forked from torproject/tor
-
Notifications
You must be signed in to change notification settings - Fork 0
/
ChangeLog
16949 lines (15221 loc) · 879 KB
/
ChangeLog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
Changes in version 0.2.5.5-alpha - 2014-06-18
Tor 0.2.5.5-alpha fixes a wide variety of remaining issues in the Tor
0.2.5.x release series, including a couple of DoS issues, some
performance regressions, a large number of bugs affecting the Linux
seccomp2 sandbox code, and various other bugfixes. It also adds
diagnostic bugfixes for a few tricky issues that we're trying to
track down.
o Major features (security, traffic analysis resistance):
- Several major improvements to the algorithm used to decide when to
close TLS connections. Previous versions of Tor closed connections
at a fixed interval after the last time a non-padding cell was
sent over the connection, regardless of the target of the
connection. Now, we randomize the intervals by adding up to 50% of
their base value, we measure the length of time since connection
last had at least one circuit, and we allow connections to known
ORs to remain open a little longer (15 minutes instead of 3
minutes minimum). These changes should improve Tor's resistance
against some kinds of traffic analysis, and lower some overhead
from needlessly closed connections. Fixes ticket 6799.
Incidentally fixes ticket 12023; bugfix on 0.2.5.1-alpha.
o Major bugfixes (security, OOM, new since 0.2.5.4-alpha, also in 0.2.4.22):
- Fix a memory leak that could occur if a microdescriptor parse
fails during the tokenizing step. This bug could enable a memory
exhaustion attack by directory servers. Fixes bug 11649; bugfix
on 0.2.2.6-alpha.
o Major bugfixes (security, directory authorities):
- Directory authorities now include a digest of each relay's
identity key as a part of its microdescriptor.
This is a workaround for bug 11743 (reported by "cypherpunks"),
where Tor clients do not support receiving multiple
microdescriptors with the same SHA256 digest in the same
consensus. When clients receive a consensus like this, they only
use one of the relays. Without this fix, a hostile relay could
selectively disable some client use of target relays by
constructing a router descriptor with a different identity and the
same microdescriptor parameters and getting the authorities to
list it in a microdescriptor consensus. This fix prevents an
attacker from causing a microdescriptor collision, because the
router's identity is not forgeable.
o Major bugfixes (relay):
- Use a direct dirport connection when uploading non-anonymous
descriptors to the directory authorities. Previously, relays would
incorrectly use tunnel connections under a fairly wide variety of
circumstances. Fixes bug 11469; bugfix on 0.2.4.3-alpha.
- When a circuit accidentally has the same circuit ID for its
forward and reverse direction, correctly detect the direction of
cells using that circuit. Previously, this bug made roughly one
circuit in a million non-functional. Fixes bug 12195; this is a
bugfix on every version of Tor.
o Major bugfixes (client, pluggable transports):
- When managing pluggable transports, use OS notification facilities
to learn if they have crashed, and don't attempt to kill any
process that has already exited. Fixes bug 8746; bugfix
on 0.2.3.6-alpha.
o Minor features (diagnostic):
- When logging a warning because of bug 7164, additionally check the
hash table for consistency (as proposed on ticket 11737). This may
help diagnose bug 7164.
- When we log a heartbeat, log how many one-hop circuits we have
that are at least 30 minutes old, and log status information about
a few of them. This is an attempt to track down bug 8387.
- When encountering an unexpected CR while writing text to a file on
Windows, log the name of the file. Should help diagnosing
bug 11233.
- Give more specific warnings when a client notices that an onion
handshake has failed. Fixes ticket 9635.
- Add significant new logging code to attempt to diagnose bug 12184,
where relays seem to run out of available circuit IDs.
- Improve the diagnostic log message for bug 8387 even further to
try to improve our odds of figuring out why one-hop directory
circuits sometimes do not get closed.
o Minor features (security, memory management):
- Memory allocation tricks (mempools and buffer freelists) are now
disabled by default. You can turn them back on with
--enable-mempools and --enable-buf-freelists respectively. We're
disabling these features because malloc performance is good enough
on most platforms, and a similar feature in OpenSSL exacerbated
exploitation of the Heartbleed attack. Resolves ticket 11476.
o Minor features (security):
- Apply the secure SipHash-2-4 function to the hash table mapping
circuit IDs and channels to circuits. We missed this one when we
were converting all the other hash functions to use SipHash back
in 0.2.5.3-alpha. Resolves ticket 11750.
o Minor features (build):
- The configure script has a --disable-seccomp option to turn off
support for libseccomp on systems that have it, in case it (or
Tor's use of it) is broken. Resolves ticket 11628.
o Minor features (other):
- Update geoip and geoip6 to the June 4 2014 Maxmind GeoLite2
Country database.
o Minor bugfixes (security, new since 0.2.5.4-alpha, also in 0.2.4.22):
- When running a hidden service, do not allow TunneledDirConns 0;
this will keep the hidden service from running, and also
make it publish its descriptors directly over HTTP. Fixes bug 10849;
bugfix on 0.2.1.1-alpha.
o Minor bugfixes (performance):
- Avoid a bug where every successful connection made us recompute
the flag telling us whether we have sufficient information to
build circuits. Previously, we would forget our cached value
whenever we successfully opened a channel (or marked a router as
running or not running for any other reason), regardless of
whether we had previously believed the router to be running. This
forced us to run an expensive update operation far too often.
Fixes bug 12170; bugfix on 0.1.2.1-alpha.
- Avoid using tor_memeq() for checking relay cell integrity. This
removes a possible performance bottleneck. Fixes part of bug
12169; bugfix on 0.2.1.31.
o Minor bugfixes (compilation):
- Fix compilation of test_status.c when building with MVSC. Bugfix
on 0.2.5.4-alpha. Patch from Gisle Vanem.
- Resolve GCC complaints on OpenBSD about discarding constness in
TO_{ORIGIN,OR}_CIRCUIT functions. Fixes part of bug 11633; bugfix
on 0.1.1.23. Patch from Dana Koch.
- Resolve clang complaints on OpenBSD with -Wshorten-64-to-32 due to
treatment of long and time_t as comparable types. Fixes part of
bug 11633. Patch from Dana Koch.
- Make Tor compile correctly with --disable-buf-freelists. Fixes bug
11623; bugfix on 0.2.5.3-alpha.
- When deciding whether to build the 64-bit curve25519
implementation, detect platforms where we can compile 128-bit
arithmetic but cannot link it. Fixes bug 11729; bugfix on
0.2.4.8-alpha. Patch from "conradev".
- Fix compilation when DNS_CACHE_DEBUG is enabled. Fixes bug 11761;
bugfix on 0.2.3.13-alpha. Found by "cypherpunks".
- Fix compilation with dmalloc. Fixes bug 11605; bugfix
on 0.2.4.10-alpha.
o Minor bugfixes (Directory server):
- When sending a compressed set of descriptors or microdescriptors,
make sure to finalize the zlib stream. Previously, we would write
all the compressed data, but if the last descriptor we wanted to
send was missing or too old, we would not mark the stream as
finished. This caused problems for decompression tools. Fixes bug
11648; bugfix on 0.1.1.23.
o Minor bugfixes (Linux seccomp sandbox):
- Make the seccomp sandbox code compile under ARM Linux. Fixes bug
11622; bugfix on 0.2.5.1-alpha.
- Avoid crashing when re-opening listener ports with the seccomp
sandbox active. Fixes bug 12115; bugfix on 0.2.5.1-alpha.
- Avoid crashing with the seccomp sandbox enabled along with
ConstrainedSockets. Fixes bug 12139; bugfix on 0.2.5.1-alpha.
- When we receive a SIGHUP with the sandbox enabled, correctly
support rotating our log files. Fixes bug 12032; bugfix
on 0.2.5.1-alpha.
- Avoid crash when running with sandboxing enabled and
DirReqStatistics not disabled. Fixes bug 12035; bugfix
on 0.2.5.1-alpha.
- Fix a "BUG" warning when trying to write bridge-stats files with
the Linux syscall sandbox filter enabled. Fixes bug 12041; bugfix
on 0.2.5.1-alpha.
- Prevent the sandbox from crashing on startup when run with the
--enable-expensive-hardening configuration option. Fixes bug
11477; bugfix on 0.2.5.4-alpha.
- When running with DirPortFrontPage and sandboxing both enabled,
reload the DirPortFrontPage correctly when restarting. Fixes bug
12028; bugfix on 0.2.5.1-alpha.
- Don't try to enable the sandbox when using the Tor binary to check
its configuration, hash a passphrase, or so on. Doing so was
crashing on startup for some users. Fixes bug 11609; bugfix
on 0.2.5.1-alpha.
- Avoid warnings when running with sandboxing and node statistics
enabled at the same time. Fixes part of 12064; bugfix on
0.2.5.1-alpha. Patch from Michael Wolf.
- Avoid warnings when running with sandboxing enabled at the same
time as cookie authentication, hidden services, or directory
authority voting. Fixes part of 12064; bugfix on 0.2.5.1-alpha.
- Do not allow options that require calls to exec to be enabled
alongside the seccomp2 sandbox: they will inevitably crash. Fixes
bug 12043; bugfix on 0.2.5.1-alpha.
- Handle failures in getpwnam()/getpwuid() when running with the
User option set and the Linux syscall sandbox enabled. Fixes bug
11946; bugfix on 0.2.5.1-alpha.
- Refactor the getaddrinfo workaround that the seccomp sandbox uses
to avoid calling getaddrinfo() after installing the sandbox
filters. Previously, it preloaded a cache with the IPv4 address
for our hostname, and nothing else. Now, it loads the cache with
every address that it used to initialize the Tor process. Fixes
bug 11970; bugfix on 0.2.5.1-alpha.
o Minor bugfixes (pluggable transports):
- Enable the ExtORPortCookieAuthFile option, to allow changing the
default location of the authentication token for the extended OR
Port as used by sever-side pluggable transports. We had
implemented this option before, but the code to make it settable
had been omitted. Fixes bug 11635; bugfix on 0.2.5.1-alpha.
- Avoid another 60-second delay when starting Tor in a pluggable-
transport-using configuration when we already have cached
descriptors for our bridges. Fixes bug 11965; bugfix
on 0.2.3.6-alpha.
o Minor bugfixes (client):
- Avoid "Tried to open a socket with DisableNetwork set" warnings
when starting a client with bridges configured and DisableNetwork
set. (Tor launcher starts Tor with DisableNetwork set the first
time it runs.) Fixes bug 10405; bugfix on 0.2.3.9-alpha.
o Minor bugfixes (testing):
- The Python parts of the test scripts now work on Python 3 as well
as Python 2, so systems where '/usr/bin/python' is Python 3 will
no longer have the tests break. Fixes bug 11608; bugfix
on 0.2.5.2-alpha.
- When looking for versions of python that we could run the tests
with, check for "python2.7" and "python3.3"; previously we were
only looking for "python", "python2", and "python3". Patch from
Dana Koch. Fixes bug 11632; bugfix on 0.2.5.2-alpha.
- Fix all valgrind warnings produced by the unit tests. There were
over a thousand memory leak warnings previously, mostly produced
by forgetting to free things in the unit test code. Fixes bug
11618, bugfixes on many versions of Tor.
o Minor bugfixes (tor-fw-helper):
- Give a correct log message when tor-fw-helper fails to launch.
(Previously, we would say something like "tor-fw-helper sent us a
string we could not parse".) Fixes bug 9781; bugfix
on 0.2.4.2-alpha.
o Minor bugfixes (relay, threading):
- Check return code on spawn_func() in cpuworker code, so that we
don't think we've spawned a nonworking cpuworker and write junk to
it forever. Fix related to bug 4345; bugfix on all released Tor
versions. Found by "skruffy".
- Use a pthread_attr to make sure that spawn_func() cannot return an
error while at the same time launching a thread. Fix related to
bug 4345; bugfix on all released Tor versions. Reported
by "cypherpunks".
o Minor bugfixes (relay, oom prevention):
- Correctly detect the total available system memory. We tried to do
this in 0.2.5.4-alpha, but the code was set up to always return an
error value, even on success. Fixes bug 11805; bugfix
on 0.2.5.4-alpha.
o Minor bugfixes (relay, other):
- We now drop CREATE cells for already-existent circuit IDs and for
zero-valued circuit IDs, regardless of other factors that might
otherwise have called for DESTROY cells. Fixes bug 12191; bugfix
on 0.0.8pre1.
- Avoid an illegal read from stack when initializing the TLS module
using a version of OpenSSL without all of the ciphers used by the
v2 link handshake. Fixes bug 12227; bugfix on 0.2.4.8-alpha. Found
by "starlight".
- When rejecting DATA cells for stream_id zero, still count them
against the circuit's deliver window so that we don't fail to send
a SENDME. Fixes bug 11246; bugfix on 0.2.4.10-alpha.
o Minor bugfixes (logging):
- Fix a misformatted log message about delayed directory fetches.
Fixes bug 11654; bugfix on 0.2.5.3-alpha.
- Squelch a spurious LD_BUG message "No origin circuit for
successful SOCKS stream" in certain hidden service failure cases;
fixes bug 10616.
o Distribution:
- Include a tor.service file in contrib/dist for use with systemd.
Some distributions will be able to use this file unmodified;
others will need to tweak it, or write their own. Patch from Jamie
Nguyen; resolves ticket 8368.
o Documentation:
- Clean up several option names in the manpage to match their real
names, add the missing documentation for a couple of testing and
directory authority options, remove the documentation for a
V2-directory fetching option that no longer exists. Resolves
ticket 11634.
- Correct the documenation so that it lists the correct directory
for the stats files. (They are in a subdirectory called "stats",
not "status".)
- In the manpage, move more authority-only options into the
directory authority section so that operators of regular directory
caches don't get confused.
o Package cleanup:
- The contrib directory has been sorted and tidied. Before, it was
an unsorted dumping ground for useful and not-so-useful things.
Now, it is divided based on functionality, and the items which
seemed to be nonfunctional or useless have been removed. Resolves
ticket 8966; based on patches from "rl1987".
o Removed code:
- Remove /tor/dbg-stability.txt URL that was meant to help debug WFU
and MTBF calculations, but that nobody was using. Fixes #11742.
- The TunnelDirConns and PreferTunnelledDirConns options no longer
exist; tunneled directory connections have been available since
0.1.2.5-alpha, and turning them off is not a good idea. This is a
brute-force fix for 10849, where "TunnelDirConns 0" would break
hidden services.
Changes in version 0.2.4.22 - 2014-05-16
Tor 0.2.4.22 backports numerous high-priority fixes from the Tor 0.2.5
alpha release series. These include blocking all authority signing
keys that may have been affected by the OpenSSL "heartbleed" bug,
choosing a far more secure set of TLS ciphersuites by default, closing
a couple of memory leaks that could be used to run a target relay out
of RAM, and several others.
o Major features (security, backport from 0.2.5.4-alpha):
- Block authority signing keys that were used on authorities
vulnerable to the "heartbleed" bug in OpenSSL (CVE-2014-0160). (We
don't have any evidence that these keys _were_ compromised; we're
doing this to be prudent.) Resolves ticket 11464.
o Major bugfixes (security, OOM):
- Fix a memory leak that could occur if a microdescriptor parse
fails during the tokenizing step. This bug could enable a memory
exhaustion attack by directory servers. Fixes bug 11649; bugfix
on 0.2.2.6-alpha.
o Major bugfixes (TLS cipher selection, backport from 0.2.5.4-alpha):
- The relay ciphersuite list is now generated automatically based on
uniform criteria, and includes all OpenSSL ciphersuites with
acceptable strength and forward secrecy. Previously, we had left
some perfectly fine ciphersuites unsupported due to omission or
typo. Resolves bugs 11513, 11492, 11498, 11499. Bugs reported by
'cypherpunks'. Bugfix on 0.2.4.8-alpha.
- Relays now trust themselves to have a better view than clients of
which TLS ciphersuites are better than others. (Thanks to bug
11513, the relay list is now well-considered, whereas the client
list has been chosen mainly for anti-fingerprinting purposes.)
Relays prefer: AES over 3DES; then ECDHE over DHE; then GCM over
CBC; then SHA384 over SHA256 over SHA1; and last, AES256 over
AES128. Resolves ticket 11528.
- Clients now try to advertise the same list of ciphersuites as
Firefox 28. This change enables selection of (fast) GCM
ciphersuites, disables some strange old ciphers, and stops
advertising the ECDH (not to be confused with ECDHE) ciphersuites.
Resolves ticket 11438.
o Minor bugfixes (configuration, security):
- When running a hidden service, do not allow TunneledDirConns 0:
trying to set that option together with a hidden service would
otherwise prevent the hidden service from running, and also make
it publish its descriptors directly over HTTP. Fixes bug 10849;
bugfix on 0.2.1.1-alpha.
o Minor bugfixes (controller, backport from 0.2.5.4-alpha):
- Avoid sending a garbage value to the controller when a circuit is
cannibalized. Fixes bug 11519; bugfix on 0.2.3.11-alpha.
o Minor bugfixes (exit relay, backport from 0.2.5.4-alpha):
- Stop leaking memory when we successfully resolve a PTR record.
Fixes bug 11437; bugfix on 0.2.4.7-alpha.
o Minor bugfixes (bridge client, backport from 0.2.5.4-alpha):
- Avoid 60-second delays in the bootstrapping process when Tor is
launching for a second time while using bridges. Fixes bug 9229;
bugfix on 0.2.0.3-alpha.
o Minor bugfixes (relays and bridges, backport from 0.2.5.4-alpha):
- Give the correct URL in the warning message when trying to run a
relay on an ancient version of Windows. Fixes bug 9393.
o Minor bugfixes (compilation):
- Fix a compilation error when compiling with --disable-curve25519.
Fixes bug 9700; bugfix on 0.2.4.17-rc.
o Minor bugfixes:
- Downgrade the warning severity for the the "md was still
referenced 1 node(s)" warning. Tor 0.2.5.4-alpha has better code
for trying to diagnose this bug, and the current warning in
earlier versions of tor achieves nothing useful. Addresses warning
from bug 7164.
o Minor features (log verbosity, backport from 0.2.5.4-alpha):
- When we run out of usable circuit IDs on a channel, log only one
warning for the whole channel, and describe how many circuits
there were on the channel. Fixes part of ticket 11553.
o Minor features (security, backport from 0.2.5.4-alpha):
- Decrease the lower limit of MaxMemInCellQueues to 256 MBytes (but
leave the default at 8GBytes), to better support Raspberry Pi
users. Fixes bug 9686; bugfix on 0.2.4.14-alpha.
o Documentation (backport from 0.2.5.4-alpha):
- Correctly document that we search for a system torrc file before
looking in ~/.torrc. Fixes documentation side of 9213; bugfix on
0.2.3.18-rc.
Changes in version 0.2.5.4-alpha - 2014-04-25
Tor 0.2.5.4-alpha includes several security and performance
improvements for clients and relays, including blacklisting authority
signing keys that were used while susceptible to the OpenSSL
"heartbleed" bug, fixing two expensive functions on busy relays,
improved TLS ciphersuite preference lists, support for run-time
hardening on compilers that support AddressSanitizer, and more work on
the Linux sandbox code.
There are also several usability fixes for clients (especially clients
that use bridges), two new TransPort protocols supported (one on
OpenBSD, one on FreeBSD), and various other bugfixes.
This release marks end-of-life for Tor 0.2.2.x; those Tor versions
have accumulated many known flaws; everyone should upgrade.
o Major features (security):
- If you don't specify MaxMemInQueues yourself, Tor now tries to
pick a good value based on your total system memory. Previously,
the default was always 8 GB. You can still override the default by
setting MaxMemInQueues yourself. Resolves ticket 11396.
- Block authority signing keys that were used on authorities
vulnerable to the "heartbleed" bug in OpenSSL (CVE-2014-0160). (We
don't have any evidence that these keys _were_ compromised; we're
doing this to be prudent.) Resolves ticket 11464.
o Major features (relay performance):
- Speed up server-side lookups of rendezvous and introduction point
circuits by using hashtables instead of linear searches. These
functions previously accounted between 3 and 7% of CPU usage on
some busy relays. Resolves ticket 9841.
- Avoid wasting CPU when extending a circuit over a channel that is
nearly out of circuit IDs. Previously, we would do a linear scan
over possible circuit IDs before finding one or deciding that we
had exhausted our possibilities. Now, we try at most 64 random
circuit IDs before deciding that we probably won't succeed. Fixes
a possible root cause of ticket 11553.
o Major features (seccomp2 sandbox, Linux only):
- The seccomp2 sandbox can now run a test network for multiple hours
without crashing. The sandbox is still experimental, and more bugs
will probably turn up. To try it, enable "Sandbox 1" on a Linux
host. Resolves ticket 11351.
- Strengthen sandbox code: the sandbox can now test the arguments
for rename(), and blocks _sysctl() entirely. Resolves another part
of ticket 11351.
- When the sandbox blocks a system call, it now tries to log a stack
trace before exiting. Resolves ticket 11465.
o Major bugfixes (TLS cipher selection):
- The relay ciphersuite list is now generated automatically based on
uniform criteria, and includes all OpenSSL ciphersuites with
acceptable strength and forward secrecy. Previously, we had left
some perfectly fine ciphersuites unsupported due to omission or
typo. Resolves bugs 11513, 11492, 11498, 11499. Bugs reported by
'cypherpunks'. Bugfix on 0.2.4.8-alpha.
- Relays now trust themselves to have a better view than clients of
which TLS ciphersuites are better than others. (Thanks to bug
11513, the relay list is now well-considered, whereas the client
list has been chosen mainly for anti-fingerprinting purposes.)
Relays prefer: AES over 3DES; then ECDHE over DHE; then GCM over
CBC; then SHA384 over SHA256 over SHA1; and last, AES256 over
AES128. Resolves ticket 11528.
- Clients now try to advertise the same list of ciphersuites as
Firefox 28. This change enables selection of (fast) GCM
ciphersuites, disables some strange old ciphers, and stops
advertising the ECDH (not to be confused with ECDHE) ciphersuites.
Resolves ticket 11438.
o Major bugfixes (bridge client):
- Avoid 60-second delays in the bootstrapping process when Tor is
launching for a second time while using bridges. Fixes bug 9229;
bugfix on 0.2.0.3-alpha.
o Minor features (transparent proxy, *BSD):
- Support FreeBSD's ipfw firewall interface for TransPort ports on
FreeBSD. To enable it, set "TransProxyType ipfw". Resolves ticket
10267; patch from "yurivict".
- Support OpenBSD's divert-to rules with the pf firewall for
transparent proxy ports. To enable it, set "TransProxyType
pf-divert". This allows Tor to run a TransPort transparent proxy
port on OpenBSD 4.4 or later without root privileges. See the
pf.conf(5) manual page for information on configuring pf to use
divert-to rules. Closes ticket 10896; patch from Dana Koch.
o Minor features (security):
- New --enable-expensive-hardening option to enable security
hardening options that consume nontrivial amounts of CPU and
memory. Right now, this includes AddressSanitizer and UbSan, which
are supported in newer versions of GCC and Clang. Closes ticket
11477.
o Minor features (log verbosity):
- Demote the message that we give when a flushing connection times
out for too long from NOTICE to INFO. It was usually meaningless.
Resolves ticket 5286.
- Don't log so many notice-level bootstrapping messages at startup
about downloading descriptors. Previously, we'd log a notice
whenever we learned about more routers. Now, we only log a notice
at every 5% of progress. Fixes bug 9963.
- Warn less verbosely when receiving a malformed
ESTABLISH_RENDEZVOUS cell. Fixes ticket 11279.
- When we run out of usable circuit IDs on a channel, log only one
warning for the whole channel, and describe how many circuits
there were on the channel. Fixes part of ticket 11553.
o Minor features (relay):
- If a circuit timed out for at least 3 minutes, check if we have a
new external IP address, and publish a new descriptor with the new
IP address if it changed. Resolves ticket 2454.
o Minor features (controller):
- Make the entire exit policy available from the control port via
GETINFO exit-policy/*. Implements enhancement 7952. Patch from
"rl1987".
- Because of the fix for ticket 11396, the real limit for memory
usage may no longer match the configured MaxMemInQueues value. The
real limit is now exposed via GETINFO limits/max-mem-in-queues.
o Minor features (bridge client):
- Report a more useful failure message when we can't connect to a
bridge because we don't have the right pluggable transport
configured. Resolves ticket 9665. Patch from Fábio J. Bertinatto.
o Minor features (diagnostic):
- Add more log messages to diagnose bug 7164, which causes
intermittent "microdesc_free() called but md was still referenced"
warnings. We now include more information, to figure out why we
might be cleaning a microdescriptor for being too old if it's
still referenced by a live node_t object.
o Minor bugfixes (client, DNSPort):
- When using DNSPort, try to respond to AAAA requests with AAAA
answers. Previously, we hadn't looked at the request type when
deciding which answer type to prefer. Fixes bug 10468; bugfix on
0.2.4.7-alpha.
- When receiving a DNS query for an unsupported record type, reply
with no answer rather than with a NOTIMPL error. This behavior
isn't correct either, but it will break fewer client programs, we
hope. Fixes bug 10268; bugfix on 0.2.0.1-alpha. Original patch
from "epoch".
o Minor bugfixes (exit relay):
- Stop leaking memory when we successfully resolve a PTR record.
Fixes bug 11437; bugfix on 0.2.4.7-alpha.
o Minor bugfixes (bridge client):
- Stop accepting bridge lines containing hostnames. Doing so would
cause clients to perform DNS requests on the hostnames, which was
not sensible behavior. Fixes bug 10801; bugfix on 0.2.0.1-alpha.
- Avoid a 60-second delay in the bootstrapping process when a Tor
client with pluggable transports re-reads its configuration at
just the wrong time. Re-fixes bug 11156; bugfix on 0.2.5.3-alpha.
o Minor bugfixes (client, logging during bootstrap):
- Warn only once if we start logging in an unsafe way. Previously,
we complain as many times as we had problems. Fixes bug 9870;
bugfix on 0.2.5.1-alpha.
- Only report the first fatal bootstrap error on a given OR
connection. This stops us from telling the controller bogus error
messages like "DONE". Fixes bug 10431; bugfix on 0.2.1.1-alpha.
- Be more helpful when trying to run sandboxed on Linux without
libseccomp. Instead of saying "Sandbox is not implemented on this
platform", we now explain that we need to be built with
libseccomp. Fixes bug 11543; bugfix on 0.2.5.1-alpha.
- Avoid generating spurious warnings when starting with
DisableNetwork enabled. Fixes bug 11200 and bug 10405; bugfix on
0.2.3.9-alpha.
o Minor bugfixes (closing OR connections):
- If write_to_buf() in connection_write_to_buf_impl_() ever fails,
check if it's an or_connection_t and correctly call
connection_or_close_for_error() rather than
connection_mark_for_close() directly. Fixes bug 11304; bugfix on
0.2.4.4-alpha.
- When closing all connections on setting DisableNetwork to 1, use
connection_or_close_normally() rather than closing OR connections
out from under the channel layer. Fixes bug 11306; bugfix on
0.2.4.4-alpha.
o Minor bugfixes (controller):
- Avoid sending a garbage value to the controller when a circuit is
cannibalized. Fixes bug 11519; bugfix on 0.2.3.11-alpha.
o Minor bugfixes (tor-fw-helper):
- Allow tor-fw-helper to build again by adding src/ext to its
CPPFLAGS. Fixes bug 11296; bugfix on 0.2.5.3-alpha.
o Minor bugfixes (bridges):
- Avoid potential crashes or bad behavior when launching a
server-side managed proxy with ORPort or ExtORPort temporarily
disabled. Fixes bug 9650; bugfix on 0.2.3.16-alpha.
o Minor bugfixes (platform-specific):
- Fix compilation on Solaris, which does not have <endian.h>. Fixes
bug 11426; bugfix on 0.2.5.3-alpha.
- When dumping a malformed directory object to disk, save it in
binary mode on Windows, not text mode. Fixes bug 11342; bugfix on
0.2.2.1-alpha.
- Don't report failures from make_socket_reuseable() on incoming
sockets on OSX: this can happen when incoming connections close
early. Fixes bug 10081.
o Minor bugfixes (trivial memory leaks):
- Fix a small memory leak when signing a directory object. Fixes bug
11275; bugfix on 0.2.4.13-alpha.
- Free placeholder entries in our circuit table at exit; fixes a
harmless memory leak. Fixes bug 11278; bugfix on 0.2.5.1-alpha.
- Don't re-initialize a second set of OpenSSL mutexes when starting
up. Previously, we'd make one set of mutexes, and then immediately
replace them with another. Fixes bug 11726; bugfix on
0.2.5.3-alpha.
- Resolve some memory leaks found by coverity in the unit tests, on
exit in tor-gencert, and on a failure to compute digests for our
own keys when generating a v3 networkstatus vote. These leaks
should never have affected anyone in practice.
o Minor bugfixes (hidden service):
- Only retry attempts to connect to a chosen rendezvous point 8
times, not 30. Fixes bug 4241; bugfix on 0.1.0.1-rc.
o Minor bugfixes (misc code correctness):
- Fix various instances of undefined behavior in channeltls.c,
tor_memmem(), and eventdns.c that would cause us to construct
pointers to memory outside an allocated object. (These invalid
pointers were not accessed, but C does not even allow them to
exist.) Fixes bug 10363; bugfixes on 0.1.1.1-alpha, 0.1.2.1-alpha,
0.2.0.10-alpha, and 0.2.3.6-alpha. Reported by "bobnomnom".
- Use the AddressSanitizer and Ubsan sanitizers (in clang-3.4) to
fix some miscellaneous errors in our tests and codebase. Fixes bug
11232. Bugfixes on versions back as far as 0.2.1.11-alpha.
- Always check return values for unlink, munmap, UnmapViewOfFile;
check strftime return values more often. In some cases all we can
do is report a warning, but this may help prevent deeper bugs from
going unnoticed. Closes ticket 8787; bugfixes on many, many tor
versions.
- Fix numerous warnings from the clang "scan-build" static analyzer.
Some of these are programming style issues; some of them are false
positives that indicated awkward code; some are undefined behavior
cases related to constructing (but not using) invalid pointers;
some are assumptions about API behavior; some are (harmlessly)
logging sizeof(ptr) bytes from a token when sizeof(*ptr) would be
correct; and one or two are genuine bugs that weren't reachable
from the rest of the program. Fixes bug 8793; bugfixes on many,
many tor versions.
o Documentation:
- Build the torify.1 manpage again. Previously, we were only trying
to build it when also building tor-fw-helper. That's why we didn't
notice that we'd broken the ability to build it. Fixes bug 11321;
bugfix on 0.2.5.1-alpha.
- Fix the layout of the SOCKSPort flags in the manpage. Fixes bug
11061; bugfix on 0.2.4.7-alpha.
- Correctly document that we search for a system torrc file before
looking in ~/.torrc. Fixes documentation side of 9213; bugfix on
0.2.3.18-rc.
- Resolve warnings from Doxygen.
o Code simplifications and refactoring:
- Remove is_internal_IP() function. Resolves ticket 4645.
- Remove unused function circuit_dump_by_chan from circuitlist.c.
Closes issue 9107; patch from "marek".
- Change our use of the ENUM_BF macro to avoid declarations that
confuse Doxygen.
o Deprecated versions:
- Tor 0.2.2.x has reached end-of-life; it has received no patches or
attention for some while. Directory authorities no longer accept
descriptors from relays running any version of Tor prior to Tor
0.2.3.16-alpha. Resolves ticket 11149.
o Testing:
- New macros in test.h to simplify writing mock-functions for unit
tests. Part of ticket 11507. Patch from Dana Koch.
- Complete tests for the status.c module. Resolves ticket 11507.
Patch from Dana Koch.
o Removed code:
- Remove all code for the long unused v1 directory protocol.
Resolves ticket 11070.
Changes in version 0.2.5.3-alpha - 2014-03-22
Tor 0.2.5.3-alpha includes all the fixes from 0.2.4.21. It contains
two new anti-DoS features for Tor relays, resolves a bug that kept
SOCKS5 support for IPv6 from working, fixes several annoying usability
issues for bridge users, and removes more old code for unused
directory formats.
The Tor 0.2.5.x release series is now in patch-freeze: no feature
patches not already written will be considered for inclusion in 0.2.5.x.
o Major features (relay security, DoS-resistance):
- When deciding whether we have run out of memory and we need to
close circuits, also consider memory allocated in buffers for
streams attached to each circuit.
This change, which extends an anti-DoS feature introduced in
0.2.4.13-alpha and improved in 0.2.4.14-alpha, lets Tor exit relays
better resist more memory-based DoS attacks than before. Since the
MaxMemInCellQueues option now applies to all queues, it is renamed
to MaxMemInQueues. This feature fixes bug 10169.
- Avoid hash-flooding denial-of-service attacks by using the secure
SipHash-2-4 hash function for our hashtables. Without this
feature, an attacker could degrade performance of a targeted
client or server by flooding their data structures with a large
number of entries to be stored at the same hash table position,
thereby slowing down the Tor instance. With this feature, hash
table positions are derived from a randomized cryptographic key,
and an attacker cannot predict which entries will collide. Closes
ticket 4900.
- Decrease the lower limit of MaxMemInQueues to 256 MBytes (but leave
the default at 8GBytes), to better support Raspberry Pi users. Fixes
bug 9686; bugfix on 0.2.4.14-alpha.
o Minor features (bridges, pluggable transports):
- Bridges now write the SHA1 digest of their identity key
fingerprint (that is, a hash of a hash of their public key) to
notice-level logs, and to a new hashed-fingerprint file. This
information will help bridge operators look up their bridge in
Globe and similar tools. Resolves ticket 10884.
- Improve the message that Tor displays when running as a bridge
using pluggable transports without an Extended ORPort listener.
Also, log the message in the log file too. Resolves ticket 11043.
o Minor features (other):
- Add a new option, PredictedPortsRelevanceTime, to control how long
after having received a request to connect to a given port Tor
will try to keep circuits ready in anticipation of future requests
for that port. Patch from "unixninja92"; implements ticket 9176.
- Generate a warning if any ports are listed in the SocksPolicy,
DirPolicy, AuthDirReject, AuthDirInvalid, AuthDirBadDir, or
AuthDirBadExit options. (These options only support address
ranges.) Fixes part of ticket 11108.
- Update geoip and geoip6 to the February 7 2014 Maxmind GeoLite2
Country database.
o Minor bugfixes (new since 0.2.5.2-alpha, also in 0.2.4.21):
- Build without warnings under clang 3.4. (We have some macros that
define static functions only some of which will get used later in
the module. Starting with clang 3.4, these give a warning unless the
unused attribute is set on them.) Resolves ticket 10904.
- Fix build warnings about missing "a2x" comment when building the
manpages from scratch on OpenBSD; OpenBSD calls it "a2x.py".
Fixes bug 10929; bugfix on 0.2.2.9-alpha. Patch from Dana Koch.
o Minor bugfixes (client):
- Improve the log message when we can't connect to a hidden service
because all of the hidden service directory nodes hosting its
descriptor are excluded. Improves on our fix for bug 10722, which
was a bugfix on 0.2.0.10-alpha.
- Raise a control port warning when we fail to connect to all of
our bridges. Previously, we didn't inform the controller, and
the bootstrap process would stall. Fixes bug 11069; bugfix on
0.2.1.2-alpha.
- Exit immediately when a process-owning controller exits.
Previously, tor relays would wait for a little while after their
controller exited, as if they had gotten an INT signal -- but this
was problematic, since there was no feedback for the user. To do a
clean shutdown, controllers should send an INT signal and give Tor
a chance to clean up. Fixes bug 10449; bugfix on 0.2.2.28-beta.
- Stop attempting to connect to bridges before our pluggable
transports are configured (harmless but resulted in some erroneous
log messages). Fixes bug 11156; bugfix on 0.2.3.2-alpha.
- Fix connections to IPv6 addresses over SOCKS5. Previously, we were
generating incorrect SOCKS5 responses, and confusing client
applications. Fixes bug 10987; bugfix on 0.2.4.7-alpha.
o Minor bugfixes (relays and bridges):
- Avoid crashing on a malformed resolv.conf file when running a
relay using Libevent 1. Fixes bug 8788; bugfix on 0.1.1.23.
- Non-exit relays no longer launch mock DNS requests to check for
DNS hijacking. This has been unnecessary since 0.2.1.7-alpha, when
non-exit relays stopped servicing DNS requests. Fixes bug 965;
bugfix on 0.2.1.7-alpha. Patch from Matt Pagan.
- Bridges now report complete directory request statistics. Related
to bug 5824; bugfix on 0.2.2.1-alpha.
- Bridges now never collect statistics that were designed for
relays. Fixes bug 5824; bugfix on 0.2.3.8-alpha.
- Stop giving annoying warning messages when we decide not to launch
a pluggable transport proxy that we don't need (because there are
no bridges configured to use it). Resolves ticket 5018; bugfix
on 0.2.5.2-alpha.
- Give the correct URL in the warning message when trying to run a
relay on an ancient version of Windows. Fixes bug 9393.
o Minor bugfixes (backtrace support):
- Support automatic backtraces on more platforms by using the
"-fasynchronous-unwind-tables" compiler option. This option is
needed for platforms like 32-bit Intel where "-fomit-frame-pointer"
is on by default and table generation is not. This doesn't yet
add Windows support; only Linux, OSX, and some BSDs are affected.
Reported by 'cypherpunks'; fixes bug 11047; bugfix on 0.2.5.2-alpha.
- Avoid strange behavior if two threads hit failed assertions at the
same time and both try to log backtraces at once. (Previously, if
this had happened, both threads would have stored their intermediate
results in the same buffer, and generated junk outputs.) Reported by
"cypherpunks". Fixes bug 11048; bugfix on 0.2.5.2-alpha.
- Fix a compiler warning in format_number_sigsafe(). Bugfix on
0.2.5.2-alpha; patch from Nick Hopper.
o Minor bugfixes (unit tests):
- Fix a small bug in the unit tests that might have made the tests
call 'chmod' with an uninitialized bitmask. Fixes bug 10928;
bugfix on 0.2.5.1-alpha. Patch from Dana Koch.
o Removed code:
- Remove all remaining code related to version-0 hidden service
descriptors: they have not been in use since 0.2.2.1-alpha. Fixes
the rest of bug 10841.
o Documentation:
- Document in the manpage that "KBytes" may also be written as
"kilobytes" or "KB", that "Kbits" may also be written as
"kilobits", and so forth. Closes ticket 9222.
- Document that the ClientOnly config option overrides ORPort.
Our old explanation made ClientOnly sound as though it did
nothing at all. Resolves bug 9059.
- Explain that SocksPolicy, DirPolicy, and similar options don't
take port arguments. Fixes the other part of ticket 11108.
- Fix a comment about the rend_server_descriptor_t.protocols field
to more accurately describe its range. Also, make that field
unsigned, to more accurately reflect its usage. Fixes bug 9099;
bugfix on 0.2.1.5-alpha.
- Fix the manpage's description of HiddenServiceAuthorizeClient:
the maximum client name length is 16, not 19. Fixes bug 11118;
bugfix on 0.2.1.6-alpha.
o Code simplifications and refactoring:
- Get rid of router->address, since in all cases it was just the
string representation of router->addr. Resolves ticket 5528.
o Test infrastructure:
- Update to the latest version of tinytest.
- Improve the tinytest implementation of string operation tests so
that comparisons with NULL strings no longer crash the tests; they
now just fail, normally. Fixes bug 9004; bugfix on 0.2.2.4-alpha.
Changes in version 0.2.4.21 - 2014-02-28
Tor 0.2.4.21 further improves security against potential adversaries who
find breaking 1024-bit crypto doable, and backports several stability
and robustness patches from the 0.2.5 branch.
o Major features (client security):
- When we choose a path for a 3-hop circuit, make sure it contains
at least one relay that supports the NTor circuit extension
handshake. Otherwise, there is a chance that we're building
a circuit that's worth attacking by an adversary who finds
breaking 1024-bit crypto doable, and that chance changes the game
theory. Implements ticket 9777.
o Major bugfixes:
- Do not treat streams that fail with reason
END_STREAM_REASON_INTERNAL as indicating a definite circuit failure,
since it could also indicate an ENETUNREACH connection error. Fixes
part of bug 10777; bugfix on 0.2.4.8-alpha.
o Code simplification and refactoring:
- Remove data structures which were introduced to implement the
CellStatistics option: they are now redundant with the new timestamp
field in the regular packed_cell_t data structure, which we did
in 0.2.4.18-rc in order to resolve bug 9093. Resolves ticket 10870.
o Minor features:
- Always clear OpenSSL bignums before freeing them -- even bignums
that don't contain secrets. Resolves ticket 10793. Patch by
Florent Daigniere.
- Build without warnings under clang 3.4. (We have some macros that
define static functions only some of which will get used later in
the module. Starting with clang 3.4, these give a warning unless the
unused attribute is set on them.) Resolves ticket 10904.
- Update geoip and geoip6 files to the February 7 2014 Maxmind
GeoLite2 Country database.
o Minor bugfixes:
- Set the listen() backlog limit to the largest actually supported
on the system, not to the value in a header file. Fixes bug 9716;
bugfix on every released Tor.
- Treat ENETUNREACH, EACCES, and EPERM connection failures at an
exit node as a NOROUTE error, not an INTERNAL error, since they
can apparently happen when trying to connect to the wrong sort
of netblocks. Fixes part of bug 10777; bugfix on 0.1.0.1-rc.
- Fix build warnings about missing "a2x" comment when building the
manpages from scratch on OpenBSD; OpenBSD calls it "a2x.py".
Fixes bug 10929; bugfix on 0.2.2.9-alpha. Patch from Dana Koch.
- Avoid a segfault on SIGUSR1, where we had freed a connection but did
not entirely remove it from the connection lists. Fixes bug 9602;
bugfix on 0.2.4.4-alpha.
- Fix a segmentation fault in our benchmark code when running with
Fedora's OpenSSL package, or any other OpenSSL that provides
ECDH but not P224. Fixes bug 10835; bugfix on 0.2.4.8-alpha.
- Turn "circuit handshake stats since last time" log messages into a
heartbeat message. Fixes bug 10485; bugfix on 0.2.4.17-rc.
o Documentation fixes:
- Document that all but one DirPort entry must have the NoAdvertise
flag set. Fixes bug 10470; bugfix on 0.2.3.3-alpha / 0.2.3.16-alpha.
Changes in version 0.2.5.2-alpha - 2014-02-13
Tor 0.2.5.2-alpha includes all the fixes from 0.2.4.18-rc and 0.2.4.20,
like the "poor random number generation" fix and the "building too many
circuits" fix. It also further improves security against potential
adversaries who find breaking 1024-bit crypto doable, and launches
pluggable transports on demand (which gets us closer to integrating
pluggable transport support by default -- not to be confused with Tor
bundles enabling pluggable transports and bridges by default).
o Major features (client security):
- When we choose a path for a 3-hop circuit, make sure it contains
at least one relay that supports the NTor circuit extension
handshake. Otherwise, there is a chance that we're building
a circuit that's worth attacking by an adversary who finds
breaking 1024-bit crypto doable, and that chance changes the game
theory. Implements ticket 9777.
- Clients now look at the "usecreatefast" consensus parameter to
decide whether to use CREATE_FAST or CREATE cells for the first hop
of their circuit. This approach can improve security on connections
where Tor's circuit handshake is stronger than the available TLS
connection security levels, but the tradeoff is more computational
load on guard relays. Implements proposal 221. Resolves ticket 9386.
o Major features (bridges):
- Don't launch pluggable transport proxies if we don't have any
bridges configured that would use them. Now we can list many
pluggable transports, and Tor will dynamically start one when it
hears a bridge address that needs it. Resolves ticket 5018.
- The bridge directory authority now assigns status flags (Stable,
Guard, etc) to bridges based on thresholds calculated over all
Running bridges. Now bridgedb can finally make use of its features
to e.g. include at least one Stable bridge in its answers. Fixes
bug 9859.
o Major features (other):
- Extend ORCONN controller event to include an "ID" parameter,
and add four new controller event types CONN_BW, CIRC_BW,
CELL_STATS, and TB_EMPTY that show connection and circuit usage.
The new events are emitted in private Tor networks only, with the
goal of being able to better track performance and load during
full-network simulations. Implements proposal 218 and ticket 7359.
- On some platforms (currently: recent OSX versions, glibc-based
platforms that support the ELF format, and a few other
Unix-like operating systems), Tor can now dump stack traces
when a crash occurs or an assertion fails. By default, traces
are dumped to stderr (if possible) and to any logs that are
reporting errors. Implements ticket 9299.
o Major bugfixes:
- Avoid a segfault on SIGUSR1, where we had freed a connection but did
not entirely remove it from the connection lists. Fixes bug 9602;
bugfix on 0.2.4.4-alpha.
- Do not treat streams that fail with reason
END_STREAM_REASON_INTERNAL as indicating a definite circuit failure,
since it could also indicate an ENETUNREACH connection error. Fixes
part of bug 10777; bugfix on 0.2.4.8-alpha.
o Major bugfixes (new since 0.2.5.1-alpha, also in 0.2.4.20):
- Do not allow OpenSSL engines to replace the PRNG, even when
HardwareAccel is set. The only default builtin PRNG engine uses
the Intel RDRAND instruction to replace the entire PRNG, and
ignores all attempts to seed it with more entropy. That's
cryptographically stupid: the right response to a new alleged
entropy source is never to discard all previously used entropy
sources. Fixes bug 10402; works around behavior introduced in
OpenSSL 1.0.0. Diagnosis and investigation thanks to "coderman"
and "rl1987".
- Fix assertion failure when AutomapHostsOnResolve yields an IPv6
address. Fixes bug 10465; bugfix on 0.2.4.7-alpha.
- Avoid launching spurious extra circuits when a stream is pending.
This fixes a bug where any circuit that _wasn't_ unusable for new
streams would be treated as if it were, causing extra circuits to
be launched. Fixes bug 10456; bugfix on 0.2.4.12-alpha.
o Major bugfixes (new since 0.2.5.1-alpha, also in 0.2.4.18-rc):
- No longer stop reading or writing on cpuworker connections when
our rate limiting buckets go empty. Now we should handle circuit
handshake requests more promptly. Resolves bug 9731.
- Stop trying to bootstrap all our directory information from
only our first guard. Discovered while fixing bug 9946; bugfix
on 0.2.4.8-alpha.
o Minor features (bridges, pluggable transports):
- Add threshold cutoffs to the networkstatus document created by
the Bridge Authority. Fixes bug 1117.
- On Windows, spawn background processes using the CREATE_NO_WINDOW
flag. Now Tor Browser Bundle 3.5 with pluggable transports enabled
doesn't pop up a blank console window. (In Tor Browser Bundle 2.x,
Vidalia set this option for us.) Implements ticket 10297.
o Minor features (security):
- Always clear OpenSSL bignums before freeing them -- even bignums
that don't contain secrets. Resolves ticket 10793. Patch by
Florent Daignière.
o Minor features (config options and command line):
- Add an --allow-missing-torrc commandline option that tells Tor to
run even if the configuration file specified by -f is not available.
Implements ticket 10060.
- Add support for the TPROXY transparent proxying facility on Linux.
See documentation for the new TransProxyType option for more
details. Implementation by "thomo". Closes ticket 10582.
o Minor features (controller):
- Add a new "HS_DESC" controller event that reports activities
related to hidden service descriptors. Resolves ticket 8510.