commit 9525de51a64c59f277e29876e82043748c9861fe Author: Nick Mathewson <nickm@torproject.org> Date: Mon May 16 18:17:10 2011 -0400 Fold in and clean up remaining changes files --- ChangeLog | 60 +++++++++++++++++++++++++++- changes/bug1345 | 13 ------ changes/bug2732-simple | 7 --- changes/bug2792_checkdir | 8 ---- changes/bug2850 | 5 -- changes/bug2972 | 5 -- changes/bug3019 | 4 -- changes/bug3026 | 4 -- changes/bug3175 | 7 --- changes/check-fetched-rend-desc-service-id | 7 --- changes/check-public-key-exponents | 5 -- 11 files changed, 59 insertions(+), 66 deletions(-) diff --git a/ChangeLog b/ChangeLog index 8ea0008..764c5cc 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,4 @@ -Changes in version 0.2.2.26-alpha - 2011-05-?? +Changes in version 0.2.2.26-beta - 2011-05-1? o Security fixes: - Replace all potentially sensitive memory comparison operations with versions whose runtime does not depend on the data being @@ -6,6 +6,12 @@ Changes in version 0.2.2.26-alpha - 2011-05-?? adversary can use variations in timing information to learn sensitive data. Fix for one case of bug 3122. (Safe memcmp implementation by Robert Ransom based partially on code by DJB.) + - When receiving a hidden service descriptor, check that it is for + the hidden service we wanted. Previously, Tor would store any + hidden service descriptors that a directory gave it, whether it + wanted them or not. This wouldn't have let an attacker impersonate + a hidden service, but it did let directories pre-seed a client + with a descriptors that it didn't want. Bugfix on 0.0.6. o Major features: - The options SocksPort, ControlPort, and so on now all accept a @@ -23,6 +29,15 @@ Changes in version 0.2.2.26-alpha - 2011-05-?? given connection type. This is useful when the user has configured "SocksPort auto" and the controller needs to know which port got chosen. Resolves another part of ticket 3076. + - Add a new ControlSocketsGroupWritable configuration option: when + it is turned on, ControlSockets are group-writeable by the default + group of the current user. Patch by Jérémy Bobbio; implements + ticket 2972. + - Tor now refuses to create a ControlSocket in a directory that is + world-readable (or group-readable if ControlSocketsGroupWritable + is 0). This is necessary because some operating systems do not + enforce permissions on an AF_UNIX sockets. Permissions on the + directory holding the socket, however, seems to work everywhere. - Rate-limit a warning about failures to download v2 networkstatus documents. Resolves part of bug 1352. - Backport code from 0.2.3.x to allow directory authorities to clean @@ -31,6 +46,10 @@ Changes in version 0.2.2.26-alpha - 2011-05-?? what it means rather than calling it an unexpected status code. Closes bug 2503. Patch from Michael Yakubovich. - Update to the May 1 2011 Maxmind GeoLite Country database. + - Set SO_REUSEADDR on all sockets, not just listeners. This should + help busy exit nodes avoid running out of useable ports just + because all the ports have been used in the near past. Resolves + issue 2850. o Minor bugfixes: - When loading the microdesc journal, remember its current size. @@ -65,6 +84,45 @@ Changes in version 0.2.2.26-alpha - 2011-05-?? - Add missing explanations for the authority-related torrc options RephistTrackTime, BridgePassword, and V3AuthUseLegacyKey in the man page. Resolves issue 2379. + - On SIGHUP, do not clear out all TrackHostExits mappings, client + DNS cache entries, and virtual address mappings: that's what + NEWNYM is for. Fixes bug 1345; bugfix on 0.1.0.1-rc. + - When a controller changes TrackHostExits, remove mappings for + hosts that should no longer have their exits tracked. Bugfix on + 0.1.0.1-rc. + - When a controller changes VirtualAddrNetwork, remove any mappings + for hosts that were automapped to the old network. Bugfix on + 0.1.1.19-rc. + - When a controller changes one of the AutomapHosts* options, remove + any mappings for hosts that should no longer be automapped. Bugfix + on 0.2.0.1-alpha. + - Accept hidden service descriptors if we think we are a hidden + service directory, regardless of what our consensus says. This + helps robustness, since clients and hidden services can sometimes + have a more up-to-date view of the network consensus than we do, + and if they think that the directory authorities list us a HSDir, + we might actually be one. Related to bug 2732; bugfix on + 0.2.0.10-alpha. + - Do not reset the bridge descriptor download status every time we + re-parse our configuration or get a configuration change. Fixes + bug 3019; bugfix on 0.2.0.3-alpha. + - Resolve an untriggerable issue in smartlist_string_num_isin(), + where if the function had ever in the future been used to check + for the presence of a too-large number, it would have given an + incorrect result. (Fortunately, we only used it for 16-bit + values.) Fixes bug 3175; bugfix on 0.1.0.1-rc. + - Require that introduction point keys and onion keys have public + exponent 65537. Bugfix on 0.2.0.10-alpha. + - As an authority, do not upload our own vote or signature set to + ourself. It would tell us nothing new, and as of 0.2.2.24-alpha, + it would get flagged as a duplicate. Resolves bug 3026. + - Accept hidden service descriptors if we think we are a hidden + service directory, regardless of what our consensus says. This + helps robustness, since clients and hidden services can sometimes + have a more up-to-date view of the network consensus than we do, + and if they think that the directory authorities list us a HSDir, + we might actually be one. Related to bug 2732; bugfix on + 0.2.0.10-alpha. o Removed features: - Caches no longer download and serve v2 networkstatus documents diff --git a/changes/bug1345 b/changes/bug1345 deleted file mode 100644 index 0c9375a..0000000 --- a/changes/bug1345 +++ /dev/null @@ -1,13 +0,0 @@ - o Minor bugfixes: - - On SIGHUP, do not clear out all TrackHostExits mappings, client DNS - cache entries, and virtual address mappings: that's what NEWNYM is - for. Bugfix on Tor 0.1.0.1-rc; fixes bug 1345. - - When TrackHostExits is changed from a controller, remove any - mappings for hosts that should no longer have their exits tracked. - Bugfix on Tor 0.1.0.1-rc. - - When VirtualAddrNetwork option is changed from a controller, - remove any mappings for hosts that were automapped to - that network. Bugfix on 0.1.1.19-rc. - - When one of the AutomapHosts* options is changed from a - controller, remove any mappings for hosts that should no longer be - automapped. Bugfix on 0.2.0.1-alpha. diff --git a/changes/bug2732-simple b/changes/bug2732-simple deleted file mode 100644 index 3678361..0000000 --- a/changes/bug2732-simple +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes - - Do not reject hidden service descriptors simply because we don't - think we have not been assigned the HSDir flag. Clients and - hidden services can have a more up-to-date view of the network - consensus, and if they think that the directory authorities - list us a HSDir, we might actually be one. Related to bug 2732; - bugfix on 0.2.0.10-alpha. diff --git a/changes/bug2792_checkdir b/changes/bug2792_checkdir deleted file mode 100644 index 10de1de..0000000 --- a/changes/bug2792_checkdir +++ /dev/null @@ -1,8 +0,0 @@ - o Minor features: - - Tor now refuses to create a ControlSocket in a directory that is - world-readable (or group-readable if ControlSocketsGroupWritable - is 0). This is necessary because some operating systems do not - check the permissions on an AF_UNIX socket when programs try to - connect to it. Checking permissions on the directory holding - the socket, however, seems to work everywhere. - diff --git a/changes/bug2850 b/changes/bug2850 deleted file mode 100644 index 77ccbfa..0000000 --- a/changes/bug2850 +++ /dev/null @@ -1,5 +0,0 @@ - - Minor features - o Set SO_REUSEADDR on all sockets, not just listeners. This should - help busy exit nodes avoid running out of useable ports just because - all the ports have been used in the near past. Resolves issue 2850. - diff --git a/changes/bug2972 b/changes/bug2972 deleted file mode 100644 index 26afcca..0000000 --- a/changes/bug2972 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features: - - Allow ControlSockets to be group-writable when the - ControlSocksGroupWritable configuration option is turned on. Patch - by Jérémy Bobbio; implements ticket 2972. - diff --git a/changes/bug3019 b/changes/bug3019 deleted file mode 100644 index 4df709f..0000000 --- a/changes/bug3019 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes: - - Do not reset the bridge descriptor download status every time we - re-parse our configuration or get a configuration change. Fixes - bug 3019; bugfix on Tor 0.2.0.3-alpha. diff --git a/changes/bug3026 b/changes/bug3026 deleted file mode 100644 index c0c0a38..0000000 --- a/changes/bug3026 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (directory authority) - - Do not upload our own vote or signature set to ourself. It would - tell us nothing new. Also, as of Tor 0.2.2.24-alpha, we started - to warn about receiving duplicate votes. Resolves bug 3026. diff --git a/changes/bug3175 b/changes/bug3175 deleted file mode 100644 index 3360fbc..0000000 --- a/changes/bug3175 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes: - - Resolve an untriggerable issue in smartlist_string_num_isin(), - where if the function had ever in the future been used to check - for the presence of a too-large number, it would have given an - incorrect result. (Fortunately, we only used it for 16-bit - values.) Fixes bug 3175; bugfix on Tor 0.1.0.1-rc. - diff --git a/changes/check-fetched-rend-desc-service-id b/changes/check-fetched-rend-desc-service-id deleted file mode 100644 index 2f37c30..0000000 --- a/changes/check-fetched-rend-desc-service-id +++ /dev/null @@ -1,7 +0,0 @@ - o Security fixes: - - When fetching a hidden service descriptor, check that it is for - the hidden service we were trying to connect to, in order to - stop a directory from pre-seeding a client with a descriptor for - a hidden service that they didn't want. Bugfix on 0.0.6. - - diff --git a/changes/check-public-key-exponents b/changes/check-public-key-exponents deleted file mode 100644 index a8d0067..0000000 --- a/changes/check-public-key-exponents +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - Require that introduction point keys and onion keys have public - exponent 65537. Bugfix on 0.2.0.10-alpha. - -