tor-commits
Threads by month
- ----- 2025 -----
- July
- June
- May
- April
- March
- February
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
September 2017
- 16 participants
- 2950 discussions
commit b002f78ad6a89df82ee7a9794dc848173e0f695c
Author: Nick Mathewson <nickm(a)torproject.org>
Date: Mon Sep 18 11:15:41 2017 -0400
0.3.1.7 is out.
---
Makefile | 4 ++--
include/versions.wmi | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/Makefile b/Makefile
index 584ad168..ed0e9d6f 100644
--- a/Makefile
+++ b/Makefile
@@ -14,8 +14,8 @@
# branch to your personal webwml repository, open a trac ticket in the
# website component, and set it to needs_review.
-export STABLETAG=tor-0.3.0.10
-export DEVTAG=tor-0.3.1.6-rc
+export STABLETAG=tor-0.3.1.7
+export DEVTAG=tor-0.3.1.7
WMLBASE=.
diff --git a/include/versions.wmi b/include/versions.wmi
index 1740e025..4c49fd02 100644
--- a/include/versions.wmi
+++ b/include/versions.wmi
@@ -1,5 +1,5 @@
-<define-tag version-stable whitespace=delete>0.3.0.10</define-tag>
-<define-tag version-alpha whitespace=delete>0.3.1.6-rc</define-tag>
+<define-tag version-stable whitespace=delete>0.3.1.7</define-tag>
+<define-tag version-alpha whitespace=delete>0.3.1.7</define-tag>
<define-tag version-win32-stable whitespace=delete>0.3.0.10</define-tag>
1
0

[tor/master] sched: Don't cast to int32_t the monotime_diff_msec() result
by nickm@torproject.org 18 Sep '17
by nickm@torproject.org 18 Sep '17
18 Sep '17
commit 77cc97cf0a20ed0a062a1cb87bef6c40941e4cff
Author: David Goulet <dgoulet(a)torproject.org>
Date: Mon Sep 18 10:47:05 2017 -0400
sched: Don't cast to int32_t the monotime_diff_msec() result
When the KIST schedule() is called, it computes a diff value between the last
scheduler run and the current monotonic time. If tha value is below the run
interval, the libevent even is updated else the event is run.
It turned out that casting to int32_t the returned int64_t value for the very
first scheduler run (which is set to 0) was creating an overflow on the 32 bit
value leading to adding the event with a gigantic usec value. The scheduler
was simply never running for a while.
First of all, a BUG() is added for a diff value < 0 because if the time is
really monotonic, we should never have a now time that is lower than the last
scheduler run time. And we will try to recover with a diff value to 0.
Second, the diff value is changed to int64_t so we avoid this "bootstrap
overflow" and future casting overflow problems.
Fixes #23558
Signed-off-by: David Goulet <dgoulet(a)torproject.org>
---
src/or/scheduler_kist.c | 15 ++++++++++++---
1 file changed, 12 insertions(+), 3 deletions(-)
diff --git a/src/or/scheduler_kist.c b/src/or/scheduler_kist.c
index ba8d416db..e4ae07107 100644
--- a/src/or/scheduler_kist.c
+++ b/src/or/scheduler_kist.c
@@ -507,16 +507,25 @@ kist_scheduler_schedule(void)
{
struct monotime_t now;
struct timeval next_run;
- int32_t diff;
+ int64_t diff;
if (!have_work()) {
return;
}
monotime_get(&now);
- diff = (int32_t) monotime_diff_msec(&scheduler_last_run, &now);
+
+ /* If time is really monotonic, we can never have now being smaller than the
+ * last scheduler run. The scheduler_last_run at first is set to 0. */
+ diff = monotime_diff_msec(&scheduler_last_run, &now);
+ IF_BUG_ONCE(diff < 0) {
+ diff = 0;
+ }
if (diff < sched_run_interval) {
next_run.tv_sec = 0;
- /* 1000 for ms -> us */
+ /* Takes 1000 ms -> us. This will always be valid because diff can NOT be
+ * negative and can NOT be smaller than sched_run_interval so values can
+ * only go from 1000 usec (diff set to interval - 1) to 100000 usec (diff
+ * set to 0) for the maximum allowed run interval (100ms). */
next_run.tv_usec = (sched_run_interval - diff) * 1000;
/* Readding an event reschedules it. It does not duplicate it. */
scheduler_ev_add(&next_run);
1
0

18 Sep '17
commit c7af923567bca5b0a6e9dcd5ceda4b01be09f9a1
Author: David Goulet <dgoulet(a)torproject.org>
Date: Mon Sep 18 10:58:38 2017 -0400
sched: BUG() on event_add() and log_warn next_run
It is highly unlikely to happen but if so, we need to know and why. The
warning with the next_run values could help.
Signed-off-by: David Goulet <dgoulet(a)torproject.org>
---
src/or/scheduler.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/src/or/scheduler.c b/src/or/scheduler.c
index 2d6f7fc4b..43fff2bf2 100644
--- a/src/or/scheduler.c
+++ b/src/or/scheduler.c
@@ -506,7 +506,11 @@ scheduler_ev_add(const struct timeval *next_run)
{
tor_assert(run_sched_ev);
tor_assert(next_run);
- event_add(run_sched_ev, next_run);
+ if (BUG(event_add(run_sched_ev, next_run) < 0)) {
+ log_warn(LD_SCHED, "Adding to libevent failed. Next run time was set to: "
+ "%ld.%06ld", next_run->tv_sec, next_run->tv_usec);
+ return;
+ }
}
/* Make the scheduler event active with the given flags. */
1
0

[tor/master] Merge remote-tracking branch 'dgoulet/bug23558_032_01'
by nickm@torproject.org 18 Sep '17
by nickm@torproject.org 18 Sep '17
18 Sep '17
commit a23a168f24b490958e999603a719d15ae42755a9
Merge: aaf0fa6d1 c7af92356
Author: Nick Mathewson <nickm(a)torproject.org>
Date: Mon Sep 18 11:02:37 2017 -0400
Merge remote-tracking branch 'dgoulet/bug23558_032_01'
src/or/scheduler.c | 6 +++++-
src/or/scheduler_kist.c | 15 ++++++++++++---
2 files changed, 17 insertions(+), 4 deletions(-)
1
0

[tor/master] forward-port changelogs and release notes for 0.2.8.15, 0.2.9.12, 0.3.0.11, 0.3.1.7
by nickm@torproject.org 18 Sep '17
by nickm@torproject.org 18 Sep '17
18 Sep '17
commit 3767a7020fdac382ac0af9e2269f29307151e8d9
Author: Nick Mathewson <nickm(a)torproject.org>
Date: Mon Sep 18 10:11:15 2017 -0400
forward-port changelogs and release notes for 0.2.8.15, 0.2.9.12, 0.3.0.11, 0.3.1.7
---
ChangeLog | 289 ++++++++++++++++++++
ReleaseNotes | 879 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 1168 insertions(+)
diff --git a/ChangeLog b/ChangeLog
index b30ca2ad4..566da0478 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,292 @@
+Changes in version 0.2.8.15 - 2017-09-18
+ Tor 0.2.8.15 backports a collection of bugfixes from later
+ Tor series.
+
+ Most significantly, it includes a fix for TROVE-2017-008, a
+ security bug that affects hidden services running with the
+ SafeLogging option disabled. For more information, see
+ https://trac.torproject.org/projects/tor/ticket/23490
+
+ Note that Tor 0.2.8.x will no longer be supported after 1 Jan
+ 2018. We suggest that you upgrade to the latest stable release if
+ possible. If you can't, we recommend that you upgrade at least to
+ 0.2.9, which will be supported until 2020.
+
+ o Major bugfixes (openbsd, denial-of-service, backport from 0.3.1.5-alpha):
+ - Avoid an assertion failure bug affecting our implementation of
+ inet_pton(AF_INET6) on certain OpenBSD systems whose strtol()
+ handling of "0xx" differs from what we had expected. Fixes bug
+ 22789; bugfix on 0.2.3.8-alpha. Also tracked as TROVE-2017-007.
+
+ o Minor features:
+ - Update geoip and geoip6 to the September 6 2017 Maxmind GeoLite2
+ Country database.
+
+ o Minor bugfixes (compilation, mingw, backport from 0.3.1.1-alpha):
+ - Backport a fix for an "unused variable" warning that appeared
+ in some versions of mingw. Fixes bug 22838; bugfix on
+ 0.2.8.1-alpha.
+
+ o Minor bugfixes (defensive programming, undefined behavior, backport from 0.3.1.4-alpha):
+ - Fix a memset() off the end of an array when packing cells. This
+ bug should be harmless in practice, since the corrupted bytes are
+ still in the same structure, and are always padding bytes,
+ ignored, or immediately overwritten, depending on compiler
+ behavior. Nevertheless, because the memset()'s purpose is to make
+ sure that any other cell-handling bugs can't expose bytes to the
+ network, we need to fix it. Fixes bug 22737; bugfix on
+ 0.2.4.11-alpha. Fixes CID 1401591.
+
+ o Build features (backport from 0.3.1.5-alpha):
+ - Tor's repository now includes a Travis Continuous Integration (CI)
+ configuration file (.travis.yml). This is meant to help new
+ developers and contributors who fork Tor to a Github repository be
+ better able to test their changes, and understand what we expect
+ to pass. To use this new build feature, you must fork Tor to your
+ Github account, then go into the "Integrations" menu in the
+ repository settings for your fork and enable Travis, then push
+ your changes. Closes ticket 22636.
+
+
+Changes in version 0.2.9.12 - 2017-09-18
+ Tor 0.2.9.12 backports a collection of bugfixes from later
+ Tor series.
+
+ Most significantly, it includes a fix for TROVE-2017-008, a
+ security bug that affects hidden services running with the
+ SafeLogging option disabled. For more information, see
+ https://trac.torproject.org/projects/tor/ticket/23490
+
+ o Major features (security, backport from 0.3.0.2-alpha):
+ - Change the algorithm used to decide DNS TTLs on client and server
+ side, to better resist DNS-based correlation attacks like the
+ DefecTor attack of Greschbach, Pulls, Roberts, Winter, and
+ Feamster. Now relays only return one of two possible DNS TTL
+ values, and clients are willing to believe DNS TTL values up to 3
+ hours long. Closes ticket 19769.
+
+ o Major bugfixes (crash, directory connections, backport from 0.3.0.5-rc):
+ - Fix a rare crash when sending a begin cell on a circuit whose
+ linked directory connection had already been closed. Fixes bug
+ 21576; bugfix on 0.2.9.3-alpha. Reported by Alec Muffett.
+
+ o Major bugfixes (DNS, backport from 0.3.0.2-alpha):
+ - Fix a bug that prevented exit nodes from caching DNS records for
+ more than 60 seconds. Fixes bug 19025; bugfix on 0.2.4.7-alpha.
+
+ o Major bugfixes (linux TPROXY support, backport from 0.3.1.1-alpha):
+ - Fix a typo that had prevented TPROXY-based transparent proxying
+ from working under Linux. Fixes bug 18100; bugfix on 0.2.6.3-alpha.
+ Patch from "d4fq0fQAgoJ".
+
+ o Major bugfixes (openbsd, denial-of-service, backport from 0.3.1.5-alpha):
+ - Avoid an assertion failure bug affecting our implementation of
+ inet_pton(AF_INET6) on certain OpenBSD systems whose strtol()
+ handling of "0xx" differs from what we had expected. Fixes bug
+ 22789; bugfix on 0.2.3.8-alpha. Also tracked as TROVE-2017-007.
+
+ o Minor features (code style, backport from 0.3.1.3-alpha):
+ - Add "Falls through" comments to our codebase, in order to silence
+ GCC 7's -Wimplicit-fallthrough warnings. Patch from Andreas
+ Stieger. Closes ticket 22446.
+
+ o Minor features (geoip):
+ - Update geoip and geoip6 to the September 6 2017 Maxmind GeoLite2
+ Country database.
+
+ o Minor bugfixes (bandwidth accounting, backport from 0.3.1.1-alpha):
+ - Roll over monthly accounting at the configured hour and minute,
+ rather than always at 00:00. Fixes bug 22245; bugfix on 0.0.9rc1.
+ Found by Andrey Karpov with PVS-Studio.
+
+ o Minor bugfixes (compilation, backport from 0.3.1.5-alpha):
+ - Suppress -Wdouble-promotion warnings with clang 4.0. Fixes bug 22915;
+ bugfix on 0.2.8.1-alpha.
+ - Fix warnings when building with libscrypt and openssl scrypt support
+ on Clang. Fixes bug 22916; bugfix on 0.2.7.2-alpha.
+ - When building with certain versions the mingw C header files, avoid
+ float-conversion warnings when calling the C functions isfinite(),
+ isnan(), and signbit(). Fixes bug 22801; bugfix on 0.2.8.1-alpha.
+
+ o Minor bugfixes (compilation, backport from 0.3.1.7):
+ - Avoid compiler warnings in the unit tests for running tor_sscanf()
+ with wide string outputs. Fixes bug 15582; bugfix on 0.2.6.2-alpha.
+
+ o Minor bugfixes (compilation, mingw, backport from 0.3.1.1-alpha):
+ - Backport a fix for an "unused variable" warning that appeared
+ in some versions of mingw. Fixes bug 22838; bugfix on
+ 0.2.8.1-alpha.
+
+ o Minor bugfixes (controller, backport from 0.3.1.7):
+ - Do not crash when receiving a HSPOST command with an empty body.
+ Fixes part of bug 22644; bugfix on 0.2.7.1-alpha.
+ - Do not crash when receiving a POSTDESCRIPTOR command with an
+ empty body. Fixes part of bug 22644; bugfix on 0.2.0.1-alpha.
+
+ o Minor bugfixes (coverity build support, backport from 0.3.1.5-alpha):
+ - Avoid Coverity build warnings related to our BUG() macro. By
+ default, Coverity treats BUG() as the Linux kernel does: an
+ instant abort(). We need to override that so our BUG() macro
+ doesn't prevent Coverity from analyzing functions that use it.
+ Fixes bug 23030; bugfix on 0.2.9.1-alpha.
+
+ o Minor bugfixes (defensive programming, undefined behavior, backport from 0.3.1.4-alpha):
+ - Fix a memset() off the end of an array when packing cells. This
+ bug should be harmless in practice, since the corrupted bytes are
+ still in the same structure, and are always padding bytes,
+ ignored, or immediately overwritten, depending on compiler
+ behavior. Nevertheless, because the memset()'s purpose is to make
+ sure that any other cell-handling bugs can't expose bytes to the
+ network, we need to fix it. Fixes bug 22737; bugfix on
+ 0.2.4.11-alpha. Fixes CID 1401591.
+
+ o Minor bugfixes (file limits, osx, backport from 0.3.1.5-alpha):
+ - When setting the maximum number of connections allowed by the OS,
+ always allow some extra file descriptors for other files. Fixes
+ bug 22797; bugfix on 0.2.0.10-alpha.
+
+ o Minor bugfixes (linux seccomp2 sandbox, backport from 0.3.1.5-alpha):
+ - Avoid a sandbox failure when trying to re-bind to a socket and
+ mark it as IPv6-only. Fixes bug 20247; bugfix on 0.2.5.1-alpha.
+
+ o Minor bugfixes (linux seccomp2 sandbox, backport from 0.3.1.4-alpha):
+ - Permit the fchmod system call, to avoid crashing on startup when
+ starting with the seccomp2 sandbox and an unexpected set of
+ permissions on the data directory or its contents. Fixes bug
+ 22516; bugfix on 0.2.5.4-alpha.
+
+ o Minor bugfixes (relay, backport from 0.3.0.5-rc):
+ - Avoid a double-marked-circuit warning that could happen when we
+ receive DESTROY cells under heavy load. Fixes bug 20059; bugfix
+ on 0.1.0.1-rc.
+
+ o Minor bugfixes (voting consistency, backport from 0.3.1.1-alpha):
+ - Reject version numbers with non-numeric prefixes (such as +, -, or
+ whitespace). Disallowing whitespace prevents differential version
+ parsing between POSIX-based and Windows platforms. Fixes bug 21507
+ and part of 21508; bugfix on 0.0.8pre1.
+
+ o Build features (backport from 0.3.1.5-alpha):
+ - Tor's repository now includes a Travis Continuous Integration (CI)
+ configuration file (.travis.yml). This is meant to help new
+ developers and contributors who fork Tor to a Github repository be
+ better able to test their changes, and understand what we expect
+ to pass. To use this new build feature, you must fork Tor to your
+ Github account, then go into the "Integrations" menu in the
+ repository settings for your fork and enable Travis, then push
+ your changes. Closes ticket 22636.
+
+
+Changes in version 0.3.0.11 - 2017-09-18
+ Tor 0.3.0.11 backports a collection of bugfixes from Tor the 0.3.1
+ series.
+
+ Most significantly, it includes a fix for TROVE-2017-008, a
+ security bug that affects hidden services running with the
+ SafeLogging option disabled. For more information, see
+ https://trac.torproject.org/projects/tor/ticket/23490
+
+ o Minor features (code style, backport from 0.3.1.7):
+ - Add "Falls through" comments to our codebase, in order to silence
+ GCC 7's -Wimplicit-fallthrough warnings. Patch from Andreas
+ Stieger. Closes ticket 22446.
+
+ o Minor features:
+ - Update geoip and geoip6 to the September 6 2017 Maxmind GeoLite2
+ Country database.
+
+ o Minor bugfixes (compilation, backport from 0.3.1.7):
+ - Avoid compiler warnings in the unit tests for calling tor_sscanf()
+ with wide string outputs. Fixes bug 15582; bugfix on 0.2.6.2-alpha.
+
+ o Minor bugfixes (controller, backport from 0.3.1.7):
+ - Do not crash when receiving a HSPOST command with an empty body.
+ Fixes part of bug 22644; bugfix on 0.2.7.1-alpha.
+ - Do not crash when receiving a POSTDESCRIPTOR command with an empty
+ body. Fixes part of bug 22644; bugfix on 0.2.0.1-alpha.
+
+ o Minor bugfixes (file limits, osx, backport from 0.3.1.5-alpha):
+ - When setting the maximum number of connections allowed by the OS,
+ always allow some extra file descriptors for other files. Fixes
+ bug 22797; bugfix on 0.2.0.10-alpha.
+
+ o Minor bugfixes (logging, relay, backport from 0.3.1.6-rc):
+ - Remove a forgotten debugging message when an introduction point
+ successfully establishes a hidden service prop224 circuit with
+ a client.
+ - Change three other log_warn() for an introduction point to
+ protocol warnings, because they can be failure from the network
+ and are not relevant to the operator. Fixes bug 23078; bugfix on
+ 0.3.0.1-alpha and 0.3.0.2-alpha.
+
+
+Changes in version 0.3.1.7 - 2017-09-18
+ Tor 0.3.1.7 is the first stable release in the 0.3.1 series.
+
+ With the 0.3.1 series, Tor now serves and downloads directory
+ information in more compact formats, to save on bandwidth overhead. It
+ also contains a new padding system to resist netflow-based traffic
+ analysis, and experimental support for building parts of Tor in Rust
+ (though no parts of Tor are in Rust yet). There are also numerous
+ small features, bugfixes on earlier release series, and groundwork for
+ the hidden services revamp of 0.3.2.
+
+ This release also includes a fix for TROVE-2017-008, a security bug
+ that affects hidden services running with the SafeLogging option
+ disabled. For more information, see
+ https://trac.torproject.org/projects/tor/ticket/23490
+
+ Per our stable release policy, we plan to support each stable release
+ series for at least the next nine months, or for three months after
+ the first stable release of the next series: whichever is longer. If
+ you need a release with long-term support, we recommend that you stay
+ with the 0.2.9 series.
+
+ Below is a list of the changes since 0.3.1.6-rc. For a list of all
+ changes since 0.3.0, see the ReleaseNotes file.
+
+ o Major bugfixes (security, hidden services, loggging):
+ - Fix a bug where we could log uninitialized stack when a certain
+ hidden service error occurred while SafeLogging was disabled.
+ Fixes bug #23490; bugfix on 0.2.7.2-alpha. This is also tracked as
+ TROVE-2017-008 and CVE-2017-0380.
+
+ o Minor features (defensive programming):
+ - Create a pair of consensus parameters, nf_pad_tor2web and
+ nf_pad_single_onion, to disable netflow padding in the consensus
+ for non-anonymous connections in case the overhead is high. Closes
+ ticket 17857.
+
+ o Minor features (diagnostic):
+ - Add a stack trace to the bug warnings that can be logged when
+ trying to send an outgoing relay cell with n_chan == 0. Diagnostic
+ attempt for bug 23105.
+
+ o Minor features (geoip):
+ - Update geoip and geoip6 to the September 6 2017 Maxmind GeoLite2
+ Country database.
+
+ o Minor bugfixes (compilation):
+ - Avoid compiler warnings in the unit tests for calling tor_sscanf()
+ with wide string outputs. Fixes bug 15582; bugfix on 0.2.6.2-alpha.
+
+ o Minor bugfixes (controller):
+ - Do not crash when receiving a HSPOST command with an empty body.
+ Fixes part of bug 22644; bugfix on 0.2.7.1-alpha.
+ - Do not crash when receiving a POSTDESCRIPTOR command with an empty
+ body. Fixes part of bug 22644; bugfix on 0.2.0.1-alpha.
+
+ o Minor bugfixes (relay):
+ - Inform the geoip and rephist modules about all requests, even on
+ relays that are only fetching microdescriptors. Fixes a bug
+ related to 21585; bugfix on 0.3.0.1-alpha.
+
+ o Minor bugfixes (unit tests):
+ - Fix a channelpadding unit test failure on slow systems by using
+ mocked time instead of actual time. Fixes bug 23077; bugfix
+ on 0.3.1.1-alpha.
+
+
Changes in version 0.3.1.6-rc - 2017-09-05
Tor 0.3.1.6-rc fixes a few small bugs and annoyances in the 0.3.1
release series, including a bug that produced weird behavior on
diff --git a/ReleaseNotes b/ReleaseNotes
index 0012c060f..07a3881ac 100644
--- a/ReleaseNotes
+++ b/ReleaseNotes
@@ -2,6 +2,885 @@ This document summarizes new features and bugfixes in each stable release
of Tor. If you want to see more detailed descriptions of the changes in
each development snapshot, see the ChangeLog file.
+Changes in version 0.2.8.15 - 2017-09-18
+ Tor 0.2.8.15 backports a collection of bugfixes from later
+ Tor series.
+
+ Most significantly, it includes a fix for TROVE-2017-008, a
+ security bug that affects hidden services running with the
+ SafeLogging option disabled. For more information, see
+ https://trac.torproject.org/projects/tor/ticket/23490
+
+ Note that Tor 0.2.8.x will no longer be supported after 1 Jan
+ 2018. We suggest that you upgrade to the latest stable release if
+ possible. If you can't, we recommend that you upgrade at least to
+ 0.2.9, which will be supported until 2020.
+
+ o Major bugfixes (openbsd, denial-of-service, backport from 0.3.1.5-alpha):
+ - Avoid an assertion failure bug affecting our implementation of
+ inet_pton(AF_INET6) on certain OpenBSD systems whose strtol()
+ handling of "0xx" differs from what we had expected. Fixes bug
+ 22789; bugfix on 0.2.3.8-alpha. Also tracked as TROVE-2017-007.
+
+ o Minor features:
+ - Update geoip and geoip6 to the September 6 2017 Maxmind GeoLite2
+ Country database.
+
+ o Minor bugfixes (compilation, mingw, backport from 0.3.1.1-alpha):
+ - Backport a fix for an "unused variable" warning that appeared
+ in some versions of mingw. Fixes bug 22838; bugfix on
+ 0.2.8.1-alpha.
+
+ o Minor bugfixes (defensive programming, undefined behavior, backport from 0.3.1.4-alpha):
+ - Fix a memset() off the end of an array when packing cells. This
+ bug should be harmless in practice, since the corrupted bytes are
+ still in the same structure, and are always padding bytes,
+ ignored, or immediately overwritten, depending on compiler
+ behavior. Nevertheless, because the memset()'s purpose is to make
+ sure that any other cell-handling bugs can't expose bytes to the
+ network, we need to fix it. Fixes bug 22737; bugfix on
+ 0.2.4.11-alpha. Fixes CID 1401591.
+
+ o Build features (backport from 0.3.1.5-alpha):
+ - Tor's repository now includes a Travis Continuous Integration (CI)
+ configuration file (.travis.yml). This is meant to help new
+ developers and contributors who fork Tor to a Github repository be
+ better able to test their changes, and understand what we expect
+ to pass. To use this new build feature, you must fork Tor to your
+ Github account, then go into the "Integrations" menu in the
+ repository settings for your fork and enable Travis, then push
+ your changes. Closes ticket 22636.
+
+
+Changes in version 0.2.9.12 - 2017-09-18
+ Tor 0.2.9.12 backports a collection of bugfixes from later
+ Tor series.
+
+ Most significantly, it includes a fix for TROVE-2017-008, a
+ security bug that affects hidden services running with the
+ SafeLogging option disabled. For more information, see
+ https://trac.torproject.org/projects/tor/ticket/23490
+
+ o Major features (security, backport from 0.3.0.2-alpha):
+ - Change the algorithm used to decide DNS TTLs on client and server
+ side, to better resist DNS-based correlation attacks like the
+ DefecTor attack of Greschbach, Pulls, Roberts, Winter, and
+ Feamster. Now relays only return one of two possible DNS TTL
+ values, and clients are willing to believe DNS TTL values up to 3
+ hours long. Closes ticket 19769.
+
+ o Major bugfixes (crash, directory connections, backport from 0.3.0.5-rc):
+ - Fix a rare crash when sending a begin cell on a circuit whose
+ linked directory connection had already been closed. Fixes bug
+ 21576; bugfix on 0.2.9.3-alpha. Reported by Alec Muffett.
+
+ o Major bugfixes (DNS, backport from 0.3.0.2-alpha):
+ - Fix a bug that prevented exit nodes from caching DNS records for
+ more than 60 seconds. Fixes bug 19025; bugfix on 0.2.4.7-alpha.
+
+ o Major bugfixes (linux TPROXY support, backport from 0.3.1.1-alpha):
+ - Fix a typo that had prevented TPROXY-based transparent proxying
+ from working under Linux. Fixes bug 18100; bugfix on 0.2.6.3-alpha.
+ Patch from "d4fq0fQAgoJ".
+
+ o Major bugfixes (openbsd, denial-of-service, backport from 0.3.1.5-alpha):
+ - Avoid an assertion failure bug affecting our implementation of
+ inet_pton(AF_INET6) on certain OpenBSD systems whose strtol()
+ handling of "0xx" differs from what we had expected. Fixes bug
+ 22789; bugfix on 0.2.3.8-alpha. Also tracked as TROVE-2017-007.
+
+ o Minor features (code style, backport from 0.3.1.3-alpha):
+ - Add "Falls through" comments to our codebase, in order to silence
+ GCC 7's -Wimplicit-fallthrough warnings. Patch from Andreas
+ Stieger. Closes ticket 22446.
+
+ o Minor features (geoip):
+ - Update geoip and geoip6 to the September 6 2017 Maxmind GeoLite2
+ Country database.
+
+ o Minor bugfixes (bandwidth accounting, backport from 0.3.1.1-alpha):
+ - Roll over monthly accounting at the configured hour and minute,
+ rather than always at 00:00. Fixes bug 22245; bugfix on 0.0.9rc1.
+ Found by Andrey Karpov with PVS-Studio.
+
+ o Minor bugfixes (compilation, backport from 0.3.1.5-alpha):
+ - Suppress -Wdouble-promotion warnings with clang 4.0. Fixes bug 22915;
+ bugfix on 0.2.8.1-alpha.
+ - Fix warnings when building with libscrypt and openssl scrypt support
+ on Clang. Fixes bug 22916; bugfix on 0.2.7.2-alpha.
+ - When building with certain versions the mingw C header files, avoid
+ float-conversion warnings when calling the C functions isfinite(),
+ isnan(), and signbit(). Fixes bug 22801; bugfix on 0.2.8.1-alpha.
+
+ o Minor bugfixes (compilation, backport from 0.3.1.7):
+ - Avoid compiler warnings in the unit tests for running tor_sscanf()
+ with wide string outputs. Fixes bug 15582; bugfix on 0.2.6.2-alpha.
+
+ o Minor bugfixes (compilation, mingw, backport from 0.3.1.1-alpha):
+ - Backport a fix for an "unused variable" warning that appeared
+ in some versions of mingw. Fixes bug 22838; bugfix on
+ 0.2.8.1-alpha.
+
+ o Minor bugfixes (controller, backport from 0.3.1.7):
+ - Do not crash when receiving a HSPOST command with an empty body.
+ Fixes part of bug 22644; bugfix on 0.2.7.1-alpha.
+ - Do not crash when receiving a POSTDESCRIPTOR command with an
+ empty body. Fixes part of bug 22644; bugfix on 0.2.0.1-alpha.
+
+ o Minor bugfixes (coverity build support, backport from 0.3.1.5-alpha):
+ - Avoid Coverity build warnings related to our BUG() macro. By
+ default, Coverity treats BUG() as the Linux kernel does: an
+ instant abort(). We need to override that so our BUG() macro
+ doesn't prevent Coverity from analyzing functions that use it.
+ Fixes bug 23030; bugfix on 0.2.9.1-alpha.
+
+ o Minor bugfixes (defensive programming, undefined behavior, backport from 0.3.1.4-alpha):
+ - Fix a memset() off the end of an array when packing cells. This
+ bug should be harmless in practice, since the corrupted bytes are
+ still in the same structure, and are always padding bytes,
+ ignored, or immediately overwritten, depending on compiler
+ behavior. Nevertheless, because the memset()'s purpose is to make
+ sure that any other cell-handling bugs can't expose bytes to the
+ network, we need to fix it. Fixes bug 22737; bugfix on
+ 0.2.4.11-alpha. Fixes CID 1401591.
+
+ o Minor bugfixes (file limits, osx, backport from 0.3.1.5-alpha):
+ - When setting the maximum number of connections allowed by the OS,
+ always allow some extra file descriptors for other files. Fixes
+ bug 22797; bugfix on 0.2.0.10-alpha.
+
+ o Minor bugfixes (linux seccomp2 sandbox, backport from 0.3.1.5-alpha):
+ - Avoid a sandbox failure when trying to re-bind to a socket and
+ mark it as IPv6-only. Fixes bug 20247; bugfix on 0.2.5.1-alpha.
+
+ o Minor bugfixes (linux seccomp2 sandbox, backport from 0.3.1.4-alpha):
+ - Permit the fchmod system call, to avoid crashing on startup when
+ starting with the seccomp2 sandbox and an unexpected set of
+ permissions on the data directory or its contents. Fixes bug
+ 22516; bugfix on 0.2.5.4-alpha.
+
+ o Minor bugfixes (relay, backport from 0.3.0.5-rc):
+ - Avoid a double-marked-circuit warning that could happen when we
+ receive DESTROY cells under heavy load. Fixes bug 20059; bugfix
+ on 0.1.0.1-rc.
+
+ o Minor bugfixes (voting consistency, backport from 0.3.1.1-alpha):
+ - Reject version numbers with non-numeric prefixes (such as +, -, or
+ whitespace). Disallowing whitespace prevents differential version
+ parsing between POSIX-based and Windows platforms. Fixes bug 21507
+ and part of 21508; bugfix on 0.0.8pre1.
+
+ o Build features (backport from 0.3.1.5-alpha):
+ - Tor's repository now includes a Travis Continuous Integration (CI)
+ configuration file (.travis.yml). This is meant to help new
+ developers and contributors who fork Tor to a Github repository be
+ better able to test their changes, and understand what we expect
+ to pass. To use this new build feature, you must fork Tor to your
+ Github account, then go into the "Integrations" menu in the
+ repository settings for your fork and enable Travis, then push
+ your changes. Closes ticket 22636.
+
+
+Changes in version 0.3.0.11 - 2017-09-18
+ Tor 0.3.0.11 backports a collection of bugfixes from Tor the 0.3.1
+ series.
+
+ Most significantly, it includes a fix for TROVE-2017-008, a
+ security bug that affects hidden services running with the
+ SafeLogging option disabled. For more information, see
+ https://trac.torproject.org/projects/tor/ticket/23490
+
+ o Minor features (code style, backport from 0.3.1.7):
+ - Add "Falls through" comments to our codebase, in order to silence
+ GCC 7's -Wimplicit-fallthrough warnings. Patch from Andreas
+ Stieger. Closes ticket 22446.
+
+ o Minor features:
+ - Update geoip and geoip6 to the September 6 2017 Maxmind GeoLite2
+ Country database.
+
+ o Minor bugfixes (compilation, backport from 0.3.1.7):
+ - Avoid compiler warnings in the unit tests for calling tor_sscanf()
+ with wide string outputs. Fixes bug 15582; bugfix on 0.2.6.2-alpha.
+
+ o Minor bugfixes (controller, backport from 0.3.1.7):
+ - Do not crash when receiving a HSPOST command with an empty body.
+ Fixes part of bug 22644; bugfix on 0.2.7.1-alpha.
+ - Do not crash when receiving a POSTDESCRIPTOR command with an empty
+ body. Fixes part of bug 22644; bugfix on 0.2.0.1-alpha.
+
+ o Minor bugfixes (file limits, osx, backport from 0.3.1.5-alpha):
+ - When setting the maximum number of connections allowed by the OS,
+ always allow some extra file descriptors for other files. Fixes
+ bug 22797; bugfix on 0.2.0.10-alpha.
+
+ o Minor bugfixes (logging, relay, backport from 0.3.1.6-rc):
+ - Remove a forgotten debugging message when an introduction point
+ successfully establishes a hidden service prop224 circuit with
+ a client.
+ - Change three other log_warn() for an introduction point to
+ protocol warnings, because they can be failure from the network
+ and are not relevant to the operator. Fixes bug 23078; bugfix on
+ 0.3.0.1-alpha and 0.3.0.2-alpha.
+
+
+Changes in version 0.3.1.7 - 2017-09-18
+ Tor 0.3.1.7 is the first stable release in the 0.3.1 series.
+
+ With the 0.3.1 series, Tor now serves and downloads directory
+ information in more compact formats, to save on bandwidth overhead. It
+ also contains a new padding system to resist netflow-based traffic
+ analysis, and experimental support for building parts of Tor in Rust
+ (though no parts of Tor are in Rust yet). There are also numerous
+ small features, bugfixes on earlier release series, and groundwork for
+ the hidden services revamp of 0.3.2.
+
+ This release also includes a fix for TROVE-2017-008, a security bug
+ that affects hidden services running with the SafeLogging option
+ disabled. For more information, see
+ https://trac.torproject.org/projects/tor/ticket/23490
+
+ Per our stable release policy, we plan to support each stable release
+ series for at least the next nine months, or for three months after
+ the first stable release of the next series: whichever is longer. If
+ you need a release with long-term support, we recommend that you stay
+ with the 0.2.9 series.
+
+ Below is a list of the changes since 0.3.0. For a list of all
+ changes since 0.3.1.6-rc, see the ChangeLog file.
+
+ o New dependencies:
+ - To build with zstd and lzma support, Tor now requires the
+ pkg-config tool at build time.
+
+ o Major bugfixes (security, hidden services, loggging):
+ - Fix a bug where we could log uninitialized stack when a certain
+ hidden service error occurred while SafeLogging was disabled.
+ Fixes bug #23490; bugfix on 0.2.7.2-alpha.
+ This is also tracked as TROVE-2017-008 and CVE-2017-0380.
+
+ o Major features (build system, continuous integration):
+ - Tor's repository now includes a Travis Continuous Integration (CI)
+ configuration file (.travis.yml). This is meant to help new
+ developers and contributors who fork Tor to a Github repository be
+ better able to test their changes, and understand what we expect
+ to pass. To use this new build feature, you must fork Tor to your
+ Github account, then go into the "Integrations" menu in the
+ repository settings for your fork and enable Travis, then push
+ your changes. Closes ticket 22636.
+
+ o Major features (directory protocol):
+ - Tor relays and authorities can now serve clients an abbreviated
+ version of the consensus document, containing only the changes
+ since an older consensus document that the client holds. Clients
+ now request these documents when available. When both client and
+ server use this new protocol, they will use far less bandwidth (up
+ to 94% less) to keep the client's consensus up-to-date. Implements
+ proposal 140; closes ticket 13339. Based on work by Daniel Martí.
+ - Tor can now compress directory traffic with lzma or with zstd
+ compression algorithms, which can deliver better bandwidth
+ performance. Because lzma is computationally expensive, it's only
+ used for documents that can be compressed once and served many
+ times. Support for these algorithms requires that tor is built
+ with the libzstd and/or liblzma libraries available. Implements
+ proposal 278; closes ticket 21662.
+ - Relays now perform the more expensive compression operations, and
+ consensus diff generation, in worker threads. This separation
+ avoids delaying the main thread when a new consensus arrives.
+
+ o Major features (experimental):
+ - Tor can now build modules written in Rust. To turn this on, pass
+ the "--enable-rust" flag to the configure script. It's not time to
+ get excited yet: currently, there is no actual Rust functionality
+ beyond some simple glue code, and a notice at startup to tell you
+ that Rust is running. Still, we hope that programmers and
+ packagers will try building Tor with Rust support, so that we can
+ find issues and solve portability problems. Closes ticket 22106.
+
+ o Major features (traffic analysis resistance):
+ - Connections between clients and relays now send a padding cell in
+ each direction every 1.5 to 9.5 seconds (tunable via consensus
+ parameters). This padding will not resist specialized
+ eavesdroppers, but it should be enough to make many ISPs' routine
+ network flow logging less useful in traffic analysis against
+ Tor users.
+
+ Padding is negotiated using Tor's link protocol, so both relays
+ and clients must upgrade for this to take effect. Clients may
+ still send padding despite the relay's version by setting
+ ConnectionPadding 1 in torrc, and may disable padding by setting
+ ConnectionPadding 0 in torrc. Padding may be minimized for mobile
+ users with the torrc option ReducedConnectionPadding. Implements
+ Proposal 251 and Section 2 of Proposal 254; closes ticket 16861.
+ - Relays will publish 24 hour totals of padding and non-padding cell
+ counts to their extra-info descriptors, unless PaddingStatistics 0
+ is set in torrc. These 24 hour totals are also rounded to
+ multiples of 10000.
+
+ o Major bugfixes (hidden service, relay, security):
+ - Fix a remotely triggerable assertion failure when a hidden service
+ handles a malformed BEGIN cell. Fixes bug 22493, tracked as
+ TROVE-2017-004 and as CVE-2017-0375; bugfix on 0.3.0.1-alpha.
+ - Fix a remotely triggerable assertion failure caused by receiving a
+ BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug
+ 22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix
+ on 0.2.2.1-alpha.
+
+ o Major bugfixes (path selection, security):
+ - When choosing which guard to use for a circuit, avoid the exit's
+ family along with the exit itself. Previously, the new guard
+ selection logic avoided the exit, but did not consider its family.
+ Fixes bug 22753; bugfix on 0.3.0.1-alpha. Tracked as TROVE-2017-
+ 006 and CVE-2017-0377.
+
+ o Major bugfixes (connection usage):
+ - We use NETINFO cells to try to determine if both relays involved
+ in a connection will agree on the canonical status of that
+ connection. We prefer the connections where this is the case for
+ extend cells, and try to close connections where relays disagree
+ on their canonical status early. Also, we now prefer the oldest
+ valid connection for extend cells. These two changes should reduce
+ the number of long-term connections that are kept open between
+ relays. Fixes bug 17604; bugfix on 0.2.5.5-alpha.
+ - Relays now log hourly statistics (look for
+ "channel_check_for_duplicates" lines) on the total number of
+ connections to other relays. If the number of connections per
+ relay is unexpectedly large, this log message is at notice level.
+ Otherwise it is at info.
+
+ o Major bugfixes (entry guards):
+ - When starting with an old consensus, do not add new entry guards
+ unless the consensus is "reasonably live" (under 1 day old). Fixes
+ one root cause of bug 22400; bugfix on 0.3.0.1-alpha.
+ - Don't block bootstrapping when a primary bridge is offline and we
+ can't get its descriptor. Fixes bug 22325; fixes one case of bug
+ 21969; bugfix on 0.3.0.3-alpha.
+
+ o Major bugfixes (linux TPROXY support):
+ - Fix a typo that had prevented TPROXY-based transparent proxying
+ from working under Linux. Fixes bug 18100; bugfix on 0.2.6.3-alpha.
+ Patch from "d4fq0fQAgoJ".
+
+ o Major bugfixes (openbsd, denial-of-service):
+ - Avoid an assertion failure bug affecting our implementation of
+ inet_pton(AF_INET6) on certain OpenBSD systems whose strtol()
+ handling of "0xx" differs from what we had expected. Fixes bug
+ 22789; bugfix on 0.2.3.8-alpha. Also tracked as TROVE-2017-007.
+
+ o Major bugfixes (relay, link handshake):
+ - When performing the v3 link handshake on a TLS connection, report
+ that we have the x509 certificate that we actually used on that
+ connection, even if we have changed certificates since that
+ connection was first opened. Previously, we would claim to have
+ used our most recent x509 link certificate, which would sometimes
+ make the link handshake fail. Fixes one case of bug 22460; bugfix
+ on 0.2.3.6-alpha.
+
+ o Major bugfixes (relays, key management):
+ - Regenerate link and authentication certificates whenever the key
+ that signs them changes; also, regenerate link certificates
+ whenever the signed key changes. Previously, these processes were
+ only weakly coupled, and we relays could (for minutes to hours)
+ wind up with an inconsistent set of keys and certificates, which
+ other relays would not accept. Fixes two cases of bug 22460;
+ bugfix on 0.3.0.1-alpha.
+ - When sending an Ed25519 signing->link certificate in a CERTS cell,
+ send the certificate that matches the x509 certificate that we
+ used on the TLS connection. Previously, there was a race condition
+ if the TLS context rotated after we began the TLS handshake but
+ before we sent the CERTS cell. Fixes a case of bug 22460; bugfix
+ on 0.3.0.1-alpha.
+
+ o Minor features (security, windows):
+ - Enable a couple of pieces of Windows hardening: one
+ (HeapEnableTerminationOnCorruption) that has been on-by-default
+ since Windows 8, and unavailable before Windows 7; and one
+ (PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION) which we believe doesn't
+ affect us, but shouldn't do any harm. Closes ticket 21953.
+
+ o Minor features (bridge authority):
+ - Add "fingerprint" lines to the networkstatus-bridges file produced
+ by bridge authorities. Closes ticket 22207.
+
+ o Minor features (code style):
+ - Add "Falls through" comments to our codebase, in order to silence
+ GCC 7's -Wimplicit-fallthrough warnings. Patch from Andreas
+ Stieger. Closes ticket 22446.
+
+ o Minor features (config options):
+ - Allow "%include" directives in torrc configuration files. These
+ directives import the settings from other files, or from all the
+ files in a directory. Closes ticket 1922. Code by Daniel Pinto.
+ - Make SAVECONF return an error when overwriting a torrc that has
+ includes. Using SAVECONF with the FORCE option will allow it to
+ overwrite torrc even if includes are used. Related to ticket 1922.
+ - Add "GETINFO config-can-saveconf" to tell controllers if SAVECONF
+ will work without the FORCE option. Related to ticket 1922.
+
+ o Minor features (controller):
+ - Warn the first time that a controller requests data in the long-
+ deprecated 'GETINFO network-status' format. Closes ticket 21703.
+
+ o Minor features (defaults):
+ - The default value for UseCreateFast is now 0: clients which
+ haven't yet received a consensus document will now use a proper
+ ntor handshake to talk to their directory servers whenever they
+ can. Closes ticket 21407.
+ - Onion key rotation and expiry intervals are now defined as a
+ network consensus parameter, per proposal 274. The default
+ lifetime of an onion key is increased from 7 to 28 days. Old onion
+ keys will expire after 7 days by default. This change will make
+ consensus diffs much smaller, and save significant bandwidth.
+ Closes ticket 21641.
+
+ o Minor features (defensive programming):
+ - Create a pair of consensus parameters, nf_pad_tor2web and
+ nf_pad_single_onion, to disable netflow padding in the consensus
+ for non-anonymous connections in case the overhead is high. Closes
+ ticket 17857.
+
+ o Minor features (diagnostic):
+ - Add a stack trace to the bug warnings that can be logged when
+ trying to send an outgoing relay cell with n_chan == 0. Diagnostic
+ attempt for bug 23105.
+ - Add logging messages to try to diagnose a rare bug that seems to
+ generate RSA->Ed25519 cross-certificates dated in the 1970s. We
+ think this is happening because of incorrect system clocks, but
+ we'd like to know for certain. Diagnostic for bug 22466.
+ - Avoid an assertion failure, and log a better error message, when
+ unable to remove a file from the consensus cache on Windows.
+ Attempts to mitigate and diagnose bug 22752.
+
+ o Minor features (directory authority):
+ - Improve the message that authorities report to relays that present
+ RSA/Ed25519 keypairs that conflict with previously pinned keys.
+ Closes ticket 22348.
+
+ o Minor features (directory cache, consensus diff):
+ - Add a new MaxConsensusAgeForDiffs option to allow directory cache
+ operators with low-resource environments to adjust the number of
+ consensuses they'll store and generate diffs from. Most cache
+ operators should leave it unchanged. Helps to work around
+ bug 22883.
+
+ o Minor features (fallback directory list):
+ - Update the fallback directory mirror whitelist and blacklist based
+ on operator emails. Closes task 21121.
+ - Replace the 177 fallbacks originally introduced in Tor 0.2.9.8 in
+ December 2016 (of which ~126 were still functional) with a list of
+ 151 fallbacks (32 new, 119 unchanged, 58 removed) generated in May
+ 2017. Resolves ticket 21564.
+
+ o Minor features (geoip):
+ - Update geoip and geoip6 to the September 6 2017 Maxmind GeoLite2
+ Country database.
+
+ o Minor features (hidden services, logging):
+ - Log a message when a hidden service descriptor has fewer
+ introduction points than specified in
+ HiddenServiceNumIntroductionPoints. Closes tickets 21598.
+ - Log a message when a hidden service reaches its introduction point
+ circuit limit, and when that limit is reset. Follow up to ticket
+ 21594; closes ticket 21622.
+ - Warn user if multiple entries in EntryNodes and at least one
+ HiddenService are used together. Pinning EntryNodes along with a
+ hidden service can be possibly harmful; for instance see ticket
+ 14917 or 21155. Closes ticket 21155.
+
+ o Minor features (linux seccomp2 sandbox):
+ - We now have a document storage backend compatible with the Linux
+ seccomp2 sandbox. This backend is used for consensus documents and
+ diffs between them; in the long term, we'd like to use it for
+ unparseable directory material too. Closes ticket 21645
+ - Increase the maximum allowed size passed to mprotect(PROT_WRITE)
+ from 1MB to 16MB. This was necessary with the glibc allocator in
+ order to allow worker threads to allocate more memory -- which in
+ turn is necessary because of our new use of worker threads for
+ compression. Closes ticket 22096.
+
+ o Minor features (logging):
+ - Log files are no longer created world-readable by default.
+ (Previously, most distributors would store the logs in a non-
+ world-readable location to prevent inappropriate access. This
+ change is an extra precaution.) Closes ticket 21729; patch
+ from toralf.
+
+ o Minor features (performance):
+ - Our Keccak (SHA-3) implementation now accesses memory more
+ efficiently, especially on little-endian systems. Closes
+ ticket 21737.
+ - Add an O(1) implementation of channel_find_by_global_id(), to
+ speed some controller functions.
+
+ o Minor features (relay, configuration):
+ - The MyFamily option may now be repeated as many times as desired,
+ for relays that want to configure large families. Closes ticket
+ 4998; patch by Daniel Pinto.
+
+ o Minor features (relay, performance):
+ - Always start relays with at least two worker threads, to prevent
+ priority inversion on slow tasks. Part of the fix for bug 22883.
+ - Allow background work to be queued with different priorities, so
+ that a big pile of slow low-priority jobs will not starve out
+ higher priority jobs. This lays the groundwork for a fix for
+ bug 22883.
+
+ o Minor features (safety):
+ - Add an explicit check to extrainfo_parse_entry_from_string() for
+ NULL inputs. We don't believe this can actually happen, but it may
+ help silence a warning from the Clang analyzer. Closes
+ ticket 21496.
+
+ o Minor features (testing):
+ - Add more tests for compression backend initialization. Closes
+ ticket 22286.
+ - Add a "--disable-memory-sentinels" feature to help with fuzzing.
+ When Tor is compiled with this option, we disable a number of
+ redundant memory-safety failsafes that are intended to stop bugs
+ from becoming security issues. This makes it easier to hunt for
+ bugs that would be security issues without the failsafes turned
+ on. Closes ticket 21439.
+ - Add a general event-tracing instrumentation support to Tor. This
+ subsystem will enable developers and researchers to add fine-
+ grained instrumentation to their Tor instances, for use when
+ examining Tor network performance issues. There are no trace
+ events yet, and event-tracing is off by default unless enabled at
+ compile time. Implements ticket 13802.
+ - Improve our version parsing tests: add tests for typical version
+ components, add tests for invalid versions, including numeric
+ range and non-numeric prefixes. Unit tests 21278, 21450, and
+ 21507. Partially implements 21470.
+
+ o Minor bugfixes (bandwidth accounting):
+ - Roll over monthly accounting at the configured hour and minute,
+ rather than always at 00:00. Fixes bug 22245; bugfix on 0.0.9rc1.
+ Found by Andrey Karpov with PVS-Studio.
+
+ o Minor bugfixes (code correctness):
+ - Accurately identify client connections by their lack of peer
+ authentication. This means that we bail out earlier if asked to
+ extend to a client. Follow-up to 21407. Fixes bug 21406; bugfix
+ on 0.2.4.23.
+
+ o Minor bugfixes (compilation warnings):
+ - Suppress -Wdouble-promotion warnings with clang 4.0. Fixes bug
+ 22915; bugfix on 0.2.8.1-alpha.
+ - Fix warnings when building with libscrypt and openssl scrypt
+ support on Clang. Fixes bug 22916; bugfix on 0.2.7.2-alpha.
+ - When building with certain versions of the mingw C header files,
+ avoid float-conversion warnings when calling the C functions
+ isfinite(), isnan(), and signbit(). Fixes bug 22801; bugfix
+ on 0.2.8.1-alpha.
+
+ o Minor bugfixes (compilation):
+ - Avoid compiler warnings in the unit tests for calling tor_sscanf()
+ with wide string outputs. Fixes bug 15582; bugfix on 0.2.6.2-alpha.
+
+ o Minor bugfixes (compression):
+ - When spooling compressed data to an output buffer, don't try to
+ spool more data when there is no more data to spool and we are not
+ trying to flush the input. Previously, we would sometimes launch
+ compression requests with nothing to do, which interferes with our
+ 22672 checks. Fixes bug 22719; bugfix on 0.2.0.16-alpha.
+
+ o Minor bugfixes (configuration):
+ - Do not crash when starting with LearnCircuitBuildTimeout 0. Fixes
+ bug 22252; bugfix on 0.2.9.3-alpha.
+
+ o Minor bugfixes (connection lifespan):
+ - Allow more control over how long TLS connections are kept open:
+ unify CircuitIdleTimeout and PredictedPortsRelevanceTime into a
+ single option called CircuitsAvailableTimeout. Also, allow the
+ consensus to control the default values for both this preference
+ and the lifespan of relay-to-relay connections. Fixes bug 17592;
+ bugfix on 0.2.5.5-alpha.
+ - Increase the initial circuit build timeout testing frequency, to
+ help ensure that ReducedConnectionPadding clients finish learning
+ a timeout before their orconn would expire. The initial testing
+ rate was set back in the days of TAP and before the Tor Browser
+ updater, when we had to be much more careful about new clients
+ making lots of circuits. With this change, a circuit build timeout
+ is learned in about 15-20 minutes, instead of 100-120 minutes.
+
+ o Minor bugfixes (controller):
+ - Do not crash when receiving a HSPOST command with an empty body.
+ Fixes part of bug 22644; bugfix on 0.2.7.1-alpha.
+ - Do not crash when receiving a POSTDESCRIPTOR command with an empty
+ body. Fixes part of bug 22644; bugfix on 0.2.0.1-alpha.
+ - GETINFO onions/current and onions/detached no longer respond with
+ 551 on empty lists. Fixes bug 21329; bugfix on 0.2.7.1-alpha.
+ - Trigger HS descriptor events on the control port when the client
+ fails to pick a hidden service directory for a hidden service.
+ This can happen if all the hidden service directories are in
+ ExcludeNodes, or they have all been queried within the last 15
+ minutes. Fixes bug 22042; bugfix on 0.2.5.2-alpha.
+
+ o Minor bugfixes (correctness):
+ - Avoid undefined behavior when parsing IPv6 entries from the geoip6
+ file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.
+
+ o Minor bugfixes (coverity build support):
+ - Avoid Coverity build warnings related to our BUG() macro. By
+ default, Coverity treats BUG() as the Linux kernel does: an
+ instant abort(). We need to override that so our BUG() macro
+ doesn't prevent Coverity from analyzing functions that use it.
+ Fixes bug 23030; bugfix on 0.2.9.1-alpha.
+
+ o Minor bugfixes (defensive programming):
+ - Detect and break out of infinite loops in our compression code. We
+ don't think that any such loops exist now, but it's best to be
+ safe. Closes ticket 22672.
+ - Fix a memset() off the end of an array when packing cells. This
+ bug should be harmless in practice, since the corrupted bytes are
+ still in the same structure, and are always padding bytes,
+ ignored, or immediately overwritten, depending on compiler
+ behavior. Nevertheless, because the memset()'s purpose is to make
+ sure that any other cell-handling bugs can't expose bytes to the
+ network, we need to fix it. Fixes bug 22737; bugfix on
+ 0.2.4.11-alpha. Fixes CID 1401591.
+
+ o Minor bugfixes (directory authority):
+ - When a directory authority rejects a descriptor or extrainfo with
+ a given digest, mark that digest as undownloadable, so that we do
+ not attempt to download it again over and over. We previously
+ tried to avoid downloading such descriptors by other means, but we
+ didn't notice if we accidentally downloaded one anyway. This
+ behavior became problematic in 0.2.7.2-alpha, when authorities
+ began pinning Ed25519 keys. Fixes bug 22349; bugfix
+ on 0.2.1.19-alpha.
+ - When rejecting a router descriptor for running an obsolete version
+ of Tor without ntor support, warn about the obsolete tor version,
+ not the missing ntor key. Fixes bug 20270; bugfix on 0.2.9.3-alpha.
+ - Prevent the shared randomness subsystem from asserting when
+ initialized by a bridge authority with an incomplete configuration
+ file. Fixes bug 21586; bugfix on 0.2.9.8.
+
+ o Minor bugfixes (error reporting, windows):
+ - When formatting Windows error messages, use the English format to
+ avoid codepage issues. Fixes bug 22520; bugfix on 0.1.2.8-alpha.
+ Patch from "Vort".
+
+ o Minor bugfixes (exit-side DNS):
+ - Fix an untriggerable assertion that checked the output of a
+ libevent DNS error, so that the assertion actually behaves as
+ expected. Fixes bug 22244; bugfix on 0.2.0.20-rc. Found by Andrey
+ Karpov using PVS-Studio.
+
+ o Minor bugfixes (fallback directories):
+ - Make the usage example in updateFallbackDirs.py actually work, and
+ explain what it does. Fixes bug 22270; bugfix on 0.3.0.3-alpha.
+ - Decrease the guard flag average required to be a fallback. This
+ allows us to keep relays that have their guard flag removed when
+ they restart. Fixes bug 20913; bugfix on 0.2.8.1-alpha.
+ - Decrease the minimum number of fallbacks to 100. Fixes bug 20913;
+ bugfix on 0.2.8.1-alpha.
+ - Make sure fallback directory mirrors have the same address, port,
+ and relay identity key for at least 30 days before they are
+ selected. Fixes bug 20913; bugfix on 0.2.8.1-alpha.
+
+ o Minor bugfixes (file limits, osx):
+ - When setting the maximum number of connections allowed by the OS,
+ always allow some extra file descriptors for other files. Fixes
+ bug 22797; bugfix on 0.2.0.10-alpha.
+
+ o Minor bugfixes (hidden services):
+ - Increase the number of circuits that a service is allowed to
+ open over a specific period of time. The value was lower than it
+ should be (8 vs 12) in the normal case of 3 introduction points.
+ Fixes bug 22159; bugfix on 0.3.0.5-rc.
+ - Fix a BUG warning during HSv3 descriptor decoding that could be
+ cause by a specially crafted descriptor. Fixes bug 23233; bugfix
+ on 0.3.0.1-alpha. Bug found by "haxxpop".
+ - Stop printing a cryptic warning when a hidden service gets a
+ request to connect to a virtual port that it hasn't configured.
+ Fixes bug 16706; bugfix on 0.2.6.3-alpha.
+ - Simplify hidden service descriptor creation by using an existing
+ flag to check if an introduction point is established. Fixes bug
+ 21599; bugfix on 0.2.7.2-alpha.
+
+ o Minor bugfixes (link handshake):
+ - Lower the lifetime of the RSA->Ed25519 cross-certificate to six
+ months, and regenerate it when it is within one month of expiring.
+ Previously, we had generated this certificate at startup with a
+ ten-year lifetime, but that could lead to weird behavior when Tor
+ was started with a grossly inaccurate clock. Mitigates bug 22466;
+ mitigation on 0.3.0.1-alpha.
+
+ o Minor bugfixes (linux seccomp2 sandbox):
+ - Avoid a sandbox failure when trying to re-bind to a socket and
+ mark it as IPv6-only. Fixes bug 20247; bugfix on 0.2.5.1-alpha.
+ - Permit the fchmod system call, to avoid crashing on startup when
+ starting with the seccomp2 sandbox and an unexpected set of
+ permissions on the data directory or its contents. Fixes bug
+ 22516; bugfix on 0.2.5.4-alpha.
+
+ o Minor bugfixes (logging):
+ - When decompressing, do not warn if we fail to decompress using a
+ compression method that we merely guessed. Fixes part of bug
+ 22670; bugfix on 0.1.1.14-alpha.
+ - When decompressing, treat mismatch between content-encoding and
+ actual compression type as a protocol warning. Fixes part of bug
+ 22670; bugfix on 0.1.1.9-alpha.
+ - Downgrade "assigned_to_cpuworker failed" message to info-level
+ severity. In every case that can reach it, either a better warning
+ has already been logged, or no warning is warranted. Fixes bug
+ 22356; bugfix on 0.2.6.3-alpha.
+ - Log a better message when a directory authority replies to an
+ upload with an unexpected status code. Fixes bug 11121; bugfix
+ on 0.1.0.1-rc.
+ - Downgrade a log statement about unexpected relay cells from "bug"
+ to "protocol warning", because there is at least one use case
+ where it can be triggered by a buggy tor implementation. Fixes bug
+ 21293; bugfix on 0.1.1.14-alpha.
+
+ o Minor bugfixes (logging, relay):
+ - Remove a forgotten debugging message when an introduction point
+ successfully establishes a hidden service prop224 circuit with
+ a client.
+ - Change three other log_warn() for an introduction point to
+ protocol warnings, because they can be failure from the network
+ and are not relevant to the operator. Fixes bug 23078; bugfix on
+ 0.3.0.1-alpha and 0.3.0.2-alpha.
+
+ o Minor bugfixes (relay):
+ - Inform the geoip and rephist modules about all requests, even on
+ relays that are only fetching microdescriptors. Fixes a bug
+ related to 21585; bugfix on 0.3.0.1-alpha.
+
+ o Minor bugfixes (memory leaks):
+ - Fix a small memory leak at exit from the backtrace handler code.
+ Fixes bug 21788; bugfix on 0.2.5.2-alpha. Patch from Daniel Pinto.
+ - When directory authorities reject a router descriptor due to
+ keypinning, free the router descriptor rather than leaking the
+ memory. Fixes bug 22370; bugfix on 0.2.7.2-alpha.
+ - Fix a small memory leak when validating a configuration that uses
+ two or more AF_UNIX sockets for the same port type. Fixes bug
+ 23053; bugfix on 0.2.6.3-alpha. This is CID 1415725.
+
+ o Minor bugfixes (process behavior):
+ - When exiting because of an error, always exit with a nonzero exit
+ status. Previously, we would fail to report an error in our exit
+ status in cases related to __OwningControllerProcess failure,
+ lockfile contention, and Ed25519 key initialization. Fixes bug
+ 22720; bugfix on versions 0.2.1.6-alpha, 0.2.2.28-beta, and
+ 0.2.7.2-alpha respectively. Reported by "f55jwk4f"; patch
+ from "huyvq".
+
+ o Minor bugfixes (robustness, error handling):
+ - Improve our handling of the cases where OpenSSL encounters a
+ memory error while encoding keys and certificates. We haven't
+ observed these errors in the wild, but if they do happen, we now
+ detect and respond better. Fixes bug 19418; bugfix on all versions
+ of Tor. Reported by Guido Vranken.
+
+ o Minor bugfixes (testing):
+ - Fix an undersized buffer in test-memwipe.c. Fixes bug 23291;
+ bugfix on 0.2.7.2-alpha. Found and patched by Ties Stuij.
+ - Use unbuffered I/O for utility functions around the
+ process_handle_t type. This fixes unit test failures reported on
+ OpenBSD and FreeBSD. Fixes bug 21654; bugfix on 0.2.3.1-alpha.
+ - Make display of captured unit test log messages consistent. Fixes
+ bug 21510; bugfix on 0.2.9.3-alpha.
+ - Make test-network.sh always call chutney's test-network.sh.
+ Previously, this only worked on systems which had bash installed,
+ due to some bash-specific code in the script. Fixes bug 19699;
+ bugfix on 0.3.0.4-rc. Follow-up to ticket 21581.
+ - Fix a memory leak in the link-handshake/certs_ok_ed25519 test.
+ Fixes bug 22803; bugfix on 0.3.0.1-alpha.
+ - The unit tests now pass on systems where localhost is misconfigured
+ to some IPv4 address other than 127.0.0.1. Fixes bug 6298; bugfix
+ on 0.0.9pre2.
+
+ o Minor bugfixes (voting consistency):
+ - Reject version numbers with non-numeric prefixes (such as +, -, or
+ whitespace). Disallowing whitespace prevents differential version
+ parsing between POSIX-based and Windows platforms. Fixes bug 21507
+ and part of 21508; bugfix on 0.0.8pre1.
+
+ o Minor bugfixes (Windows service):
+ - When running as a Windows service, set the ID of the main thread
+ correctly. Failure to do so made us fail to send log messages to
+ the controller in 0.2.1.16-rc, slowed down controller event
+ delivery in 0.2.7.3-rc and later, and crash with an assertion
+ failure in 0.3.1.1-alpha. Fixes bug 23081; bugfix on 0.2.1.6-alpha.
+ Patch and diagnosis from "Vort".
+
+ o Minor bugfixes (windows, relay):
+ - Resolve "Failure from drain_fd: No error" warnings on Windows
+ relays. Fixes bug 21540; bugfix on 0.2.6.3-alpha.
+
+ o Code simplification and refactoring:
+ - Break up the 630-line function connection_dir_client_reached_eof()
+ into a dozen smaller functions. This change should help
+ maintainability and readability of the client directory code.
+ - Isolate our use of the openssl headers so that they are only
+ included from our crypto wrapper modules, and from tests that
+ examine those modules' internals. Closes ticket 21841.
+ - Simplify our API to launch directory requests, making it more
+ extensible and less error-prone. Now it's easier to add extra
+ headers to directory requests. Closes ticket 21646.
+ - Our base64 decoding functions no longer overestimate the output
+ space that they need when parsing unpadded inputs. Closes
+ ticket 17868.
+ - Remove unused "ROUTER_ADDED_NOTIFY_GENERATOR" internal value.
+ Resolves ticket 22213.
+ - The logic that directory caches use to spool request to clients,
+ serving them one part at a time so as not to allocate too much
+ memory, has been refactored for consistency. Previously there was
+ a separate spooling implementation per type of spoolable data. Now
+ there is one common spooling implementation, with extensible data
+ types. Closes ticket 21651.
+ - Tor's compression module now supports multiple backends. Part of
+ the implementation for proposal 278; closes ticket 21663.
+
+ o Documentation:
+ - Add a manpage description for the key-pinning-journal file. Closes
+ ticket 22347.
+ - Correctly note that bandwidth accounting values are stored in the
+ state file, and the bw_accounting file is now obsolete. Closes
+ ticket 16082.
+ - Document more of the files in the Tor data directory, including
+ cached-extrainfo, secret_onion_key{,_ntor}.old, hidserv-stats,
+ approved-routers, sr-random, and diff-cache. Found while fixing
+ ticket 22347.
+ - Clarify the manpage for the (deprecated) torify script. Closes
+ ticket 6892.
+ - Clarify the behavior of the KeepAliveIsolateSOCKSAuth sub-option.
+ Closes ticket 21873.
+ - Correct documentation about the default DataDirectory value.
+ Closes ticket 21151.
+ - Document the default behavior of NumEntryGuards and
+ NumDirectoryGuards correctly. Fixes bug 21715; bugfix
+ on 0.3.0.1-alpha.
+ - Document key=value pluggable transport arguments for Bridge lines
+ in torrc. Fixes bug 20341; bugfix on 0.2.5.1-alpha.
+ - Note that bandwidth-limiting options don't affect TCP headers or
+ DNS. Closes ticket 17170.
+
+ o Removed features (configuration options, all in ticket 22060):
+ - These configuration options are now marked Obsolete, and no longer
+ have any effect: AllowInvalidNodes, AllowSingleHopCircuits,
+ AllowSingleHopExits, ExcludeSingleHopRelays, FastFirstHopPK,
+ TLSECGroup, WarnUnsafeSocks. They were first marked as deprecated
+ in 0.2.9.2-alpha and have now been removed. The previous default
+ behavior is now always chosen; the previous (less secure) non-
+ default behavior is now unavailable.
+ - CloseHSClientCircuitsImmediatelyOnTimeout and
+ CloseHSServiceRendCircuitsImmediatelyOnTimeout were deprecated in
+ 0.2.9.2-alpha and now have been removed. HS circuits never close
+ on circuit build timeout; they have a longer timeout period.
+ - {Control,DNS,Dir,Socks,Trans,NATD,OR}ListenAddress were deprecated
+ in 0.2.9.2-alpha and now have been removed. Use the ORPort option
+ (and others) to configure listen-only and advertise-only addresses.
+
+ o Removed features (tools):
+ - We've removed the tor-checkkey tool from src/tools. Long ago, we
+ used it to help people detect RSA keys that were generated by
+ versions of Debian affected by CVE-2008-0166. But those keys have
+ been out of circulation for ages, and this tool is no longer
+ required. Closes ticket 21842.
+
+
Changes in version 0.3.0.10 - 2017-08-02
Tor 0.3.0.10 backports a collection of small-to-medium bugfixes
from the current Tor alpha series. OpenBSD users and TPROXY users
1
0

[tor/master] remove changes files for items that appeared in 0.3.17
by nickm@torproject.org 18 Sep '17
by nickm@torproject.org 18 Sep '17
18 Sep '17
commit 365bb6356a0d5238adc8153d254cb67bc44ea10d
Author: Nick Mathewson <nickm(a)torproject.org>
Date: Mon Sep 18 10:12:30 2017 -0400
remove changes files for items that appeared in 0.3.17
---
changes/bug23533 | 4 ----
changes/trove-2017-008 | 5 -----
2 files changed, 9 deletions(-)
diff --git a/changes/bug23533 b/changes/bug23533
deleted file mode 100644
index b5bfdc0ce..000000000
--- a/changes/bug23533
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfixes (relay):
- - Inform the geoip and rephist modules about all requests, even
- on relays that are only fetching microdescriptors. Fixes a bug related
- to 21585; bugfix on 0.3.0.1-alpha.
diff --git a/changes/trove-2017-008 b/changes/trove-2017-008
deleted file mode 100644
index 4b9c5b0a1..000000000
--- a/changes/trove-2017-008
+++ /dev/null
@@ -1,5 +0,0 @@
- o Major bugfixes (security, hidden services, loggging):
- - Fix a bug where we could log uninitialized stack when a certain
- hidden service error occurred while SafeLogging was disabled.
- Fixes bug #23490; bugfix on 0.2.7.2-alpha.
- This is also tracked as TROVE-2017-008 and CVE-2017-0380.
1
0

[tor/master] Start on a changelog for 0.3.2.1-alpha: sortchanges and formatchangelog
by nickm@torproject.org 18 Sep '17
by nickm@torproject.org 18 Sep '17
18 Sep '17
commit 0bd62c1d92ecb2ee43d2ecd44ee5cf7b1295a3d1
Author: Nick Mathewson <nickm(a)torproject.org>
Date: Mon Sep 18 10:32:03 2017 -0400
Start on a changelog for 0.3.2.1-alpha: sortchanges and formatchangelog
---
ChangeLog | 354 ++++++++++++++++++++++++++++++++++++++++++++++++
changes/15554 | 4 -
changes/19307 | 7 -
changes/21148 | 4 -
changes/bug15645 | 3 -
changes/bug1667 | 4 -
changes/bug17639 | 4 -
changes/bug17750 | 4 -
changes/bug18982 | 6 -
changes/bug19281 | 5 -
changes/bug19476 | 4 -
changes/bug19648 | 5 -
changes/bug19871 | 4 -
changes/bug22006 | 4 -
changes/bug22410 | 4 -
changes/bug22461 | 7 -
changes/bug22497 | 4 -
changes/bug22677 | 3 -
changes/bug22731 | 5 -
changes/bug22746 | 4 -
changes/bug22750 | 5 -
changes/bug22779 | 4 -
changes/bug22802 | 10 --
changes/bug22885 | 5 -
changes/bug22924 | 4 -
changes/bug23026 | 4 -
changes/bug23054 | 4 -
changes/bug23055 | 4 -
changes/bug23091 | 6 -
changes/bug23098 | 4 -
changes/bug23106 | 5 -
changes/bug23220 | 7 -
changes/bug23366 | 4 -
changes/bug23426 | 4 -
changes/bug23470 | 5 -
changes/bug23487 | 5 -
changes/bug23499 | 6 -
changes/bug23506 | 4 -
changes/bug23524 | 4 -
changes/bug23532 | 5 -
changes/bug3056 | 3 -
changes/bug4019 | 4 -
changes/bug5847 | 5 -
changes/bug7890 | 4 -
changes/doc20152 | 3 -
changes/feature19254 | 3 -
changes/feature20119_1 | 3 -
changes/feature22407 | 5 -
changes/feature22976 | 8 --
changes/feature23090 | 3 -
changes/feature23237 | 4 -
changes/prop224 | 36 -----
changes/refactor-buffer | 3 -
changes/ticket12541 | 23 ----
changes/ticket20488 | 5 -
changes/ticket20575 | 4 -
changes/ticket21031 | 5 -
changes/ticket22215 | 5 -
changes/ticket22281 | 3 -
changes/ticket22311 | 3 -
changes/ticket22377 | 4 -
changes/ticket22437 | 4 -
changes/ticket22521 | 3 -
changes/ticket22608 | 6 -
changes/ticket22684 | 5 -
changes/ticket22804 | 4 -
changes/ticket22895 | 3 -
67 files changed, 354 insertions(+), 345 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 566da0478..73403a178 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,357 @@
+Changes in version 0.3.2.1-alpha - 2017-09-18
+ BLURB
+
+ Below are the changes since Tor 0.3.1.7.
+
+ o Major feature (scheduler, channel):
+ - Introducing the KIST scheduler which stands for Kernel Informed
+ Socket Transport. It is only available on Linux systems. This
+ comes from a researched and published paper you can find
+ here: http://www.robgjansen.com/publications/kist-sec2014.pdf
+ https://arxiv.org/abs/1709.01044 This is also a major refactoring
+ of the entire scheduler subsystem in order for it to be more
+ modular and thus much more easier to add more scheduler type
+ later. The current scheduler has been named "Vanilla" but we favor
+ KIST if available in this version. A new torrc option has been
+ added and named "Schedulers type1,type2,..." which allows a user
+ to select which scheduler type it wants tor to use. It is also
+ possible to change it at runtime. It is an ordered list by
+ priority. KIST might not be available on all platforms so there is
+ a fallback to "KISTLite" that uses the same mechanisms but without
+ the kernel support. The current default values are: Schedulers
+ KIST,KISTLite,Vanilla. Closes ticket 12541.
+
+ o Major features (next-generation onion services):
+ - Tor now supports the next-generation onion services protocol for
+ clients and services! As part of this release, the core of
+ proposal 224 has been implemented and is available for
+ experimentation and testing by our users. This newer version of
+ onion services (v3) features various improvements over the legacy
+ system: a) Better crypto (replaced SHA1/DH/RSA1024 with
+ SHA3/ed25519/curve25519) b) Improved directory protocol leaking
+ less to directory servers. c) Improved directory protocol with
+ smaller surface for targeted attacks. d) Better onion address
+ security against impersonation. e) More extensible
+ introduction/rendezvous protocol. f) A cleaner and more modular
+ codebase. Furthermore, as part of this update, onion addresses
+ increase in length and are now 56 characters long:
+ 4acth47i6kxnvkewtm6q7ib2s3ufpo5sqbsnzjpbi7utijcltosqemad.onion In
+ the future, we will be releasing more options and features but we
+ first need a testing period, so that the current codebase matures
+ and becomes more robust. Here are some of the features we have
+ planned: 1) Offline keys for onion services 2) Advanced client
+ authorization for onion services 3) Improved guard algorithm for
+ onion services 4) Next-gen onion service statistics Please see our
+ proposal for more details:
+ https://gitweb.torproject.org/torspec.git/tree/proposals/224-rend-spec-ng.t…
+ The default version for onion services remains v2 (the legacy
+ system) until this new codebase gets tested and hardened. Service
+ operators who want to experiment with the new system can use the
+ 'HiddenServiceVersion 3' torrc directive along with the regular
+ onion service configuration options. We will publish a blog post
+ about this new feature soon! Enjoy!
+
+ o Major bugfixes (usability, control port):
+ - Report trusted clock skew indications as bootstrap errors, so
+ controllers can more easily alert users. Fixes bug 23506; bugfix
+ on 0.1.2.6-alpha.
+
+ o Minor features (bug detection):
+ - Log a warning message, with stack trace, for any attempt to call
+ get_options() during option validation. Closes ticket 22281.
+
+ o Minor features (client directory bandwidth tuning):
+ - When downloading (micro)descriptors, don't split the list of
+ descriptors into multiple requests unless there are at least 32
+ descriptors that we want. Previously, we split at 4, not 32, which
+ could lead to significant overhead in HTTP request size and
+ degradation in compression performance. Closes ticket 23220.
+
+ o Minor features (client):
+ - You can now use Tor as a tunneled HTTP proxy: use the
+ HTTPTunnelPort option to open a port that accepts HTTP CONNECT
+ requests. Closes ticket 22407.
+
+ o Minor features (client, entry guards):
+ - Add an extra check to make sure that we always use the new guard
+ selection code for picking our guards. Closes ticket 22779.
+
+ o Minor features (command line):
+ - Add a new commandline option, --key-expiration, which prints when
+ the current signing key is going to expire. Implements ticket
+ 17639; patch by Isis Lovecruft.
+
+ o Minor features (control port):
+ - If the control port is used as the HTTP proxy, responds with a
+ meaningful "This is the Tor control port" message, and log the
+ event. Closes ticket 1667. Patch from Ravi Chandra Padmala.
+ - Provide better error message for GETINFO desc/(id|name) when
+ microdescriptors are in use and router descriptors are not
+ fetched. Closes ticket 5847. Patch by Kevin Butler.
+
+ o Minor features (control):
+ - Add GETINFO desc/download-enabled and md/download-enabled, to
+ inform the controller whether try to download router descriptors
+ and microdescriptors respectively. Closes ticket 22684.
+
+ o Minor features (controller):
+ - Added new GETINFO targets ip-to-country/{ipv4,ipv6}-available, so
+ controllers can tell whether the geoip databases are loaded.
+ Closes ticket 23237.
+ - Adds a timestamp field to the CIRC_BW and STREAM_BW bandwidth
+ events. Closes ticket 19254. Patch by "DonnchaC".
+
+ o Minor features (development support):
+ - Developers can now generate a call-graph for Tor using the
+ "calltool" python program, which post-processes object dumps. It
+ should work okay on many Linux and OSX platforms, and might work
+ elsewhere too. To run this, install calltool from
+ https://gitweb.torproject.org/user/nickm/calltool.git and run
+ "make callgraph". Closes ticket 19307.
+
+ o Minor features (ed25519):
+ - Add validation function to checks for torsion components in
+ ed25119 public keys, used by prop224 client-side code. Closes
+ ticket 22006. Math help by Ian Goldberg.
+
+ o Minor features (exit relay, DNS):
+ - Improve the clarity and safety of the log message from evdns when
+ receiving an apparent spoofed DNS reply. Closes ticket 3056.
+
+ o Minor features (integration, hardening):
+ - Added a new NoExec option, to prevent Tor from running other
+ programs. When this option is set to 1, Tor will never try to run
+ another program, regardless of the settings of
+ PortForwardingHelper, ClientTransportPlugin, or
+ ServerTransportPlugin. Once NoExec is set, it cannot be disabled
+ without restarting Tor. Closes ticket 22976.
+
+ o Minor features (linux seccomp2 sandbox):
+ - If the sandbox filter fails to load, suggest to the user that
+ their kernel might not support seccomp2. Closes ticket 23090.
+
+ o Minor features (logging, UI):
+ - Improve the warning message for specifying a relay by nickname.
+ The previous message implied that nickname registration was still
+ part of the Tor network design, which it isn't. Closes
+ ticket 20488.
+
+ o Minor features (portability):
+ - Check at configure time whether uint8_t is unsigned char. Lots of
+ existing code already assumes this, and there could be strict
+ aliasing issues if they aren't the same type. Closes ticket 22410.
+
+ o Minor features (relay, configuration):
+ - Reject attempts to use relative file paths when RunAsDaemon is
+ set. Previously, Tor would accept these, but the directory-
+ changing step of RunAsDaemon would give strange and/or confusing
+ results. Closes ticket 22731.
+
+ o Minor features (startup, safety):
+ - When configured to write a PID file, Tor now exits if it is unable
+ to do so. Previously, it would warn and continue. Closes
+ ticket 20119.
+
+ o Minor features (static analysis):
+ - The BUG() macro has been changed slightly so that Coverity no
+ longer complains about dead code if the bug is impossible. Closes
+ ticket 23054.
+
+ o Minor features (testing):
+ - Add a unit test to verify that we can parse a hardcoded v2 hidden
+ service descriptor. Closes ticket 15554.
+
+ o Minor bugfix (relay address resolution):
+ - Avoid unnecessary calls to directory_fetches_from_authorities() on
+ relays. This avoids spurious address resolutions and descriptor
+ rebuilds. This is a mitigation for bug 21789. Fixes bug 23470;
+ bugfix on in 0.2.8.1-alpha.
+
+ o Minor bugfixes (certificate handling):
+ - Fix a time handling bug in Tor certificates set to expire after
+ the year 2106. Fixes bug 23055; bugfix on 0.3.0.1-alpha. Found by
+ Coverity as CID 1415728.
+
+ o Minor bugfixes (circuit logging):
+ - torspec says hop counts are 1-based, so fix two log messages that
+ mistakenly logged 0-based hop counts. Fixes bug 18982; bugfix on
+ 0.2.6.2-alpha and 0.2.4.5-alpha. Patch by teor. Credit to Xiaofan
+ Li for reporting this issue.
+
+ o Minor bugfixes (client, usability):
+ - Refrain from needlessly rejecting SOCKS5-with-hostnames and
+ SOCKS4a requests that contain IP address strings, even when
+ SafeSocks in enabled, as this prevents user from connecting to
+ known IP addresses without relying on DNS for resolving. SafeSocks
+ still rejects SOCKS connections that connect to IP addresses when
+ those addresses are _not_ encoded as hostnames. Fixes bug 22461;
+ bugfix on Tor 0.2.6.2-alpha.
+
+ o Minor bugfixes (code correctness):
+ - Call htons() in extend_cell_format() for encoding a 16-bit value.
+ Previously we used ntohs(), which happens to behave the same on
+ all the platforms we support, but which isn't really correct.
+ Fixes bug 23106; bugfix on 0.2.4.8-alpha.
+
+ o Minor bugfixes (compilation):
+ - Fix unused variable warnings in donna's Curve25519 SSE2 code.
+ Fixes bug 22895; bugfix on 0.2.7.2-alpha.
+
+ o Minor bugfixes (consensus expiry):
+ - Tor would reconsider updating its directory information every 2
+ minutes instead of only doing it for a consensus that is more than
+ 24 hours old (badly expired). This specific check is done in the
+ tor main loop callback that validates if we have an expired
+ consensus. Fixes bug 23091; bugfix on 0.2.0.19-alpha.
+
+ o Minor bugfixes (correctness, controller):
+ - Make the controller's write_escaped_data() function robust to
+ extremely long inputs. Right now, it doesn't actually receive any
+ extremely long inputs, so this is for defense in depth. Fixes bug
+ 19281; bugfix on 0.1.1.1-alpha. Reported by Guido Vranken.
+
+ o Minor bugfixes (crypto):
+ - Properly detect and refuse to blind bad ed25519 keys. The key
+ blinding code is currently unused, so this bug does not affect tor
+ clients or services on the network. Fixes bug 22746; bugfix
+ on 0.2.6.1-alpha.
+
+ o Minor bugfixes (directories):
+ - Directory servers now include a "Date:" http header for response
+ codes other than 200. Clients starting with a skewed clock and a
+ recent consensus were getting "304 Not modified" responses from
+ directory authorities, so without a Date header the client would
+ never hear about a wrong clock. Fixes bug 23499; bugfix
+ on 0.0.8rc1.
+
+ o Minor bugfixes (directory downloads):
+ - Make clients wait for 6 seconds before trying to download their
+ consensus from an authority. Fixes bug 17750; bugfix
+ on 0.2.8.1-alpha.
+
+ o Minor bugfixes (DoS-resistance):
+ - If future code asks if there are any running bridges, without
+ checking if bridges are enabled, log a BUG warning rather than
+ crashing. Fixes bug 23524; bugfix on 0.3.0.1-alpha.
+
+ o Minor bugfixes (format strictness):
+ - Restrict several data formats to decimal. Previously, the
+ BuildTimeHistogram entries in the state file, the "bw=" entries in
+ the bandwidth authority file, and process IDs passed to the
+ __OwningControllerProcess option could all be specified in hex or
+ octal as well as in decimal. This was not an intentional feature.
+ Fixes bug 22802; bugfixes on 0.2.2.1-alpha, 0.2.2.2-alpha,
+ and 0.2.2.28-beta.
+
+ o Minor bugfixes (heartbeat):
+ - If we fail to write a heartbeat message, schedule a retry for the
+ minimum heartbeat interval number of seconds in the future. Fixes
+ bug 19476; bugfix on 0.2.3.1-alpha.
+
+ o Minor bugfixes (linux seccomp2 sandbox, logging):
+ - Fix some messages on unexpected errors from the seccomp2 library.
+ Fixes bug 22750; bugfix on 0.2.5.1-alpha. Patch from "cypherpunks".
+
+ o Minor bugfixes (logging):
+ - Remove duplicate log messages regarding opening non-local
+ SocksPorts upon parsing config and opening listeners at startup.
+ Fixes bug 4019; bugfix on 0.2.3.3-alpha.
+ - Use a more comprehensible log message when telling the user
+ they've excluded every running exit node. Fixes bug 7890; bugfix
+ on 0.2.2.25-alpha.
+ - When logging the number of descriptors we intend to download per
+ directory request, do not log a number higher than then the number
+ of descriptors we're fetching in total. Fixes bug 19648; bugfix
+ on 0.1.1.8-alpha.
+ - When warning about a directory owned by the wrong user, log the
+ actual name of the user owning the directory. Previously, we'd log
+ the name of the process owner twice. Fixes bug 23487; bugfix
+ on 0.2.9.1-alpha.
+
+ o Minor bugfixes (portability):
+ - Stop using the PATH_MAX variable. The variable is not defined in
+ GNU Hurd which prevents Tor from being built. Fixes bug 23098;
+ bugfix on 0.3.1.1-alpha.
+
+ o Minor bugfixes (relay):
+ - When uploading our descriptor for the first time after startup,
+ report the reason for uploading as "Tor just started" rather than
+ leaving it blank. Fixes bug 22885; bugfix on 0.2.3.4-alpha.
+
+ o Minor bugfixes (test):
+ - Fix a broken unit test for the OutboundAddress option: the parsing
+ function was never returning an error on failure. Fixes bug 23366;
+ bugfix on 0.3.0.3-alpha.
+
+ o Minor bugfixes (tests):
+ - Fix a signed-integer overflow in the unit tests for
+ dir/download_status_random_backoff, which was untriggered until we
+ fixed bug 17750. Fixes bug 22924; bugfix on 0.2.9.1-alpha.
+
+ o Minor bugfixes (usability, control port):
+ - Stop making an unnecessary routerlist check in NETINFO clock skew
+ detection; this was preventing clients from reporting NETINFO clock
+ skew to controllers. Fixes bug 23532; bugfix on 0.2.4.4-alpha.
+
+ o Code simplification and refactoring:
+ - Extract the code for handling newly-open channels into a separate
+ function from the general code to handle channel state
+ transitions. This change simplifies our callgraph, reducing the
+ size of the largest strongly connected component by roughly a
+ factor of two. Closes ticket 22608
+ - Remove dead code for largely unused statistics on the number of
+ times we've attempted various public key operations. Fixes bug
+ 19871; bugfix on 0.1.2.4-alpha. Fix by Isis Lovecruft.
+ - Remove several now-obsolete functions for asking about old
+ variants directory authority status. Closes ticket 22311; patch
+ from "huyvq".
+ - Remove some of the code that once supported "Named" and "Unnamed"
+ routers. Authorities no longer vote for these flags. Closes
+ ticket 22215.
+ - Rename the obsolete malleable hybrid_encrypt functions used in TAP
+ and old hidden services to indicate that they aren't suitable for
+ new protocols or formats. Closes ticket 23026.
+ - Replace our STRUCT_OFFSET() macro with offsetof(). Closes ticket
+ 22521. Patch from Neel Chauhan.
+ - Split the enormous circuit_send_next_onion_skin() function into
+ multiple subfunctions. Closes ticket 22804.
+ - Split the portions of the buffer.c module that handle particular
+ protocols into separate modules. Part of ticket 23149.
+ - Use our test macros more consistently, to produce more useful
+ error messages when our unit tests fail. Add coccinelle patches to
+ allow us to re-check for test macro uses. Closes ticket 22497.
+
+ o Deprecated features:
+ - Deprecate HTTPProxy/HTTPProxyAuthenticator config options. They
+ only applies to direct unencrypted HTTP connections to your
+ directory server, which your Tor probably isn't using. Closes
+ ticket 20575.
+
+ o Documentation:
+ - Clarify in the manual that "Sandbox 1" is only supported on Linux
+ kernels. Closes ticket 22677.
+ - Document all values of PublishServerDescriptor in the manpage.
+ Closes ticket 15645.
+ - Improve the documentation for the directory port part of the
+ DirAuthority line. Closes ticket 20152.
+ - Restore documentation for the authorities' "approved-routers"
+ file. Closes ticket 21148.
+
+ o Removed features:
+ - The AllowDotExit option has been removed as unsafe. It has been
+ deprecated since 0.2.9.2-alpha. Closes ticket 23426.
+ - The ClientDNSRejectInternalAddresses flag can no longer be set on
+ non-testing networks. It has been deprecated since 0.2.9.2-alpha.
+ Closes ticket 21031.
+ - The controller API no longer includes an AUTHDIR_NEWDESCS event:
+ nobody was using it any longer. Closes ticket 22377.
+
+ o Testing:
+ - The default chutney network tests now include tests for the v3
+ hidden service design. Make sure you have the latest version of
+ chutney if you want to run these. Closes ticket 22437.
+
+
Changes in version 0.2.8.15 - 2017-09-18
Tor 0.2.8.15 backports a collection of bugfixes from later
Tor series.
diff --git a/changes/15554 b/changes/15554
deleted file mode 100644
index c7ae7e557..000000000
--- a/changes/15554
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor features (testing):
- - Add a unit test to verify that we can parse a hardcoded v2
- hidden service descriptor. Closes ticket 15554.
-
diff --git a/changes/19307 b/changes/19307
deleted file mode 100644
index 35f323f1b..000000000
--- a/changes/19307
+++ /dev/null
@@ -1,7 +0,0 @@
- o Minor features (development support):
- - Developers can now generate a call-graph for Tor using the
- "calltool" python program, which post-processes object dumps. It
- should work okay on many Linux and OSX platforms, and might work
- elsewhere too. To run this, install calltool from
- https://gitweb.torproject.org/user/nickm/calltool.git and run
- "make callgraph". Closes ticket 19307.
diff --git a/changes/21148 b/changes/21148
deleted file mode 100644
index 4e3c33227..000000000
--- a/changes/21148
+++ /dev/null
@@ -1,4 +0,0 @@
- o Documentation:
- - Restore documentation for the authorities' "approved-routers" file.
- Closes ticket 21148.
-
diff --git a/changes/bug15645 b/changes/bug15645
deleted file mode 100644
index 781d20e09..000000000
--- a/changes/bug15645
+++ /dev/null
@@ -1,3 +0,0 @@
- o Documentation:
- - Document all values of PublishServerDescriptor in the manpage.
- Closes ticket 15645.
diff --git a/changes/bug1667 b/changes/bug1667
deleted file mode 100644
index 368f9e35b..000000000
--- a/changes/bug1667
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor features (control port):
- - If the control port is used as the HTTP proxy, responds with
- a meaningful "This is the Tor control port" message, and log
- the event. Closes ticket 1667. Patch from Ravi Chandra Padmala.
diff --git a/changes/bug17639 b/changes/bug17639
deleted file mode 100644
index be69edbc7..000000000
--- a/changes/bug17639
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor features (command line):
- - Add a new commandline option, --key-expiration, which prints when
- the current signing key is going to expire. Implements ticket
- 17639; patch by Isis Lovecruft.
diff --git a/changes/bug17750 b/changes/bug17750
deleted file mode 100644
index c5894a971..000000000
--- a/changes/bug17750
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfixes (directory downloads):
- - Make clients wait for 6 seconds before trying to download their
- consensus from an authority.
- Fixes bug 17750; bugfix on 0.2.8.1-alpha.
diff --git a/changes/bug18982 b/changes/bug18982
deleted file mode 100644
index bfcae4fb5..000000000
--- a/changes/bug18982
+++ /dev/null
@@ -1,6 +0,0 @@
- o Minor bugfixes (circuit logging):
- - torspec says hop counts are 1-based, so fix two log messages
- that mistakenly logged 0-based hop counts.
- Fixes bug 18982; bugfix on 0.2.6.2-alpha
- and 0.2.4.5-alpha. Patch by teor.
- Credit to Xiaofan Li for reporting this issue.
diff --git a/changes/bug19281 b/changes/bug19281
deleted file mode 100644
index 1586ba34f..000000000
--- a/changes/bug19281
+++ /dev/null
@@ -1,5 +0,0 @@
- o Minor bugfixes (correctness, controller):
- - Make the controller's write_escaped_data() function robust to extremely
- long inputs. Right now, it doesn't actually receive any extremely
- long inputs, so this is for defense in depth. Fixes bug 19281;
- bugfix on 0.1.1.1-alpha. Reported by Guido Vranken.
diff --git a/changes/bug19476 b/changes/bug19476
deleted file mode 100644
index dbde485b3..000000000
--- a/changes/bug19476
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfixes (heartbeat):
- - If we fail to write a heartbeat message, schedule a retry for the minimum
- heartbeat interval number of seconds in the future. Fixes bug 19476;
- bugfix on 0.2.3.1-alpha.
diff --git a/changes/bug19648 b/changes/bug19648
deleted file mode 100644
index e8c2a6a09..000000000
--- a/changes/bug19648
+++ /dev/null
@@ -1,5 +0,0 @@
- o Minor bugfixes (logging):
- - When logging the number of descriptors we intend to download per
- directory request, do not log a number higher than then the
- number of descriptors we're fetching in total. Fixes bug 19648;
- bugfix on 0.1.1.8-alpha.
diff --git a/changes/bug19871 b/changes/bug19871
deleted file mode 100644
index 4c4fbfa9e..000000000
--- a/changes/bug19871
+++ /dev/null
@@ -1,4 +0,0 @@
- o Code simplification and refactoring:
- - Remove dead code for largely unused statistics on the number of
- times we've attempted various public key operations. Fixes bug
- 19871; bugfix on 0.1.2.4-alpha. Fix by Isis Lovecruft.
diff --git a/changes/bug22006 b/changes/bug22006
deleted file mode 100644
index 8b6f128b9..000000000
--- a/changes/bug22006
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor features (ed25519):
- - Add validation function to checks for torsion components in ed25119
- public keys, used by prop224 client-side
- code. Closes ticket 22006. Math help by Ian Goldberg.
diff --git a/changes/bug22410 b/changes/bug22410
deleted file mode 100644
index ee5fc68f3..000000000
--- a/changes/bug22410
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor features (portability):
- - Check at configure time whether uint8_t is unsigned char. Lots
- of existing code already assumes this, and there could be strict
- aliasing issues if they aren't the same type. Closes ticket 22410.
diff --git a/changes/bug22461 b/changes/bug22461
deleted file mode 100644
index 3fd5e2164..000000000
--- a/changes/bug22461
+++ /dev/null
@@ -1,7 +0,0 @@
- o Minor bugfixes (client, usability):
- - Refrain from needlessly rejecting SOCKS5-with-hostnames and SOCKS4a
- requests that contain IP address strings, even when SafeSocks in
- enabled, as this prevents user from connecting to known IP addresses
- without relying on DNS for resolving. SafeSocks still rejects SOCKS
- connections that connect to IP addresses when those addresses are _not_
- encoded as hostnames. Fixes bug 22461; bugfix on Tor 0.2.6.2-alpha.
diff --git a/changes/bug22497 b/changes/bug22497
deleted file mode 100644
index 8cde87ff7..000000000
--- a/changes/bug22497
+++ /dev/null
@@ -1,4 +0,0 @@
- o Code simplification and refactoring:
- - Use our test macros more consistently, to produce more useful
- error messages when our unit tests fail. Add coccinelle patches
- to allow us to re-check for test macro uses. Closes ticket 22497.
diff --git a/changes/bug22677 b/changes/bug22677
deleted file mode 100644
index 6d750172a..000000000
--- a/changes/bug22677
+++ /dev/null
@@ -1,3 +0,0 @@
- o Documentation:
- - Clarify in the manual that "Sandbox 1" is only supported on Linux
- kernels. Closes ticket 22677.
diff --git a/changes/bug22731 b/changes/bug22731
deleted file mode 100644
index acb65d56e..000000000
--- a/changes/bug22731
+++ /dev/null
@@ -1,5 +0,0 @@
- o Minor features (relay, configuration):
- - Reject attempts to use relative file paths when RunAsDaemon is set.
- Previously, Tor would accept these, but the directory-changing step
- of RunAsDaemon would give strange and/or confusing results.
- Closes ticket 22731.
diff --git a/changes/bug22746 b/changes/bug22746
deleted file mode 100644
index b036460c3..000000000
--- a/changes/bug22746
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfixes (crypto):
- - Properly detect and refuse to blind bad ed25519 keys. The key blinding
- code is currently unused, so this bug does not affect tor clients or
- services on the network. Fixes bug 22746; bugfix on 0.2.6.1-alpha.
diff --git a/changes/bug22750 b/changes/bug22750
deleted file mode 100644
index 426cae6f1..000000000
--- a/changes/bug22750
+++ /dev/null
@@ -1,5 +0,0 @@
- o Minor bugfixes (linux seccomp2 sandbox, logging):
- - Fix some messages on unexpected errors from the seccomp2
- library. Fixes bug 22750; bugfix on 0.2.5.1-alpha. Patch
- from "cypherpunks".
-
diff --git a/changes/bug22779 b/changes/bug22779
deleted file mode 100644
index dc5bc3859..000000000
--- a/changes/bug22779
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor features (client, entry guards):
- - Add an extra check to make sure that we always use the
- new guard selection code for picking our guards. Closes
- ticket 22779.
diff --git a/changes/bug22802 b/changes/bug22802
deleted file mode 100644
index 7255164fd..000000000
--- a/changes/bug22802
+++ /dev/null
@@ -1,10 +0,0 @@
- o Minor bugfixes (format strictness):
- - Restrict several data formats to decimal. Previously, the
- BuildTimeHistogram entries in the state file, the "bw=" entries in the
- bandwidth authority file, and process IDs passed to the
- __OwningControllerProcess option could all be specified in hex or octal
- as well as in decimal. This was not an intentional feature.
- Fixes bug 22802; bugfixes on 0.2.2.1-alpha, 0.2.2.2-alpha, and
- 0.2.2.28-beta.
-
-
diff --git a/changes/bug22885 b/changes/bug22885
deleted file mode 100644
index d95e879eb..000000000
--- a/changes/bug22885
+++ /dev/null
@@ -1,5 +0,0 @@
- o Minor bugfixes (relay):
- - When uploading our descriptor for the first time after startup,
- report the reason for uploading as "Tor just started" rather than
- leaving it blank. Fixes bug 22885; bugfix on 0.2.3.4-alpha.
-
diff --git a/changes/bug22924 b/changes/bug22924
deleted file mode 100644
index 6d05f51cf..000000000
--- a/changes/bug22924
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfixes (tests):
- - Fix a signed-integer overflow in the unit tests for
- dir/download_status_random_backoff, which was untriggered until we
- fixed bug 17750. Fixes bug 22924; bugfix on 0.2.9.1-alpha.
diff --git a/changes/bug23026 b/changes/bug23026
deleted file mode 100644
index b00745cfa..000000000
--- a/changes/bug23026
+++ /dev/null
@@ -1,4 +0,0 @@
- o Code simplification and refactoring:
- - Rename the obsolete malleable hybrid_encrypt functions used in
- TAP and old hidden services to indicate that they aren't suitable
- for new protocols or formats. Closes ticket 23026.
diff --git a/changes/bug23054 b/changes/bug23054
deleted file mode 100644
index 39006cd80..000000000
--- a/changes/bug23054
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor features (static analysis):
- - The BUG() macro has been changed slightly so that Coverity no
- longer complains about dead code if the bug is impossible. Closes
- ticket 23054.
diff --git a/changes/bug23055 b/changes/bug23055
deleted file mode 100644
index eee1397c1..000000000
--- a/changes/bug23055
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfixes (certificate handling):
- - Fix a time handling bug in Tor certificates set to expire after
- the year 2106. Fixes bug 23055; bugfix on 0.3.0.1-alpha.
- Found by Coverity as CID 1415728.
diff --git a/changes/bug23091 b/changes/bug23091
deleted file mode 100644
index 6e2acf53c..000000000
--- a/changes/bug23091
+++ /dev/null
@@ -1,6 +0,0 @@
- o Minor bugfixes (consensus expiry):
- - Tor would reconsider updating its directory information every 2 minutes
- instead of only doing it for a consensus that is more than 24 hours old
- (badly expired). This specific check is done in the tor main loop
- callback that validates if we have an expired consensus. Fixes bug
- 23091; bugfix on 0.2.0.19-alpha.
diff --git a/changes/bug23098 b/changes/bug23098
deleted file mode 100644
index 2075f13ba..000000000
--- a/changes/bug23098
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfixes (portability):
- - Stop using the PATH_MAX variable. The variable is not defined in
- GNU Hurd which prevents Tor from being built. Fixes bug 23098;
- bugfix on 0.3.1.1-alpha.
diff --git a/changes/bug23106 b/changes/bug23106
deleted file mode 100644
index d4ced15f8..000000000
--- a/changes/bug23106
+++ /dev/null
@@ -1,5 +0,0 @@
- o Minor bugfixes (code correctness):
- - Call htons() in extend_cell_format() for encoding a 16-bit
- value. Previously we used ntohs(), which happens to behave the
- same on all the platforms we support, but which isn't really
- correct. Fixes bug 23106; bugfix on 0.2.4.8-alpha.
diff --git a/changes/bug23220 b/changes/bug23220
deleted file mode 100644
index 9c2efc959..000000000
--- a/changes/bug23220
+++ /dev/null
@@ -1,7 +0,0 @@
- o Minor features (client directory bandwidth tuning):
-
- - When downloading (micro)descriptors, don't split the list of
- descriptors into multiple requests unless there are at least 32
- descriptors that we want. Previously, we split at 4, not 32, which
- could lead to significant overhead in HTTP request size and
- degradation in compression performance. Closes ticket 23220.
diff --git a/changes/bug23366 b/changes/bug23366
deleted file mode 100644
index c7e0fdf2b..000000000
--- a/changes/bug23366
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfixes (test):
- - Fix a broken unit test for the OutboundAddress option: the parsing
- function was never returning an error on failure. Fixes bug 23366;
- bugfix on 0.3.0.3-alpha.
diff --git a/changes/bug23426 b/changes/bug23426
deleted file mode 100644
index 63c127c53..000000000
--- a/changes/bug23426
+++ /dev/null
@@ -1,4 +0,0 @@
- o Removed features:
- - The AllowDotExit option has been removed as unsafe. It has
- been deprecated since 0.2.9.2-alpha. Closes ticket 23426.
-
diff --git a/changes/bug23470 b/changes/bug23470
deleted file mode 100644
index d5b345b72..000000000
--- a/changes/bug23470
+++ /dev/null
@@ -1,5 +0,0 @@
- o Minor bugfix (relay address resolution):
- - Avoid unnecessary calls to directory_fetches_from_authorities()
- on relays. This avoids spurious address resolutions and
- descriptor rebuilds. This is a mitigation for bug 21789.
- Fixes bug 23470; bugfix on in 0.2.8.1-alpha.
diff --git a/changes/bug23487 b/changes/bug23487
deleted file mode 100644
index 89b55c243..000000000
--- a/changes/bug23487
+++ /dev/null
@@ -1,5 +0,0 @@
- o Minor bugfixes (logging):
- - When warning about a directory owned by the wrong user, log the actual
- name of the user owning the directory. Previously, we'd log the name
- of the process owner twice. Fixes bug 23487; bugfix on 0.2.9.1-alpha.
-
diff --git a/changes/bug23499 b/changes/bug23499
deleted file mode 100644
index 28ae57aae..000000000
--- a/changes/bug23499
+++ /dev/null
@@ -1,6 +0,0 @@
- o Minor bugfixes (directories):
- - Directory servers now include a "Date:" http header for response
- codes other than 200. Clients starting with a skewed clock and a
- recent consensus were getting "304 Not modified" responses from
- directory authorities, so without a Date header the client would
- never hear about a wrong clock. Fixes bug 23499; bugfix on 0.0.8rc1.
diff --git a/changes/bug23506 b/changes/bug23506
deleted file mode 100644
index f2efad4e7..000000000
--- a/changes/bug23506
+++ /dev/null
@@ -1,4 +0,0 @@
- o Major bugfixes (usability, control port):
- - Report trusted clock skew indications as bootstrap errors, so
- controllers can more easily alert users. Fixes bug 23506;
- bugfix on 0.1.2.6-alpha.
diff --git a/changes/bug23524 b/changes/bug23524
deleted file mode 100644
index 500520e72..000000000
--- a/changes/bug23524
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfixes (DoS-resistance):
- - If future code asks if there are any running bridges, without checking
- if bridges are enabled, log a BUG warning rather than crashing.
- Fixes bug 23524; bugfix on 0.3.0.1-alpha.
diff --git a/changes/bug23532 b/changes/bug23532
deleted file mode 100644
index 3eb2345ce..000000000
--- a/changes/bug23532
+++ /dev/null
@@ -1,5 +0,0 @@
- o Minor bugfixes (usability, control port):
- - Stop making an unnecessary routerlist check in NETINFO clock
- skew detection; this was preventing clients from reporting
- NETINFO clock skew to controllers. Fixes bug 23532; bugfix on
- 0.2.4.4-alpha.
diff --git a/changes/bug3056 b/changes/bug3056
deleted file mode 100644
index 1e9b9f9b4..000000000
--- a/changes/bug3056
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor features (exit relay, DNS):
- - Improve the clarity and safety of the log message from evdns when
- receiving an apparent spoofed DNS reply. Closes ticket 3056.
diff --git a/changes/bug4019 b/changes/bug4019
deleted file mode 100644
index 559c73b70..000000000
--- a/changes/bug4019
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfixes (logging):
- - Remove duplicate log messages regarding opening non-local SocksPorts
- upon parsing config and opening listeners at startup. Fixes bug 4019;
- bugfix on 0.2.3.3-alpha.
diff --git a/changes/bug5847 b/changes/bug5847
deleted file mode 100644
index 782fc7b72..000000000
--- a/changes/bug5847
+++ /dev/null
@@ -1,5 +0,0 @@
- o Minor features (control port):
- - Provide better error message for GETINFO desc/(id|name) when
- microdescriptors are in use and router descriptors are not fetched.
- Closes ticket 5847. Patch by Kevin Butler.
-
diff --git a/changes/bug7890 b/changes/bug7890
deleted file mode 100644
index 1daec58ae..000000000
--- a/changes/bug7890
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfixes (logging):
- - Use a more comprehensible log message when telling the user they've
- excluded every running exit node. Fixes bug 7890; bugfix on
- 0.2.2.25-alpha.
diff --git a/changes/doc20152 b/changes/doc20152
deleted file mode 100644
index 8b044e56d..000000000
--- a/changes/doc20152
+++ /dev/null
@@ -1,3 +0,0 @@
- o Documentation:
- - Improve the documentation for the directory port part of the
- DirAuthority line. Closes ticket 20152.
diff --git a/changes/feature19254 b/changes/feature19254
deleted file mode 100644
index 598ecc88d..000000000
--- a/changes/feature19254
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor features (controller):
- - Adds a timestamp field to the CIRC_BW and STREAM_BW bandwidth
- events. Closes ticket 19254. Patch by "DonnchaC".
diff --git a/changes/feature20119_1 b/changes/feature20119_1
deleted file mode 100644
index 69914f210..000000000
--- a/changes/feature20119_1
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor features (startup, safety):
- - When configured to write a PID file, Tor now exits if it is unable to
- do so. Previously, it would warn and continue. Closes ticket 20119.
diff --git a/changes/feature22407 b/changes/feature22407
deleted file mode 100644
index aec6c15f4..000000000
--- a/changes/feature22407
+++ /dev/null
@@ -1,5 +0,0 @@
- o Minor features (client):
- - You can now use Tor as a tunneled HTTP proxy: use the HTTPTunnelPort
- option to open a port that accepts HTTP CONNECT requests.
- Closes ticket 22407.
-
diff --git a/changes/feature22976 b/changes/feature22976
deleted file mode 100644
index 407fd15b0..000000000
--- a/changes/feature22976
+++ /dev/null
@@ -1,8 +0,0 @@
- o Minor features (integration, hardening):
- - Added a new NoExec option, to prevent Tor from running
- other programs. When this option is set to 1,
- Tor will never try to run another program, regardless of
- the settings of PortForwardingHelper, ClientTransportPlugin,
- or ServerTransportPlugin. Once NoExec is set, it cannot be
- disabled without restarting Tor.
- Closes ticket 22976.
diff --git a/changes/feature23090 b/changes/feature23090
deleted file mode 100644
index 44cdac5ca..000000000
--- a/changes/feature23090
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor features (linux seccomp2 sandbox):
- - If the sandbox filter fails to load, suggest to the user that their
- kernel might not support seccomp2. Closes ticket 23090.
diff --git a/changes/feature23237 b/changes/feature23237
deleted file mode 100644
index 261577261..000000000
--- a/changes/feature23237
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor features (controller):
- - Added new GETINFO targets ip-to-country/{ipv4,ipv6}-available, so
- controllers can tell whether the geoip databases are loaded.
- Closes ticket 23237.
diff --git a/changes/prop224 b/changes/prop224
deleted file mode 100644
index 9401ff783..000000000
--- a/changes/prop224
+++ /dev/null
@@ -1,36 +0,0 @@
- o Major features (next-generation onion services):
- - Tor now supports the next-generation onion services protocol for clients
- and services! As part of this release, the core of proposal 224 has been
- implemented and is available for experimentation and testing by our
- users. This newer version of onion services (v3) features various
- improvements over the legacy system:
- a) Better crypto (replaced SHA1/DH/RSA1024 with SHA3/ed25519/curve25519)
- b) Improved directory protocol leaking less to directory servers.
- c) Improved directory protocol with smaller surface for targeted attacks.
- d) Better onion address security against impersonation.
- e) More extensible introduction/rendezvous protocol.
- f) A cleaner and more modular codebase.
-
- Furthermore, as part of this update, onion addresses increase in length
- and are now 56 characters long:
- 4acth47i6kxnvkewtm6q7ib2s3ufpo5sqbsnzjpbi7utijcltosqemad.onion
-
- In the future, we will be releasing more options and features but we
- first need a testing period, so that the current codebase matures and
- becomes more robust. Here are some of the features we have planned:
- 1) Offline keys for onion services
- 2) Advanced client authorization for onion services
- 3) Improved guard algorithm for onion services
- 4) Next-gen onion service statistics
-
- Please see our proposal for more details:
- https://gitweb.torproject.org/torspec.git/tree/proposals/224-rend-spec-ng.t…
-
- The default version for onion services remains v2 (the legacy system)
- until this new codebase gets tested and hardened.
-
- Service operators who want to experiment with the new system can use the
- 'HiddenServiceVersion 3' torrc directive along with the regular onion
- service configuration options.
-
- We will publish a blog post about this new feature soon! Enjoy!
diff --git a/changes/refactor-buffer b/changes/refactor-buffer
deleted file mode 100644
index 29e0bc3e8..000000000
--- a/changes/refactor-buffer
+++ /dev/null
@@ -1,3 +0,0 @@
- o Code simplification and refactoring:
- - Split the portions of the buffer.c module that handle particular
- protocols into separate modules. Part of ticket 23149.
diff --git a/changes/ticket12541 b/changes/ticket12541
deleted file mode 100644
index db6d2ad50..000000000
--- a/changes/ticket12541
+++ /dev/null
@@ -1,23 +0,0 @@
- o Major feature (scheduler, channel):
- - Introducing the KIST scheduler which stands for Kernel Informed Socket
- Transport. It is only available on Linux systems. This comes from a
- researched and published paper you can find here:
-
- http://www.robgjansen.com/publications/kist-sec2014.pdf
- https://arxiv.org/abs/1709.01044
-
- This is also a major refactoring of the entire scheduler subsystem in
- order for it to be more modular and thus much more easier to add more
- scheduler type later. The current scheduler has been named "Vanilla" but
- we favor KIST if available in this version.
-
- A new torrc option has been added and named "Schedulers type1,type2,..."
- which allows a user to select which scheduler type it wants tor to use.
- It is also possible to change it at runtime. It is an ordered list by
- priority. KIST might not be available on all platforms so there is a
- fallback to "KISTLite" that uses the same mechanisms but without the
- kernel support.
-
- The current default values are: Schedulers KIST,KISTLite,Vanilla.
-
- Closes ticket 12541.
diff --git a/changes/ticket20488 b/changes/ticket20488
deleted file mode 100644
index ad1b87437..000000000
--- a/changes/ticket20488
+++ /dev/null
@@ -1,5 +0,0 @@
- o Minor features (logging, UI):
- - Improve the warning message for specifying a relay by nickname.
- The previous message implied that nickname registration was still
- part of the Tor network design, which it isn't. Closes ticket 20488.
-
diff --git a/changes/ticket20575 b/changes/ticket20575
deleted file mode 100644
index 6d9a5fc90..000000000
--- a/changes/ticket20575
+++ /dev/null
@@ -1,4 +0,0 @@
- o Deprecated features:
- - Deprecate HTTPProxy/HTTPProxyAuthenticator config options. They only
- applies to direct unencrypted HTTP connections to your directory server,
- which your Tor probably isn't using. Closes ticket 20575.
diff --git a/changes/ticket21031 b/changes/ticket21031
deleted file mode 100644
index 79ad5267b..000000000
--- a/changes/ticket21031
+++ /dev/null
@@ -1,5 +0,0 @@
- o Removed features:
- - The ClientDNSRejectInternalAddresses flag can no longer be set on
- non-testing networks. It has been deprecated since 0.2.9.2-alpha.
- Closes ticket 21031.
-
diff --git a/changes/ticket22215 b/changes/ticket22215
deleted file mode 100644
index 3ede7ca9e..000000000
--- a/changes/ticket22215
+++ /dev/null
@@ -1,5 +0,0 @@
- o Code simplification and refactoring:
- - Remove some of the code that once supported "Named" and "Unnamed"
- routers. Authorities no longer vote for these flags. Closes ticket
- 22215.
-
diff --git a/changes/ticket22281 b/changes/ticket22281
deleted file mode 100644
index 95787580f..000000000
--- a/changes/ticket22281
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor features (bug detection):
- - Log a warning message, with stack trace, for any attempt to call
- get_options() during option validation. Closes ticket 22281.
diff --git a/changes/ticket22311 b/changes/ticket22311
deleted file mode 100644
index 0bfd465f8..000000000
--- a/changes/ticket22311
+++ /dev/null
@@ -1,3 +0,0 @@
- o Code simplification and refactoring:
- - Remove several now-obsolete functions for asking about old variants
- directory authority status. Closes ticket 22311; patch from "huyvq".
diff --git a/changes/ticket22377 b/changes/ticket22377
deleted file mode 100644
index 4f15c1620..000000000
--- a/changes/ticket22377
+++ /dev/null
@@ -1,4 +0,0 @@
- o Removed features:
- - The controller API no longer includes an AUTHDIR_NEWDESCS event:
- nobody was using it any longer. Closes ticket 22377.
-
diff --git a/changes/ticket22437 b/changes/ticket22437
deleted file mode 100644
index 8e4c9630c..000000000
--- a/changes/ticket22437
+++ /dev/null
@@ -1,4 +0,0 @@
- o Testing:
- - The default chutney network tests now include tests for the
- v3 hidden service design. Make sure you have the latest
- version of chutney if you want to run these. Closes ticket 22437.
diff --git a/changes/ticket22521 b/changes/ticket22521
deleted file mode 100644
index 15a6218fa..000000000
--- a/changes/ticket22521
+++ /dev/null
@@ -1,3 +0,0 @@
- o Code simplification and refactoring:
- - Replace our STRUCT_OFFSET() macro with offsetof(). Closes
- ticket 22521. Patch from Neel Chauhan.
diff --git a/changes/ticket22608 b/changes/ticket22608
deleted file mode 100644
index 5aa9db27f..000000000
--- a/changes/ticket22608
+++ /dev/null
@@ -1,6 +0,0 @@
- o Code simplification and refactoring:
- - Extract the code for handling newly-open channels into a separate
- function from the general code to handle channel state transitions.
- This change simplifies our callgraph, reducing the size of the largest
- strongly connected component by roughly a factor of two.
- Closes ticket 22608
diff --git a/changes/ticket22684 b/changes/ticket22684
deleted file mode 100644
index f1d9d21ab..000000000
--- a/changes/ticket22684
+++ /dev/null
@@ -1,5 +0,0 @@
- o Minor features (control):
- - Add GETINFO desc/download-enabled and md/download-enabled, to
- inform the controller whether try to download router descriptors
- and microdescriptors respectively. Closes ticket 22684.
-
diff --git a/changes/ticket22804 b/changes/ticket22804
deleted file mode 100644
index a5d71c512..000000000
--- a/changes/ticket22804
+++ /dev/null
@@ -1,4 +0,0 @@
- o Code simplification and refactoring:
-
- - Split the enormous circuit_send_next_onion_skin() function into
- multiple subfunctions. Closes ticket 22804.
diff --git a/changes/ticket22895 b/changes/ticket22895
deleted file mode 100644
index a3f7b8601..000000000
--- a/changes/ticket22895
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor bugfixes (compilation):
- - Fix unused variable warnings in donna's Curve25519 SSE2 code.
- Fixes bug 22895; bugfix on 0.2.7.2-alpha.
1
0

[tor/master] Use the lintChanges script to fix style issues in changes entries
by nickm@torproject.org 18 Sep '17
by nickm@torproject.org 18 Sep '17
18 Sep '17
commit 523188afdb4488724da2487d86bfa2ad87f96cb2
Author: Nick Mathewson <nickm(a)torproject.org>
Date: Mon Sep 18 10:24:03 2017 -0400
Use the lintChanges script to fix style issues in changes entries
---
changes/{19037 => 19307} | 0
changes/bug17639 | 8 ++++----
changes/bug17750 | 2 +-
changes/bug18982 | 4 ++--
changes/bug19476 | 7 ++++---
changes/bug19871 | 8 ++++----
changes/bug22006 | 6 +++---
changes/bug22410 | 4 ++--
changes/bug22461 | 2 +-
changes/bug22924 | 2 +-
changes/bug23091 | 2 +-
changes/bug23347 | 9 ---------
changes/bug23366 | 6 +++---
changes/bug23470 | 5 ++---
changes/bug23499 | 2 +-
changes/bug23524 | 2 +-
changes/bug23525 | 6 ------
changes/bug3056 | 6 +++---
changes/bug4019 | 2 +-
changes/refactor-buffer | 2 +-
changes/ticket20575 | 6 +++---
changes/ticket22215 | 2 +-
22 files changed, 39 insertions(+), 54 deletions(-)
diff --git a/changes/19037 b/changes/19307
similarity index 100%
rename from changes/19037
rename to changes/19307
diff --git a/changes/bug17639 b/changes/bug17639
index 4073514fd..be69edbc7 100644
--- a/changes/bug17639
+++ b/changes/bug17639
@@ -1,4 +1,4 @@
- o Minor features:
- - Add a new commandline option, --key-expiration, which prints when
- the current signing key is going to expire. Implements ticket
- 17639; patch by Isis Lovecruft.
+ o Minor features (command line):
+ - Add a new commandline option, --key-expiration, which prints when
+ the current signing key is going to expire. Implements ticket
+ 17639; patch by Isis Lovecruft.
diff --git a/changes/bug17750 b/changes/bug17750
index eb77b77ab..c5894a971 100644
--- a/changes/bug17750
+++ b/changes/bug17750
@@ -1,4 +1,4 @@
o Minor bugfixes (directory downloads):
- Make clients wait for 6 seconds before trying to download their
consensus from an authority.
- Fixes bug 17750, bugfix on 0.2.8.1-alpha.
+ Fixes bug 17750; bugfix on 0.2.8.1-alpha.
diff --git a/changes/bug18982 b/changes/bug18982
index bb0383d13..bfcae4fb5 100644
--- a/changes/bug18982
+++ b/changes/bug18982
@@ -1,6 +1,6 @@
o Minor bugfixes (circuit logging):
- torspec says hop counts are 1-based, so fix two log messages
that mistakenly logged 0-based hop counts.
- Closes ticket 18982, bugfix on 0275b6876 in tor 0.2.6.2-alpha
- and 907db008a in tor 0.2.4.5-alpha. Patch by teor.
+ Fixes bug 18982; bugfix on 0.2.6.2-alpha
+ and 0.2.4.5-alpha. Patch by teor.
Credit to Xiaofan Li for reporting this issue.
diff --git a/changes/bug19476 b/changes/bug19476
index 25a057868..dbde485b3 100644
--- a/changes/bug19476
+++ b/changes/bug19476
@@ -1,3 +1,4 @@
- o Minor changes:
- - If we fail to write a heartbeat message, schedule a retry for the minimum
- heartbeat interval number of seconds in the future. Fixes bug 19476.
+ o Minor bugfixes (heartbeat):
+ - If we fail to write a heartbeat message, schedule a retry for the minimum
+ heartbeat interval number of seconds in the future. Fixes bug 19476;
+ bugfix on 0.2.3.1-alpha.
diff --git a/changes/bug19871 b/changes/bug19871
index 5f1c9dc80..4c4fbfa9e 100644
--- a/changes/bug19871
+++ b/changes/bug19871
@@ -1,4 +1,4 @@
- o Code refactoring:
- - Remove dead code for largely unused statistics on the number of
- times we've attempted various public key operations. Fixes bug
- 19871; fix by Isis Lovecruft. Bugfix on 0.1.2.4-alpha.
+ o Code simplification and refactoring:
+ - Remove dead code for largely unused statistics on the number of
+ times we've attempted various public key operations. Fixes bug
+ 19871; bugfix on 0.1.2.4-alpha. Fix by Isis Lovecruft.
diff --git a/changes/bug22006 b/changes/bug22006
index 912bdd87b..8b6f128b9 100644
--- a/changes/bug22006
+++ b/changes/bug22006
@@ -1,4 +1,4 @@
o Minor features (ed25519):
- - Add validation function that checks for torsion components in ed25119
- public keys. Currently unused but will be used by prop224 client-side
- code. Addresses ticket #22006. Math help by Ian Goldberg.
+ - Add validation function to checks for torsion components in ed25119
+ public keys, used by prop224 client-side
+ code. Closes ticket 22006. Math help by Ian Goldberg.
diff --git a/changes/bug22410 b/changes/bug22410
index 678a26dce..ee5fc68f3 100644
--- a/changes/bug22410
+++ b/changes/bug22410
@@ -1,4 +1,4 @@
- o Minor bugfixes (portability):
+ o Minor features (portability):
- Check at configure time whether uint8_t is unsigned char. Lots
of existing code already assumes this, and there could be strict
- aliasing issues if they aren't the same type. Fixes #22410.
+ aliasing issues if they aren't the same type. Closes ticket 22410.
diff --git a/changes/bug22461 b/changes/bug22461
index 545468281..3fd5e2164 100644
--- a/changes/bug22461
+++ b/changes/bug22461
@@ -4,4 +4,4 @@
enabled, as this prevents user from connecting to known IP addresses
without relying on DNS for resolving. SafeSocks still rejects SOCKS
connections that connect to IP addresses when those addresses are _not_
- encoded as hostnames. Fixes bug 22461, bugfix on Tor 0.2.6.2-alpha.
+ encoded as hostnames. Fixes bug 22461; bugfix on Tor 0.2.6.2-alpha.
diff --git a/changes/bug22924 b/changes/bug22924
index e59fc724e..6d05f51cf 100644
--- a/changes/bug22924
+++ b/changes/bug22924
@@ -1,4 +1,4 @@
- o Minor bugfies (tests):
+ o Minor bugfixes (tests):
- Fix a signed-integer overflow in the unit tests for
dir/download_status_random_backoff, which was untriggered until we
fixed bug 17750. Fixes bug 22924; bugfix on 0.2.9.1-alpha.
diff --git a/changes/bug23091 b/changes/bug23091
index 7dfb7e418..6e2acf53c 100644
--- a/changes/bug23091
+++ b/changes/bug23091
@@ -3,4 +3,4 @@
instead of only doing it for a consensus that is more than 24 hours old
(badly expired). This specific check is done in the tor main loop
callback that validates if we have an expired consensus. Fixes bug
- 23091; bugfix on tor-0.2.0.19-alpha.
+ 23091; bugfix on 0.2.0.19-alpha.
diff --git a/changes/bug23347 b/changes/bug23347
deleted file mode 100644
index e73aa48f0..000000000
--- a/changes/bug23347
+++ /dev/null
@@ -1,9 +0,0 @@
- o Minor fixes (bridge client bootstrap):
- - Make bridge clients with no running bridges try to download
- bridge descriptors immediately. But when bridge clients have
- running bridges, make them wait at least 3 hours before
- refreshing recently received bridge descriptors.
- Download schedules used to start with an implicit 0, but the
- fix for 17750 changed this undocumented behaviour, and made
- bridge clients hang for 15 minutes before bootstrapping.
- Fixes bug 23347, not in any released version of Tor.
diff --git a/changes/bug23366 b/changes/bug23366
index 85e370f61..c7e0fdf2b 100644
--- a/changes/bug23366
+++ b/changes/bug23366
@@ -1,4 +1,4 @@
o Minor bugfixes (test):
- - Fix a broken OutboundAddress option unit test because the parsing
- function was never returning an error on failure. Fixes bug #23366.;
- bugfix on tor-0.3.0.3-alpha.
+ - Fix a broken unit test for the OutboundAddress option: the parsing
+ function was never returning an error on failure. Fixes bug 23366;
+ bugfix on 0.3.0.3-alpha.
diff --git a/changes/bug23470 b/changes/bug23470
index 33367b3a3..d5b345b72 100644
--- a/changes/bug23470
+++ b/changes/bug23470
@@ -1,6 +1,5 @@
o Minor bugfix (relay address resolution):
- Avoid unnecessary calls to directory_fetches_from_authorities()
on relays. This avoids spurious address resolutions and
- descriptor rebuilds. This is a mitigation for 21789. The original
- bug was introduced in commit 35bbf2e as part of prop210.
- Fixes 23470 in 0.2.8.1-alpha.
+ descriptor rebuilds. This is a mitigation for bug 21789.
+ Fixes bug 23470; bugfix on in 0.2.8.1-alpha.
diff --git a/changes/bug23499 b/changes/bug23499
index e53b03c34..28ae57aae 100644
--- a/changes/bug23499
+++ b/changes/bug23499
@@ -1,4 +1,4 @@
- o Minor bugfixes:
+ o Minor bugfixes (directories):
- Directory servers now include a "Date:" http header for response
codes other than 200. Clients starting with a skewed clock and a
recent consensus were getting "304 Not modified" responses from
diff --git a/changes/bug23524 b/changes/bug23524
index c8ece5293..500520e72 100644
--- a/changes/bug23524
+++ b/changes/bug23524
@@ -1,4 +1,4 @@
o Minor bugfixes (DoS-resistance):
- If future code asks if there are any running bridges, without checking
if bridges are enabled, log a BUG warning rather than crashing.
- Fixes 23524 on 0.3.0.1-alpha.
+ Fixes bug 23524; bugfix on 0.3.0.1-alpha.
diff --git a/changes/bug23525 b/changes/bug23525
deleted file mode 100644
index 3a9c766c3..000000000
--- a/changes/bug23525
+++ /dev/null
@@ -1,6 +0,0 @@
- o Minor bugfixes (control port):
- - Make download status next attempts reported over the control port
- consistent with the time used by tor. This issue only occurs if a
- download status has not been reset before it is queried over the
- control port.
- Fixes 23525, not in any released version of tor.
diff --git a/changes/bug3056 b/changes/bug3056
index 62bec20d5..1e9b9f9b4 100644
--- a/changes/bug3056
+++ b/changes/bug3056
@@ -1,3 +1,3 @@
- o Minor features (exit relay, DNS):
- - Improve the clarity and safety of the log message from evdns when
- receiving an apparent spoofed DNS reply. Closes ticket 3056.
+ o Minor features (exit relay, DNS):
+ - Improve the clarity and safety of the log message from evdns when
+ receiving an apparent spoofed DNS reply. Closes ticket 3056.
diff --git a/changes/bug4019 b/changes/bug4019
index fef736ff6..559c73b70 100644
--- a/changes/bug4019
+++ b/changes/bug4019
@@ -1,4 +1,4 @@
o Minor bugfixes (logging):
- Remove duplicate log messages regarding opening non-local SocksPorts
upon parsing config and opening listeners at startup. Fixes bug 4019;
- bugfix on tor-0.2.3.3-alpha.
+ bugfix on 0.2.3.3-alpha.
diff --git a/changes/refactor-buffer b/changes/refactor-buffer
index 36b029672..29e0bc3e8 100644
--- a/changes/refactor-buffer
+++ b/changes/refactor-buffer
@@ -1,3 +1,3 @@
- o Code simplifications and refactoring:
+ o Code simplification and refactoring:
- Split the portions of the buffer.c module that handle particular
protocols into separate modules. Part of ticket 23149.
diff --git a/changes/ticket20575 b/changes/ticket20575
index bfbf03f6b..6d9a5fc90 100644
--- a/changes/ticket20575
+++ b/changes/ticket20575
@@ -1,4 +1,4 @@
- o Deprecation (config):
- - Deprecate HTTPProxy/HTTPProxyAuthenticator config options. It only
+ o Deprecated features:
+ - Deprecate HTTPProxy/HTTPProxyAuthenticator config options. They only
applies to direct unencrypted HTTP connections to your directory server,
- which your Tor probably isn't using. Fixes bug 20575.
+ which your Tor probably isn't using. Closes ticket 20575.
diff --git a/changes/ticket22215 b/changes/ticket22215
index 4abeaf2c5..3ede7ca9e 100644
--- a/changes/ticket22215
+++ b/changes/ticket22215
@@ -1,5 +1,5 @@
o Code simplification and refactoring:
- Remove some of the code that once supported "Named" and "Unnamed"
routers. Authorities no longer vote for these flags. Closes ticket
- 23478.
+ 22215.
1
0
commit aaf0fa6d1177c045a46ad1e5d6321396bf3690cd
Merge: 0bd62c1d9 63ae9ea31
Author: Nick Mathewson <nickm(a)torproject.org>
Date: Mon Sep 18 10:48:31 2017 -0400
Merge branch 'maint-0.3.1'
src/test/hs_ntor_ref.py | 22 +++++++++++-----------
1 file changed, 11 insertions(+), 11 deletions(-)
1
0
commit d9dccb00ccc8518f716d798786b0144980e6b368
Author: Nick Mathewson <nickm(a)torproject.org>
Date: Mon Sep 18 10:30:41 2017 -0400
Bump to 0.3.2.1-alpha
---
configure.ac | 2 +-
contrib/win32build/tor-mingw.nsi.in | 2 +-
src/win32/orconfig.h | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/configure.ac b/configure.ac
index c449294d0..50e7ec2f7 100644
--- a/configure.ac
+++ b/configure.ac
@@ -4,7 +4,7 @@ dnl Copyright (c) 2007-2017, The Tor Project, Inc.
dnl See LICENSE for licensing information
AC_PREREQ([2.63])
-AC_INIT([tor],[0.3.2.0-alpha-dev])
+AC_INIT([tor],[0.3.2.1-alpha])
AC_CONFIG_SRCDIR([src/or/main.c])
AC_CONFIG_MACRO_DIR([m4])
diff --git a/contrib/win32build/tor-mingw.nsi.in b/contrib/win32build/tor-mingw.nsi.in
index 9f3a86a69..471f64e7f 100644
--- a/contrib/win32build/tor-mingw.nsi.in
+++ b/contrib/win32build/tor-mingw.nsi.in
@@ -8,7 +8,7 @@
!include "LogicLib.nsh"
!include "FileFunc.nsh"
!insertmacro GetParameters
-!define VERSION "0.3.2.0-alpha-dev"
+!define VERSION "0.3.2.1-alpha"
!define INSTALLER "tor-${VERSION}-win32.exe"
!define WEBSITE "https://www.torproject.org/"
!define LICENSE "LICENSE"
diff --git a/src/win32/orconfig.h b/src/win32/orconfig.h
index 9b16c6475..5882b66e2 100644
--- a/src/win32/orconfig.h
+++ b/src/win32/orconfig.h
@@ -218,7 +218,7 @@
#define USING_TWOS_COMPLEMENT
/* Version number of package */
-#define VERSION "0.3.2.0-alpha-dev"
+#define VERSION "0.3.2.1-alpha"
1
0