summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ChangeLog228
-rw-r--r--changes/bug90593
-rw-r--r--changes/require_0236
-rw-r--r--configure.ac2
-rw-r--r--contrib/tor-mingw.nsi.in2
-rw-r--r--doc/HACKING14
-rw-r--r--src/common/crypto.c2
-rw-r--r--src/or/config.c1
-rw-r--r--src/or/dirserv.c11
-rw-r--r--src/win32/orconfig.h2
10 files changed, 146 insertions, 125 deletions
diff --git a/ChangeLog b/ChangeLog
index 427bb84b8b..6e329fe0f3 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,43 +1,57 @@
-Changes in version 0.2.5.3-alpha - 2014-03-??
-
- o Major features (server security, DoS-resistance):
- - Also consider stream buffer sizes when calculating OOM
- conditions. Rename MaxMemInCellQueues to MaxMemInQueues. Fixes
- bug 10169.
+Changes in version 0.2.5.3-alpha - 2014-03-22
+ Tor 0.2.5.3-alpha includes all the fixes from 0.2.4.21. It contains
+ two new anti-DoS features for Tor relays, resolves a bug that kept
+ SOCKS5 support for IPv6 from working, fixes several annoying usability
+ issues for bridge users, and removes more old code for unused
+ directory formats.
+
+ The Tor 0.2.5.x release series is now in patch-freeze: no feature
+ patches not already written will be considered for inclusion in 0.2.5.x.
+
+ o Major features (relay security, DoS-resistance):
+ - When deciding whether we have run out of memory and we need to
+ close circuits, also consider memory allocated in buffers for
+ streams attached to each circuit.
+
+ This change, which extends an anti-DoS feature introduced in
+ 0.2.4.13-alpha and improved in 0.2.4.14-alpha, lets Tor exit relays
+ better resist more memory-based DoS attacks than before. Since the
+ MaxMemInCellQueues option now applies to all queues, it is renamed
+ to MaxMemInQueues. This feature fixes bug 10169.
- Avoid hash-flooding denial-of-service attacks by using the secure
- SipHash-2-4 hash function for our hashtables. Without this
+ SipHash-2-4 hash function for our hashtables. Without this
feature, an attacker could degrade performance of a targeted
client or server by flooding their data structures with a large
- number of data entries all calculated to be stored at the same
- hash table position, thereby degrading hash table
- performance. With this feature, hash table positions are derived
- from a randomized cryptographic key using SipHash-2-4, and an
- attacker cannot predict which entries will collide.
- Closes ticket 4900.
- - Decrease the lower limit of MaxMemInQueues to 256 MBytes, to
- appease raspberry pi users. Fixes bug 9686.
+ number of entries to be stored at the same hash table position,
+ thereby slowing down the Tor instance. With this feature, hash
+ table positions are derived from a randomized cryptographic key,
+ and an attacker cannot predict which entries will collide. Closes
+ ticket 4900.
+ - Decrease the lower limit of MaxMemInQueues to 256 MBytes (but leave
+ the default at 8GBytes), to better support Raspberry Pi users. Fixes
+ bug 9686; bugfix on 0.2.4.14-alpha.
o Minor features (bridges, pluggable transports):
- - Bridges write the SHA1 digest of their identity key fingerprint to
- notice-level logs and to hashed-fingerprint, so that bridge
- operators can look up their bridge in Globe and similar tools.
- - Improve the message that gets displayed when Tor as a bridge is
- using pluggable transports but doesn't have an Extended ORPort
- listener. Furthermore, we now log the message in the log file
- too. Resolves ticket 11043.
- - Don't log at warning severity when we refuse to launch a
- pluggable transport proxy that we don't need. Resolves ticket
- 5018; bugfix on 0.2.5.2-alpha.
+ - Bridges now write the SHA1 digest of their identity key
+ fingerprint (that is, a hash of a hash of their public key) to
+ notice-level logs, and to a new hashed-fingerprint file. This
+ information will help bridge operators look up their bridge in
+ Globe and similar tools. Resolves ticket 10884.
+ - Improve the message that Tor displays when running as a bridge
+ using pluggable transports without an Extended ORPort listener.
+ Also, log the message in the log file too. Resolves ticket 11043.
o Minor features (other):
- - Warn the user if they put any ports in the SocksPolicy,
+ - Add a new option, PredictedPortsRelevanceTime, to control how long
+ after having received a request to connect to a given port Tor
+ will try to keep circuits ready in anticipation of future requests
+ for that port. Patch from "unixninja92"; implements ticket 9176.
+ - Generate a warning if any ports are listed in the SocksPolicy,
DirPolicy, AuthDirReject, AuthDirInvalid, AuthDirBadDir, or
- AuthDirBadExit options. Fixes ticket #11108.
- - Update geoip and geoip6 to the February 7 2014 Maxmind GeoLite2 Country
- database.
- - Made PREDICTED_CIRCS_RELEVANCE_TIME configurable from config
- file with a new option, PredictedPortsRelevanceTime. Implements
- ticket #9176. Patch by unixninja92.
+ AuthDirBadExit options. (These options only support address
+ ranges.) Fixes part of ticket 11108.
+ - Update geoip and geoip6 to the February 7 2014 Maxmind GeoLite2
+ Country database.
o Minor bugfixes (new since 0.2.5.2-alpha, also in 0.2.4.21):
- Build without warnings under clang 3.4. (We have some macros that
@@ -48,88 +62,87 @@ Changes in version 0.2.5.3-alpha - 2014-03-??
manpages from scratch on OpenBSD; OpenBSD calls it "a2x.py".
Fixes bug 10929; bugfix on 0.2.2.9-alpha. Patch from Dana Koch.
- o Minor bugfixes (unit tests)
- - Fix a small bug in the unit tests that might have made the tests
- call 'chmod' with an uninitialized bitmask.
- Fixes bug 10928; bugfix on 0.2.5.1-alpha. Patch from Dana Koch.
-
- o Minor bugfixes (client):
- - Fix IPv6 support when using the SocksPort with SOCKS5. Using IPv6
- through a SOCKS5 using the SocksPort option will now work with
- this fix. This part of the code has never been updated to support
- IPv6 thus this does not fix a previously introduced regression.
- Fixes bug 10987; bugfix on 0.2.4.7-alpha.
- - Fix tor so that it raises a control port warning when we fail to
- connect to all of our bridges. Fixes bug 11069; bugfix on
- tor-0.2.1.2-alpha.
- - Fix a bug where we would attempt to connect to bridges before
- our pluggable transports were configured, which resulted in some
- erroneous log messages. Fixes bug 11156; bugfix on
- 0.2.3.2-alpha.
- - Exit immediately when exiting because of dropped connection from
- a process-owning controller. Previously, if we were running in
- server mode, we would wait for a little while as in the when we
- got an INT signal--but this was problematic, since there was no
- feedback for the user. Controllers that want to do a clean
- shutdown should send an INT signal, and let the user know what's
- going on. Fix for bug 10449; bugfix on 0.2.2.28-beta.
- - Log an improved message when excluding hidden service directory
- nodes prevents a hidden service from working.
- Improves on our fix for bug #10722, which was a bugfix on
- 0.2.0.10-alpha.
-
- o Minor bugfixes (servers):
- - Non-exit servers no longer launch mock DNS requests to check for
- DNS hijacking. This has been unnecessary since 0.2.1.7-alpha,
- when non-exit servers stopped servicing DNS requests. Fixes bug
- 965; bugfix on 0.2.1.7-alpha. Patch from Matt Pagan.
+ o Minor bugfixes (client):
+ - Improve the log message when we can't connect to a hidden service
+ because all of the hidden service directory nodes hosting its
+ descriptor are excluded. Improves on our fix for bug 10722, which
+ was a bugfix on 0.2.0.10-alpha.
+ - Raise a control port warning when we fail to connect to all of
+ our bridges. Previously, we didn't inform the controller, and
+ the bootstrap process would stall. Fixes bug 11069; bugfix on
+ 0.2.1.2-alpha.
+ - Exit immediately when a process-owning controller exits.
+ Previously, tor relays would wait for a little while after their
+ controller exited, as if they had gotten an INT signal -- but this
+ was problematic, since there was no feedback for the user. To do a
+ clean shutdown, controllers should send an INT signal and give Tor
+ a chance to clean up. Fixes bug 10449; bugfix on 0.2.2.28-beta.
+ - Stop attempting to connect to bridges before our pluggable
+ transports are configured (harmless but resulted in some erroneous
+ log messages). Fixes bug 11156; bugfix on 0.2.3.2-alpha.
+ - Fix connections to IPv6 addresses over SOCKS5. Previously, we were
+ generating incorrect SOCKS5 responses, and confusing client
+ applications. Fixes bug 10987; bugfix on 0.2.4.7-alpha.
+
+ o Minor bugfixes (relays and bridges):
- Avoid crashing on a malformed resolv.conf file when running a
- server using Libevent 1. Fixes bug 8788; bugfix on 0.1.1.23.
- - Give the correct URL in the warning message that we present
- when the user is trying to run a Tor relay on an ancient version
- of Windows. Fixes bug 9393.
- - Bridges now never collect statistics that were designed for relays.
- Fix for bug 5824; bugfix on 0.2.3.8-alpha.
- - Bridges now report complete directory request statistics. Related to
- bug 5824; bugfix on 0.2.2.1-alpha.
+ relay using Libevent 1. Fixes bug 8788; bugfix on 0.1.1.23.
+ - Non-exit relays no longer launch mock DNS requests to check for
+ DNS hijacking. This has been unnecessary since 0.2.1.7-alpha, when
+ non-exit relays stopped servicing DNS requests. Fixes bug 965;
+ bugfix on 0.2.1.7-alpha. Patch from Matt Pagan.
+ - Bridges now report complete directory request statistics. Related
+ to bug 5824; bugfix on 0.2.2.1-alpha.
+ - Bridges now never collect statistics that were designed for
+ relays. Fixes bug 5824; bugfix on 0.2.3.8-alpha.
+ - Stop giving annoying warning messages when we decide not to launch
+ a pluggable transport proxy that we don't need (because there are
+ no bridges configured to use it). Resolves ticket 5018; bugfix
+ on 0.2.5.2-alpha.
+ - Give the correct URL in the warning message when trying to run a
+ relay on an ancient version of Windows. Fixes bug 9393.
o Minor bugfixes (backtrace support):
- - Build using the -fasynchronous-unwind-tables option so that more
- platforms (in particular, ones like 32-bit Intel where the
- -fomit-frame-pointer option is on by default and table
- generation is not) will support generating backtraces. This
- doesn't yet add Windows support yet; only Linux, OSX, and some BSD
- are affected. Reported by 'cypherpunks'; fixes bug 11047; bugfix
- on 0.2.5.2-alpha.
- - Avoid strange behavior if two threads hit failed asswertions
- at the same time and both try to log backtraces at
- once. (Previously, if this had happened, both threads would
- have stored their intermediate results in the same buffer, and
- generated junk outputs.) Reported by "cypherpunks". Fixes bug
- 11048; bugfix on 0.2.5.2-alpha.
- - Fix a 64-to-32-conversion warning in format_number_sigsafe().
- Bugfix on 0.2.5.2-alpha; patch from Nick Hopper.
+ - Support automatic backtraces on more platforms by using the
+ "-fasynchronous-unwind-tables" compiler option. This option is
+ needed for platforms like 32-bit Intel where "-fomit-frame-pointer"
+ is on by default and table generation is not. This doesn't yet
+ add Windows support; only Linux, OSX, and some BSDs are affected.
+ Reported by 'cypherpunks'; fixes bug 11047; bugfix on 0.2.5.2-alpha.
+ - Avoid strange behavior if two threads hit failed assertions at the
+ same time and both try to log backtraces at once. (Previously, if
+ this had happened, both threads would have stored their intermediate
+ results in the same buffer, and generated junk outputs.) Reported by
+ "cypherpunks". Fixes bug 11048; bugfix on 0.2.5.2-alpha.
+ - Fix a compiler warning in format_number_sigsafe(). Bugfix on
+ 0.2.5.2-alpha; patch from Nick Hopper.
+
+ o Minor bugfixes (unit tests):
+ - Fix a small bug in the unit tests that might have made the tests
+ call 'chmod' with an uninitialized bitmask. Fixes bug 10928;
+ bugfix on 0.2.5.1-alpha. Patch from Dana Koch.
o Removed code:
- - Remove all code for hidden service authorities to accept and serve
- version 0 descriptors and left-over code for hidden services and
- hidden service clients to upload and fetch version 0 descriptors.
- Version 0 descriptors are not in use anymore since 0.2.2.1-alpha.
- Fixes the rest of bug 10841.
+ - Remove all remaining code related to version-0 hidden service
+ descriptors: they have not been in use since 0.2.2.1-alpha. Fixes
+ the rest of bug 10841.
o Documentation:
- - Explain that SocksPolicy, DirPolicy, and their allies don't take
- port arguments. Fixes ticket #11108.
- - Fix the max client name length in the manpage's description of
- HiddenServiceAuthorizeClient description: it should have been
- 16, not 19. Fixes bug 11118; bugfix on 0.2.1.6-alpha.
- Document in the manpage that "KBytes" may also be written as
"kilobytes" or "KB", that "Kbits" may also be written as
- "kilobits", and so forth. Closes ticket #9222.
+ "kilobits", and so forth. Closes ticket 9222.
+ - Document that the ClientOnly config option overrides ORPort.
+ Our old explanation made ClientOnly sound as though it did
+ nothing at all. Resolves bug 9059.
+ - Explain that SocksPolicy, DirPolicy, and similar options don't
+ take port arguments. Fixes the other part of ticket 11108.
- Fix a comment about the rend_server_descriptor_t.protocols field
- to more accurately describe its range. Also, make that
- field unsigned, to more accurately reflect its usage.
- Fixes bug 9099; bugfix on 0.2.1.5-alpha.
+ to more accurately describe its range. Also, make that field
+ unsigned, to more accurately reflect its usage. Fixes bug 9099;
+ bugfix on 0.2.1.5-alpha.
+ - Fix the manpage's description of HiddenServiceAuthorizeClient:
+ the maximum client name length is 16, not 19. Fixes bug 11118;
+ bugfix on 0.2.1.6-alpha.
o Code simplifications and refactoring:
- Get rid of router->address, since in all cases it was just the
@@ -137,10 +150,9 @@ Changes in version 0.2.5.3-alpha - 2014-03-??
o Test infrastructure:
- Update to the latest version of tinytest.
- - Improve the tinytest implementation of string operation tests
- so that comparisons NULL strings no longer crash the tests;
- they now just fail, normally. Fixes bug 9004; bugfix on
- 0.2.2.4-alpha.
+ - Improve the tinytest implementation of string operation tests so
+ that comparisons with NULL strings no longer crash the tests; they
+ now just fail, normally. Fixes bug 9004; bugfix on 0.2.2.4-alpha.
Changes in version 0.2.4.21 - 2014-02-28
diff --git a/changes/bug9059 b/changes/bug9059
deleted file mode 100644
index 9872a5959b..0000000000
--- a/changes/bug9059
+++ /dev/null
@@ -1,3 +0,0 @@
- o Documentation:
- - Provide a more accurate description of the ClientOnly config
- option on the man page. Resolves bug 9059.
diff --git a/changes/require_023 b/changes/require_023
new file mode 100644
index 0000000000..95302e1493
--- /dev/null
+++ b/changes/require_023
@@ -0,0 +1,6 @@
+ o Deprecated versions:
+ - Tor 0.2.2.x is no longer supported, and has not been for a while.
+ Directory authorities will stop accepting descriptors from
+ Tor relays running any version of Tor prior to Tor 0.2.3.25.
+ Resolves ticket 11149.
+
diff --git a/configure.ac b/configure.ac
index c11cf842d1..6e41041961 100644
--- a/configure.ac
+++ b/configure.ac
@@ -3,7 +3,7 @@ dnl Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson
dnl Copyright (c) 2007-2013, The Tor Project, Inc.
dnl See LICENSE for licensing information
-AC_INIT([tor],[0.2.5.2-alpha])
+AC_INIT([tor],[0.2.5.3-alpha-dev])
AC_CONFIG_SRCDIR([src/or/main.c])
AC_CONFIG_MACRO_DIR([m4])
AM_INIT_AUTOMAKE
diff --git a/contrib/tor-mingw.nsi.in b/contrib/tor-mingw.nsi.in
index 7533c5ac27..d14ff791b1 100644
--- a/contrib/tor-mingw.nsi.in
+++ b/contrib/tor-mingw.nsi.in
@@ -8,7 +8,7 @@
!include "LogicLib.nsh"
!include "FileFunc.nsh"
!insertmacro GetParameters
-!define VERSION "0.2.5.2-alpha"
+!define VERSION "0.2.5.3-alpha-dev"
!define INSTALLER "tor-${VERSION}-win32.exe"
!define WEBSITE "https://www.torproject.org/"
!define LICENSE "LICENSE"
diff --git a/doc/HACKING b/doc/HACKING
index 3c1d0d9577..4b98cadb34 100644
--- a/doc/HACKING
+++ b/doc/HACKING
@@ -449,10 +449,11 @@ of them and reordering to focus on what users and funders would find
interesting and understandable.
2.1) Make sure that everything that wants a bug number has one.
+ Make sure that everything which is a bugfix says what version
+ it was a bugfix on.
2.2) Concatenate them.
- 2.3) Sort them by section. Within each section, try to make the
- first entry or two and the last entry most interesting: they're
- the ones that skimmers tend to read.
+ 2.3) Sort them by section. Within each section, sort by "version it's
+ a bugfix on", else by numerical ticket order.
2.4) Clean them up:
@@ -474,6 +475,10 @@ interesting and understandable.
Present and imperative tense: not past.
+ 'Relays', not 'servers' or 'nodes' or 'Tor relays'.
+
+ "Stop FOOing", not "Fix a bug where we would FOO".
+
Try not to let any given section be longer than about a page. Break up
long sections into subsections by some sort of common subtopic. This
guideline is especially important when organizing Release Notes for
@@ -514,8 +519,7 @@ in their approved versions list.
"include/versions.wmi" and "Makefile" to note the new version. From your
website checkout, run ./publish to build and publish the website.
-9) Email Erinn and weasel (cc'ing tor-assistants) that a new tarball
-is up. This step should probably change to mailing more packagers.
+9) Email the packagers (cc'ing tor-assistants) that a new tarball is up.
10) Add the version number to Trac. To do this, go to Trac, log in,
select "Admin" near the top of the screen, then select "Versions" from
diff --git a/src/common/crypto.c b/src/common/crypto.c
index 80d835131b..12a695b9cb 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -3100,7 +3100,7 @@ openssl_locking_cb_(int mode, int n, const char *file, int line)
(void)file;
(void)line;
if (!openssl_mutexes_)
- /* This is not a really good fix for the
+ /* This is not a really good fix for the
* "release-freed-lock-from-separate-thread-on-shutdown" problem, but
* it can't hurt. */
return;
diff --git a/src/or/config.c b/src/or/config.c
index a54a892e48..da6aec0c16 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -1353,7 +1353,6 @@ options_act(const or_options_t *old_options)
"to collect statistics about its clients that use pluggable "
"transports. Please enable it using the ExtORPort torrc option "
"(e.g. set 'ExtORPort auto').");
-
}
if (options->SafeLogging_ != SAFELOG_SCRUB_ALL &&
diff --git a/src/or/dirserv.c b/src/or/dirserv.c
index d03afe0371..234209d210 100644
--- a/src/or/dirserv.c
+++ b/src/or/dirserv.c
@@ -374,13 +374,15 @@ dirserv_get_status_impl(const char *id_digest, const char *nickname,
strmap_size(fingerprint_list->fp_by_name),
digestmap_size(fingerprint_list->status_by_digest));
- /* Versions before Tor 0.2.2.35 have known security issues that
- * make them unsuitable for the current network. */
- if (platform && !tor_version_as_new_as(platform,"0.2.2.35")) {
+ /* Versions before Tor 0.2.3.25 are too old to support, and aren't
+ * getting any more security fixes. Disable them. */
+ if (platform && !tor_version_as_new_as(platform,"0.2.3.25")) {
if (msg)
*msg = "Tor version is insecure or unsupported. Please upgrade!";
return FP_REJECT;
- } else if (platform && tor_version_as_new_as(platform,"0.2.3.0-alpha")) {
+ }
+#if 0
+ else if (platform && tor_version_as_new_as(platform,"0.2.3.0-alpha")) {
/* Versions from 0.2.3-alpha...0.2.3.9-alpha have known security
* issues that make them unusable for the current network */
if (!tor_version_as_new_as(platform, "0.2.3.10-alpha")) {
@@ -389,6 +391,7 @@ dirserv_get_status_impl(const char *id_digest, const char *nickname,
return FP_REJECT;
}
}
+#endif
result = dirserv_get_name_status(id_digest, nickname);
if (result & FP_NAMED) {
diff --git a/src/win32/orconfig.h b/src/win32/orconfig.h
index 4983b4a7b3..ba59e3b71e 100644
--- a/src/win32/orconfig.h
+++ b/src/win32/orconfig.h
@@ -241,7 +241,7 @@
#define USING_TWOS_COMPLEMENT
/* Version number of package */
-#define VERSION "0.2.5.2-alpha"
+#define VERSION "0.2.5.3-alpha-dev"
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion