tor-commits March 2016

tor-commits@lists.torproject.org

16 participants
1259 discussions

[tor/master] typo fix
by nickm＠torproject.org 28 Mar '16

28 Mar '16

commit a0f0e43c8722d99b8e969a1382157278c2f6d994 Author: Nick Mathewson <nickm(a)torproject.org> Date: Mon Mar 28 11:22:12 2016 -0400 typo fix --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 730078c..8d70e29 100644 --- a/ChangeLog +++ b/ChangeLog @@ -257,7 +257,7 @@ Changes in version 0.2.8.2-alpha - 2016-03-28 by "toralf", patch by "cypherpunks". - Fix a memory leak in tor-gencert. Fixes part of bug 18672; bugfix on 0.2.0.1-alpha. - - Fix a memory leak in "tor --list-figngerprint". Fixes part of bug + - Fix a memory leak in "tor --list-fingerprint". Fixes part of bug 18672; bugfix on 0.2.5.1-alpha. o Minor bugfixes (private directory):

1 0

[tor/master] Rescroll changelog
by nickm＠torproject.org 28 Mar '16

28 Mar '16

commit 362d712aa83e423481dd1c1c5dab1e3106d480d0 Author: Nick Mathewson <nickm(a)torproject.org> Date: Mon Mar 28 11:10:45 2016 -0400 Rescroll changelog --- ChangeLog | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index b505df4..730078c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,8 +1,8 @@ Changes in version 0.2.8.2-alpha - 2016-03-28 Tor 0.2.8.2-alpha is the second alpha in its series. It fixes numerous bugs in earlier versions of Tor, including some that prevented - authorities using Tor 0.2.7.x from running correctly. IPv6 and directory - support should also be much improved. + authorities using Tor 0.2.7.x from running correctly. IPv6 and + directory support should also be much improved. o New system requirements: - Tor no longer supports versions of OpenSSL with a broken @@ -213,8 +213,8 @@ Changes in version 0.2.8.2-alpha - 2016-03-28 directory (there are 6 overall) and the seventh one would fail because no directories were left, thereby triggering a close on all current directory connections asking for the hidden service. - The solution here is to not close the connections if we - have pending directory fetches. Fixes bug 15937; bugfix + The solution here is to not close the connections if we have + pending directory fetches. Fixes bug 15937; bugfix on tor-0.2.7.1-alpha. o Minor bugfixes (hidden service, control port):

1 0

[tor/master] grammar fixes from sebastian
by nickm＠torproject.org 28 Mar '16

28 Mar '16

commit b755f57dcc6f91e523e47398a0fb6b9760646b9b Author: Nick Mathewson <nickm(a)torproject.org> Date: Mon Mar 28 11:10:34 2016 -0400 grammar fixes from sebastian --- ChangeLog | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index 20ad258..b505df4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,7 +1,7 @@ Changes in version 0.2.8.2-alpha - 2016-03-28 Tor 0.2.8.2-alpha is the second alpha in its series. It fixes numerous bugs in earlier versions of Tor, including some that prevented - authorities using Tor 0.2.7 from running correctly. IPv6 and directory + authorities using Tor 0.2.7.x from running correctly. IPv6 and directory support should also be much improved. o New system requirements: @@ -38,7 +38,7 @@ Changes in version 0.2.8.2-alpha - 2016-03-28 sanitizer. Fixes bug 14821; bugfix on 0.2.5.4-alpha. o Major bugfixes (crash on shutdown): - - Fix a segfault during startup: If Unix domain socket was + - Fix a segfault during startup: If a Unix domain socket was configured as listener (such as a ControlSocket or a SocksPort "unix:" socket), and tor was started as root but not configured to switch to another user, tor would segfault while trying to string @@ -120,9 +120,9 @@ Changes in version 0.2.8.2-alpha - 2016-03-28 to 1, tor prefers IPv6 directory addresses. - Add ClientUseIPv4, which is set to 1 by default. If set to 0, tor avoids using IPv4 for client OR and directory connections. - - Try harder to fulfil IP version restrictions ClientUseIPv4 0 and - ClientUseIPv6 0; and the preferences ClientPreferIPv6ORPort and - ClientPreferIPv6DirPort. Closes ticket 17840; patch by "teor". + - Try harder to obey the IP version restrictions "ClientUseIPv4 0", + "ClientUseIPv6 0", "ClientPreferIPv6ORPort", and + "ClientPreferIPv6DirPort". Closes ticket 17840; patch by "teor". o Minor features (linux seccomp2 sandbox): - Reject attempts to change our Address with "Sandbox 1" enabled. @@ -213,8 +213,8 @@ Changes in version 0.2.8.2-alpha - 2016-03-28 directory (there are 6 overall) and the seventh one would fail because no directories were left, thereby triggering a close on all current directory connections asking for the hidden service. - The solution here is to not close the directory connections if we - have pending directory fetch. Fixes bug 15937; bugfix + The solution here is to not close the connections if we + have pending directory fetches. Fixes bug 15937; bugfix on tor-0.2.7.1-alpha. o Minor bugfixes (hidden service, control port):

1 0

[tor/master] Fix a version number in the changelog
by nickm＠torproject.org 28 Mar '16

28 Mar '16

commit 65db5ae566d463dd682a2f63ddf448d04101dab6 Author: Nick Mathewson <nickm(a)torproject.org> Date: Mon Mar 28 10:26:31 2016 -0400 Fix a version number in the changelog --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index f13c0bf..20ad258 100644 --- a/ChangeLog +++ b/ChangeLog @@ -258,7 +258,7 @@ Changes in version 0.2.8.2-alpha - 2016-03-28 - Fix a memory leak in tor-gencert. Fixes part of bug 18672; bugfix on 0.2.0.1-alpha. - Fix a memory leak in "tor --list-figngerprint". Fixes part of bug - 18672; bugfix on 0.2.0.1-alpha. + 18672; bugfix on 0.2.5.1-alpha. o Minor bugfixes (private directory): - Prevent a race condition when creating private directories. Fixes

1 0

[tor/master] Fix a memory leak in tor-gencert.
by nickm＠torproject.org 28 Mar '16

28 Mar '16

commit 1d315b28a21330863039ce27c1996e2a47544fc6 Author: Nick Mathewson <nickm(a)torproject.org> Date: Mon Mar 28 10:06:05 2016 -0400 Fix a memory leak in tor-gencert. This way I can run chutney under asan. Fixes part of 18672. --- src/tools/tor-gencert.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/src/tools/tor-gencert.c b/src/tools/tor-gencert.c index 4e5e1dc..c050667 100644 --- a/src/tools/tor-gencert.c +++ b/src/tools/tor-gencert.c @@ -402,6 +402,7 @@ key_to_string(EVP_PKEY *key) b = BIO_new(BIO_s_mem()); if (!PEM_write_bio_RSAPublicKey(b, rsa)) { crypto_log_errors(LOG_WARN, "writing public key to string"); + RSA_free(rsa); return NULL; } @@ -413,6 +414,7 @@ key_to_string(EVP_PKEY *key) result[buf->length] = 0; BUF_MEM_free(buf); + RSA_free(rsa); return result; } @@ -488,10 +490,13 @@ generate_certificate(void) tor_free(signing); /* Append a cross-certification */ + RSA *rsa = EVP_PKEY_get1_RSA(signing_key); r = RSA_private_encrypt(DIGEST_LEN, (unsigned char*)id_digest, (unsigned char*)signature, - EVP_PKEY_get1_RSA(signing_key), + rsa, RSA_PKCS1_PADDING); + RSA_free(rsa); + signed_len = strlen(buf); base64_encode(buf+signed_len, sizeof(buf)-signed_len, signature, r, BASE64_ENCODE_MULTILINE); @@ -503,10 +508,12 @@ generate_certificate(void) signed_len = strlen(buf); SHA1((const unsigned char*)buf,signed_len,(unsigned char*)digest); + rsa = EVP_PKEY_get1_RSA(identity_key); r = RSA_private_encrypt(DIGEST_LEN, (unsigned char*)digest, (unsigned char*)signature, - EVP_PKEY_get1_RSA(identity_key), + rsa, RSA_PKCS1_PADDING); + RSA_free(rsa); strlcat(buf, "-----BEGIN SIGNATURE-----\n", sizeof(buf)); signed_len = strlen(buf); base64_encode(buf+signed_len, sizeof(buf)-signed_len, signature, r,

1 0

[tor/master] Fix memory leaks that stopped chutney working with asan
by nickm＠torproject.org 28 Mar '16

28 Mar '16

commit 68e663f7771e7f8fe0c171c49becd795e9300ff9 Author: Nick Mathewson <nickm(a)torproject.org> Date: Mon Mar 28 10:24:28 2016 -0400 Fix memory leaks that stopped chutney working with asan --- ChangeLog | 4 ++++ src/or/main.c | 1 + 2 files changed, 5 insertions(+) diff --git a/ChangeLog b/ChangeLog index 3e83610..b4cb455 100644 --- a/ChangeLog +++ b/ChangeLog @@ -255,6 +255,10 @@ Changes in version 0.2.8.2-alpha - 2016-03-28 - Correctly duplicate addresses in get_interface_address6_list. Fixes bug 18454; bugfix on 110765f5 in tor-0.2.8.1-alpha. Reported by "toralf", patch by "cypherpunks". + - Fix a memory leak in tor-gencert. Fixes part of bug 18672; bugfix on + 0.2.0.1-alpha. + - Fix a memory leak in "tor --list-figngerprint". Fixes part of bug + 18672; bugfix on 0.2.0.1-alpha. o Minor bugfixes (private directory): - Prevent a race condition when creating private directories. Fixes diff --git a/src/or/main.c b/src/or/main.c index 26e52d2..a2cf5b1 100644 --- a/src/or/main.c +++ b/src/or/main.c @@ -3245,6 +3245,7 @@ do_list_fingerprint(void) char buf[FINGERPRINT_LEN+1]; crypto_pk_t *k; const char *nickname = get_options()->Nickname; + sandbox_disable_getaddrinfo_cache(); if (!server_mode(get_options())) { log_err(LD_GENERAL, "Clients don't have long-term identity keys. Exiting.");

1 0

[tor/master] reflow changelog
by nickm＠torproject.org 28 Mar '16

28 Mar '16

commit 25a21acd5b88d895a165a9c2c952b7a91fcbcc49 Author: Nick Mathewson <nickm(a)torproject.org> Date: Mon Mar 28 10:24:39 2016 -0400 reflow changelog --- ChangeLog | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index b4cb455..f13c0bf 100644 --- a/ChangeLog +++ b/ChangeLog @@ -255,8 +255,8 @@ Changes in version 0.2.8.2-alpha - 2016-03-28 - Correctly duplicate addresses in get_interface_address6_list. Fixes bug 18454; bugfix on 110765f5 in tor-0.2.8.1-alpha. Reported by "toralf", patch by "cypherpunks". - - Fix a memory leak in tor-gencert. Fixes part of bug 18672; bugfix on - 0.2.0.1-alpha. + - Fix a memory leak in tor-gencert. Fixes part of bug 18672; bugfix + on 0.2.0.1-alpha. - Fix a memory leak in "tor --list-figngerprint". Fixes part of bug 18672; bugfix on 0.2.0.1-alpha.

1 0

[tor/master] Light editing and moving on the changelog
by nickm＠torproject.org 28 Mar '16

28 Mar '16

commit 474b00d9fd8c75e2befcc864aa6b77a811b26c10 Author: Nick Mathewson <nickm(a)torproject.org> Date: Mon Mar 28 09:29:01 2016 -0400 Light editing and moving on the changelog --- ChangeLog | 157 +++++++++++++++++++++++++++++++------------------------------- 1 file changed, 79 insertions(+), 78 deletions(-) diff --git a/ChangeLog b/ChangeLog index 85a9127..48fd79e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,8 @@ Changes in version 0.2.8.2-alpha - 2016-03-?? - Tor 0.2.8.2-alpha is the second alpha in its series. XXXX write more - here XXXX + Tor 0.2.8.2-alpha is the second alpha in its series. It fixes numerous + bugs in earlier versions of Tor, including some that prevented + authorities using Tor 0.2.7 from running correctly. IPv6 and directory + support should also be much improved. o New system requirements: - Tor no longer supports versions of OpenSSL with a broken @@ -11,6 +13,11 @@ Changes in version 0.2.8.2-alpha - 2016-03-?? type is unsigned. (To the best of our knowledge, only OpenVMS does this, and Tor has never actually built on OpenVMS.) Closes ticket 18184. + - Tor now uses Autoconf version 2.63 or later, and Automake 1.11 or + later (released in 2008 and 2009 respectively). If you are + building Tor from the git repository instead of from the source + distribution, and your tools are older than this, you will need to + upgrade. Closes ticket 17732. o Major bugfixes (security, pointers): - Avoid a difficult-to-trigger heap corruption attack when extending @@ -18,6 +25,26 @@ Changes in version 0.2.8.2-alpha - 2016-03-?? bugfix on Tor 0.1.1.11-alpha, which fixed a related bug incompletely. Reported by Guido Vranken. + o Major bugfixes (voting): + - Actually enable Ed25519-based directory collation. Previously, the + code had been written, but some debugging code that had + accidentally been left in the codebase made it stay turned off. + Fixes bug 17702; bugfix on 0.2.7.2-alpha. + - When collating votes by Ed25519 identities, authorities now + include a "NoEdConsensus" flag if the ed25519 value (or lack + thereof) for a server does not reflect the majority consensus. + Related to bug 17668; bugfix on 0.2.7.2-alpha. + - When generating a vote with keypinning disabled, never include two + entries for the same ed25519 identity. This bug was causing + authorities to generate votes that they could not parse when a + router violated key pinning by changing its RSA identity but + keeping its Ed25519 identity. Fixes bug 17668; fixes part of bug + 18318. Bugfix on 0.2.7.2-alpha. + + o Major bugfixes (dns proxy mode, crash): + - Avoid crashing when running as a DNS proxy. Fixes bug 16248; + bugfix on 0.2.0.1-alpha. Patch from 'cypherpunks'. + o Major bugfixes (bridges, pluggable transports): - Modify the check for OR connections to private addresses. Allow bridges on private addresses, including pluggable transports that @@ -31,39 +58,35 @@ Changes in version 0.2.8.2-alpha - 2016-03-?? sanitizer. Fixes bug 14821; bugfix on 0.2.5.4-alpha. o Major bugfixes (crash on shutdown): - - Correctly handle detaching circuits from cmuxes when doing - circuit_free_all() on shutdown. Fixes bug 18116; bugfix + - Fix a segfault during startup: If Unix domain socket was configured as + listener (such as a ControlSocket or a SocksPort "unix:" socket), and + tor was started as root but not configured to switch to another + user, tor would segfault while trying to string compare a NULL + value. Fixes bug 18261; bugfix on 0.2.8.1-alpha. Patch by weasel. + - Correctly handle detaching circuits from muxes when + shutting down. Fixes bug 18116; bugfix on 0.2.8.1-alpha. - Fix an assert-on-exit bug related to counting memory usage in rephist.c. Fixes bug 18651; bugfix on 0.2.8.1-alpha. - o Major bugfixes (dns proxy mode, crash): - - Avoid crashing when running as a DNS proxy. Fixes bug 16248; - bugfix on 0.2.0.1-alpha. Patch from 'cypherpunks'. - o Major bugfixes (relays, bridge clients): - Ensure relays always allow IPv4 OR and Dir connections. Ensure bridge clients use the address configured in the bridge line. Fixes bug 18348; bugfix on 0.2.8.1-alpha. Reported by sysrqb, patch by teor. - o Major bugfixes (voting): - - Actually enable Ed25519-based directory collation. Previously, the - code had been written, but some debugging code that had - accidentally been left in the codebase made it stay turned off. - Fixes bug 17702; bugfix on 0.2.7.2-alpha. - - When collating votes by Ed25519 identities, authorities now - include a "NoEdConsensus" flag if the ed25519 value (or lack - thereof) for a server does not reflect the majority consensus. - Related to bug 17668; bugfix on 0.2.7.2-alpha. - - When generating a vote with keypinning disabled, never include two - entries for the same ed25519 identity. This bug was causing - authorities to generate votes that they could not parse when a - router violated key pinning by changing its RSA identity but - keeping its Ed25519 identity. Fixes bug 17668; fixes part of bug - 18318. Bugfix on 0.2.7.2-alpha. + o Minor features (security, win32): + - Set SO_EXCLUSIVEADDRUSE on Win32 to avoid a local port-stealing + attack. Fixes bug 18123; bugfix on all tor versions. Patch + by "teor". + + o Minor features (hidden service directory): + - Streamline relay-side hsdir handling: when relays consider whether + to accept an uploaded hidden service descriptor, they no longer + check whether they are one of the relays in the network that is + "supposed" to handle that descriptor. Implements ticket 18332. - o Minor feature (IPv6): + o Minor features (IPv6): - Add ClientPreferIPv6DirPort, which is set to 0 by default. If set to 1, tor prefers IPv6 directory addresses. - Add ClientUseIPv4, which is set to 1 by default. If set to 0, tor @@ -93,37 +116,31 @@ Changes in version 0.2.8.2-alpha - 2016-03-?? appropriate locations. Closes ticket 17732. o Minor features (crypto): - - Fix a segfault during startup: If unix socket was configured as - listener (such as a ControlSocket or a SocksPort unix socket), and - tor was started as root but not configured to switch to another - user, tor would segfault while trying to string compare a NULL - value. Fixes bug 18261; bugfix on 0.2.8.1-alpha. Patch by weasel. - - Validate the Diffie-Hellman hard coded parameters and ensure that - p is a safe prime, and g is suitable. Closes ticket 18221. + - Validate the hard-coded Diffie-Hellman parameters and ensure that + p is a safe prime, and g is a suitable generator. Closes ticket 18221. o Minor features (geoip): - Update geoip and geoip6 to the March 3 2016 Maxmind GeoLite2 Country database. o Minor features (linux seccomp2 sandbox): - - Detect and reject attempts to change our Address with "Sandbox 1" + - Reject attempts to change our Address with "Sandbox 1" enabled. Changing Address with Sandbox turned on would never actually work, but previously it would fail in strange and confusing ways. Found while fixing 18548. o Minor features (robustness): - Exit immediately with an error message if the code attempts to use - libevent without having initialized it. This should resolve some + Libevent without having initialized it. This should resolve some frequently-made mistakes in our unit tests. Closes ticket 18241. o Minor features (unix domain sockets): - - Since some operating systems do not consider the actual modes on a - UNIX domain socket itself, tor does not allow creating such a - socket in a directory that is group or world accessible if it is - supposed to be private. Likewise, it will not allow only group - accessible sockets in a world accessible directory. However, on - some operating systems this is unnecessary, so add a per-socket - option called RelaxDirModeCheck. Closes ticket 18458. Patch + - Add a new per-socket option, RelaxDirModeCheck, to allow creating + Unix domain sockets without checking the permissions on the parent + directory. (Tor checks permissions by default because some operating + systems only check permissions on the parent directory. However, some + operating systems do look at permissions on the socket, and tor's default + check is unneeded.) Closes ticket 18458. Patch by weasel. o Minor bugfixes (exit policies, security): @@ -138,15 +155,6 @@ Changes in version 0.2.8.2-alpha - 2016-03-?? 8976; bugfix on b7c172c9e in tor-0.2.3.21. Patch by "dgoulet" and "teor". - o Minor bugfixes (security, win32): - - Set SO_EXCLUSIVEADDRUSE on Win32 to avoid a local port-stealing - attack. Fixes bug 18123; bugfix on all tor versions. Patch - by "teor". - - o Minor bugfixes: - - Bridges now refuse "rendezvous2" (hidden service descriptor) - publish attempts. Suggested by ticket 18332. - o Minor bugfixes (build): - Do not link the unit tests against both the testing and non- testing versions of the static libraries. Fixes bug 18490; bugfix @@ -155,12 +163,15 @@ Changes in version 0.2.8.2-alpha - 2016-03-?? to calling exit(0) in TOR_SEARCH_LIBRARY. Fixes bug 18625; bugfix on 0.2.0.1-alpha. Patch from "cypherpunks". + - Silence spurious clang-scan warnings in the ed25519_donna code by + explicitly initialising some objects. Fixes bug 18384; bugfix on + 0f3eeca9 in 0.2.7.2-alpha. Patch by "teor". - o Minor bugfixes (client): + o Minor bugfixes (client, bootstrap): - Count receipt of new microdescriptors as progress towards - bootstrapping. Now, when a user who has set EntryNodes finishes - bootstrapping, Tor automatically repopulates the guard set based - on this new directory information. Fixes bug 16825; bugfix + bootstrapping. Previously, with EntryNodes set, Tor might not + successfully repopulate the guard set on bootstrapping. + Fixes bug 16825; bugfix on 0.2.3.1-alpha. o Minor bugfixes (code correctness): @@ -185,11 +196,6 @@ Changes in version 0.2.8.2-alpha - 2016-03-?? best to avoid this kind of error, even if there isn't any code that triggers it today. Fixes bug 18570; bugfix on 0.2.4.4-alpha. - o Minor bugfixes (crypto, static analysis): - - Silence spurious clang-scan warnings in the ed25519_donna code by - explicitly initialising some objects. Fixes bug 18384; bugfix on - 0f3eeca9 in 0.2.7.2-alpha. Patch by "teor". - o Minor bugfixes (directory): - When generating a URL for a directory server on an IPv6 address, wrap the IPv6 address in square brackets. Fixes bug 18051; bugfix @@ -201,12 +207,14 @@ Changes in version 0.2.8.2-alpha - 2016-03-?? which supports extrainfo descriptors. Fixes bug 18489; bugfix on 0.2.4.7-alpha. Reported by "atagar", patch by "teor". - o Minor bugfixes (hidden service client): - - Seven very fast consecutive requests to the same .onion address - triggers 7 descriptor fetches. The first six each pick a directory - (there are 6 overall) and the seventh one wasn't able to pick one - which was triggering a close on all current directory connections. - It has been fixed by not closing them if we have pending directory + o Minor bugfixes (hidden service, client): + - Handle the case where the user makes several fast consecutive requests to the same .onion + address. Previously, the first six requests would each trigger a + descriptor fetch, each picking a directory + (there are 6 overall) and the seventh one would fail because no + directories were left, thereby triggering a close on all current directory + connections asking for the hidden service. + The solution here is to not close the directory connections if we have pending directory fetch. Fixes bug 15937; bugfix on tor-0.2.7.1-alpha. o Minor bugfixes (hidden service, control port): @@ -214,18 +222,22 @@ Changes in version 0.2.8.2-alpha - 2016-03-?? both on success or failure. It was previously hardcoded with UNKNOWN. Fixes bug 16023; bugfix on 0.2.7.2-alpha. + o Minor bugfixes (hidden service, directory): + - Bridges now refuse "rendezvous2" (hidden service descriptor) + publish attempts. Suggested by ticket 18332. + o Minor bugfixes (linux seccomp2 sandbox): - Avoid a 10-second delay when starting as a client with "Sandbox 1" enabled and no DNS resolvers configured. This should help TAILS start up faster. Fixes bug 18548; bugfix on 0.2.5.1-alpha. - - Fix the sandbox's interoprability with unix sockets under setuid. + - Fix the sandbox's interoprability with unix domain sockets under setuid. Fixes bug 18253; bugfix on 0.2.8.1-alpha. - Allow the setrlimit syscall, and the prlimit and prlimit64 syscalls, which some libc implementations use under the hood. Fixes bug 15221; bugfix on 0.2.5.1-alpha. o Minor bugfixes (logging): - - When logging information about an unparseable networkstatus vote + - When logging information about an unparsable networkstatus vote or consensus, do not say "vote" when we mean consensus. Fixes bug 18368; bugfix on 0.2.0.8-alpha. - Scrub service in from "unrecognized service ID" log messages. @@ -236,7 +248,7 @@ Changes in version 0.2.8.2-alpha - 2016-03-?? "Christian", patch by "teor". o Minor bugfixes (memory safety): - - Avoid freeing an uninitialised pointer when opening a socket fails + - Avoid freeing an uninitialized pointer when opening a socket fails in get_interface_addresses_ioctl. Fixes bug 18454; bugfix on 9f06ec0c in tor-0.2.3.11-alpha. Reported by "toralf" and "cypherpunks", patch by "teor". @@ -281,23 +293,12 @@ Changes in version 0.2.8.2-alpha - 2016-03-?? - Simplify return types for some crypto functions that can't actually fail. Patch from Hassan Alsibyani. Closes ticket 18259. - o Dependency updates: - - Tor now uses Autoconf version 2.63 or later, and Automake 1.11 or - later (released in 2008 and 2009 respectively). If you are - building Tor from the git repository instead of from the source - distribution, and your tools are older than this, you will need to - upgrade. Closes ticket 17732. - o Documentation: - Change build messages to refer to "Fedora" instead of "Fedora Core", and "dnf" instead of "yum". Closes tickets 18459 and 18426. Patches from "icanhasaccount" and "cypherpunks". o Removed features: - - Streamline relay-side hsdir handling: when relays consider whether - to accept an uploaded hidden service descriptor, they no longer - check whether they are one of the relays in the network that is - "supposed" to handle that descriptor. Implements ticket 18332. - We no longer maintain an internal freelist in memarea.c. Allocators should be good enough to make this code unnecessary, and it's doubtful that it ever had any performance benefit.

1 0

[tor/master] Reflow the 0282 changelog
by nickm＠torproject.org 28 Mar '16

28 Mar '16

commit 54dab73464cd7fbe7341b3531d36a035508b29dd Author: Nick Mathewson <nickm(a)torproject.org> Date: Mon Mar 28 09:29:17 2016 -0400 Reflow the 0282 changelog --- ChangeLog | 150 +++++++++++++++++++++++++++++++------------------------------- 1 file changed, 75 insertions(+), 75 deletions(-) diff --git a/ChangeLog b/ChangeLog index 48fd79e..d1663db 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,7 +1,7 @@ Changes in version 0.2.8.2-alpha - 2016-03-?? Tor 0.2.8.2-alpha is the second alpha in its series. It fixes numerous bugs in earlier versions of Tor, including some that prevented - authorities using Tor 0.2.7 from running correctly. IPv6 and directory + authorities using Tor 0.2.7 from running correctly. IPv6 and directory support should also be much improved. o New system requirements: @@ -25,26 +25,6 @@ Changes in version 0.2.8.2-alpha - 2016-03-?? bugfix on Tor 0.1.1.11-alpha, which fixed a related bug incompletely. Reported by Guido Vranken. - o Major bugfixes (voting): - - Actually enable Ed25519-based directory collation. Previously, the - code had been written, but some debugging code that had - accidentally been left in the codebase made it stay turned off. - Fixes bug 17702; bugfix on 0.2.7.2-alpha. - - When collating votes by Ed25519 identities, authorities now - include a "NoEdConsensus" flag if the ed25519 value (or lack - thereof) for a server does not reflect the majority consensus. - Related to bug 17668; bugfix on 0.2.7.2-alpha. - - When generating a vote with keypinning disabled, never include two - entries for the same ed25519 identity. This bug was causing - authorities to generate votes that they could not parse when a - router violated key pinning by changing its RSA identity but - keeping its Ed25519 identity. Fixes bug 17668; fixes part of bug - 18318. Bugfix on 0.2.7.2-alpha. - - o Major bugfixes (dns proxy mode, crash): - - Avoid crashing when running as a DNS proxy. Fixes bug 16248; - bugfix on 0.2.0.1-alpha. Patch from 'cypherpunks'. - o Major bugfixes (bridges, pluggable transports): - Modify the check for OR connections to private addresses. Allow bridges on private addresses, including pluggable transports that @@ -58,16 +38,20 @@ Changes in version 0.2.8.2-alpha - 2016-03-?? sanitizer. Fixes bug 14821; bugfix on 0.2.5.4-alpha. o Major bugfixes (crash on shutdown): - - Fix a segfault during startup: If Unix domain socket was configured as - listener (such as a ControlSocket or a SocksPort "unix:" socket), and - tor was started as root but not configured to switch to another - user, tor would segfault while trying to string compare a NULL - value. Fixes bug 18261; bugfix on 0.2.8.1-alpha. Patch by weasel. - - Correctly handle detaching circuits from muxes when - shutting down. Fixes bug 18116; bugfix - on 0.2.8.1-alpha. - - Fix an assert-on-exit bug related to counting memory usage - in rephist.c. Fixes bug 18651; bugfix on 0.2.8.1-alpha. + - Fix a segfault during startup: If Unix domain socket was + configured as listener (such as a ControlSocket or a SocksPort + "unix:" socket), and tor was started as root but not configured to + switch to another user, tor would segfault while trying to string + compare a NULL value. Fixes bug 18261; bugfix on 0.2.8.1-alpha. + Patch by weasel. + - Correctly handle detaching circuits from muxes when shutting down. + Fixes bug 18116; bugfix on 0.2.8.1-alpha. + - Fix an assert-on-exit bug related to counting memory usage in + rephist.c. Fixes bug 18651; bugfix on 0.2.8.1-alpha. + + o Major bugfixes (dns proxy mode, crash): + - Avoid crashing when running as a DNS proxy. Fixes bug 16248; + bugfix on 0.2.0.1-alpha. Patch from 'cypherpunks'. o Major bugfixes (relays, bridge clients): - Ensure relays always allow IPv4 OR and Dir connections. Ensure @@ -75,26 +59,27 @@ Changes in version 0.2.8.2-alpha - 2016-03-?? Fixes bug 18348; bugfix on 0.2.8.1-alpha. Reported by sysrqb, patch by teor. + o Major bugfixes (voting): + - Actually enable Ed25519-based directory collation. Previously, the + code had been written, but some debugging code that had + accidentally been left in the codebase made it stay turned off. + Fixes bug 17702; bugfix on 0.2.7.2-alpha. + - When collating votes by Ed25519 identities, authorities now + include a "NoEdConsensus" flag if the ed25519 value (or lack + thereof) for a server does not reflect the majority consensus. + Related to bug 17668; bugfix on 0.2.7.2-alpha. + - When generating a vote with keypinning disabled, never include two + entries for the same ed25519 identity. This bug was causing + authorities to generate votes that they could not parse when a + router violated key pinning by changing its RSA identity but + keeping its Ed25519 identity. Fixes bug 17668; fixes part of bug + 18318. Bugfix on 0.2.7.2-alpha. + o Minor features (security, win32): - Set SO_EXCLUSIVEADDRUSE on Win32 to avoid a local port-stealing attack. Fixes bug 18123; bugfix on all tor versions. Patch by "teor". - o Minor features (hidden service directory): - - Streamline relay-side hsdir handling: when relays consider whether - to accept an uploaded hidden service descriptor, they no longer - check whether they are one of the relays in the network that is - "supposed" to handle that descriptor. Implements ticket 18332. - - o Minor features (IPv6): - - Add ClientPreferIPv6DirPort, which is set to 0 by default. If set - to 1, tor prefers IPv6 directory addresses. - - Add ClientUseIPv4, which is set to 1 by default. If set to 0, tor - avoids using IPv4 for client OR and directory connections. - - Try harder to fulfil IP version restrictions ClientUseIPv4 0 and - ClientUseIPv6 0; and the preferences ClientPreferIPv6ORPort and - ClientPreferIPv6DirPort. Closes ticket 17840; patch by "teor". - o Minor features (bug-resistance): - Make Tor survive errors involving connections without a corresponding event object. Previously we'd fail with an @@ -117,17 +102,33 @@ Changes in version 0.2.8.2-alpha - 2016-03-?? o Minor features (crypto): - Validate the hard-coded Diffie-Hellman parameters and ensure that - p is a safe prime, and g is a suitable generator. Closes ticket 18221. + p is a safe prime, and g is a suitable generator. Closes + ticket 18221. o Minor features (geoip): - Update geoip and geoip6 to the March 3 2016 Maxmind GeoLite2 Country database. + o Minor features (hidden service directory): + - Streamline relay-side hsdir handling: when relays consider whether + to accept an uploaded hidden service descriptor, they no longer + check whether they are one of the relays in the network that is + "supposed" to handle that descriptor. Implements ticket 18332. + + o Minor features (IPv6): + - Add ClientPreferIPv6DirPort, which is set to 0 by default. If set + to 1, tor prefers IPv6 directory addresses. + - Add ClientUseIPv4, which is set to 1 by default. If set to 0, tor + avoids using IPv4 for client OR and directory connections. + - Try harder to fulfil IP version restrictions ClientUseIPv4 0 and + ClientUseIPv6 0; and the preferences ClientPreferIPv6ORPort and + ClientPreferIPv6DirPort. Closes ticket 17840; patch by "teor". + o Minor features (linux seccomp2 sandbox): - - Reject attempts to change our Address with "Sandbox 1" - enabled. Changing Address with Sandbox turned on would never - actually work, but previously it would fail in strange and - confusing ways. Found while fixing 18548. + - Reject attempts to change our Address with "Sandbox 1" enabled. + Changing Address with Sandbox turned on would never actually work, + but previously it would fail in strange and confusing ways. Found + while fixing 18548. o Minor features (robustness): - Exit immediately with an error message if the code attempts to use @@ -137,11 +138,11 @@ Changes in version 0.2.8.2-alpha - 2016-03-?? o Minor features (unix domain sockets): - Add a new per-socket option, RelaxDirModeCheck, to allow creating Unix domain sockets without checking the permissions on the parent - directory. (Tor checks permissions by default because some operating - systems only check permissions on the parent directory. However, some - operating systems do look at permissions on the socket, and tor's default - check is unneeded.) Closes ticket 18458. Patch - by weasel. + directory. (Tor checks permissions by default because some + operating systems only check permissions on the parent directory. + However, some operating systems do look at permissions on the + socket, and tor's default check is unneeded.) Closes ticket 18458. + Patch by weasel. o Minor bugfixes (exit policies, security): - Refresh an exit relay's exit policy when interface addresses @@ -159,10 +160,9 @@ Changes in version 0.2.8.2-alpha - 2016-03-?? - Do not link the unit tests against both the testing and non- testing versions of the static libraries. Fixes bug 18490; bugfix on 0.2.7.1-alpha. - - Avoid spurious failures from configure files related - to calling exit(0) in TOR_SEARCH_LIBRARY. - Fixes bug 18625; bugfix on 0.2.0.1-alpha. - Patch from "cypherpunks". + - Avoid spurious failures from configure files related to calling + exit(0) in TOR_SEARCH_LIBRARY. Fixes bug 18625; bugfix on + 0.2.0.1-alpha. Patch from "cypherpunks". - Silence spurious clang-scan warnings in the ed25519_donna code by explicitly initialising some objects. Fixes bug 18384; bugfix on 0f3eeca9 in 0.2.7.2-alpha. Patch by "teor". @@ -170,9 +170,8 @@ Changes in version 0.2.8.2-alpha - 2016-03-?? o Minor bugfixes (client, bootstrap): - Count receipt of new microdescriptors as progress towards bootstrapping. Previously, with EntryNodes set, Tor might not - successfully repopulate the guard set on bootstrapping. - Fixes bug 16825; bugfix - on 0.2.3.1-alpha. + successfully repopulate the guard set on bootstrapping. Fixes bug + 16825; bugfix on 0.2.3.1-alpha. o Minor bugfixes (code correctness): - Update to the latest version of Trunnel, which tries harder to @@ -208,14 +207,15 @@ Changes in version 0.2.8.2-alpha - 2016-03-?? 0.2.4.7-alpha. Reported by "atagar", patch by "teor". o Minor bugfixes (hidden service, client): - - Handle the case where the user makes several fast consecutive requests to the same .onion - address. Previously, the first six requests would each trigger a - descriptor fetch, each picking a directory - (there are 6 overall) and the seventh one would fail because no - directories were left, thereby triggering a close on all current directory - connections asking for the hidden service. - The solution here is to not close the directory connections if we have pending directory - fetch. Fixes bug 15937; bugfix on tor-0.2.7.1-alpha. + - Handle the case where the user makes several fast consecutive + requests to the same .onion address. Previously, the first six + requests would each trigger a descriptor fetch, each picking a + directory (there are 6 overall) and the seventh one would fail + because no directories were left, thereby triggering a close on + all current directory connections asking for the hidden service. + The solution here is to not close the directory connections if we + have pending directory fetch. Fixes bug 15937; bugfix + on tor-0.2.7.1-alpha. o Minor bugfixes (hidden service, control port): - Add the onion address to the HS_DESC event for the UPLOADED action @@ -230,15 +230,15 @@ Changes in version 0.2.8.2-alpha - 2016-03-?? - Avoid a 10-second delay when starting as a client with "Sandbox 1" enabled and no DNS resolvers configured. This should help TAILS start up faster. Fixes bug 18548; bugfix on 0.2.5.1-alpha. - - Fix the sandbox's interoprability with unix domain sockets under setuid. - Fixes bug 18253; bugfix on 0.2.8.1-alpha. + - Fix the sandbox's interoprability with unix domain sockets under + setuid. Fixes bug 18253; bugfix on 0.2.8.1-alpha. - Allow the setrlimit syscall, and the prlimit and prlimit64 syscalls, which some libc implementations use under the hood. Fixes bug 15221; bugfix on 0.2.5.1-alpha. o Minor bugfixes (logging): - - When logging information about an unparsable networkstatus vote - or consensus, do not say "vote" when we mean consensus. Fixes bug + - When logging information about an unparsable networkstatus vote or + consensus, do not say "vote" when we mean consensus. Fixes bug 18368; bugfix on 0.2.0.8-alpha. - Scrub service in from "unrecognized service ID" log messages. Fixes bug 18600; bugfix on 0.2.4.11-alpha.

1 0

[tor/master] Pick a date
by nickm＠torproject.org 28 Mar '16

28 Mar '16

commit 87ee21c0aeeeb5efb5995464dcb85bc619bce36c Author: Nick Mathewson <nickm(a)torproject.org> Date: Mon Mar 28 09:29:57 2016 -0400 Pick a date --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index d1663db..3e83610 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,4 @@ -Changes in version 0.2.8.2-alpha - 2016-03-?? +Changes in version 0.2.8.2-alpha - 2016-03-28 Tor 0.2.8.2-alpha is the second alpha in its series. It fixes numerous bugs in earlier versions of Tor, including some that prevented authorities using Tor 0.2.7 from running correctly. IPv6 and directory

1 0

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

tor-commits March 2016