commit 110a953156af4a0882b934cdc6a2c964a35fdba5 Author: Roger Dingledine arma@torproject.org Date: Sun Jan 22 00:15:45 2012 -0500
fold in recent changelog entries --- ChangeLog | 155 +++++++++++++++++++++++++++++++---------- changes/absolute_cookie_file | 3 - changes/aes_ctr_test | 5 -- changes/badexitcc | 3 - changes/bug1983_win64 | 3 - changes/bug2434 | 6 -- changes/bug3325 | 3 - changes/bug4012 | 8 -- changes/bug4012_022 | 3 - changes/bug4413 | 5 -- changes/bug4533_part2 | 5 -- changes/bug4650 | 7 -- changes/bug4746 | 2 - changes/bug4837 | 4 - changes/bug4856 | 3 - changes/clean_asprintf | 5 -- changes/dirauth_log | 3 - changes/fast_bw_param | 8 -- changes/feature3457 | 12 --- changes/readable_ssl_versions | 6 -- changes/renaming_identifiers | 9 --- changes/tor_socket_tests | 11 --- 22 files changed, 118 insertions(+), 151 deletions(-)
diff --git a/ChangeLog b/ChangeLog index d01eecc..9cc692d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,4 @@ -Changes in version 0.2.3.11-alpha - 2012-01-0? +Changes in version 0.2.3.11-alpha - 2012-01-?? o Major features: - Now that Tor 0.2.0.x is completely deprecated, enable the final part of "Proposal 110: Avoiding infinite length circuits" by @@ -32,26 +32,24 @@ Changes in version 0.2.3.11-alpha - 2012-01-0? to make sure that the bug can't happen.
o Major bugfixes: + - Fix the SOCKET_OK test that we use to tell when socket + creation fails so that it works on Win64. Fixes part of bug 4533; + bugfix on 0.2.2.29-beta. Bug found by wanoskarnet. - Correct our replacements for the timeradd() and timersub() functions on platforms that lack them (for example, Windows). The timersub() function is used when expiring circuits, while timeradd() is - currently unused. Bug report and patch by Vektor. Bugfix on - 0.2.2.24-alpha and 0.2.3.1-alpha; fixes bug 4778. + currently unused. Bug report and patch by Vektor. Fixes bug 4778; + bugfix on 0.2.2.24-alpha and 0.2.3.1-alpha. - Do not use OpenSSL 1.0.0's counter mode: it has a critical bug - that was fixed in OpenSSL 1.0.0a. Fixes bug 4779; bugfix on - Tor 0.2.3.9-alpha. Found by Pascal. + that was fixed in OpenSSL 1.0.0a. We test for the counter mode + bug at runtime, not compile time, because some distributions hack + their OpenSSL to mis-report its version. Fixes bug 4779; bugfix + on 0.2.3.9-alpha. Found by Pascal.
- o Minor features: - - Directory servers now reject versions of Tor older than 0.2.1.30, - and Tor versions between 0.2.2.1-alpha and 0.2.2.20-alpha - (inclusive). These versions accounted for only a small fraction of - the Tor network, and have numerous known security issues. Resolves - issue 4788. + o Minor features (controller): - Use absolute path names when reporting the torrc filename in the control protocol, so a controller can more easily find the torrc file. Resolves bug 1101. - - If EntryNodes are given, but UseEntryGuards is set to 0, warn that - EntryNodes will have no effect. Resolves issue 2571. - Extend the control protocol to report flags that control a circuit's path selection in CIRC events and in replies to 'GETINFO circuit-status'. Implements part of ticket 2411. @@ -59,6 +57,44 @@ Changes in version 0.2.3.11-alpha - 2012-01-0? and current state of a hidden-service-related circuit in CIRC events and in replies to 'GETINFO circuit-status'. Implements part of ticket 2411. + - When reporting the path to the cookie file to the controller, + give an absolute path. Resolves ticket 4881. + - Allow controllers to request an event notification whenever a + circuit is cannibalized or its purpose is changed. Implements + part of ticket 3457. + - Include the creation time of a circuit in CIRC and CIRC2 + control-port events and the list produced by the 'GETINFO + circuit-status' control-port command. + + o Minor features (directory authorities): + - Directory authorities now reject versions of Tor older than + 0.2.1.30, and Tor versions between 0.2.2.1-alpha and 0.2.2.20-alpha + inclusive. These versions accounted for only a small fraction of + the Tor network, and have numerous known security issues. Resolves + issue 4788. + - Authority operators can now vote for all routers in a given + country to be BadDir/BadExit/Invali/Rejected. + - Provide two consensus parameters (FastFlagMinThreshold and + FastFlagMaxThreshold) to control the range of allowable bandwidths + for the Fast directory flag. These allow authorities to run + experiments on appropriate requirements for being a "Fast" node. + The AuthDirFastGuarantee config value still applies. + - Document the GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays + directory authority option (introduced in Tor 0.2.2.34). + + o Minor features (other): + - Don't disable the DirPort when we cannot exceed our AccountingMax + limit during this interval because the effective bandwidthrate is + low enough. This is useful in a situation where AccountMax is only + used as an additional safeguard or to provide statistics. + - Prepend an informative header to generated dynamic_dh_params files. + - If EntryNodes are given, but UseEntryGuards is set to 0, warn that + EntryNodes will have no effect. Resolves issue 2571. + - Log more useful messages when we fail to disable debugger + attachment. + - Log which authority we're missing votes from when we go to fetch + them from the other auths. + - Log (at debug level) whenever a circuit's purpose is changed. - Update to the January 3 2012 Maxmind GeoLite Country database.
o Minor bugfixes (hidden services): @@ -71,12 +107,12 @@ Changes in version 0.2.3.11-alpha - 2012-01-0? after the normal CBT. Now, we mark them as 'timed out', and launch another rendezvous attempt in parallel. This behavior change can be disabled using the new CloseHSClientCircuitsImmediatelyOnTimeout - option. Bugfix on 0.2.2.2-alpha; fixes part of bug 1297. + option. Fixes part of bug 1297; bugfix on 0.2.2.2-alpha. - Don't close hidden-service-side rendezvous circuits when they reach the normal circuit-build timeout. This behaviour change can be disabled using the new - CloseHSServiceRendCircuitsImmediatelyOnTimeout option. Bugfix on - 0.2.2.2-alpha; fixes the remaining part of bug 1297. + CloseHSServiceRendCircuitsImmediatelyOnTimeout option. Fixes the + remaining part of bug 1297; bugfix on 0.2.2.2-alpha. - Make sure we never mark the wrong rendezvous circuit as having had its introduction cell acknowleged by the introduction-point relay. Previously, when we received an INTRODUCE_ACK cell on a @@ -84,15 +120,46 @@ Changes in version 0.2.3.11-alpha - 2012-01-0? marked a rendezvous circuit other than the one we specified in the INTRODUCE1 cell as INTRO_ACKED, which would have produced a warning message and interfered with the hidden service - connection-establishment process. Bugfix on 0.2.3.3-alpha, when we - added the stream-isolation feature which might cause Tor to open - multiple rendezvous circuits for the same hidden service. Fixes - bug 4759. + connection-establishment process. Fixes bug 4759; bugfix on + 0.2.3.3-alpha, when we added the stream-isolation feature which + might cause Tor to open multiple rendezvous circuits for the same + hidden service. - Don't trigger an assertion failure when we mark a new client-side hidden-service introduction circuit for close during the process - of creating it. Bugfix on 0.2.3.6-alpha. Fixes bug 4796; reported + of creating it. Fixes bug 4796; bugfix on 0.2.3.6-alpha. Reported by murb.
+ o Minor bugfixes (log messages): + - Correctly spell "connect" in a log message on failure to create a + controlsocket. Fixes bug 4803; bugfix on 0.2.2.26-beta and + 0.2.3.2-alpha. + - Fix a typo in a log message in rend_service_rendezvous_has_opened(). + Fixes bug 4856; bugfix on Tor 0.0.6. + - Fix the log message describing how we work around discovering + that our version is the ill-fated OpenSSL 0.9.8l. Fixes bug + 4837; bugfix on 0.2.2.9-alpha. + - When logging about a disallowed .exit name, do not also call it + an "invalid onion address". Fixes bug 3325; bugfix on 0.2.2.9-alpha. + + o Minor bugfixes (build fixes): + - During configure, search for library containing cos function as + libm lives in libcore on some platforms (BeOS/Haiku). Linking + against libm was hard-coded before. Fixes the first part of bug + 4727; bugfix on 0.2.2.2-alpha. Patch and analysis by Martin Hebnes + Pedersen. + - Preprocessor directives should not be put inside the arguments + of a macro. This would break compilation with GCC releases prior + to version 3.3. We would never recommend such an old GCC version, + but it is apparently required for binary compatibility on some + platforms (namely, certain builds of Haiku). Fixes the other part + of bug 4727; bugfix on 0.2.3.3-alpha. Patch and analysis by Martin + Hebnes Pedersen. + - Use an appropriate-width type for sockets in tor-fw-helper on + win64. Fixes bug 1983 at last. Bugfix on 0.2.3.9-alpha. + - Detect attempts to build Tor on (as yet hypothetical) versions + of Windows where sizeof(intptr_t) != sizeof(SOCKET). Partial + fix for bug 4533. Bugfix on 0.2.2.28-beta. + o Minor bugfixes (other): - Fix null-pointer access that could occur if TLS allocation failed. Fixes bug 4531; bugfix on 0.2.0.20-rc. Found by "troll_un". This was @@ -113,23 +180,21 @@ Changes in version 0.2.3.11-alpha - 2012-01-0? platform specific, and particularly the hurd has ENOENT at 0x40000002. Construct expected string at runtime, using the correct value for ENOENT. Fixes bug 4733; bugfix on 0.2.3.1-alpha. - - Correctly spell "connect" in a log message on failure to create a - controlsocket. Fixes bug 4803; bugfix on 0.2.2.26-beta and - 0.2.3.2-alpha. - - During configure, search for library containing cos function as - libm lives in libcore on some platforms (BeOS/Haiku). - Linking against libm was hard-coded before. Bugfix on - 0.2.2.2-alpha; fixes the first part of bug 4727. Patch and - analysis by Martin Hebnes Pedersen. - - Preprocessor directives should not be put inside the arguments - of a macro. This would break compilation with GCC releases prior - to version 3.3. We would never recommend such an old GCC - version, but it is apparently required for binary compatibility - on some platforms (namely, certain builds of Haiku). Bugfix on - 0.2.3.3-alpha; fixes the other part of bug 4727. Patch and - analysis by Martin Hebnes Pedersen. - - - Feature removal: + - Fix our implementation of crypto_random_hostname() so it can't + overflow on ridiculously large inputs. (No Tor version has ever + provided this kind of bad inputs, but let's be correct in depth.) + Fixes bug 4413; bugfix on 0.2.2.9-alpha. Fix by Stephen Palmateer. + - Reject attempts to disable DisableDebuggerAttachment while Tor is + running. Fixes bug 4650; bugfix on 0.2.3.9-alpha. + - Find more places in the code that should have been testing for + invalid sockets using the SOCKET_OK macro. Required for a fix + for bug 4533. Bugfix on 0.2.2.28-beta. + - Add missing documentation for the MaxClientCircuitsPending, + UseMicrodescriptors, UserspaceIOCPBuffers, and + _UseFilteringSSLBufferevents options, all introduced during + the 0.2.3.x series. + + o Feature removal: - When sending or relaying a RELAY_EARLY cell, we used to convert it to a RELAY cell if the connection was using the v1 link protocol. This was a workaround for older versions of Tor, which @@ -145,6 +210,22 @@ Changes in version 0.2.3.11-alpha - 2012-01-0? - Use OpenSSL's built-in SSL_state_string_long() instead of our own homebrewed ssl_state_to_string() replacement. Patch from Emile Snyder. Fixes bug 4653. + - Use macros to indicate OpenSSL versions, so we don't need to worry + about accidental hexadecimal bit shifts. + - Remove some workaround code for OpenSSL 0.9.6 (which is no longer + supported). + - Convert more instances of tor_snprintf+tor_strdup into tor_asprintf. + - Use the smartlist_add_asprintf() alias more consistently. + - Use a TOR_INVALID_SOCKET macro when initializing a socket to an + invalid value, rather than just -1. + - Rename a handful of old identifiers, mostly related to crypto + structures and crypto functions. By convention, our "create an + object" functions are called "type_new()", our "free an object" + functions are called "type_free()", and our types indicate that + they are types only with a final "_t". But a handful of older + types and functions broke these rules, with function names like + "type_create" or "subsystem_op_type", or with type names like + type_env_t.
Changes in version 0.2.3.10-alpha - 2011-12-16 diff --git a/changes/absolute_cookie_file b/changes/absolute_cookie_file deleted file mode 100644 index db9f7be..0000000 --- a/changes/absolute_cookie_file +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (controller): - - When reporting the path to the cookie file to the controller, - give an absolute path. Resolves ticket 4881. diff --git a/changes/aes_ctr_test b/changes/aes_ctr_test deleted file mode 100644 index 8b5af45..0000000 --- a/changes/aes_ctr_test +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes - - Test for the OpenSSL 1.0.0 counter mode bug at runtime, not compile - time. This is necessary because OpenSSL has been hacked to mis-report - its version on a few distributions. - Bugfix on Tor 0.2.3.11-alpha. diff --git a/changes/badexitcc b/changes/badexitcc deleted file mode 100644 index 6b10ab1..0000000 --- a/changes/badexitcc +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (directory authority): - - Authority operators can now vote for all routers in a given - country to be BadDir/BadExit/Invali/Rejected. diff --git a/changes/bug1983_win64 b/changes/bug1983_win64 deleted file mode 100644 index 6d2eae3..0000000 --- a/changes/bug1983_win64 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes - - Use an appropriate-width type for sockets in tor-fw-helper on - win664. Fixes bug 1983 at last. Bugfix on 0.2.3.9-alpha. diff --git a/changes/bug2434 b/changes/bug2434 deleted file mode 100644 index 5fd3d11..0000000 --- a/changes/bug2434 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor features: - - Don't disable the DirPort when we cannot exceed our AccountingMax - limit during this interval because the effective bandwidthrate is - low enough. This is useful in a situation where AccountMax is only - used as an additional safeguard or to provide statistics. - diff --git a/changes/bug3325 b/changes/bug3325 deleted file mode 100644 index d32b548..0000000 --- a/changes/bug3325 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes: - - When logging about a disallowed .exit name, do not also call it - an "invalid onion address". Fixes bug 3325; bugfix on 0.2.2.9-alpha. diff --git a/changes/bug4012 b/changes/bug4012 deleted file mode 100644 index 082f39d..0000000 --- a/changes/bug4012 +++ /dev/null @@ -1,8 +0,0 @@ - o Minor bugfixes (documentation): - - Add missing documentation for the MaxClientCircuitsPending, - UseMicrodescriptors, UserspaceIOCPBuffers, and - _UseFilteringSSLBufferevents options, all introduced during - the 0.2.3.x series. - - - diff --git a/changes/bug4012_022 b/changes/bug4012_022 deleted file mode 100644 index f101db5..0000000 --- a/changes/bug4012_022 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (documentation): - - Document the GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays - directory authority option (introduced in Tor 0.2.2.34). diff --git a/changes/bug4413 b/changes/bug4413 deleted file mode 100644 index 673e28f..0000000 --- a/changes/bug4413 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - Fix our implementation of crypto_random_hostname() so it can't - overflow on ridiculously large inputs. (No Tor version has ever - provided this kind of bad inputs, but let's be correct in depth.) - Fixes bug 4413; bugfix on 0.2.2.9-alpha. Fix by Stephen Palmateer. diff --git a/changes/bug4533_part2 b/changes/bug4533_part2 deleted file mode 100644 index 7e0f7c3..0000000 --- a/changes/bug4533_part2 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes: - - Fix the SOCKET_OK test that we use to tell when socket - creation fails so that it works on Win64. Fixes part of bug - 4533; bugfix on 0.2.2.29-beta. Bug found by wanoskarnet. - diff --git a/changes/bug4650 b/changes/bug4650 deleted file mode 100644 index 44161f8..0000000 --- a/changes/bug4650 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor features: - - Log more useful messages when we fail to disable debugger attachment. - - o Minor bugfixes: - - Reject attempts to disable DisableDebuggerAttachment while Tor is - running. Fixes bug 4650; bugfix on 0.2.3.9-alpha. - diff --git a/changes/bug4746 b/changes/bug4746 deleted file mode 100644 index 60fbef4..0000000 --- a/changes/bug4746 +++ /dev/null @@ -1,2 +0,0 @@ - o Minor features: - - Prepend an informative header to generated dynamic_dh_params files. diff --git a/changes/bug4837 b/changes/bug4837 deleted file mode 100644 index 16a61d1..0000000 --- a/changes/bug4837 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes: - - Fix the log message describing how we work around discovering - that our version is the ill-fated OpenSSL 0.9.8l. Fixes bug - 4837; bugfix on 0.2.2.9-alpha. diff --git a/changes/bug4856 b/changes/bug4856 deleted file mode 100644 index fa284a0..0000000 --- a/changes/bug4856 +++ /dev/null @@ -1,3 +0,0 @@ - o Trivial bugfixes - - Fix a typo in a log message in rend_service_rendezvous_has_opened(). - Fixes bug 4856; bugfix on Tor 0.0.6. diff --git a/changes/clean_asprintf b/changes/clean_asprintf deleted file mode 100644 index ebaabd7..0000000 --- a/changes/clean_asprintf +++ /dev/null @@ -1,5 +0,0 @@ - o Code simplifications and refactoring - - Use the smartlist_add_asprintf alias more consistently - throughout the codebase. - - Convert more instances of tor_snprintf+tor_strdup into - tor_asprintf. diff --git a/changes/dirauth_log b/changes/dirauth_log deleted file mode 100644 index df82314..0000000 --- a/changes/dirauth_log +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Log which authority we're missing votes from when we go to fetch them - from the other auths. diff --git a/changes/fast_bw_param b/changes/fast_bw_param deleted file mode 100644 index abe630d..0000000 --- a/changes/fast_bw_param +++ /dev/null @@ -1,8 +0,0 @@ - o Minor features (directory authority): - - Provide two consensus parameters (FastFlagMinThreshold and - FastFlagMaxThreshold) to control the range of allowable bandwidths for - the Fast directory flag. This allows authorities to run better - experiments on appropriate requirements for being a "Fast" node. - The AuthDirFastGuarantee flag still applies. - - diff --git a/changes/feature3457 b/changes/feature3457 deleted file mode 100644 index e2676cb..0000000 --- a/changes/feature3457 +++ /dev/null @@ -1,12 +0,0 @@ - o Minor features: - - - Log (at debug level) whenever a circuit's purpose is changed. - - - Allow controllers to request an event notification whenever a - circuit is cannibalized or its purpose is changed. Implements - part of ticket 3457. - - - Include the creation time of a circuit in CIRC and CIRC2 - control-port events and the list produced by the 'GETINFO - circuit-status' control-port command. - diff --git a/changes/readable_ssl_versions b/changes/readable_ssl_versions deleted file mode 100644 index f34998c..0000000 --- a/changes/readable_ssl_versions +++ /dev/null @@ -1,6 +0,0 @@ - o Code simplification and refactoring: - - Use macros to indicate OpenSSL versions, so we don't need to worry - about accidental hexadecimal bit shifts. - - Remove some workaround code for OpenSSL 0.9.6, which is no longer - supported. - diff --git a/changes/renaming_identifiers b/changes/renaming_identifiers deleted file mode 100644 index 5a49f8f..0000000 --- a/changes/renaming_identifiers +++ /dev/null @@ -1,9 +0,0 @@ - o Code simplifications and refactorings: - - Rename a handful of old identifiers, mostly related to crypto - structures and crypto functions. By convention, our "create an - object" functions are called "type_new()", our "free an object" - functions are called "type_free()", and our types indicate that - they are types only with a final "_t". But a handful of older - types and functions broke these rules, with function names like - "type_create" or "subsystem_op_type", or with type names like - type_env_t. diff --git a/changes/tor_socket_tests b/changes/tor_socket_tests deleted file mode 100644 index b7ee325..0000000 --- a/changes/tor_socket_tests +++ /dev/null @@ -1,11 +0,0 @@ - o Minor bugfixes: - - Find more places in the code that should have been testing for - invalid sockets using the SOCKET_OK macro. Required for a fix - for bug 4533. Bugfix on 0.2.2.28-beta. - - Detect attempts to build Tor on (as yet hypothetical) versions - of Windows where sizeof(intptr_t) != sizeof(SOCKET). Partial - fix for bug 4533. Bugfix on 0.2.2.28-beta. - - o Code simplification and refactoring: - - Use a TOR_INVALID_SOCKET macro when initializing a socket to an - invalid value, rather than just -1.
tor-commits@lists.torproject.org