July 2018 - tor-commits - lists.torproject.org

[translation/support-miscellaneous] Update translations for support-miscellaneous
by translation＠torproject.org 13 Jul '18

13 Jul '18

commit 206d7ff670bcd6084ed777f55721d168c0104508 Author: Translation commit bot <translation(a)torproject.org> Date: Fri Jul 13 12:19:35 2018 +0000 Update translations for support-miscellaneous --- tr.json | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/tr.json b/tr.json index 110a801d9..6f5082295 100644 --- a/tr.json +++ b/tr.json @@ -32,37 +32,37 @@ "misc-6": { "id": "#diger-6", "control": "diger-6", - "title": "Does Tor keep logs?", - "description": "Tor doesn't keep any logs that could identify a particular user. We do take some safe measurements of how the network functions, which you can check out at <a href=\"https://metrics.torproject.org/\">Tor Metrics</a>." + "title": "Tor günlükleri tutuyor mu?", + "description": "Tor, belirli bir kullanıcıyı tanımlayabilecek herhangi bir kayıt tutmaz. Ağın nasıl çalıştığına dair bazı güvenli ölçümler alıyoruz, ki bunlara bakabilirsiniz:<a href=\"https://metrics.torproject.org/\">Tor Metrikleri</a>." }, "misc-7": { "id": "#diger-7", "control": "diger-7", - "title": "Does Tor Project offer email service or other privacy protecting web services?", - "description": "No, we don't provide any online services. A list of all of our software projects can be found on our <a href=\"https://www.torproject.org/projects/projects.html.en\">projects page</a>." + "title": "Tor Project e-posta hizmeti veya web servislerini koruyan diğer gizlilik sunuyor mu?", + "description": "Hayır, herhangi bir çevrimiçi hizmet sunmuyoruz. Tüm yazılım projelerimizin bir listesini bulabilirsiniz: <a href=\"https://www.torproject.org/projects/projects.html.en\">proje sayfası</a>." }, "misc-8": { "id": "#diger-8", "control": "diger-8", - "title": "Can I use the Tor logo in my product?", - "description": "You can read all about that on our <a href=\"https://www.torproject.org/docs/trademark-faq.html\">Trademark faq page</a>." + "title": "Tor logosunu ürünümde kullanabilir miyim?", + "description": "Bunun hakkında her şeyi okuyabilirsiniz:<a href=\"https://www.torproject.org/docs/trademark-faq.html\">Ticari marka SSS sayfası</a>." }, "misc-9": { "id": "#diger-9", "control": "diger-9", - "title": "I'm having a problem updating or using Vidalia.", - "description": "Vidalia is no longer maintained or supported. A large portion of the features Vidalia offered have now been integrated into Tor Browser itself." + "title": "Vidalia'yı güncelleştirirken veya kullanırken bir sorun yaşıyorum.", + "description": "Vidalia artık korunmuyor veya desteklenmiyor. Vidalia'nın sunduğu özelliklerin büyük bir kısmı şimdi Tor Browser'ın kendisine entegre edilmiştir." }, "misc-10": { "id": "#diger-10", "control": "diger-10", - "title": "Does the Tor Project offer hosting?", - "description": "No, the Tor Project does not offer hosting services." + "title": "Tor Project hosting sunuyor mu?", + "description": "Hayır, Tor Projesi hosting hizmeti sunmuyor." }, "misc-11": { "id": "#diger-11", "control": "diger-11", - "title": "Can I change the number of hops Tor uses?", + "title": "Tor'un kullandığı atlama sayısını değiştirebilir miyim?", "description": "Right now the path length is hard-coded at 3 plus the number of nodes in your path that are sensitive. That is, in normal cases it's 3, but for example if you're accessing an onion service or a \".exit\" address it could be more.<p class=\"mb-3\"We don't want to encourage people to use paths longer than this as it increases load on the network without (as far as we can tell) providing any more security. Also, using paths longer than 3 could harm anonymity, first because it makes<a href=\"https://www.freehaven.net/anonbib/#ccs07-doa\">denial of security</a> ttacks easier, and second because it could act as an identifier if only a small number of users have the same path length as you." }, "misc-12": {

1 0

[translation/support-tormobile] Update translations for support-tormobile
by translation＠torproject.org 13 Jul '18

13 Jul '18

commit 03dbc9254dacac0fea0a16386e41b4b3d707a463 Author: Translation commit bot <translation(a)torproject.org> Date: Fri Jul 13 11:49:48 2018 +0000 Update translations for support-tormobile --- tr.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tr.json b/tr.json index b0f96b99e..b3753c8f6 100644 --- a/tr.json +++ b/tr.json @@ -14,14 +14,14 @@ "tormobile-3": { "id": "#tormobil-3", "control": "tormobil-3", - "title": "Can I run Tor on an iOS device?", + "title": "Bir iOS cihazında Tor kullanabilir miyim?", "description": " We recommend an iOS app called Onion Browser, which is open source, uses Tor routing, and is developed by someone who works closely with the Tor Project. However, Apple requires browsers on iOS to use something called Webkit, which prevents Onion Browser from having the same privacy protections as Tor Browser. <a href=\"https://blog.torproject.org/tor-heart-onion-browser-and-more-ios-tor\">Learn more about Onion Browser</a>." }, "tormobile-4": { "id": "#tormobil-4", "control": "tormobil-4", - "title": "How do I run Tor on Windows Phone?", - "description": "There is currently no supported method for running Tor on Windows Phone." + "title": "Windows Phone'da Tor'u nasıl çalıştırırım?", + "description": "Şu anda Windows Phone'da Tor çalıştırmak için desteklenen bir yöntem yoktur." }, "tormobile-5": { "id": "#tormobil-5",

1 0

[translation/tor-browser-manual] Update translations for tor-browser-manual
by translation＠torproject.org 13 Jul '18

13 Jul '18

commit 862602df288e74eec15a76b2ac6735cf723054cd Author: Translation commit bot <translation(a)torproject.org> Date: Fri Jul 13 09:48:45 2018 +0000 Update translations for tor-browser-manual --- sr/sr.po | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sr/sr.po b/sr/sr.po index bfd53f2d8..e74942e1a 100644 --- a/sr/sr.po +++ b/sr/sr.po @@ -279,6 +279,8 @@ msgid "" "To use pluggable transports, click \"Configure\" in the Tor Launcher window " "that appears when you first run Tor Browser." msgstr "" +"Da biste koristili priključive transporte, kliknite na \"Konfiguriši\" u Tor" +" Pokretač prozoru koji se pojavi kada prvo pokrenete Tor Pretraživač." #: circumvention.page:33 msgid ""

1 0

[onionoo/master] Allows filtering by operating system
by karsten＠torproject.org 13 Jul '18

13 Jul '18

commit e95b88f0c344546df2e23262e13e3714040c36ad Author: Iain R. Learmonth <irl(a)fsfe.org> Date: Wed Jul 11 13:08:25 2018 +0100 Allows filtering by operating system The filter is applicable to both bridges and relays. It uses basic string operations to extract the operating system from the platform line of descriptors. Fixes: #6946 --- CHANGELOG.md | 1 + .../org/torproject/onionoo/docs/DocumentStore.java | 5 ++- .../org/torproject/onionoo/docs/NodeStatus.java | 10 +++++ .../torproject/onionoo/docs/SummaryDocument.java | 18 ++++++-- .../org/torproject/onionoo/server/NodeIndex.java | 22 +++++++++ .../org/torproject/onionoo/server/NodeIndexer.java | 22 +++++++++ .../torproject/onionoo/server/RequestHandler.java | 30 +++++++++++++ .../torproject/onionoo/server/ResourceServlet.java | 21 ++++++++- .../onionoo/updater/NodeDetailsStatusUpdater.java | 6 +++ .../onionoo/writer/SummaryDocumentWriter.java | 5 ++- .../onionoo/docs/SummaryDocumentTest.java | 2 +- .../onionoo/server/ResourceServletTest.java | 52 +++++++++++++++++++--- .../server/SummaryDocumentComparatorTest.java | 2 +- 13 files changed, 179 insertions(+), 17 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d4cfb82..a9f21b6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ * Medium changes - Provide more accurate DNS results in "verified_host_names" and "unverified_host_names". + - Allow filtering by operating system using the new "os" parameter. * Minor changes - Index relays with no known country code or autonomous system diff --git a/src/main/java/org/torproject/onionoo/docs/DocumentStore.java b/src/main/java/org/torproject/onionoo/docs/DocumentStore.java index 0d75bf9..e474684 100644 --- a/src/main/java/org/torproject/onionoo/docs/DocumentStore.java +++ b/src/main/java/org/torproject/onionoo/docs/DocumentStore.java @@ -448,6 +448,7 @@ public class DocumentStore { SortedSet<String> relayFlags = new TreeSet<>(); SortedSet<String> family = null; String version = null; + String operatingSystem = null; long lastSeenMillis = -1L; long consensusWeight = -1L; long firstSeenMillis = -1L; @@ -458,8 +459,8 @@ public class DocumentStore { SummaryDocument summaryDocument = new SummaryDocument(isRelay, nickname, fingerprint, addresses, lastSeenMillis, running, relayFlags, consensusWeight, countryCode, firstSeenMillis, - asNumber, contact, family, family, version, hostName, - verifiedHostNames, unverifiedHostNames, + asNumber, contact, family, family, version, operatingSystem, + hostName, verifiedHostNames, unverifiedHostNames, recommendedVersion); return summaryDocument; } diff --git a/src/main/java/org/torproject/onionoo/docs/NodeStatus.java b/src/main/java/org/torproject/onionoo/docs/NodeStatus.java index 64332da..46da822 100644 --- a/src/main/java/org/torproject/onionoo/docs/NodeStatus.java +++ b/src/main/java/org/torproject/onionoo/docs/NodeStatus.java @@ -343,6 +343,16 @@ public class NodeStatus extends Document { return this.versionStatus; } + private String operatingSystem; + + public void setOperatingSystem(String operatingSystem) { + this.operatingSystem = operatingSystem; + } + + public String getOperatingSystem() { + return this.operatingSystem; + } + /* From exit lists: */ private SortedSet<String> exitAddresses; diff --git a/src/main/java/org/torproject/onionoo/docs/SummaryDocument.java b/src/main/java/org/torproject/onionoo/docs/SummaryDocument.java index 8b5a5e1..92ebe69 100644 --- a/src/main/java/org/torproject/onionoo/docs/SummaryDocument.java +++ b/src/main/java/org/torproject/onionoo/docs/SummaryDocument.java @@ -298,6 +298,17 @@ public class SummaryDocument extends Document { return this.version; } + @JsonProperty("o") + private String operatingSystem; + + public void setOperatingSystem(String operatingSystem) { + this.operatingSystem = operatingSystem; + } + + public String getOperatingSystem() { + return this.operatingSystem; + } + @JsonProperty("h") private String hostName; @@ -355,9 +366,9 @@ public class SummaryDocument extends Document { boolean running, SortedSet<String> relayFlags, long consensusWeight, String countryCode, long firstSeenMillis, String asNumber, String contact, SortedSet<String> familyFingerprints, - SortedSet<String> effectiveFamily, String version, String hostName, - List<String> verifiedHostNames, List<String> unverifiedHostNames, - Boolean recommendedVersion) { + SortedSet<String> effectiveFamily, String version, String operatingSystem, + String hostName, List<String> verifiedHostNames, + List<String> unverifiedHostNames, Boolean recommendedVersion) { this.setRelay(isRelay); this.setNickname(nickname); this.setFingerprint(fingerprint); @@ -373,6 +384,7 @@ public class SummaryDocument extends Document { this.setFamilyFingerprints(familyFingerprints); this.setEffectiveFamily(effectiveFamily); this.setVersion(version); + this.setOperatingSystem(operatingSystem); this.setHostName(hostName); this.setVerifiedHostNames(verifiedHostNames); this.setUnverifiedHostNames(unverifiedHostNames); diff --git a/src/main/java/org/torproject/onionoo/server/NodeIndex.java b/src/main/java/org/torproject/onionoo/server/NodeIndex.java index 77993a3..ed9ec44 100644 --- a/src/main/java/org/torproject/onionoo/server/NodeIndex.java +++ b/src/main/java/org/torproject/onionoo/server/NodeIndex.java @@ -190,6 +190,28 @@ class NodeIndex { return this.bridgesByVersion; } + private Map<String, Set<String>> relaysByOperatingSystem; + + public void setRelaysByOperatingSystem( + Map<String, Set<String>> relaysByOperatingSystem) { + this.relaysByOperatingSystem = relaysByOperatingSystem; + } + + public Map<String, Set<String>> getRelaysByOperatingSystem() { + return this.relaysByOperatingSystem; + } + + private Map<String, Set<String>> bridgesByOperatingSystem; + + public void setBridgesByOperatingSystem( + Map<String, Set<String>> bridgesByOperatingSystem) { + this.bridgesByOperatingSystem = bridgesByOperatingSystem; + } + + public Map<String, Set<String>> getBridgesByOperatingSystem() { + return this.bridgesByOperatingSystem; + } + private Map<String, Set<String>> relaysByHostName; public void setRelaysByHostName(Map<String, Set<String>> relaysByHostName) { diff --git a/src/main/java/org/torproject/onionoo/server/NodeIndexer.java b/src/main/java/org/torproject/onionoo/server/NodeIndexer.java index f6b84b8..1f1d279 100644 --- a/src/main/java/org/torproject/onionoo/server/NodeIndexer.java +++ b/src/main/java/org/torproject/onionoo/server/NodeIndexer.java @@ -157,6 +157,8 @@ public class NodeIndexer implements ServletContextListener, Runnable { Map<String, Set<String>> newRelaysByFamily = new HashMap<>(); Map<String, Set<String>> newRelaysByVersion = new HashMap<>(); Map<String, Set<String>> newBridgesByVersion = new HashMap<>(); + Map<String, Set<String>> newRelaysByOperatingSystem = new HashMap<>(); + Map<String, Set<String>> newBridgesByOperatingSystem = new HashMap<>(); Map<String, Set<String>> newRelaysByHostName = new HashMap<>(); Map<Boolean, Set<String>> newRelaysByRecommendedVersion = new HashMap<>(); newRelaysByRecommendedVersion.put(true, new HashSet<>()); @@ -281,6 +283,14 @@ public class NodeIndexer implements ServletContextListener, Runnable { newRelaysByVersion.get(version).add(fingerprint); newRelaysByVersion.get(version).add(hashedFingerprint); } + String operatingSystem = entry.getOperatingSystem(); + if (null != operatingSystem) { + if (!newRelaysByOperatingSystem.containsKey(operatingSystem)) { + newRelaysByOperatingSystem.put(operatingSystem, new HashSet<>()); + } + newRelaysByOperatingSystem.get(operatingSystem).add(fingerprint); + newRelaysByOperatingSystem.get(operatingSystem).add(hashedFingerprint); + } List<String> allHostNames = new ArrayList<>(); List<String> verifiedHostNames = entry.getVerifiedHostNames(); if (null != verifiedHostNames) { @@ -367,6 +377,16 @@ public class NodeIndexer implements ServletContextListener, Runnable { newBridgesByVersion.get(version).add(hashedFingerprint); newBridgesByVersion.get(version).add(hashedHashedFingerprint); } + String operatingSystem = entry.getOperatingSystem(); + if (null != operatingSystem) { + if (!newBridgesByOperatingSystem.containsKey(operatingSystem)) { + newBridgesByOperatingSystem.put(operatingSystem, new HashSet<>()); + } + newBridgesByOperatingSystem.get(operatingSystem) + .add(hashedFingerprint); + newBridgesByOperatingSystem.get(operatingSystem) + .add(hashedHashedFingerprint); + } Boolean recommendedVersion = entry.getRecommendedVersion(); if (null != recommendedVersion) { newBridgesByRecommendedVersion.get(recommendedVersion).add( @@ -394,6 +414,8 @@ public class NodeIndexer implements ServletContextListener, Runnable { newNodeIndex.setBridgesPublishedMillis(bridgesLastPublishedMillis); newNodeIndex.setRelaysByVersion(newRelaysByVersion); newNodeIndex.setBridgesByVersion(newBridgesByVersion); + newNodeIndex.setRelaysByOperatingSystem(newRelaysByOperatingSystem); + newNodeIndex.setBridgesByOperatingSystem(newBridgesByOperatingSystem); newNodeIndex.setRelaysByHostName(newRelaysByHostName); newNodeIndex.setRelaysByRecommendedVersion(newRelaysByRecommendedVersion); newNodeIndex.setBridgesByRecommendedVersion(newBridgesByRecommendedVersion); diff --git a/src/main/java/org/torproject/onionoo/server/RequestHandler.java b/src/main/java/org/torproject/onionoo/server/RequestHandler.java index 63b8fe9..b9d9b23 100644 --- a/src/main/java/org/torproject/onionoo/server/RequestHandler.java +++ b/src/main/java/org/torproject/onionoo/server/RequestHandler.java @@ -97,6 +97,12 @@ public class RequestHandler { this.version = version; } + private String operatingSystem; + + public void setOperatingSystem(String operatingSystem) { + this.operatingSystem = operatingSystem; + } + private String hostName; public void setHostName(String hostName) { @@ -177,6 +183,7 @@ public class RequestHandler { this.filterByContact(); this.filterByFamily(); this.filterByVersion(); + this.filterByOperatingSystem(); this.filterByHostName(); this.filterByRecommendedVersion(); this.order(); @@ -558,6 +565,29 @@ public class RequestHandler { this.filteredBridges.keySet().retainAll(keepBridges); } + private void filterByOperatingSystem() { + if (null == this.operatingSystem) { + /* Not filtering by operating system. */ + return; + } + Set<String> keepRelays = new HashSet<>(); + for (Map.Entry<String, Set<String>> e + : this.nodeIndex.getRelaysByOperatingSystem().entrySet()) { + if (e.getKey().startsWith(this.operatingSystem)) { + keepRelays.addAll(e.getValue()); + } + } + this.filteredRelays.keySet().retainAll(keepRelays); + Set<String> keepBridges = new HashSet<>(); + for (Map.Entry<String, Set<String>> e + : this.nodeIndex.getBridgesByOperatingSystem().entrySet()) { + if (e.getKey().startsWith(this.operatingSystem)) { + keepBridges.addAll(e.getValue()); + } + } + this.filteredBridges.keySet().retainAll(keepBridges); + } + private void filterByHostName() { if (this.hostName == null) { /* Not filtering by host name. */ diff --git a/src/main/java/org/torproject/onionoo/server/ResourceServlet.java b/src/main/java/org/torproject/onionoo/server/ResourceServlet.java index a64b89c..e119518 100644 --- a/src/main/java/org/torproject/onionoo/server/ResourceServlet.java +++ b/src/main/java/org/torproject/onionoo/server/ResourceServlet.java @@ -69,7 +69,7 @@ public class ResourceServlet extends HttpServlet { Arrays.asList("type", "running", "search", "lookup", "fingerprint", "country", "as", "flag", "first_seen_days", "last_seen_days", "contact", "order", "limit", "offset", "fields", "family", "version", - "host_name", "recommended_version")); + "os", "host_name", "recommended_version")); private static Set<String> illegalSearchQualifiers = new HashSet<>(Arrays.asList(("search,fingerprint,order,limit," @@ -293,6 +293,15 @@ public class ResourceServlet extends HttpServlet { } rh.setVersion(versionParameter); } + if (parameterMap.containsKey("os")) { + String osParameter = this.parseOperatingSystemParameter( + parameterMap.get("os")); + if (null == osParameter) { + response.sendError(HttpServletResponse.SC_BAD_REQUEST); + return; + } + rh.setOperatingSystem(osParameter); + } if (parameterMap.containsKey("host_name")) { String hostNameParameter = this.parseHostNameParameter( parameterMap.get("host_name")); @@ -607,6 +616,16 @@ public class ResourceServlet extends HttpServlet { return parameter; } + private String parseOperatingSystemParameter(String parameter) { + for (char c : parameter.toCharArray()) { + if (c < 32 || c >= 127) { + /* Only accept printable ASCII. */ + return null; + } + } + return parameter.toLowerCase(); + } + private static Pattern hostNameParameterPattern = Pattern.compile("^[0-9A-Za-z_\\.\\-]+$"); diff --git a/src/main/java/org/torproject/onionoo/updater/NodeDetailsStatusUpdater.java b/src/main/java/org/torproject/onionoo/updater/NodeDetailsStatusUpdater.java index ad2cac7..6d22aa2 100644 --- a/src/main/java/org/torproject/onionoo/updater/NodeDetailsStatusUpdater.java +++ b/src/main/java/org/torproject/onionoo/updater/NodeDetailsStatusUpdater.java @@ -807,6 +807,12 @@ public class NodeDetailsStatusUpdater implements DescriptorListener, } nodeStatus.setContact(detailsStatus.getContact()); + if (null != detailsStatus.getPlatform()) { + String[] platformParts = detailsStatus.getPlatform().split(" on "); + if (platformParts.length > 1) { + nodeStatus.setOperatingSystem(platformParts[1].toLowerCase()); + } + } /* Extract tor software version for bridges from their "platform" line. * (We already know this for relays from "v" lines in the consensus.) */ diff --git a/src/main/java/org/torproject/onionoo/writer/SummaryDocumentWriter.java b/src/main/java/org/torproject/onionoo/writer/SummaryDocumentWriter.java index ed36d56..dc6eba8 100644 --- a/src/main/java/org/torproject/onionoo/writer/SummaryDocumentWriter.java +++ b/src/main/java/org/torproject/onionoo/writer/SummaryDocumentWriter.java @@ -92,6 +92,7 @@ public class SummaryDocumentWriter implements DocumentWriter { SortedSet<String> effectiveFamily = nodeStatus.getEffectiveFamily(); String nickname = nodeStatus.getNickname(); String version = nodeStatus.getVersion(); + String operatingSystem = nodeStatus.getOperatingSystem(); String hostName = nodeStatus.getHostName(); List<String> verifiedHostNames = nodeStatus.getVerifiedHostNames(); List<String> unverifiedHostNames = nodeStatus.getUnverifiedHostNames(); @@ -100,8 +101,8 @@ public class SummaryDocumentWriter implements DocumentWriter { nickname, fingerprint, addresses, lastSeenMillis, running, relayFlags, consensusWeight, countryCode, firstSeenMillis, asNumber, contact, declaredFamily, effectiveFamily, version, - hostName, verifiedHostNames, unverifiedHostNames, - recommendedVersion); + operatingSystem, hostName, verifiedHostNames, + unverifiedHostNames, recommendedVersion); if (this.documentStore.store(summaryDocument, fingerprint)) { this.writtenDocuments++; } diff --git a/src/test/java/org/torproject/onionoo/docs/SummaryDocumentTest.java b/src/test/java/org/torproject/onionoo/docs/SummaryDocumentTest.java index 459d514..405fff6 100644 --- a/src/test/java/org/torproject/onionoo/docs/SummaryDocumentTest.java +++ b/src/test/java/org/torproject/onionoo/docs/SummaryDocumentTest.java @@ -27,7 +27,7 @@ public class SummaryDocumentTest { "0025C136C1F3A9EEFE2AE3F918F03BFA21B5070B" })), new TreeSet<>(Arrays.asList( new String[] { "001C13B3A55A71B977CA65EC85539D79C653A3FC" })), null, - null, null, null, true); + null, null, null, null, true); } @Test() diff --git a/src/test/java/org/torproject/onionoo/server/ResourceServletTest.java b/src/test/java/org/torproject/onionoo/server/ResourceServletTest.java index 4e9a5f0..145619d 100644 --- a/src/test/java/org/torproject/onionoo/server/ResourceServletTest.java +++ b/src/test/java/org/torproject/onionoo/server/ResourceServletTest.java @@ -153,7 +153,7 @@ public class ResourceServletTest { "0025C136C1F3A9EEFE2AE3F918F03BFA21B5070B" })), new TreeSet<>(Arrays.asList( new String[] { "001C13B3A55A71B977CA65EC85539D79C653A3FC" })), - "0.2.3.25", "ppp-62-216-201-221.dynamic.mnet-online.de", + "0.2.3.25", "linux", "ppp-62-216-201-221.dynamic.mnet-online.de", Arrays.asList( new String[] { "ppp-62-216-201-221.dynamic.mnet-online.de" }), null, true); @@ -170,7 +170,7 @@ public class ResourceServletTest { new TreeSet<String>(Arrays.asList(new String[] { "000C5F55BD4814B917CC474BD537F1A3B33CCE2A" })), new TreeSet<>(Arrays.asList(new String[] { - "000C5F55BD4814B917CC474BD537F1A3B33CCE2A" })), null, + "000C5F55BD4814B917CC474BD537F1A3B33CCE2A" })), null, null, "c-68-38-171-200.hsd1.in.comcast.net", Arrays.asList( new String[] {"c-68-38-171-200.hsd1.in.comcast.net"}), @@ -187,8 +187,8 @@ public class ResourceServletTest { DateTimeHelper.parse("2013-04-16 18:00:00"), "AS6830", "1024d/51e2a1c7 \"steven j. murdoch\" " + "<tor+steven.murdoch(a)cl.cam.ac.uk> <fb-token:5sr_k_zs2wm=>", - new TreeSet<String>(), new TreeSet<String>(), "0.2.3.24-rc-dev", null, - null, null, false); + new TreeSet<String>(), new TreeSet<String>(), "0.2.3.24-rc-dev", + "windows xp", null, null, null, false); this.relays.put("0025C136C1F3A9EEFE2AE3F918F03BFA21B5070B", relayTimMayTribute); this.bridges = new TreeMap<>(); @@ -199,7 +199,7 @@ public class ResourceServletTest { DateTimeHelper.parse("2013-04-21 18:07:03"), false, new TreeSet<>(Arrays.asList(new String[] { "Valid" })), -1L, null, DateTimeHelper.parse("2013-04-20 15:37:04"), null, null, - null, null, "0.2.2.39", null, null, null, true); + null, null, "0.2.2.39", null, null, null, null, true); this.bridges.put("0000831B236DFF73D409AD17B40E2A728A53994F", bridgeec2bridgercc7f31fe); org.torproject.onionoo.docs.SummaryDocument bridgeUnnamed = @@ -209,7 +209,7 @@ public class ResourceServletTest { DateTimeHelper.parse("2013-04-20 17:37:04"), false, new TreeSet<>(Arrays.asList(new String[] { "Valid" })), -1L, null, DateTimeHelper.parse("2013-04-14 07:07:05"), null, null, - null, null, null, null, null, null, null); + null, null, null, null, null, null, null, null); this.bridges.put("0002D9BDBBC230BD9C78FF502A16E0033EF87E0C", bridgeUnnamed); org.torproject.onionoo.docs.SummaryDocument bridgegummy = @@ -220,7 +220,7 @@ public class ResourceServletTest { new TreeSet<>(Arrays.asList(new String[] { "Running", "Valid" })), -1L, null, DateTimeHelper.parse("2013-01-16 21:07:04"), null, null, null, - null, "0.2.4.4-alpha-dev", null, null, null, false); + null, "0.2.4.4-alpha-dev", "windows 7", null, null, null, false); this.bridges.put("1FEDE50ED8DBA1DD9F9165F78C8131E4A44AB756", bridgegummy); } @@ -1648,6 +1648,44 @@ public class ResourceServletTest { this.assertErrorStatusCode("/summary?version=*", 400); } + @Test(timeout = 100) + public void testOperatingSystemLinux() { + this.assertSummaryDocument( + "/summary?os=linux", 1, new String[] {"TorkaZ"}, 0, null); + } + + @Test(timeout = 100) + public void testOperatingSystemLinuxMixedCaps() { + this.assertSummaryDocument( + "/summary?os=LiNUx", 1, new String[] {"TorkaZ"}, 0, null); + } + + @Test(timeout = 100) + public void testOperatingSystemLin() { + this.assertSummaryDocument( + "/summary?os=lin", 1, new String[] {"TorkaZ"}, 0, null); + } + + @Test(timeout = 100) + public void testOperatingSystemWindows() { + this.assertSummaryDocument( + "/summary?os=windows", 1, new String[] {"TimMayTribute"}, + 1, new String[] {"gummy"}); + } + + @Test(timeout = 100) + public void testOperatingSystemWindowsExperience() { + this.assertSummaryDocument( + "/summary?os=windows xp", 1, new String[] {"TimMayTribute"}, + 0, null); + } + + @Test(timeout = 100) + public void testOperatingSystemWindows7() { + this.assertSummaryDocument( + "/summary?os=windows 7", 0, null, 1, new String[] {"gummy"}); + } + @Test public void testHostNameDe() { this.assertSummaryDocument("/summary?host_name=de", 1, null, 0, null); diff --git a/src/test/java/org/torproject/onionoo/server/SummaryDocumentComparatorTest.java b/src/test/java/org/torproject/onionoo/server/SummaryDocumentComparatorTest.java index 569300d..2b67206 100644 --- a/src/test/java/org/torproject/onionoo/server/SummaryDocumentComparatorTest.java +++ b/src/test/java/org/torproject/onionoo/server/SummaryDocumentComparatorTest.java @@ -41,7 +41,7 @@ public class SummaryDocumentComparatorTest { "0025C136C1F3A9EEFE2AE3F918F03BFA21B5070B" })), new TreeSet<>(Arrays.asList( new String[] { "001C13B3A55A71B977CA65EC85539D79C653A3FC" })), null, - null, null, null, null); + null, null, null, null, null); } /** Some values for running all comparison types. */

1 0

[tor-browser-build/master] Bug 26355: update tbb-windows-installer to check for Windows7+
by boklm＠torproject.org 13 Jul '18

13 Jul '18

commit 7903f5828c835e52722101a83450bbeb29fc2007 Author: Nicolas Vigier <boklm(a)torproject.org> Date: Fri Jul 13 09:59:14 2018 +0200 Bug 26355: update tbb-windows-installer to check for Windows7+ We also update keyring/tbb-windows-installer.gpg as Moritz is using a new key for signing the tag: 7A3D AD44 08A0 009B 4DE9 C855 858E E1C3 B8A4 568D --- keyring/tbb-windows-installer.gpg | Bin 107882 -> 7231 bytes projects/tbb-windows-installer/config | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/keyring/tbb-windows-installer.gpg b/keyring/tbb-windows-installer.gpg index 6923786..343c69e 100644 Binary files a/keyring/tbb-windows-installer.gpg and b/keyring/tbb-windows-installer.gpg differ diff --git a/projects/tbb-windows-installer/config b/projects/tbb-windows-installer/config index 0de570e..57c4fda 100644 --- a/projects/tbb-windows-installer/config +++ b/projects/tbb-windows-installer/config @@ -1,5 +1,5 @@ # vim: filetype=yaml sw=2 -version: 0.3.1 +version: 0.4 git_url: https://github.com/moba/tbb-windows-installer.git git_hash: 'v[% c("version") %]' tag_gpg_id: 1

1 0

[translation/support-miscellaneous] Update translations for support-miscellaneous
by translation＠torproject.org 13 Jul '18

13 Jul '18

commit c7442a0473e77563b4b0febd5cfc84643ba2845c Author: Translation commit bot <translation(a)torproject.org> Date: Fri Jul 13 05:19:24 2018 +0000 Update translations for support-miscellaneous --- el.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/el.json b/el.json index 94d5b8fc1..916291b47 100644 --- a/el.json +++ b/el.json @@ -26,7 +26,7 @@ "misc-5": { "id": "#misc-5", "control": "misc-5", - "title": "The files on my computer have been locked, and someone is demanding I download Tor Browser to pay a ransom for my files!", + "title": "Τα αρχεία στον υπολογιστή μου έχουν κλειδωθεί, και κάποιος ζητάει να κατεβάσω τον περιηγητή Tor για να πληρώσω λύτρα για τα αρχεία μου!", "description": "We are so sorry, but you have been infected with malware. The Tor Project did not create this malware. The malware authors are asking you to download Tor Browser presumably to contact them anonymously with the ransom they're demanding from you. If this is your first introduction to Tor Browser, we understand that you might think we're bad people who enable even worse people. But please consider that our software is used every day for a wide variety of purposes by human rights activists, journalists, domestic violence survivors, whistleblowers, law enforcement officers, and many others. Unfortunately, the protection that our software can provide to these groups of people can also be abused by criminals and malware authors. The Tor Project does not support or condone the use of our software for malicious purposes." }, "misc-6": {

1 0

[tor/master] forward-port the changelog stanzas to 0.3.5 too
by arma＠torproject.org 13 Jul '18

13 Jul '18

commit d2bd358924802b2bf0f3ecf8fb73aae83382a3df Author: Roger Dingledine <arma(a)torproject.org> Date: Thu Jul 12 21:52:54 2018 -0400 forward-port the changelog stanzas to 0.3.5 too --- ChangeLog | 338 ++++++++++++++++++++++++++++++++++++++++++++++++++++------- ReleaseNotes | 254 +++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 553 insertions(+), 39 deletions(-) diff --git a/ChangeLog b/ChangeLog index 55a62d5a2..7988010c2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,16 +1,67 @@ -Changes in version 0.3.3.8 - 2018-07-09 - Tor 0.3.3.8 backports several changes from the 0.3.4.x series, including - fixes for a memory leak affecting directory authorities. +Changes in version 0.3.4.5-rc - 2018-07-13 + Tor 0.3.4.5-rc moves to a new bridge authority, meaning people running + bridge relays should upgrade. - o Major bugfixes (directory authority, backport from 0.3.4.3-alpha): - - Stop leaking memory on directory authorities when planning to - vote. This bug was crashing authorities by exhausting their - memory. Fixes bug 26435; bugfix on 0.3.3.6. + o Directory authority changes: + - The "Bifroest" bridge authority has been retired; the new bridge + authority is "Serge", and it is operated by George from the + TorBSD project. Closes ticket 26771. - o Major bugfixes (rust, testing, backport from 0.3.4.3-alpha): - - Make sure that failing tests in Rust will actually cause the build - to fail: previously, they were ignored. Fixes bug 26258; bugfix - on 0.3.3.4-alpha. + +Changes in version 0.3.3.9 - 2018-07-13 + Tor 0.3.3.9 moves to a new bridge authority, meaning people running + bridge relays should upgrade. + + o Directory authority changes: + - The "Bifroest" bridge authority has been retired; the new bridge + authority is "Serge", and it is operated by George from the + TorBSD project. Closes ticket 26771. + + +Changes in version 0.3.2.11 - 2018-07-13 + Tor 0.3.2.11 moves to a new bridge authority, meaning people running + bridge relays should upgrade. We also take this opportunity to backport + other minor fixes. + + o Directory authority changes: + - The "Bifroest" bridge authority has been retired; the new bridge + authority is "Serge", and it is operated by George from the + TorBSD project. Closes ticket 26771. + + o Directory authority changes (backport from 0.3.3.7): + - Add an IPv6 address for the "dannenberg" directory authority. + Closes ticket 26343. + + o Major bugfixes (directory authorities, backport from 0.3.4.1-alpha): + - When directory authorities read a zero-byte bandwidth file, they + would previously log a warning with the contents of an + uninitialised buffer. They now log a warning about the empty file + instead. Fixes bug 26007; bugfix on 0.2.2.1-alpha. + + o Major bugfixes (onion service, backport from 0.3.4.1-alpha): + - Correctly detect when onion services get disabled after HUP. Fixes + bug 25761; bugfix on 0.3.2.1. + + o Minor features (sandbox, backport from 0.3.3.4-alpha): + - Explicitly permit the poll() system call when the Linux + seccomp2-based sandbox is enabled: apparently, some versions of + libc use poll() when calling getpwnam(). Closes ticket 25313. + + o Minor feature (continuous integration, backport from 0.3.3.5-rc): + - Update the Travis CI configuration to use the stable Rust channel, + now that we have decided to require that. Closes ticket 25714. + + o Minor features (continuous integration, backport from 0.3.4.1-alpha): + - Our .travis.yml configuration now includes support for testing the + results of "make distcheck". (It's not uncommon for "make check" + to pass but "make distcheck" to fail.) Closes ticket 25814. + - Our Travis CI configuration now integrates with the Coveralls + coverage analysis tool. Closes ticket 25818. + + o Minor features (relay, diagnostic, backport from 0.3.4.3-alpha): + - Add several checks to detect whether Tor relays are uploading + their descriptors without specifying why they regenerated them. + Diagnostic for ticket 25686. o Minor features (compilation, backport from 0.3.4.4-rc): - When building Tor, prefer to use Python 3 over Python 2, and more @@ -21,17 +72,38 @@ Changes in version 0.3.3.8 - 2018-07-09 - Update geoip and geoip6 to the July 3 2018 Maxmind GeoLite2 Country database. Closes ticket 26674. - o Minor features (relay, diagnostic, backport from 0.3.4.3-alpha): - - Add several checks to detect whether Tor relays are uploading - their descriptors without specifying why they regenerated them. - Diagnostic for ticket 25686. + o Minor bugfixes (correctness, client, backport from 0.3.4.1-alpha): + - Upon receiving a malformed connected cell, stop processing the + cell immediately. Previously we would mark the connection for + close, but continue processing the cell as if the connection were + open. Fixes bug 26072; bugfix on 0.2.4.7-alpha. - o Minor bugfixes (circuit path selection, backport from 0.3.4.1-alpha): - - Don't count path selection failures as circuit build failures. - This change should eliminate cases where Tor blames its guard or - the network for situations like insufficient microdescriptors - and/or overly restrictive torrc settings. Fixes bug 25705; bugfix - on 0.3.3.1-alpha. + o Minor bugfixes (Linux seccomp2 sandbox, backport from 0.3.4.1-alpha): + - Allow the nanosleep() system call, which glibc uses to implement + sleep() and usleep(). Fixes bug 24969; bugfix on 0.2.5.1-alpha. + + o Minor bugfixes (testing, compatibility, backport from 0.3.4.4-rc): + - When running the hs_ntor_ref.py test, make sure only to pass + strings (rather than "bytes" objects) to the Python subprocess + module. Python 3 on Windows seems to require this. Fixes bug + 26535; bugfix on 0.3.1.1-alpha. + - When running the ntor_ref.py test, make sure only to pass strings + (rather than "bytes" objects) to the Python subprocess module. + Python 3 on Windows seems to require this. Fixes bug 26535; bugfix + on 0.2.5.5-alpha. + + o Minor bugfixes (compatibility, openssl, backport from 0.3.4.2-alpha): + - Work around a change in OpenSSL 1.1.1 where return values that + would previously indicate "no password" now indicate an empty + password. Without this workaround, Tor instances running with + OpenSSL 1.1.1 would accept descriptors that other Tor instances + would reject. Fixes bug 26116; bugfix on 0.2.5.16. + + o Minor bugfixes (documentation, backport from 0.3.3.5-rc): + - Document that the PerConnBW{Rate,Burst} options will fall back to + their corresponding consensus parameters only if those parameters + are set. Previously we had claimed that these values would always + be set in the consensus. Fixes bug 25296; bugfix on 0.2.2.7-alpha. o Minor bugfixes (compilation, backport from 0.3.4.4-rc): - Fix a compilation warning on some versions of GCC when building @@ -39,14 +111,27 @@ Changes in version 0.3.3.8 - 2018-07-09 that the second call will succeed if the first one did. Fixes bug 26269; bugfix on 0.2.8.2-alpha. - o Minor bugfixes (control port, backport from 0.3.4.4-rc): - - Handle the HSADDRESS= argument to the HSPOST command properly. - (Previously, this argument was misparsed and thus ignored.) Fixes - bug 26523; bugfix on 0.3.3.1-alpha. Patch by "akwizgran". + o Minor bugfixes (client, backport from 0.3.4.1-alpha): + - Don't consider Tor running as a client if the ControlPort is open, + but no actual client ports are open. Fixes bug 26062; bugfix + on 0.2.9.4-alpha. - o Minor bugfixes (memory, correctness, backport from 0.3.4.4-rc): - - Fix a number of small memory leaks identified by coverity. Fixes - bug 26467; bugfix on numerous Tor versions. + o Minor bugfixes (hardening, backport from 0.3.4.2-alpha): + - Prevent a possible out-of-bounds smartlist read in + protover_compute_vote(). Fixes bug 26196; bugfix on 0.2.9.4-alpha. + + o Minor bugfixes (C correctness, backport from 0.3.3.4-alpha): + - Fix a very unlikely (impossible, we believe) null pointer + dereference. Fixes bug 25629; bugfix on 0.2.9.15. Found by + Coverity; this is CID 1430932. + + o Minor bugfixes (onion service, backport from 0.3.4.1-alpha): + - Fix a memory leak when a v3 onion service is configured and gets a + SIGHUP signal. Fixes bug 25901; bugfix on 0.3.2.1-alpha. + - When parsing the descriptor signature, look for the token plus an + extra white-space at the end. This is more correct but also will + allow us to support new fields that might start with "signature". + Fixes bug 26069; bugfix on 0.3.0.1-alpha. o Minor bugfixes (relay, backport from 0.3.4.3-alpha): - Relays now correctly block attempts to re-extend to the previous @@ -54,21 +139,126 @@ Changes in version 0.3.3.8 - 2018-07-09 case, but not actually reject the attempt. Fixes bug 26158; bugfix on 0.3.0.1-alpha. - o Minor bugfixes (restart-in-process, backport from 0.3.4.1-alpha): - - When shutting down, Tor now clears all the flags in the control.c - module. This should prevent a bug where authentication cookies are - not generated on restart. Fixes bug 25512; bugfix on 0.3.3.1-alpha. + o Minor bugfixes (relay, crash, backport from 0.3.4.1-alpha): + - Avoid a crash when running with DirPort set but ORPort turned off. + Fixes a case of bug 23693; bugfix on 0.3.1.1-alpha. + + o Minor bugfixes (compilation, backport from 0.3.4.2-alpha): + - Silence unused-const-variable warnings in zstd.h with some GCC + versions. Fixes bug 26272; bugfix on 0.3.1.1-alpha. + + o Minor bugfixes (testing, backport from 0.3.3.4-alpha): + - Avoid intermittent test failures due to a test that had relied on + onion service introduction point creation finishing within 5 + seconds of real clock time. Fixes bug 25450; bugfix + on 0.3.1.3-alpha. + + o Minor bugfixes (compilation, backport from 0.3.3.4-alpha): + - Fix a C99 compliance issue in our configuration script that caused + compilation issues when compiling Tor with certain versions of + xtools. Fixes bug 25474; bugfix on 0.3.2.5-alpha. + + o Minor bugfixes (memory, correctness, backport from 0.3.4.4-rc): + - Fix a number of small memory leaks identified by coverity. Fixes + bug 26467; bugfix on numerous Tor versions. + + o Code simplification and refactoring (backport from 0.3.3.5-rc): + - Move the list of default directory authorities to its own file. + Closes ticket 24854. Patch by "beastr0". + + +Changes in version 0.2.9.16 - 2018-07-13 + Tor 0.2.9.16 moves to a new bridge authority, meaning people running + bridge relays should upgrade. We also take this opportunity to backport + other minor fixes. + + o Directory authority changes: + - The "Bifroest" bridge authority has been retired; the new bridge + authority is "Serge", and it is operated by George from the + TorBSD project. Closes ticket 26771. + + o Directory authority changes (backport from 0.3.3.7): + - Add an IPv6 address for the "dannenberg" directory authority. + Closes ticket 26343. + + o Major bugfixes (directory authorities, backport from 0.3.4.1-alpha): + - When directory authorities read a zero-byte bandwidth file, they + would previously log a warning with the contents of an + uninitialised buffer. They now log a warning about the empty file + instead. Fixes bug 26007; bugfix on 0.2.2.1-alpha. + + o Minor features (sandbox, backport from 0.3.3.4-alpha): + - Explicitly permit the poll() system call when the Linux + seccomp2-based sandbox is enabled: apparently, some versions of + libc use poll() when calling getpwnam(). Closes ticket 25313. + + o Minor features (continuous integration, backport from 0.3.4.1-alpha): + - Our .travis.yml configuration now includes support for testing the + results of "make distcheck". (It's not uncommon for "make check" + to pass but "make distcheck" to fail.) Closes ticket 25814. + - Our Travis CI configuration now integrates with the Coveralls + coverage analysis tool. Closes ticket 25818. + + o Minor features (compilation, backport from 0.3.4.4-rc): + - When building Tor, prefer to use Python 3 over Python 2, and more + recent (contemplated) versions over older ones. Closes + ticket 26372. + + o Minor features (geoip): + - Update geoip and geoip6 to the July 3 2018 Maxmind GeoLite2 + Country database. Closes ticket 26674. + + o Minor bugfixes (correctness, client, backport from 0.3.4.1-alpha): + - Upon receiving a malformed connected cell, stop processing the + cell immediately. Previously we would mark the connection for + close, but continue processing the cell as if the connection were + open. Fixes bug 26072; bugfix on 0.2.4.7-alpha. + + o Minor bugfixes (Linux seccomp2 sandbox, backport from 0.3.4.1-alpha): + - Allow the nanosleep() system call, which glibc uses to implement + sleep() and usleep(). Fixes bug 24969; bugfix on 0.2.5.1-alpha. o Minor bugfixes (testing, compatibility, backport from 0.3.4.4-rc): - - When running the hs_ntor_ref.py test, make sure only to pass - strings (rather than "bytes" objects) to the Python subprocess - module. Python 3 on Windows seems to require this. Fixes bug - 26535; bugfix on 0.3.1.1-alpha. - When running the ntor_ref.py test, make sure only to pass strings (rather than "bytes" objects) to the Python subprocess module. Python 3 on Windows seems to require this. Fixes bug 26535; bugfix on 0.2.5.5-alpha. + o Minor bugfixes (compatibility, openssl, backport from 0.3.4.2-alpha): + - Work around a change in OpenSSL 1.1.1 where return values that + would previously indicate "no password" now indicate an empty + password. Without this workaround, Tor instances running with + OpenSSL 1.1.1 would accept descriptors that other Tor instances + would reject. Fixes bug 26116; bugfix on 0.2.5.16. + + o Minor bugfixes (compilation, backport from 0.3.4.4-rc): + - Fix a compilation warning on some versions of GCC when building + code that calls routerinfo_get_my_routerinfo() twice, assuming + that the second call will succeed if the first one did. Fixes bug + 26269; bugfix on 0.2.8.2-alpha. + + o Minor bugfixes (client, backport from 0.3.4.1-alpha): + - Don't consider Tor running as a client if the ControlPort is open, + but no actual client ports are open. Fixes bug 26062; bugfix + on 0.2.9.4-alpha. + + o Minor bugfixes (hardening, backport from 0.3.4.2-alpha): + - Prevent a possible out-of-bounds smartlist read in + protover_compute_vote(). Fixes bug 26196; bugfix on 0.2.9.4-alpha. + + o Minor bugfixes (C correctness, backport from 0.3.3.4-alpha): + - Fix a very unlikely (impossible, we believe) null pointer + dereference. Fixes bug 25629; bugfix on 0.2.9.15. Found by + Coverity; this is CID 1430932. + + o Minor bugfixes (memory, correctness, backport from 0.3.4.4-rc): + - Fix a number of small memory leaks identified by coverity. Fixes + bug 26467; bugfix on numerous Tor versions. + + o Code simplification and refactoring (backport from 0.3.3.5-rc): + - Move the list of default directory authorities to its own file. + Closes ticket 24854. Patch by "beastr0". + Changes in version 0.3.4.4-rc - 2018-07-09 Tor 0.3.4.4-rc fixes several small compilation, portability, and @@ -121,6 +311,78 @@ Changes in version 0.3.4.4-rc - 2018-07-09 on 0.2.5.5-alpha. +Changes in version 0.3.3.8 - 2018-07-09 + Tor 0.3.3.8 backports several changes from the 0.3.4.x series, including + fixes for a memory leak affecting directory authorities. + + o Major bugfixes (directory authority, backport from 0.3.4.3-alpha): + - Stop leaking memory on directory authorities when planning to + vote. This bug was crashing authorities by exhausting their + memory. Fixes bug 26435; bugfix on 0.3.3.6. + + o Major bugfixes (rust, testing, backport from 0.3.4.3-alpha): + - Make sure that failing tests in Rust will actually cause the build + to fail: previously, they were ignored. Fixes bug 26258; bugfix + on 0.3.3.4-alpha. + + o Minor features (compilation, backport from 0.3.4.4-rc): + - When building Tor, prefer to use Python 3 over Python 2, and more + recent (contemplated) versions over older ones. Closes + ticket 26372. + + o Minor features (geoip): + - Update geoip and geoip6 to the July 3 2018 Maxmind GeoLite2 + Country database. Closes ticket 26674. + + o Minor features (relay, diagnostic, backport from 0.3.4.3-alpha): + - Add several checks to detect whether Tor relays are uploading + their descriptors without specifying why they regenerated them. + Diagnostic for ticket 25686. + + o Minor bugfixes (circuit path selection, backport from 0.3.4.1-alpha): + - Don't count path selection failures as circuit build failures. + This change should eliminate cases where Tor blames its guard or + the network for situations like insufficient microdescriptors + and/or overly restrictive torrc settings. Fixes bug 25705; bugfix + on 0.3.3.1-alpha. + + o Minor bugfixes (compilation, backport from 0.3.4.4-rc): + - Fix a compilation warning on some versions of GCC when building + code that calls routerinfo_get_my_routerinfo() twice, assuming + that the second call will succeed if the first one did. Fixes bug + 26269; bugfix on 0.2.8.2-alpha. + + o Minor bugfixes (control port, backport from 0.3.4.4-rc): + - Handle the HSADDRESS= argument to the HSPOST command properly. + (Previously, this argument was misparsed and thus ignored.) Fixes + bug 26523; bugfix on 0.3.3.1-alpha. Patch by "akwizgran". + + o Minor bugfixes (memory, correctness, backport from 0.3.4.4-rc): + - Fix a number of small memory leaks identified by coverity. Fixes + bug 26467; bugfix on numerous Tor versions. + + o Minor bugfixes (relay, backport from 0.3.4.3-alpha): + - Relays now correctly block attempts to re-extend to the previous + relay by Ed25519 identity. Previously they would warn in this + case, but not actually reject the attempt. Fixes bug 26158; bugfix + on 0.3.0.1-alpha. + + o Minor bugfixes (restart-in-process, backport from 0.3.4.1-alpha): + - When shutting down, Tor now clears all the flags in the control.c + module. This should prevent a bug where authentication cookies are + not generated on restart. Fixes bug 25512; bugfix on 0.3.3.1-alpha. + + o Minor bugfixes (testing, compatibility, backport from 0.3.4.4-rc): + - When running the hs_ntor_ref.py test, make sure only to pass + strings (rather than "bytes" objects) to the Python subprocess + module. Python 3 on Windows seems to require this. Fixes bug + 26535; bugfix on 0.3.1.1-alpha. + - When running the ntor_ref.py test, make sure only to pass strings + (rather than "bytes" objects) to the Python subprocess module. + Python 3 on Windows seems to require this. Fixes bug 26535; bugfix + on 0.2.5.5-alpha. + + Changes in version 0.3.4.3-alpha - 2018-06-26 Tor 0.3.4.3-alpha fixes several bugs in earlier versions, including one that was causing stability issues on directory authorities. @@ -388,7 +650,7 @@ Changes in version 0.3.3.6 - 2018-05-22 Fixes bug 26069; bugfix on 0.3.0.1-alpha. o Minor bugfixes (relay, crash, backport from 0.3.4.1-alpha): - - Avoid a crash when running with DirPort set but ORPort tuned off. + - Avoid a crash when running with DirPort set but ORPort turned off. Fixes a case of bug 23693; bugfix on 0.3.1.1-alpha. o Documentation (backport from 0.3.4.1-alpha): @@ -691,7 +953,7 @@ Changes in version 0.3.4.1-alpha - 2018-05-17 here.) Fixes bug 24910; bugfix on 0.2.4.17-rc. o Minor bugfixes (relay, crash): - - Avoid a crash when running with DirPort set but ORPort tuned off. + - Avoid a crash when running with DirPort set but ORPort turned off. Fixes a case of bug 23693; bugfix on 0.3.1.1-alpha. o Minor bugfixes (restart-in-process): diff --git a/ReleaseNotes b/ReleaseNotes index 600b3c5e0..d9272a880 100644 --- a/ReleaseNotes +++ b/ReleaseNotes @@ -2,6 +2,258 @@ This document summarizes new features and bugfixes in each stable release of Tor. If you want to see more detailed descriptions of the changes in each development snapshot, see the ChangeLog file. +Changes in version 0.3.3.9 - 2018-07-13 + Tor 0.3.3.9 moves to a new bridge authority, meaning people running + bridge relays should upgrade. + + o Directory authority changes: + - The "Bifroest" bridge authority has been retired; the new bridge + authority is "Serge", and it is operated by George from the + TorBSD project. Closes ticket 26771. + + +Changes in version 0.3.2.11 - 2018-07-13 + Tor 0.3.2.11 moves to a new bridge authority, meaning people running + bridge relays should upgrade. We also take this opportunity to backport + other minor fixes. + + o Directory authority changes: + - The "Bifroest" bridge authority has been retired; the new bridge + authority is "Serge", and it is operated by George from the + TorBSD project. Closes ticket 26771. + + o Directory authority changes (backport from 0.3.3.7): + - Add an IPv6 address for the "dannenberg" directory authority. + Closes ticket 26343. + + o Major bugfixes (directory authorities, backport from 0.3.4.1-alpha): + - When directory authorities read a zero-byte bandwidth file, they + would previously log a warning with the contents of an + uninitialised buffer. They now log a warning about the empty file + instead. Fixes bug 26007; bugfix on 0.2.2.1-alpha. + + o Major bugfixes (onion service, backport from 0.3.4.1-alpha): + - Correctly detect when onion services get disabled after HUP. Fixes + bug 25761; bugfix on 0.3.2.1. + + o Minor features (sandbox, backport from 0.3.3.4-alpha): + - Explicitly permit the poll() system call when the Linux + seccomp2-based sandbox is enabled: apparently, some versions of + libc use poll() when calling getpwnam(). Closes ticket 25313. + + o Minor feature (continuous integration, backport from 0.3.3.5-rc): + - Update the Travis CI configuration to use the stable Rust channel, + now that we have decided to require that. Closes ticket 25714. + + o Minor features (continuous integration, backport from 0.3.4.1-alpha): + - Our .travis.yml configuration now includes support for testing the + results of "make distcheck". (It's not uncommon for "make check" + to pass but "make distcheck" to fail.) Closes ticket 25814. + - Our Travis CI configuration now integrates with the Coveralls + coverage analysis tool. Closes ticket 25818. + + o Minor features (relay, diagnostic, backport from 0.3.4.3-alpha): + - Add several checks to detect whether Tor relays are uploading + their descriptors without specifying why they regenerated them. + Diagnostic for ticket 25686. + + o Minor features (compilation, backport from 0.3.4.4-rc): + - When building Tor, prefer to use Python 3 over Python 2, and more + recent (contemplated) versions over older ones. Closes + ticket 26372. + + o Minor features (geoip): + - Update geoip and geoip6 to the July 3 2018 Maxmind GeoLite2 + Country database. Closes ticket 26674. + + o Minor bugfixes (correctness, client, backport from 0.3.4.1-alpha): + - Upon receiving a malformed connected cell, stop processing the + cell immediately. Previously we would mark the connection for + close, but continue processing the cell as if the connection were + open. Fixes bug 26072; bugfix on 0.2.4.7-alpha. + + o Minor bugfixes (Linux seccomp2 sandbox, backport from 0.3.4.1-alpha): + - Allow the nanosleep() system call, which glibc uses to implement + sleep() and usleep(). Fixes bug 24969; bugfix on 0.2.5.1-alpha. + + o Minor bugfixes (testing, compatibility, backport from 0.3.4.4-rc): + - When running the hs_ntor_ref.py test, make sure only to pass + strings (rather than "bytes" objects) to the Python subprocess + module. Python 3 on Windows seems to require this. Fixes bug + 26535; bugfix on 0.3.1.1-alpha. + - When running the ntor_ref.py test, make sure only to pass strings + (rather than "bytes" objects) to the Python subprocess module. + Python 3 on Windows seems to require this. Fixes bug 26535; bugfix + on 0.2.5.5-alpha. + + o Minor bugfixes (compatibility, openssl, backport from 0.3.4.2-alpha): + - Work around a change in OpenSSL 1.1.1 where return values that + would previously indicate "no password" now indicate an empty + password. Without this workaround, Tor instances running with + OpenSSL 1.1.1 would accept descriptors that other Tor instances + would reject. Fixes bug 26116; bugfix on 0.2.5.16. + + o Minor bugfixes (documentation, backport from 0.3.3.5-rc): + - Document that the PerConnBW{Rate,Burst} options will fall back to + their corresponding consensus parameters only if those parameters + are set. Previously we had claimed that these values would always + be set in the consensus. Fixes bug 25296; bugfix on 0.2.2.7-alpha. + + o Minor bugfixes (compilation, backport from 0.3.4.4-rc): + - Fix a compilation warning on some versions of GCC when building + code that calls routerinfo_get_my_routerinfo() twice, assuming + that the second call will succeed if the first one did. Fixes bug + 26269; bugfix on 0.2.8.2-alpha. + + o Minor bugfixes (client, backport from 0.3.4.1-alpha): + - Don't consider Tor running as a client if the ControlPort is open, + but no actual client ports are open. Fixes bug 26062; bugfix + on 0.2.9.4-alpha. + + o Minor bugfixes (hardening, backport from 0.3.4.2-alpha): + - Prevent a possible out-of-bounds smartlist read in + protover_compute_vote(). Fixes bug 26196; bugfix on 0.2.9.4-alpha. + + o Minor bugfixes (C correctness, backport from 0.3.3.4-alpha): + - Fix a very unlikely (impossible, we believe) null pointer + dereference. Fixes bug 25629; bugfix on 0.2.9.15. Found by + Coverity; this is CID 1430932. + + o Minor bugfixes (onion service, backport from 0.3.4.1-alpha): + - Fix a memory leak when a v3 onion service is configured and gets a + SIGHUP signal. Fixes bug 25901; bugfix on 0.3.2.1-alpha. + - When parsing the descriptor signature, look for the token plus an + extra white-space at the end. This is more correct but also will + allow us to support new fields that might start with "signature". + Fixes bug 26069; bugfix on 0.3.0.1-alpha. + + o Minor bugfixes (relay, backport from 0.3.4.3-alpha): + - Relays now correctly block attempts to re-extend to the previous + relay by Ed25519 identity. Previously they would warn in this + case, but not actually reject the attempt. Fixes bug 26158; bugfix + on 0.3.0.1-alpha. + + o Minor bugfixes (relay, crash, backport from 0.3.4.1-alpha): + - Avoid a crash when running with DirPort set but ORPort turned off. + Fixes a case of bug 23693; bugfix on 0.3.1.1-alpha. + + o Minor bugfixes (compilation, backport from 0.3.4.2-alpha): + - Silence unused-const-variable warnings in zstd.h with some GCC + versions. Fixes bug 26272; bugfix on 0.3.1.1-alpha. + + o Minor bugfixes (testing, backport from 0.3.3.4-alpha): + - Avoid intermittent test failures due to a test that had relied on + onion service introduction point creation finishing within 5 + seconds of real clock time. Fixes bug 25450; bugfix + on 0.3.1.3-alpha. + + o Minor bugfixes (compilation, backport from 0.3.3.4-alpha): + - Fix a C99 compliance issue in our configuration script that caused + compilation issues when compiling Tor with certain versions of + xtools. Fixes bug 25474; bugfix on 0.3.2.5-alpha. + + o Minor bugfixes (memory, correctness, backport from 0.3.4.4-rc): + - Fix a number of small memory leaks identified by coverity. Fixes + bug 26467; bugfix on numerous Tor versions. + + o Code simplification and refactoring (backport from 0.3.3.5-rc): + - Move the list of default directory authorities to its own file. + Closes ticket 24854. Patch by "beastr0". + + +Changes in version 0.2.9.16 - 2018-07-13 + Tor 0.2.9.16 moves to a new bridge authority, meaning people running + bridge relays should upgrade. We also take this opportunity to backport + other minor fixes. + + o Directory authority changes: + - The "Bifroest" bridge authority has been retired; the new bridge + authority is "Serge", and it is operated by George from the + TorBSD project. Closes ticket 26771. + + o Directory authority changes (backport from 0.3.3.7): + - Add an IPv6 address for the "dannenberg" directory authority. + Closes ticket 26343. + + o Major bugfixes (directory authorities, backport from 0.3.4.1-alpha): + - When directory authorities read a zero-byte bandwidth file, they + would previously log a warning with the contents of an + uninitialised buffer. They now log a warning about the empty file + instead. Fixes bug 26007; bugfix on 0.2.2.1-alpha. + + o Minor features (sandbox, backport from 0.3.3.4-alpha): + - Explicitly permit the poll() system call when the Linux + seccomp2-based sandbox is enabled: apparently, some versions of + libc use poll() when calling getpwnam(). Closes ticket 25313. + + o Minor features (continuous integration, backport from 0.3.4.1-alpha): + - Our .travis.yml configuration now includes support for testing the + results of "make distcheck". (It's not uncommon for "make check" + to pass but "make distcheck" to fail.) Closes ticket 25814. + - Our Travis CI configuration now integrates with the Coveralls + coverage analysis tool. Closes ticket 25818. + + o Minor features (compilation, backport from 0.3.4.4-rc): + - When building Tor, prefer to use Python 3 over Python 2, and more + recent (contemplated) versions over older ones. Closes + ticket 26372. + + o Minor features (geoip): + - Update geoip and geoip6 to the July 3 2018 Maxmind GeoLite2 + Country database. Closes ticket 26674. + + o Minor bugfixes (correctness, client, backport from 0.3.4.1-alpha): + - Upon receiving a malformed connected cell, stop processing the + cell immediately. Previously we would mark the connection for + close, but continue processing the cell as if the connection were + open. Fixes bug 26072; bugfix on 0.2.4.7-alpha. + + o Minor bugfixes (Linux seccomp2 sandbox, backport from 0.3.4.1-alpha): + - Allow the nanosleep() system call, which glibc uses to implement + sleep() and usleep(). Fixes bug 24969; bugfix on 0.2.5.1-alpha. + + o Minor bugfixes (testing, compatibility, backport from 0.3.4.4-rc): + - When running the ntor_ref.py test, make sure only to pass strings + (rather than "bytes" objects) to the Python subprocess module. + Python 3 on Windows seems to require this. Fixes bug 26535; bugfix + on 0.2.5.5-alpha. + + o Minor bugfixes (compatibility, openssl, backport from 0.3.4.2-alpha): + - Work around a change in OpenSSL 1.1.1 where return values that + would previously indicate "no password" now indicate an empty + password. Without this workaround, Tor instances running with + OpenSSL 1.1.1 would accept descriptors that other Tor instances + would reject. Fixes bug 26116; bugfix on 0.2.5.16. + + o Minor bugfixes (compilation, backport from 0.3.4.4-rc): + - Fix a compilation warning on some versions of GCC when building + code that calls routerinfo_get_my_routerinfo() twice, assuming + that the second call will succeed if the first one did. Fixes bug + 26269; bugfix on 0.2.8.2-alpha. + + o Minor bugfixes (client, backport from 0.3.4.1-alpha): + - Don't consider Tor running as a client if the ControlPort is open, + but no actual client ports are open. Fixes bug 26062; bugfix + on 0.2.9.4-alpha. + + o Minor bugfixes (hardening, backport from 0.3.4.2-alpha): + - Prevent a possible out-of-bounds smartlist read in + protover_compute_vote(). Fixes bug 26196; bugfix on 0.2.9.4-alpha. + + o Minor bugfixes (C correctness, backport from 0.3.3.4-alpha): + - Fix a very unlikely (impossible, we believe) null pointer + dereference. Fixes bug 25629; bugfix on 0.2.9.15. Found by + Coverity; this is CID 1430932. + + o Minor bugfixes (memory, correctness, backport from 0.3.4.4-rc): + - Fix a number of small memory leaks identified by coverity. Fixes + bug 26467; bugfix on numerous Tor versions. + + o Code simplification and refactoring (backport from 0.3.3.5-rc): + - Move the list of default directory authorities to its own file. + Closes ticket 24854. Patch by "beastr0". + + Changes in version 0.3.3.8 - 2018-07-09 Tor 0.3.3.8 backports several changes from the 0.3.4.x series, including fixes for a memory leak affecting directory authorities. @@ -634,7 +886,7 @@ Changes in version 0.3.3.6 - 2018-05-22 hop. Fixes bug 23100; bugfix on 0.2.2.2-alpha. o Minor bugfixes (relay, crash, backport from 0.3.4.1-alpha): - - Avoid a crash when running with DirPort set but ORPort tuned off. + - Avoid a crash when running with DirPort set but ORPort turned off. Fixes a case of bug 23693; bugfix on 0.3.1.1-alpha. o Minor bugfixes (Rust FFI):

1 0

[tor/release-0.3.4] go back and rescue the 0.3.3.8 changelog
by arma＠torproject.org 13 Jul '18

13 Jul '18

commit 673f3d640ef7fb05adf8533248d1b6bbbf086436 Author: Roger Dingledine <arma(a)torproject.org> Date: Thu Jul 12 21:48:51 2018 -0400 go back and rescue the 0.3.3.8 changelog --- ChangeLog | 72 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ReleaseNotes | 72 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 144 insertions(+) diff --git a/ChangeLog b/ChangeLog index 6f4a90994..7988010c2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -311,6 +311,78 @@ Changes in version 0.3.4.4-rc - 2018-07-09 on 0.2.5.5-alpha. +Changes in version 0.3.3.8 - 2018-07-09 + Tor 0.3.3.8 backports several changes from the 0.3.4.x series, including + fixes for a memory leak affecting directory authorities. + + o Major bugfixes (directory authority, backport from 0.3.4.3-alpha): + - Stop leaking memory on directory authorities when planning to + vote. This bug was crashing authorities by exhausting their + memory. Fixes bug 26435; bugfix on 0.3.3.6. + + o Major bugfixes (rust, testing, backport from 0.3.4.3-alpha): + - Make sure that failing tests in Rust will actually cause the build + to fail: previously, they were ignored. Fixes bug 26258; bugfix + on 0.3.3.4-alpha. + + o Minor features (compilation, backport from 0.3.4.4-rc): + - When building Tor, prefer to use Python 3 over Python 2, and more + recent (contemplated) versions over older ones. Closes + ticket 26372. + + o Minor features (geoip): + - Update geoip and geoip6 to the July 3 2018 Maxmind GeoLite2 + Country database. Closes ticket 26674. + + o Minor features (relay, diagnostic, backport from 0.3.4.3-alpha): + - Add several checks to detect whether Tor relays are uploading + their descriptors without specifying why they regenerated them. + Diagnostic for ticket 25686. + + o Minor bugfixes (circuit path selection, backport from 0.3.4.1-alpha): + - Don't count path selection failures as circuit build failures. + This change should eliminate cases where Tor blames its guard or + the network for situations like insufficient microdescriptors + and/or overly restrictive torrc settings. Fixes bug 25705; bugfix + on 0.3.3.1-alpha. + + o Minor bugfixes (compilation, backport from 0.3.4.4-rc): + - Fix a compilation warning on some versions of GCC when building + code that calls routerinfo_get_my_routerinfo() twice, assuming + that the second call will succeed if the first one did. Fixes bug + 26269; bugfix on 0.2.8.2-alpha. + + o Minor bugfixes (control port, backport from 0.3.4.4-rc): + - Handle the HSADDRESS= argument to the HSPOST command properly. + (Previously, this argument was misparsed and thus ignored.) Fixes + bug 26523; bugfix on 0.3.3.1-alpha. Patch by "akwizgran". + + o Minor bugfixes (memory, correctness, backport from 0.3.4.4-rc): + - Fix a number of small memory leaks identified by coverity. Fixes + bug 26467; bugfix on numerous Tor versions. + + o Minor bugfixes (relay, backport from 0.3.4.3-alpha): + - Relays now correctly block attempts to re-extend to the previous + relay by Ed25519 identity. Previously they would warn in this + case, but not actually reject the attempt. Fixes bug 26158; bugfix + on 0.3.0.1-alpha. + + o Minor bugfixes (restart-in-process, backport from 0.3.4.1-alpha): + - When shutting down, Tor now clears all the flags in the control.c + module. This should prevent a bug where authentication cookies are + not generated on restart. Fixes bug 25512; bugfix on 0.3.3.1-alpha. + + o Minor bugfixes (testing, compatibility, backport from 0.3.4.4-rc): + - When running the hs_ntor_ref.py test, make sure only to pass + strings (rather than "bytes" objects) to the Python subprocess + module. Python 3 on Windows seems to require this. Fixes bug + 26535; bugfix on 0.3.1.1-alpha. + - When running the ntor_ref.py test, make sure only to pass strings + (rather than "bytes" objects) to the Python subprocess module. + Python 3 on Windows seems to require this. Fixes bug 26535; bugfix + on 0.2.5.5-alpha. + + Changes in version 0.3.4.3-alpha - 2018-06-26 Tor 0.3.4.3-alpha fixes several bugs in earlier versions, including one that was causing stability issues on directory authorities. diff --git a/ReleaseNotes b/ReleaseNotes index 46a19fecc..11bcba8a6 100644 --- a/ReleaseNotes +++ b/ReleaseNotes @@ -254,6 +254,78 @@ Changes in version 0.2.9.16 - 2018-07-13 Closes ticket 24854. Patch by "beastr0". +Changes in version 0.3.3.8 - 2018-07-09 + Tor 0.3.3.8 backports several changes from the 0.3.4.x series, including + fixes for a memory leak affecting directory authorities. + + o Major bugfixes (directory authority, backport from 0.3.4.3-alpha): + - Stop leaking memory on directory authorities when planning to + vote. This bug was crashing authorities by exhausting their + memory. Fixes bug 26435; bugfix on 0.3.3.6. + + o Major bugfixes (rust, testing, backport from 0.3.4.3-alpha): + - Make sure that failing tests in Rust will actually cause the build + to fail: previously, they were ignored. Fixes bug 26258; bugfix + on 0.3.3.4-alpha. + + o Minor features (compilation, backport from 0.3.4.4-rc): + - When building Tor, prefer to use Python 3 over Python 2, and more + recent (contemplated) versions over older ones. Closes + ticket 26372. + + o Minor features (geoip): + - Update geoip and geoip6 to the July 3 2018 Maxmind GeoLite2 + Country database. Closes ticket 26674. + + o Minor features (relay, diagnostic, backport from 0.3.4.3-alpha): + - Add several checks to detect whether Tor relays are uploading + their descriptors without specifying why they regenerated them. + Diagnostic for ticket 25686. + + o Minor bugfixes (circuit path selection, backport from 0.3.4.1-alpha): + - Don't count path selection failures as circuit build failures. + This change should eliminate cases where Tor blames its guard or + the network for situations like insufficient microdescriptors + and/or overly restrictive torrc settings. Fixes bug 25705; bugfix + on 0.3.3.1-alpha. + + o Minor bugfixes (compilation, backport from 0.3.4.4-rc): + - Fix a compilation warning on some versions of GCC when building + code that calls routerinfo_get_my_routerinfo() twice, assuming + that the second call will succeed if the first one did. Fixes bug + 26269; bugfix on 0.2.8.2-alpha. + + o Minor bugfixes (control port, backport from 0.3.4.4-rc): + - Handle the HSADDRESS= argument to the HSPOST command properly. + (Previously, this argument was misparsed and thus ignored.) Fixes + bug 26523; bugfix on 0.3.3.1-alpha. Patch by "akwizgran". + + o Minor bugfixes (memory, correctness, backport from 0.3.4.4-rc): + - Fix a number of small memory leaks identified by coverity. Fixes + bug 26467; bugfix on numerous Tor versions. + + o Minor bugfixes (relay, backport from 0.3.4.3-alpha): + - Relays now correctly block attempts to re-extend to the previous + relay by Ed25519 identity. Previously they would warn in this + case, but not actually reject the attempt. Fixes bug 26158; bugfix + on 0.3.0.1-alpha. + + o Minor bugfixes (restart-in-process, backport from 0.3.4.1-alpha): + - When shutting down, Tor now clears all the flags in the control.c + module. This should prevent a bug where authentication cookies are + not generated on restart. Fixes bug 25512; bugfix on 0.3.3.1-alpha. + + o Minor bugfixes (testing, compatibility, backport from 0.3.4.4-rc): + - When running the hs_ntor_ref.py test, make sure only to pass + strings (rather than "bytes" objects) to the Python subprocess + module. Python 3 on Windows seems to require this. Fixes bug + 26535; bugfix on 0.3.1.1-alpha. + - When running the ntor_ref.py test, make sure only to pass strings + (rather than "bytes" objects) to the Python subprocess module. + Python 3 on Windows seems to require this. Fixes bug 26535; bugfix + on 0.2.5.5-alpha. + + Changes in version 0.3.3.7 - 2018-06-12 Tor 0.3.3.7 backports several changes from the 0.3.4.x series, including fixes for bugs affecting compatibility and stability.

1 0

[tor/release-0.3.4] forward-port new change stanzas to 0.3.4
by arma＠torproject.org 13 Jul '18

13 Jul '18

commit f0a5ff954346699178498f9398d4b582a8af517f Author: Roger Dingledine <arma(a)torproject.org> Date: Thu Jul 12 21:35:59 2018 -0400 forward-port new change stanzas to 0.3.4 --- ChangeLog | 252 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ReleaseNotes | 252 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 504 insertions(+) diff --git a/ChangeLog b/ChangeLog index 696031e19..6f4a90994 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,258 @@ Changes in version 0.3.4.5-rc - 2018-07-13 TorBSD project. Closes ticket 26771. +Changes in version 0.3.3.9 - 2018-07-13 + Tor 0.3.3.9 moves to a new bridge authority, meaning people running + bridge relays should upgrade. + + o Directory authority changes: + - The "Bifroest" bridge authority has been retired; the new bridge + authority is "Serge", and it is operated by George from the + TorBSD project. Closes ticket 26771. + + +Changes in version 0.3.2.11 - 2018-07-13 + Tor 0.3.2.11 moves to a new bridge authority, meaning people running + bridge relays should upgrade. We also take this opportunity to backport + other minor fixes. + + o Directory authority changes: + - The "Bifroest" bridge authority has been retired; the new bridge + authority is "Serge", and it is operated by George from the + TorBSD project. Closes ticket 26771. + + o Directory authority changes (backport from 0.3.3.7): + - Add an IPv6 address for the "dannenberg" directory authority. + Closes ticket 26343. + + o Major bugfixes (directory authorities, backport from 0.3.4.1-alpha): + - When directory authorities read a zero-byte bandwidth file, they + would previously log a warning with the contents of an + uninitialised buffer. They now log a warning about the empty file + instead. Fixes bug 26007; bugfix on 0.2.2.1-alpha. + + o Major bugfixes (onion service, backport from 0.3.4.1-alpha): + - Correctly detect when onion services get disabled after HUP. Fixes + bug 25761; bugfix on 0.3.2.1. + + o Minor features (sandbox, backport from 0.3.3.4-alpha): + - Explicitly permit the poll() system call when the Linux + seccomp2-based sandbox is enabled: apparently, some versions of + libc use poll() when calling getpwnam(). Closes ticket 25313. + + o Minor feature (continuous integration, backport from 0.3.3.5-rc): + - Update the Travis CI configuration to use the stable Rust channel, + now that we have decided to require that. Closes ticket 25714. + + o Minor features (continuous integration, backport from 0.3.4.1-alpha): + - Our .travis.yml configuration now includes support for testing the + results of "make distcheck". (It's not uncommon for "make check" + to pass but "make distcheck" to fail.) Closes ticket 25814. + - Our Travis CI configuration now integrates with the Coveralls + coverage analysis tool. Closes ticket 25818. + + o Minor features (relay, diagnostic, backport from 0.3.4.3-alpha): + - Add several checks to detect whether Tor relays are uploading + their descriptors without specifying why they regenerated them. + Diagnostic for ticket 25686. + + o Minor features (compilation, backport from 0.3.4.4-rc): + - When building Tor, prefer to use Python 3 over Python 2, and more + recent (contemplated) versions over older ones. Closes + ticket 26372. + + o Minor features (geoip): + - Update geoip and geoip6 to the July 3 2018 Maxmind GeoLite2 + Country database. Closes ticket 26674. + + o Minor bugfixes (correctness, client, backport from 0.3.4.1-alpha): + - Upon receiving a malformed connected cell, stop processing the + cell immediately. Previously we would mark the connection for + close, but continue processing the cell as if the connection were + open. Fixes bug 26072; bugfix on 0.2.4.7-alpha. + + o Minor bugfixes (Linux seccomp2 sandbox, backport from 0.3.4.1-alpha): + - Allow the nanosleep() system call, which glibc uses to implement + sleep() and usleep(). Fixes bug 24969; bugfix on 0.2.5.1-alpha. + + o Minor bugfixes (testing, compatibility, backport from 0.3.4.4-rc): + - When running the hs_ntor_ref.py test, make sure only to pass + strings (rather than "bytes" objects) to the Python subprocess + module. Python 3 on Windows seems to require this. Fixes bug + 26535; bugfix on 0.3.1.1-alpha. + - When running the ntor_ref.py test, make sure only to pass strings + (rather than "bytes" objects) to the Python subprocess module. + Python 3 on Windows seems to require this. Fixes bug 26535; bugfix + on 0.2.5.5-alpha. + + o Minor bugfixes (compatibility, openssl, backport from 0.3.4.2-alpha): + - Work around a change in OpenSSL 1.1.1 where return values that + would previously indicate "no password" now indicate an empty + password. Without this workaround, Tor instances running with + OpenSSL 1.1.1 would accept descriptors that other Tor instances + would reject. Fixes bug 26116; bugfix on 0.2.5.16. + + o Minor bugfixes (documentation, backport from 0.3.3.5-rc): + - Document that the PerConnBW{Rate,Burst} options will fall back to + their corresponding consensus parameters only if those parameters + are set. Previously we had claimed that these values would always + be set in the consensus. Fixes bug 25296; bugfix on 0.2.2.7-alpha. + + o Minor bugfixes (compilation, backport from 0.3.4.4-rc): + - Fix a compilation warning on some versions of GCC when building + code that calls routerinfo_get_my_routerinfo() twice, assuming + that the second call will succeed if the first one did. Fixes bug + 26269; bugfix on 0.2.8.2-alpha. + + o Minor bugfixes (client, backport from 0.3.4.1-alpha): + - Don't consider Tor running as a client if the ControlPort is open, + but no actual client ports are open. Fixes bug 26062; bugfix + on 0.2.9.4-alpha. + + o Minor bugfixes (hardening, backport from 0.3.4.2-alpha): + - Prevent a possible out-of-bounds smartlist read in + protover_compute_vote(). Fixes bug 26196; bugfix on 0.2.9.4-alpha. + + o Minor bugfixes (C correctness, backport from 0.3.3.4-alpha): + - Fix a very unlikely (impossible, we believe) null pointer + dereference. Fixes bug 25629; bugfix on 0.2.9.15. Found by + Coverity; this is CID 1430932. + + o Minor bugfixes (onion service, backport from 0.3.4.1-alpha): + - Fix a memory leak when a v3 onion service is configured and gets a + SIGHUP signal. Fixes bug 25901; bugfix on 0.3.2.1-alpha. + - When parsing the descriptor signature, look for the token plus an + extra white-space at the end. This is more correct but also will + allow us to support new fields that might start with "signature". + Fixes bug 26069; bugfix on 0.3.0.1-alpha. + + o Minor bugfixes (relay, backport from 0.3.4.3-alpha): + - Relays now correctly block attempts to re-extend to the previous + relay by Ed25519 identity. Previously they would warn in this + case, but not actually reject the attempt. Fixes bug 26158; bugfix + on 0.3.0.1-alpha. + + o Minor bugfixes (relay, crash, backport from 0.3.4.1-alpha): + - Avoid a crash when running with DirPort set but ORPort turned off. + Fixes a case of bug 23693; bugfix on 0.3.1.1-alpha. + + o Minor bugfixes (compilation, backport from 0.3.4.2-alpha): + - Silence unused-const-variable warnings in zstd.h with some GCC + versions. Fixes bug 26272; bugfix on 0.3.1.1-alpha. + + o Minor bugfixes (testing, backport from 0.3.3.4-alpha): + - Avoid intermittent test failures due to a test that had relied on + onion service introduction point creation finishing within 5 + seconds of real clock time. Fixes bug 25450; bugfix + on 0.3.1.3-alpha. + + o Minor bugfixes (compilation, backport from 0.3.3.4-alpha): + - Fix a C99 compliance issue in our configuration script that caused + compilation issues when compiling Tor with certain versions of + xtools. Fixes bug 25474; bugfix on 0.3.2.5-alpha. + + o Minor bugfixes (memory, correctness, backport from 0.3.4.4-rc): + - Fix a number of small memory leaks identified by coverity. Fixes + bug 26467; bugfix on numerous Tor versions. + + o Code simplification and refactoring (backport from 0.3.3.5-rc): + - Move the list of default directory authorities to its own file. + Closes ticket 24854. Patch by "beastr0". + + +Changes in version 0.2.9.16 - 2018-07-13 + Tor 0.2.9.16 moves to a new bridge authority, meaning people running + bridge relays should upgrade. We also take this opportunity to backport + other minor fixes. + + o Directory authority changes: + - The "Bifroest" bridge authority has been retired; the new bridge + authority is "Serge", and it is operated by George from the + TorBSD project. Closes ticket 26771. + + o Directory authority changes (backport from 0.3.3.7): + - Add an IPv6 address for the "dannenberg" directory authority. + Closes ticket 26343. + + o Major bugfixes (directory authorities, backport from 0.3.4.1-alpha): + - When directory authorities read a zero-byte bandwidth file, they + would previously log a warning with the contents of an + uninitialised buffer. They now log a warning about the empty file + instead. Fixes bug 26007; bugfix on 0.2.2.1-alpha. + + o Minor features (sandbox, backport from 0.3.3.4-alpha): + - Explicitly permit the poll() system call when the Linux + seccomp2-based sandbox is enabled: apparently, some versions of + libc use poll() when calling getpwnam(). Closes ticket 25313. + + o Minor features (continuous integration, backport from 0.3.4.1-alpha): + - Our .travis.yml configuration now includes support for testing the + results of "make distcheck". (It's not uncommon for "make check" + to pass but "make distcheck" to fail.) Closes ticket 25814. + - Our Travis CI configuration now integrates with the Coveralls + coverage analysis tool. Closes ticket 25818. + + o Minor features (compilation, backport from 0.3.4.4-rc): + - When building Tor, prefer to use Python 3 over Python 2, and more + recent (contemplated) versions over older ones. Closes + ticket 26372. + + o Minor features (geoip): + - Update geoip and geoip6 to the July 3 2018 Maxmind GeoLite2 + Country database. Closes ticket 26674. + + o Minor bugfixes (correctness, client, backport from 0.3.4.1-alpha): + - Upon receiving a malformed connected cell, stop processing the + cell immediately. Previously we would mark the connection for + close, but continue processing the cell as if the connection were + open. Fixes bug 26072; bugfix on 0.2.4.7-alpha. + + o Minor bugfixes (Linux seccomp2 sandbox, backport from 0.3.4.1-alpha): + - Allow the nanosleep() system call, which glibc uses to implement + sleep() and usleep(). Fixes bug 24969; bugfix on 0.2.5.1-alpha. + + o Minor bugfixes (testing, compatibility, backport from 0.3.4.4-rc): + - When running the ntor_ref.py test, make sure only to pass strings + (rather than "bytes" objects) to the Python subprocess module. + Python 3 on Windows seems to require this. Fixes bug 26535; bugfix + on 0.2.5.5-alpha. + + o Minor bugfixes (compatibility, openssl, backport from 0.3.4.2-alpha): + - Work around a change in OpenSSL 1.1.1 where return values that + would previously indicate "no password" now indicate an empty + password. Without this workaround, Tor instances running with + OpenSSL 1.1.1 would accept descriptors that other Tor instances + would reject. Fixes bug 26116; bugfix on 0.2.5.16. + + o Minor bugfixes (compilation, backport from 0.3.4.4-rc): + - Fix a compilation warning on some versions of GCC when building + code that calls routerinfo_get_my_routerinfo() twice, assuming + that the second call will succeed if the first one did. Fixes bug + 26269; bugfix on 0.2.8.2-alpha. + + o Minor bugfixes (client, backport from 0.3.4.1-alpha): + - Don't consider Tor running as a client if the ControlPort is open, + but no actual client ports are open. Fixes bug 26062; bugfix + on 0.2.9.4-alpha. + + o Minor bugfixes (hardening, backport from 0.3.4.2-alpha): + - Prevent a possible out-of-bounds smartlist read in + protover_compute_vote(). Fixes bug 26196; bugfix on 0.2.9.4-alpha. + + o Minor bugfixes (C correctness, backport from 0.3.3.4-alpha): + - Fix a very unlikely (impossible, we believe) null pointer + dereference. Fixes bug 25629; bugfix on 0.2.9.15. Found by + Coverity; this is CID 1430932. + + o Minor bugfixes (memory, correctness, backport from 0.3.4.4-rc): + - Fix a number of small memory leaks identified by coverity. Fixes + bug 26467; bugfix on numerous Tor versions. + + o Code simplification and refactoring (backport from 0.3.3.5-rc): + - Move the list of default directory authorities to its own file. + Closes ticket 24854. Patch by "beastr0". + + Changes in version 0.3.4.4-rc - 2018-07-09 Tor 0.3.4.4-rc fixes several small compilation, portability, and correctness issues in previous versions of Tor. This version is a diff --git a/ReleaseNotes b/ReleaseNotes index 5de84d63d..46a19fecc 100644 --- a/ReleaseNotes +++ b/ReleaseNotes @@ -2,6 +2,258 @@ This document summarizes new features and bugfixes in each stable release of Tor. If you want to see more detailed descriptions of the changes in each development snapshot, see the ChangeLog file. +Changes in version 0.3.3.9 - 2018-07-13 + Tor 0.3.3.9 moves to a new bridge authority, meaning people running + bridge relays should upgrade. + + o Directory authority changes: + - The "Bifroest" bridge authority has been retired; the new bridge + authority is "Serge", and it is operated by George from the + TorBSD project. Closes ticket 26771. + + +Changes in version 0.3.2.11 - 2018-07-13 + Tor 0.3.2.11 moves to a new bridge authority, meaning people running + bridge relays should upgrade. We also take this opportunity to backport + other minor fixes. + + o Directory authority changes: + - The "Bifroest" bridge authority has been retired; the new bridge + authority is "Serge", and it is operated by George from the + TorBSD project. Closes ticket 26771. + + o Directory authority changes (backport from 0.3.3.7): + - Add an IPv6 address for the "dannenberg" directory authority. + Closes ticket 26343. + + o Major bugfixes (directory authorities, backport from 0.3.4.1-alpha): + - When directory authorities read a zero-byte bandwidth file, they + would previously log a warning with the contents of an + uninitialised buffer. They now log a warning about the empty file + instead. Fixes bug 26007; bugfix on 0.2.2.1-alpha. + + o Major bugfixes (onion service, backport from 0.3.4.1-alpha): + - Correctly detect when onion services get disabled after HUP. Fixes + bug 25761; bugfix on 0.3.2.1. + + o Minor features (sandbox, backport from 0.3.3.4-alpha): + - Explicitly permit the poll() system call when the Linux + seccomp2-based sandbox is enabled: apparently, some versions of + libc use poll() when calling getpwnam(). Closes ticket 25313. + + o Minor feature (continuous integration, backport from 0.3.3.5-rc): + - Update the Travis CI configuration to use the stable Rust channel, + now that we have decided to require that. Closes ticket 25714. + + o Minor features (continuous integration, backport from 0.3.4.1-alpha): + - Our .travis.yml configuration now includes support for testing the + results of "make distcheck". (It's not uncommon for "make check" + to pass but "make distcheck" to fail.) Closes ticket 25814. + - Our Travis CI configuration now integrates with the Coveralls + coverage analysis tool. Closes ticket 25818. + + o Minor features (relay, diagnostic, backport from 0.3.4.3-alpha): + - Add several checks to detect whether Tor relays are uploading + their descriptors without specifying why they regenerated them. + Diagnostic for ticket 25686. + + o Minor features (compilation, backport from 0.3.4.4-rc): + - When building Tor, prefer to use Python 3 over Python 2, and more + recent (contemplated) versions over older ones. Closes + ticket 26372. + + o Minor features (geoip): + - Update geoip and geoip6 to the July 3 2018 Maxmind GeoLite2 + Country database. Closes ticket 26674. + + o Minor bugfixes (correctness, client, backport from 0.3.4.1-alpha): + - Upon receiving a malformed connected cell, stop processing the + cell immediately. Previously we would mark the connection for + close, but continue processing the cell as if the connection were + open. Fixes bug 26072; bugfix on 0.2.4.7-alpha. + + o Minor bugfixes (Linux seccomp2 sandbox, backport from 0.3.4.1-alpha): + - Allow the nanosleep() system call, which glibc uses to implement + sleep() and usleep(). Fixes bug 24969; bugfix on 0.2.5.1-alpha. + + o Minor bugfixes (testing, compatibility, backport from 0.3.4.4-rc): + - When running the hs_ntor_ref.py test, make sure only to pass + strings (rather than "bytes" objects) to the Python subprocess + module. Python 3 on Windows seems to require this. Fixes bug + 26535; bugfix on 0.3.1.1-alpha. + - When running the ntor_ref.py test, make sure only to pass strings + (rather than "bytes" objects) to the Python subprocess module. + Python 3 on Windows seems to require this. Fixes bug 26535; bugfix + on 0.2.5.5-alpha. + + o Minor bugfixes (compatibility, openssl, backport from 0.3.4.2-alpha): + - Work around a change in OpenSSL 1.1.1 where return values that + would previously indicate "no password" now indicate an empty + password. Without this workaround, Tor instances running with + OpenSSL 1.1.1 would accept descriptors that other Tor instances + would reject. Fixes bug 26116; bugfix on 0.2.5.16. + + o Minor bugfixes (documentation, backport from 0.3.3.5-rc): + - Document that the PerConnBW{Rate,Burst} options will fall back to + their corresponding consensus parameters only if those parameters + are set. Previously we had claimed that these values would always + be set in the consensus. Fixes bug 25296; bugfix on 0.2.2.7-alpha. + + o Minor bugfixes (compilation, backport from 0.3.4.4-rc): + - Fix a compilation warning on some versions of GCC when building + code that calls routerinfo_get_my_routerinfo() twice, assuming + that the second call will succeed if the first one did. Fixes bug + 26269; bugfix on 0.2.8.2-alpha. + + o Minor bugfixes (client, backport from 0.3.4.1-alpha): + - Don't consider Tor running as a client if the ControlPort is open, + but no actual client ports are open. Fixes bug 26062; bugfix + on 0.2.9.4-alpha. + + o Minor bugfixes (hardening, backport from 0.3.4.2-alpha): + - Prevent a possible out-of-bounds smartlist read in + protover_compute_vote(). Fixes bug 26196; bugfix on 0.2.9.4-alpha. + + o Minor bugfixes (C correctness, backport from 0.3.3.4-alpha): + - Fix a very unlikely (impossible, we believe) null pointer + dereference. Fixes bug 25629; bugfix on 0.2.9.15. Found by + Coverity; this is CID 1430932. + + o Minor bugfixes (onion service, backport from 0.3.4.1-alpha): + - Fix a memory leak when a v3 onion service is configured and gets a + SIGHUP signal. Fixes bug 25901; bugfix on 0.3.2.1-alpha. + - When parsing the descriptor signature, look for the token plus an + extra white-space at the end. This is more correct but also will + allow us to support new fields that might start with "signature". + Fixes bug 26069; bugfix on 0.3.0.1-alpha. + + o Minor bugfixes (relay, backport from 0.3.4.3-alpha): + - Relays now correctly block attempts to re-extend to the previous + relay by Ed25519 identity. Previously they would warn in this + case, but not actually reject the attempt. Fixes bug 26158; bugfix + on 0.3.0.1-alpha. + + o Minor bugfixes (relay, crash, backport from 0.3.4.1-alpha): + - Avoid a crash when running with DirPort set but ORPort turned off. + Fixes a case of bug 23693; bugfix on 0.3.1.1-alpha. + + o Minor bugfixes (compilation, backport from 0.3.4.2-alpha): + - Silence unused-const-variable warnings in zstd.h with some GCC + versions. Fixes bug 26272; bugfix on 0.3.1.1-alpha. + + o Minor bugfixes (testing, backport from 0.3.3.4-alpha): + - Avoid intermittent test failures due to a test that had relied on + onion service introduction point creation finishing within 5 + seconds of real clock time. Fixes bug 25450; bugfix + on 0.3.1.3-alpha. + + o Minor bugfixes (compilation, backport from 0.3.3.4-alpha): + - Fix a C99 compliance issue in our configuration script that caused + compilation issues when compiling Tor with certain versions of + xtools. Fixes bug 25474; bugfix on 0.3.2.5-alpha. + + o Minor bugfixes (memory, correctness, backport from 0.3.4.4-rc): + - Fix a number of small memory leaks identified by coverity. Fixes + bug 26467; bugfix on numerous Tor versions. + + o Code simplification and refactoring (backport from 0.3.3.5-rc): + - Move the list of default directory authorities to its own file. + Closes ticket 24854. Patch by "beastr0". + + +Changes in version 0.2.9.16 - 2018-07-13 + Tor 0.2.9.16 moves to a new bridge authority, meaning people running + bridge relays should upgrade. We also take this opportunity to backport + other minor fixes. + + o Directory authority changes: + - The "Bifroest" bridge authority has been retired; the new bridge + authority is "Serge", and it is operated by George from the + TorBSD project. Closes ticket 26771. + + o Directory authority changes (backport from 0.3.3.7): + - Add an IPv6 address for the "dannenberg" directory authority. + Closes ticket 26343. + + o Major bugfixes (directory authorities, backport from 0.3.4.1-alpha): + - When directory authorities read a zero-byte bandwidth file, they + would previously log a warning with the contents of an + uninitialised buffer. They now log a warning about the empty file + instead. Fixes bug 26007; bugfix on 0.2.2.1-alpha. + + o Minor features (sandbox, backport from 0.3.3.4-alpha): + - Explicitly permit the poll() system call when the Linux + seccomp2-based sandbox is enabled: apparently, some versions of + libc use poll() when calling getpwnam(). Closes ticket 25313. + + o Minor features (continuous integration, backport from 0.3.4.1-alpha): + - Our .travis.yml configuration now includes support for testing the + results of "make distcheck". (It's not uncommon for "make check" + to pass but "make distcheck" to fail.) Closes ticket 25814. + - Our Travis CI configuration now integrates with the Coveralls + coverage analysis tool. Closes ticket 25818. + + o Minor features (compilation, backport from 0.3.4.4-rc): + - When building Tor, prefer to use Python 3 over Python 2, and more + recent (contemplated) versions over older ones. Closes + ticket 26372. + + o Minor features (geoip): + - Update geoip and geoip6 to the July 3 2018 Maxmind GeoLite2 + Country database. Closes ticket 26674. + + o Minor bugfixes (correctness, client, backport from 0.3.4.1-alpha): + - Upon receiving a malformed connected cell, stop processing the + cell immediately. Previously we would mark the connection for + close, but continue processing the cell as if the connection were + open. Fixes bug 26072; bugfix on 0.2.4.7-alpha. + + o Minor bugfixes (Linux seccomp2 sandbox, backport from 0.3.4.1-alpha): + - Allow the nanosleep() system call, which glibc uses to implement + sleep() and usleep(). Fixes bug 24969; bugfix on 0.2.5.1-alpha. + + o Minor bugfixes (testing, compatibility, backport from 0.3.4.4-rc): + - When running the ntor_ref.py test, make sure only to pass strings + (rather than "bytes" objects) to the Python subprocess module. + Python 3 on Windows seems to require this. Fixes bug 26535; bugfix + on 0.2.5.5-alpha. + + o Minor bugfixes (compatibility, openssl, backport from 0.3.4.2-alpha): + - Work around a change in OpenSSL 1.1.1 where return values that + would previously indicate "no password" now indicate an empty + password. Without this workaround, Tor instances running with + OpenSSL 1.1.1 would accept descriptors that other Tor instances + would reject. Fixes bug 26116; bugfix on 0.2.5.16. + + o Minor bugfixes (compilation, backport from 0.3.4.4-rc): + - Fix a compilation warning on some versions of GCC when building + code that calls routerinfo_get_my_routerinfo() twice, assuming + that the second call will succeed if the first one did. Fixes bug + 26269; bugfix on 0.2.8.2-alpha. + + o Minor bugfixes (client, backport from 0.3.4.1-alpha): + - Don't consider Tor running as a client if the ControlPort is open, + but no actual client ports are open. Fixes bug 26062; bugfix + on 0.2.9.4-alpha. + + o Minor bugfixes (hardening, backport from 0.3.4.2-alpha): + - Prevent a possible out-of-bounds smartlist read in + protover_compute_vote(). Fixes bug 26196; bugfix on 0.2.9.4-alpha. + + o Minor bugfixes (C correctness, backport from 0.3.3.4-alpha): + - Fix a very unlikely (impossible, we believe) null pointer + dereference. Fixes bug 25629; bugfix on 0.2.9.15. Found by + Coverity; this is CID 1430932. + + o Minor bugfixes (memory, correctness, backport from 0.3.4.4-rc): + - Fix a number of small memory leaks identified by coverity. Fixes + bug 26467; bugfix on numerous Tor versions. + + o Code simplification and refactoring (backport from 0.3.3.5-rc): + - Move the list of default directory authorities to its own file. + Closes ticket 24854. Patch by "beastr0". + + Changes in version 0.3.3.7 - 2018-06-12 Tor 0.3.3.7 backports several changes from the 0.3.4.x series, including fixes for bugs affecting compatibility and stability.

1 0

[tor/release-0.3.3] forward-port older changelogs
by arma＠torproject.org 13 Jul '18

13 Jul '18

commit 45028085ea188baf011524095e6fa3d55325ff49 Author: Roger Dingledine <arma(a)torproject.org> Date: Thu Jul 12 21:31:11 2018 -0400 forward-port older changelogs (it looks like release-0.3.2 is missing a bunch of changelog stanzas. oh well. maybe we can just let that branch quietly go obsolete in october.) --- ChangeLog | 242 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ReleaseNotes | 242 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 484 insertions(+) diff --git a/ChangeLog b/ChangeLog index 6841848c3..14b52968a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,248 @@ Changes in version 0.3.3.9 - 2018-07-13 TorBSD project. Closes ticket 26771. +Changes in version 0.3.2.11 - 2018-07-13 + Tor 0.3.2.11 moves to a new bridge authority, meaning people running + bridge relays should upgrade. We also take this opportunity to backport + other minor fixes. + + o Directory authority changes: + - The "Bifroest" bridge authority has been retired; the new bridge + authority is "Serge", and it is operated by George from the + TorBSD project. Closes ticket 26771. + + o Directory authority changes (backport from 0.3.3.7): + - Add an IPv6 address for the "dannenberg" directory authority. + Closes ticket 26343. + + o Major bugfixes (directory authorities, backport from 0.3.4.1-alpha): + - When directory authorities read a zero-byte bandwidth file, they + would previously log a warning with the contents of an + uninitialised buffer. They now log a warning about the empty file + instead. Fixes bug 26007; bugfix on 0.2.2.1-alpha. + + o Major bugfixes (onion service, backport from 0.3.4.1-alpha): + - Correctly detect when onion services get disabled after HUP. Fixes + bug 25761; bugfix on 0.3.2.1. + + o Minor features (sandbox, backport from 0.3.3.4-alpha): + - Explicitly permit the poll() system call when the Linux + seccomp2-based sandbox is enabled: apparently, some versions of + libc use poll() when calling getpwnam(). Closes ticket 25313. + + o Minor feature (continuous integration, backport from 0.3.3.5-rc): + - Update the Travis CI configuration to use the stable Rust channel, + now that we have decided to require that. Closes ticket 25714. + + o Minor features (continuous integration, backport from 0.3.4.1-alpha): + - Our .travis.yml configuration now includes support for testing the + results of "make distcheck". (It's not uncommon for "make check" + to pass but "make distcheck" to fail.) Closes ticket 25814. + - Our Travis CI configuration now integrates with the Coveralls + coverage analysis tool. Closes ticket 25818. + + o Minor features (relay, diagnostic, backport from 0.3.4.3-alpha): + - Add several checks to detect whether Tor relays are uploading + their descriptors without specifying why they regenerated them. + Diagnostic for ticket 25686. + + o Minor features (compilation, backport from 0.3.4.4-rc): + - When building Tor, prefer to use Python 3 over Python 2, and more + recent (contemplated) versions over older ones. Closes + ticket 26372. + + o Minor features (geoip): + - Update geoip and geoip6 to the July 3 2018 Maxmind GeoLite2 + Country database. Closes ticket 26674. + + o Minor bugfixes (correctness, client, backport from 0.3.4.1-alpha): + - Upon receiving a malformed connected cell, stop processing the + cell immediately. Previously we would mark the connection for + close, but continue processing the cell as if the connection were + open. Fixes bug 26072; bugfix on 0.2.4.7-alpha. + + o Minor bugfixes (Linux seccomp2 sandbox, backport from 0.3.4.1-alpha): + - Allow the nanosleep() system call, which glibc uses to implement + sleep() and usleep(). Fixes bug 24969; bugfix on 0.2.5.1-alpha. + + o Minor bugfixes (testing, compatibility, backport from 0.3.4.4-rc): + - When running the hs_ntor_ref.py test, make sure only to pass + strings (rather than "bytes" objects) to the Python subprocess + module. Python 3 on Windows seems to require this. Fixes bug + 26535; bugfix on 0.3.1.1-alpha. + - When running the ntor_ref.py test, make sure only to pass strings + (rather than "bytes" objects) to the Python subprocess module. + Python 3 on Windows seems to require this. Fixes bug 26535; bugfix + on 0.2.5.5-alpha. + + o Minor bugfixes (compatibility, openssl, backport from 0.3.4.2-alpha): + - Work around a change in OpenSSL 1.1.1 where return values that + would previously indicate "no password" now indicate an empty + password. Without this workaround, Tor instances running with + OpenSSL 1.1.1 would accept descriptors that other Tor instances + would reject. Fixes bug 26116; bugfix on 0.2.5.16. + + o Minor bugfixes (documentation, backport from 0.3.3.5-rc): + - Document that the PerConnBW{Rate,Burst} options will fall back to + their corresponding consensus parameters only if those parameters + are set. Previously we had claimed that these values would always + be set in the consensus. Fixes bug 25296; bugfix on 0.2.2.7-alpha. + + o Minor bugfixes (compilation, backport from 0.3.4.4-rc): + - Fix a compilation warning on some versions of GCC when building + code that calls routerinfo_get_my_routerinfo() twice, assuming + that the second call will succeed if the first one did. Fixes bug + 26269; bugfix on 0.2.8.2-alpha. + + o Minor bugfixes (client, backport from 0.3.4.1-alpha): + - Don't consider Tor running as a client if the ControlPort is open, + but no actual client ports are open. Fixes bug 26062; bugfix + on 0.2.9.4-alpha. + + o Minor bugfixes (hardening, backport from 0.3.4.2-alpha): + - Prevent a possible out-of-bounds smartlist read in + protover_compute_vote(). Fixes bug 26196; bugfix on 0.2.9.4-alpha. + + o Minor bugfixes (C correctness, backport from 0.3.3.4-alpha): + - Fix a very unlikely (impossible, we believe) null pointer + dereference. Fixes bug 25629; bugfix on 0.2.9.15. Found by + Coverity; this is CID 1430932. + + o Minor bugfixes (onion service, backport from 0.3.4.1-alpha): + - Fix a memory leak when a v3 onion service is configured and gets a + SIGHUP signal. Fixes bug 25901; bugfix on 0.3.2.1-alpha. + - When parsing the descriptor signature, look for the token plus an + extra white-space at the end. This is more correct but also will + allow us to support new fields that might start with "signature". + Fixes bug 26069; bugfix on 0.3.0.1-alpha. + + o Minor bugfixes (relay, backport from 0.3.4.3-alpha): + - Relays now correctly block attempts to re-extend to the previous + relay by Ed25519 identity. Previously they would warn in this + case, but not actually reject the attempt. Fixes bug 26158; bugfix + on 0.3.0.1-alpha. + + o Minor bugfixes (relay, crash, backport from 0.3.4.1-alpha): + - Avoid a crash when running with DirPort set but ORPort turned off. + Fixes a case of bug 23693; bugfix on 0.3.1.1-alpha. + + o Minor bugfixes (compilation, backport from 0.3.4.2-alpha): + - Silence unused-const-variable warnings in zstd.h with some GCC + versions. Fixes bug 26272; bugfix on 0.3.1.1-alpha. + + o Minor bugfixes (testing, backport from 0.3.3.4-alpha): + - Avoid intermittent test failures due to a test that had relied on + onion service introduction point creation finishing within 5 + seconds of real clock time. Fixes bug 25450; bugfix + on 0.3.1.3-alpha. + + o Minor bugfixes (compilation, backport from 0.3.3.4-alpha): + - Fix a C99 compliance issue in our configuration script that caused + compilation issues when compiling Tor with certain versions of + xtools. Fixes bug 25474; bugfix on 0.3.2.5-alpha. + + o Minor bugfixes (memory, correctness, backport from 0.3.4.4-rc): + - Fix a number of small memory leaks identified by coverity. Fixes + bug 26467; bugfix on numerous Tor versions. + + o Code simplification and refactoring (backport from 0.3.3.5-rc): + - Move the list of default directory authorities to its own file. + Closes ticket 24854. Patch by "beastr0". + + +Changes in version 0.2.9.16 - 2018-07-13 + Tor 0.2.9.16 moves to a new bridge authority, meaning people running + bridge relays should upgrade. We also take this opportunity to backport + other minor fixes. + + o Directory authority changes: + - The "Bifroest" bridge authority has been retired; the new bridge + authority is "Serge", and it is operated by George from the + TorBSD project. Closes ticket 26771. + + o Directory authority changes (backport from 0.3.3.7): + - Add an IPv6 address for the "dannenberg" directory authority. + Closes ticket 26343. + + o Major bugfixes (directory authorities, backport from 0.3.4.1-alpha): + - When directory authorities read a zero-byte bandwidth file, they + would previously log a warning with the contents of an + uninitialised buffer. They now log a warning about the empty file + instead. Fixes bug 26007; bugfix on 0.2.2.1-alpha. + + o Minor features (sandbox, backport from 0.3.3.4-alpha): + - Explicitly permit the poll() system call when the Linux + seccomp2-based sandbox is enabled: apparently, some versions of + libc use poll() when calling getpwnam(). Closes ticket 25313. + + o Minor features (continuous integration, backport from 0.3.4.1-alpha): + - Our .travis.yml configuration now includes support for testing the + results of "make distcheck". (It's not uncommon for "make check" + to pass but "make distcheck" to fail.) Closes ticket 25814. + - Our Travis CI configuration now integrates with the Coveralls + coverage analysis tool. Closes ticket 25818. + + o Minor features (compilation, backport from 0.3.4.4-rc): + - When building Tor, prefer to use Python 3 over Python 2, and more + recent (contemplated) versions over older ones. Closes + ticket 26372. + + o Minor features (geoip): + - Update geoip and geoip6 to the July 3 2018 Maxmind GeoLite2 + Country database. Closes ticket 26674. + + o Minor bugfixes (correctness, client, backport from 0.3.4.1-alpha): + - Upon receiving a malformed connected cell, stop processing the + cell immediately. Previously we would mark the connection for + close, but continue processing the cell as if the connection were + open. Fixes bug 26072; bugfix on 0.2.4.7-alpha. + + o Minor bugfixes (Linux seccomp2 sandbox, backport from 0.3.4.1-alpha): + - Allow the nanosleep() system call, which glibc uses to implement + sleep() and usleep(). Fixes bug 24969; bugfix on 0.2.5.1-alpha. + + o Minor bugfixes (testing, compatibility, backport from 0.3.4.4-rc): + - When running the ntor_ref.py test, make sure only to pass strings + (rather than "bytes" objects) to the Python subprocess module. + Python 3 on Windows seems to require this. Fixes bug 26535; bugfix + on 0.2.5.5-alpha. + + o Minor bugfixes (compatibility, openssl, backport from 0.3.4.2-alpha): + - Work around a change in OpenSSL 1.1.1 where return values that + would previously indicate "no password" now indicate an empty + password. Without this workaround, Tor instances running with + OpenSSL 1.1.1 would accept descriptors that other Tor instances + would reject. Fixes bug 26116; bugfix on 0.2.5.16. + + o Minor bugfixes (compilation, backport from 0.3.4.4-rc): + - Fix a compilation warning on some versions of GCC when building + code that calls routerinfo_get_my_routerinfo() twice, assuming + that the second call will succeed if the first one did. Fixes bug + 26269; bugfix on 0.2.8.2-alpha. + + o Minor bugfixes (client, backport from 0.3.4.1-alpha): + - Don't consider Tor running as a client if the ControlPort is open, + but no actual client ports are open. Fixes bug 26062; bugfix + on 0.2.9.4-alpha. + + o Minor bugfixes (hardening, backport from 0.3.4.2-alpha): + - Prevent a possible out-of-bounds smartlist read in + protover_compute_vote(). Fixes bug 26196; bugfix on 0.2.9.4-alpha. + + o Minor bugfixes (C correctness, backport from 0.3.3.4-alpha): + - Fix a very unlikely (impossible, we believe) null pointer + dereference. Fixes bug 25629; bugfix on 0.2.9.15. Found by + Coverity; this is CID 1430932. + + o Minor bugfixes (memory, correctness, backport from 0.3.4.4-rc): + - Fix a number of small memory leaks identified by coverity. Fixes + bug 26467; bugfix on numerous Tor versions. + + o Code simplification and refactoring (backport from 0.3.3.5-rc): + - Move the list of default directory authorities to its own file. + Closes ticket 24854. Patch by "beastr0". + + Changes in version 0.3.3.8 - 2018-07-09 Tor 0.3.3.8 backports several changes from the 0.3.4.x series, including fixes for a memory leak affecting directory authorities. diff --git a/ReleaseNotes b/ReleaseNotes index f2befc12f..3c889d7f2 100644 --- a/ReleaseNotes +++ b/ReleaseNotes @@ -12,6 +12,248 @@ Changes in version 0.3.3.9 - 2018-07-13 TorBSD project. Closes ticket 26771. +Changes in version 0.3.2.11 - 2018-07-13 + Tor 0.3.2.11 moves to a new bridge authority, meaning people running + bridge relays should upgrade. We also take this opportunity to backport + other minor fixes. + + o Directory authority changes: + - The "Bifroest" bridge authority has been retired; the new bridge + authority is "Serge", and it is operated by George from the + TorBSD project. Closes ticket 26771. + + o Directory authority changes (backport from 0.3.3.7): + - Add an IPv6 address for the "dannenberg" directory authority. + Closes ticket 26343. + + o Major bugfixes (directory authorities, backport from 0.3.4.1-alpha): + - When directory authorities read a zero-byte bandwidth file, they + would previously log a warning with the contents of an + uninitialised buffer. They now log a warning about the empty file + instead. Fixes bug 26007; bugfix on 0.2.2.1-alpha. + + o Major bugfixes (onion service, backport from 0.3.4.1-alpha): + - Correctly detect when onion services get disabled after HUP. Fixes + bug 25761; bugfix on 0.3.2.1. + + o Minor features (sandbox, backport from 0.3.3.4-alpha): + - Explicitly permit the poll() system call when the Linux + seccomp2-based sandbox is enabled: apparently, some versions of + libc use poll() when calling getpwnam(). Closes ticket 25313. + + o Minor feature (continuous integration, backport from 0.3.3.5-rc): + - Update the Travis CI configuration to use the stable Rust channel, + now that we have decided to require that. Closes ticket 25714. + + o Minor features (continuous integration, backport from 0.3.4.1-alpha): + - Our .travis.yml configuration now includes support for testing the + results of "make distcheck". (It's not uncommon for "make check" + to pass but "make distcheck" to fail.) Closes ticket 25814. + - Our Travis CI configuration now integrates with the Coveralls + coverage analysis tool. Closes ticket 25818. + + o Minor features (relay, diagnostic, backport from 0.3.4.3-alpha): + - Add several checks to detect whether Tor relays are uploading + their descriptors without specifying why they regenerated them. + Diagnostic for ticket 25686. + + o Minor features (compilation, backport from 0.3.4.4-rc): + - When building Tor, prefer to use Python 3 over Python 2, and more + recent (contemplated) versions over older ones. Closes + ticket 26372. + + o Minor features (geoip): + - Update geoip and geoip6 to the July 3 2018 Maxmind GeoLite2 + Country database. Closes ticket 26674. + + o Minor bugfixes (correctness, client, backport from 0.3.4.1-alpha): + - Upon receiving a malformed connected cell, stop processing the + cell immediately. Previously we would mark the connection for + close, but continue processing the cell as if the connection were + open. Fixes bug 26072; bugfix on 0.2.4.7-alpha. + + o Minor bugfixes (Linux seccomp2 sandbox, backport from 0.3.4.1-alpha): + - Allow the nanosleep() system call, which glibc uses to implement + sleep() and usleep(). Fixes bug 24969; bugfix on 0.2.5.1-alpha. + + o Minor bugfixes (testing, compatibility, backport from 0.3.4.4-rc): + - When running the hs_ntor_ref.py test, make sure only to pass + strings (rather than "bytes" objects) to the Python subprocess + module. Python 3 on Windows seems to require this. Fixes bug + 26535; bugfix on 0.3.1.1-alpha. + - When running the ntor_ref.py test, make sure only to pass strings + (rather than "bytes" objects) to the Python subprocess module. + Python 3 on Windows seems to require this. Fixes bug 26535; bugfix + on 0.2.5.5-alpha. + + o Minor bugfixes (compatibility, openssl, backport from 0.3.4.2-alpha): + - Work around a change in OpenSSL 1.1.1 where return values that + would previously indicate "no password" now indicate an empty + password. Without this workaround, Tor instances running with + OpenSSL 1.1.1 would accept descriptors that other Tor instances + would reject. Fixes bug 26116; bugfix on 0.2.5.16. + + o Minor bugfixes (documentation, backport from 0.3.3.5-rc): + - Document that the PerConnBW{Rate,Burst} options will fall back to + their corresponding consensus parameters only if those parameters + are set. Previously we had claimed that these values would always + be set in the consensus. Fixes bug 25296; bugfix on 0.2.2.7-alpha. + + o Minor bugfixes (compilation, backport from 0.3.4.4-rc): + - Fix a compilation warning on some versions of GCC when building + code that calls routerinfo_get_my_routerinfo() twice, assuming + that the second call will succeed if the first one did. Fixes bug + 26269; bugfix on 0.2.8.2-alpha. + + o Minor bugfixes (client, backport from 0.3.4.1-alpha): + - Don't consider Tor running as a client if the ControlPort is open, + but no actual client ports are open. Fixes bug 26062; bugfix + on 0.2.9.4-alpha. + + o Minor bugfixes (hardening, backport from 0.3.4.2-alpha): + - Prevent a possible out-of-bounds smartlist read in + protover_compute_vote(). Fixes bug 26196; bugfix on 0.2.9.4-alpha. + + o Minor bugfixes (C correctness, backport from 0.3.3.4-alpha): + - Fix a very unlikely (impossible, we believe) null pointer + dereference. Fixes bug 25629; bugfix on 0.2.9.15. Found by + Coverity; this is CID 1430932. + + o Minor bugfixes (onion service, backport from 0.3.4.1-alpha): + - Fix a memory leak when a v3 onion service is configured and gets a + SIGHUP signal. Fixes bug 25901; bugfix on 0.3.2.1-alpha. + - When parsing the descriptor signature, look for the token plus an + extra white-space at the end. This is more correct but also will + allow us to support new fields that might start with "signature". + Fixes bug 26069; bugfix on 0.3.0.1-alpha. + + o Minor bugfixes (relay, backport from 0.3.4.3-alpha): + - Relays now correctly block attempts to re-extend to the previous + relay by Ed25519 identity. Previously they would warn in this + case, but not actually reject the attempt. Fixes bug 26158; bugfix + on 0.3.0.1-alpha. + + o Minor bugfixes (relay, crash, backport from 0.3.4.1-alpha): + - Avoid a crash when running with DirPort set but ORPort turned off. + Fixes a case of bug 23693; bugfix on 0.3.1.1-alpha. + + o Minor bugfixes (compilation, backport from 0.3.4.2-alpha): + - Silence unused-const-variable warnings in zstd.h with some GCC + versions. Fixes bug 26272; bugfix on 0.3.1.1-alpha. + + o Minor bugfixes (testing, backport from 0.3.3.4-alpha): + - Avoid intermittent test failures due to a test that had relied on + onion service introduction point creation finishing within 5 + seconds of real clock time. Fixes bug 25450; bugfix + on 0.3.1.3-alpha. + + o Minor bugfixes (compilation, backport from 0.3.3.4-alpha): + - Fix a C99 compliance issue in our configuration script that caused + compilation issues when compiling Tor with certain versions of + xtools. Fixes bug 25474; bugfix on 0.3.2.5-alpha. + + o Minor bugfixes (memory, correctness, backport from 0.3.4.4-rc): + - Fix a number of small memory leaks identified by coverity. Fixes + bug 26467; bugfix on numerous Tor versions. + + o Code simplification and refactoring (backport from 0.3.3.5-rc): + - Move the list of default directory authorities to its own file. + Closes ticket 24854. Patch by "beastr0". + + +Changes in version 0.2.9.16 - 2018-07-13 + Tor 0.2.9.16 moves to a new bridge authority, meaning people running + bridge relays should upgrade. We also take this opportunity to backport + other minor fixes. + + o Directory authority changes: + - The "Bifroest" bridge authority has been retired; the new bridge + authority is "Serge", and it is operated by George from the + TorBSD project. Closes ticket 26771. + + o Directory authority changes (backport from 0.3.3.7): + - Add an IPv6 address for the "dannenberg" directory authority. + Closes ticket 26343. + + o Major bugfixes (directory authorities, backport from 0.3.4.1-alpha): + - When directory authorities read a zero-byte bandwidth file, they + would previously log a warning with the contents of an + uninitialised buffer. They now log a warning about the empty file + instead. Fixes bug 26007; bugfix on 0.2.2.1-alpha. + + o Minor features (sandbox, backport from 0.3.3.4-alpha): + - Explicitly permit the poll() system call when the Linux + seccomp2-based sandbox is enabled: apparently, some versions of + libc use poll() when calling getpwnam(). Closes ticket 25313. + + o Minor features (continuous integration, backport from 0.3.4.1-alpha): + - Our .travis.yml configuration now includes support for testing the + results of "make distcheck". (It's not uncommon for "make check" + to pass but "make distcheck" to fail.) Closes ticket 25814. + - Our Travis CI configuration now integrates with the Coveralls + coverage analysis tool. Closes ticket 25818. + + o Minor features (compilation, backport from 0.3.4.4-rc): + - When building Tor, prefer to use Python 3 over Python 2, and more + recent (contemplated) versions over older ones. Closes + ticket 26372. + + o Minor features (geoip): + - Update geoip and geoip6 to the July 3 2018 Maxmind GeoLite2 + Country database. Closes ticket 26674. + + o Minor bugfixes (correctness, client, backport from 0.3.4.1-alpha): + - Upon receiving a malformed connected cell, stop processing the + cell immediately. Previously we would mark the connection for + close, but continue processing the cell as if the connection were + open. Fixes bug 26072; bugfix on 0.2.4.7-alpha. + + o Minor bugfixes (Linux seccomp2 sandbox, backport from 0.3.4.1-alpha): + - Allow the nanosleep() system call, which glibc uses to implement + sleep() and usleep(). Fixes bug 24969; bugfix on 0.2.5.1-alpha. + + o Minor bugfixes (testing, compatibility, backport from 0.3.4.4-rc): + - When running the ntor_ref.py test, make sure only to pass strings + (rather than "bytes" objects) to the Python subprocess module. + Python 3 on Windows seems to require this. Fixes bug 26535; bugfix + on 0.2.5.5-alpha. + + o Minor bugfixes (compatibility, openssl, backport from 0.3.4.2-alpha): + - Work around a change in OpenSSL 1.1.1 where return values that + would previously indicate "no password" now indicate an empty + password. Without this workaround, Tor instances running with + OpenSSL 1.1.1 would accept descriptors that other Tor instances + would reject. Fixes bug 26116; bugfix on 0.2.5.16. + + o Minor bugfixes (compilation, backport from 0.3.4.4-rc): + - Fix a compilation warning on some versions of GCC when building + code that calls routerinfo_get_my_routerinfo() twice, assuming + that the second call will succeed if the first one did. Fixes bug + 26269; bugfix on 0.2.8.2-alpha. + + o Minor bugfixes (client, backport from 0.3.4.1-alpha): + - Don't consider Tor running as a client if the ControlPort is open, + but no actual client ports are open. Fixes bug 26062; bugfix + on 0.2.9.4-alpha. + + o Minor bugfixes (hardening, backport from 0.3.4.2-alpha): + - Prevent a possible out-of-bounds smartlist read in + protover_compute_vote(). Fixes bug 26196; bugfix on 0.2.9.4-alpha. + + o Minor bugfixes (C correctness, backport from 0.3.3.4-alpha): + - Fix a very unlikely (impossible, we believe) null pointer + dereference. Fixes bug 25629; bugfix on 0.2.9.15. Found by + Coverity; this is CID 1430932. + + o Minor bugfixes (memory, correctness, backport from 0.3.4.4-rc): + - Fix a number of small memory leaks identified by coverity. Fixes + bug 26467; bugfix on numerous Tor versions. + + o Code simplification and refactoring (backport from 0.3.3.5-rc): + - Move the list of default directory authorities to its own file. + Closes ticket 24854. Patch by "beastr0". + + Changes in version 0.3.3.8 - 2018-07-09 Tor 0.3.3.8 backports several changes from the 0.3.4.x series, including fixes for a memory leak affecting directory authorities.

1 0