aboutsummaryrefslogtreecommitdiff
path: root/ChangeLog
diff options
context:
space:
mode:
Diffstat (limited to 'ChangeLog')
-rw-r--r--ChangeLog1009
1 files changed, 1008 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog
index 6ba0b06dd2..82bc8eb212 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,1011 @@
+Changes in version 0.3.2.12 - 2018-09-10
+ Tor 0.3.2.12 backport numerous fixes from later versions of Tor.
+
+ o Minor features (compatibility, backport from 0.3.4.8):
+ - Tell OpenSSL to maintain backward compatibility with previous
+ RSA1024/DH1024 users in Tor. With OpenSSL 1.1.1-pre6, these
+ ciphers are disabled by default. Closes ticket 27344.
+
+ o Minor features (continuous integration, backport from 0.3.4.7-rc):
+ - Enable macOS builds in our Travis CI configuration. Closes
+ ticket 24629.
+ - Install libcap-dev and libseccomp2-dev so these optional
+ dependencies get tested on Travis CI. Closes ticket 26560.
+ - Run asciidoc during Travis CI. Implements ticket 27087.
+ - Use ccache in our Travis CI configuration. Closes ticket 26952.
+
+ o Minor features (continuous integration, rust, backport from 0.3.4.7-rc):
+ - Use cargo cache in our Travis CI configuration. Closes
+ ticket 26952.
+
+ o Minor features (controller, backport from 0.3.4.6-rc):
+ - The control port now exposes the list of HTTPTunnelPorts and
+ ExtOrPorts via GETINFO net/listeners/httptunnel and
+ net/listeners/extor respectively. Closes ticket 26647.
+
+ o Minor features (directory authorities, backport from 0.3.4.7-rc):
+ - Authorities no longer vote to make the subprotocol version
+ "LinkAuth=1" a requirement: it is unsupportable with NSS, and
+ hasn't been needed since Tor 0.3.0.1-alpha. Closes ticket 27286.
+
+ o Minor features (geoip):
+ - Update geoip and geoip6 to the August 7 2018 Maxmind GeoLite2
+ Country database. Closes ticket 27089.
+
+ o Minor bugfixes (compilation, backport from 0.3.4.6-rc):
+ - When compiling with --enable-openbsd-malloc or --enable-tcmalloc,
+ tell the compiler not to include the system malloc implementation.
+ Fixes bug 20424; bugfix on 0.2.0.20-rc.
+ - Don't try to use a pragma to temporarily disable the
+ -Wunused-const-variable warning if the compiler doesn't support
+ it. Fixes bug 26785; bugfix on 0.3.2.11.
+
+ o Minor bugfixes (compilation, backport from 0.3.4.7-rc):
+ - Silence a spurious compiler warning on the GetAdaptersAddresses
+ function pointer cast. This issue is already fixed by 26481 in
+ 0.3.5 and later, by removing the lookup and cast. Fixes bug 27465;
+ bugfix on 0.2.3.11-alpha.
+ - Stop calling SetProcessDEPPolicy() on 64-bit Windows. It is not
+ supported, and always fails. Some compilers warn about the
+ function pointer cast on 64-bit Windows. Fixes bug 27461; bugfix
+ on 0.2.2.23-alpha.
+
+ o Minor bugfixes (compilation, windows, backport from 0.3.4.7-rc):
+ - Don't link or search for pthreads when building for Windows, even
+ if we are using build environment (like mingw) that provides a
+ pthreads library. Fixes bug 27081; bugfix on 0.1.0.1-rc.
+
+ o Minor bugfixes (continuous integration, backport from 0.3.4.6-rc):
+ - Skip a pair of unreliable key generation tests on Windows, until
+ the underlying issue in bug 26076 is resolved. Fixes bug 26830 and
+ bug 26853; bugfix on 0.2.7.3-rc and 0.3.2.1-alpha respectively.
+
+ o Minor bugfixes (continuous integration, backport from 0.3.4.7-rc):
+ - Build with zstd on macOS. Fixes bug 27090; bugfix on 0.3.1.5-alpha.
+ - Pass the module flags to distcheck configure, and log the flags
+ before running configure. (Backported to 0.2.9 and later as a
+ precaution.) Fixes bug 27088; bugfix on 0.3.4.1-alpha.
+
+ o Minor bugfixes (continuous integration, backport from 0.3.4.8):
+ - When a Travis build fails, and showing a log fails, keep trying to
+ show the other logs. Fixes bug 27453; bugfix on 0.3.4.7-rc.
+ - When we use echo in Travis, don't pass a --flag as the first
+ argument. Fixes bug 27418; bugfix on 0.3.4.7-rc.
+
+ o Minor bugfixes (directory authority, backport from 0.3.4.6-rc):
+ - When voting for recommended versions, make sure that all of the
+ versions are well-formed and parsable. Fixes bug 26485; bugfix
+ on 0.1.1.6-alpha.
+
+ o Minor bugfixes (linux seccomp2 sandbox, backport from 0.3.4.7-rc):
+ - Fix a bug in out sandboxing rules for the openat() syscall.
+ Previously, no openat() call would be permitted, which would break
+ filesystem operations on recent glibc versions. Fixes bug 25440;
+ bugfix on 0.2.9.15. Diagnosis and patch from Daniel Pinto.
+
+ o Minor bugfixes (logging, backport from 0.3.4.6-rc):
+ - Improve the log message when connection initiators fail to
+ authenticate direct connections to relays. Fixes bug 26927; bugfix
+ on 0.3.0.1-alpha.
+
+ o Minor bugfixes (onion services, backport from 0.3.4.7-rc):
+ - Fix bug that causes services to not ever rotate their descriptors
+ if they were getting SIGHUPed often. Fixes bug 26932; bugfix
+ on 0.3.2.1-alpha.
+
+ o Minor bugfixes (onion services, backport from 0.3.4.8):
+ - Silence a spurious compiler warning in
+ rend_client_send_introduction(). Fixes bug 27463; bugfix
+ on 0.1.1.2-alpha.
+
+ o Minor bugfixes (rust, backport from 0.3.4.7-rc):
+ - Backport test_rust.sh from master. Fixes bug 26497; bugfix
+ on 0.3.1.5-alpha.
+ - Consistently use ../../.. as a fallback for $abs_top_srcdir in
+ test_rust.sh. Fixes bug 27093; bugfix on 0.3.4.3-alpha.
+ - Stop setting $CARGO_HOME. cargo will use the user's $CARGO_HOME, or
+ $HOME/.cargo by default. Fixes bug 26497; bugfix on 0.3.1.5-alpha.
+
+ o Minor bugfixes (single onion services, Tor2web, backport from 0.3.4.6-rc):
+ - Log a protocol warning when single onion services or Tor2web clients
+ fail to authenticate direct connections to relays.
+ Fixes bug 26924; bugfix on 0.2.9.1-alpha.
+
+ o Minor bugfixes (testing, backport from 0.3.4.6-rc):
+ - Disable core dumps in test_bt.sh, to avoid failures in "make
+ distcheck". Fixes bug 26787; bugfix on 0.2.5.2-alpha.
+
+ o Minor bugfixes (testing, chutney, backport from 0.3.4.8):
+ - When running make test-network-all, use the mixed+hs-v2 network.
+ (A previous fix to chutney removed v3 onion services from the
+ mixed+hs-v23 network, so seeing "mixed+hs-v23" in tests is
+ confusing.) Fixes bug 27345; bugfix on 0.3.2.1-alpha.
+ - Before running make test-network-all, delete old logs and test
+ result files, to avoid spurious failures. Fixes bug 27295; bugfix
+ on 0.2.7.3-rc.
+
+ o Minor bugfixes (testing, openssl compatibility):
+ - Our "tortls/cert_matches_key" unit test no longer relies on OpenSSL
+ internals. Previously, it relied on unsupported OpenSSL behavior in
+ a way that caused it to crash with OpenSSL 1.0.2p. Fixes bug 27226;
+ bugfix on 0.2.5.1-alpha.
+
+ o Minor bugfixes (testing, openssl compatibility, backport from 0.3.4.7-rc):
+ - Our "tortls/cert_matches_key" unit test no longer relies on
+ OpenSSL internals. Previously, it relied on unsupported OpenSSL
+ behavior in a way that caused it to crash with OpenSSL 1.0.2p.
+ Fixes bug 27226; bugfix on 0.2.5.1-alpha.
+
+ o Minor bugfixes (Windows, compilation, backport from 0.3.4.7-rc):
+ - Silence a compilation warning on MSVC 2017 and clang-cl. Fixes bug
+ 27185; bugfix on 0.2.2.2-alpha.
+
+
+Changes in version 0.3.2.11 - 2018-07-13
+ Tor 0.3.2.11 moves to a new bridge authority, meaning people running
+ bridge relays should upgrade. We also take this opportunity to backport
+ other minor fixes.
+
+ o Directory authority changes:
+ - The "Bifroest" bridge authority has been retired; the new bridge
+ authority is "Serge", and it is operated by George from the
+ TorBSD project. Closes ticket 26771.
+
+ o Directory authority changes (backport from 0.3.3.7):
+ - Add an IPv6 address for the "dannenberg" directory authority.
+ Closes ticket 26343.
+
+ o Major bugfixes (directory authorities, backport from 0.3.4.1-alpha):
+ - When directory authorities read a zero-byte bandwidth file, they
+ would previously log a warning with the contents of an
+ uninitialised buffer. They now log a warning about the empty file
+ instead. Fixes bug 26007; bugfix on 0.2.2.1-alpha.
+
+ o Major bugfixes (onion service, backport from 0.3.4.1-alpha):
+ - Correctly detect when onion services get disabled after HUP. Fixes
+ bug 25761; bugfix on 0.3.2.1.
+
+ o Minor features (sandbox, backport from 0.3.3.4-alpha):
+ - Explicitly permit the poll() system call when the Linux
+ seccomp2-based sandbox is enabled: apparently, some versions of
+ libc use poll() when calling getpwnam(). Closes ticket 25313.
+
+ o Minor feature (continuous integration, backport from 0.3.3.5-rc):
+ - Update the Travis CI configuration to use the stable Rust channel,
+ now that we have decided to require that. Closes ticket 25714.
+
+ o Minor features (continuous integration, backport from 0.3.4.1-alpha):
+ - Our .travis.yml configuration now includes support for testing the
+ results of "make distcheck". (It's not uncommon for "make check"
+ to pass but "make distcheck" to fail.) Closes ticket 25814.
+ - Our Travis CI configuration now integrates with the Coveralls
+ coverage analysis tool. Closes ticket 25818.
+
+ o Minor features (relay, diagnostic, backport from 0.3.4.3-alpha):
+ - Add several checks to detect whether Tor relays are uploading
+ their descriptors without specifying why they regenerated them.
+ Diagnostic for ticket 25686.
+
+ o Minor features (compilation, backport from 0.3.4.4-rc):
+ - When building Tor, prefer to use Python 3 over Python 2, and more
+ recent (contemplated) versions over older ones. Closes
+ ticket 26372.
+
+ o Minor features (geoip):
+ - Update geoip and geoip6 to the July 3 2018 Maxmind GeoLite2
+ Country database. Closes ticket 26674.
+
+ o Minor bugfixes (correctness, client, backport from 0.3.4.1-alpha):
+ - Upon receiving a malformed connected cell, stop processing the
+ cell immediately. Previously we would mark the connection for
+ close, but continue processing the cell as if the connection were
+ open. Fixes bug 26072; bugfix on 0.2.4.7-alpha.
+
+ o Minor bugfixes (Linux seccomp2 sandbox, backport from 0.3.4.1-alpha):
+ - Allow the nanosleep() system call, which glibc uses to implement
+ sleep() and usleep(). Fixes bug 24969; bugfix on 0.2.5.1-alpha.
+
+ o Minor bugfixes (testing, compatibility, backport from 0.3.4.4-rc):
+ - When running the hs_ntor_ref.py test, make sure only to pass
+ strings (rather than "bytes" objects) to the Python subprocess
+ module. Python 3 on Windows seems to require this. Fixes bug
+ 26535; bugfix on 0.3.1.1-alpha.
+ - When running the ntor_ref.py test, make sure only to pass strings
+ (rather than "bytes" objects) to the Python subprocess module.
+ Python 3 on Windows seems to require this. Fixes bug 26535; bugfix
+ on 0.2.5.5-alpha.
+
+ o Minor bugfixes (compatibility, openssl, backport from 0.3.4.2-alpha):
+ - Work around a change in OpenSSL 1.1.1 where return values that
+ would previously indicate "no password" now indicate an empty
+ password. Without this workaround, Tor instances running with
+ OpenSSL 1.1.1 would accept descriptors that other Tor instances
+ would reject. Fixes bug 26116; bugfix on 0.2.5.16.
+
+ o Minor bugfixes (documentation, backport from 0.3.3.5-rc):
+ - Document that the PerConnBW{Rate,Burst} options will fall back to
+ their corresponding consensus parameters only if those parameters
+ are set. Previously we had claimed that these values would always
+ be set in the consensus. Fixes bug 25296; bugfix on 0.2.2.7-alpha.
+
+ o Minor bugfixes (compilation, backport from 0.3.4.4-rc):
+ - Fix a compilation warning on some versions of GCC when building
+ code that calls routerinfo_get_my_routerinfo() twice, assuming
+ that the second call will succeed if the first one did. Fixes bug
+ 26269; bugfix on 0.2.8.2-alpha.
+
+ o Minor bugfixes (client, backport from 0.3.4.1-alpha):
+ - Don't consider Tor running as a client if the ControlPort is open,
+ but no actual client ports are open. Fixes bug 26062; bugfix
+ on 0.2.9.4-alpha.
+
+ o Minor bugfixes (hardening, backport from 0.3.4.2-alpha):
+ - Prevent a possible out-of-bounds smartlist read in
+ protover_compute_vote(). Fixes bug 26196; bugfix on 0.2.9.4-alpha.
+
+ o Minor bugfixes (C correctness, backport from 0.3.3.4-alpha):
+ - Fix a very unlikely (impossible, we believe) null pointer
+ dereference. Fixes bug 25629; bugfix on 0.2.9.15. Found by
+ Coverity; this is CID 1430932.
+
+ o Minor bugfixes (onion service, backport from 0.3.4.1-alpha):
+ - Fix a memory leak when a v3 onion service is configured and gets a
+ SIGHUP signal. Fixes bug 25901; bugfix on 0.3.2.1-alpha.
+ - When parsing the descriptor signature, look for the token plus an
+ extra white-space at the end. This is more correct but also will
+ allow us to support new fields that might start with "signature".
+ Fixes bug 26069; bugfix on 0.3.0.1-alpha.
+
+ o Minor bugfixes (relay, backport from 0.3.4.3-alpha):
+ - Relays now correctly block attempts to re-extend to the previous
+ relay by Ed25519 identity. Previously they would warn in this
+ case, but not actually reject the attempt. Fixes bug 26158; bugfix
+ on 0.3.0.1-alpha.
+
+ o Minor bugfixes (relay, crash, backport from 0.3.4.1-alpha):
+ - Avoid a crash when running with DirPort set but ORPort turned off.
+ Fixes a case of bug 23693; bugfix on 0.3.1.1-alpha.
+
+ o Minor bugfixes (compilation, backport from 0.3.4.2-alpha):
+ - Silence unused-const-variable warnings in zstd.h with some GCC
+ versions. Fixes bug 26272; bugfix on 0.3.1.1-alpha.
+
+ o Minor bugfixes (testing, backport from 0.3.3.4-alpha):
+ - Avoid intermittent test failures due to a test that had relied on
+ onion service introduction point creation finishing within 5
+ seconds of real clock time. Fixes bug 25450; bugfix
+ on 0.3.1.3-alpha.
+
+ o Minor bugfixes (compilation, backport from 0.3.3.4-alpha):
+ - Fix a C99 compliance issue in our configuration script that caused
+ compilation issues when compiling Tor with certain versions of
+ xtools. Fixes bug 25474; bugfix on 0.3.2.5-alpha.
+
+ o Minor bugfixes (memory, correctness, backport from 0.3.4.4-rc):
+ - Fix a number of small memory leaks identified by coverity. Fixes
+ bug 26467; bugfix on numerous Tor versions.
+
+ o Code simplification and refactoring (backport from 0.3.3.5-rc):
+ - Move the list of default directory authorities to its own file.
+ Closes ticket 24854. Patch by "beastr0".
+
+
+Changes in version 0.3.2.10 - 2018-03-03
+ Tor 0.3.2.10 is the second stable release in the 0.3.2 series. It
+ backports a number of bugfixes, including important fixes for security
+ issues.
+
+ It includes an important security fix for a remote crash attack
+ against directory authorities, tracked as TROVE-2018-001.
+
+ Additionally, it backports a fix for a bug whose severity we have
+ upgraded: Bug 24700, which was fixed in 0.3.3.2-alpha, can be remotely
+ triggered in order to crash relays with a use-after-free pattern. As
+ such, we are now tracking that bug as TROVE-2018-002 and
+ CVE-2018-0491, and backporting it to earlier releases. This bug
+ affected versions 0.3.2.1-alpha through 0.3.2.9, as well as version
+ 0.3.3.1-alpha.
+
+ This release also backports our new system for improved resistance to
+ denial-of-service attacks against relays.
+
+ This release also fixes several minor bugs and annoyances from
+ earlier releases.
+
+ Relays running 0.3.2.x SHOULD upgrade to one of the versions released
+ today, for the fix to TROVE-2018-002. Directory authorities should
+ also upgrade. (Relays on earlier versions might want to update too for
+ the DoS mitigations.)
+
+ o Major bugfixes (denial-of-service, directory authority, backport from 0.3.3.3-alpha):
+ - Fix a protocol-list handling bug that could be used to remotely crash
+ directory authorities with a null-pointer exception. Fixes bug 25074;
+ bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2018-001 and
+ CVE-2018-0490.
+
+ o Major bugfixes (scheduler, KIST, denial-of-service, backport from 0.3.3.2-alpha):
+ - Avoid adding the same channel twice in the KIST scheduler pending
+ list, which could lead to remote denial-of-service use-after-free
+ attacks against relays. Fixes bug 24700; bugfix on 0.3.2.1-alpha.
+
+ o Major features (denial-of-service mitigation, backport from 0.3.3.2-alpha):
+ - Give relays some defenses against the recent network overload. We
+ start with three defenses (default parameters in parentheses).
+ First: if a single client address makes too many concurrent
+ connections (>100), hang up on further connections. Second: if a
+ single client address makes circuits too quickly (more than 3 per
+ second, with an allowed burst of 90) while also having too many
+ connections open (3), refuse new create cells for the next while
+ (1-2 hours). Third: if a client asks to establish a rendezvous
+ point to you directly, ignore the request. These defenses can be
+ manually controlled by new torrc options, but relays will also
+ take guidance from consensus parameters, so there's no need to
+ configure anything manually. Implements ticket 24902.
+
+ o Major bugfixes (onion services, retry behavior, backport from 0.3.3.1-alpha):
+ - Fix an "off by 2" error in counting rendezvous failures on the
+ onion service side. While we thought we would stop the rendezvous
+ attempt after one failed circuit, we were actually making three
+ circuit attempts before giving up. Now switch to a default of 2,
+ and allow the consensus parameter "hs_service_max_rdv_failures" to
+ override. Fixes bug 24895; bugfix on 0.0.6.
+ - New-style (v3) onion services now obey the "max rendezvous circuit
+ attempts" logic. Previously they would make as many rendezvous
+ circuit attempts as they could fit in the MAX_REND_TIMEOUT second
+ window before giving up. Fixes bug 24894; bugfix on 0.3.2.1-alpha.
+
+ o Major bugfixes (protocol versions, backport from 0.3.3.2-alpha):
+ - Add Link protocol version 5 to the supported protocols list. Fixes
+ bug 25070; bugfix on 0.3.1.1-alpha.
+
+ o Major bugfixes (relay, backport from 0.3.3.1-alpha):
+ - Fix a set of false positives where relays would consider
+ connections to other relays as being client-only connections (and
+ thus e.g. deserving different link padding schemes) if those
+ relays fell out of the consensus briefly. Now we look only at the
+ initial handshake and whether the connection authenticated as a
+ relay. Fixes bug 24898; bugfix on 0.3.1.1-alpha.
+
+ o Major bugfixes (scheduler, consensus, backport from 0.3.3.2-alpha):
+ - The scheduler subsystem was failing to promptly notice changes in
+ consensus parameters, making it harder to switch schedulers
+ network-wide. Fixes bug 24975; bugfix on 0.3.2.1-alpha.
+
+ o Minor features (denial-of-service avoidance, backport from 0.3.3.2-alpha):
+ - Make our OOM handler aware of the geoip client history cache so it
+ doesn't fill up the memory. This check is important for IPv6 and
+ our DoS mitigation subsystem. Closes ticket 25122.
+
+ o Minor features (compatibility, OpenSSL, backport from 0.3.3.3-alpha):
+ - Tor will now support TLS1.3 once OpenSSL 1.1.1 is released.
+ Previous versions of Tor would not have worked with OpenSSL 1.1.1,
+ since they neither disabled TLS 1.3 nor enabled any of the
+ ciphersuites it requires. Now we enable the TLS 1.3 ciphersuites.
+ Closes ticket 24978.
+
+ o Minor features (geoip):
+ - Update geoip and geoip6 to the February 7 2018 Maxmind GeoLite2
+ Country database.
+
+ o Minor features (logging, diagnostic, backport from 0.3.3.2-alpha):
+ - When logging a failure to create an onion service's descriptor,
+ also log what the problem with the descriptor was. Diagnostic
+ for ticket 24972.
+
+ o Minor bugfix (channel connection, backport from 0.3.3.2-alpha):
+ - Use the actual observed address of an incoming relay connection,
+ not the canonical address of the relay from its descriptor, when
+ making decisions about how to handle the incoming connection.
+ Fixes bug 24952; bugfix on 0.2.4.11-alpha. Patch by "ffmancera".
+
+ o Minor bugfixes (denial-of-service, backport from 0.3.3.3-alpha):
+ - Fix a possible crash on malformed consensus. If a consensus had
+ contained an unparseable protocol line, it could have made clients
+ and relays crash with a null-pointer exception. To exploit this
+ issue, however, an attacker would need to be able to subvert the
+ directory authority system. Fixes bug 25251; bugfix on
+ 0.2.9.4-alpha. Also tracked as TROVE-2018-004.
+
+ o Minor bugfix (directory authority, backport from 0.3.3.2-alpha):
+ - Directory authorities, when refusing a descriptor from a rejected
+ relay, now explicitly tell the relay (in its logs) to set a valid
+ ContactInfo address and contact the bad-relays@ mailing list.
+ Fixes bug 25170; bugfix on 0.2.9.1.
+
+ o Minor bugfixes (build, rust, backport from 0.3.3.1-alpha):
+ - When building with Rust on OSX, link against libresolv, to work
+ around the issue at https://github.com/rust-lang/rust/issues/46797.
+ Fixes bug 24652; bugfix on 0.3.1.1-alpha.
+
+ o Minor bugfixes (onion services, backport from 0.3.3.2-alpha):
+ - Remove a BUG() statement when a client fetches an onion descriptor
+ that has a lower revision counter than the one in its cache. This
+ can happen in normal circumstances due to HSDir desync. Fixes bug
+ 24976; bugfix on 0.3.2.1-alpha.
+
+ o Minor bugfixes (logging, backport from 0.3.3.2-alpha):
+ - Don't treat inability to store a cached consensus object as a bug:
+ it can happen normally when we are out of disk space. Fixes bug
+ 24859; bugfix on 0.3.1.1-alpha.
+
+ o Minor bugfixes (performance, fragile-hardening, backport from 0.3.3.1-alpha):
+ - Improve the performance of our consensus-diff application code
+ when Tor is built with the --enable-fragile-hardening option set.
+ Fixes bug 24826; bugfix on 0.3.1.1-alpha.
+
+ o Minor bugfixes (OSX, backport from 0.3.3.1-alpha):
+ - Don't exit the Tor process if setrlimit() fails to change the file
+ limit (which can happen sometimes on some versions of OSX). Fixes
+ bug 21074; bugfix on 0.0.9pre5.
+
+ o Minor bugfixes (spec conformance, backport from 0.3.3.3-alpha):
+ - Forbid "-0" as a protocol version. Fixes part of bug 25249; bugfix on
+ 0.2.9.4-alpha.
+ - Forbid UINT32_MAX as a protocol version. Fixes part of bug 25249;
+ bugfix on 0.2.9.4-alpha.
+
+ o Minor bugfixes (testing, backport from 0.3.3.1-alpha):
+ - Fix a memory leak in the scheduler/loop_kist unit test. Fixes bug
+ 25005; bugfix on 0.3.2.7-rc.
+
+ o Minor bugfixes (v3 onion services, backport from 0.3.3.2-alpha):
+ - Look at the "HSRend" protocol version, not the "HSDir" protocol
+ version, when deciding whether a consensus entry can support the
+ v3 onion service protocol as a rendezvous point. Fixes bug 25105;
+ bugfix on 0.3.2.1-alpha.
+
+ o Code simplification and refactoring (backport from 0.3.3.3-alpha):
+ - Update the "rust dependencies" submodule to be a project-level
+ repository, rather than a user repository. Closes ticket 25323.
+
+ o Documentation (backport from 0.3.3.1-alpha)
+ - Document that operators who run more than one relay or bridge are
+ expected to set MyFamily and ContactInfo correctly. Closes
+ ticket 24526.
+
+
+Changes in version 0.3.2.9 - 2018-01-09
+ Tor 0.3.2.9 is the first stable release in the 0.3.2 series.
+
+ The 0.3.2 series includes our long-anticipated new onion service
+ design, with numerous security features. (For more information, see
+ our blog post at https://blog.torproject.org/fall-harvest.) We also
+ have a new circuit scheduler algorithm for improved performance on
+ relays everywhere (see https://blog.torproject.org/kist-and-tell),
+ along with many smaller features and bugfixes.
+
+ Per our stable release policy, we plan to support each stable release
+ series for at least the next nine months, or for three months after
+ the first stable release of the next series: whichever is longer. If
+ you need a release with long-term support, we recommend that you stay
+ with the 0.2.9 series.
+
+ Below is a list of the changes since 0.3.2.8-rc. For a list of all
+ changes since 0.3.1, see the ReleaseNotes file.
+
+ o Minor features (fallback directory mirrors):
+ - The fallback directory list has been re-generated based on the
+ current status of the network. Tor uses fallback directories to
+ bootstrap when it doesn't yet have up-to-date directory
+ information. Closes ticket 24801.
+ - Make the default DirAuthorityFallbackRate 0.1, so that clients
+ prefer to bootstrap from fallback directory mirrors. This is a
+ follow-up to 24679, which removed weights from the default
+ fallbacks. Implements ticket 24681.
+
+ o Minor features (geoip):
+ - Update geoip and geoip6 to the January 5 2018 Maxmind GeoLite2
+ Country database.
+
+ o Minor bugfixes (address selection):
+ - When the fascist_firewall_choose_address_ functions don't find a
+ reachable address, set the returned address to the null address
+ and port. This is a precautionary measure, because some callers do
+ not check the return value. Fixes bug 24736; bugfix
+ on 0.2.8.2-alpha.
+
+ o Minor bugfixes (compilation):
+ - Resolve a few shadowed-variable warnings in the onion service
+ code. Fixes bug 24634; bugfix on 0.3.2.1-alpha.
+
+ o Minor bugfixes (portability, msvc):
+ - Fix a bug in the bit-counting parts of our timing-wheel code on
+ MSVC. (Note that MSVC is still not a supported build platform, due
+ to cyptographic timing channel risks.) Fixes bug 24633; bugfix
+ on 0.2.9.1-alpha.
+
+
+Changes in version 0.3.2.8-rc - 2017-12-21
+ Tor 0.3.2.8-rc fixes a pair of bugs in the KIST and KISTLite
+ schedulers that had led servers under heavy load to overload their
+ outgoing connections. All relay operators running earlier 0.3.2.x
+ versions should upgrade. This version also includes a mitigation for
+ over-full DESTROY queues leading to out-of-memory conditions: if it
+ works, we will soon backport it to earlier release series.
+
+ This is the second release candidate in the 0.3.2 series. If we find
+ no new bugs or regression here, then the first stable 0.3.2 release
+ will be nearly identical to this.
+
+ o Major bugfixes (KIST, scheduler):
+ - The KIST scheduler did not correctly account for data already
+ enqueued in each connection's send socket buffer, particularly in
+ cases when the TCP/IP congestion window was reduced between
+ scheduler calls. This situation lead to excessive per-connection
+ buffering in the kernel, and a potential memory DoS. Fixes bug
+ 24665; bugfix on 0.3.2.1-alpha.
+
+ o Minor features (geoip):
+ - Update geoip and geoip6 to the December 6 2017 Maxmind GeoLite2
+ Country database.
+
+ o Minor bugfixes (hidden service v3):
+ - Bump hsdir_spread_store parameter from 3 to 4 in order to increase
+ the probability of reaching a service for a client missing
+ microdescriptors. Fixes bug 24425; bugfix on 0.3.2.1-alpha.
+
+ o Minor bugfixes (memory usage):
+ - When queuing DESTROY cells on a channel, only queue the circuit-id
+ and reason fields: not the entire 514-byte cell. This fix should
+ help mitigate any bugs or attacks that fill up these queues, and
+ free more RAM for other uses. Fixes bug 24666; bugfix
+ on 0.2.5.1-alpha.
+
+ o Minor bugfixes (scheduler, KIST):
+ - Use a sane write limit for KISTLite when writing onto a connection
+ buffer instead of using INT_MAX and shoving as much as it can.
+ Because the OOM handler cleans up circuit queues, we are better
+ off at keeping them in that queue instead of the connection's
+ buffer. Fixes bug 24671; bugfix on 0.3.2.1-alpha.
+
+
+Changes in version 0.3.2.7-rc - 2017-12-14
+ Tor 0.3.2.7-rc fixes various bugs in earlier versions of Tor,
+ including some that could affect reliability or correctness.
+
+ This is the first release candidate in the 0.3.2 series. If we find no
+ new bugs or regression here, then the first stable 0.3.2. release will
+ be nearly identical to this.
+
+ o Major bugfixes (circuit prediction):
+ - Fix circuit prediction logic so that a client doesn't treat a port
+ as being "handled" by a circuit if that circuit already has
+ isolation settings on it. This change should make Tor clients more
+ responsive by improving their chances of having a pre-created
+ circuit ready for use when a request arrives. Fixes bug 18859;
+ bugfix on 0.2.3.3-alpha.
+
+ o Minor features (logging):
+ - Provide better warnings when the getrandom() syscall fails. Closes
+ ticket 24500.
+
+ o Minor features (portability):
+ - Tor now compiles correctly on arm64 with libseccomp-dev installed.
+ (It doesn't yet work with the sandbox enabled.) Closes
+ ticket 24424.
+
+ o Minor bugfixes (bridge clients, bootstrap):
+ - Retry directory downloads when we get our first bridge descriptor
+ during bootstrap or while reconnecting to the network. Keep
+ retrying every time we get a bridge descriptor, until we have a
+ reachable bridge. Fixes part of bug 24367; bugfix on 0.2.0.3-alpha.
+ - Stop delaying bridge descriptor fetches when we have cached bridge
+ descriptors. Instead, only delay bridge descriptor fetches when we
+ have at least one reachable bridge. Fixes part of bug 24367;
+ bugfix on 0.2.0.3-alpha.
+ - Stop delaying directory fetches when we have cached bridge
+ descriptors. Instead, only delay bridge descriptor fetches when
+ all our bridges are definitely unreachable. Fixes part of bug
+ 24367; bugfix on 0.2.0.3-alpha.
+
+ o Minor bugfixes (compilation):
+ - Fix a signed/unsigned comparison warning introduced by our fix to
+ TROVE-2017-009. Fixes bug 24480; bugfix on 0.2.5.16.
+
+ o Minor bugfixes (correctness):
+ - Fix several places in our codebase where a C compiler would be
+ likely to eliminate a check, based on assuming that undefined
+ behavior had not happened elsewhere in the code. These cases are
+ usually a sign of redundant checking or dubious arithmetic. Found
+ by Georg Koppen using the "STACK" tool from Wang, Zeldovich,
+ Kaashoek, and Solar-Lezama. Fixes bug 24423; bugfix on various
+ Tor versions.
+
+ o Minor bugfixes (onion service v3):
+ - Fix a race where an onion service would launch a new intro circuit
+ after closing an old one, but fail to register it before freeing
+ the previously closed circuit. This bug was making the service
+ unable to find the established intro circuit and thus not upload
+ its descriptor, thus making a service unavailable for up to 24
+ hours. Fixes bug 23603; bugfix on 0.3.2.1-alpha.
+
+ o Minor bugfixes (scheduler, KIST):
+ - Properly set the scheduler state of an unopened channel in the
+ KIST scheduler main loop. This prevents a harmless but annoying
+ log warning. Fixes bug 24502; bugfix on 0.3.2.4-alpha.
+ - Avoid a possible integer overflow when computing the available
+ space on the TCP buffer of a channel. This had no security
+ implications; but could make KIST allow too many cells on a
+ saturated connection. Fixes bug 24590; bugfix on 0.3.2.1-alpha.
+ - Downgrade to "info" a harmless warning about the monotonic time
+ moving backwards: This can happen on platform not supporting
+ monotonic time. Fixes bug 23696; bugfix on 0.3.2.1-alpha.
+
+
+Changes in version 0.3.2.6-alpha - 2017-12-01
+ This version of Tor is the latest in the 0.3.2 alpha series. It
+ includes fixes for several important security issues. All Tor users
+ should upgrade to this release, or to one of the other releases coming
+ out today.
+
+ o Major bugfixes (security):
+ - Fix a denial of service bug where an attacker could use a
+ malformed directory object to cause a Tor instance to pause while
+ OpenSSL would try to read a passphrase from the terminal. (Tor
+ instances run without a terminal, which is the case for most Tor
+ packages, are not impacted.) Fixes bug 24246; bugfix on every
+ version of Tor. Also tracked as TROVE-2017-011 and CVE-2017-8821.
+ Found by OSS-Fuzz as testcase 6360145429790720.
+ - Fix a denial of service issue where an attacker could crash a
+ directory authority using a malformed router descriptor. Fixes bug
+ 24245; bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2017-010
+ and CVE-2017-8820.
+ - When checking for replays in the INTRODUCE1 cell data for a
+ (legacy) onion service, correctly detect replays in the RSA-
+ encrypted part of the cell. We were previously checking for
+ replays on the entire cell, but those can be circumvented due to
+ the malleability of Tor's legacy hybrid encryption. This fix helps
+ prevent a traffic confirmation attack. Fixes bug 24244; bugfix on
+ 0.2.4.1-alpha. This issue is also tracked as TROVE-2017-009
+ and CVE-2017-8819.
+
+ o Major bugfixes (security, onion service v2):
+ - Fix a use-after-free error that could crash v2 Tor onion services
+ when they failed to open circuits while expiring introduction
+ points. Fixes bug 24313; bugfix on 0.2.7.2-alpha. This issue is
+ also tracked as TROVE-2017-013 and CVE-2017-8823.
+
+ o Major bugfixes (security, relay):
+ - When running as a relay, make sure that we never build a path
+ through ourselves, even in the case where we have somehow lost the
+ version of our descriptor appearing in the consensus. Fixes part
+ of bug 21534; bugfix on 0.2.0.1-alpha. This issue is also tracked
+ as TROVE-2017-012 and CVE-2017-8822.
+ - When running as a relay, make sure that we never choose ourselves
+ as a guard. Fixes part of bug 21534; bugfix on 0.3.0.1-alpha. This
+ issue is also tracked as TROVE-2017-012 and CVE-2017-8822.
+
+ o Minor feature (relay statistics):
+ - Change relay bandwidth reporting stats interval from 4 hours to 24
+ hours in order to reduce the efficiency of guard discovery
+ attacks. Fixes ticket 23856.
+
+ o Minor features (directory authority):
+ - Add an IPv6 address for the "bastet" directory authority. Closes
+ ticket 24394.
+
+ o Minor bugfixes (client):
+ - By default, do not enable storage of client-side DNS values. These
+ values were unused by default previously, but they should not have
+ been cached at all. Fixes bug 24050; bugfix on 0.2.6.3-alpha.
+
+
+Changes in version 0.3.2.5-alpha - 2017-11-22
+ Tor 0.3.2.5-alpha is the fifth alpha release in the 0.3.2.x series. It
+ fixes several stability and reliability bugs, including a fix for
+ intermittent bootstrapping failures that some people have been seeing
+ since the 0.3.0.x series.
+
+ Please test this alpha out -- many of these fixes will soon be
+ backported to stable Tor versions if no additional bugs are found
+ in them.
+
+ o Major bugfixes (bootstrapping):
+ - Fetch descriptors aggressively whenever we lack enough to build
+ circuits, regardless of how many descriptors we are missing.
+ Previously, we would delay launching the fetch when we had fewer
+ than 15 missing descriptors, even if some of those descriptors
+ were blocking circuits from building. Fixes bug 23985; bugfix on
+ 0.1.1.11-alpha. The effects of this bug became worse in
+ 0.3.0.3-alpha, when we began treating missing descriptors from our
+ primary guards as a reason to delay circuits.
+ - Don't try fetching microdescriptors from relays that have failed
+ to deliver them in the past. Fixes bug 23817; bugfix
+ on 0.3.0.1-alpha.
+
+ o Minor features (directory authority):
+ - Make the "Exit" flag assignment only depend on whether the exit
+ policy allows connections to ports 80 and 443. Previously relays
+ would get the Exit flag if they allowed connections to one of
+ these ports and also port 6667. Resolves ticket 23637.
+
+ o Minor features (geoip):
+ - Update geoip and geoip6 to the November 6 2017 Maxmind GeoLite2
+ Country database.
+
+ o Minor features (linux seccomp2 sandbox):
+ - Update the sandbox rules so that they should now work correctly
+ with Glibc 2.26. Closes ticket 24315.
+
+ o Minor features (logging):
+ - Downgrade a pair of log messages that could occur when an exit's
+ resolver gave us an unusual (but not forbidden) response. Closes
+ ticket 24097.
+ - Improve the message we log when re-enabling circuit build timeouts
+ after having received a consensus. Closes ticket 20963.
+
+ o Minor bugfixes (compilation):
+ - Fix a memory leak warning in one of the libevent-related
+ configuration tests that could occur when manually specifying
+ -fsanitize=address. Fixes bug 24279; bugfix on 0.3.0.2-alpha.
+ Found and patched by Alex Xu.
+ - When detecting OpenSSL on Windows from our configure script, make
+ sure to try linking with the ws2_32 library. Fixes bug 23783;
+ bugfix on 0.3.2.2-alpha.
+
+ o Minor bugfixes (control port, linux seccomp2 sandbox):
+ - Avoid a crash when attempting to use the seccomp2 sandbox together
+ with the OwningControllerProcess feature. Fixes bug 24198; bugfix
+ on 0.2.5.1-alpha.
+
+ o Minor bugfixes (control port, onion services):
+ - Report "FAILED" instead of "UPLOAD_FAILED" "FAILED" for the
+ HS_DESC event when a service is not able to upload a descriptor.
+ Fixes bug 24230; bugfix on 0.2.7.1-alpha.
+
+ o Minor bugfixes (directory cache):
+ - Recover better from empty or corrupt files in the consensus cache
+ directory. Fixes bug 24099; bugfix on 0.3.1.1-alpha.
+ - When a consensus diff calculation is only partially successful,
+ only record the successful parts as having succeeded. Partial
+ success can happen if (for example) one compression method fails
+ but the others succeed. Previously we misrecorded all the
+ calculations as having succeeded, which would later cause a
+ nonfatal assertion failure. Fixes bug 24086; bugfix
+ on 0.3.1.1-alpha.
+
+ o Minor bugfixes (logging):
+ - Only log once if we notice that KIST support is gone. Fixes bug
+ 24158; bugfix on 0.3.2.1-alpha.
+ - Suppress a log notice when relay descriptors arrive. We already
+ have a bootstrap progress for this so no need to log notice
+ everytime tor receives relay descriptors. Microdescriptors behave
+ the same. Fixes bug 23861; bugfix on 0.2.8.2-alpha.
+
+ o Minor bugfixes (network layer):
+ - When closing a connection via close_connection_immediately(), we
+ mark it as "not blocked on bandwidth", to prevent later calls from
+ trying to unblock it, and give it permission to read. This fixes a
+ backtrace warning that can happen on relays under various
+ circumstances. Fixes bug 24167; bugfix on 0.1.0.1-rc.
+
+ o Minor bugfixes (onion services):
+ - The introduction circuit was being timed out too quickly while
+ waiting for the rendezvous circuit to complete. Keep the intro
+ circuit around longer instead of timing out and reopening new ones
+ constantly. Fixes bug 23681; bugfix on 0.2.4.8-alpha.
+ - Rename the consensus parameter "hsdir-interval" to "hsdir_interval"
+ so it matches dir-spec.txt. Fixes bug 24262; bugfix
+ on 0.3.1.1-alpha.
+ - Silence a warning about failed v3 onion descriptor uploads that
+ can happen naturally under certain edge cases. Fixes part of bug
+ 23662; bugfix on 0.3.2.1-alpha.
+
+ o Minor bugfixes (tests):
+ - Fix a memory leak in one of the bridge-distribution test cases.
+ Fixes bug 24345; bugfix on 0.3.2.3-alpha.
+ - Fix a bug in our fuzzing mock replacement for crypto_pk_checksig(),
+ to correctly handle cases where a caller gives it an RSA key of
+ under 160 bits. (This is not actually a bug in Tor itself, but
+ rather in our fuzzing code.) Fixes bug 24247; bugfix on
+ 0.3.0.3-alpha. Found by OSS-Fuzz as issue 4177.
+
+ o Documentation:
+ - Add notes in man page regarding OS support for the various
+ scheduler types. Attempt to use less jargon in the scheduler
+ section. Closes ticket 24254.
+
+
+Changes in version 0.3.2.4-alpha - 2017-11-08
+ Tor 0.3.2.4-alpha is the fourth alpha release in the 0.3.2.x series.
+ It fixes several stability and reliability bugs, especially including
+ a major reliability issue that has been plaguing fast exit relays in
+ recent months.
+
+ o Major bugfixes (exit relays, DNS):
+ - Fix an issue causing DNS to fail on high-bandwidth exit nodes,
+ making them nearly unusable. Fixes bugs 21394 and 18580; bugfix on
+ 0.1.2.2-alpha, which introduced eventdns. Thanks to Dhalgren for
+ identifying and finding a workaround to this bug and to Moritz,
+ Arthur Edelstein, and Roger for helping to track it down and
+ analyze it.
+
+ o Major bugfixes (scheduler, channel):
+ - Stop processing scheduled channels if they closed while flushing
+ cells. This can happen if the write on the connection fails
+ leading to the channel being closed while in the scheduler loop.
+ Fixes bug 23751; bugfix on 0.3.2.1-alpha.
+
+ o Minor features (logging, scheduler):
+ - Introduce a SCHED_BUG() function to log extra information about
+ the scheduler state if we ever catch a bug in the scheduler.
+ Closes ticket 23753.
+
+ o Minor features (removed deprecations):
+ - The ClientDNSRejectInternalAddresses flag can once again be set in
+ non-testing Tor networks, so long as they do not use the default
+ directory authorities. This change also removes the deprecation of
+ this flag from 0.2.9.2-alpha. Closes ticket 21031.
+
+ o Minor features (testing):
+ - Our fuzzing tests now test the encrypted portions of v3 onion
+ service descriptors. Implements more of 21509.
+
+ o Minor bugfixes (directory client):
+ - On failure to download directory information, delay retry attempts
+ by a random amount based on the "decorrelated jitter" algorithm.
+ Our previous delay algorithm tended to produce extra-long delays
+ too easily. Fixes bug 23816; bugfix on 0.2.9.1-alpha.
+
+ o Minor bugfixes (IPv6, v3 single onion services):
+ - Remove buggy code for IPv6-only v3 single onion services, and
+ reject attempts to configure them. This release supports IPv4,
+ dual-stack, and IPv6-only v3 onion services; and IPv4 and dual-
+ stack v3 single onion services. Fixes bug 23820; bugfix
+ on 0.3.2.1-alpha.
+
+ o Minor bugfixes (logging, relay):
+ - Give only a protocol warning when the ed25519 key is not
+ consistent between the descriptor and microdescriptor of a relay.
+ This can happen, for instance, if the relay has been flagged
+ NoEdConsensus. Fixes bug 24025; bugfix on 0.3.2.1-alpha.
+
+ o Minor bugfixes (manpage, onion service):
+ - Document that the HiddenServiceNumIntroductionPoints option is
+ 0-10 for v2 services and 0-20 for v3 services. Fixes bug 24115;
+ bugfix on 0.3.2.1-alpha.
+
+ o Minor bugfixes (memory leaks):
+ - Fix a minor memory leak at exit in the KIST scheduler. This bug
+ should have no user-visible impact. Fixes bug 23774; bugfix
+ on 0.3.2.1-alpha.
+ - Fix a memory leak when decrypting a badly formatted v3 onion
+ service descriptor. Fixes bug 24150; bugfix on 0.3.2.1-alpha.
+ Found by OSS-Fuzz; this is OSS-Fuzz issue 3994.
+
+ o Minor bugfixes (onion services):
+ - Cache some needed onion service client information instead of
+ constantly computing it over and over again. Fixes bug 23623;
+ bugfix on 0.3.2.1-alpha.
+ - Properly retry HSv3 descriptor fetches when missing required
+ directory information. Fixes bug 23762; bugfix on 0.3.2.1-alpha.
+
+ o Minor bugfixes (path selection):
+ - When selecting relays by bandwidth, avoid a rounding error that
+ could sometimes cause load to be imbalanced incorrectly.
+ Previously, we would always round upwards; now, we round towards
+ the nearest integer. This had the biggest effect when a relay's
+ weight adjustments should have given it weight 0, but it got
+ weight 1 instead. Fixes bug 23318; bugfix on 0.2.4.3-alpha.
+ - When calculating the fraction of nodes that have descriptors, and
+ all nodes in the network have zero bandwidths, count the number of
+ nodes instead. Fixes bug 23318; bugfix on 0.2.4.10-alpha.
+ - Actually log the total bandwidth in compute_weighted_bandwidths().
+ Fixes bug 24170; bugfix on 0.2.4.3-alpha.
+
+ o Minor bugfixes (relay, crash):
+ - Avoid a crash when transitioning from client mode to bridge mode.
+ Previously, we would launch the worker threads whenever our
+ "public server" mode changed, but not when our "server" mode
+ changed. Fixes bug 23693; bugfix on 0.2.6.3-alpha.
+
+ o Minor bugfixes (testing):
+ - Fix a spurious fuzzing-only use of an uninitialized value. Found
+ by Brian Carpenter. Fixes bug 24082; bugfix on 0.3.0.3-alpha.
+ - Test that IPv6-only clients can use microdescriptors when running
+ "make test-network-all". Requires chutney master 61c28b9 or later.
+ Closes ticket 24109.
+
+
+Changes in version 0.3.2.3-alpha - 2017-10-27
+ Tor 0.3.2.3-alpha is the third release in the 0.3.2 series. It fixes
+ numerous small bugs in earlier versions of 0.3.2.x, and adds a new
+ directory authority, Bastet.
+
+ o Directory authority changes:
+ - Add "Bastet" as a ninth directory authority to the default list.
+ Closes ticket 23910.
+ - The directory authority "Longclaw" has changed its IP address.
+ Closes ticket 23592.
+
+ o Minor features (bridge):
+ - Bridge relays can now set the BridgeDistribution config option to
+ add a "bridge-distribution-request" line to their bridge
+ descriptor, which tells BridgeDB how they'd like their bridge
+ address to be given out. (Note that as of Oct 2017, BridgeDB does
+ not yet implement this feature.) As a side benefit, this feature
+ provides a way to distinguish bridge descriptors from non-bridge
+ descriptors. Implements tickets 18329.
+
+ o Minor features (client, entry guards):
+ - Improve log messages when missing descriptors for primary guards.
+ Resolves ticket 23670.
+
+ o Minor features (geoip):
+ - Update geoip and geoip6 to the October 4 2017 Maxmind GeoLite2
+ Country database.
+
+ o Minor bugfixes (bridge):
+ - Overwrite the bridge address earlier in the process of retrieving
+ its descriptor, to make sure we reach it on the configured
+ address. Fixes bug 20532; bugfix on 0.2.0.10-alpha.
+
+ o Minor bugfixes (documentation):
+ - Document better how to read gcov, and what our gcov postprocessing
+ scripts do. Fixes bug 23739; bugfix on 0.2.9.1-alpha.
+
+ o Minor bugfixes (entry guards):
+ - Tor now updates its guard state when it reads a consensus
+ regardless of whether it's missing descriptors. That makes tor use
+ its primary guards to fetch descriptors in some edge cases where
+ it would previously have used fallback directories. Fixes bug
+ 23862; bugfix on 0.3.0.1-alpha.
+
+ o Minor bugfixes (hidden service client):
+ - When handling multiple SOCKS request for the same .onion address,
+ only fetch the service descriptor once.
+ - When a descriptor fetch fails with a non-recoverable error, close
+ all pending SOCKS requests for that .onion. Fixes bug 23653;
+ bugfix on 0.3.2.1-alpha.
+
+ o Minor bugfixes (hidden service):
+ - Always regenerate missing hidden service public key files. Prior
+ to this, if the public key was deleted from disk, it wouldn't get
+ recreated. Fixes bug 23748; bugfix on 0.3.2.2-alpha. Patch
+ from "cathugger".
+ - Make sure that we have a usable ed25519 key when the intro point
+ relay supports ed25519 link authentication. Fixes bug 24002;
+ bugfix on 0.3.2.1-alpha.
+
+ o Minor bugfixes (hidden service, v2):
+ - When reloading configured hidden services, copy all information
+ from the old service object. Previously, some data was omitted,
+ causing delays in descriptor upload, and other bugs. Fixes bug
+ 23790; bugfix on 0.2.1.9-alpha.
+
+ o Minor bugfixes (memory safety, defensive programming):
+ - Clear the target address when node_get_prim_orport() returns
+ early. Fixes bug 23874; bugfix on 0.2.8.2-alpha.
+
+ o Minor bugfixes (relay):
+ - Avoid a BUG warning when receiving a dubious CREATE cell while an
+ option transition is in progress. Fixes bug 23952; bugfix
+ on 0.3.2.1-alpha.
+
+ o Minor bugfixes (testing):
+ - Adjust the GitLab CI configuration to more closely match that of
+ Travis CI. Fixes bug 23757; bugfix on 0.3.2.2-alpha.
+ - Prevent scripts/test/coverage from attempting to move gcov output
+ to the root directory. Fixes bug 23741; bugfix on 0.2.5.1-alpha.
+ - When running unit tests as root, skip a test that would fail
+ because it expects a permissions error. This affects some
+ continuous integration setups. Fixes bug 23758; bugfix
+ on 0.3.2.2-alpha.
+ - Stop unconditionally mirroring the tor repository in GitLab CI.
+ This prevented developers from enabling GitLab CI on master. Fixes
+ bug 23755; bugfix on 0.3.2.2-alpha.
+ - Fix the hidden service v3 descriptor decoding fuzzing to use the
+ latest decoding API correctly. Fixes bug 21509; bugfix
+ on 0.3.2.1-alpha.
+
+ o Minor bugfixes (warnings):
+ - When we get an HTTP request on a SOCKS port, tell the user about
+ the new HTTPTunnelPort option. Previously, we would give a "Tor is
+ not an HTTP Proxy" message, which stopped being true when
+ HTTPTunnelPort was introduced. Fixes bug 23678; bugfix
+ on 0.3.2.1-alpha.
+
+
Changes in version 0.3.2.2-alpha - 2017-09-29
Tor 0.3.2.2-alpha is the second release in the 0.3.2 series. This
release fixes several minor bugs in the new scheduler and next-
@@ -25243,4 +26251,3 @@ Changes in version 0.0.2pre13 - 2003-10-19
- If --DebugLogFile is specified, log to it at -l debug
- If --LogFile is specified, use it instead of commandline
- If --RunAsDaemon is set, tor forks and backgrounds on startup
-
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion