation): - - Document the --passphrase-fd option in the tor manpage. Fixes bug - 19504; bugfix on 0.2.7.3-rc. - - Document the default PathsNeededToBuildCircuits value that's used - by clients when the directory authorities don't set - min_paths_for_circs_pct. Fixes bug 20117; bugfix on 02c320916e02 - in tor-0.2.4.10-alpha. Patch by teor, reported by Jesse V. - - Fix manual for the User option: it takes a username, not a UID. - Fixes bug 19122; bugfix on 0.0.2pre16 (the first version to have - a manpage!). - - Fix the description of the --passphrase-fd option in the - tor-gencert manpage. The option is used to pass the number of a - file descriptor to read the passphrase from, not to read the file - descriptor from. Fixes bug 19505; bugfix on 0.2.0.20-alpha. - - o Minor bugfixes (ephemeral hidden service): - - When deleting an ephemeral hidden service, close its intro points - even if they are not completely open. Fixes bug 18604; bugfix - on 0.2.7.1-alpha. - o Minor bugfixes (getpass): - Defensively fix a non-triggerable heap corruption at do_getpass() to protect ourselves from mistakes in the future. Fixes bug @@ -450,21 +460,20 @@ into the ReleaseNotes file before stable.] parameter is not provided. Fixes bug 17688; bugfix on 0.2.5.6-alpha. - o Minor bugfixes (hidden service client): + o Minor bugfixes (hidden services): - Increase the minimum number of internal circuits we preemptively build from 2 to 3, so a circuit is available when a client connects to another onion service. Fixes bug 13239; bugfix on 0.1.0.1-rc. - - o Minor bugfixes (hidden service): - Allow hidden services to run on IPv6 addresses even when the IPv6Exit option is not set. Fixes bug 18357; bugfix on 0.2.4.7-alpha. - - o Minor bugfixes (hidden services): - Stop logging intro point details to the client log on certain error conditions. Fixed as part of bug 20012; bugfix on 0.2.4.8-alpha. Patch by teor. + - When deleting an ephemeral hidden service, close its intro points + even if they are not completely open. Fixes bug 18604; bugfix + on 0.2.7.1-alpha. - When configuring hidden services, check every hidden service directory's permissions. Previously, we only checked the last hidden service. Fixes bug 20529; bugfix the work to fix 13942 @@ -501,13 +510,9 @@ into the ReleaseNotes file before stable.] - When moving a signed descriptor object from a source to an existing destination, free the allocated memory inside that destination object. Fixes bug 20715; bugfix on tor-0.2.8.3-alpha. - - o Minor bugfixes (memory leak, use-after-free, linux seccomp2 sandbox): - Fix a memory leak and use-after-free error when removing entries from the sandbox's getaddrinfo() cache. Fixes bug 20710; bugfix on 0.2.5.5-alpha. Patch from "cypherpunks". - - o Minor bugfixes (memory leaks): - Fix a small, uncommon memory leak that could occur when reading a truncated ed25519 key file. Fixes bug 18956; bugfix on 0.2.6.1-alpha. @@ -528,18 +533,9 @@ into the ReleaseNotes file before stable.] commits 51fc6799 in tor-0.1.1.16-rc and acda1735 in tor-0.2.4.3- alpha. Patch by teor. - o Minor bugfixes (portability): - - Run correctly when built on Windows build environments that - require _vcsprintf(). Fixes bug 20560; bugfix on 0.2.2.11-alpha. - - Use ECDHE ciphers instead of ECDH in tortls tests. LibreSSL has - removed the ECDH ciphers which caused the tests to fail on - platforms which use it. Fixes bug 20460; bugfix on 0.2.8.1-alpha. - - o Minor bugfixes (relay bootstrap): + o Minor bugfixes (relay): - Ensure relays don't make multiple connections during bootstrap. Fixes bug 20591; bugfix on 0.2.8.1-alpha. - - o Minor bugfixes (relay): - Avoid a small memory leak when informing worker threads about rotated onion keys. Fixes bug 20401; bugfix on 0.2.6.3-alpha. - Do not try to parallelize workers more than 16x without the user @@ -547,6 +543,10 @@ into the ReleaseNotes file before stable.] 16 CPU cores. Fixes bug 19968; bugfix on 0.2.3.1-alpha. o Minor bugfixes (testing): + - The test-stem and test-network makefile targets now depend only on + the tor binary that they are testing. Previously, they depended on + "make all". Fixes bug 18240; bugfix on 0.2.8.2-alpha. Based on a + patch from "cypherpunks". - Allow clients to retry HSDirs much faster in test networks. Fixes bug 19702; bugfix on 0.2.7.1-alpha. Patch by teor. - Avoid a unit test failure on systems with over 16 detectable CPU @@ -558,6 +558,15 @@ into the ReleaseNotes file before stable.] - Fix the test-network-all target on out-of-tree builds by using the correct path to the test driver script. Fixes bug 19421; bugfix on 0.2.7.3-rc. + - Stop spurious failures in the local interface address discovery + unit tests. Fixes bug 20634; bugfix on 0.2.8.1-alpha; patch by + Neel Chauhan. + - Use ECDHE ciphers instead of ECDH in tortls tests. LibreSSL has + removed the ECDH ciphers which caused the tests to fail on + platforms which use it. Fixes bug 20460; bugfix on 0.2.8.1-alpha. + - The tor_tls_server_info_callback unit test no longer crashes when + debug-level logging is turned on. Fixes bug 20041; bugfix + on 0.2.8.1-alpha. o Minor bugfixes (time): - Improve overflow checks in tv_udiff and tv_mdiff. Fixes bug 19483; @@ -572,14 +581,6 @@ into the ReleaseNotes file before stable.] are not anonymous due to the one-hop client paths. Fixes bug 19678. Patch by teor. - o Minor bugfixes (unit tests): - - Stop spurious failures in the local interface address discovery - unit tests. Fixes bug 20634; bugfix on 0.2.8.1-alpha; patch by - Neel Chauhan. - - The tor_tls_server_info_callback unit test no longer crashes when - debug-level logging is turned on. Fixes bug 20041; bugfix - on 0.2.8.1-alpha. - o Minor bugfixes (user interface): - Display a more accurate number of suppressed messages in the log rate-limiter. Previously, there was a potential integer overflow @@ -597,28 +598,6 @@ into the ReleaseNotes file before stable.] - Split the 600-line directory_handle_command_get function into separate functions for different URL types. Closes ticket 16698. - o Deprecated features: - - A number of DNS-cache-related sub-options for client ports are now - deprecated for security reasons, and may be removed in a future - version of Tor. (We believe that client-side DNS cacheing is a bad - idea for anonymity, and you should not turn it on.) The options - are: CacheDNS, CacheIPv4DNS, CacheIPv6DNS, UseDNSCache, - UseIPv4Cache, and UseIPv6Cache. - - A number of options are deprecated for security reasons, and may - be removed in a future version of Tor. The options are: - AllowDotExit, AllowInvalidNodes, AllowSingleHopCircuits, - AllowSingleHopExits, ClientDNSRejectInternalAddresses, - CloseHSClientCircuitsImmediatelyOnTimeout, - CloseHSServiceRendCircuitsImmediatelyOnTimeout, - ExcludeSingleHopRelays, FastFirstHopPK, TLSECGroup, - UseNTorHandshake, and WarnUnsafeSocks. - - The *ListenAddress options are now deprecated as unnecessary: the - corresponding *Port options should be used instead. These options - may someday be removed. The affected options are: - ControlListenAddress, DNSListenAddress, DirListenAddress, - NATDListenAddress, ORListenAddress, SocksListenAddress, - and TransListenAddress. - o Documentation: - Add module-level internal documentation for 36 C files that previously didn't have a high-level overview. Closes ticket #20385. @@ -630,16 +609,19 @@ into the ReleaseNotes file before stable.] ticket 19153. Patch from "U+039b". - Module-level documentation for several more modules. Closes tickets 19287 and 19290. - - o New system requirements: - - Tor now requires Libevent version 2.0.10-stable or later. Older - versions of Libevent have less efficient backends for several - platforms, and lack the DNS code that we use for our server-side - DNS support. This implements ticket 19554. - - Tor now requires zlib version 1.2 or later, for security, - efficiency, and (eventually) gzip support. (Back when we started, - zlib 1.1 and zlib 1.0 were still found in the wild. 1.2 was - released in 2003. We recommend the latest version.) + - Document the --passphrase-fd option in the tor manpage. Fixes bug + 19504; bugfix on 0.2.7.3-rc. + - Document the default PathsNeededToBuildCircuits value that's used + by clients when the directory authorities don't set + min_paths_for_circs_pct. Fixes bug 20117; bugfix on 02c320916e02 + in tor-0.2.4.10-alpha. Patch by teor, reported by Jesse V. + - Fix manual for the User option: it takes a username, not a UID. + Fixes bug 19122; bugfix on 0.0.2pre16 (the first version to have + a manpage!). + - Fix the description of the --passphrase-fd option in the + tor-gencert manpage. The option is used to pass the number of a + file descriptor to read the passphrase from, not to read the file + descriptor from. Fixes bug 19505; bugfix on 0.2.0.20-alpha. o Removed code: - We no longer include the (dead, deprecated) bufferevent code in

1 0