summaryrefslogtreecommitdiff
path: root/ChangeLog
diff options
context:
space:
mode:
Diffstat (limited to 'ChangeLog')
-rw-r--r--ChangeLog106
1 files changed, 99 insertions, 7 deletions
diff --git a/ChangeLog b/ChangeLog
index d7c9430f8d..18bd536abe 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -18,6 +18,10 @@ Changes in version 0.2.6.2-alpha - 2014-12-??
implements ticket 9262.
o Major features (hidden services):
+ - Make HS port scanning more difficult by sending back REASON_DONE
+ if the exit policy didn't match. Furthermore, immediately close
+ the circuit to slow down port scanning attempts. Closes
+ ticket 13667.
- Add a HiddenServiceStatistics option that allows Tor relays to
gather and publish statistics the overall size and volume of
hidden service usage. Specifically, when this option is turned on,
@@ -30,6 +34,13 @@ Changes in version 0.2.6.2-alpha - 2014-12-??
proposal 238, "Better hidden service stats from Tor relays". This
feature is currently disabled by default. Implements feature 13192.
+ o Major bugfixes (client, automap):
+ - Repair automapping with IPv6 addresses; this automapping should
+ have worked previously, but one piece of debugging code that we
+ inserted to detect a regression actually caused the regression to
+ manifest itself again. Fixes bug 13811; bugfix on 0.2.4.7-alpha.
+ Diagnosed and fixed by Francisco Blas Izquierdo Riera.
+
o Major bugfixes (hidden services):
- When closing an introduction circuit that was opened in parallel
with others, don't mark the introduction point as unreachable.
@@ -37,6 +48,12 @@ Changes in version 0.2.6.2-alpha - 2014-12-??
point would make the other introduction points get marked as
having timed out. Fixes bug 13698; bugfix on 0.0.6rc2.
+ o Major removed features:
+ - Tor clients no longer support connecting to hidden services
+ running on Tor 0.2.2.x and earlier; the Support022HiddenServices
+ option has been removed. (There shouldn't be any hidden services
+ running these versions on the network.) Closes ticket 7803.
+
o Minor features (client):
- Validate hostnames in SOCKS5 requests more strictly. If SafeSocks
is enabled, reject requests with IP addresses as hostnames.
@@ -63,9 +80,29 @@ Changes in version 0.2.6.2-alpha - 2014-12-??
directories and hostname files to be created group-readable. Patch
from "anon", David Stainton, and "meejah". Closes ticket 11291.
- o Minor features (transparent firewall):
+ o Minor features (systemd):
+ - Where supported, when running with systemd, report successful
+ startup to systemd. Part of ticket 11016. Patch by Michael Scherer.
+ - When running with systemd, support systemd watchdog messages. Part
+ of ticket 11016. Patch by Michael Scherer.
+
+ o Minor features (transparent proxy):
- Update the transparent proxy option checks to allow for both ipfw
and pf on OS X. Closes ticket 14002.
+ - Use the correct option when using IPv6 with transparent proxy
+ support on Linux. Resolves 13808. Patch by Francisco Blas
+ Izquierdo Riera.
+
+ o Minor bugfixes (preventative security, C safety):
+ - When reading a hexadecimal, base-32, or base-64 encoded value from
+ a string, always overwrite the complete output buffer. This
+ prevents some bugs where we would look at (but fortunately, not
+ reveal) uninitialized memory on the stack. Fixes bug 14013; bugfix
+ on all versions of Tor.
+ - Clear all memory targetted by tor_addr_{to,from}_sockaddr(), not
+ just the part that's used. This makes it harder for data leak bugs
+ to occur in the event of other programming failures. Resolves
+ ticket 14041.
o Minor bugfixes (client, micordescriptors):
- Use a full 256 bits of the SHA256 digest of a microdescriptor when
@@ -103,6 +140,11 @@ Changes in version 0.2.6.2-alpha - 2014-12-??
directories. Fixes bug 13214; bugfix on 0.2.1.6-alpha. Reported
by "special".
+ o Minor bugfixes (Linux seccomp2 sandbox):
+ - Make transparent proxy support work along with the seccomp2
+ sandbox. Fixes part of bug 13808; bugfix on 0.2.5.1-alpha. Patch
+ by Francisco Blas Izquierdo Riera.
+
o Minor bugfixes (logging):
- Downgrade warnings about RSA signature failures to info log level.
Emit a warning when extra info document is found incompatible with
@@ -118,6 +160,56 @@ Changes in version 0.2.6.2-alpha - 2014-12-??
our address-range parsing code. Fixes bug 7484; bugfix
on 0.0.2pre14.
+ o Minor bugfixes (testing networks):
+ - Allow Tor to build circuits using a consensus with no exits. If
+ the consensus has no exits (typical of a bootstrapping test
+ network), allow Tor to build circuits once enough descriptors have
+ been downloaded. This assists in bootstrapping a testing Tor
+ network. Fixes bug 13718; bugfix on 0.2.4.10-alpha. Patch
+ by "teor".
+ - When V3AuthVotingInterval is low, give a lower If-Modified-Since
+ header to directory servers. This allows us to obtain consensuses
+ promptly when the consensus interval is very short. This assists
+ in bootstrapping a testing Tor network. Fixes parts of bugs 13718
+ and 13963; bugfix on 0.2.0.3-alpha. Patch by "teor".
+ - Stop assuming that private addresses are local when checking
+ reachability in a TestingTorNetwork. Instead, when testing, assume
+ all OR connections are remote. (This is necessary due to many test
+ scenarios running all nodes on localhost.) This assists in
+ bootstrapping a testing Tor network. Fixes bug 13924; bugfix on
+ 0.1.0.1-rc. Patch by "teor".
+ - Avoid building exit circuits from a consensus with no exits. Now
+ thanks to our fix for 13718, we accept a no-exit network as not
+ wholly lost, but we need to remember not to try to build exit
+ circuits on it. Closes ticket 13814; patch by "teor".
+ - Stop requiring exits to have non-zero bandwithcapacity in a
+ TestingTorNetwork. Instead, when TestingMinExitFlagThreshold is 0,
+ ignore exit bandwidthcapacity. This assists in bootstrapping a
+ testing Tor network. Fixes parts of bugs 13718 and 13839; bugfix
+ on 0.2.0.3-alpha. Patch by "teor".
+ - Add "internal" to some bootstrap statuses when no exits are
+ available. If the consensus does not contain Exits, Tor will only
+ build internal circuits. In this case, relevant statuses will
+ contain the word "internal" as indicated in the Tor control-
+ spec.txt. When bootstrap completes, Tor will be ready to handle an
+ application requesting an internal circuit to hidden services at
+ ".onion" addresses. If a future consensus contains Exits, exit
+ circuits may become available. Fixes part of bug 13718; bugfix on
+ 0.2.4.10-alpha. Patch by "teor".
+ - Decrease minimum consensus interval to 10 seconds when
+ TestingTorNetwork is set, or 5 seconds for the first consensus.
+ Fix assumptions throughout the code that assume larger interval
+ values. This assists in quickly bootstrapping a testing Tor
+ network. Fixes bugs 13718 and 13823; bugfix on 0.2.0.3-alpha.
+ Patch by "teor".
+ - Avoid excluding guards from path building in minimal test
+ networks, when we're in a test network, and excluding guards would
+ exclude all nodes. This typically occurs in incredibly small tor
+ networks, and those using TestingAuthVoteGuard * This fix only
+ applies to minimal, testing tor networks, so it's no less secure.
+ Fixes part of bug 13718; bugfix on 0.1.1.11-alpha. Patch
+ by "teor".
+
o Code simplification and refactoring:
- Stop using can_complete_circuits as a global variable; access it
with a function instead.
@@ -153,12 +245,10 @@ Changes in version 0.2.6.2-alpha - 2014-12-??
good idea. Also, properly cross-reference how to specify nodes in
all parts of the manual for options that take a list of nodes.
Closes ticket 13381.
-
- o Major removed features:
- - Tor clients no longer support connecting to hidden services
- running on Tor 0.2.2.x and earlier; the Support022HiddenServices
- option has been removed. (There shouldn't be any hidden services
- running these versions on the network.) Closes ticket 7803.
+ - Clarify HiddenServiceDir option description in manpage to make it
+ clear that relative paths are taken with respect to the current
+ working directory of Tor instance. Also clarify that this behavior
+ is not guaranteed to remain indefinitely. Fixes issue 13913.
o Testing:
- New tests for many parts of channel, relay, and circuit mux
@@ -168,6 +258,8 @@ Changes in version 0.2.6.2-alpha - 2014-12-??
test temporary directory to the current user, so that the sticky
bit doesn't interfere with tests that check directory groups.
Closes 13678.
+ - Add unit tests for resolve_my_addr(). Part of ticket 12376; patch
+ by 'rl1987'.
Changes in version 0.2.6.1-alpha - 2014-10-30