aboutsummaryrefslogtreecommitdiff
path: root/ChangeLog
diff options
context:
space:
mode:
Diffstat (limited to 'ChangeLog')
-rw-r--r--ChangeLog1585
1 files changed, 1582 insertions, 3 deletions
diff --git a/ChangeLog b/ChangeLog
index 6ba0b06dd2..96629e37f4 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,1582 @@
+Changes in version 0.3.3.1-alpha - 2018-01-25
+ Tor 0.3.3.1-alpha is the first release in the 0.3.3.x series. It adds
+ several new features to Tor, including several improvements to
+ bootstrapping, and support for an experimental "vanguards" feature to
+ resist guard discovery attacks. This series also includes better
+ support for applications that need to embed Tor or manage v3
+ onion services.
+
+ o Major features (embedding):
+ - There is now a documented stable API for programs that need to
+ embed Tor. See tor_api.h for full documentation and known bugs.
+ Closes ticket 23684.
+ - Tor now has support for restarting in the same process.
+ Controllers that run Tor using the "tor_api.h" interface can now
+ restart Tor after Tor has exited. This support is incomplete,
+ however: we fixed crash bugs that prevented it from working at
+ all, but many bugs probably remain, including a possibility of
+ security issues. Implements ticket 24581.
+
+ o Major features (IPv6, directory documents):
+ - Add consensus method 27, which adds IPv6 ORPorts to the microdesc
+ consensus. This information makes it easier for IPv6 clients to
+ bootstrap and choose reachable entry guards. Implements 23826.
+ - Add consensus method 28, which removes IPv6 ORPorts from
+ microdescriptors. Now that the consensus contains IPv6 ORPorts,
+ they are redundant in microdescs. This change will be used by Tor
+ clients on 0.2.8.x and later. (That is to say, with all Tor
+ clients having IPv6 bootstrap and guard support.) Implements 23828.
+ - Expand the documentation for AuthDirHasIPv6Connectivity when it is
+ set by different numbers of authorities. Fixes 23870
+ on 0.2.4.1-alpha.
+
+ o Major features (onion service v3, control port):
+ - The control port now supports commands and events for v3 onion
+ services. It is now possible to create ephemeral v3 services using
+ ADD_ONION. Additionally, several events (HS_DESC, HS_DESC_CONTENT,
+ CIRC and CIRC_MINOR) and commands (GETINFO, HSPOST, ADD_ONION and
+ DEL_ONION) have been extended to support v3 onion services. Closes
+ ticket 20699; implements proposal 284.
+
+ o Major features (onion services):
+ - Provide torrc options to pin the second and third hops of onion
+ service circuits to a list of nodes. The option HSLayer2Guards
+ pins the second hop, and the option HSLayer3Guards pins the third
+ hop. These options are for use in conjunction with experiments
+ with "vanguards" for preventing guard enumeration attacks. Closes
+ ticket 13837.
+
+ o Major features (rust, portability, experimental):
+ - Tor now ships with an optional implementation of one of its
+ smaller modules (protover.c) in the Rust programming language. To
+ try it out, install a Rust build environment, and configure Tor
+ with "--enable-rust --enable-cargo-online-mode". This should not
+ cause any user-visible changes, but should help us gain more
+ experience with Rust, and plan future Rust integration work.
+ Implementation by Chelsea Komlo. Closes ticket 22840.
+
+ o Major features (storage, configuration):
+ - Users can store cached directory documents somewhere other than
+ the DataDirectory by using the CacheDirectory option. Similarly,
+ the storage location for relay's keys can be overridden with the
+ KeyDirectory option. Closes ticket 22703.
+
+ o Major features (v3 onion services, ipv6):
+ - When v3 onion service clients send introduce cells, they now
+ include the IPv6 address of the rendezvous point, if it has one.
+ Current v3 onion services running 0.3.2 ignore IPv6 addresses, but
+ in future Tor versions, IPv6-only v3 single onion services will be
+ able to use IPv6 addresses to connect directly to the rendezvous
+ point. Closes ticket 23577. Patch by Neel Chauhan.
+
+ o Major bugfixes (onion services, retry behavior):
+ - Fix an "off by 2" error in counting rendezvous failures on the
+ onion service side. While we thought we would stop the rendezvous
+ attempt after one failed circuit, we were actually making three
+ circuit attempts before giving up. Now switch to a default of 2,
+ and allow the consensus parameter "hs_service_max_rdv_failures" to
+ override. Fixes bug 24895; bugfix on 0.0.6.
+ - New-style (v3) onion services now obey the "max rendezvous circuit
+ attempts" logic. Previously they would make as many rendezvous
+ circuit attempts as they could fit in the MAX_REND_TIMEOUT second
+ window before giving up. Fixes bug 24894; bugfix on 0.3.2.1-alpha.
+
+ o Major bugfixes (relays):
+ - Fix a set of false positives where relays would consider
+ connections to other relays as being client-only connections (and
+ thus e.g. deserving different link padding schemes) if those
+ relays fell out of the consensus briefly. Now we look only at the
+ initial handshake and whether the connection authenticated as a
+ relay. Fixes bug 24898; bugfix on 0.3.1.1-alpha.
+
+ o Minor feature (IPv6):
+ - Make IPv6-only clients wait for microdescs for relays, even if we
+ were previously using descriptors (or were using them as a bridge)
+ and have a cached descriptor for them. Implements 23827.
+ - When a consensus has IPv6 ORPorts, make IPv6-only clients use
+ them, rather than waiting to download microdescriptors.
+ Implements 23827.
+
+ o Minor features (cleanup):
+ - Tor now deletes the CookieAuthFile and ExtORPortCookieAuthFile
+ when it stops. Closes ticket 23271.
+
+ o Minor features (defensive programming):
+ - Most of the functions in Tor that free objects have been replaced
+ with macros that free the objects and set the corresponding
+ pointers to NULL. This change should help prevent a large class of
+ dangling pointer bugs. Closes ticket 24337.
+ - Where possible, the tor_free() macro now only evaluates its input
+ once. Part of ticket 24337.
+ - Check that microdesc ed25519 ids are non-zero in
+ node_get_ed25519_id() before returning them. Implements 24001,
+ patch by "aruna1234".
+
+ o Minor features (directory authority):
+ - Make the "Exit" flag assignment only depend on whether the exit
+ policy allows connections to ports 80 and 443. Previously relays
+ would get the Exit flag if they allowed connections to one of
+ these ports and also port 6667. Resolves ticket 23637.
+
+ o Minor features (embedding):
+ - Tor can now start with a preauthenticated control connection
+ created by the process that launched it. This feature is meant for
+ use by programs that want to launch and manage a Tor process
+ without allowing other programs to manage it as well. For more
+ information, see the __OwningControllerFD option documented in
+ control-spec.txt. Closes ticket 23900.
+ - On most errors that would cause Tor to exit, it now tries to
+ return from the tor_main() function, rather than calling the
+ system exit() function. Most users won't notice a difference here,
+ but it should make a significant for programs that run Tor inside
+ a separate thread: they should now be able to survive Tor's exit
+ conditions rather than having Tor shut down the entire process.
+ Closes ticket 23848.
+ - Applications that want to embed Tor can now tell Tor not to
+ register any of its own POSIX signal handlers, using the
+ __DisableSignalHandlers option. Closes ticket 24588.
+
+ o Minor features (fallback directory list):
+ - Avoid selecting fallbacks that change their IP addresses too
+ often. Select more fallbacks by ignoring the Guard flag, and
+ allowing lower cutoffs for the Running and V2Dir flags. Also allow
+ a lower bandwidth, and a higher number of fallbacks per operator
+ (5% of the list). Implements ticket 24785.
+ - Update the fallback whitelist and blacklist based on opt-ins and
+ relay changes. Closes tickets 22321, 24678, 22527, 24135,
+ and 24695.
+
+ o Minor features (fallback directory mirror configuration):
+ - Add a nickname to each fallback in a C comment. This makes it
+ easier for operators to find their relays, and allows stem to use
+ nicknames to identify fallbacks. Implements ticket 24600.
+ - Add a type and version header to the fallback directory mirror
+ file. Also add a delimiter to the end of each fallback entry. This
+ helps external parsers like stem and Relay Search. Implements
+ ticket 24725.
+ - Add an extrainfo cache flag for each fallback in a C comment. This
+ allows stem to use fallbacks to fetch extra-info documents, rather
+ than using authorities. Implements ticket 22759.
+ - Add the generateFallbackDirLine.py script for automatically
+ generating fallback directory mirror lines from relay fingerprints.
+ No more typos! Add the lookupFallbackDirContact.py script for
+ automatically looking up operator contact info from relay
+ fingerprints. Implements ticket 24706, patch by teor and atagar.
+ - Reject any fallback directory mirror that serves an expired
+ consensus. Implements ticket 20942, patch by "minik".
+ - Remove commas and equals signs from external string inputs to the
+ fallback list. This avoids format confusion attacks. Implements
+ ticket 24726.
+ - Remove the "weight=10" line from fallback directory mirror
+ entries. Ticket 24681 will maintain the current fallback weights
+ by changing Tor's default fallback weight to 10. Implements
+ ticket 24679.
+ - Stop logging excessive information about fallback netblocks.
+ Implements ticket 24791.
+
+ o Minor features (forward-compatibility):
+ - If a relay supports some link authentication protocol that we do
+ not recognize, then include that relay's ed25519 key when telling
+ other relays to extend to it. Previously, we treated future
+ versions as if they were too old to support ed25519 link
+ authentication. Closes ticket 20895.
+
+ o Minor features (heartbeat):
+ - Add onion service information to our heartbeat logs, displaying
+ stats about the activity of configured onion services. Closes
+ ticket 24896.
+
+ o Minor features (instrumentation, development):
+ - Add the MainloopStats option to allow developers to get
+ instrumentation information from the main event loop via the
+ heartbeat messages. We hope to use this to improve Tor's behavior
+ when it's trying to sleep. Closes ticket 24605.
+
+ o Minor features (log messages):
+ - Improve a warning message that happens when we fail to re-parse an
+ old router because of an expired certificate. Closes ticket 20020.
+ - Make the log more quantitative when we hit MaxMemInQueues
+ threshold exposing some values. Closes ticket 24501.
+
+ o Minor features (logging, android):
+ - Added support for the Android logging subsystem. Closes
+ ticket 24362.
+
+ o Minor features (performance):
+ - Support predictive circuit building for onion service circuits
+ with multiple layers of guards. Closes ticket 23101.
+ - Use stdatomic.h where available, rather than mutexes, to implement
+ atomic_counter_t. Closes ticket 23953.
+
+ o Minor features (performance, 32-bit):
+ - Improve performance on 32-bit systems by avoiding 64-bit division
+ when calculating the timestamp in milliseconds for channel padding
+ computations. Implements ticket 24613.
+ - Improve performance on 32-bit systems by avoiding 64-bit division
+ when timestamping cells and buffer chunks for OOM calculations.
+ Implements ticket 24374.
+
+ o Minor features (performance, OSX, iOS):
+ - Use the mach_approximate_time() function (when available) to
+ implement coarse monotonic time. Having a coarse time function
+ should avoid a large number of system calls, and improve
+ performance slightly, especially under load. Closes ticket 24427.
+
+ o Minor features (performance, windows):
+ - Improve performance on Windows Vista and Windows 7 by adjusting
+ TCP send window size according to the recommendation from
+ SIO_IDEAL_SEND_BACKLOG_QUERY. Closes ticket 22798. Patch
+ from Vort.
+
+ o Minor features (relay):
+ - Implement an option, ReducedExitPolicy, to allow an Tor exit relay
+ operator to use a more reasonable ("reduced") exit policy, rather
+ than the default one. If you want to run an exit node without
+ thinking too hard about which ports to allow, this one is for you.
+ Closes ticket 13605. Patch from Neel Chauhan.
+
+ o Minor features (testing, debugging, embedding):
+ - For development purposes, Tor now has a mode in which it runs for
+ a few seconds, then stops, and starts again without exiting the
+ process. This mode is meant to help us debug various issues with
+ ticket 23847. To use this feature, compile with
+ --enable-restart-debugging, and set the TOR_DEBUG_RESTART
+ environment variable. This is expected to crash a lot, and is
+ really meant for developers only. It will likely be removed in a
+ future release. Implements ticket 24583.
+
+ o Minor bugfix (network IPv6 test):
+ - Tor's test scripts now check if "ping -6 ::1" works when the user
+ runs "make test-network-all". Fixes bug 24677; bugfix on
+ 0.2.9.3-alpha. Patch by "ffmancera".
+
+ o Minor bugfixes (build, rust):
+ - Fix output of autoconf checks to display success messages for Rust
+ dependencies and a suitable rustc compiler version. Fixes bug
+ 24612; bugfix on 0.3.1.3-alpha.
+ - When building with Rust on OSX, link against libresolv, to work
+ around the issue at https://github.com/rust-lang/rust/issues/46797.
+ Fixes bug 24652; bugfix on 0.3.1.1-alpha.
+ - Don't pass the --quiet option to cargo: it seems to suppress some
+ errors, which is not what we want to do when building. Fixes bug
+ 24518; bugfix on 0.3.1.7.
+ - Build correctly when building from outside Tor's source tree with
+ the TOR_RUST_DEPENDENCIES option set. Fixes bug 22768; bugfix
+ on 0.3.1.7.
+
+ o Minor bugfixes (directory authorities, IPv6):
+ - When creating a routerstatus (vote) from a routerinfo (descriptor),
+ set the IPv6 address to the unspecified IPv6 address, and
+ explicitly initialize the port to zero. Fixes bug 24488; bugfix
+ on 0.2.4.1-alpha.
+
+ o Minor bugfixes (fallback directory mirrors):
+ - Make updateFallbackDirs.py search harder for python. (Some OSs
+ don't put it in /usr/bin.) Fixes bug 24708; bugfix
+ on 0.2.8.1-alpha.
+
+ o Minor bugfixes (hibernation, bandwidth accounting, shutdown):
+ - When hibernating, close connections normally and allow them to
+ flush. Fixes bug 23571; bugfix on 0.2.4.7-alpha. Also fixes
+ bug 7267.
+ - Do not attempt to launch self-reachability tests when entering
+ hibernation. Fixes a case of bug 12062; bugfix on 0.0.9pre5.
+ - Resolve several bugs related to descriptor fetching on bridge
+ clients with bandwidth accounting enabled. (This combination is
+ not recommended!) Fixes a case of bug 12062; bugfix
+ on 0.2.0.3-alpha.
+ - When hibernating, do not attempt to launch DNS checks. Fixes a
+ case of bug 12062; bugfix on 0.1.2.2-alpha.
+ - When hibernating, do not try to upload or download descriptors.
+ Fixes a case of bug 12062; bugfix on 0.0.9pre5.
+
+ o Minor bugfixes (IPv6, bridges):
+ - Tor now always sets IPv6 preferences for bridges. Fixes bug 24573;
+ bugfix on 0.2.8.2-alpha.
+ - Tor now sets IPv6 address in the routerstatus as well as in the
+ router descriptors when updating addresses for a bridge. Closes
+ ticket 24572; bugfix on 0.2.4.5-alpha. Patch by "ffmancera".
+
+ o Minor bugfixes (linux seccomp2 sandbox):
+ - When running with the sandbox enabled, reload configuration files
+ correctly even when %include was used. Previously we would crash.
+ Fixes bug 22605; bugfix on 0.3.1. Patch from Daniel Pinto.
+
+ o Minor bugfixes (memory leaks):
+ - Avoid possible at-exit memory leaks related to use of Libevent's
+ event_base_once() function. (This function tends to leak memory if
+ the event_base is closed before the event fires.) Fixes bug 24584;
+ bugfix on 0.2.8.1-alpha.
+ - Fix a harmless memory leak in tor-resolve. Fixes bug 24582; bugfix
+ on 0.2.1.1-alpha.
+
+ o Minor bugfixes (OSX):
+ - Don't exit the Tor process if setrlimit() fails to change the file
+ limit (which can happen sometimes on some versions of OSX). Fixes
+ bug 21074; bugfix on 0.0.9pre5.
+
+ o Minor bugfixes (performance, fragile-hardening):
+ - Improve the performance of our consensus-diff application code
+ when Tor is built with the --enable-fragile-hardening option set.
+ Fixes bug 24826; bugfix on 0.3.1.1-alpha.
+
+ o Minor bugfixes (performance, timeouts):
+ - Consider circuits for timeout as soon as they complete a hop. This
+ is more accurate than applying the timeout in
+ circuit_expire_building() because that function is only called
+ once per second, which is now too slow for typical timeouts on the
+ current network. Fixes bug 23114; bugfix on 0.2.2.2-alpha.
+ - Use onion service circuits (and other circuits longer than 3 hops)
+ to calculate a circuit build timeout. Previously, Tor only
+ calculated its build timeout based on circuits that planned to be
+ exactly 3 hops long. With this change, we include measurements
+ from all circuits at the point where they complete their third
+ hop. Fixes bug 23100; bugfix on 0.2.2.2-alpha.
+
+ o Minor bugfixes (testing):
+ - Give out Exit flags in bootstrapping networks. Fixes bug 24137;
+ bugfix on 0.2.3.1-alpha.
+ - Fix a memory leak in the scheduler/loop_kist unit test. Fixes bug
+ 25005; bugfix on 0.3.2.7-rc.
+
+ o Code simplification and refactoring:
+ - Remove /usr/athena from search path in configure.ac. Closes
+ ticket 24363.
+ - Remove duplicate code in node_has_curve25519_onion_key() and
+ node_get_curve25519_onion_key(), and add a check for a zero
+ microdesc curve25519 onion key. Closes ticket 23966, patch by
+ "aruna1234" and teor.
+ - Rewrite channel_rsa_id_group_set_badness to reduce temporary
+ memory allocations with large numbers of OR connections (e.g.
+ relays). Closes ticket 24119.
+ - Separate the function that deletes ephemeral files when Tor
+ stops gracefully.
+ - Small changes to Tor's buf_t API to make it suitable for use as a
+ general-purpose safe string constructor. Closes ticket 22342.
+ - Switch -Wnormalized=id to -Wnormalized=nfkc in configure.ac to
+ avoid source code identifier confusion. Closes ticket 24467.
+ - The tor_git_revision[] constant no longer needs to be redeclared
+ by everything that links against the rest of Tor. Done as part of
+ ticket 23845, to simplify our external API.
+ - We make extend_info_from_node() use node_get_curve25519_onion_key()
+ introduced in ticket 23577 to access the curve25519 public keys
+ rather than accessing it directly. Closes ticket 23760. Patch by
+ Neel Chauhan.
+ - Add a function to log channels' scheduler state changes to aid
+ debugging efforts. Closes ticket 24531.
+
+ o Documentation:
+ - Add documentation on how to build tor with Rust dependencies
+ without having to be online. Closes ticket 22907; bugfix
+ on 0.3.0.3-alpha.
+ - Clarify the behavior of RelayBandwidth{Rate,Burst} with client
+ traffic. Closes ticket 24318.
+ - Document that OutboundBindAddress doesn't apply to DNS requests.
+ Closes ticket 22145. Patch from Aruna Maurya.
+ - Document that operators who run more than one relay or bridge are
+ expected to set MyFamily and ContactInfo correctly. Closes
+ ticket 24526.
+
+ o Code simplification and refactoring (channels):
+ - Remove the incoming and outgoing channel queues. These were never
+ used, but still took up a step in our fast path.
+ - The majority of the channel unit tests have been rewritten and the
+ code coverage has now been raised to 83.6% for channel.c. Closes
+ ticket 23709.
+ - Remove other dead code from the channel subsystem: All together,
+ this cleanup has removed more than 1500 lines of code overall and
+ adding very little except for unit test.
+
+ o Code simplification and refactoring (circuit rendezvous):
+ - Split the client-size rendezvous circuit lookup into two
+ functions: one that returns only established circuits and another
+ that returns all kinds of circuits. Closes ticket 23459.
+
+ o Code simplification and refactoring (controller):
+ - Make most of the variables in networkstatus_getinfo_by_purpose()
+ const. Implements ticket 24489.
+
+
+Changes in version 0.3.2.9 - 2018-01-09
+ Tor 0.3.2.9 is the first stable release in the 0.3.2 series.
+
+ The 0.3.2 series includes our long-anticipated new onion service
+ design, with numerous security features. (For more information, see
+ our blog post at https://blog.torproject.org/fall-harvest.) We also
+ have a new circuit scheduler algorithm for improved performance on
+ relays everywhere (see https://blog.torproject.org/kist-and-tell),
+ along with many smaller features and bugfixes.
+
+ Per our stable release policy, we plan to support each stable release
+ series for at least the next nine months, or for three months after
+ the first stable release of the next series: whichever is longer. If
+ you need a release with long-term support, we recommend that you stay
+ with the 0.2.9 series.
+
+ Below is a list of the changes since 0.3.2.8-rc. For a list of all
+ changes since 0.3.1, see the ReleaseNotes file.
+
+ o Minor features (fallback directory mirrors):
+ - The fallback directory list has been re-generated based on the
+ current status of the network. Tor uses fallback directories to
+ bootstrap when it doesn't yet have up-to-date directory
+ information. Closes ticket 24801.
+ - Make the default DirAuthorityFallbackRate 0.1, so that clients
+ prefer to bootstrap from fallback directory mirrors. This is a
+ follow-up to 24679, which removed weights from the default
+ fallbacks. Implements ticket 24681.
+
+ o Minor features (geoip):
+ - Update geoip and geoip6 to the January 5 2018 Maxmind GeoLite2
+ Country database.
+
+ o Minor bugfixes (address selection):
+ - When the fascist_firewall_choose_address_ functions don't find a
+ reachable address, set the returned address to the null address
+ and port. This is a precautionary measure, because some callers do
+ not check the return value. Fixes bug 24736; bugfix
+ on 0.2.8.2-alpha.
+
+ o Minor bugfixes (compilation):
+ - Resolve a few shadowed-variable warnings in the onion service
+ code. Fixes bug 24634; bugfix on 0.3.2.1-alpha.
+
+ o Minor bugfixes (portability, msvc):
+ - Fix a bug in the bit-counting parts of our timing-wheel code on
+ MSVC. (Note that MSVC is still not a supported build platform, due
+ to cyptographic timing channel risks.) Fixes bug 24633; bugfix
+ on 0.2.9.1-alpha.
+
+
+Changes in version 0.3.2.8-rc - 2017-12-21
+ Tor 0.3.2.8-rc fixes a pair of bugs in the KIST and KISTLite
+ schedulers that had led servers under heavy load to overload their
+ outgoing connections. All relay operators running earlier 0.3.2.x
+ versions should upgrade. This version also includes a mitigation for
+ over-full DESTROY queues leading to out-of-memory conditions: if it
+ works, we will soon backport it to earlier release series.
+
+ This is the second release candidate in the 0.3.2 series. If we find
+ no new bugs or regression here, then the first stable 0.3.2 release
+ will be nearly identical to this.
+
+ o Major bugfixes (KIST, scheduler):
+ - The KIST scheduler did not correctly account for data already
+ enqueued in each connection's send socket buffer, particularly in
+ cases when the TCP/IP congestion window was reduced between
+ scheduler calls. This situation lead to excessive per-connection
+ buffering in the kernel, and a potential memory DoS. Fixes bug
+ 24665; bugfix on 0.3.2.1-alpha.
+
+ o Minor features (geoip):
+ - Update geoip and geoip6 to the December 6 2017 Maxmind GeoLite2
+ Country database.
+
+ o Minor bugfixes (hidden service v3):
+ - Bump hsdir_spread_store parameter from 3 to 4 in order to increase
+ the probability of reaching a service for a client missing
+ microdescriptors. Fixes bug 24425; bugfix on 0.3.2.1-alpha.
+
+ o Minor bugfixes (memory usage):
+ - When queuing DESTROY cells on a channel, only queue the circuit-id
+ and reason fields: not the entire 514-byte cell. This fix should
+ help mitigate any bugs or attacks that fill up these queues, and
+ free more RAM for other uses. Fixes bug 24666; bugfix
+ on 0.2.5.1-alpha.
+
+ o Minor bugfixes (scheduler, KIST):
+ - Use a sane write limit for KISTLite when writing onto a connection
+ buffer instead of using INT_MAX and shoving as much as it can.
+ Because the OOM handler cleans up circuit queues, we are better
+ off at keeping them in that queue instead of the connection's
+ buffer. Fixes bug 24671; bugfix on 0.3.2.1-alpha.
+
+
+Changes in version 0.3.2.7-rc - 2017-12-14
+ Tor 0.3.2.7-rc fixes various bugs in earlier versions of Tor,
+ including some that could affect reliability or correctness.
+
+ This is the first release candidate in the 0.3.2 series. If we find no
+ new bugs or regression here, then the first stable 0.3.2. release will
+ be nearly identical to this.
+
+ o Major bugfixes (circuit prediction):
+ - Fix circuit prediction logic so that a client doesn't treat a port
+ as being "handled" by a circuit if that circuit already has
+ isolation settings on it. This change should make Tor clients more
+ responsive by improving their chances of having a pre-created
+ circuit ready for use when a request arrives. Fixes bug 18859;
+ bugfix on 0.2.3.3-alpha.
+
+ o Minor features (logging):
+ - Provide better warnings when the getrandom() syscall fails. Closes
+ ticket 24500.
+
+ o Minor features (portability):
+ - Tor now compiles correctly on arm64 with libseccomp-dev installed.
+ (It doesn't yet work with the sandbox enabled.) Closes
+ ticket 24424.
+
+ o Minor bugfixes (bridge clients, bootstrap):
+ - Retry directory downloads when we get our first bridge descriptor
+ during bootstrap or while reconnecting to the network. Keep
+ retrying every time we get a bridge descriptor, until we have a
+ reachable bridge. Fixes part of bug 24367; bugfix on 0.2.0.3-alpha.
+ - Stop delaying bridge descriptor fetches when we have cached bridge
+ descriptors. Instead, only delay bridge descriptor fetches when we
+ have at least one reachable bridge. Fixes part of bug 24367;
+ bugfix on 0.2.0.3-alpha.
+ - Stop delaying directory fetches when we have cached bridge
+ descriptors. Instead, only delay bridge descriptor fetches when
+ all our bridges are definitely unreachable. Fixes part of bug
+ 24367; bugfix on 0.2.0.3-alpha.
+
+ o Minor bugfixes (compilation):
+ - Fix a signed/unsigned comparison warning introduced by our fix to
+ TROVE-2017-009. Fixes bug 24480; bugfix on 0.2.5.16.
+
+ o Minor bugfixes (correctness):
+ - Fix several places in our codebase where a C compiler would be
+ likely to eliminate a check, based on assuming that undefined
+ behavior had not happened elsewhere in the code. These cases are
+ usually a sign of redundant checking or dubious arithmetic. Found
+ by Georg Koppen using the "STACK" tool from Wang, Zeldovich,
+ Kaashoek, and Solar-Lezama. Fixes bug 24423; bugfix on various
+ Tor versions.
+
+ o Minor bugfixes (onion service v3):
+ - Fix a race where an onion service would launch a new intro circuit
+ after closing an old one, but fail to register it before freeing
+ the previously closed circuit. This bug was making the service
+ unable to find the established intro circuit and thus not upload
+ its descriptor, thus making a service unavailable for up to 24
+ hours. Fixes bug 23603; bugfix on 0.3.2.1-alpha.
+
+ o Minor bugfixes (scheduler, KIST):
+ - Properly set the scheduler state of an unopened channel in the
+ KIST scheduler main loop. This prevents a harmless but annoying
+ log warning. Fixes bug 24502; bugfix on 0.3.2.4-alpha.
+ - Avoid a possible integer overflow when computing the available
+ space on the TCP buffer of a channel. This had no security
+ implications; but could make KIST allow too many cells on a
+ saturated connection. Fixes bug 24590; bugfix on 0.3.2.1-alpha.
+ - Downgrade to "info" a harmless warning about the monotonic time
+ moving backwards: This can happen on platform not supporting
+ monotonic time. Fixes bug 23696; bugfix on 0.3.2.1-alpha.
+
+
+Changes in version 0.3.2.6-alpha - 2017-12-01
+ This version of Tor is the latest in the 0.3.2 alpha series. It
+ includes fixes for several important security issues. All Tor users
+ should upgrade to this release, or to one of the other releases coming
+ out today.
+
+ o Major bugfixes (security):
+ - Fix a denial of service bug where an attacker could use a
+ malformed directory object to cause a Tor instance to pause while
+ OpenSSL would try to read a passphrase from the terminal. (Tor
+ instances run without a terminal, which is the case for most Tor
+ packages, are not impacted.) Fixes bug 24246; bugfix on every
+ version of Tor. Also tracked as TROVE-2017-011 and CVE-2017-8821.
+ Found by OSS-Fuzz as testcase 6360145429790720.
+ - Fix a denial of service issue where an attacker could crash a
+ directory authority using a malformed router descriptor. Fixes bug
+ 24245; bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2017-010
+ and CVE-2017-8820.
+ - When checking for replays in the INTRODUCE1 cell data for a
+ (legacy) onion service, correctly detect replays in the RSA-
+ encrypted part of the cell. We were previously checking for
+ replays on the entire cell, but those can be circumvented due to
+ the malleability of Tor's legacy hybrid encryption. This fix helps
+ prevent a traffic confirmation attack. Fixes bug 24244; bugfix on
+ 0.2.4.1-alpha. This issue is also tracked as TROVE-2017-009
+ and CVE-2017-8819.
+
+ o Major bugfixes (security, onion service v2):
+ - Fix a use-after-free error that could crash v2 Tor onion services
+ when they failed to open circuits while expiring introduction
+ points. Fixes bug 24313; bugfix on 0.2.7.2-alpha. This issue is
+ also tracked as TROVE-2017-013 and CVE-2017-8823.
+
+ o Major bugfixes (security, relay):
+ - When running as a relay, make sure that we never build a path
+ through ourselves, even in the case where we have somehow lost the
+ version of our descriptor appearing in the consensus. Fixes part
+ of bug 21534; bugfix on 0.2.0.1-alpha. This issue is also tracked
+ as TROVE-2017-012 and CVE-2017-8822.
+ - When running as a relay, make sure that we never choose ourselves
+ as a guard. Fixes part of bug 21534; bugfix on 0.3.0.1-alpha. This
+ issue is also tracked as TROVE-2017-012 and CVE-2017-8822.
+
+ o Minor feature (relay statistics):
+ - Change relay bandwidth reporting stats interval from 4 hours to 24
+ hours in order to reduce the efficiency of guard discovery
+ attacks. Fixes ticket 23856.
+
+ o Minor features (directory authority):
+ - Add an IPv6 address for the "bastet" directory authority. Closes
+ ticket 24394.
+
+ o Minor bugfixes (client):
+ - By default, do not enable storage of client-side DNS values. These
+ values were unused by default previously, but they should not have
+ been cached at all. Fixes bug 24050; bugfix on 0.2.6.3-alpha.
+
+
+Changes in version 0.3.1.9 - 2017-12-01:
+ Tor 0.3.1.9 backports important security and stability fixes from the
+ 0.3.2 development series. All Tor users should upgrade to this
+ release, or to another of the releases coming out today.
+
+ o Major bugfixes (security, backport from 0.3.2.6-alpha):
+ - Fix a denial of service bug where an attacker could use a
+ malformed directory object to cause a Tor instance to pause while
+ OpenSSL would try to read a passphrase from the terminal. (Tor
+ instances run without a terminal, which is the case for most Tor
+ packages, are not impacted.) Fixes bug 24246; bugfix on every
+ version of Tor. Also tracked as TROVE-2017-011 and CVE-2017-8821.
+ Found by OSS-Fuzz as testcase 6360145429790720.
+ - Fix a denial of service issue where an attacker could crash a
+ directory authority using a malformed router descriptor. Fixes bug
+ 24245; bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2017-010
+ and CVE-2017-8820.
+ - When checking for replays in the INTRODUCE1 cell data for a
+ (legacy) onion service, correctly detect replays in the RSA-
+ encrypted part of the cell. We were previously checking for
+ replays on the entire cell, but those can be circumvented due to
+ the malleability of Tor's legacy hybrid encryption. This fix helps
+ prevent a traffic confirmation attack. Fixes bug 24244; bugfix on
+ 0.2.4.1-alpha. This issue is also tracked as TROVE-2017-009
+ and CVE-2017-8819.
+
+ o Major bugfixes (security, onion service v2, backport from 0.3.2.6-alpha):
+ - Fix a use-after-free error that could crash v2 Tor onion services
+ when they failed to open circuits while expiring introduction
+ points. Fixes bug 24313; bugfix on 0.2.7.2-alpha. This issue is
+ also tracked as TROVE-2017-013 and CVE-2017-8823.
+
+ o Major bugfixes (security, relay, backport from 0.3.2.6-alpha):
+ - When running as a relay, make sure that we never build a path
+ through ourselves, even in the case where we have somehow lost the
+ version of our descriptor appearing in the consensus. Fixes part
+ of bug 21534; bugfix on 0.2.0.1-alpha. This issue is also tracked
+ as TROVE-2017-012 and CVE-2017-8822.
+ - When running as a relay, make sure that we never choose ourselves
+ as a guard. Fixes part of bug 21534; bugfix on 0.3.0.1-alpha. This
+ issue is also tracked as TROVE-2017-012 and CVE-2017-8822.
+
+ o Major bugfixes (exit relays, DNS, backport from 0.3.2.4-alpha):
+ - Fix an issue causing DNS to fail on high-bandwidth exit nodes,
+ making them nearly unusable. Fixes bugs 21394 and 18580; bugfix on
+ 0.1.2.2-alpha, which introduced eventdns. Thanks to Dhalgren for
+ identifying and finding a workaround to this bug and to Moritz,
+ Arthur Edelstein, and Roger for helping to track it down and
+ analyze it.
+
+ o Minor features (bridge):
+ - Bridges now include notice in their descriptors that they are
+ bridges, and notice of their distribution status, based on their
+ publication settings. Implements ticket 18329. For more fine-
+ grained control of how a bridge is distributed, upgrade to 0.3.2.x
+ or later.
+
+ o Minor features (directory authority, backport from 0.3.2.6-alpha):
+ - Add an IPv6 address for the "bastet" directory authority. Closes
+ ticket 24394.
+
+ o Minor features (geoip):
+ - Update geoip and geoip6 to the November 6 2017 Maxmind GeoLite2
+ Country database.
+
+ o Minor bugfix (relay address resolution, backport from 0.3.2.1-alpha):
+ - Avoid unnecessary calls to directory_fetches_from_authorities() on
+ relays, to prevent spurious address resolutions and descriptor
+ rebuilds. This is a mitigation for bug 21789. Fixes bug 23470;
+ bugfix on in 0.2.8.1-alpha.
+
+ o Minor bugfixes (compilation, backport from 0.3.2.1-alpha):
+ - Fix unused variable warnings in donna's Curve25519 SSE2 code.
+ Fixes bug 22895; bugfix on 0.2.7.2-alpha.
+
+ o Minor bugfixes (logging, relay shutdown, annoyance, backport from 0.3.2.2-alpha):
+ - When a circuit is marked for close, do not attempt to package any
+ cells for channels on that circuit. Previously, we would detect
+ this condition lower in the call stack, when we noticed that the
+ circuit had no attached channel, and log an annoying message.
+ Fixes bug 8185; bugfix on 0.2.5.4-alpha.
+
+ o Minor bugfixes (onion service, backport from 0.3.2.5-alpha):
+ - Rename the consensus parameter "hsdir-interval" to "hsdir_interval"
+ so it matches dir-spec.txt. Fixes bug 24262; bugfix
+ on 0.3.1.1-alpha.
+
+ o Minor bugfixes (relay, crash, backport from 0.3.2.4-alpha):
+ - Avoid a crash when transitioning from client mode to bridge mode.
+ Previously, we would launch the worker threads whenever our
+ "public server" mode changed, but not when our "server" mode
+ changed. Fixes bug 23693; bugfix on 0.2.6.3-alpha.
+
+
+Changes in version 0.3.0.13 - 2017-12-01
+ Tor 0.3.0.13 backports important security and stability bugfixes from
+ later Tor releases. All Tor users should upgrade to this release, or
+ to another of the releases coming out today.
+
+ Note: the Tor 0.3.0 series will no longer be supported after 26 Jan
+ 2018. If you need a release with long-term support, please stick with
+ the 0.2.9 series. Otherwise, please upgrade to 0.3.1 or later.
+
+ o Major bugfixes (security, backport from 0.3.2.6-alpha):
+ - Fix a denial of service bug where an attacker could use a
+ malformed directory object to cause a Tor instance to pause while
+ OpenSSL would try to read a passphrase from the terminal. (Tor
+ instances run without a terminal, which is the case for most Tor
+ packages, are not impacted.) Fixes bug 24246; bugfix on every
+ version of Tor. Also tracked as TROVE-2017-011 and CVE-2017-8821.
+ Found by OSS-Fuzz as testcase 6360145429790720.
+ - Fix a denial of service issue where an attacker could crash a
+ directory authority using a malformed router descriptor. Fixes bug
+ 24245; bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2017-010
+ and CVE-2017-8820.
+ - When checking for replays in the INTRODUCE1 cell data for a
+ (legacy) onion service, correctly detect replays in the RSA-
+ encrypted part of the cell. We were previously checking for
+ replays on the entire cell, but those can be circumvented due to
+ the malleability of Tor's legacy hybrid encryption. This fix helps
+ prevent a traffic confirmation attack. Fixes bug 24244; bugfix on
+ 0.2.4.1-alpha. This issue is also tracked as TROVE-2017-009
+ and CVE-2017-8819.
+
+ o Major bugfixes (security, onion service v2, backport from 0.3.2.6-alpha):
+ - Fix a use-after-free error that could crash v2 Tor onion services
+ when they failed to open circuits while expiring introduction
+ points. Fixes bug 24313; bugfix on 0.2.7.2-alpha. This issue is
+ also tracked as TROVE-2017-013 and CVE-2017-8823.
+
+ o Major bugfixes (security, relay, backport from 0.3.2.6-alpha):
+ - When running as a relay, make sure that we never build a path
+ through ourselves, even in the case where we have somehow lost the
+ version of our descriptor appearing in the consensus. Fixes part
+ of bug 21534; bugfix on 0.2.0.1-alpha. This issue is also tracked
+ as TROVE-2017-012 and CVE-2017-8822.
+ - When running as a relay, make sure that we never choose ourselves
+ as a guard. Fixes part of bug 21534; bugfix on 0.3.0.1-alpha. This
+ issue is also tracked as TROVE-2017-012 and CVE-2017-8822.
+
+ o Major bugfixes (exit relays, DNS, backport from 0.3.2.4-alpha):
+ - Fix an issue causing DNS to fail on high-bandwidth exit nodes,
+ making them nearly unusable. Fixes bugs 21394 and 18580; bugfix on
+ 0.1.2.2-alpha, which introduced eventdns. Thanks to Dhalgren for
+ identifying and finding a workaround to this bug and to Moritz,
+ Arthur Edelstein, and Roger for helping to track it down and
+ analyze it.
+
+ o Minor features (security, windows, backport from 0.3.1.1-alpha):
+ - Enable a couple of pieces of Windows hardening: one
+ (HeapEnableTerminationOnCorruption) that has been on-by-default
+ since Windows 8, and unavailable before Windows 7; and one
+ (PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION) which we believe doesn't
+ affect us, but shouldn't do any harm. Closes ticket 21953.
+
+ o Minor features (bridge, backport from 0.3.1.9):
+ - Bridges now include notice in their descriptors that they are
+ bridges, and notice of their distribution status, based on their
+ publication settings. Implements ticket 18329. For more fine-
+ grained control of how a bridge is distributed, upgrade to 0.3.2.x
+ or later.
+
+ o Minor features (directory authority, backport from 0.3.2.6-alpha):
+ - Add an IPv6 address for the "bastet" directory authority. Closes
+ ticket 24394.
+
+ o Minor features (geoip):
+ - Update geoip and geoip6 to the November 6 2017 Maxmind GeoLite2
+ Country database.
+
+ o Minor bugfix (relay address resolution, backport from 0.3.2.1-alpha):
+ - Avoid unnecessary calls to directory_fetches_from_authorities() on
+ relays, to prevent spurious address resolutions and descriptor
+ rebuilds. This is a mitigation for bug 21789. Fixes bug 23470;
+ bugfix on in 0.2.8.1-alpha.
+
+ o Minor bugfixes (compilation, backport from 0.3.2.1-alpha):
+ - Fix unused variable warnings in donna's Curve25519 SSE2 code.
+ Fixes bug 22895; bugfix on 0.2.7.2-alpha.
+
+ o Minor bugfixes (logging, relay shutdown, annoyance, backport from 0.3.2.2-alpha):
+ - When a circuit is marked for close, do not attempt to package any
+ cells for channels on that circuit. Previously, we would detect
+ this condition lower in the call stack, when we noticed that the
+ circuit had no attached channel, and log an annoying message.
+ Fixes bug 8185; bugfix on 0.2.5.4-alpha.
+
+ o Minor bugfixes (relay, crash, backport from 0.3.2.4-alpha):
+ - Avoid a crash when transitioning from client mode to bridge mode.
+ Previously, we would launch the worker threads whenever our
+ "public server" mode changed, but not when our "server" mode
+ changed. Fixes bug 23693; bugfix on 0.2.6.3-alpha.
+
+ o Minor bugfixes (testing, backport from 0.3.1.6-rc):
+ - Fix an undersized buffer in test-memwipe.c. Fixes bug 23291;
+ bugfix on 0.2.7.2-alpha. Found and patched by Ties Stuij.
+
+
+Changes in version 0.2.9.14 - 2017-12-01
+ Tor 0.3.0.13 backports important security and stability bugfixes from
+ later Tor releases. All Tor users should upgrade to this release, or
+ to another of the releases coming out today.
+
+ o Major bugfixes (exit relays, DNS, backport from 0.3.2.4-alpha):
+ - Fix an issue causing DNS to fail on high-bandwidth exit nodes,
+ making them nearly unusable. Fixes bugs 21394 and 18580; bugfix on
+ 0.1.2.2-alpha, which introduced eventdns. Thanks to Dhalgren for
+ identifying and finding a workaround to this bug and to Moritz,
+ Arthur Edelstein, and Roger for helping to track it down and
+ analyze it.
+
+ o Major bugfixes (security, backport from 0.3.2.6-alpha):
+ - Fix a denial of service bug where an attacker could use a
+ malformed directory object to cause a Tor instance to pause while
+ OpenSSL would try to read a passphrase from the terminal. (Tor
+ instances run without a terminal, which is the case for most Tor
+ packages, are not impacted.) Fixes bug 24246; bugfix on every
+ version of Tor. Also tracked as TROVE-2017-011 and CVE-2017-8821.
+ Found by OSS-Fuzz as testcase 6360145429790720.
+ - Fix a denial of service issue where an attacker could crash a
+ directory authority using a malformed router descriptor. Fixes bug
+ 24245; bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2017-010
+ and CVE-2017-8820.
+ - When checking for replays in the INTRODUCE1 cell data for a
+ (legacy) onion service, correctly detect replays in the RSA-
+ encrypted part of the cell. We were previously checking for
+ replays on the entire cell, but those can be circumvented due to
+ the malleability of Tor's legacy hybrid encryption. This fix helps
+ prevent a traffic confirmation attack. Fixes bug 24244; bugfix on
+ 0.2.4.1-alpha. This issue is also tracked as TROVE-2017-009
+ and CVE-2017-8819.
+
+ o Major bugfixes (security, onion service v2, backport from 0.3.2.6-alpha):
+ - Fix a use-after-free error that could crash v2 Tor onion services
+ when they failed to open circuits while expiring introduction
+ points. Fixes bug 24313; bugfix on 0.2.7.2-alpha. This issue is
+ also tracked as TROVE-2017-013 and CVE-2017-8823.
+
+ o Major bugfixes (security, relay, backport from 0.3.2.6-alpha):
+ - When running as a relay, make sure that we never build a path
+ through ourselves, even in the case where we have somehow lost the
+ version of our descriptor appearing in the consensus. Fixes part
+ of bug 21534; bugfix on 0.2.0.1-alpha. This issue is also tracked
+ as TROVE-2017-012 and CVE-2017-8822.
+
+ o Minor features (bridge, backport from 0.3.1.9):
+ - Bridges now include notice in their descriptors that they are
+ bridges, and notice of their distribution status, based on their
+ publication settings. Implements ticket 18329. For more fine-
+ grained control of how a bridge is distributed, upgrade to 0.3.2.x
+ or later.
+
+ o Minor features (directory authority, backport from 0.3.2.6-alpha):
+ - Add an IPv6 address for the "bastet" directory authority. Closes
+ ticket 24394.
+
+ o Minor features (geoip):
+ - Update geoip and geoip6 to the November 6 2017 Maxmind GeoLite2
+ Country database.
+
+ o Minor features (security, windows, backport from 0.3.1.1-alpha):
+ - Enable a couple of pieces of Windows hardening: one
+ (HeapEnableTerminationOnCorruption) that has been on-by-default
+ since Windows 8, and unavailable before Windows 7; and one
+ (PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION) which we believe doesn't
+ affect us, but shouldn't do any harm. Closes ticket 21953.
+
+ o Minor bugfix (relay address resolution, backport from 0.3.2.1-alpha):
+ - Avoid unnecessary calls to directory_fetches_from_authorities() on
+ relays, to prevent spurious address resolutions and descriptor
+ rebuilds. This is a mitigation for bug 21789. Fixes bug 23470;
+ bugfix on in 0.2.8.1-alpha.
+
+ o Minor bugfixes (compilation, backport from 0.3.2.1-alpha):
+ - Fix unused variable warnings in donna's Curve25519 SSE2 code.
+ Fixes bug 22895; bugfix on 0.2.7.2-alpha.
+
+ o Minor bugfixes (logging, relay shutdown, annoyance, backport from 0.3.2.2-alpha):
+ - When a circuit is marked for close, do not attempt to package any
+ cells for channels on that circuit. Previously, we would detect
+ this condition lower in the call stack, when we noticed that the
+ circuit had no attached channel, and log an annoying message.
+ Fixes bug 8185; bugfix on 0.2.5.4-alpha.
+
+ o Minor bugfixes (relay, crash, backport from 0.3.2.4-alpha):
+ - Avoid a crash when transitioning from client mode to bridge mode.
+ Previously, we would launch the worker threads whenever our
+ "public server" mode changed, but not when our "server" mode
+ changed. Fixes bug 23693; bugfix on 0.2.6.3-alpha.
+
+ o Minor bugfixes (testing, backport from 0.3.1.6-rc):
+ - Fix an undersized buffer in test-memwipe.c. Fixes bug 23291;
+ bugfix on 0.2.7.2-alpha. Found and patched by Ties Stuij.
+
+
+Changes in version 0.2.8.17 - 2017-12-01
+ Tor 0.2.8.17 backports important security and stability bugfixes from
+ later Tor releases. All Tor users should upgrade to this release, or
+ to another of the releases coming out today.
+
+ Note: the Tor 0.2.8 series will no longer be supported after 1 Jan
+ 2018. If you need a release with long-term support, please upgrade with
+ the 0.2.9 series. Otherwise, please upgrade to 0.3.1 or later.
+
+ o Major bugfixes (security, backport from 0.3.2.6-alpha):
+ - Fix a denial of service bug where an attacker could use a
+ malformed directory object to cause a Tor instance to pause while
+ OpenSSL would try to read a passphrase from the terminal. (Tor
+ instances run without a terminal, which is the case for most Tor
+ packages, are not impacted.) Fixes bug 24246; bugfix on every
+ version of Tor. Also tracked as TROVE-2017-011 and CVE-2017-8821.
+ Found by OSS-Fuzz as testcase 6360145429790720.
+ - When checking for replays in the INTRODUCE1 cell data for a
+ (legacy) onion service, correctly detect replays in the RSA-
+ encrypted part of the cell. We were previously checking for
+ replays on the entire cell, but those can be circumvented due to
+ the malleability of Tor's legacy hybrid encryption. This fix helps
+ prevent a traffic confirmation attack. Fixes bug 24244; bugfix on
+ 0.2.4.1-alpha. This issue is also tracked as TROVE-2017-009
+ and CVE-2017-8819.
+
+ o Major bugfixes (security, onion service v2, backport from 0.3.2.6-alpha):
+ - Fix a use-after-free error that could crash v2 Tor onion services
+ when they failed to open circuits while expiring introduction
+ points. Fixes bug 24313; bugfix on 0.2.7.2-alpha. This issue is
+ also tracked as TROVE-2017-013 and CVE-2017-8823.
+
+ o Major bugfixes (security, relay, backport from 0.3.2.6-alpha):
+ - When running as a relay, make sure that we never build a path through
+ ourselves, even in the case where we have somehow lost the version of
+ our descriptor appearing in the consensus. Fixes part of bug 21534;
+ bugfix on 0.2.0.1-alpha. This issue is also tracked as TROVE-2017-012
+ and CVE-2017-8822.
+
+ o Minor features (bridge, backport from 0.3.1.9):
+ - Bridges now include notice in their descriptors that they are
+ bridges, and notice of their distribution status, based on their
+ publication settings. Implements ticket 18329. For more fine-
+ grained control of how a bridge is distributed, upgrade to 0.3.2.x
+ or later.
+
+ o Minor features (directory authority, backport from 0.3.2.6-alpha):
+ - Add an IPv6 address for the "bastet" directory authority. Closes
+ ticket 24394.
+
+ o Minor features (geoip):
+ - Update geoip and geoip6 to the November 6 2017 Maxmind GeoLite2
+ Country database.
+
+ o Minor bugfixes (testing, backport from 0.3.1.6-rc):
+ - Fix an undersized buffer in test-memwipe.c. Fixes bug 23291;
+ bugfix on 0.2.7.2-alpha. Found and patched by Ties Stuij.
+
+
+Changes in version 0.2.5.16 - 2017-12-01
+ Tor 0.2.5.13 backports important security and stability bugfixes from
+ later Tor releases. All Tor users should upgrade to this release, or
+ to another of the releases coming out today.
+
+ Note: the Tor 0.2.5 series will no longer be supported after 1 May
+ 2018. If you need a release with long-term support, please upgrade to
+ the 0.2.9 series. Otherwise, please upgrade to 0.3.1 or later.
+
+ o Major bugfixes (security, backport from 0.3.2.6-alpha):
+ - Fix a denial of service bug where an attacker could use a
+ malformed directory object to cause a Tor instance to pause while
+ OpenSSL would try to read a passphrase from the terminal. (Tor
+ instances run without a terminal, which is the case for most Tor
+ packages, are not impacted.) Fixes bug 24246; bugfix on every
+ version of Tor. Also tracked as TROVE-2017-011 and CVE-2017-8821.
+ Found by OSS-Fuzz as testcase 6360145429790720.
+ - When checking for replays in the INTRODUCE1 cell data for a
+ (legacy) onion service, correctly detect replays in the RSA-
+ encrypted part of the cell. We were previously checking for
+ replays on the entire cell, but those can be circumvented due to
+ the malleability of Tor's legacy hybrid encryption. This fix helps
+ prevent a traffic confirmation attack. Fixes bug 24244; bugfix on
+ 0.2.4.1-alpha. This issue is also tracked as TROVE-2017-009
+ and CVE-2017-8819.
+
+ o Major bugfixes (security, relay, backport from 0.3.2.6-alpha):
+ - When running as a relay, make sure that we never build a path
+ through ourselves, even in the case where we have somehow lost the
+ version of our descriptor appearing in the consensus. Fixes part
+ of bug 21534; bugfix on 0.2.0.1-alpha. This issue is also tracked
+ as TROVE-2017-012 and CVE-2017-8822.
+
+ o Minor features (bridge, backport from 0.3.1.9):
+ - Bridges now include notice in their descriptors that they are
+ bridges, and notice of their distribution status, based on their
+ publication settings. Implements ticket 18329. For more fine-
+ grained control of how a bridge is distributed, upgrade to 0.3.2.x
+ or later.
+
+ o Minor features (geoip):
+ - Update geoip and geoip6 to the November 6 2017 Maxmind GeoLite2
+ Country database.
+
+
+Changes in version 0.3.2.5-alpha - 2017-11-22
+ Tor 0.3.2.5-alpha is the fifth alpha release in the 0.3.2.x series. It
+ fixes several stability and reliability bugs, including a fix for
+ intermittent bootstrapping failures that some people have been seeing
+ since the 0.3.0.x series.
+
+ Please test this alpha out -- many of these fixes will soon be
+ backported to stable Tor versions if no additional bugs are found
+ in them.
+
+ o Major bugfixes (bootstrapping):
+ - Fetch descriptors aggressively whenever we lack enough to build
+ circuits, regardless of how many descriptors we are missing.
+ Previously, we would delay launching the fetch when we had fewer
+ than 15 missing descriptors, even if some of those descriptors
+ were blocking circuits from building. Fixes bug 23985; bugfix on
+ 0.1.1.11-alpha. The effects of this bug became worse in
+ 0.3.0.3-alpha, when we began treating missing descriptors from our
+ primary guards as a reason to delay circuits.
+ - Don't try fetching microdescriptors from relays that have failed
+ to deliver them in the past. Fixes bug 23817; bugfix
+ on 0.3.0.1-alpha.
+
+ o Minor features (directory authority):
+ - Make the "Exit" flag assignment only depend on whether the exit
+ policy allows connections to ports 80 and 443. Previously relays
+ would get the Exit flag if they allowed connections to one of
+ these ports and also port 6667. Resolves ticket 23637.
+
+ o Minor features (geoip):
+ - Update geoip and geoip6 to the November 6 2017 Maxmind GeoLite2
+ Country database.
+
+ o Minor features (linux seccomp2 sandbox):
+ - Update the sandbox rules so that they should now work correctly
+ with Glibc 2.26. Closes ticket 24315.
+
+ o Minor features (logging):
+ - Downgrade a pair of log messages that could occur when an exit's
+ resolver gave us an unusual (but not forbidden) response. Closes
+ ticket 24097.
+ - Improve the message we log when re-enabling circuit build timeouts
+ after having received a consensus. Closes ticket 20963.
+
+ o Minor bugfixes (compilation):
+ - Fix a memory leak warning in one of the libevent-related
+ configuration tests that could occur when manually specifying
+ -fsanitize=address. Fixes bug 24279; bugfix on 0.3.0.2-alpha.
+ Found and patched by Alex Xu.
+ - When detecting OpenSSL on Windows from our configure script, make
+ sure to try linking with the ws2_32 library. Fixes bug 23783;
+ bugfix on 0.3.2.2-alpha.
+
+ o Minor bugfixes (control port, linux seccomp2 sandbox):
+ - Avoid a crash when attempting to use the seccomp2 sandbox together
+ with the OwningControllerProcess feature. Fixes bug 24198; bugfix
+ on 0.2.5.1-alpha.
+
+ o Minor bugfixes (control port, onion services):
+ - Report "FAILED" instead of "UPLOAD_FAILED" "FAILED" for the
+ HS_DESC event when a service is not able to upload a descriptor.
+ Fixes bug 24230; bugfix on 0.2.7.1-alpha.
+
+ o Minor bugfixes (directory cache):
+ - Recover better from empty or corrupt files in the consensus cache
+ directory. Fixes bug 24099; bugfix on 0.3.1.1-alpha.
+ - When a consensus diff calculation is only partially successful,
+ only record the successful parts as having succeeded. Partial
+ success can happen if (for example) one compression method fails
+ but the others succeed. Previously we misrecorded all the
+ calculations as having succeeded, which would later cause a
+ nonfatal assertion failure. Fixes bug 24086; bugfix
+ on 0.3.1.1-alpha.
+
+ o Minor bugfixes (logging):
+ - Only log once if we notice that KIST support is gone. Fixes bug
+ 24158; bugfix on 0.3.2.1-alpha.
+ - Suppress a log notice when relay descriptors arrive. We already
+ have a bootstrap progress for this so no need to log notice
+ everytime tor receives relay descriptors. Microdescriptors behave
+ the same. Fixes bug 23861; bugfix on 0.2.8.2-alpha.
+
+ o Minor bugfixes (network layer):
+ - When closing a connection via close_connection_immediately(), we
+ mark it as "not blocked on bandwidth", to prevent later calls from
+ trying to unblock it, and give it permission to read. This fixes a
+ backtrace warning that can happen on relays under various
+ circumstances. Fixes bug 24167; bugfix on 0.1.0.1-rc.
+
+ o Minor bugfixes (onion services):
+ - The introduction circuit was being timed out too quickly while
+ waiting for the rendezvous circuit to complete. Keep the intro
+ circuit around longer instead of timing out and reopening new ones
+ constantly. Fixes bug 23681; bugfix on 0.2.4.8-alpha.
+ - Rename the consensus parameter "hsdir-interval" to "hsdir_interval"
+ so it matches dir-spec.txt. Fixes bug 24262; bugfix
+ on 0.3.1.1-alpha.
+ - Silence a warning about failed v3 onion descriptor uploads that
+ can happen naturally under certain edge cases. Fixes part of bug
+ 23662; bugfix on 0.3.2.1-alpha.
+
+ o Minor bugfixes (tests):
+ - Fix a memory leak in one of the bridge-distribution test cases.
+ Fixes bug 24345; bugfix on 0.3.2.3-alpha.
+ - Fix a bug in our fuzzing mock replacement for crypto_pk_checksig(),
+ to correctly handle cases where a caller gives it an RSA key of
+ under 160 bits. (This is not actually a bug in Tor itself, but
+ rather in our fuzzing code.) Fixes bug 24247; bugfix on
+ 0.3.0.3-alpha. Found by OSS-Fuzz as issue 4177.
+
+ o Documentation:
+ - Add notes in man page regarding OS support for the various
+ scheduler types. Attempt to use less jargon in the scheduler
+ section. Closes ticket 24254.
+
+
+Changes in version 0.3.2.4-alpha - 2017-11-08
+ Tor 0.3.2.4-alpha is the fourth alpha release in the 0.3.2.x series.
+ It fixes several stability and reliability bugs, especially including
+ a major reliability issue that has been plaguing fast exit relays in
+ recent months.
+
+ o Major bugfixes (exit relays, DNS):
+ - Fix an issue causing DNS to fail on high-bandwidth exit nodes,
+ making them nearly unusable. Fixes bugs 21394 and 18580; bugfix on
+ 0.1.2.2-alpha, which introduced eventdns. Thanks to Dhalgren for
+ identifying and finding a workaround to this bug and to Moritz,
+ Arthur Edelstein, and Roger for helping to track it down and
+ analyze it.
+
+ o Major bugfixes (scheduler, channel):
+ - Stop processing scheduled channels if they closed while flushing
+ cells. This can happen if the write on the connection fails
+ leading to the channel being closed while in the scheduler loop.
+ Fixes bug 23751; bugfix on 0.3.2.1-alpha.
+
+ o Minor features (logging, scheduler):
+ - Introduce a SCHED_BUG() function to log extra information about
+ the scheduler state if we ever catch a bug in the scheduler.
+ Closes ticket 23753.
+
+ o Minor features (removed deprecations):
+ - The ClientDNSRejectInternalAddresses flag can once again be set in
+ non-testing Tor networks, so long as they do not use the default
+ directory authorities. This change also removes the deprecation of
+ this flag from 0.2.9.2-alpha. Closes ticket 21031.
+
+ o Minor features (testing):
+ - Our fuzzing tests now test the encrypted portions of v3 onion
+ service descriptors. Implements more of 21509.
+
+ o Minor bugfixes (directory client):
+ - On failure to download directory information, delay retry attempts
+ by a random amount based on the "decorrelated jitter" algorithm.
+ Our previous delay algorithm tended to produce extra-long delays
+ too easily. Fixes bug 23816; bugfix on 0.2.9.1-alpha.
+
+ o Minor bugfixes (IPv6, v3 single onion services):
+ - Remove buggy code for IPv6-only v3 single onion services, and
+ reject attempts to configure them. This release supports IPv4,
+ dual-stack, and IPv6-only v3 onion services; and IPv4 and dual-
+ stack v3 single onion services. Fixes bug 23820; bugfix
+ on 0.3.2.1-alpha.
+
+ o Minor bugfixes (logging, relay):
+ - Give only a protocol warning when the ed25519 key is not
+ consistent between the descriptor and microdescriptor of a relay.
+ This can happen, for instance, if the relay has been flagged
+ NoEdConsensus. Fixes bug 24025; bugfix on 0.3.2.1-alpha.
+
+ o Minor bugfixes (manpage, onion service):
+ - Document that the HiddenServiceNumIntroductionPoints option is
+ 0-10 for v2 services and 0-20 for v3 services. Fixes bug 24115;
+ bugfix on 0.3.2.1-alpha.
+
+ o Minor bugfixes (memory leaks):
+ - Fix a minor memory leak at exit in the KIST scheduler. This bug
+ should have no user-visible impact. Fixes bug 23774; bugfix
+ on 0.3.2.1-alpha.
+ - Fix a memory leak when decrypting a badly formatted v3 onion
+ service descriptor. Fixes bug 24150; bugfix on 0.3.2.1-alpha.
+ Found by OSS-Fuzz; this is OSS-Fuzz issue 3994.
+
+ o Minor bugfixes (onion services):
+ - Cache some needed onion service client information instead of
+ constantly computing it over and over again. Fixes bug 23623;
+ bugfix on 0.3.2.1-alpha.
+ - Properly retry HSv3 descriptor fetches when missing required
+ directory information. Fixes bug 23762; bugfix on 0.3.2.1-alpha.
+
+ o Minor bugfixes (path selection):
+ - When selecting relays by bandwidth, avoid a rounding error that
+ could sometimes cause load to be imbalanced incorrectly.
+ Previously, we would always round upwards; now, we round towards
+ the nearest integer. This had the biggest effect when a relay's
+ weight adjustments should have given it weight 0, but it got
+ weight 1 instead. Fixes bug 23318; bugfix on 0.2.4.3-alpha.
+ - When calculating the fraction of nodes that have descriptors, and
+ all nodes in the network have zero bandwidths, count the number of
+ nodes instead. Fixes bug 23318; bugfix on 0.2.4.10-alpha.
+ - Actually log the total bandwidth in compute_weighted_bandwidths().
+ Fixes bug 24170; bugfix on 0.2.4.3-alpha.
+
+ o Minor bugfixes (relay, crash):
+ - Avoid a crash when transitioning from client mode to bridge mode.
+ Previously, we would launch the worker threads whenever our
+ "public server" mode changed, but not when our "server" mode
+ changed. Fixes bug 23693; bugfix on 0.2.6.3-alpha.
+
+ o Minor bugfixes (testing):
+ - Fix a spurious fuzzing-only use of an uninitialized value. Found
+ by Brian Carpenter. Fixes bug 24082; bugfix on 0.3.0.3-alpha.
+ - Test that IPv6-only clients can use microdescriptors when running
+ "make test-network-all". Requires chutney master 61c28b9 or later.
+ Closes ticket 24109.
+
+
+Changes in version 0.3.2.3-alpha - 2017-10-27
+ Tor 0.3.2.3-alpha is the third release in the 0.3.2 series. It fixes
+ numerous small bugs in earlier versions of 0.3.2.x, and adds a new
+ directory authority, Bastet.
+
+ o Directory authority changes:
+ - Add "Bastet" as a ninth directory authority to the default list.
+ Closes ticket 23910.
+ - The directory authority "Longclaw" has changed its IP address.
+ Closes ticket 23592.
+
+ o Minor features (bridge):
+ - Bridge relays can now set the BridgeDistribution config option to
+ add a "bridge-distribution-request" line to their bridge
+ descriptor, which tells BridgeDB how they'd like their bridge
+ address to be given out. (Note that as of Oct 2017, BridgeDB does
+ not yet implement this feature.) As a side benefit, this feature
+ provides a way to distinguish bridge descriptors from non-bridge
+ descriptors. Implements tickets 18329.
+
+ o Minor features (client, entry guards):
+ - Improve log messages when missing descriptors for primary guards.
+ Resolves ticket 23670.
+
+ o Minor features (geoip):
+ - Update geoip and geoip6 to the October 4 2017 Maxmind GeoLite2
+ Country database.
+
+ o Minor bugfixes (bridge):
+ - Overwrite the bridge address earlier in the process of retrieving
+ its descriptor, to make sure we reach it on the configured
+ address. Fixes bug 20532; bugfix on 0.2.0.10-alpha.
+
+ o Minor bugfixes (documentation):
+ - Document better how to read gcov, and what our gcov postprocessing
+ scripts do. Fixes bug 23739; bugfix on 0.2.9.1-alpha.
+
+ o Minor bugfixes (entry guards):
+ - Tor now updates its guard state when it reads a consensus
+ regardless of whether it's missing descriptors. That makes tor use
+ its primary guards to fetch descriptors in some edge cases where
+ it would previously have used fallback directories. Fixes bug
+ 23862; bugfix on 0.3.0.1-alpha.
+
+ o Minor bugfixes (hidden service client):
+ - When handling multiple SOCKS request for the same .onion address,
+ only fetch the service descriptor once.
+ - When a descriptor fetch fails with a non-recoverable error, close
+ all pending SOCKS requests for that .onion. Fixes bug 23653;
+ bugfix on 0.3.2.1-alpha.
+
+ o Minor bugfixes (hidden service):
+ - Always regenerate missing hidden service public key files. Prior
+ to this, if the public key was deleted from disk, it wouldn't get
+ recreated. Fixes bug 23748; bugfix on 0.3.2.2-alpha. Patch
+ from "cathugger".
+ - Make sure that we have a usable ed25519 key when the intro point
+ relay supports ed25519 link authentication. Fixes bug 24002;
+ bugfix on 0.3.2.1-alpha.
+
+ o Minor bugfixes (hidden service, v2):
+ - When reloading configured hidden services, copy all information
+ from the old service object. Previously, some data was omitted,
+ causing delays in descriptor upload, and other bugs. Fixes bug
+ 23790; bugfix on 0.2.1.9-alpha.
+
+ o Minor bugfixes (memory safety, defensive programming):
+ - Clear the target address when node_get_prim_orport() returns
+ early. Fixes bug 23874; bugfix on 0.2.8.2-alpha.
+
+ o Minor bugfixes (relay):
+ - Avoid a BUG warning when receiving a dubious CREATE cell while an
+ option transition is in progress. Fixes bug 23952; bugfix
+ on 0.3.2.1-alpha.
+
+ o Minor bugfixes (testing):
+ - Adjust the GitLab CI configuration to more closely match that of
+ Travis CI. Fixes bug 23757; bugfix on 0.3.2.2-alpha.
+ - Prevent scripts/test/coverage from attempting to move gcov output
+ to the root directory. Fixes bug 23741; bugfix on 0.2.5.1-alpha.
+ - When running unit tests as root, skip a test that would fail
+ because it expects a permissions error. This affects some
+ continuous integration setups. Fixes bug 23758; bugfix
+ on 0.3.2.2-alpha.
+ - Stop unconditionally mirroring the tor repository in GitLab CI.
+ This prevented developers from enabling GitLab CI on master. Fixes
+ bug 23755; bugfix on 0.3.2.2-alpha.
+ - Fix the hidden service v3 descriptor decoding fuzzing to use the
+ latest decoding API correctly. Fixes bug 21509; bugfix
+ on 0.3.2.1-alpha.
+
+ o Minor bugfixes (warnings):
+ - When we get an HTTP request on a SOCKS port, tell the user about
+ the new HTTPTunnelPort option. Previously, we would give a "Tor is
+ not an HTTP Proxy" message, which stopped being true when
+ HTTPTunnelPort was introduced. Fixes bug 23678; bugfix
+ on 0.3.2.1-alpha.
+
+
+Changes in version 0.2.5.15 - 2017-10-25
+ Tor 0.2.5.15 backports a collection of bugfixes from later Tor release
+ series. It also adds a new directory authority, Bastet.
+
+ Note: the Tor 0.2.5 series will no longer be supported after 1 May
+ 2018. If you need a release with long-term support, please upgrade to
+ the 0.2.9 series. Otherwise, please upgrade to 0.3.1 or later.
+
+ o Directory authority changes:
+ - Add "Bastet" as a ninth directory authority to the default list.
+ Closes ticket 23910.
+ - The directory authority "Longclaw" has changed its IP address.
+ Closes ticket 23592.
+
+ o Major bugfixes (openbsd, denial-of-service, backport from 0.3.1.5-alpha):
+ - Avoid an assertion failure bug affecting our implementation of
+ inet_pton(AF_INET6) on certain OpenBSD systems whose strtol()
+ handling of "0xx" differs from what we had expected. Fixes bug
+ 22789; bugfix on 0.2.3.8-alpha. Also tracked as TROVE-2017-007.
+
+ o Minor features (geoip):
+ - Update geoip and geoip6 to the October 4 2017 Maxmind GeoLite2
+ Country database.
+
+ o Minor bugfixes (defensive programming, undefined behavior, backport from 0.3.1.4-alpha):
+ - Fix a memset() off the end of an array when packing cells. This
+ bug should be harmless in practice, since the corrupted bytes are
+ still in the same structure, and are always padding bytes,
+ ignored, or immediately overwritten, depending on compiler
+ behavior. Nevertheless, because the memset()'s purpose is to make
+ sure that any other cell-handling bugs can't expose bytes to the
+ network, we need to fix it. Fixes bug 22737; bugfix on
+ 0.2.4.11-alpha. Fixes CID 1401591.
+
+ o Build features (backport from 0.3.1.5-alpha):
+ - Tor's repository now includes a Travis Continuous Integration (CI)
+ configuration file (.travis.yml). This is meant to help new
+ developers and contributors who fork Tor to a Github repository be
+ better able to test their changes, and understand what we expect
+ to pass. To use this new build feature, you must fork Tor to your
+ Github account, then go into the "Integrations" menu in the
+ repository settings for your fork and enable Travis, then push
+ your changes. Closes ticket 22636.
+
+
+Changes in version 0.2.8.16 - 2017-10-25
+ Tor 0.2.8.16 backports a collection of bugfixes from later Tor release
+ series, including a bugfix for a crash issue that had affected relays
+ under memory pressure. It also adds a new directory authority, Bastet.
+
+ Note: the Tor 0.2.8 series will no longer be supported after 1 Jan
+ 2018. If you need a release with long-term support, please stick with
+ the 0.2.9 series. Otherwise, please upgrade to 0.3.1 or later.
+
+ o Directory authority changes:
+ - Add "Bastet" as a ninth directory authority to the default list.
+ Closes ticket 23910.
+ - The directory authority "Longclaw" has changed its IP address.
+ Closes ticket 23592.
+
+ o Major bugfixes (relay, crash, assertion failure, backport from 0.3.2.2-alpha):
+ - Fix a timing-based assertion failure that could occur when the
+ circuit out-of-memory handler freed a connection's output buffer.
+ Fixes bug 23690; bugfix on 0.2.6.1-alpha.
+
+ o Minor features (directory authorities, backport from 0.3.2.2-alpha):
+ - Remove longclaw's IPv6 address, as it will soon change. Authority
+ IPv6 addresses were originally added in 0.2.8.1-alpha. This leaves
+ 3/8 directory authorities with IPv6 addresses, but there are also
+ 52 fallback directory mirrors with IPv6 addresses. Resolves 19760.
+
+ o Minor features (geoip):
+ - Update geoip and geoip6 to the October 4 2017 Maxmind GeoLite2
+ Country database.
+
+
+Changes in version 0.2.9.13 - 2017-10-25
+ Tor 0.2.9.13 backports a collection of bugfixes from later Tor release
+ series, including a bugfix for a crash issue that had affected relays
+ under memory pressure. It also adds a new directory authority, Bastet.
+
+ o Directory authority changes:
+ - Add "Bastet" as a ninth directory authority to the default list.
+ Closes ticket 23910.
+ - The directory authority "Longclaw" has changed its IP address.
+ Closes ticket 23592.
+
+ o Major bugfixes (relay, crash, assertion failure, backport from 0.3.2.2-alpha):
+ - Fix a timing-based assertion failure that could occur when the
+ circuit out-of-memory handler freed a connection's output buffer.
+ Fixes bug 23690; bugfix on 0.2.6.1-alpha.
+
+ o Minor features (directory authorities, backport from 0.3.2.2-alpha):
+ - Remove longclaw's IPv6 address, as it will soon change. Authority
+ IPv6 addresses were originally added in 0.2.8.1-alpha. This leaves
+ 3/8 directory authorities with IPv6 addresses, but there are also
+ 52 fallback directory mirrors with IPv6 addresses. Resolves 19760.
+
+ o Minor features (geoip):
+ - Update geoip and geoip6 to the October 4 2017 Maxmind GeoLite2
+ Country database.
+
+ o Minor bugfixes (directory authority, backport from 0.3.1.5-alpha):
+ - When a directory authority rejects a descriptor or extrainfo with
+ a given digest, mark that digest as undownloadable, so that we do
+ not attempt to download it again over and over. We previously
+ tried to avoid downloading such descriptors by other means, but we
+ didn't notice if we accidentally downloaded one anyway. This
+ behavior became problematic in 0.2.7.2-alpha, when authorities
+ began pinning Ed25519 keys. Fixes bug 22349; bugfix
+ on 0.2.1.19-alpha.
+
+ o Minor bugfixes (memory safety, backport from 0.3.2.3-alpha):
+ - Clear the address when node_get_prim_orport() returns early.
+ Fixes bug 23874; bugfix on 0.2.8.2-alpha.
+
+ o Minor bugfixes (Windows service, backport from 0.3.1.6-rc):
+ - When running as a Windows service, set the ID of the main thread
+ correctly. Failure to do so made us fail to send log messages to
+ the controller in 0.2.1.16-rc, slowed down controller event
+ delivery in 0.2.7.3-rc and later, and crash with an assertion
+ failure in 0.3.1.1-alpha. Fixes bug 23081; bugfix on 0.2.1.6-alpha.
+ Patch and diagnosis from "Vort".
+
+
+Changes in version 0.3.0.12 - 2017-10-25
+ Tor 0.3.0.12 backports a collection of bugfixes from later Tor release
+ series, including a bugfix for a crash issue that had affected relays
+ under memory pressure. It also adds a new directory authority, Bastet.
+
+ Note: the Tor 0.3.0 series will no longer be supported after 26 Jan
+ 2018. If you need a release with long-term support, please stick with
+ the 0.2.9 series. Otherwise, please upgrade to 0.3.1 or later.
+
+ o Directory authority changes:
+ - Add "Bastet" as a ninth directory authority to the default list.
+ Closes ticket 23910.
+ - The directory authority "Longclaw" has changed its IP address.
+ Closes ticket 23592.
+
+ o Major bugfixes (relay, crash, assertion failure, backport from 0.3.2.2-alpha):
+ - Fix a timing-based assertion failure that could occur when the
+ circuit out-of-memory handler freed a connection's output buffer.
+ Fixes bug 23690; bugfix on 0.2.6.1-alpha.
+
+ o Minor features (directory authorities, backport from 0.3.2.2-alpha):
+ - Remove longclaw's IPv6 address, as it will soon change. Authority
+ IPv6 addresses were originally added in 0.2.8.1-alpha. This leaves
+ 3/8 directory authorities with IPv6 addresses, but there are also
+ 52 fallback directory mirrors with IPv6 addresses. Resolves 19760.
+
+ o Minor features (geoip):
+ - Update geoip and geoip6 to the October 4 2017 Maxmind GeoLite2
+ Country database.
+
+ o Minor bugfixes (directory authority, backport from 0.3.1.5-alpha):
+ - When a directory authority rejects a descriptor or extrainfo with
+ a given digest, mark that digest as undownloadable, so that we do
+ not attempt to download it again over and over. We previously
+ tried to avoid downloading such descriptors by other means, but we
+ didn't notice if we accidentally downloaded one anyway. This
+ behavior became problematic in 0.2.7.2-alpha, when authorities
+ began pinning Ed25519 keys. Fixes bug 22349; bugfix
+ on 0.2.1.19-alpha.
+
+ o Minor bugfixes (hidden service, relay, backport from 0.3.2.2-alpha):
+ - Avoid a possible double close of a circuit by the intro point on
+ error of sending the INTRO_ESTABLISHED cell. Fixes bug 23610;
+ bugfix on 0.3.0.1-alpha.
+
+ o Minor bugfixes (memory safety, backport from 0.3.2.3-alpha):
+ - Clear the address when node_get_prim_orport() returns early.
+ Fixes bug 23874; bugfix on 0.2.8.2-alpha.
+
+ o Minor bugfixes (Windows service, backport from 0.3.1.6-rc):
+ - When running as a Windows service, set the ID of the main thread
+ correctly. Failure to do so made us fail to send log messages to
+ the controller in 0.2.1.16-rc, slowed down controller event
+ delivery in 0.2.7.3-rc and later, and crash with an assertion
+ failure in 0.3.1.1-alpha. Fixes bug 23081; bugfix on 0.2.1.6-alpha.
+ Patch and diagnosis from "Vort".
+
+
+Changes in version 0.3.1.8 - 2017-10-25
+ Tor 0.3.1.8 is the second stable release in the 0.3.1 series.
+ It includes several bugfixes, including a bugfix for a crash issue
+ that had affected relays under memory pressure. It also adds
+ a new directory authority, Bastet.
+
+ o Directory authority changes:
+ - Add "Bastet" as a ninth directory authority to the default list.
+ Closes ticket 23910.
+ - The directory authority "Longclaw" has changed its IP address.
+ Closes ticket 23592.
+
+ o Major bugfixes (relay, crash, assertion failure, backport from 0.3.2.2-alpha):
+ - Fix a timing-based assertion failure that could occur when the
+ circuit out-of-memory handler freed a connection's output buffer.
+ Fixes bug 23690; bugfix on 0.2.6.1-alpha.
+
+ o Minor features (directory authorities, backport from 0.3.2.2-alpha):
+ - Remove longclaw's IPv6 address, as it will soon change. Authority
+ IPv6 addresses were originally added in 0.2.8.1-alpha. This leaves
+ 3/8 directory authorities with IPv6 addresses, but there are also
+ 52 fallback directory mirrors with IPv6 addresses. Resolves 19760.
+
+ o Minor features (geoip):
+ - Update geoip and geoip6 to the October 4 2017 Maxmind GeoLite2
+ Country database.
+
+ o Minor bugfixes (compilation, backport from 0.3.2.2-alpha):
+ - Fix a compilation warning when building with zstd support on
+ 32-bit platforms. Fixes bug 23568; bugfix on 0.3.1.1-alpha. Found
+ and fixed by Andreas Stieger.
+
+ o Minor bugfixes (compression, backport from 0.3.2.2-alpha):
+ - Handle a pathological case when decompressing Zstandard data when
+ the output buffer size is zero. Fixes bug 23551; bugfix
+ on 0.3.1.1-alpha.
+
+ o Minor bugfixes (directory authority, backport from 0.3.2.1-alpha):
+ - Remove the length limit on HTTP status lines that authorities can
+ send in their replies. Fixes bug 23499; bugfix on 0.3.1.6-rc.
+
+ o Minor bugfixes (hidden service, relay, backport from 0.3.2.2-alpha):
+ - Avoid a possible double close of a circuit by the intro point on
+ error of sending the INTRO_ESTABLISHED cell. Fixes bug 23610;
+ bugfix on 0.3.0.1-alpha.
+
+ o Minor bugfixes (memory safety, backport from 0.3.2.3-alpha):
+ - Clear the address when node_get_prim_orport() returns early.
+ Fixes bug 23874; bugfix on 0.2.8.2-alpha.
+
+ o Minor bugfixes (unit tests, backport from 0.3.2.2-alpha):
+ - Fix additional channelpadding unit test failures by using mocked
+ time instead of actual time for all tests. Fixes bug 23608; bugfix
+ on 0.3.1.1-alpha.
+
+
Changes in version 0.3.2.2-alpha - 2017-09-29
Tor 0.3.2.2-alpha is the second release in the 0.3.2 series. This
release fixes several minor bugs in the new scheduler and next-
@@ -3220,7 +4799,7 @@ Changes in version 0.3.0.1-alpha - 2016-12-19
initial code by Alec Heifetz.
- Relays now support the HSDir version 3 protocol, so that they can
can store and serve v3 descriptors. This is part of the next-
- generation onion service work detailled in proposal 224. Closes
+ generation onion service work detailed in proposal 224. Closes
ticket 17238.
o Major features (protocol, ed25519 identity keys):
@@ -4218,7 +5797,7 @@ Changes in version 0.2.9.2-alpha - 2016-08-24
o Deprecated features:
- A number of DNS-cache-related sub-options for client ports are now
deprecated for security reasons, and may be removed in a future
- version of Tor. (We believe that client-side DNS cacheing is a bad
+ version of Tor. (We believe that client-side DNS caching is a bad
idea for anonymity, and you should not turn it on.) The options
are: CacheDNS, CacheIPv4DNS, CacheIPv6DNS, UseDNSCache,
UseIPv4Cache, and UseIPv6Cache.
@@ -10218,7 +11797,7 @@ Changes in version 0.2.4.12-alpha - 2013-04-18
0.2.0.10-alpha. Reported pseudonymously.
- Make the format and order of STREAM events for DNS lookups
consistent among the various ways to launch DNS lookups. Fixes
- bug 8203; bugfix on 0.2.0.24-rc. Patch by "Desoxy."
+ bug 8203; bugfix on 0.2.0.24-rc. Patch by "Desoxy".
- Correct our check for which versions of Tor support the EXTEND2
cell. We had been willing to send it to Tor 0.2.4.7-alpha and
later, when support was really added in version 0.2.4.8-alpha.
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion