summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog258
1 files changed, 127 insertions, 131 deletions
diff --git a/ChangeLog b/ChangeLog
index f6cd2b41e7..bc7f1055b9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,28 +1,16 @@
Changes in version 0.2.8.2-rc - 2016-03-??
- Tor 0.2.8.1-alpha is the first release candidate in its series.
- XXXX write more here XXXX
+ Tor 0.2.8.1-alpha is the first release candidate in its series. XXXX
+ write more here XXXX
o New system requirements:
- Tor no longer supports versions of OpenSSL with a broken
- implementation of counter mode. (This bug was present in OpenSSL
- 1.0.0, and was fixed in OpenSSL 1.0.0a.) Tor still detects, but
- no longer runs with, these versions.
- - Tor no longer attempts to support platforms where the "time_t" type
- is unsigned. (To the best of our knowledge, only OpenVMS does this,
- and Tor has never actually built on OpenVMS.) Closes ticket 18184.
-
- o Removed features:
- - Streamline relay-side hsdir handling: when relays consider whether
- to accept an uploaded hidden service descriptor, they no longer
- check whether they are one of the relays in the network that is
- "supposed" to handle that descriptor. Implements ticket 18332.
- - We no longer maintain an internal freelist in memarea.c. Allocators
- should be good enough to make this code unnecessary, and it's doubtful
- that it ever had any performance benefit.
-
- o Major bugfixes (dns proxy mode, crash):
- - Avoid crashing when running as a DNS proxy. Fixes bug 16248; bugfix on
- 0.2.0.1-alpha. Patch from 'cypherpunks'.
+ implementation of counter mode. (This bug was present in OpenSSL
+ 1.0.0, and was fixed in OpenSSL 1.0.0a.) Tor still detects, but no
+ longer runs with, these versions.
+ - Tor no longer attempts to support platforms where the "time_t"
+ type is unsigned. (To the best of our knowledge, only OpenVMS does
+ this, and Tor has never actually built on OpenVMS.) Closes
+ ticket 18184.
o Major bugfixes (security, pointers):
- Avoid a difficult-to-trigger heap corruption attack when extending
@@ -31,20 +19,28 @@ Changes in version 0.2.8.2-rc - 2016-03-??
incompletely. Reported by Guido Vranken.
o Major bugfixes (compilation):
- - Repair hardened builds under the clang compiler. Previously,
- our use of _FORTIFY_SOURCE would conflict with clang's address
+ - Repair hardened builds under the clang compiler. Previously, our
+ use of _FORTIFY_SOURCE would conflict with clang's address
sanitizer. Fixes bug 14821; bugfix on 0.2.5.4-alpha.
o Major bugfixes (crash on shutdown):
- Correctly handle detaching circuits from cmuxes when doing
- circuit_free_all() on shutdown. Fixes bug 18116; bugfix on
- 0.2.8.1-alpha.
+ circuit_free_all() on shutdown. Fixes bug 18116; bugfix
+ on 0.2.8.1-alpha.
+
+ o Major bugfixes (dns proxy mode, crash):
+ - Avoid crashing when running as a DNS proxy. Fixes bug 16248;
+ bugfix on 0.2.0.1-alpha. Patch from 'cypherpunks'.
o Major bugfixes (relays, bridge clients):
- - Ensure relays always allow IPv4 OR and Dir connections.
- Ensure bridge clients use the address configured in the bridge line.
- Fixes bug 18348; bugfix on 0.2.8.1-alpha.
- Reported by sysrqb, patch by teor.
+ - Ensure relays always allow IPv4 OR and Dir connections. Ensure
+ bridge clients use the address configured in the bridge line.
+ Fixes bug 18348; bugfix on 0.2.8.1-alpha. Reported by sysrqb,
+ patch by teor.
+
+ o Minor features:
+ - Update geoip and geoip6 to the February 2 2016 Maxmind GeoLite2
+ Country database.
o Minor feature (IPv6):
- Add ClientPreferIPv6DirPort, which is set to 0 by default. If set
@@ -53,22 +49,21 @@ Changes in version 0.2.8.2-rc - 2016-03-??
avoids using IPv4 for client OR and directory connections.
- Try harder to fulfil IP version restrictions ClientUseIPv4 0 and
ClientUseIPv6 0; and the preferences ClientPreferIPv6ORPort and
- ClientPreferIPv6DirPort.
- Closes ticket 17840; patch by "teor".
+ ClientPreferIPv6DirPort. Closes ticket 17840; patch by "teor".
o Minor features (bug-resistance):
- - Make Tor survive errors involving connections without a corresponding
- event object. Previously we'd fail with an assertion; now we produce a
- log message. Related to bug 16248.
+ - Make Tor survive errors involving connections without a
+ corresponding event object. Previously we'd fail with an
+ assertion; now we produce a log message. Related to bug 16248.
o Minor features (build):
- - Detect systems with FreeBSD-derived kernels (such as GNU/kFreeBSD) as
- having possible IPfW support. Closes ticket 18448. Patch from
+ - Detect systems with FreeBSD-derived kernels (such as GNU/kFreeBSD)
+ as having possible IPfW support. Closes ticket 18448. Patch from
Steven Chamberlain.
o Minor features (code hardening):
- - Use tor_snprintf() and tor_vsnprintf() even in external and
- low-level code, to harden against accidental failures to NUL-
+ - Use tor_snprintf() and tor_vsnprintf() even in external and low-
+ level code, to harden against accidental failures to NUL-
terminate. Part of ticket 17852. Patch from 'jsturgix'. Found
with Flawfinder.
@@ -77,11 +72,11 @@ Changes in version 0.2.8.2-rc - 2016-03-??
appropriate locations. Closes ticket 17732.
o Minor features (crypto):
- - Fix a segfault during startup: If unix socket was configured as
+ - Fix a segfault during startup: If unix socket was configured as
listener (such as a ControlSocket or a SocksPort unix socket), and
tor was started as root but not configured to switch to another
user, tor would segfault while trying to string compare a NULL
- value. Fixes bug 18261; bugfix on 0.2.8.1-alpha. Patch by weasel.
+ value. Fixes bug 18261; bugfix on 0.2.8.1-alpha. Patch by weasel.
- Validate the Diffie-Hellman hard coded parameters and ensure that
p is a safe prime, and g is suitable. Closes ticket 18221.
@@ -90,41 +85,57 @@ Changes in version 0.2.8.2-rc - 2016-03-??
Country database.
o Minor features (robustness):
- - Exit immediately with an error message if the code attempts to
- use libevent without having initialized it. This should resolve
- some frequently-made mistakes in our unit tests. Closes ticket
- 18241.
+ - Exit immediately with an error message if the code attempts to use
+ libevent without having initialized it. This should resolve some
+ frequently-made mistakes in our unit tests. Closes ticket 18241.
o Minor features (unix domain sockets):
- Since some operating systems do not consider the actual modes on a
UNIX domain socket itself, tor does not allow creating such a
socket in a directory that is group or world accessible if it is
- supposed to be private. Likewise, it will not allow only group
- accessible sockets in a world accessible directory.
- However, on some operating systems this is unnecessary, so
- add a per-socket option called RelaxDirModeCheck.
- Closes ticket 18458. Patch by weasel.
+ supposed to be private. Likewise, it will not allow only group
+ accessible sockets in a world accessible directory. However, on
+ some operating systems this is unnecessary, so add a per-socket
+ option called RelaxDirModeCheck. Closes ticket 18458. Patch
+ by weasel.
- o Minor features:
- - Update geoip and geoip6 to the February 2 2016 Maxmind GeoLite2
- Country database.
+ o Minor bugfixes (exit policies, security):
+ - Refresh an exit relay's exit policy when interface addresses
+ change. Previously, tor only refreshed the exit policy when the
+ configured external address changed. Fixes bug 18208; bugfix on
+ tor 0.2.7.3. Patch by "teor".
+
+ o Minor bugfixes (security, hidden services):
+ - Prevent hidden services connecting to client-supplied rendezvous
+ addresses that are reserved as internal or multicast. Fixes bug
+ 8976; bugfix on b7c172c9e in tor-0.2.3.21. Patch by "dgoulet"
+ and "teor".
+
+ o Minor bugfixes (security, win32):
+ - Set SO_EXCLUSIVEADDRUSE on Win32 to avoid a local port-stealing
+ attack. Fixes bug 18123; bugfix on all tor versions. Patch
+ by "teor".
+
+ o Minor bugfixes:
+ - Bridges now refuse "rendezvous2" (hidden service descriptor)
+ publish attempts. Suggested by ticket 18332.
o Minor bugfixes (build):
- - Do not link the unit tests against both the testing and non-testing
- versions of the static libraries. Fixes bug 18490; bugfix on
- 0.2.7.1-alpha.
+ - Do not link the unit tests against both the testing and non-
+ testing versions of the static libraries. Fixes bug 18490; bugfix
+ on 0.2.7.1-alpha.
o Minor bugfixes (client):
- Count receipt of new microdescriptors as progress towards
bootstrapping. Now, when a user who has set EntryNodes finishes
bootstrapping, Tor automatically repopulates the guard set based
- on this new directory information. Fixes bug 16825; bugfix on
- 0.2.3.1-alpha.
+ on this new directory information. Fixes bug 16825; bugfix
+ on 0.2.3.1-alpha.
o Minor bugfixes (code correctness):
- - Update to the latest version of Trunnel, which tries harder
- to avoid generating code that can invoke memcpy(p,NULL,0).
- Bug found by clang address sanitizer. Fixes bug 18373; bugfix
+ - Update to the latest version of Trunnel, which tries harder to
+ avoid generating code that can invoke memcpy(p,NULL,0). Bug found
+ by clang address sanitizer. Fixes bug 18373; bugfix
on 0.2.7.2-alpha.
o Minor bugfixes (configuration):
@@ -134,44 +145,37 @@ Changes in version 0.2.8.2-rc - 2016-03-??
o Minor bugfixes (containers):
- If we somehow attempt to construct a heap with more than
1073741822 elements, avoid an integer overflow when maintaining
- the heap property. Fixes bug 18296; bugfix on 0.1.2.1-alpha.
+ the heap property. Fixes bug 18296; bugfix on 0.1.2.1-alpha.
o Minor bugfixes (correctness):
- - Fix a bad memory handling bug that would occur if we had queued
- a cell on a channel's incoming queue. Fortunately, we can't actually
- queue a cell like that as our code is constructed today, but it's best
- to avoid this kind of error, even if there isn't any code that triggers
- it today. Fixes bug 18570; bugfix on 0.2.4.4-alpha.
+ - Fix a bad memory handling bug that would occur if we had queued a
+ cell on a channel's incoming queue. Fortunately, we can't actually
+ queue a cell like that as our code is constructed today, but it's
+ best to avoid this kind of error, even if there isn't any code
+ that triggers it today. Fixes bug 18570; bugfix on 0.2.4.4-alpha.
o Minor bugfixes (crypto, static analysis):
- - Silence spurious clang-scan warnings in the ed25519_donna code
- by explicitly initialising some objects.
- Fixes bug 18384; bugfix on 0f3eeca9 in 0.2.7.2-alpha.
- Patch by "teor".
+ - Silence spurious clang-scan warnings in the ed25519_donna code by
+ explicitly initialising some objects. Fixes bug 18384; bugfix on
+ 0f3eeca9 in 0.2.7.2-alpha. Patch by "teor".
o Minor bugfixes (directory):
- When generating a URL for a directory server on an IPv6 address,
- wrap the IPv6 address in square brackets. Fixes bug 18051;
- bugfix on 0.2.3.9-alpha. Patch from Malek.
-
- o Minor bugfixes (exit policies, security):
- - Refresh an exit relay's exit policy when interface addresses change.
- Previously, tor only refreshed the exit policy when the configured
- external address changed.
- Fixes bug 18208; bugfix on tor 0.2.7.3. Patch by "teor".
+ wrap the IPv6 address in square brackets. Fixes bug 18051; bugfix
+ on 0.2.3.9-alpha. Patch from Malek.
o Minor bugfixes (hidden service client):
- Seven very fast consecutive requests to the same .onion address
triggers 7 descriptor fetches. The first six each pick a directory
(there are 6 overall) and the seventh one wasn't able to pick one
- which was triggering a close on all current directory connections. It
- has been fixed by not closing them if we have pending directory fetch.
- Fixes bug 15937; bugfix on tor-0.2.7.1-alpha.
+ which was triggering a close on all current directory connections.
+ It has been fixed by not closing them if we have pending directory
+ fetch. Fixes bug 15937; bugfix on tor-0.2.7.1-alpha.
o Minor bugfixes (hidden service, control port):
- Add the onion address to the HS_DESC event for the UPLOADED action
- both on success or failure. It was previously hardcoded with UNKNOWN.
- Fixes bug 16023; bugfix on 0.2.7.2-alpha.
+ both on success or failure. It was previously hardcoded with
+ UNKNOWN. Fixes bug 16023; bugfix on 0.2.7.2-alpha.
o Minor bugfixes (logging):
- Scrub service in from "unrecognized service ID" log messages.
@@ -179,77 +183,69 @@ Changes in version 0.2.8.2-rc - 2016-03-??
o Minor bugfixes (memory safety):
- Avoid freeing an uninitialised pointer when opening a socket fails
- in get_interface_addresses_ioctl.
- Fixes bug 18454; bugfix on 9f06ec0c in tor-0.2.3.11-alpha.
- Reported by "toralf" and "cypherpunks", patch by "teor".
+ in get_interface_addresses_ioctl. Fixes bug 18454; bugfix on
+ 9f06ec0c in tor-0.2.3.11-alpha. Reported by "toralf" and
+ "cypherpunks", patch by "teor".
- Correctly duplicate addresses in get_interface_address6_list.
- Fixes bug 18454; bugfix on 110765f5 in tor-0.2.8.1-alpha.
- Reported by "toralf", patch by "cypherpunks".
+ Fixes bug 18454; bugfix on 110765f5 in tor-0.2.8.1-alpha. Reported
+ by "toralf", patch by "cypherpunks".
o Minor bugfixes (private directory):
- - Prevent a race condition when creating private directories.
- Fixes part of bug 17852; bugfix on 0.2pre13. Part of ticket
- 17852. Patch from 'jsturgix'. Found with Flawfinder.
+ - Prevent a race condition when creating private directories. Fixes
+ part of bug 17852; bugfix on 0.2pre13. Part of ticket 17852. Patch
+ from 'jsturgix'. Found with Flawfinder.
o Minor bugfixes (sandbox):
- - Allow the setrlimit syscall, and the prlimit and prlimit64 syscalls,
- which some libc implementations
- use under the hood. Fixes bug 15221; bugfix on 0.2.5.1-alpha.
-
- o Minor bugfixes (security, hidden services):
- - Prevent hidden services connecting to client-supplied rendezvous
- addresses that are reserved as internal or multicast.
- Fixes bug 8976; bugfix on b7c172c9e in tor-0.2.3.21.
- Patch by "dgoulet" and "teor".
-
- o Minor bugfixes (security, win32):
- - Set SO_EXCLUSIVEADDRUSE on Win32 to avoid a local port-stealing
- attack.
- Fixes bug 18123; bugfix on all tor versions. Patch by "teor".
+ - Allow the setrlimit syscall, and the prlimit and prlimit64
+ syscalls, which some libc implementations use under the hood.
+ Fixes bug 15221; bugfix on 0.2.5.1-alpha.
o Minor bugfixes (test networks, IPv6):
- Allow internal IPv6 addresses in descriptors in test networks.
- Fixes bug 17153; bugfix on 6b4af1071 in 0.2.3.16-alpha.
- Patch by "teor", reported by "karsten".
+ Fixes bug 17153; bugfix on 6b4af1071 in 0.2.3.16-alpha. Patch by
+ "teor", reported by "karsten".
o Minor bugfixes (testing):
- - We no longer disable assertions in the unit tests when coverage
- is enabled. Instead, we require you to say --disable-asserts-in-tests
+ - We no longer disable assertions in the unit tests when coverage is
+ enabled. Instead, we require you to say --disable-asserts-in-tests
to the configure script if you need assertions disabled in the
unit tests (for example, if you want to perform branch coverage).
Fixes bug 18242; bugfix on 0.2.7.1-alpha.
- o Minor bugfixes:
- - Bridges now refuse "rendezvous2" (hidden service descriptor)
- publish attempts. Suggested by ticket 18332.
-
o Code simplification and refactoring:
- - Quote all the string interpolations in configure.ac -- even
- those which we are pretty sure can't contain spaces. Closes
- ticket 17744. Patch from "zerosion".
- - Remove specialized code for non-inplace AES_CTR. 99% of our AES
- is inplace, so there's no need to have a separate implementation
- for the non-inplace code. Closes ticket 18258. Patch from
- Malek.
+ - Quote all the string interpolations in configure.ac -- even those
+ which we are pretty sure can't contain spaces. Closes ticket
+ 17744. Patch from "zerosion".
+ - Remove specialized code for non-inplace AES_CTR. 99% of our AES is
+ inplace, so there's no need to have a separate implementation for
+ the non-inplace code. Closes ticket 18258. Patch from Malek.
- Simplify return types for some crypto functions that can't
- actually fail. Patch from Hassan Alsibyani. Closes ticket
- 18259.
+ actually fail. Patch from Hassan Alsibyani. Closes ticket 18259.
o Dependency updates:
- - Tor now uses Autoconf version 2.63 or later, and Automake 1.11 or later
- (released in 2008 and 2009 respectively). If you are building Tor from
- the git repository instead of from the source distribution, and your
- tools are older than this, you will need to upgrade.
- Closes ticket 17732.
+ - Tor now uses Autoconf version 2.63 or later, and Automake 1.11 or
+ later (released in 2008 and 2009 respectively). If you are
+ building Tor from the git repository instead of from the source
+ distribution, and your tools are older than this, you will need to
+ upgrade. Closes ticket 17732.
o Documentation:
- - Change build messages to refer to "Fedora" instead of "Fedora Core",
- and "dnf" instead of "yum". Closes tickets 18459 and 18426.
+ - Change build messages to refer to "Fedora" instead of "Fedora
+ Core", and "dnf" instead of "yum". Closes tickets 18459 and 18426.
Patches from "icanhasaccount" and "cypherpunks".
+ o Removed features:
+ - Streamline relay-side hsdir handling: when relays consider whether
+ to accept an uploaded hidden service descriptor, they no longer
+ check whether they are one of the relays in the network that is
+ "supposed" to handle that descriptor. Implements ticket 18332.
+ - We no longer maintain an internal freelist in memarea.c.
+ Allocators should be good enough to make this code unnecessary,
+ and it's doubtful that it ever had any performance benefit.
+
o Testing:
- - Fix several warnings from clang's address sanitizer produced in the
- unit tests.
+ - Fix several warnings from clang's address sanitizer produced in
+ the unit tests.
- Treat backtrace test failures as expected on FreeBSD until we
solve bug 17808. Closes ticket 18204.