diff options
118 files changed, 766 insertions, 737 deletions
@@ -1,3 +1,766 @@ +Changes in version 0.2.2.25-alpha - 2011-04-29 + Tor 0.2.2.25-alpha fixes many bugs: hidden service clients are more + robust, routers no longer overreport their bandwidth, Win7 should crash + a little less, and NEWNYM (as used by Vidalia's "new identity" button) + now prevents hidden service-related activity from being linkable. It + provides more information to Vidalia so you can see if your bridge is + working. Also, 0.2.2.25-alpha revamps the Entry/Exit/ExcludeNodes and + StrictNodes configuration options to make them more reliable, more + understandable, and more regularly applied. If you use those options, + please see the revised documentation for them in the manual page. + + o Major bugfixes: + - Relays were publishing grossly inflated bandwidth values because + they were writing their state files wrong--now they write the + correct value. Also, resume reading bandwidth history from the + state file correctly. Fixes bug 2704; bugfix on 0.2.2.23-alpha. + - Improve hidden service robustness: When we find that we have + extended a hidden service's introduction circuit to a relay not + listed as an introduction point in the HS descriptor we currently + have, retry with an introduction point from the current + descriptor. Previously we would just give up. Fixes bugs 1024 and + 1930; bugfix on 0.2.0.10-alpha. + - Clients now stop trying to use an exit node associated with a given + destination by TrackHostExits if they fail to reach that exit node. + Fixes bug 2999. Bugfix on 0.2.0.20-rc. + - Fix crash bug on platforms where gmtime and localtime can return + NULL. Windows 7 users were running into this one. Fixes part of bug + 2077. Bugfix on all versions of Tor. Found by boboper. + + o Security and stability fixes: + - Don't double-free a parsable, but invalid, microdescriptor, even if + it is followed in the blob we're parsing by an unparsable + microdescriptor. Fixes an issue reported in a comment on bug 2954. + Bugfix on 0.2.2.6-alpha; fix by "cypherpunks". + - If the Nickname configuration option isn't given, Tor would pick a + nickname based on the local hostname as the nickname for a relay. + Because nicknames are not very important in today's Tor and the + "Unnamed" nickname has been implemented, this is now problematic + behavior: It leaks information about the hostname without being + useful at all. Fixes bug 2979; bugfix on 0.1.2.2-alpha, which + introduced the Unnamed nickname. Reported by tagnaq. + - Fix an uncommon assertion failure when running with DNSPort under + heavy load. Fixes bug 2933; bugfix on 0.2.0.1-alpha. + - Avoid linkability based on cached hidden service descriptors: forget + all hidden service descriptors cached as a client when processing a + SIGNAL NEWNYM command. Fixes bug 3000; bugfix on 0.0.6. + + o Major features: + - Export GeoIP information on bridge usage to controllers even if we + have not yet been running for 24 hours. Now Vidalia bridge operators + can get more accurate and immediate feedback about their + contributions to the network. + + o Major features and bugfixes (node selection): + - Revise and reconcile the meaning of the ExitNodes, EntryNodes, + ExcludeEntryNodes, ExcludeExitNodes, ExcludeNodes, and StrictNodes + options. Previously, we had been ambiguous in describing what + counted as an "exit" node, and what operations exactly "StrictNodes + 0" would permit. This created confusion when people saw nodes built + through unexpected circuits, and made it hard to tell real bugs from + surprises. Now the intended behavior is: + . "Exit", in the context of ExitNodes and ExcludeExitNodes, means + a node that delivers user traffic outside the Tor network. + . "Entry", in the context of EntryNodes, means a node used as the + first hop of a multihop circuit. It doesn't include direct + connections to directory servers. + . "ExcludeNodes" applies to all nodes. + . "StrictNodes" changes the behavior of ExcludeNodes only. When + StrictNodes is set, Tor should avoid all nodes listed in + ExcludeNodes, even when it will make user requests fail. When + StrictNodes is *not* set, then Tor should follow ExcludeNodes + whenever it can, except when it must use an excluded node to + perform self-tests, connect to a hidden service, provide a + hidden service, fulfill a .exit request, upload directory + information, or fetch directory information. + Collectively, the changes to implement the behavior fix bug 1090. + - ExcludeNodes now takes precedence over EntryNodes and ExitNodes: if + a node is listed in both, it's treated as excluded. + - ExcludeNodes now applies to directory nodes -- as a preference if + StrictNodes is 0, or an absolute requirement if StrictNodes is 1. + Don't exclude all the directory authorities and set StrictNodes to 1 + unless you really want your Tor to break. + - ExcludeNodes and ExcludeExitNodes now override exit enclaving. + - ExcludeExitNodes now overrides .exit requests. + - We don't use bridges listed in ExcludeNodes. + - When StrictNodes is 1: + . We now apply ExcludeNodes to hidden service introduction points + and to rendezvous points selected by hidden service users. This + can make your hidden service less reliable: use it with caution! + . If we have used ExcludeNodes on ourself, do not try relay + reachability self-tests. + . If we have excluded all the directory authorities, we will not + even try to upload our descriptor if we're a relay. + . Do not honor .exit requests to an excluded node. + - Remove a misfeature that caused us to ignore the Fast/Stable flags + when ExitNodes is set. Bugfix on 0.2.2.7-alpha. + - When the set of permitted nodes changes, we now remove any mappings + introduced via TrackExitHosts to now-excluded nodes. Bugfix on + 0.1.0.1-rc. + - We never cannibalize a circuit that had excluded nodes on it, even + if StrictNodes is 0. Bugfix on 0.1.0.1-rc. + - Revert a change where we would be laxer about attaching streams to + circuits than when building the circuits. This was meant to prevent + a set of bugs where streams were never attachable, but our improved + code here should make this unnecessary. Bugfix on 0.2.2.7-alpha. + - Keep track of how many times we launch a new circuit to handle a + given stream. Too many launches could indicate an inconsistency + between our "launch a circuit to handle this stream" logic and our + "attach this stream to one of the available circuits" logic. + - Improve log messages related to excluded nodes. + + o Minor bugfixes: + - Fix a spurious warning when moving from a short month to a long + month on relays with month-based BandwidthAccounting. Bugfix on + 0.2.2.17-alpha; fixes bug 3020. + - When a client finds that an origin circuit has run out of 16-bit + stream IDs, we now mark it as unusable for new streams. Previously, + we would try to close the entire circuit. Bugfix on 0.0.6. + - Add a forgotten cast that caused a compile warning on OS X 10.6. + Bugfix on 0.2.2.24-alpha. + - Be more careful about reporting the correct error from a failed + connect() system call. Under some circumstances, it was possible to + look at an incorrect value for errno when sending the end reason. + Bugfix on 0.1.0.1-rc. + - Correctly handle an "impossible" overflow cases in connection byte + counting, where we write or read more than 4GB on an edge connection + in a single second. Bugfix on 0.1.2.8-beta. + - Correct the warning displayed when a rendezvous descriptor exceeds + the maximum size. Fixes bug 2750; bugfix on 0.2.1.5-alpha. Found by + John Brooks. + - Clients and hidden services now use HSDir-flagged relays for hidden + service descriptor downloads and uploads even if the relays have no + DirPort set and the client has disabled TunnelDirConns. This will + eventually allow us to give the HSDir flag to relays with no + DirPort. Fixes bug 2722; bugfix on 0.2.1.6-alpha. + - Downgrade "no current certificates known for authority" message from + Notice to Info. Fixes bug 2899; bugfix on 0.2.0.10-alpha. + - Make the SIGNAL DUMP control-port command work on FreeBSD. Fixes bug + 2917. Bugfix on 0.1.1.1-alpha. + - Only limit the lengths of single HS descriptors, even when multiple + HS descriptors are published to an HSDir relay in a single POST + operation. Fixes bug 2948; bugfix on 0.2.1.5-alpha. Found by hsdir. + - Write the current time into the LastWritten line in our state file, + rather than the time from the previous write attempt. Also, stop + trying to use a time of -1 in our log statements. Fixes bug 3039; + bugfix on 0.2.2.14-alpha. + - Be more consistent in our treatment of file system paths. "~" should + get expanded to the user's home directory in the Log config option. + Fixes bug 2971; bugfix on 0.2.0.1-alpha, which introduced the + feature for the -f and --DataDirectory options. + + o Minor features: + - Make sure every relay writes a state file at least every 12 hours. + Previously, a relay could go for weeks without writing its state + file, and on a crash could lose its bandwidth history, capacity + estimates, client country statistics, and so on. Addresses bug 3012. + - Send END_STREAM_REASON_NOROUTE in response to EHOSTUNREACH errors. + Clients before 0.2.1.27 didn't handle NOROUTE correctly, but such + clients are already deprecated because of security bugs. + - Don't allow v0 hidden service authorities to act as clients. + Required by fix for bug 3000. + - Ignore SIGNAL NEWNYM commands on relay-only Tor instances. Required + by fix for bug 3000. + - Ensure that no empty [dirreq-](read|write)-history lines are added + to an extrainfo document. Implements ticket 2497. + + o Code simplification and refactoring: + - Remove workaround code to handle directory responses from servers + that had bug 539 (they would send HTTP status 503 responses _and_ + send a body too). Since only server versions before + 0.2.0.16-alpha/0.1.2.19 were affected, there is no longer reason to + keep the workaround in place. + - Remove the old 'fuzzy time' logic. It was supposed to be used for + handling calculations where we have a known amount of clock skew and + an allowed amount of unknown skew. But we only used it in three + places, and we never adjusted the known/unknown skew values. This is + still something we might want to do someday, but if we do, we'll + want to do it differently. + - Avoid signed/unsigned comparisons by making SIZE_T_CEILING unsigned. + None of the cases where we did this before were wrong, but by making + this change we avoid warnings. Fixes bug 2475; bugfix on 0.2.1.28. + - Use GetTempDir to find the proper temporary directory location on + Windows when generating temporary files for the unit tests. Patch by + Gisle Vanem. + + +Changes in version 0.2.2.24-alpha - 2011-04-08 + Tor 0.2.2.24-alpha fixes a variety of bugs, including a big bug that + prevented Tor clients from effectively using "multihomed" bridges, + that is, bridges that listen on multiple ports or IP addresses so users + can continue to use some of their addresses even if others get blocked. + + o Major bugfixes: + - Fix a bug where bridge users who configure the non-canonical + address of a bridge automatically switch to its canonical + address. If a bridge listens at more than one address, it should be + able to advertise those addresses independently and any non-blocked + addresses should continue to work. Bugfix on Tor 0.2.0.x. Fixes + bug 2510. + - If you configured Tor to use bridge A, and then quit and + configured Tor to use bridge B instead, it would happily continue + to use bridge A if it's still reachable. While this behavior is + a feature if your goal is connectivity, in some scenarios it's a + dangerous bug. Bugfix on Tor 0.2.0.1-alpha; fixes bug 2511. + - Directory authorities now use data collected from their own + uptime observations when choosing whether to assign the HSDir flag + to relays, instead of trusting the uptime value the relay reports in + its descriptor. This change helps prevent an attack where a small + set of nodes with frequently-changing identity keys can blackhole + a hidden service. (Only authorities need upgrade; others will be + fine once they do.) Bugfix on 0.2.0.10-alpha; fixes bug 2709. + + o Minor bugfixes: + - When we restart our relay, we might get a successful connection + from the outside before we've started our reachability tests, + triggering a warning: "ORPort found reachable, but I have no + routerinfo yet. Failing to inform controller of success." This + bug was harmless unless Tor is running under a controller + like Vidalia, in which case the controller would never get a + REACHABILITY_SUCCEEDED status event. Bugfix on 0.1.2.6-alpha; + fixes bug 1172. + - Make directory authorities more accurate at recording when + relays that have failed several reachability tests became + unreachable, so we can provide more accuracy at assigning Stable, + Guard, HSDir, etc flags. Bugfix on 0.2.0.6-alpha. Resolves bug 2716. + - Fix an issue that prevented static linking of libevent on + some platforms (notably Linux). Fixes bug 2698; bugfix on + versions 0.2.1.23/0.2.2.8-alpha (the versions introducing + the --with-static-libevent configure option). + - We now ask the other side of a stream (the client or the exit) + for more data on that stream when the amount of queued data on + that stream dips low enough. Previously, we wouldn't ask the + other side for more data until either it sent us more data (which + it wasn't supposed to do if it had exhausted its window!) or we + had completely flushed all our queued data. This flow control fix + should improve throughput. Fixes bug 2756; bugfix on the earliest + released versions of Tor (svn commit r152). + - Avoid a double-mark-for-free warning when failing to attach a + transparent proxy connection. (We thought we had fixed this in + 0.2.2.23-alpha, but it turns out our fix was checking the wrong + connection.) Fixes bug 2757; bugfix on 0.1.2.1-alpha (the original + bug) and 0.2.2.23-alpha (the incorrect fix). + - When warning about missing zlib development packages during compile, + give the correct package names. Bugfix on 0.2.0.1-alpha. + + o Minor features: + - Directory authorities now log the source of a rejected POSTed v3 + networkstatus vote. + - Make compilation with clang possible when using + --enable-gcc-warnings by removing two warning optionss that clang + hasn't implemented yet and by fixing a few warnings. Implements + ticket 2696. + - When expiring circuits, use microsecond timers rather than + one-second timers. This can avoid an unpleasant situation where a + circuit is launched near the end of one second and expired right + near the beginning of the next, and prevent fluctuations in circuit + timeout values. + - Use computed circuit-build timeouts to decide when to launch + parallel introduction circuits for hidden services. (Previously, + we would retry after 15 seconds.) + - Update to the April 1 2011 Maxmind GeoLite Country database. + + o Packaging fixes: + - Create the /var/run/tor directory on startup on OpenSUSE if it is + not already created. Patch from Andreas Stieger. Fixes bug 2573. + + o Documentation changes: + - Modernize the doxygen configuration file slightly. Fixes bug 2707. + - Resolve all doxygen warnings except those for missing documentation. + Fixes bug 2705. + - Add doxygen documentation for more functions, fields, and types. + + +Changes in version 0.2.2.23-alpha - 2011-03-08 + Tor 0.2.2.23-alpha lets relays record their bandwidth history so when + they restart they don't lose their bandwidth capacity estimate. This + release also fixes a diverse set of user-facing bugs, ranging from + relays overrunning their rate limiting to clients falsely warning about + clock skew to bridge descriptor leaks by our bridge directory authority. + + o Major bugfixes: + - Stop sending a CLOCK_SKEW controller status event whenever + we fetch directory information from a relay that has a wrong clock. + Instead, only inform the controller when it's a trusted authority + that claims our clock is wrong. Bugfix on 0.1.2.6-alpha; fixes + the rest of bug 1074. + - Fix an assert in parsing router descriptors containing IPv6 + addresses. This one took down the directory authorities when + somebody tried some experimental code. Bugfix on 0.2.1.3-alpha. + - Make the bridge directory authority refuse to answer directory + requests for "all" descriptors. It used to include bridge + descriptors in its answer, which was a major information leak. + Found by "piebeer". Bugfix on 0.2.0.3-alpha. + - If relays set RelayBandwidthBurst but not RelayBandwidthRate, + Tor would ignore their RelayBandwidthBurst setting, + potentially using more bandwidth than expected. Bugfix on + 0.2.0.1-alpha. Reported by Paul Wouters. Fixes bug 2470. + - Ignore and warn if the user mistakenly sets "PublishServerDescriptor + hidserv" in her torrc. The 'hidserv' argument never controlled + publication of hidden service descriptors. Bugfix on 0.2.0.1-alpha. + + o Major features: + - Relays now save observed peak bandwidth throughput rates to their + state file (along with total usage, which was already saved) + so that they can determine their correct estimated bandwidth on + restart. Resolves bug 1863, where Tor relays would reset their + estimated bandwidth to 0 after restarting. + - Directory authorities now take changes in router IP address and + ORPort into account when determining router stability. Previously, + if a router changed its IP or ORPort, the authorities would not + treat it as having any downtime for the purposes of stability + calculation, whereas clients would experience downtime since the + change could take a while to propagate to them. Resolves issue 1035. + - Enable Address Space Layout Randomization (ASLR) and Data Execution + Prevention (DEP) by default on Windows to make it harder for + attackers to exploit vulnerabilities. Patch from John Brooks. + + o Minor bugfixes (on 0.2.1.x and earlier): + - Fix a rare crash bug that could occur when a client was configured + with a large number of bridges. Fixes bug 2629; bugfix on + 0.2.1.2-alpha. Bugfix by trac user "shitlei". + - Avoid a double mark-for-free warning when failing to attach a + transparent proxy connection. Bugfix on 0.1.2.1-alpha. Fixes + bug 2279. + - Correctly detect failure to allocate an OpenSSL BIO. Fixes bug 2378; + found by "cypherpunks". This bug was introduced before the first + Tor release, in svn commit r110. + - Country codes aren't supported in EntryNodes until 0.2.3.x, so + don't mention them in the manpage. Fixes bug 2450; issue + spotted by keb and G-Lo. + - Fix a bug in bandwidth history state parsing that could have been + triggered if a future version of Tor ever changed the timing + granularity at which bandwidth history is measured. Bugfix on + Tor 0.1.1.11-alpha. + - When a relay decides that its DNS is too broken for it to serve + as an exit server, it advertised itself as a non-exit, but + continued to act as an exit. This could create accidental + partitioning opportunities for users. Instead, if a relay is + going to advertise reject *:* as its exit policy, it should + really act with exit policy "reject *:*". Fixes bug 2366. + Bugfix on Tor 0.1.2.5-alpha. Bugfix by user "postman" on trac. + - In the special case where you configure a public exit relay as your + bridge, Tor would be willing to use that exit relay as the last + hop in your circuit as well. Now we fail that circuit instead. + Bugfix on 0.2.0.12-alpha. Fixes bug 2403. Reported by "piebeer". + - Fix a bug with our locking implementation on Windows that couldn't + correctly detect when a file was already locked. Fixes bug 2504, + bugfix on 0.2.1.6-alpha. + - Fix IPv6-related connect() failures on some platforms (BSD, OS X). + Bugfix on 0.2.0.3-alpha; fixes first part of bug 2660. Patch by + "piebeer". + - Set target port in get_interface_address6() correctly. Bugfix + on 0.1.1.4-alpha and 0.2.0.3-alpha; fixes second part of bug 2660. + - Directory authorities are now more robust to hops back in time + when calculating router stability. Previously, if a run of uptime + or downtime appeared to be negative, the calculation could give + incorrect results. Bugfix on 0.2.0.6-alpha; noticed when fixing + bug 1035. + - Fix an assert that got triggered when using the TestingTorNetwork + configuration option and then issuing a GETINFO config-text control + command. Fixes bug 2250; bugfix on 0.2.1.2-alpha. + + o Minor bugfixes (on 0.2.2.x): + - Clients should not weight BadExit nodes as Exits in their node + selection. Similarly, directory authorities should not count BadExit + bandwidth as Exit bandwidth when computing bandwidth-weights. + Bugfix on 0.2.2.10-alpha; fixes bug 2203. + - Correctly clear our dir_read/dir_write history when there is an + error parsing any bw history value from the state file. Bugfix on + Tor 0.2.2.15-alpha. + - Resolve a bug in verifying signatures of directory objects + with digests longer than SHA1. Bugfix on 0.2.2.20-alpha. + Fixes bug 2409. Found by "piebeer". + - Bridge authorities no longer crash on SIGHUP when they try to + publish their relay descriptor to themselves. Fixes bug 2572. Bugfix + on 0.2.2.22-alpha. + + o Minor features: + - Log less aggressively about circuit timeout changes, and improve + some other circuit timeout messages. Resolves bug 2004. + - Log a little more clearly about the times at which we're no longer + accepting new connections. Resolves bug 2181. + - Reject attempts at the client side to open connections to private + IP addresses (like 127.0.0.1, 10.0.0.1, and so on) with + a randomly chosen exit node. Attempts to do so are always + ill-defined, generally prevented by exit policies, and usually + in error. This will also help to detect loops in transparent + proxy configurations. You can disable this feature by setting + "ClientRejectInternalAddresses 0" in your torrc. + - Always treat failure to allocate an RSA key as an unrecoverable + allocation error. + - Update to the March 1 2011 Maxmind GeoLite Country database. + + o Minor features (log subsystem): + - Add documentation for configuring logging at different severities in + different log domains. We've had this feature since 0.2.1.1-alpha, + but for some reason it never made it into the manpage. Fixes + bug 2215. + - Make it simpler to specify "All log domains except for A and B". + Previously you needed to say "[*,~A,~B]". Now you can just say + "[~A,~B]". + - Add a "LogMessageDomains 1" option to include the domains of log + messages along with the messages. Without this, there's no way + to use log domains without reading the source or doing a lot + of guessing. + + o Packaging changes: + - Stop shipping the Tor specs files and development proposal documents + in the tarball. They are now in a separate git repository at + git://git.torproject.org/torspec.git + + +Changes in version 0.2.2.22-alpha - 2011-01-25 + Tor 0.2.2.22-alpha fixes a few more less-critical security issues. The + main other change is a slight tweak to Tor's TLS handshake that makes + relays and bridges that run this new version reachable from Iran again. + We don't expect this tweak will win the arms race long-term, but it + will buy us a bit more time until we roll out a better solution. + + o Major bugfixes: + - Fix a bounds-checking error that could allow an attacker to + remotely crash a directory authority. Bugfix on 0.2.1.5-alpha. + Found by "piebeer". + - Don't assert when changing from bridge to relay or vice versa + via the controller. The assert happened because we didn't properly + initialize our keys in this case. Bugfix on 0.2.2.18-alpha; fixes + bug 2433. Reported by bastik. + + o Minor features: + - Adjust our TLS Diffie-Hellman parameters to match those used by + Apache's mod_ssl. + - Provide a log message stating which geoip file we're parsing + instead of just stating that we're parsing the geoip file. + Implements ticket 2432. + + o Minor bugfixes: + - Check for and reject overly long directory certificates and + directory tokens before they have a chance to hit any assertions. + Bugfix on 0.2.1.28 / 0.2.2.20-alpha. Found by "doorss". + + +Changes in version 0.2.2.21-alpha - 2011-01-15 + Tor 0.2.2.21-alpha includes all the patches from Tor 0.2.1.29, which + continues our recent code security audit work. The main fix resolves + a remote heap overflow vulnerability that can allow remote code + execution (CVE-2011-0427). Other fixes address a variety of assert + and crash bugs, most of which we think are hard to exploit remotely. + + o Major bugfixes (security), also included in 0.2.1.29: + - Fix a heap overflow bug where an adversary could cause heap + corruption. This bug probably allows remote code execution + attacks. Reported by "debuger". Fixes CVE-2011-0427. Bugfix on + 0.1.2.10-rc. + - Prevent a denial-of-service attack by disallowing any + zlib-compressed data whose compression factor is implausibly + high. Fixes part of bug 2324; reported by "doorss". + - Zero out a few more keys in memory before freeing them. Fixes + bug 2384 and part of bug 2385. These key instances found by + "cypherpunks", based on Andrew Case's report about being able + to find sensitive data in Tor's memory space if you have enough + permissions. Bugfix on 0.0.2pre9. + + o Major bugfixes (crashes), also included in 0.2.1.29: + - Prevent calls to Libevent from inside Libevent log handlers. + This had potential to cause a nasty set of crashes, especially + if running Libevent with debug logging enabled, and running + Tor with a controller watching for low-severity log messages. + Bugfix on 0.1.0.2-rc. Fixes bug 2190. + - Add a check for SIZE_T_MAX to tor_realloc() to try to avoid + underflow errors there too. Fixes the other part of bug 2324. + - Fix a bug where we would assert if we ever had a + cached-descriptors.new file (or another file read directly into + memory) of exactly SIZE_T_CEILING bytes. Fixes bug 2326; bugfix + on 0.2.1.25. Found by doorss. + - Fix some potential asserts and parsing issues with grossly + malformed router caches. Fixes bug 2352; bugfix on Tor 0.2.1.27. + Found by doorss. + + o Minor bugfixes (other), also included in 0.2.1.29: + - Fix a bug with handling misformed replies to reverse DNS lookup + requests in DNSPort. Bugfix on Tor 0.2.0.1-alpha. Related to a + bug reported by doorss. + - Fix compilation on mingw when a pthreads compatibility library + has been installed. (We don't want to use it, so we shouldn't + be including pthread.h.) Fixes bug 2313; bugfix on 0.1.0.1-rc. + - Fix a bug where we would declare that we had run out of virtual + addresses when the address space was only half-exhausted. Bugfix + on 0.1.2.1-alpha. + - Correctly handle the case where AutomapHostsOnResolve is set but + no virtual addresses are available. Fixes bug 2328; bugfix on + 0.1.2.1-alpha. Bug found by doorss. + - Correctly handle wrapping around when we run out of virtual + address space. Found by cypherpunks; bugfix on 0.2.0.5-alpha. + + o Minor features, also included in 0.2.1.29: + - Update to the January 1 2011 Maxmind GeoLite Country database. + - Introduce output size checks on all of our decryption functions. + + o Build changes, also included in 0.2.1.29: + - Tor does not build packages correctly with Automake 1.6 and earlier; + added a check to Makefile.am to make sure that we're building with + Automake 1.7 or later. + - The 0.2.1.28 tarball was missing src/common/OpenBSD_malloc_Linux.c + because we built it with a too-old version of automake. Thus that + release broke ./configure --enable-openbsd-malloc, which is popular + among really fast exit relays on Linux. + + o Major bugfixes, new in 0.2.2.21-alpha: + - Prevent crash/heap corruption when the cbtnummodes consensus + parameter is set to 0 or large values. Fixes bug 2317; bugfix + on 0.2.2.14-alpha. + + o Major features, new in 0.2.2.21-alpha: + - Introduce minimum/maximum values that clients will believe + from the consensus. Now we'll have a better chance to avoid crashes + or worse when a consensus param has a weird value. + + o Minor features, new in 0.2.2.21-alpha: + - Make sure to disable DirPort if running as a bridge. DirPorts aren't + used on bridges, and it makes bridge scanning somewhat easier. + - If writing the state file to disk fails, wait up to an hour before + retrying again, rather than trying again each second. Fixes bug + 2346; bugfix on Tor 0.1.1.3-alpha. + - Make Libevent log messages get delivered to controllers later, + and not from inside the Libevent log handler. This prevents unsafe + reentrant Libevent calls while still letting the log messages + get through. + - Detect platforms that brokenly use a signed size_t, and refuse to + build there. Found and analyzed by doorss and rransom. + - Fix a bunch of compile warnings revealed by mingw with gcc 4.5. + Resolves bug 2314. + + o Minor bugfixes, new in 0.2.2.21-alpha: + - Handle SOCKS messages longer than 128 bytes long correctly, rather + than waiting forever for them to finish. Fixes bug 2330; bugfix + on 0.2.0.16-alpha. Found by doorss. + - Add assertions to check for overflow in arguments to + base32_encode() and base32_decode(); fix a signed-unsigned + comparison there too. These bugs are not actually reachable in Tor, + but it's good to prevent future errors too. Found by doorss. + - Correctly detect failures to create DNS requests when using Libevent + versions before v2. (Before Libevent 2, we used our own evdns + implementation. Its return values for Libevent's evdns_resolve_*() + functions are not consistent with those from Libevent.) Fixes bug + 2363; bugfix on 0.2.2.6-alpha. Found by "lodger". + + o Documentation, new in 0.2.2.21-alpha: + - Document the default socks host and port (127.0.0.1:9050) for + tor-resolve. + + +Changes in version 0.2.1.29 - 2011-01-15 + Tor 0.2.1.29 continues our recent code security audit work. The main + fix resolves a remote heap overflow vulnerability that can allow remote + code execution. Other fixes address a variety of assert and crash bugs, + most of which we think are hard to exploit remotely. + + o Major bugfixes (security): + - Fix a heap overflow bug where an adversary could cause heap + corruption. This bug probably allows remote code execution + attacks. Reported by "debuger". Fixes CVE-2011-0427. Bugfix on + 0.1.2.10-rc. + - Prevent a denial-of-service attack by disallowing any + zlib-compressed data whose compression factor is implausibly + high. Fixes part of bug 2324; reported by "doorss". + - Zero out a few more keys in memory before freeing them. Fixes + bug 2384 and part of bug 2385. These key instances found by + "cypherpunks", based on Andrew Case's report about being able + to find sensitive data in Tor's memory space if you have enough + permissions. Bugfix on 0.0.2pre9. + + o Major bugfixes (crashes): + - Prevent calls to Libevent from inside Libevent log handlers. + This had potential to cause a nasty set of crashes, especially + if running Libevent with debug logging enabled, and running + Tor with a controller watching for low-severity log messages. + Bugfix on 0.1.0.2-rc. Fixes bug 2190. + - Add a check for SIZE_T_MAX to tor_realloc() to try to avoid + underflow errors there too. Fixes the other part of bug 2324. + - Fix a bug where we would assert if we ever had a + cached-descriptors.new file (or another file read directly into + memory) of exactly SIZE_T_CEILING bytes. Fixes bug 2326; bugfix + on 0.2.1.25. Found by doorss. + - Fix some potential asserts and parsing issues with grossly + malformed router caches. Fixes bug 2352; bugfix on Tor 0.2.1.27. + Found by doorss. + + o Minor bugfixes (other): + - Fix a bug with handling misformed replies to reverse DNS lookup + requests in DNSPort. Bugfix on Tor 0.2.0.1-alpha. Related to a + bug reported by doorss. + - Fix compilation on mingw when a pthreads compatibility library + has been installed. (We don't want to use it, so we shouldn't + be including pthread.h.) Fixes bug 2313; bugfix on 0.1.0.1-rc. + - Fix a bug where we would declare that we had run out of virtual + addresses when the address space was only half-exhausted. Bugfix + on 0.1.2.1-alpha. + - Correctly handle the case where AutomapHostsOnResolve is set but + no virtual addresses are available. Fixes bug 2328; bugfix on + 0.1.2.1-alpha. Bug found by doorss. + - Correctly handle wrapping around to when we run out of virtual + address space. Found by cypherpunks, bugfix on 0.2.0.5-alpha. + - The 0.2.1.28 tarball was missing src/common/OpenBSD_malloc_Linux.c + because we built it with a too-old version of automake. Thus that + release broke ./configure --enable-openbsd-malloc, which is popular + among really fast exit relays on Linux. + + o Minor features: + - Update to the January 1 2011 Maxmind GeoLite Country database. + - Introduce output size checks on all of our decryption functions. + + o Build changes: + - Tor does not build packages correctly with Automake 1.6 and earlier; + added a check to Makefile.am to make sure that we're building with + Automake 1.7 or later. + + +Changes in version 0.2.2.20-alpha - 2010-12-17 + Tor 0.2.2.20-alpha does some code cleanup to reduce the risk of remotely + exploitable bugs. We also fix a variety of other significant bugs, + change the IP address for one of our directory authorities, and update + the minimum version that Tor relays must run to join the network. + + o Major bugfixes: + - Fix a remotely exploitable bug that could be used to crash instances + of Tor remotely by overflowing on the heap. Remote-code execution + hasn't been confirmed, but can't be ruled out. Everyone should + upgrade. Bugfix on the 0.1.1 series and later. + - Fix a bug that could break accounting on 64-bit systems with large + time_t values, making them hibernate for impossibly long intervals. + Fixes bug 2146. Bugfix on 0.0.9pre6; fix by boboper. + - Fix a logic error in directory_fetches_from_authorities() that + would cause all _non_-exits refusing single-hop-like circuits + to fetch from authorities, when we wanted to have _exits_ fetch + from authorities. Fixes more of 2097. Bugfix on 0.2.2.16-alpha; + fix by boboper. + - Fix a stream fairness bug that would cause newer streams on a given + circuit to get preference when reading bytes from the origin or + destination. Fixes bug 2210. Fix by Mashael AlSabah. This bug was + introduced before the first Tor release, in svn revision r152. + + o Directory authority changes: + - Change IP address and ports for gabelmoo (v3 directory authority). + + o Minor bugfixes: + - Avoid crashes when AccountingMax is set on clients. Fixes bug 2235. + Bugfix on 0.2.2.18-alpha. Diagnosed by boboper. + - Fix an off-by-one error in calculating some controller command + argument lengths. Fortunately, this mistake is harmless since + the controller code does redundant NUL termination too. Found by + boboper. Bugfix on 0.1.1.1-alpha. + - Do not dereference NULL if a bridge fails to build its + extra-info descriptor. Found by an anonymous commenter on + Trac. Bugfix on 0.2.2.19-alpha. + + o Minor features: + - Update to the December 1 2010 Maxmind GeoLite Country database. + - Directory authorities now reject relays running any versions of + Tor between 0.2.1.3-alpha and 0.2.1.18 inclusive; they have + known bugs that keep RELAY_EARLY cells from working on rendezvous + circuits. Followup to fix for bug 2081. + - Directory authorities now reject relays running any version of Tor + older than 0.2.0.26-rc. That version is the earliest that fetches + current directory information correctly. Fixes bug 2156. + - Report only the top 10 ports in exit-port stats in order not to + exceed the maximum extra-info descriptor length of 50 KB. Implements + task 2196. + + +Changes in version 0.2.1.28 - 2010-12-17 + Tor 0.2.1.28 does some code cleanup to reduce the risk of remotely + exploitable bugs. We also took this opportunity to change the IP address + for one of our directory authorities, and to update the geoip database + we ship. + + o Major bugfixes: + - Fix a remotely exploitable bug that could be used to crash instances + of Tor remotely by overflowing on the heap. Remote-code execution + hasn't been confirmed, but can't be ruled out. Everyone should + upgrade. Bugfix on the 0.1.1 series and later. + + o Directory authority changes: + - Change IP address and ports for gabelmoo (v3 directory authority). + + o Minor features: + - Update to the December 1 2010 Maxmind GeoLite Country database. + + +Changes in version 0.2.1.27 - 2010-11-23 + Yet another OpenSSL security patch broke its compatibility with Tor: + Tor 0.2.1.27 makes relays work with openssl 0.9.8p and 1.0.0.b. We + also took this opportunity to fix several crash bugs, integrate a new + directory authority, and update the bundled GeoIP database. + + o Major bugfixes: + - Resolve an incompatibility with OpenSSL 0.9.8p and OpenSSL 1.0.0b: + No longer set the tlsext_host_name extension on server SSL objects; + but continue to set it on client SSL objects. Our goal in setting + it was to imitate a browser, not a vhosting server. Fixes bug 2204; + bugfix on 0.2.1.1-alpha. + - Do not log messages to the controller while shrinking buffer + freelists. Doing so would sometimes make the controller connection + try to allocate a buffer chunk, which would mess up the internals + of the freelist and cause an assertion failure. Fixes bug 1125; + fixed by Robert Ransom. Bugfix on 0.2.0.16-alpha. + - Learn our external IP address when we're a relay or bridge, even if + we set PublishServerDescriptor to 0. Bugfix on 0.2.0.3-alpha, + where we introduced bridge relays that don't need to publish to + be useful. Fixes bug 2050. + - Do even more to reject (and not just ignore) annotations on + router descriptors received anywhere but from the cache. Previously + we would ignore such annotations at first, but cache them to disk + anyway. Bugfix on 0.2.0.8-alpha. Found by piebeer. + - When you're using bridges and your network goes away and your + bridges get marked as down, recover when you attempt a new socks + connection (if the network is back), rather than waiting up to an + hour to try fetching new descriptors for your bridges. Bugfix on + 0.2.0.3-alpha; fixes bug 1981. + + o Major features: + - Move to the November 2010 Maxmind GeoLite country db (rather + than the June 2009 ip-to-country GeoIP db) for our statistics that + count how many users relays are seeing from each country. Now we'll + have more accurate data, especially for many African countries. + + o New directory authorities: + - Set up maatuska (run by Linus Nordberg) as the eighth v3 directory + authority. + + o Minor bugfixes: + - Fix an assertion failure that could occur in directory caches or + bridge users when using a very short voting interval on a testing + network. Diagnosed by Robert Hogan. Fixes bug 1141; bugfix on + 0.2.0.8-alpha. + - Enforce multiplicity rules when parsing annotations. Bugfix on + 0.2.0.8-alpha. Found by piebeer. + - Allow handshaking OR connections to take a full KeepalivePeriod + seconds to handshake. Previously, we would close them after + IDLE_OR_CONN_TIMEOUT (180) seconds, the same timeout as if they + were open. Bugfix on 0.2.1.26; fixes bug 1840. Thanks to mingw-san + for analysis help. + - When building with --enable-gcc-warnings on OpenBSD, disable + warnings in system headers. This makes --enable-gcc-warnings + pass on OpenBSD 4.8. + + o Minor features: + - Exit nodes didn't recognize EHOSTUNREACH as a plausible error code, + and so sent back END_STREAM_REASON_MISC. Clients now recognize a new + stream ending reason for this case: END_STREAM_REASON_NOROUTE. + Servers can start sending this code when enough clients recognize + it. Bugfix on 0.1.0.1-rc; fixes part of bug 1793. + - Build correctly on mingw with more recent versions of OpenSSL 0.9.8. + Patch from mingw-san. + + o Removed files: + - Remove the old debian/ directory from the main Tor distribution. + The official Tor-for-debian git repository lives at the URL + https://git.torproject.org/debian/tor.git + - Stop shipping the old doc/website/ directory in the tarball. We + changed the website format in late 2010, and what we shipped in + 0.2.1.26 really wasn't that useful anyway. + + Changes in version 0.2.2.19-alpha - 2010-11-22 Yet another OpenSSL security patch broke its compatibility with Tor: Tor 0.2.2.19-alpha makes relays work with OpenSSL 0.9.8p and 1.0.0.b. diff --git a/changes/1863_bwhist b/changes/1863_bwhist deleted file mode 100644 index b94250906b..0000000000 --- a/changes/1863_bwhist +++ /dev/null @@ -1,16 +0,0 @@ - o Minor features - - Servers now save observed maximum bandwidth throughput rates - to their state file (along with total usage, which was already - saved) so that they can determine their correct estimated - bandwidth on restart. Resolves bug 1863, where Tor servers - would reset their estimated bandwidth to 0 after restarting. - - o Minor bugfixes - - Fix a bug in banwidth history state parsing that could have been - triggered if a future version of Tor ever changed the timing - granularity at which bandwidth history is measured. Bugfix on - Tor 0.1.1.11-alpha. - - Correctly clear out dir_read/dir_write history when there is an - error parsing any bw history value from the state file. Bugfix on - Tor 0.2.2.15-alpha. - diff --git a/changes/all_descs b/changes/all_descs deleted file mode 100644 index 10711b2621..0000000000 --- a/changes/all_descs +++ /dev/null @@ -1,4 +0,0 @@ - o Major bugfixes (bridge authority) - - Do not allow encrypte requests for "all" bridges to return all - bridges. - diff --git a/changes/bug1035 b/changes/bug1035 deleted file mode 100644 index 3d86330e63..0000000000 --- a/changes/bug1035 +++ /dev/null @@ -1,13 +0,0 @@ - o Minor features (authorities) - - Take altered router IP addresses and ORPorts into account when - determining router stability. Previously, if a router changed - its IP or ORPort, the authorities would not treat it as having - any downtime for the purposes of stability calculation, whereas - clients would experience downtime since the change could take a - while to propagate to them. Resolves issue 1035. - o Minor bugfixes (authorities) - - Try to be more robust to hops back in time when calculating - router stability. Previously, if a run of uptime or downtime - appeared to be negative, the calculation could give incorrect - results. Bugfix on 0.2.0.6-alpha. - diff --git a/changes/bug1074-part2 b/changes/bug1074-part2 deleted file mode 100644 index 6644f496d7..0000000000 --- a/changes/bug1074-part2 +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfixes: - - Stop sending a CLOCK_SKEW controller status event whenever - we fetch directory information from a relay that has a wrong clock. - Instead, only inform the controller when it's a trusted authority - that claims our clock is wrong. Bugfix on tor-0.1.2.6-alpha; - fixes the other half of bug 1074. diff --git a/changes/bug1090-general b/changes/bug1090-general deleted file mode 100644 index 465631592c..0000000000 --- a/changes/bug1090-general +++ /dev/null @@ -1,73 +0,0 @@ - o Major features and bugfixes (node selection) - - - Revise and unify the meaning of the ExitNodes, EntryNodes, - ExcludeEntryNodes, ExcludeExitNodes, ExcludeNodes, and - StrictNodes options. Previously, we had been ambiguous in - describing what counted as an "exit" node, and what operations - exactly "StrictNodes 0" would permit. This created confusion - when people saw nodes built through unexpected circuits, and - made it hard to tell real bugs from surprises. We now stipulate - that the intended behavior is: - - . "Exit", in the context of ExitNodes and ExcludeExitNodes, - means a node that delivers user traffic outside the Tor - network. - . "Entry", in the context of EntryNodes and ExcludeEntryNodes, - means a node used as the first hop of a multihop circuit: - it doesn't include direct connections to directory servers. - . "ExcludeNodes" applies to all nodes. - . "StrictNodes" changes the behavior of ExcludeNodes only. - When StrictNodes is set, Tor should avoid all nodes listed - in ExcludeNodes, even when it will make user requests - fail. When StrictNodes is *not* set, then Tor should - follow ExcludeNodes whenever it can, except when it must - use an excluded node to perform self-tests, connect to a - hidden service, provide a hidden service, fulfill a .exit - request, upload directory information, or fetch directory - information. - - Collectively, the changes to implement the behavior are a fix for - bug 1090. - - - ExcludeNodes now takes precedence over EntryNodes and ExitNodes: - if a node is listed in both, it's treated as excluded. - - - ExcludeNodes now applies to directory nodes: as a preference if - StrictNodes is 0, or an absolute requirement if StrictNodes is 1. - (Don't exclude all the directory authorities and set StrictNodes - to 1 unless you really want your Tor to break.) - - - ExcludeNodes and ExcludeExitNodes now override exit enclaving. - - - ExcludeExitNodes now overrides .exit requests. - - - We don't use bridges from ExcludeNodes. - - - When StrictNodes is 1: - . We now apply ExcludeNodes to hidden service introduction points - and to rendezvous points selected by hidden service users. - This can make your hidden service less reliable: use it with - caution! - . If we have used ExcludeNodes on ourself, do not try self-tests. - . If we have excluded all the directory authorities, we will - not even try to upload our descriptor if we're a server. - . Do not honor .exit requests to an excluded node. - - - Remove a misfeature that caused us to ignore the Fast/Stable flags - if ExitNodes was set. Bugfix on 0.2.2.7-alpha. - - - When the set of permitted nodes changes, we now remove any - mappings introduced via TrackExitHosts to now-excluded nodes. - Bugfix on 0.1.0.1-rc. - - - We never cannibalize a circuit that had excluded nodes on it, - even if StrictNodes is 0. Bugfix on 0.1.0.1-rc. - - - Improve log messages related to excluded nodes. - - - Revert a change where we would be laxer about attaching streams to - circuits than when building the circuits. This was meant to - prevent a set of bugs where streams were never attachable, but our - improved code here should make this unnecessary. Bugfix on - 0.2.2.7-alpha. - diff --git a/changes/bug1090-launch-warning b/changes/bug1090-launch-warning deleted file mode 100644 index 3f3fbcb4d8..0000000000 --- a/changes/bug1090-launch-warning +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features: - - Keep track of how many times we launch a new circuit to handle - a given stream. Too many launches could indicate an inconsistency - between our "launch a circuit to handle this stream" logic and our - "attach our stream to one of the available circuits" logic. diff --git a/changes/bug1172 b/changes/bug1172 deleted file mode 100644 index 3abd7437f5..0000000000 --- a/changes/bug1172 +++ /dev/null @@ -1,9 +0,0 @@ - o Minor bugfixes: - - When we restart our relay, we might get a successful connection - from the outside before we've started our reachability tests, - triggering a warning: "ORPort found reachable, but I have no - routerinfo yet. Failing to inform controller of success." This - bug was harmless unless Tor is running under a controller - like Vidalia, in which case the controller would never get a - REACHABILITY_SUCCEEDED status event. Bugfix on 0.1.2.6-alpha; - fixes bug 1172. diff --git a/changes/bug2004 b/changes/bug2004 deleted file mode 100644 index 4fd6c91a05..0000000000 --- a/changes/bug2004 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features - - Log less aggressively about circuit timeout changes, and improve some - other circuit timeout messages. Resolves bug 2004. - diff --git a/changes/bug2060 b/changes/bug2060 deleted file mode 100644 index eb95aedb26..0000000000 --- a/changes/bug2060 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features - - Make sure to disable DirPort if running as a bridge. DirPorts aren't - used on bridges, and it makes bridge scanning way too easy. - diff --git a/changes/bug2081_followup b/changes/bug2081_followup deleted file mode 100644 index a53227c38e..0000000000 --- a/changes/bug2081_followup +++ /dev/null @@ -1,9 +0,0 @@ - o Minor features (authorities) - - Directory authorities now reject relays running any versions of - Tor between 0.2.1.3-alpha and 0.2.1.18 inclusive; they have - known bugs that keep RELAY_EARLY cells from working on rendezvous - circuits. Followup to fix for bug 2081. - - Directory authorities now reject relays running any version of Tor - older than 0.2.0.26-rc. That is the earliest version that fetches - current directory information correctly. Fix for bug 2156. - diff --git a/changes/bug2097-more b/changes/bug2097-more deleted file mode 100644 index 52351cc019..0000000000 --- a/changes/bug2097-more +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes: - - Fix a logic error in directory_fetches_from_authorities that - would cause all _non_-exits refusing single-hop-like circuits to - fetch from authorities, when we wanted to have _exits_ fetch - from authorities. Fix by boboper; fixes more of 2097; bugfix on - 0.2.2.16-alpha. diff --git a/changes/bug2146.1 b/changes/bug2146.1 deleted file mode 100644 index 5b91c59a68..0000000000 --- a/changes/bug2146.1 +++ /dev/null @@ -1,4 +0,0 @@ - - Major bugfixes: - o Fix a bug that could break accounting on 64-bit systems with large - time_t values, making them hibernate for impossibly long intervals. - Bugfix on 0.0.9pre6; fix for bug 2146; fix by boboper. diff --git a/changes/bug2181 b/changes/bug2181 deleted file mode 100644 index 0a095488ee..0000000000 --- a/changes/bug2181 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features - - Log a little more clearly about the times at which we're no longer - accepting new connections. Resolves bug 2181. - diff --git a/changes/bug2190 b/changes/bug2190 deleted file mode 100644 index 0591acb6ff..0000000000 --- a/changes/bug2190 +++ /dev/null @@ -1,11 +0,0 @@ - o Minor bugfixes - - Prevent calls from Libevent from inside Libevent log handlers. - This had potential to cause a nasty set of crashes, especially if - running Libevent with debug logging enabled, and running Tor - with a controller watching for low-severity log messages. - Bugfix on 0.1.0.2-rc. Fixes bug 2190. - - Make Libevent log messages get delievered to controllers later, - and not from inside the Libevent log handler. This prevents - unsafe reentrant Libevent calls while still letting the log - messages get through. - diff --git a/changes/bug2203 b/changes/bug2203 deleted file mode 100644 index 9cfbedf148..0000000000 --- a/changes/bug2203 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes: - - Clients should not weight BadExit nodes as Exits in their node - selection. Similarly, directory authorities should not count - BadExit bandwidth as Exit bandwidth when computing bandwidth-weights. - Bugfix on 0.2.2.10-alpha; fixes bug 2203. - diff --git a/changes/bug2210 b/changes/bug2210 deleted file mode 100644 index fe1c049fcd..0000000000 --- a/changes/bug2210 +++ /dev/null @@ -1,5 +0,0 @@ - o ?? bugfixes: - - Fix a bug that would cause newer streams on a given circuit to - get preference when reading bytes from the network. Fixes bug - 2210. Fix by Mashael AlSabah. This bug was introduced before - the first Tor release, in svn revision r152. diff --git a/changes/bug2235 b/changes/bug2235 deleted file mode 100644 index 0c3bafa44f..0000000000 --- a/changes/bug2235 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes - - Avoid crashes when AccountingMax is set on clients. Fixes bug 2235; - Bugfix on 0.2.2.18-alpha. Diagnosed by boboper. diff --git a/changes/bug2250 b/changes/bug2250 deleted file mode 100644 index 95eb55d7ff..0000000000 --- a/changes/bug2250 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - Fix an assert that got triggered when using the TestingTorNetwork - configuration option and then issuing a GETINFO config-text control - command. Fixes bug 2250; bugfix on 0.2.1.2-alpha. - diff --git a/changes/bug2279 b/changes/bug2279 deleted file mode 100644 index d31300978e..0000000000 --- a/changes/bug2279 +++ /dev/null @@ -1,15 +0,0 @@ - o Minor bugfixes - - Avoid a double mark-for-free warning when failing to attach a - transparent proxy connection. Fixes bug 2279. Bugfix on - Tor 0.1.2.1 alpha. - - o Minor features - - Detect attempts at the client side to open connections to private - IP addresses (like 127.0.0.1, 10.0.0.1, and so on) with a randomly - chosen exit node. Attempts to do so are always ill-defined, generally - prevented by exit policies, and usually in error. This will also - help to detect loops in transparent proxy configurations. You can - disable this feature by setting "ClientRejectInternalAddresses 0" - in your torrc. - - diff --git a/changes/bug2305 b/changes/bug2305 deleted file mode 100644 index c979d5fd3a..0000000000 --- a/changes/bug2305 +++ /dev/null @@ -1,5 +0,0 @@ - o Build changes - - Tor does not build packages correctly with Automake 1.6 and earlier; - added a check to Makefile.am to make sure that we're building with - Automake 1.7 or later. - diff --git a/changes/bug2313 b/changes/bug2313 deleted file mode 100644 index 0ffbe4ab07..0000000000 --- a/changes/bug2313 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes - - Fix compilation on mingw when a pthreads compatibility library - has been installed. (We don't want to use it, so we shouldn't - be including pthread.h.) Fixes bug 2313; bugfix on 0.1.0.1-rc. diff --git a/changes/bug2314 b/changes/bug2314 deleted file mode 100644 index 41a232812c..0000000000 --- a/changes/bug2314 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes: - - Fix a bunch of compile warnings revealed by mingw with gcc 4.5. Fixes - bug 2314. - diff --git a/changes/bug2317 b/changes/bug2317 deleted file mode 100644 index 0b9366c36f..0000000000 --- a/changes/bug2317 +++ /dev/null @@ -1,9 +0,0 @@ - o Major features: - - Introduce minimum/maximum values that a client is going to believe - in a consensus. This helps to avoid crashes or worse when a param - has a weird value. - - o Major bugfixes: - - Prevent crash/heap corruption when cbtnumnodes consensus parameter is - set to 0 or large values. Fixes bug 2317. - diff --git a/changes/bug2324 b/changes/bug2324 deleted file mode 100644 index eefc8370ef..0000000000 --- a/changes/bug2324 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes - - Add a check for SIZE_T_MAX to tor_realloc to try to avoid - underflow errors there too. Fixes bug 2324. - diff --git a/changes/bug2324_uncompress b/changes/bug2324_uncompress deleted file mode 100644 index 223a3ce35b..0000000000 --- a/changes/bug2324_uncompress +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes (security): - - Prevent a DoS attack by disallowing any zlib-compressed data - whose compression factor is implausibly high. Fixes the - second part of bug2324; found by doors. - diff --git a/changes/bug2326 b/changes/bug2326 deleted file mode 100644 index 239a383faf..0000000000 --- a/changes/bug2326 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes - - Fix a bug where we would assert if we ever had a - cached-descriptors.new file (or another file read directly into - memory) of exactly SIZE_T_CEILING bytes. Found by doors; fixes - bug 2326; bugfix on 0.2.1.25. - diff --git a/changes/bug2328 b/changes/bug2328 deleted file mode 100644 index fee80a1585..0000000000 --- a/changes/bug2328 +++ /dev/null @@ -1,9 +0,0 @@ - o Minor bugfixes - - Fix a bug where we would declare that we had run out of virtual - addresses when the address space was only half-exhausted. Bugfix - on 0.1.2.1-alpha. - - Correctly handle the case where AutomapHostsOnResolve is set but no - virtual addresses are available. Fixes bug2328, bugfix on - 0.1.2.1-alpha. Bug found by doorss. - - Correctly handle wrapping around to when we run out of virtual address - space. Found by cypherpunks, bugfix on 0.2.0.5-alpha. diff --git a/changes/bug2330 b/changes/bug2330 deleted file mode 100644 index fc0c4d8c36..0000000000 --- a/changes/bug2330 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes - - Handle SOCKS messages longer than 128 bytes long correctly, rather - than waiting forever for them to finish. Fixes bug 2330. Bugfix on - 0.2.0.16-alpha. Found by doorss. - - - diff --git a/changes/bug2331 b/changes/bug2331 deleted file mode 100644 index 9940b591cb..0000000000 --- a/changes/bug2331 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes: - - Add assertions to check for overflow in arguments to - base32_encode and base32_decode; fix a signed-unsigned - comparison there too. These bugs are not actually reachable in - Tor, but it's good to prevent future errors too. Found by - doorss. - diff --git a/changes/bug2332 b/changes/bug2332 deleted file mode 100644 index 5f73ddd7af..0000000000 --- a/changes/bug2332 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes - - Fix a bug with handling misformed replies to reverse DNS lookup - requests in DNSPort. Bugfix on Tor 0.2.0.1-alpha. Related to a bug - reported by doorss. diff --git a/changes/bug2337 b/changes/bug2337 deleted file mode 100644 index a4f052dc31..0000000000 --- a/changes/bug2337 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes - - Detect broken platforms with a signed size_t, and refuse to - build there. Found and analyzed by doorss and rransom. diff --git a/changes/bug2346 b/changes/bug2346 deleted file mode 100644 index 0f78b84614..0000000000 --- a/changes/bug2346 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor features - - If writing the state file to disk fails, wait up to an hour - before retrying again. (Our old code would retry the write - immediately.) Fixes bug 2346. Bugfix on Tor 0.1.1.3-alpha. - - diff --git a/changes/bug2352 b/changes/bug2352 deleted file mode 100644 index 744dbdb20f..0000000000 --- a/changes/bug2352 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes - - Fix some potential asserts and partsing issues with grossly - malformed router caches. Fixes bug 2352. Found by doorss. - Bugfix on Tor 0.2.1.27. - - diff --git a/changes/bug2358 b/changes/bug2358 deleted file mode 100644 index 5e44bb9f82..0000000000 --- a/changes/bug2358 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features - - Enable Address Space Layout Randomization (ASLR) and Data Execution - Prevention (DEP) by default on Windows to make it harder for - attackers to exploit vulnerabilities. Patch from John Brooks. - diff --git a/changes/bug2363 b/changes/bug2363 deleted file mode 100644 index 179925f65c..0000000000 --- a/changes/bug2363 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes - - Correctly detect failures to create DNS requests when using Libevent - versions before v2. (Before Libevent 2, we used our own evdns - implementation. Its return values for Libevent's evdns_resolve_*() - functions are not consistent with those from Libevent.) Found by - Lodger; fixes bug 2363; bugfix on 0.2.2.6-alpha. diff --git a/changes/bug2364 b/changes/bug2364 deleted file mode 100644 index 37de6ef526..0000000000 --- a/changes/bug2364 +++ /dev/null @@ -1,4 +0,0 @@ - o Documentation - - Document the default socks host and port (127.0.0.1:9050) for - tor-resolve. - diff --git a/changes/bug2366 b/changes/bug2366 deleted file mode 100644 index d171be453f..0000000000 --- a/changes/bug2366 +++ /dev/null @@ -1,8 +0,0 @@ - o Minor bugfixes - - When a relay decides that its DNS is too broken for it to serve - as an exit server, it advertised itself as a non-exit, but - continued to act as an exit. This could create accidental - partitioning opportunities for users. Instead, if a relay is - going to advertise reject *:* as its exit policy, it should - really act with exit policy "reject *:*". Fixes bug 2366. - Bugfix on Tor 0.1.2.5-alpha. Bugfix by user "postman" on trac. diff --git a/changes/bug2378 b/changes/bug2378 deleted file mode 100644 index 227968869f..0000000000 --- a/changes/bug2378 +++ /dev/null @@ -1,8 +0,0 @@ - o Minor bugfixes - - Correctly detect failure to allocate an OpenSSL BIO. Fixes bug 2378; - found by "cypherpunks". This bug was introduced before the - first Tor release, in svn commit r110. - - o Minor code simplifications and refactorings - - Always treat failure to allocate an RSA key as an unrecoverable - allocation error. diff --git a/changes/bug2384 b/changes/bug2384 deleted file mode 100644 index ded5eee992..0000000000 --- a/changes/bug2384 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes - - Zero out a few more keys in memory before freeing them. Fixes bug - 2384 and part of bug 2385. These key instances found by - "cypherpunks". Bugfix on 0.0.2pre9. - - diff --git a/changes/bug2403 b/changes/bug2403 deleted file mode 100644 index 3b29b37fbb..0000000000 --- a/changes/bug2403 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes: - - In the special case where you configure a public exit relay as your - bridge, Tor would be willing to use that exit relay as the last - hop in your circuit as well. Now we fail that circuit instead. - Bugfix on 0.2.0.12-alpha. Fixes bug 2403. Reported by "piebeer". - diff --git a/changes/bug2408 b/changes/bug2408 deleted file mode 100644 index 1d2dbf1ad6..0000000000 --- a/changes/bug2408 +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfixes - - Ignore and warn about "PublishServerDescriptor hidserv" torrc - options. The 'hidserv' argument never controlled publication - of hidden service descriptors. Bugfix on 0.2.0.1-alpha. - - diff --git a/changes/bug2409 b/changes/bug2409 deleted file mode 100644 index 5523458b64..0000000000 --- a/changes/bug2409 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes - - Resolve a bug in verifying signatures of directory objects - with digests longer than SHA1. Bugfix on 0.2.2.20-alpha; - fixes bug 2409; found by "piebeer". diff --git a/changes/bug2432 b/changes/bug2432 deleted file mode 100644 index 407c56ba9f..0000000000 --- a/changes/bug2432 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features: - - Provide a log message stating which geoip file we're parsing - instead of just stating that we're parsing the geoip file. - Implements ticket 2432. - diff --git a/changes/bug2433 b/changes/bug2433 deleted file mode 100644 index 8e47c4f024..0000000000 --- a/changes/bug2433 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes: - - Don't assert when changing from bridge to relay or vice versa with a controller. - The assert happened because we didn't properly initialize our keys in this case. - Bugfix on 0.2.2.18, fixes bug 2433. Issue first discovered by bastik. - diff --git a/changes/bug2450 b/changes/bug2450 deleted file mode 100644 index b3b50ddb01..0000000000 --- a/changes/bug2450 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - Country codes aren't supported in EntryNodes until 0.2.3.x. - Don't mention them in the manpage. Fixes bug 2450, issue - spotted by keb and G-Lo. - diff --git a/changes/bug2470 b/changes/bug2470 deleted file mode 100644 index 8ff97b7bca..0000000000 --- a/changes/bug2470 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes: - - If relays set RelayBandwidthBurst but not RelayBandwidthRate, - Tor would ignore their RelayBandwidthBurst setting, - potentially using more bandwidth than expected. Bugfix on - 0.2.0.1-alpha. Reported by Paul Wouters. Fixes bug 2470. diff --git a/changes/bug2475 b/changes/bug2475 deleted file mode 100644 index d6f0595a59..0000000000 --- a/changes/bug2475 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - Avoid signed/unsigned comparisons by making SIZE_T_CEILING unsigned. - (None of the cases where we did this before were wrong, but by making - this change we can avoid warnings.) Fixes bug2475; bugfix on - Tor 0.2.1.28. diff --git a/changes/bug2504 b/changes/bug2504 deleted file mode 100644 index 791600e593..0000000000 --- a/changes/bug2504 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - Fix a bug with our locking implementation on windows that couldn't - correctly detect when a file was already locked. Fixes bug 2504, - bugfix on 0.2.1.6-alpha. - diff --git a/changes/bug2510 b/changes/bug2510 deleted file mode 100644 index 2c3f613556..0000000000 --- a/changes/bug2510 +++ /dev/null @@ -1,8 +0,0 @@ - o Major bugfixes: - - Fix a bug where bridge users who configure the non-canonical - address of a bridge automatically switch to its canonical - address. If a bridge listens at more than one address, it should be - able to advertise those addresses independently and any non-blocked - addresses should continue to work. Bugfix on Tor 0.2.0.x. Fixes - bug 2510. - diff --git a/changes/bug2511 b/changes/bug2511 deleted file mode 100644 index a27696a5ff..0000000000 --- a/changes/bug2511 +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfixes: - - If you configured Tor to use bridge A, and then quit and - configured Tor to use bridge B instead, it would happily continue - to use bridge A if it's still reachable. While this behavior is - a feature if your goal is connectivity, in some scenarios it's a - dangerous bug. Bugfix on Tor 0.2.0.1-alpha; fixes bug 2511. diff --git a/changes/bug2572 b/changes/bug2572 deleted file mode 100644 index a5cca284a1..0000000000 --- a/changes/bug2572 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - Don't crash a bridge authority on SIGHUP if it can't force itself - into its routerlist. Fixes bug 2572. - - diff --git a/changes/bug2573 b/changes/bug2573 deleted file mode 100644 index 7a2a802128..0000000000 --- a/changes/bug2573 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor packaging issues - - Create the /var/run/tor directory on startup on OpenSUSE if it is - not already created. Patch from Andreas Stieger. Fixes bug 2573. diff --git a/changes/bug2629 b/changes/bug2629 deleted file mode 100644 index 87817cf6e3..0000000000 --- a/changes/bug2629 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes - - Fix a crash bug that could occur occasionally when a client was - configured with a large number of bridges. Fixes bug 2629; bugfix - on 0.2.1.2-alpha. Bugfix by trac user "shitlei". - diff --git a/changes/bug2660 b/changes/bug2660 deleted file mode 100644 index 2aa06d36f5..0000000000 --- a/changes/bug2660 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes: - - Fix connect() failures on some platforms (BSD, OS X). Bugfix on - 0.2.0.3-alpha; fixes first part of bug 2660. Patch by piebeer. - - Set target port in get_interface_address6() correctly. Bugfix - on 0.1.1.4-alpha and 0.2.0.3-alpha; fixes second part of bug - 2660. - diff --git a/changes/bug2683a b/changes/bug2683a deleted file mode 100644 index 2fe308b030..0000000000 --- a/changes/bug2683a +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features - - Log the source of a rejected POSTed v3 networkstatus vote. - diff --git a/changes/bug2696 b/changes/bug2696 deleted file mode 100644 index 6ea41d4a6a..0000000000 --- a/changes/bug2696 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features: - - Make compilation with clang possible when using - --enable-gcc-warnings by removing two warnings that clang hasn't - implemented yet and by fixing a few warnings. Implements ticket - 2696. diff --git a/changes/bug2698 b/changes/bug2698 deleted file mode 100644 index d995788bfc..0000000000 --- a/changes/bug2698 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes: - - Fix an issue that prevented static linking of libevent on - some platforms (notably Linux). Fixes bug 2698, bugfix on - versions 0.2.1.23/0.2.2.8-alpha (the versions introducing - the --with-static-libevent configure option). - diff --git a/changes/bug2704 b/changes/bug2704 deleted file mode 100644 index 821b38bc08..0000000000 --- a/changes/bug2704 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes: - - When writing our maximum bw for the current interval to the state - file, don't wrongly inflate that value by a factor of 10 anymore. - Fixes more of bug 2704. - diff --git a/changes/bug2704_part1 b/changes/bug2704_part1 deleted file mode 100644 index eaf22812cc..0000000000 --- a/changes/bug2704_part1 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - Fix an issue causing calculation of Tor's average bandwidth as saved - in the state file to be 10 times smaller than it should be. Fixes the - first part of bug 2704, bugfix on tor-0.2.2.23-alpha. - diff --git a/changes/bug2704_part2 b/changes/bug2704_part2 deleted file mode 100644 index 962c8b7099..0000000000 --- a/changes/bug2704_part2 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes: - - Prevent relays that read their bandwidth history from their state file - from arbitrarily inflating that value. Fixes the second half of bug - 2704, bugfix on tor-0.2.2.23-alpha. - diff --git a/changes/bug2716 b/changes/bug2716 deleted file mode 100644 index 4663ed3184..0000000000 --- a/changes/bug2716 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features: - - When a relay has failed several reachability tests, be more accurate - at recording when it became unreachable, so we can in turn provide - more accuracy at assigning Stable, Guard, HSDir, etc flags. Bugfix - on 0.2.0.6-alpha. Resolves bug 2716. diff --git a/changes/bug2722 b/changes/bug2722 deleted file mode 100644 index ed132fc899..0000000000 --- a/changes/bug2722 +++ /dev/null @@ -1,11 +0,0 @@ - o Minor bugfixes - - Ignore the TunnelDirConns option when determining which HSDir - relays are responsible for a hidden service descriptor ID. - Currently, clients and hidden services with TunnelDirConns off - will skip over HSDir relays which do not advertise a DirPort - when making a list of HSDirs responsible for a descriptor ID, - even though they would never try to use a HSDir's DirPort to - upload or fetch a hidden service descriptor. Fixes bug 2722; - bugfix on 0.2.1.6-alpha. - - diff --git a/changes/bug2750 b/changes/bug2750 deleted file mode 100644 index 4371a0a4ee..0000000000 --- a/changes/bug2750 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes - - Correct the warning displayed when a rendezvous descriptor exceeds - the maximum size. Fixes bug 2750; bugfix on 0.2.1.5-alpha. Found - by John Brooks. - - diff --git a/changes/bug2756 b/changes/bug2756 deleted file mode 100644 index 0cad515a1b..0000000000 --- a/changes/bug2756 +++ /dev/null @@ -1,11 +0,0 @@ - o Minor bugfixes (spec conformance, performance): - - We now ask the other side of a stream (the client or the exit) - for more data on that stream when the amount of queued data on - that stream dips low enough. Previously, we wouldn't ask the - other side for more data until either it sent us more data - (which it wasn't supposed to do if it had exhausted its - window!) or until we had completely flushed all our queued - data. Fixing this should improve throughput. Fixes bug 2756; - bugfix on the earliest released versions of Tor (svn commit - r152). - diff --git a/changes/bug2757 b/changes/bug2757 deleted file mode 100644 index f947afaeb4..0000000000 --- a/changes/bug2757 +++ /dev/null @@ -1,6 +0,0 @@ - - Minor bugfixes - o Avoid a double-mark-for-free warning when failing to attach a - transparent proxy connection. (We thought we had fixed this in - 0.2.2.23-alpha, but it turns out our fix was checking the wrong - connection.) Fixes bug 2757; bugfix on 0.1.2.1-alpha (the original - bug) and 0.2.2.23-alpha (the incorrect fix). diff --git a/changes/bug2899 b/changes/bug2899 deleted file mode 100644 index 6af86d0676..0000000000 --- a/changes/bug2899 +++ /dev/null @@ -1,4 +0,0 @@ - - Minor bugfixes: - o Downgrade "no current certificates known for authority" message from - Notice to Info. Bugfix on 0.2.0.10-alpha; fixes bug 2899. - diff --git a/changes/bug2917 b/changes/bug2917 deleted file mode 100644 index 6b1e643343..0000000000 --- a/changes/bug2917 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes - - Make the SIGNAL DUMP control-port command work on FreeBSD. Fixes - bug 2917. Bugfix on 0.1.1.1-alpha. - diff --git a/changes/bug2933 b/changes/bug2933 deleted file mode 100644 index 7aaf526112..0000000000 --- a/changes/bug2933 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes - - Fix an uncommon assertion failure when running with DNSPort under - heavy load. Fixes bug 2933; bugfix on 2.0.1-alpha. - diff --git a/changes/bug2948 b/changes/bug2948 deleted file mode 100644 index 640ef625d9..0000000000 --- a/changes/bug2948 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes - - Only limit the lengths of single HS descriptors, even when - multiple HS descriptors are published to an HSDir relay in a - single POST operation. Fixes bug 2948; bugfix on 0.2.1.5-alpha. - Found by hsdir. - - diff --git a/changes/bug2971 b/changes/bug2971 deleted file mode 100644 index 8b71ce040b..0000000000 --- a/changes/bug2971 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes: - - Be more consistent in our treatment of file system paths. ~ should - get expanded to the user's home directory in the Log config option. - Bugfix on 0.2.0.1-alpha, which introduced the feature for the -f and - --DataDirectory options. - diff --git a/changes/bug2979 b/changes/bug2979 deleted file mode 100644 index fe1f45fe09..0000000000 --- a/changes/bug2979 +++ /dev/null @@ -1,9 +0,0 @@ - o Minor bugfixes: - - If the Nickname configuration option wasn't given, Tor used to pick - a nickname based on the local hostname as the nickname for a relay. - Because nicknames are not very important in today's Tor and the - "Unnamed" nickname has been implemented, this is now problematic - behaviour: It leaks information about the hostname without being - useful at all. Bugfix on tor-0.1.2.2-alpha, which introduced the - Unnamed nickname. Fixes bug 2979, reported by tagnaq. - diff --git a/changes/bug3012 b/changes/bug3012 deleted file mode 100644 index dfde5fa90c..0000000000 --- a/changes/bug3012 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features: - - Relays can go for weeks without writing out their state file. A - relay that crashes would lose its bandwidth history (including - capacity estimate), client country statistics, and so on. Now relays - checkpoint the file at least every 12 hours. Addresses bug 3012. diff --git a/changes/bug3020 b/changes/bug3020 deleted file mode 100644 index b987161229..0000000000 --- a/changes/bug3020 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes: - - When checking whether a hibernation period has fully elapsed, use - the amount of seconds we expect for that period instead of using - the new period that just started. This would cause an issue because - February is a really short month. Bugfix on 0.2.2.17-alpha; - fixes bug 3020. - diff --git a/changes/bug3039 b/changes/bug3039 deleted file mode 100644 index 7347ee38e1..0000000000 --- a/changes/bug3039 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - Write the current time into the LastWritten line in our state file, - rather than the time from the previous write attempt. Also, stop - trying to use a time of -1 in our log statements. Fixes bug 3039; - bugfix on 0.2.2.14-alpha. diff --git a/changes/bug539_removal b/changes/bug539_removal deleted file mode 100644 index dbff43de18..0000000000 --- a/changes/bug539_removal +++ /dev/null @@ -1,6 +0,0 @@ - o Removed code - - Removed workaround code to handle directory responses from - servers that had bug 539 (they would send HTTP status 503 - responses _and_ send a body too). Since only server versions - before 0.2.0.16-alpha/0.1.2.19 were affected, there is no longer - reason to keep the workaround in place. diff --git a/changes/bytecount b/changes/bytecount deleted file mode 100644 index 50c4d6b35e..0000000000 --- a/changes/bytecount +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes - - Fix a off-by-one error in calculating some controller command argument - lengths. Fortunately, this is harmless, the controller code does - redundant NUL termination too. Found by boboper. Bugfix on - 0.1.1.1-alpha. diff --git a/changes/cbt_hi_res b/changes/cbt_hi_res deleted file mode 100644 index c0df1183cb..0000000000 --- a/changes/cbt_hi_res +++ /dev/null @@ -1,7 +0,0 @@ - o Minor features - - When expiring circuits, use microsecond timers rather than one-second - timers. This can avoid an unpleasant situation where a circuit is - launched near the end of one second and expired right near the - beginning of the next, and prevent fluctuations in circuit timeout - values. - diff --git a/changes/cbt_parallel_intro b/changes/cbt_parallel_intro deleted file mode 100644 index 44e377fb3f..0000000000 --- a/changes/cbt_parallel_intro +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features - - Use computed circuit-build timeouts to decide when to launch - parallel introdution circuits. (Previously, we would retry - after 15 seconds.) diff --git a/changes/clear_trackexithost b/changes/clear_trackexithost deleted file mode 100644 index b9ac6fec44..0000000000 --- a/changes/clear_trackexithost +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - Fix a bug in the code where we could keep trying to use a - TrackHostExits-based mapping after we failed to reach the intended - destination node. Fixes bug 2999. Bugfix on 0.2.0.20-rc. - diff --git a/changes/connect_err_reporting b/changes/connect_err_reporting deleted file mode 100644 index 61a46b6580..0000000000 --- a/changes/connect_err_reporting +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes: - - Be more careful about reporting the correct error from a failed - connect() operation. Under some circumstances, it was possible to - look at an incorrect value for errno when sending the end reason. - Bugfix on Tor-0.1.0.1-rc. - diff --git a/changes/count_overflow b/changes/count_overflow deleted file mode 100644 index f302ff2d71..0000000000 --- a/changes/count_overflow +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - Correctly handle an "impossible" overflow cases in connection - byte counting, where we write or read more than 4GB on an edge - connection in single second. Bugfix on 0.1.2.8-beta. - diff --git a/changes/dhparam b/changes/dhparam deleted file mode 100644 index cb31243ba9..0000000000 --- a/changes/dhparam +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features - - Adjust our TLS Diffie-Hellman parameters to match those used by - Apache's mod_ssl. diff --git a/changes/doxygen b/changes/doxygen deleted file mode 100644 index 5e5fcd12d6..0000000000 --- a/changes/doxygen +++ /dev/null @@ -1,6 +0,0 @@ - o Documentation changes - - Modernize the doxygen configuration file slightly. Fixes bug 2707. - - Resolve all doxygen warnings except those for missing documentation. - Fixes bug 2705. - - Add doxygen documentation for more functions, fields, and types. - diff --git a/changes/exitnodes_reliable b/changes/exitnodes_reliable deleted file mode 100644 index 62ef03a0ce..0000000000 --- a/changes/exitnodes_reliable +++ /dev/null @@ -1,7 +0,0 @@ - o Minor features: - - If ExitNodes is set, still pay attention to the Fast/Stable - status of exits when picking exit nodes. (We used to ignore - these flags when ExitNodes was set, on the grounds that people - who set exitnodes wanted all of those nodes to get used, but - with the ability to pick exits by country and IP range, this - doesn't necessarily make sense any more.) diff --git a/changes/feature2711 b/changes/feature2711 deleted file mode 100644 index 7cdcfbfe10..0000000000 --- a/changes/feature2711 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features - - Export GeoIP information on usage to bridge controller even if we have - not yet been running for 24 hours. - diff --git a/changes/fix2195-fix b/changes/fix2195-fix deleted file mode 100644 index 9f03c2465e..0000000000 --- a/changes/fix2195-fix +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes: - - Do not dereference NULL if a bridge fails to build its - extra-info descriptor. Previously, we would have dereferenced - NULL. Found by an anonymous commenter on Trac. Bugfix on - 0.2.2.19-alpha. - diff --git a/changes/forget-rend-descs-on-newnym b/changes/forget-rend-descs-on-newnym deleted file mode 100644 index da7afbe201..0000000000 --- a/changes/forget-rend-descs-on-newnym +++ /dev/null @@ -1,21 +0,0 @@ - o Security fixes: - - Forget all hidden service descriptors cached as a client when - processing a SIGNAL NEWNYM command. Fixes bug 3000. Bugfix on - 0.0.6. - o Major bugfixes: - - When we find that we have extended a hidden service's introduction - circuit to a relay which isn't listed as an introduction point in - the HS descriptor we currently have for the service, we now retry - one of the introduction points in the current HS descriptor. - Previously we would just give up. Bugfix on 0.2.0.10-alpha; fixes - bugs 1024 and 1930. - o Minor bugfixes: - - Don't allow v0 hidden service authorities to act as clients. - Required by fix for bug 3000. - - Ignore SIGNAL NEWNYM commands on relay-only Tor instances. - Required by fix for bug 3000. - o Code simplifications and refactoring: - - Allow rend_client_send_introduction to fail without closing the - AP connection permanently. - - diff --git a/changes/full_ap_circuits b/changes/full_ap_circuits deleted file mode 100644 index 379a1a1b73..0000000000 --- a/changes/full_ap_circuits +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes - - When a client finds that an origin circuit has run out of 16-bit - stream IDs, we now mark it as unusable for new streams. - Previously, we would try to close the entire circuit. Bugfix on - Tor version 0.0.6. - diff --git a/changes/gabelmoo-newip b/changes/gabelmoo-newip deleted file mode 100644 index 8e9a19c657..0000000000 --- a/changes/gabelmoo-newip +++ /dev/null @@ -1,3 +0,0 @@ - o Directory authority changes: - - Change IP address and ports for gabelmoo (v3 directory authority). - diff --git a/changes/geoip-apr2011 b/changes/geoip-apr2011 deleted file mode 100644 index c38f8ae384..0000000000 --- a/changes/geoip-apr2011 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update to the April 1 2011 Maxmind GeoLite Country database. - diff --git a/changes/geoip-dec2010 b/changes/geoip-dec2010 deleted file mode 100644 index d6247cee6b..0000000000 --- a/changes/geoip-dec2010 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update to the December 1 2010 Maxmind GeoLite Country database. - diff --git a/changes/geoip-feb2011 b/changes/geoip-feb2011 deleted file mode 100644 index 12eb0ac4b1..0000000000 --- a/changes/geoip-feb2011 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update to the February 1 2011 Maxmind GeoLite Country database. - diff --git a/changes/geoip-jan2011 b/changes/geoip-jan2011 deleted file mode 100644 index b58805ad37..0000000000 --- a/changes/geoip-jan2011 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update to the January 1 2011 Maxmind GeoLite Country database. - diff --git a/changes/geoip-mar2011 b/changes/geoip-mar2011 deleted file mode 100644 index fda927f03f..0000000000 --- a/changes/geoip-mar2011 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update to the March 1 2011 Maxmind GeoLite Country database. - diff --git a/changes/gmtime_null b/changes/gmtime_null deleted file mode 100644 index 16a25408bf..0000000000 --- a/changes/gmtime_null +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes - - On some platforms, gmtime and localtime can return NULL under - certain circumstances even for well-defined values of time_t. - Try to detect and make up for this deficiency. Possible fix for - bug 2077. Bugfix on all versions of Tor. Found by boboper. - diff --git a/changes/hsdir_assignment b/changes/hsdir_assignment deleted file mode 100644 index 5c04b9b9bb..0000000000 --- a/changes/hsdir_assignment +++ /dev/null @@ -1,8 +0,0 @@ - o Security fixes: - - Directory authorities now use data collected from rephist when - choosing whether to assign the HSDir flag to relays, instead of - trusting the uptime value the relay reports in its descriptor. - This helps prevent an attack where a small set of nodes with - frequently-changing identity keys can blackhole a hidden service. - (Only authorities need upgrade; others will be fine once they do.) - Bugfix on 0.2.0.10-alpha; fixes bug 2709. diff --git a/changes/ipv6_crash b/changes/ipv6_crash deleted file mode 100644 index 02f8aaa41c..0000000000 --- a/changes/ipv6_crash +++ /dev/null @@ -1,4 +0,0 @@ - o Major bugfixes: - - Fix a crash in parsing router descriptors containing IPv6 - addresses. This one crashed the directory authorities when somebody - fired up some experimental code. Bugfix on 0.2.1.3-alpha. diff --git a/changes/kill_ftime b/changes/kill_ftime deleted file mode 100644 index 47f4769735..0000000000 --- a/changes/kill_ftime +++ /dev/null @@ -1,7 +0,0 @@ - o Code simplification and refactoring - - Remove the old 'fuzzy time' logic. It was supposed to be used - for handling calculations where we have a known amount of clock - skew and an allowed amount of unknown skew. But we only used it - in three places, and we never adjusted the known/unknown skew - values. This is still something we might want to do someday, - but if we do, we'll want to do it differently. diff --git a/changes/log-typo-2011-03-15-01 b/changes/log-typo-2011-03-15-01 deleted file mode 100644 index 3830df388f..0000000000 --- a/changes/log-typo-2011-03-15-01 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes - - Fix a minor typo in a log message. Bugfix on 0.2.2.6-alpha. - diff --git a/changes/log_domains b/changes/log_domains deleted file mode 100644 index 7fc0506cdf..0000000000 --- a/changes/log_domains +++ /dev/null @@ -1,12 +0,0 @@ - o Minor features - - Make it simpler to specify "All log domains except for A and B". - Previously you needed to say "[*,~A,~B]". Now you can just say - "[~A,~B]". - - Add a LogMessageDomains option to include the domains of log messages - along with the messages. Without this, there's no way to use - log domains without reading the source or doing a lot of guessing - - o Documentation - - Add documentation for configuring logging at different severities in - different log domains. We've had this feature since 0.2.1.1-alpha, but - for some reason it never made it into the manpage. Fixes bug 2215. diff --git a/changes/microdesc-double-free b/changes/microdesc-double-free deleted file mode 100644 index 932cc754ba..0000000000 --- a/changes/microdesc-double-free +++ /dev/null @@ -1,7 +0,0 @@ - o Security fixes: - - Don't double-free a parsable, but invalid, microdescriptor, even - if it is followed in the blob we're parsing by an unparsable - microdescriptor. Fixes an issue reported in a comment on bug 2954. - Bugfix on 0.2.2.6-alpha; fix by "cypherpunks". - - diff --git a/changes/mingw-openssl098m b/changes/mingw-openssl098m deleted file mode 100644 index b4199760b7..0000000000 --- a/changes/mingw-openssl098m +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features - - Build correctly on mingw with more recent version of OpenSSL 0.9.8. - Patch from mingw-san. diff --git a/changes/noroute b/changes/noroute deleted file mode 100644 index 644deec453..0000000000 --- a/changes/noroute +++ /dev/null @@ -1,5 +0,0 @@ - - Minor features - - Send END_STREAM_REASON_NOROUTE in response to EHOSTUNREACH errors. - Clients before 0.2.1.27 didn't handle NOROUTE correctly, but - such clients are already deprecated because of security bugs. - diff --git a/changes/osx_forgotten_compilefix b/changes/osx_forgotten_compilefix deleted file mode 100644 index 754e09cfe1..0000000000 --- a/changes/osx_forgotten_compilefix +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes: - - Added a forgotten cast that caused a compile warning on OS X 10.6. Bugfix - on 0.2.2.24-alpha. - diff --git a/changes/policy_summarize-assert b/changes/policy_summarize-assert deleted file mode 100644 index 619e8e7e42..0000000000 --- a/changes/policy_summarize-assert +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfixes (security) - - Fix a bounds-checking error that could allow an attacker to - remotely crash a directory authority. Found by piebeer. - Bugfix on 0.2.1.5-alpha. - - diff --git a/changes/remove-website b/changes/remove-website deleted file mode 100644 index ecbfbf9bc2..0000000000 --- a/changes/remove-website +++ /dev/null @@ -1,5 +0,0 @@ - o Removed files: - - Stop shipping the old doc/website/ directory in the tarball. We - changed the website format in late 2010, and what we shipped in - 0.2.1.26 really wasn't that useful anyway. - diff --git a/changes/routerparse_maxima b/changes/routerparse_maxima deleted file mode 100644 index 340f2c3c2d..0000000000 --- a/changes/routerparse_maxima +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes - - Check for and reject overly long directory certificates and - directory tokens before they have a chance to hit any - assertions. Bugfix on 0.2.1.28. Found by doorss. diff --git a/changes/security_bug b/changes/security_bug deleted file mode 100644 index 990beee506..0000000000 --- a/changes/security_bug +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes: - - Fix a remotely exploitable bug that could be used to crash instances - of Tor remotely by overflowing on the heap. Remove-code execution - hasn't been confirmed, but can't be ruled out. Obviously, everyone - should upgrade. Bugfix on the 0.1.1 series and later. diff --git a/changes/task2196 b/changes/task2196 deleted file mode 100644 index e629fccac2..0000000000 --- a/changes/task2196 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features: - - Report only the top 10 ports in exit-port stats in order not to - exceed the maximum extra-info descriptor length of 50 KB. Implements - task 2196. - diff --git a/changes/ticket2497 b/changes/ticket2497 deleted file mode 100644 index 51171412bf..0000000000 --- a/changes/ticket2497 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - Ensure that no empty [dirreq-](read|write)-history lines are added - to an extrainfo document. Implements ticket 2497. - diff --git a/changes/tolen_asserts b/changes/tolen_asserts deleted file mode 100644 index a9834ab669..0000000000 --- a/changes/tolen_asserts +++ /dev/null @@ -1,8 +0,0 @@ - o Major bugfixes (security) - - Fix a heap overflow bug where an adversary could cause heap - corruption. This bug potentially allows remote code execution - attacks. Found by debuger. Fixes CVE-2011-0427. Bugfix on - 0.1.2.10-rc. - o Defensive programming - - Introduce output size checks on all of our decryption functions. - diff --git a/changes/torspec.git b/changes/torspec.git deleted file mode 100644 index ba33ca20fd..0000000000 --- a/changes/torspec.git +++ /dev/null @@ -1,5 +0,0 @@ - o Packaging changes: - - Stop shipping the Tor specs files and development proposal documents - in the tarball. They are now in a separate git repository at - git://git.torproject.org/torspec.git - diff --git a/changes/win_tmp_dir b/changes/win_tmp_dir deleted file mode 100644 index 13f6e7f1cf..0000000000 --- a/changes/win_tmp_dir +++ /dev/null @@ -1,4 +0,0 @@ - o Unit tests: - - Use GetTempDir to find the proper temporary directory location on - Windows when generating temporary files for the unit tests. Patch - by Gisle Vanem. diff --git a/changes/zlib_aint_openssl b/changes/zlib_aint_openssl deleted file mode 100644 index dd8e10a328..0000000000 --- a/changes/zlib_aint_openssl +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes - - When warning about missing zlib development packages, give the - correct package names. Bugfix on 0.2.0.1-alpha. diff --git a/configure.in b/configure.in index aa2233d4eb..124383c5c8 100644 --- a/configure.in +++ b/configure.in @@ -4,7 +4,7 @@ dnl Copyright (c) 2007-2008, The Tor Project, Inc. dnl See LICENSE for licensing information AC_INIT -AM_INIT_AUTOMAKE(tor, 0.2.2.19-alpha) +AM_INIT_AUTOMAKE(tor, 0.2.2.25-alpha) AM_CONFIG_HEADER(orconfig.h) AC_CANONICAL_HOST diff --git a/contrib/tor-mingw.nsi.in b/contrib/tor-mingw.nsi.in index a44961b027..78e4820392 100644 --- a/contrib/tor-mingw.nsi.in +++ b/contrib/tor-mingw.nsi.in @@ -8,7 +8,7 @@ !include "LogicLib.nsh" !include "FileFunc.nsh" !insertmacro GetParameters -!define VERSION "0.2.2.19-alpha" +!define VERSION "0.2.2.25-alpha" !define INSTALLER "tor-${VERSION}-win32.exe" !define WEBSITE "https://www.torproject.org/" !define LICENSE "LICENSE" diff --git a/src/win32/orconfig.h b/src/win32/orconfig.h index b3cd1db50b..8d5b969903 100644 --- a/src/win32/orconfig.h +++ b/src/win32/orconfig.h @@ -233,5 +233,5 @@ #define USING_TWOS_COMPLEMENT /* Version number of package */ -#define VERSION "0.2.2.19-alpha" +#define VERSION "0.2.2.25-alpha" |