diff options
Diffstat (limited to 'ChangeLog')
| -rw-r--r-- | ChangeLog | 1149 |
1 files changed, 1149 insertions, 0 deletions
@@ -1,3 +1,1152 @@ +Changes in version 0.2.9.5-rc - 2016-1?-?? + + +Changes in version 0.2.8.9 - 2016-10-17 + Tor 0.2.8.9 backports a fix for a security hole in previous versions + of Tor that would allow a remote attacker to crash a Tor client, + hidden service, relay, or authority. All Tor users should upgrade to + this version, or to 0.2.9.4-alpha. Patches will be released for older + versions of Tor. + + o Major features (security fixes, also in 0.2.9.4-alpha): + - Prevent a class of security bugs caused by treating the contents + of a buffer chunk as if they were a NUL-terminated string. At + least one such bug seems to be present in all currently used + versions of Tor, and would allow an attacker to remotely crash + most Tor instances, especially those compiled with extra compiler + hardening. With this defense in place, such bugs can't crash Tor, + though we should still fix them as they occur. Closes ticket + 20384 (TROVE-2016-10-001). + + o Minor features (geoip): + - Update geoip and geoip6 to the October 4 2016 Maxmind GeoLite2 + Country database. + + +Changes in version 0.2.9.4-alpha - 2016-10-17 + Tor 0.2.9.4-alpha fixes a security hole in previous versions of Tor + that would allow a remote attacker to crash a Tor client, hidden + service, relay, or authority. All Tor users should upgrade to this + version, or to 0.2.8.9. Patches will be released for older versions + of Tor. + + Tor 0.2.9.4-alpha also adds numerous small features and fix-ups to + previous versions of Tor, including the implementation of a feature to + future- proof the Tor ecosystem against protocol changes, some bug + fixes necessary for Tor Browser to use unix domain sockets correctly, + and several portability improvements. We anticipate that this will be + the last alpha in the Tor 0.2.9 series, and that the next release will + be a release candidate. + + o Major features (security fixes): + - Prevent a class of security bugs caused by treating the contents + of a buffer chunk as if they were a NUL-terminated string. At + least one such bug seems to be present in all currently used + versions of Tor, and would allow an attacker to remotely crash + most Tor instances, especially those compiled with extra compiler + hardening. With this defense in place, such bugs can't crash Tor, + though we should still fix them as they occur. Closes ticket + 20384 (TROVE-2016-10-001). + + o Major features (subprotocol versions): + - Tor directory authorities now vote on a set of recommended + subprotocol versions, and on a set of required subprotocol + versions. Clients and relays that lack support for a _required_ + subprotocol version will not start; those that lack support for a + _recommended_ subprotocol version will warn the user to upgrade. + Closes ticket 19958; implements part of proposal 264. + - Tor now uses "subprotocol versions" to indicate compatibility. + Previously, versions of Tor looked at the declared Tor version of + a relay to tell whether they could use a given feature. Now, they + should be able to rely on its declared subprotocol versions. This + change allows compatible implementations of the Tor protocol(s) to + exist without pretending to be 100% bug-compatible with particular + releases of Tor itself. Closes ticket 19958; implements part of + proposal 264. + + o Minor feature (fallback directories): + - Remove broken fallbacks from the hard-coded fallback directory + list. Closes ticket 20190; patch by teor. + + o Minor features (client, directory): + - Since authorities now omit all routers that lack the Running and + Valid flags, we assume that any relay listed in the consensus must + have those flags. Closes ticket 20001; implements part of + proposal 272. + + o Minor features (compilation, portability): + - Compile correctly on MacOS 10.12 (aka "Sierra"). Closes + ticket 20241. + + o Minor features (development tools, etags): + - Teach the "make tags" Makefile target how to correctly find + "MOCK_IMPL" function definitions. Patch from nherring; closes + ticket 16869. + + o Minor features (geoip): + - Update geoip and geoip6 to the October 4 2016 Maxmind GeoLite2 + Country database. + + o Minor features (unix domain sockets): + - When configuring a unix domain socket for a SocksPort, + ControlPort, or Hidden service, you can now wrap the address in + quotes, using C-style escapes inside the quotes. This allows unix + domain socket paths to contain spaces. + + o Minor features (virtual addresses): + - Increase the maximum number of bits for the IPv6 virtual network + prefix from 16 to 104. In this way, the condition for address + allocation is less restrictive. Closes ticket 20151; feature + on 0.2.4.7-alpha. + + o Minor bugfixes (address discovery): + - Stop reordering IP addresses returned by the OS. This makes it + more likely that Tor will guess the same relay IP address every + time. Fixes issue 20163; bugfix on 0.2.7.1-alpha, ticket 17027. + Reported by René Mayrhofer, patch by "cypherpunks". + + o Minor bugfixes (client, unix domain sockets): + - Disable IsolateClientAddr when using AF_UNIX backed SocksPorts as + the client address is meaningless. Fixes bug 20261; bugfix + on 0.2.6.3-alpha. + + o Minor bugfixes (compilation, OpenBSD): + - Detect Libevent2 functions correctly on systems that provide + libevent2, but where libevent1 is linked with -levent. Fixes bug + 19904; bugfix on 0.2.2.24-alpha. Patch from Rubiate. + + o Minor bugfixes (configuration): + - When parsing quoted configuration values from the torrc file, + handle windows line endings correctly. Fixes bug 19167; bugfix on + 0.2.0.16-alpha. Patch from "Pingl". + + o Minor bugfixes (getpass): + - Defensively fix a non-triggerable heap corruption at do_getpass() + to protect ourselves from mistakes in the future. Fixes bug + #19223; bugfix on 0.2.7.3-rc. Bug found by Guido Vranken, patch + by nherring. + + o Minor bugfixes (hidden service): + - Allow hidden services to run on IPv6 addresses even when the + IPv6Exit option is not set. Fixes bug 18357; bugfix + on 0.2.4.7-alpha. + + o Documentation: + - Add module-level internal documentation for 36 C files that + previously didn't have a high-level overview. Closes ticket #20385. + + o Required libraries: + - When building with OpenSSL, Tor now requires version 1.0.1 or + later. OpenSSL 1.0.0 and earlier are no longer supported by the + OpenSSL team, and should not be used. Closes ticket 20303. + + +Changes in version 0.2.9.3-alpha - 2016-09-23 + Tor 0.2.9.3-alpha adds improved support for entities that want to make + high-performance services available through the Tor .onion mechanism + without themselves receiving anonymity as they host those services. It + also tries harder to ensure that all steps on a circuit are using the + strongest crypto possible, strengthens some TLS properties, and + resolves several bugs -- including a pair of crash bugs from the 0.2.8 + series. Anybody running an earlier version of 0.2.9.x should upgrade. + + o Major bugfixes (crash, also in 0.2.8.8): + - Fix a complicated crash bug that could affect Tor clients + configured to use bridges when replacing a networkstatus consensus + in which one of their bridges was mentioned. OpenBSD users saw + more crashes here, but all platforms were potentially affected. + Fixes bug 20103; bugfix on 0.2.8.2-alpha. + + o Major bugfixes (relay, OOM handler, also in 0.2.8.8): + - Fix a timing-dependent assertion failure that could occur when we + tried to flush from a circuit after having freed its cells because + of an out-of-memory condition. Fixes bug 20203; bugfix on + 0.2.8.1-alpha. Thanks to "cypherpunks" for help diagnosing + this one. + + o Major features (circuit building, security): + - Authorities, relays and clients now require ntor keys in all + descriptors, for all hops (except for rare hidden service protocol + cases), for all circuits, and for all other roles. Part of + ticket 19163. + - Tor authorities, relays, and clients only use ntor, except for + rare cases in the hidden service protocol. Part of ticket 19163. + + o Major features (single-hop "hidden" services): + - Add experimental HiddenServiceSingleHopMode and + HiddenServiceNonAnonymousMode options. When both are set to 1, + every hidden service on a Tor instance becomes a non-anonymous + Single Onion Service. Single Onions make one-hop (direct) + connections to their introduction and renzedvous points. One-hop + circuits make Single Onion servers easily locatable, but clients + remain location-anonymous. This is compatible with the existing + hidden service implementation, and works on the current tor + network without any changes to older relays or clients. Implements + proposal 260, completes ticket 17178. Patch by teor and asn. + + o Major features (resource management): + - Tor can now notice it is about to run out of sockets, and + preemptively close connections of lower priority. (This feature is + off by default for now, since the current prioritizing method is + yet not mature enough. You can enable it by setting + "DisableOOSCheck 0", but watch out: it might close some sockets + you would rather have it keep.) Closes ticket 18640. + + o Major bugfixes (circuit building): + - Hidden service client-to-intro-point and service-to-rendezvous- + point cicruits use the TAP key supplied by the protocol, to avoid + epistemic attacks. Fixes bug 19163; bugfix on 0.2.4.18-rc. + + o Major bugfixes (compilation, OpenBSD): + - Fix a Libevent-detection bug in our autoconf script that would + prevent Tor from linking successfully on OpenBSD. Patch from + rubiate. Fixes bug 19902; bugfix on 0.2.9.1-alpha. + + o Major bugfixes (hidden services): + - Clients now require hidden services to include the TAP keys for + their intro points in the hidden service descriptor. This prevents + an inadvertent upgrade to ntor, which a malicious hidden service + could use to distinguish clients by consensus version. Fixes bug + 20012; bugfix on 0.2.4.8-alpha. Patch by teor. + + o Minor features (security, TLS): + - Servers no longer support clients that without AES ciphersuites. + (3DES is no longer considered an acceptable cipher.) We believe + that no such Tor clients currently exist, since Tor has required + OpenSSL 0.9.7 or later since 2009. Closes ticket 19998. + + o Minor feature (fallback directories): + - Remove broken entries from the hard-coded fallback directory list. + Closes ticket 20190; patch by teor. + + o Minor features (geoip, also in 0.2.8.8): + - Update geoip and geoip6 to the September 6 2016 Maxmind GeoLite2 + Country database. + + o Minor feature (port flags): + - Add new flags to the *Port options to finer control over which + requests are allowed. The flags are NoDNSRequest, NoOnionTraffic, + and the synthetic flag OnionTrafficOnly, which is equivalent to + NoDNSRequest, NoIPv4Traffic, and NoIPv6Traffic. Closes enhancement + 18693; patch by "teor". + + o Minor features (directory authority): + - After voting, if the authorities decide that a relay is not + "Valid", they no longer include it in the consensus at all. Closes + ticket 20002; implements part of proposal 272. + + o Minor features (testing): + - Disable memory protections on OpenBSD when performing our unit + tests for memwipe(). The test deliberately invokes undefined + behavior, and the OpenBSD protections interfere with this. Patch + from "rubiate". Closes ticket 20066. + + o Minor features (testing, ipv6): + - Add the single-onion and single-onion-ipv6 chutney targets to + "make test-network-all". This requires a recent chutney version + with the single onion network flavours (git c72a652 or later). + Closes ticket 20072; patch by teor. + - Add the hs-ipv6 chutney target to make test-network-all's IPv6 + tests. Remove bridges+hs, as it's somewhat redundant. This + requires a recent chutney version that supports IPv6 clients, + relays, and authorities. Closes ticket 20069; patch by teor. + + o Minor features (Tor2web): + - Make Tor2web clients respect ReachableAddresses. This feature was + inadvertently enabled in 0.2.8.6, then removed by bugfix 19973 on + 0.2.8.7. Implements feature 20034. Patch by teor. + + o Minor features (unit tests): + - We've done significant work to make the unit tests run faster. + - Our link-handshake unit tests now check that when invalid + handshakes fail, they fail with the error messages we expected. + - Our unit testing code that captures log messages no longer + prevents them from being written out if the user asked for them + (by passing --debug or --info or or --notice --warn to the "test" + binary). This change prevents us from missing unexpected log + messages simply because we were looking for others. Related to + ticket 19999. + - The unit tests now log all warning messages with the "BUG" flag. + Previously, they only logged errors by default. This change will + help us make our testing code more correct, and make sure that we + only hit this code when we mean to. In the meantime, however, + there will be more warnings in the unit test logs than before. + This is preparatory work for ticket 19999. + - The unit tests now treat any failure of a "tor_assert_nonfatal()" + assertion as a test failure. + + o Minor bug fixes (circuits): + - Use the CircuitBuildTimeout option whenever + LearnCircuitBuildTimeout is disabled. Previously, we would respect + the option when a user disabled it, but not when it was disabled + because some other option was set. Fixes bug 20073; bugfix on + 0.2.4.12-alpha. Patch by teor. + + o Minor bugfixes (allocation): + - Change how we allocate memory for large chunks on buffers, to + avoid a (currently impossible) integer overflow, and to waste less + space when allocating unusually large chunks. Fixes bug 20081; + bugfix on 0.2.0.16-alpha. Issue identified by Guido Vranken. + - Always include orconfig.h before including any other C headers. + Sometimes, it includes macros that affect the behavior of the + standard headers. Fixes bug 19767; bugfix on 0.2.9.1-alpha (the + first version to use AC_USE_SYSTEM_EXTENSIONS). + - Fix a syntax error in the IF_BUG_ONCE__() macro in non-GCC- + compatible compilers. Fixes bug 20141; bugfix on 0.2.9.1-alpha. + Patch from Gisle Vanem. + - Stop trying to build with Clang 4.0's -Wthread-safety warnings. + They apparently require a set of annotations that we aren't + currently using, and they create false positives in our pthreads + wrappers. Fixes bug 20110; bugfix on 0.2.9.1-alpha. + + o Minor bugfixes (directory authority): + - Die with a more useful error when the operator forgets to place + the authority_signing_key file into the keys directory. This + avoids an uninformative assert & traceback about having an invalid + key. Fixes bug 20065; bugfix on 0.2.0.1-alpha. + - When allowing private addresses, mark Exits that only exit to + private locations as such. Fixes bug 20064; bugfix + on 0.2.2.9-alpha. + + o Minor bugfixes (documentation): + - Document the default PathsNeededToBuildCircuits value that's used + by clients when the directory authorities don't set + min_paths_for_circs_pct. Fixes bug 20117; bugfix on 02c320916e02 + in tor-0.2.4.10-alpha. Patch by teor, reported by Jesse V. + - Fix manual for the User option: it takes a username, not a UID. + Fixes bug 19122; bugfix on 0.0.2pre16 (the first version to have + a manpage!). + + o Minor bugfixes (hidden services): + - Stop logging intro point details to the client log on certain + error conditions. Fixed as part of bug 20012; bugfix on + 0.2.4.8-alpha. Patch by teor. + + o Minor bugfixes (IPv6, testing): + - Check for IPv6 correctly on Linux when running test networks. + Fixes bug 19905; bugfix on 0.2.7.3-rc; patch by teor. + + o Minor bugfixes (Linux seccomp2 sandbox): + - Add permission to run the sched_yield() and sigaltstack() system + calls, in order to support versions of Tor compiled with asan or + ubsan code that use these calls. Now "sandbox 1" and + "--enable-expensive-hardening" should be compatible on more + systems. Fixes bug 20063; bugfix on 0.2.5.1-alpha. + + o Minor bugfixes (logging): + - When logging a message from the BUG() macro, be explicit about + what we were asserting. Previously we were confusing what we were + asserting with what the bug was. Fixes bug 20093; bugfix + on 0.2.9.1-alpha. + - When we are unable to remove the bw_accounting file, do not warn + if the reason we couldn't remove it was that it didn't exist. + Fixes bug 19964; bugfix on 0.2.5.4-alpha. Patch from 'pastly'. + + o Minor bugfixes (option parsing): + - Count unix sockets when counting client listeners (SOCKS, Trans, + NATD, and DNS). This has no user-visible behaviour changes: these + options are set once, and never read. Required for correct + behaviour in ticket 17178. Fixes bug 19677; bugfix on + 0.2.6.3-alpha. Patch by teor. + + o Minor bugfixes (options): + - Check the consistency of UseEntryGuards and EntryNodes more + reliably. Fixes bug 20074; bugfix on tor- 0.2.4.12-alpha. Patch + by teor. + - Stop changing the configured value of UseEntryGuards on + authorities and Tor2web clients. Fixes bug 20074; bugfix on + commits 51fc6799 in tor-0.1.1.16-rc and acda1735 in tor-0.2.4.3- + alpha. Patch by teor. + + o Minor bugfixes (Tor2web): + - Prevent Tor2web clients running hidden services, these services + are not anonymous due to the one-hop client paths. Fixes bug + 19678. Patch by teor. + + o Minor bugfixes (unit tests): + - Fix a shared-random unit test that was failing on big endian + architectures due to internal representation of a integer copied + to a buffer. The test is changed to take a full 32 bytes of data + and use the output of a python script that make the COMMIT and + REVEAL calculation according to the spec. Fixes bug 19977; bugfix + on 0.2.9.1-alpha. + - The tor_tls_server_info_callback unit test no longer crashes when + debug-level logging is turned on. Fixes bug 20041; bugfix + on 0.2.8.1-alpha. + + +Changes in version 0.2.8.8 - 2016-09-23 + Tor 0.2.8.8 fixes two crash bugs present in previous versions of the + 0.2.8.x series. Relays running 0.2.8.x should upgrade, as should users + who select public relays as their bridges. + + o Major bugfixes (crash): + - Fix a complicated crash bug that could affect Tor clients + configured to use bridges when replacing a networkstatus consensus + in which one of their bridges was mentioned. OpenBSD users saw + more crashes here, but all platforms were potentially affected. + Fixes bug 20103; bugfix on 0.2.8.2-alpha. + + o Major bugfixes (relay, OOM handler): + - Fix a timing-dependent assertion failure that could occur when we + tried to flush from a circuit after having freed its cells because + of an out-of-memory condition. Fixes bug 20203; bugfix on + 0.2.8.1-alpha. Thanks to "cypherpunks" for help diagnosing + this one. + + o Minor feature (fallback directories): + - Remove broken fallbacks from the hard-coded fallback directory + list. Closes ticket 20190; patch by teor. + + o Minor features (geoip): + - Update geoip and geoip6 to the September 6 2016 Maxmind GeoLite2 + Country database. + + +Changes in version 0.2.9.2-alpha - 2016-08-24 + Tor 0.2.9.2-alpha continues development of the 0.2.9 series with + several new features and bugfixes. It also includes an important + authority update and an important bugfix from 0.2.8.7. Everyone who + sets the ReachableAddresses option, and all bridges, are strongly + encouraged to upgrade to 0.2.8.7, or to 0.2.9.2-alpha. + + o Directory authority changes (also in 0.2.8.7): + - The "Tonga" bridge authority has been retired; the new bridge + authority is "Bifroest". Closes tickets 19728 and 19690. + + o Major bugfixes (client, security, also in 0.2.8.7): + - Only use the ReachableAddresses option to restrict the first hop + in a path. In earlier versions of 0.2.8.x, it would apply to + every hop in the path, with a possible degradation in anonymity + for anyone using an uncommon ReachableAddress setting. Fixes bug + 19973; bugfix on 0.2.8.2-alpha. + + o Major features (user interface): + - Tor now supports the ability to declare options deprecated, so + that we can recommend that people stop using them. Previously, + this was done in an ad-hoc way. Closes ticket 19820. + + o Major bugfixes (directory downloads): + - Avoid resetting download status for consensuses hourly, since we + already have another, smarter retry mechanism. Fixes bug 8625; + bugfix on 0.2.0.9-alpha. + + o Minor features (config): + - Warn users when descriptor and port addresses are inconsistent. + Mitigates bug 13953; patch by teor. + + o Minor features (geoip): + - Update geoip and geoip6 to the August 2 2016 Maxmind GeoLite2 + Country database. + + o Minor features (user interface): + - There is a new --list-deprecated-options command-line option to + list all of the deprecated options. Implemented as part of + ticket 19820. + + o Minor bugfixes (code style): + - Fix an integer signedness conversion issue in the case conversion + tables. Fixes bug 19168; bugfix on 0.2.1.11-alpha. + + o Minor bugfixes (compilation): + - Build correctly on versions of libevent2 without support for + evutil_secure_rng_add_bytes(). Fixes bug 19904; bugfix + on 0.2.5.4-alpha. + - Fix a compilation warning on GCC versions before 4.6. Our + ENABLE_GCC_WARNING macro used the word "warning" as an argument, + when it is also required as an argument to the compiler pragma. + Fixes bug 19901; bugfix on 0.2.9.1-alpha. + + o Minor bugfixes (compilation, also in 0.2.8.7): + - Remove an inappropriate "inline" in tortls.c that was causing + warnings on older versions of GCC. Fixes bug 19903; bugfix + on 0.2.8.1-alpha. + + o Minor bugfixes (fallback directories, also in 0.2.8.7): + - Avoid logging a NULL string pointer when loading fallback + directory information. Fixes bug 19947; bugfix on 0.2.4.7-alpha + and 0.2.8.1-alpha. Report and patch by "rubiate". + + o Minor bugfixes (logging): + - Log a more accurate message when we fail to dump a microdescriptor. + Fixes bug 17758; bugfix on 0.2.2.8-alpha. Patch from Daniel Pinto. + + o Minor bugfixes (memory leak): + - Fix a series of slow memory leaks related to parsing torrc files + and options. Fixes bug 19466; bugfix on 0.2.1.6-alpha. + + o Deprecated features: + - A number of DNS-cache-related sub-options for client ports are now + deprecated for security reasons, and may be removed in a future + version of Tor. (We believe that client-side DNS cacheing is a bad + idea for anonymity, and you should not turn it on.) The options + are: CacheDNS, CacheIPv4DNS, CacheIPv6DNS, UseDNSCache, + UseIPv4Cache, and UseIPv6Cache. + - A number of options are deprecated for security reasons, and may + be removed in a future version of Tor. The options are: + AllowDotExit, AllowInvalidNodes, AllowSingleHopCircuits, + AllowSingleHopExits, ClientDNSRejectInternalAddresses, + CloseHSClientCircuitsImmediatelyOnTimeout, + CloseHSServiceRendCircuitsImmediatelyOnTimeout, + ExcludeSingleHopRelays, FastFirstHopPK, TLSECGroup, + UseNTorHandshake, and WarnUnsafeSocks. + - The *ListenAddress options are now deprecated as unnecessary: the + corresponding *Port options should be used instead. These options + may someday be removed. The affected options are: + ControlListenAddress, DNSListenAddress, DirListenAddress, + NATDListenAddress, ORListenAddress, SocksListenAddress, + and TransListenAddress. + + o Documentation: + - Correct the IPv6 syntax in our documentation for the + VirtualAddrNetworkIPv6 torrc option. Closes ticket 19743. + + o Removed code: + - We no longer include the (dead, deprecated) bufferevent code in + Tor. Closes ticket 19450. Based on a patch from U+039b. + + +Changes in version 0.2.8.7 - 2016-08-24 + Tor 0.2.8.7 fixes an important bug related to the ReachableAddresses + option in 0.2.8.6, and replaces a retiring bridge authority. Everyone + who sets the ReachableAddresses option, and all bridges, are strongly + encouraged to upgrade. + + o Directory authority changes: + - The "Tonga" bridge authority has been retired; the new bridge + authority is "Bifroest". Closes tickets 19728 and 19690. + + o Major bugfixes (client, security): + - Only use the ReachableAddresses option to restrict the first hop + in a path. In earlier versions of 0.2.8.x, it would apply to + every hop in the path, with a possible degradation in anonymity + for anyone using an uncommon ReachableAddress setting. Fixes bug + 19973; bugfix on 0.2.8.2-alpha. + + o Minor features (geoip): + - Update geoip and geoip6 to the August 2 2016 Maxmind GeoLite2 + Country database. + + o Minor bugfixes (compilation): + - Remove an inappropriate "inline" in tortls.c that was causing + warnings on older versions of GCC. Fixes bug 19903; bugfix + on 0.2.8.1-alpha. + + o Minor bugfixes (fallback directories): + - Avoid logging a NULL string pointer when loading fallback + directory information. Fixes bug 19947; bugfix on 0.2.4.7-alpha + and 0.2.8.1-alpha. Report and patch by "rubiate". + + +Changes in version 0.2.9.1-alpha - 2016-08-08 + Tor 0.2.9.1-alpha is the first alpha release in the 0.2.9 development + series. It improves our support for hardened builds and compiler + warnings, deploys some critical infrastructure for improvements to + hidden services, includes a new timing backend that we hope to use for + better support for traffic padding, makes it easier for programmers to + log unexpected events, and contains other small improvements to + security, correctness, and performance. + + Below are the changes since 0.2.8.6. + + o New system requirements: + - Tor now requires Libevent version 2.0.10-stable or later. Older + versions of Libevent have less efficient backends for several + platforms, and lack the DNS code that we use for our server-side + DNS support. This implements ticket 19554. + - Tor now requires zlib version 1.2 or later, for security, + efficiency, and (eventually) gzip support. (Back when we started, + zlib 1.1 and zlib 1.0 were still found in the wild. 1.2 was + released in 2003. We recommend the latest version.) + + o Major features (build, hardening): + - Tor now builds with -ftrapv by default on compilers that support + it. This option detects signed integer overflow (which C forbids), + and turns it into a hard-failure. We do not apply this option to + code that needs to run in constant time to avoid side-channels; + instead, we use -fwrapv in that code. Closes ticket 17983. + - When --enable-expensive-hardening is selected, stop applying the + clang/gcc sanitizers to code that needs to run in constant time. + Although we are aware of no introduced side-channels, we are not + able to prove that there are none. Related to ticket 17983. + + o Major features (compilation): + - Our big list of extra GCC warnings is now enabled by default when + building with GCC (or with anything like Clang that claims to be + GCC-compatible). To make all warnings into fatal compilation + errors, pass --enable-fatal-warnings to configure. Closes + ticket 19044. + - Use the Autoconf macro AC_USE_SYSTEM_EXTENSIONS to automatically + turn on C and POSIX extensions. (Previously, we attempted to do + this on an ad hoc basis.) Closes ticket 19139. + + o Major features (directory authorities, hidden services): + - Directory authorities can now perform the shared randomness + protocol specified by proposal 250. Using this protocol, directory + authorities generate a global fresh random value every day. In the + future, this value will be used by hidden services to select + HSDirs. This release implements the directory authority feature; + the hidden service side will be implemented in the future as part + of proposal 224. Resolves ticket 16943; implements proposal 250. + + o Major features (downloading, random exponential backoff): + - When we fail to download an object from a directory service, wait + for an (exponentially increasing) randomized amount of time before + retrying, rather than a fixed interval as we did before. This + prevents a group of Tor instances from becoming too synchronized, + or a single Tor instance from becoming too predictable, in its + download schedule. Closes ticket 15942. + + o Major bugfixes (exit policies): + - Avoid disclosing exit outbound bind addresses, configured port + bind addresses, and local interface addresses in relay descriptors + by default under ExitPolicyRejectPrivate. Instead, only reject + these (otherwise unlisted) addresses if + ExitPolicyRejectLocalInterfaces is set. Fixes bug 18456; bugfix on + 0.2.7.2-alpha. Patch by teor. + + o Major bugfixes (hidden service client): + - Allow Tor clients with appropriate controllers to work with + FetchHidServDescriptors set to 0. Previously, this option also + disabled descriptor cache lookup, thus breaking hidden services + entirely. Fixes bug 18704; bugfix on 0.2.0.20-rc. Patch by "twim". + + o Minor features (build, hardening): + - Detect and work around a libclang_rt problem that would prevent + clang from finding __mulodi4() on some 32-bit platforms, and thus + keep -ftrapv from linking on those systems. Closes ticket 19079. + - When building on a system without runtime support for the runtime + hardening options, try to log a useful warning at configuration + time, rather than an incomprehensible warning at link time. If + expensive hardening was requested, this warning becomes an error. + Closes ticket 18895. + + o Minor features (code safety): + - In our integer-parsing functions, ensure that maxiumum value we + give is no smaller than the minimum value. Closes ticket 19063; + patch from U+039b. + + o Minor features (controller): + - Implement new GETINFO queries for all downloads that use + download_status_t to schedule retries. This allows controllers to + examine the schedule for pending downloads. Closes ticket 19323. + - Allow controllers to configure basic client authorization on + hidden services when they create them with the ADD_ONION control + command. Implements ticket 15588. Patch by "special". + - Fire a STATUS_SERVER controller event whenever the hibernation + status changes between "awake"/"soft"/"hard". Closes ticket 18685. + + o Minor features (directory authority): + - Directory authorities now only give the Guard flag to a relay if + they are also giving it the Stable flag. This change allows us to + simplify path selection for clients. It should have minimal effect + in practice, since >99% of Guards already have the Stable flag. + Implements ticket 18624. + - Directory authorities now write their v3-status-votes file out to + disk earlier in the consensus process, so we have a record of the + votes even if we abort the consensus process. Resolves + ticket 19036. + + o Minor features (hidden service): + - Stop being so strict about the payload length of "rendezvous1" + cells. We used to be locked in to the "TAP" handshake length, and + now we can handle better handshakes like "ntor". Resolves + ticket 18998. + + o Minor features (infrastructure, time): + - Tor now uses the operating system's monotonic timers (where + available) for internal fine-grained timing. Previously we would + look at the system clock, and then attempt to compensate for the + clock running backwards. Closes ticket 18908. + - Tor now includes an improved timer backend, so that we can + efficiently support tens or hundreds of thousands of concurrent + timers, as will be needed for some of our planned anti-traffic- + analysis work. This code is based on William Ahern's "timeout.c" + project, which implements a "tickless hierarchical timing wheel". + Closes ticket 18365. + + o Minor features (logging): + - Provide a more useful warning message when configured with an + invalid Nickname. Closes ticket 18300; patch from "icanhasaccount". + - When dumping unparseable router descriptors, optionally store them + in separate files, named by digest, up to a configurable size + limit. You can change the size limit by setting the + MaxUnparseableDescSizeToLog option, and disable this feature by + setting that option to 0. Closes ticket 18322. + - Add a set of macros to check nonfatal assertions, for internal + use. Migrating more of our checks to these should help us avoid + needless crash bugs. Closes ticket 18613. + + o Minor features (performance): + - Changer the "optimistic data" extension from "off by default" to + "on by default". The default was ordinarily overridden by a + consensus option, but when clients were bootstrapping for the + first time, they would not have a consensus to get the option + from. Changing this default When fetching a consensus for the + first time, use optimistic data. This saves a round-trip during + startup. Closes ticket 18815. + + o Minor features (relay, usability): + - When the directory authorities refuse a bad relay's descriptor, + encourage the relay operator to contact us. Many relay operators + won't notice this line in their logs, but it's a win if even a few + learn why we don't like what their relay was doing. Resolves + ticket 18760. + + o Minor features (testing): + - Let backtrace tests work correctly under AddressSanitizer. Fixes + part of bug 18934; bugfix on 0.2.5.2-alpha. + - Move the test-network.sh script to chutney, and modify tor's test- + network.sh to call the (newer) chutney version when available. + Resolves ticket 19116. Patch by teor. + - Use the lcov convention for marking lines as unreachable, so that + we don't count them when we're generating test coverage data. + Update our coverage tools to understand this convention. Closes + ticket 16792. + + o Minor bugfixes (bootstrap): + - Remember the directory we fetched the consensus or previous + certificates from, and use it to fetch future authority + certificates. This change improves bootstrapping performance. + Fixes bug 18963; bugfix on 0.2.8.1-alpha. + + o Minor bugfixes (build): + - The test-stem and test-network makefile targets now depend only on + the tor binary that they are testing. Previously, they depended on + "make all". Fixes bug 18240; bugfix on 0.2.8.2-alpha. Based on a + patch from "cypherpunks". + + o Minor bugfixes (circuits): + - Make sure extend_info_from_router() is only called on servers. + Fixes bug 19639; bugfix on 0.2.8.1-alpha. + + o Minor bugfixes (compilation): + - When building with Clang, use a full set of GCC warnings. + (Previously, we included only a subset, because of the way we + detected them.) Fixes bug 19216; bugfix on 0.2.0.1-alpha. + + o Minor bugfixes (directory authority): + - Authorities now sort the "package" lines in their votes, for ease + of debugging. (They are already sorted in consensus documents.) + Fixes bug 18840; bugfix on 0.2.6.3-alpha. + - When parsing a detached signature, make sure we use the length of + the digest algorithm instead of an hardcoded DIGEST256_LEN in + order to avoid comparing bytes out-of-bounds with a smaller digest + length such as SHA1. Fixes bug 19066; bugfix on 0.2.2.6-alpha. + + o Minor bugfixes (documentation): + - Document the --passphrase-fd option in the tor manpage. Fixes bug + 19504; bugfix on 0.2.7.3-rc. + - Fix the description of the --passphrase-fd option in the + tor-gencert manpage. The option is used to pass the number of a + file descriptor to read the passphrase from, not to read the file + descriptor from. Fixes bug 19505; bugfix on 0.2.0.20-alpha. + + o Minor bugfixes (ephemeral hidden service): + - When deleting an ephemeral hidden service, close its intro points + even if they are not completely open. Fixes bug 18604; bugfix + on 0.2.7.1-alpha. + + o Minor bugfixes (guard selection): + - Use a single entry guard even if the NumEntryGuards consensus + parameter is not provided. Fixes bug 17688; bugfix + on 0.2.5.6-alpha. + - Don't mark guards as unreachable if connection_connect() fails. + That function fails for local reasons, so it shouldn't reveal + anything about the status of the guard. Fixes bug 14334; bugfix + on 0.2.3.10-alpha. + + o Minor bugfixes (hidden service client): + - Increase the minimum number of internal circuits we preemptively + build from 2 to 3, so a circuit is available when a client + connects to another onion service. Fixes bug 13239; bugfix + on 0.1.0.1-rc. + + o Minor bugfixes (logging): + - When logging a directory ownership mismatch, log the owning + username correctly. Fixes bug 19578; bugfix on 0.2.2.29-beta. + + o Minor bugfixes (memory leaks): + - Fix a small, uncommon memory leak that could occur when reading a + truncated ed25519 key file. Fixes bug 18956; bugfix + on 0.2.6.1-alpha. + + o Minor bugfixes (testing): + - Allow clients to retry HSDirs much faster in test networks. Fixes + bug 19702; bugfix on 0.2.7.1-alpha. Patch by teor. + - Disable ASAN's detection of segmentation faults while running + test_bt.sh, so that we can make sure that our own backtrace + generation code works. Fixes another aspect of bug 18934; bugfix + on 0.2.5.2-alpha. Patch from "cypherpunks". + - Fix the test-network-all target on out-of-tree builds by using the + correct path to the test driver script. Fixes bug 19421; bugfix + on 0.2.7.3-rc. + + o Minor bugfixes (time): + - Improve overflow checks in tv_udiff and tv_mdiff. Fixes bug 19483; + bugfix on all released tor versions. + - When computing the difference between two times in milliseconds, + we now round to the nearest millisecond correctly. Previously, we + could sometimes round in the wrong direction. Fixes bug 19428; + bugfix on 0.2.2.2-alpha. + + o Minor bugfixes (user interface): + - Display a more accurate number of suppressed messages in the log + rate-limiter. Previously, there was a potential integer overflow + in the counter. Now, if the number of messages hits a maximum, the + rate-limiter doesn't count any further. Fixes bug 19435; bugfix + on 0.2.4.11-alpha. + - Fix a typo in the passphrase prompt for the ed25519 identity key. + Fixes bug 19503; bugfix on 0.2.7.2-alpha. + + o Code simplification and refactoring: + - Remove redundant declarations of the MIN macro. Closes + ticket 18889. + - Rename tor_dup_addr() to tor_addr_to_str_dup() to avoid confusion. + Closes ticket 18462; patch from "icanhasaccount". + - Split the 600-line directory_handle_command_get function into + separate functions for different URL types. Closes ticket 16698. + + o Documentation: + - Fix spelling of "--enable-tor2web-mode" in the manpage. Closes + ticket 19153. Patch from "U+039b". + + o Removed features: + - Remove support for "GET /tor/bytes.txt" DirPort request, and + "GETINFO dir-usage" controller request, which were only available + via a compile-time option in Tor anyway. Feature was added in + 0.2.2.1-alpha. Resolves ticket 19035. + - There is no longer a compile-time option to disable support for + TransPort. (If you don't want TransPort; just don't use it.) Patch + from "U+039b". Closes ticket 19449. + + o Testing: + - Run more workqueue tests as part of "make check". These had + previously been implemented, but you needed to know special + command-line options to enable them. + - We now have unit tests for our code to reject zlib "compression + bombs". (Fortunately, the code works fine.) + + +Changes in version 0.2.8.6 - 2016-08-02 + + Tor 0.2.8.6 is the first stable version of the Tor 0.2.8 series. + + The Tor 0.2.8 series improves client bootstrapping performance, + completes the authority-side implementation of improved identity + keys for relays, and includes numerous bugfixes and performance + improvements throughout the program. This release continues to + improve the coverage of Tor's test suite. For a full list of + changes since Tor 0.2.7, see the ReleaseNotes file. + + Changes since 0.2.8.5-rc: + + o Minor features (geoip): + - Update geoip and geoip6 to the July 6 2016 Maxmind GeoLite2 + Country database. + + o Minor bugfixes (compilation): + - Fix a compilation warning in the unit tests on systems where char + is signed. Fixes bug 19682; bugfix on 0.2.8.1-alpha. + + o Minor bugfixes (fallback directories): + - Remove a fallback that was on the hardcoded list, then opted-out. + Fixes bug 19782; update to fallback list from 0.2.8.2-alpha. + + o Minor bugfixes (Linux seccomp2 sandbox): + - Allow more syscalls when running with "Sandbox 1" enabled: + sysinfo, getsockopt(SO_SNDBUF), and setsockopt(SO_SNDBUFFORCE). On + some systems, these are required for Tor to start. Fixes bug + 18397; bugfix on 0.2.5.1-alpha. Patch from Daniel Pinto. + - Allow IPPROTO_UDP datagram sockets when running with "Sandbox 1", + so that get_interface_address6_via_udp_socket_hack() can work. + Fixes bug 19660; bugfix on 0.2.5.1-alpha. + + +Changes in version 0.2.8.5-rc - 2016-07-07 + Tor 0.2.8.5-rc is the second release candidate in the Tor 0.2.8 + series. If we find no new bugs or regressions here, the first stable + 0.2.8 release will be identical to it. It has a few small bugfixes + against previous versions. + + o Directory authority changes: + - Urras is no longer a directory authority. Closes ticket 19271. + + o Major bugfixes (heartbeat): + - Fix a regression that would crash Tor when the periodic + "heartbeat" log messages were disabled. Fixes bug 19454; bugfix on + tor-0.2.8.1-alpha. Reported by "kubaku". + + o Minor features (build): + - Tor now again builds with the recent OpenSSL 1.1 development + branch (tested against 1.1.0-pre6-dev). Closes ticket 19499. + - When building manual pages, set the timezone to "UTC", so that the + output is reproducible. Fixes bug 19558; bugfix on 0.2.2.9-alpha. + Patch from intrigeri. + + o Minor bugfixes (fallback directory selection): + - Avoid errors during fallback selection if there are no eligible + fallbacks. Fixes bug 19480; bugfix on 0.2.8.3-alpha. Patch + by teor. + + o Minor bugfixes (IPv6, microdescriptors): + - Don't check node addresses when we only have a routerstatus. This + allows IPv6-only clients to bootstrap by fetching microdescriptors + from fallback directory mirrors. (The microdescriptor consensus + has no IPv6 addresses in it.) Fixes bug 19608; bugfix + on 0.2.8.2-alpha. + + o Minor bugfixes (logging): + - Reduce pointlessly verbose log messages when directory servers + can't be found. Fixes bug 18849; bugfix on 0.2.8.3-alpha and + 0.2.8.1-alpha. Patch by teor. + - When a fallback directory changes its fingerprint from the hard- + coded fingerprint, log a less severe, more explanatory log + message. Fixes bug 18812; bugfix on 0.2.8.1-alpha. Patch by teor. + + o Minor bugfixes (Linux seccomp2 sandboxing): + - Allow statistics to be written to disk when "Sandbox 1" is + enabled. Fixes bugs 19556 and 19957; bugfix on 0.2.5.1-alpha and + 0.2.6.1-alpha respectively. + + o Minor bugfixes (user interface): + - Remove a warning message "Service [scrubbed] not found after + descriptor upload". This message appears when one uses HSPOST + control command to upload a service descriptor. Since there is + only a descriptor and no service, showing this message is + pointless and confusing. Fixes bug 19464; bugfix on 0.2.7.2-alpha. + + o Fallback directory list: + - Add a comment to the generated fallback directory list that + explains how to comment out unsuitable fallbacks in a way that's + compatible with the stem fallback parser. + - Update fallback whitelist and blacklist based on relay operator + emails. Blacklist unsuitable (non-working, over-volatile) + fallbacks. Resolves ticket 19071. Patch by teor. + - Update hard-coded fallback list to remove unsuitable fallbacks. + Resolves ticket 19071. Patch by teor. + + +Changes in version 0.2.8.4-rc - 2016-06-15 + Tor 0.2.8.4-rc is the first release candidate in the Tor 0.2.8 series. + If we find no new bugs or regressions here, the first stable 0.2.8 + release will be identical to it. It has a few small bugfixes against + previous versions. + + o Major bugfixes (user interface): + - Correctly give a warning in the cases where a relay is specified + by nickname, and one such relay is found, but it is not officially + Named. Fixes bug 19203; bugfix on 0.2.3.1-alpha. + + o Minor features (build): + - Tor now builds once again with the recent OpenSSL 1.1 development + branch (tested against 1.1.0-pre5 and 1.1.0-pre6-dev). + + o Minor features (geoip): + - Update geoip and geoip6 to the June 7 2016 Maxmind GeoLite2 + Country database. + + o Minor bugfixes (compilation): + - Cause the unit tests to compile correctly on mingw64 versions that + lack sscanf. Fixes bug 19213; bugfix on 0.2.7.1-alpha. + + o Minor bugfixes (downloading): + - Predict more correctly whether we'll be downloading over HTTP when + we determine the maximum length of a URL. This should avoid a + "BUG" warning about the Squid HTTP proxy and its URL limits. Fixes + bug 19191. + + +Changes in version 0.2.8.3-alpha - 2016-05-26 + Tor 0.2.8.3-alpha resolves several bugs, most of them introduced over + the course of the 0.2.8 development cycle. It improves the behavior of + directory clients, fixes several crash bugs, fixes a gap in compiler + hardening, and allows the full integration test suite to run on + more platforms. + + o Major bugfixes (security, client, DNS proxy): + - Stop a crash that could occur when a client running with DNSPort + received a query with multiple address types, and the first + address type was not supported. Found and fixed by Scott Dial. + Fixes bug 18710; bugfix on 0.2.5.4-alpha. + + o Major bugfixes (security, compilation): + - Correctly detect compiler flags on systems where _FORTIFY_SOURCE + is predefined. Previously, our use of -D_FORTIFY_SOURCE would + cause a compiler warning, thereby making other checks fail, and + needlessly disabling compiler-hardening support. Fixes one case of + bug 18841; bugfix on 0.2.3.17-beta. Patch from "trudokal". + + o Major bugfixes (security, directory authorities): + - Fix a crash and out-of-bounds write during authority voting, when + the list of relays includes duplicate ed25519 identity keys. Fixes + bug 19032; bugfix on 0.2.8.2-alpha. + + o Major bugfixes (client, bootstrapping): + - Check if bootstrap consensus downloads are still needed when the + linked connection attaches. This prevents tor making unnecessary + begindir-style connections, which are the only directory + connections tor clients make since the fix for 18483 was merged. + - Fix some edge cases where consensus download connections may not + have been closed, even though they were not needed. Related to fix + for 18809. + - Make relays retry consensus downloads the correct number of times, + rather than the more aggressive client retry count. Fixes part of + ticket 18809. + - Stop downloading consensuses when we have a consensus, even if we + don't have all the certificates for it yet. Fixes bug 18809; + bugfix on 0.2.8.1-alpha. Patches by arma and teor. + + o Major bugfixes (directory mirrors): + - Decide whether to advertise begindir support in the the same way + we decide whether to advertise our DirPort. Allowing these + decisions to become out-of-sync led to surprising behavior like + advertising begindir support when hibernation made us not + advertise a DirPort. Resolves bug 18616; bugfix on 0.2.8.1-alpha. + Patch by teor. + + o Major bugfixes (IPv6 bridges, client): + - Actually use IPv6 addresses when selecting directory addresses for + IPv6 bridges. Fixes bug 18921; bugfix on 0.2.8.1-alpha. Patch + by "teor". + + o Major bugfixes (key management): + - If OpenSSL fails to generate an RSA key, do not retain a dangling + pointer to the previous (uninitialized) key value. The impact here + should be limited to a difficult-to-trigger crash, if OpenSSL is + running an engine that makes key generation failures possible, or + if OpenSSL runs out of memory. Fixes bug 19152; bugfix on + 0.2.1.10-alpha. Found by Yuan Jochen Kang, Suman Jana, and + Baishakhi Ray. + + o Major bugfixes (testing): + - Fix a bug that would block 'make test-network-all' on systems where + IPv6 packets were lost. Fixes bug 19008; bugfix on tor-0.2.7.3-rc. + - Avoid "WSANOTINITIALISED" warnings in the unit tests. Fixes bug 18668; + bugfix on 0.2.8.1-alpha. + + o Minor features (clients): + - Make clients, onion services, and bridge relays always use an + encrypted begindir connection for directory requests. Resolves + ticket 18483. Patch by "teor". + + o Minor features (fallback directory mirrors): + - Give each fallback the same weight for client selection; restrict + fallbacks to one per operator; report fallback directory detail + changes when rebuilding list; add new fallback directory mirrors + to the whitelist; update fallback directories based on the latest + OnionOO data; and any other minor simplifications and fixes. + Closes tasks 17158, 17905, 18749, bug 18689, and fixes part of bug + 18812 on 0.2.8.1-alpha; patch by "teor". + + o Minor features (geoip): + - Update geoip and geoip6 to the May 4 2016 Maxmind GeoLite2 + Country database. + + o Minor bugfixes (assert, portability): + - Fix an assertion failure in memarea.c on systems where "long" is + shorter than the size of a pointer. Fixes bug 18716; bugfix + on 0.2.1.1-alpha. + + o Minor bugfixes (bootstrap): + - Consistently use the consensus download schedule for authority + certificates. Fixes bug 18816; bugfix on 0.2.4.13-alpha. + + o Minor bugfixes (build): + - Remove a pair of redundant AM_CONDITIONAL declarations from + configure.ac. Fixes one final case of bug 17744; bugfix + on 0.2.8.2-alpha. + - Resolve warnings when building on systems that are concerned with + signed char. Fixes bug 18728; bugfix on 0.2.7.2-alpha + and 0.2.6.1-alpha. + - When libscrypt.h is found, but no libscrypt library can be linked, + treat libscrypt as absent. Fixes bug 19161; bugfix + on 0.2.6.1-alpha. + + o Minor bugfixes (client): + - Turn all TestingClientBootstrap* into non-testing torrc options. + This changes simply renames them by removing "Testing" in front of + them and they do not require TestingTorNetwork to be enabled + anymore. Fixes bug 18481; bugfix on 0.2.8.1-alpha. + - Make directory node selection more reliable, mainly for IPv6-only + clients and clients with few reachable addresses. Fixes bug 18929; + bugfix on 0.2.8.1-alpha. Patch by "teor". + + o Minor bugfixes (controller, microdescriptors): + - Make GETINFO dir/status-vote/current/consensus conform to the + control specification by returning "551 Could not open cached + consensus..." when not caching consensuses. Fixes bug 18920; + bugfix on 0.2.2.6-alpha. + + o Minor bugfixes (crypto, portability): + - The SHA3 and SHAKE routines now produce the correct output on Big + Endian systems. No code calls either algorithm yet, so this is + primarily a build fix. Fixes bug 18943; bugfix on 0.2.8.1-alpha. + - Tor now builds again with the recent OpenSSL 1.1 development + branch (tested against 1.1.0-pre4 and 1.1.0-pre5-dev). Closes + ticket 18286. + + o Minor bugfixes (directories): + - When fetching extrainfo documents, compare their SHA256 digests + and Ed25519 signing key certificates with the routerinfo that led + us to fetch them, rather than with the most recent routerinfo. + Otherwise we generate many spurious warnings about mismatches. + Fixes bug 17150; bugfix on 0.2.7.2-alpha. + + o Minor bugfixes (logging): + - When we can't generate a signing key because OfflineMasterKey is + set, do not imply that we should have been able to load it. Fixes + bug 18133; bugfix on 0.2.7.2-alpha. + - Stop periodic_event_dispatch() from blasting twelve lines per + second at loglevel debug. Fixes bug 18729; fix on 0.2.8.1-alpha. + - When rejecting a misformed INTRODUCE2 cell, only log at + PROTOCOL_WARN severity. Fixes bug 18761; bugfix on 0.2.8.2-alpha. + + o Minor bugfixes (pluggable transports): + - Avoid reporting a spurious error when we decide that we don't need + to terminate a pluggable transport because it has already exited. + Fixes bug 18686; bugfix on 0.2.5.5-alpha. + + o Minor bugfixes (pointer arithmetic): + - Fix a bug in memarea_alloc() that could have resulted in remote + heap write access, if Tor had ever passed an unchecked size to + memarea_alloc(). Fortunately, all the sizes we pass to + memarea_alloc() are pre-checked to be less than 128 kilobytes. + Fixes bug 19150; bugfix on 0.2.1.1-alpha. Bug found by + Guido Vranken. + + o Minor bugfixes (relays): + - Consider more config options when relays decide whether to + regenerate their descriptor. Fixes more of bug 12538; bugfix + on 0.2.8.1-alpha. + - Resolve some edge cases where we might launch an ORPort + reachability check even when DisableNetwork is set. Noticed while + fixing bug 18616; bugfix on 0.2.3.9-alpha. + + o Minor bugfixes (statistics): + - We now include consensus downloads via IPv6 in our directory- + request statistics. Fixes bug 18460; bugfix on 0.2.3.14-alpha. + + o Minor bugfixes (testing): + - Allow directories in small networks to bootstrap by skipping + DirPort checks when the consensus has no exits. Fixes bug 19003; + bugfix on 0.2.8.1-alpha. Patch by teor. + - Fix a small memory leak that would occur when the + TestingEnableCellStatsEvent option was turned on. Fixes bug 18673; + bugfix on 0.2.5.2-alpha. + + o Minor bugfixes (time handling): + - When correcting a corrupt 'struct tm' value, fill in the tm_wday + field. Otherwise, our unit tests crash on Windows. Fixes bug + 18977; bugfix on 0.2.2.25-alpha. + + o Documentation: + - Document the contents of the 'datadir/keys' subdirectory in the + manual page. Closes ticket 17621. + - Stop recommending use of nicknames to identify relays in our + MapAddress documentation. Closes ticket 18312. + + Changes in version 0.2.8.2-alpha - 2016-03-28 Tor 0.2.8.2-alpha is the second alpha in its series. It fixes numerous bugs in earlier versions of Tor, including some that prevented |