aboutsummaryrefslogtreecommitdiff
path: root/ChangeLog
diff options
context:
space:
mode:
Diffstat (limited to 'ChangeLog')
-rw-r--r--ChangeLog226
1 files changed, 226 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index 3909b1783a..f7625817d1 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,229 @@
+Changes in version 0.2.3.16-alpha - 2012-06-0?
+ o Major bugfixes (general):
+ - Work around a bug in OpenSSL that broke renegotiation with TLS
+ 1.1 and TLS 1.2. Without this workaround, all attempts to speak
+ the v2 Tor connection protocol when both sides were using OpenSSL
+ 1.0.1 would fail. Resolves ticket 6033.
+ - When waiting for a client to renegotiate, don't allow it to add
+ any bytes to the input buffer. This fixes a potential DoS issue.
+ Fixes bugs 5934 and 6007; bugfix on 0.2.0.20-rc.
+ - Pass correct OR address to managed proxies (like obfsproxy),
+ even when ORListenAddress is used. Fixes bug 4865; bugfix on
+ 0.2.3.9-alpha.
+ - The advertised platform of a router now includes only its operating
+ system's name (e.g., "Linux", "Darwin", "Windows 7"), and not its
+ service pack level (for Windows) or its CPU architecture (for Unix).
+ We also no longer include the "git-XYZ" tag in the version. Resolves
+ part of bug 2988.
+
+ o Major bugfixes (clients):
+ - If we are unable to find any exit that supports our predicted ports,
+ stop calling them predicted, so that we don't loop and build
+ hopeless circuits indefinitely. Fixes bug 3296; bugfix on 0.0.9pre6,
+ which introduced predicted ports.
+ - Fix an edge case where if we fetch or publish a hidden service
+ descriptor, we might build a 4-hop circuit and then use that circuit
+ for exiting afterwards -- even if the new last hop doesn't obey our
+ ExitNodes config option. Fixes bug 5283; bugfix on 0.2.0.10-alpha.
+ - Check at each new consensus whether our entry guards were picked
+ long enough ago that we should rotate them. Previously, we only
+ did this check at startup, which could lead to us holding a guard
+ indefinitely. Fixes bug 5380; bugfix on 0.2.1.14-rc.
+ - When fetching a bridge descriptor from a bridge authority,
+ always do so anonymously, whether we have been able to open
+ circuits or not. Partial fix for bug 1938; bugfix on 2.0.7-alpha.
+ This behavior makes it *safer* to use UpdateBridgesFromAuthority,
+ but we'll need to wait for bug 6010 before it's actually usable.
+
+ o Major bugfixes (directory authorities):
+ - When computing weight parameters, behave more robustly in the
+ presence of a bad bwweightscale value. Previously, the authorities
+ would crash if they agreed on a sufficiently broken weight_scale
+ value: now, they use a reasonable default and carry on. Partial
+ fix for 5786; bugfix on 0.2.2.17-alpha.
+ - Check more thoroughly to prevent a rogue authority from
+ double-voting on any consensus directory parameter. Previously,
+ authorities would crash in this case if the total number of
+ votes for any parameter exceeded the number of active voters,
+ but would let it pass otherwise. Partial fix for bug 5786; bugfix
+ on 0.2.2.2-alpha.
+
+ o Minor features:
+ - Rate-limit log messages when asked to connect anonymously to
+ a private address. When these hit, they tended to hit fast and
+ often. Also, don't bother trying to connect to addresses that we
+ are sure will resolve to 127.0.0.1: getting 127.0.0.1 in a directory
+ reply makes us think we have been lied to, even when the address the
+ client tried to connect to was "localhost." Resolves ticket 2822.
+ - Allow packagers to insert an extra string in server descriptor
+ platform lines by setting the preprocessor variable TOR_BUILD_TAG.
+ Resolves the rest of ticket 2988.
+ - Raise the threshold of server descriptors needed (75%) and exit
+ server descriptors needed (50%) before we will declare ourselves
+ bootstrapped. This will make clients start building circuits a
+ little later, but makes the initially constructed circuits less
+ skewed and less in conflict with further directory fetches. Fixes
+ ticket 3196.
+ - Close any connection that sends unrecognized junk before the
+ handshake. Solves an issue noted in bug 4369.
+ - Improve log messages about managed transports. Resolves ticket 5070.
+ - Tag a bridge's descriptor as "never to be sent unencrypted".
+ This shouldn't matter, since bridges don't open non-anonymous
+ connections to the bridge authority and don't allow unencrypted
+ directory connections from clients, but we might as well make
+ sure. Closes bug 5139.
+ - Expose our view of whether we have gone dormant to the controller,
+ via a new "GETINFO dormant" value. Torbutton and other controllers
+ can use this to avoid doing periodic requests through Tor while
+ it's dormant (bug 4718). Fixes bug 5954.
+ - Tell GCC and Clang to check for any errors in format strings passed
+ to the tor_v*(print|scan)f functions.
+ - Update to the May 1 2012 Maxmind GeoLite Country database.
+
+ o Minor bugfixes (already included in 0.2.2.36):
+ - Reject out-of-range times like 23:59:61 in parse_rfc1123_time().
+ Fixes bug 5346; bugfix on 0.0.8pre3.
+ - Correct parsing of certain date types in parse_http_time().
+ Without this patch, If-Modified-Since would behave
+ incorrectly. Fixes bug 5346; bugfix on 0.2.0.2-alpha. Patch from
+ Esteban Manchado Velázques.
+ - Make our number-parsing functions always treat too-large values
+ as an error, even when those values exceed the width of the
+ underlying type. Previously, if the caller provided these
+ functions with minima or maxima set to the extreme values of the
+ underlying integer type, these functions would return those
+ values on overflow rather than treating overflow as an error.
+ Fixes part of bug 5786; bugfix on 0.0.9.
+ - If we hit the error case where routerlist_insert() replaces an
+ existing (old) server descriptor, make sure to remove that
+ server descriptor from the old_routers list. Fix related to bug
+ 1776. Bugfix on 0.2.2.18-alpha.
+ - Clarify the behavior of MaxCircuitDirtiness with hidden service
+ circuits. Fixes issue 5259.
+
+ o Minor bugfixes (coding cleanup, on 0.2.2.x and earlier):
+ - Prevent a null-pointer dereference when receiving a data cell
+ for a nonexistent stream when the circuit in question has an
+ empty deliver window. We don't believe this is triggerable,
+ since we don't currently allow deliver windows to become empty,
+ but the logic is tricky enough that it's better to make the code
+ robust. Fixes bug 5541; bugfix on 0.0.2pre14.
+ - Fix a memory leak when trying to launch a DNS request when the
+ network is disabled or the nameservers are unconfigurable. Fixes
+ bug 5916; bugfix on Tor 0.1.2.1-alpha (for the unconfigurable
+ nameserver case) and on 0.2.3.9-alpha (for the DisableNetwork case).
+ - Don't hold a windows file handle open for every file mapping;
+ the file mapping handle is sufficient. Fixes bug 5951; bugfix on
+ 0.1.2.1-alpha.
+ - Avoid O(n^2) performance characteristics when parsing a large
+ extrainfo cache. Fixes bug 5828; bugfix on 0.2.0.1-alpha.
+ - Format more doubles with %f, not %lf. Patch from grarpamp to make
+ Tor build correctly on older BSDs again. Fixes bug 3894; bugfix on
+ Tor 0.2.0.8-alpha.
+ - Make our replacement implementation of strtok_r() compatible with
+ the standard behavior of strtok_r(). Patch by nils. Fixes bug 5091;
+ bugfix on 0.2.2.1-alpha.
+ - Fix a NULL-pointer dereference on a badly formed
+ SETCIRCUITPURPOSE command. Found by mikeyc. Fixes bug 5796;
+ bugfix on 0.2.2.9-alpha.
+ - Fix a build warning with Clang 3.1 related to our use of vasprint.
+ Fixes bug 5969. Bugfix on 0.2.2.11-alpha.
+ - Defensively refactor rend_mid_rendezvous() so that protocol
+ violations and length checks happen in the beginning. Fixes
+ bug 5645.
+ - Set _WIN32_WINNT to 0x0501 consistently throughout the code, so
+ that IPv6 stuff will compile on MSVC, and compilation issues
+ will be easier to track down. Fixes bug 5861.
+
+ o Minor bugfixes (correctness, on 0.2.2.x and earlier):
+ - Exit nodes now correctly report EADDRINUSE and EADDRNOTAVAIL as
+ resource exhaustion, so that clients can adjust their load to
+ try other exits. Fixes bug 4710; bugfix on 0.1.0.1-rc, which
+ started using END_STREAM_REASON_RESOURCELIMIT.
+ - Don't check for whether the address we're using for outbound
+ connections has changed until after the outbound connection has
+ completed. On Windows, getsockname() doesn't succeed until the
+ connection is finished. Fixes bug 5374; bugfix on 0.1.1.14-alpha.
+ - If the configuration tries to set MyFamily on a bridge, refuse to
+ do so, and warn about the security implications. Fixes bug 4657;
+ bugfix on 0.2.0.3-alpha.
+ - If the client fails to set a reasonable set of ciphersuites
+ during its v2 handshake renegotiation, allow the renegotiation to
+ continue nevertheless (i.e. send all the required certificates).
+ Fixes bug 4591; bugfix on 0.2.0.20-rc.
+ - When we receive a SIGHUP and the controller __ReloadTorrcOnSIGHUP
+ option is set to 0 (which Vidalia version 0.2.16 now does when
+ a SAVECONF attempt fails), perform other actions that SIGHUP
+ usually causes (like reopening the logs). Fixes bug 5095; bugfix
+ on 0.2.1.9-alpha.
+ - If we fail to write a microdescriptor to the disk cache, do not
+ continue replacing the old microdescriptor file. Fixes bug 2954;
+ bugfix on 0.2.2.6-alpha.
+ - Exit nodes don't need to fetch certificates for authorities that
+ they don't recognize; only directory authorities, bridges,
+ and caches need to do that. Fixes part of bug 2297; bugfix on
+ 0.2.2.11-alpha.
+ - Correctly handle checking the permissions on the parent
+ directory of a control socket in the root directory. Bug found
+ by Esteban Manchado Velázquez. Fixes bug 5089; bugfix on Tor
+ 0.2.2.26-beta.
+ - When told to add a bridge with the same digest as a preexisting
+ bridge but a different addr:port, change the addr:port as
+ requested. Previously we would not notice the change. Fixes half
+ of bug 5603; fix on 0.2.2.26-beta.
+ - End AUTHCHALLENGE error messages (in the control protocol) with
+ a CRLF. Fixes bug 5760; bugfix on 0.2.2.36 and 0.2.3.13-alpha.
+
+ o Minor bugfixes (on 0.2.3.x):
+ - Turn an assertion (that the number of handshakes received as a
+ server is not < 1) into a warning. Fixes bug 4873; bugfix on
+ 0.2.3.1-alpha.
+ - Format IPv4 addresses correctly in ADDRMAP events. (Previously,
+ we had reversed them when the answer was cached.) Fixes bug
+ 5723; bugfix on 0.2.3.1-alpha.
+ - Work correctly on Linux systems with accept4 support advertised in
+ their headers, but without accept4 support in the kernel. Fix
+ by murb. Fixes bug 5762; bugfix on 0.2.3.1-alpha.
+ - When told to add a bridge with the same addr:port as a preexisting
+ bridge but a different transport, change the transport as
+ requested. Previously we would not notice the change. Fixes half
+ of bug 5603; fix on 0.2.3.2-alpha.
+ - Avoid a "double-reply" warning when replying to a SOCKS request
+ with a parse error. Patch from Fabian Keil. Fixes bug 4108;
+ bugfix on 0.2.3.4-alpha.
+ - Fix a bug where a bridge authority crashes if it has seen no
+ directory requests when it's time to write statistics to disk.
+ Fixes bug 5891; bugfix on 0.2.3.6-alpha. Also fixes bug 5508 in
+ a better way.
+ - Don't try to open non-control listeners when DisableNetwork is set.
+ Previousy, we'd open all listeners, then immediately close them.
+ Fixes bug 5604; bugfix on 0.2.3.9-alpha.
+ - Don't abort the managed proxy protocol if the managed proxy
+ sends us an unrecognized line; ignore it instead. Fixes bug
+ 5910; bugfix on 0.2.3.9-alpha.
+ - Fix a compile warning in crypto.c when compiling with clang 3.1.
+ Fixes bug 5969, bugfix on 0.2.3.9-alpha.
+ - Fix a compilation issue on GNU Hurd, which doesn't have PATH_MAX.
+ Fixes bug 5355; bugfix on 0.2.3.11-alpha.
+ - Remove bogus definition of "_WIN32" from src/win32/orconfig.h, to
+ unbreak the MSVC build. Fies bug 5858; bugfix on 0.2.3.12-alpha.
+ - Resolve numerous small warnings and build issues with MSVC. Resolves
+ bug 5859.
+
+ o Documentation fixes:
+ - Improve the manual's documentation for the NT Service command-line
+ options. Addresses ticket 3964.
+ - Clarify SessionGroup documentation slightly; resolves ticket 5437.
+ - Document the changes to the ORPort and DirPort options, and the
+ fact that {OR/Dir}ListenAddress is now unnecessary (and
+ therefore deprecated). Resolves ticket 5597.
+
+ o Removed files:
+ - Remove the torrc.bridge file: we don't use it for anything, and
+ it had become badly desynchronized from torrc.sample. Resolves
+ bug 5622.
+
+
Changes in version 0.2.2.36 - 2012-05-24
Tor 0.2.2.36 updates the addresses for two of the eight directory
authorities, fixes some potential anonymity and security issues,