diff options
| -rw-r--r-- | ChangeLog | 263 | ||||
| -rw-r--r-- | ReleaseNotes | 10 | ||||
| -rw-r--r-- | changes/bug18626 | 5 | ||||
| -rw-r--r-- | changes/bug18651 | 3 | ||||
| -rw-r--r-- | configure.ac | 2 | ||||
| -rw-r--r-- | contrib/win32build/tor-mingw.nsi.in | 2 | ||||
| -rw-r--r-- | src/or/main.c | 1 | ||||
| -rw-r--r-- | src/test/test_util.c | 3 | ||||
| -rw-r--r-- | src/tools/tor-gencert.c | 11 | ||||
| -rw-r--r-- | src/win32/orconfig.h | 2 |
10 files changed, 158 insertions, 144 deletions
@@ -1,6 +1,11 @@ -Changes in version 0.2.8.2-alpha - 2016-03-?? - Tor 0.2.8.2-alpha is the second alpha in its series. XXXX write more - here XXXX +Changes in version 0.2.9.1-alpha - 2016-??-?? + + +Changes in version 0.2.8.2-alpha - 2016-03-28 + Tor 0.2.8.2-alpha is the second alpha in its series. It fixes numerous + bugs in earlier versions of Tor, including some that prevented + authorities using Tor 0.2.7.x from running correctly. IPv6 and + directory support should also be much improved. o New system requirements: - Tor no longer supports versions of OpenSSL with a broken @@ -11,19 +16,23 @@ Changes in version 0.2.8.2-alpha - 2016-03-?? type is unsigned. (To the best of our knowledge, only OpenVMS does this, and Tor has never actually built on OpenVMS.) Closes ticket 18184. + - Tor now uses Autoconf version 2.63 or later, and Automake 1.11 or + later (released in 2008 and 2009 respectively). If you are + building Tor from the git repository instead of from the source + distribution, and your tools are older than this, you will need to + upgrade. Closes ticket 17732. o Major bugfixes (security, pointers): - Avoid a difficult-to-trigger heap corruption attack when extending a smartlist to contain over 16GB of pointers. Fixes bug 18162; - bugfix on Tor 0.1.1.11-alpha, which fixed a related bug - incompletely. Reported by Guido Vranken. + bugfix on 0.1.1.11-alpha, which fixed a related bug incompletely. + Reported by Guido Vranken. o Major bugfixes (bridges, pluggable transports): - Modify the check for OR connections to private addresses. Allow bridges on private addresses, including pluggable transports that ignore the (potentially private) address in the bridge line. Fixes - bug 18517; bugfix on 0.2.8.1-alpha. Reported by "gk", patch - by "teor". + bug 18517; bugfix on 0.2.8.1-alpha. Reported by gk, patch by teor. o Major bugfixes (compilation): - Repair hardened builds under the clang compiler. Previously, our @@ -31,13 +40,22 @@ Changes in version 0.2.8.2-alpha - 2016-03-?? sanitizer. Fixes bug 14821; bugfix on 0.2.5.4-alpha. o Major bugfixes (crash on shutdown): - - Correctly handle detaching circuits from cmuxes when doing - circuit_free_all() on shutdown. Fixes bug 18116; bugfix - on 0.2.8.1-alpha. + - Correctly handle detaching circuits from muxes when shutting down. + Fixes bug 18116; bugfix on 0.2.8.1-alpha. + - Fix an assert-on-exit bug related to counting memory usage in + rephist.c. Fixes bug 18651; bugfix on 0.2.8.1-alpha. + + o Major bugfixes (crash on startup): + - Fix a segfault during startup: If a Unix domain socket was + configured as listener (such as a ControlSocket or a SocksPort + "unix:" socket), and tor was started as root but not configured to + switch to another user, tor would segfault while trying to string + compare a NULL value. Fixes bug 18261; bugfix on 0.2.8.1-alpha. + Patch by weasel. o Major bugfixes (dns proxy mode, crash): - Avoid crashing when running as a DNS proxy. Fixes bug 16248; - bugfix on 0.2.0.1-alpha. Patch from 'cypherpunks'. + bugfix on 0.2.0.1-alpha. Patch from "cypherpunks". o Major bugfixes (relays, bridge clients): - Ensure relays always allow IPv4 OR and Dir connections. Ensure @@ -46,10 +64,11 @@ Changes in version 0.2.8.2-alpha - 2016-03-?? patch by teor. o Major bugfixes (voting): - - Actually enable Ed25519-based directory collation. Previously, the - code had been written, but some debugging code that had - accidentally been left in the codebase made it stay turned off. - Fixes bug 17702; bugfix on 0.2.7.2-alpha. + - Actually enable support for authorities to match routers by their + Ed25519 identities. Previously, the code had been written, but + some debugging code that had accidentally been left in the + codebase made it stay turned off. Fixes bug 17702; bugfix + on 0.2.7.2-alpha. - When collating votes by Ed25519 identities, authorities now include a "NoEdConsensus" flag if the ed25519 value (or lack thereof) for a server does not reflect the majority consensus. @@ -61,14 +80,10 @@ Changes in version 0.2.8.2-alpha - 2016-03-?? keeping its Ed25519 identity. Fixes bug 17668; fixes part of bug 18318. Bugfix on 0.2.7.2-alpha. - o Minor feature (IPv6): - - Add ClientPreferIPv6DirPort, which is set to 0 by default. If set - to 1, tor prefers IPv6 directory addresses. - - Add ClientUseIPv4, which is set to 1 by default. If set to 0, tor - avoids using IPv4 for client OR and directory connections. - - Try harder to fulfil IP version restrictions ClientUseIPv4 0 and - ClientUseIPv6 0; and the preferences ClientPreferIPv6ORPort and - ClientPreferIPv6DirPort. Closes ticket 17840; patch by "teor". + o Minor features (security, win32): + - Set SO_EXCLUSIVEADDRUSE on Win32 to avoid a local port-stealing + attack. Fixes bug 18123; bugfix on all tor versions. Patch + by teor. o Minor features (bug-resistance): - Make Tor survive errors involving connections without a @@ -77,85 +92,86 @@ Changes in version 0.2.8.2-alpha - 2016-03-?? o Minor features (build): - Detect systems with FreeBSD-derived kernels (such as GNU/kFreeBSD) - as having possible IPfW support. Closes ticket 18448. Patch from + as having possible IPFW support. Closes ticket 18448. Patch from Steven Chamberlain. o Minor features (code hardening): - Use tor_snprintf() and tor_vsnprintf() even in external and low- level code, to harden against accidental failures to NUL- - terminate. Part of ticket 17852. Patch from 'jsturgix'. Found + terminate. Part of ticket 17852. Patch from jsturgix. Found with Flawfinder. - o Minor features (compilation): - - Note our minimum required autoconf/automake versions in the - appropriate locations. Closes ticket 17732. - o Minor features (crypto): - - Fix a segfault during startup: If unix socket was configured as - listener (such as a ControlSocket or a SocksPort unix socket), and - tor was started as root but not configured to switch to another - user, tor would segfault while trying to string compare a NULL - value. Fixes bug 18261; bugfix on 0.2.8.1-alpha. Patch by weasel. - - Validate the Diffie-Hellman hard coded parameters and ensure that - p is a safe prime, and g is suitable. Closes ticket 18221. + - Validate the hard-coded Diffie-Hellman parameters and ensure that + p is a safe prime, and g is a suitable generator. Closes + ticket 18221. o Minor features (geoip): - Update geoip and geoip6 to the March 3 2016 Maxmind GeoLite2 Country database. + o Minor features (hidden service directory): + - Streamline relay-side hsdir handling: when relays consider whether + to accept an uploaded hidden service descriptor, they no longer + check whether they are one of the relays in the network that is + "supposed" to handle that descriptor. Implements ticket 18332. + + o Minor features (IPv6): + - Add ClientPreferIPv6DirPort, which is set to 0 by default. If set + to 1, tor prefers IPv6 directory addresses. + - Add ClientUseIPv4, which is set to 1 by default. If set to 0, tor + avoids using IPv4 for client OR and directory connections. + - Try harder to obey the IP version restrictions "ClientUseIPv4 0", + "ClientUseIPv6 0", "ClientPreferIPv6ORPort", and + "ClientPreferIPv6DirPort". Closes ticket 17840; patch by teor. + o Minor features (linux seccomp2 sandbox): - - Detect and reject attempts to change our Address with "Sandbox 1" - enabled. Changing Address with Sandbox turned on would never - actually work, but previously it would fail in strange and - confusing ways. Found while fixing 18548. + - Reject attempts to change our Address with "Sandbox 1" enabled. + Changing Address with Sandbox turned on would never actually work, + but previously it would fail in strange and confusing ways. Found + while fixing 18548. o Minor features (robustness): - Exit immediately with an error message if the code attempts to use - libevent without having initialized it. This should resolve some + Libevent without having initialized it. This should resolve some frequently-made mistakes in our unit tests. Closes ticket 18241. o Minor features (unix domain sockets): - - Since some operating systems do not consider the actual modes on a - UNIX domain socket itself, tor does not allow creating such a - socket in a directory that is group or world accessible if it is - supposed to be private. Likewise, it will not allow only group - accessible sockets in a world accessible directory. However, on - some operating systems this is unnecessary, so add a per-socket - option called RelaxDirModeCheck. Closes ticket 18458. Patch - by weasel. + - Add a new per-socket option, RelaxDirModeCheck, to allow creating + Unix domain sockets without checking the permissions on the parent + directory. (Tor checks permissions by default because some + operating systems only check permissions on the parent directory. + However, some operating systems do look at permissions on the + socket, and tor's default check is unneeded.) Closes ticket 18458. + Patch by weasel. o Minor bugfixes (exit policies, security): - Refresh an exit relay's exit policy when interface addresses change. Previously, tor only refreshed the exit policy when the configured external address changed. Fixes bug 18208; bugfix on - tor 0.2.7.3. Patch by "teor". + 0.2.7.3-rc. Patch by teor. o Minor bugfixes (security, hidden services): - Prevent hidden services connecting to client-supplied rendezvous addresses that are reserved as internal or multicast. Fixes bug - 8976; bugfix on b7c172c9e in tor-0.2.3.21. Patch by "dgoulet" - and "teor". - - o Minor bugfixes (security, win32): - - Set SO_EXCLUSIVEADDRUSE on Win32 to avoid a local port-stealing - attack. Fixes bug 18123; bugfix on all tor versions. Patch - by "teor". - - o Minor bugfixes: - - Bridges now refuse "rendezvous2" (hidden service descriptor) - publish attempts. Suggested by ticket 18332. + 8976; bugfix on 0.2.3.21-rc. Patch by dgoulet and teor. o Minor bugfixes (build): - Do not link the unit tests against both the testing and non- testing versions of the static libraries. Fixes bug 18490; bugfix on 0.2.7.1-alpha. + - Avoid spurious failures from configure files related to calling + exit(0) in TOR_SEARCH_LIBRARY. Fixes bug 18625; bugfix on + 0.2.0.1-alpha. Patch from "cypherpunks". + - Silence spurious clang-scan warnings in the ed25519_donna code by + explicitly initializing some objects. Fixes bug 18384; bugfix on + 0.2.7.2-alpha. Patch by teor. - o Minor bugfixes (client): + o Minor bugfixes (client, bootstrap): - Count receipt of new microdescriptors as progress towards - bootstrapping. Now, when a user who has set EntryNodes finishes - bootstrapping, Tor automatically repopulates the guard set based - on this new directory information. Fixes bug 16825; bugfix - on 0.2.3.1-alpha. + bootstrapping. Previously, with EntryNodes set, Tor might not + successfully repopulate the guard set on bootstrapping. Fixes bug + 16825; bugfix on 0.2.3.1-alpha. o Minor bugfixes (code correctness): - Update to the latest version of Trunnel, which tries harder to @@ -179,11 +195,6 @@ Changes in version 0.2.8.2-alpha - 2016-03-?? best to avoid this kind of error, even if there isn't any code that triggers it today. Fixes bug 18570; bugfix on 0.2.4.4-alpha. - o Minor bugfixes (crypto, static analysis): - - Silence spurious clang-scan warnings in the ed25519_donna code by - explicitly initialising some objects. Fixes bug 18384; bugfix on - 0f3eeca9 in 0.2.7.2-alpha. Patch by "teor". - o Minor bugfixes (directory): - When generating a URL for a directory server on an IPv6 address, wrap the IPv6 address in square brackets. Fixes bug 18051; bugfix @@ -193,60 +204,71 @@ Changes in version 0.2.8.2-alpha - 2016-03-?? - When requesting extrainfo descriptors from a trusted directory server, check whether it is an authority or a fallback directory which supports extrainfo descriptors. Fixes bug 18489; bugfix on - 0.2.4.7-alpha. Reported by "atagar", patch by "teor". - - o Minor bugfixes (hidden service client): - - Seven very fast consecutive requests to the same .onion address - triggers 7 descriptor fetches. The first six each pick a directory - (there are 6 overall) and the seventh one wasn't able to pick one - which was triggering a close on all current directory connections. - It has been fixed by not closing them if we have pending directory - fetch. Fixes bug 15937; bugfix on tor-0.2.7.1-alpha. + 0.2.4.7-alpha. Reported by atagar, patch by teor. + + o Minor bugfixes (hidden service, client): + - Handle the case where the user makes several fast consecutive + requests to the same .onion address. Previously, the first six + requests would each trigger a descriptor fetch, each picking a + directory (there are 6 overall) and the seventh one would fail + because no directories were left, thereby triggering a close on + all current directory connections asking for the hidden service. + The solution here is to not close the connections if we have + pending directory fetches. Fixes bug 15937; bugfix + on 0.2.7.1-alpha. o Minor bugfixes (hidden service, control port): - Add the onion address to the HS_DESC event for the UPLOADED action both on success or failure. It was previously hardcoded with UNKNOWN. Fixes bug 16023; bugfix on 0.2.7.2-alpha. + o Minor bugfixes (hidden service, directory): + - Bridges now refuse "rendezvous2" (hidden service descriptor) + publish attempts. Suggested by ticket 18332. + o Minor bugfixes (linux seccomp2 sandbox): - - Avoid a 10-second delay when starting as a client with "Sandbox 1" - enabled and no DNS resolvers configured. This should help TAILS - start up faster. Fixes bug 18548; bugfix on 0.2.5.1-alpha. - - Fix the sandbox's interoprability with unix sockets under setuid. - Fixes bug 18253; bugfix on 0.2.8.1-alpha. - Allow the setrlimit syscall, and the prlimit and prlimit64 syscalls, which some libc implementations use under the hood. Fixes bug 15221; bugfix on 0.2.5.1-alpha. + - Avoid a 10-second delay when starting as a client with "Sandbox 1" + enabled and no DNS resolvers configured. This should help TAILS + start up faster. Fixes bug 18548; bugfix on 0.2.5.1-alpha. + - Fix the sandbox's interoperability with unix domain sockets under + setuid. Fixes bug 18253; bugfix on 0.2.8.1-alpha. o Minor bugfixes (logging): - - When logging information about an unparseable networkstatus vote - or consensus, do not say "vote" when we mean consensus. Fixes bug + - When logging information about an unparsable networkstatus vote or + consensus, do not say "vote" when we mean consensus. Fixes bug 18368; bugfix on 0.2.0.8-alpha. - - Scrub service in from "unrecognized service ID" log messages. + - Scrub service name in "unrecognized service ID" log messages. Fixes bug 18600; bugfix on 0.2.4.11-alpha. - Downgrade logs and backtraces about IP versions to info-level. Only log backtraces once each time tor runs. Assists in diagnosing - bug 18351; bugfix on 0.2.8.1-alpha. Reported by "sysrqb" and - "Christian", patch by "teor". + bug 18351; bugfix on 0.2.8.1-alpha. Reported by sysrqb and + Christian, patch by teor. o Minor bugfixes (memory safety): - - Avoid freeing an uninitialised pointer when opening a socket fails - in get_interface_addresses_ioctl. Fixes bug 18454; bugfix on - 9f06ec0c in tor-0.2.3.11-alpha. Reported by "toralf" and - "cypherpunks", patch by "teor". - - Correctly duplicate addresses in get_interface_address6_list. - Fixes bug 18454; bugfix on 110765f5 in tor-0.2.8.1-alpha. Reported - by "toralf", patch by "cypherpunks". + - Avoid freeing an uninitialized pointer when opening a socket fails + in get_interface_addresses_ioctl(). Fixes bug 18454; bugfix on + 0.2.3.11-alpha. Reported by toralf and "cypherpunks", patch + by teor. + - Correctly duplicate addresses in get_interface_address6_list(). + Fixes bug 18454; bugfix on 0.2.8.1-alpha. Reported by toralf, + patch by "cypherpunks". + - Fix a memory leak in tor-gencert. Fixes part of bug 18672; bugfix + on 0.2.0.1-alpha. + - Fix a memory leak in "tor --list-fingerprint". Fixes part of bug + 18672; bugfix on 0.2.5.1-alpha. o Minor bugfixes (private directory): - Prevent a race condition when creating private directories. Fixes - part of bug 17852; bugfix on 0.2pre13. Part of ticket 17852. Patch - from 'jsturgix'. Found with Flawfinder. + part of bug 17852; bugfix on 0.0.2pre13. Part of ticket 17852. + Patch from jsturgix. Found with Flawfinder. o Minor bugfixes (test networks, IPv6): - Allow internal IPv6 addresses in descriptors in test networks. - Fixes bug 17153; bugfix on 6b4af1071 in 0.2.3.16-alpha. Patch by - "teor", reported by "karsten". + Fixes bug 17153; bugfix on 0.2.3.16-alpha. Patch by teor, reported + by karsten. o Minor bugfixes (testing): - We no longer disable assertions in the unit tests when coverage is @@ -258,40 +280,29 @@ Changes in version 0.2.8.2-alpha - 2016-03-?? o Minor bugfixes (time parsing): - Avoid overflow in tor_timegm when parsing dates in and after 2038 on platforms with 32-bit time_t. Fixes bug 18479; bugfix on - 0.0.2pre14. Patch by "teor". + 0.0.2pre14. Patch by teor. o Minor bugfixes (tor-gencert): - Correctly handle the case where an authority operator enters a passphrase but sends an EOF before sending a newline. Fixes bug - 17443; bugfix on 0.2.0.20-rc. Found by "junglefowl". + 17443; bugfix on 0.2.0.20-rc. Found by junglefowl. o Code simplification and refactoring: - Quote all the string interpolations in configure.ac -- even those which we are pretty sure can't contain spaces. Closes ticket - 17744. Patch from "zerosion". + 17744. Patch from zerosion. - Remove specialized code for non-inplace AES_CTR. 99% of our AES is inplace, so there's no need to have a separate implementation for the non-inplace code. Closes ticket 18258. Patch from Malek. - Simplify return types for some crypto functions that can't actually fail. Patch from Hassan Alsibyani. Closes ticket 18259. - o Dependency updates: - - Tor now uses Autoconf version 2.63 or later, and Automake 1.11 or - later (released in 2008 and 2009 respectively). If you are - building Tor from the git repository instead of from the source - distribution, and your tools are older than this, you will need to - upgrade. Closes ticket 17732. - o Documentation: - Change build messages to refer to "Fedora" instead of "Fedora Core", and "dnf" instead of "yum". Closes tickets 18459 and 18426. Patches from "icanhasaccount" and "cypherpunks". o Removed features: - - Streamline relay-side hsdir handling: when relays consider whether - to accept an uploaded hidden service descriptor, they no longer - check whether they are one of the relays in the network that is - "supposed" to handle that descriptor. Implements ticket 18332. - We no longer maintain an internal freelist in memarea.c. Allocators should be good enough to make this code unnecessary, and it's doubtful that it ever had any performance benefit. @@ -504,7 +515,7 @@ Changes in version 0.2.8.1-alpha - 2016-02-04 bugfix on 0.2.3.2-alpha. - Assert that allocated memory held by the reputation code is freed according to its internal counters. Fixes bug 17753; bugfix - on tor-0.1.1.1-alpha. + on 0.1.1.1-alpha. - Assert when the TLS contexts fail to initialize. Fixes bug 17683; bugfix on 0.0.6. @@ -516,16 +527,16 @@ Changes in version 0.2.8.1-alpha - 2016-02-04 it actually exists. Fixes compilation on NetBSD-6.x. Fixes bug 17819; bugfix on 0.2.6.3-alpha. - Fix backtrace compilation on FreeBSD. Fixes bug 17827; bugfix - on tor-0.2.5.2-alpha. + on 0.2.5.2-alpha. - Fix compilation of sandbox.c with musl-libc. Fixes bug 17347; bugfix on 0.2.5.1-alpha. Patch from 'jamestk'. - Fix search for libevent libraries on OpenBSD (and other systems that install libevent 1 and libevent 2 in parallel). Fixes bug 16651; bugfix on 0.1.0.7-rc. Patch from "rubiate". - Isolate environment variables meant for tests from the rest of the - build system. Fixes bug 17818; bugfix on tor-0.2.7.3-rc. + build system. Fixes bug 17818; bugfix on 0.2.7.3-rc. - Replace usage of 'INLINE' with 'inline'. Fixes bug 17804; bugfix - on tor-0.0.2pre8. + on 0.0.2pre8. - Remove config.log only from make distclean, not from make clean. Fixes bug 17924; bugfix on 0.2.4.1-alpha. @@ -544,7 +555,7 @@ Changes in version 0.2.8.1-alpha - 2016-02-04 o Minor bugfixes (linux seccomp2 sandbox): - Fix a crash when using offline master ed25519 keys with the Linux - seccomp2 sandbox enabled. Fixes bug 17675; bugfix on 0.2.7.3-alpha. + seccomp2 sandbox enabled. Fixes bug 17675; bugfix on 0.2.7.3-rc. o Minor bugfixes (logging): - In log messages that include a function name, use __FUNCTION__ @@ -773,7 +784,7 @@ Changes in version 0.2.7.4-rc - 2015-10-21 o Minor bugfixes (sandbox): - Add the "hidserv-stats" filename to our sandbox filter for the HiddenServiceStatistics option to work properly. Fixes bug 17354; - bugfix on tor-0.2.6.2-alpha. Patch from David Goulet. + bugfix on 0.2.6.2-alpha. Patch from David Goulet. o Minor bugfixes (testing): - Add unit tests for get_interface_address* failure cases. Fixes bug @@ -967,7 +978,7 @@ Changes in version 0.2.7.3-rc - 2015-09-25 o Minor bugfixes (open file limit): - Fix set_max_file_descriptors() to set by default the max open file limit to the current limit when setrlimit() fails. Fixes bug - 16274; bugfix on tor- 0.2.0.10-alpha. Patch by dgoulet. + 16274; bugfix on 0.2.0.10-alpha. Patch by dgoulet. o Minor bugfixes (portability): - Try harder to normalize the exit status of the Tor process to the @@ -1441,7 +1452,7 @@ Changes in version 0.2.6.8 - 2015-05-21 - Revert commit that made directory authorities assign the HSDir flag to relay without a DirPort; this was bad because such relays can't handle BEGIN_DIR cells. Fixes bug 15850; bugfix - on tor-0.2.6.3-alpha. + on 0.2.6.3-alpha. o Minor bugfixes (hidden service, backport from 0.2.7.1-alpha): - Fix an out-of-bounds read when parsing invalid INTRODUCE2 cells on @@ -1482,7 +1493,7 @@ Changes in version 0.2.7.1-alpha - 2015-05-12 - Revert commit that made directory authorities assign the HSDir flag to relay without a DirPort; this was bad because such relays can't handle BEGIN_DIR cells. Fixes bug 15850; bugfix - on tor-0.2.6.3-alpha. + on 0.2.6.3-alpha. o Minor features (clock-jump tolerance): - Recover better when our clock jumps back many hours, like might @@ -1662,7 +1673,7 @@ Changes in version 0.2.7.1-alpha - 2015-05-12 o Removed code: - Remove `USE_OPENSSL_BASE64` and the corresponding fallback code and always use the internal Base64 decoder. The internal decoder - has been part of tor since tor-0.2.0.10-alpha, and no one should + has been part of tor since 0.2.0.10-alpha, and no one should be using the OpenSSL one. Part of ticket 15652. - Remove the 'tor_strclear()' function; use memwipe() instead. Closes ticket 14922. @@ -9691,7 +9702,7 @@ Changes in version 0.2.2.26-beta - 2011-05-17 at least _half_ the length of the store, not _twice_ the length of the store. Bugfix on 0.2.2.6-alpha; fixes part of bug 2230. - Fix a potential null-pointer dereference while computing a - consensus. Bugfix on tor-0.2.0.3-alpha, found with the help of + consensus. Bugfix on 0.2.0.3-alpha, found with the help of clang's analyzer. - Avoid a possible null-pointer dereference when rebuilding the mdesc cache without actually having any descriptors to cache. Bugfix on diff --git a/ReleaseNotes b/ReleaseNotes index 1e9f7f2e8a..ba5de30c01 100644 --- a/ReleaseNotes +++ b/ReleaseNotes @@ -187,7 +187,7 @@ Changes in version 0.2.7.5 - 2015-11-20 - Revert commit that made directory authorities assign the HSDir flag to relay without a DirPort; this was bad because such relays can't handle BEGIN_DIR cells. Fixes bug 15850; bugfix - on tor-0.2.6.3-alpha. + on 0.2.6.3-alpha. - When cannibalizing a circuit for an introduction point, always extend to the chosen exit node (creating a 4 hop circuit). Previously Tor would use the current circuit exit node, which @@ -435,7 +435,7 @@ Changes in version 0.2.7.5 - 2015-11-20 sandbox. Fixes bug 16964; bugfix on 0.2.5.1-alpha. - Add the "hidserv-stats" filename to our sandbox filter for the HiddenServiceStatistics option to work properly. Fixes bug 17354; - bugfix on tor-0.2.6.2-alpha. Patch from David Goulet. + bugfix on 0.2.6.2-alpha. Patch from David Goulet. o Minor bugfixes (Linux seccomp2 sandbox, also in 0.2.6.10): - Allow pipe() and pipe2() syscalls in the seccomp2 sandbox: we need @@ -602,7 +602,7 @@ Changes in version 0.2.7.5 - 2015-11-20 o Removed code: - Remove `USE_OPENSSL_BASE64` and the corresponding fallback code and always use the internal Base64 decoder. The internal decoder - has been part of tor since tor-0.2.0.10-alpha, and no one should + has been part of tor since 0.2.0.10-alpha, and no one should be using the OpenSSL one. Part of ticket 15652. - Remove the 'tor_strclear()' function; use memwipe() instead. Closes ticket 14922. @@ -802,7 +802,7 @@ Changes in version 0.2.6.8 - 2015-05-21 - Revert commit that made directory authorities assign the HSDir flag to relay without a DirPort; this was bad because such relays can't handle BEGIN_DIR cells. Fixes bug 15850; bugfix - on tor-0.2.6.3-alpha. + on 0.2.6.3-alpha. o Minor bugfixes (hidden service, backport from 0.2.7.1-alpha): - Fix an out-of-bounds read when parsing invalid INTRODUCE2 cells on @@ -6960,7 +6960,7 @@ Changes in version 0.2.2.32 - 2011-08-27 negative number if given a value above INT_MAX+1. Found by George Kadianakis. Fixes bug 3306; bugfix on 0.2.2pre14. - Fix a potential null-pointer dereference while computing a - consensus. Bugfix on tor-0.2.0.3-alpha, found with the help of + consensus. Bugfix on 0.2.0.3-alpha, found with the help of clang's analyzer. - If we fail to compute the identity digest of a v3 legacy keypair, warn, and don't use a buffer-full of junk instead. Bugfix on diff --git a/changes/bug18626 b/changes/bug18626 deleted file mode 100644 index 5c1abff6b8..0000000000 --- a/changes/bug18626 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (build): - - Avoid spurious failures from configure files related - to calling exit(0) in TOR_SEARCH_LIBRARY. - Fixes bug 18625; bugfix on 0.2.0.1-alpha. - Patch from "cypherpunks". diff --git a/changes/bug18651 b/changes/bug18651 deleted file mode 100644 index 120a1a5e8e..0000000000 --- a/changes/bug18651 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (assert on exit): - - Fix an assert-on-exit bug related to counting memory usage - in rephist.c. Fixes bug 18651; bugfix on 0.2.8.1-alpha. diff --git a/configure.ac b/configure.ac index d6d65d463c..ed5d2be6d3 100644 --- a/configure.ac +++ b/configure.ac @@ -4,7 +4,7 @@ dnl Copyright (c) 2007-2015, The Tor Project, Inc. dnl See LICENSE for licensing information AC_PREREQ([2.63]) -AC_INIT([tor],[0.2.8.1-alpha-dev]) +AC_INIT([tor],[0.2.9.0-alpha-dev]) AC_CONFIG_SRCDIR([src/or/main.c]) AC_CONFIG_MACRO_DIR([m4]) diff --git a/contrib/win32build/tor-mingw.nsi.in b/contrib/win32build/tor-mingw.nsi.in index 9a4de0ab08..47fb7e0cd2 100644 --- a/contrib/win32build/tor-mingw.nsi.in +++ b/contrib/win32build/tor-mingw.nsi.in @@ -8,7 +8,7 @@ !include "LogicLib.nsh" !include "FileFunc.nsh" !insertmacro GetParameters -!define VERSION "0.2.8.1-alpha-dev" +!define VERSION "0.2.9.0-alpha-dev" !define INSTALLER "tor-${VERSION}-win32.exe" !define WEBSITE "https://www.torproject.org/" !define LICENSE "LICENSE" diff --git a/src/or/main.c b/src/or/main.c index 26e52d241d..a2cf5b1101 100644 --- a/src/or/main.c +++ b/src/or/main.c @@ -3245,6 +3245,7 @@ do_list_fingerprint(void) char buf[FINGERPRINT_LEN+1]; crypto_pk_t *k; const char *nickname = get_options()->Nickname; + sandbox_disable_getaddrinfo_cache(); if (!server_mode(get_options())) { log_err(LD_GENERAL, "Clients don't have long-term identity keys. Exiting."); diff --git a/src/test/test_util.c b/src/test/test_util.c index 8e5c9bf80a..7d43b8156b 100644 --- a/src/test/test_util.c +++ b/src/test/test_util.c @@ -726,8 +726,11 @@ test_util_time(void *arg) tt_str_op("2038-02-17 06:13:20",OP_EQ, timestr); */ #elif SIZEOF_TIME_T == 8 +#ifndef _WIN32 + /* This SHOULD work on windows too; see bug #18665 */ tt_str_op("2038-02-17 06:13:20",OP_EQ, timestr); #endif +#endif done: ; diff --git a/src/tools/tor-gencert.c b/src/tools/tor-gencert.c index 4e5e1dc590..c05066722a 100644 --- a/src/tools/tor-gencert.c +++ b/src/tools/tor-gencert.c @@ -402,6 +402,7 @@ key_to_string(EVP_PKEY *key) b = BIO_new(BIO_s_mem()); if (!PEM_write_bio_RSAPublicKey(b, rsa)) { crypto_log_errors(LOG_WARN, "writing public key to string"); + RSA_free(rsa); return NULL; } @@ -413,6 +414,7 @@ key_to_string(EVP_PKEY *key) result[buf->length] = 0; BUF_MEM_free(buf); + RSA_free(rsa); return result; } @@ -488,10 +490,13 @@ generate_certificate(void) tor_free(signing); /* Append a cross-certification */ + RSA *rsa = EVP_PKEY_get1_RSA(signing_key); r = RSA_private_encrypt(DIGEST_LEN, (unsigned char*)id_digest, (unsigned char*)signature, - EVP_PKEY_get1_RSA(signing_key), + rsa, RSA_PKCS1_PADDING); + RSA_free(rsa); + signed_len = strlen(buf); base64_encode(buf+signed_len, sizeof(buf)-signed_len, signature, r, BASE64_ENCODE_MULTILINE); @@ -503,10 +508,12 @@ generate_certificate(void) signed_len = strlen(buf); SHA1((const unsigned char*)buf,signed_len,(unsigned char*)digest); + rsa = EVP_PKEY_get1_RSA(identity_key); r = RSA_private_encrypt(DIGEST_LEN, (unsigned char*)digest, (unsigned char*)signature, - EVP_PKEY_get1_RSA(identity_key), + rsa, RSA_PKCS1_PADDING); + RSA_free(rsa); strlcat(buf, "-----BEGIN SIGNATURE-----\n", sizeof(buf)); signed_len = strlen(buf); base64_encode(buf+signed_len, sizeof(buf)-signed_len, signature, r, diff --git a/src/win32/orconfig.h b/src/win32/orconfig.h index 407ffc00fc..9469245ba7 100644 --- a/src/win32/orconfig.h +++ b/src/win32/orconfig.h @@ -229,7 +229,7 @@ #define USING_TWOS_COMPLEMENT /* Version number of package */ -#define VERSION "0.2.8.1-alpha-dev" +#define VERSION "0.2.9.0-alpha-dev" |