ChangeLog 1013 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476147714781479148014811482148314841485148614871488148914901491149214931494149514961497149814991500150115021503150415051506150715081509151015111512151315141515151615171518151915201521152215231524152515261527152815291530153115321533153415351536153715381539154015411542154315441545154615471548154915501551155215531554155515561557155815591560156115621563156415651566156715681569157015711572157315741575157615771578157915801581158215831584158515861587158815891590159115921593159415951596159715981599160016011602160316041605160616071608160916101611161216131614161516161617161816191620162116221623162416251626162716281629163016311632163316341635163616371638163916401641164216431644164516461647164816491650165116521653165416551656165716581659166016611662166316641665166616671668166916701671167216731674167516761677167816791680168116821683168416851686168716881689169016911692169316941695169616971698169917001701170217031704170517061707170817091710171117121713171417151716171717181719172017211722172317241725172617271728172917301731173217331734173517361737173817391740174117421743174417451746174717481749175017511752175317541755175617571758175917601761176217631764176517661767176817691770177117721773177417751776177717781779178017811782178317841785178617871788178917901791179217931794179517961797179817991800180118021803180418051806180718081809181018111812181318141815181618171818181918201821182218231824182518261827182818291830183118321833183418351836183718381839184018411842184318441845184618471848184918501851185218531854185518561857185818591860186118621863186418651866186718681869187018711872187318741875187618771878187918801881188218831884188518861887188818891890189118921893189418951896189718981899190019011902190319041905190619071908190919101911191219131914191519161917191819191920192119221923192419251926192719281929193019311932193319341935193619371938193919401941194219431944194519461947194819491950195119521953195419551956195719581959196019611962196319641965196619671968196919701971197219731974197519761977197819791980198119821983198419851986198719881989199019911992199319941995199619971998199920002001200220032004200520062007200820092010201120122013201420152016201720182019202020212022202320242025202620272028202920302031203220332034203520362037203820392040204120422043204420452046204720482049205020512052205320542055205620572058205920602061206220632064206520662067206820692070207120722073207420752076207720782079208020812082208320842085208620872088208920902091209220932094209520962097209820992100210121022103210421052106210721082109211021112112211321142115211621172118211921202121212221232124212521262127212821292130213121322133213421352136213721382139214021412142214321442145214621472148214921502151215221532154215521562157215821592160216121622163216421652166216721682169217021712172217321742175217621772178217921802181218221832184218521862187218821892190219121922193219421952196219721982199220022012202220322042205220622072208220922102211221222132214221522162217221822192220222122222223222422252226222722282229223022312232223322342235223622372238223922402241224222432244224522462247224822492250225122522253225422552256225722582259226022612262226322642265226622672268226922702271227222732274227522762277227822792280228122822283228422852286228722882289229022912292229322942295229622972298229923002301230223032304230523062307230823092310231123122313231423152316231723182319232023212322232323242325232623272328232923302331233223332334233523362337233823392340234123422343234423452346234723482349235023512352235323542355235623572358235923602361236223632364236523662367236823692370237123722373237423752376237723782379238023812382238323842385238623872388238923902391239223932394239523962397239823992400240124022403240424052406240724082409241024112412241324142415241624172418241924202421242224232424242524262427242824292430243124322433243424352436243724382439244024412442244324442445244624472448244924502451245224532454245524562457245824592460246124622463246424652466246724682469247024712472247324742475247624772478247924802481248224832484248524862487248824892490249124922493249424952496249724982499250025012502250325042505250625072508250925102511251225132514251525162517251825192520252125222523252425252526252725282529253025312532253325342535253625372538253925402541254225432544254525462547254825492550255125522553255425552556255725582559256025612562256325642565256625672568256925702571257225732574257525762577257825792580258125822583258425852586258725882589259025912592259325942595259625972598259926002601260226032604260526062607260826092610261126122613261426152616261726182619262026212622262326242625262626272628262926302631263226332634263526362637263826392640264126422643264426452646264726482649265026512652265326542655265626572658265926602661266226632664266526662667266826692670267126722673267426752676267726782679268026812682268326842685268626872688268926902691269226932694269526962697269826992700270127022703270427052706270727082709271027112712271327142715271627172718271927202721272227232724272527262727272827292730273127322733273427352736273727382739274027412742274327442745274627472748274927502751275227532754275527562757275827592760276127622763276427652766276727682769277027712772277327742775277627772778277927802781278227832784278527862787278827892790279127922793279427952796279727982799280028012802280328042805280628072808280928102811281228132814281528162817281828192820282128222823282428252826282728282829283028312832283328342835283628372838283928402841284228432844284528462847284828492850285128522853285428552856285728582859286028612862286328642865286628672868286928702871287228732874287528762877287828792880288128822883288428852886288728882889289028912892289328942895289628972898289929002901290229032904290529062907290829092910291129122913291429152916291729182919292029212922292329242925292629272928292929302931293229332934293529362937293829392940294129422943294429452946294729482949295029512952295329542955295629572958295929602961296229632964296529662967296829692970297129722973297429752976297729782979298029812982298329842985298629872988298929902991299229932994299529962997299829993000300130023003300430053006300730083009301030113012301330143015301630173018301930203021302230233024302530263027302830293030303130323033303430353036303730383039304030413042304330443045304630473048304930503051305230533054305530563057305830593060306130623063306430653066306730683069307030713072307330743075307630773078307930803081308230833084308530863087308830893090309130923093309430953096309730983099310031013102310331043105310631073108310931103111311231133114311531163117311831193120312131223123312431253126312731283129313031313132313331343135313631373138313931403141314231433144314531463147314831493150315131523153315431553156315731583159316031613162316331643165316631673168316931703171317231733174317531763177317831793180318131823183318431853186318731883189319031913192319331943195319631973198319932003201320232033204320532063207320832093210321132123213321432153216321732183219322032213222322332243225322632273228322932303231323232333234323532363237323832393240324132423243324432453246324732483249325032513252325332543255325632573258325932603261326232633264326532663267326832693270327132723273327432753276327732783279328032813282328332843285328632873288328932903291329232933294329532963297329832993300330133023303330433053306330733083309331033113312331333143315331633173318331933203321332233233324332533263327332833293330333133323333333433353336333733383339334033413342334333443345334633473348334933503351335233533354335533563357335833593360336133623363336433653366336733683369337033713372337333743375337633773378337933803381338233833384338533863387338833893390339133923393339433953396339733983399340034013402340334043405340634073408340934103411341234133414341534163417341834193420342134223423342434253426342734283429343034313432343334343435343634373438343934403441344234433444344534463447344834493450345134523453345434553456345734583459346034613462346334643465346634673468346934703471347234733474347534763477347834793480348134823483348434853486348734883489349034913492349334943495349634973498349935003501350235033504350535063507350835093510351135123513351435153516351735183519352035213522352335243525352635273528352935303531353235333534353535363537353835393540354135423543354435453546354735483549355035513552355335543555355635573558355935603561356235633564356535663567356835693570357135723573357435753576357735783579358035813582358335843585358635873588358935903591359235933594359535963597359835993600360136023603360436053606360736083609361036113612361336143615361636173618361936203621362236233624362536263627362836293630363136323633363436353636363736383639364036413642364336443645364636473648364936503651365236533654365536563657365836593660366136623663366436653666366736683669367036713672367336743675367636773678367936803681368236833684368536863687368836893690369136923693369436953696369736983699370037013702370337043705370637073708370937103711371237133714371537163717371837193720372137223723372437253726372737283729373037313732373337343735373637373738373937403741374237433744374537463747374837493750375137523753375437553756375737583759376037613762376337643765376637673768376937703771377237733774377537763777377837793780378137823783378437853786378737883789379037913792379337943795379637973798379938003801380238033804380538063807380838093810381138123813381438153816381738183819382038213822382338243825382638273828382938303831383238333834383538363837383838393840384138423843384438453846384738483849385038513852385338543855385638573858385938603861386238633864386538663867386838693870387138723873387438753876387738783879388038813882388338843885388638873888388938903891389238933894389538963897389838993900390139023903390439053906390739083909391039113912391339143915391639173918391939203921392239233924392539263927392839293930393139323933393439353936393739383939394039413942394339443945394639473948394939503951395239533954395539563957395839593960396139623963396439653966396739683969397039713972397339743975397639773978397939803981398239833984398539863987398839893990399139923993399439953996399739983999400040014002400340044005400640074008400940104011401240134014401540164017401840194020402140224023402440254026402740284029403040314032403340344035403640374038403940404041404240434044404540464047404840494050405140524053405440554056405740584059406040614062406340644065406640674068406940704071407240734074407540764077407840794080408140824083408440854086408740884089409040914092409340944095409640974098409941004101410241034104410541064107410841094110411141124113411441154116411741184119412041214122412341244125412641274128412941304131413241334134413541364137413841394140414141424143414441454146414741484149415041514152415341544155415641574158415941604161416241634164416541664167416841694170417141724173417441754176417741784179418041814182418341844185418641874188418941904191419241934194419541964197419841994200420142024203420442054206420742084209421042114212421342144215421642174218421942204221422242234224422542264227422842294230423142324233423442354236423742384239424042414242424342444245424642474248424942504251425242534254425542564257425842594260426142624263426442654266426742684269427042714272427342744275427642774278427942804281428242834284428542864287428842894290429142924293429442954296429742984299430043014302430343044305430643074308430943104311431243134314431543164317431843194320432143224323432443254326432743284329433043314332433343344335433643374338433943404341434243434344434543464347434843494350435143524353435443554356435743584359436043614362436343644365436643674368436943704371437243734374437543764377437843794380438143824383438443854386438743884389439043914392439343944395439643974398439944004401440244034404440544064407440844094410441144124413441444154416441744184419442044214422442344244425442644274428442944304431443244334434443544364437443844394440444144424443444444454446444744484449445044514452445344544455445644574458445944604461446244634464446544664467446844694470447144724473447444754476447744784479448044814482448344844485448644874488448944904491449244934494449544964497449844994500450145024503450445054506450745084509451045114512451345144515451645174518451945204521452245234524452545264527452845294530453145324533453445354536453745384539454045414542454345444545454645474548454945504551455245534554455545564557455845594560456145624563456445654566456745684569457045714572457345744575457645774578457945804581458245834584458545864587458845894590459145924593459445954596459745984599460046014602460346044605460646074608460946104611461246134614461546164617461846194620462146224623462446254626462746284629463046314632463346344635463646374638463946404641464246434644464546464647464846494650465146524653465446554656465746584659466046614662466346644665466646674668466946704671467246734674467546764677467846794680468146824683468446854686468746884689469046914692469346944695469646974698469947004701470247034704470547064707470847094710471147124713471447154716471747184719472047214722472347244725472647274728472947304731473247334734473547364737473847394740474147424743474447454746474747484749475047514752475347544755475647574758475947604761476247634764476547664767476847694770477147724773477447754776477747784779478047814782478347844785478647874788478947904791479247934794479547964797479847994800480148024803480448054806480748084809481048114812481348144815481648174818481948204821482248234824482548264827482848294830483148324833483448354836483748384839484048414842484348444845484648474848484948504851485248534854485548564857485848594860486148624863486448654866486748684869487048714872487348744875487648774878487948804881488248834884488548864887488848894890489148924893489448954896489748984899490049014902490349044905490649074908490949104911491249134914491549164917491849194920492149224923492449254926492749284929493049314932493349344935493649374938493949404941494249434944494549464947494849494950495149524953495449554956495749584959496049614962496349644965496649674968496949704971497249734974497549764977497849794980498149824983498449854986498749884989499049914992499349944995499649974998499950005001500250035004500550065007500850095010501150125013501450155016501750185019502050215022502350245025502650275028502950305031503250335034503550365037503850395040504150425043504450455046504750485049505050515052505350545055505650575058505950605061506250635064506550665067506850695070507150725073507450755076507750785079508050815082508350845085508650875088508950905091509250935094509550965097509850995100510151025103510451055106510751085109511051115112511351145115511651175118511951205121512251235124512551265127512851295130513151325133513451355136513751385139514051415142514351445145514651475148514951505151515251535154515551565157515851595160516151625163516451655166516751685169517051715172517351745175517651775178517951805181518251835184518551865187518851895190519151925193519451955196519751985199520052015202520352045205520652075208520952105211521252135214521552165217521852195220522152225223522452255226522752285229523052315232523352345235523652375238523952405241524252435244524552465247524852495250525152525253525452555256525752585259526052615262526352645265526652675268526952705271527252735274527552765277527852795280528152825283528452855286528752885289529052915292529352945295529652975298529953005301530253035304530553065307530853095310531153125313531453155316531753185319532053215322532353245325532653275328532953305331533253335334533553365337533853395340534153425343534453455346534753485349535053515352535353545355535653575358535953605361536253635364536553665367536853695370537153725373537453755376537753785379538053815382538353845385538653875388538953905391539253935394539553965397539853995400540154025403540454055406540754085409541054115412541354145415541654175418541954205421542254235424542554265427542854295430543154325433543454355436543754385439544054415442544354445445544654475448544954505451545254535454545554565457545854595460546154625463546454655466546754685469547054715472547354745475547654775478547954805481548254835484548554865487548854895490549154925493549454955496549754985499550055015502550355045505550655075508550955105511551255135514551555165517551855195520552155225523552455255526552755285529553055315532553355345535553655375538553955405541554255435544554555465547554855495550555155525553555455555556555755585559556055615562556355645565556655675568556955705571557255735574557555765577557855795580558155825583558455855586558755885589559055915592559355945595559655975598559956005601560256035604560556065607560856095610561156125613561456155616561756185619562056215622562356245625562656275628562956305631563256335634563556365637563856395640564156425643564456455646564756485649565056515652565356545655565656575658565956605661566256635664566556665667566856695670567156725673567456755676567756785679568056815682568356845685568656875688568956905691569256935694569556965697569856995700570157025703570457055706570757085709571057115712571357145715571657175718571957205721572257235724572557265727572857295730573157325733573457355736573757385739574057415742574357445745574657475748574957505751575257535754575557565757575857595760576157625763576457655766576757685769577057715772577357745775577657775778577957805781578257835784578557865787578857895790579157925793579457955796579757985799580058015802580358045805580658075808580958105811581258135814581558165817581858195820582158225823582458255826582758285829583058315832583358345835583658375838583958405841584258435844584558465847584858495850585158525853585458555856585758585859586058615862586358645865586658675868586958705871587258735874587558765877587858795880588158825883588458855886588758885889589058915892589358945895589658975898589959005901590259035904590559065907590859095910591159125913591459155916591759185919592059215922592359245925592659275928592959305931593259335934593559365937593859395940594159425943594459455946594759485949595059515952595359545955595659575958595959605961596259635964596559665967596859695970597159725973597459755976597759785979598059815982598359845985598659875988598959905991599259935994599559965997599859996000600160026003600460056006600760086009601060116012601360146015601660176018601960206021602260236024602560266027602860296030603160326033603460356036603760386039604060416042604360446045604660476048604960506051605260536054605560566057605860596060606160626063606460656066606760686069607060716072607360746075607660776078607960806081608260836084608560866087608860896090609160926093609460956096609760986099610061016102610361046105610661076108610961106111611261136114611561166117611861196120612161226123612461256126612761286129613061316132613361346135613661376138613961406141614261436144614561466147614861496150615161526153615461556156615761586159616061616162616361646165616661676168616961706171617261736174617561766177617861796180618161826183618461856186618761886189619061916192619361946195619661976198619962006201620262036204620562066207620862096210621162126213621462156216621762186219622062216222622362246225622662276228622962306231623262336234623562366237623862396240624162426243624462456246624762486249625062516252625362546255625662576258625962606261626262636264626562666267626862696270627162726273627462756276627762786279628062816282628362846285628662876288628962906291629262936294629562966297629862996300630163026303630463056306630763086309631063116312631363146315631663176318631963206321632263236324632563266327632863296330633163326333633463356336633763386339634063416342634363446345634663476348634963506351635263536354635563566357635863596360636163626363636463656366636763686369637063716372637363746375637663776378637963806381638263836384638563866387638863896390639163926393639463956396639763986399640064016402640364046405640664076408640964106411641264136414641564166417641864196420642164226423642464256426642764286429643064316432643364346435643664376438643964406441644264436444644564466447644864496450645164526453645464556456645764586459646064616462646364646465646664676468646964706471647264736474647564766477647864796480648164826483648464856486648764886489649064916492649364946495649664976498649965006501650265036504650565066507650865096510651165126513651465156516651765186519652065216522652365246525652665276528652965306531653265336534653565366537653865396540654165426543654465456546654765486549655065516552655365546555655665576558655965606561656265636564656565666567656865696570657165726573657465756576657765786579658065816582658365846585658665876588658965906591659265936594659565966597659865996600660166026603660466056606660766086609661066116612661366146615661666176618661966206621662266236624662566266627662866296630663166326633663466356636663766386639664066416642664366446645664666476648664966506651665266536654665566566657665866596660666166626663666466656666666766686669667066716672667366746675667666776678667966806681668266836684668566866687668866896690669166926693669466956696669766986699670067016702670367046705670667076708670967106711671267136714671567166717671867196720672167226723672467256726672767286729673067316732673367346735673667376738673967406741674267436744674567466747674867496750675167526753675467556756675767586759676067616762676367646765676667676768676967706771677267736774677567766777677867796780678167826783678467856786678767886789679067916792679367946795679667976798679968006801680268036804680568066807680868096810681168126813681468156816681768186819682068216822682368246825682668276828682968306831683268336834683568366837683868396840684168426843684468456846684768486849685068516852685368546855685668576858685968606861686268636864686568666867686868696870687168726873687468756876687768786879688068816882688368846885688668876888688968906891689268936894689568966897689868996900690169026903690469056906690769086909691069116912691369146915691669176918691969206921692269236924692569266927692869296930693169326933693469356936693769386939694069416942694369446945694669476948694969506951695269536954695569566957695869596960696169626963696469656966696769686969697069716972697369746975697669776978697969806981698269836984698569866987698869896990699169926993699469956996699769986999700070017002700370047005700670077008700970107011701270137014701570167017701870197020702170227023702470257026702770287029703070317032703370347035703670377038703970407041704270437044704570467047704870497050705170527053705470557056705770587059706070617062706370647065706670677068706970707071707270737074707570767077707870797080708170827083708470857086708770887089709070917092709370947095709670977098709971007101710271037104710571067107710871097110711171127113711471157116711771187119712071217122712371247125712671277128712971307131713271337134713571367137713871397140714171427143714471457146714771487149715071517152715371547155715671577158715971607161716271637164716571667167716871697170717171727173717471757176717771787179718071817182718371847185718671877188718971907191719271937194719571967197719871997200720172027203720472057206720772087209721072117212721372147215721672177218721972207221722272237224722572267227722872297230723172327233723472357236723772387239724072417242724372447245724672477248724972507251725272537254725572567257725872597260726172627263726472657266726772687269727072717272727372747275727672777278727972807281728272837284728572867287728872897290729172927293729472957296729772987299730073017302730373047305730673077308730973107311731273137314731573167317731873197320732173227323732473257326732773287329733073317332733373347335733673377338733973407341734273437344734573467347734873497350735173527353735473557356735773587359736073617362736373647365736673677368736973707371737273737374737573767377737873797380738173827383738473857386738773887389739073917392739373947395739673977398739974007401740274037404740574067407740874097410741174127413741474157416741774187419742074217422742374247425742674277428742974307431743274337434743574367437743874397440744174427443744474457446744774487449745074517452745374547455745674577458745974607461746274637464746574667467746874697470747174727473747474757476747774787479748074817482748374847485748674877488748974907491749274937494749574967497749874997500750175027503750475057506750775087509751075117512751375147515751675177518751975207521752275237524752575267527752875297530753175327533753475357536753775387539754075417542754375447545754675477548754975507551755275537554755575567557755875597560756175627563756475657566756775687569757075717572757375747575757675777578757975807581758275837584758575867587758875897590759175927593759475957596759775987599760076017602760376047605760676077608760976107611761276137614761576167617761876197620762176227623762476257626762776287629763076317632763376347635763676377638763976407641764276437644764576467647764876497650765176527653765476557656765776587659766076617662766376647665766676677668766976707671767276737674767576767677767876797680768176827683768476857686768776887689769076917692769376947695769676977698769977007701770277037704770577067707770877097710771177127713771477157716771777187719772077217722772377247725772677277728772977307731773277337734773577367737773877397740774177427743774477457746774777487749775077517752775377547755775677577758775977607761776277637764776577667767776877697770777177727773777477757776777777787779778077817782778377847785778677877788778977907791779277937794779577967797779877997800780178027803780478057806780778087809781078117812781378147815781678177818781978207821782278237824782578267827782878297830783178327833783478357836783778387839784078417842784378447845784678477848784978507851785278537854785578567857785878597860786178627863786478657866786778687869787078717872787378747875787678777878787978807881788278837884788578867887788878897890789178927893789478957896789778987899790079017902790379047905790679077908790979107911791279137914791579167917791879197920792179227923792479257926792779287929793079317932793379347935793679377938793979407941794279437944794579467947794879497950795179527953795479557956795779587959796079617962796379647965796679677968796979707971797279737974797579767977797879797980798179827983798479857986798779887989799079917992799379947995799679977998799980008001800280038004800580068007800880098010801180128013801480158016801780188019802080218022802380248025802680278028802980308031803280338034803580368037803880398040804180428043804480458046804780488049805080518052805380548055805680578058805980608061806280638064806580668067806880698070807180728073807480758076807780788079808080818082808380848085808680878088808980908091809280938094809580968097809880998100810181028103810481058106810781088109811081118112811381148115811681178118811981208121812281238124812581268127812881298130813181328133813481358136813781388139814081418142814381448145814681478148814981508151815281538154815581568157815881598160816181628163816481658166816781688169817081718172817381748175817681778178817981808181818281838184818581868187818881898190819181928193819481958196819781988199820082018202820382048205820682078208820982108211821282138214821582168217821882198220822182228223822482258226822782288229823082318232823382348235823682378238823982408241824282438244824582468247824882498250825182528253825482558256825782588259826082618262826382648265826682678268826982708271827282738274827582768277827882798280828182828283828482858286828782888289829082918292829382948295829682978298829983008301830283038304830583068307830883098310831183128313831483158316831783188319832083218322832383248325832683278328832983308331833283338334833583368337833883398340834183428343834483458346834783488349835083518352835383548355835683578358835983608361836283638364836583668367836883698370837183728373837483758376837783788379838083818382838383848385838683878388838983908391839283938394839583968397839883998400840184028403840484058406840784088409841084118412841384148415841684178418841984208421842284238424842584268427842884298430843184328433843484358436843784388439844084418442844384448445844684478448844984508451845284538454845584568457845884598460846184628463846484658466846784688469847084718472847384748475847684778478847984808481848284838484848584868487848884898490849184928493849484958496849784988499850085018502850385048505850685078508850985108511851285138514851585168517851885198520852185228523852485258526852785288529853085318532853385348535853685378538853985408541854285438544854585468547854885498550855185528553855485558556855785588559856085618562856385648565856685678568856985708571857285738574857585768577857885798580858185828583858485858586858785888589859085918592859385948595859685978598859986008601860286038604860586068607860886098610861186128613861486158616861786188619862086218622862386248625862686278628862986308631863286338634863586368637863886398640864186428643864486458646864786488649865086518652865386548655865686578658865986608661866286638664866586668667866886698670867186728673867486758676867786788679868086818682868386848685868686878688868986908691869286938694869586968697869886998700870187028703870487058706870787088709871087118712871387148715871687178718871987208721872287238724872587268727872887298730873187328733873487358736873787388739874087418742874387448745874687478748874987508751875287538754875587568757875887598760876187628763876487658766876787688769877087718772877387748775877687778778877987808781878287838784878587868787878887898790879187928793879487958796879787988799880088018802880388048805880688078808880988108811881288138814881588168817881888198820882188228823882488258826882788288829883088318832883388348835883688378838883988408841884288438844884588468847884888498850885188528853885488558856885788588859886088618862886388648865886688678868886988708871887288738874887588768877887888798880888188828883888488858886888788888889889088918892889388948895889688978898889989008901890289038904890589068907890889098910891189128913891489158916891789188919892089218922892389248925892689278928892989308931893289338934893589368937893889398940894189428943894489458946894789488949895089518952895389548955895689578958895989608961896289638964896589668967896889698970897189728973897489758976897789788979898089818982898389848985898689878988898989908991899289938994899589968997899889999000900190029003900490059006900790089009901090119012901390149015901690179018901990209021902290239024902590269027902890299030903190329033903490359036903790389039904090419042904390449045904690479048904990509051905290539054905590569057905890599060906190629063906490659066906790689069907090719072907390749075907690779078907990809081908290839084908590869087908890899090909190929093909490959096909790989099910091019102910391049105910691079108910991109111911291139114911591169117911891199120912191229123912491259126912791289129913091319132913391349135913691379138913991409141914291439144914591469147914891499150915191529153915491559156915791589159916091619162916391649165916691679168916991709171917291739174917591769177917891799180918191829183918491859186918791889189919091919192919391949195919691979198919992009201920292039204920592069207920892099210921192129213921492159216921792189219922092219222922392249225922692279228922992309231923292339234923592369237923892399240924192429243924492459246924792489249925092519252925392549255925692579258925992609261926292639264926592669267926892699270927192729273927492759276927792789279928092819282928392849285928692879288928992909291929292939294929592969297929892999300930193029303930493059306930793089309931093119312931393149315931693179318931993209321932293239324932593269327932893299330933193329333933493359336933793389339934093419342934393449345934693479348934993509351935293539354935593569357935893599360936193629363936493659366936793689369937093719372937393749375937693779378937993809381938293839384938593869387938893899390939193929393939493959396939793989399940094019402940394049405940694079408940994109411941294139414941594169417941894199420942194229423942494259426942794289429943094319432943394349435943694379438943994409441944294439444944594469447944894499450945194529453945494559456945794589459946094619462946394649465946694679468946994709471947294739474947594769477947894799480948194829483948494859486948794889489949094919492949394949495949694979498949995009501950295039504950595069507950895099510951195129513951495159516951795189519952095219522952395249525952695279528952995309531953295339534953595369537953895399540954195429543954495459546954795489549955095519552955395549555955695579558955995609561956295639564956595669567956895699570957195729573957495759576957795789579958095819582958395849585958695879588958995909591959295939594959595969597959895999600960196029603960496059606960796089609961096119612961396149615961696179618961996209621962296239624962596269627962896299630963196329633963496359636963796389639964096419642964396449645964696479648964996509651965296539654965596569657965896599660966196629663966496659666966796689669967096719672967396749675967696779678967996809681968296839684968596869687968896899690969196929693969496959696969796989699970097019702970397049705970697079708970997109711971297139714971597169717971897199720972197229723972497259726972797289729973097319732973397349735973697379738973997409741974297439744974597469747974897499750975197529753975497559756975797589759976097619762976397649765976697679768976997709771977297739774977597769777977897799780978197829783978497859786978797889789979097919792979397949795979697979798979998009801980298039804980598069807980898099810981198129813981498159816981798189819982098219822982398249825982698279828982998309831983298339834983598369837983898399840984198429843984498459846984798489849985098519852985398549855985698579858985998609861986298639864986598669867986898699870987198729873987498759876987798789879988098819882988398849885988698879888988998909891989298939894989598969897989898999900990199029903990499059906990799089909991099119912991399149915991699179918991999209921992299239924992599269927992899299930993199329933993499359936993799389939994099419942994399449945994699479948994999509951995299539954995599569957995899599960996199629963996499659966996799689969997099719972997399749975997699779978997999809981998299839984998599869987998899899990999199929993999499959996999799989999100001000110002100031000410005100061000710008100091001010011100121001310014100151001610017100181001910020100211002210023100241002510026100271002810029100301003110032100331003410035100361003710038100391004010041100421004310044100451004610047100481004910050100511005210053100541005510056100571005810059100601006110062100631006410065100661006710068100691007010071100721007310074100751007610077100781007910080100811008210083100841008510086100871008810089100901009110092100931009410095100961009710098100991010010101101021010310104101051010610107101081010910110101111011210113101141011510116101171011810119101201012110122101231012410125101261012710128101291013010131101321013310134101351013610137101381013910140101411014210143101441014510146101471014810149101501015110152101531015410155101561015710158101591016010161101621016310164101651016610167101681016910170101711017210173101741017510176101771017810179101801018110182101831018410185101861018710188101891019010191101921019310194101951019610197101981019910200102011020210203102041020510206102071020810209102101021110212102131021410215102161021710218102191022010221102221022310224102251022610227102281022910230102311023210233102341023510236102371023810239102401024110242102431024410245102461024710248102491025010251102521025310254102551025610257102581025910260102611026210263102641026510266102671026810269102701027110272102731027410275102761027710278102791028010281102821028310284102851028610287102881028910290102911029210293102941029510296102971029810299103001030110302103031030410305103061030710308103091031010311103121031310314103151031610317103181031910320103211032210323103241032510326103271032810329103301033110332103331033410335103361033710338103391034010341103421034310344103451034610347103481034910350103511035210353103541035510356103571035810359103601036110362103631036410365103661036710368103691037010371103721037310374103751037610377103781037910380103811038210383103841038510386103871038810389103901039110392103931039410395103961039710398103991040010401104021040310404104051040610407104081040910410104111041210413104141041510416104171041810419104201042110422104231042410425104261042710428104291043010431104321043310434104351043610437104381043910440104411044210443104441044510446104471044810449104501045110452104531045410455104561045710458104591046010461104621046310464104651046610467104681046910470104711047210473104741047510476104771047810479104801048110482104831048410485104861048710488104891049010491104921049310494104951049610497104981049910500105011050210503105041050510506105071050810509105101051110512105131051410515105161051710518105191052010521105221052310524105251052610527105281052910530105311053210533105341053510536105371053810539105401054110542105431054410545105461054710548105491055010551105521055310554105551055610557105581055910560105611056210563105641056510566105671056810569105701057110572105731057410575105761057710578105791058010581105821058310584105851058610587105881058910590105911059210593105941059510596105971059810599106001060110602106031060410605106061060710608106091061010611106121061310614106151061610617106181061910620106211062210623106241062510626106271062810629106301063110632106331063410635106361063710638106391064010641106421064310644106451064610647106481064910650106511065210653106541065510656106571065810659106601066110662106631066410665106661066710668106691067010671106721067310674106751067610677106781067910680106811068210683106841068510686106871068810689106901069110692106931069410695106961069710698106991070010701107021070310704107051070610707107081070910710107111071210713107141071510716107171071810719107201072110722107231072410725107261072710728107291073010731107321073310734107351073610737107381073910740107411074210743107441074510746107471074810749107501075110752107531075410755107561075710758107591076010761107621076310764107651076610767107681076910770107711077210773107741077510776107771077810779107801078110782107831078410785107861078710788107891079010791107921079310794107951079610797107981079910800108011080210803108041080510806108071080810809108101081110812108131081410815108161081710818108191082010821108221082310824108251082610827108281082910830108311083210833108341083510836108371083810839108401084110842108431084410845108461084710848108491085010851108521085310854108551085610857108581085910860108611086210863108641086510866108671086810869108701087110872108731087410875108761087710878108791088010881108821088310884108851088610887108881088910890108911089210893108941089510896108971089810899109001090110902109031090410905109061090710908109091091010911109121091310914109151091610917109181091910920109211092210923109241092510926109271092810929109301093110932109331093410935109361093710938109391094010941109421094310944109451094610947109481094910950109511095210953109541095510956109571095810959109601096110962109631096410965109661096710968109691097010971109721097310974109751097610977109781097910980109811098210983109841098510986109871098810989109901099110992109931099410995109961099710998109991100011001110021100311004110051100611007110081100911010110111101211013110141101511016110171101811019110201102111022110231102411025110261102711028110291103011031110321103311034110351103611037110381103911040110411104211043110441104511046110471104811049110501105111052110531105411055110561105711058110591106011061110621106311064110651106611067110681106911070110711107211073110741107511076110771107811079110801108111082110831108411085110861108711088110891109011091110921109311094110951109611097110981109911100111011110211103111041110511106111071110811109111101111111112111131111411115111161111711118111191112011121111221112311124111251112611127111281112911130111311113211133111341113511136111371113811139111401114111142111431114411145111461114711148111491115011151111521115311154111551115611157111581115911160111611116211163111641116511166111671116811169111701117111172111731117411175111761117711178111791118011181111821118311184111851118611187111881118911190111911119211193111941119511196111971119811199112001120111202112031120411205112061120711208112091121011211112121121311214112151121611217112181121911220112211122211223112241122511226112271122811229112301123111232112331123411235112361123711238112391124011241112421124311244112451124611247112481124911250112511125211253112541125511256112571125811259112601126111262112631126411265112661126711268112691127011271112721127311274112751127611277112781127911280112811128211283112841128511286112871128811289112901129111292112931129411295112961129711298112991130011301113021130311304113051130611307113081130911310113111131211313113141131511316113171131811319113201132111322113231132411325113261132711328113291133011331113321133311334113351133611337113381133911340113411134211343113441134511346113471134811349113501135111352113531135411355113561135711358113591136011361113621136311364113651136611367113681136911370113711137211373113741137511376113771137811379113801138111382113831138411385113861138711388113891139011391113921139311394113951139611397113981139911400114011140211403114041140511406114071140811409114101141111412114131141411415114161141711418114191142011421114221142311424114251142611427114281142911430114311143211433114341143511436114371143811439114401144111442114431144411445114461144711448114491145011451114521145311454114551145611457114581145911460114611146211463114641146511466114671146811469114701147111472114731147411475114761147711478114791148011481114821148311484114851148611487114881148911490114911149211493114941149511496114971149811499115001150111502115031150411505115061150711508115091151011511115121151311514115151151611517115181151911520115211152211523115241152511526115271152811529115301153111532115331153411535115361153711538115391154011541115421154311544115451154611547115481154911550115511155211553115541155511556115571155811559115601156111562115631156411565115661156711568115691157011571115721157311574115751157611577115781157911580115811158211583115841158511586115871158811589115901159111592115931159411595115961159711598115991160011601116021160311604116051160611607116081160911610116111161211613116141161511616116171161811619116201162111622116231162411625116261162711628116291163011631116321163311634116351163611637116381163911640116411164211643116441164511646116471164811649116501165111652116531165411655116561165711658116591166011661116621166311664116651166611667116681166911670116711167211673116741167511676116771167811679116801168111682116831168411685116861168711688116891169011691116921169311694116951169611697116981169911700117011170211703117041170511706117071170811709117101171111712117131171411715117161171711718117191172011721117221172311724117251172611727117281172911730117311173211733117341173511736117371173811739117401174111742117431174411745117461174711748117491175011751117521175311754117551175611757117581175911760117611176211763117641176511766117671176811769117701177111772117731177411775117761177711778117791178011781117821178311784117851178611787117881178911790117911179211793117941179511796117971179811799118001180111802118031180411805118061180711808118091181011811118121181311814118151181611817118181181911820118211182211823118241182511826118271182811829118301183111832118331183411835118361183711838118391184011841118421184311844118451184611847118481184911850118511185211853118541185511856118571185811859118601186111862118631186411865118661186711868118691187011871118721187311874118751187611877118781187911880118811188211883118841188511886118871188811889118901189111892118931189411895118961189711898118991190011901119021190311904119051190611907119081190911910119111191211913119141191511916119171191811919119201192111922119231192411925119261192711928119291193011931119321193311934119351193611937119381193911940119411194211943119441194511946119471194811949119501195111952119531195411955119561195711958119591196011961119621196311964119651196611967119681196911970119711197211973119741197511976119771197811979119801198111982119831198411985119861198711988119891199011991119921199311994119951199611997119981199912000120011200212003120041200512006120071200812009120101201112012120131201412015120161201712018120191202012021120221202312024120251202612027120281202912030120311203212033120341203512036120371203812039120401204112042120431204412045120461204712048120491205012051120521205312054120551205612057120581205912060120611206212063120641206512066120671206812069120701207112072120731207412075120761207712078120791208012081120821208312084120851208612087120881208912090120911209212093120941209512096120971209812099121001210112102121031210412105121061210712108121091211012111121121211312114121151211612117121181211912120121211212212123121241212512126121271212812129121301213112132121331213412135121361213712138121391214012141121421214312144121451214612147121481214912150121511215212153121541215512156121571215812159121601216112162121631216412165121661216712168121691217012171121721217312174121751217612177121781217912180121811218212183121841218512186121871218812189121901219112192121931219412195121961219712198121991220012201122021220312204122051220612207122081220912210122111221212213122141221512216122171221812219122201222112222122231222412225122261222712228122291223012231122321223312234122351223612237122381223912240122411224212243122441224512246122471224812249122501225112252122531225412255122561225712258122591226012261122621226312264122651226612267122681226912270122711227212273122741227512276122771227812279122801228112282122831228412285122861228712288122891229012291122921229312294122951229612297122981229912300123011230212303123041230512306123071230812309123101231112312123131231412315123161231712318123191232012321123221232312324123251232612327123281232912330123311233212333123341233512336123371233812339123401234112342123431234412345123461234712348123491235012351123521235312354123551235612357123581235912360123611236212363123641236512366123671236812369123701237112372123731237412375123761237712378123791238012381123821238312384123851238612387123881238912390123911239212393123941239512396123971239812399124001240112402124031240412405124061240712408124091241012411124121241312414124151241612417124181241912420124211242212423124241242512426124271242812429124301243112432124331243412435124361243712438124391244012441124421244312444124451244612447124481244912450124511245212453124541245512456124571245812459124601246112462124631246412465124661246712468124691247012471124721247312474124751247612477124781247912480124811248212483124841248512486124871248812489124901249112492124931249412495124961249712498124991250012501125021250312504125051250612507125081250912510125111251212513125141251512516125171251812519125201252112522125231252412525125261252712528125291253012531125321253312534125351253612537125381253912540125411254212543125441254512546125471254812549125501255112552125531255412555125561255712558125591256012561125621256312564125651256612567125681256912570125711257212573125741257512576125771257812579125801258112582125831258412585125861258712588125891259012591125921259312594125951259612597125981259912600126011260212603126041260512606126071260812609126101261112612126131261412615126161261712618126191262012621126221262312624126251262612627126281262912630126311263212633126341263512636126371263812639126401264112642126431264412645126461264712648126491265012651126521265312654126551265612657126581265912660126611266212663126641266512666126671266812669126701267112672126731267412675126761267712678126791268012681126821268312684126851268612687126881268912690126911269212693126941269512696126971269812699127001270112702127031270412705127061270712708127091271012711127121271312714127151271612717127181271912720127211272212723127241272512726127271272812729127301273112732127331273412735127361273712738127391274012741127421274312744127451274612747127481274912750127511275212753127541275512756127571275812759127601276112762127631276412765127661276712768127691277012771127721277312774127751277612777127781277912780127811278212783127841278512786127871278812789127901279112792127931279412795127961279712798127991280012801128021280312804128051280612807128081280912810128111281212813128141281512816128171281812819128201282112822128231282412825128261282712828128291283012831128321283312834128351283612837128381283912840128411284212843128441284512846128471284812849128501285112852128531285412855128561285712858128591286012861128621286312864128651286612867128681286912870128711287212873128741287512876128771287812879128801288112882128831288412885128861288712888128891289012891128921289312894128951289612897128981289912900129011290212903129041290512906129071290812909129101291112912129131291412915129161291712918129191292012921129221292312924129251292612927129281292912930129311293212933129341293512936129371293812939129401294112942129431294412945129461294712948129491295012951129521295312954129551295612957129581295912960129611296212963129641296512966129671296812969129701297112972129731297412975129761297712978129791298012981129821298312984129851298612987129881298912990129911299212993129941299512996129971299812999130001300113002130031300413005130061300713008130091301013011130121301313014130151301613017130181301913020130211302213023130241302513026130271302813029130301303113032130331303413035130361303713038130391304013041130421304313044130451304613047130481304913050130511305213053130541305513056130571305813059130601306113062130631306413065130661306713068130691307013071130721307313074130751307613077130781307913080130811308213083130841308513086130871308813089130901309113092130931309413095130961309713098130991310013101131021310313104131051310613107131081310913110131111311213113131141311513116131171311813119131201312113122131231312413125131261312713128131291313013131131321313313134131351313613137131381313913140131411314213143131441314513146131471314813149131501315113152131531315413155131561315713158131591316013161131621316313164131651316613167131681316913170131711317213173131741317513176131771317813179131801318113182131831318413185131861318713188131891319013191131921319313194131951319613197131981319913200132011320213203132041320513206132071320813209132101321113212132131321413215132161321713218132191322013221132221322313224132251322613227132281322913230132311323213233132341323513236132371323813239132401324113242132431324413245132461324713248132491325013251132521325313254132551325613257132581325913260132611326213263132641326513266132671326813269132701327113272132731327413275132761327713278132791328013281132821328313284132851328613287132881328913290132911329213293132941329513296132971329813299133001330113302133031330413305133061330713308133091331013311133121331313314133151331613317133181331913320133211332213323133241332513326133271332813329133301333113332133331333413335133361333713338133391334013341133421334313344133451334613347133481334913350133511335213353133541335513356133571335813359133601336113362133631336413365133661336713368133691337013371133721337313374133751337613377133781337913380133811338213383133841338513386133871338813389133901339113392133931339413395133961339713398133991340013401134021340313404134051340613407134081340913410134111341213413134141341513416134171341813419134201342113422134231342413425134261342713428134291343013431134321343313434134351343613437134381343913440134411344213443134441344513446134471344813449134501345113452134531345413455134561345713458134591346013461134621346313464134651346613467134681346913470134711347213473134741347513476134771347813479134801348113482134831348413485134861348713488134891349013491134921349313494134951349613497134981349913500135011350213503135041350513506135071350813509135101351113512135131351413515135161351713518135191352013521135221352313524135251352613527135281352913530135311353213533135341353513536135371353813539135401354113542135431354413545135461354713548135491355013551135521355313554135551355613557135581355913560135611356213563135641356513566135671356813569135701357113572135731357413575135761357713578135791358013581135821358313584135851358613587135881358913590135911359213593135941359513596135971359813599136001360113602136031360413605136061360713608136091361013611136121361313614136151361613617136181361913620136211362213623136241362513626136271362813629136301363113632136331363413635136361363713638136391364013641136421364313644136451364613647136481364913650136511365213653136541365513656136571365813659136601366113662136631366413665136661366713668136691367013671136721367313674136751367613677136781367913680136811368213683136841368513686136871368813689136901369113692136931369413695136961369713698136991370013701137021370313704137051370613707137081370913710137111371213713137141371513716137171371813719137201372113722137231372413725137261372713728137291373013731137321373313734137351373613737137381373913740137411374213743137441374513746137471374813749137501375113752137531375413755137561375713758137591376013761137621376313764137651376613767137681376913770137711377213773137741377513776137771377813779137801378113782137831378413785137861378713788137891379013791137921379313794137951379613797137981379913800138011380213803138041380513806138071380813809138101381113812138131381413815138161381713818138191382013821138221382313824138251382613827138281382913830138311383213833138341383513836138371383813839138401384113842138431384413845138461384713848138491385013851138521385313854138551385613857138581385913860138611386213863138641386513866138671386813869138701387113872138731387413875138761387713878138791388013881138821388313884138851388613887138881388913890138911389213893138941389513896138971389813899139001390113902139031390413905139061390713908139091391013911139121391313914139151391613917139181391913920139211392213923139241392513926139271392813929139301393113932139331393413935139361393713938139391394013941139421394313944139451394613947139481394913950139511395213953139541395513956139571395813959139601396113962139631396413965139661396713968139691397013971139721397313974139751397613977139781397913980139811398213983139841398513986139871398813989139901399113992139931399413995139961399713998139991400014001140021400314004140051400614007140081400914010140111401214013140141401514016140171401814019140201402114022140231402414025140261402714028140291403014031140321403314034140351403614037140381403914040140411404214043140441404514046140471404814049140501405114052140531405414055140561405714058140591406014061140621406314064140651406614067140681406914070140711407214073140741407514076140771407814079140801408114082140831408414085140861408714088140891409014091140921409314094140951409614097140981409914100141011410214103141041410514106141071410814109141101411114112141131411414115141161411714118141191412014121141221412314124141251412614127141281412914130141311413214133141341413514136141371413814139141401414114142141431414414145141461414714148141491415014151141521415314154141551415614157141581415914160141611416214163141641416514166141671416814169141701417114172141731417414175141761417714178141791418014181141821418314184141851418614187141881418914190141911419214193141941419514196141971419814199142001420114202142031420414205142061420714208142091421014211142121421314214142151421614217142181421914220142211422214223142241422514226142271422814229142301423114232142331423414235142361423714238142391424014241142421424314244142451424614247142481424914250142511425214253142541425514256142571425814259142601426114262142631426414265142661426714268142691427014271142721427314274142751427614277142781427914280142811428214283142841428514286142871428814289142901429114292142931429414295142961429714298142991430014301143021430314304143051430614307143081430914310143111431214313143141431514316143171431814319143201432114322143231432414325143261432714328143291433014331143321433314334143351433614337143381433914340143411434214343143441434514346143471434814349143501435114352143531435414355143561435714358143591436014361143621436314364143651436614367143681436914370143711437214373143741437514376143771437814379143801438114382143831438414385143861438714388143891439014391143921439314394143951439614397143981439914400144011440214403144041440514406144071440814409144101441114412144131441414415144161441714418144191442014421144221442314424144251442614427144281442914430144311443214433144341443514436144371443814439144401444114442144431444414445144461444714448144491445014451144521445314454144551445614457144581445914460144611446214463144641446514466144671446814469144701447114472144731447414475144761447714478144791448014481144821448314484144851448614487144881448914490144911449214493144941449514496144971449814499145001450114502145031450414505145061450714508145091451014511145121451314514145151451614517145181451914520145211452214523145241452514526145271452814529145301453114532145331453414535145361453714538145391454014541145421454314544145451454614547145481454914550145511455214553145541455514556145571455814559145601456114562145631456414565145661456714568145691457014571145721457314574145751457614577145781457914580145811458214583145841458514586145871458814589145901459114592145931459414595145961459714598145991460014601146021460314604146051460614607146081460914610146111461214613146141461514616146171461814619146201462114622146231462414625146261462714628146291463014631146321463314634146351463614637146381463914640146411464214643146441464514646146471464814649146501465114652146531465414655146561465714658146591466014661146621466314664146651466614667146681466914670146711467214673146741467514676146771467814679146801468114682146831468414685146861468714688146891469014691146921469314694146951469614697146981469914700147011470214703147041470514706147071470814709147101471114712147131471414715147161471714718147191472014721147221472314724147251472614727147281472914730147311473214733147341473514736147371473814739147401474114742147431474414745147461474714748147491475014751147521475314754147551475614757147581475914760147611476214763147641476514766147671476814769147701477114772147731477414775147761477714778147791478014781147821478314784147851478614787147881478914790147911479214793147941479514796147971479814799148001480114802148031480414805148061480714808148091481014811148121481314814148151481614817148181481914820148211482214823148241482514826148271482814829148301483114832148331483414835148361483714838148391484014841148421484314844148451484614847148481484914850148511485214853148541485514856148571485814859148601486114862148631486414865148661486714868148691487014871148721487314874148751487614877148781487914880148811488214883148841488514886148871488814889148901489114892148931489414895148961489714898148991490014901149021490314904149051490614907149081490914910149111491214913149141491514916149171491814919149201492114922149231492414925149261492714928149291493014931149321493314934149351493614937149381493914940149411494214943149441494514946149471494814949149501495114952149531495414955149561495714958149591496014961149621496314964149651496614967149681496914970149711497214973149741497514976149771497814979149801498114982149831498414985149861498714988149891499014991149921499314994149951499614997149981499915000150011500215003150041500515006150071500815009150101501115012150131501415015150161501715018150191502015021150221502315024150251502615027150281502915030150311503215033150341503515036150371503815039150401504115042150431504415045150461504715048150491505015051150521505315054150551505615057150581505915060150611506215063150641506515066150671506815069150701507115072150731507415075150761507715078150791508015081150821508315084150851508615087150881508915090150911509215093150941509515096150971509815099151001510115102151031510415105151061510715108151091511015111151121511315114151151511615117151181511915120151211512215123151241512515126151271512815129151301513115132151331513415135151361513715138151391514015141151421514315144151451514615147151481514915150151511515215153151541515515156151571515815159151601516115162151631516415165151661516715168151691517015171151721517315174151751517615177151781517915180151811518215183151841518515186151871518815189151901519115192151931519415195151961519715198151991520015201152021520315204152051520615207152081520915210152111521215213152141521515216152171521815219152201522115222152231522415225152261522715228152291523015231152321523315234152351523615237152381523915240152411524215243152441524515246152471524815249152501525115252152531525415255152561525715258152591526015261152621526315264152651526615267152681526915270152711527215273152741527515276152771527815279152801528115282152831528415285152861528715288152891529015291152921529315294152951529615297152981529915300153011530215303153041530515306153071530815309153101531115312153131531415315153161531715318153191532015321153221532315324153251532615327153281532915330153311533215333153341533515336153371533815339153401534115342153431534415345153461534715348153491535015351153521535315354153551535615357153581535915360153611536215363153641536515366153671536815369153701537115372153731537415375153761537715378153791538015381153821538315384153851538615387153881538915390153911539215393153941539515396153971539815399154001540115402154031540415405154061540715408154091541015411154121541315414154151541615417154181541915420154211542215423154241542515426154271542815429154301543115432154331543415435154361543715438154391544015441154421544315444154451544615447154481544915450154511545215453154541545515456154571545815459154601546115462154631546415465154661546715468154691547015471154721547315474154751547615477154781547915480154811548215483154841548515486154871548815489154901549115492154931549415495154961549715498154991550015501155021550315504155051550615507155081550915510155111551215513155141551515516155171551815519155201552115522155231552415525155261552715528155291553015531155321553315534155351553615537155381553915540155411554215543155441554515546155471554815549155501555115552155531555415555155561555715558155591556015561155621556315564155651556615567155681556915570155711557215573155741557515576155771557815579155801558115582155831558415585155861558715588155891559015591155921559315594155951559615597155981559915600156011560215603156041560515606156071560815609156101561115612156131561415615156161561715618156191562015621156221562315624156251562615627156281562915630156311563215633156341563515636156371563815639156401564115642156431564415645156461564715648156491565015651156521565315654156551565615657156581565915660156611566215663156641566515666156671566815669156701567115672156731567415675156761567715678156791568015681156821568315684156851568615687156881568915690156911569215693156941569515696156971569815699157001570115702157031570415705157061570715708157091571015711157121571315714157151571615717157181571915720157211572215723157241572515726157271572815729157301573115732157331573415735157361573715738157391574015741157421574315744157451574615747157481574915750157511575215753157541575515756157571575815759157601576115762157631576415765157661576715768157691577015771157721577315774157751577615777157781577915780157811578215783157841578515786157871578815789157901579115792157931579415795157961579715798157991580015801158021580315804158051580615807158081580915810158111581215813158141581515816158171581815819158201582115822158231582415825158261582715828158291583015831158321583315834158351583615837158381583915840158411584215843158441584515846158471584815849158501585115852158531585415855158561585715858158591586015861158621586315864158651586615867158681586915870158711587215873158741587515876158771587815879158801588115882158831588415885158861588715888158891589015891158921589315894158951589615897158981589915900159011590215903159041590515906159071590815909159101591115912159131591415915159161591715918159191592015921159221592315924159251592615927159281592915930159311593215933159341593515936159371593815939159401594115942159431594415945159461594715948159491595015951159521595315954159551595615957159581595915960159611596215963159641596515966159671596815969159701597115972159731597415975159761597715978159791598015981159821598315984159851598615987159881598915990159911599215993159941599515996159971599815999160001600116002160031600416005160061600716008160091601016011160121601316014160151601616017160181601916020160211602216023160241602516026160271602816029160301603116032160331603416035160361603716038160391604016041160421604316044160451604616047160481604916050160511605216053160541605516056160571605816059160601606116062160631606416065160661606716068160691607016071160721607316074160751607616077160781607916080160811608216083160841608516086160871608816089160901609116092160931609416095160961609716098160991610016101161021610316104161051610616107161081610916110161111611216113161141611516116161171611816119161201612116122161231612416125161261612716128161291613016131161321613316134161351613616137161381613916140161411614216143161441614516146161471614816149161501615116152161531615416155161561615716158161591616016161161621616316164161651616616167161681616916170161711617216173161741617516176161771617816179161801618116182161831618416185161861618716188161891619016191161921619316194161951619616197161981619916200162011620216203162041620516206162071620816209162101621116212162131621416215162161621716218162191622016221162221622316224162251622616227162281622916230162311623216233162341623516236162371623816239162401624116242162431624416245162461624716248162491625016251162521625316254162551625616257162581625916260162611626216263162641626516266162671626816269162701627116272162731627416275162761627716278162791628016281162821628316284162851628616287162881628916290162911629216293162941629516296162971629816299163001630116302163031630416305163061630716308163091631016311163121631316314163151631616317163181631916320163211632216323163241632516326163271632816329163301633116332163331633416335163361633716338163391634016341163421634316344163451634616347163481634916350163511635216353163541635516356163571635816359163601636116362163631636416365163661636716368163691637016371163721637316374163751637616377163781637916380163811638216383163841638516386163871638816389163901639116392163931639416395163961639716398163991640016401164021640316404164051640616407164081640916410164111641216413164141641516416164171641816419164201642116422164231642416425164261642716428164291643016431164321643316434164351643616437164381643916440164411644216443164441644516446164471644816449164501645116452164531645416455164561645716458164591646016461164621646316464164651646616467164681646916470164711647216473164741647516476164771647816479164801648116482164831648416485164861648716488164891649016491164921649316494164951649616497164981649916500165011650216503165041650516506165071650816509165101651116512165131651416515165161651716518165191652016521165221652316524165251652616527165281652916530165311653216533165341653516536165371653816539165401654116542165431654416545165461654716548165491655016551165521655316554165551655616557165581655916560165611656216563165641656516566165671656816569165701657116572165731657416575165761657716578165791658016581165821658316584165851658616587165881658916590165911659216593165941659516596165971659816599166001660116602166031660416605166061660716608166091661016611166121661316614166151661616617166181661916620166211662216623166241662516626166271662816629166301663116632166331663416635166361663716638166391664016641166421664316644166451664616647166481664916650166511665216653166541665516656166571665816659166601666116662166631666416665166661666716668166691667016671166721667316674166751667616677166781667916680166811668216683166841668516686166871668816689166901669116692166931669416695166961669716698166991670016701167021670316704167051670616707167081670916710167111671216713167141671516716167171671816719167201672116722167231672416725167261672716728167291673016731167321673316734167351673616737167381673916740167411674216743167441674516746167471674816749167501675116752167531675416755167561675716758167591676016761167621676316764167651676616767167681676916770167711677216773167741677516776167771677816779167801678116782167831678416785167861678716788167891679016791167921679316794167951679616797167981679916800168011680216803168041680516806168071680816809168101681116812168131681416815168161681716818168191682016821168221682316824168251682616827168281682916830168311683216833168341683516836168371683816839168401684116842168431684416845168461684716848168491685016851168521685316854168551685616857168581685916860168611686216863168641686516866168671686816869168701687116872168731687416875168761687716878168791688016881168821688316884168851688616887168881688916890168911689216893168941689516896168971689816899169001690116902169031690416905169061690716908169091691016911169121691316914169151691616917169181691916920169211692216923169241692516926169271692816929169301693116932169331693416935169361693716938169391694016941169421694316944169451694616947169481694916950169511695216953169541695516956169571695816959169601696116962169631696416965169661696716968169691697016971169721697316974169751697616977169781697916980169811698216983169841698516986169871698816989169901699116992169931699416995169961699716998169991700017001170021700317004170051700617007170081700917010170111701217013170141701517016170171701817019170201702117022170231702417025170261702717028170291703017031170321703317034170351703617037170381703917040170411704217043170441704517046170471704817049170501705117052170531705417055170561705717058170591706017061170621706317064170651706617067170681706917070170711707217073170741707517076170771707817079170801708117082170831708417085170861708717088170891709017091170921709317094170951709617097170981709917100171011710217103171041710517106171071710817109171101711117112171131711417115171161711717118171191712017121171221712317124171251712617127171281712917130171311713217133171341713517136171371713817139171401714117142171431714417145171461714717148171491715017151171521715317154171551715617157171581715917160171611716217163171641716517166171671716817169171701717117172171731717417175171761717717178171791718017181171821718317184171851718617187171881718917190171911719217193171941719517196171971719817199172001720117202172031720417205172061720717208172091721017211172121721317214172151721617217172181721917220172211722217223172241722517226172271722817229172301723117232172331723417235172361723717238172391724017241172421724317244172451724617247172481724917250172511725217253172541725517256172571725817259172601726117262172631726417265172661726717268172691727017271172721727317274172751727617277172781727917280172811728217283172841728517286172871728817289172901729117292172931729417295172961729717298172991730017301173021730317304173051730617307173081730917310173111731217313173141731517316173171731817319173201732117322173231732417325173261732717328173291733017331173321733317334173351733617337173381733917340173411734217343173441734517346173471734817349173501735117352173531735417355173561735717358173591736017361173621736317364173651736617367173681736917370173711737217373173741737517376173771737817379173801738117382173831738417385173861738717388173891739017391173921739317394173951739617397173981739917400174011740217403174041740517406174071740817409174101741117412174131741417415174161741717418174191742017421174221742317424174251742617427174281742917430174311743217433174341743517436174371743817439174401744117442174431744417445174461744717448174491745017451174521745317454174551745617457174581745917460174611746217463174641746517466174671746817469174701747117472174731747417475174761747717478174791748017481174821748317484174851748617487174881748917490174911749217493174941749517496174971749817499175001750117502175031750417505175061750717508175091751017511175121751317514175151751617517175181751917520175211752217523175241752517526175271752817529175301753117532175331753417535175361753717538175391754017541175421754317544175451754617547175481754917550175511755217553175541755517556175571755817559175601756117562175631756417565175661756717568175691757017571175721757317574175751757617577175781757917580175811758217583175841758517586175871758817589175901759117592175931759417595175961759717598175991760017601176021760317604176051760617607176081760917610176111761217613176141761517616176171761817619176201762117622176231762417625176261762717628176291763017631176321763317634176351763617637176381763917640176411764217643176441764517646176471764817649176501765117652176531765417655176561765717658176591766017661176621766317664176651766617667176681766917670176711767217673176741767517676176771767817679176801768117682176831768417685176861768717688176891769017691176921769317694176951769617697176981769917700177011770217703177041770517706177071770817709177101771117712177131771417715177161771717718177191772017721177221772317724177251772617727177281772917730177311773217733177341773517736177371773817739177401774117742177431774417745177461774717748177491775017751177521775317754177551775617757177581775917760177611776217763177641776517766177671776817769177701777117772177731777417775177761777717778177791778017781177821778317784177851778617787177881778917790177911779217793177941779517796177971779817799178001780117802178031780417805178061780717808178091781017811178121781317814178151781617817178181781917820178211782217823178241782517826178271782817829178301783117832178331783417835178361783717838178391784017841178421784317844178451784617847178481784917850178511785217853178541785517856178571785817859178601786117862178631786417865178661786717868178691787017871178721787317874178751787617877178781787917880178811788217883178841788517886178871788817889178901789117892178931789417895178961789717898178991790017901179021790317904179051790617907179081790917910179111791217913179141791517916179171791817919179201792117922179231792417925179261792717928179291793017931179321793317934179351793617937179381793917940179411794217943179441794517946179471794817949179501795117952179531795417955179561795717958179591796017961179621796317964179651796617967179681796917970179711797217973179741797517976179771797817979179801798117982179831798417985179861798717988179891799017991179921799317994179951799617997179981799918000180011800218003180041800518006180071800818009180101801118012180131801418015180161801718018180191802018021180221802318024180251802618027180281802918030180311803218033180341803518036180371803818039180401804118042180431804418045180461804718048180491805018051180521805318054180551805618057180581805918060180611806218063180641806518066180671806818069180701807118072180731807418075180761807718078180791808018081180821808318084180851808618087180881808918090180911809218093180941809518096180971809818099181001810118102181031810418105181061810718108181091811018111181121811318114181151811618117181181811918120181211812218123181241812518126181271812818129181301813118132181331813418135181361813718138181391814018141181421814318144181451814618147181481814918150181511815218153181541815518156181571815818159181601816118162181631816418165181661816718168181691817018171181721817318174181751817618177181781817918180181811818218183181841818518186181871818818189181901819118192181931819418195181961819718198181991820018201182021820318204182051820618207182081820918210182111821218213182141821518216182171821818219182201822118222182231822418225182261822718228182291823018231182321823318234182351823618237182381823918240182411824218243182441824518246182471824818249182501825118252182531825418255182561825718258182591826018261182621826318264182651826618267182681826918270182711827218273182741827518276182771827818279182801828118282182831828418285182861828718288182891829018291182921829318294182951829618297182981829918300183011830218303183041830518306183071830818309183101831118312183131831418315183161831718318183191832018321183221832318324183251832618327183281832918330183311833218333183341833518336183371833818339183401834118342183431834418345183461834718348183491835018351183521835318354183551835618357183581835918360183611836218363183641836518366183671836818369183701837118372183731837418375183761837718378183791838018381183821838318384183851838618387183881838918390183911839218393183941839518396183971839818399184001840118402184031840418405184061840718408184091841018411184121841318414184151841618417184181841918420184211842218423184241842518426184271842818429184301843118432184331843418435184361843718438184391844018441184421844318444184451844618447184481844918450184511845218453184541845518456184571845818459184601846118462184631846418465184661846718468184691847018471184721847318474184751847618477184781847918480184811848218483184841848518486184871848818489184901849118492184931849418495184961849718498184991850018501185021850318504185051850618507185081850918510185111851218513185141851518516185171851818519185201852118522185231852418525185261852718528185291853018531185321853318534185351853618537185381853918540185411854218543185441854518546185471854818549185501855118552185531855418555185561855718558185591856018561185621856318564185651856618567185681856918570185711857218573185741857518576185771857818579185801858118582185831858418585185861858718588185891859018591185921859318594185951859618597185981859918600186011860218603186041860518606186071860818609186101861118612186131861418615186161861718618186191862018621186221862318624186251862618627186281862918630186311863218633186341863518636186371863818639186401864118642186431864418645186461864718648186491865018651186521865318654186551865618657186581865918660186611866218663186641866518666186671866818669186701867118672186731867418675186761867718678186791868018681186821868318684186851868618687186881868918690186911869218693186941869518696186971869818699187001870118702187031870418705187061870718708187091871018711187121871318714187151871618717187181871918720187211872218723187241872518726187271872818729187301873118732187331873418735187361873718738187391874018741187421874318744187451874618747187481874918750187511875218753187541875518756187571875818759187601876118762187631876418765187661876718768187691877018771187721877318774187751877618777187781877918780187811878218783187841878518786187871878818789187901879118792187931879418795187961879718798187991880018801188021880318804188051880618807188081880918810188111881218813188141881518816188171881818819188201882118822188231882418825188261882718828188291883018831188321883318834188351883618837188381883918840188411884218843188441884518846188471884818849188501885118852188531885418855188561885718858188591886018861188621886318864188651886618867188681886918870188711887218873188741887518876188771887818879188801888118882188831888418885188861888718888188891889018891188921889318894188951889618897188981889918900189011890218903189041890518906189071890818909189101891118912189131891418915189161891718918189191892018921189221892318924189251892618927189281892918930189311893218933189341893518936189371893818939189401894118942189431894418945189461894718948189491895018951189521895318954189551895618957189581895918960189611896218963189641896518966189671896818969189701897118972189731897418975189761897718978189791898018981189821898318984189851898618987189881898918990189911899218993189941899518996189971899818999190001900119002190031900419005190061900719008190091901019011190121901319014190151901619017190181901919020190211902219023190241902519026190271902819029190301903119032190331903419035190361903719038190391904019041190421904319044190451904619047190481904919050190511905219053190541905519056190571905819059190601906119062190631906419065190661906719068190691907019071190721907319074190751907619077190781907919080190811908219083190841908519086190871908819089190901909119092190931909419095190961909719098190991910019101191021910319104191051910619107191081910919110191111911219113191141911519116191171911819119191201912119122191231912419125191261912719128191291913019131191321913319134191351913619137191381913919140191411914219143191441914519146191471914819149191501915119152191531915419155191561915719158191591916019161191621916319164191651916619167191681916919170191711917219173191741917519176191771917819179191801918119182191831918419185191861918719188191891919019191191921919319194191951919619197191981919919200192011920219203192041920519206192071920819209192101921119212192131921419215192161921719218192191922019221192221922319224192251922619227192281922919230192311923219233192341923519236192371923819239192401924119242192431924419245192461924719248192491925019251192521925319254192551925619257192581925919260192611926219263192641926519266192671926819269192701927119272192731927419275192761927719278192791928019281192821928319284192851928619287192881928919290192911929219293192941929519296192971929819299193001930119302193031930419305193061930719308193091931019311193121931319314193151931619317193181931919320193211932219323193241932519326193271932819329193301933119332193331933419335193361933719338193391934019341193421934319344193451934619347193481934919350193511935219353193541935519356193571935819359193601936119362193631936419365193661936719368193691937019371193721937319374193751937619377193781937919380193811938219383193841938519386193871938819389193901939119392193931939419395193961939719398193991940019401194021940319404194051940619407194081940919410194111941219413194141941519416194171941819419194201942119422194231942419425194261942719428194291943019431194321943319434194351943619437194381943919440194411944219443194441944519446194471944819449194501945119452194531945419455194561945719458194591946019461194621946319464194651946619467194681946919470194711947219473194741947519476194771947819479194801948119482194831948419485194861948719488194891949019491194921949319494194951949619497194981949919500195011950219503195041950519506195071950819509195101951119512195131951419515195161951719518195191952019521195221952319524195251952619527195281952919530195311953219533195341953519536195371953819539195401954119542195431954419545195461954719548195491955019551195521955319554195551955619557195581955919560195611956219563195641956519566195671956819569195701957119572195731957419575195761957719578195791958019581195821958319584195851958619587195881958919590195911959219593195941959519596195971959819599196001960119602196031960419605196061960719608196091961019611196121961319614196151961619617196181961919620196211962219623196241962519626196271962819629196301963119632196331963419635196361963719638196391964019641196421964319644196451964619647196481964919650196511965219653196541965519656
  1. Changes in version 0.2.7.6 - 2015-12-10
  2. Tor version 0.2.7.6 fixes a major bug in entry guard selection, as
  3. well as a minor bug in hidden service reliability.
  4. o Major bugfixes (guard selection):
  5. - Actually look at the Guard flag when selecting a new directory
  6. guard. When we implemented the directory guard design, we
  7. accidentally started treating all relays as if they have the Guard
  8. flag during guard selection, leading to weaker anonymity and worse
  9. performance. Fixes bug 17772; bugfix on 0.2.4.8-alpha. Discovered
  10. by Mohsen Imani.
  11. o Minor features (geoip):
  12. - Update geoip and geoip6 to the December 1 2015 Maxmind GeoLite2
  13. Country database.
  14. o Minor bugfixes (compilation):
  15. - When checking for net/pfvar.h, include netinet/in.h if possible.
  16. This fixes transparent proxy detection on OpenBSD. Fixes bug
  17. 17551; bugfix on 0.1.2.1-alpha. Patch from "rubiate".
  18. - Fix a compilation warning with Clang 3.6: Do not check the
  19. presence of an address which can never be NULL. Fixes bug 17781.
  20. o Minor bugfixes (correctness):
  21. - When displaying an IPv6 exit policy, include the mask bits
  22. correctly even when the number is greater than 31. Fixes bug
  23. 16056; bugfix on 0.2.4.7-alpha. Patch from "gturner".
  24. - The wrong list was used when looking up expired intro points in a
  25. rend service object, causing what we think could be reachability
  26. issues for hidden services, and triggering a BUG log. Fixes bug
  27. 16702; bugfix on 0.2.7.2-alpha.
  28. - Fix undefined behavior in the tor_cert_checksig function. Fixes
  29. bug 17722; bugfix on 0.2.7.2-alpha.
  30. Changes in version 0.2.7.5 - 2015-11-20
  31. The Tor 0.2.7 release series is dedicated to the memory of Tor user
  32. and privacy advocate Caspar Bowden (1961-2015). Caspar worked
  33. tirelessly to advocate human rights regardless of national borders,
  34. and oppose the encroachments of mass surveillance. He opposed national
  35. exceptionalism, he brought clarity to legal and policy debates, he
  36. understood and predicted the impact of mass surveillance on the world,
  37. and he laid the groundwork for resisting it. While serving on the Tor
  38. Project's board of directors, he brought us his uncompromising focus
  39. on technical excellence in the service of humankind. Caspar was an
  40. inimitable force for good and a wonderful friend. He was kind,
  41. humorous, generous, gallant, and believed we should protect one
  42. another without exception. We honor him here for his ideals, his
  43. efforts, and his accomplishments. Please honor his memory with works
  44. that would make him proud.
  45. Tor 0.2.7.5 is the first stable release in the Tor 0.2.7 series.
  46. The 0.2.7 series adds a more secure identity key type for relays,
  47. improves cryptography performance, resolves several longstanding
  48. hidden-service performance issues, improves controller support for
  49. hidden services, and includes small bugfixes and performance
  50. improvements throughout the program. This release series also includes
  51. more tests than before, and significant simplifications to which parts
  52. of Tor invoke which others.
  53. (This release contains no code changes since 0.2.7.4-rc.)
  54. Changes in version 0.2.7.4-rc - 2015-10-21
  55. Tor 0.2.7.4-rc is the second release candidate in the 0.2.7 series. It
  56. fixes some important memory leaks, and a scary-looking (but mostly
  57. harmless in practice) invalid-read bug. It also has a few small
  58. bugfixes, notably fixes for compilation and portability on different
  59. platforms. If no further significant bounds are found, the next
  60. release will the the official stable release.
  61. o Major bugfixes (security, correctness):
  62. - Fix an error that could cause us to read 4 bytes before the
  63. beginning of an openssl string. This bug could be used to cause
  64. Tor to crash on systems with unusual malloc implementations, or
  65. systems with unusual hardening installed. Fixes bug 17404; bugfix
  66. on 0.2.3.6-alpha.
  67. o Major bugfixes (correctness):
  68. - Fix a use-after-free bug in validate_intro_point_failure(). Fixes
  69. bug 17401; bugfix on 0.2.7.3-rc.
  70. o Major bugfixes (memory leaks):
  71. - Fix a memory leak in ed25519 batch signature checking. Fixes bug
  72. 17398; bugfix on 0.2.6.1-alpha.
  73. - Fix a memory leak in rend_cache_failure_entry_free(). Fixes bug
  74. 17402; bugfix on 0.2.7.3-rc.
  75. - Fix a memory leak when reading an expired signing key from disk.
  76. Fixes bug 17403; bugfix on 0.2.7.2-rc.
  77. o Minor features (geoIP):
  78. - Update geoip and geoip6 to the October 9 2015 Maxmind GeoLite2
  79. Country database.
  80. o Minor bugfixes (compilation):
  81. - Repair compilation with the most recent (unreleased, alpha)
  82. vesions of OpenSSL 1.1. Fixes part of ticket 17237.
  83. - Fix an integer overflow warning in test_crypto_slow.c. Fixes bug
  84. 17251; bugfix on 0.2.7.2-alpha.
  85. - Fix compilation of sandbox.c with musl-libc. Fixes bug 17347;
  86. bugfix on 0.2.5.1-alpha. Patch from 'jamestk'.
  87. o Minor bugfixes (portability):
  88. - Use libexecinfo on FreeBSD to enable backtrace support. Fixes
  89. part of bug 17151; bugfix on 0.2.5.2-alpha. Patch from
  90. Marcin Cieślak.
  91. o Minor bugfixes (sandbox):
  92. - Add the "hidserv-stats" filename to our sandbox filter for the
  93. HiddenServiceStatistics option to work properly. Fixes bug 17354;
  94. bugfix on tor-0.2.6.2-alpha. Patch from David Goulet.
  95. o Minor bugfixes (testing):
  96. - Add unit tests for get_interface_address* failure cases. Fixes bug
  97. 17173; bugfix on 0.2.7.3-rc. Patch by fk/teor.
  98. - Fix breakage when running 'make check' with BSD make. Fixes bug
  99. 17154; bugfix on 0.2.7.3-rc. Patch by Marcin Cieślak.
  100. - Make the get_ifaddrs_* unit tests more tolerant of different
  101. network configurations. (Don't assume every test box has an IPv4
  102. address, and don't assume every test box has a non-localhost
  103. address.) Fixes bug 17255; bugfix on 0.2.7.3-rc. Patch by "teor".
  104. - Skip backtrace tests when backtrace support is not compiled in.
  105. Fixes part of bug 17151; bugfix on 0.2.7.1-alpha. Patch from
  106. Marcin Cieślak.
  107. o Documentation:
  108. - Fix capitalization of SOCKS in sample torrc. Closes ticket 15609.
  109. - Note that HiddenServicePorts can take a unix domain socket. Closes
  110. ticket 17364.
  111. Changes in version 0.2.7.3-rc - 2015-09-25
  112. Tor 0.2.7.3-rc is the first release candidate in the 0.2.7 series. It
  113. contains numerous usability fixes for Ed25519 keys, safeguards against
  114. several misconfiguration problems, significant simplifications to
  115. Tor's callgraph, and numerous bugfixes and small features.
  116. This is the most tested release of Tor to date. The unit tests cover
  117. 39.40% of the code, and the integration tests (accessible with "make
  118. test-full-online", requiring stem and chutney and a network
  119. connection) raise the coverage to 64.49%.
  120. o Major features (security, hidden services):
  121. - Hidden services, if using the EntryNodes option, are required to
  122. use more than one EntryNode, in order to avoid a guard discovery
  123. attack. (This would only affect people who had configured hidden
  124. services and manually specified the EntryNodes option with a
  125. single entry-node. The impact was that it would be easy to
  126. remotely identify the guard node used by such a hidden service.
  127. See ticket for more information.) Fixes ticket 14917.
  128. o Major features (Ed25519 keys, keypinning):
  129. - The key-pinning option on directory authorities is now advisory-
  130. only by default. In a future version, or when the AuthDirPinKeys
  131. option is set, pins are enforced again. Disabling key-pinning
  132. seemed like a good idea so that we can survive the fallout of any
  133. usability problems associated with Ed25519 keys. Closes
  134. ticket 17135.
  135. o Major features (Ed25519 performance):
  136. - Improve the speed of Ed25519 operations and Curve25519 keypair
  137. generation when built targeting 32 bit x86 platforms with SSE2
  138. available. Implements ticket 16535.
  139. - Improve the runtime speed of Ed25519 signature verification by
  140. using Ed25519-donna's batch verification support. Implements
  141. ticket 16533.
  142. o Major features (performance testing):
  143. - The test-network.sh script now supports performance testing.
  144. Requires corresponding chutney performance testing changes. Patch
  145. by "teor". Closes ticket 14175.
  146. o Major features (relay, Ed25519):
  147. - Significant usability improvements for Ed25519 key management. Log
  148. messages are better, and the code can recover from far more
  149. failure conditions. Thanks to "s7r" for reporting and diagnosing
  150. so many of these!
  151. - Add a new OfflineMasterKey option to tell Tor never to try loading
  152. or generating a secret Ed25519 identity key. You can use this in
  153. combination with tor --keygen to manage offline and/or encrypted
  154. Ed25519 keys. Implements ticket 16944.
  155. - Add a --newpass option to allow changing or removing the
  156. passphrase of an encrypted key with tor --keygen. Implements part
  157. of ticket 16769.
  158. - On receiving a HUP signal, check to see whether the Ed25519
  159. signing key has changed, and reload it if so. Closes ticket 16790.
  160. o Major bugfixes (relay, Ed25519):
  161. - Avoid crashing on 'tor --keygen'. Fixes bug 16679; bugfix on
  162. 0.2.7.2-alpha. Reported by "s7r".
  163. - Improve handling of expired signing keys with offline master keys.
  164. Fixes bug 16685; bugfix on 0.2.7.2-alpha. Reported by "s7r".
  165. o Minor features (client-side privacy):
  166. - New KeepAliveIsolateSOCKSAuth option to indefinitely extend circuit
  167. lifespan when IsolateSOCKSAuth and streams with SOCKS
  168. authentication are attached to the circuit. This allows
  169. applications like TorBrowser to manage circuit lifetime on their
  170. own. Implements feature 15482.
  171. - When logging malformed hostnames from SOCKS5 requests, respect
  172. SafeLogging configuration. Fixes bug 16891; bugfix on 0.1.1.16-rc.
  173. o Minor features (compilation):
  174. - Give a warning as early as possible when trying to build with an
  175. unsupported OpenSSL version. Closes ticket 16901.
  176. - Fail during configure if we're trying to build against an OpenSSL
  177. built without ECC support. Fixes bug 17109, bugfix on 0.2.7.1-alpha
  178. which started requiring ECC.
  179. o Minor features (geoip):
  180. - Update geoip and geoip6 to the September 3 2015 Maxmind GeoLite2
  181. Country database.
  182. o Minor features (hidden services):
  183. - Relays need to have the Fast flag to get the HSDir flag. As this
  184. is being written, we'll go from 2745 HSDirs down to 2342, a ~14%
  185. drop. This change should make some attacks against the hidden
  186. service directory system harder. Fixes ticket 15963.
  187. - Turn on hidden service statistics collection by setting the torrc
  188. option HiddenServiceStatistics to "1" by default. (This keeps
  189. track only of the fraction of traffic used by hidden services, and
  190. the total number of hidden services in existence.) Closes
  191. ticket 15254.
  192. - Client now uses an introduction point failure cache to know when
  193. to fetch or keep a descriptor in their cache. Previously, failures
  194. were recorded implicitly, but not explicitly remembered. Closes
  195. ticket 16389.
  196. o Minor features (testing, authorities, documentation):
  197. - New TestingDirAuthVote{Exit,Guard,HSDir}IsStrict flags to
  198. explicitly manage consensus flags in testing networks. Patch by
  199. "robgjansen", modified by "teor". Implements part of ticket 14882.
  200. o Minor bugfixes (security, exit policies):
  201. - ExitPolicyRejectPrivate now also rejects the relay's published
  202. IPv6 address (if any), and any publicly routable IPv4 or IPv6
  203. addresses on any local interfaces. ticket 17027. Patch by "teor".
  204. Fixes bug 17027; bugfix on 0.2.0.11-alpha.
  205. o Minor bug fixes (torrc exit policies):
  206. - In torrc, "accept6 *" and "reject6 *" ExitPolicy lines now only
  207. produce IPv6 wildcard addresses. Previously they would produce
  208. both IPv4 and IPv6 wildcard addresses. Patch by "teor". Fixes part
  209. of bug 16069; bugfix on 0.2.4.7-alpha.
  210. - When parsing torrc ExitPolicies, we now warn for a number of cases
  211. where the user's intent is likely to differ from Tor's actual
  212. behavior. These include: using an IPv4 address with an accept6 or
  213. reject6 line; using "private" on an accept6 or reject6 line; and
  214. including any ExitPolicy lines after accept *:* or reject *:*.
  215. Related to ticket 16069.
  216. - When parsing torrc ExitPolicies, we now issue an info-level
  217. message when expanding an "accept/reject *" line to include both
  218. IPv4 and IPv6 wildcard addresses. Related to ticket 16069.
  219. - In each instance above, usage advice is provided to avoid the
  220. message. Resolves ticket 16069. Patch by "teor". Fixes part of bug
  221. 16069; bugfix on 0.2.4.7-alpha.
  222. o Minor bugfixes (authority):
  223. - Don't assign "HSDir" to a router if it isn't Valid and Running.
  224. Fixes bug 16524; bugfix on 0.2.7.2-alpha.
  225. - Downgrade log messages about Ed25519 key issues if they are in old
  226. cached router descriptors. Fixes part of bug 16286; bugfix
  227. on 0.2.7.2-alpha.
  228. - When we find an Ed25519 key issue in a cached descriptor, stop
  229. saying the descriptor was just "uploaded". Fixes another part of
  230. bug 16286; bugfix on 0.2.7.2-alpha.
  231. o Minor bugfixes (control port):
  232. - Repair a warning and a spurious result when getting the maximum
  233. number of file descriptors from the controller. Fixes bug 16697;
  234. bugfix on 0.2.7.2-alpha.
  235. o Minor bugfixes (correctness):
  236. - When calling channel_free_list(), avoid calling smartlist_remove()
  237. while inside a FOREACH loop. This partially reverts commit
  238. 17356fe7fd96af where the correct SMARTLIST_DEL_CURRENT was
  239. incorrectly removed. Fixes bug 16924; bugfix on 0.2.4.4-alpha.
  240. o Minor bugfixes (documentation):
  241. - Advise users on how to configure separate IPv4 and IPv6 exit
  242. policies in the manpage and sample torrcs. Related to ticket 16069.
  243. - Fix the usage message of tor-resolve(1) so that it no longer lists
  244. the removed -F option. Fixes bug 16913; bugfix on 0.2.2.28-beta.
  245. - Fix an error in the manual page and comments for
  246. TestingDirAuthVoteHSDir[IsStrict], which suggested that a HSDir
  247. required "ORPort connectivity". While this is true, it is in no
  248. way unique to the HSDir flag. Of all the flags, only HSDirs need a
  249. DirPort configured in order for the authorities to assign that
  250. particular flag. Patch by "teor". Fixed as part of 14882; bugfix
  251. on 0.2.6.3-alpha.
  252. o Minor bugfixes (Ed25519):
  253. - Fix a memory leak when reading router descriptors with expired
  254. Ed25519 certificates. Fixes bug 16539; bugfix on 0.2.7.2-alpha.
  255. o Minor bugfixes (linux seccomp2 sandbox):
  256. - Allow bridge authorities to run correctly under the seccomp2
  257. sandbox. Fixes bug 16964; bugfix on 0.2.5.1-alpha.
  258. - Allow routers with ed25519 keys to run correctly under the
  259. seccomp2 sandbox. Fixes bug 16965; bugfix on 0.2.7.2-alpha.
  260. o Minor bugfixes (open file limit):
  261. - Fix set_max_file_descriptors() to set by default the max open file
  262. limit to the current limit when setrlimit() fails. Fixes bug
  263. 16274; bugfix on tor- 0.2.0.10-alpha. Patch by dgoulet.
  264. o Minor bugfixes (portability):
  265. - Try harder to normalize the exit status of the Tor process to the
  266. standard-provided range. Fixes bug 16975; bugfix on every version
  267. of Tor ever.
  268. - Check correctly for Windows socket errors in the workqueue
  269. backend. Fixes bug 16741; bugfix on 0.2.6.3-alpha.
  270. - Fix the behavior of crypto_rand_time_range() when told to consider
  271. times before 1970. (These times were possible when running in a
  272. simulated network environment where time()'s output starts at
  273. zero.) Fixes bug 16980; bugfix on 0.2.7.1-alpha.
  274. - Restore correct operation of TLS client-cipher detection on
  275. OpenSSL 1.1. Fixes bug 14047; bugfix on 0.2.7.2-alpha.
  276. o Minor bugfixes (relay):
  277. - Ensure that worker threads actually exit when a fatal error or
  278. shutdown is indicated. This fix doesn't currently affect the
  279. behavior of Tor, because Tor workers never indicates fatal error
  280. or shutdown except in the unit tests. Fixes bug 16868; bugfix
  281. on 0.2.6.3-alpha.
  282. - Unblock threads before releasing the work queue mutex to ensure
  283. predictable scheduling behavior. Fixes bug 16644; bugfix
  284. on 0.2.6.3-alpha.
  285. o Code simplification and refactoring:
  286. - Change the function that's called when we need to retry all
  287. downloads so that it only reschedules the downloads to happen
  288. immediately, rather than launching them all at once itself. This
  289. further simplifies Tor's callgraph.
  290. - Move some format-parsing functions out of crypto.c and
  291. crypto_curve25519.c into crypto_format.c and/or util_format.c.
  292. - Move the client-only parts of init_keys() into a separate
  293. function. Closes ticket 16763.
  294. - Simplify the microdesc_free() implementation so that it no longer
  295. appears (to code analysis tools) to potentially invoke a huge
  296. suite of other microdesc functions.
  297. - Simply the control graph further by deferring the inner body of
  298. directory_all_unreachable() into a callback. Closes ticket 16762.
  299. - Treat the loss of an owning controller as equivalent to a SIGTERM
  300. signal. This removes a tiny amount of duplicated code, and
  301. simplifies our callgraph. Closes ticket 16788.
  302. - When generating an event to send to the controller, we no longer
  303. put the event over the network immediately. Instead, we queue
  304. these events, and use a Libevent callback to deliver them. This
  305. change simplifies Tor's callgraph by reducing the number of
  306. functions from which all other Tor functions are reachable. Closes
  307. ticket 16695.
  308. - Wrap Windows-only C files inside '#ifdef _WIN32' so that tools
  309. that try to scan or compile every file on Unix won't decide that
  310. they are broken.
  311. - Remove the unused "nulterminate" argument from buf_pullup().
  312. o Documentation:
  313. - Recommend a 40 GB example AccountingMax in torrc.sample rather
  314. than a 4 GB max. Closes ticket 16742.
  315. - Include the TUNING document in our source tarball. It is referred
  316. to in the ChangeLog and an error message. Fixes bug 16929; bugfix
  317. on 0.2.6.1-alpha.
  318. o Removed code:
  319. - The internal pure-C tor-fw-helper tool is now removed from the Tor
  320. distribution, in favor of the pure-Go clone available from
  321. https://gitweb.torproject.org/tor-fw-helper.git/ . The libraries
  322. used by the C tor-fw-helper are not, in our opinion, very
  323. confidence- inspiring in their secure-programming techniques.
  324. Closes ticket 13338.
  325. - Remove the code that would try to aggressively flush controller
  326. connections while writing to them. This code was introduced in
  327. 0.1.2.7-alpha, in order to keep output buffers from exceeding
  328. their limits. But there is no longer a maximum output buffer size,
  329. and flushing data in this way caused some undesirable recursions
  330. in our call graph. Closes ticket 16480.
  331. o Testing:
  332. - Make "bridges+hs" the default test network. This tests almost all
  333. tor functionality during make test-network, while allowing tests
  334. to succeed on non-IPv6 systems. Requires chutney commit 396da92 in
  335. test-network-bridges-hs. Closes tickets 16945 (tor) and 16946
  336. (chutney). Patches by "teor".
  337. - Autodetect CHUTNEY_PATH if the chutney and Tor sources are side-
  338. by-side in the same parent directory. Closes ticket 16903. Patch
  339. by "teor".
  340. - Use environment variables rather than autoconf substitutions to
  341. send variables from the build system to the test scripts. This
  342. change should be easier to maintain, and cause 'make distcheck' to
  343. work better than before. Fixes bug 17148.
  344. - Add a new set of callgraph analysis scripts that use clang to
  345. produce a list of which Tor functions are reachable from which
  346. other Tor functions. We're planning to use these to help simplify
  347. our code structure by identifying illogical dependencies.
  348. - Add new 'test-full' and 'test-full-online' targets to run all
  349. tests, including integration tests with stem and chutney.
  350. - Make the test-workqueue test work on Windows by initializing the
  351. network before we begin.
  352. - New make target (make test-network-all) to run multiple applicable
  353. chutney test cases. Patch from Teor; closes 16953.
  354. - Unit test dns_resolve(), dns_clip_ttl() and dns_get_expiry_ttl()
  355. functions in dns.c. Implements a portion of ticket 16831.
  356. - When building Tor with testing coverage enabled, run Chutney tests
  357. (if any) using the 'tor-cov' coverage binary.
  358. - When running test-network or test-stem, check for the absence of
  359. stem/chutney before doing any build operations.
  360. Changes in version 0.2.7.2-alpha - 2015-07-27
  361. This, the second alpha in the Tor 0.2.7 series, has a number of new
  362. features, including a way to manually pick the number of introduction
  363. points for hidden services, and the much stronger Ed25519 signing key
  364. algorithm for regular Tor relays (including support for encrypted
  365. offline identity keys in the new algorithm).
  366. Support for Ed25519 on relays is currently limited to signing router
  367. descriptors; later alphas in this series will extend Ed25519 key
  368. support to more parts of the Tor protocol.
  369. o Major features (Ed25519 identity keys, Proposal 220):
  370. - All relays now maintain a stronger identity key, using the Ed25519
  371. elliptic curve signature format. This master key is designed so
  372. that it can be kept offline. Relays also generate an online
  373. signing key, and a set of other Ed25519 keys and certificates.
  374. These are all automatically regenerated and rotated as needed.
  375. Implements part of ticket 12498.
  376. - Directory authorities now vote on Ed25519 identity keys along with
  377. RSA1024 keys. Implements part of ticket 12498.
  378. - Directory authorities track which Ed25519 identity keys have been
  379. used with which RSA1024 identity keys, and do not allow them to
  380. vary freely. Implements part of ticket 12498.
  381. - Microdescriptors now include Ed25519 identity keys. Implements
  382. part of ticket 12498.
  383. - Add support for offline encrypted Ed25519 master keys. To use this
  384. feature on your tor relay, run "tor --keygen" to make a new master
  385. key (or to make a new signing key if you already have a master
  386. key). Closes ticket 13642.
  387. o Major features (Hidden services):
  388. - Add the torrc option HiddenServiceNumIntroductionPoints, to
  389. specify a fixed number of introduction points. Its maximum value
  390. is 10 and default is 3. Using this option can increase a hidden
  391. service's reliability under load, at the cost of making it more
  392. visible that the hidden service is facing extra load. Closes
  393. ticket 4862.
  394. - Remove the adaptive algorithm for choosing the number of
  395. introduction points, which used to change the number of
  396. introduction points (poorly) depending on the number of
  397. connections the HS sees. Closes ticket 4862.
  398. o Major features (onion key cross-certification):
  399. - Relay descriptors now include signatures of their own identity
  400. keys, made using the TAP and ntor onion keys. These signatures
  401. allow relays to prove ownership of their own onion keys. Because
  402. of this change, microdescriptors will no longer need to include
  403. RSA identity keys. Implements proposal 228; closes ticket 12499.
  404. o Major features (performance):
  405. - Improve the runtime speed of Ed25519 operations by using the
  406. public-domain Ed25519-donna by Andrew M. ("floodyberry").
  407. Implements ticket 16467.
  408. - Improve the runtime speed of the ntor handshake by using an
  409. optimized curve25519 basepoint scalarmult implementation from the
  410. public-domain Ed25519-donna by Andrew M. ("floodyberry"), based on
  411. ideas by Adam Langley. Implements ticket 9663.
  412. o Major bugfixes (client-side privacy, also in 0.2.6.9):
  413. - Properly separate out each SOCKSPort when applying stream
  414. isolation. The error occurred because each port's session group
  415. was being overwritten by a default value when the listener
  416. connection was initialized. Fixes bug 16247; bugfix on
  417. 0.2.6.3-alpha. Patch by "jojelino".
  418. o Major bugfixes (hidden service clients, stability, also in 0.2.6.10):
  419. - Stop refusing to store updated hidden service descriptors on a
  420. client. This reverts commit 9407040c59218 (which indeed fixed bug
  421. 14219, but introduced a major hidden service reachability
  422. regression detailed in bug 16381). This is a temporary fix since
  423. we can live with the minor issue in bug 14219 (it just results in
  424. some load on the network) but the regression of 16381 is too much
  425. of a setback. First-round fix for bug 16381; bugfix
  426. on 0.2.6.3-alpha.
  427. o Major bugfixes (hidden services):
  428. - When cannibalizing a circuit for an introduction point, always
  429. extend to the chosen exit node (creating a 4 hop circuit).
  430. Previously Tor would use the current circuit exit node, which
  431. changed the original choice of introduction point, and could cause
  432. the hidden service to skip excluded introduction points or
  433. reconnect to a skipped introduction point. Fixes bug 16260; bugfix
  434. on 0.1.0.1-rc.
  435. o Major bugfixes (open file limit):
  436. - The open file limit wasn't checked before calling
  437. tor_accept_socket_nonblocking(), which would make Tor exceed the
  438. limit. Now, before opening a new socket, Tor validates the open
  439. file limit just before, and if the max has been reached, return an
  440. error. Fixes bug 16288; bugfix on 0.1.1.1-alpha.
  441. o Major bugfixes (stability, also in 0.2.6.10):
  442. - Stop crashing with an assertion failure when parsing certain kinds
  443. of malformed or truncated microdescriptors. Fixes bug 16400;
  444. bugfix on 0.2.6.1-alpha. Found by "torkeln"; fix based on a patch
  445. by "cypherpunks_backup".
  446. - Stop random client-side assertion failures that could occur when
  447. connecting to a busy hidden service, or connecting to a hidden
  448. service while a NEWNYM is in progress. Fixes bug 16013; bugfix
  449. on 0.1.0.1-rc.
  450. o Minor features (directory authorities, security, also in 0.2.6.9):
  451. - The HSDir flag given by authorities now requires the Stable flag.
  452. For the current network, this results in going from 2887 to 2806
  453. HSDirs. Also, it makes it harder for an attacker to launch a sybil
  454. attack by raising the effort for a relay to become Stable to
  455. require at the very least 7 days, while maintaining the 96 hours
  456. uptime requirement for HSDir. Implements ticket 8243.
  457. o Minor features (client):
  458. - Relax the validation of hostnames in SOCKS5 requests, allowing the
  459. character '_' to appear, in order to cope with domains observed in
  460. the wild that are serving non-RFC compliant records. Resolves
  461. ticket 16430.
  462. - Relax the validation done to hostnames in SOCKS5 requests, and
  463. allow a single trailing '.' to cope with clients that pass FQDNs
  464. using that syntax to explicitly indicate that the domain name is
  465. fully-qualified. Fixes bug 16674; bugfix on 0.2.6.2-alpha.
  466. - Add GroupWritable and WorldWritable options to unix-socket based
  467. SocksPort and ControlPort options. These options apply to a single
  468. socket, and override {Control,Socks}SocketsGroupWritable. Closes
  469. ticket 15220.
  470. o Minor features (control protocol):
  471. - Support network-liveness GETINFO key and NETWORK_LIVENESS event in
  472. the control protocol. Resolves ticket 15358.
  473. o Minor features (directory authorities):
  474. - Directory authorities no longer vote against the "Fast", "Stable",
  475. and "HSDir" flags just because they were going to vote against
  476. "Running": if the consensus turns out to be that the router was
  477. running, then the authority's vote should count. Patch from Peter
  478. Retzlaff; closes issue 8712.
  479. o Minor features (geoip, also in 0.2.6.10):
  480. - Update geoip to the June 3 2015 Maxmind GeoLite2 Country database.
  481. - Update geoip6 to the June 3 2015 Maxmind GeoLite2 Country database.
  482. o Minor features (hidden services):
  483. - Add the new options "HiddenServiceMaxStreams" and
  484. "HiddenServiceMaxStreamsCloseCircuit" to allow hidden services to
  485. limit the maximum number of simultaneous streams per circuit, and
  486. optionally tear down the circuit when the limit is exceeded. Part
  487. of ticket 16052.
  488. o Minor features (portability):
  489. - Use C99 variadic macros when the compiler is not GCC. This avoids
  490. failing compilations on MSVC, and fixes a log-file-based race
  491. condition in our old workarounds. Original patch from Gisle Vanem.
  492. o Minor bugfixes (compilation, also in 0.2.6.9):
  493. - Build with --enable-systemd correctly when libsystemd is
  494. installed, but systemd is not. Fixes bug 16164; bugfix on
  495. 0.2.6.3-alpha. Patch from Peter Palfrader.
  496. o Minor bugfixes (controller):
  497. - Add the descriptor ID in each HS_DESC control event. It was
  498. missing, but specified in control-spec.txt. Fixes bug 15881;
  499. bugfix on 0.2.5.2-alpha.
  500. o Minor bugfixes (crypto error-handling, also in 0.2.6.10):
  501. - Check for failures from crypto_early_init, and refuse to continue.
  502. A previous typo meant that we could keep going with an
  503. uninitialized crypto library, and would have OpenSSL initialize
  504. its own PRNG. Fixes bug 16360; bugfix on 0.2.5.2-alpha, introduced
  505. when implementing ticket 4900. Patch by "teor".
  506. o Minor bugfixes (hidden services):
  507. - Fix a crash when reloading configuration while at least one
  508. configured and one ephemeral hidden service exists. Fixes bug
  509. 16060; bugfix on 0.2.7.1-alpha.
  510. - Avoid crashing with a double-free bug when we create an ephemeral
  511. hidden service but adding it fails for some reason. Fixes bug
  512. 16228; bugfix on 0.2.7.1-alpha.
  513. o Minor bugfixes (Linux seccomp2 sandbox):
  514. - Use the sandbox in tor_open_cloexec whether or not O_CLOEXEC is
  515. defined. Patch by "teor". Fixes bug 16515; bugfix on 0.2.3.1-alpha.
  516. o Minor bugfixes (Linux seccomp2 sandbox, also in 0.2.6.10):
  517. - Allow pipe() and pipe2() syscalls in the seccomp2 sandbox: we need
  518. these when eventfd2() support is missing. Fixes bug 16363; bugfix
  519. on 0.2.6.3-alpha. Patch from "teor".
  520. o Minor bugfixes (Linux seccomp2 sandbox, also in 0.2.6.9):
  521. - Fix sandboxing to work when running as a relay, by allowing the
  522. renaming of secret_id_key, and allowing the eventfd2 and futex
  523. syscalls. Fixes bug 16244; bugfix on 0.2.6.1-alpha. Patch by
  524. Peter Palfrader.
  525. - Allow systemd connections to work with the Linux seccomp2 sandbox
  526. code. Fixes bug 16212; bugfix on 0.2.6.2-alpha. Patch by
  527. Peter Palfrader.
  528. o Minor bugfixes (relay):
  529. - Fix a rarely-encountered memory leak when failing to initialize
  530. the thread pool. Fixes bug 16631; bugfix on 0.2.6.3-alpha. Patch
  531. from "cypherpunks".
  532. o Minor bugfixes (systemd):
  533. - Fix an accidental formatting error that broke the systemd
  534. configuration file. Fixes bug 16152; bugfix on 0.2.7.1-alpha.
  535. - Tor's systemd unit file no longer contains extraneous spaces.
  536. These spaces would sometimes confuse tools like deb-systemd-
  537. helper. Fixes bug 16162; bugfix on 0.2.5.5-alpha.
  538. o Minor bugfixes (tests):
  539. - Use the configured Python executable when running test-stem-full.
  540. Fixes bug 16470; bugfix on 0.2.7.1-alpha.
  541. o Minor bugfixes (tests, also in 0.2.6.9):
  542. - Fix a crash in the unit tests when built with MSVC2013. Fixes bug
  543. 16030; bugfix on 0.2.6.2-alpha. Patch from "NewEraCracker".
  544. o Minor bugfixes (threads, comments):
  545. - Always initialize return value in compute_desc_id in rendcommon.c
  546. Patch by "teor". Fixes part of bug 16115; bugfix on 0.2.7.1-alpha.
  547. - Check for NULL values in getinfo_helper_onions(). Patch by "teor".
  548. Fixes part of bug 16115; bugfix on 0.2.7.1-alpha.
  549. - Remove undefined directive-in-macro in test_util_writepid clang
  550. 3.7 complains that using a preprocessor directive inside a macro
  551. invocation in test_util_writepid in test_util.c is undefined.
  552. Patch by "teor". Fixes part of bug 16115; bugfix on 0.2.7.1-alpha.
  553. o Code simplification and refactoring:
  554. - Define WINVER and _WIN32_WINNT centrally, in orconfig.h, in order
  555. to ensure they remain consistent and visible everywhere.
  556. - Remove some vestigial workarounds for the MSVC6 compiler. We
  557. haven't supported that in ages.
  558. - The link authentication code has been refactored for better
  559. testability and reliability. It now uses code generated with the
  560. "trunnel" binary encoding generator, to reduce the risk of bugs
  561. due to programmer error. Done as part of ticket 12498.
  562. o Documentation:
  563. - Include a specific and (hopefully) accurate documentation of the
  564. torrc file's meta-format in doc/torrc_format.txt. This is mainly
  565. of interest to people writing programs to parse or generate torrc
  566. files. This document is not a commitment to long-term
  567. compatibility; some aspects of the current format are a bit
  568. ridiculous. Closes ticket 2325.
  569. o Removed features:
  570. - Tor no longer supports copies of OpenSSL that are missing support
  571. for Elliptic Curve Cryptography. (We began using ECC when
  572. available in 0.2.4.8-alpha, for more safe and efficient key
  573. negotiation.) In particular, support for at least one of P256 or
  574. P224 is now required, with manual configuration needed if only
  575. P224 is available. Resolves ticket 16140.
  576. - Tor no longer supports versions of OpenSSL before 1.0. (If you are
  577. on an operating system that has not upgraded to OpenSSL 1.0 or
  578. later, and you compile Tor from source, you will need to install a
  579. more recent OpenSSL to link Tor against.) These versions of
  580. OpenSSL are still supported by the OpenSSL, but the numerous
  581. cryptographic improvements in later OpenSSL releases makes them a
  582. clear choice. Resolves ticket 16034.
  583. - Remove the HidServDirectoryV2 option. Now all relays offer to
  584. store hidden service descriptors. Related to 16543.
  585. - Remove the VoteOnHidServDirectoriesV2 option, since all
  586. authorities have long set it to 1. Closes ticket 16543.
  587. o Testing:
  588. - Document use of coverity, clang static analyzer, and clang dynamic
  589. undefined behavior and address sanitizers in doc/HACKING. Include
  590. detailed usage instructions in the blacklist. Patch by "teor".
  591. Closes ticket 15817.
  592. - The link authentication protocol code now has extensive tests.
  593. - The relay descriptor signature testing code now has
  594. extensive tests.
  595. - The test_workqueue program now runs faster, and is enabled by
  596. default as a part of "make check".
  597. - Now that OpenSSL has its own scrypt implementation, add an unit
  598. test that checks for interoperability between libscrypt_scrypt()
  599. and OpenSSL's EVP_PBE_scrypt() so that we could not use libscrypt
  600. and rely on EVP_PBE_scrypt() whenever possible. Resolves
  601. ticket 16189.
  602. Changes in version 0.2.6.10 - 2015-07-12
  603. Tor version 0.2.6.10 fixes some significant stability and hidden
  604. service client bugs, bulletproofs the cryptography init process, and
  605. fixes a bug when using the sandbox code with some older versions of
  606. Linux. Everyone running an older version, especially an older version
  607. of 0.2.6, should upgrade.
  608. o Major bugfixes (hidden service clients, stability):
  609. - Stop refusing to store updated hidden service descriptors on a
  610. client. This reverts commit 9407040c59218 (which indeed fixed bug
  611. 14219, but introduced a major hidden service reachability
  612. regression detailed in bug 16381). This is a temporary fix since
  613. we can live with the minor issue in bug 14219 (it just results in
  614. some load on the network) but the regression of 16381 is too much
  615. of a setback. First-round fix for bug 16381; bugfix
  616. on 0.2.6.3-alpha.
  617. o Major bugfixes (stability):
  618. - Stop crashing with an assertion failure when parsing certain kinds
  619. of malformed or truncated microdescriptors. Fixes bug 16400;
  620. bugfix on 0.2.6.1-alpha. Found by "torkeln"; fix based on a patch
  621. by "cypherpunks_backup".
  622. - Stop random client-side assertion failures that could occur when
  623. connecting to a busy hidden service, or connecting to a hidden
  624. service while a NEWNYM is in progress. Fixes bug 16013; bugfix
  625. on 0.1.0.1-rc.
  626. o Minor features (geoip):
  627. - Update geoip to the June 3 2015 Maxmind GeoLite2 Country database.
  628. - Update geoip6 to the June 3 2015 Maxmind GeoLite2 Country database.
  629. o Minor bugfixes (crypto error-handling):
  630. - Check for failures from crypto_early_init, and refuse to continue.
  631. A previous typo meant that we could keep going with an
  632. uninitialized crypto library, and would have OpenSSL initialize
  633. its own PRNG. Fixes bug 16360; bugfix on 0.2.5.2-alpha, introduced
  634. when implementing ticket 4900. Patch by "teor".
  635. o Minor bugfixes (Linux seccomp2 sandbox):
  636. - Allow pipe() and pipe2() syscalls in the seccomp2 sandbox: we need
  637. these when eventfd2() support is missing. Fixes bug 16363; bugfix
  638. on 0.2.6.3-alpha. Patch from "teor".
  639. Changes in version 0.2.6.9 - 2015-06-11
  640. Tor 0.2.6.9 fixes a regression in the circuit isolation code, increases the
  641. requirements for receiving an HSDir flag, and addresses some other small
  642. bugs in the systemd and sandbox code. Clients using circuit isolation
  643. should upgrade; all directory authorities should upgrade.
  644. o Major bugfixes (client-side privacy):
  645. - Properly separate out each SOCKSPort when applying stream
  646. isolation. The error occurred because each port's session group was
  647. being overwritten by a default value when the listener connection
  648. was initialized. Fixes bug 16247; bugfix on 0.2.6.3-alpha. Patch
  649. by "jojelino".
  650. o Minor feature (directory authorities, security):
  651. - The HSDir flag given by authorities now requires the Stable flag.
  652. For the current network, this results in going from 2887 to 2806
  653. HSDirs. Also, it makes it harder for an attacker to launch a sybil
  654. attack by raising the effort for a relay to become Stable which
  655. takes at the very least 7 days to do so and by keeping the 96
  656. hours uptime requirement for HSDir. Implements ticket 8243.
  657. o Minor bugfixes (compilation):
  658. - Build with --enable-systemd correctly when libsystemd is
  659. installed, but systemd is not. Fixes bug 16164; bugfix on
  660. 0.2.6.3-alpha. Patch from Peter Palfrader.
  661. o Minor bugfixes (Linux seccomp2 sandbox):
  662. - Fix sandboxing to work when running as a relaymby renaming of
  663. secret_id_key, and allowing the eventfd2 and futex syscalls. Fixes
  664. bug 16244; bugfix on 0.2.6.1-alpha. Patch by Peter Palfrader.
  665. - Allow systemd connections to work with the Linux seccomp2 sandbox
  666. code. Fixes bug 16212; bugfix on 0.2.6.2-alpha. Patch by
  667. Peter Palfrader.
  668. o Minor bugfixes (tests):
  669. - Fix a crash in the unit tests when built with MSVC2013. Fixes bug
  670. 16030; bugfix on 0.2.6.2-alpha. Patch from "NewEraCracker".
  671. Changes in version 0.2.6.8 - 2015-05-21
  672. Tor 0.2.6.8 fixes a bit of dodgy code in parsing INTRODUCE2 cells, and
  673. fixes an authority-side bug in assigning the HSDir flag. All directory
  674. authorities should upgrade.
  675. o Major bugfixes (hidden services, backport from 0.2.7.1-alpha):
  676. - Revert commit that made directory authorities assign the HSDir
  677. flag to relay without a DirPort; this was bad because such relays
  678. can't handle BEGIN_DIR cells. Fixes bug 15850; bugfix
  679. on tor-0.2.6.3-alpha.
  680. o Minor bugfixes (hidden service, backport from 0.2.7.1-alpha):
  681. - Fix an out-of-bounds read when parsing invalid INTRODUCE2 cells on
  682. a client authorized hidden service. Fixes bug 15823; bugfix
  683. on 0.2.1.6-alpha.
  684. o Minor features (geoip):
  685. - Update geoip to the April 8 2015 Maxmind GeoLite2 Country database.
  686. - Update geoip6 to the April 8 2015 Maxmind GeoLite2
  687. Country database.
  688. Changes in version 0.2.7.1-alpha - 2015-05-12
  689. Tor 0.2.7.1-alpha is the first alpha release in its series. It
  690. includes numerous small features and bugfixes against previous Tor
  691. versions, and numerous small infrastructure improvements. The most
  692. notable features are several new ways for controllers to interact with
  693. the hidden services subsystem.
  694. o New system requirements:
  695. - Tor no longer includes workarounds to support Libevent versions
  696. before 1.3e. Libevent 2.0 or later is recommended. Closes
  697. ticket 15248.
  698. o Major features (controller):
  699. - Add the ADD_ONION and DEL_ONION commands that allow the creation
  700. and management of hidden services via the controller. Closes
  701. ticket 6411.
  702. - New "GETINFO onions/current" and "GETINFO onions/detached"
  703. commands to get information about hidden services created via the
  704. controller. Part of ticket 6411.
  705. - New HSFETCH command to launch a request for a hidden service
  706. descriptor. Closes ticket 14847.
  707. - New HSPOST command to upload a hidden service descriptor. Closes
  708. ticket 3523. Patch by "DonnchaC".
  709. o Major bugfixes (hidden services):
  710. - Revert commit that made directory authorities assign the HSDir
  711. flag to relay without a DirPort; this was bad because such relays
  712. can't handle BEGIN_DIR cells. Fixes bug 15850; bugfix
  713. on tor-0.2.6.3-alpha.
  714. o Minor features (clock-jump tolerance):
  715. - Recover better when our clock jumps back many hours, like might
  716. happen for Tails or Whonix users who start with a very wrong
  717. hardware clock, use Tor to discover a more accurate time, and then
  718. fix their clock. Resolves part of ticket 8766.
  719. o Minor features (command-line interface):
  720. - Make --hash-password imply --hush to prevent unnecessary noise.
  721. Closes ticket 15542. Patch from "cypherpunks".
  722. - Print a warning whenever we find a relative file path being used
  723. as torrc option. Resolves issue 14018.
  724. o Minor features (controller):
  725. - Add DirAuthority lines for default directory authorities to the
  726. output of the "GETINFO config/defaults" command if not already
  727. present. Implements ticket 14840.
  728. - Controllers can now use "GETINFO hs/client/desc/id/..." to
  729. retrieve items from the client's hidden service descriptor cache.
  730. Closes ticket 14845.
  731. - Implement a new controller command "GETINFO status/fresh-relay-
  732. descs" to fetch a descriptor/extrainfo pair that was generated on
  733. demand just for the controller's use. Implements ticket 14784.
  734. o Minor features (DoS-resistance):
  735. - Make it harder for attackers to overload hidden services with
  736. introductions, by blocking multiple introduction requests on the
  737. same circuit. Resolves ticket 15515.
  738. o Minor features (geoip):
  739. - Update geoip to the April 8 2015 Maxmind GeoLite2 Country database.
  740. - Update geoip6 to the April 8 2015 Maxmind GeoLite2
  741. Country database.
  742. o Minor features (HS popularity countermeasure):
  743. - To avoid leaking HS popularity, don't cycle the introduction point
  744. when we've handled a fixed number of INTRODUCE2 cells but instead
  745. cycle it when a random number of introductions is reached, thus
  746. making it more difficult for an attacker to find out the amount of
  747. clients that have used the introduction point for a specific HS.
  748. Closes ticket 15745.
  749. o Minor features (logging):
  750. - Include the Tor version in all LD_BUG log messages, since people
  751. tend to cut and paste those into the bugtracker. Implements
  752. ticket 15026.
  753. o Minor features (pluggable transports):
  754. - When launching managed pluggable transports on Linux systems,
  755. attempt to have the kernel deliver a SIGTERM on tor exit if the
  756. pluggable transport process is still running. Resolves
  757. ticket 15471.
  758. - When launching managed pluggable transports, setup a valid open
  759. stdin in the child process that can be used to detect if tor has
  760. terminated. The "TOR_PT_EXIT_ON_STDIN_CLOSE" environment variable
  761. can be used by implementations to detect this new behavior.
  762. Resolves ticket 15435.
  763. o Minor features (testing):
  764. - Add a test to verify that the compiler does not eliminate our
  765. memwipe() implementation. Closes ticket 15377.
  766. - Add make rule `check-changes` to verify the format of changes
  767. files. Closes ticket 15180.
  768. - Add unit tests for control_event_is_interesting(). Add a compile-
  769. time check that the number of events doesn't exceed the capacity
  770. of control_event_t.event_mask. Closes ticket 15431, checks for
  771. bugs similar to 13085. Patch by "teor".
  772. - Command-line argument tests moved to Stem. Resolves ticket 14806.
  773. - Integrate the ntor, backtrace, and zero-length keys tests into the
  774. automake test suite. Closes ticket 15344.
  775. - Remove assertions during builds to determine Tor's test coverage.
  776. We don't want to trigger these even in assertions, so including
  777. them artificially makes our branch coverage look worse than it is.
  778. This patch provides the new test-stem-full and coverage-html-full
  779. configure options. Implements ticket 15400.
  780. o Minor bugfixes (build):
  781. - Improve out-of-tree builds by making non-standard rules work and
  782. clean up additional files and directories. Fixes bug 15053; bugfix
  783. on 0.2.7.0-alpha.
  784. o Minor bugfixes (command-line interface):
  785. - When "--quiet" is provided along with "--validate-config", do not
  786. write anything to stdout on success. Fixes bug 14994; bugfix
  787. on 0.2.3.3-alpha.
  788. - When complaining about bad arguments to "--dump-config", use
  789. stderr, not stdout.
  790. o Minor bugfixes (configuration, unit tests):
  791. - Only add the default fallback directories when the DirAuthorities,
  792. AlternateDirAuthority, and FallbackDir directory config options
  793. are set to their defaults. The default fallback directory list is
  794. currently empty, this fix will only change tor's behavior when it
  795. has default fallback directories. Includes unit tests for
  796. consider_adding_dir_servers(). Fixes bug 15642; bugfix on
  797. 90f6071d8dc0 in 0.2.4.7-alpha. Patch by "teor".
  798. o Minor bugfixes (correctness):
  799. - For correctness, avoid modifying a constant string in
  800. handle_control_postdescriptor. Fixes bug 15546; bugfix
  801. on 0.1.1.16-rc.
  802. - Remove side-effects from tor_assert() calls. This was harmless,
  803. because we never disable assertions, but it is bad style and
  804. unnecessary. Fixes bug 15211; bugfix on 0.2.5.5, 0.2.2.36,
  805. and 0.2.0.10.
  806. o Minor bugfixes (hidden service):
  807. - Fix an out-of-bounds read when parsing invalid INTRODUCE2 cells on
  808. a client authorized hidden service. Fixes bug 15823; bugfix
  809. on 0.2.1.6-alpha.
  810. - Remove an extraneous newline character from the end of hidden
  811. service descriptors. Fixes bug 15296; bugfix on 0.2.0.10-alpha.
  812. o Minor bugfixes (interface):
  813. - Print usage information for --dump-config when it is used without
  814. an argument. Also, fix the error message to use different wording
  815. and add newline at the end. Fixes bug 15541; bugfix
  816. on 0.2.5.1-alpha.
  817. o Minor bugfixes (logs):
  818. - When building Tor under Clang, do not include an extra set of
  819. parentheses in log messages that include function names. Fixes bug
  820. 15269; bugfix on every released version of Tor when compiled with
  821. recent enough Clang.
  822. o Minor bugfixes (network):
  823. - When attempting to use fallback technique for network interface
  824. lookup, disregard loopback and multicast addresses since they are
  825. unsuitable for public communications.
  826. o Minor bugfixes (statistics):
  827. - Disregard the ConnDirectionStatistics torrc options when Tor is
  828. not a relay since in that mode of operation no sensible data is
  829. being collected and because Tor might run into measurement hiccups
  830. when running as a client for some time, then becoming a relay.
  831. Fixes bug 15604; bugfix on 0.2.2.35.
  832. o Minor bugfixes (test networks):
  833. - When self-testing reachability, use ExtendAllowPrivateAddresses to
  834. determine if local/private addresses imply reachability. The
  835. previous fix used TestingTorNetwork, which implies
  836. ExtendAllowPrivateAddresses, but this excluded rare configurations
  837. where ExtendAllowPrivateAddresses is set but TestingTorNetwork is
  838. not. Fixes bug 15771; bugfix on 0.2.6.1-alpha. Patch by "teor",
  839. issue discovered by CJ Ess.
  840. o Minor bugfixes (testing):
  841. - Check for matching value in server response in ntor_ref.py. Fixes
  842. bug 15591; bugfix on 0.2.4.8-alpha. Reported and fixed
  843. by "joelanders".
  844. - Set the severity correctly when testing
  845. get_interface_addresses_ifaddrs() and
  846. get_interface_addresses_win32(), so that the tests fail gracefully
  847. instead of triggering an assertion. Fixes bug 15759; bugfix on
  848. 0.2.6.3-alpha. Reported by Nicolas Derive.
  849. o Code simplification and refactoring:
  850. - Move the hacky fallback code out of get_interface_address6() into
  851. separate function and get it covered with unit-tests. Resolves
  852. ticket 14710.
  853. - Refactor hidden service client-side cache lookup to intelligently
  854. report its various failure cases, and disentangle failure cases
  855. involving a lack of introduction points. Closes ticket 14391.
  856. - Use our own Base64 encoder instead of OpenSSL's, to allow more
  857. control over the output. Part of ticket 15652.
  858. o Documentation:
  859. - Improve the descriptions of statistics-related torrc options in
  860. the manpage to describe rationale and possible uses cases. Fixes
  861. issue 15550.
  862. - Improve the layout and formatting of ./configure --help messages.
  863. Closes ticket 15024. Patch from "cypherpunks".
  864. - Standardize on the term "server descriptor" in the manual page.
  865. Previously, we had used "router descriptor", "server descriptor",
  866. and "relay descriptor" interchangeably. Part of ticket 14987.
  867. o Removed code:
  868. - Remove `USE_OPENSSL_BASE64` and the corresponding fallback code
  869. and always use the internal Base64 decoder. The internal decoder
  870. has been part of tor since tor-0.2.0.10-alpha, and no one should
  871. be using the OpenSSL one. Part of ticket 15652.
  872. - Remove the 'tor_strclear()' function; use memwipe() instead.
  873. Closes ticket 14922.
  874. o Removed features:
  875. - Remove the (seldom-used) DynamicDHGroups feature. For anti-
  876. fingerprinting we now recommend pluggable transports; for forward-
  877. secrecy in TLS, we now use the P-256 group. Closes ticket 13736.
  878. - Remove the undocumented "--digests" command-line option. It
  879. complicated our build process, caused subtle build issues on
  880. multiple platforms, and is now redundant since we started
  881. including git version identifiers. Closes ticket 14742.
  882. - Tor no longer contains checks for ancient directory cache versions
  883. that didn't know about microdescriptors.
  884. - Tor no longer contains workarounds for stat files generated by
  885. super-old versions of Tor that didn't choose guards sensibly.
  886. Changes in version 0.2.4.27 - 2015-04-06
  887. Tor 0.2.4.27 backports two fixes from 0.2.6.7 for security issues that
  888. could be used by an attacker to crash hidden services, or crash clients
  889. visiting hidden services. Hidden services should upgrade as soon as
  890. possible; clients should upgrade whenever packages become available.
  891. This release also backports a simple improvement to make hidden
  892. services a bit less vulnerable to denial-of-service attacks.
  893. o Major bugfixes (security, hidden service):
  894. - Fix an issue that would allow a malicious client to trigger an
  895. assertion failure and halt a hidden service. Fixes bug 15600;
  896. bugfix on 0.2.1.6-alpha. Reported by "disgleirio".
  897. - Fix a bug that could cause a client to crash with an assertion
  898. failure when parsing a malformed hidden service descriptor. Fixes
  899. bug 15601; bugfix on 0.2.1.5-alpha. Found by "DonnchaC".
  900. o Minor features (DoS-resistance, hidden service):
  901. - Introduction points no longer allow multiple INTRODUCE1 cells to
  902. arrive on the same circuit. This should make it more expensive for
  903. attackers to overwhelm hidden services with introductions.
  904. Resolves ticket 15515.
  905. Changes in version 0.2.6.7 - 2015-04-06
  906. Tor 0.2.6.7 fixes two security issues that could be used by an
  907. attacker to crash hidden services, or crash clients visiting hidden
  908. services. Hidden services should upgrade as soon as possible; clients
  909. should upgrade whenever packages become available.
  910. This release also contains two simple improvements to make hidden
  911. services a bit less vulnerable to denial-of-service attacks.
  912. o Major bugfixes (security, hidden service):
  913. - Fix an issue that would allow a malicious client to trigger an
  914. assertion failure and halt a hidden service. Fixes bug 15600;
  915. bugfix on 0.2.1.6-alpha. Reported by "disgleirio".
  916. - Fix a bug that could cause a client to crash with an assertion
  917. failure when parsing a malformed hidden service descriptor. Fixes
  918. bug 15601; bugfix on 0.2.1.5-alpha. Found by "DonnchaC".
  919. o Minor features (DoS-resistance, hidden service):
  920. - Introduction points no longer allow multiple INTRODUCE1 cells to
  921. arrive on the same circuit. This should make it more expensive for
  922. attackers to overwhelm hidden services with introductions.
  923. Resolves ticket 15515.
  924. - Decrease the amount of reattempts that a hidden service performs
  925. when its rendezvous circuits fail. This reduces the computational
  926. cost for running a hidden service under heavy load. Resolves
  927. ticket 11447.
  928. Changes in version 0.2.6.6 - 2015-03-24
  929. Tor 0.2.6.6 is the first stable release in the 0.2.6 series.
  930. It adds numerous safety, security, correctness, and performance
  931. improvements. Client programs can be configured to use more kinds of
  932. sockets, AutomapHosts works better, the multithreading backend is
  933. improved, cell transmission is refactored, test coverage is much
  934. higher, more denial-of-service attacks are handled, guard selection is
  935. improved to handle long-term guards better, pluggable transports
  936. should work a bit better, and some annoying hidden service performance
  937. bugs should be addressed.
  938. o Minor bugfixes (portability):
  939. - Use the correct datatype in the SipHash-2-4 function to prevent
  940. compilers from assuming any sort of alignment. Fixes bug 15436;
  941. bugfix on 0.2.5.3-alpha.
  942. Changes in version 0.2.6.5-rc - 2015-03-18
  943. Tor 0.2.6.5-rc is the second and (hopefully) last release candidate in
  944. the 0.2.6. It fixes a small number of bugs found in 0.2.6.4-rc.
  945. o Major bugfixes (client):
  946. - Avoid crashing when making certain configuration option changes on
  947. clients. Fixes bug 15245; bugfix on 0.2.6.3-alpha. Reported
  948. by "anonym".
  949. o Major bugfixes (pluggable transports):
  950. - Initialize the extended OR Port authentication cookie before
  951. launching pluggable transports. This prevents a race condition
  952. that occured when server-side pluggable transports would cache the
  953. authentication cookie before it has been (re)generated. Fixes bug
  954. 15240; bugfix on 0.2.5.1-alpha.
  955. o Major bugfixes (portability):
  956. - Do not crash on startup when running on Solaris. Fixes a bug
  957. related to our fix for 9495; bugfix on 0.2.6.1-alpha. Reported
  958. by "ruebezahl".
  959. o Minor features (heartbeat):
  960. - On relays, report how many connections we negotiated using each
  961. version of the Tor link protocols. This information will let us
  962. know if removing support for very old versions of the Tor
  963. protocols is harming the network. Closes ticket 15212.
  964. o Code simplification and refactoring:
  965. - Refactor main loop to extract the 'loop' part. This makes it
  966. easier to run Tor under Shadow. Closes ticket 15176.
  967. Changes in version 0.2.5.11 - 2015-03-17
  968. Tor 0.2.5.11 is the second stable release in the 0.2.5 series.
  969. It backports several bugfixes from the 0.2.6 branch, including a
  970. couple of medium-level security fixes for relays and exit nodes.
  971. It also updates the list of directory authorities.
  972. o Directory authority changes:
  973. - Remove turtles as a directory authority.
  974. - Add longclaw as a new (v3) directory authority. This implements
  975. ticket 13296. This keeps the directory authority count at 9.
  976. - The directory authority Faravahar has a new IP address. This
  977. closes ticket 14487.
  978. o Major bugfixes (crash, OSX, security):
  979. - Fix a remote denial-of-service opportunity caused by a bug in
  980. OSX's _strlcat_chk() function. Fixes bug 15205; bug first appeared
  981. in OSX 10.9.
  982. o Major bugfixes (relay, stability, possible security):
  983. - Fix a bug that could lead to a relay crashing with an assertion
  984. failure if a buffer of exactly the wrong layout was passed to
  985. buf_pullup() at exactly the wrong time. Fixes bug 15083; bugfix on
  986. 0.2.0.10-alpha. Patch from 'cypherpunks'.
  987. - Do not assert if the 'data' pointer on a buffer is advanced to the
  988. very end of the buffer; log a BUG message instead. Only assert if
  989. it is past that point. Fixes bug 15083; bugfix on 0.2.0.10-alpha.
  990. o Major bugfixes (exit node stability):
  991. - Fix an assertion failure that could occur under high DNS load.
  992. Fixes bug 14129; bugfix on Tor 0.0.7rc1. Found by "jowr";
  993. diagnosed and fixed by "cypherpunks".
  994. o Major bugfixes (Linux seccomp2 sandbox):
  995. - Upon receiving sighup with the seccomp2 sandbox enabled, do not
  996. crash during attempts to call wait4. Fixes bug 15088; bugfix on
  997. 0.2.5.1-alpha. Patch from "sanic".
  998. o Minor features (controller):
  999. - New "GETINFO bw-event-cache" to get information about recent
  1000. bandwidth events. Closes ticket 14128. Useful for controllers to
  1001. get recent bandwidth history after the fix for ticket 13988.
  1002. o Minor features (geoip):
  1003. - Update geoip to the March 3 2015 Maxmind GeoLite2 Country database.
  1004. - Update geoip6 to the March 3 2015 Maxmind GeoLite2
  1005. Country database.
  1006. o Minor bugfixes (client, automapping):
  1007. - Avoid crashing on torrc lines for VirtualAddrNetworkIPv[4|6] when
  1008. no value follows the option. Fixes bug 14142; bugfix on
  1009. 0.2.4.7-alpha. Patch by "teor".
  1010. - Fix a memory leak when using AutomapHostsOnResolve. Fixes bug
  1011. 14195; bugfix on 0.1.0.1-rc.
  1012. o Minor bugfixes (compilation):
  1013. - Build without warnings with the stock OpenSSL srtp.h header, which
  1014. has a duplicate declaration of SSL_get_selected_srtp_profile().
  1015. Fixes bug 14220; this is OpenSSL's bug, not ours.
  1016. o Minor bugfixes (directory authority):
  1017. - Allow directory authorities to fetch more data from one another if
  1018. they find themselves missing lots of votes. Previously, they had
  1019. been bumping against the 10 MB queued data limit. Fixes bug 14261;
  1020. bugfix on 0.1.2.5-alpha.
  1021. - Enlarge the buffer to read bwauth generated files to avoid an
  1022. issue when parsing the file in dirserv_read_measured_bandwidths().
  1023. Fixes bug 14125; bugfix on 0.2.2.1-alpha.
  1024. o Minor bugfixes (statistics):
  1025. - Increase period over which bandwidth observations are aggregated
  1026. from 15 minutes to 4 hours. Fixes bug 13988; bugfix on 0.0.8pre1.
  1027. o Minor bugfixes (preventative security, C safety):
  1028. - When reading a hexadecimal, base-32, or base-64 encoded value from
  1029. a string, always overwrite the whole output buffer. This prevents
  1030. some bugs where we would look at (but fortunately, not reveal)
  1031. uninitialized memory on the stack. Fixes bug 14013; bugfix on all
  1032. versions of Tor.
  1033. Changes in version 0.2.4.26 - 2015-03-17
  1034. Tor 0.2.4.26 includes an updated list of directory authorities. It
  1035. also backports a couple of stability and security bugfixes from 0.2.5
  1036. and beyond.
  1037. o Directory authority changes:
  1038. - Remove turtles as a directory authority.
  1039. - Add longclaw as a new (v3) directory authority. This implements
  1040. ticket 13296. This keeps the directory authority count at 9.
  1041. - The directory authority Faravahar has a new IP address. This
  1042. closes ticket 14487.
  1043. o Major bugfixes (exit node stability, also in 0.2.6.3-alpha):
  1044. - Fix an assertion failure that could occur under high DNS load.
  1045. Fixes bug 14129; bugfix on Tor 0.0.7rc1. Found by "jowr";
  1046. diagnosed and fixed by "cypherpunks".
  1047. o Major bugfixes (relay, stability, possible security, also in 0.2.6.4-rc):
  1048. - Fix a bug that could lead to a relay crashing with an assertion
  1049. failure if a buffer of exactly the wrong layout was passed to
  1050. buf_pullup() at exactly the wrong time. Fixes bug 15083; bugfix on
  1051. 0.2.0.10-alpha. Patch from 'cypherpunks'.
  1052. - Do not assert if the 'data' pointer on a buffer is advanced to the
  1053. very end of the buffer; log a BUG message instead. Only assert if
  1054. it is past that point. Fixes bug 15083; bugfix on 0.2.0.10-alpha.
  1055. o Minor features (geoip):
  1056. - Update geoip to the March 3 2015 Maxmind GeoLite2 Country database.
  1057. - Update geoip6 to the March 3 2015 Maxmind GeoLite2
  1058. Country database.
  1059. Changes in version 0.2.6.4-rc - 2015-03-09
  1060. Tor 0.2.6.4-alpha fixes an issue in the directory code that an
  1061. attacker might be able to use in order to crash certain Tor
  1062. directories. It also resolves some minor issues left over from, or
  1063. introduced in, Tor 0.2.6.3-alpha or earlier.
  1064. o Major bugfixes (crash, OSX, security):
  1065. - Fix a remote denial-of-service opportunity caused by a bug in
  1066. OSX's _strlcat_chk() function. Fixes bug 15205; bug first appeared
  1067. in OSX 10.9.
  1068. o Major bugfixes (relay, stability, possible security):
  1069. - Fix a bug that could lead to a relay crashing with an assertion
  1070. failure if a buffer of exactly the wrong layout is passed to
  1071. buf_pullup() at exactly the wrong time. Fixes bug 15083; bugfix on
  1072. 0.2.0.10-alpha. Patch from "cypherpunks".
  1073. - Do not assert if the 'data' pointer on a buffer is advanced to the
  1074. very end of the buffer; log a BUG message instead. Only assert if
  1075. it is past that point. Fixes bug 15083; bugfix on 0.2.0.10-alpha.
  1076. o Major bugfixes (FreeBSD IPFW transparent proxy):
  1077. - Fix address detection with FreeBSD transparent proxies, when
  1078. "TransProxyType ipfw" is in use. Fixes bug 15064; bugfix
  1079. on 0.2.5.4-alpha.
  1080. o Major bugfixes (Linux seccomp2 sandbox):
  1081. - Pass IPPROTO_TCP rather than 0 to socket(), so that the Linux
  1082. seccomp2 sandbox doesn't fail. Fixes bug 14989; bugfix
  1083. on 0.2.6.3-alpha.
  1084. - Allow AF_UNIX hidden services to be used with the seccomp2
  1085. sandbox. Fixes bug 15003; bugfix on 0.2.6.3-alpha.
  1086. - Upon receiving sighup with the seccomp2 sandbox enabled, do not
  1087. crash during attempts to call wait4. Fixes bug 15088; bugfix on
  1088. 0.2.5.1-alpha. Patch from "sanic".
  1089. o Minor features (controller):
  1090. - Messages about problems in the bootstrap process now include
  1091. information about the server we were trying to connect to when we
  1092. noticed the problem. Closes ticket 15006.
  1093. o Minor features (geoip):
  1094. - Update geoip to the March 3 2015 Maxmind GeoLite2 Country database.
  1095. - Update geoip6 to the March 3 2015 Maxmind GeoLite2
  1096. Country database.
  1097. o Minor features (logs):
  1098. - Quiet some log messages in the heartbeat and at startup. Closes
  1099. ticket 14950.
  1100. o Minor bugfixes (certificate handling):
  1101. - If an authority operator accidentally makes a signing certificate
  1102. with a future publication time, do not discard its real signing
  1103. certificates. Fixes bug 11457; bugfix on 0.2.0.3-alpha.
  1104. - Remove any old authority certificates that have been superseded
  1105. for at least two days. Previously, we would keep superseded
  1106. certificates until they expired, if they were published close in
  1107. time to the certificate that superseded them. Fixes bug 11454;
  1108. bugfix on 0.2.1.8-alpha.
  1109. o Minor bugfixes (compilation):
  1110. - Fix a compilation warning on s390. Fixes bug 14988; bugfix
  1111. on 0.2.5.2-alpha.
  1112. - Fix a compilation warning on FreeBSD. Fixes bug 15151; bugfix
  1113. on 0.2.6.2-alpha.
  1114. o Minor bugfixes (testing):
  1115. - Fix endianness issues in unit test for resolve_my_address() to
  1116. have it pass on big endian systems. Fixes bug 14980; bugfix on
  1117. Tor 0.2.6.3-alpha.
  1118. - Avoid a side-effect in a tor_assert() in the unit tests. Fixes bug
  1119. 15188; bugfix on 0.1.2.3-alpha. Patch from Tom van der Woerdt.
  1120. - When running the new 'make test-stem' target, use the configured
  1121. python binary. Fixes bug 15037; bugfix on 0.2.6.3-alpha. Patch
  1122. from "cypherpunks".
  1123. - When running the zero-length-keys tests, do not use the default
  1124. torrc file. Fixes bug 15033; bugfix on 0.2.6.3-alpha. Reported
  1125. by "reezer".
  1126. o Directory authority IP change:
  1127. - The directory authority Faravahar has a new IP address. This
  1128. closes ticket 14487.
  1129. o Removed code:
  1130. - Remove some lingering dead code that once supported mempools.
  1131. Mempools were disabled by default in 0.2.5, and removed entirely
  1132. in 0.2.6.3-alpha. Closes more of ticket 14848; patch
  1133. by "cypherpunks".
  1134. Changes in version 0.2.6.3-alpha - 2015-02-19
  1135. Tor 0.2.6.3-alpha is the third (and hopefully final) alpha release in
  1136. the 0.2.6.x series. It introduces support for more kinds of sockets,
  1137. makes it harder to accidentally run an exit, improves our
  1138. multithreading backend, incorporates several fixes for the
  1139. AutomapHostsOnResolve option, and fixes numerous other bugs besides.
  1140. If no major regressions or security holes are found in this version,
  1141. the next version will be a release candidate.
  1142. o Deprecated versions:
  1143. - Tor relays older than 0.2.4.18-rc are no longer allowed to
  1144. advertise themselves on the network. Closes ticket 13555.
  1145. o Major features (security, unix domain sockets):
  1146. - Allow SocksPort to be an AF_UNIX Unix Domain Socket. Now high risk
  1147. applications can reach Tor without having to create AF_INET or
  1148. AF_INET6 sockets, meaning they can completely disable their
  1149. ability to make non-Tor network connections. To create a socket of
  1150. this type, use "SocksPort unix:/path/to/socket". Implements
  1151. ticket 12585.
  1152. - Support mapping hidden service virtual ports to AF_UNIX sockets.
  1153. The syntax is "HiddenServicePort 80 unix:/path/to/socket".
  1154. Implements ticket 11485.
  1155. o Major features (changed defaults):
  1156. - Prevent relay operators from unintentionally running exits: When a
  1157. relay is configured as an exit node, we now warn the user unless
  1158. the "ExitRelay" option is set to 1. We warn even more loudly if
  1159. the relay is configured with the default exit policy, since this
  1160. can indicate accidental misconfiguration. Setting "ExitRelay 0"
  1161. stops Tor from running as an exit relay. Closes ticket 10067.
  1162. o Major features (directory system):
  1163. - When downloading server- or microdescriptors from a directory
  1164. server, we no longer launch multiple simultaneous requests to the
  1165. same server. This reduces load on the directory servers,
  1166. especially when directory guards are in use. Closes ticket 9969.
  1167. - When downloading server- or microdescriptors over a tunneled
  1168. connection, do not limit the length of our requests to what the
  1169. Squid proxy is willing to handle. Part of ticket 9969.
  1170. - Authorities can now vote on the correct digests and latest
  1171. versions for different software packages. This allows packages
  1172. that include Tor to use the Tor authority system as a way to get
  1173. notified of updates and their correct digests. Implements proposal
  1174. 227. Closes ticket 10395.
  1175. o Major features (guards):
  1176. - Introduce the Guardfraction feature to improves load balancing on
  1177. guard nodes. Specifically, it aims to reduce the traffic gap that
  1178. guard nodes experience when they first get the Guard flag. This is
  1179. a required step if we want to increase the guard lifetime to 9
  1180. months or greater. Closes ticket 9321.
  1181. o Major features (performance):
  1182. - Make the CPU worker implementation more efficient by avoiding the
  1183. kernel and lengthening pipelines. The original implementation used
  1184. sockets to transfer data from the main thread to the workers, and
  1185. didn't allow any thread to be assigned more than a single piece of
  1186. work at once. The new implementation avoids communications
  1187. overhead by making requests in shared memory, avoiding kernel IO
  1188. where possible, and keeping more requests in flight at once.
  1189. Implements ticket 9682.
  1190. o Major features (relay):
  1191. - Raise the minimum acceptable configured bandwidth rate for bridges
  1192. to 50 KiB/sec and for relays to 75 KiB/sec. (The old values were
  1193. 20 KiB/sec.) Closes ticket 13822.
  1194. o Major bugfixes (exit node stability):
  1195. - Fix an assertion failure that could occur under high DNS load.
  1196. Fixes bug 14129; bugfix on Tor 0.0.7rc1. Found by "jowr";
  1197. diagnosed and fixed by "cypherpunks".
  1198. o Major bugfixes (mixed relay-client operation):
  1199. - When running as a relay and client at the same time (not
  1200. recommended), if we decide not to use a new guard because we want
  1201. to retry older guards, only close the locally-originating circuits
  1202. passing through that guard. Previously we would close all the
  1203. circuits through that guard. Fixes bug 9819; bugfix on
  1204. 0.2.1.1-alpha. Reported by "skruffy".
  1205. o Minor features (build):
  1206. - New --disable-system-torrc compile-time option to prevent Tor from
  1207. looking for the system-wide torrc or torrc-defaults files.
  1208. Resolves ticket 13037.
  1209. o Minor features (controller):
  1210. - Include SOCKS_USERNAME and SOCKS_PASSWORD values in controller
  1211. events so controllers can observe circuit isolation inputs. Closes
  1212. ticket 8405.
  1213. - ControlPort now supports the unix:/path/to/socket syntax as an
  1214. alternative to the ControlSocket option, for consistency with
  1215. SocksPort and HiddenServicePort. Closes ticket 14451.
  1216. - New "GETINFO bw-event-cache" to get information about recent
  1217. bandwidth events. Closes ticket 14128. Useful for controllers to
  1218. get recent bandwidth history after the fix for ticket 13988.
  1219. o Minor features (Denial of service resistance):
  1220. - Count the total number of bytes used storing hidden service
  1221. descriptors against the value of MaxMemInQueues. If we're low on
  1222. memory, and more than 20% of our memory is used holding hidden
  1223. service descriptors, free them until no more than 10% of our
  1224. memory holds hidden service descriptors. Free the least recently
  1225. fetched descriptors first. Resolves ticket 13806.
  1226. - When we have recently been under memory pressure (over 3/4 of
  1227. MaxMemInQueues is allocated), then allocate smaller zlib objects
  1228. for small requests. Closes ticket 11791.
  1229. o Minor features (geoip):
  1230. - Update geoip and geoip6 files to the January 7 2015 Maxmind
  1231. GeoLite2 Country database.
  1232. o Minor features (guard nodes):
  1233. - Reduce the time delay before saving guard status to disk from 10
  1234. minutes to 30 seconds (or from one hour to 10 minutes if
  1235. AvoidDiskWrites is set). Closes ticket 12485.
  1236. o Minor features (hidden service):
  1237. - Make Sybil attacks against hidden services harder by changing the
  1238. minimum time required to get the HSDir flag from 25 hours up to 96
  1239. hours. Addresses ticket 14149.
  1240. - New option "HiddenServiceAllowUnknownPorts" to allow hidden
  1241. services to disable the anti-scanning feature introduced in
  1242. 0.2.6.2-alpha. With this option not set, a connection to an
  1243. unlisted port closes the circuit. With this option set, only a
  1244. RELAY_DONE cell is sent. Closes ticket 14084.
  1245. o Minor features (interface):
  1246. - Implement "-f -" command-line option to read torrc configuration
  1247. from standard input, if you don't want to store the torrc file in
  1248. the file system. Implements feature 13865.
  1249. o Minor features (logging):
  1250. - Add a count of unique clients to the bridge heartbeat message.
  1251. Resolves ticket 6852.
  1252. - Suppress "router info incompatible with extra info" message when
  1253. reading extrainfo documents from cache. (This message got loud
  1254. around when we closed bug 9812 in 0.2.6.2-alpha.) Closes
  1255. ticket 13762.
  1256. - Elevate hidden service authorized-client message from DEBUG to
  1257. INFO. Closes ticket 14015.
  1258. o Minor features (stability):
  1259. - Add assertions in our hash-table iteration code to check for
  1260. corrupted values that could cause infinite loops. Closes
  1261. ticket 11737.
  1262. o Minor features (systemd):
  1263. - Various improvements and modernizations in systemd hardening
  1264. support. Closes ticket 13805. Patch from Craig Andrews.
  1265. o Minor features (testing networks):
  1266. - Drop the minimum RendPostPeriod on a testing network to 5 seconds,
  1267. and the default on a testing network to 2 minutes. Drop the
  1268. MIN_REND_INITIAL_POST_DELAY on a testing network to 5 seconds, but
  1269. keep the default on a testing network at 30 seconds. This reduces
  1270. HS bootstrap time to around 25 seconds. Also, change the default
  1271. time in test-network.sh to match. Closes ticket 13401. Patch
  1272. by "teor".
  1273. - Create TestingDirAuthVoteHSDir to correspond to
  1274. TestingDirAuthVoteExit/Guard. Ensures that authorities vote the
  1275. HSDir flag for the listed relays regardless of uptime or ORPort
  1276. connectivity. Respects the value of VoteOnHidServDirectoriesV2.
  1277. Partial implementation for ticket 14067. Patch by "teor".
  1278. o Minor features (tor2web mode):
  1279. - Introduce the config option Tor2webRendezvousPoints, which allows
  1280. clients in Tor2webMode to select a specific Rendezvous Point to be
  1281. used in HS circuits. This might allow better performance for
  1282. Tor2Web nodes. Implements ticket 12844.
  1283. o Minor bugfixes (client DNS):
  1284. - Report the correct cached DNS expiration times on SOCKS port or in
  1285. DNS replies. Previously, we would report everything as "never
  1286. expires." Fixes bug 14193; bugfix on 0.2.3.17-beta.
  1287. - Avoid a small memory leak when we find a cached answer for a
  1288. reverse DNS lookup in a client-side DNS cache. (Remember, client-
  1289. side DNS caching is off by default, and is not recommended.) Fixes
  1290. bug 14259; bugfix on 0.2.0.1-alpha.
  1291. o Minor bugfixes (client, automapping):
  1292. - Avoid crashing on torrc lines for VirtualAddrNetworkIPv[4|6] when
  1293. no value follows the option. Fixes bug 14142; bugfix on
  1294. 0.2.4.7-alpha. Patch by "teor".
  1295. - Fix a memory leak when using AutomapHostsOnResolve. Fixes bug
  1296. 14195; bugfix on 0.1.0.1-rc.
  1297. - Prevent changes to other options from removing the wildcard value
  1298. "." from "AutomapHostsSuffixes". Fixes bug 12509; bugfix
  1299. on 0.2.0.1-alpha.
  1300. - Allow MapAddress and AutomapHostsOnResolve to work together when
  1301. an address is mapped into another address type (like .onion) that
  1302. must be automapped at resolve time. Fixes bug 7555; bugfix
  1303. on 0.2.0.1-alpha.
  1304. o Minor bugfixes (client, bridges):
  1305. - When we are using bridges and we had a network connectivity
  1306. problem, only retry connecting to our currently configured
  1307. bridges, not all bridges we know about and remember using. Fixes
  1308. bug 14216; bugfix on 0.2.2.17-alpha.
  1309. o Minor bugfixes (client, IPv6):
  1310. - Reject socks requests to literal IPv6 addresses when IPv6Traffic
  1311. flag is not set; and not because the NoIPv4Traffic flag was set.
  1312. Previously we'd looked at the NoIPv4Traffic flag for both types of
  1313. literal addresses. Fixes bug 14280; bugfix on 0.2.4.7-alpha.
  1314. o Minor bugfixes (compilation):
  1315. - The address of an array in the middle of a structure will always
  1316. be non-NULL. clang recognises this and complains. Disable the
  1317. tautologous and redundant check to silence this warning. Fixes bug
  1318. 14001; bugfix on 0.2.1.2-alpha.
  1319. - Avoid warnings when building with systemd 209 or later. Fixes bug
  1320. 14072; bugfix on 0.2.6.2-alpha. Patch from "h.venev".
  1321. - Compile correctly with (unreleased) OpenSSL 1.1.0 headers.
  1322. Addresses ticket 14188.
  1323. - Build without warnings with the stock OpenSSL srtp.h header, which
  1324. has a duplicate declaration of SSL_get_selected_srtp_profile().
  1325. Fixes bug 14220; this is OpenSSL's bug, not ours.
  1326. - Do not compile any code related to Tor2Web mode when Tor2Web mode
  1327. is not enabled at compile time. Previously, this code was included
  1328. in a disabled state. See discussion on ticket 12844.
  1329. - Remove the --disable-threads configure option again. It was
  1330. accidentally partially reintroduced in 29ac883606d6d. Fixes bug
  1331. 14819; bugfix on 0.2.6.2-alpha.
  1332. o Minor bugfixes (controller):
  1333. - Report "down" in response to the "GETINFO entry-guards" command
  1334. when relays are down with an unreachable_since value. Previously,
  1335. we would report "up". Fixes bug 14184; bugfix on 0.1.2.2-alpha.
  1336. - Avoid crashing on a malformed EXTENDCIRCUIT command. Fixes bug
  1337. 14116; bugfix on 0.2.2.9-alpha.
  1338. - Add a code for the END_CIRC_REASON_IP_NOW_REDUNDANT circuit close
  1339. reason. Fixes bug 14207; bugfix on 0.2.6.2-alpha.
  1340. o Minor bugfixes (directory authority):
  1341. - Allow directory authorities to fetch more data from one another if
  1342. they find themselves missing lots of votes. Previously, they had
  1343. been bumping against the 10 MB queued data limit. Fixes bug 14261;
  1344. bugfix on 0.1.2.5-alpha.
  1345. - Do not attempt to download extrainfo documents which we will be
  1346. unable to validate with a matching server descriptor. Fixes bug
  1347. 13762; bugfix on 0.2.0.1-alpha.
  1348. - Fix a bug that was truncating AUTHDIR_NEWDESC events sent to the
  1349. control port. Fixes bug 14953; bugfix on 0.2.0.1-alpha.
  1350. - Enlarge the buffer to read bwauth generated files to avoid an
  1351. issue when parsing the file in dirserv_read_measured_bandwidths().
  1352. Fixes bug 14125; bugfix on 0.2.2.1-alpha.
  1353. o Minor bugfixes (file handling):
  1354. - Stop failing when key files are zero-length. Instead, generate new
  1355. keys, and overwrite the empty key files. Fixes bug 13111; bugfix
  1356. on all versions of Tor. Patch by "teor".
  1357. - Stop generating a fresh .old RSA onion key file when the .old file
  1358. is missing. Fixes part of 13111; bugfix on 0.0.6rc1.
  1359. - Avoid overwriting .old key files with empty key files.
  1360. - Skip loading zero-length extrainfo store, router store, stats,
  1361. state, and key files.
  1362. - Avoid crashing when trying to reload a torrc specified as a
  1363. relative path with RunAsDaemon turned on. Fixes bug 13397; bugfix
  1364. on 0.2.3.11-alpha.
  1365. o Minor bugfixes (hidden services):
  1366. - Close the introduction circuit when we have no more usable intro
  1367. points, instead of waiting for it to time out. This also ensures
  1368. that no follow-up HS descriptor fetch is triggered when the
  1369. circuit eventually times out. Fixes bug 14224; bugfix on 0.0.6.
  1370. - When fetching a hidden service descriptor for a down service that
  1371. was recently up, do not keep refetching until we try the same
  1372. replica twice in a row. Fixes bug 14219; bugfix on 0.2.0.10-alpha.
  1373. - Successfully launch Tor with a nonexistent hidden service
  1374. directory. Our fix for bug 13942 didn't catch this case. Fixes bug
  1375. 14106; bugfix on 0.2.6.2-alpha.
  1376. o Minor bugfixes (logging):
  1377. - Avoid crashing when there are more log domains than entries in
  1378. domain_list. Bugfix on 0.2.3.1-alpha.
  1379. - Add a string representation for LD_SCHED. Fixes bug 14740; bugfix
  1380. on 0.2.6.1-alpha.
  1381. - Don't log messages to stdout twice when starting up. Fixes bug
  1382. 13993; bugfix on 0.2.6.1-alpha.
  1383. o Minor bugfixes (parsing):
  1384. - Stop accepting milliseconds (or other junk) at the end of
  1385. descriptor publication times. Fixes bug 9286; bugfix on 0.0.2pre25.
  1386. - Support two-number and three-number version numbers correctly, in
  1387. case we change the Tor versioning system in the future. Fixes bug
  1388. 13661; bugfix on 0.0.8pre1.
  1389. o Minor bugfixes (path counting):
  1390. - When deciding whether the consensus lists any exit nodes, count
  1391. the number listed in the consensus, not the number we have
  1392. descriptors for. Fixes part of bug 14918; bugfix on 0.2.6.2-alpha.
  1393. - When deciding whether we have any exit nodes, only examine
  1394. ExitNodes when the ExitNodes option is actually set. Fixes part of
  1395. bug 14918; bugfix on 0.2.6.2-alpha.
  1396. - Get rid of redundant and possibly scary warnings that we are
  1397. missing directory information while we bootstrap. Fixes part of
  1398. bug 14918; bugfix on 0.2.6.2-alpha.
  1399. o Minor bugfixes (portability):
  1400. - Fix the ioctl()-based network interface lookup code so that it
  1401. will work on systems that have variable-length struct ifreq, for
  1402. example Mac OS X.
  1403. - Fix scheduler compilation on targets where char is unsigned. Fixes
  1404. bug 14764; bugfix on 0.2.6.2-alpha. Reported by Christian Kujau.
  1405. o Minor bugfixes (sandbox):
  1406. - Allow glibc fatal errors to be sent to stderr before Tor exits.
  1407. Previously, glibc would try to write them to /dev/tty, and the
  1408. sandbox would trap the call and make Tor exit prematurely. Fixes
  1409. bug 14759; bugfix on 0.2.5.1-alpha.
  1410. o Minor bugfixes (shutdown):
  1411. - When shutting down, always call event_del() on lingering read or
  1412. write events before freeing them. Otherwise, we risk double-frees
  1413. or read-after-frees in event_base_free(). Fixes bug 12985; bugfix
  1414. on 0.1.0.2-rc.
  1415. o Minor bugfixes (small memory leaks):
  1416. - Avoid leaking memory when using IPv6 virtual address mappings.
  1417. Fixes bug 14123; bugfix on 0.2.4.7-alpha. Patch by Tom van
  1418. der Woerdt.
  1419. o Minor bugfixes (statistics):
  1420. - Increase period over which bandwidth observations are aggregated
  1421. from 15 minutes to 4 hours. Fixes bug 13988; bugfix on 0.0.8pre1.
  1422. o Minor bugfixes (systemd support):
  1423. - Fix detection and operation of systemd watchdog. Fixes part of bug
  1424. 14141; bugfix on 0.2.6.2-alpha. Patch from Tomasz Torcz.
  1425. - Run correctly under systemd with the RunAsDaemon option set. Fixes
  1426. part of bug 14141; bugfix on 0.2.5.7-rc. Patch from Tomasz Torcz.
  1427. - Inform the systemd supervisor about more changes in the Tor
  1428. process status. Implements part of ticket 14141. Patch from
  1429. Tomasz Torcz.
  1430. - Cause the "--disable-systemd" option to actually disable systemd
  1431. support. Fixes bug 14350; bugfix on 0.2.6.2-alpha. Patch
  1432. from "blueness".
  1433. o Minor bugfixes (TLS):
  1434. - Check more thoroughly throughout the TLS code for possible
  1435. unlogged TLS errors. Possible diagnostic or fix for bug 13319.
  1436. o Minor bugfixes (transparent proxy):
  1437. - Use getsockname, not getsockopt, to retrieve the address for a
  1438. TPROXY-redirected connection. Fixes bug 13796; bugfix
  1439. on 0.2.5.2-alpha.
  1440. o Code simplification and refactoring:
  1441. - Move fields related to isolating and configuring client ports into
  1442. a shared structure. Previously, they were duplicated across
  1443. port_cfg_t, listener_connection_t, and edge_connection_t. Failure
  1444. to copy them correctly had been the cause of at least one bug in
  1445. the past. Closes ticket 8546.
  1446. - Refactor the get_interface_addresses_raw() doom-function into
  1447. multiple smaller and simpler subfunctions. Cover the resulting
  1448. subfunctions with unit-tests. Fixes a significant portion of
  1449. issue 12376.
  1450. - Remove workaround in dirserv_thinks_router_is_hs_dir() that was
  1451. only for version <= 0.2.2.24 which is now deprecated. Closes
  1452. ticket 14202.
  1453. - Remove a test for a long-defunct broken version-one
  1454. directory server.
  1455. o Documentation:
  1456. - Adding section on OpenBSD to our TUNING document. Thanks to mmcc
  1457. for writing the OpenBSD-specific tips. Resolves ticket 13702.
  1458. - Make the tor-resolve documentation match its help string and its
  1459. options. Resolves part of ticket 14325.
  1460. - Log a more useful error message from tor-resolve when failing to
  1461. look up a hidden service address. Resolves part of ticket 14325.
  1462. o Downgraded warnings:
  1463. - Don't warn when we've attempted to contact a relay using the wrong
  1464. ntor onion key. Closes ticket 9635.
  1465. o Removed features:
  1466. - To avoid confusion with the "ExitRelay" option, "ExitNode" is no
  1467. longer silently accepted as an alias for "ExitNodes".
  1468. - The --enable-mempool and --enable-buf-freelists options, which
  1469. were originally created to work around bad malloc implementations,
  1470. no longer exist. They were off-by-default in 0.2.5. Closes
  1471. ticket 14848.
  1472. o Testing:
  1473. - Make the checkdir/perms test complete successfully even if the
  1474. global umask is not 022. Fixes bug 14215; bugfix on 0.2.6.2-alpha.
  1475. - Test that tor does not fail when key files are zero-length. Check
  1476. that tor generates new keys, and overwrites the empty key files.
  1477. - Test that tor generates new keys when keys are missing
  1478. (existing behavior).
  1479. - Test that tor does not overwrite key files that already contain
  1480. data (existing behavior). Tests bug 13111. Patch by "teor".
  1481. - New "make test-stem" target to run stem integration tests.
  1482. Requires that the "STEM_SOURCE_DIR" environment variable be set.
  1483. Closes ticket 14107.
  1484. - Make the test_cmdline_args.py script work correctly on Windows.
  1485. Patch from Gisle Vanem.
  1486. - Move the slower unit tests into a new "./src/test/test-slow"
  1487. binary that can be run independently of the other tests. Closes
  1488. ticket 13243.
  1489. - Avoid undefined behavior when sampling huge values from the
  1490. Laplace distribution. This made unittests fail on Raspberry Pi.
  1491. Bug found by Device. Fixes bug 14090; bugfix on 0.2.6.2-alpha.
  1492. Changes in version 0.2.6.2-alpha - 2014-12-31
  1493. Tor 0.2.6.2-alpha is the second alpha release in the 0.2.6.x series.
  1494. It introduces a major new backend for deciding when to send cells on
  1495. channels, which should lead down the road to big performance
  1496. increases. It contains security and statistics features for better
  1497. work on hidden services, and numerous bugfixes.
  1498. This release contains many new unit tests, along with major
  1499. performance improvements for running testing networks using Chutney.
  1500. Thanks to a series of patches contributed by "teor", testing networks
  1501. should now bootstrap in seconds, rather than minutes.
  1502. o Major features (relay, infrastructure):
  1503. - Complete revision of the code that relays use to decide which cell
  1504. to send next. Formerly, we selected the best circuit to write on
  1505. each channel, but we didn't select among channels in any
  1506. sophisticated way. Now, we choose the best circuits globally from
  1507. among those whose channels are ready to deliver traffic.
  1508. This patch implements a new inter-cmux comparison API, a global
  1509. high/low watermark mechanism and a global scheduler loop for
  1510. transmission prioritization across all channels as well as among
  1511. circuits on one channel. This schedule is currently tuned to
  1512. (tolerantly) avoid making changes in network performance, but it
  1513. should form the basis for major circuit performance increases in
  1514. the future. Code by Andrea; tuning by Rob Jansen; implements
  1515. ticket 9262.
  1516. o Major features (hidden services):
  1517. - Make HS port scanning more difficult by immediately closing the
  1518. circuit when a user attempts to connect to a nonexistent port.
  1519. Closes ticket 13667.
  1520. - Add a HiddenServiceStatistics option that allows Tor relays to
  1521. gather and publish statistics about the overall size and volume of
  1522. hidden service usage. Specifically, when this option is turned on,
  1523. an HSDir will publish an approximate number of hidden services
  1524. that have published descriptors to it the past 24 hours. Also, if
  1525. a relay has acted as a hidden service rendezvous point, it will
  1526. publish the approximate amount of rendezvous cells it has relayed
  1527. the past 24 hours. The statistics themselves are obfuscated so
  1528. that the exact values cannot be derived. For more details see
  1529. proposal 238, "Better hidden service stats from Tor relays". This
  1530. feature is currently disabled by default. Implements feature 13192.
  1531. o Major bugfixes (client, automap):
  1532. - Repair automapping with IPv6 addresses. This automapping should
  1533. have worked previously, but one piece of debugging code that we
  1534. inserted to detect a regression actually caused the regression to
  1535. manifest itself again. Fixes bug 13811 and bug 12831; bugfix on
  1536. 0.2.4.7-alpha. Diagnosed and fixed by Francisco Blas
  1537. Izquierdo Riera.
  1538. o Major bugfixes (hidden services):
  1539. - When closing an introduction circuit that was opened in parallel
  1540. with others, don't mark the introduction point as unreachable.
  1541. Previously, the first successful connection to an introduction
  1542. point would make the other introduction points get marked as
  1543. having timed out. Fixes bug 13698; bugfix on 0.0.6rc2.
  1544. o Directory authority changes:
  1545. - Remove turtles as a directory authority.
  1546. - Add longclaw as a new (v3) directory authority. This implements
  1547. ticket 13296. This keeps the directory authority count at 9.
  1548. o Major removed features:
  1549. - Tor clients no longer support connecting to hidden services
  1550. running on Tor 0.2.2.x and earlier; the Support022HiddenServices
  1551. option has been removed. (There shouldn't be any hidden services
  1552. running these versions on the network.) Closes ticket 7803.
  1553. o Minor features (client):
  1554. - Validate hostnames in SOCKS5 requests more strictly. If SafeSocks
  1555. is enabled, reject requests with IP addresses as hostnames.
  1556. Resolves ticket 13315.
  1557. o Minor features (controller):
  1558. - Add a "SIGNAL HEARTBEAT" controller command that tells Tor to
  1559. write an unscheduled heartbeat message to the log. Implements
  1560. feature 9503.
  1561. o Minor features (geoip):
  1562. - Update geoip and geoip6 to the November 15 2014 Maxmind GeoLite2
  1563. Country database.
  1564. o Minor features (hidden services):
  1565. - When re-enabling the network, don't try to build introduction
  1566. circuits until we have successfully built a circuit. This makes
  1567. hidden services come up faster when the network is re-enabled.
  1568. Patch from "akwizgran". Closes ticket 13447.
  1569. - When we fail to retrieve a hidden service descriptor, send the
  1570. controller an "HS_DESC FAILED" controller event. Implements
  1571. feature 13212.
  1572. - New HiddenServiceDirGroupReadable option to cause hidden service
  1573. directories and hostname files to be created group-readable. Patch
  1574. from "anon", David Stainton, and "meejah". Closes ticket 11291.
  1575. o Minor features (systemd):
  1576. - Where supported, when running with systemd, report successful
  1577. startup to systemd. Part of ticket 11016. Patch by Michael Scherer.
  1578. - When running with systemd, support systemd watchdog messages. Part
  1579. of ticket 11016. Patch by Michael Scherer.
  1580. o Minor features (transparent proxy):
  1581. - Update the transparent proxy option checks to allow for both ipfw
  1582. and pf on OS X. Closes ticket 14002.
  1583. - Use the correct option when using IPv6 with transparent proxy
  1584. support on Linux. Resolves 13808. Patch by Francisco Blas
  1585. Izquierdo Riera.
  1586. o Minor bugfixes (preventative security, C safety):
  1587. - When reading a hexadecimal, base-32, or base-64 encoded value from
  1588. a string, always overwrite the whole output buffer. This prevents
  1589. some bugs where we would look at (but fortunately, not reveal)
  1590. uninitialized memory on the stack. Fixes bug 14013; bugfix on all
  1591. versions of Tor.
  1592. - Clear all memory targetted by tor_addr_{to,from}_sockaddr(), not
  1593. just the part that's used. This makes it harder for data leak bugs
  1594. to occur in the event of other programming failures. Resolves
  1595. ticket 14041.
  1596. o Minor bugfixes (client, microdescriptors):
  1597. - Use a full 256 bits of the SHA256 digest of a microdescriptor when
  1598. computing which microdescriptors to download. This keeps us from
  1599. erroneous download behavior if two microdescriptor digests ever
  1600. have the same first 160 bits. Fixes part of bug 13399; bugfix
  1601. on 0.2.3.1-alpha.
  1602. - Reset a router's status if its microdescriptor digest changes,
  1603. even if the first 160 bits remain the same. Fixes part of bug
  1604. 13399; bugfix on 0.2.3.1-alpha.
  1605. o Minor bugfixes (compilation):
  1606. - Silence clang warnings under --enable-expensive-hardening,
  1607. including implicit truncation of 64 bit values to 32 bit, const
  1608. char assignment to self, tautological compare, and additional
  1609. parentheses around equality tests. Fixes bug 13577; bugfix
  1610. on 0.2.5.4-alpha.
  1611. - Fix a clang warning about checking whether an address in the
  1612. middle of a structure is NULL. Fixes bug 14001; bugfix
  1613. on 0.2.1.2-alpha.
  1614. o Minor bugfixes (hidden services):
  1615. - Correctly send a controller event when we find that a rendezvous
  1616. circuit has finished. Fixes bug 13936; bugfix on 0.1.1.5-alpha.
  1617. - Pre-check directory permissions for new hidden-services to avoid
  1618. at least one case of "Bug: Acting on config options left us in a
  1619. broken state. Dying." Fixes bug 13942; bugfix on 0.0.6pre1.
  1620. - When adding a new hidden service (for example, via SETCONF), Tor
  1621. no longer congratulates the user for running a relay. Fixes bug
  1622. 13941; bugfix on 0.2.6.1-alpha.
  1623. - When fetching hidden service descriptors, we now check not only
  1624. for whether we got the hidden service we had in mind, but also
  1625. whether we got the particular descriptors we wanted. This prevents
  1626. a class of inefficient but annoying DoS attacks by hidden service
  1627. directories. Fixes bug 13214; bugfix on 0.2.1.6-alpha. Reported
  1628. by "special".
  1629. o Minor bugfixes (Linux seccomp2 sandbox):
  1630. - Make transparent proxy support work along with the seccomp2
  1631. sandbox. Fixes part of bug 13808; bugfix on 0.2.5.1-alpha. Patch
  1632. by Francisco Blas Izquierdo Riera.
  1633. - Fix a memory leak in tor-resolve when running with the sandbox
  1634. enabled. Fixes bug 14050; bugfix on 0.2.5.9-rc.
  1635. o Minor bugfixes (logging):
  1636. - Downgrade warnings about RSA signature failures to info log level.
  1637. Emit a warning when an extra info document is found incompatible
  1638. with a corresponding router descriptor. Fixes bug 9812; bugfix
  1639. on 0.0.6rc3.
  1640. - Make connection_ap_handshake_attach_circuit() log the circuit ID
  1641. correctly. Fixes bug 13701; bugfix on 0.0.6.
  1642. o Minor bugfixes (misc):
  1643. - Stop allowing invalid address patterns like "*/24" that contain
  1644. both a wildcard address and a bit prefix length. This affects all
  1645. our address-range parsing code. Fixes bug 7484; bugfix
  1646. on 0.0.2pre14.
  1647. o Minor bugfixes (testing networks, fast startup):
  1648. - Allow Tor to build circuits using a consensus with no exits. If
  1649. the consensus has no exits (typical of a bootstrapping test
  1650. network), allow Tor to build circuits once enough descriptors have
  1651. been downloaded. This assists in bootstrapping a testing Tor
  1652. network. Fixes bug 13718; bugfix on 0.2.4.10-alpha. Patch
  1653. by "teor".
  1654. - When V3AuthVotingInterval is low, give a lower If-Modified-Since
  1655. header to directory servers. This allows us to obtain consensuses
  1656. promptly when the consensus interval is very short. This assists
  1657. in bootstrapping a testing Tor network. Fixes parts of bugs 13718
  1658. and 13963; bugfix on 0.2.0.3-alpha. Patch by "teor".
  1659. - Stop assuming that private addresses are local when checking
  1660. reachability in a TestingTorNetwork. Instead, when testing, assume
  1661. all OR connections are remote. (This is necessary due to many test
  1662. scenarios running all relays on localhost.) This assists in
  1663. bootstrapping a testing Tor network. Fixes bug 13924; bugfix on
  1664. 0.1.0.1-rc. Patch by "teor".
  1665. - Avoid building exit circuits from a consensus with no exits. Now
  1666. thanks to our fix for 13718, we accept a no-exit network as not
  1667. wholly lost, but we need to remember not to try to build exit
  1668. circuits on it. Closes ticket 13814; patch by "teor".
  1669. - Stop requiring exits to have non-zero bandwithcapacity in a
  1670. TestingTorNetwork. Instead, when TestingMinExitFlagThreshold is 0,
  1671. ignore exit bandwidthcapacity. This assists in bootstrapping a
  1672. testing Tor network. Fixes parts of bugs 13718 and 13839; bugfix
  1673. on 0.2.0.3-alpha. Patch by "teor".
  1674. - Add "internal" to some bootstrap statuses when no exits are
  1675. available. If the consensus does not contain Exits, Tor will only
  1676. build internal circuits. In this case, relevant statuses will
  1677. contain the word "internal" as indicated in the Tor control-
  1678. spec.txt. When bootstrap completes, Tor will be ready to build
  1679. internal circuits. If a future consensus contains Exits, exit
  1680. circuits may become available. Fixes part of bug 13718; bugfix on
  1681. 0.2.4.10-alpha. Patch by "teor".
  1682. - Decrease minimum consensus interval to 10 seconds when
  1683. TestingTorNetwork is set, or 5 seconds for the first consensus.
  1684. Fix assumptions throughout the code that assume larger intervals.
  1685. Fixes bugs 13718 and 13823; bugfix on 0.2.0.3-alpha. Patch
  1686. by "teor".
  1687. - Avoid excluding guards from path building in minimal test
  1688. networks, when we're in a test network and excluding guards would
  1689. exclude all relays. This typically occurs in incredibly small tor
  1690. networks, and those using "TestingAuthVoteGuard *". Fixes part of
  1691. bug 13718; bugfix on 0.1.1.11-alpha. Patch by "teor".
  1692. o Code simplification and refactoring:
  1693. - Stop using can_complete_circuits as a global variable; access it
  1694. with a function instead.
  1695. - Avoid using operators directly as macro arguments: this lets us
  1696. apply coccinelle transformations to our codebase more directly.
  1697. Closes ticket 13172.
  1698. - Combine the functions used to parse ClientTransportPlugin and
  1699. ServerTransportPlugin into a single function. Closes ticket 6456.
  1700. - Add inline functions and convenience macros for inspecting channel
  1701. state. Refactor the code to use convenience macros instead of
  1702. checking channel state directly. Fixes issue 7356.
  1703. - Document all members of was_router_added_t and rename
  1704. ROUTER_WAS_NOT_NEW to ROUTER_IS_ALREADY_KNOWN to make it less
  1705. confusable with ROUTER_WAS_TOO_OLD. Fixes issue 13644.
  1706. - In connection_exit_begin_conn(), use END_CIRC_REASON_TORPROTOCOL
  1707. constant instead of hardcoded value. Fixes issue 13840.
  1708. - Refactor our generic strmap and digestmap types into a single
  1709. implementation, so that we can add a new digest256map
  1710. type trivially.
  1711. o Documentation:
  1712. - Document the bridge-authority-only 'networkstatus-bridges' file.
  1713. Closes ticket 13713; patch from "tom".
  1714. - Fix typo in PredictedPortsRelevanceTime option description in
  1715. manpage. Resolves issue 13707.
  1716. - Stop suggesting that users specify relays by nickname: it isn't a
  1717. good idea. Also, properly cross-reference how to specify relays in
  1718. all parts of manual documenting options that take a list of
  1719. relays. Closes ticket 13381.
  1720. - Clarify the HiddenServiceDir option description in manpage to make
  1721. it clear that relative paths are taken with respect to the current
  1722. working directory. Also clarify that this behavior is not
  1723. guaranteed to remain indefinitely. Fixes issue 13913.
  1724. o Testing:
  1725. - New tests for many parts of channel, relay, and circuitmux
  1726. functionality. Code by Andrea; part of 9262.
  1727. - New tests for parse_transport_line(). Part of ticket 6456.
  1728. - In the unit tests, use chgrp() to change the group of the unit
  1729. test temporary directory to the current user, so that the sticky
  1730. bit doesn't interfere with tests that check directory groups.
  1731. Closes 13678.
  1732. - Add unit tests for resolve_my_addr(). Part of ticket 12376; patch
  1733. by 'rl1987'.
  1734. Changes in version 0.2.6.1-alpha - 2014-10-30
  1735. Tor 0.2.6.1-alpha is the first release in the Tor 0.2.6.x series. It
  1736. includes numerous code cleanups and new tests, and fixes a large
  1737. number of annoying bugs. Out-of-memory conditions are handled better
  1738. than in 0.2.5, pluggable transports have improved proxy support, and
  1739. clients now use optimistic data for contacting hidden services. Also,
  1740. we are now more robust to changes in what we consider a parseable
  1741. directory object, so that tightening restrictions does not have a risk
  1742. of introducing infinite download loops.
  1743. This is the first alpha release in a new series, so expect there to be
  1744. bugs. Users who would rather test out a more stable branch should stay
  1745. with 0.2.5.x for now.
  1746. o New compiler and system requirements:
  1747. - Tor 0.2.6.x requires that your compiler support more of the C99
  1748. language standard than before. The 'configure' script now detects
  1749. whether your compiler supports C99 mid-block declarations and
  1750. designated initializers. If it does not, Tor will not compile.
  1751. We may revisit this requirement if it turns out that a significant
  1752. number of people need to build Tor with compilers that don't
  1753. bother implementing a 15-year-old standard. Closes ticket 13233.
  1754. - Tor no longer supports systems without threading support. When we
  1755. began working on Tor, there were several systems that didn't have
  1756. threads, or where the thread support wasn't able to run the
  1757. threads of a single process on multiple CPUs. That no longer
  1758. holds: every system where Tor needs to run well now has threading
  1759. support. Resolves ticket 12439.
  1760. o Removed platform support:
  1761. - We no longer include special code to build on Windows CE; as far
  1762. as we know, nobody has used Tor on Windows CE in a very long time.
  1763. Closes ticket 11446.
  1764. o Major features (bridges):
  1765. - Expose the outgoing upstream HTTP/SOCKS proxy to pluggable
  1766. transports if they are configured via the "TOR_PT_PROXY"
  1767. environment variable. Implements proposal 232. Resolves
  1768. ticket 8402.
  1769. o Major features (client performance, hidden services):
  1770. - Allow clients to use optimistic data when connecting to a hidden
  1771. service, which should remove a round-trip from hidden service
  1772. initialization. See proposal 181 for details. Implements
  1773. ticket 13211.
  1774. o Major features (directory system):
  1775. - Upon receiving an unparseable directory object, if its digest
  1776. matches what we expected, then don't try to download it again.
  1777. Previously, when we got a descriptor we didn't like, we would keep
  1778. trying to download it over and over. Closes ticket 11243.
  1779. o Major features (sample torrc):
  1780. - Add a new, infrequently-changed "torrc.minimal". This file is
  1781. similar to torrc.sample, but it will change as infrequently as
  1782. possible, for the benefit of users whose systems prompt them for
  1783. intervention whenever a default configuration file is changed.
  1784. Making this change allows us to update torrc.sample to be a more
  1785. generally useful "sample torrc".
  1786. o Major bugfixes (directory authorities):
  1787. - Do not assign the HSDir flag to relays if they are not Valid, or
  1788. currently hibernating. Fixes 12573; bugfix on 0.2.0.10-alpha.
  1789. o Major bugfixes (directory bandwidth performance):
  1790. - Don't flush the zlib buffer aggressively when compressing
  1791. directory information for clients. This should save about 7% of
  1792. the bandwidth currently used for compressed descriptors and
  1793. microdescriptors. Fixes bug 11787; bugfix on 0.1.1.23.
  1794. o Minor features (security, memory wiping):
  1795. - Ensure we securely wipe keys from memory after
  1796. crypto_digest_get_digest and init_curve25519_keypair_from_file
  1797. have finished using them. Resolves ticket 13477.
  1798. o Minor features (security, out-of-memory handling):
  1799. - When handling an out-of-memory condition, allocate less memory for
  1800. temporary data structures. Fixes issue 10115.
  1801. - When handling an out-of-memory condition, consider more types of
  1802. buffers, including those on directory connections, and zlib
  1803. buffers. Resolves ticket 11792.
  1804. o Minor features:
  1805. - When identity keypair is generated for first time, log a
  1806. congratulatory message that links to the new relay lifecycle
  1807. document. Implements feature 10427.
  1808. o Minor features (client):
  1809. - Clients are now willing to send optimistic data (before they
  1810. receive a 'connected' cell) to relays of any version. (Relays
  1811. without support for optimistic data are no longer supported on the
  1812. Tor network.) Resolves ticket 13153.
  1813. o Minor features (directory authorities):
  1814. - Don't list relays with a bandwidth estimate of 0 in the consensus.
  1815. Implements a feature proposed during discussion of bug 13000.
  1816. - In tor-gencert, report an error if the user provides the same
  1817. argument more than once.
  1818. - If a directory authority can't find a best consensus method in the
  1819. votes that it holds, it now falls back to its favorite consensus
  1820. method. Previously, it fell back to method 1. Neither of these is
  1821. likely to get enough signatures, but "fall back to favorite"
  1822. doesn't require us to maintain support an obsolete consensus
  1823. method. Implements part of proposal 215.
  1824. o Minor features (logging):
  1825. - On Unix-like systems, you can now use named pipes as the target of
  1826. the Log option, and other options that try to append to files.
  1827. Closes ticket 12061. Patch from "carlo von lynX".
  1828. - When opening a log file at startup, send it every log message that
  1829. we generated between startup and opening it. Previously, log
  1830. messages that were generated before opening the log file were only
  1831. logged to stdout. Closes ticket 6938.
  1832. - Add a TruncateLogFile option to overwrite logs instead of
  1833. appending to them. Closes ticket 5583.
  1834. o Minor features (portability, Solaris):
  1835. - Threads are no longer disabled by default on Solaris; we believe
  1836. that the versions of Solaris with broken threading support are all
  1837. obsolete by now. Resolves ticket 9495.
  1838. o Minor features (relay):
  1839. - Re-check our address after we detect a changed IP address from
  1840. getsockname(). This ensures that the controller command "GETINFO
  1841. address" will report the correct value. Resolves ticket 11582.
  1842. Patch from "ra".
  1843. - A new AccountingRule option lets Relays set whether they'd like
  1844. AccountingMax to be applied separately to inbound and outbound
  1845. traffic, or applied to the sum of inbound and outbound traffic.
  1846. Resolves ticket 961. Patch by "chobe".
  1847. o Minor features (testing networks):
  1848. - Add the TestingDirAuthVoteExit option, which lists nodes to assign
  1849. the "Exit" flag regardless of their uptime, bandwidth, or exit
  1850. policy. TestingTorNetwork must be set for this option to have any
  1851. effect. Previously, authorities would take up to 35 minutes to
  1852. give nodes the Exit flag in a test network. Partially implements
  1853. ticket 13161.
  1854. o Minor features (validation):
  1855. - Check all date/time values passed to tor_timegm and
  1856. parse_rfc1123_time for validity, taking leap years into account.
  1857. Improves HTTP header validation. Implemented with bug 13476.
  1858. - In correct_tm(), limit the range of values returned by system
  1859. localtime(_r) and gmtime(_r) to be between the years 1 and 8099.
  1860. This means we don't have to deal with negative or too large dates,
  1861. even if a clock is wrong. Otherwise we might fail to read a file
  1862. written by us which includes such a date. Fixes bug 13476.
  1863. o Minor bugfixes (bridge clients):
  1864. - When configured to use a bridge without an identity digest (not
  1865. recommended), avoid launching an extra channel to it when
  1866. bootstrapping. Fixes bug 7733; bugfix on 0.2.4.4-alpha.
  1867. o Minor bugfixes (bridges):
  1868. - When DisableNetwork is set, do not launch pluggable transport
  1869. plugins, and if any are running, terminate them. Fixes bug 13213;
  1870. bugfix on 0.2.3.6-alpha.
  1871. o Minor bugfixes (C correctness):
  1872. - Fix several instances of possible integer overflow/underflow/NaN.
  1873. Fixes bug 13104; bugfix on 0.2.3.1-alpha and later. Patches
  1874. from "teor".
  1875. - In circuit_build_times_calculate_timeout() in circuitstats.c,
  1876. avoid dividing by zero in the pareto calculations. This traps
  1877. under clang's "undefined-trap" sanitizer. Fixes bug 13290; bugfix
  1878. on 0.2.2.2-alpha.
  1879. - Fix an integer overflow in format_time_interval(). Fixes bug
  1880. 13393; bugfix on 0.2.0.10-alpha.
  1881. - Set the correct day of year value when the system's localtime(_r)
  1882. or gmtime(_r) functions fail to set struct tm. Not externally
  1883. visible. Fixes bug 13476; bugfix on 0.0.2pre14.
  1884. - Avoid unlikely signed integer overflow in tor_timegm on systems
  1885. with 32-bit time_t. Fixes bug 13476; bugfix on 0.0.2pre14.
  1886. o Minor bugfixes (client):
  1887. - Fix smartlist_choose_node_by_bandwidth() so that relays with the
  1888. BadExit flag are not considered worthy candidates. Fixes bug
  1889. 13066; bugfix on 0.1.2.3-alpha.
  1890. - Use the consensus schedule for downloading consensuses, and not
  1891. the generic schedule. Fixes bug 11679; bugfix on 0.2.2.6-alpha.
  1892. - Handle unsupported or malformed SOCKS5 requests properly by
  1893. responding with the appropriate error message before closing the
  1894. connection. Fixes bugs 12971 and 13314; bugfix on 0.0.2pre13.
  1895. o Minor bugfixes (client, torrc):
  1896. - Stop modifying the value of our DirReqStatistics torrc option just
  1897. because we're not a bridge or relay. This bug was causing Tor
  1898. Browser users to write "DirReqStatistics 0" in their torrc files
  1899. as if they had chosen to change the config. Fixes bug 4244; bugfix
  1900. on 0.2.3.1-alpha.
  1901. - When GeoIPExcludeUnknown is enabled, do not incorrectly decide
  1902. that our options have changed every time we SIGHUP. Fixes bug
  1903. 9801; bugfix on 0.2.4.10-alpha. Patch from "qwerty1".
  1904. o Minor bugfixes (controller):
  1905. - Return an error when the second or later arguments of the
  1906. "setevents" controller command are invalid events. Previously we
  1907. would return success while silently skipping invalid events. Fixes
  1908. bug 13205; bugfix on 0.2.3.2-alpha. Reported by "fpxnns".
  1909. o Minor bugfixes (directory system):
  1910. - Always believe that v3 directory authorities serve extra-info
  1911. documents, whether they advertise "caches-extra-info" or not.
  1912. Fixes part of bug 11683; bugfix on 0.2.0.1-alpha.
  1913. - When running as a v3 directory authority, advertise that you serve
  1914. extra-info documents so that clients who want them can find them
  1915. from you too. Fixes part of bug 11683; bugfix on 0.2.0.1-alpha.
  1916. - Check the BRIDGE_DIRINFO flag bitwise rather than using equality.
  1917. Previously, directories offering BRIDGE_DIRINFO and some other
  1918. flag (i.e. microdescriptors or extrainfo) would be ignored when
  1919. looking for bridges. Partially fixes bug 13163; bugfix
  1920. on 0.2.0.7-alpha.
  1921. o Minor bugfixes (networking):
  1922. - Check for orconns and use connection_or_close_for_error() rather
  1923. than connection_mark_for_close() directly in the getsockopt()
  1924. failure case of connection_handle_write_impl(). Fixes bug 11302;
  1925. bugfix on 0.2.4.4-alpha.
  1926. o Minor bugfixes (relay):
  1927. - When generating our family list, remove spaces from around the
  1928. entries. Fixes bug 12728; bugfix on 0.2.1.7-alpha.
  1929. - If our previous bandwidth estimate was 0 bytes, allow publishing a
  1930. new relay descriptor immediately. Fixes bug 13000; bugfix
  1931. on 0.1.1.6-alpha.
  1932. o Minor bugfixes (testing networks):
  1933. - Fix TestingDirAuthVoteGuard to properly give out Guard flags in a
  1934. testing network. Fixes bug 13064; bugfix on 0.2.5.2-alpha.
  1935. - Stop using the default authorities in networks which provide both
  1936. AlternateDirAuthority and AlternateBridgeAuthority. Partially
  1937. fixes bug 13163; bugfix on 0.2.0.13-alpha.
  1938. o Minor bugfixes (testing):
  1939. - Stop spawn test failures due to a race condition between the
  1940. SIGCHLD handler updating the process status, and the test reading
  1941. it. Fixes bug 13291; bugfix on 0.2.3.3-alpha.
  1942. o Minor bugfixes (testing, Windows):
  1943. - Avoid passing an extra backslash when creating a temporary
  1944. directory for running the unit tests on Windows. Fixes bug 12392;
  1945. bugfix on 0.2.2.25-alpha. Patch from Gisle Vanem.
  1946. o Minor bugfixes (windows):
  1947. - Remove code to special-case handling of NTE_BAD_KEYSET when
  1948. acquiring windows CryptoAPI context. This error can't actually
  1949. occur for the parameters we're providing. Fixes bug 10816; bugfix
  1950. on 0.0.2pre26.
  1951. o Minor bugfixes (zlib):
  1952. - Avoid truncating a zlib stream when trying to finalize it with an
  1953. empty output buffer. Fixes bug 11824; bugfix on 0.1.1.23.
  1954. o Build fixes:
  1955. - Allow our configure script to build correctly with autoconf 2.62
  1956. again. Fixes bug 12693; bugfix on 0.2.5.2-alpha.
  1957. - Improve the error message from ./configure to make it clear that
  1958. when asciidoc has not been found, the user will have to either add
  1959. --disable-asciidoc argument or install asciidoc. Resolves
  1960. ticket 13228.
  1961. o Code simplification and refactoring:
  1962. - Change the entry_is_live() function to take named bitfield
  1963. elements instead of an unnamed list of booleans. Closes
  1964. ticket 12202.
  1965. - Refactor and unit-test entry_is_time_to_retry() in entrynodes.c.
  1966. Resolves ticket 12205.
  1967. - Use calloc and reallocarray functions instead of multiply-
  1968. then-malloc. This makes it less likely for us to fall victim to an
  1969. integer overflow attack when allocating. Resolves ticket 12855.
  1970. - Use the standard macro name SIZE_MAX, instead of our
  1971. own SIZE_T_MAX.
  1972. - Document usage of the NO_DIRINFO and ALL_DIRINFO flags clearly in
  1973. functions which take them as arguments. Replace 0 with NO_DIRINFO
  1974. in a function call for clarity. Seeks to prevent future issues
  1975. like 13163.
  1976. - Avoid 4 null pointer errors under clang static analysis by using
  1977. tor_assert() to prove that the pointers aren't null. Fixes
  1978. bug 13284.
  1979. - Rework the API of policies_parse_exit_policy() to use a bitmask to
  1980. represent parsing options, instead of a confusing mess of
  1981. booleans. Resolves ticket 8197.
  1982. - Introduce a helper function to parse ExitPolicy in
  1983. or_options_t structure.
  1984. o Documentation:
  1985. - Add a doc/TUNING document with tips for handling large numbers of
  1986. TCP connections when running busy Tor relay. Update the warning
  1987. message to point to this file when running out of sockets
  1988. operating system is allowing to use simultaneously. Resolves
  1989. ticket 9708.
  1990. o Removed features:
  1991. - We no longer remind the user about configuration options that have
  1992. been obsolete since 0.2.3.x or earlier. Patch by Adrien Bak.
  1993. - Remove our old, non-weighted bandwidth-based node selection code.
  1994. Previously, we used it as a fallback when we couldn't perform
  1995. weighted bandwidth-based node selection. But that would only
  1996. happen in the cases where we had no consensus, or when we had a
  1997. consensus generated by buggy or ancient directory authorities. In
  1998. either case, it's better to use the more modern, better maintained
  1999. algorithm, with reasonable defaults for the weights. Closes
  2000. ticket 13126.
  2001. - Remove the --disable-curve25519 configure option. Relays and
  2002. clients now are required to support curve25519 and the
  2003. ntor handshake.
  2004. - The old "StrictEntryNodes" and "StrictExitNodes" options, which
  2005. used to be deprecated synonyms for "StrictNodes", are now marked
  2006. obsolete. Resolves ticket 12226.
  2007. - Clients don't understand the BadDirectory flag in the consensus
  2008. anymore, and ignore it.
  2009. o Testing:
  2010. - Refactor the function that chooses guard nodes so that it can more
  2011. easily be tested; write some tests for it.
  2012. - Fix and re-enable the fgets_eagain unit test. Fixes bug 12503;
  2013. bugfix on 0.2.3.1-alpha. Patch from "cypherpunks."
  2014. - Create unit tests for format_time_interval(). With bug 13393.
  2015. - Add unit tests for tor_timegm signed overflow, tor_timegm and
  2016. parse_rfc1123_time validity checks, correct_tm year clamping. Unit
  2017. tests (visible) fixes in bug 13476.
  2018. - Add a "coverage-html" make target to generate HTML-visualized
  2019. coverage results when building with --enable-coverage. (Requires
  2020. lcov.) Patch from Kevin Murray.
  2021. - Enable the backtrace handler (where supported) when running the
  2022. unit tests.
  2023. - Revise all unit tests that used the legacy test_* macros to
  2024. instead use the recommended tt_* macros. This patch was generated
  2025. with coccinelle, to avoid manual errors. Closes ticket 13119.
  2026. o Distribution (systemd):
  2027. - systemd unit file: only allow tor to write to /var/lib/tor and
  2028. /var/log/tor. The rest of the filesystem is accessible for reading
  2029. only. Patch by intrigeri; resolves ticket 12751.
  2030. - systemd unit file: ensure that the process and all its children
  2031. can never gain new privileges. Patch by intrigeri; resolves
  2032. ticket 12939.
  2033. - systemd unit file: set up /var/run/tor as writable for the Tor
  2034. service. Patch by intrigeri; resolves ticket 13196.
  2035. o Removed features (directory authorities):
  2036. - Remove code that prevented authorities from listing Tor relays
  2037. affected by CVE-2011-2769 as guards. These relays are already
  2038. rejected altogether due to the minimum version requirement of
  2039. 0.2.3.16-alpha. Closes ticket 13152.
  2040. - The "AuthDirRejectUnlisted" option no longer has any effect, as
  2041. the fingerprints file (approved-routers) has been deprecated.
  2042. - Directory authorities do not support being Naming dirauths anymore.
  2043. The "NamingAuthoritativeDir" config option is now obsolete.
  2044. - Directory authorities do not support giving out the BadDirectory
  2045. flag anymore.
  2046. - Directory authorities no longer advertise or support consensus
  2047. methods 1 through 12 inclusive. These consensus methods were
  2048. obsolete and/or insecure: maintaining the ability to support them
  2049. served no good purpose. Implements part of proposal 215; closes
  2050. ticket 10163.
  2051. o Testing (test-network.sh):
  2052. - Stop using "echo -n", as some shells' built-in echo doesn't
  2053. support "-n". Instead, use "/bin/echo -n". Partially fixes
  2054. bug 13161.
  2055. - Stop an apparent test-network hang when used with make -j2. Fixes
  2056. bug 13331.
  2057. - Add a --delay option to test-network.sh, which configures the
  2058. delay before the chutney network tests for data transmission.
  2059. Partially implements ticket 13161.
  2060. Changes in version 0.2.5.10 - 2014-10-24
  2061. Tor 0.2.5.10 is the first stable release in the 0.2.5 series.
  2062. It adds several new security features, including improved
  2063. denial-of-service resistance for relays, new compiler hardening
  2064. options, and a system-call sandbox for hardened installations on Linux
  2065. (requires seccomp2). The controller protocol has several new features,
  2066. resolving IPv6 addresses should work better than before, and relays
  2067. should be a little more CPU-efficient. We've added support for more
  2068. OpenBSD and FreeBSD transparent proxy types. We've improved the build
  2069. system and testing infrastructure to allow unit testing of more parts
  2070. of the Tor codebase. Finally, we've addressed several nagging pluggable
  2071. transport usability issues, and included numerous other small bugfixes
  2072. and features mentioned below.
  2073. This release marks end-of-life for Tor 0.2.3.x; those Tor versions
  2074. have accumulated many known flaws; everyone should upgrade.
  2075. o Deprecated versions:
  2076. - Tor 0.2.3.x has reached end-of-life; it has received no patches or
  2077. attention for some while.
  2078. Changes in version 0.2.5.9-rc - 2014-10-20
  2079. Tor 0.2.5.9-rc is the third release candidate for the Tor 0.2.5.x
  2080. series. It disables SSL3 in response to the recent "POODLE" attack
  2081. (even though POODLE does not affect Tor). It also works around a crash
  2082. bug caused by some operating systems' response to the "POODLE" attack
  2083. (which does affect Tor). It also contains a few miscellaneous fixes.
  2084. o Major security fixes:
  2085. - Disable support for SSLv3. All versions of OpenSSL in use with Tor
  2086. today support TLS 1.0 or later, so we can safely turn off support
  2087. for this old (and insecure) protocol. Fixes bug 13426.
  2088. o Major bugfixes (openssl bug workaround):
  2089. - Avoid crashing when using OpenSSL version 0.9.8zc, 1.0.0o, or
  2090. 1.0.1j, built with the 'no-ssl3' configuration option. Fixes bug
  2091. 13471. This is a workaround for an OpenSSL bug.
  2092. o Minor bugfixes:
  2093. - Disable the sandbox name resolver cache when running tor-resolve:
  2094. tor-resolve doesn't use the sandbox code, and turning it on was
  2095. breaking attempts to do tor-resolve on a non-default server on
  2096. Linux. Fixes bug 13295; bugfix on 0.2.5.3-alpha.
  2097. o Compilation fixes:
  2098. - Build and run correctly on systems like OpenBSD-current that have
  2099. patched OpenSSL to remove get_cipher_by_char and/or its
  2100. implementations. Fixes issue 13325.
  2101. o Downgraded warnings:
  2102. - Downgrade the severity of the 'unexpected sendme cell from client'
  2103. from 'warn' to 'protocol warning'. Closes ticket 8093.
  2104. Changes in version 0.2.4.25 - 2014-10-20
  2105. Tor 0.2.4.25 disables SSL3 in response to the recent "POODLE" attack
  2106. (even though POODLE does not affect Tor). It also works around a crash
  2107. bug caused by some operating systems' response to the "POODLE" attack
  2108. (which does affect Tor).
  2109. o Major security fixes (also in 0.2.5.9-rc):
  2110. - Disable support for SSLv3. All versions of OpenSSL in use with Tor
  2111. today support TLS 1.0 or later, so we can safely turn off support
  2112. for this old (and insecure) protocol. Fixes bug 13426.
  2113. o Major bugfixes (openssl bug workaround, also in 0.2.5.9-rc):
  2114. - Avoid crashing when using OpenSSL version 0.9.8zc, 1.0.0o, or
  2115. 1.0.1j, built with the 'no-ssl3' configuration option. Fixes bug
  2116. 13471. This is a workaround for an OpenSSL bug.
  2117. Changes in version 0.2.5.8-rc - 2014-09-22
  2118. Tor 0.2.5.8-rc is the second release candidate for the Tor 0.2.5.x
  2119. series. It fixes a bug that affects consistency and speed when
  2120. connecting to hidden services, and it updates the location of one of
  2121. the directory authorities.
  2122. o Major bugfixes:
  2123. - Clients now send the correct address for their chosen rendezvous
  2124. point when trying to access a hidden service. They used to send
  2125. the wrong address, which would still work some of the time because
  2126. they also sent the identity digest of the rendezvous point, and if
  2127. the hidden service happened to try connecting to the rendezvous
  2128. point from a relay that already had a connection open to it,
  2129. the relay would reuse that connection. Now connections to hidden
  2130. services should be more robust and faster. Also, this bug meant
  2131. that clients were leaking to the hidden service whether they were
  2132. on a little-endian (common) or big-endian (rare) system, which for
  2133. some users might have reduced their anonymity. Fixes bug 13151;
  2134. bugfix on 0.2.1.5-alpha.
  2135. o Directory authority changes:
  2136. - Change IP address for gabelmoo (v3 directory authority).
  2137. Changes in version 0.2.4.24 - 2014-09-22
  2138. Tor 0.2.4.24 fixes a bug that affects consistency and speed when
  2139. connecting to hidden services, and it updates the location of one of
  2140. the directory authorities.
  2141. o Major bugfixes:
  2142. - Clients now send the correct address for their chosen rendezvous
  2143. point when trying to access a hidden service. They used to send
  2144. the wrong address, which would still work some of the time because
  2145. they also sent the identity digest of the rendezvous point, and if
  2146. the hidden service happened to try connecting to the rendezvous
  2147. point from a relay that already had a connection open to it,
  2148. the relay would reuse that connection. Now connections to hidden
  2149. services should be more robust and faster. Also, this bug meant
  2150. that clients were leaking to the hidden service whether they were
  2151. on a little-endian (common) or big-endian (rare) system, which for
  2152. some users might have reduced their anonymity. Fixes bug 13151;
  2153. bugfix on 0.2.1.5-alpha.
  2154. o Directory authority changes:
  2155. - Change IP address for gabelmoo (v3 directory authority).
  2156. o Minor features (geoip):
  2157. - Update geoip and geoip6 to the August 7 2014 Maxmind GeoLite2
  2158. Country database.
  2159. Changes in version 0.2.5.7-rc - 2014-09-11
  2160. Tor 0.2.5.7-rc fixes several regressions from earlier in the 0.2.5.x
  2161. release series, and some long-standing bugs related to ORPort reachability
  2162. testing and failure to send CREATE cells. It is the first release
  2163. candidate for the Tor 0.2.5.x series.
  2164. o Major bugfixes (client, startup):
  2165. - Start making circuits as soon as DisabledNetwork is turned off.
  2166. When Tor started with DisabledNetwork set, it would correctly
  2167. conclude that it shouldn't build circuits, but it would mistakenly
  2168. cache this conclusion, and continue believing it even when
  2169. DisableNetwork is set to 0. Fixes the bug introduced by the fix
  2170. for bug 11200; bugfix on 0.2.5.4-alpha.
  2171. - Resume expanding abbreviations for command-line options. The fix
  2172. for bug 4647 accidentally removed our hack from bug 586 that
  2173. rewrote HashedControlPassword to __HashedControlSessionPassword
  2174. when it appears on the commandline (which allowed the user to set
  2175. her own HashedControlPassword in the torrc file while the
  2176. controller generates a fresh session password for each run). Fixes
  2177. bug 12948; bugfix on 0.2.5.1-alpha.
  2178. - Warn about attempts to run hidden services and relays in the same
  2179. process: that's probably not a good idea. Closes ticket 12908.
  2180. o Major bugfixes (relay):
  2181. - Avoid queuing or sending destroy cells for circuit ID zero when we
  2182. fail to send a CREATE cell. Fixes bug 12848; bugfix on 0.0.8pre1.
  2183. Found and fixed by "cypherpunks".
  2184. - Fix ORPort reachability detection on relays running behind a
  2185. proxy, by correctly updating the "local" mark on the controlling
  2186. channel when changing the address of an or_connection_t after the
  2187. handshake. Fixes bug 12160; bugfix on 0.2.4.4-alpha.
  2188. o Minor features (bridge):
  2189. - Add an ExtORPortCookieAuthFileGroupReadable option to make the
  2190. cookie file for the ExtORPort g+r by default.
  2191. o Minor features (geoip):
  2192. - Update geoip and geoip6 to the August 7 2014 Maxmind GeoLite2
  2193. Country database.
  2194. o Minor bugfixes (logging):
  2195. - Reduce the log severity of the "Pluggable transport proxy does not
  2196. provide any needed transports and will not be launched." message,
  2197. since Tor Browser includes several ClientTransportPlugin lines in
  2198. its torrc-defaults file, leading every Tor Browser user who looks
  2199. at her logs to see these notices and wonder if they're dangerous.
  2200. Resolves bug 13124; bugfix on 0.2.5.3-alpha.
  2201. - Downgrade "Unexpected onionskin length after decryption" warning
  2202. to a protocol-warn, since there's nothing relay operators can do
  2203. about a client that sends them a malformed create cell. Resolves
  2204. bug 12996; bugfix on 0.0.6rc1.
  2205. - Log more specific warnings when we get an ESTABLISH_RENDEZVOUS
  2206. cell on a cannibalized or non-OR circuit. Resolves ticket 12997.
  2207. - When logging information about an EXTEND2 or EXTENDED2 cell, log
  2208. their names correctly. Fixes part of bug 12700; bugfix
  2209. on 0.2.4.8-alpha.
  2210. - When logging information about a relay cell whose command we don't
  2211. recognize, log its command as an integer. Fixes part of bug 12700;
  2212. bugfix on 0.2.1.10-alpha.
  2213. - Escape all strings from the directory connection before logging
  2214. them. Fixes bug 13071; bugfix on 0.1.1.15. Patch from "teor".
  2215. o Minor bugfixes (controller):
  2216. - Restore the functionality of CookieAuthFileGroupReadable. Fixes
  2217. bug 12864; bugfix on 0.2.5.1-alpha.
  2218. - Actually send TRANSPORT_LAUNCHED and HS_DESC events to
  2219. controllers. Fixes bug 13085; bugfix on 0.2.5.1-alpha. Patch
  2220. by "teor".
  2221. o Minor bugfixes (compilation):
  2222. - Fix compilation of test.h with MSVC. Patch from Gisle Vanem;
  2223. bugfix on 0.2.5.5-alpha.
  2224. - Make the nmake make files work again. Fixes bug 13081. Bugfix on
  2225. 0.2.5.1-alpha. Patch from "NewEraCracker".
  2226. - In routerlist_assert_ok(), don't take the address of a
  2227. routerinfo's cache_info member unless that routerinfo is non-NULL.
  2228. Fixes bug 13096; bugfix on 0.1.1.9-alpha. Patch by "teor".
  2229. - Fix a large number of false positive warnings from the clang
  2230. analyzer static analysis tool. This should make real warnings
  2231. easier for clang analyzer to find. Patch from "teor". Closes
  2232. ticket 13036.
  2233. o Distribution (systemd):
  2234. - Verify configuration file via ExecStartPre in the systemd unit
  2235. file. Patch from intrigeri; resolves ticket 12730.
  2236. - Explicitly disable RunAsDaemon in the systemd unit file. Our
  2237. current systemd unit uses "Type = simple", so systemd does not
  2238. expect tor to fork. If the user has "RunAsDaemon 1" in their
  2239. torrc, then things won't work as expected. This is e.g. the case
  2240. on Debian (and derivatives), since there we pass "--defaults-torrc
  2241. /usr/share/tor/tor-service-defaults-torrc" (that contains
  2242. "RunAsDaemon 1") by default. Patch by intrigeri; resolves
  2243. ticket 12731.
  2244. o Documentation:
  2245. - Adjust the URLs in the README to refer to the new locations of
  2246. several documents on the website. Fixes bug 12830. Patch from
  2247. Matt Pagan.
  2248. - Document 'reject6' and 'accept6' ExitPolicy entries. Resolves
  2249. ticket 12878.
  2250. Changes in version 0.2.5.6-alpha - 2014-07-28
  2251. Tor 0.2.5.6-alpha brings us a big step closer to slowing down the
  2252. risk from guard rotation, and fixes a variety of other issues to get
  2253. us closer to a release candidate.
  2254. o Major features (also in 0.2.4.23):
  2255. - Make the number of entry guards configurable via a new
  2256. NumEntryGuards consensus parameter, and the number of directory
  2257. guards configurable via a new NumDirectoryGuards consensus
  2258. parameter. Implements ticket 12688.
  2259. o Major bugfixes (also in 0.2.4.23):
  2260. - Fix a bug in the bounds-checking in the 32-bit curve25519-donna
  2261. implementation that caused incorrect results on 32-bit
  2262. implementations when certain malformed inputs were used along with
  2263. a small class of private ntor keys. This bug does not currently
  2264. appear to allow an attacker to learn private keys or impersonate a
  2265. Tor server, but it could provide a means to distinguish 32-bit Tor
  2266. implementations from 64-bit Tor implementations. Fixes bug 12694;
  2267. bugfix on 0.2.4.8-alpha. Bug found by Robert Ransom; fix from
  2268. Adam Langley.
  2269. o Major bugfixes:
  2270. - Perform circuit cleanup operations even when circuit
  2271. construction operations are disabled (because the network is
  2272. disabled, or because there isn't enough directory information).
  2273. Previously, when we were not building predictive circuits, we
  2274. were not closing expired circuits either. Fixes bug 8387; bugfix on
  2275. 0.1.1.11-alpha. This bug became visible in 0.2.4.10-alpha when we
  2276. became more strict about when we have "enough directory information
  2277. to build circuits".
  2278. o Minor features:
  2279. - Authorities now assign the Guard flag to the fastest 25% of the
  2280. network (it used to be the fastest 50%). Also raise the consensus
  2281. weight that guarantees the Guard flag from 250 to 2000. For the
  2282. current network, this results in about 1100 guards, down from 2500.
  2283. This step paves the way for moving the number of entry guards
  2284. down to 1 (proposal 236) while still providing reasonable expected
  2285. performance for most users. Implements ticket 12690.
  2286. - Update geoip and geoip6 to the July 10 2014 Maxmind GeoLite2
  2287. Country database.
  2288. - Slightly enhance the diagnostic message for bug 12184.
  2289. o Minor bugfixes (also in 0.2.4.23):
  2290. - Warn and drop the circuit if we receive an inbound 'relay early'
  2291. cell. Those used to be normal to receive on hidden service circuits
  2292. due to bug 1038, but the buggy Tor versions are long gone from
  2293. the network so we can afford to resume watching for them. Resolves
  2294. the rest of bug 1038; bugfix on 0.2.1.19.
  2295. - Correct a confusing error message when trying to extend a circuit
  2296. via the control protocol but we don't know a descriptor or
  2297. microdescriptor for one of the specified relays. Fixes bug 12718;
  2298. bugfix on 0.2.3.1-alpha.
  2299. o Minor bugfixes:
  2300. - Fix compilation when building with bufferevents enabled. (This
  2301. configuration is still not expected to work, however.)
  2302. Fixes bugs 12438, 12474, 11578; bugfixes on 0.2.5.1-alpha and
  2303. 0.2.5.3-alpha. Patches from Anthony G. Basile and Sathyanarayanan
  2304. Gunasekaran.
  2305. - Compile correctly with builds and forks of OpenSSL (such as
  2306. LibreSSL) that disable compression. Fixes bug 12602; bugfix on
  2307. 0.2.1.1-alpha. Patch from "dhill".
  2308. Changes in version 0.2.4.23 - 2014-07-28
  2309. Tor 0.2.4.23 brings us a big step closer to slowing down the risk from
  2310. guard rotation, and also backports several important fixes from the
  2311. Tor 0.2.5 alpha release series.
  2312. o Major features:
  2313. - Clients now look at the "usecreatefast" consensus parameter to
  2314. decide whether to use CREATE_FAST or CREATE cells for the first hop
  2315. of their circuit. This approach can improve security on connections
  2316. where Tor's circuit handshake is stronger than the available TLS
  2317. connection security levels, but the tradeoff is more computational
  2318. load on guard relays. Implements proposal 221. Resolves ticket 9386.
  2319. - Make the number of entry guards configurable via a new
  2320. NumEntryGuards consensus parameter, and the number of directory
  2321. guards configurable via a new NumDirectoryGuards consensus
  2322. parameter. Implements ticket 12688.
  2323. o Major bugfixes:
  2324. - Fix a bug in the bounds-checking in the 32-bit curve25519-donna
  2325. implementation that caused incorrect results on 32-bit
  2326. implementations when certain malformed inputs were used along with
  2327. a small class of private ntor keys. This bug does not currently
  2328. appear to allow an attacker to learn private keys or impersonate a
  2329. Tor server, but it could provide a means to distinguish 32-bit Tor
  2330. implementations from 64-bit Tor implementations. Fixes bug 12694;
  2331. bugfix on 0.2.4.8-alpha. Bug found by Robert Ransom; fix from
  2332. Adam Langley.
  2333. o Minor bugfixes:
  2334. - Warn and drop the circuit if we receive an inbound 'relay early'
  2335. cell. Those used to be normal to receive on hidden service circuits
  2336. due to bug 1038, but the buggy Tor versions are long gone from
  2337. the network so we can afford to resume watching for them. Resolves
  2338. the rest of bug 1038; bugfix on 0.2.1.19.
  2339. - Correct a confusing error message when trying to extend a circuit
  2340. via the control protocol but we don't know a descriptor or
  2341. microdescriptor for one of the specified relays. Fixes bug 12718;
  2342. bugfix on 0.2.3.1-alpha.
  2343. - Avoid an illegal read from stack when initializing the TLS
  2344. module using a version of OpenSSL without all of the ciphers
  2345. used by the v2 link handshake. Fixes bug 12227; bugfix on
  2346. 0.2.4.8-alpha. Found by "starlight".
  2347. o Minor features:
  2348. - Update geoip and geoip6 to the July 10 2014 Maxmind GeoLite2
  2349. Country database.
  2350. Changes in version 0.2.5.5-alpha - 2014-06-18
  2351. Tor 0.2.5.5-alpha fixes a wide variety of remaining issues in the Tor
  2352. 0.2.5.x release series, including a couple of DoS issues, some
  2353. performance regressions, a large number of bugs affecting the Linux
  2354. seccomp2 sandbox code, and various other bugfixes. It also adds
  2355. diagnostic bugfixes for a few tricky issues that we're trying to
  2356. track down.
  2357. o Major features (security, traffic analysis resistance):
  2358. - Several major improvements to the algorithm used to decide when to
  2359. close TLS connections. Previous versions of Tor closed connections
  2360. at a fixed interval after the last time a non-padding cell was
  2361. sent over the connection, regardless of the target of the
  2362. connection. Now, we randomize the intervals by adding up to 50% of
  2363. their base value, we measure the length of time since connection
  2364. last had at least one circuit, and we allow connections to known
  2365. ORs to remain open a little longer (15 minutes instead of 3
  2366. minutes minimum). These changes should improve Tor's resistance
  2367. against some kinds of traffic analysis, and lower some overhead
  2368. from needlessly closed connections. Fixes ticket 6799.
  2369. Incidentally fixes ticket 12023; bugfix on 0.2.5.1-alpha.
  2370. o Major bugfixes (security, OOM, new since 0.2.5.4-alpha, also in 0.2.4.22):
  2371. - Fix a memory leak that could occur if a microdescriptor parse
  2372. fails during the tokenizing step. This bug could enable a memory
  2373. exhaustion attack by directory servers. Fixes bug 11649; bugfix
  2374. on 0.2.2.6-alpha.
  2375. o Major bugfixes (security, directory authorities):
  2376. - Directory authorities now include a digest of each relay's
  2377. identity key as a part of its microdescriptor.
  2378. This is a workaround for bug 11743 (reported by "cypherpunks"),
  2379. where Tor clients do not support receiving multiple
  2380. microdescriptors with the same SHA256 digest in the same
  2381. consensus. When clients receive a consensus like this, they only
  2382. use one of the relays. Without this fix, a hostile relay could
  2383. selectively disable some client use of target relays by
  2384. constructing a router descriptor with a different identity and the
  2385. same microdescriptor parameters and getting the authorities to
  2386. list it in a microdescriptor consensus. This fix prevents an
  2387. attacker from causing a microdescriptor collision, because the
  2388. router's identity is not forgeable.
  2389. o Major bugfixes (relay):
  2390. - Use a direct dirport connection when uploading non-anonymous
  2391. descriptors to the directory authorities. Previously, relays would
  2392. incorrectly use tunnel connections under a fairly wide variety of
  2393. circumstances. Fixes bug 11469; bugfix on 0.2.4.3-alpha.
  2394. - When a circuit accidentally has the same circuit ID for its
  2395. forward and reverse direction, correctly detect the direction of
  2396. cells using that circuit. Previously, this bug made roughly one
  2397. circuit in a million non-functional. Fixes bug 12195; this is a
  2398. bugfix on every version of Tor.
  2399. o Major bugfixes (client, pluggable transports):
  2400. - When managing pluggable transports, use OS notification facilities
  2401. to learn if they have crashed, and don't attempt to kill any
  2402. process that has already exited. Fixes bug 8746; bugfix
  2403. on 0.2.3.6-alpha.
  2404. o Minor features (diagnostic):
  2405. - When logging a warning because of bug 7164, additionally check the
  2406. hash table for consistency (as proposed on ticket 11737). This may
  2407. help diagnose bug 7164.
  2408. - When we log a heartbeat, log how many one-hop circuits we have
  2409. that are at least 30 minutes old, and log status information about
  2410. a few of them. This is an attempt to track down bug 8387.
  2411. - When encountering an unexpected CR while writing text to a file on
  2412. Windows, log the name of the file. Should help diagnosing
  2413. bug 11233.
  2414. - Give more specific warnings when a client notices that an onion
  2415. handshake has failed. Fixes ticket 9635.
  2416. - Add significant new logging code to attempt to diagnose bug 12184,
  2417. where relays seem to run out of available circuit IDs.
  2418. - Improve the diagnostic log message for bug 8387 even further to
  2419. try to improve our odds of figuring out why one-hop directory
  2420. circuits sometimes do not get closed.
  2421. o Minor features (security, memory management):
  2422. - Memory allocation tricks (mempools and buffer freelists) are now
  2423. disabled by default. You can turn them back on with
  2424. --enable-mempools and --enable-buf-freelists respectively. We're
  2425. disabling these features because malloc performance is good enough
  2426. on most platforms, and a similar feature in OpenSSL exacerbated
  2427. exploitation of the Heartbleed attack. Resolves ticket 11476.
  2428. o Minor features (security):
  2429. - Apply the secure SipHash-2-4 function to the hash table mapping
  2430. circuit IDs and channels to circuits. We missed this one when we
  2431. were converting all the other hash functions to use SipHash back
  2432. in 0.2.5.3-alpha. Resolves ticket 11750.
  2433. o Minor features (build):
  2434. - The configure script has a --disable-seccomp option to turn off
  2435. support for libseccomp on systems that have it, in case it (or
  2436. Tor's use of it) is broken. Resolves ticket 11628.
  2437. o Minor features (other):
  2438. - Update geoip and geoip6 to the June 4 2014 Maxmind GeoLite2
  2439. Country database.
  2440. o Minor bugfixes (security, new since 0.2.5.4-alpha, also in 0.2.4.22):
  2441. - When running a hidden service, do not allow TunneledDirConns 0;
  2442. this will keep the hidden service from running, and also
  2443. make it publish its descriptors directly over HTTP. Fixes bug 10849;
  2444. bugfix on 0.2.1.1-alpha.
  2445. o Minor bugfixes (performance):
  2446. - Avoid a bug where every successful connection made us recompute
  2447. the flag telling us whether we have sufficient information to
  2448. build circuits. Previously, we would forget our cached value
  2449. whenever we successfully opened a channel (or marked a router as
  2450. running or not running for any other reason), regardless of
  2451. whether we had previously believed the router to be running. This
  2452. forced us to run an expensive update operation far too often.
  2453. Fixes bug 12170; bugfix on 0.1.2.1-alpha.
  2454. - Avoid using tor_memeq() for checking relay cell integrity. This
  2455. removes a possible performance bottleneck. Fixes part of bug
  2456. 12169; bugfix on 0.2.1.31.
  2457. o Minor bugfixes (compilation):
  2458. - Fix compilation of test_status.c when building with MVSC. Bugfix
  2459. on 0.2.5.4-alpha. Patch from Gisle Vanem.
  2460. - Resolve GCC complaints on OpenBSD about discarding constness in
  2461. TO_{ORIGIN,OR}_CIRCUIT functions. Fixes part of bug 11633; bugfix
  2462. on 0.1.1.23. Patch from Dana Koch.
  2463. - Resolve clang complaints on OpenBSD with -Wshorten-64-to-32 due to
  2464. treatment of long and time_t as comparable types. Fixes part of
  2465. bug 11633. Patch from Dana Koch.
  2466. - Make Tor compile correctly with --disable-buf-freelists. Fixes bug
  2467. 11623; bugfix on 0.2.5.3-alpha.
  2468. - When deciding whether to build the 64-bit curve25519
  2469. implementation, detect platforms where we can compile 128-bit
  2470. arithmetic but cannot link it. Fixes bug 11729; bugfix on
  2471. 0.2.4.8-alpha. Patch from "conradev".
  2472. - Fix compilation when DNS_CACHE_DEBUG is enabled. Fixes bug 11761;
  2473. bugfix on 0.2.3.13-alpha. Found by "cypherpunks".
  2474. - Fix compilation with dmalloc. Fixes bug 11605; bugfix
  2475. on 0.2.4.10-alpha.
  2476. o Minor bugfixes (Directory server):
  2477. - When sending a compressed set of descriptors or microdescriptors,
  2478. make sure to finalize the zlib stream. Previously, we would write
  2479. all the compressed data, but if the last descriptor we wanted to
  2480. send was missing or too old, we would not mark the stream as
  2481. finished. This caused problems for decompression tools. Fixes bug
  2482. 11648; bugfix on 0.1.1.23.
  2483. o Minor bugfixes (Linux seccomp sandbox):
  2484. - Make the seccomp sandbox code compile under ARM Linux. Fixes bug
  2485. 11622; bugfix on 0.2.5.1-alpha.
  2486. - Avoid crashing when re-opening listener ports with the seccomp
  2487. sandbox active. Fixes bug 12115; bugfix on 0.2.5.1-alpha.
  2488. - Avoid crashing with the seccomp sandbox enabled along with
  2489. ConstrainedSockets. Fixes bug 12139; bugfix on 0.2.5.1-alpha.
  2490. - When we receive a SIGHUP with the sandbox enabled, correctly
  2491. support rotating our log files. Fixes bug 12032; bugfix
  2492. on 0.2.5.1-alpha.
  2493. - Avoid crash when running with sandboxing enabled and
  2494. DirReqStatistics not disabled. Fixes bug 12035; bugfix
  2495. on 0.2.5.1-alpha.
  2496. - Fix a "BUG" warning when trying to write bridge-stats files with
  2497. the Linux syscall sandbox filter enabled. Fixes bug 12041; bugfix
  2498. on 0.2.5.1-alpha.
  2499. - Prevent the sandbox from crashing on startup when run with the
  2500. --enable-expensive-hardening configuration option. Fixes bug
  2501. 11477; bugfix on 0.2.5.4-alpha.
  2502. - When running with DirPortFrontPage and sandboxing both enabled,
  2503. reload the DirPortFrontPage correctly when restarting. Fixes bug
  2504. 12028; bugfix on 0.2.5.1-alpha.
  2505. - Don't try to enable the sandbox when using the Tor binary to check
  2506. its configuration, hash a passphrase, or so on. Doing so was
  2507. crashing on startup for some users. Fixes bug 11609; bugfix
  2508. on 0.2.5.1-alpha.
  2509. - Avoid warnings when running with sandboxing and node statistics
  2510. enabled at the same time. Fixes part of 12064; bugfix on
  2511. 0.2.5.1-alpha. Patch from Michael Wolf.
  2512. - Avoid warnings when running with sandboxing enabled at the same
  2513. time as cookie authentication, hidden services, or directory
  2514. authority voting. Fixes part of 12064; bugfix on 0.2.5.1-alpha.
  2515. - Do not allow options that require calls to exec to be enabled
  2516. alongside the seccomp2 sandbox: they will inevitably crash. Fixes
  2517. bug 12043; bugfix on 0.2.5.1-alpha.
  2518. - Handle failures in getpwnam()/getpwuid() when running with the
  2519. User option set and the Linux syscall sandbox enabled. Fixes bug
  2520. 11946; bugfix on 0.2.5.1-alpha.
  2521. - Refactor the getaddrinfo workaround that the seccomp sandbox uses
  2522. to avoid calling getaddrinfo() after installing the sandbox
  2523. filters. Previously, it preloaded a cache with the IPv4 address
  2524. for our hostname, and nothing else. Now, it loads the cache with
  2525. every address that it used to initialize the Tor process. Fixes
  2526. bug 11970; bugfix on 0.2.5.1-alpha.
  2527. o Minor bugfixes (pluggable transports):
  2528. - Enable the ExtORPortCookieAuthFile option, to allow changing the
  2529. default location of the authentication token for the extended OR
  2530. Port as used by sever-side pluggable transports. We had
  2531. implemented this option before, but the code to make it settable
  2532. had been omitted. Fixes bug 11635; bugfix on 0.2.5.1-alpha.
  2533. - Avoid another 60-second delay when starting Tor in a pluggable-
  2534. transport-using configuration when we already have cached
  2535. descriptors for our bridges. Fixes bug 11965; bugfix
  2536. on 0.2.3.6-alpha.
  2537. o Minor bugfixes (client):
  2538. - Avoid "Tried to open a socket with DisableNetwork set" warnings
  2539. when starting a client with bridges configured and DisableNetwork
  2540. set. (Tor launcher starts Tor with DisableNetwork set the first
  2541. time it runs.) Fixes bug 10405; bugfix on 0.2.3.9-alpha.
  2542. o Minor bugfixes (testing):
  2543. - The Python parts of the test scripts now work on Python 3 as well
  2544. as Python 2, so systems where '/usr/bin/python' is Python 3 will
  2545. no longer have the tests break. Fixes bug 11608; bugfix
  2546. on 0.2.5.2-alpha.
  2547. - When looking for versions of python that we could run the tests
  2548. with, check for "python2.7" and "python3.3"; previously we were
  2549. only looking for "python", "python2", and "python3". Patch from
  2550. Dana Koch. Fixes bug 11632; bugfix on 0.2.5.2-alpha.
  2551. - Fix all valgrind warnings produced by the unit tests. There were
  2552. over a thousand memory leak warnings previously, mostly produced
  2553. by forgetting to free things in the unit test code. Fixes bug
  2554. 11618, bugfixes on many versions of Tor.
  2555. o Minor bugfixes (tor-fw-helper):
  2556. - Give a correct log message when tor-fw-helper fails to launch.
  2557. (Previously, we would say something like "tor-fw-helper sent us a
  2558. string we could not parse".) Fixes bug 9781; bugfix
  2559. on 0.2.4.2-alpha.
  2560. o Minor bugfixes (relay, threading):
  2561. - Check return code on spawn_func() in cpuworker code, so that we
  2562. don't think we've spawned a nonworking cpuworker and write junk to
  2563. it forever. Fix related to bug 4345; bugfix on all released Tor
  2564. versions. Found by "skruffy".
  2565. - Use a pthread_attr to make sure that spawn_func() cannot return an
  2566. error while at the same time launching a thread. Fix related to
  2567. bug 4345; bugfix on all released Tor versions. Reported
  2568. by "cypherpunks".
  2569. o Minor bugfixes (relay, oom prevention):
  2570. - Correctly detect the total available system memory. We tried to do
  2571. this in 0.2.5.4-alpha, but the code was set up to always return an
  2572. error value, even on success. Fixes bug 11805; bugfix
  2573. on 0.2.5.4-alpha.
  2574. o Minor bugfixes (relay, other):
  2575. - We now drop CREATE cells for already-existent circuit IDs and for
  2576. zero-valued circuit IDs, regardless of other factors that might
  2577. otherwise have called for DESTROY cells. Fixes bug 12191; bugfix
  2578. on 0.0.8pre1.
  2579. - Avoid an illegal read from stack when initializing the TLS module
  2580. using a version of OpenSSL without all of the ciphers used by the
  2581. v2 link handshake. Fixes bug 12227; bugfix on 0.2.4.8-alpha. Found
  2582. by "starlight".
  2583. - When rejecting DATA cells for stream_id zero, still count them
  2584. against the circuit's deliver window so that we don't fail to send
  2585. a SENDME. Fixes bug 11246; bugfix on 0.2.4.10-alpha.
  2586. o Minor bugfixes (logging):
  2587. - Fix a misformatted log message about delayed directory fetches.
  2588. Fixes bug 11654; bugfix on 0.2.5.3-alpha.
  2589. - Squelch a spurious LD_BUG message "No origin circuit for
  2590. successful SOCKS stream" in certain hidden service failure cases;
  2591. fixes bug 10616.
  2592. o Distribution:
  2593. - Include a tor.service file in contrib/dist for use with systemd.
  2594. Some distributions will be able to use this file unmodified;
  2595. others will need to tweak it, or write their own. Patch from Jamie
  2596. Nguyen; resolves ticket 8368.
  2597. o Documentation:
  2598. - Clean up several option names in the manpage to match their real
  2599. names, add the missing documentation for a couple of testing and
  2600. directory authority options, remove the documentation for a
  2601. V2-directory fetching option that no longer exists. Resolves
  2602. ticket 11634.
  2603. - Correct the documenation so that it lists the correct directory
  2604. for the stats files. (They are in a subdirectory called "stats",
  2605. not "status".)
  2606. - In the manpage, move more authority-only options into the
  2607. directory authority section so that operators of regular directory
  2608. caches don't get confused.
  2609. o Package cleanup:
  2610. - The contrib directory has been sorted and tidied. Before, it was
  2611. an unsorted dumping ground for useful and not-so-useful things.
  2612. Now, it is divided based on functionality, and the items which
  2613. seemed to be nonfunctional or useless have been removed. Resolves
  2614. ticket 8966; based on patches from "rl1987".
  2615. o Removed code:
  2616. - Remove /tor/dbg-stability.txt URL that was meant to help debug WFU
  2617. and MTBF calculations, but that nobody was using. Fixes ticket 11742.
  2618. - The TunnelDirConns and PreferTunnelledDirConns options no longer
  2619. exist; tunneled directory connections have been available since
  2620. 0.1.2.5-alpha, and turning them off is not a good idea. This is a
  2621. brute-force fix for 10849, where "TunnelDirConns 0" would break
  2622. hidden services.
  2623. Changes in version 0.2.4.22 - 2014-05-16
  2624. Tor 0.2.4.22 backports numerous high-priority fixes from the Tor 0.2.5
  2625. alpha release series. These include blocking all authority signing
  2626. keys that may have been affected by the OpenSSL "heartbleed" bug,
  2627. choosing a far more secure set of TLS ciphersuites by default, closing
  2628. a couple of memory leaks that could be used to run a target relay out
  2629. of RAM, and several others.
  2630. o Major features (security, backport from 0.2.5.4-alpha):
  2631. - Block authority signing keys that were used on authorities
  2632. vulnerable to the "heartbleed" bug in OpenSSL (CVE-2014-0160). (We
  2633. don't have any evidence that these keys _were_ compromised; we're
  2634. doing this to be prudent.) Resolves ticket 11464.
  2635. o Major bugfixes (security, OOM):
  2636. - Fix a memory leak that could occur if a microdescriptor parse
  2637. fails during the tokenizing step. This bug could enable a memory
  2638. exhaustion attack by directory servers. Fixes bug 11649; bugfix
  2639. on 0.2.2.6-alpha.
  2640. o Major bugfixes (TLS cipher selection, backport from 0.2.5.4-alpha):
  2641. - The relay ciphersuite list is now generated automatically based on
  2642. uniform criteria, and includes all OpenSSL ciphersuites with
  2643. acceptable strength and forward secrecy. Previously, we had left
  2644. some perfectly fine ciphersuites unsupported due to omission or
  2645. typo. Resolves bugs 11513, 11492, 11498, 11499. Bugs reported by
  2646. 'cypherpunks'. Bugfix on 0.2.4.8-alpha.
  2647. - Relays now trust themselves to have a better view than clients of
  2648. which TLS ciphersuites are better than others. (Thanks to bug
  2649. 11513, the relay list is now well-considered, whereas the client
  2650. list has been chosen mainly for anti-fingerprinting purposes.)
  2651. Relays prefer: AES over 3DES; then ECDHE over DHE; then GCM over
  2652. CBC; then SHA384 over SHA256 over SHA1; and last, AES256 over
  2653. AES128. Resolves ticket 11528.
  2654. - Clients now try to advertise the same list of ciphersuites as
  2655. Firefox 28. This change enables selection of (fast) GCM
  2656. ciphersuites, disables some strange old ciphers, and stops
  2657. advertising the ECDH (not to be confused with ECDHE) ciphersuites.
  2658. Resolves ticket 11438.
  2659. o Minor bugfixes (configuration, security):
  2660. - When running a hidden service, do not allow TunneledDirConns 0:
  2661. trying to set that option together with a hidden service would
  2662. otherwise prevent the hidden service from running, and also make
  2663. it publish its descriptors directly over HTTP. Fixes bug 10849;
  2664. bugfix on 0.2.1.1-alpha.
  2665. o Minor bugfixes (controller, backport from 0.2.5.4-alpha):
  2666. - Avoid sending a garbage value to the controller when a circuit is
  2667. cannibalized. Fixes bug 11519; bugfix on 0.2.3.11-alpha.
  2668. o Minor bugfixes (exit relay, backport from 0.2.5.4-alpha):
  2669. - Stop leaking memory when we successfully resolve a PTR record.
  2670. Fixes bug 11437; bugfix on 0.2.4.7-alpha.
  2671. o Minor bugfixes (bridge client, backport from 0.2.5.4-alpha):
  2672. - Avoid 60-second delays in the bootstrapping process when Tor is
  2673. launching for a second time while using bridges. Fixes bug 9229;
  2674. bugfix on 0.2.0.3-alpha.
  2675. o Minor bugfixes (relays and bridges, backport from 0.2.5.4-alpha):
  2676. - Give the correct URL in the warning message when trying to run a
  2677. relay on an ancient version of Windows. Fixes bug 9393.
  2678. o Minor bugfixes (compilation):
  2679. - Fix a compilation error when compiling with --disable-curve25519.
  2680. Fixes bug 9700; bugfix on 0.2.4.17-rc.
  2681. o Minor bugfixes:
  2682. - Downgrade the warning severity for the the "md was still
  2683. referenced 1 node(s)" warning. Tor 0.2.5.4-alpha has better code
  2684. for trying to diagnose this bug, and the current warning in
  2685. earlier versions of tor achieves nothing useful. Addresses warning
  2686. from bug 7164.
  2687. o Minor features (log verbosity, backport from 0.2.5.4-alpha):
  2688. - When we run out of usable circuit IDs on a channel, log only one
  2689. warning for the whole channel, and describe how many circuits
  2690. there were on the channel. Fixes part of ticket 11553.
  2691. o Minor features (security, backport from 0.2.5.4-alpha):
  2692. - Decrease the lower limit of MaxMemInCellQueues to 256 MBytes (but
  2693. leave the default at 8GBytes), to better support Raspberry Pi
  2694. users. Fixes bug 9686; bugfix on 0.2.4.14-alpha.
  2695. o Documentation (backport from 0.2.5.4-alpha):
  2696. - Correctly document that we search for a system torrc file before
  2697. looking in ~/.torrc. Fixes documentation side of 9213; bugfix on
  2698. 0.2.3.18-rc.
  2699. Changes in version 0.2.5.4-alpha - 2014-04-25
  2700. Tor 0.2.5.4-alpha includes several security and performance
  2701. improvements for clients and relays, including blacklisting authority
  2702. signing keys that were used while susceptible to the OpenSSL
  2703. "heartbleed" bug, fixing two expensive functions on busy relays,
  2704. improved TLS ciphersuite preference lists, support for run-time
  2705. hardening on compilers that support AddressSanitizer, and more work on
  2706. the Linux sandbox code.
  2707. There are also several usability fixes for clients (especially clients
  2708. that use bridges), two new TransPort protocols supported (one on
  2709. OpenBSD, one on FreeBSD), and various other bugfixes.
  2710. This release marks end-of-life for Tor 0.2.2.x; those Tor versions
  2711. have accumulated many known flaws; everyone should upgrade.
  2712. o Major features (security):
  2713. - If you don't specify MaxMemInQueues yourself, Tor now tries to
  2714. pick a good value based on your total system memory. Previously,
  2715. the default was always 8 GB. You can still override the default by
  2716. setting MaxMemInQueues yourself. Resolves ticket 11396.
  2717. - Block authority signing keys that were used on authorities
  2718. vulnerable to the "heartbleed" bug in OpenSSL (CVE-2014-0160). (We
  2719. don't have any evidence that these keys _were_ compromised; we're
  2720. doing this to be prudent.) Resolves ticket 11464.
  2721. o Major features (relay performance):
  2722. - Speed up server-side lookups of rendezvous and introduction point
  2723. circuits by using hashtables instead of linear searches. These
  2724. functions previously accounted between 3 and 7% of CPU usage on
  2725. some busy relays. Resolves ticket 9841.
  2726. - Avoid wasting CPU when extending a circuit over a channel that is
  2727. nearly out of circuit IDs. Previously, we would do a linear scan
  2728. over possible circuit IDs before finding one or deciding that we
  2729. had exhausted our possibilities. Now, we try at most 64 random
  2730. circuit IDs before deciding that we probably won't succeed. Fixes
  2731. a possible root cause of ticket 11553.
  2732. o Major features (seccomp2 sandbox, Linux only):
  2733. - The seccomp2 sandbox can now run a test network for multiple hours
  2734. without crashing. The sandbox is still experimental, and more bugs
  2735. will probably turn up. To try it, enable "Sandbox 1" on a Linux
  2736. host. Resolves ticket 11351.
  2737. - Strengthen sandbox code: the sandbox can now test the arguments
  2738. for rename(), and blocks _sysctl() entirely. Resolves another part
  2739. of ticket 11351.
  2740. - When the sandbox blocks a system call, it now tries to log a stack
  2741. trace before exiting. Resolves ticket 11465.
  2742. o Major bugfixes (TLS cipher selection):
  2743. - The relay ciphersuite list is now generated automatically based on
  2744. uniform criteria, and includes all OpenSSL ciphersuites with
  2745. acceptable strength and forward secrecy. Previously, we had left
  2746. some perfectly fine ciphersuites unsupported due to omission or
  2747. typo. Resolves bugs 11513, 11492, 11498, 11499. Bugs reported by
  2748. 'cypherpunks'. Bugfix on 0.2.4.8-alpha.
  2749. - Relays now trust themselves to have a better view than clients of
  2750. which TLS ciphersuites are better than others. (Thanks to bug
  2751. 11513, the relay list is now well-considered, whereas the client
  2752. list has been chosen mainly for anti-fingerprinting purposes.)
  2753. Relays prefer: AES over 3DES; then ECDHE over DHE; then GCM over
  2754. CBC; then SHA384 over SHA256 over SHA1; and last, AES256 over
  2755. AES128. Resolves ticket 11528.
  2756. - Clients now try to advertise the same list of ciphersuites as
  2757. Firefox 28. This change enables selection of (fast) GCM
  2758. ciphersuites, disables some strange old ciphers, and stops
  2759. advertising the ECDH (not to be confused with ECDHE) ciphersuites.
  2760. Resolves ticket 11438.
  2761. o Major bugfixes (bridge client):
  2762. - Avoid 60-second delays in the bootstrapping process when Tor is
  2763. launching for a second time while using bridges. Fixes bug 9229;
  2764. bugfix on 0.2.0.3-alpha.
  2765. o Minor features (transparent proxy, *BSD):
  2766. - Support FreeBSD's ipfw firewall interface for TransPort ports on
  2767. FreeBSD. To enable it, set "TransProxyType ipfw". Resolves ticket
  2768. 10267; patch from "yurivict".
  2769. - Support OpenBSD's divert-to rules with the pf firewall for
  2770. transparent proxy ports. To enable it, set "TransProxyType
  2771. pf-divert". This allows Tor to run a TransPort transparent proxy
  2772. port on OpenBSD 4.4 or later without root privileges. See the
  2773. pf.conf(5) manual page for information on configuring pf to use
  2774. divert-to rules. Closes ticket 10896; patch from Dana Koch.
  2775. o Minor features (security):
  2776. - New --enable-expensive-hardening option to enable security
  2777. hardening options that consume nontrivial amounts of CPU and
  2778. memory. Right now, this includes AddressSanitizer and UbSan, which
  2779. are supported in newer versions of GCC and Clang. Closes ticket
  2780. 11477.
  2781. o Minor features (log verbosity):
  2782. - Demote the message that we give when a flushing connection times
  2783. out for too long from NOTICE to INFO. It was usually meaningless.
  2784. Resolves ticket 5286.
  2785. - Don't log so many notice-level bootstrapping messages at startup
  2786. about downloading descriptors. Previously, we'd log a notice
  2787. whenever we learned about more routers. Now, we only log a notice
  2788. at every 5% of progress. Fixes bug 9963.
  2789. - Warn less verbosely when receiving a malformed
  2790. ESTABLISH_RENDEZVOUS cell. Fixes ticket 11279.
  2791. - When we run out of usable circuit IDs on a channel, log only one
  2792. warning for the whole channel, and describe how many circuits
  2793. there were on the channel. Fixes part of ticket 11553.
  2794. o Minor features (relay):
  2795. - If a circuit timed out for at least 3 minutes, check if we have a
  2796. new external IP address, and publish a new descriptor with the new
  2797. IP address if it changed. Resolves ticket 2454.
  2798. o Minor features (controller):
  2799. - Make the entire exit policy available from the control port via
  2800. GETINFO exit-policy/*. Implements enhancement 7952. Patch from
  2801. "rl1987".
  2802. - Because of the fix for ticket 11396, the real limit for memory
  2803. usage may no longer match the configured MaxMemInQueues value. The
  2804. real limit is now exposed via GETINFO limits/max-mem-in-queues.
  2805. o Minor features (bridge client):
  2806. - Report a more useful failure message when we can't connect to a
  2807. bridge because we don't have the right pluggable transport
  2808. configured. Resolves ticket 9665. Patch from Fábio J. Bertinatto.
  2809. o Minor features (diagnostic):
  2810. - Add more log messages to diagnose bug 7164, which causes
  2811. intermittent "microdesc_free() called but md was still referenced"
  2812. warnings. We now include more information, to figure out why we
  2813. might be cleaning a microdescriptor for being too old if it's
  2814. still referenced by a live node_t object.
  2815. o Minor bugfixes (client, DNSPort):
  2816. - When using DNSPort, try to respond to AAAA requests with AAAA
  2817. answers. Previously, we hadn't looked at the request type when
  2818. deciding which answer type to prefer. Fixes bug 10468; bugfix on
  2819. 0.2.4.7-alpha.
  2820. - When receiving a DNS query for an unsupported record type, reply
  2821. with no answer rather than with a NOTIMPL error. This behavior
  2822. isn't correct either, but it will break fewer client programs, we
  2823. hope. Fixes bug 10268; bugfix on 0.2.0.1-alpha. Original patch
  2824. from "epoch".
  2825. o Minor bugfixes (exit relay):
  2826. - Stop leaking memory when we successfully resolve a PTR record.
  2827. Fixes bug 11437; bugfix on 0.2.4.7-alpha.
  2828. o Minor bugfixes (bridge client):
  2829. - Stop accepting bridge lines containing hostnames. Doing so would
  2830. cause clients to perform DNS requests on the hostnames, which was
  2831. not sensible behavior. Fixes bug 10801; bugfix on 0.2.0.1-alpha.
  2832. - Avoid a 60-second delay in the bootstrapping process when a Tor
  2833. client with pluggable transports re-reads its configuration at
  2834. just the wrong time. Re-fixes bug 11156; bugfix on 0.2.5.3-alpha.
  2835. o Minor bugfixes (client, logging during bootstrap):
  2836. - Warn only once if we start logging in an unsafe way. Previously,
  2837. we complain as many times as we had problems. Fixes bug 9870;
  2838. bugfix on 0.2.5.1-alpha.
  2839. - Only report the first fatal bootstrap error on a given OR
  2840. connection. This stops us from telling the controller bogus error
  2841. messages like "DONE". Fixes bug 10431; bugfix on 0.2.1.1-alpha.
  2842. - Be more helpful when trying to run sandboxed on Linux without
  2843. libseccomp. Instead of saying "Sandbox is not implemented on this
  2844. platform", we now explain that we need to be built with
  2845. libseccomp. Fixes bug 11543; bugfix on 0.2.5.1-alpha.
  2846. - Avoid generating spurious warnings when starting with
  2847. DisableNetwork enabled. Fixes bug 11200 and bug 10405; bugfix on
  2848. 0.2.3.9-alpha.
  2849. o Minor bugfixes (closing OR connections):
  2850. - If write_to_buf() in connection_write_to_buf_impl_() ever fails,
  2851. check if it's an or_connection_t and correctly call
  2852. connection_or_close_for_error() rather than
  2853. connection_mark_for_close() directly. Fixes bug 11304; bugfix on
  2854. 0.2.4.4-alpha.
  2855. - When closing all connections on setting DisableNetwork to 1, use
  2856. connection_or_close_normally() rather than closing OR connections
  2857. out from under the channel layer. Fixes bug 11306; bugfix on
  2858. 0.2.4.4-alpha.
  2859. o Minor bugfixes (controller):
  2860. - Avoid sending a garbage value to the controller when a circuit is
  2861. cannibalized. Fixes bug 11519; bugfix on 0.2.3.11-alpha.
  2862. o Minor bugfixes (tor-fw-helper):
  2863. - Allow tor-fw-helper to build again by adding src/ext to its
  2864. CPPFLAGS. Fixes bug 11296; bugfix on 0.2.5.3-alpha.
  2865. o Minor bugfixes (bridges):
  2866. - Avoid potential crashes or bad behavior when launching a
  2867. server-side managed proxy with ORPort or ExtORPort temporarily
  2868. disabled. Fixes bug 9650; bugfix on 0.2.3.16-alpha.
  2869. o Minor bugfixes (platform-specific):
  2870. - Fix compilation on Solaris, which does not have <endian.h>. Fixes
  2871. bug 11426; bugfix on 0.2.5.3-alpha.
  2872. - When dumping a malformed directory object to disk, save it in
  2873. binary mode on Windows, not text mode. Fixes bug 11342; bugfix on
  2874. 0.2.2.1-alpha.
  2875. - Don't report failures from make_socket_reuseable() on incoming
  2876. sockets on OSX: this can happen when incoming connections close
  2877. early. Fixes bug 10081.
  2878. o Minor bugfixes (trivial memory leaks):
  2879. - Fix a small memory leak when signing a directory object. Fixes bug
  2880. 11275; bugfix on 0.2.4.13-alpha.
  2881. - Free placeholder entries in our circuit table at exit; fixes a
  2882. harmless memory leak. Fixes bug 11278; bugfix on 0.2.5.1-alpha.
  2883. - Don't re-initialize a second set of OpenSSL mutexes when starting
  2884. up. Previously, we'd make one set of mutexes, and then immediately
  2885. replace them with another. Fixes bug 11726; bugfix on
  2886. 0.2.5.3-alpha.
  2887. - Resolve some memory leaks found by coverity in the unit tests, on
  2888. exit in tor-gencert, and on a failure to compute digests for our
  2889. own keys when generating a v3 networkstatus vote. These leaks
  2890. should never have affected anyone in practice.
  2891. o Minor bugfixes (hidden service):
  2892. - Only retry attempts to connect to a chosen rendezvous point 8
  2893. times, not 30. Fixes bug 4241; bugfix on 0.1.0.1-rc.
  2894. o Minor bugfixes (misc code correctness):
  2895. - Fix various instances of undefined behavior in channeltls.c,
  2896. tor_memmem(), and eventdns.c that would cause us to construct
  2897. pointers to memory outside an allocated object. (These invalid
  2898. pointers were not accessed, but C does not even allow them to
  2899. exist.) Fixes bug 10363; bugfixes on 0.1.1.1-alpha, 0.1.2.1-alpha,
  2900. 0.2.0.10-alpha, and 0.2.3.6-alpha. Reported by "bobnomnom".
  2901. - Use the AddressSanitizer and Ubsan sanitizers (in clang-3.4) to
  2902. fix some miscellaneous errors in our tests and codebase. Fixes bug
  2903. 11232. Bugfixes on versions back as far as 0.2.1.11-alpha.
  2904. - Always check return values for unlink, munmap, UnmapViewOfFile;
  2905. check strftime return values more often. In some cases all we can
  2906. do is report a warning, but this may help prevent deeper bugs from
  2907. going unnoticed. Closes ticket 8787; bugfixes on many, many tor
  2908. versions.
  2909. - Fix numerous warnings from the clang "scan-build" static analyzer.
  2910. Some of these are programming style issues; some of them are false
  2911. positives that indicated awkward code; some are undefined behavior
  2912. cases related to constructing (but not using) invalid pointers;
  2913. some are assumptions about API behavior; some are (harmlessly)
  2914. logging sizeof(ptr) bytes from a token when sizeof(*ptr) would be
  2915. correct; and one or two are genuine bugs that weren't reachable
  2916. from the rest of the program. Fixes bug 8793; bugfixes on many,
  2917. many tor versions.
  2918. o Documentation:
  2919. - Build the torify.1 manpage again. Previously, we were only trying
  2920. to build it when also building tor-fw-helper. That's why we didn't
  2921. notice that we'd broken the ability to build it. Fixes bug 11321;
  2922. bugfix on 0.2.5.1-alpha.
  2923. - Fix the layout of the SOCKSPort flags in the manpage. Fixes bug
  2924. 11061; bugfix on 0.2.4.7-alpha.
  2925. - Correctly document that we search for a system torrc file before
  2926. looking in ~/.torrc. Fixes documentation side of 9213; bugfix on
  2927. 0.2.3.18-rc.
  2928. - Resolve warnings from Doxygen.
  2929. o Code simplifications and refactoring:
  2930. - Remove is_internal_IP() function. Resolves ticket 4645.
  2931. - Remove unused function circuit_dump_by_chan from circuitlist.c.
  2932. Closes issue 9107; patch from "marek".
  2933. - Change our use of the ENUM_BF macro to avoid declarations that
  2934. confuse Doxygen.
  2935. o Deprecated versions:
  2936. - Tor 0.2.2.x has reached end-of-life; it has received no patches or
  2937. attention for some while. Directory authorities no longer accept
  2938. descriptors from relays running any version of Tor prior to Tor
  2939. 0.2.3.16-alpha. Resolves ticket 11149.
  2940. o Testing:
  2941. - New macros in test.h to simplify writing mock-functions for unit
  2942. tests. Part of ticket 11507. Patch from Dana Koch.
  2943. - Complete tests for the status.c module. Resolves ticket 11507.
  2944. Patch from Dana Koch.
  2945. o Removed code:
  2946. - Remove all code for the long unused v1 directory protocol.
  2947. Resolves ticket 11070.
  2948. Changes in version 0.2.5.3-alpha - 2014-03-22
  2949. Tor 0.2.5.3-alpha includes all the fixes from 0.2.4.21. It contains
  2950. two new anti-DoS features for Tor relays, resolves a bug that kept
  2951. SOCKS5 support for IPv6 from working, fixes several annoying usability
  2952. issues for bridge users, and removes more old code for unused
  2953. directory formats.
  2954. The Tor 0.2.5.x release series is now in patch-freeze: no feature
  2955. patches not already written will be considered for inclusion in 0.2.5.x.
  2956. o Major features (relay security, DoS-resistance):
  2957. - When deciding whether we have run out of memory and we need to
  2958. close circuits, also consider memory allocated in buffers for
  2959. streams attached to each circuit.
  2960. This change, which extends an anti-DoS feature introduced in
  2961. 0.2.4.13-alpha and improved in 0.2.4.14-alpha, lets Tor exit relays
  2962. better resist more memory-based DoS attacks than before. Since the
  2963. MaxMemInCellQueues option now applies to all queues, it is renamed
  2964. to MaxMemInQueues. This feature fixes bug 10169.
  2965. - Avoid hash-flooding denial-of-service attacks by using the secure
  2966. SipHash-2-4 hash function for our hashtables. Without this
  2967. feature, an attacker could degrade performance of a targeted
  2968. client or server by flooding their data structures with a large
  2969. number of entries to be stored at the same hash table position,
  2970. thereby slowing down the Tor instance. With this feature, hash
  2971. table positions are derived from a randomized cryptographic key,
  2972. and an attacker cannot predict which entries will collide. Closes
  2973. ticket 4900.
  2974. - Decrease the lower limit of MaxMemInQueues to 256 MBytes (but leave
  2975. the default at 8GBytes), to better support Raspberry Pi users. Fixes
  2976. bug 9686; bugfix on 0.2.4.14-alpha.
  2977. o Minor features (bridges, pluggable transports):
  2978. - Bridges now write the SHA1 digest of their identity key
  2979. fingerprint (that is, a hash of a hash of their public key) to
  2980. notice-level logs, and to a new hashed-fingerprint file. This
  2981. information will help bridge operators look up their bridge in
  2982. Globe and similar tools. Resolves ticket 10884.
  2983. - Improve the message that Tor displays when running as a bridge
  2984. using pluggable transports without an Extended ORPort listener.
  2985. Also, log the message in the log file too. Resolves ticket 11043.
  2986. o Minor features (other):
  2987. - Add a new option, PredictedPortsRelevanceTime, to control how long
  2988. after having received a request to connect to a given port Tor
  2989. will try to keep circuits ready in anticipation of future requests
  2990. for that port. Patch from "unixninja92"; implements ticket 9176.
  2991. - Generate a warning if any ports are listed in the SocksPolicy,
  2992. DirPolicy, AuthDirReject, AuthDirInvalid, AuthDirBadDir, or
  2993. AuthDirBadExit options. (These options only support address
  2994. ranges.) Fixes part of ticket 11108.
  2995. - Update geoip and geoip6 to the February 7 2014 Maxmind GeoLite2
  2996. Country database.
  2997. o Minor bugfixes (new since 0.2.5.2-alpha, also in 0.2.4.21):
  2998. - Build without warnings under clang 3.4. (We have some macros that
  2999. define static functions only some of which will get used later in
  3000. the module. Starting with clang 3.4, these give a warning unless the
  3001. unused attribute is set on them.) Resolves ticket 10904.
  3002. - Fix build warnings about missing "a2x" comment when building the
  3003. manpages from scratch on OpenBSD; OpenBSD calls it "a2x.py".
  3004. Fixes bug 10929; bugfix on 0.2.2.9-alpha. Patch from Dana Koch.
  3005. o Minor bugfixes (client):
  3006. - Improve the log message when we can't connect to a hidden service
  3007. because all of the hidden service directory nodes hosting its
  3008. descriptor are excluded. Improves on our fix for bug 10722, which
  3009. was a bugfix on 0.2.0.10-alpha.
  3010. - Raise a control port warning when we fail to connect to all of
  3011. our bridges. Previously, we didn't inform the controller, and
  3012. the bootstrap process would stall. Fixes bug 11069; bugfix on
  3013. 0.2.1.2-alpha.
  3014. - Exit immediately when a process-owning controller exits.
  3015. Previously, tor relays would wait for a little while after their
  3016. controller exited, as if they had gotten an INT signal -- but this
  3017. was problematic, since there was no feedback for the user. To do a
  3018. clean shutdown, controllers should send an INT signal and give Tor
  3019. a chance to clean up. Fixes bug 10449; bugfix on 0.2.2.28-beta.
  3020. - Stop attempting to connect to bridges before our pluggable
  3021. transports are configured (harmless but resulted in some erroneous
  3022. log messages). Fixes bug 11156; bugfix on 0.2.3.2-alpha.
  3023. - Fix connections to IPv6 addresses over SOCKS5. Previously, we were
  3024. generating incorrect SOCKS5 responses, and confusing client
  3025. applications. Fixes bug 10987; bugfix on 0.2.4.7-alpha.
  3026. o Minor bugfixes (relays and bridges):
  3027. - Avoid crashing on a malformed resolv.conf file when running a
  3028. relay using Libevent 1. Fixes bug 8788; bugfix on 0.1.1.23.
  3029. - Non-exit relays no longer launch mock DNS requests to check for
  3030. DNS hijacking. This has been unnecessary since 0.2.1.7-alpha, when
  3031. non-exit relays stopped servicing DNS requests. Fixes bug 965;
  3032. bugfix on 0.2.1.7-alpha. Patch from Matt Pagan.
  3033. - Bridges now report complete directory request statistics. Related
  3034. to bug 5824; bugfix on 0.2.2.1-alpha.
  3035. - Bridges now never collect statistics that were designed for
  3036. relays. Fixes bug 5824; bugfix on 0.2.3.8-alpha.
  3037. - Stop giving annoying warning messages when we decide not to launch
  3038. a pluggable transport proxy that we don't need (because there are
  3039. no bridges configured to use it). Resolves ticket 5018; bugfix
  3040. on 0.2.5.2-alpha.
  3041. - Give the correct URL in the warning message when trying to run a
  3042. relay on an ancient version of Windows. Fixes bug 9393.
  3043. o Minor bugfixes (backtrace support):
  3044. - Support automatic backtraces on more platforms by using the
  3045. "-fasynchronous-unwind-tables" compiler option. This option is
  3046. needed for platforms like 32-bit Intel where "-fomit-frame-pointer"
  3047. is on by default and table generation is not. This doesn't yet
  3048. add Windows support; only Linux, OSX, and some BSDs are affected.
  3049. Reported by 'cypherpunks'; fixes bug 11047; bugfix on 0.2.5.2-alpha.
  3050. - Avoid strange behavior if two threads hit failed assertions at the
  3051. same time and both try to log backtraces at once. (Previously, if
  3052. this had happened, both threads would have stored their intermediate
  3053. results in the same buffer, and generated junk outputs.) Reported by
  3054. "cypherpunks". Fixes bug 11048; bugfix on 0.2.5.2-alpha.
  3055. - Fix a compiler warning in format_number_sigsafe(). Bugfix on
  3056. 0.2.5.2-alpha; patch from Nick Hopper.
  3057. o Minor bugfixes (unit tests):
  3058. - Fix a small bug in the unit tests that might have made the tests
  3059. call 'chmod' with an uninitialized bitmask. Fixes bug 10928;
  3060. bugfix on 0.2.5.1-alpha. Patch from Dana Koch.
  3061. o Removed code:
  3062. - Remove all remaining code related to version-0 hidden service
  3063. descriptors: they have not been in use since 0.2.2.1-alpha. Fixes
  3064. the rest of bug 10841.
  3065. o Documentation:
  3066. - Document in the manpage that "KBytes" may also be written as
  3067. "kilobytes" or "KB", that "Kbits" may also be written as
  3068. "kilobits", and so forth. Closes ticket 9222.
  3069. - Document that the ClientOnly config option overrides ORPort.
  3070. Our old explanation made ClientOnly sound as though it did
  3071. nothing at all. Resolves bug 9059.
  3072. - Explain that SocksPolicy, DirPolicy, and similar options don't
  3073. take port arguments. Fixes the other part of ticket 11108.
  3074. - Fix a comment about the rend_server_descriptor_t.protocols field
  3075. to more accurately describe its range. Also, make that field
  3076. unsigned, to more accurately reflect its usage. Fixes bug 9099;
  3077. bugfix on 0.2.1.5-alpha.
  3078. - Fix the manpage's description of HiddenServiceAuthorizeClient:
  3079. the maximum client name length is 16, not 19. Fixes bug 11118;
  3080. bugfix on 0.2.1.6-alpha.
  3081. o Code simplifications and refactoring:
  3082. - Get rid of router->address, since in all cases it was just the
  3083. string representation of router->addr. Resolves ticket 5528.
  3084. o Test infrastructure:
  3085. - Update to the latest version of tinytest.
  3086. - Improve the tinytest implementation of string operation tests so
  3087. that comparisons with NULL strings no longer crash the tests; they
  3088. now just fail, normally. Fixes bug 9004; bugfix on 0.2.2.4-alpha.
  3089. Changes in version 0.2.4.21 - 2014-02-28
  3090. Tor 0.2.4.21 further improves security against potential adversaries who
  3091. find breaking 1024-bit crypto doable, and backports several stability
  3092. and robustness patches from the 0.2.5 branch.
  3093. o Major features (client security):
  3094. - When we choose a path for a 3-hop circuit, make sure it contains
  3095. at least one relay that supports the NTor circuit extension
  3096. handshake. Otherwise, there is a chance that we're building
  3097. a circuit that's worth attacking by an adversary who finds
  3098. breaking 1024-bit crypto doable, and that chance changes the game
  3099. theory. Implements ticket 9777.
  3100. o Major bugfixes:
  3101. - Do not treat streams that fail with reason
  3102. END_STREAM_REASON_INTERNAL as indicating a definite circuit failure,
  3103. since it could also indicate an ENETUNREACH connection error. Fixes
  3104. part of bug 10777; bugfix on 0.2.4.8-alpha.
  3105. o Code simplification and refactoring:
  3106. - Remove data structures which were introduced to implement the
  3107. CellStatistics option: they are now redundant with the new timestamp
  3108. field in the regular packed_cell_t data structure, which we did
  3109. in 0.2.4.18-rc in order to resolve bug 9093. Resolves ticket 10870.
  3110. o Minor features:
  3111. - Always clear OpenSSL bignums before freeing them -- even bignums
  3112. that don't contain secrets. Resolves ticket 10793. Patch by
  3113. Florent Daigniere.
  3114. - Build without warnings under clang 3.4. (We have some macros that
  3115. define static functions only some of which will get used later in
  3116. the module. Starting with clang 3.4, these give a warning unless the
  3117. unused attribute is set on them.) Resolves ticket 10904.
  3118. - Update geoip and geoip6 files to the February 7 2014 Maxmind
  3119. GeoLite2 Country database.
  3120. o Minor bugfixes:
  3121. - Set the listen() backlog limit to the largest actually supported
  3122. on the system, not to the value in a header file. Fixes bug 9716;
  3123. bugfix on every released Tor.
  3124. - Treat ENETUNREACH, EACCES, and EPERM connection failures at an
  3125. exit node as a NOROUTE error, not an INTERNAL error, since they
  3126. can apparently happen when trying to connect to the wrong sort
  3127. of netblocks. Fixes part of bug 10777; bugfix on 0.1.0.1-rc.
  3128. - Fix build warnings about missing "a2x" comment when building the
  3129. manpages from scratch on OpenBSD; OpenBSD calls it "a2x.py".
  3130. Fixes bug 10929; bugfix on 0.2.2.9-alpha. Patch from Dana Koch.
  3131. - Avoid a segfault on SIGUSR1, where we had freed a connection but did
  3132. not entirely remove it from the connection lists. Fixes bug 9602;
  3133. bugfix on 0.2.4.4-alpha.
  3134. - Fix a segmentation fault in our benchmark code when running with
  3135. Fedora's OpenSSL package, or any other OpenSSL that provides
  3136. ECDH but not P224. Fixes bug 10835; bugfix on 0.2.4.8-alpha.
  3137. - Turn "circuit handshake stats since last time" log messages into a
  3138. heartbeat message. Fixes bug 10485; bugfix on 0.2.4.17-rc.
  3139. o Documentation fixes:
  3140. - Document that all but one DirPort entry must have the NoAdvertise
  3141. flag set. Fixes bug 10470; bugfix on 0.2.3.3-alpha / 0.2.3.16-alpha.
  3142. Changes in version 0.2.5.2-alpha - 2014-02-13
  3143. Tor 0.2.5.2-alpha includes all the fixes from 0.2.4.18-rc and 0.2.4.20,
  3144. like the "poor random number generation" fix and the "building too many
  3145. circuits" fix. It also further improves security against potential
  3146. adversaries who find breaking 1024-bit crypto doable, and launches
  3147. pluggable transports on demand (which gets us closer to integrating
  3148. pluggable transport support by default -- not to be confused with Tor
  3149. bundles enabling pluggable transports and bridges by default).
  3150. o Major features (client security):
  3151. - When we choose a path for a 3-hop circuit, make sure it contains
  3152. at least one relay that supports the NTor circuit extension
  3153. handshake. Otherwise, there is a chance that we're building
  3154. a circuit that's worth attacking by an adversary who finds
  3155. breaking 1024-bit crypto doable, and that chance changes the game
  3156. theory. Implements ticket 9777.
  3157. - Clients now look at the "usecreatefast" consensus parameter to
  3158. decide whether to use CREATE_FAST or CREATE cells for the first hop
  3159. of their circuit. This approach can improve security on connections
  3160. where Tor's circuit handshake is stronger than the available TLS
  3161. connection security levels, but the tradeoff is more computational
  3162. load on guard relays. Implements proposal 221. Resolves ticket 9386.
  3163. o Major features (bridges):
  3164. - Don't launch pluggable transport proxies if we don't have any
  3165. bridges configured that would use them. Now we can list many
  3166. pluggable transports, and Tor will dynamically start one when it
  3167. hears a bridge address that needs it. Resolves ticket 5018.
  3168. - The bridge directory authority now assigns status flags (Stable,
  3169. Guard, etc) to bridges based on thresholds calculated over all
  3170. Running bridges. Now bridgedb can finally make use of its features
  3171. to e.g. include at least one Stable bridge in its answers. Fixes
  3172. bug 9859.
  3173. o Major features (other):
  3174. - Extend ORCONN controller event to include an "ID" parameter,
  3175. and add four new controller event types CONN_BW, CIRC_BW,
  3176. CELL_STATS, and TB_EMPTY that show connection and circuit usage.
  3177. The new events are emitted in private Tor networks only, with the
  3178. goal of being able to better track performance and load during
  3179. full-network simulations. Implements proposal 218 and ticket 7359.
  3180. - On some platforms (currently: recent OSX versions, glibc-based
  3181. platforms that support the ELF format, and a few other
  3182. Unix-like operating systems), Tor can now dump stack traces
  3183. when a crash occurs or an assertion fails. By default, traces
  3184. are dumped to stderr (if possible) and to any logs that are
  3185. reporting errors. Implements ticket 9299.
  3186. o Major bugfixes:
  3187. - Avoid a segfault on SIGUSR1, where we had freed a connection but did
  3188. not entirely remove it from the connection lists. Fixes bug 9602;
  3189. bugfix on 0.2.4.4-alpha.
  3190. - Do not treat streams that fail with reason
  3191. END_STREAM_REASON_INTERNAL as indicating a definite circuit failure,
  3192. since it could also indicate an ENETUNREACH connection error. Fixes
  3193. part of bug 10777; bugfix on 0.2.4.8-alpha.
  3194. o Major bugfixes (new since 0.2.5.1-alpha, also in 0.2.4.20):
  3195. - Do not allow OpenSSL engines to replace the PRNG, even when
  3196. HardwareAccel is set. The only default builtin PRNG engine uses
  3197. the Intel RDRAND instruction to replace the entire PRNG, and
  3198. ignores all attempts to seed it with more entropy. That's
  3199. cryptographically stupid: the right response to a new alleged
  3200. entropy source is never to discard all previously used entropy
  3201. sources. Fixes bug 10402; works around behavior introduced in
  3202. OpenSSL 1.0.0. Diagnosis and investigation thanks to "coderman"
  3203. and "rl1987".
  3204. - Fix assertion failure when AutomapHostsOnResolve yields an IPv6
  3205. address. Fixes bug 10465; bugfix on 0.2.4.7-alpha.
  3206. - Avoid launching spurious extra circuits when a stream is pending.
  3207. This fixes a bug where any circuit that _wasn't_ unusable for new
  3208. streams would be treated as if it were, causing extra circuits to
  3209. be launched. Fixes bug 10456; bugfix on 0.2.4.12-alpha.
  3210. o Major bugfixes (new since 0.2.5.1-alpha, also in 0.2.4.18-rc):
  3211. - No longer stop reading or writing on cpuworker connections when
  3212. our rate limiting buckets go empty. Now we should handle circuit
  3213. handshake requests more promptly. Resolves bug 9731.
  3214. - Stop trying to bootstrap all our directory information from
  3215. only our first guard. Discovered while fixing bug 9946; bugfix
  3216. on 0.2.4.8-alpha.
  3217. o Minor features (bridges, pluggable transports):
  3218. - Add threshold cutoffs to the networkstatus document created by
  3219. the Bridge Authority. Fixes bug 1117.
  3220. - On Windows, spawn background processes using the CREATE_NO_WINDOW
  3221. flag. Now Tor Browser Bundle 3.5 with pluggable transports enabled
  3222. doesn't pop up a blank console window. (In Tor Browser Bundle 2.x,
  3223. Vidalia set this option for us.) Implements ticket 10297.
  3224. o Minor features (security):
  3225. - Always clear OpenSSL bignums before freeing them -- even bignums
  3226. that don't contain secrets. Resolves ticket 10793. Patch by
  3227. Florent Daignière.
  3228. o Minor features (config options and command line):
  3229. - Add an --allow-missing-torrc commandline option that tells Tor to
  3230. run even if the configuration file specified by -f is not available.
  3231. Implements ticket 10060.
  3232. - Add support for the TPROXY transparent proxying facility on Linux.
  3233. See documentation for the new TransProxyType option for more
  3234. details. Implementation by "thomo". Closes ticket 10582.
  3235. o Minor features (controller):
  3236. - Add a new "HS_DESC" controller event that reports activities
  3237. related to hidden service descriptors. Resolves ticket 8510.
  3238. - New "DROPGUARDS" controller command to forget all current entry
  3239. guards. Not recommended for ordinary use, since replacing guards
  3240. too frequently makes several attacks easier. Resolves ticket 9934;
  3241. patch from "ra".
  3242. o Minor features (build):
  3243. - Assume that a user using ./configure --host wants to cross-compile,
  3244. and give an error if we cannot find a properly named
  3245. tool-chain. Add a --disable-tool-name-check option to proceed
  3246. nevertheless. Addresses ticket 9869. Patch by Benedikt Gollatz.
  3247. - If we run ./configure and the compiler recognizes -fstack-protector
  3248. but the linker rejects it, warn the user about a potentially missing
  3249. libssp package. Addresses ticket 9948. Patch from Benedikt Gollatz.
  3250. o Minor features (testing):
  3251. - If Python is installed, "make check" now runs extra tests beyond
  3252. the unit test scripts.
  3253. - When bootstrapping a test network, sometimes very few relays get
  3254. the Guard flag. Now a new option "TestingDirAuthVoteGuard" can
  3255. specify a set of relays which should be voted Guard regardless of
  3256. their uptime or bandwidth. Addresses ticket 9206.
  3257. o Minor features (log messages):
  3258. - When ServerTransportPlugin is set on a bridge, Tor can write more
  3259. useful statistics about bridge use in its extrainfo descriptors,
  3260. but only if the Extended ORPort ("ExtORPort") is set too. Add a
  3261. log message to inform the user in this case. Resolves ticket 9651.
  3262. - When receiving a new controller connection, log the origin address.
  3263. Resolves ticket 9698; patch from "sigpipe".
  3264. - When logging OpenSSL engine status at startup, log the status of
  3265. more engines. Fixes ticket 10043; patch from Joshua Datko.
  3266. - Turn "circuit handshake stats since last time" log messages into a
  3267. heartbeat message. Fixes bug 10485; bugfix on 0.2.4.17-rc.
  3268. o Minor features (new since 0.2.5.1-alpha, also in 0.2.4.18-rc):
  3269. - Improve the circuit queue out-of-memory handler. Previously, when
  3270. we ran low on memory, we'd close whichever circuits had the most
  3271. queued cells. Now, we close those that have the *oldest* queued
  3272. cells, on the theory that those are most responsible for us
  3273. running low on memory. Based on analysis from a forthcoming paper
  3274. by Jansen, Tschorsch, Johnson, and Scheuermann. Fixes bug 9093.
  3275. - Generate bootstrapping status update events correctly when fetching
  3276. microdescriptors. Fixes bug 9927.
  3277. - Update to the October 2 2013 Maxmind GeoLite Country database.
  3278. o Minor bugfixes (clients):
  3279. - When closing a channel that has already been open, do not close
  3280. pending circuits that were waiting to connect to the same relay.
  3281. Fixes bug 9880; bugfix on 0.2.5.1-alpha. Thanks to skruffy for
  3282. finding this bug.
  3283. o Minor bugfixes (relays):
  3284. - Treat ENETUNREACH, EACCES, and EPERM connection failures at an
  3285. exit node as a NOROUTE error, not an INTERNAL error, since they
  3286. can apparently happen when trying to connect to the wrong sort
  3287. of netblocks. Fixes part of bug 10777; bugfix on 0.1.0.1-rc.
  3288. o Minor bugfixes (bridges):
  3289. - Fix a bug where the first connection works to a bridge that uses a
  3290. pluggable transport with client-side parameters, but we don't send
  3291. the client-side parameters on subsequent connections. (We don't
  3292. use any pluggable transports with client-side parameters yet,
  3293. but ScrambleSuit will soon become the first one.) Fixes bug 9162;
  3294. bugfix on 0.2.0.3-alpha. Based on a patch from "rl1987".
  3295. o Minor bugfixes (node selection):
  3296. - If ExcludeNodes is set, consider non-excluded hidden service
  3297. directory servers before excluded ones. Do not consider excluded
  3298. hidden service directory servers at all if StrictNodes is
  3299. set. (Previously, we would sometimes decide to connect to those
  3300. servers, and then realize before we initiated a connection that
  3301. we had excluded them.) Fixes bug 10722; bugfix on 0.2.0.10-alpha.
  3302. Reported by "mr-4".
  3303. - If we set the ExitNodes option but it doesn't include any nodes
  3304. that have the Exit flag, we would choose not to bootstrap. Now we
  3305. bootstrap so long as ExitNodes includes nodes which can exit to
  3306. some port. Fixes bug 10543; bugfix on 0.2.4.10-alpha.
  3307. o Minor bugfixes (controller and command-line):
  3308. - If changing a config option via "setconf" fails in a recoverable
  3309. way, we used to nonetheless write our new control ports to the
  3310. file described by the "ControlPortWriteToFile" option. Now we only
  3311. write out that file if we successfully switch to the new config
  3312. option. Fixes bug 5605; bugfix on 0.2.2.26-beta. Patch from "Ryman".
  3313. - When a command-line option such as --version or --help that
  3314. ordinarily implies --hush appears on the command line along with
  3315. --quiet, then actually obey --quiet. Previously, we obeyed --quiet
  3316. only if it appeared later on the command line. Fixes bug 9578;
  3317. bugfix on 0.2.5.1-alpha.
  3318. o Minor bugfixes (code correctness):
  3319. - Previously we used two temporary files when writing descriptors to
  3320. disk; now we only use one. Fixes bug 1376.
  3321. - Remove an erroneous (but impossible and thus harmless) pointer
  3322. comparison that would have allowed compilers to skip a bounds
  3323. check in channeltls.c. Fixes bugs 10313 and 9980; bugfix on
  3324. 0.2.0.10-alpha. Noticed by Jared L Wong and David Fifield.
  3325. - Fix an always-true assertion in pluggable transports code so it
  3326. actually checks what it was trying to check. Fixes bug 10046;
  3327. bugfix on 0.2.3.9-alpha. Found by "dcb".
  3328. o Minor bugfixes (protocol correctness):
  3329. - When receiving a VERSIONS cell with an odd number of bytes, close
  3330. the connection immediately since the cell is malformed. Fixes bug
  3331. 10365; bugfix on 0.2.0.10-alpha. Spotted by "bobnomnom"; fix by
  3332. "rl1987".
  3333. o Minor bugfixes (build):
  3334. - Restore the ability to compile Tor with V2_HANDSHAKE_SERVER
  3335. turned off (that is, without support for v2 link handshakes). Fixes
  3336. bug 4677; bugfix on 0.2.3.2-alpha. Patch from "piet".
  3337. - Fix compilation warnings and startup issues when running with
  3338. "Sandbox 1" and libseccomp-2.1.0. Fixes bug 10563; bugfix on
  3339. 0.2.5.1-alpha.
  3340. - Fix compilation on Solaris 9, which didn't like us having an
  3341. identifier named "sun". Fixes bug 10565; bugfix in 0.2.5.1-alpha.
  3342. o Minor bugfixes (testing):
  3343. - Fix a segmentation fault in our benchmark code when running with
  3344. Fedora's OpenSSL package, or any other OpenSSL that provides
  3345. ECDH but not P224. Fixes bug 10835; bugfix on 0.2.4.8-alpha.
  3346. o Minor bugfixes (log messages):
  3347. - Fix a bug where clients using bridges would report themselves
  3348. as 50% bootstrapped even without a live consensus document.
  3349. Fixes bug 9922; bugfix on 0.2.1.1-alpha.
  3350. - Suppress a warning where, if there's only one directory authority
  3351. in the network, we would complain that votes and signatures cannot
  3352. be uploaded to other directory authorities. Fixes bug 10842;
  3353. bugfix on 0.2.2.26-beta.
  3354. - Report bootstrapping progress correctly when we're downloading
  3355. microdescriptors. We had updated our "do we have enough microdescs
  3356. to begin building circuits?" logic most recently in 0.2.4.10-alpha
  3357. (see bug 5956), but we left the bootstrap status event logic at
  3358. "how far through getting 1/4 of them are we?" Fixes bug 9958;
  3359. bugfix on 0.2.2.36, which is where they diverged (see bug 5343).
  3360. o Minor bugfixes (new since 0.2.5.1-alpha, also in 0.2.4.20):
  3361. - Avoid a crash bug when starting with a corrupted microdescriptor
  3362. cache file. Fixes bug 10406; bugfix on 0.2.2.6-alpha.
  3363. - If we fail to dump a previously cached microdescriptor to disk, avoid
  3364. freeing duplicate data later on. Fixes bug 10423; bugfix on
  3365. 0.2.4.13-alpha. Spotted by "bobnomnom".
  3366. o Minor bugfixes on 0.2.4.x (new since 0.2.5.1-alpha, also in 0.2.4.18-rc):
  3367. - Correctly log long IPv6 exit policies, instead of truncating them
  3368. or reporting an error. Fixes bug 9596; bugfix on 0.2.4.7-alpha.
  3369. - Our default TLS ecdhe groups were backwards: we meant to be using
  3370. P224 for relays (for performance win) and P256 for bridges (since
  3371. it is more common in the wild). Instead we had it backwards. After
  3372. reconsideration, we decided that the default should be P256 on all
  3373. hosts, since its security is probably better, and since P224 is
  3374. reportedly used quite little in the wild. Found by "skruffy" on
  3375. IRC. Fix for bug 9780; bugfix on 0.2.4.8-alpha.
  3376. - Free directory authority certificate download statuses on exit
  3377. rather than leaking them. Fixes bug 9644; bugfix on 0.2.4.13-alpha.
  3378. o Minor bugfixes on 0.2.3.x (new since 0.2.5.1-alpha, also in 0.2.4.18-rc):
  3379. - If the guard we choose first doesn't answer, we would try the
  3380. second guard, but once we connected to the second guard we would
  3381. abandon it and retry the first one, slowing down bootstrapping.
  3382. The fix is to treat all our initially chosen guards as acceptable
  3383. to use. Fixes bug 9946; bugfix on 0.1.1.11-alpha.
  3384. - Fix an assertion failure that would occur when disabling the
  3385. ORPort setting on a running Tor process while accounting was
  3386. enabled. Fixes bug 6979; bugfix on 0.2.2.18-alpha.
  3387. - When examining the list of network interfaces to find our address,
  3388. do not consider non-running or disabled network interfaces. Fixes
  3389. bug 9904; bugfix on 0.2.3.11-alpha. Patch from "hantwister".
  3390. - Avoid an off-by-one error when checking buffer boundaries when
  3391. formatting the exit status of a pluggable transport helper.
  3392. This is probably not an exploitable bug, but better safe than
  3393. sorry. Fixes bug 9928; bugfix on 0.2.3.18-rc. Bug found by
  3394. Pedro Ribeiro.
  3395. o Removed code and features:
  3396. - Clients now reject any directory authority certificates lacking
  3397. a dir-key-crosscert element. These have been included since
  3398. 0.2.1.9-alpha, so there's no real reason for them to be optional
  3399. any longer. Completes proposal 157. Resolves ticket 10162.
  3400. - Remove all code that existed to support the v2 directory system,
  3401. since there are no longer any v2 directory authorities. Resolves
  3402. ticket 10758.
  3403. - Remove the HSAuthoritativeDir and AlternateHSAuthority torrc
  3404. options, which were used for designating authorities as "Hidden
  3405. service authorities". There has been no use of hidden service
  3406. authorities since 0.2.2.1-alpha, when we stopped uploading or
  3407. downloading v0 hidden service descriptors. Fixes bug 10881; also
  3408. part of a fix for bug 10841.
  3409. o Code simplification and refactoring:
  3410. - Remove some old fallback code designed to keep Tor clients working
  3411. in a network with only two working relays. Elsewhere in the code we
  3412. have long since stopped supporting such networks, so there wasn't
  3413. much point in keeping it around. Addresses ticket 9926.
  3414. - Reject 0-length EXTEND2 cells more explicitly. Fixes bug 10536;
  3415. bugfix on 0.2.4.8-alpha. Reported by "cypherpunks".
  3416. - Remove data structures which were introduced to implement the
  3417. CellStatistics option: they are now redundant with the addition
  3418. of a timestamp to the regular packed_cell_t data structure, which
  3419. we did in 0.2.4.18-rc in order to resolve ticket 9093. Implements
  3420. ticket 10870.
  3421. o Documentation (man page) fixes:
  3422. - Update manpage to describe some of the files you can expect to
  3423. find in Tor's DataDirectory. Addresses ticket 9839.
  3424. - Document that all but one DirPort entry must have the NoAdvertise
  3425. flag set. Fixes bug 10470; bugfix on 0.2.3.3-alpha / 0.2.3.16-alpha.
  3426. o Documentation fixes (new since 0.2.5.1-alpha, also in 0.2.4.18-rc):
  3427. - Clarify the usage and risks of setting the ContactInfo torrc line
  3428. for your relay or bridge. Resolves ticket 9854.
  3429. - Add anchors to the manpage so we can link to the html version of
  3430. the documentation for specific options. Resolves ticket 9866.
  3431. - Replace remaining references to DirServer in man page and
  3432. log entries. Resolves ticket 10124.
  3433. o Tool changes:
  3434. - Make the "tor-gencert" tool used by directory authority operators
  3435. create 2048-bit signing keys by default (rather than 1024-bit, since
  3436. 1024-bit is uncomfortably small these days). Addresses ticket 10324.
  3437. Changes in version 0.2.4.20 - 2013-12-22
  3438. Tor 0.2.4.20 fixes potentially poor random number generation for users
  3439. who 1) use OpenSSL 1.0.0 or later, 2) set "HardwareAccel 1" in their
  3440. torrc file, 3) have "Sandy Bridge" or "Ivy Bridge" Intel processors,
  3441. and 4) have no state file in their DataDirectory (as would happen on
  3442. first start). Users who generated relay or hidden service identity
  3443. keys in such a situation should discard them and generate new ones.
  3444. This release also fixes a logic error that caused Tor clients to build
  3445. many more preemptive circuits than they actually need.
  3446. o Major bugfixes:
  3447. - Do not allow OpenSSL engines to replace the PRNG, even when
  3448. HardwareAccel is set. The only default builtin PRNG engine uses
  3449. the Intel RDRAND instruction to replace the entire PRNG, and
  3450. ignores all attempts to seed it with more entropy. That's
  3451. cryptographically stupid: the right response to a new alleged
  3452. entropy source is never to discard all previously used entropy
  3453. sources. Fixes bug 10402; works around behavior introduced in
  3454. OpenSSL 1.0.0. Diagnosis and investigation thanks to "coderman"
  3455. and "rl1987".
  3456. - Fix assertion failure when AutomapHostsOnResolve yields an IPv6
  3457. address. Fixes bug 10465; bugfix on 0.2.4.7-alpha.
  3458. - Avoid launching spurious extra circuits when a stream is pending.
  3459. This fixes a bug where any circuit that _wasn't_ unusable for new
  3460. streams would be treated as if it were, causing extra circuits to
  3461. be launched. Fixes bug 10456; bugfix on 0.2.4.12-alpha.
  3462. o Minor bugfixes:
  3463. - Avoid a crash bug when starting with a corrupted microdescriptor
  3464. cache file. Fixes bug 10406; bugfix on 0.2.2.6-alpha.
  3465. - If we fail to dump a previously cached microdescriptor to disk, avoid
  3466. freeing duplicate data later on. Fixes bug 10423; bugfix on
  3467. 0.2.4.13-alpha. Spotted by "bobnomnom".
  3468. Changes in version 0.2.4.19 - 2013-12-11
  3469. The Tor 0.2.4 release series is dedicated to the memory of Aaron Swartz
  3470. (1986-2013). Aaron worked on diverse projects including helping to guide
  3471. Creative Commons, playing a key role in stopping SOPA/PIPA, bringing
  3472. transparency to the U.S government's PACER documents, and contributing
  3473. design and development for Tor and Tor2Web. Aaron was one of the latest
  3474. martyrs in our collective fight for civil liberties and human rights,
  3475. and his death is all the more painful because he was one of us.
  3476. Tor 0.2.4.19, the first stable release in the 0.2.4 branch, features
  3477. a new circuit handshake and link encryption that use ECC to provide
  3478. better security and efficiency; makes relays better manage circuit
  3479. creation requests; uses "directory guards" to reduce client enumeration
  3480. risks; makes bridges collect and report statistics about the pluggable
  3481. transports they support; cleans up and improves our geoip database;
  3482. gets much closer to IPv6 support for clients, bridges, and relays; makes
  3483. directory authorities use measured bandwidths rather than advertised
  3484. ones when computing flags and thresholds; disables client-side DNS
  3485. caching to reduce tracking risks; and fixes a big bug in bridge
  3486. reachability testing. This release introduces two new design
  3487. abstractions in the code: a new "channel" abstraction between circuits
  3488. and or_connections to allow for implementing alternate relay-to-relay
  3489. transports, and a new "circuitmux" abstraction storing the queue of
  3490. circuits for a channel. The release also includes many stability,
  3491. security, and privacy fixes.
  3492. Changes in version 0.2.4.18-rc - 2013-11-16
  3493. Tor 0.2.4.18-rc is the fourth release candidate for the Tor 0.2.4.x
  3494. series. It takes a variety of fixes from the 0.2.5.x branch to improve
  3495. stability, performance, and better handling of edge cases.
  3496. o Major features:
  3497. - Re-enable TLS 1.1 and 1.2 when built with OpenSSL 1.0.1e or later.
  3498. Resolves ticket 6055. (OpenSSL before 1.0.1 didn't have TLS 1.1 or
  3499. 1.2, and OpenSSL from 1.0.1 through 1.0.1d had bugs that prevented
  3500. renegotiation from working with TLS 1.1 or 1.2, so we had disabled
  3501. them to solve bug 6033.)
  3502. o Major bugfixes:
  3503. - No longer stop reading or writing on cpuworker connections when
  3504. our rate limiting buckets go empty. Now we should handle circuit
  3505. handshake requests more promptly. Resolves bug 9731.
  3506. - If we are unable to save a microdescriptor to the journal, do not
  3507. drop it from memory and then reattempt downloading it. Fixes bug
  3508. 9645; bugfix on 0.2.2.6-alpha.
  3509. - Stop trying to bootstrap all our directory information from
  3510. only our first guard. Discovered while fixing bug 9946; bugfix
  3511. on 0.2.4.8-alpha.
  3512. - The new channel code sometimes lost track of in-progress circuits,
  3513. causing long-running clients to stop building new circuits. The
  3514. fix is to always call circuit_n_chan_done(chan, 0) from
  3515. channel_closed(). Fixes bug 9776; bugfix on 0.2.4.17-rc.
  3516. o Minor bugfixes (on 0.2.4.x):
  3517. - Correctly log long IPv6 exit policies, instead of truncating them
  3518. or reporting an error. Fixes bug 9596; bugfix on 0.2.4.7-alpha.
  3519. - Our default TLS ecdhe groups were backwards: we meant to be using
  3520. P224 for relays (for performance win) and P256 for bridges (since
  3521. it is more common in the wild). Instead we had it backwards. After
  3522. reconsideration, we decided that the default should be P256 on all
  3523. hosts, since its security is probably better, and since P224 is
  3524. reportedly used quite little in the wild. Found by "skruffy" on
  3525. IRC. Fix for bug 9780; bugfix on 0.2.4.8-alpha.
  3526. - Free directory authority certificate download statuses on exit
  3527. rather than leaking them. Fixes bug 9644; bugfix on 0.2.4.13-alpha.
  3528. o Minor bugfixes (on 0.2.3.x and earlier):
  3529. - If the guard we choose first doesn't answer, we would try the
  3530. second guard, but once we connected to the second guard we would
  3531. abandon it and retry the first one, slowing down bootstrapping.
  3532. The fix is to treat all our initially chosen guards as acceptable
  3533. to use. Fixes bug 9946; bugfix on 0.1.1.11-alpha.
  3534. - Fix an assertion failure that would occur when disabling the
  3535. ORPort setting on a running Tor process while accounting was
  3536. enabled. Fixes bug 6979; bugfix on 0.2.2.18-alpha.
  3537. - When examining the list of network interfaces to find our address,
  3538. do not consider non-running or disabled network interfaces. Fixes
  3539. bug 9904; bugfix on 0.2.3.11-alpha. Patch from "hantwister".
  3540. - Avoid an off-by-one error when checking buffer boundaries when
  3541. formatting the exit status of a pluggable transport helper.
  3542. This is probably not an exploitable bug, but better safe than
  3543. sorry. Fixes bug 9928; bugfix on 0.2.3.18-rc. Bug found by
  3544. Pedro Ribeiro.
  3545. o Minor features (protecting client timestamps):
  3546. - Clients no longer send timestamps in their NETINFO cells. These were
  3547. not used for anything, and they provided one small way for clients
  3548. to be distinguished from each other as they moved from network to
  3549. network or behind NAT. Implements part of proposal 222.
  3550. - Clients now round timestamps in INTRODUCE cells down to the nearest
  3551. 10 minutes. If a new Support022HiddenServices option is set to 0, or
  3552. if it's set to "auto" and the feature is disabled in the consensus,
  3553. the timestamp is sent as 0 instead. Implements part of proposal 222.
  3554. - Stop sending timestamps in AUTHENTICATE cells. This is not such
  3555. a big deal from a security point of view, but it achieves no actual
  3556. good purpose, and isn't needed. Implements part of proposal 222.
  3557. - Reduce down accuracy of timestamps in hidden service descriptors.
  3558. Implements part of proposal 222.
  3559. o Minor features (other):
  3560. - Improve the circuit queue out-of-memory handler. Previously, when
  3561. we ran low on memory, we'd close whichever circuits had the most
  3562. queued cells. Now, we close those that have the *oldest* queued
  3563. cells, on the theory that those are most responsible for us
  3564. running low on memory. Based on analysis from a forthcoming paper
  3565. by Jansen, Tschorsch, Johnson, and Scheuermann. Fixes bug 9093.
  3566. - Generate bootstrapping status update events correctly when fetching
  3567. microdescriptors. Fixes bug 9927.
  3568. - Update to the October 2 2013 Maxmind GeoLite Country database.
  3569. o Documentation fixes:
  3570. - Clarify the usage and risks of setting the ContactInfo torrc line
  3571. for your relay or bridge. Resolves ticket 9854.
  3572. - Add anchors to the manpage so we can link to the html version of
  3573. the documentation for specific options. Resolves ticket 9866.
  3574. - Replace remaining references to DirServer in man page and
  3575. log entries. Resolves ticket 10124.
  3576. Changes in version 0.2.5.1-alpha - 2013-10-02
  3577. Tor 0.2.5.1-alpha introduces experimental support for syscall sandboxing
  3578. on Linux, allows bridges that offer pluggable transports to report usage
  3579. statistics, fixes many issues to make testing easier, and provides
  3580. a pile of minor features and bugfixes that have been waiting for a
  3581. release of the new branch.
  3582. This is the first alpha release in a new series, so expect there to
  3583. be bugs. Users who would rather test out a more stable branch should
  3584. stay with 0.2.4.x for now.
  3585. o Major features (security):
  3586. - Use the seccomp2 syscall filtering facility on Linux to limit
  3587. which system calls Tor can invoke. This is an experimental,
  3588. Linux-only feature to provide defense-in-depth against unknown
  3589. attacks. To try turning it on, set "Sandbox 1" in your torrc
  3590. file. Please be ready to report bugs. We hope to add support
  3591. for better sandboxing in the future, including more fine-grained
  3592. filters, better division of responsibility, and support for more
  3593. platforms. This work has been done by Cristian-Matei Toader for
  3594. Google Summer of Code.
  3595. - Re-enable TLS 1.1 and 1.2 when built with OpenSSL 1.0.1e or later.
  3596. Resolves ticket 6055. (OpenSSL before 1.0.1 didn't have TLS 1.1 or
  3597. 1.2, and OpenSSL from 1.0.1 through 1.0.1d had bugs that prevented
  3598. renegotiation from working with TLS 1.1 or 1.2, so we had disabled
  3599. them to solve bug 6033.)
  3600. o Major features (other):
  3601. - Add support for passing arguments to managed pluggable transport
  3602. proxies. Implements ticket 3594.
  3603. - Bridges now track GeoIP information and the number of their users
  3604. even when pluggable transports are in use, and report usage
  3605. statistics in their extra-info descriptors. Resolves tickets 4773
  3606. and 5040.
  3607. - Make testing Tor networks bootstrap better: lower directory fetch
  3608. retry schedules and maximum interval without directory requests,
  3609. and raise maximum download tries. Implements ticket 6752.
  3610. - Add make target 'test-network' to run tests on a Chutney network.
  3611. Implements ticket 8530.
  3612. - The ntor handshake is now on-by-default, no matter what the
  3613. directory authorities recommend. Implements ticket 8561.
  3614. o Major bugfixes:
  3615. - Instead of writing destroy cells directly to outgoing connection
  3616. buffers, queue them and intersperse them with other outgoing cells.
  3617. This can prevent a set of resource starvation conditions where too
  3618. many pending destroy cells prevent data cells from actually getting
  3619. delivered. Reported by "oftc_must_be_destroyed". Fixes bug 7912;
  3620. bugfix on 0.2.0.1-alpha.
  3621. - If we are unable to save a microdescriptor to the journal, do not
  3622. drop it from memory and then reattempt downloading it. Fixes bug
  3623. 9645; bugfix on 0.2.2.6-alpha.
  3624. - The new channel code sometimes lost track of in-progress circuits,
  3625. causing long-running clients to stop building new circuits. The
  3626. fix is to always call circuit_n_chan_done(chan, 0) from
  3627. channel_closed(). Fixes bug 9776; bugfix on 0.2.4.17-rc.
  3628. o Build features:
  3629. - Tor now builds each source file in two modes: a mode that avoids
  3630. exposing identifiers needlessly, and another mode that exposes
  3631. more identifiers for testing. This lets the compiler do better at
  3632. optimizing the production code, while enabling us to take more
  3633. radical measures to let the unit tests test things.
  3634. - The production builds no longer include functions used only in
  3635. the unit tests; all functions exposed from a module only for
  3636. unit-testing are now static in production builds.
  3637. - Add an --enable-coverage configuration option to make the unit
  3638. tests (and a new src/or/tor-cov target) to build with gcov test
  3639. coverage support.
  3640. o Testing:
  3641. - We now have rudimentary function mocking support that our unit
  3642. tests can use to test functions in isolation. Function mocking
  3643. lets the tests temporarily replace a function's dependencies with
  3644. stub functions, so that the tests can check the function without
  3645. invoking the other functions it calls.
  3646. - Add more unit tests for the <circid,channel>->circuit map, and
  3647. the destroy-cell-tracking code to fix bug 7912.
  3648. - Unit tests for failing cases of the TAP onion handshake.
  3649. - More unit tests for address-manipulation functions.
  3650. o Minor features (protecting client timestamps):
  3651. - Clients no longer send timestamps in their NETINFO cells. These were
  3652. not used for anything, and they provided one small way for clients
  3653. to be distinguished from each other as they moved from network to
  3654. network or behind NAT. Implements part of proposal 222.
  3655. - Clients now round timestamps in INTRODUCE cells down to the nearest
  3656. 10 minutes. If a new Support022HiddenServices option is set to 0, or
  3657. if it's set to "auto" and the feature is disabled in the consensus,
  3658. the timestamp is sent as 0 instead. Implements part of proposal 222.
  3659. - Stop sending timestamps in AUTHENTICATE cells. This is not such
  3660. a big deal from a security point of view, but it achieves no actual
  3661. good purpose, and isn't needed. Implements part of proposal 222.
  3662. - Reduce down accuracy of timestamps in hidden service descriptors.
  3663. Implements part of proposal 222.
  3664. o Minor features (config options):
  3665. - Config (torrc) lines now handle fingerprints which are missing
  3666. their initial '$'. Resolves ticket 4341; improvement over 0.0.9pre5.
  3667. - Support a --dump-config option to print some or all of the
  3668. configured options. Mainly useful for debugging the command-line
  3669. option parsing code. Helps resolve ticket 4647.
  3670. - Raise awareness of safer logging: notify user of potentially
  3671. unsafe config options, like logging more verbosely than severity
  3672. "notice" or setting SafeLogging to 0. Resolves ticket 5584.
  3673. - Add a new configuration option TestingV3AuthVotingStartOffset
  3674. that bootstraps a network faster by changing the timing for
  3675. consensus votes. Addresses ticket 8532.
  3676. - Add a new torrc option "ServerTransportOptions" that allows
  3677. bridge operators to pass configuration parameters to their
  3678. pluggable transports. Resolves ticket 8929.
  3679. - The config (torrc) file now accepts bandwidth and space limits in
  3680. bits as well as bytes. (Anywhere that you can say "2 Kilobytes",
  3681. you can now say "16 kilobits", and so on.) Resolves ticket 9214.
  3682. Patch by CharlieB.
  3683. o Minor features (build):
  3684. - Add support for `--library-versions` flag. Implements ticket 6384.
  3685. - Return the "unexpected sendme" warnings to a warn severity, but make
  3686. them rate limited, to help diagnose ticket 8093.
  3687. - Detect a missing asciidoc, and warn the user about it, during
  3688. configure rather than at build time. Fixes issue 6506. Patch from
  3689. Arlo Breault.
  3690. o Minor features (other):
  3691. - Use the SOCK_NONBLOCK socket type, if supported, to open nonblocking
  3692. sockets in a single system call. Implements ticket 5129.
  3693. - Log current accounting state (bytes sent and received + remaining
  3694. time for the current accounting period) in the relay's heartbeat
  3695. message. Implements ticket 5526; patch from Peter Retzlaff.
  3696. - Implement the TRANSPORT_LAUNCHED control port event that
  3697. notifies controllers about new launched pluggable
  3698. transports. Resolves ticket 5609.
  3699. - If we're using the pure-C 32-bit curve25519_donna implementation
  3700. of curve25519, build it with the -fomit-frame-pointer option to
  3701. make it go faster on register-starved hosts. This improves our
  3702. handshake performance by about 6% on i386 hosts without nacl.
  3703. Closes ticket 8109.
  3704. - Update to the September 4 2013 Maxmind GeoLite Country database.
  3705. o Minor bugfixes:
  3706. - Set the listen() backlog limit to the largest actually supported
  3707. on the system, not to the value in a header file. Fixes bug 9716;
  3708. bugfix on every released Tor.
  3709. - No longer accept malformed http headers when parsing urls from
  3710. headers. Now we reply with Bad Request ("400"). Fixes bug 2767;
  3711. bugfix on 0.0.6pre1.
  3712. - In munge_extrainfo_into_routerinfo(), check the return value of
  3713. memchr(). This would have been a serious issue if we ever passed
  3714. it a non-extrainfo. Fixes bug 8791; bugfix on 0.2.0.6-alpha. Patch
  3715. from Arlo Breault.
  3716. - On the chance that somebody manages to build Tor on a
  3717. platform where time_t is unsigned, correct the way that
  3718. microdesc_add_to_cache() handles negative time arguments.
  3719. Fixes bug 8042; bugfix on 0.2.3.1-alpha.
  3720. - Reject relative control socket paths and emit a warning. Previously,
  3721. single-component control socket paths would be rejected, but Tor
  3722. would not log why it could not validate the config. Fixes bug 9258;
  3723. bugfix on 0.2.3.16-alpha.
  3724. o Minor bugfixes (command line):
  3725. - Use a single command-line parser for parsing torrc options on the
  3726. command line and for finding special command-line options to avoid
  3727. inconsistent behavior for torrc option arguments that have the same
  3728. names as command-line options. Fixes bugs 4647 and 9578; bugfix on
  3729. 0.0.9pre5.
  3730. - No longer allow 'tor --hash-password' with no arguments. Fixes bug
  3731. 9573; bugfix on 0.0.9pre5.
  3732. o Minor fixes (build, auxiliary programs):
  3733. - Stop preprocessing the "torify" script with autoconf, since
  3734. it no longer refers to LOCALSTATEDIR. Fixes bug 5505; patch
  3735. from Guilhem.
  3736. - The tor-fw-helper program now follows the standard convention and
  3737. exits with status code "0" on success. Fixes bug 9030; bugfix on
  3738. 0.2.3.1-alpha. Patch by Arlo Breault.
  3739. - Corrected ./configure advice for what openssl dev package you should
  3740. install on Debian. Fixes bug 9207; bugfix on 0.2.0.1-alpha.
  3741. o Minor code improvements:
  3742. - Remove constants and tests for PKCS1 padding; it's insecure and
  3743. shouldn't be used for anything new. Fixes bug 8792; patch
  3744. from Arlo Breault.
  3745. - Remove instances of strcpy() from the unit tests. They weren't
  3746. hurting anything, since they were only in the unit tests, but it's
  3747. embarassing to have strcpy() in the code at all, and some analysis
  3748. tools don't like it. Fixes bug 8790; bugfix on 0.2.3.6-alpha and
  3749. 0.2.3.8-alpha. Patch from Arlo Breault.
  3750. o Removed features:
  3751. - Remove migration code from when we renamed the "cached-routers"
  3752. file to "cached-descriptors" back in 0.2.0.8-alpha. This
  3753. incidentally resolves ticket 6502 by cleaning up the related code
  3754. a bit. Patch from Akshay Hebbar.
  3755. o Code simplification and refactoring:
  3756. - Extract the common duplicated code for creating a subdirectory
  3757. of the data directory and writing to a file in it. Fixes ticket
  3758. 4282; patch from Peter Retzlaff.
  3759. - Since OpenSSL 0.9.7, the i2d_*() functions support allocating output
  3760. buffer. Avoid calling twice: i2d_RSAPublicKey(), i2d_DHparams(),
  3761. i2d_X509(), and i2d_PublicKey(). Resolves ticket 5170.
  3762. - Add a set of accessor functions for the circuit timeout data
  3763. structure. Fixes ticket 6153; patch from "piet".
  3764. - Clean up exit paths from connection_listener_new(). Closes ticket
  3765. 8789. Patch from Arlo Breault.
  3766. - Since we rely on OpenSSL 0.9.8 now, we can use EVP_PKEY_cmp()
  3767. and drop our own custom pkey_eq() implementation. Fixes bug 9043.
  3768. - Use a doubly-linked list to implement the global circuit list.
  3769. Resolves ticket 9108. Patch from Marek Majkowski.
  3770. - Remove contrib/id_to_fp.c since it wasn't used anywhere.
  3771. Changes in version 0.2.4.17-rc - 2013-09-05
  3772. Tor 0.2.4.17-rc is the third release candidate for the Tor 0.2.4.x
  3773. series. It adds an emergency step to help us tolerate the massive
  3774. influx of users: 0.2.4 clients using the new (faster and safer) "NTor"
  3775. circuit-level handshakes now effectively jump the queue compared to
  3776. the 0.2.3 clients using "TAP" handshakes. This release also fixes a
  3777. big bug hindering bridge reachability tests.
  3778. o Major features:
  3779. - Relays now process the new "NTor" circuit-level handshake requests
  3780. with higher priority than the old "TAP" circuit-level handshake
  3781. requests. We still process some TAP requests to not totally starve
  3782. 0.2.3 clients when NTor becomes popular. A new consensus parameter
  3783. "NumNTorsPerTAP" lets us tune the balance later if we need to.
  3784. Implements ticket 9574.
  3785. o Major bugfixes:
  3786. - If the circuit build timeout logic is disabled (via the consensus,
  3787. or because we are an authority), then don't build testing circuits.
  3788. Fixes bug 9657; bugfix on 0.2.2.14-alpha.
  3789. - Bridges now send AUTH_CHALLENGE cells during their v3 handshakes;
  3790. previously they did not, which prevented them from receiving
  3791. successful connections from relays for self-test or bandwidth
  3792. testing. Also, when a relay is extending a circuit to a bridge,
  3793. it needs to send a NETINFO cell, even when the bridge hasn't sent
  3794. an AUTH_CHALLENGE cell. Fixes bug 9546; bugfix on 0.2.3.6-alpha.
  3795. - If the time to download the next old-style networkstatus is in
  3796. the future, do not decline to consider whether to download the
  3797. next microdescriptor networkstatus. Fixes bug 9564; bugfix on
  3798. 0.2.3.14-alpha.
  3799. o Minor bugfixes:
  3800. - Avoid double-closing the listener socket in our socketpair()
  3801. replacement (used on Windows) in the case where the addresses on
  3802. our opened sockets don't match what we expected. Fixes bug 9400;
  3803. bugfix on 0.0.2pre7. Found by Coverity.
  3804. o Minor fixes (config options):
  3805. - Avoid overflows when the user sets MaxCircuitDirtiness to a
  3806. ridiculously high value, by imposing a (ridiculously high) 30-day
  3807. maximum on MaxCircuitDirtiness.
  3808. - Fix the documentation of HeartbeatPeriod to say that the heartbeat
  3809. message is logged at notice, not at info.
  3810. - Warn and fail if a server is configured not to advertise any
  3811. ORPorts at all. (We need *something* to put in our descriptor,
  3812. or we just won't work.)
  3813. o Minor features:
  3814. - Track how many "TAP" and "NTor" circuit handshake requests we get,
  3815. and how many we complete, and log it every hour to help relay
  3816. operators follow trends in network load. Addresses ticket 9658.
  3817. - Update to the August 7 2013 Maxmind GeoLite Country database.
  3818. Changes in version 0.2.4.16-rc - 2013-08-10
  3819. Tor 0.2.4.16-rc is the second release candidate for the Tor 0.2.4.x
  3820. series. It fixes several crash bugs in the 0.2.4 branch.
  3821. o Major bugfixes:
  3822. - Fix a bug in the voting algorithm that could yield incorrect results
  3823. when a non-naming authority declared too many flags. Fixes bug 9200;
  3824. bugfix on 0.2.0.3-alpha.
  3825. - Fix an uninitialized read that could in some cases lead to a remote
  3826. crash while parsing INTRODUCE2 cells. Bugfix on 0.2.4.1-alpha.
  3827. Anybody running a hidden service on the experimental 0.2.4.x
  3828. branch should upgrade. (This is, so far as we know, unrelated to
  3829. the recent news.)
  3830. - Avoid an assertion failure when processing DNS replies without the
  3831. answer types we expected. Fixes bug 9337; bugfix on 0.2.4.7-alpha.
  3832. - Avoid a crash when using --hash-password. Fixes bug 9295; bugfix on
  3833. 0.2.4.15-rc. Found by stem integration tests.
  3834. o Minor bugfixes:
  3835. - Fix an invalid memory read that occured when a pluggable
  3836. transport proxy failed its configuration protocol.
  3837. Fixes bug 9288; bugfix on 0.2.4.1-alpha.
  3838. - When evaluating whether to use a connection that we haven't
  3839. decided is canonical using a recent link protocol version,
  3840. decide that it's canonical only if it used address _does_
  3841. match the desired address. Fixes bug 9309; bugfix on
  3842. 0.2.4.4-alpha. Reported by skruffy.
  3843. - Make the default behavior of NumDirectoryGuards be to track
  3844. NumEntryGuards. Now a user who changes only NumEntryGuards will get
  3845. the behavior she expects. Fixes bug 9354; bugfix on 0.2.4.8-alpha.
  3846. - Fix a spurious compilation warning with some older versions of
  3847. GCC on FreeBSD. Fixes bug 9254; bugfix on 0.2.4.14-alpha.
  3848. o Minor features:
  3849. - Update to the July 3 2013 Maxmind GeoLite Country database.
  3850. Changes in version 0.2.4.15-rc - 2013-07-01
  3851. Tor 0.2.4.15-rc is the first release candidate for the Tor 0.2.4.x
  3852. series. It fixes a few smaller bugs, but generally appears stable.
  3853. Please test it and let us know whether it is!
  3854. o Major bugfixes:
  3855. - When receiving a new configuration file via the control port's
  3856. LOADCONF command, do not treat the defaults file as absent.
  3857. Fixes bug 9122; bugfix on 0.2.3.9-alpha.
  3858. o Minor features:
  3859. - Issue a warning when running with the bufferevents backend enabled.
  3860. It's still not stable, and people should know that they're likely
  3861. to hit unexpected problems. Closes ticket 9147.
  3862. Changes in version 0.2.4.14-alpha - 2013-06-18
  3863. Tor 0.2.4.14-alpha fixes a pair of client guard enumeration problems
  3864. present in 0.2.4.13-alpha.
  3865. o Major bugfixes:
  3866. - When we have too much memory queued in circuits (according to a new
  3867. MaxMemInCellQueues option), close the circuits consuming the most
  3868. memory. This prevents us from running out of memory as a relay if
  3869. circuits fill up faster than they can be drained. Fixes bug 9063;
  3870. bugfix on the 54th commit of Tor. This bug is a further fix beyond
  3871. bug 6252, whose fix was merged into 0.2.3.21-rc.
  3872. This change also fixes an earlier approach taken in 0.2.4.13-alpha,
  3873. where we tried to solve this issue simply by imposing an upper limit
  3874. on the number of queued cells for a single circuit. That approach
  3875. proved to be problematic, since there are ways to provoke clients to
  3876. send a number of cells in excess of any such reasonable limit. Fixes
  3877. bug 9072; bugfix on 0.2.4.13-alpha.
  3878. - Limit hidden service descriptors to at most ten introduction
  3879. points, to slow one kind of guard enumeration. Fixes bug 9002;
  3880. bugfix on 0.1.1.11-alpha.
  3881. Changes in version 0.2.4.13-alpha - 2013-06-14
  3882. Tor 0.2.4.13-alpha fixes a variety of potential remote crash
  3883. vulnerabilities, makes socks5 username/password circuit isolation
  3884. actually actually work (this time for sure!), and cleans up a bunch
  3885. of other issues in preparation for a release candidate.
  3886. o Major bugfixes (robustness):
  3887. - Close any circuit that has too many cells queued on it. Fixes
  3888. bug 9063; bugfix on the 54th commit of Tor. This bug is a further
  3889. fix beyond bug 6252, whose fix was merged into 0.2.3.21-rc.
  3890. - Prevent the get_freelists() function from running off the end of
  3891. the list of freelists if it somehow gets an unrecognized
  3892. allocation. Fixes bug 8844; bugfix on 0.2.0.16-alpha. Reported by
  3893. eugenis.
  3894. - Avoid an assertion failure on OpenBSD (and perhaps other BSDs)
  3895. when an exit connection with optimistic data succeeds immediately
  3896. rather than returning EINPROGRESS. Fixes bug 9017; bugfix on
  3897. 0.2.3.1-alpha.
  3898. - Fix a directory authority crash bug when building a consensus
  3899. using an older consensus as its basis. Fixes bug 8833. Bugfix
  3900. on 0.2.4.12-alpha.
  3901. o Major bugfixes:
  3902. - Avoid a memory leak where we would leak a consensus body when we
  3903. find that a consensus which we couldn't previously verify due to
  3904. missing certificates is now verifiable. Fixes bug 8719; bugfix
  3905. on 0.2.0.10-alpha.
  3906. - We used to always request authority certificates by identity digest,
  3907. meaning we'd get the newest one even when we wanted one with a
  3908. different signing key. Then we would complain about being given
  3909. a certificate we already had, and never get the one we really
  3910. wanted. Now we use the "fp-sk/" resource as well as the "fp/"
  3911. resource to request the one we want. Fixes bug 5595; bugfix on
  3912. 0.2.0.8-alpha.
  3913. - Follow the socks5 protocol when offering username/password
  3914. authentication. The fix for bug 8117 exposed this bug, and it
  3915. turns out real-world applications like Pidgin do care. Bugfix on
  3916. 0.2.3.2-alpha; fixes bug 8879.
  3917. - Prevent failures on Windows Vista and later when rebuilding the
  3918. microdescriptor cache. Diagnosed by Robert Ransom. Fixes bug 8822;
  3919. bugfix on 0.2.4.12-alpha.
  3920. o Minor bugfixes:
  3921. - Fix an impossible buffer overrun in the AES unit tests. Fixes
  3922. bug 8845; bugfix on 0.2.0.7-alpha. Found by eugenis.
  3923. - If for some reason we fail to write a microdescriptor while
  3924. rebuilding the cache, do not let the annotations from that
  3925. microdescriptor linger in the cache file, and do not let the
  3926. microdescriptor stay recorded as present in its old location.
  3927. Fixes bug 9047; bugfix on 0.2.2.6-alpha.
  3928. - Fix a memory leak that would occur whenever a configuration
  3929. option changed. Fixes bug 8718; bugfix on 0.2.3.3-alpha.
  3930. - Paste the description for PathBias parameters from the man
  3931. page into or.h, so the code documents them too. Fixes bug 7982;
  3932. bugfix on 0.2.3.17-beta and 0.2.4.8-alpha.
  3933. - Relays now treat a changed IPv6 ORPort as sufficient reason to
  3934. publish an updated descriptor. Fixes bug 6026; bugfix on
  3935. 0.2.4.1-alpha.
  3936. - When launching a resolve request on behalf of an AF_UNIX control
  3937. socket, omit the address field of the new entry connection, used in
  3938. subsequent controller events, rather than letting tor_dup_addr()
  3939. set it to "<unknown address type>". Fixes bug 8639; bugfix on
  3940. 0.2.4.12-alpha.
  3941. o Minor bugfixes (log messages):
  3942. - Fix a scaling issue in the path bias accounting code that
  3943. resulted in "Bug:" log messages from either
  3944. pathbias_scale_close_rates() or pathbias_count_build_success().
  3945. This represents a bugfix on a previous bugfix: the original fix
  3946. attempted in 0.2.4.10-alpha was incomplete. Fixes bug 8235; bugfix
  3947. on 0.2.4.1-alpha.
  3948. - Give a less useless error message when the user asks for an IPv4
  3949. address on an IPv6-only port, or vice versa. Fixes bug 8846; bugfix
  3950. on 0.2.4.7-alpha.
  3951. o Minor features:
  3952. - Downgrade "unexpected SENDME" warnings to protocol-warn for 0.2.4.x,
  3953. to tolerate bug 8093 for now.
  3954. - Add an "ignoring-advertised-bws" boolean to the flag-threshold lines
  3955. in directory authority votes to describe whether they have enough
  3956. measured bandwidths to ignore advertised (relay descriptor)
  3957. bandwidth claims. Resolves ticket 8711.
  3958. - Update to the June 5 2013 Maxmind GeoLite Country database.
  3959. o Removed documentation:
  3960. - Remove some of the older contents of doc/ as obsolete; move others
  3961. to torspec.git. Fixes bug 8965.
  3962. o Code simplification and refactoring:
  3963. - Avoid using character buffers when constructing most directory
  3964. objects: this approach was unwieldy and error-prone. Instead,
  3965. build smartlists of strings, and concatenate them when done.
  3966. Changes in version 0.2.4.12-alpha - 2013-04-18
  3967. Tor 0.2.4.12-alpha moves Tor forward on several fronts: it starts the
  3968. process for lengthening the guard rotation period, makes directory
  3969. authority opinions in the consensus a bit less gameable, makes socks5
  3970. username/password circuit isolation actually work, and fixes a wide
  3971. variety of other issues.
  3972. o Major features:
  3973. - Raise the default time that a client keeps an entry guard from
  3974. "1-2 months" to "2-3 months", as suggested by Tariq Elahi's WPES
  3975. 2012 paper. (We would make it even longer, but we need better client
  3976. load balancing first.) Also, make the guard lifetime controllable
  3977. via a new GuardLifetime torrc option and a GuardLifetime consensus
  3978. parameter. Start of a fix for bug 8240; bugfix on 0.1.1.11-alpha.
  3979. - Directory authorities now prefer using measured bandwidths to
  3980. advertised ones when computing flags and thresholds. Resolves
  3981. ticket 8273.
  3982. - Directory authorities that have more than a threshold number
  3983. of relays with measured bandwidths now treat relays with unmeasured
  3984. bandwidths as having bandwidth 0. Resolves ticket 8435.
  3985. o Major bugfixes (assert / resource use):
  3986. - Avoid a bug where our response to TLS renegotiation under certain
  3987. network conditions could lead to a busy-loop, with 100% CPU
  3988. consumption. Fixes bug 5650; bugfix on 0.2.0.16-alpha.
  3989. - Avoid an assertion when we discover that we'd like to write a cell
  3990. onto a closing connection: just discard the cell. Fixes another
  3991. case of bug 7350; bugfix on 0.2.4.4-alpha.
  3992. o Major bugfixes (client-side privacy):
  3993. - When we mark a circuit as unusable for new circuits, have it
  3994. continue to be unusable for new circuits even if MaxCircuitDirtiness
  3995. is increased too much at the wrong time, or the system clock jumps
  3996. backwards. Fixes bug 6174; bugfix on 0.0.2pre26.
  3997. - If ClientDNSRejectInternalAddresses ("do not believe DNS queries
  3998. which have resolved to internal addresses") is set, apply that
  3999. rule to IPv6 as well. Fixes bug 8475; bugfix on 0.2.0.7-alpha.
  4000. - When an exit relay rejects a stream with reason "exit policy", but
  4001. we only know an exit policy summary (e.g. from the microdesc
  4002. consensus) for it, do not mark the relay as useless for all exiting.
  4003. Instead, mark just the circuit as unsuitable for that particular
  4004. address. Fixes part of bug 7582; bugfix on 0.2.3.2-alpha.
  4005. - Allow applications to get proper stream isolation with
  4006. IsolateSOCKSAuth. Many SOCKS5 clients that want to offer
  4007. username/password authentication also offer "no authentication". Tor
  4008. had previously preferred "no authentication", so the applications
  4009. never actually sent Tor their auth details. Now Tor selects
  4010. username/password authentication if it's offered. You can disable
  4011. this behavior on a per-SOCKSPort basis via PreferSOCKSNoAuth. Fixes
  4012. bug 8117; bugfix on 0.2.3.3-alpha.
  4013. o Major bugfixes (other):
  4014. - When unable to find any working directory nodes to use as a
  4015. directory guard, give up rather than adding the same non-working
  4016. nodes to the directory guard list over and over. Fixes bug 8231;
  4017. bugfix on 0.2.4.8-alpha.
  4018. o Minor features:
  4019. - Reject as invalid most directory objects containing a NUL.
  4020. Belt-and-suspender fix for bug 8037.
  4021. - In our testsuite, create temporary directories with a bit more
  4022. entropy in their name to make name collisions less likely. Fixes
  4023. bug 8638.
  4024. - Add CACHED keyword to ADDRMAP events in the control protocol
  4025. to indicate whether a DNS result will be cached or not. Resolves
  4026. ticket 8596.
  4027. - Update to the April 3 2013 Maxmind GeoLite Country database.
  4028. o Minor features (build):
  4029. - Detect and reject attempts to build Tor with threading support
  4030. when OpenSSL has been compiled without threading support.
  4031. Fixes bug 6673.
  4032. - Clarify that when autoconf is checking for nacl, it is checking
  4033. specifically for nacl with a fast curve25519 implementation.
  4034. Fixes bug 8014.
  4035. - Warn if building on a platform with an unsigned time_t: there
  4036. are too many places where Tor currently assumes that time_t can
  4037. hold negative values. We'd like to fix them all, but probably
  4038. some will remain.
  4039. o Minor bugfixes (build):
  4040. - Fix some bugs in tor-fw-helper-natpmp when trying to build and
  4041. run it on Windows. More bugs likely remain. Patch from Gisle Vanem.
  4042. Fixes bug 7280; bugfix on 0.2.3.1-alpha.
  4043. - Add the old src/or/micro-revision.i filename to CLEANFILES.
  4044. On the off chance that somebody has one, it will go away as soon
  4045. as they run "make clean". Fix for bug 7143; bugfix on 0.2.4.1-alpha.
  4046. - Build Tor correctly on 32-bit platforms where the compiler can build
  4047. but not run code using the "uint128_t" construction. Fixes bug 8587;
  4048. bugfix on 0.2.4.8-alpha.
  4049. - Fix compilation warning with some versions of clang that would
  4050. prefer the -Wswitch-enum compiler flag to warn about switch
  4051. statements with missing enum values, even if those switch
  4052. statements have a "default:" statement. Fixes bug 8598; bugfix
  4053. on 0.2.4.10-alpha.
  4054. o Minor bugfixes (protocol):
  4055. - Fix the handling of a TRUNCATE cell when it arrives while the
  4056. circuit extension is in progress. Fixes bug 7947; bugfix on 0.0.7.1.
  4057. - Fix a misframing issue when reading the version numbers in a
  4058. VERSIONS cell. Previously we would recognize [00 01 00 02] as
  4059. 'version 1, version 2, and version 0x100', when it should have
  4060. only included versions 1 and 2. Fixes bug 8059; bugfix on
  4061. 0.2.0.10-alpha. Reported pseudonymously.
  4062. - Make the format and order of STREAM events for DNS lookups
  4063. consistent among the various ways to launch DNS lookups. Fixes
  4064. bug 8203; bugfix on 0.2.0.24-rc. Patch by "Desoxy."
  4065. - Correct our check for which versions of Tor support the EXTEND2
  4066. cell. We had been willing to send it to Tor 0.2.4.7-alpha and
  4067. later, when support was really added in version 0.2.4.8-alpha.
  4068. Fixes bug 8464; bugfix on 0.2.4.8-alpha.
  4069. o Minor bugfixes (other):
  4070. - Correctly store microdescriptors and extrainfo descriptors with
  4071. an internal NUL byte. Fixes bug 8037; bugfix on 0.2.0.1-alpha.
  4072. Bug reported by "cypherpunks".
  4073. - Increase the width of the field used to remember a connection's
  4074. link protocol version to two bytes. Harmless for now, since the
  4075. only currently recognized versions are one byte long. Reported
  4076. pseudonymously. Fixes bug 8062; bugfix on 0.2.0.10-alpha.
  4077. - If the state file's path bias counts are invalid (presumably from a
  4078. buggy Tor prior to 0.2.4.10-alpha), make them correct. Also add
  4079. additional checks and log messages to the scaling of Path Bias
  4080. counts, in case there still are remaining issues with scaling.
  4081. Should help resolve bug 8235.
  4082. - Eliminate several instances where we use "Nickname=ID" to refer to
  4083. nodes in logs. Use "Nickname (ID)" instead. (Elsewhere, we still use
  4084. "$ID=Nickname", which is also acceptable.) Fixes bug 7065. Bugfix
  4085. on 0.2.3.21-rc, 0.2.4.5-alpha, 0.2.4.8-alpha, and 0.2.4.10-alpha.
  4086. o Minor bugfixes (syscalls):
  4087. - Always check the return values of functions fcntl() and
  4088. setsockopt(). We don't believe these are ever actually failing in
  4089. practice, but better safe than sorry. Also, checking these return
  4090. values should please analysis tools like Coverity. Patch from
  4091. 'flupzor'. Fixes bug 8206; bugfix on all versions of Tor.
  4092. - Use direct writes rather than stdio when building microdescriptor
  4093. caches, in an attempt to mitigate bug 8031, or at least make it
  4094. less common.
  4095. o Minor bugfixes (config):
  4096. - When rejecting a configuration because we were unable to parse a
  4097. quoted string, log an actual error message. Fixes bug 7950; bugfix
  4098. on 0.2.0.16-alpha.
  4099. - Behave correctly when the user disables LearnCircuitBuildTimeout
  4100. but doesn't tell us what they would like the timeout to be. Fixes
  4101. bug 6304; bugfix on 0.2.2.14-alpha.
  4102. - When autodetecting the number of CPUs, use the number of available
  4103. CPUs in preference to the number of configured CPUs. Inform the
  4104. user if this reduces the number of available CPUs. Fixes bug 8002;
  4105. bugfix on 0.2.3.1-alpha.
  4106. - Make it an error when you set EntryNodes but disable UseGuardNodes,
  4107. since it will (surprisingly to some users) ignore EntryNodes. Fixes
  4108. bug 8180; bugfix on 0.2.3.11-alpha.
  4109. - Allow TestingTorNetworks to override the 4096-byte minimum for
  4110. the Fast threshold. Otherwise they can't bootstrap until they've
  4111. observed more traffic. Fixes bug 8508; bugfix on 0.2.4.10-alpha.
  4112. - Fix some logic errors when the user manually overrides the
  4113. PathsNeededToBuildCircuits option in torrc. Fixes bug 8599; bugfix
  4114. on 0.2.4.10-alpha.
  4115. o Minor bugfixes (log messages to help diagnose bugs):
  4116. - If we fail to free a microdescriptor because of bug 7164, log
  4117. the filename and line number from which we tried to free it.
  4118. - Add another diagnostic to the heartbeat message: track and log
  4119. overhead that TLS is adding to the data we write. If this is
  4120. high, we are sending too little data to SSL_write at a time.
  4121. Diagnostic for bug 7707.
  4122. - Add more detail to a log message about relaxed timeouts, to help
  4123. track bug 7799.
  4124. - Warn more aggressively when flushing microdescriptors to a
  4125. microdescriptor cache fails, in an attempt to mitigate bug 8031,
  4126. or at least make it more diagnosable.
  4127. - Improve debugging output to help track down bug 8185 ("Bug:
  4128. outgoing relay cell has n_chan==NULL. Dropping.")
  4129. - Log the purpose of a path-bias testing circuit correctly.
  4130. Improves a log message from bug 8477; bugfix on 0.2.4.8-alpha.
  4131. o Minor bugfixes (0.2.4.x log messages that were too noisy):
  4132. - Don't attempt to relax the timeout of already opened 1-hop circuits.
  4133. They might never timeout. This should eliminate some/all cases of
  4134. the relaxed timeout log message.
  4135. - Use circuit creation time for network liveness evaluation. This
  4136. should eliminate warning log messages about liveness caused
  4137. by changes in timeout evaluation. Fixes bug 6572; bugfix on
  4138. 0.2.4.8-alpha.
  4139. - Reduce a path bias length check from notice to info. The message
  4140. is triggered when creating controller circuits. Fixes bug 8196;
  4141. bugfix on 0.2.4.8-alpha.
  4142. - Fix a path state issue that triggered a notice during relay startup.
  4143. Fixes bug 8320; bugfix on 0.2.4.10-alpha.
  4144. - Reduce occurrences of warns about circuit purpose in
  4145. connection_ap_expire_building(). Fixes bug 8477; bugfix on
  4146. 0.2.4.11-alpha.
  4147. o Minor bugfixes (pre-0.2.4.x log messages that were too noisy):
  4148. - If we encounter a write failure on a SOCKS connection before we
  4149. finish our SOCKS handshake, don't warn that we closed the
  4150. connection before we could send a SOCKS reply. Fixes bug 8427;
  4151. bugfix on 0.1.0.1-rc.
  4152. - Correctly recognize that [::1] is a loopback address. Fixes
  4153. bug 8377; bugfix on 0.2.1.3-alpha.
  4154. - Fix a directory authority warn caused when we have a large amount
  4155. of badexit bandwidth. Fixes bug 8419; bugfix on 0.2.2.10-alpha.
  4156. - Don't log inappropriate heartbeat messages when hibernating: a
  4157. hibernating node is _expected_ to drop out of the consensus,
  4158. decide it isn't bootstrapped, and so forth. Fixes bug 7302;
  4159. bugfix on 0.2.3.1-alpha.
  4160. - Don't complain about bootstrapping problems while hibernating.
  4161. These complaints reflect a general code problem, but not one
  4162. with any problematic effects (no connections are actually
  4163. opened). Fixes part of bug 7302; bugfix on 0.2.3.2-alpha.
  4164. o Documentation fixes:
  4165. - Update tor-fw-helper.1.txt and tor-fw-helper.c to make option
  4166. names match. Fixes bug 7768.
  4167. - Make the torify manpage no longer refer to tsocks; torify hasn't
  4168. supported tsocks since 0.2.3.14-alpha.
  4169. - Make the tor manpage no longer reference tsocks.
  4170. - Fix the GeoIPExcludeUnknown documentation to refer to
  4171. ExcludeExitNodes rather than the currently nonexistent
  4172. ExcludeEntryNodes. Spotted by "hamahangi" on tor-talk.
  4173. o Removed files:
  4174. - The tor-tsocks.conf is no longer distributed or installed. We
  4175. recommend that tsocks users use torsocks instead. Resolves
  4176. ticket 8290.
  4177. Changes in version 0.2.4.11-alpha - 2013-03-11
  4178. Tor 0.2.4.11-alpha makes relay measurement by directory authorities
  4179. more robust, makes hidden service authentication work again, and
  4180. resolves a DPI fingerprint for Tor's SSL transport.
  4181. o Major features (directory authorities):
  4182. - Directory authorities now support a new consensus method (17)
  4183. where they cap the published bandwidth of servers for which
  4184. insufficient bandwidth measurements exist. Fixes part of bug 2286.
  4185. - Directory authorities that set "DisableV2DirectoryInfo_ 1" no longer
  4186. serve any v2 directory information. Now we can test disabling the
  4187. old deprecated v2 directory format, and see whether doing so has
  4188. any effect on network load. Begins to fix bug 6783.
  4189. - Directory authorities now include inside each vote a statement of
  4190. the performance thresholds they used when assigning flags.
  4191. Implements ticket 8151.
  4192. o Major bugfixes (directory authorities):
  4193. - Stop marking every relay as having been down for one hour every
  4194. time we restart a directory authority. These artificial downtimes
  4195. were messing with our Stable and Guard flag calculations. Fixes
  4196. bug 8218 (introduced by the fix for 1035). Bugfix on 0.2.2.23-alpha.
  4197. o Major bugfixes (hidden services):
  4198. - Allow hidden service authentication to succeed again. When we
  4199. refactored the hidden service introduction code back
  4200. in 0.2.4.1-alpha, we didn't update the code that checks
  4201. whether authentication information is present, causing all
  4202. authentication checks to return "false". Fix for bug 8207; bugfix
  4203. on 0.2.4.1-alpha. Found by Coverity; this is CID 718615.
  4204. o Minor features (relays, bridges):
  4205. - Make bridge relays check once a minute for whether their IP
  4206. address has changed, rather than only every 15 minutes. Resolves
  4207. bugs 1913 and 1992.
  4208. - Refactor resolve_my_address() so it returns the method by which we
  4209. decided our public IP address (explicitly configured, resolved from
  4210. explicit hostname, guessed from interfaces, learned by gethostname).
  4211. Now we can provide more helpful log messages when a relay guesses
  4212. its IP address incorrectly (e.g. due to unexpected lines in
  4213. /etc/hosts). Resolves ticket 2267.
  4214. - Teach bridge-using clients to avoid 0.2.2 bridges when making
  4215. microdescriptor-related dir requests, and only fall back to normal
  4216. descriptors if none of their bridges can handle microdescriptors
  4217. (as opposed to the fix in ticket 4013, which caused them to fall
  4218. back to normal descriptors if *any* of their bridges preferred
  4219. them). Resolves ticket 4994.
  4220. - Randomize the lifetime of our SSL link certificate, so censors can't
  4221. use the static value for filtering Tor flows. Resolves ticket 8443;
  4222. related to ticket 4014 which was included in 0.2.2.33.
  4223. - Support a new version of the link protocol that allows 4-byte circuit
  4224. IDs. Previously, circuit IDs were limited to 2 bytes, which presented
  4225. a possible resource exhaustion issue. Closes ticket 7351; implements
  4226. proposal 214.
  4227. o Minor features (portability):
  4228. - Tweak the curve25519-donna*.c implementations to tolerate systems
  4229. that lack stdint.h. Fixes bug 3894; bugfix on 0.2.4.8-alpha.
  4230. - Use Ville Laurikari's implementation of AX_CHECK_SIGN() to determine
  4231. the signs of types during autoconf. This is better than our old
  4232. approach, which didn't work when cross-compiling.
  4233. - Detect the sign of enum values, rather than assuming that MSC is the
  4234. only compiler where enum types are all signed. Fixes bug 7727;
  4235. bugfix on 0.2.4.10-alpha.
  4236. o Minor features (other):
  4237. - Say "KBytes" rather than "KB" in the man page (for various values
  4238. of K), to further reduce confusion about whether Tor counts in
  4239. units of memory or fractions of units of memory. Resolves ticket 7054.
  4240. - Clear the high bit on curve25519 public keys before passing them to
  4241. our backend, in case we ever wind up using a backend that doesn't do
  4242. so itself. If we used such a backend, and *didn't* clear the high bit,
  4243. we could wind up in a situation where users with such backends would
  4244. be distinguishable from users without. Fixes bug 8121; bugfix on
  4245. 0.2.4.8-alpha.
  4246. - Update to the March 6 2013 Maxmind GeoLite Country database.
  4247. o Minor bugfixes (clients):
  4248. - When we receive a RELAY_END cell with the reason DONE, or with no
  4249. reason, before receiving a RELAY_CONNECTED cell, report the SOCKS
  4250. status as "connection refused". Previously we reported these cases
  4251. as success but then immediately closed the connection. Fixes bug
  4252. 7902; bugfix on 0.1.0.1-rc. Reported by "oftc_must_be_destroyed".
  4253. - Downgrade an assertion in connection_ap_expire_beginning to an
  4254. LD_BUG message. The fix for bug 8024 should prevent this message
  4255. from displaying, but just in case, a warn that we can diagnose
  4256. is better than more assert crashes. Fixes bug 8065; bugfix on
  4257. 0.2.4.8-alpha.
  4258. - Lower path use bias thresholds to .80 for notice and .60 for warn.
  4259. Also make the rate limiting flags for the path use bias log messages
  4260. independent from the original path bias flags. Fixes bug 8161;
  4261. bugfix on 0.2.4.10-alpha.
  4262. o Minor bugfixes (relays):
  4263. - Stop trying to resolve our hostname so often (e.g. every time we
  4264. think about doing a directory fetch). Now we reuse the cached
  4265. answer in some cases. Fixes bugs 1992 (bugfix on 0.2.0.20-rc)
  4266. and 2410 (bugfix on 0.1.2.2-alpha).
  4267. - Stop sending a stray "(null)" in some cases for the server status
  4268. "EXTERNAL_ADDRESS" controller event. Resolves bug 8200; bugfix
  4269. on 0.1.2.6-alpha.
  4270. - When choosing which stream on a formerly stalled circuit to wake
  4271. first, make better use of the platform's weak RNG. Previously,
  4272. we had been using the % ("modulo") operator to try to generate a
  4273. 1/N chance of picking each stream, but this behaves badly with
  4274. many platforms' choice of weak RNG. Fixes bug 7801; bugfix on
  4275. 0.2.2.20-alpha.
  4276. - Use our own weak RNG when we need a weak RNG. Windows's rand() and
  4277. Irix's random() only return 15 bits; Solaris's random() returns more
  4278. bits but its RAND_MAX says it only returns 15, and so on. Motivated
  4279. by the fix for bug 7801; bugfix on 0.2.2.20-alpha.
  4280. o Minor bugfixes (directory authorities):
  4281. - Directory authorities now use less space when formatting identical
  4282. microdescriptor lines in directory votes. Fixes bug 8158; bugfix
  4283. on 0.2.4.1-alpha.
  4284. o Minor bugfixes (memory leaks spotted by Coverity -- bug 7816):
  4285. - Avoid leaking memory if we fail to compute a consensus signature
  4286. or we generate a consensus we can't parse. Bugfix on 0.2.0.5-alpha.
  4287. - Fix a memory leak when receiving headers from an HTTPS proxy. Bugfix
  4288. on 0.2.1.1-alpha.
  4289. - Fix a memory leak during safe-cookie controller authentication.
  4290. Bugfix on 0.2.3.13-alpha.
  4291. - Avoid memory leak of IPv6 policy content if we fail to format it into
  4292. a router descriptor. Bugfix on 0.2.4.7-alpha.
  4293. o Minor bugfixes (other code correctness issues):
  4294. - Avoid a crash if we fail to generate an extrainfo descriptor.
  4295. Fixes bug 8208; bugfix on 0.2.3.16-alpha. Found by Coverity;
  4296. this is CID 718634.
  4297. - When detecting the largest possible file descriptor (in order to
  4298. close all file descriptors when launching a new program), actually
  4299. use _SC_OPEN_MAX. The old code for doing this was very, very broken.
  4300. Fixes bug 8209; bugfix on 0.2.3.1-alpha. Found by Coverity; this
  4301. is CID 743383.
  4302. - Fix a copy-and-paste error when adding a missing A1 to a routerset
  4303. because of GeoIPExcludeUnknown. Fix for Coverity CID 980650.
  4304. Bugfix on 0.2.4.10-alpha.
  4305. - Fix an impossible-to-trigger integer overflow when estimating how
  4306. long our onionskin queue would take. (This overflow would require us
  4307. to accept 4 million onionskins before processing 100 of them.) Fixes
  4308. bug 8210; bugfix on 0.2.4.10-alpha.
  4309. o Code simplification and refactoring:
  4310. - Add a wrapper function for the common "log a message with a
  4311. rate-limit" case.
  4312. Changes in version 0.2.4.10-alpha - 2013-02-04
  4313. Tor 0.2.4.10-alpha adds defenses at the directory authority level from
  4314. certain attacks that flood the network with relays; changes the queue
  4315. for circuit create requests from a sized-based limit to a time-based
  4316. limit; resumes building with MSVC on Windows; and fixes a wide variety
  4317. of other issues.
  4318. o Major bugfixes (directory authority):
  4319. - When computing directory thresholds, ignore any rejected-as-sybil
  4320. nodes during the computation so that they can't influence Fast,
  4321. Guard, etc. (We should have done this for proposal 109.) Fixes
  4322. bug 8146.
  4323. - When marking a node as a likely sybil, reset its uptime metrics
  4324. to zero, so that it cannot time towards getting marked as Guard,
  4325. Stable, or HSDir. (We should have done this for proposal 109.) Fixes
  4326. bug 8147.
  4327. o Major bugfixes:
  4328. - When a TLS write is partially successful but incomplete, remember
  4329. that the flushed part has been flushed, and notice that bytes were
  4330. actually written. Reported and fixed pseudonymously. Fixes bug
  4331. 7708; bugfix on Tor 0.1.0.5-rc.
  4332. - Reject bogus create and relay cells with 0 circuit ID or 0 stream
  4333. ID: these could be used to create unexpected streams and circuits
  4334. which would count as "present" to some parts of Tor but "absent"
  4335. to others, leading to zombie circuits and streams or to a bandwidth
  4336. denial-of-service. Fixes bug 7889; bugfix on every released version
  4337. of Tor. Reported by "oftc_must_be_destroyed".
  4338. - Rename all macros in our local copy of queue.h to begin with "TOR_".
  4339. This change seems the only good way to permanently prevent conflicts
  4340. with queue.h on various operating systems. Fixes bug 8107; bugfix
  4341. on 0.2.4.6-alpha.
  4342. o Major features (relay):
  4343. - Instead of limiting the number of queued onionskins (aka circuit
  4344. create requests) to a fixed, hard-to-configure number, we limit
  4345. the size of the queue based on how many we expect to be able to
  4346. process in a given amount of time. We estimate the time it will
  4347. take to process an onionskin based on average processing time
  4348. of previous onionskins. Closes ticket 7291. You'll never have to
  4349. configure MaxOnionsPending again.
  4350. o Major features (portability):
  4351. - Resume building correctly with MSVC and Makefile.nmake. This patch
  4352. resolves numerous bugs and fixes reported by ultramage, including
  4353. 7305, 7308, 7309, 7310, 7312, 7313, 7315, 7316, and 7669.
  4354. - Make the ntor and curve25519 code build correctly with MSVC.
  4355. Fix on 0.2.4.8-alpha.
  4356. o Minor features:
  4357. - When directory authorities are computing thresholds for flags,
  4358. never let the threshold for the Fast flag fall below 4096
  4359. bytes. Also, do not consider nodes with extremely low bandwidths
  4360. when deciding thresholds for various directory flags. This change
  4361. should raise our threshold for Fast relays, possibly in turn
  4362. improving overall network performance; see ticket 1854. Resolves
  4363. ticket 8145.
  4364. - The Tor client now ignores sub-domain components of a .onion
  4365. address. This change makes HTTP "virtual" hosting
  4366. possible: http://foo.aaaaaaaaaaaaaaaa.onion/ and
  4367. http://bar.aaaaaaaaaaaaaaaa.onion/ can be two different websites
  4368. hosted on the same hidden service. Implements proposal 204.
  4369. - We compute the overhead from passing onionskins back and forth to
  4370. cpuworkers, and report it when dumping statistics in response to
  4371. SIGUSR1. Supports ticket 7291.
  4372. o Minor features (path selection):
  4373. - When deciding whether we have enough descriptors to build circuits,
  4374. instead of looking at raw relay counts, look at which fraction
  4375. of (bandwidth-weighted) paths we're able to build. This approach
  4376. keeps clients from building circuits if their paths are likely to
  4377. stand out statistically. The default fraction of paths needed is
  4378. taken from the consensus directory; you can override it with the
  4379. new PathsNeededToBuildCircuits option. Fixes ticket 5956.
  4380. - When any country code is listed in ExcludeNodes or ExcludeExitNodes,
  4381. and we have GeoIP information, also exclude all nodes with unknown
  4382. countries "??" and "A1". This behavior is controlled by the
  4383. new GeoIPExcludeUnknown option: you can make such nodes always
  4384. excluded with "GeoIPExcludeUnknown 1", and disable the feature
  4385. with "GeoIPExcludeUnknown 0". Setting "GeoIPExcludeUnknown auto"
  4386. gets you the default behavior. Implements feature 7706.
  4387. - Path Use Bias: Perform separate accounting for successful circuit
  4388. use. Keep separate statistics on stream attempt rates versus stream
  4389. success rates for each guard. Provide configurable thresholds to
  4390. determine when to emit log messages or disable use of guards that
  4391. fail too many stream attempts. Resolves ticket 7802.
  4392. o Minor features (log messages):
  4393. - When learning a fingerprint for a bridge, log its corresponding
  4394. transport type. Implements ticket 7896.
  4395. - Improve the log message when "Bug/attack: unexpected sendme cell
  4396. from client" occurs, to help us track bug 8093.
  4397. o Minor bugfixes:
  4398. - Remove a couple of extraneous semicolons that were upsetting the
  4399. cparser library. Patch by Christian Grothoff. Fixes bug 7115;
  4400. bugfix on 0.2.2.1-alpha.
  4401. - Remove a source of rounding error during path bias count scaling;
  4402. don't count cannibalized circuits as used for path bias until we
  4403. actually try to use them; and fix a circuit_package_relay_cell()
  4404. warning message about n_chan==NULL. Fixes bug 7802.
  4405. - Detect nacl when its headers are in a nacl/ subdirectory. Also,
  4406. actually link against nacl when we're configured to use it. Fixes
  4407. bug 7972; bugfix on 0.2.4.8-alpha.
  4408. - Compile correctly with the --disable-curve25519 option. Fixes
  4409. bug 8153; bugfix on 0.2.4.8-alpha.
  4410. o Build improvements:
  4411. - Do not report status verbosely from autogen.sh unless the -v flag
  4412. is specified. Fixes issue 4664. Patch from Onizuka.
  4413. - Replace all calls to snprintf() outside of src/ext with
  4414. tor_snprintf(). Also remove the #define to replace snprintf with
  4415. _snprintf on Windows; they have different semantics, and all of
  4416. our callers should be using tor_snprintf() anyway. Fixes bug 7304.
  4417. - Try to detect if we are ever building on a platform where
  4418. memset(...,0,...) does not set the value of a double to 0.0. Such
  4419. platforms are permitted by the C standard, though in practice
  4420. they're pretty rare (since IEEE 754 is nigh-ubiquitous). We don't
  4421. currently support them, but it's better to detect them and fail
  4422. than to perform erroneously.
  4423. o Removed features:
  4424. - Stop exporting estimates of v2 and v3 directory traffic shares
  4425. in extrainfo documents. They were unneeded and sometimes inaccurate.
  4426. Also stop exporting any v2 directory request statistics. Resolves
  4427. ticket 5823.
  4428. - Drop support for detecting and warning about versions of Libevent
  4429. before 1.3e. Nothing reasonable ships with them any longer;
  4430. warning the user about them shouldn't be needed. Resolves ticket
  4431. 6826.
  4432. o Code simplifications and refactoring:
  4433. - Rename "isin" functions to "contains", for grammar. Resolves
  4434. ticket 5285.
  4435. - Rename Tor's logging function log() to tor_log(), to avoid conflicts
  4436. with the natural logarithm function from the system libm. Resolves
  4437. ticket 7599.
  4438. Changes in version 0.2.4.9-alpha - 2013-01-15
  4439. Tor 0.2.4.9-alpha provides a quick fix to make the new ntor handshake
  4440. work more robustly.
  4441. o Major bugfixes:
  4442. - Fix backward compatibility logic when receiving an embedded ntor
  4443. handshake tunneled in a CREATE cell. This clears up the "Bug:
  4444. couldn't format CREATED cell" warning. Fixes bug 7959; bugfix
  4445. on 0.2.4.8-alpha.
  4446. Changes in version 0.2.4.8-alpha - 2013-01-14
  4447. Tor 0.2.4.8-alpha introduces directory guards to reduce user enumeration
  4448. risks, adds a new stronger and faster circuit handshake, and offers
  4449. stronger and faster link encryption when both sides support it.
  4450. o Major features:
  4451. - Preliminary support for directory guards (proposal 207): when
  4452. possible, clients now use their entry guards for non-anonymous
  4453. directory requests. This can help prevent client enumeration. Note
  4454. that this behavior only works when we have a usable consensus
  4455. directory, and when options about what to download are more or less
  4456. standard. In the future we should re-bootstrap from our guards,
  4457. rather than re-bootstrapping from the preconfigured list of
  4458. directory sources that ships with Tor. Resolves ticket 6526.
  4459. - Tor relays and clients now support a better CREATE/EXTEND cell
  4460. format, allowing the sender to specify multiple address, identity,
  4461. and handshake types. Implements Robert Ransom's proposal 200;
  4462. closes ticket 7199.
  4463. o Major features (new circuit handshake):
  4464. - Tor now supports a new circuit extension handshake designed by Ian
  4465. Goldberg, Douglas Stebila, and Berkant Ustaoglu. Our original
  4466. circuit extension handshake, later called "TAP", was a bit slow
  4467. (especially on the relay side), had a fragile security proof, and
  4468. used weaker keys than we'd now prefer. The new circuit handshake
  4469. uses Dan Bernstein's "curve25519" elliptic-curve Diffie-Hellman
  4470. function, making it significantly more secure than the older
  4471. handshake, and significantly faster. Tor can use one of two built-in
  4472. pure-C curve25519-donna implementations by Adam Langley, or it
  4473. can link against the "nacl" library for a tuned version if present.
  4474. The built-in version is very fast for 64-bit systems when building
  4475. with GCC. The built-in 32-bit version is still faster than the
  4476. old TAP protocol, but using libnacl is better on most such hosts.
  4477. Clients don't currently use this protocol by default, since
  4478. comparatively few clients support it so far. To try it, set
  4479. UseNTorHandshake to 1.
  4480. Implements proposal 216; closes ticket 7202.
  4481. o Major features (better link encryption):
  4482. - Relays can now enable the ECDHE TLS ciphersuites when available
  4483. and appropriate. These ciphersuites let us negotiate forward-secure
  4484. TLS secret keys more safely and more efficiently than with our
  4485. previous use of Diffie-Hellman modulo a 1024-bit prime. By default,
  4486. public relays prefer the (faster) P224 group, and bridges prefer
  4487. the (more common) P256 group; you can override this with the
  4488. TLSECGroup option.
  4489. Enabling these ciphers was a little tricky, since for a long time,
  4490. clients had been claiming to support them without actually doing
  4491. so, in order to foil fingerprinting. But with the client-side
  4492. implementation of proposal 198 in 0.2.3.17-beta, clients can now
  4493. match the ciphers from recent Firefox versions *and* list the
  4494. ciphers they actually mean, so relays can believe such clients
  4495. when they advertise ECDHE support in their TLS ClientHello messages.
  4496. This feature requires clients running 0.2.3.17-beta or later,
  4497. and requires both sides to be running OpenSSL 1.0.0 or later
  4498. with ECC support. OpenSSL 1.0.1, with the compile-time option
  4499. "enable-ec_nistp_64_gcc_128", is highly recommended.
  4500. Implements the relay side of proposal 198; closes ticket 7200.
  4501. o Major bugfixes:
  4502. - Avoid crashing when, as a relay without IPv6-exit support, a
  4503. client insists on getting an IPv6 address or nothing. Fixes bug
  4504. 7814; bugfix on 0.2.4.7-alpha.
  4505. o Minor features:
  4506. - Improve circuit build timeout handling for hidden services.
  4507. In particular: adjust build timeouts more accurately depending
  4508. upon the number of hop-RTTs that a particular circuit type
  4509. undergoes. Additionally, launch intro circuits in parallel
  4510. if they timeout, and take the first one to reply as valid.
  4511. - Work correctly on Unix systems where EAGAIN and EWOULDBLOCK are
  4512. separate error codes; or at least, don't break for that reason.
  4513. Fixes bug 7935. Reported by "oftc_must_be_destroyed".
  4514. - Update to the January 2 2013 Maxmind GeoLite Country database.
  4515. o Minor features (testing):
  4516. - Add benchmarks for DH (1024-bit multiplicative group) and ECDH
  4517. (P-256) Diffie-Hellman handshakes to src/or/bench.
  4518. - Add benchmark functions to test onion handshake performance.
  4519. o Minor features (path bias detection):
  4520. - Alter the Path Bias log messages to be more descriptive in terms
  4521. of reporting timeouts and other statistics.
  4522. - Create three levels of Path Bias log messages, as opposed to just
  4523. two. These are configurable via consensus as well as via the torrc
  4524. options PathBiasNoticeRate, PathBiasWarnRate, PathBiasExtremeRate.
  4525. The default values are 0.70, 0.50, and 0.30 respectively.
  4526. - Separate the log message levels from the decision to drop guards,
  4527. which also is available via torrc option PathBiasDropGuards.
  4528. PathBiasDropGuards still defaults to 0 (off).
  4529. - Deprecate PathBiasDisableRate in favor of PathBiasDropGuards
  4530. in combination with PathBiasExtremeRate.
  4531. - Increase the default values for PathBiasScaleThreshold and
  4532. PathBiasCircThreshold from (200, 20) to (300, 150).
  4533. - Add in circuit usage accounting to path bias. If we try to use a
  4534. built circuit but fail for any reason, it counts as path bias.
  4535. Certain classes of circuits where the adversary gets to pick your
  4536. destination node are exempt from this accounting. Usage accounting
  4537. can be specifically disabled via consensus parameter or torrc.
  4538. - Convert all internal path bias state to double-precision floating
  4539. point, to avoid roundoff error and other issues.
  4540. - Only record path bias information for circuits that have completed
  4541. *two* hops. Assuming end-to-end tagging is the attack vector, this
  4542. makes us more resilient to ambient circuit failure without any
  4543. detection capability loss.
  4544. o Minor bugfixes (log messages):
  4545. - Rate-limit the "No circuits are opened. Relaxed timeout for a
  4546. circuit with channel state open..." message to once per hour to
  4547. keep it from filling the notice logs. Mitigates bug 7799 but does
  4548. not fix the underlying cause. Bugfix on 0.2.4.7-alpha.
  4549. - Avoid spurious warnings when configuring multiple client ports of
  4550. which only some are nonlocal. Previously, we had claimed that some
  4551. were nonlocal when in fact they weren't. Fixes bug 7836; bugfix on
  4552. 0.2.3.3-alpha.
  4553. o Code simplifications and refactoring:
  4554. - Get rid of a couple of harmless clang warnings, where we compared
  4555. enums to ints. These warnings are newly introduced in clang 3.2.
  4556. - Split the onion.c file into separate modules for the onion queue
  4557. and the different handshakes it supports.
  4558. - Remove the marshalling/unmarshalling code for sending requests to
  4559. cpuworkers over a socket, and instead just send structs. The
  4560. recipient will always be the same Tor binary as the sender, so
  4561. any encoding is overkill.
  4562. Changes in version 0.2.4.7-alpha - 2012-12-24
  4563. Tor 0.2.4.7-alpha introduces a new approach to providing fallback
  4564. directory mirrors for more robust bootstrapping; fixes more issues where
  4565. clients with changing network conditions refuse to make any circuits;
  4566. adds initial support for exiting to IPv6 addresses; resumes being able
  4567. to update our GeoIP database, and includes the geoip6 file this time;
  4568. turns off the client-side DNS cache by default due to privacy risks;
  4569. and fixes a variety of other issues.
  4570. o Major features (client resilience):
  4571. - Add a new "FallbackDir" torrc option to use when we can't use
  4572. a directory mirror from the consensus (either because we lack a
  4573. consensus, or because they're all down). Currently, all authorities
  4574. are fallbacks by default, and there are no other default fallbacks,
  4575. but that will change. This option will allow us to give clients a
  4576. longer list of servers to try to get a consensus from when first
  4577. connecting to the Tor network, and thereby reduce load on the
  4578. directory authorities. Implements proposal 206, "Preconfigured
  4579. directory sources for bootstrapping". We also removed the old
  4580. "FallbackNetworkstatus" option, since we never got it working well
  4581. enough to use it. Closes bug 572.
  4582. - If we have no circuits open, use a relaxed timeout (the
  4583. 95-percentile cutoff) until a circuit succeeds. This heuristic
  4584. should allow Tor to succeed at building circuits even when the
  4585. network connection drastically changes. Should help with bug 3443.
  4586. o Major features (IPv6):
  4587. - Relays can now exit to IPv6 addresses: make sure that you have IPv6
  4588. connectivity, then set the IPv6Exit flag to 1. Also make sure your
  4589. exit policy reads as you would like: the address * applies to all
  4590. address families, whereas *4 is IPv4 address only, and *6 is IPv6
  4591. addresses only. On the client side, you'll need to wait until the
  4592. authorities have upgraded, wait for enough exits to support IPv6,
  4593. apply the "IPv6Traffic" flag to a SocksPort, and use Socks5. Closes
  4594. ticket 5547, implements proposal 117 as revised in proposal 208.
  4595. We DO NOT recommend that clients with actual anonymity needs start
  4596. using IPv6 over Tor yet, since not enough exits support it yet.
  4597. o Major features (geoip database):
  4598. - Maxmind began labelling Tor relays as being in country "A1",
  4599. which breaks by-country node selection inside Tor. Now we use a
  4600. script to replace "A1" ("Anonymous Proxy") entries in our geoip
  4601. file with real country codes. This script fixes about 90% of "A1"
  4602. entries automatically and uses manual country code assignments to
  4603. fix the remaining 10%. See src/config/README.geoip for details.
  4604. Fixes bug 6266. Also update to the December 5 2012 Maxmind GeoLite
  4605. Country database, as modified above.
  4606. o Major bugfixes (client-side DNS):
  4607. - Turn off the client-side DNS cache by default. Updating and using
  4608. the DNS cache is now configurable on a per-client-port
  4609. level. SOCKSPort, DNSPort, etc lines may now contain
  4610. {No,}Cache{IPv4,IPv6,}DNS lines to indicate that we shouldn't
  4611. cache these types of DNS answers when we receive them from an
  4612. exit node in response to an application request on this port, and
  4613. {No,}UseCached{IPv4,IPv6,DNS} lines to indicate that if we have
  4614. cached DNS answers of these types, we shouldn't use them. It's
  4615. potentially risky to use cached DNS answers at the client, since
  4616. doing so can indicate to one exit what answers we've gotten
  4617. for DNS lookups in the past. With IPv6, this becomes especially
  4618. problematic. Using cached DNS answers for requests on the same
  4619. circuit would present less linkability risk, since all traffic
  4620. on a circuit is already linkable, but it would also provide
  4621. little performance benefit: the exit node caches DNS replies
  4622. too. Implements a simplified version of Proposal 205. Implements
  4623. ticket 7570.
  4624. o Major bugfixes (other):
  4625. - Alter circuit build timeout measurement to start at the point
  4626. where we begin the CREATE/CREATE_FAST step (as opposed to circuit
  4627. initialization). This should make our timeout measurements more
  4628. uniform. Previously, we were sometimes including ORconn setup time
  4629. in our circuit build time measurements. Should resolve bug 3443.
  4630. - Fix an assertion that could trigger in hibernate_go_dormant() when
  4631. closing an or_connection_t: call channel_mark_for_close() rather
  4632. than connection_mark_for_close(). Fixes bug 7267. Bugfix on
  4633. 0.2.4.4-alpha.
  4634. - Include the geoip6 IPv6 GeoIP database in the tarball. Fixes bug
  4635. 7655; bugfix on 0.2.4.6-alpha.
  4636. o Minor features:
  4637. - Add a new torrc option "ServerTransportListenAddr" to let bridge
  4638. operators select the address where their pluggable transports will
  4639. listen for connections. Resolves ticket 7013.
  4640. - Allow an optional $ before the node identity digest in the
  4641. controller command GETINFO ns/id/<identity>, for consistency with
  4642. md/id/<identity> and desc/id/<identity>. Resolves ticket 7059.
  4643. - Log packaged cell fullness as part of the heartbeat message.
  4644. Diagnosis to try to determine the extent of bug 7743.
  4645. o Minor features (IPv6):
  4646. - AutomapHostsOnResolve now supports IPv6 addresses. By default, we
  4647. prefer to hand out virtual IPv6 addresses, since there are more of
  4648. them and we can't run out. To override this behavior and make IPv4
  4649. addresses preferred, set NoPreferIPv6Automap on whatever SOCKSPort
  4650. or DNSPort you're using for resolving. Implements ticket 7571.
  4651. - AutomapHostsOnResolve responses are now randomized, to avoid
  4652. annoying situations where Tor is restarted and applications
  4653. connect to the wrong addresses.
  4654. - Never try more than 1000 times to pick a new virtual address when
  4655. AutomapHostsOnResolve is set. That's good enough so long as we
  4656. aren't close to handing out our entire virtual address space;
  4657. if you're getting there, it's best to switch to IPv6 virtual
  4658. addresses anyway.
  4659. o Minor bugfixes:
  4660. - The ADDRMAP command can no longer generate an ill-formed error
  4661. code on a failed MAPADDRESS. It now says "internal" rather than
  4662. an English sentence fragment with spaces in the middle. Bugfix on
  4663. Tor 0.2.0.19-alpha.
  4664. - Fix log messages and comments to avoid saying "GMT" when we mean
  4665. "UTC". Fixes bug 6113.
  4666. - Compile on win64 using mingw64. Fixes bug 7260; patches from
  4667. "yayooo".
  4668. - Fix a crash when debugging unit tests on Windows: deallocate a
  4669. shared library with FreeLibrary, not CloseHandle. Fixes bug 7306;
  4670. bugfix on 0.2.2.17-alpha. Reported by "ultramage".
  4671. o Renamed options:
  4672. - The DirServer option is now DirAuthority, for consistency with
  4673. current naming patterns. You can still use the old DirServer form.
  4674. o Code simplification and refactoring:
  4675. - Move the client-side address-map/virtual-address/DNS-cache code
  4676. out of connection_edge.c into a new addressmap.c module.
  4677. - Remove unused code for parsing v1 directories and "running routers"
  4678. documents. Fixes bug 6887.
  4679. Changes in version 0.2.3.25 - 2012-11-19
  4680. The Tor 0.2.3 release series is dedicated to the memory of Len "rabbi"
  4681. Sassaman (1980-2011), a long-time cypherpunk, anonymity researcher,
  4682. Mixmaster maintainer, Pynchon Gate co-designer, CodeCon organizer,
  4683. programmer, and friend. Unstinting in his dedication to the cause of
  4684. freedom, he inspired and helped many of us as we began our work on
  4685. anonymity, and inspires us still. Please honor his memory by writing
  4686. software to protect people's freedoms, and by helping others to do so.
  4687. Tor 0.2.3.25, the first stable release in the 0.2.3 branch, features
  4688. significantly reduced directory overhead (via microdescriptors),
  4689. enormous crypto performance improvements for fast relays on new
  4690. enough hardware, a new v3 TLS handshake protocol that can better
  4691. resist fingerprinting, support for protocol obfuscation plugins (aka
  4692. pluggable transports), better scalability for hidden services, IPv6
  4693. support for bridges, performance improvements like allowing clients
  4694. to skip the first round-trip on the circuit ("optimistic data") and
  4695. refilling token buckets more often, a new "stream isolation" design
  4696. to isolate different applications on different circuits, and many
  4697. stability, security, and privacy fixes.
  4698. o Major bugfixes:
  4699. - Tor tries to wipe potentially sensitive data after using it, so
  4700. that if some subsequent security failure exposes Tor's memory,
  4701. the damage will be limited. But we had a bug where the compiler
  4702. was eliminating these wipe operations when it decided that the
  4703. memory was no longer visible to a (correctly running) program,
  4704. hence defeating our attempt at defense in depth. We fix that
  4705. by using OpenSSL's OPENSSL_cleanse() operation, which a compiler
  4706. is unlikely to optimize away. Future versions of Tor may use
  4707. a less ridiculously heavy approach for this. Fixes bug 7352.
  4708. Reported in an article by Andrey Karpov.
  4709. o Minor bugfixes:
  4710. - Fix a harmless bug when opting against publishing a relay descriptor
  4711. because DisableNetwork is set. Fixes bug 7464; bugfix on
  4712. 0.2.3.9-alpha.
  4713. Changes in version 0.2.4.6-alpha - 2012-11-13
  4714. Tor 0.2.4.6-alpha fixes an assert bug that has been plaguing relays,
  4715. makes our defense-in-depth memory wiping more reliable, and begins to
  4716. count IPv6 addresses in bridge statistics,
  4717. o Major bugfixes:
  4718. - Fix an assertion failure that could occur when closing a connection
  4719. with a spliced rendezvous circuit. Fix for bug 7212; bugfix on
  4720. Tor 0.2.4.4-alpha.
  4721. - Tor tries to wipe potentially sensitive data after using it, so
  4722. that if some subsequent security failure exposes Tor's memory,
  4723. the damage will be limited. But we had a bug where the compiler
  4724. was eliminating these wipe operations when it decided that the
  4725. memory was no longer visible to a (correctly running) program,
  4726. hence defeating our attempt at defense in depth. We fix that
  4727. by using OpenSSL's OPENSSL_cleanse() operation, which a compiler
  4728. is unlikely to optimize away. Future versions of Tor may use
  4729. a less ridiculously heavy approach for this. Fixes