May 2017 - tor-commits - lists.torproject.org

[tor/master] 0.3.1.1-alpha changelog: combine some sections.
by nickm＠torproject.org 19 May '17

19 May '17

commit 473716d098cf3117f9e121f204ea5fd3c465cc31 Author: Nick Mathewson <nickm(a)torproject.org> Date: Fri May 19 10:10:26 2017 -0400 0.3.1.1-alpha changelog: combine some sections. --- ChangeLog | 141 ++++++++++++++++++++++++-------------------------------------- 1 file changed, 54 insertions(+), 87 deletions(-) diff --git a/ChangeLog b/ChangeLog index b1c4f3a..3b643b6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,16 +1,6 @@ Changes in version 0.3.1.1-alpha - 2017-05-?? blurb goes here - o Major features (security, stability, experimental): - - Tor now has the optional ability to include modules written in - Rust. To turn this on, pass the "--enable-rust" flag to the - configure script. It's not time to get excited yet: currently, - there is no actual Rust functionality beyond some simple glue - code, and a notice at startup to tell you that Rust is running. - Still, we hope that programmers and packagers will try building - with rust support, so that we can find issues with the build - system, and solve portability issues. Closes ticket 22106. - o Major features (directory protocol): - Tor relays and authorities are now able to serve clients an abbreviated version of the networkstatus consensus document, @@ -20,21 +10,27 @@ Changes in version 0.3.1.1-alpha - 2017-05-?? server, they will use far less bandwidth (up to 94% less) to keep an up-to-date consensus. Implements proposal 140; closes ticket 13339. Based on work by by Daniel Martí. - - o Major features (directory system): - Tor's compression module now includes support for the zstd and lzma2 compression algorithms, if the libzstd and liblzma libraries are available when Tor is compiled. Once these features are exposed in the directory module, they will enable Tor to provide better compression ratios on directory documents. Part of an implementation for proposal 278; closes ticket 21662. - - o Major features (internals): - Add an ed diff/patch backend, optimized for consensus documents. This backend will be the basis of our consensus diff implementation. Most of the work here was done by Daniel Martí. Closes ticket 21643. + o Major features (experimental): + - Tor now has the optional ability to include modules written in + Rust. To turn this on, pass the "--enable-rust" flag to the + configure script. It's not time to get excited yet: currently, + there is no actual Rust functionality beyond some simple glue + code, and a notice at startup to tell you that Rust is running. + Still, we hope that programmers and packagers will try building + with rust support, so that we can find issues with the build + system, and solve portability issues. Closes ticket 22106. + o Major features (traffic analysis resistance): - Relays and clients will now send a padding cell on idle OR connections every 1.5 to 9.5 seconds (tunable via consensus @@ -52,24 +48,11 @@ Changes in version 0.3.1.1-alpha - 2017-05-?? is set in torrc. These 24 hour totals are also rounded to multiples of 10000. - o Major bugfixes (hidden service directory, security): - - Fix an assertion failure in the hidden service directory code, - which could be used by an attacker to remotely cause a Tor relay - process to exit. Relays running earlier versions of Tor 0.3.0.x - should upgrade. This security issue is tracked as tracked as - TROVE-2017-002. Fixes bug 22246; bugfix on 0.3.0.1-alpha. - o Major bugfixes (linux TPROXY support): - Fix a typo that had prevented TPROXY-based transparent proxying from working under Linux. Fixes bug 18100; bugfix on 0.2.6.3-alpha. Patch from "d4fq0fQAgoJ". - o Minor features (defaults, security): - - The default value for UseCreateFast is now 0: clients which - haven't yet received a consensus document will nonetheless use a - proper handshake to talk to their directory servers (when they - can). Closes ticket 21407. - o Minor features (security, windows): - Enable a couple of pieces of Windows hardening: one (HeapEnableTerminationOnCorruption) that has been on-by-default @@ -77,13 +60,29 @@ Changes in version 0.3.1.1-alpha - 2017-05-?? (PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION) which we believe doesn't affect us, but shouldn't do any harm. Closes ticket 21953. - o Minor feature (defaults, directory): + o Minor features (controller): + - Warn the first time that a controller requests data in the long- + deprecated 'GETINFO network-status' format. Closes ticket 21703. + + o Minor features (defaults): + - The default value for UseCreateFast is now 0: clients which + haven't yet received a consensus document will nonetheless use a + proper handshake to talk to their directory servers (when they + can). Closes ticket 21407. - Onion key rotation and expiry intervals are now defined as a network consensus parameter as per proposal 274. The default lifetime of an onion key is bumped from 7 to 28 days. Old onion keys will expire after 7 days by default. Closes ticket 21641. - o Minor feature (hidden services): + o Minor features (fallback directory list): + - Update the fallback directory mirror whitelist and blacklist based + on operator emails. Closes task 21121. + - Replace the 177 fallbacks originally introduced in Tor 0.2.9.8 in + December 2016 (of which ~126 were still functional), with a list + of 151 fallbacks (32 new, 119 existing, 58 removed) generated in + May 2017. Resolves ticket 21564. + + o Minor features (hidden services): - Add more information to the message logged when a hidden service descriptor has fewer introduction points than specified in HiddenServiceNumIntroductionPoints. Follow up to tickets 21598 and @@ -94,37 +93,21 @@ Changes in version 0.3.1.1-alpha - 2017-05-?? - Log a message when a hidden service reaches its introduction point circuit limit, and when that limit is reset. Follow up to ticket 21594, closes ticket 21622. + - Warn user if multiple entries in EntryNodes and at least one + HiddenService are used together. Pinning EntryNodes along with an + hidden service can be possibly harmful for instance see ticket + 14917 or 21155. Closes ticket 21155. - o Minor feature (include on config files): - - Adds config-can-saveconf to GETINFO command to tell if SAVECONF - will work without the FORCE option, closes ticket 1922. + o Minor features (include in torrc config files): - Allow the use of %include on configuration files to include settings from other files or directories. Using %include with a directory will include all (non-dot) files in that directory in lexically sorted order (non-recursive), closes ticket 1922. - - Makes SAVECONF command return error when overwriting a torrc that + - Make SAVECONF command return error when overwriting a torrc that has includes. Using SAVECONF with the FORCE option will allow it to overwrite torrc even if includes are used, closes ticket 1922. - - o Minor features (controller): - - Warn the first time that a controller requests data in the long- - deprecated 'GETINFO network-status' format. Closes ticket 21703. - - o Minor features (fallback directories): - - Update the fallback directory mirror whitelist and blacklist based - on operator emails. Closes task 21121. - - o Minor features (fallback directory list): - - Replace the 177 fallbacks originally introduced in Tor 0.2.9.8 in - December 2016 (of which ~126 were still functional), with a list - of 151 fallbacks (32 new, 119 existing, 58 removed) generated in - May 2017. Resolves ticket 21564. - - o Minor features (hidden service, logging): - - Warn user if multiple entries in EntryNodes and at least one - HiddenService are used together. Pinning EntryNodes along with an - hidden service can be possibly harmful for instance see ticket - 14917 or 21155. Closes ticket 21155. + - Adds config-can-saveconf to GETINFO command to tell if SAVECONF + will work without the FORCE option, closes ticket 1922. o Minor features (infrastructure, seccomp2 sandbox): - We now have a document storage backend compatible with the Linux @@ -150,8 +133,6 @@ Changes in version 0.3.1.1-alpha - 2017-05-?? - The minimal keccak implementation we include now accesses memory more efficiently, especially on little-endian systems. Closes ticket 21737. - - o Minor features (performance, controller): - Add an O(1) implementation of channel_find_by_global_id(). o Minor features (relay, configuration): @@ -178,29 +159,16 @@ Changes in version 0.3.1.1-alpha - 2017-05-?? examining Tor network performance issues. There are no trace events yet, and event-tracing is off by default unless enabled at compile time. Implements ticket 13802. - - o Minor features (unit tests): - Improve version parsing tests: add tests for typical version components, add tests for invalid versions, including numeric range and non-numeric prefixes. Unit tests 21278, 21450, and 21507. Partially implements 21470. - o Minor bugfix (directory authority): - - Prevent the shared randomness subsystem from asserting when - initialized by a bridge authority with an incomplete configuration - file. Fixes bug 21586; bugfix on 0.2.9.8. - o Minor bugfixes (bandwidth accounting): - Roll over monthly accounting at the configured hour and minute, rather than always at 00:00. Fixes bug 22245; bugfix on 0.0.9rc1. Found by Andrey Karpov with PVS-Studio. - o Minor bugfixes (cell, logging): - - Downgrade a log statement from bug to protocol warning because - there is at least one use case where it can be triggered by a - buggy tor implementation on the Internet for instance. Fixes bug - 21293; bugfix on 0.1.1.14-alpha. - o Minor bugfixes (code correctness): - Accurately identify client connections using their lack of peer authentication. This means that we bail out earlier if asked to @@ -241,28 +209,23 @@ Changes in version 0.3.1.1-alpha - 2017-05-?? connections that are kept open between relays. Fixes bug 17604; bugfix on 0.2.5.5-alpha. - o Minor bugfixes (control, hidden service client): + o Minor bugfixes (controller): + - GETINFO onions/current and onions/detached no longer 551 on empty + lists Fixes bug 21329; bugfix on 0.2.7.1-alpha. - Trigger HS descriptor events on the control port when the client is unable to pick a suitable hidden service directory. This can happen if they are all in the ExcludeNodes list or they all have been queried inside the allowed 15 minutes. Fixes bug 22042; bugfix on 0.2.5.2-alpha. - o Minor bugfixes (controller): - - GETINFO onions/current and onions/detached no longer 551 on empty - lists Fixes bug 21329; bugfix on 0.2.7.1-alpha. - o Minor bugfixes (directory authority): - When rejecting a router descriptor because the relay is running an obsolete version of Tor without ntor support, warn about the obsolete tor version, not the missing ntor key. Fixes bug 20270; bugfix on 0.2.9.3-alpha. - - o Minor bugfixes (documentation): - - Default of NumEntryGuards is 1 if the consensus parameter guard-n- - primary-guards-to-use isn't set. Default of NumDirectoryGuards is - 3 if the consensus parameter guard-n-primary-dir-guards-to-use - isn't set. Fixes bug 21715; bugfix on 0.3.0.1-alpha. + - Prevent the shared randomness subsystem from asserting when + initialized by a bridge authority with an incomplete configuration + file. Fixes bug 21586; bugfix on 0.2.9.8. o Minor bugfixes (exit-side DNS): - Fix an untriggerable assertion that checked the output of a @@ -270,12 +233,10 @@ Changes in version 0.3.1.1-alpha - 2017-05-?? expected. Fixes bug 22244; bugfix on 0.2.0.20-rc. Found by Andrey Karpov using PVS-Studio. - o Minor bugfixes (fallback directory mirrors): + o Minor bugfixes (fallback directories): - Make the usage example in updateFallbackDirs.py actually work. (And explain what it does.) Fixes bug 22270; bugfix on 0.3.0.3-alpha. - - o Minor bugfixes (fallbacks): - Decrease the guard flag average required to be a fallback. This allows us to keep relays that have their guard flag removed when they restart. Fixes bug 20913; bugfix on 0.2.8.1-alpha. @@ -285,12 +246,10 @@ Changes in version 0.3.1.1-alpha - 2017-05-?? and relay identity key for at least 30 days before they are selected. Fixes bug 20913; bugfix on 0.2.8.1-alpha. - o Minor bugfixes (hidden service): + o Minor bugfixes (hidden services): - Stop printing cryptic warning when a client tries to connect on an invalid port of the service. Fixes bug 16706; bugfix on 0.2.6.3-alpha. - - o Minor bugfixes (hidden services): - Simplify hidden service descriptor creation by using an existing flag to check if an introduction point is established. Fixes bug 21599; bugfix on 0.2.7.2-alpha. @@ -299,6 +258,12 @@ Changes in version 0.3.1.1-alpha - 2017-05-?? - Fix a small memory leak at exit from the backtrace handler code. Fixes bug 21788; bugfix on 0.2.5.2-alpha. Patch from Daniel Pinto. + o Minor bugfixes (protocol, logging): + - Downgrade a log statement from bug to protocol warning because + there is at least one use case where it can be triggered by a + buggy tor implementation on the Internet for instance. Fixes bug + 21293; bugfix on 0.1.1.14-alpha. + o Minor bugfixes (testing): - Make test-network.sh always call chutney's test-network.sh. Previously, this only worked on systems which had bash installed, @@ -307,8 +272,6 @@ Changes in version 0.3.1.1-alpha - 2017-05-?? - Use unbuffered I/O for utility functions around the process_handle_t type. This fixes unit test failures reported on OpenBSD and FreeBSD. Fixes bug 21654; bugfix on 0.2.3.1-alpha. - - o Minor bugfixes (unit tests): - Make display of captured unit test log messages consistent. Fixes bug 21510; bugfix on 0.2.9.3-alpha. @@ -352,6 +315,10 @@ Changes in version 0.3.1.1-alpha - 2017-05-?? Closes ticket 21873. - Correct the documentation about the default DataDirectory value. Closes ticket 21151. + - Default of NumEntryGuards is 1 if the consensus parameter guard-n- + primary-guards-to-use isn't set. Default of NumDirectoryGuards is + 3 if the consensus parameter guard-n-primary-dir-guards-to-use + isn't set. Fixes bug 21715; bugfix on 0.3.0.1-alpha. - Document key=value pluggable transport arguments for Bridge lines in torrc. Fixes bug 20341; bugfix on 0.2.5.1-alpha. - Note that bandwidth-limiting options don't affect TCP headers or

1 0

[tor/master] Run format-changelog on the 0.3.1.1-alpha changelog
by nickm＠torproject.org 19 May '17

19 May '17

commit 4b9dbdb9b11aa061f8a22b87817dcdf70fc56874 Author: Nick Mathewson <nickm(a)torproject.org> Date: Fri May 19 10:02:36 2017 -0400 Run format-changelog on the 0.3.1.1-alpha changelog --- ChangeLog | 477 +++++++++++++++++++++++++++++++------------------------------- 1 file changed, 240 insertions(+), 237 deletions(-) diff --git a/ChangeLog b/ChangeLog index 4fb6627..b1c4f3a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,131 +1,136 @@ Changes in version 0.3.1.1-alpha - 2017-05-?? blurb goes here + o Major features (security, stability, experimental): + - Tor now has the optional ability to include modules written in + Rust. To turn this on, pass the "--enable-rust" flag to the + configure script. It's not time to get excited yet: currently, + there is no actual Rust functionality beyond some simple glue + code, and a notice at startup to tell you that Rust is running. + Still, we hope that programmers and packagers will try building + with rust support, so that we can find issues with the build + system, and solve portability issues. Closes ticket 22106. + o Major features (directory protocol): - Tor relays and authorities are now able to serve clients an abbreviated version of the networkstatus consensus document, - containing only the changes since the an older consensus document that - the client holds. Clients now request these documents when - available. When this new protocol is in use by both client and server, - they will use far less bandwidth (up to 94% less) to keep an up-to-date - consensus. Implements proposal 140; closes ticket 13339. Based - on work by by Daniel Martí. + containing only the changes since the an older consensus document + that the client holds. Clients now request these documents when + available. When this new protocol is in use by both client and + server, they will use far less bandwidth (up to 94% less) to keep + an up-to-date consensus. Implements proposal 140; closes ticket + 13339. Based on work by by Daniel Martí. o Major features (directory system): - - Tor's compression module now includes support for the zstd and lzma2 - compression algorithms, if the libzstd and liblzma libraries are - available when Tor is compiled. Once these features are exposed in the - directory module, they will enable Tor to provide better compression - ratios on directory documents. Part of an implementation for proposal - 278; closes ticket 21662. + - Tor's compression module now includes support for the zstd and + lzma2 compression algorithms, if the libzstd and liblzma libraries + are available when Tor is compiled. Once these features are + exposed in the directory module, they will enable Tor to provide + better compression ratios on directory documents. Part of an + implementation for proposal 278; closes ticket 21662. o Major features (internals): - Add an ed diff/patch backend, optimized for consensus documents. - This backend will be the basis of our consensus diff implementation. - Most of the work here was done - by Daniel Martí. Closes ticket 21643. - - o Major features (security, stability, experimental): - - Tor now has the optional ability to include modules written in - Rust. To turn this on, pass the "--enable-rust" flag to the - configure script. - It's not time to get excited yet: currently, there is no actual - Rust functionality beyond some simple glue code, and a notice at - startup to tell you that Rust is running. Still, we hope that - programmers and packagers will try building with rust - support, so that we can find issues with the build system, - and solve portability issues. Closes ticket 22106. + This backend will be the basis of our consensus diff + implementation. Most of the work here was done by Daniel Martí. + Closes ticket 21643. o Major features (traffic analysis resistance): - - Relays and clients will now send a padding cell on idle OR - connections every 1.5 to 9.5 seconds (tunable via consensus - parameters). Directory connections and inter-relay connections - are not padded. Padding is negotiated using Tor's link protocol, - so both relays and clients must upgrade for this to take effect. - Clients may still send padding despite the relay's version by - setting ConnectionPadding 1 in torrc, and may disable padding - by setting ConnectionPadding 0 in torrc. Padding may be minimized - for mobile users with the torrc option ReducedConnectionPadding. - Implements Proposal 251 and Section 2 of Proposal 254; closes ticket - 16861. - - Relays will publish 24 hour totals of padding and non-padding cell - counts to their extra-info descriptors, unless PaddingStatistics 0 - is set in torrc. These 24 hour totals are also rounded to multiples - of 10000. + - Relays and clients will now send a padding cell on idle OR + connections every 1.5 to 9.5 seconds (tunable via consensus + parameters). Directory connections and inter-relay connections are + not padded. Padding is negotiated using Tor's link protocol, so + both relays and clients must upgrade for this to take effect. + Clients may still send padding despite the relay's version by + setting ConnectionPadding 1 in torrc, and may disable padding by + setting ConnectionPadding 0 in torrc. Padding may be minimized for + mobile users with the torrc option ReducedConnectionPadding. + Implements Proposal 251 and Section 2 of Proposal 254; closes + ticket 16861. + - Relays will publish 24 hour totals of padding and non-padding cell + counts to their extra-info descriptors, unless PaddingStatistics 0 + is set in torrc. These 24 hour totals are also rounded to + multiples of 10000. o Major bugfixes (hidden service directory, security): - - Fix an assertion failure in the hidden service directory code, which - could be used by an attacker to remotely cause a Tor relay process to - exit. Relays running earlier versions of Tor 0.3.0.x should upgrade. - This security issue is tracked as tracked as + - Fix an assertion failure in the hidden service directory code, + which could be used by an attacker to remotely cause a Tor relay + process to exit. Relays running earlier versions of Tor 0.3.0.x + should upgrade. This security issue is tracked as tracked as TROVE-2017-002. Fixes bug 22246; bugfix on 0.3.0.1-alpha. o Major bugfixes (linux TPROXY support): - - Fix a typo that had prevented TPROXY-based transparent proxying from - working under Linux. Fixes bug 18100; bugfix on 0.2.6.3-alpha. + - Fix a typo that had prevented TPROXY-based transparent proxying + from working under Linux. Fixes bug 18100; bugfix on 0.2.6.3-alpha. Patch from "d4fq0fQAgoJ". + o Minor features (defaults, security): + - The default value for UseCreateFast is now 0: clients which + haven't yet received a consensus document will nonetheless use a + proper handshake to talk to their directory servers (when they + can). Closes ticket 21407. + + o Minor features (security, windows): + - Enable a couple of pieces of Windows hardening: one + (HeapEnableTerminationOnCorruption) that has been on-by-default + since Windows 8, and unavailable before Windows 7, and one + (PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION) which we believe doesn't + affect us, but shouldn't do any harm. Closes ticket 21953. + o Minor feature (defaults, directory): - - Onion key rotation and expiry intervals are now defined as a network - consensus parameter as per proposal 274. The default lifetime of an - onion key is bumped from 7 to 28 days. Old onion keys will expire after 7 - days by default. Closes ticket 21641. + - Onion key rotation and expiry intervals are now defined as a + network consensus parameter as per proposal 274. The default + lifetime of an onion key is bumped from 7 to 28 days. Old onion + keys will expire after 7 days by default. Closes ticket 21641. o Minor feature (hidden services): - Add more information to the message logged when a hidden service descriptor has fewer introduction points than specified in - HiddenServiceNumIntroductionPoints. - Follow up to tickets 21598 and 21599, closes ticket 21622. - - Log a message when a hidden service descriptor has fewer introduction - points than specified in HiddenServiceNumIntroductionPoints. - Closes ticket 21598. + HiddenServiceNumIntroductionPoints. Follow up to tickets 21598 and + 21599, closes ticket 21622. + - Log a message when a hidden service descriptor has fewer + introduction points than specified in + HiddenServiceNumIntroductionPoints. Closes ticket 21598. - Log a message when a hidden service reaches its introduction point - circuit limit, and when that limit is reset. - Follow up to ticket 21594, closes ticket 21622. + circuit limit, and when that limit is reset. Follow up to ticket + 21594, closes ticket 21622. o Minor feature (include on config files): - Adds config-can-saveconf to GETINFO command to tell if SAVECONF will work without the FORCE option, closes ticket 1922. - - Allow the use of %include on configuration files to include settings - from other files or directories. Using %include with a directory will - include all (non-dot) files in that directory in lexically sorted order - (non-recursive), closes ticket 1922. - - Makes SAVECONF command return error when overwriting a torrc - that has includes. Using SAVECONF with the FORCE option will - allow it to overwrite torrc even if includes are used, closes ticket - 1922. + - Allow the use of %include on configuration files to include + settings from other files or directories. Using %include with a + directory will include all (non-dot) files in that directory in + lexically sorted order (non-recursive), closes ticket 1922. + - Makes SAVECONF command return error when overwriting a torrc that + has includes. Using SAVECONF with the FORCE option will allow it + to overwrite torrc even if includes are used, closes ticket 1922. o Minor features (controller): - - Warn the first time that a controller requests data in the - long-deprecated 'GETINFO network-status' format. Closes ticket 21703. - - o Minor features (defaults, security): - - The default value for UseCreateFast is now 0: clients which haven't yet - received a consensus document will nonetheless use a proper handshake - to talk to their directory servers (when they can). Closes ticket 21407. + - Warn the first time that a controller requests data in the long- + deprecated 'GETINFO network-status' format. Closes ticket 21703. o Minor features (fallback directories): - - Update the fallback directory mirror whitelist and blacklist based on - operator emails. Closes task 21121. + - Update the fallback directory mirror whitelist and blacklist based + on operator emails. Closes task 21121. o Minor features (fallback directory list): - Replace the 177 fallbacks originally introduced in Tor 0.2.9.8 in - December 2016 (of which ~126 were still functional), with a list of - 151 fallbacks (32 new, 119 existing, 58 removed) generated in - May 2017. - Resolves ticket 21564. + December 2016 (of which ~126 were still functional), with a list + of 151 fallbacks (32 new, 119 existing, 58 removed) generated in + May 2017. Resolves ticket 21564. o Minor features (hidden service, logging): - - Warn user if multiple entries in EntryNodes and at least one - HiddenService are used together. Pinning EntryNodes along with an hidden - service can be possibly harmful for instance see ticket 14917 or 21155. - Closes ticket 21155. + - Warn user if multiple entries in EntryNodes and at least one + HiddenService are used together. Pinning EntryNodes along with an + hidden service can be possibly harmful for instance see ticket + 14917 or 21155. Closes ticket 21155. o Minor features (infrastructure, seccomp2 sandbox): - We now have a document storage backend compatible with the Linux seccomp2 sandbox. The long-term plan is to use this backend for consensus documents and for storing unparseable directory - material. Closes ticket 21645. + material. Closes ticket 21645. o Minor features (linux seccomp2 sandbox): - Increase the maximum allowed size passed to mprotect(PROT_WRITE) @@ -136,164 +141,159 @@ Changes in version 0.3.1.1-alpha - 2017-05-?? o Minor features (logging): - Log files are no longer created world-readable by default. - (Previously, most distributors would store the logs in a - non-world-readable location to prevent inappropriate access. This - change is an extra precaution.) Closes ticket 21729; patch from - toralf. + (Previously, most distributors would store the logs in a non- + world-readable location to prevent inappropriate access. This + change is an extra precaution.) Closes ticket 21729; patch + from toralf. o Minor features (performance): - The minimal keccak implementation we include now accesses memory - more efficiently, especially on little-endian systems. - Closes ticket 21737. + more efficiently, especially on little-endian systems. Closes + ticket 21737. o Minor features (performance, controller): - Add an O(1) implementation of channel_find_by_global_id(). o Minor features (relay, configuration): - - The MyFamily line may now be repeated as many times as desired, for - relays that want to configure large families. Closes ticket 4998; - patch by Daniel Pinto. + - The MyFamily line may now be repeated as many times as desired, + for relays that want to configure large families. Closes ticket + 4998; patch by Daniel Pinto. o Minor features (safety): - - Add an explict check to extrainfo_parse_entry_from_string() for NULL - inputs. We don't believe this can actually happen, but it may help - silence a warning from the Clang analyzer. Closes ticket 21496. - - o Minor features (security, windows): - - Enable a couple of pieces of Windows hardening: one - (HeapEnableTerminationOnCorruption) that has been on-by-default since - Windows 8, and unavailable before Windows 7, and one - (PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION) which we believe doesn't - affect us, but shouldn't do any harm. Closes ticket 21953. + - Add an explict check to extrainfo_parse_entry_from_string() for + NULL inputs. We don't believe this can actually happen, but it may + help silence a warning from the Clang analyzer. Closes + ticket 21496. o Minor features (testing): - Add a "--disable-memory-sentinels" feature to help with fuzzing. When Tor is compiled with this option, we disable a number of - redundant memory-safety failsafes that are intended to stop - bugs from becoming security issues. This makes it easier to hunt - for bugs that would be security issues without the failsafes - turned on. Closes ticket 21439. - - Add a general event-tracing instrumentation support to Tor. This - subsystem will enable developers and researchers to add fine-grained - instrumentation to their Tor instances, for use when examining Tor - network performance issues. There are no trace events yet, and - event-tracing is off by default unless enabled at compile time. - Implements ticket 13802. + redundant memory-safety failsafes that are intended to stop bugs + from becoming security issues. This makes it easier to hunt for + bugs that would be security issues without the failsafes turned + on. Closes ticket 21439. + - Add a general event-tracing instrumentation support to Tor. This + subsystem will enable developers and researchers to add fine- + grained instrumentation to their Tor instances, for use when + examining Tor network performance issues. There are no trace + events yet, and event-tracing is off by default unless enabled at + compile time. Implements ticket 13802. o Minor features (unit tests): - - Improve version parsing tests: add tests for typical version components, - add tests for invalid versions, including numeric range and non-numeric - prefixes. - Unit tests 21278, 21450, and 21507. Partially implements 21470. + - Improve version parsing tests: add tests for typical version + components, add tests for invalid versions, including numeric + range and non-numeric prefixes. Unit tests 21278, 21450, and + 21507. Partially implements 21470. o Minor bugfix (directory authority): - - Prevent the shared randomness subsystem from asserting when initialized - by a bridge authority with an incomplete configuration file. Fixes bug - 21586; bugfix on 0.2.9.8. + - Prevent the shared randomness subsystem from asserting when + initialized by a bridge authority with an incomplete configuration + file. Fixes bug 21586; bugfix on 0.2.9.8. o Minor bugfixes (bandwidth accounting): - Roll over monthly accounting at the configured hour and minute, - rather than always at 00:00. - Fixes bug 22245; bugfix on 0.0.9rc1. + rather than always at 00:00. Fixes bug 22245; bugfix on 0.0.9rc1. Found by Andrey Karpov with PVS-Studio. o Minor bugfixes (cell, logging): - - Downgrade a log statement from bug to protocol warning because there is - at least one use case where it can be triggered by a buggy tor - implementation on the Internet for instance. Fixes bug 21293; bugfix on - 0.1.1.14-alpha. + - Downgrade a log statement from bug to protocol warning because + there is at least one use case where it can be triggered by a + buggy tor implementation on the Internet for instance. Fixes bug + 21293; bugfix on 0.1.1.14-alpha. o Minor bugfixes (code correctness): - Accurately identify client connections using their lack of peer - authentication. This means that we bail out earlier if asked to extend - to a client. Follow-up to 21407. - Fixes bug 21406; bugfix on 0.2.4.23. + authentication. This means that we bail out earlier if asked to + extend to a client. Follow-up to 21407. Fixes bug 21406; bugfix + on 0.2.4.23. o Minor bugfixes (configuration): - - Do not crash when starting with LearnCircuitBuildTimeout 0. - Fixes bug 22252; bugfix on 0.2.9.3-alpha. + - Do not crash when starting with LearnCircuitBuildTimeout 0. Fixes + bug 22252; bugfix on 0.2.9.3-alpha. o Minor bugfixes (connection lifespan): - - Allow more control over how long TLS connections are kept open: unify - CircuitIdleTimeout and PredictedPortsRelevanceTime into a single option - called CircuitsAvailableTimeout. Also, allow the consensus to control - the default values for both this preference, as well as the lifespan - of relay-to-relay connections. Fixes bug 17592; bugfix on 0.2.5.5-alpha. - - Increase the intial circuit build timeout testing frequency, to help - ensure that ReducedConnectionPadding clients finish learning a timeout - before their orconn would expire. The initial testing rate was set back - in the days of TAP and before the Tor Browser updater, when we had to be - much more careful about new clients making lots of circuits. With this - change, a circuit build time is learned in about 15-20 minutes, instead - of ~100-120 minutes. + - Allow more control over how long TLS connections are kept open: + unify CircuitIdleTimeout and PredictedPortsRelevanceTime into a + single option called CircuitsAvailableTimeout. Also, allow the + consensus to control the default values for both this preference, + as well as the lifespan of relay-to-relay connections. Fixes bug + 17592; bugfix on 0.2.5.5-alpha. + - Increase the intial circuit build timeout testing frequency, to + help ensure that ReducedConnectionPadding clients finish learning + a timeout before their orconn would expire. The initial testing + rate was set back in the days of TAP and before the Tor Browser + updater, when we had to be much more careful about new clients + making lots of circuits. With this change, a circuit build time is + learned in about 15-20 minutes, instead of ~100-120 minutes. o Minor bugfixes (connection usage): - - Relays will now log hourly statistics on the total number of - connections to other relays. If the number of connections per relay - unexpectedly large, this log message is at notice level. Otherwise - it is at info. - - Use NETINFO cells to try to determine if both relays involved in - a connection will agree on the canonical status of that connection. - Prefer the connections where this is the case for extend cells, - and try to close connections where relays disagree on canonical - status early. Also, additionally alter the connection selection - logic to prefer the oldest valid connection for extend cells. - These two changes should reduce the number of long-term connections - that are kept open between relays. Fixes bug 17604; bugfix on - 0.2.5.5-alpha. + - Relays will now log hourly statistics on the total number of + connections to other relays. If the number of connections per + relay unexpectedly large, this log message is at notice level. + Otherwise it is at info. + - Use NETINFO cells to try to determine if both relays involved in a + connection will agree on the canonical status of that connection. + Prefer the connections where this is the case for extend cells, + and try to close connections where relays disagree on canonical + status early. Also, additionally alter the connection selection + logic to prefer the oldest valid connection for extend cells. + These two changes should reduce the number of long-term + connections that are kept open between relays. Fixes bug 17604; + bugfix on 0.2.5.5-alpha. o Minor bugfixes (control, hidden service client): - - Trigger HS descriptor events on the control port when the client is - unable to pick a suitable hidden service directory. This can happen if - they are all in the ExcludeNodes list or they all have been queried - inside the allowed 15 minutes. Fixes bug 22042; bugfix on - 0.2.5.2-alpha. + - Trigger HS descriptor events on the control port when the client + is unable to pick a suitable hidden service directory. This can + happen if they are all in the ExcludeNodes list or they all have + been queried inside the allowed 15 minutes. Fixes bug 22042; + bugfix on 0.2.5.2-alpha. o Minor bugfixes (controller): - - GETINFO onions/current and onions/detached no longer 551 on empty lists - Fixes bug 21329; bugfix on 0.2.7.1-alpha. + - GETINFO onions/current and onions/detached no longer 551 on empty + lists Fixes bug 21329; bugfix on 0.2.7.1-alpha. o Minor bugfixes (directory authority): - When rejecting a router descriptor because the relay is running an - obsolete version of Tor without ntor support, warn about the obsolete - tor version, not the missing ntor key. Fixes bug 20270; + obsolete version of Tor without ntor support, warn about the + obsolete tor version, not the missing ntor key. Fixes bug 20270; bugfix on 0.2.9.3-alpha. o Minor bugfixes (documentation): - - Default of NumEntryGuards is 1 if the consensus parameter - guard-n-primary-guards-to-use isn't set. Default of NumDirectoryGuards - is 3 if the consensus parameter guard-n-primary-dir-guards-to-use isn't - set. Fixes bug 21715; bugfix on 0.3.0.1-alpha. + - Default of NumEntryGuards is 1 if the consensus parameter guard-n- + primary-guards-to-use isn't set. Default of NumDirectoryGuards is + 3 if the consensus parameter guard-n-primary-dir-guards-to-use + isn't set. Fixes bug 21715; bugfix on 0.3.0.1-alpha. o Minor bugfixes (exit-side DNS): - Fix an untriggerable assertion that checked the output of a libevent DNS error, so that the assertion actually behaves as - expected. Fixes bug 22244; bugfix on 0.2.0.20-rc. Found by Andrey + expected. Fixes bug 22244; bugfix on 0.2.0.20-rc. Found by Andrey Karpov using PVS-Studio. o Minor bugfixes (fallback directory mirrors): - Make the usage example in updateFallbackDirs.py actually work. - (And explain what it does.) - Fixes bug 22270; bugfix on 0.3.0.3-alpha. + (And explain what it does.) Fixes bug 22270; bugfix + on 0.3.0.3-alpha. o Minor bugfixes (fallbacks): - - Decrease the guard flag average required to be a fallback. This allows - us to keep relays that have their guard flag removed when they restart. - Fixes bug 20913; bugfix on 0.2.8.1-alpha. - - Decrease the minimum number of fallbacks to 100. - Fixes bug 20913; bugfix on 0.2.8.1-alpha. - - Make sure fallback directory mirrors have the same address, port, and - relay identity key for at least 30 days before they are selected. - Fixes bug 20913; bugfix on 0.2.8.1-alpha. + - Decrease the guard flag average required to be a fallback. This + allows us to keep relays that have their guard flag removed when + they restart. Fixes bug 20913; bugfix on 0.2.8.1-alpha. + - Decrease the minimum number of fallbacks to 100. Fixes bug 20913; + bugfix on 0.2.8.1-alpha. + - Make sure fallback directory mirrors have the same address, port, + and relay identity key for at least 30 days before they are + selected. Fixes bug 20913; bugfix on 0.2.8.1-alpha. o Minor bugfixes (hidden service): - Stop printing cryptic warning when a client tries to connect on an - invalid port of the service. Fixes bug 16706; bugfix on 0.2.6.3-alpha. + invalid port of the service. Fixes bug 16706; bugfix + on 0.2.6.3-alpha. o Minor bugfixes (hidden services): - - Simplify hidden service descriptor creation by using an existing flag - to check if an introduction point is established. - Fixes bug 21599; bugfix on 0.2.7.2-alpha. + - Simplify hidden service descriptor creation by using an existing + flag to check if an introduction point is established. Fixes bug + 21599; bugfix on 0.2.7.2-alpha. o Minor bugfixes (memory leak): - Fix a small memory leak at exit from the backtrace handler code. @@ -301,49 +301,49 @@ Changes in version 0.3.1.1-alpha - 2017-05-?? o Minor bugfixes (testing): - Make test-network.sh always call chutney's test-network.sh. - Previously, this only worked on systems which had bash installed, due to - some bash-specific code in the script. - Fixes bug 19699; bugfix on 0.3.0.4-rc. Follow-up to ticket 21581. - - Use unbuffered I/O for utility functions around the process_handle_t - type. This fixes unit test failures reported on OpenBSD and FreeBSD. - Fixes bug 21654; bugfix on 0.2.3.1-alpha. + Previously, this only worked on systems which had bash installed, + due to some bash-specific code in the script. Fixes bug 19699; + bugfix on 0.3.0.4-rc. Follow-up to ticket 21581. + - Use unbuffered I/O for utility functions around the + process_handle_t type. This fixes unit test failures reported on + OpenBSD and FreeBSD. Fixes bug 21654; bugfix on 0.2.3.1-alpha. o Minor bugfixes (unit tests): - - Make display of captured unit test log messages consistent. - Fixes bug 21510; bugfix on 0.2.9.3-alpha. + - Make display of captured unit test log messages consistent. Fixes + bug 21510; bugfix on 0.2.9.3-alpha. o Minor bugfixes (voting consistency): - - Reject version numbers with non-numeric prefixes (such as +, -, and - whitespace). Disallowing whitespace prevents differential version - parsing between POSIX-based and Windows platforms. - Fixes bug 21507 and part of 21508; bugfix on 0.0.8pre1. + - Reject version numbers with non-numeric prefixes (such as +, -, + and whitespace). Disallowing whitespace prevents differential + version parsing between POSIX-based and Windows platforms. Fixes + bug 21507 and part of 21508; bugfix on 0.0.8pre1. o Minor bugfixes (windows, relay): - Resolve "Failure from drain_fd: No error" warnings on Windows relays. Fixes bug 21540; bugfix on 0.2.6.3-alpha. o Code simplification and refactoring: - - Break up the 630-line function connection_dir_client_reached_eof() into - a dozen smaller functions. This change should help maintainability and - readability of the client directory code. + - Break up the 630-line function connection_dir_client_reached_eof() + into a dozen smaller functions. This change should help + maintainability and readability of the client directory code. - Isolate our usage of the openssl headers so that they are only - used from our crypto wrapper modules, and from tests that examing those - modules' internals. Closes ticket 21841. + used from our crypto wrapper modules, and from tests that examing + those modules' internals. Closes ticket 21841. - Our API to launch directory requests has been greatly simplified to become more extensible and less error-prone. We'll be using this to improve support for adding extra headers to directory requests. Closes ticket 21646. - Our base64 decoding functions no longer overestimate the output - space that they will need when parsing unpadded inputs. - Closes ticket 17868. + space that they will need when parsing unpadded inputs. Closes + ticket 17868. - Remove unused "ROUTER_ADDED_NOTIFY_GENERATOR" internal value. Resolves ticket 22213. - The logic that directory caches use to spool request to clients, - serving them one part at a time so as not to allocate too much memory, - has been refactored for consistency. Previously there was a separate - spooling implementation per type of spoolable data. Now there - is one common spooling implementation, with extensible data types. - Closes ticket 21651. + serving them one part at a time so as not to allocate too much + memory, has been refactored for consistency. Previously there was + a separate spooling implementation per type of spoolable data. Now + there is one common spooling implementation, with extensible data + types. Closes ticket 21651. - Tor's compression module now supports multiple backends. Part of an implementation of proposal 278; closes ticket 21663. @@ -352,46 +352,49 @@ Changes in version 0.3.1.1-alpha - 2017-05-?? Closes ticket 21873. - Correct the documentation about the default DataDirectory value. Closes ticket 21151. - - Document key=value pluggable transport arguments for Bridge lines in - torrc. Fixes bug 20341; bugfix on 0.2.5.1-alpha. - - Note that bandwidth-limiting options don't affect TCP headers or DNS. - Closes ticket 17170. + - Document key=value pluggable transport arguments for Bridge lines + in torrc. Fixes bug 20341; bugfix on 0.2.5.1-alpha. + - Note that bandwidth-limiting options don't affect TCP headers or + DNS. Closes ticket 17170. + + o Removed features: + - We've removed the tor-checkkey tool from src/tools. Long ago, we + used it to help people detect RSA keys that were generated by + versions of Debian affected by CVE-2008-0166. But those keys have + been out of circulation for ages, and this tool is no longer + required. Closes ticket 21842. o Removed features (configuration options, all in ticket 22060): - AllowInvalidNodes was deprecated in 0.2.9.2-alpha and now has been removed. It is not possible anymore to use Invalid nodes. - - AllowSingleHopCircuits was deprecated in 0.2.9.2-alpha and now has been - removed. It's not possible anymore to attach streams to single hop exit - circuit. - - AllowSingleHopExits was deprecated in 0.2.9.2-alpha and now has been - removed. Relays no longer advertise that they can be used for single hop - exit proxy. + - AllowSingleHopCircuits was deprecated in 0.2.9.2-alpha and now has + been removed. It's not possible anymore to attach streams to + single hop exit circuit. + - AllowSingleHopExits was deprecated in 0.2.9.2-alpha and now has + been removed. Relays no longer advertise that they can be used for + single hop exit proxy. - CloseHSClientCircuitsImmediatelyOnTimeout was deprecated in 0.2.9.2-alpha and now has been removed. HS circuits never close on circuit build timeout, they have a longer timeout period. - CloseHSServiceRendCircuitsImmediatelyOnTimeout was deprecated in 0.2.9.2-alpha and now has been removed. HS circuits never close on circuit build timeout, they have a long timeout period. - - ExcludeSingleHopRelays was deprecated in 0.2.9.2-alpha and now has been - removed. Client will always exclude relays that supports single hop - exits meaning relays that still advertise AllowSingleHopExits. - - FastFirstHopPK was deprecated in 0.2.9.2-alpha and now has been removed. - Decision for this feature will always be decided by the consensus. - - TLSECGroup was deprecated in 0.2.9.2-alpha and now has been removed. - P256 EC group is always used. + - ExcludeSingleHopRelays was deprecated in 0.2.9.2-alpha and now has + been removed. Client will always exclude relays that supports + single hop exits meaning relays that still advertise + AllowSingleHopExits. + - FastFirstHopPK was deprecated in 0.2.9.2-alpha and now has been + removed. Decision for this feature will always be decided by + the consensus. + - TLSECGroup was deprecated in 0.2.9.2-alpha and now has been + removed. P256 EC group is always used. - WarnUnsafeSocks was deprecated in 0.2.9.2-alpha and now has been - removed. Tor will now always warn the user if only an IP address is - given instead of an hostname on a SOCKS connection if SafeSocks is 1. - - {Control,DNS,Dir,Socks,Trans,NATD,OR}ListenAddress was deprecated in - 0.2.9.2-alpha and now has been removed. Use the ORPort (and others). - - o Removed features: - - We've removed the tor-checkkey tool from src/tools. Long ago, we - used it to help people detect RSA keys that were generated by - versions of Debian affected by CVE-2008-0166. But those keys - have been out of circulation for ages, and this tool is no - longer required. Closes ticket 21842. - + removed. Tor will now always warn the user if only an IP address + is given instead of an hostname on a SOCKS connection if SafeSocks + is 1. + - {Control,DNS,Dir,Socks,Trans,NATD,OR}ListenAddress was deprecated + in 0.2.9.2-alpha and now has been removed. Use the ORPort + (and others). Changes in version 0.3.0.7 - 2017-05-15

1 0

[tor/master] start changelog for 0.3.1.1-alpha by sorting entries
by nickm＠torproject.org 19 May '17

19 May '17

commit 8410f47b6e7e6d87f1082c2328cc3fc209d0b2ae Author: Nick Mathewson <nickm(a)torproject.org> Date: Fri May 19 10:00:54 2017 -0400 start changelog for 0.3.1.1-alpha by sorting entries --- ChangeLog | 395 ++++++++++++++++++++++++++++++++++++++++++- changes/17868 | 4 - changes/21662_21663_21664 | 12 -- changes/21873 | 3 - changes/bug16706 | 3 - changes/bug16861 | 16 -- changes/bug17170 | 3 - changes/bug17592 | 13 -- changes/bug17604 | 15 -- changes/bug18100 | 5 - changes/bug19699 | 5 - changes/bug20270 | 6 - changes/bug20341 | 3 - changes/bug20913 | 9 - changes/bug21121 | 3 - changes/bug21155 | 5 - changes/bug21293 | 5 - changes/bug21329 | 3 - changes/bug21406 | 5 - changes/bug21407 | 4 - changes/bug21439 | 7 - changes/bug21496 | 4 - changes/bug21507 | 5 - changes/bug21510 | 4 - changes/bug21540 | 4 - changes/bug21586 | 4 - changes/bug21599 | 4 - changes/bug21641 | 5 - changes/bug21654 | 4 - changes/bug21703 | 4 - changes/bug21715 | 5 - changes/bug21788 | 3 - changes/bug22042 | 7 - changes/bug22060 | 28 --- changes/bug22096 | 6 - changes/bug22244 | 6 - changes/bug22245 | 5 - changes/bug22246 | 6 - changes/bug22252 | 3 - changes/bug22270 | 4 - changes/cleanup22213 | 4 - changes/consdiff_21643 | 5 - changes/data_dir_default_doc | 3 - changes/fast_channel_lookup | 2 - changes/faster-keccak | 4 - changes/feature1922 | 11 -- changes/feature21598 | 4 - changes/feature21622 | 8 - changes/feature22106 | 12 -- changes/new_spooling_backend | 7 - changes/prop140 | 10 -- changes/refactor_reached_eof | 5 - changes/storagedir | 5 - changes/test21470 | 5 - changes/ticket13802 | 7 - changes/ticket21564 | 6 - changes/ticket21646 | 6 - changes/ticket21729 | 7 - changes/ticket21841 | 4 - changes/ticket21842 | 6 - changes/ticket21953 | 6 - changes/ticket4998 | 5 - 62 files changed, 394 insertions(+), 373 deletions(-) diff --git a/ChangeLog b/ChangeLog index fdf7d0c..4fb6627 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,397 @@ -Changes in version 0.3.1.1-alpha - 2017-??-?? +Changes in version 0.3.1.1-alpha - 2017-05-?? + blurb goes here + + o Major features (directory protocol): + - Tor relays and authorities are now able to serve clients an + abbreviated version of the networkstatus consensus document, + containing only the changes since the an older consensus document that + the client holds. Clients now request these documents when + available. When this new protocol is in use by both client and server, + they will use far less bandwidth (up to 94% less) to keep an up-to-date + consensus. Implements proposal 140; closes ticket 13339. Based + on work by by Daniel Martí. + + o Major features (directory system): + - Tor's compression module now includes support for the zstd and lzma2 + compression algorithms, if the libzstd and liblzma libraries are + available when Tor is compiled. Once these features are exposed in the + directory module, they will enable Tor to provide better compression + ratios on directory documents. Part of an implementation for proposal + 278; closes ticket 21662. + + o Major features (internals): + - Add an ed diff/patch backend, optimized for consensus documents. + This backend will be the basis of our consensus diff implementation. + Most of the work here was done + by Daniel Martí. Closes ticket 21643. + + o Major features (security, stability, experimental): + - Tor now has the optional ability to include modules written in + Rust. To turn this on, pass the "--enable-rust" flag to the + configure script. + It's not time to get excited yet: currently, there is no actual + Rust functionality beyond some simple glue code, and a notice at + startup to tell you that Rust is running. Still, we hope that + programmers and packagers will try building with rust + support, so that we can find issues with the build system, + and solve portability issues. Closes ticket 22106. + + o Major features (traffic analysis resistance): + - Relays and clients will now send a padding cell on idle OR + connections every 1.5 to 9.5 seconds (tunable via consensus + parameters). Directory connections and inter-relay connections + are not padded. Padding is negotiated using Tor's link protocol, + so both relays and clients must upgrade for this to take effect. + Clients may still send padding despite the relay's version by + setting ConnectionPadding 1 in torrc, and may disable padding + by setting ConnectionPadding 0 in torrc. Padding may be minimized + for mobile users with the torrc option ReducedConnectionPadding. + Implements Proposal 251 and Section 2 of Proposal 254; closes ticket + 16861. + - Relays will publish 24 hour totals of padding and non-padding cell + counts to their extra-info descriptors, unless PaddingStatistics 0 + is set in torrc. These 24 hour totals are also rounded to multiples + of 10000. + + o Major bugfixes (hidden service directory, security): + - Fix an assertion failure in the hidden service directory code, which + could be used by an attacker to remotely cause a Tor relay process to + exit. Relays running earlier versions of Tor 0.3.0.x should upgrade. + This security issue is tracked as tracked as + TROVE-2017-002. Fixes bug 22246; bugfix on 0.3.0.1-alpha. + + o Major bugfixes (linux TPROXY support): + - Fix a typo that had prevented TPROXY-based transparent proxying from + working under Linux. Fixes bug 18100; bugfix on 0.2.6.3-alpha. + Patch from "d4fq0fQAgoJ". + + o Minor feature (defaults, directory): + - Onion key rotation and expiry intervals are now defined as a network + consensus parameter as per proposal 274. The default lifetime of an + onion key is bumped from 7 to 28 days. Old onion keys will expire after 7 + days by default. Closes ticket 21641. + + o Minor feature (hidden services): + - Add more information to the message logged when a hidden service + descriptor has fewer introduction points than specified in + HiddenServiceNumIntroductionPoints. + Follow up to tickets 21598 and 21599, closes ticket 21622. + - Log a message when a hidden service descriptor has fewer introduction + points than specified in HiddenServiceNumIntroductionPoints. + Closes ticket 21598. + - Log a message when a hidden service reaches its introduction point + circuit limit, and when that limit is reset. + Follow up to ticket 21594, closes ticket 21622. + + o Minor feature (include on config files): + - Adds config-can-saveconf to GETINFO command to tell if SAVECONF + will work without the FORCE option, closes ticket 1922. + - Allow the use of %include on configuration files to include settings + from other files or directories. Using %include with a directory will + include all (non-dot) files in that directory in lexically sorted order + (non-recursive), closes ticket 1922. + - Makes SAVECONF command return error when overwriting a torrc + that has includes. Using SAVECONF with the FORCE option will + allow it to overwrite torrc even if includes are used, closes ticket + 1922. + + o Minor features (controller): + - Warn the first time that a controller requests data in the + long-deprecated 'GETINFO network-status' format. Closes ticket 21703. + + o Minor features (defaults, security): + - The default value for UseCreateFast is now 0: clients which haven't yet + received a consensus document will nonetheless use a proper handshake + to talk to their directory servers (when they can). Closes ticket 21407. + + o Minor features (fallback directories): + - Update the fallback directory mirror whitelist and blacklist based on + operator emails. Closes task 21121. + + o Minor features (fallback directory list): + - Replace the 177 fallbacks originally introduced in Tor 0.2.9.8 in + December 2016 (of which ~126 were still functional), with a list of + 151 fallbacks (32 new, 119 existing, 58 removed) generated in + May 2017. + Resolves ticket 21564. + + o Minor features (hidden service, logging): + - Warn user if multiple entries in EntryNodes and at least one + HiddenService are used together. Pinning EntryNodes along with an hidden + service can be possibly harmful for instance see ticket 14917 or 21155. + Closes ticket 21155. + + o Minor features (infrastructure, seccomp2 sandbox): + - We now have a document storage backend compatible with the Linux + seccomp2 sandbox. The long-term plan is to use this backend for + consensus documents and for storing unparseable directory + material. Closes ticket 21645. + + o Minor features (linux seccomp2 sandbox): + - Increase the maximum allowed size passed to mprotect(PROT_WRITE) + from 1MB to 16MB. This was necessary with the glibc allocator in + order to allow worker threads to allocate more memory -- which in + turn is necessary because of our new use of worker threads for + compression. Closes ticket 22096. + + o Minor features (logging): + - Log files are no longer created world-readable by default. + (Previously, most distributors would store the logs in a + non-world-readable location to prevent inappropriate access. This + change is an extra precaution.) Closes ticket 21729; patch from + toralf. + + o Minor features (performance): + - The minimal keccak implementation we include now accesses memory + more efficiently, especially on little-endian systems. + Closes ticket 21737. + + o Minor features (performance, controller): + - Add an O(1) implementation of channel_find_by_global_id(). + + o Minor features (relay, configuration): + - The MyFamily line may now be repeated as many times as desired, for + relays that want to configure large families. Closes ticket 4998; + patch by Daniel Pinto. + + o Minor features (safety): + - Add an explict check to extrainfo_parse_entry_from_string() for NULL + inputs. We don't believe this can actually happen, but it may help + silence a warning from the Clang analyzer. Closes ticket 21496. + + o Minor features (security, windows): + - Enable a couple of pieces of Windows hardening: one + (HeapEnableTerminationOnCorruption) that has been on-by-default since + Windows 8, and unavailable before Windows 7, and one + (PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION) which we believe doesn't + affect us, but shouldn't do any harm. Closes ticket 21953. + + o Minor features (testing): + - Add a "--disable-memory-sentinels" feature to help with fuzzing. + When Tor is compiled with this option, we disable a number of + redundant memory-safety failsafes that are intended to stop + bugs from becoming security issues. This makes it easier to hunt + for bugs that would be security issues without the failsafes + turned on. Closes ticket 21439. + - Add a general event-tracing instrumentation support to Tor. This + subsystem will enable developers and researchers to add fine-grained + instrumentation to their Tor instances, for use when examining Tor + network performance issues. There are no trace events yet, and + event-tracing is off by default unless enabled at compile time. + Implements ticket 13802. + + o Minor features (unit tests): + - Improve version parsing tests: add tests for typical version components, + add tests for invalid versions, including numeric range and non-numeric + prefixes. + Unit tests 21278, 21450, and 21507. Partially implements 21470. + + o Minor bugfix (directory authority): + - Prevent the shared randomness subsystem from asserting when initialized + by a bridge authority with an incomplete configuration file. Fixes bug + 21586; bugfix on 0.2.9.8. + + o Minor bugfixes (bandwidth accounting): + - Roll over monthly accounting at the configured hour and minute, + rather than always at 00:00. + Fixes bug 22245; bugfix on 0.0.9rc1. + Found by Andrey Karpov with PVS-Studio. + + o Minor bugfixes (cell, logging): + - Downgrade a log statement from bug to protocol warning because there is + at least one use case where it can be triggered by a buggy tor + implementation on the Internet for instance. Fixes bug 21293; bugfix on + 0.1.1.14-alpha. + + o Minor bugfixes (code correctness): + - Accurately identify client connections using their lack of peer + authentication. This means that we bail out earlier if asked to extend + to a client. Follow-up to 21407. + Fixes bug 21406; bugfix on 0.2.4.23. + + o Minor bugfixes (configuration): + - Do not crash when starting with LearnCircuitBuildTimeout 0. + Fixes bug 22252; bugfix on 0.2.9.3-alpha. + + o Minor bugfixes (connection lifespan): + - Allow more control over how long TLS connections are kept open: unify + CircuitIdleTimeout and PredictedPortsRelevanceTime into a single option + called CircuitsAvailableTimeout. Also, allow the consensus to control + the default values for both this preference, as well as the lifespan + of relay-to-relay connections. Fixes bug 17592; bugfix on 0.2.5.5-alpha. + - Increase the intial circuit build timeout testing frequency, to help + ensure that ReducedConnectionPadding clients finish learning a timeout + before their orconn would expire. The initial testing rate was set back + in the days of TAP and before the Tor Browser updater, when we had to be + much more careful about new clients making lots of circuits. With this + change, a circuit build time is learned in about 15-20 minutes, instead + of ~100-120 minutes. + + o Minor bugfixes (connection usage): + - Relays will now log hourly statistics on the total number of + connections to other relays. If the number of connections per relay + unexpectedly large, this log message is at notice level. Otherwise + it is at info. + - Use NETINFO cells to try to determine if both relays involved in + a connection will agree on the canonical status of that connection. + Prefer the connections where this is the case for extend cells, + and try to close connections where relays disagree on canonical + status early. Also, additionally alter the connection selection + logic to prefer the oldest valid connection for extend cells. + These two changes should reduce the number of long-term connections + that are kept open between relays. Fixes bug 17604; bugfix on + 0.2.5.5-alpha. + + o Minor bugfixes (control, hidden service client): + - Trigger HS descriptor events on the control port when the client is + unable to pick a suitable hidden service directory. This can happen if + they are all in the ExcludeNodes list or they all have been queried + inside the allowed 15 minutes. Fixes bug 22042; bugfix on + 0.2.5.2-alpha. + + o Minor bugfixes (controller): + - GETINFO onions/current and onions/detached no longer 551 on empty lists + Fixes bug 21329; bugfix on 0.2.7.1-alpha. + + o Minor bugfixes (directory authority): + - When rejecting a router descriptor because the relay is running an + obsolete version of Tor without ntor support, warn about the obsolete + tor version, not the missing ntor key. Fixes bug 20270; + bugfix on 0.2.9.3-alpha. + + o Minor bugfixes (documentation): + - Default of NumEntryGuards is 1 if the consensus parameter + guard-n-primary-guards-to-use isn't set. Default of NumDirectoryGuards + is 3 if the consensus parameter guard-n-primary-dir-guards-to-use isn't + set. Fixes bug 21715; bugfix on 0.3.0.1-alpha. + + o Minor bugfixes (exit-side DNS): + - Fix an untriggerable assertion that checked the output of a + libevent DNS error, so that the assertion actually behaves as + expected. Fixes bug 22244; bugfix on 0.2.0.20-rc. Found by Andrey + Karpov using PVS-Studio. + + o Minor bugfixes (fallback directory mirrors): + - Make the usage example in updateFallbackDirs.py actually work. + (And explain what it does.) + Fixes bug 22270; bugfix on 0.3.0.3-alpha. + + o Minor bugfixes (fallbacks): + - Decrease the guard flag average required to be a fallback. This allows + us to keep relays that have their guard flag removed when they restart. + Fixes bug 20913; bugfix on 0.2.8.1-alpha. + - Decrease the minimum number of fallbacks to 100. + Fixes bug 20913; bugfix on 0.2.8.1-alpha. + - Make sure fallback directory mirrors have the same address, port, and + relay identity key for at least 30 days before they are selected. + Fixes bug 20913; bugfix on 0.2.8.1-alpha. + + o Minor bugfixes (hidden service): + - Stop printing cryptic warning when a client tries to connect on an + invalid port of the service. Fixes bug 16706; bugfix on 0.2.6.3-alpha. + + o Minor bugfixes (hidden services): + - Simplify hidden service descriptor creation by using an existing flag + to check if an introduction point is established. + Fixes bug 21599; bugfix on 0.2.7.2-alpha. + + o Minor bugfixes (memory leak): + - Fix a small memory leak at exit from the backtrace handler code. + Fixes bug 21788; bugfix on 0.2.5.2-alpha. Patch from Daniel Pinto. + + o Minor bugfixes (testing): + - Make test-network.sh always call chutney's test-network.sh. + Previously, this only worked on systems which had bash installed, due to + some bash-specific code in the script. + Fixes bug 19699; bugfix on 0.3.0.4-rc. Follow-up to ticket 21581. + - Use unbuffered I/O for utility functions around the process_handle_t + type. This fixes unit test failures reported on OpenBSD and FreeBSD. + Fixes bug 21654; bugfix on 0.2.3.1-alpha. + + o Minor bugfixes (unit tests): + - Make display of captured unit test log messages consistent. + Fixes bug 21510; bugfix on 0.2.9.3-alpha. + + o Minor bugfixes (voting consistency): + - Reject version numbers with non-numeric prefixes (such as +, -, and + whitespace). Disallowing whitespace prevents differential version + parsing between POSIX-based and Windows platforms. + Fixes bug 21507 and part of 21508; bugfix on 0.0.8pre1. + + o Minor bugfixes (windows, relay): + - Resolve "Failure from drain_fd: No error" warnings on Windows + relays. Fixes bug 21540; bugfix on 0.2.6.3-alpha. + + o Code simplification and refactoring: + - Break up the 630-line function connection_dir_client_reached_eof() into + a dozen smaller functions. This change should help maintainability and + readability of the client directory code. + - Isolate our usage of the openssl headers so that they are only + used from our crypto wrapper modules, and from tests that examing those + modules' internals. Closes ticket 21841. + - Our API to launch directory requests has been greatly simplified + to become more extensible and less error-prone. We'll be using + this to improve support for adding extra headers to directory + requests. Closes ticket 21646. + - Our base64 decoding functions no longer overestimate the output + space that they will need when parsing unpadded inputs. + Closes ticket 17868. + - Remove unused "ROUTER_ADDED_NOTIFY_GENERATOR" internal value. + Resolves ticket 22213. + - The logic that directory caches use to spool request to clients, + serving them one part at a time so as not to allocate too much memory, + has been refactored for consistency. Previously there was a separate + spooling implementation per type of spoolable data. Now there + is one common spooling implementation, with extensible data types. + Closes ticket 21651. + - Tor's compression module now supports multiple backends. Part of + an implementation of proposal 278; closes ticket 21663. + + o Documentation: + - Clarify the behavior of the KeepAliveIsolateSOCKSAuth sub-option. + Closes ticket 21873. + - Correct the documentation about the default DataDirectory value. + Closes ticket 21151. + - Document key=value pluggable transport arguments for Bridge lines in + torrc. Fixes bug 20341; bugfix on 0.2.5.1-alpha. + - Note that bandwidth-limiting options don't affect TCP headers or DNS. + Closes ticket 17170. + + o Removed features (configuration options, all in ticket 22060): + - AllowInvalidNodes was deprecated in 0.2.9.2-alpha and now has been + removed. It is not possible anymore to use Invalid nodes. + - AllowSingleHopCircuits was deprecated in 0.2.9.2-alpha and now has been + removed. It's not possible anymore to attach streams to single hop exit + circuit. + - AllowSingleHopExits was deprecated in 0.2.9.2-alpha and now has been + removed. Relays no longer advertise that they can be used for single hop + exit proxy. + - CloseHSClientCircuitsImmediatelyOnTimeout was deprecated in + 0.2.9.2-alpha and now has been removed. HS circuits never close on + circuit build timeout, they have a longer timeout period. + - CloseHSServiceRendCircuitsImmediatelyOnTimeout was deprecated in + 0.2.9.2-alpha and now has been removed. HS circuits never close on + circuit build timeout, they have a long timeout period. + - ExcludeSingleHopRelays was deprecated in 0.2.9.2-alpha and now has been + removed. Client will always exclude relays that supports single hop + exits meaning relays that still advertise AllowSingleHopExits. + - FastFirstHopPK was deprecated in 0.2.9.2-alpha and now has been removed. + Decision for this feature will always be decided by the consensus. + - TLSECGroup was deprecated in 0.2.9.2-alpha and now has been removed. + P256 EC group is always used. + - WarnUnsafeSocks was deprecated in 0.2.9.2-alpha and now has been + removed. Tor will now always warn the user if only an IP address is + given instead of an hostname on a SOCKS connection if SafeSocks is 1. + - {Control,DNS,Dir,Socks,Trans,NATD,OR}ListenAddress was deprecated in + 0.2.9.2-alpha and now has been removed. Use the ORPort (and others). + + o Removed features: + - We've removed the tor-checkkey tool from src/tools. Long ago, we + used it to help people detect RSA keys that were generated by + versions of Debian affected by CVE-2008-0166. But those keys + have been out of circulation for ages, and this tool is no + longer required. Closes ticket 21842. + Changes in version 0.3.0.7 - 2017-05-15 diff --git a/changes/17868 b/changes/17868 deleted file mode 100644 index 77a8ba1..0000000 --- a/changes/17868 +++ /dev/null @@ -1,4 +0,0 @@ - o Code simplification and refactoring: - - Our base64 decoding functions no longer overestimate the output - space that they will need when parsing unpadded inputs. - Closes ticket 17868. diff --git a/changes/21662_21663_21664 b/changes/21662_21663_21664 deleted file mode 100644 index da47c6d..0000000 --- a/changes/21662_21663_21664 +++ /dev/null @@ -1,12 +0,0 @@ - o Major features (directory system): - - Tor's compression module now includes support for the zstd and lzma2 - compression algorithms, if the libzstd and liblzma libraries are - available when Tor is compiled. Once these features are exposed in the - directory module, they will enable Tor to provide better compression - ratios on directory documents. Part of an implementation for proposal - 278; closes ticket 21662. - - o Code simplification and refactoring: - - Tor's compression module now supports multiple backends. Part of - an implementation of proposal 278; closes ticket 21663. - diff --git a/changes/21873 b/changes/21873 deleted file mode 100644 index 24dc824..0000000 --- a/changes/21873 +++ /dev/null @@ -1,3 +0,0 @@ - o Documentation: - - Clarify the behavior of the KeepAliveIsolateSOCKSAuth sub-option. - Closes ticket 21873. diff --git a/changes/bug16706 b/changes/bug16706 deleted file mode 100644 index b0b3351..0000000 --- a/changes/bug16706 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (hidden service): - - Stop printing cryptic warning when a client tries to connect on an - invalid port of the service. Fixes bug 16706; bugfix on 0.2.6.3-alpha. diff --git a/changes/bug16861 b/changes/bug16861 deleted file mode 100644 index f540254..0000000 --- a/changes/bug16861 +++ /dev/null @@ -1,16 +0,0 @@ - o Major features (traffic analysis resistance): - - Relays and clients will now send a padding cell on idle OR - connections every 1.5 to 9.5 seconds (tunable via consensus - parameters). Directory connections and inter-relay connections - are not padded. Padding is negotiated using Tor's link protocol, - so both relays and clients must upgrade for this to take effect. - Clients may still send padding despite the relay's version by - setting ConnectionPadding 1 in torrc, and may disable padding - by setting ConnectionPadding 0 in torrc. Padding may be minimized - for mobile users with the torrc option ReducedConnectionPadding. - Implements Proposal 251 and Section 2 of Proposal 254; closes ticket - 16861. - - Relays will publish 24 hour totals of padding and non-padding cell - counts to their extra-info descriptors, unless PaddingStatistics 0 - is set in torrc. These 24 hour totals are also rounded to multiples - of 10000. diff --git a/changes/bug17170 b/changes/bug17170 deleted file mode 100644 index 24a9b94..0000000 --- a/changes/bug17170 +++ /dev/null @@ -1,3 +0,0 @@ - o Documentation: - - Note that bandwidth-limiting options don't affect TCP headers or DNS. - Closes ticket 17170. diff --git a/changes/bug17592 b/changes/bug17592 deleted file mode 100644 index 131791b..0000000 --- a/changes/bug17592 +++ /dev/null @@ -1,13 +0,0 @@ - o Minor bugfixes (connection lifespan): - - Allow more control over how long TLS connections are kept open: unify - CircuitIdleTimeout and PredictedPortsRelevanceTime into a single option - called CircuitsAvailableTimeout. Also, allow the consensus to control - the default values for both this preference, as well as the lifespan - of relay-to-relay connections. Fixes bug 17592; bugfix on 0.2.5.5-alpha. - - Increase the intial circuit build timeout testing frequency, to help - ensure that ReducedConnectionPadding clients finish learning a timeout - before their orconn would expire. The initial testing rate was set back - in the days of TAP and before the Tor Browser updater, when we had to be - much more careful about new clients making lots of circuits. With this - change, a circuit build time is learned in about 15-20 minutes, instead - of ~100-120 minutes. diff --git a/changes/bug17604 b/changes/bug17604 deleted file mode 100644 index 6cd9e2e..0000000 --- a/changes/bug17604 +++ /dev/null @@ -1,15 +0,0 @@ - o Minor bugfixes (connection usage): - - Use NETINFO cells to try to determine if both relays involved in - a connection will agree on the canonical status of that connection. - Prefer the connections where this is the case for extend cells, - and try to close connections where relays disagree on canonical - status early. Also, additionally alter the connection selection - logic to prefer the oldest valid connection for extend cells. - These two changes should reduce the number of long-term connections - that are kept open between relays. Fixes bug 17604; bugfix on - 0.2.5.5-alpha. - - Relays will now log hourly statistics on the total number of - connections to other relays. If the number of connections per relay - unexpectedly large, this log message is at notice level. Otherwise - it is at info. - diff --git a/changes/bug18100 b/changes/bug18100 deleted file mode 100644 index cd3ba2c..0000000 --- a/changes/bug18100 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes (linux TPROXY support): - - Fix a typo that had prevented TPROXY-based transparent proxying from - working under Linux. Fixes bug 18100; bugfix on 0.2.6.3-alpha. - Patch from "d4fq0fQAgoJ". - diff --git a/changes/bug19699 b/changes/bug19699 deleted file mode 100644 index 10ba57f..0000000 --- a/changes/bug19699 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (testing): - - Make test-network.sh always call chutney's test-network.sh. - Previously, this only worked on systems which had bash installed, due to - some bash-specific code in the script. - Fixes bug 19699; bugfix on 0.3.0.4-rc. Follow-up to ticket 21581. diff --git a/changes/bug20270 b/changes/bug20270 deleted file mode 100644 index d538a35..0000000 --- a/changes/bug20270 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (directory authority): - - When rejecting a router descriptor because the relay is running an - obsolete version of Tor without ntor support, warn about the obsolete - tor version, not the missing ntor key. Fixes bug 20270; - bugfix on 0.2.9.3-alpha. - diff --git a/changes/bug20341 b/changes/bug20341 deleted file mode 100644 index 419240c..0000000 --- a/changes/bug20341 +++ /dev/null @@ -1,3 +0,0 @@ - o Documentation: - - Document key=value pluggable transport arguments for Bridge lines in - torrc. Fixes bug 20341; bugfix on 0.2.5.1-alpha. diff --git a/changes/bug20913 b/changes/bug20913 deleted file mode 100644 index df7f106..0000000 --- a/changes/bug20913 +++ /dev/null @@ -1,9 +0,0 @@ - o Minor bugfixes (fallbacks): - - Make sure fallback directory mirrors have the same address, port, and - relay identity key for at least 30 days before they are selected. - Fixes bug 20913; bugfix on 0.2.8.1-alpha. - - Decrease the guard flag average required to be a fallback. This allows - us to keep relays that have their guard flag removed when they restart. - Fixes bug 20913; bugfix on 0.2.8.1-alpha. - - Decrease the minimum number of fallbacks to 100. - Fixes bug 20913; bugfix on 0.2.8.1-alpha. diff --git a/changes/bug21121 b/changes/bug21121 deleted file mode 100644 index 96b9730..0000000 --- a/changes/bug21121 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (fallback directories): - - Update the fallback directory mirror whitelist and blacklist based on - operator emails. Closes task 21121. diff --git a/changes/bug21155 b/changes/bug21155 deleted file mode 100644 index 67e4a64..0000000 --- a/changes/bug21155 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features (hidden service, logging): - - Warn user if multiple entries in EntryNodes and at least one - HiddenService are used together. Pinning EntryNodes along with an hidden - service can be possibly harmful for instance see ticket 14917 or 21155. - Closes ticket 21155. diff --git a/changes/bug21293 b/changes/bug21293 deleted file mode 100644 index 37e0c8c..0000000 --- a/changes/bug21293 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (cell, logging): - - Downgrade a log statement from bug to protocol warning because there is - at least one use case where it can be triggered by a buggy tor - implementation on the Internet for instance. Fixes bug 21293; bugfix on - 0.1.1.14-alpha. diff --git a/changes/bug21329 b/changes/bug21329 deleted file mode 100644 index c31586e..0000000 --- a/changes/bug21329 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (controller): - - GETINFO onions/current and onions/detached no longer 551 on empty lists - Fixes bug 21329; bugfix on 0.2.7.1-alpha. diff --git a/changes/bug21406 b/changes/bug21406 deleted file mode 100644 index 170e631..0000000 --- a/changes/bug21406 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (code correctness): - - Accurately identify client connections using their lack of peer - authentication. This means that we bail out earlier if asked to extend - to a client. Follow-up to 21407. - Fixes bug 21406; bugfix on 0.2.4.23. diff --git a/changes/bug21407 b/changes/bug21407 deleted file mode 100644 index 8d0d917..0000000 --- a/changes/bug21407 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (defaults, security): - - The default value for UseCreateFast is now 0: clients which haven't yet - received a consensus document will nonetheless use a proper handshake - to talk to their directory servers (when they can). Closes ticket 21407. diff --git a/changes/bug21439 b/changes/bug21439 deleted file mode 100644 index 3acc53b..0000000 --- a/changes/bug21439 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor features (testing): - - Add a "--disable-memory-sentinels" feature to help with fuzzing. - When Tor is compiled with this option, we disable a number of - redundant memory-safety failsafes that are intended to stop - bugs from becoming security issues. This makes it easier to hunt - for bugs that would be security issues without the failsafes - turned on. Closes ticket 21439. diff --git a/changes/bug21496 b/changes/bug21496 deleted file mode 100644 index 24ac85a..0000000 --- a/changes/bug21496 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (safety): - - Add an explict check to extrainfo_parse_entry_from_string() for NULL - inputs. We don't believe this can actually happen, but it may help - silence a warning from the Clang analyzer. Closes ticket 21496. diff --git a/changes/bug21507 b/changes/bug21507 deleted file mode 100644 index f83e291..0000000 --- a/changes/bug21507 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (voting consistency): - - Reject version numbers with non-numeric prefixes (such as +, -, and - whitespace). Disallowing whitespace prevents differential version - parsing between POSIX-based and Windows platforms. - Fixes bug 21507 and part of 21508; bugfix on 0.0.8pre1. diff --git a/changes/bug21510 b/changes/bug21510 deleted file mode 100644 index 31c3e1a..0000000 --- a/changes/bug21510 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (unit tests): - - Make display of captured unit test log messages consistent. - Fixes bug 21510; bugfix on 0.2.9.3-alpha. - diff --git a/changes/bug21540 b/changes/bug21540 deleted file mode 100644 index 0cf684b..0000000 --- a/changes/bug21540 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (windows, relay): - - Resolve "Failure from drain_fd: No error" warnings on Windows - relays. Fixes bug 21540; bugfix on 0.2.6.3-alpha. - diff --git a/changes/bug21586 b/changes/bug21586 deleted file mode 100644 index 29701d9..0000000 --- a/changes/bug21586 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfix (directory authority): - - Prevent the shared randomness subsystem from asserting when initialized - by a bridge authority with an incomplete configuration file. Fixes bug - 21586; bugfix on 0.2.9.8. diff --git a/changes/bug21599 b/changes/bug21599 deleted file mode 100644 index fe0f21a..0000000 --- a/changes/bug21599 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (hidden services): - - Simplify hidden service descriptor creation by using an existing flag - to check if an introduction point is established. - Fixes bug 21599; bugfix on 0.2.7.2-alpha. diff --git a/changes/bug21641 b/changes/bug21641 deleted file mode 100644 index b04e52c..0000000 --- a/changes/bug21641 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor feature (defaults, directory): - - Onion key rotation and expiry intervals are now defined as a network - consensus parameter as per proposal 274. The default lifetime of an - onion key is bumped from 7 to 28 days. Old onion keys will expire after 7 - days by default. Closes ticket 21641. diff --git a/changes/bug21654 b/changes/bug21654 deleted file mode 100644 index c3badd2..0000000 --- a/changes/bug21654 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (testing): - - Use unbuffered I/O for utility functions around the process_handle_t - type. This fixes unit test failures reported on OpenBSD and FreeBSD. - Fixes bug 21654; bugfix on 0.2.3.1-alpha. diff --git a/changes/bug21703 b/changes/bug21703 deleted file mode 100644 index 3034fc5..0000000 --- a/changes/bug21703 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (controller): - - Warn the first time that a controller requests data in the - long-deprecated 'GETINFO network-status' format. Closes ticket 21703. - diff --git a/changes/bug21715 b/changes/bug21715 deleted file mode 100644 index 54ad1ad..0000000 --- a/changes/bug21715 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (documentation): - - Default of NumEntryGuards is 1 if the consensus parameter - guard-n-primary-guards-to-use isn't set. Default of NumDirectoryGuards - is 3 if the consensus parameter guard-n-primary-dir-guards-to-use isn't - set. Fixes bug 21715; bugfix on 0.3.0.1-alpha. diff --git a/changes/bug21788 b/changes/bug21788 deleted file mode 100644 index ad8365f..0000000 --- a/changes/bug21788 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (memory leak): - - Fix a small memory leak at exit from the backtrace handler code. - Fixes bug 21788; bugfix on 0.2.5.2-alpha. Patch from Daniel Pinto. diff --git a/changes/bug22042 b/changes/bug22042 deleted file mode 100644 index dccf83d..0000000 --- a/changes/bug22042 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes (control, hidden service client): - - Trigger HS descriptor events on the control port when the client is - unable to pick a suitable hidden service directory. This can happen if - they are all in the ExcludeNodes list or they all have been queried - inside the allowed 15 minutes. Fixes bug 22042; bugfix on - 0.2.5.2-alpha. - diff --git a/changes/bug22060 b/changes/bug22060 deleted file mode 100644 index db373dd..0000000 --- a/changes/bug22060 +++ /dev/null @@ -1,28 +0,0 @@ - o Removed features (configuration options, all in ticket 22060): - - AllowInvalidNodes was deprecated in 0.2.9.2-alpha and now has been - removed. It is not possible anymore to use Invalid nodes. - - AllowSingleHopCircuits was deprecated in 0.2.9.2-alpha and now has been - removed. It's not possible anymore to attach streams to single hop exit - circuit. - - AllowSingleHopExits was deprecated in 0.2.9.2-alpha and now has been - removed. Relays no longer advertise that they can be used for single hop - exit proxy. - - ExcludeSingleHopRelays was deprecated in 0.2.9.2-alpha and now has been - removed. Client will always exclude relays that supports single hop - exits meaning relays that still advertise AllowSingleHopExits. - - FastFirstHopPK was deprecated in 0.2.9.2-alpha and now has been removed. - Decision for this feature will always be decided by the consensus. - - CloseHSClientCircuitsImmediatelyOnTimeout was deprecated in - 0.2.9.2-alpha and now has been removed. HS circuits never close on - circuit build timeout, they have a longer timeout period. - - CloseHSServiceRendCircuitsImmediatelyOnTimeout was deprecated in - 0.2.9.2-alpha and now has been removed. HS circuits never close on - circuit build timeout, they have a long timeout period. - - WarnUnsafeSocks was deprecated in 0.2.9.2-alpha and now has been - removed. Tor will now always warn the user if only an IP address is - given instead of an hostname on a SOCKS connection if SafeSocks is 1. - - TLSECGroup was deprecated in 0.2.9.2-alpha and now has been removed. - P256 EC group is always used. - - {Control,DNS,Dir,Socks,Trans,NATD,OR}ListenAddress was deprecated in - 0.2.9.2-alpha and now has been removed. Use the ORPort (and others). - diff --git a/changes/bug22096 b/changes/bug22096 deleted file mode 100644 index 83dac9c..0000000 --- a/changes/bug22096 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor features (linux seccomp2 sandbox): - - Increase the maximum allowed size passed to mprotect(PROT_WRITE) - from 1MB to 16MB. This was necessary with the glibc allocator in - order to allow worker threads to allocate more memory -- which in - turn is necessary because of our new use of worker threads for - compression. Closes ticket 22096. diff --git a/changes/bug22244 b/changes/bug22244 deleted file mode 100644 index ed5d36b..0000000 --- a/changes/bug22244 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (exit-side DNS): - - Fix an untriggerable assertion that checked the output of a - libevent DNS error, so that the assertion actually behaves as - expected. Fixes bug 22244; bugfix on 0.2.0.20-rc. Found by Andrey - Karpov using PVS-Studio. - diff --git a/changes/bug22245 b/changes/bug22245 deleted file mode 100644 index 6ae1859..0000000 --- a/changes/bug22245 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (bandwidth accounting): - - Roll over monthly accounting at the configured hour and minute, - rather than always at 00:00. - Fixes bug 22245; bugfix on 0.0.9rc1. - Found by Andrey Karpov with PVS-Studio. diff --git a/changes/bug22246 b/changes/bug22246 deleted file mode 100644 index dbdf31a..0000000 --- a/changes/bug22246 +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfixes (hidden service directory, security): - - Fix an assertion failure in the hidden service directory code, which - could be used by an attacker to remotely cause a Tor relay process to - exit. Relays running earlier versions of Tor 0.3.0.x should upgrade. - This security issue is tracked as tracked as - TROVE-2017-002. Fixes bug 22246; bugfix on 0.3.0.1-alpha. diff --git a/changes/bug22252 b/changes/bug22252 deleted file mode 100644 index 42b9d8e..0000000 --- a/changes/bug22252 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (configuration): - - Do not crash when starting with LearnCircuitBuildTimeout 0. - Fixes bug 22252; bugfix on 0.2.9.3-alpha. diff --git a/changes/bug22270 b/changes/bug22270 deleted file mode 100644 index 6b58446..0000000 --- a/changes/bug22270 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (fallback directory mirrors): - - Make the usage example in updateFallbackDirs.py actually work. - (And explain what it does.) - Fixes bug 22270; bugfix on 0.3.0.3-alpha. diff --git a/changes/cleanup22213 b/changes/cleanup22213 deleted file mode 100644 index d100aee..0000000 --- a/changes/cleanup22213 +++ /dev/null @@ -1,4 +0,0 @@ - o Code simplification and refactoring: - - Remove unused "ROUTER_ADDED_NOTIFY_GENERATOR" internal value. - Resolves ticket 22213. - diff --git a/changes/consdiff_21643 b/changes/consdiff_21643 deleted file mode 100644 index 38d4656..0000000 --- a/changes/consdiff_21643 +++ /dev/null @@ -1,5 +0,0 @@ - o Major features (internals): - - Add an ed diff/patch backend, optimized for consensus documents. - This backend will be the basis of our consensus diff implementation. - Most of the work here was done - by Daniel Martí. Closes ticket 21643. diff --git a/changes/data_dir_default_doc b/changes/data_dir_default_doc deleted file mode 100644 index 6b49bb2..0000000 --- a/changes/data_dir_default_doc +++ /dev/null @@ -1,3 +0,0 @@ - o Documentation: - - Correct the documentation about the default DataDirectory value. - Closes ticket 21151. diff --git a/changes/fast_channel_lookup b/changes/fast_channel_lookup deleted file mode 100644 index de0f351..0000000 --- a/changes/fast_channel_lookup +++ /dev/null @@ -1,2 +0,0 @@ - o Minor features (performance, controller): - - Add an O(1) implementation of channel_find_by_global_id(). diff --git a/changes/faster-keccak b/changes/faster-keccak deleted file mode 100644 index 45fc152..0000000 --- a/changes/faster-keccak +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (performance): - - The minimal keccak implementation we include now accesses memory - more efficiently, especially on little-endian systems. - Closes ticket 21737. diff --git a/changes/feature1922 b/changes/feature1922 deleted file mode 100644 index e3c059d..0000000 --- a/changes/feature1922 +++ /dev/null @@ -1,11 +0,0 @@ - o Minor feature (include on config files): - - Allow the use of %include on configuration files to include settings - from other files or directories. Using %include with a directory will - include all (non-dot) files in that directory in lexically sorted order - (non-recursive), closes ticket 1922. - - Makes SAVECONF command return error when overwriting a torrc - that has includes. Using SAVECONF with the FORCE option will - allow it to overwrite torrc even if includes are used, closes ticket - 1922. - - Adds config-can-saveconf to GETINFO command to tell if SAVECONF - will work without the FORCE option, closes ticket 1922. diff --git a/changes/feature21598 b/changes/feature21598 deleted file mode 100644 index 317ace4..0000000 --- a/changes/feature21598 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor feature (hidden services): - - Log a message when a hidden service descriptor has fewer introduction - points than specified in HiddenServiceNumIntroductionPoints. - Closes ticket 21598. diff --git a/changes/feature21622 b/changes/feature21622 deleted file mode 100644 index 163b90b..0000000 --- a/changes/feature21622 +++ /dev/null @@ -1,8 +0,0 @@ - o Minor feature (hidden services): - - Log a message when a hidden service reaches its introduction point - circuit limit, and when that limit is reset. - Follow up to ticket 21594, closes ticket 21622. - - Add more information to the message logged when a hidden service - descriptor has fewer introduction points than specified in - HiddenServiceNumIntroductionPoints. - Follow up to tickets 21598 and 21599, closes ticket 21622. diff --git a/changes/feature22106 b/changes/feature22106 deleted file mode 100644 index d277007..0000000 --- a/changes/feature22106 +++ /dev/null @@ -1,12 +0,0 @@ - o Major features (security, stability, experimental): - - - Tor now has the optional ability to include modules written in - Rust. To turn this on, pass the "--enable-rust" flag to the - configure script. - - It's not time to get excited yet: currently, there is no actual - Rust functionality beyond some simple glue code, and a notice at - startup to tell you that Rust is running. Still, we hope that - programmers and packagers will try building with rust - support, so that we can find issues with the build system, - and solve portability issues. Closes ticket 22106. diff --git a/changes/new_spooling_backend b/changes/new_spooling_backend deleted file mode 100644 index a100688..0000000 --- a/changes/new_spooling_backend +++ /dev/null @@ -1,7 +0,0 @@ - o Code simplification and refactoring: - - The logic that directory caches use to spool request to clients, - serving them one part at a time so as not to allocate too much memory, - has been refactored for consistency. Previously there was a separate - spooling implementation per type of spoolable data. Now there - is one common spooling implementation, with extensible data types. - Closes ticket 21651. diff --git a/changes/prop140 b/changes/prop140 deleted file mode 100644 index 661028c..0000000 --- a/changes/prop140 +++ /dev/null @@ -1,10 +0,0 @@ - o Major features (directory protocol): - - Tor relays and authorities are now able to serve clients an - abbreviated version of the networkstatus consensus document, - containing only the changes since the an older consensus document that - the client holds. Clients now request these documents when - available. When this new protocol is in use by both client and server, - they will use far less bandwidth (up to 94% less) to keep an up-to-date - consensus. Implements proposal 140; closes ticket 13339. Based - on work by by Daniel Martí. - diff --git a/changes/refactor_reached_eof b/changes/refactor_reached_eof deleted file mode 100644 index 33ab931..0000000 --- a/changes/refactor_reached_eof +++ /dev/null @@ -1,5 +0,0 @@ - o Code simplification and refactoring: - - - Break up the 630-line function connection_dir_client_reached_eof() into - a dozen smaller functions. This change should help maintainability and - readability of the client directory code. diff --git a/changes/storagedir b/changes/storagedir deleted file mode 100644 index afaaab3..0000000 --- a/changes/storagedir +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features (infrastructure, seccomp2 sandbox): - - We now have a document storage backend compatible with the Linux - seccomp2 sandbox. The long-term plan is to use this backend for - consensus documents and for storing unparseable directory - material. Closes ticket 21645. diff --git a/changes/test21470 b/changes/test21470 deleted file mode 100644 index f3ce484..0000000 --- a/changes/test21470 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features (unit tests): - - Improve version parsing tests: add tests for typical version components, - add tests for invalid versions, including numeric range and non-numeric - prefixes. - Unit tests 21278, 21450, and 21507. Partially implements 21470. diff --git a/changes/ticket13802 b/changes/ticket13802 deleted file mode 100644 index 35cd2b5..0000000 --- a/changes/ticket13802 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor features (testing): - - Add a general event-tracing instrumentation support to Tor. This - subsystem will enable developers and researchers to add fine-grained - instrumentation to their Tor instances, for use when examining Tor - network performance issues. There are no trace events yet, and - event-tracing is off by default unless enabled at compile time. - Implements ticket 13802. diff --git a/changes/ticket21564 b/changes/ticket21564 deleted file mode 100644 index 7e01f41..0000000 --- a/changes/ticket21564 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor features (fallback directory list): - - Replace the 177 fallbacks originally introduced in Tor 0.2.9.8 in - December 2016 (of which ~126 were still functional), with a list of - 151 fallbacks (32 new, 119 existing, 58 removed) generated in - May 2017. - Resolves ticket 21564. diff --git a/changes/ticket21646 b/changes/ticket21646 deleted file mode 100644 index a0e4fb6..0000000 --- a/changes/ticket21646 +++ /dev/null @@ -1,6 +0,0 @@ - o Code simplification and refactoring: - - Our API to launch directory requests has been greatly simplified - to become more extensible and less error-prone. We'll be using - this to improve support for adding extra headers to directory - requests. Closes ticket 21646. - diff --git a/changes/ticket21729 b/changes/ticket21729 deleted file mode 100644 index 51d1173..0000000 --- a/changes/ticket21729 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor features (logging): - - Log files are no longer created world-readable by default. - (Previously, most distributors would store the logs in a - non-world-readable location to prevent inappropriate access. This - change is an extra precaution.) Closes ticket 21729; patch from - toralf. - diff --git a/changes/ticket21841 b/changes/ticket21841 deleted file mode 100644 index 08c7406..0000000 --- a/changes/ticket21841 +++ /dev/null @@ -1,4 +0,0 @@ - o Code simplification and refactoring: - - Isolate our usage of the openssl headers so that they are only - used from our crypto wrapper modules, and from tests that examing those - modules' internals. Closes ticket 21841. diff --git a/changes/ticket21842 b/changes/ticket21842 deleted file mode 100644 index 4b039c6..0000000 --- a/changes/ticket21842 +++ /dev/null @@ -1,6 +0,0 @@ - o Removed features: - - We've removed the tor-checkkey tool from src/tools. Long ago, we - used it to help people detect RSA keys that were generated by - versions of Debian affected by CVE-2008-0166. But those keys - have been out of circulation for ages, and this tool is no - longer required. Closes ticket 21842. diff --git a/changes/ticket21953 b/changes/ticket21953 deleted file mode 100644 index 46e1642..0000000 --- a/changes/ticket21953 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor features (security, windows): - - Enable a couple of pieces of Windows hardening: one - (HeapEnableTerminationOnCorruption) that has been on-by-default since - Windows 8, and unavailable before Windows 7, and one - (PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION) which we believe doesn't - affect us, but shouldn't do any harm. Closes ticket 21953. diff --git a/changes/ticket4998 b/changes/ticket4998 deleted file mode 100644 index b7b5d62..0000000 --- a/changes/ticket4998 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features (relay, configuration): - - The MyFamily line may now be repeated as many times as desired, for - relays that want to configure large families. Closes ticket 4998; - patch by Daniel Pinto. -

1 0

[tor/master] Try to fix windows config/include_path_syntax test
by nickm＠torproject.org 19 May '17

19 May '17

commit 3628efe29c170025cec1001001a141dc3f9c5860 Author: Nick Mathewson <nickm(a)torproject.org> Date: Fri May 19 09:55:22 2017 -0400 Try to fix windows config/include_path_syntax test It was trying to do %include "foo\", which won't work. It has to be %include "foo\\". --- src/test/test_config.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/test/test_config.c b/src/test/test_config.c index 8419acb..80579ea 100644 --- a/src/test/test_config.c +++ b/src/test/test_config.c @@ -5172,11 +5172,17 @@ test_config_include_path_syntax(void *data) tt_int_op(mkdir(dir, 0700), OP_EQ, 0); #endif +#ifdef _WIN32 +#define ESCAPED_PATH_SEPARATOR "\\" PATH_SEPARATOR +#else +#define ESCAPED_PATH_SEPARATOR PATH_SEPARATOR +#endif + char torrc_contents[1000]; tor_snprintf(torrc_contents, sizeof(torrc_contents), "%%include \"%s\"\n" "%%include %s"PATH_SEPARATOR"\n" - "%%include \"%s"PATH_SEPARATOR"\"\n", + "%%include \"%s"ESCAPED_PATH_SEPARATOR"\"\n", dir, dir, dir); int include_used;

1 0

[torspec/master] annotate %include stuff with version
by nickm＠torproject.org 19 May '17

19 May '17

commit c815aad008d8e8f263ba40053c68af602a82793f Author: Nick Mathewson <nickm(a)torproject.org> Date: Fri May 19 09:31:46 2017 -0400 annotate %include stuff with version --- control-spec.txt | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/control-spec.txt b/control-spec.txt index 6f7cc5c..e38daf2 100644 --- a/control-spec.txt +++ b/control-spec.txt @@ -395,15 +395,15 @@ to disk" if it can't write the file or some other error occurs. If the %include option is used on torrc, SAVECONF will not write the - configuration to disk. If the flag string "FORCE" is provided, the configuration - will be overwritten even if %include is used. Using %include on defaults-torrc - does not affect SAVECONF. + configuration to disk. If the flag string "FORCE" is provided, the + configuration will be overwritten even if %include is used. Using %include + on defaults-torrc does not affect SAVECONF. (Introduced in 0.3.1.1-alpha.) See also the "getinfo config-text" command, if the controller wants to write the torrc file itself. See also the "getinfo config-can-saveconf" command, to tell if the FORCE - flag will be required. + flag will be required. (Also introduced in 0.3.1.1-alpha.) 3.7. SIGNAL @@ -1015,7 +1015,7 @@ "config-can-saveconf" 0 or 1, depending on whether it is possile to use SAVECONF without the - FORCE flag. + FORCE flag. (Introduced in 0.3.1.1-alpha.) Examples: C: GETINFO version desc/name/moria1

1 0

[torspec/master] Merge remote-tracking branch 'jigsaw/torrc-dir-fix-1922_squashed'
by nickm＠torproject.org 19 May '17

19 May '17

commit b73d8833e4215fe9bb4ac98c6ba909d8d9ca03f1 Merge: a7ef86a 5c82d5e Author: Nick Mathewson <nickm(a)torproject.org> Date: Fri May 19 09:30:46 2017 -0400 Merge remote-tracking branch 'jigsaw/torrc-dir-fix-1922_squashed' control-spec.txt | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-)

1 0

[torspec/master] Adds GETCONF FORCE flag and getinfo config-can-saveconf #1922
by nickm＠torproject.org 19 May '17

19 May '17

commit 5c82d5e5e8d84e5a189e49d693c3f964d837b261 Author: Daniel Pinto <danielpinto52(a)gmail.com> Date: Thu May 18 22:50:41 2017 +0100 Adds GETCONF FORCE flag and getinfo config-can-saveconf #1922 --- control-spec.txt | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/control-spec.txt b/control-spec.txt index 808e161..6f7cc5c 100644 --- a/control-spec.txt +++ b/control-spec.txt @@ -388,15 +388,23 @@ 3.6. SAVECONF Sent from the client to the server. The syntax is: - "SAVECONF" CRLF + "SAVECONF" [SP "FORCE"] CRLF Instructs the server to write out its config options into its torrc. Server returns "250 OK" if successful, or "551 Unable to write configuration to disk" if it can't write the file or some other error occurs. + If the %include option is used on torrc, SAVECONF will not write the + configuration to disk. If the flag string "FORCE" is provided, the configuration + will be overwritten even if %include is used. Using %include on defaults-torrc + does not affect SAVECONF. + See also the "getinfo config-text" command, if the controller wants to write the torrc file itself. + See also the "getinfo config-can-saveconf" command, to tell if the FORCE + flag will be required. + 3.7. SIGNAL Sent from the client to the server. The syntax is: @@ -1003,6 +1011,12 @@ consensus, base-64 encoded. An empty value means that either the consensus has no shared random value, or Tor has no consensus. + [New in Tor 0.3.1.0-alpha.] + + "config-can-saveconf" + 0 or 1, depending on whether it is possile to use SAVECONF without the + FORCE flag. + Examples: C: GETINFO version desc/name/moria1 S: 250+desc/name/moria=

1 0

[tor/master] tt_* macros can "goto done; " so define any freeable things before them.
by nickm＠torproject.org 19 May '17

19 May '17

commit dcfed8c1c8e8b3a63284249cf318dd353ea44d7d Author: Nick Mathewson <nickm(a)torproject.org> Date: Fri May 19 08:55:14 2017 -0400 tt_* macros can "goto done;" so define any freeable things before them. --- src/test/test_config.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/src/test/test_config.c b/src/test/test_config.c index 983fe88..8419acb 100644 --- a/src/test/test_config.c +++ b/src/test/test_config.c @@ -4815,6 +4815,7 @@ test_config_include_limit(void *data) { (void)data; + config_line_t *result = NULL; char *dir = tor_strdup(get_fname("test_include_limit")); tt_ptr_op(dir, OP_NE, NULL); @@ -4831,7 +4832,6 @@ test_config_include_limit(void *data) torrc_path); tt_int_op(write_str_to_file(torrc_path, torrc_contents, 0), OP_EQ, 0); - config_line_t *result = NULL; tt_int_op(config_get_lines_include(torrc_contents, &result, 0, NULL), OP_EQ, -1); @@ -4845,6 +4845,7 @@ test_config_include_does_not_exist(void *data) { (void)data; + config_line_t *result = NULL; char *dir = tor_strdup(get_fname("test_include_does_not_exist")); tt_ptr_op(dir, OP_NE, NULL); @@ -4861,7 +4862,6 @@ test_config_include_does_not_exist(void *data) tor_snprintf(torrc_contents, sizeof(torrc_contents), "%%include %s", missing_path); - config_line_t *result = NULL; tt_int_op(config_get_lines_include(torrc_contents, &result, 0, NULL), OP_EQ, -1); @@ -4874,6 +4874,7 @@ static void test_config_include_error_in_included_file(void *data) { (void)data; + config_line_t *result = NULL; char *dir = tor_strdup(get_fname("test_error_in_included_file")); tt_ptr_op(dir, OP_NE, NULL); @@ -4893,7 +4894,6 @@ test_config_include_error_in_included_file(void *data) tor_snprintf(torrc_contents, sizeof(torrc_contents), "%%include %s", invalid_path); - config_line_t *result = NULL; tt_int_op(config_get_lines_include(torrc_contents, &result, 0, NULL), OP_EQ, -1); @@ -4906,6 +4906,7 @@ static void test_config_include_empty_file_folder(void *data) { (void)data; + config_line_t *result = NULL; char *dir = tor_strdup(get_fname("test_include_empty_file_folder")); tt_ptr_op(dir, OP_NE, NULL); @@ -4935,7 +4936,6 @@ test_config_include_empty_file_folder(void *data) "%%include %s\n", folder_path, file_path); - config_line_t *result = NULL; int include_used; tt_int_op(config_get_lines_include(torrc_contents, &result, 0,&include_used), OP_EQ, 0); @@ -4952,6 +4952,7 @@ test_config_include_recursion_before_after(void *data) { (void)data; + config_line_t *result = NULL; char *dir = tor_strdup(get_fname("test_include_recursion_before_after")); tt_ptr_op(dir, OP_NE, NULL); @@ -4987,7 +4988,6 @@ test_config_include_recursion_before_after(void *data) } } - config_line_t *result = NULL; int include_used; tt_int_op(config_get_lines_include(file_contents, &result, 0, &include_used), OP_EQ, 0); @@ -5015,6 +5015,7 @@ test_config_include_recursion_after_only(void *data) { (void)data; + config_line_t *result = NULL; char *dir = tor_strdup(get_fname("test_include_recursion_after_only")); tt_ptr_op(dir, OP_NE, NULL); @@ -5050,7 +5051,6 @@ test_config_include_recursion_after_only(void *data) } } - config_line_t *result = NULL; int include_used; tt_int_op(config_get_lines_include(file_contents, &result, 0, &include_used), OP_EQ, 0); @@ -5078,6 +5078,7 @@ test_config_include_folder_order(void *data) { (void)data; + config_line_t *result = NULL; char *dir = tor_strdup(get_fname("test_include_folder_order")); tt_ptr_op(dir, OP_NE, NULL); @@ -5134,7 +5135,6 @@ test_config_include_folder_order(void *data) "%%include %s\n", torrcd); - config_line_t *result = NULL; int include_used; tt_int_op(config_get_lines_include(torrc_contents, &result, 0,&include_used), OP_EQ, 0); @@ -5162,6 +5162,7 @@ test_config_include_path_syntax(void *data) { (void)data; + config_line_t *result = NULL; char *dir = tor_strdup(get_fname("test_include_path_syntax")); tt_ptr_op(dir, OP_NE, NULL); @@ -5178,7 +5179,6 @@ test_config_include_path_syntax(void *data) "%%include \"%s"PATH_SEPARATOR"\"\n", dir, dir, dir); - config_line_t *result = NULL; int include_used; tt_int_op(config_get_lines_include(torrc_contents, &result, 0,&include_used), OP_EQ, 0); @@ -5218,6 +5218,7 @@ test_config_include_has_include(void *data) { (void)data; + config_line_t *result = NULL; char *dir = tor_strdup(get_fname("test_include_has_include")); tt_ptr_op(dir, OP_NE, NULL); @@ -5228,7 +5229,6 @@ test_config_include_has_include(void *data) #endif char torrc_contents[1000] = "Test 1\n"; - config_line_t *result = NULL; int include_used; tt_int_op(config_get_lines_include(torrc_contents, &result, 0,&include_used),

1 0

[tor/master] changelog entry for 22106
by nickm＠torproject.org 19 May '17

19 May '17

commit 3c6d5e10a06857cfb60b517a8d0349a119a99f13 Author: Nick Mathewson <nickm(a)torproject.org> Date: Fri May 19 09:10:23 2017 -0400 changelog entry for 22106 --- changes/feature22106 | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/changes/feature22106 b/changes/feature22106 new file mode 100644 index 0000000..d277007 --- /dev/null +++ b/changes/feature22106 @@ -0,0 +1,12 @@ + o Major features (security, stability, experimental): + + - Tor now has the optional ability to include modules written in + Rust. To turn this on, pass the "--enable-rust" flag to the + configure script. + + It's not time to get excited yet: currently, there is no actual + Rust functionality beyond some simple glue code, and a notice at + startup to tell you that Rust is running. Still, we hope that + programmers and packagers will try building with rust + support, so that we can find issues with the build system, + and solve portability issues. Closes ticket 22106.

1 0

[tor/master] strlen() returns size_t
by nickm＠torproject.org 19 May '17

19 May '17

commit ff1af5550ab4b6ba83a058e79e99ee2f88081b59 Author: Nick Mathewson <nickm(a)torproject.org> Date: Fri May 19 08:54:56 2017 -0400 strlen() returns size_t --- src/common/util.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/common/util.c b/src/common/util.c index 5c45558..4babc4a 100644 --- a/src/common/util.c +++ b/src/common/util.c @@ -3051,7 +3051,7 @@ unescape_string(const char *s, char **result, size_t *size_out) char * get_unquoted_path(const char *path) { - int len = strlen(path); + size_t len = strlen(path); if (len == 0) { return tor_strdup(""); @@ -3065,7 +3065,7 @@ get_unquoted_path(const char *path) char *unquoted_path = tor_malloc(len - has_start_quote - has_end_quote + 1); char *s = unquoted_path; - int i; + size_t i; for (i = has_start_quote; i < len - has_end_quote; i++) { if (path[i] == '\"' && (i > 0 && path[i-1] == '\\')) { *(s-1) = path[i];

1 0