commit 03e9aa094185e55e120f2fffa01da62b5a7b44df Author: Nick Mathewson nickm@torproject.org Date: Tue Dec 30 09:53:13 2014 -0500
Fold more things into the 0.2.6.2-alpha changelog --- ChangeLog | 106 +++++++++++++++++++-- changes/bug13667 | 6 -- changes/bug13718-add-internal-bootstrap-statuses | 9 -- changes/bug13718-avoid-excluding-guards | 8 -- changes/bug13808 | 9 -- changes/bug13811 | 6 -- changes/bug13814-avoid-exit-paths-no-exits | 8 -- changes/bug13814-reachability-without-exits | 9 -- changes/bug13823-decrease-consensus-interval | 9 -- changes/bug13839-fix-TestingMinExitFlagThreshold | 7 -- changes/bug13913 | 7 -- changes/bug13924-fix-testing-reachability | 7 -- changes/bug13963-decrease-if-modified-since-delay | 8 -- changes/bug14013 | 6 -- changes/bug14041 | 5 - changes/resolvemyaddr-tests | 3 - changes/ticket11016 | 6 -- 17 files changed, 99 insertions(+), 120 deletions(-)
diff --git a/ChangeLog b/ChangeLog index d7c9430..18bd536 100644 --- a/ChangeLog +++ b/ChangeLog @@ -18,6 +18,10 @@ Changes in version 0.2.6.2-alpha - 2014-12-?? implements ticket 9262.
o Major features (hidden services): + - Make HS port scanning more difficult by sending back REASON_DONE + if the exit policy didn't match. Furthermore, immediately close + the circuit to slow down port scanning attempts. Closes + ticket 13667. - Add a HiddenServiceStatistics option that allows Tor relays to gather and publish statistics the overall size and volume of hidden service usage. Specifically, when this option is turned on, @@ -30,6 +34,13 @@ Changes in version 0.2.6.2-alpha - 2014-12-?? proposal 238, "Better hidden service stats from Tor relays". This feature is currently disabled by default. Implements feature 13192.
+ o Major bugfixes (client, automap): + - Repair automapping with IPv6 addresses; this automapping should + have worked previously, but one piece of debugging code that we + inserted to detect a regression actually caused the regression to + manifest itself again. Fixes bug 13811; bugfix on 0.2.4.7-alpha. + Diagnosed and fixed by Francisco Blas Izquierdo Riera. + o Major bugfixes (hidden services): - When closing an introduction circuit that was opened in parallel with others, don't mark the introduction point as unreachable. @@ -37,6 +48,12 @@ Changes in version 0.2.6.2-alpha - 2014-12-?? point would make the other introduction points get marked as having timed out. Fixes bug 13698; bugfix on 0.0.6rc2.
+ o Major removed features: + - Tor clients no longer support connecting to hidden services + running on Tor 0.2.2.x and earlier; the Support022HiddenServices + option has been removed. (There shouldn't be any hidden services + running these versions on the network.) Closes ticket 7803. + o Minor features (client): - Validate hostnames in SOCKS5 requests more strictly. If SafeSocks is enabled, reject requests with IP addresses as hostnames. @@ -63,9 +80,29 @@ Changes in version 0.2.6.2-alpha - 2014-12-?? directories and hostname files to be created group-readable. Patch from "anon", David Stainton, and "meejah". Closes ticket 11291.
- o Minor features (transparent firewall): + o Minor features (systemd): + - Where supported, when running with systemd, report successful + startup to systemd. Part of ticket 11016. Patch by Michael Scherer. + - When running with systemd, support systemd watchdog messages. Part + of ticket 11016. Patch by Michael Scherer. + + o Minor features (transparent proxy): - Update the transparent proxy option checks to allow for both ipfw and pf on OS X. Closes ticket 14002. + - Use the correct option when using IPv6 with transparent proxy + support on Linux. Resolves 13808. Patch by Francisco Blas + Izquierdo Riera. + + o Minor bugfixes (preventative security, C safety): + - When reading a hexadecimal, base-32, or base-64 encoded value from + a string, always overwrite the complete output buffer. This + prevents some bugs where we would look at (but fortunately, not + reveal) uninitialized memory on the stack. Fixes bug 14013; bugfix + on all versions of Tor. + - Clear all memory targetted by tor_addr_{to,from}_sockaddr(), not + just the part that's used. This makes it harder for data leak bugs + to occur in the event of other programming failures. Resolves + ticket 14041.
o Minor bugfixes (client, micordescriptors): - Use a full 256 bits of the SHA256 digest of a microdescriptor when @@ -103,6 +140,11 @@ Changes in version 0.2.6.2-alpha - 2014-12-?? directories. Fixes bug 13214; bugfix on 0.2.1.6-alpha. Reported by "special".
+ o Minor bugfixes (Linux seccomp2 sandbox): + - Make transparent proxy support work along with the seccomp2 + sandbox. Fixes part of bug 13808; bugfix on 0.2.5.1-alpha. Patch + by Francisco Blas Izquierdo Riera. + o Minor bugfixes (logging): - Downgrade warnings about RSA signature failures to info log level. Emit a warning when extra info document is found incompatible with @@ -118,6 +160,56 @@ Changes in version 0.2.6.2-alpha - 2014-12-?? our address-range parsing code. Fixes bug 7484; bugfix on 0.0.2pre14.
+ o Minor bugfixes (testing networks): + - Allow Tor to build circuits using a consensus with no exits. If + the consensus has no exits (typical of a bootstrapping test + network), allow Tor to build circuits once enough descriptors have + been downloaded. This assists in bootstrapping a testing Tor + network. Fixes bug 13718; bugfix on 0.2.4.10-alpha. Patch + by "teor". + - When V3AuthVotingInterval is low, give a lower If-Modified-Since + header to directory servers. This allows us to obtain consensuses + promptly when the consensus interval is very short. This assists + in bootstrapping a testing Tor network. Fixes parts of bugs 13718 + and 13963; bugfix on 0.2.0.3-alpha. Patch by "teor". + - Stop assuming that private addresses are local when checking + reachability in a TestingTorNetwork. Instead, when testing, assume + all OR connections are remote. (This is necessary due to many test + scenarios running all nodes on localhost.) This assists in + bootstrapping a testing Tor network. Fixes bug 13924; bugfix on + 0.1.0.1-rc. Patch by "teor". + - Avoid building exit circuits from a consensus with no exits. Now + thanks to our fix for 13718, we accept a no-exit network as not + wholly lost, but we need to remember not to try to build exit + circuits on it. Closes ticket 13814; patch by "teor". + - Stop requiring exits to have non-zero bandwithcapacity in a + TestingTorNetwork. Instead, when TestingMinExitFlagThreshold is 0, + ignore exit bandwidthcapacity. This assists in bootstrapping a + testing Tor network. Fixes parts of bugs 13718 and 13839; bugfix + on 0.2.0.3-alpha. Patch by "teor". + - Add "internal" to some bootstrap statuses when no exits are + available. If the consensus does not contain Exits, Tor will only + build internal circuits. In this case, relevant statuses will + contain the word "internal" as indicated in the Tor control- + spec.txt. When bootstrap completes, Tor will be ready to handle an + application requesting an internal circuit to hidden services at + ".onion" addresses. If a future consensus contains Exits, exit + circuits may become available. Fixes part of bug 13718; bugfix on + 0.2.4.10-alpha. Patch by "teor". + - Decrease minimum consensus interval to 10 seconds when + TestingTorNetwork is set, or 5 seconds for the first consensus. + Fix assumptions throughout the code that assume larger interval + values. This assists in quickly bootstrapping a testing Tor + network. Fixes bugs 13718 and 13823; bugfix on 0.2.0.3-alpha. + Patch by "teor". + - Avoid excluding guards from path building in minimal test + networks, when we're in a test network, and excluding guards would + exclude all nodes. This typically occurs in incredibly small tor + networks, and those using TestingAuthVoteGuard * This fix only + applies to minimal, testing tor networks, so it's no less secure. + Fixes part of bug 13718; bugfix on 0.1.1.11-alpha. Patch + by "teor". + o Code simplification and refactoring: - Stop using can_complete_circuits as a global variable; access it with a function instead. @@ -153,12 +245,10 @@ Changes in version 0.2.6.2-alpha - 2014-12-?? good idea. Also, properly cross-reference how to specify nodes in all parts of the manual for options that take a list of nodes. Closes ticket 13381. - - o Major removed features: - - Tor clients no longer support connecting to hidden services - running on Tor 0.2.2.x and earlier; the Support022HiddenServices - option has been removed. (There shouldn't be any hidden services - running these versions on the network.) Closes ticket 7803. + - Clarify HiddenServiceDir option description in manpage to make it + clear that relative paths are taken with respect to the current + working directory of Tor instance. Also clarify that this behavior + is not guaranteed to remain indefinitely. Fixes issue 13913.
o Testing: - New tests for many parts of channel, relay, and circuit mux @@ -168,6 +258,8 @@ Changes in version 0.2.6.2-alpha - 2014-12-?? test temporary directory to the current user, so that the sticky bit doesn't interfere with tests that check directory groups. Closes 13678. + - Add unit tests for resolve_my_addr(). Part of ticket 12376; patch + by 'rl1987'.
Changes in version 0.2.6.1-alpha - 2014-10-30 diff --git a/changes/bug13667 b/changes/bug13667 deleted file mode 100644 index 852e61f..0000000 --- a/changes/bug13667 +++ /dev/null @@ -1,6 +0,0 @@ - o Major features (security, hidden services): - - Make HS port scanning more difficult by sending back REASON_DONE if the - exit policy didn't match. Furthermore, immediately close the circuit to - avoid other connection attempts on it from the possible attacker trying - multiple ports on that same circuits. Closes ticket 13667. - diff --git a/changes/bug13718-add-internal-bootstrap-statuses b/changes/bug13718-add-internal-bootstrap-statuses deleted file mode 100644 index add2e8e..0000000 --- a/changes/bug13718-add-internal-bootstrap-statuses +++ /dev/null @@ -1,9 +0,0 @@ - o Minor bugfixes (Testing networks): - - Add "internal" to some bootstrap statuses when no exits are available. - If the consensus does not contain Exits, Tor will only build internal - circuits. In this case, relevant statuses will contain the word - "internal" as indicated in the Tor control-spec.txt. When bootstrap - completes, Tor will be ready to handle an application requesting an - internal circuit to hidden services at ".onion" addresses. - If a future consensus contains Exits, exit circuits may become available. - Fixes part of bug 13718; bugfix on 0.2.4.10-alpha. Patch by "teor". diff --git a/changes/bug13718-avoid-excluding-guards b/changes/bug13718-avoid-excluding-guards deleted file mode 100644 index 8bb4fa3..0000000 --- a/changes/bug13718-avoid-excluding-guards +++ /dev/null @@ -1,8 +0,0 @@ - o Minor bugfixes (Test networks): - - Avoid excluding guards from path building in minimal test networks, - when we're in a test network, and excluding guards would exclude - all nodes. This typically occurs in incredibly small tor networks, - and those using TestingAuthVoteGuard * - This fix only applies to minimal, testing tor networks, - so it's no less secure. - Fixes part of bug 13718; bugfix on 0.1.1.11-alpha. Patch by "teor". diff --git a/changes/bug13808 b/changes/bug13808 deleted file mode 100644 index b24a01c..0000000 --- a/changes/bug13808 +++ /dev/null @@ -1,9 +0,0 @@ - o Minor features (transparent proxy): - - Use the correct option when using IPv6 with transparent proxy - support on Linux. Resolves 13808. Patch by Francisco Blas - Izquierdo Riera. - - o Minor bugfixes (sandbox): - - Make transparent proxy support work along with the seccomp2 - sandbox. Fixes part of bug 13808; bugfix on 0.2.5.1-alpha. - Patch by Francisco Blas Izquierdo Riera. diff --git a/changes/bug13811 b/changes/bug13811 deleted file mode 100644 index 1b9bd9c..0000000 --- a/changes/bug13811 +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfixes (client, automap): - - Repair automapping with IPv6 addresses; this automapping should - have worked previously, but one piece of debugging code that we - inserted to detect a regression actually caused the regression - to manifest itself again. Fixes bug 13811; bugfix on - 0.2.4.7-alpha. Diagnosed and fixed by Francisco Blas Izquierdo Riera. \ No newline at end of file diff --git a/changes/bug13814-avoid-exit-paths-no-exits b/changes/bug13814-avoid-exit-paths-no-exits deleted file mode 100644 index 8276121..0000000 --- a/changes/bug13814-avoid-exit-paths-no-exits +++ /dev/null @@ -1,8 +0,0 @@ - o Minor features (Testing networks): - - Avoid building exit circuits from a consensus with no exits. - Now thanks to our fix for 13718, - we accept a no-exit network as not wholly lost, but - we need to remember not to try to build exit circuits on it. - Closes ticket 13814; - patch by "teor". - diff --git a/changes/bug13814-reachability-without-exits b/changes/bug13814-reachability-without-exits deleted file mode 100644 index 07f2d8a..0000000 --- a/changes/bug13814-reachability-without-exits +++ /dev/null @@ -1,9 +0,0 @@ - o Minor bugfixes (Testing networks): - - Allow Tor to build circuits using a consensus with - no exits. If the consensus has no exits (typical of - a bootstrapping test network), allow Tor to build - circuits once enough descriptors have been - downloaded. - This assists in bootstrapping a testing Tor - network. - Fixes bug 13718; bugfix on 0.2.4.10-alpha. Patch by "teor". diff --git a/changes/bug13823-decrease-consensus-interval b/changes/bug13823-decrease-consensus-interval deleted file mode 100644 index cc0e6c7..0000000 --- a/changes/bug13823-decrease-consensus-interval +++ /dev/null @@ -1,9 +0,0 @@ - o Minor bugfixes (Testing networks): - - Decrease minimum consensus interval to 10 seconds - when TestingTorNetwork is set, or 5 seconds for - the first consensus. - Fix assumptions throughout the code that assume larger interval values. - This assists in quickly bootstrapping a testing - Tor network. - Fixes bugs 13718 and 13823; bugfix on 0.2.0.3-alpha. - Patch by "teor". diff --git a/changes/bug13839-fix-TestingMinExitFlagThreshold b/changes/bug13839-fix-TestingMinExitFlagThreshold deleted file mode 100644 index 86315de..0000000 --- a/changes/bug13839-fix-TestingMinExitFlagThreshold +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes (Testing networks) - - Stop requiring exits to have non-zero bandwithcapacity in a - TestingTorNetwork. Instead, when TestingMinExitFlagThreshold is 0, - ignore exit bandwidthcapacity. - This assists in bootstrapping a testing Tor network. - Fixes parts of bugs 13718 and 13839; - bugfix on 0.2.0.3-alpha. Patch by "teor". diff --git a/changes/bug13913 b/changes/bug13913 deleted file mode 100644 index 9a23180..0000000 --- a/changes/bug13913 +++ /dev/null @@ -1,7 +0,0 @@ - o Documentation: - - Clarify HiddenServiceDir option description in manpage to make it - clear that relative paths are taken with respect to the current - working - directory of Tor instance. Also clarify that this behavior is - not guaranteed to remain indefinitely. Fixes - issue 13913. diff --git a/changes/bug13924-fix-testing-reachability b/changes/bug13924-fix-testing-reachability deleted file mode 100644 index e10dda8..0000000 --- a/changes/bug13924-fix-testing-reachability +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes (Testing networks) - - Stop assuming that private addresses are local when checking - reachability in a TestingTorNetwork. Instead, when testing, assume - all OR connections are remote. (This is necessary due to many test - scenarios running all nodes on localhost.) - This assists in bootstrapping a testing Tor network. - Fixes bug 13924; bugfix on 0.1.0.1-rc. Patch by "teor". diff --git a/changes/bug13963-decrease-if-modified-since-delay b/changes/bug13963-decrease-if-modified-since-delay deleted file mode 100644 index 26bda82..0000000 --- a/changes/bug13963-decrease-if-modified-since-delay +++ /dev/null @@ -1,8 +0,0 @@ - o Minor bugfixes: - - When V3AuthVotingInterval is low, decrease the delay on the - If-Modified-Since header passed to directory servers. - This allows us to obtain consensuses promptly when the consensus - interval is very short. - This assists in bootstrapping a testing Tor network. - Fixes parts of bugs 13718 and 13963; bugfix on 0.2.0.3-alpha. - Patch by "teor". \ No newline at end of file diff --git a/changes/bug14013 b/changes/bug14013 deleted file mode 100644 index 640cf85..0000000 --- a/changes/bug14013 +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfixes: - - When reading a hexadecimal, base-32, or base-64 encoded value - from a string, always overwrite the complete output buffer. This - prevents some bugs where we would look at (but fortunately, not - reveal) uninitialized memory on the stack. Fixes bug 14013; - bugfix on all versions of Tor. diff --git a/changes/bug14041 b/changes/bug14041 deleted file mode 100644 index d3d6538..0000000 --- a/changes/bug14041 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features (security): - - Clear all memory targetted by tor_addr_{to,from}_sockaddr(), - not just the part that's used. This makes it harder for data leak - bugs to occur in the event of other programming failures. - Resolves ticket 14041. diff --git a/changes/resolvemyaddr-tests b/changes/resolvemyaddr-tests deleted file mode 100644 index c019bb8..0000000 --- a/changes/resolvemyaddr-tests +++ /dev/null @@ -1,3 +0,0 @@ - o Testing: - - Add unit tests for resolve_my_addr(). Part of ticket 12376; - patch by 'rl1987'. diff --git a/changes/ticket11016 b/changes/ticket11016 deleted file mode 100644 index 98d5d49..0000000 --- a/changes/ticket11016 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor features (systemd): - - Where supported, when running with systemd, report successful - startup to systemd. Part of ticket 11016. Patch by Michael - Scherer. - - When running with systemd, support systemd watchdog messages. - Part of ticket 11016. Patch by Michael Scherer.