tor-commits
Threads by month
- ----- 2025 -----
- June
- May
- April
- March
- February
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
February 2017
- 14 participants
- 1811 discussions
commit 6f3f753c219e5ad2a48ef26d3bf5c42f02c49f1b
Author: Nick Mathewson <nickm(a)torproject.org>
Date: Thu Dec 10 09:50:52 2015 -0500
Reflow and sort the changelog.
---
ChangeLog | 26 +++++++++++++-------------
1 file changed, 13 insertions(+), 13 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 9326673..44e9586 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -10,16 +10,9 @@ Changes in version 0.2.7.6 - 2015-12-10
performance. Fixes bug 17222; bugfix on 0.2.4.8-alpha. Discovered
by Mohsen Imani.
- o Minor bugfixes (correctness):
- - When displaying an IPv6 exit policy, include the mask bits correctly
- even when the number is greater than 31. Fixes bug 16056; bugfix on
- 0.2.4.7-alpha. Patch from "gturner".
- - The wrong list was used when looking up expired intro points in
- a rend service object, causing what we think could be reachability
- issues for hidden services, and triggering a BUG log. Fixes bug
- 16702; bugfix on 0.2.7.2-alpha.
- - Fix undefined behavior in the tor_cert_checksig function. Fixes bug
- 17722; bugfix on 0.2.7.2-alpha.
+ o Minor features (geoip):
+ - Update geoip and geoip6 to the December 1 2015 Maxmind GeoLite2
+ Country database.
o Minor bugfixes (compilation):
- When checking for net/pfvar.h, include netinet/in.h if possible.
@@ -28,9 +21,16 @@ Changes in version 0.2.7.6 - 2015-12-10
- Fix a compilation warning with Clang 3.6: Do not check the
presence of an address which can never be NULL. Fixes bug 17781.
- o Minor features:
- - Update geoip and geoip6 to the December 1 2015 Maxmind GeoLite2
- Country database.
+ o Minor bugfixes (correctness):
+ - When displaying an IPv6 exit policy, include the mask bits
+ correctly even when the number is greater than 31. Fixes bug
+ 16056; bugfix on 0.2.4.7-alpha. Patch from "gturner".
+ - The wrong list was used when looking up expired intro points in a
+ rend service object, causing what we think could be reachability
+ issues for hidden services, and triggering a BUG log. Fixes bug
+ 16702; bugfix on 0.2.7.2-alpha.
+ - Fix undefined behavior in the tor_cert_checksig function. Fixes
+ bug 17722; bugfix on 0.2.7.2-alpha.
Changes in version 0.2.7.5 - 2015-11-20
1
0

28 Feb '17
commit e91bb84a91ff019250f19039c26df4f40c1c7544
Merge: 7a489a6 5446cb8
Author: Nick Mathewson <nickm(a)torproject.org>
Date: Tue Feb 7 09:57:08 2017 -0500
Merge branch 'maint-0.2.6' into maint-0.2.7-redux
maint-0.2.7-redux is an attempt to try to re-create a plausible
maint-0.2.7 branch. I've started from the tor-0.2.7.6, and then I
merged maint-0.2.6 into the branch.
This has produced 2 conflicts: one related to the
rendcommon->rendcache move, and one to the authority refactoring.
changes/19271 | 2 +
changes/bifroest | 3 +
changes/buf-sentinel | 11 +
changes/bug17906 | 4 +
changes/bug18089 | 6 +
changes/bug18162 | 7 +
changes/bug21018 | 11 +
changes/geoip-april2016 | 4 +
changes/geoip-august2016 | 4 +
changes/geoip-december2016 | 4 +
changes/geoip-february2016 | 4 +
changes/geoip-january2016 | 4 +
changes/geoip-january2017 | 4 +
changes/geoip-july2016 | 4 +
changes/geoip-jun2016 | 4 +
changes/geoip-march2016 | 4 +
changes/geoip-may2016 | 4 +
changes/geoip-november2016 | 4 +
changes/geoip-october2016 | 4 +
changes/geoip-september2016 | 4 +
changes/rsa_init_bug | 7 +
src/common/container.c | 37 +-
src/common/crypto.c | 14 +-
src/config/geoip | 65346 ++++++++++++++++++++++++++++++++----------
src/config/geoip6 | 9935 +++++--
src/or/buffers.c | 40 +-
src/or/config.c | 9 +-
src/or/main.c | 1 -
src/or/rendcache.c | 6 +-
src/or/routerparse.c | 6 +-
30 files changed, 57683 insertions(+), 17814 deletions(-)
diff --cc src/or/config.c
index fa860af,233940e..3094a1d
--- a/src/or/config.c
+++ b/src/or/config.c
@@@ -857,41 -841,6 +857,38 @@@ escaped_safe_str(const char *address
return escaped(address);
}
+/** List of default directory authorities */
+
+static const char *default_authorities[] = {
+ "moria1 orport=9101 "
+ "v3ident=D586D18309DED4CD6D57C18FDB97EFA96D330566 "
+ "128.31.0.39:9131 9695 DFC3 5FFE B861 329B 9F1A B04C 4639 7020 CE31",
+ "tor26 orport=443 "
+ "v3ident=14C131DFC5C6F93646BE72FA1401C02A8DF2E8B4 "
+ "86.59.21.38:80 847B 1F85 0344 D787 6491 A548 92F9 0493 4E4E B85D",
+ "dizum orport=443 "
+ "v3ident=E8A9C45EDE6D711294FADF8E7951F4DE6CA56B58 "
+ "194.109.206.212:80 7EA6 EAD6 FD83 083C 538F 4403 8BBF A077 587D D755",
- "Tonga orport=443 bridge "
- "82.94.251.203:80 4A0C CD2D DC79 9508 3D73 F5D6 6710 0C8A 5831 F16D",
++ "Bifroest orport=443 bridge "
++ "37.218.247.217:80 1D8F 3A91 C37C 5D1C 4C19 B1AD 1D0C FBE8 BF72 D8E1",
+ "gabelmoo orport=443 "
+ "v3ident=ED03BB616EB2F60BEC80151114BB25CEF515B226 "
+ "131.188.40.189:80 F204 4413 DAC2 E02E 3D6B CF47 35A1 9BCA 1DE9 7281",
+ "dannenberg orport=443 "
- "v3ident=585769C78764D58426B8B52B6651A5A71137189A "
++ "v3ident=0232AF901C31A04EE9848595AF9BB7620D4C5B2E "
+ "193.23.244.244:80 7BE6 83E6 5D48 1413 21C5 ED92 F075 C553 64AC 7123",
- "urras orport=80 "
- "v3ident=80550987E1D626E3EBA5E5E75A458DE0626D088C "
- "208.83.223.34:443 0AD3 FA88 4D18 F89E EA2D 89C0 1937 9E0E 7FD9 4417",
+ "maatuska orport=80 "
+ "v3ident=49015F787433103580E3B66A1707A00E60F2D15B "
+ "171.25.193.9:443 BD6A 8292 55CB 08E6 6FBE 7D37 4836 3586 E46B 3810",
+ "Faravahar orport=443 "
+ "v3ident=EFCBE720AB3A82B99F9E953CD5BF50F7EEFC7B97 "
+ "154.35.175.225:80 CF6D 0AAF B385 BE71 B8E1 11FC 5CFF 4B47 9237 33BC",
+ "longclaw orport=443 "
+ "v3ident=23D15D965BC35114467363C165C4F724B64B4F66 "
+ "199.254.238.52:80 74A9 1064 6BCE EFBC D2E8 74FC 1DC9 9743 0F96 8145",
+ NULL
+};
+
/** Add the default directory authorities directly into the trusted dir list,
* but only add them insofar as they share bits with <b>type</b>.
* Each authority's bits are restricted to the bits shared with <b>type</b>.
diff --cc src/or/rendcache.c
index d4bdd68,0000000..e7b1ce9
mode 100644,000000..100644
--- a/src/or/rendcache.c
+++ b/src/or/rendcache.c
@@@ -1,898 -1,0 +1,900 @@@
+/* Copyright (c) 2015, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+/**
+ * \file rendcache.c
+ * \brief Hidden service desriptor cache.
+ **/
+
+#include "rendcache.h"
+
+#include "config.h"
+#include "rephist.h"
+#include "routerlist.h"
+#include "routerparse.h"
+
+/** Map from service id (as generated by rend_get_service_id) to
+ * rend_cache_entry_t. */
+static strmap_t *rend_cache = NULL;
+
+/** Map from descriptor id to rend_cache_entry_t; only for hidden service
+ * directories. */
+static digestmap_t *rend_cache_v2_dir = NULL;
+
+/** (Client side only) Map from service id to rend_cache_failure_t. This
+ * cache is used to track intro point(IP) failures so we know when to keep
+ * or discard a new descriptor we just fetched. Here is a description of the
+ * cache behavior.
+ *
+ * Everytime tor discards an IP (ex: receives a NACK), we add an entry to
+ * this cache noting the identity digest of the IP and it's failure type for
+ * the service ID. The reason we indexed this cache by service ID is to
+ * differentiate errors that can occur only for a specific service like a
+ * NACK for instance. It applies for one but maybe not for the others.
+ *
+ * Once a service descriptor is fetched and considered valid, each IP is
+ * looked up in this cache and if present, it is discarded from the fetched
+ * descriptor. At the end, all IP(s) in the cache, for a specific service
+ * ID, that were NOT present in the descriptor are removed from this cache.
+ * Which means that if at least one IP was not in this cache, thus usuable,
+ * it's considered a new descriptor so we keep it. Else, if all IPs were in
+ * this cache, we discard the descriptor as it's considered unsuable.
+ *
+ * Once a descriptor is removed from the rend cache or expires, the entry
+ * in this cache is also removed for the service ID.
+ *
+ * This scheme allows us to not realy on the descriptor's timestamp (which
+ * is rounded down to the hour) to know if we have a newer descriptor. We
+ * only rely on the usability of intro points from an internal state. */
+static strmap_t *rend_cache_failure = NULL;
+
+/** DOCDOC */
+static size_t rend_cache_total_allocation = 0;
+
+/** Initializes the service descriptor cache.
+*/
+void
+rend_cache_init(void)
+{
+ rend_cache = strmap_new();
+ rend_cache_v2_dir = digestmap_new();
+ rend_cache_failure = strmap_new();
+}
+
+/** Return the approximate number of bytes needed to hold <b>e</b>. */
+static size_t
+rend_cache_entry_allocation(const rend_cache_entry_t *e)
+{
+ if (!e)
+ return 0;
+
+ /* This doesn't count intro_nodes or key size */
+ return sizeof(*e) + e->len + sizeof(*e->parsed);
+}
+
+/** DOCDOC */
+size_t
+rend_cache_get_total_allocation(void)
+{
+ return rend_cache_total_allocation;
+}
+
+/** Decrement the total bytes attributed to the rendezvous cache by n. */
+static void
+rend_cache_decrement_allocation(size_t n)
+{
+ static int have_underflowed = 0;
+
+ if (rend_cache_total_allocation >= n) {
+ rend_cache_total_allocation -= n;
+ } else {
+ rend_cache_total_allocation = 0;
+ if (! have_underflowed) {
+ have_underflowed = 1;
+ log_warn(LD_BUG, "Underflow in rend_cache_decrement_allocation");
+ }
+ }
+}
+
+/** Increase the total bytes attributed to the rendezvous cache by n. */
+static void
+rend_cache_increment_allocation(size_t n)
+{
+ static int have_overflowed = 0;
+ if (rend_cache_total_allocation <= SIZE_MAX - n) {
+ rend_cache_total_allocation += n;
+ } else {
+ rend_cache_total_allocation = SIZE_MAX;
+ if (! have_overflowed) {
+ have_overflowed = 1;
+ log_warn(LD_BUG, "Overflow in rend_cache_increment_allocation");
+ }
+ }
+}
+
+/** Helper: free a rend cache failure intro object. */
+static void
+rend_cache_failure_intro_entry_free(rend_cache_failure_intro_t *entry)
+{
+ if (entry == NULL) {
+ return;
+ }
+ tor_free(entry);
+}
+
+static void
+rend_cache_failure_intro_entry_free_(void *entry)
+{
+ rend_cache_failure_intro_entry_free(entry);
+}
+
+/** Allocate a rend cache failure intro object and return it. <b>failure</b>
+ * is set into the object. This function can not fail. */
+static rend_cache_failure_intro_t *
+rend_cache_failure_intro_entry_new(rend_intro_point_failure_t failure)
+{
+ rend_cache_failure_intro_t *entry = tor_malloc(sizeof(*entry));
+ entry->failure_type = failure;
+ entry->created_ts = time(NULL);
+ return entry;
+}
+
+/** Helper: free a rend cache failure object. */
+static void
+rend_cache_failure_entry_free(rend_cache_failure_t *entry)
+{
+ if (entry == NULL) {
+ return;
+ }
+
+ /* Free and remove every intro failure object. */
+ digestmap_free(entry->intro_failures,
+ rend_cache_failure_intro_entry_free_);
+
+ tor_free(entry);
+}
+
+/** Helper: deallocate a rend_cache_failure_t. (Used with strmap_free(),
+ * which requires a function pointer whose argument is void*). */
+static void
+rend_cache_failure_entry_free_(void *entry)
+{
+ rend_cache_failure_entry_free(entry);
+}
+
+/** Allocate a rend cache failure object and return it. This function can
+ * not fail. */
+static rend_cache_failure_t *
+rend_cache_failure_entry_new(void)
+{
+ rend_cache_failure_t *entry = tor_malloc(sizeof(*entry));
+ entry->intro_failures = digestmap_new();
+ return entry;
+}
+
+/** Remove failure cache entry for the service ID in the given descriptor
+ * <b>desc</b>. */
+static void
+rend_cache_failure_remove(rend_service_descriptor_t *desc)
+{
+ char service_id[REND_SERVICE_ID_LEN_BASE32 + 1];
+ rend_cache_failure_t *entry;
+
+ if (desc == NULL) {
+ return;
+ }
+ if (rend_get_service_id(desc->pk, service_id) < 0) {
+ return;
+ }
+ entry = strmap_get_lc(rend_cache_failure, service_id);
+ if (entry != NULL) {
+ strmap_remove_lc(rend_cache_failure, service_id);
+ rend_cache_failure_entry_free(entry);
+ }
+}
+
+/** Helper: free storage held by a single service descriptor cache entry. */
+static void
+rend_cache_entry_free(rend_cache_entry_t *e)
+{
+ if (!e)
+ return;
+ rend_cache_decrement_allocation(rend_cache_entry_allocation(e));
+ /* We are about to remove a descriptor from the cache so remove the entry
+ * in the failure cache. */
+ rend_cache_failure_remove(e->parsed);
+ rend_service_descriptor_free(e->parsed);
+ tor_free(e->desc);
+ tor_free(e);
+}
+
+/** Helper: deallocate a rend_cache_entry_t. (Used with strmap_free(), which
+ * requires a function pointer whose argument is void*). */
+static void
+rend_cache_entry_free_(void *p)
+{
+ rend_cache_entry_free(p);
+}
+
+/** Free all storage held by the service descriptor cache. */
+void
+rend_cache_free_all(void)
+{
+ strmap_free(rend_cache, rend_cache_entry_free_);
+ digestmap_free(rend_cache_v2_dir, rend_cache_entry_free_);
+ strmap_free(rend_cache_failure, rend_cache_failure_entry_free_);
+ rend_cache = NULL;
+ rend_cache_v2_dir = NULL;
+ rend_cache_failure = NULL;
+ rend_cache_total_allocation = 0;
+}
+
+/** Remove all entries that re REND_CACHE_FAILURE_MAX_AGE old. This is
+ * called every second.
+ *
+ * We have to clean these regurlarly else if for whatever reasons an hidden
+ * service goes offline and a client tries to connect to it during that
+ * time, a failure entry is created and the client will be unable to connect
+ * for a while even though the service has return online. */
+void
+rend_cache_failure_clean(time_t now)
+{
+ time_t cutoff = now - REND_CACHE_FAILURE_MAX_AGE;
+ STRMAP_FOREACH_MODIFY(rend_cache_failure, key,
+ rend_cache_failure_t *, ent) {
+ /* Free and remove every intro failure object that match the cutoff. */
+ DIGESTMAP_FOREACH_MODIFY(ent->intro_failures, ip_key,
+ rend_cache_failure_intro_t *, ip_ent) {
+ if (ip_ent->created_ts < cutoff) {
+ rend_cache_failure_intro_entry_free(ip_ent);
+ MAP_DEL_CURRENT(ip_key);
+ }
+ } DIGESTMAP_FOREACH_END;
+ /* If the entry is now empty of intro point failures, remove it. */
+ if (digestmap_isempty(ent->intro_failures)) {
+ rend_cache_failure_entry_free(ent);
+ MAP_DEL_CURRENT(key);
+ }
+ } STRMAP_FOREACH_END;
+}
+
+/** Removes all old entries from the service descriptor cache.
+*/
+void
+rend_cache_clean(time_t now)
+{
+ strmap_iter_t *iter;
+ const char *key;
+ void *val;
+ rend_cache_entry_t *ent;
+ time_t cutoff = now - REND_CACHE_MAX_AGE - REND_CACHE_MAX_SKEW;
+ for (iter = strmap_iter_init(rend_cache); !strmap_iter_done(iter); ) {
+ strmap_iter_get(iter, &key, &val);
+ ent = (rend_cache_entry_t*)val;
+ if (ent->parsed->timestamp < cutoff) {
+ iter = strmap_iter_next_rmv(rend_cache, iter);
+ rend_cache_entry_free(ent);
+ } else {
+ iter = strmap_iter_next(rend_cache, iter);
+ }
+ }
+}
+
+/** Remove ALL entries from the rendezvous service descriptor cache.
+*/
+void
+rend_cache_purge(void)
+{
+ if (rend_cache) {
+ log_info(LD_REND, "Purging HS descriptor cache");
+ strmap_free(rend_cache, rend_cache_entry_free_);
+ }
+ rend_cache = strmap_new();
+}
+
+/** Remove ALL entries from the failure cache. This is also called when a
+ * NEWNYM signal is received. */
+void
+rend_cache_failure_purge(void)
+{
+ if (rend_cache_failure) {
+ log_info(LD_REND, "Purging HS failure cache");
+ strmap_free(rend_cache_failure, rend_cache_failure_entry_free_);
+ }
+ rend_cache_failure = strmap_new();
+}
+
+/** Lookup the rend failure cache using a relay identity digest in
+ * <b>identity</b> and service ID <b>service_id</b>. If found, the intro
+ * failure is set in <b>intro_entry</b> else it stays untouched. Return 1
+ * iff found else 0. */
+static int
+cache_failure_intro_lookup(const uint8_t *identity, const char *service_id,
+ rend_cache_failure_intro_t **intro_entry)
+{
+ rend_cache_failure_t *elem;
+ rend_cache_failure_intro_t *intro_elem;
+
+ tor_assert(rend_cache_failure);
+
+ if (intro_entry) {
+ *intro_entry = NULL;
+ }
+
+ /* Lookup descriptor and return it. */
+ elem = strmap_get_lc(rend_cache_failure, service_id);
+ if (elem == NULL) {
+ goto not_found;
+ }
+ intro_elem = digestmap_get(elem->intro_failures, (char *) identity);
+ if (intro_elem == NULL) {
+ goto not_found;
+ }
+ if (intro_entry) {
+ *intro_entry = intro_elem;
+ }
+ return 1;
+ not_found:
+ return 0;
+}
+
+/** Allocate a new cache failure intro object and copy the content from
+ * <b>entry</b> to this newly allocated object. Return it. */
+static rend_cache_failure_intro_t *
+cache_failure_intro_dup(const rend_cache_failure_intro_t *entry)
+{
+ rend_cache_failure_intro_t *ent_dup =
+ rend_cache_failure_intro_entry_new(entry->failure_type);
+ ent_dup->created_ts = entry->created_ts;
+ return ent_dup;
+}
+
+/** Add an intro point failure to the failure cache using the relay
+ * <b>identity</b> and service ID <b>service_id</b>. Record the
+ * <b>failure</b> in that object. */
+static void
+cache_failure_intro_add(const uint8_t *identity, const char *service_id,
+ rend_intro_point_failure_t failure)
+{
+ rend_cache_failure_t *fail_entry;
+ rend_cache_failure_intro_t *entry, *old_entry;
+
+ /* Make sure we have a failure object for this service ID and if not,
+ * create it with this new intro failure entry. */
+ fail_entry = strmap_get_lc(rend_cache_failure, service_id);
+ if (fail_entry == NULL) {
+ fail_entry = rend_cache_failure_entry_new();
+ /* Add failure entry to global rend failure cache. */
+ strmap_set_lc(rend_cache_failure, service_id, fail_entry);
+ }
+ entry = rend_cache_failure_intro_entry_new(failure);
+ old_entry = digestmap_set(fail_entry->intro_failures,
+ (char *) identity, entry);
+ /* This _should_ be NULL, but in case it isn't, free it. */
+ rend_cache_failure_intro_entry_free(old_entry);
+}
+
+/** Using a parsed descriptor <b>desc</b>, check if the introduction points
+ * are present in the failure cache and if so they are removed from the
+ * descriptor and kept into the failure cache. Then, each intro points that
+ * are NOT in the descriptor but in the failure cache for the given
+ * <b>service_id</b> are removed from the failure cache. */
+static void
+validate_intro_point_failure(const rend_service_descriptor_t *desc,
+ const char *service_id)
+{
+ rend_cache_failure_t *new_entry, *cur_entry;
+ /* New entry for the service ID that will be replacing the one in the
+ * failure cache since we have a new descriptor. In the case where all
+ * intro points are removed, we are assured that the new entry is the same
+ * as the current one. */
+ new_entry = tor_malloc(sizeof(*new_entry));
+ new_entry->intro_failures = digestmap_new();
+
+ tor_assert(desc);
+
+ SMARTLIST_FOREACH_BEGIN(desc->intro_nodes, rend_intro_point_t *, intro) {
+ int found;
+ rend_cache_failure_intro_t *entry;
+ const uint8_t *identity =
+ (uint8_t *) intro->extend_info->identity_digest;
+
+ found = cache_failure_intro_lookup(identity, service_id, &entry);
+ if (found) {
+ /* Dup here since it will be freed at the end when removing the
+ * original entry in the cache. */
+ rend_cache_failure_intro_t *ent_dup = cache_failure_intro_dup(entry);
+ /* This intro point is in our cache, discard it from the descriptor
+ * because chances are that it's unusable. */
+ SMARTLIST_DEL_CURRENT(desc->intro_nodes, intro);
+ /* Keep it for our new entry. */
+ digestmap_set(new_entry->intro_failures, (char *) identity, ent_dup);
+ /* Only free it when we're done looking at it. */
+ rend_intro_point_free(intro);
+ continue;
+ }
+ } SMARTLIST_FOREACH_END(intro);
+
+ /* Swap the failure entry in the cache and free the current one. */
+ cur_entry = strmap_get_lc(rend_cache_failure, service_id);
+ if (cur_entry != NULL) {
+ rend_cache_failure_entry_free(cur_entry);
+ }
+ strmap_set_lc(rend_cache_failure, service_id, new_entry);
+}
+
+/** Note down an intro failure in the rend failure cache using the type of
+ * failure in <b>failure</b> for the relay identity digest in
+ * <b>identity</b> and service ID <b>service_id</b>. If an entry already
+ * exists in the cache, the failure type is changed with <b>failure</b>. */
+void
+rend_cache_intro_failure_note(rend_intro_point_failure_t failure,
+ const uint8_t *identity,
+ const char *service_id)
+{
+ int found;
+ rend_cache_failure_intro_t *entry;
+
+ found = cache_failure_intro_lookup(identity, service_id, &entry);
+ if (!found) {
+ cache_failure_intro_add(identity, service_id, failure);
+ } else {
+ /* Replace introduction point failure with this one. */
+ entry->failure_type = failure;
+ }
+}
+
+/** Remove all old v2 descriptors and those for which this hidden service
+ * directory is not responsible for any more.
+ *
+ * If at all possible, remove at least <b>force_remove</b> bytes of data.
+ */
+void
+rend_cache_clean_v2_descs_as_dir(time_t now, size_t force_remove)
+{
+ digestmap_iter_t *iter;
+ time_t cutoff = now - REND_CACHE_MAX_AGE - REND_CACHE_MAX_SKEW;
+ const int LAST_SERVED_CUTOFF_STEP = 1800;
+ time_t last_served_cutoff = cutoff;
+ size_t bytes_removed = 0;
+ do {
+ for (iter = digestmap_iter_init(rend_cache_v2_dir);
+ !digestmap_iter_done(iter); ) {
+ const char *key;
+ void *val;
+ rend_cache_entry_t *ent;
+ digestmap_iter_get(iter, &key, &val);
+ ent = val;
+ if (ent->parsed->timestamp < cutoff ||
+ ent->last_served < last_served_cutoff ||
+ !hid_serv_responsible_for_desc_id(key)) {
+ char key_base32[REND_DESC_ID_V2_LEN_BASE32 + 1];
+ base32_encode(key_base32, sizeof(key_base32), key, DIGEST_LEN);
+ log_info(LD_REND, "Removing descriptor with ID '%s' from cache",
+ safe_str_client(key_base32));
+ bytes_removed += rend_cache_entry_allocation(ent);
+ iter = digestmap_iter_next_rmv(rend_cache_v2_dir, iter);
+ rend_cache_entry_free(ent);
+ } else {
+ iter = digestmap_iter_next(rend_cache_v2_dir, iter);
+ }
+ }
+
+ /* In case we didn't remove enough bytes, advance the cutoff a little. */
+ last_served_cutoff += LAST_SERVED_CUTOFF_STEP;
+ if (last_served_cutoff > now)
+ break;
+ } while (bytes_removed < force_remove);
+}
+
+/** Lookup in the client cache the given service ID <b>query</b> for
+ * <b>version</b>.
+ *
+ * Return 0 if found and if <b>e</b> is non NULL, set it with the entry
+ * found. Else, a negative value is returned and <b>e</b> is untouched.
+ * -EINVAL means that <b>query</b> is not a valid service id.
+ * -ENOENT means that no entry in the cache was found. */
+int
+rend_cache_lookup_entry(const char *query, int version, rend_cache_entry_t **e)
+{
+ int ret = 0;
+ char key[REND_SERVICE_ID_LEN_BASE32 + 2]; /* <version><query>\0 */
+ rend_cache_entry_t *entry = NULL;
+ static const int default_version = 2;
+
+ tor_assert(rend_cache);
+ tor_assert(query);
+
+ if (!rend_valid_service_id(query)) {
+ ret = -EINVAL;
+ goto end;
+ }
+
+ switch (version) {
+ case 0:
+ log_warn(LD_REND, "Cache lookup of a v0 renddesc is deprecated.");
+ break;
+ case 2:
+ /* Default is version 2. */
+ default:
+ tor_snprintf(key, sizeof(key), "%d%s", default_version, query);
+ entry = strmap_get_lc(rend_cache, key);
+ break;
+ }
+ if (!entry) {
+ ret = -ENOENT;
+ goto end;
+ }
+ tor_assert(entry->parsed && entry->parsed->intro_nodes);
+
+ if (e) {
+ *e = entry;
+ }
+
+ end:
+ return ret;
+}
+
+/** Lookup the v2 service descriptor with base32-encoded <b>desc_id</b> and
+ * copy the pointer to it to *<b>desc</b>. Return 1 on success, 0 on
+ * well-formed-but-not-found, and -1 on failure.
+ */
+int
+rend_cache_lookup_v2_desc_as_dir(const char *desc_id, const char **desc)
+{
+ rend_cache_entry_t *e;
+ char desc_id_digest[DIGEST_LEN];
+ tor_assert(rend_cache_v2_dir);
+ if (base32_decode(desc_id_digest, DIGEST_LEN,
+ desc_id, REND_DESC_ID_V2_LEN_BASE32) < 0) {
+ log_fn(LOG_PROTOCOL_WARN, LD_REND,
+ "Rejecting v2 rendezvous descriptor request -- descriptor ID "
+ "contains illegal characters: %s",
+ safe_str(desc_id));
+ return -1;
+ }
+ /* Lookup descriptor and return. */
+ e = digestmap_get(rend_cache_v2_dir, desc_id_digest);
+ if (e) {
+ *desc = e->desc;
+ e->last_served = approx_time();
+ return 1;
+ }
+ return 0;
+}
+
+/** Parse the v2 service descriptor(s) in <b>desc</b> and store it/them to the
+ * local rend cache. Don't attempt to decrypt the included list of introduction
+ * points (as we don't have a descriptor cookie for it).
+ *
+ * If we have a newer descriptor with the same ID, ignore this one.
+ * If we have an older descriptor with the same ID, replace it.
+ *
+ * Return an appropriate rend_cache_store_status_t.
+ */
+rend_cache_store_status_t
+rend_cache_store_v2_desc_as_dir(const char *desc)
+{
+ const or_options_t *options = get_options();
+ rend_service_descriptor_t *parsed;
+ char desc_id[DIGEST_LEN];
+ char *intro_content;
+ size_t intro_size;
+ size_t encoded_size;
+ char desc_id_base32[REND_DESC_ID_V2_LEN_BASE32 + 1];
+ int number_parsed = 0, number_stored = 0;
+ const char *current_desc = desc;
+ const char *next_desc;
+ rend_cache_entry_t *e;
+ time_t now = time(NULL);
+ tor_assert(rend_cache_v2_dir);
+ tor_assert(desc);
+ if (!hid_serv_acting_as_directory()) {
+ /* Cannot store descs, because we are (currently) not acting as
+ * hidden service directory. */
+ log_info(LD_REND, "Cannot store descs: Not acting as hs dir");
+ return RCS_NOTDIR;
+ }
+ while (rend_parse_v2_service_descriptor(&parsed, desc_id, &intro_content,
+ &intro_size, &encoded_size,
+ &next_desc, current_desc, 1) >= 0) {
+ number_parsed++;
+ /* We don't care about the introduction points. */
+ tor_free(intro_content);
+ /* For pretty log statements. */
+ base32_encode(desc_id_base32, sizeof(desc_id_base32),
+ desc_id, DIGEST_LEN);
+ /* Is desc ID in the range that we are (directly or indirectly) responsible
+ * for? */
+ if (!hid_serv_responsible_for_desc_id(desc_id)) {
+ log_info(LD_REND, "Service descriptor with desc ID %s is not in "
+ "interval that we are responsible for.",
+ safe_str_client(desc_id_base32));
+ goto skip;
+ }
+ /* Is descriptor too old? */
+ if (parsed->timestamp < now - REND_CACHE_MAX_AGE-REND_CACHE_MAX_SKEW) {
+ log_info(LD_REND, "Service descriptor with desc ID %s is too old.",
+ safe_str(desc_id_base32));
+ goto skip;
+ }
+ /* Is descriptor too far in the future? */
+ if (parsed->timestamp > now + REND_CACHE_MAX_SKEW) {
+ log_info(LD_REND, "Service descriptor with desc ID %s is too far in the "
+ "future.",
+ safe_str(desc_id_base32));
+ goto skip;
+ }
+ /* Do we already have a newer descriptor? */
+ e = digestmap_get(rend_cache_v2_dir, desc_id);
+ if (e && e->parsed->timestamp > parsed->timestamp) {
+ log_info(LD_REND, "We already have a newer service descriptor with the "
+ "same desc ID %s and version.",
+ safe_str(desc_id_base32));
+ goto skip;
+ }
+ /* Do we already have this descriptor? */
+ if (e && !strcmp(desc, e->desc)) {
+ log_info(LD_REND, "We already have this service descriptor with desc "
+ "ID %s.", safe_str(desc_id_base32));
+ goto skip;
+ }
+ /* Store received descriptor. */
+ if (!e) {
+ e = tor_malloc_zero(sizeof(rend_cache_entry_t));
+ digestmap_set(rend_cache_v2_dir, desc_id, e);
+ /* Treat something just uploaded as having been served a little
+ * while ago, so that flooding with new descriptors doesn't help
+ * too much.
+ */
+ e->last_served = approx_time() - 3600;
+ } else {
+ rend_cache_decrement_allocation(rend_cache_entry_allocation(e));
+ rend_service_descriptor_free(e->parsed);
+ tor_free(e->desc);
+ }
+ e->parsed = parsed;
+ e->desc = tor_strndup(current_desc, encoded_size);
+ e->len = encoded_size;
+ rend_cache_increment_allocation(rend_cache_entry_allocation(e));
+ log_info(LD_REND, "Successfully stored service descriptor with desc ID "
+ "'%s' and len %d.",
+ safe_str(desc_id_base32), (int)encoded_size);
+
+ /* Statistics: Note down this potentially new HS. */
+ if (options->HiddenServiceStatistics) {
+ rep_hist_stored_maybe_new_hs(e->parsed->pk);
+ }
+
+ number_stored++;
+ goto advance;
+ skip:
+ rend_service_descriptor_free(parsed);
+ advance:
+ /* advance to next descriptor, if available. */
+ current_desc = next_desc;
+ /* check if there is a next descriptor. */
+ if (!current_desc ||
+ strcmpstart(current_desc, "rendezvous-service-descriptor "))
+ break;
+ }
+ if (!number_parsed) {
+ log_info(LD_REND, "Could not parse any descriptor.");
+ return RCS_BADDESC;
+ }
+ log_info(LD_REND, "Parsed %d and added %d descriptor%s.",
+ number_parsed, number_stored, number_stored != 1 ? "s" : "");
+ return RCS_OKAY;
+}
+
+/** Parse the v2 service descriptor in <b>desc</b>, decrypt the included list
+ * of introduction points with <b>descriptor_cookie</b> (which may also be
+ * <b>NULL</b> if decryption is not necessary), and store the descriptor to
+ * the local cache under its version and service id.
+ *
+ * If we have a newer v2 descriptor with the same ID, ignore this one.
+ * If we have an older descriptor with the same ID, replace it.
+ * If the descriptor's service ID does not match
+ * <b>rend_query</b>-\>onion_address, reject it.
+ *
+ * If the descriptor's descriptor ID doesn't match <b>desc_id_base32</b>,
+ * reject it.
+ *
+ * Return an appropriate rend_cache_store_status_t. If entry is not NULL,
+ * set it with the cache entry pointer of the descriptor.
+ */
+rend_cache_store_status_t
+rend_cache_store_v2_desc_as_client(const char *desc,
+ const char *desc_id_base32,
+ const rend_data_t *rend_query,
+ rend_cache_entry_t **entry)
+{
+ /*XXXX this seems to have a bit of duplicate code with
+ * rend_cache_store_v2_desc_as_dir(). Fix that. */
+ /* Though having similar elements, both functions were separated on
+ * purpose:
+ * - dirs don't care about encoded/encrypted introduction points, clients
+ * do.
+ * - dirs store descriptors in a separate cache by descriptor ID, whereas
+ * clients store them by service ID; both caches are different data
+ * structures and have different access methods.
+ * - dirs store a descriptor only if they are responsible for its ID,
+ * clients do so in every way (because they have requested it before).
+ * - dirs can process multiple concatenated descriptors which is required
+ * for replication, whereas clients only accept a single descriptor.
+ * Thus, combining both methods would result in a lot of if statements
+ * which probably would not improve, but worsen code readability. -KL */
+ rend_service_descriptor_t *parsed = NULL;
+ char desc_id[DIGEST_LEN];
+ char *intro_content = NULL;
+ size_t intro_size;
+ size_t encoded_size;
+ const char *next_desc;
+ time_t now = time(NULL);
+ char key[REND_SERVICE_ID_LEN_BASE32+2];
+ char service_id[REND_SERVICE_ID_LEN_BASE32+1];
+ char want_desc_id[DIGEST_LEN];
+ rend_cache_entry_t *e;
+ rend_cache_store_status_t retval = RCS_BADDESC;
+ tor_assert(rend_cache);
+ tor_assert(desc);
+ tor_assert(desc_id_base32);
+ memset(want_desc_id, 0, sizeof(want_desc_id));
+ if (entry) {
+ *entry = NULL;
+ }
+ if (base32_decode(want_desc_id, sizeof(want_desc_id),
+ desc_id_base32, strlen(desc_id_base32)) != 0) {
+ log_warn(LD_BUG, "Couldn't decode base32 %s for descriptor id.",
+ escaped_safe_str_client(desc_id_base32));
+ goto err;
+ }
+ /* Parse the descriptor. */
+ if (rend_parse_v2_service_descriptor(&parsed, desc_id, &intro_content,
+ &intro_size, &encoded_size,
+ &next_desc, desc, 0) < 0) {
+ log_warn(LD_REND, "Could not parse descriptor.");
+ goto err;
+ }
+ /* Compute service ID from public key. */
+ if (rend_get_service_id(parsed->pk, service_id)<0) {
+ log_warn(LD_REND, "Couldn't compute service ID.");
+ goto err;
+ }
+ if (rend_query->onion_address[0] != '\0' &&
+ strcmp(rend_query->onion_address, service_id)) {
+ log_warn(LD_REND, "Received service descriptor for service ID %s; "
+ "expected descriptor for service ID %s.",
+ service_id, safe_str(rend_query->onion_address));
+ goto err;
+ }
+ if (tor_memneq(desc_id, want_desc_id, DIGEST_LEN)) {
+ log_warn(LD_REND, "Received service descriptor for %s with incorrect "
+ "descriptor ID.", service_id);
+ goto err;
+ }
+
+ /* Decode/decrypt introduction points. */
+ if (intro_content && intro_size > 0) {
+ int n_intro_points;
+ if (rend_query->auth_type != REND_NO_AUTH &&
+ !tor_mem_is_zero(rend_query->descriptor_cookie,
+ sizeof(rend_query->descriptor_cookie))) {
+ char *ipos_decrypted = NULL;
+ size_t ipos_decrypted_size;
+ if (rend_decrypt_introduction_points(&ipos_decrypted,
+ &ipos_decrypted_size,
+ rend_query->descriptor_cookie,
+ intro_content,
+ intro_size) < 0) {
+ log_warn(LD_REND, "Failed to decrypt introduction points. We are "
+ "probably unable to parse the encoded introduction points.");
+ } else {
+ /* Replace encrypted with decrypted introduction points. */
+ log_info(LD_REND, "Successfully decrypted introduction points.");
+ tor_free(intro_content);
+ intro_content = ipos_decrypted;
+ intro_size = ipos_decrypted_size;
+ }
+ }
+ n_intro_points = rend_parse_introduction_points(parsed, intro_content,
+ intro_size);
+ if (n_intro_points <= 0) {
+ log_warn(LD_REND, "Failed to parse introduction points. Either the "
- "service has published a corrupt descriptor or you have "
- "provided invalid authorization data.");
++ "service has published a corrupt descriptor, or you have "
++ "provided invalid authorization data, or (maybe!) the "
++ "server is deliberately serving broken data in an attempt "
++ "to crash you with bug 21018.");
+ goto err;
+ } else if (n_intro_points > MAX_INTRO_POINTS) {
+ log_warn(LD_REND, "Found too many introduction points on a hidden "
+ "service descriptor for %s. This is probably a (misguided) "
+ "attempt to improve reliability, but it could also be an "
+ "attempt to do a guard enumeration attack. Rejecting.",
+ safe_str_client(service_id));
+
+ goto err;
+ }
+ } else {
+ log_info(LD_REND, "Descriptor does not contain any introduction points.");
+ parsed->intro_nodes = smartlist_new();
+ }
+ /* We don't need the encoded/encrypted introduction points any longer. */
+ tor_free(intro_content);
+ /* Is descriptor too old? */
+ if (parsed->timestamp < now - REND_CACHE_MAX_AGE-REND_CACHE_MAX_SKEW) {
+ log_warn(LD_REND, "Service descriptor with service ID %s is too old.",
+ safe_str_client(service_id));
+ goto err;
+ }
+ /* Is descriptor too far in the future? */
+ if (parsed->timestamp > now + REND_CACHE_MAX_SKEW) {
+ log_warn(LD_REND, "Service descriptor with service ID %s is too far in "
+ "the future.", safe_str_client(service_id));
+ goto err;
+ }
+ /* Do we have the same exact copy already in our cache? */
+ tor_snprintf(key, sizeof(key), "2%s", service_id);
+ e = (rend_cache_entry_t*) strmap_get_lc(rend_cache, key);
+ if (e && !strcmp(desc, e->desc)) {
+ log_info(LD_REND,"We already have this service descriptor %s.",
+ safe_str_client(service_id));
+ goto okay;
+ }
+ /* Verify that we are not replacing an older descriptor. It's important to
+ * avoid an evil HSDir serving old descriptor. We validate if the
+ * timestamp is greater than and not equal because it's a rounded down
+ * timestamp to the hour so if the descriptor changed in the same hour,
+ * the rend cache failure will tells us if we have a new descriptor. */
+ if (e && e->parsed->timestamp > parsed->timestamp) {
+ log_info(LD_REND, "We already have a new enough service descriptor for "
+ "service ID %s with the same desc ID and version.",
+ safe_str_client(service_id));
+ goto okay;
+ }
+ /* Lookup our failure cache for intro point that might be unsuable. */
+ validate_intro_point_failure(parsed, service_id);
+ /* It's now possible that our intro point list is empty, this means that
+ * this descriptor is useless to us because intro points have all failed
+ * somehow before. Discard the descriptor. */
+ if (smartlist_len(parsed->intro_nodes) == 0) {
+ log_info(LD_REND, "Service descriptor with service ID %s, every "
+ "intro points are unusable. Discarding it.",
+ safe_str_client(service_id));
+ goto err;
+ }
+ /* Now either purge the current one and replace it's content or create a
+ * new one and add it to the rend cache. */
+ if (!e) {
+ e = tor_malloc_zero(sizeof(rend_cache_entry_t));
+ strmap_set_lc(rend_cache, key, e);
+ } else {
+ rend_cache_decrement_allocation(rend_cache_entry_allocation(e));
+ rend_cache_failure_remove(e->parsed);
+ rend_service_descriptor_free(e->parsed);
+ tor_free(e->desc);
+ }
+ e->parsed = parsed;
+ e->desc = tor_malloc_zero(encoded_size + 1);
+ strlcpy(e->desc, desc, encoded_size + 1);
+ e->len = encoded_size;
+ rend_cache_increment_allocation(rend_cache_entry_allocation(e));
+ log_debug(LD_REND,"Successfully stored rend desc '%s', len %d.",
+ safe_str_client(service_id), (int)encoded_size);
+ if (entry) {
+ *entry = e;
+ }
+ return RCS_OKAY;
+
+ okay:
+ if (entry) {
+ *entry = e;
+ }
+ retval = RCS_OKAY;
+
+ err:
+ rend_service_descriptor_free(parsed);
+ tor_free(intro_content);
+ return retval;
+}
+
1
0
commit 5b60bd84f258af4bcf6a993bce76ad382a99ec91
Author: Nick Mathewson <nickm(a)torproject.org>
Date: Tue Feb 7 09:59:54 2017 -0500
Bump the version to 0.2.7.6-dev again
---
configure.ac | 2 +-
contrib/win32build/tor-mingw.nsi.in | 2 +-
src/win32/orconfig.h | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/configure.ac b/configure.ac
index 6c72971..d37c34d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -3,7 +3,7 @@ dnl Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson
dnl Copyright (c) 2007-2015, The Tor Project, Inc.
dnl See LICENSE for licensing information
-AC_INIT([tor],[0.2.7.6])
+AC_INIT([tor],[0.2.7.6-dev])
AC_CONFIG_SRCDIR([src/or/main.c])
AC_CONFIG_MACRO_DIR([m4])
AM_INIT_AUTOMAKE
diff --git a/contrib/win32build/tor-mingw.nsi.in b/contrib/win32build/tor-mingw.nsi.in
index 07cc315..08cef8d 100644
--- a/contrib/win32build/tor-mingw.nsi.in
+++ b/contrib/win32build/tor-mingw.nsi.in
@@ -8,7 +8,7 @@
!include "LogicLib.nsh"
!include "FileFunc.nsh"
!insertmacro GetParameters
-!define VERSION "0.2.7.6"
+!define VERSION "0.2.7.6-dev"
!define INSTALLER "tor-${VERSION}-win32.exe"
!define WEBSITE "https://www.torproject.org/"
!define LICENSE "LICENSE"
diff --git a/src/win32/orconfig.h b/src/win32/orconfig.h
index 822e261..8b687c8 100644
--- a/src/win32/orconfig.h
+++ b/src/win32/orconfig.h
@@ -232,7 +232,7 @@
#define USING_TWOS_COMPLEMENT
/* Version number of package */
-#define VERSION "0.2.7.6"
+#define VERSION "0.2.7.6-dev"
1
0

[tor/maint-0.3.0] Changelog for 0.2.7.4-rc (plan to release tomorrow)
by nickm@torproject.org 28 Feb '17
by nickm@torproject.org 28 Feb '17
28 Feb '17
commit 976f392f133a826e44b91244123e104d742ce31e
Author: Nick Mathewson <nickm(a)torproject.org>
Date: Mon Oct 19 11:15:45 2015 -0400
Changelog for 0.2.7.4-rc (plan to release tomorrow)
---
ChangeLog | 45 +++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 45 insertions(+)
diff --git a/ChangeLog b/ChangeLog
index 46005a9..0a57f7d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,48 @@
+Changes in version 0.2.7.4-rc - 2015-10-20
+ Tor 0.2.7.4-rc is the second release candidate in the 0.2.7 servies.
+ It a few small bugfixes, notably fixes for compilation and portability
+ on different platforms. If no further significant bounds are found,
+ the next release will the the official stable release.
+
+ o Minor features (geoIP):
+ - Update geoip and geoip6 to the October 9 2015 Maxmind GeoLite2
+ Country database.
+
+ o Minor bugfixes (compilation):
+ - Repair compilation with the most recent (unreleased, alpha)
+ vesions of OpenSSL 1.1. Fixes part of ticket 17237.
+ - Fix an integer overflow warning in test_crypto_slow.c. Fixes bug
+ 17251; bugfix on 0.2.7.2-alpha.
+ - Fix compilation of sandbox.c with musl-libc. Fixes bug 17347;
+ bugfix on 0.2.5.1-alpha. Patch from 'jamestk'.
+
+ o Minor bugfixes (portability):
+ - Use libexecinfo on FreeBSD, to enable backtrace support. Fixes
+ part of bug 17151; bugfix on 0.2.5.2-alpha. Patch from
+ Marcin Cieślak.
+
+ o Minor bugfixes (sandbox):
+ - Add the "hidserv-stats" filename to our sandbox filter for the
+ HiddenServiceStatistics option to work properly. Fixes bug 17354;
+ bugfix on tor-0.2.6.2-alpha~54^2~1. Patch from David Goulet.
+
+ o Minor bugfixes (testing):
+ - Add unit tests for get_interface_address* failure cases. Fixes bug
+ 17173; bugfix on 0.2.7.3-rc. Patch by fk/teor.
+ - Fix breakage when running 'make check' with BSD make. Fixes bug
+ 17154; bugfix on 0.2.7.3-rc. Patch by Marcin Cieślak.
+ - Make the get_ifaddrs_* unit tests more tolerant of different
+ network configurations. (Don't assume every test box has an IPv4
+ address, and Don't assume every test box has a non-localhost
+ address. Fixes bug 17255; bugfix on 0.2.7.3-rc. Patch by "teor".
+ - Skip backtrace tests when backtrace support is not compiled in.
+ Fixes part of bug 17151; bugfix on 0.2.7.1-alpha. Patch from
+ Marcin Cieślak.
+
+ o Documentation:
+ - Fix capitalization of SOCKS in sample torrc. Closes ticket 15609.
+
+
Changes in version 0.2.7.3-rc - 2015-09-25
Tor 0.2.7.3-rc is the first release candidate in the 0.2.7 series. It
contains numerous usability fixes for Ed25519 keys, safeguards against
1
0

28 Feb '17
commit 67f0b51c9239dd1d2318007e3f503d4e09c3097b
Merge: 976f392 8378a33
Author: Nick Mathewson <nickm(a)torproject.org>
Date: Mon Oct 19 11:20:03 2015 -0400
Merge branch 'maint-0.2.7' into release-0.2.7
configure.ac | 2 +-
contrib/win32build/tor-mingw.nsi.in | 2 +-
src/win32/orconfig.h | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
1
0

28 Feb '17
commit 0549c019675840171fb764c8bb593309534ccadc
Author: Nick Mathewson <nickm(a)torproject.org>
Date: Fri Nov 13 08:58:18 2015 -0500
add a dedication paragraph; reflow another.
---
ReleaseNotes | 23 ++++++++++++++++++-----
1 file changed, 18 insertions(+), 5 deletions(-)
diff --git a/ReleaseNotes b/ReleaseNotes
index ef173af..3540497 100644
--- a/ReleaseNotes
+++ b/ReleaseNotes
@@ -1,19 +1,32 @@
-
This document summarizes new features and bugfixes in each stable release
of Tor. If you want to see more detailed descriptions of the changes in
each development snapshot, see the ChangeLog file.
Changes in version 0.2.7.5 - 2015-11-1?
+ The Tor 0.2.7 release series is dedicated to the memory of Tor user
+ and privacy advocate Caspar Bowden (1961-2015). Caspar worked
+ tirelessly to advocate human rights regardless of national borders,
+ and oppose the encroachments of mass surveillance. He opposed national
+ exceptionalism; he brought clarity to legal and policy debates; he
+ understood and predicted the impact of mass surveillance on the world;
+ and he laid the groundwork for resisting it. While serving on the Tor
+ Project's board of directors, he brought us his uncompromising focus
+ on technical excellence in the service of humankind. Caspar was an
+ inimitable force for good and a wonderful friend. He was kind,
+ humorous, generous, gallant, and believed we should protect one
+ another without exception. We honor him here for his ideals, his
+ efforts, and his accomplishments. Please honor his memory with works
+ that would make him proud.
+
Tor 0.2.7.5 is the first stable release in the Tor 0.2.7 series.
The 0.2.7 series adds a more secure identity key type for relays,
improves cryptography performance, resolves several longstanding
hidden-service performance issues, improves controller support for
hidden services, and includes small bugfixes and performance
- improvements throughout the program. This release series also
- includes more tests than before, and significant simplifications
- to which parts of Tor invoke which others. For a full list of
- changes, see below.
+ improvements throughout the program. This release series also includes
+ more tests than before, and significant simplifications to which parts
+ of Tor invoke which others. For a full list of changes, see below.
o New system requirements:
- Tor no longer includes workarounds to support Libevent versions
1
0

28 Feb '17
commit f55d23e1e66e9b0f6971016a9c880341e0209db0
Author: Nick Mathewson <nickm(a)torproject.org>
Date: Wed Oct 21 15:13:31 2015 -0400
remove a comma that coderman didn't like
---
ChangeLog | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 5226fef..0e6fe6a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -38,9 +38,8 @@ Changes in version 0.2.7.4-rc - 2015-10-21
bugfix on 0.2.5.1-alpha. Patch from 'jamestk'.
o Minor bugfixes (portability):
- - Use libexecinfo on FreeBSD, to enable backtrace support. Fixes
- part of bug 17151; bugfix on 0.2.5.2-alpha. Patch from
- Marcin Cieślak.
+ - Use libexecinfo on FreeBSD to enable backtrace support. Fixes part
+ of bug 17151; bugfix on 0.2.5.2-alpha. Patch from Marcin Cieślak.
o Minor bugfixes (sandbox):
- Add the "hidserv-stats" filename to our sandbox filter for the
1
0
commit 7bce3efb9e86e13a7cb40163bc5ec35807ef1c1b
Author: Nick Mathewson <nickm(a)torproject.org>
Date: Thu Nov 5 09:24:33 2015 -0500
Start the ReleaseNotes for 0.2.7.5.
This is just the changelogs for 0.2.7.[1234]-{alpha,rc} passed through
sortChanges.pl.
---
ReleaseNotes | 781 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 781 insertions(+)
diff --git a/ReleaseNotes b/ReleaseNotes
index 44cda49..b84c4da 100644
--- a/ReleaseNotes
+++ b/ReleaseNotes
@@ -2,6 +2,787 @@
This document summarizes new features and bugfixes in each stable release
of Tor. If you want to see more detailed descriptions of the changes in
each development snapshot, see the ChangeLog file.
+
+Changes in version 0.2.7.5- 2015-11-??
+ XXXX WRITE A BLURB
+
+ o Major features (controller):
+ - Add the ADD_ONION and DEL_ONION commands that allow the creation
+ and management of hidden services via the controller. Closes
+ ticket 6411.
+ - New "GETINFO onions/current" and "GETINFO onions/detached"
+ commands to get information about hidden services created via the
+ controller. Part of ticket 6411.
+ - New HSFETCH command to launch a request for a hidden service
+ descriptor. Closes ticket 14847.
+ - New HSPOST command to upload a hidden service descriptor. Closes
+ ticket 3523. Patch by "DonnchaC".
+
+ o Major features (Ed25519 identity keys, Proposal 220):
+ - Add support for offline encrypted Ed25519 master keys. To use this
+ feature on your tor relay, run "tor --keygen" to make a new master
+ key (or to make a new signing key if you already have a master
+ key). Closes ticket 13642.
+ - All relays now maintain a stronger identity key, using the Ed25519
+ elliptic curve signature format. This master key is designed so
+ that it can be kept offline. Relays also generate an online
+ signing key, and a set of other Ed25519 keys and certificates.
+ These are all automatically regenerated and rotated as needed.
+ Implements part of ticket 12498.
+ - Directory authorities now vote on Ed25519 identity keys along with
+ RSA1024 keys. Implements part of ticket 12498.
+ - Directory authorities track which Ed25519 identity keys have been
+ used with which RSA1024 identity keys, and do not allow them to
+ vary freely. Implements part of ticket 12498.
+ - Microdescriptors now include Ed25519 identity keys. Implements
+ part of ticket 12498.
+
+ o Major features (Ed25519 keys, keypinning):
+ - The key-pinning option on directory authorities is now advisory-
+ only by default. In a future version, or when the AuthDirPinKeys
+ option is set, pins are enforced again. Disabling key-pinning
+ seemed like a good idea so that we can survive the fallout of any
+ usability problems associated with Ed25519 keys. Closes
+ ticket 17135.
+
+ o Major features (Ed25519 performance):
+ - Improve the runtime speed of Ed25519 signature verification by
+ using Ed25519-donna's batch verification support. Implements
+ ticket 16533.
+ - Improve the speed of Ed25519 operations and Curve25519 keypair
+ generation when built targeting 32 bit x86 platforms with SSE2
+ available. Implements ticket 16535.
+
+ o Major features (Hidden services):
+ - Add the torrc option HiddenServiceNumIntroductionPoints, to
+ specify a fixed number of introduction points. Its maximum value
+ is 10 and default is 3. Using this option can increase a hidden
+ service's reliability under load, at the cost of making it more
+ visible that the hidden service is facing extra load. Closes
+ ticket 4862.
+ - Remove the adaptive algorithm for choosing the number of
+ introduction points, which used to change the number of
+ introduction points (poorly) depending on the number of
+ connections the HS sees. Closes ticket 4862.
+
+ o Major features (onion key cross-certification):
+ - Relay descriptors now include signatures of their own identity
+ keys, made using the TAP and ntor onion keys. These signatures
+ allow relays to prove ownership of their own onion keys. Because
+ of this change, microdescriptors will no longer need to include
+ RSA identity keys. Implements proposal 228; closes ticket 12499.
+
+ o Major features (performance testing):
+ - The test-network.sh script now supports performance testing.
+ Requires corresponding chutney performance testing changes. Patch
+ by "teor". Closes ticket 14175.
+
+ o Major features (performance):
+ - Improve the runtime speed of Ed25519 operations by using the
+ public-domain Ed25519-donna by Andrew M. ("floodyberry").
+ Implements ticket 16467.
+ - Improve the runtime speed of the ntor handshake by using an
+ optimized curve25519 basepoint scalarmult implementation from the
+ public-domain Ed25519-donna by Andrew M. ("floodyberry"), based on
+ ideas by Adam Langley. Implements ticket 9663.
+
+ o Major features (relay, Ed25519):
+ - Add a --newpass option to allow changing or removing the
+ passphrase of an encrypted key with tor --keygen. Implements part
+ of ticket 16769.
+ - Add a new OfflineMasterKey option to tell Tor never to try loading
+ or generating a secret Ed25519 identity key. You can use this in
+ combination with tor --keygen to manage offline and/or encrypted
+ Ed25519 keys. Implements ticket 16944.
+ - On receiving a HUP signal, check to see whether the Ed25519
+ signing key has changed, and reload it if so. Closes ticket 16790.
+ - Significant usability improvements for Ed25519 key management. Log
+ messages are better, and the code can recover from far more
+ failure conditions. Thanks to "s7r" for reporting and diagnosing
+ so many of these!
+
+ o Major features (security, hidden services):
+ - Hidden services, if using the EntryNodes option, are required to
+ use more than one EntryNode, in order to avoid a guard discovery
+ attack. (This would only affect people who had configured hidden
+ services and manually specified the EntryNodes option with a
+ single entry-node. The impact was that it would be easy to
+ remotely identify the guard node used by such a hidden service.
+ See ticket for more information.) Fixes ticket 14917.
+
+ o Major bugfixes (client-side privacy, also in 0.2.6.9):
+ - Properly separate out each SOCKSPort when applying stream
+ isolation. The error occurred because each port's session group
+ was being overwritten by a default value when the listener
+ connection was initialized. Fixes bug 16247; bugfix on
+ 0.2.6.3-alpha. Patch by "jojelino".
+
+ o Major bugfixes (correctness):
+ - Fix a use-after-free bug in validate_intro_point_failure(). Fixes
+ bug 17401; bugfix on 0.2.7.3-rc.
+
+ o Major bugfixes (hidden service clients, stability, also in 0.2.6.10):
+ - Stop refusing to store updated hidden service descriptors on a
+ client. This reverts commit 9407040c59218 (which indeed fixed bug
+ 14219, but introduced a major hidden service reachability
+ regression detailed in bug 16381). This is a temporary fix since
+ we can live with the minor issue in bug 14219 (it just results in
+ some load on the network) but the regression of 16381 is too much
+ of a setback. First-round fix for bug 16381; bugfix
+ on 0.2.6.3-alpha.
+
+ o Major bugfixes (hidden services):
+ - Revert commit that made directory authorities assign the HSDir
+ flag to relay without a DirPort; this was bad because such relays
+ can't handle BEGIN_DIR cells. Fixes bug 15850; bugfix
+ on tor-0.2.6.3-alpha.
+ - When cannibalizing a circuit for an introduction point, always
+ extend to the chosen exit node (creating a 4 hop circuit).
+ Previously Tor would use the current circuit exit node, which
+ changed the original choice of introduction point, and could cause
+ the hidden service to skip excluded introduction points or
+ reconnect to a skipped introduction point. Fixes bug 16260; bugfix
+ on 0.1.0.1-rc.
+
+ o Major bugfixes (memory leaks):
+ - Fix a memory leak in ed25519 batch signature checking. Fixes bug
+ 17398; bugfix on 0.2.6.1-alpha.
+ - Fix a memory leak in rend_cache_failure_entry_free(). Fixes bug
+ 17402; bugfix on 0.2.7.3-rc.
+ - Fix a memory leak when reading an expired signing key from disk.
+ Fixes bug 17403; bugfix on 0.2.7.2-rc.
+
+ o Major bugfixes (open file limit):
+ - The open file limit wasn't checked before calling
+ tor_accept_socket_nonblocking(), which would make Tor exceed the
+ limit. Now, before opening a new socket, Tor validates the open
+ file limit just before, and if the max has been reached, return an
+ error. Fixes bug 16288; bugfix on 0.1.1.1-alpha.
+
+ o Major bugfixes (relay, Ed25519):
+ - Avoid crashing on 'tor --keygen'. Fixes bug 16679; bugfix on
+ 0.2.7.2-alpha. Reported by "s7r".
+ - Improve handling of expired signing keys with offline master keys.
+ Fixes bug 16685; bugfix on 0.2.7.2-alpha. Reported by "s7r".
+
+ o Major bugfixes (security, correctness):
+ - Fix an error that could cause us to read 4 bytes before the
+ beginning of an openssl string. This bug could be used to cause
+ Tor to crash on systems with unusual malloc implementations, or
+ systems with unusual hardening installed. Fixes bug 17404; bugfix
+ on 0.2.3.6-alpha.
+
+ o Major bugfixes (stability, also in 0.2.6.10):
+ - Stop crashing with an assertion failure when parsing certain kinds
+ of malformed or truncated microdescriptors. Fixes bug 16400;
+ bugfix on 0.2.6.1-alpha. Found by "torkeln"; fix based on a patch
+ by "cypherpunks_backup".
+ - Stop random client-side assertion failures that could occur when
+ connecting to a busy hidden service, or connecting to a hidden
+ service while a NEWNYM is in progress. Fixes bug 16013; bugfix
+ on 0.1.0.1-rc.
+
+ o Minor features (client):
+ - Add GroupWritable and WorldWritable options to unix-socket based
+ SocksPort and ControlPort options. These options apply to a single
+ socket, and override {Control,Socks}SocketsGroupWritable. Closes
+ ticket 15220.
+ - Relax the validation done to hostnames in SOCKS5 requests, and
+ allow a single trailing '.' to cope with clients that pass FQDNs
+ using that syntax to explicitly indicate that the domain name is
+ fully-qualified. Fixes bug 16674; bugfix on 0.2.6.2-alpha.
+ - Relax the validation of hostnames in SOCKS5 requests, allowing the
+ character '_' to appear, in order to cope with domains observed in
+ the wild that are serving non-RFC compliant records. Resolves
+ ticket 16430.
+
+ o Minor features (client-side privacy):
+ - New KeepAliveIsolateSOCKSAuth option to indefinitely extend circuit
+ lifespan when IsolateSOCKSAuth and streams with SOCKS
+ authentication are attached to the circuit. This allows
+ applications like TorBrowser to manage circuit lifetime on their
+ own. Implements feature 15482.
+ - When logging malformed hostnames from SOCKS5 requests, respect
+ SafeLogging configuration. Fixes bug 16891; bugfix on 0.1.1.16-rc.
+
+ o Minor features (clock-jump tolerance):
+ - Recover better when our clock jumps back many hours, like might
+ happen for Tails or Whonix users who start with a very wrong
+ hardware clock, use Tor to discover a more accurate time, and then
+ fix their clock. Resolves part of ticket 8766.
+
+ o Minor features (command-line interface):
+ - Make --hash-password imply --hush to prevent unnecessary noise.
+ Closes ticket 15542. Patch from "cypherpunks".
+ - Print a warning whenever we find a relative file path being used
+ as torrc option. Resolves issue 14018.
+
+ o Minor features (compilation):
+ - Fail during configure if we're trying to build against an OpenSSL
+ built without ECC support. Fixes bug 17109, bugfix on 0.2.7.1-alpha
+ which started requiring ECC.
+ - Give a warning as early as possible when trying to build with an
+ unsupported OpenSSL version. Closes ticket 16901.
+
+ o Minor features (control protocol):
+ - Support network-liveness GETINFO key and NETWORK_LIVENESS event in
+ the control protocol. Resolves ticket 15358.
+
+ o Minor features (controller):
+ - Add DirAuthority lines for default directory authorities to the
+ output of the "GETINFO config/defaults" command if not already
+ present. Implements ticket 14840.
+ - Controllers can now use "GETINFO hs/client/desc/id/..." to
+ retrieve items from the client's hidden service descriptor cache.
+ Closes ticket 14845.
+ - Implement a new controller command "GETINFO status/fresh-relay-
+ descs" to fetch a descriptor/extrainfo pair that was generated on
+ demand just for the controller's use. Implements ticket 14784.
+
+ o Minor features (directory authorities):
+ - Directory authorities no longer vote against the "Fast", "Stable",
+ and "HSDir" flags just because they were going to vote against
+ "Running": if the consensus turns out to be that the router was
+ running, then the authority's vote should count. Patch from Peter
+ Retzlaff; closes issue 8712.
+
+ o Minor features (directory authorities, security, also in 0.2.6.9):
+ - The HSDir flag given by authorities now requires the Stable flag.
+ For the current network, this results in going from 2887 to 2806
+ HSDirs. Also, it makes it harder for an attacker to launch a sybil
+ attack by raising the effort for a relay to become Stable to
+ require at the very least 7 days, while maintaining the 96 hours
+ uptime requirement for HSDir. Implements ticket 8243.
+
+ o Minor features (DoS-resistance):
+ - Make it harder for attackers to overload hidden services with
+ introductions, by blocking multiple introduction requests on the
+ same circuit. Resolves ticket 15515.
+
+ o Minor features (geoIP):
+ - Update geoip and geoip6 to the October 9 2015 Maxmind GeoLite2
+ Country database.
+ - Update geoip and geoip6 to the September 3 2015 Maxmind GeoLite2
+ Country database.
+ - Update geoip to the April 8 2015 Maxmind GeoLite2 Country database.
+ - Update geoip6 to the April 8 2015 Maxmind GeoLite2
+ Country database.
+
+ o Minor features (geoip, also in 0.2.6.10):
+ - Update geoip to the June 3 2015 Maxmind GeoLite2 Country database.
+ - Update geoip6 to the June 3 2015 Maxmind GeoLite2 Country database.
+
+ o Minor features (hidden services):
+ - Add the new options "HiddenServiceMaxStreams" and
+ "HiddenServiceMaxStreamsCloseCircuit" to allow hidden services to
+ limit the maximum number of simultaneous streams per circuit, and
+ optionally tear down the circuit when the limit is exceeded. Part
+ of ticket 16052.
+ - Client now uses an introduction point failure cache to know when
+ to fetch or keep a descriptor in their cache. Previously, failures
+ were recorded implicitly, but not explicitly remembered. Closes
+ ticket 16389.
+ - Relays need to have the Fast flag to get the HSDir flag. As this
+ is being written, we'll go from 2745 HSDirs down to 2342, a ~14%
+ drop. This change should make some attacks against the hidden
+ service directory system harder. Fixes ticket 15963.
+ - Turn on hidden service statistics collection by setting the torrc
+ option HiddenServiceStatistics to "1" by default. (This keeps
+ track only of the fraction of traffic used by hidden services, and
+ the total number of hidden services in existence.) Closes
+ ticket 15254.
+
+ o Minor features (HS popularity countermeasure):
+ - To avoid leaking HS popularity, don't cycle the introduction point
+ when we've handled a fixed number of INTRODUCE2 cells but instead
+ cycle it when a random number of introductions is reached, thus
+ making it more difficult for an attacker to find out the amount of
+ clients that have used the introduction point for a specific HS.
+ Closes ticket 15745.
+
+ o Minor features (logging):
+ - Include the Tor version in all LD_BUG log messages, since people
+ tend to cut and paste those into the bugtracker. Implements
+ ticket 15026.
+
+ o Minor features (pluggable transports):
+ - When launching managed pluggable transports on Linux systems,
+ attempt to have the kernel deliver a SIGTERM on tor exit if the
+ pluggable transport process is still running. Resolves
+ ticket 15471.
+ - When launching managed pluggable transports, setup a valid open
+ stdin in the child process that can be used to detect if tor has
+ terminated. The "TOR_PT_EXIT_ON_STDIN_CLOSE" environment variable
+ can be used by implementations to detect this new behavior.
+ Resolves ticket 15435.
+
+ o Minor features (portability):
+ - Use C99 variadic macros when the compiler is not GCC. This avoids
+ failing compilations on MSVC, and fixes a log-file-based race
+ condition in our old workarounds. Original patch from Gisle Vanem.
+
+ o Minor features (testing):
+ - Add a test to verify that the compiler does not eliminate our
+ memwipe() implementation. Closes ticket 15377.
+ - Add make rule `check-changes` to verify the format of changes
+ files. Closes ticket 15180.
+ - Add unit tests for control_event_is_interesting(). Add a compile-
+ time check that the number of events doesn't exceed the capacity
+ of control_event_t.event_mask. Closes ticket 15431, checks for
+ bugs similar to 13085. Patch by "teor".
+ - Command-line argument tests moved to Stem. Resolves ticket 14806.
+ - Integrate the ntor, backtrace, and zero-length keys tests into the
+ automake test suite. Closes ticket 15344.
+ - Remove assertions during builds to determine Tor's test coverage.
+ We don't want to trigger these even in assertions, so including
+ them artificially makes our branch coverage look worse than it is.
+ This patch provides the new test-stem-full and coverage-html-full
+ configure options. Implements ticket 15400.
+
+ o Minor features (testing, authorities, documentation):
+ - New TestingDirAuthVote{Exit,Guard,HSDir}IsStrict flags to
+ explicitly manage consensus flags in testing networks. Patch by
+ "robgjansen", modified by "teor". Implements part of ticket 14882.
+
+ o Minor bug fixes (torrc exit policies):
+ - In each instance above, usage advice is provided to avoid the
+ message. Resolves ticket 16069. Patch by "teor". Fixes part of bug
+ 16069; bugfix on 0.2.4.7-alpha.
+ - In torrc, "accept6 *" and "reject6 *" ExitPolicy lines now only
+ produce IPv6 wildcard addresses. Previously they would produce
+ both IPv4 and IPv6 wildcard addresses. Patch by "teor". Fixes part
+ of bug 16069; bugfix on 0.2.4.7-alpha.
+ - When parsing torrc ExitPolicies, we now issue an info-level
+ message when expanding an "accept/reject *" line to include both
+ IPv4 and IPv6 wildcard addresses. Related to ticket 16069.
+ - When parsing torrc ExitPolicies, we now warn for a number of cases
+ where the user's intent is likely to differ from Tor's actual
+ behavior. These include: using an IPv4 address with an accept6 or
+ reject6 line; using "private" on an accept6 or reject6 line; and
+ including any ExitPolicy lines after accept *:* or reject *:*.
+ Related to ticket 16069.
+
+ o Minor bugfixes (authority):
+ - Don't assign "HSDir" to a router if it isn't Valid and Running.
+ Fixes bug 16524; bugfix on 0.2.7.2-alpha.
+ - Downgrade log messages about Ed25519 key issues if they are in old
+ cached router descriptors. Fixes part of bug 16286; bugfix
+ on 0.2.7.2-alpha.
+ - When we find an Ed25519 key issue in a cached descriptor, stop
+ saying the descriptor was just "uploaded". Fixes another part of
+ bug 16286; bugfix on 0.2.7.2-alpha.
+
+ o Minor bugfixes (build):
+ - Improve out-of-tree builds by making non-standard rules work and
+ clean up additional files and directories. Fixes bug 15053; bugfix
+ on 0.2.7.0-alpha.
+
+ o Minor bugfixes (command-line interface):
+ - When "--quiet" is provided along with "--validate-config", do not
+ write anything to stdout on success. Fixes bug 14994; bugfix
+ on 0.2.3.3-alpha.
+ - When complaining about bad arguments to "--dump-config", use
+ stderr, not stdout.
+
+ o Minor bugfixes (compilation):
+ - Fix an integer overflow warning in test_crypto_slow.c. Fixes bug
+ 17251; bugfix on 0.2.7.2-alpha.
+ - Fix compilation of sandbox.c with musl-libc. Fixes bug 17347;
+ bugfix on 0.2.5.1-alpha. Patch from 'jamestk'.
+ - Repair compilation with the most recent (unreleased, alpha)
+ vesions of OpenSSL 1.1. Fixes part of ticket 17237.
+
+ o Minor bugfixes (compilation, also in 0.2.6.9):
+ - Build with --enable-systemd correctly when libsystemd is
+ installed, but systemd is not. Fixes bug 16164; bugfix on
+ 0.2.6.3-alpha. Patch from Peter Palfrader.
+
+ o Minor bugfixes (configuration, unit tests):
+ - Only add the default fallback directories when the DirAuthorities,
+ AlternateDirAuthority, and FallbackDir directory config options
+ are set to their defaults. The default fallback directory list is
+ currently empty, this fix will only change tor's behavior when it
+ has default fallback directories. Includes unit tests for
+ consider_adding_dir_servers(). Fixes bug 15642; bugfix on
+ 90f6071d8dc0 in 0.2.4.7-alpha. Patch by "teor".
+
+ o Minor bugfixes (control port):
+ - Repair a warning and a spurious result when getting the maximum
+ number of file descriptors from the controller. Fixes bug 16697;
+ bugfix on 0.2.7.2-alpha.
+
+ o Minor bugfixes (controller):
+ - Add the descriptor ID in each HS_DESC control event. It was
+ missing, but specified in control-spec.txt. Fixes bug 15881;
+ bugfix on 0.2.5.2-alpha.
+
+ o Minor bugfixes (correctness):
+ - For correctness, avoid modifying a constant string in
+ handle_control_postdescriptor. Fixes bug 15546; bugfix
+ on 0.1.1.16-rc.
+ - Remove side-effects from tor_assert() calls. This was harmless,
+ because we never disable assertions, but it is bad style and
+ unnecessary. Fixes bug 15211; bugfix on 0.2.5.5, 0.2.2.36,
+ and 0.2.0.10.
+ - When calling channel_free_list(), avoid calling smartlist_remove()
+ while inside a FOREACH loop. This partially reverts commit
+ 17356fe7fd96af where the correct SMARTLIST_DEL_CURRENT was
+ incorrectly removed. Fixes bug 16924; bugfix on 0.2.4.4-alpha.
+
+ o Minor bugfixes (crypto error-handling, also in 0.2.6.10):
+ - Check for failures from crypto_early_init, and refuse to continue.
+ A previous typo meant that we could keep going with an
+ uninitialized crypto library, and would have OpenSSL initialize
+ its own PRNG. Fixes bug 16360; bugfix on 0.2.5.2-alpha, introduced
+ when implementing ticket 4900. Patch by "teor".
+
+ o Minor bugfixes (documentation):
+ - Advise users on how to configure separate IPv4 and IPv6 exit
+ policies in the manpage and sample torrcs. Related to ticket 16069.
+ - Fix an error in the manual page and comments for
+ TestingDirAuthVoteHSDir[IsStrict], which suggested that a HSDir
+ required "ORPort connectivity". While this is true, it is in no
+ way unique to the HSDir flag. Of all the flags, only HSDirs need a
+ DirPort configured in order for the authorities to assign that
+ particular flag. Patch by "teor". Fixed as part of 14882; bugfix
+ on 0.2.6.3-alpha.
+ - Fix the usage message of tor-resolve(1) so that it no longer lists
+ the removed -F option. Fixes bug 16913; bugfix on 0.2.2.28-beta.
+
+ o Minor bugfixes (Ed25519):
+ - Fix a memory leak when reading router descriptors with expired
+ Ed25519 certificates. Fixes bug 16539; bugfix on 0.2.7.2-alpha.
+
+ o Minor bugfixes (hidden service):
+ - Fix an out-of-bounds read when parsing invalid INTRODUCE2 cells on
+ a client authorized hidden service. Fixes bug 15823; bugfix
+ on 0.2.1.6-alpha.
+ - Remove an extraneous newline character from the end of hidden
+ service descriptors. Fixes bug 15296; bugfix on 0.2.0.10-alpha.
+
+ o Minor bugfixes (hidden services):
+ - Avoid crashing with a double-free bug when we create an ephemeral
+ hidden service but adding it fails for some reason. Fixes bug
+ 16228; bugfix on 0.2.7.1-alpha.
+ - Fix a crash when reloading configuration while at least one
+ configured and one ephemeral hidden service exists. Fixes bug
+ 16060; bugfix on 0.2.7.1-alpha.
+
+ o Minor bugfixes (interface):
+ - Print usage information for --dump-config when it is used without
+ an argument. Also, fix the error message to use different wording
+ and add newline at the end. Fixes bug 15541; bugfix
+ on 0.2.5.1-alpha.
+
+ o Minor bugfixes (Linux seccomp2 sandbox):
+ - Use the sandbox in tor_open_cloexec whether or not O_CLOEXEC is
+ defined. Patch by "teor". Fixes bug 16515; bugfix on 0.2.3.1-alpha.
+ - Allow bridge authorities to run correctly under the seccomp2
+ sandbox. Fixes bug 16964; bugfix on 0.2.5.1-alpha.
+ - Allow routers with ed25519 keys to run correctly under the
+ seccomp2 sandbox. Fixes bug 16965; bugfix on 0.2.7.2-alpha.
+
+ o Minor bugfixes (Linux seccomp2 sandbox, also in 0.2.6.10):
+ - Allow pipe() and pipe2() syscalls in the seccomp2 sandbox: we need
+ these when eventfd2() support is missing. Fixes bug 16363; bugfix
+ on 0.2.6.3-alpha. Patch from "teor".
+
+ o Minor bugfixes (Linux seccomp2 sandbox, also in 0.2.6.9):
+ - Allow systemd connections to work with the Linux seccomp2 sandbox
+ code. Fixes bug 16212; bugfix on 0.2.6.2-alpha. Patch by
+ Peter Palfrader.
+ - Fix sandboxing to work when running as a relay, by allowing the
+ renaming of secret_id_key, and allowing the eventfd2 and futex
+ syscalls. Fixes bug 16244; bugfix on 0.2.6.1-alpha. Patch by
+ Peter Palfrader.
+
+ o Minor bugfixes (logs):
+ - When building Tor under Clang, do not include an extra set of
+ parentheses in log messages that include function names. Fixes bug
+ 15269; bugfix on every released version of Tor when compiled with
+ recent enough Clang.
+
+ o Minor bugfixes (network):
+ - When attempting to use fallback technique for network interface
+ lookup, disregard loopback and multicast addresses since they are
+ unsuitable for public communications.
+
+ o Minor bugfixes (open file limit):
+ - Fix set_max_file_descriptors() to set by default the max open file
+ limit to the current limit when setrlimit() fails. Fixes bug
+ 16274; bugfix on tor- 0.2.0.10-alpha. Patch by dgoulet.
+
+ o Minor bugfixes (portability):
+ - Check correctly for Windows socket errors in the workqueue
+ backend. Fixes bug 16741; bugfix on 0.2.6.3-alpha.
+ - Fix the behavior of crypto_rand_time_range() when told to consider
+ times before 1970. (These times were possible when running in a
+ simulated network environment where time()'s output starts at
+ zero.) Fixes bug 16980; bugfix on 0.2.7.1-alpha.
+ - Restore correct operation of TLS client-cipher detection on
+ OpenSSL 1.1. Fixes bug 14047; bugfix on 0.2.7.2-alpha.
+ - Try harder to normalize the exit status of the Tor process to the
+ standard-provided range. Fixes bug 16975; bugfix on every version
+ of Tor ever.
+ - Use libexecinfo on FreeBSD to enable backtrace support. Fixes part
+ of bug 17151; bugfix on 0.2.5.2-alpha. Patch from Marcin Cieślak.
+
+ o Minor bugfixes (relay):
+ - Ensure that worker threads actually exit when a fatal error or
+ shutdown is indicated. This fix doesn't currently affect the
+ behavior of Tor, because Tor workers never indicates fatal error
+ or shutdown except in the unit tests. Fixes bug 16868; bugfix
+ on 0.2.6.3-alpha.
+ - Fix a rarely-encountered memory leak when failing to initialize
+ the thread pool. Fixes bug 16631; bugfix on 0.2.6.3-alpha. Patch
+ from "cypherpunks".
+ - Unblock threads before releasing the work queue mutex to ensure
+ predictable scheduling behavior. Fixes bug 16644; bugfix
+ on 0.2.6.3-alpha.
+
+ o Minor bugfixes (sandbox):
+ - Add the "hidserv-stats" filename to our sandbox filter for the
+ HiddenServiceStatistics option to work properly. Fixes bug 17354;
+ bugfix on tor-0.2.6.2-alpha. Patch from David Goulet.
+
+ o Minor bugfixes (security, exit policies):
+ - ExitPolicyRejectPrivate now also rejects the relay's published
+ IPv6 address (if any), and any publicly routable IPv4 or IPv6
+ addresses on any local interfaces. ticket 17027. Patch by "teor".
+ Fixes bug 17027; bugfix on 0.2.0.11-alpha.
+
+ o Minor bugfixes (statistics):
+ - Disregard the ConnDirectionStatistics torrc options when Tor is
+ not a relay since in that mode of operation no sensible data is
+ being collected and because Tor might run into measurement hiccups
+ when running as a client for some time, then becoming a relay.
+ Fixes bug 15604; bugfix on 0.2.2.35.
+
+ o Minor bugfixes (systemd):
+ - Fix an accidental formatting error that broke the systemd
+ configuration file. Fixes bug 16152; bugfix on 0.2.7.1-alpha.
+ - Tor's systemd unit file no longer contains extraneous spaces.
+ These spaces would sometimes confuse tools like deb-systemd-
+ helper. Fixes bug 16162; bugfix on 0.2.5.5-alpha.
+
+ o Minor bugfixes (test networks):
+ - When self-testing reachability, use ExtendAllowPrivateAddresses to
+ determine if local/private addresses imply reachability. The
+ previous fix used TestingTorNetwork, which implies
+ ExtendAllowPrivateAddresses, but this excluded rare configurations
+ where ExtendAllowPrivateAddresses is set but TestingTorNetwork is
+ not. Fixes bug 15771; bugfix on 0.2.6.1-alpha. Patch by "teor",
+ issue discovered by CJ Ess.
+
+ o Minor bugfixes (testing):
+ - Add unit tests for get_interface_address* failure cases. Fixes bug
+ 17173; bugfix on 0.2.7.3-rc. Patch by fk/teor.
+ - Check for matching value in server response in ntor_ref.py. Fixes
+ bug 15591; bugfix on 0.2.4.8-alpha. Reported and fixed
+ by "joelanders".
+ - Fix breakage when running 'make check' with BSD make. Fixes bug
+ 17154; bugfix on 0.2.7.3-rc. Patch by Marcin Cieślak.
+ - Make the get_ifaddrs_* unit tests more tolerant of different
+ network configurations. (Don't assume every test box has an IPv4
+ address, and don't assume every test box has a non-localhost
+ address.) Fixes bug 17255; bugfix on 0.2.7.3-rc. Patch by "teor".
+ - Set the severity correctly when testing
+ get_interface_addresses_ifaddrs() and
+ get_interface_addresses_win32(), so that the tests fail gracefully
+ instead of triggering an assertion. Fixes bug 15759; bugfix on
+ 0.2.6.3-alpha. Reported by Nicolas Derive.
+ - Skip backtrace tests when backtrace support is not compiled in.
+ Fixes part of bug 17151; bugfix on 0.2.7.1-alpha. Patch from
+ Marcin Cieślak.
+
+ o Minor bugfixes (tests):
+ - Use the configured Python executable when running test-stem-full.
+ Fixes bug 16470; bugfix on 0.2.7.1-alpha.
+
+ o Minor bugfixes (tests, also in 0.2.6.9):
+ - Fix a crash in the unit tests when built with MSVC2013. Fixes bug
+ 16030; bugfix on 0.2.6.2-alpha. Patch from "NewEraCracker".
+
+ o Minor bugfixes (threads, comments):
+ - Always initialize return value in compute_desc_id in rendcommon.c
+ Patch by "teor". Fixes part of bug 16115; bugfix on 0.2.7.1-alpha.
+ - Check for NULL values in getinfo_helper_onions(). Patch by "teor".
+ Fixes part of bug 16115; bugfix on 0.2.7.1-alpha.
+ - Remove undefined directive-in-macro in test_util_writepid clang
+ 3.7 complains that using a preprocessor directive inside a macro
+ invocation in test_util_writepid in test_util.c is undefined.
+ Patch by "teor". Fixes part of bug 16115; bugfix on 0.2.7.1-alpha.
+
+ o Code simplification and refactoring:
+ - Change the function that's called when we need to retry all
+ downloads so that it only reschedules the downloads to happen
+ immediately, rather than launching them all at once itself. This
+ further simplifies Tor's callgraph.
+ - Define WINVER and _WIN32_WINNT centrally, in orconfig.h, in order
+ to ensure they remain consistent and visible everywhere.
+ - Move some format-parsing functions out of crypto.c and
+ crypto_curve25519.c into crypto_format.c and/or util_format.c.
+ - Move the client-only parts of init_keys() into a separate
+ function. Closes ticket 16763.
+ - Move the hacky fallback code out of get_interface_address6() into
+ separate function and get it covered with unit-tests. Resolves
+ ticket 14710.
+ - Refactor hidden service client-side cache lookup to intelligently
+ report its various failure cases, and disentangle failure cases
+ involving a lack of introduction points. Closes ticket 14391.
+ - Remove some vestigial workarounds for the MSVC6 compiler. We
+ haven't supported that in ages.
+ - Remove the unused "nulterminate" argument from buf_pullup().
+ - Simplify the microdesc_free() implementation so that it no longer
+ appears (to code analysis tools) to potentially invoke a huge
+ suite of other microdesc functions.
+ - Simply the control graph further by deferring the inner body of
+ directory_all_unreachable() into a callback. Closes ticket 16762.
+ - The link authentication code has been refactored for better
+ testability and reliability. It now uses code generated with the
+ "trunnel" binary encoding generator, to reduce the risk of bugs
+ due to programmer error. Done as part of ticket 12498.
+ - Treat the loss of an owning controller as equivalent to a SIGTERM
+ signal. This removes a tiny amount of duplicated code, and
+ simplifies our callgraph. Closes ticket 16788.
+ - Use our own Base64 encoder instead of OpenSSL's, to allow more
+ control over the output. Part of ticket 15652.
+ - When generating an event to send to the controller, we no longer
+ put the event over the network immediately. Instead, we queue
+ these events, and use a Libevent callback to deliver them. This
+ change simplifies Tor's callgraph by reducing the number of
+ functions from which all other Tor functions are reachable. Closes
+ ticket 16695.
+ - Wrap Windows-only C files inside '#ifdef _WIN32' so that tools
+ that try to scan or compile every file on Unix won't decide that
+ they are broken.
+
+ o Documentation:
+ - Fix capitalization of SOCKS in sample torrc. Closes ticket 15609.
+ - Improve the descriptions of statistics-related torrc options in
+ the manpage to describe rationale and possible uses cases. Fixes
+ issue 15550.
+ - Improve the layout and formatting of ./configure --help messages.
+ Closes ticket 15024. Patch from "cypherpunks".
+ - Include a specific and (hopefully) accurate documentation of the
+ torrc file's meta-format in doc/torrc_format.txt. This is mainly
+ of interest to people writing programs to parse or generate torrc
+ files. This document is not a commitment to long-term
+ compatibility; some aspects of the current format are a bit
+ ridiculous. Closes ticket 2325.
+ - Include the TUNING document in our source tarball. It is referred
+ to in the ChangeLog and an error message. Fixes bug 16929; bugfix
+ on 0.2.6.1-alpha.
+ - Note that HiddenServicePorts can take a unix domain socket. Closes
+ ticket 17364.
+ - Recommend a 40 GB example AccountingMax in torrc.sample rather
+ than a 4 GB max. Closes ticket 16742.
+ - Standardize on the term "server descriptor" in the manual page.
+ Previously, we had used "router descriptor", "server descriptor",
+ and "relay descriptor" interchangeably. Part of ticket 14987.
+
+ o New system requirements:
+ - Tor no longer includes workarounds to support Libevent versions
+ before 1.3e. Libevent 2.0 or later is recommended. Closes
+ ticket 15248.
+
+ o Removed code:
+ - Remove `USE_OPENSSL_BASE64` and the corresponding fallback code
+ and always use the internal Base64 decoder. The internal decoder
+ has been part of tor since tor-0.2.0.10-alpha, and no one should
+ be using the OpenSSL one. Part of ticket 15652.
+ - Remove the 'tor_strclear()' function; use memwipe() instead.
+ Closes ticket 14922.
+ - Remove the code that would try to aggressively flush controller
+ connections while writing to them. This code was introduced in
+ 0.1.2.7-alpha, in order to keep output buffers from exceeding
+ their limits. But there is no longer a maximum output buffer size,
+ and flushing data in this way caused some undesirable recursions
+ in our call graph. Closes ticket 16480.
+ - The internal pure-C tor-fw-helper tool is now removed from the Tor
+ distribution, in favor of the pure-Go clone available from
+ https://gitweb.torproject.org/tor-fw-helper.git/ . The libraries
+ used by the C tor-fw-helper are not, in our opinion, very
+ confidence- inspiring in their secure-programming techniques.
+ Closes ticket 13338.
+
+ o Removed features:
+ - Remove the (seldom-used) DynamicDHGroups feature. For anti-
+ fingerprinting we now recommend pluggable transports; for forward-
+ secrecy in TLS, we now use the P-256 group. Closes ticket 13736.
+ - Remove the HidServDirectoryV2 option. Now all relays offer to
+ store hidden service descriptors. Related to 16543.
+ - Remove the VoteOnHidServDirectoriesV2 option, since all
+ authorities have long set it to 1. Closes ticket 16543.
+ - Remove the undocumented "--digests" command-line option. It
+ complicated our build process, caused subtle build issues on
+ multiple platforms, and is now redundant since we started
+ including git version identifiers. Closes ticket 14742.
+ - Tor no longer contains checks for ancient directory cache versions
+ that didn't know about microdescriptors.
+ - Tor no longer contains workarounds for stat files generated by
+ super-old versions of Tor that didn't choose guards sensibly.
+ - Tor no longer supports copies of OpenSSL that are missing support
+ for Elliptic Curve Cryptography. (We began using ECC when
+ available in 0.2.4.8-alpha, for more safe and efficient key
+ negotiation.) In particular, support for at least one of P256 or
+ P224 is now required, with manual configuration needed if only
+ P224 is available. Resolves ticket 16140.
+ - Tor no longer supports versions of OpenSSL before 1.0. (If you are
+ on an operating system that has not upgraded to OpenSSL 1.0 or
+ later, and you compile Tor from source, you will need to install a
+ more recent OpenSSL to link Tor against.) These versions of
+ OpenSSL are still supported by the OpenSSL, but the numerous
+ cryptographic improvements in later OpenSSL releases makes them a
+ clear choice. Resolves ticket 16034.
+
+ o Testing:
+ - Add a new set of callgraph analysis scripts that use clang to
+ produce a list of which Tor functions are reachable from which
+ other Tor functions. We're planning to use these to help simplify
+ our code structure by identifying illogical dependencies.
+ - Add new 'test-full' and 'test-full-online' targets to run all
+ tests, including integration tests with stem and chutney.
+ - Autodetect CHUTNEY_PATH if the chutney and Tor sources are side-
+ by-side in the same parent directory. Closes ticket 16903. Patch
+ by "teor".
+ - Document use of coverity, clang static analyzer, and clang dynamic
+ undefined behavior and address sanitizers in doc/HACKING. Include
+ detailed usage instructions in the blacklist. Patch by "teor".
+ Closes ticket 15817.
+ - Make "bridges+hs" the default test network. This tests almost all
+ tor functionality during make test-network, while allowing tests
+ to succeed on non-IPv6 systems. Requires chutney commit 396da92 in
+ test-network-bridges-hs. Closes tickets 16945 (tor) and 16946
+ (chutney). Patches by "teor".
+ - Make the test-workqueue test work on Windows by initializing the
+ network before we begin.
+ - New make target (make test-network-all) to run multiple applicable
+ chutney test cases. Patch from Teor; closes 16953.
+ - Now that OpenSSL has its own scrypt implementation, add an unit
+ test that checks for interoperability between libscrypt_scrypt()
+ and OpenSSL's EVP_PBE_scrypt() so that we could not use libscrypt
+ and rely on EVP_PBE_scrypt() whenever possible. Resolves
+ ticket 16189.
+ - The link authentication protocol code now has extensive tests.
+ - The relay descriptor signature testing code now has
+ extensive tests.
+ - The test_workqueue program now runs faster, and is enabled by
+ default as a part of "make check".
+ - Unit test dns_resolve(), dns_clip_ttl() and dns_get_expiry_ttl()
+ functions in dns.c. Implements a portion of ticket 16831.
+ - Use environment variables rather than autoconf substitutions to
+ send variables from the build system to the test scripts. This
+ change should be easier to maintain, and cause 'make distcheck' to
+ work better than before. Fixes bug 17148.
+ - When building Tor with testing coverage enabled, run Chutney tests
+ (if any) using the 'tor-cov' coverage binary.
+ - When running test-network or test-stem, check for the absence of
+ stem/chutney before doing any build operations.
+
+
+
+
Changes in version 0.2.6.10 - 2015-07-12
Tor version 0.2.6.10 fixes some significant stability and hidden
service client bugs, bulletproofs the cryptography init process, and
1
0

[tor/maint-0.3.0] Remove all bugfix-on-0.2.7.x items from ReleaseNotes
by nickm@torproject.org 28 Feb '17
by nickm@torproject.org 28 Feb '17
28 Feb '17
commit 6292a3fcf48ec5b177cee8cec1b542661ae2bb54
Author: Nick Mathewson <nickm(a)torproject.org>
Date: Thu Nov 5 09:29:27 2015 -0500
Remove all bugfix-on-0.2.7.x items from ReleaseNotes
---
ReleaseNotes | 90 ++----------------------------------------------------------
1 file changed, 2 insertions(+), 88 deletions(-)
diff --git a/ReleaseNotes b/ReleaseNotes
index b84c4da..131d015 100644
--- a/ReleaseNotes
+++ b/ReleaseNotes
@@ -4,7 +4,7 @@ of Tor. If you want to see more detailed descriptions of the changes in
each development snapshot, see the ChangeLog file.
Changes in version 0.2.7.5- 2015-11-??
- XXXX WRITE A BLURB
+ XXXX WRITE A BLURB XXXX
o Major features (controller):
- Add the ADD_ONION and DEL_ONION commands that allow the creation
@@ -117,10 +117,6 @@ Changes in version 0.2.7.5- 2015-11-??
connection was initialized. Fixes bug 16247; bugfix on
0.2.6.3-alpha. Patch by "jojelino".
- o Major bugfixes (correctness):
- - Fix a use-after-free bug in validate_intro_point_failure(). Fixes
- bug 17401; bugfix on 0.2.7.3-rc.
-
o Major bugfixes (hidden service clients, stability, also in 0.2.6.10):
- Stop refusing to store updated hidden service descriptors on a
client. This reverts commit 9407040c59218 (which indeed fixed bug
@@ -147,10 +143,6 @@ Changes in version 0.2.7.5- 2015-11-??
o Major bugfixes (memory leaks):
- Fix a memory leak in ed25519 batch signature checking. Fixes bug
17398; bugfix on 0.2.6.1-alpha.
- - Fix a memory leak in rend_cache_failure_entry_free(). Fixes bug
- 17402; bugfix on 0.2.7.3-rc.
- - Fix a memory leak when reading an expired signing key from disk.
- Fixes bug 17403; bugfix on 0.2.7.2-rc.
o Major bugfixes (open file limit):
- The open file limit wasn't checked before calling
@@ -159,12 +151,6 @@ Changes in version 0.2.7.5- 2015-11-??
file limit just before, and if the max has been reached, return an
error. Fixes bug 16288; bugfix on 0.1.1.1-alpha.
- o Major bugfixes (relay, Ed25519):
- - Avoid crashing on 'tor --keygen'. Fixes bug 16679; bugfix on
- 0.2.7.2-alpha. Reported by "s7r".
- - Improve handling of expired signing keys with offline master keys.
- Fixes bug 16685; bugfix on 0.2.7.2-alpha. Reported by "s7r".
-
o Major bugfixes (security, correctness):
- Fix an error that could cause us to read 4 bytes before the
beginning of an openssl string. This bug could be used to cause
@@ -218,9 +204,6 @@ Changes in version 0.2.7.5- 2015-11-??
as torrc option. Resolves issue 14018.
o Minor features (compilation):
- - Fail during configure if we're trying to build against an OpenSSL
- built without ECC support. Fixes bug 17109, bugfix on 0.2.7.1-alpha
- which started requiring ECC.
- Give a warning as early as possible when trying to build with an
unsupported OpenSSL version. Closes ticket 16901.
@@ -344,7 +327,7 @@ Changes in version 0.2.7.5- 2015-11-??
explicitly manage consensus flags in testing networks. Patch by
"robgjansen", modified by "teor". Implements part of ticket 14882.
- o Minor bug fixes (torrc exit policies):
+ o Minor bugfixes (torrc exit policies):
- In each instance above, usage advice is provided to avoid the
message. Resolves ticket 16069. Patch by "teor". Fixes part of bug
16069; bugfix on 0.2.4.7-alpha.
@@ -362,21 +345,6 @@ Changes in version 0.2.7.5- 2015-11-??
including any ExitPolicy lines after accept *:* or reject *:*.
Related to ticket 16069.
- o Minor bugfixes (authority):
- - Don't assign "HSDir" to a router if it isn't Valid and Running.
- Fixes bug 16524; bugfix on 0.2.7.2-alpha.
- - Downgrade log messages about Ed25519 key issues if they are in old
- cached router descriptors. Fixes part of bug 16286; bugfix
- on 0.2.7.2-alpha.
- - When we find an Ed25519 key issue in a cached descriptor, stop
- saying the descriptor was just "uploaded". Fixes another part of
- bug 16286; bugfix on 0.2.7.2-alpha.
-
- o Minor bugfixes (build):
- - Improve out-of-tree builds by making non-standard rules work and
- clean up additional files and directories. Fixes bug 15053; bugfix
- on 0.2.7.0-alpha.
-
o Minor bugfixes (command-line interface):
- When "--quiet" is provided along with "--validate-config", do not
write anything to stdout on success. Fixes bug 14994; bugfix
@@ -385,8 +353,6 @@ Changes in version 0.2.7.5- 2015-11-??
stderr, not stdout.
o Minor bugfixes (compilation):
- - Fix an integer overflow warning in test_crypto_slow.c. Fixes bug
- 17251; bugfix on 0.2.7.2-alpha.
- Fix compilation of sandbox.c with musl-libc. Fixes bug 17347;
bugfix on 0.2.5.1-alpha. Patch from 'jamestk'.
- Repair compilation with the most recent (unreleased, alpha)
@@ -406,11 +372,6 @@ Changes in version 0.2.7.5- 2015-11-??
consider_adding_dir_servers(). Fixes bug 15642; bugfix on
90f6071d8dc0 in 0.2.4.7-alpha. Patch by "teor".
- o Minor bugfixes (control port):
- - Repair a warning and a spurious result when getting the maximum
- number of file descriptors from the controller. Fixes bug 16697;
- bugfix on 0.2.7.2-alpha.
-
o Minor bugfixes (controller):
- Add the descriptor ID in each HS_DESC control event. It was
missing, but specified in control-spec.txt. Fixes bug 15881;
@@ -449,10 +410,6 @@ Changes in version 0.2.7.5- 2015-11-??
- Fix the usage message of tor-resolve(1) so that it no longer lists
the removed -F option. Fixes bug 16913; bugfix on 0.2.2.28-beta.
- o Minor bugfixes (Ed25519):
- - Fix a memory leak when reading router descriptors with expired
- Ed25519 certificates. Fixes bug 16539; bugfix on 0.2.7.2-alpha.
-
o Minor bugfixes (hidden service):
- Fix an out-of-bounds read when parsing invalid INTRODUCE2 cells on
a client authorized hidden service. Fixes bug 15823; bugfix
@@ -460,14 +417,6 @@ Changes in version 0.2.7.5- 2015-11-??
- Remove an extraneous newline character from the end of hidden
service descriptors. Fixes bug 15296; bugfix on 0.2.0.10-alpha.
- o Minor bugfixes (hidden services):
- - Avoid crashing with a double-free bug when we create an ephemeral
- hidden service but adding it fails for some reason. Fixes bug
- 16228; bugfix on 0.2.7.1-alpha.
- - Fix a crash when reloading configuration while at least one
- configured and one ephemeral hidden service exists. Fixes bug
- 16060; bugfix on 0.2.7.1-alpha.
-
o Minor bugfixes (interface):
- Print usage information for --dump-config when it is used without
an argument. Also, fix the error message to use different wording
@@ -479,8 +428,6 @@ Changes in version 0.2.7.5- 2015-11-??
defined. Patch by "teor". Fixes bug 16515; bugfix on 0.2.3.1-alpha.
- Allow bridge authorities to run correctly under the seccomp2
sandbox. Fixes bug 16964; bugfix on 0.2.5.1-alpha.
- - Allow routers with ed25519 keys to run correctly under the
- seccomp2 sandbox. Fixes bug 16965; bugfix on 0.2.7.2-alpha.
o Minor bugfixes (Linux seccomp2 sandbox, also in 0.2.6.10):
- Allow pipe() and pipe2() syscalls in the seccomp2 sandbox: we need
@@ -515,12 +462,6 @@ Changes in version 0.2.7.5- 2015-11-??
o Minor bugfixes (portability):
- Check correctly for Windows socket errors in the workqueue
backend. Fixes bug 16741; bugfix on 0.2.6.3-alpha.
- - Fix the behavior of crypto_rand_time_range() when told to consider
- times before 1970. (These times were possible when running in a
- simulated network environment where time()'s output starts at
- zero.) Fixes bug 16980; bugfix on 0.2.7.1-alpha.
- - Restore correct operation of TLS client-cipher detection on
- OpenSSL 1.1. Fixes bug 14047; bugfix on 0.2.7.2-alpha.
- Try harder to normalize the exit status of the Tor process to the
standard-provided range. Fixes bug 16975; bugfix on every version
of Tor ever.
@@ -559,8 +500,6 @@ Changes in version 0.2.7.5- 2015-11-??
Fixes bug 15604; bugfix on 0.2.2.35.
o Minor bugfixes (systemd):
- - Fix an accidental formatting error that broke the systemd
- configuration file. Fixes bug 16152; bugfix on 0.2.7.1-alpha.
- Tor's systemd unit file no longer contains extraneous spaces.
These spaces would sometimes confuse tools like deb-systemd-
helper. Fixes bug 16162; bugfix on 0.2.5.5-alpha.
@@ -575,44 +514,19 @@ Changes in version 0.2.7.5- 2015-11-??
issue discovered by CJ Ess.
o Minor bugfixes (testing):
- - Add unit tests for get_interface_address* failure cases. Fixes bug
- 17173; bugfix on 0.2.7.3-rc. Patch by fk/teor.
- Check for matching value in server response in ntor_ref.py. Fixes
bug 15591; bugfix on 0.2.4.8-alpha. Reported and fixed
by "joelanders".
- - Fix breakage when running 'make check' with BSD make. Fixes bug
- 17154; bugfix on 0.2.7.3-rc. Patch by Marcin Cieślak.
- - Make the get_ifaddrs_* unit tests more tolerant of different
- network configurations. (Don't assume every test box has an IPv4
- address, and don't assume every test box has a non-localhost
- address.) Fixes bug 17255; bugfix on 0.2.7.3-rc. Patch by "teor".
- Set the severity correctly when testing
get_interface_addresses_ifaddrs() and
get_interface_addresses_win32(), so that the tests fail gracefully
instead of triggering an assertion. Fixes bug 15759; bugfix on
0.2.6.3-alpha. Reported by Nicolas Derive.
- - Skip backtrace tests when backtrace support is not compiled in.
- Fixes part of bug 17151; bugfix on 0.2.7.1-alpha. Patch from
- Marcin Cieślak.
-
- o Minor bugfixes (tests):
- - Use the configured Python executable when running test-stem-full.
- Fixes bug 16470; bugfix on 0.2.7.1-alpha.
o Minor bugfixes (tests, also in 0.2.6.9):
- Fix a crash in the unit tests when built with MSVC2013. Fixes bug
16030; bugfix on 0.2.6.2-alpha. Patch from "NewEraCracker".
- o Minor bugfixes (threads, comments):
- - Always initialize return value in compute_desc_id in rendcommon.c
- Patch by "teor". Fixes part of bug 16115; bugfix on 0.2.7.1-alpha.
- - Check for NULL values in getinfo_helper_onions(). Patch by "teor".
- Fixes part of bug 16115; bugfix on 0.2.7.1-alpha.
- - Remove undefined directive-in-macro in test_util_writepid clang
- 3.7 complains that using a preprocessor directive inside a macro
- invocation in test_util_writepid in test_util.c is undefined.
- Patch by "teor". Fixes part of bug 16115; bugfix on 0.2.7.1-alpha.
-
o Code simplification and refactoring:
- Change the function that's called when we need to retry all
downloads so that it only reschedules the downloads to happen
1
0

28 Feb '17
commit e46ea4a75da3fafcb74e8d50faa3df116e1c8eda
Merge: 4dd7a55 741d2dc
Author: Nick Mathewson <nickm(a)torproject.org>
Date: Fri Nov 13 08:41:42 2015 -0500
Merge branch 'maint-0.2.7' into release-0.2.7
configure.ac | 2 +-
contrib/win32build/tor-mingw.nsi.in | 2 +-
src/win32/orconfig.h | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
1
0