diff options
Diffstat (limited to 'ChangeLog')
| -rw-r--r-- | ChangeLog | 3409 |
1 files changed, 3406 insertions, 3 deletions
@@ -1,3 +1,3382 @@ +Changes in version 0.2.5.5-alpha - 2014-06-?? + Write a blurb here. + + o Major bugfixes (security, OOM, new since 0.2.5.4-alpha, also in 0.2.4.22): + - Fix a memory leak that could occur if a microdescriptor parse + fails during the tokenizing step. This bug could enable a memory + exhaustion attack by directory servers. Fixes bug 11649; bugfix + on 0.2.2.6-alpha. + + o Major bugfixes (relay): + - When uploading to the directory authorities, use a direct dirport + connection if we are a uploading an ordinary, non-anonymous + directory object. Previously, relays would used tunnel connections + under a fairly wide variety of circumstances. Fixes bug 11469; + bugfix on 0.2.4.3-alpha. + + o Major bugfixes (security, directory authorities): + - Directory authorities now include a digest of each relay's + identity key as a part of its microdescriptor. + + This is a workaround for bug #11743 (reported by "cypherpunks"), + where Tor clients do not support receiving multiple + microdescriptors with the same SHA256 digest in the same + consensus. When clients receive a consensus like this, they only + use one of the relays. Without this fix, a hostile relay could + selectively disable some client use of target relays by + constucting a router descriptor with a different identity and the + same microdescriptor parameters and getting the authorities to + list it in a microdescriptor consensus. This fix prevents an + attacker from causing a microdescriptor collision, because the + router's identity is not forgeable. + + o Minor features (diagnostic): + - When logging a warning because of bug #7164, additionally check + the hash table for consistency (as proposed on ticket #11737). + This may help diagnose bug #7164. + - When we log a heartbeat, log how many one-hop circuits we have + that are at least 30 minutes old, and log status information about + a few of them. This is an attempt to track down bug 8387. + - When we encounter an unexpected CR in text that we're trying to + write to a file on Windows, log the name of the file. Should help + diagnosing bug 11233. + - Give more specific warnings when we notice at the client side that + an onion handshake has failed. Fixes ticket 9635. + + o Minor features (security, memory management)): + - Add configure options controlling allocator tricks like mempools + and freelists, and turn them off by default; on most platforms + malloc is reasonable enough for this not to be necessary, and a + similar feature in OpenSSL exacerbated Heartbleed. Fixes + bug #11476. + + o Minor features (security): + - Apply the secure SipHash-2-4 function to the hash table mapping + circuit IDs and channels to circuits. We missed this one when we + were converting all the other hash functions to use SipHash back + in 0.2.5.3-alpha. Resolves ticket 11750. + + o Minor features (build): + - The configure script has a --disable-seccomp option to turn off + support for libseccomp on systems that have it, in case it (or + Tor's use of it) is broken. Resolves ticket 11628. + + o Minor bugfixes (configuration, security, new since 0.2.5.4-alpha, also in 0.2.4.22): + - When running a hidden service, do not allow TunneledDirConns 0; + this will keep the hidden service from running, and also + make it publish its descriptors directly over HTTP. Fixes bug 10849; + bugfix on 0.2.1.1-alpha. + + o Minor bugfixes (compilation): + - Fix compilation of test_status.c when building with MVSC. Bugfix + on 0.2.5.4-alpha. Patch from Gisle Vanem. + - Resolve GCC complaints on OpenBSD about discarding constness in + TO_{ORIGIN,OR}_CIRCUIT functions. Fixes part of bug 11633; bugfix + on 0.1.1.23. Patch from Dana Koch. + - Resolve clang complaints on OpenBSD with -Wshorten-64-to-32 due to + treatment of long and time_t as comparable types. Fixes part of + bug 11633. Patch from Dana Koch. + - Make Tor compile correctly with --disable-buf-freelists. Fixes bug + 11623; bugfix on 0.2.5.3-alpha. + - When deciding whether to build the 64-bit curve25519 + implementation, detect platforms where we can compile 128-bit + arithmetic but cannot link it. Fixes bug 11729; bugfix on + 0.2.4.8-alpha. Patch from "conradev". + - Fix compilation when DNS_CACHE_DEBUG is enabled. Fixes bug 11761; + bugfix on 0.2.3.13-alpha. Found by "cypherpunks". + + o Minor bugfixes (Directory server): + - When sending a compressed set of descriptors or microdescriptors, + make sure to finalize the zlib stream. Previously, we would write + all the compressed data, but if the last descriptor we wanted to + send was missing or too old, we would not mark the stream as + finished. This caused problems for decompression tools. Fixes bug + 11648; bugfix on 0.1.1.23. + + o Minor bugfixes (dmalloc): + - Fix compilation with dmalloc. Fixes bug 11605; bugfix + on 0.2.4.10-alpha. + + o Minor bugfixes (documentation): + - Correct the documenation so that it lists the correct directories + for the stats files. (They are in a subdirectory called "stats", + not "status".) + + o Minor bugfixes (Linux seccomp sandbox): + - Make the seccomp sandbox code compile with ARM linux. Fixes bug + 11622; bugfix on 0.2.5.1-alpha. + - Avoid crashing when re-opening listener ports with the seccomp + sandbox active. Fixes bug 12115; bugfix on 0.2.5.1-alpha. + - Avoid crashing with the seccomp sandbox enabled along with + ConstrainedSockets. Fixes bug 12139; bugfix on 0.2.5.1-alpha. + - When we receive a SIGHUP with the sandbox enabled, correctly + support rotating our log files. Fixes bug 12032; bugfix + on 0.2.5.1-alpha. + - Avoid crash when running with sandboxing enabled and + DirReqStatistics not disabled. Fixes bug 12035; bugfix + on 0.2.5.1-alpha. + - Fix a "BUG" warning when trying to write bridge-stats files with + the Linux syscall sandbox filter enabled. Fixes bug 12041; bugfix + on 0.2.5.1-alpha. + - Prevent the sandbox from crashing on startup when run with the + --enable-expensive-hardening configuration option. Fixes bug + 11477; bugfix on 0.2.5.4-alpha. + - When running with DirPortFrontPage and Sandbox both enabled, + reload the DirPortFrontPage correctly when restarting. Fixes bug + 12028; bugfix on 0.2.5.1-alpha. + - Don't try to enable the sandbox when using the Tor binary to check + its configuration, hash a passphrase, or so on. Doing so was + crashing on startup for some users. Fixes bug 11609; bugfix + on 0.2.5.1-alpha. + - Avoid warnings when running with sandboxing and node statistics + enabled at the same time. Fixes part of 12064; bugfix on + 0.2.5.1-alpha. Patch from Michael Wolf. + - Avoid warnings when running with sandboxing enabled at the same + time as cookie authentication, hidden services or directory + authority voting. Fixes part of 12064; bugfix on 0.2.5.1-alpha. + - Do not allow options which would require us to call exec to be + enabled along with the seccomp2 sandbox: they will inevitably + crash. Fix for bug 12043; bugfix on 0.2.5.1-alpha. + - Handle failures in getpwnam()/getpwuid() when running with the + User option set and the Linux syscall sandbox enabled. Fixes bug + 11946; bugfix on 0.2.5.1-alpha. + + o Minor bugfixes (pluggable transports): + - Enable the ExtORPortCookieAuthFile option, to allow changing the + default location of the authentication token for the extended OR + Port as used by sever-side pluggable transports. We had + implemented this option before, but the code to make it settable + had been omitted. Fixes bug 11635; bugfix on 0.2.5.1-alpha. + - Avoid another 60-second delay when starting Tor in a pluggable- + transport-using configuration when we already have cached + descriptors for our bridges. Fixes bug 11965; bugfix + on 0.2.3.6-alpha. + + o Minor bugfixes (testing): + - The Python parts of the test scripts now work on Python 3 as well + as Python 2, so systems where '/usr/bin/python' is Python 3 will + no longer have the tests break. Fixes bug 11608; bugfix + on 0.2.5.2-alpha. + - When looking for versions of python that we could run the tests + with, check for "python2.7" and "python3.3"; previously we were + only looking for "python", "python2", and "python3". Patch from + Dana Koch. Fixes bug 11632; bugfix on 0.2.5.2-alpha. + - Fix all valgrind warnings produced by the unit tests. There were + over a thousand memory leak warnings previously, mostly produced + by forgetting to free things in the unit test code. Fixes bug + 11618, bugfixes on many versions of Tor. + + o Minor bugfixes (tor-fw-helper): + - Give a correct log message when tor-fw-helper fails to launch. + (Previously, we would say something like "tor-fw-helper sent us a + string we could not parse".) Fixes bug 9781; bugfix + on 0.2.4.2-alpha. + + o Minor bugfixes (relay, threading): + - Check return code on spawn_func() in cpuworker code, so that we + don't think we've spawned a nonworking cpuworker and write junk to + it forever. Fix related to bug 4345; bugfix on all released Tor + versions. Found by "skruffy". + - Use a pthread_attr to make sure that spawn_func() cannot return an + error while at the same time launching a thread. Fix related to + bug 4345; bugfix on all released Tor versions. Reported + by "cypherpunks". + + o Minor bugfixes (relay, oom prevention): + - Correctly detect the total available system memory. We tried to do + this in 0.2.5.4-alpha, but the code was set up to always return an + error value, even on success. Fixes bug 11805; bugfix + on 0.2.5.4-alpha. + + o Minor bugfixes (logging): + - Fix a misformatted log message about delayed directory fetches. + Fixes bug 11654; bugfix on 0.2.5.3-alpha. + + o Distribution: + - Include a tor.service file in contrib/dist for use with systemd. + Some distributions will be able to use this file unmodified; + others will need to tweak it, or write their own. Patch from Jamie + Nguyen; resolves ticket 8368. + + o Documentation: + - Clean up several option names in the manpage to match their real + names, add the missing documentation for a couple of testing and + directory authority options, remove the documentation for a + V2-directory fetching option that no longer exists. Resolves + ticket 11634. + + o Package cleanup: + - The contrib directory has been sorted and tidy. Before, it was an + unsorted dumping ground for useful and not-so-useful things. Now, + it has been divided based on functionality, and the items which + seemed to be nonfunctional or useless have been removed. Resolves + ticket 8966; based on patches from "rl1987". + + o Removed code: + - Remove /tor/dbg-stability.txt URL that was meant to help debug WFU + and MTBF calculations, but that nobody was using. Fixes #11742. + - The TunnelDirConns and PreferTunnelledDirConns options no longer + exist; tunneled directory connections have been available since + 0.1.2.5-alpha, and turning them off is not a good idea. This is a + brute-force fix for 10849, where "TunnelDirConns 0" would break + hidden services. + + +Changes in version 0.2.4.22 - 2014-05-16 + Tor 0.2.4.22 backports numerous high-priority fixes from the Tor 0.2.5 + alpha release series. These include blocking all authority signing + keys that may have been affected by the OpenSSL "heartbleed" bug, + choosing a far more secure set of TLS ciphersuites by default, closing + a couple of memory leaks that could be used to run a target relay out + of RAM, and several others. + + o Major features (security, backport from 0.2.5.4-alpha): + - Block authority signing keys that were used on authorities + vulnerable to the "heartbleed" bug in OpenSSL (CVE-2014-0160). (We + don't have any evidence that these keys _were_ compromised; we're + doing this to be prudent.) Resolves ticket 11464. + + o Major bugfixes (security, OOM): + - Fix a memory leak that could occur if a microdescriptor parse + fails during the tokenizing step. This bug could enable a memory + exhaustion attack by directory servers. Fixes bug 11649; bugfix + on 0.2.2.6-alpha. + + o Major bugfixes (TLS cipher selection, backport from 0.2.5.4-alpha): + - The relay ciphersuite list is now generated automatically based on + uniform criteria, and includes all OpenSSL ciphersuites with + acceptable strength and forward secrecy. Previously, we had left + some perfectly fine ciphersuites unsupported due to omission or + typo. Resolves bugs 11513, 11492, 11498, 11499. Bugs reported by + 'cypherpunks'. Bugfix on 0.2.4.8-alpha. + - Relays now trust themselves to have a better view than clients of + which TLS ciphersuites are better than others. (Thanks to bug + 11513, the relay list is now well-considered, whereas the client + list has been chosen mainly for anti-fingerprinting purposes.) + Relays prefer: AES over 3DES; then ECDHE over DHE; then GCM over + CBC; then SHA384 over SHA256 over SHA1; and last, AES256 over + AES128. Resolves ticket 11528. + - Clients now try to advertise the same list of ciphersuites as + Firefox 28. This change enables selection of (fast) GCM + ciphersuites, disables some strange old ciphers, and stops + advertising the ECDH (not to be confused with ECDHE) ciphersuites. + Resolves ticket 11438. + + o Minor bugfixes (configuration, security): + - When running a hidden service, do not allow TunneledDirConns 0: + trying to set that option together with a hidden service would + otherwise prevent the hidden service from running, and also make + it publish its descriptors directly over HTTP. Fixes bug 10849; + bugfix on 0.2.1.1-alpha. + + o Minor bugfixes (controller, backport from 0.2.5.4-alpha): + - Avoid sending a garbage value to the controller when a circuit is + cannibalized. Fixes bug 11519; bugfix on 0.2.3.11-alpha. + + o Minor bugfixes (exit relay, backport from 0.2.5.4-alpha): + - Stop leaking memory when we successfully resolve a PTR record. + Fixes bug 11437; bugfix on 0.2.4.7-alpha. + + o Minor bugfixes (bridge client, backport from 0.2.5.4-alpha): + - Avoid 60-second delays in the bootstrapping process when Tor is + launching for a second time while using bridges. Fixes bug 9229; + bugfix on 0.2.0.3-alpha. + + o Minor bugfixes (relays and bridges, backport from 0.2.5.4-alpha): + - Give the correct URL in the warning message when trying to run a + relay on an ancient version of Windows. Fixes bug 9393. + + o Minor bugfixes (compilation): + - Fix a compilation error when compiling with --disable-curve25519. + Fixes bug 9700; bugfix on 0.2.4.17-rc. + + o Minor bugfixes: + - Downgrade the warning severity for the the "md was still + referenced 1 node(s)" warning. Tor 0.2.5.4-alpha has better code + for trying to diagnose this bug, and the current warning in + earlier versions of tor achieves nothing useful. Addresses warning + from bug 7164. + + o Minor features (log verbosity, backport from 0.2.5.4-alpha): + - When we run out of usable circuit IDs on a channel, log only one + warning for the whole channel, and describe how many circuits + there were on the channel. Fixes part of ticket 11553. + + o Minor features (security, backport from 0.2.5.4-alpha): + - Decrease the lower limit of MaxMemInCellQueues to 256 MBytes (but + leave the default at 8GBytes), to better support Raspberry Pi + users. Fixes bug 9686; bugfix on 0.2.4.14-alpha. + + o Documentation (backport from 0.2.5.4-alpha): + - Correctly document that we search for a system torrc file before + looking in ~/.torrc. Fixes documentation side of 9213; bugfix on + 0.2.3.18-rc. + + +Changes in version 0.2.5.4-alpha - 2014-04-25 + Tor 0.2.5.4-alpha includes several security and performance + improvements for clients and relays, including blacklisting authority + signing keys that were used while susceptible to the OpenSSL + "heartbleed" bug, fixing two expensive functions on busy relays, + improved TLS ciphersuite preference lists, support for run-time + hardening on compilers that support AddressSanitizer, and more work on + the Linux sandbox code. + + There are also several usability fixes for clients (especially clients + that use bridges), two new TransPort protocols supported (one on + OpenBSD, one on FreeBSD), and various other bugfixes. + + This release marks end-of-life for Tor 0.2.2.x; those Tor versions + have accumulated many known flaws; everyone should upgrade. + + o Major features (security): + - If you don't specify MaxMemInQueues yourself, Tor now tries to + pick a good value based on your total system memory. Previously, + the default was always 8 GB. You can still override the default by + setting MaxMemInQueues yourself. Resolves ticket 11396. + - Block authority signing keys that were used on authorities + vulnerable to the "heartbleed" bug in OpenSSL (CVE-2014-0160). (We + don't have any evidence that these keys _were_ compromised; we're + doing this to be prudent.) Resolves ticket 11464. + + o Major features (relay performance): + - Speed up server-side lookups of rendezvous and introduction point + circuits by using hashtables instead of linear searches. These + functions previously accounted between 3 and 7% of CPU usage on + some busy relays. Resolves ticket 9841. + - Avoid wasting CPU when extending a circuit over a channel that is + nearly out of circuit IDs. Previously, we would do a linear scan + over possible circuit IDs before finding one or deciding that we + had exhausted our possibilities. Now, we try at most 64 random + circuit IDs before deciding that we probably won't succeed. Fixes + a possible root cause of ticket 11553. + + o Major features (seccomp2 sandbox, Linux only): + - The seccomp2 sandbox can now run a test network for multiple hours + without crashing. The sandbox is still experimental, and more bugs + will probably turn up. To try it, enable "Sandbox 1" on a Linux + host. Resolves ticket 11351. + - Strengthen sandbox code: the sandbox can now test the arguments + for rename(), and blocks _sysctl() entirely. Resolves another part + of ticket 11351. + - When the sandbox blocks a system call, it now tries to log a stack + trace before exiting. Resolves ticket 11465. + + o Major bugfixes (TLS cipher selection): + - The relay ciphersuite list is now generated automatically based on + uniform criteria, and includes all OpenSSL ciphersuites with + acceptable strength and forward secrecy. Previously, we had left + some perfectly fine ciphersuites unsupported due to omission or + typo. Resolves bugs 11513, 11492, 11498, 11499. Bugs reported by + 'cypherpunks'. Bugfix on 0.2.4.8-alpha. + - Relays now trust themselves to have a better view than clients of + which TLS ciphersuites are better than others. (Thanks to bug + 11513, the relay list is now well-considered, whereas the client + list has been chosen mainly for anti-fingerprinting purposes.) + Relays prefer: AES over 3DES; then ECDHE over DHE; then GCM over + CBC; then SHA384 over SHA256 over SHA1; and last, AES256 over + AES128. Resolves ticket 11528. + - Clients now try to advertise the same list of ciphersuites as + Firefox 28. This change enables selection of (fast) GCM + ciphersuites, disables some strange old ciphers, and stops + advertising the ECDH (not to be confused with ECDHE) ciphersuites. + Resolves ticket 11438. + + o Major bugfixes (bridge client): + - Avoid 60-second delays in the bootstrapping process when Tor is + launching for a second time while using bridges. Fixes bug 9229; + bugfix on 0.2.0.3-alpha. + + o Minor features (transparent proxy, *BSD): + - Support FreeBSD's ipfw firewall interface for TransPort ports on + FreeBSD. To enable it, set "TransProxyType ipfw". Resolves ticket + 10267; patch from "yurivict". + - Support OpenBSD's divert-to rules with the pf firewall for + transparent proxy ports. To enable it, set "TransProxyType + pf-divert". This allows Tor to run a TransPort transparent proxy + port on OpenBSD 4.4 or later without root privileges. See the + pf.conf(5) manual page for information on configuring pf to use + divert-to rules. Closes ticket 10896; patch from Dana Koch. + + o Minor features (security): + - New --enable-expensive-hardening option to enable security + hardening options that consume nontrivial amounts of CPU and + memory. Right now, this includes AddressSanitizer and UbSan, which + are supported in newer versions of GCC and Clang. Closes ticket + 11477. + + o Minor features (log verbosity): + - Demote the message that we give when a flushing connection times + out for too long from NOTICE to INFO. It was usually meaningless. + Resolves ticket 5286. + - Don't log so many notice-level bootstrapping messages at startup + about downloading descriptors. Previously, we'd log a notice + whenever we learned about more routers. Now, we only log a notice + at every 5% of progress. Fixes bug 9963. + - Warn less verbosely when receiving a malformed + ESTABLISH_RENDEZVOUS cell. Fixes ticket 11279. + - When we run out of usable circuit IDs on a channel, log only one + warning for the whole channel, and describe how many circuits + there were on the channel. Fixes part of ticket 11553. + + o Minor features (relay): + - If a circuit timed out for at least 3 minutes, check if we have a + new external IP address, and publish a new descriptor with the new + IP address if it changed. Resolves ticket 2454. + + o Minor features (controller): + - Make the entire exit policy available from the control port via + GETINFO exit-policy/*. Implements enhancement 7952. Patch from + "rl1987". + - Because of the fix for ticket 11396, the real limit for memory + usage may no longer match the configured MaxMemInQueues value. The + real limit is now exposed via GETINFO limits/max-mem-in-queues. + + o Minor features (bridge client): + - Report a more useful failure message when we can't connect to a + bridge because we don't have the right pluggable transport + configured. Resolves ticket 9665. Patch from Fábio J. Bertinatto. + + o Minor features (diagnostic): + - Add more log messages to diagnose bug 7164, which causes + intermittent "microdesc_free() called but md was still referenced" + warnings. We now include more information, to figure out why we + might be cleaning a microdescriptor for being too old if it's + still referenced by a live node_t object. + + o Minor bugfixes (client, DNSPort): + - When using DNSPort, try to respond to AAAA requests with AAAA + answers. Previously, we hadn't looked at the request type when + deciding which answer type to prefer. Fixes bug 10468; bugfix on + 0.2.4.7-alpha. + - When receiving a DNS query for an unsupported record type, reply + with no answer rather than with a NOTIMPL error. This behavior + isn't correct either, but it will break fewer client programs, we + hope. Fixes bug 10268; bugfix on 0.2.0.1-alpha. Original patch + from "epoch". + + o Minor bugfixes (exit relay): + - Stop leaking memory when we successfully resolve a PTR record. + Fixes bug 11437; bugfix on 0.2.4.7-alpha. + + o Minor bugfixes (bridge client): + - Stop accepting bridge lines containing hostnames. Doing so would + cause clients to perform DNS requests on the hostnames, which was + not sensible behavior. Fixes bug 10801; bugfix on 0.2.0.1-alpha. + - Avoid a 60-second delay in the bootstrapping process when a Tor + client with pluggable transports re-reads its configuration at + just the wrong time. Re-fixes bug 11156; bugfix on 0.2.5.3-alpha. + + o Minor bugfixes (client, logging during bootstrap): + - Warn only once if we start logging in an unsafe way. Previously, + we complain as many times as we had problems. Fixes bug 9870; + bugfix on 0.2.5.1-alpha. + - Only report the first fatal bootstrap error on a given OR + connection. This stops us from telling the controller bogus error + messages like "DONE". Fixes bug 10431; bugfix on 0.2.1.1-alpha. + - Be more helpful when trying to run sandboxed on Linux without + libseccomp. Instead of saying "Sandbox is not implemented on this + platform", we now explain that we need to be built with + libseccomp. Fixes bug 11543; bugfix on 0.2.5.1-alpha. + - Avoid generating spurious warnings when starting with + DisableNetwork enabled. Fixes bug 11200 and bug 10405; bugfix on + 0.2.3.9-alpha. + + o Minor bugfixes (closing OR connections): + - If write_to_buf() in connection_write_to_buf_impl_() ever fails, + check if it's an or_connection_t and correctly call + connection_or_close_for_error() rather than + connection_mark_for_close() directly. Fixes bug 11304; bugfix on + 0.2.4.4-alpha. + - When closing all connections on setting DisableNetwork to 1, use + connection_or_close_normally() rather than closing OR connections + out from under the channel layer. Fixes bug 11306; bugfix on + 0.2.4.4-alpha. + + o Minor bugfixes (controller): + - Avoid sending a garbage value to the controller when a circuit is + cannibalized. Fixes bug 11519; bugfix on 0.2.3.11-alpha. + + o Minor bugfixes (tor-fw-helper): + - Allow tor-fw-helper to build again by adding src/ext to its + CPPFLAGS. Fixes bug 11296; bugfix on 0.2.5.3-alpha. + + o Minor bugfixes (bridges): + - Avoid potential crashes or bad behavior when launching a + server-side managed proxy with ORPort or ExtORPort temporarily + disabled. Fixes bug 9650; bugfix on 0.2.3.16-alpha. + + o Minor bugfixes (platform-specific): + - Fix compilation on Solaris, which does not have <endian.h>. Fixes + bug 11426; bugfix on 0.2.5.3-alpha. + - When dumping a malformed directory object to disk, save it in + binary mode on Windows, not text mode. Fixes bug 11342; bugfix on + 0.2.2.1-alpha. + - Don't report failures from make_socket_reuseable() on incoming + sockets on OSX: this can happen when incoming connections close + early. Fixes bug 10081. + + o Minor bugfixes (trivial memory leaks): + - Fix a small memory leak when signing a directory object. Fixes bug + 11275; bugfix on 0.2.4.13-alpha. + - Free placeholder entries in our circuit table at exit; fixes a + harmless memory leak. Fixes bug 11278; bugfix on 0.2.5.1-alpha. + - Don't re-initialize a second set of OpenSSL mutexes when starting + up. Previously, we'd make one set of mutexes, and then immediately + replace them with another. Fixes bug 11726; bugfix on + 0.2.5.3-alpha. + - Resolve some memory leaks found by coverity in the unit tests, on + exit in tor-gencert, and on a failure to compute digests for our + own keys when generating a v3 networkstatus vote. These leaks + should never have affected anyone in practice. + + o Minor bugfixes (hidden service): + - Only retry attempts to connect to a chosen rendezvous point 8 + times, not 30. Fixes bug 4241; bugfix on 0.1.0.1-rc. + + o Minor bugfixes (misc code correctness): + - Fix various instances of undefined behavior in channeltls.c, + tor_memmem(), and eventdns.c that would cause us to construct + pointers to memory outside an allocated object. (These invalid + pointers were not accessed, but C does not even allow them to + exist.) Fixes bug 10363; bugfixes on 0.1.1.1-alpha, 0.1.2.1-alpha, + 0.2.0.10-alpha, and 0.2.3.6-alpha. Reported by "bobnomnom". + - Use the AddressSanitizer and Ubsan sanitizers (in clang-3.4) to + fix some miscellaneous errors in our tests and codebase. Fixes bug + 11232. Bugfixes on versions back as far as 0.2.1.11-alpha. + - Always check return values for unlink, munmap, UnmapViewOfFile; + check strftime return values more often. In some cases all we can + do is report a warning, but this may help prevent deeper bugs from + going unnoticed. Closes ticket 8787; bugfixes on many, many tor + versions. + - Fix numerous warnings from the clang "scan-build" static analyzer. + Some of these are programming style issues; some of them are false + positives that indicated awkward code; some are undefined behavior + cases related to constructing (but not using) invalid pointers; + some are assumptions about API behavior; some are (harmlessly) + logging sizeof(ptr) bytes from a token when sizeof(*ptr) would be + correct; and one or two are genuine bugs that weren't reachable + from the rest of the program. Fixes bug 8793; bugfixes on many, + many tor versions. + + o Documentation: + - Build the torify.1 manpage again. Previously, we were only trying + to build it when also building tor-fw-helper. That's why we didn't + notice that we'd broken the ability to build it. Fixes bug 11321; + bugfix on 0.2.5.1-alpha. + - Fix the layout of the SOCKSPort flags in the manpage. Fixes bug + 11061; bugfix on 0.2.4.7-alpha. + - Correctly document that we search for a system torrc file before + looking in ~/.torrc. Fixes documentation side of 9213; bugfix on + 0.2.3.18-rc. + - Resolve warnings from Doxygen. + + o Code simplifications and refactoring: + - Remove is_internal_IP() function. Resolves ticket 4645. + - Remove unused function circuit_dump_by_chan from circuitlist.c. + Closes issue 9107; patch from "marek". + - Change our use of the ENUM_BF macro to avoid declarations that + confuse Doxygen. + + o Deprecated versions: + - Tor 0.2.2.x has reached end-of-life; it has received no patches or + attention for some while. Directory authorities no longer accept + descriptors from relays running any version of Tor prior to Tor + 0.2.3.16-alpha. Resolves ticket 11149. + + o Testing: + - New macros in test.h to simplify writing mock-functions for unit + tests. Part of ticket 11507. Patch from Dana Koch. + - Complete tests for the status.c module. Resolves ticket 11507. + Patch from Dana Koch. + + o Removed code: + - Remove all code for the long unused v1 directory protocol. + Resolves ticket 11070. + + +Changes in version 0.2.5.3-alpha - 2014-03-22 + Tor 0.2.5.3-alpha includes all the fixes from 0.2.4.21. It contains + two new anti-DoS features for Tor relays, resolves a bug that kept + SOCKS5 support for IPv6 from working, fixes several annoying usability + issues for bridge users, and removes more old code for unused + directory formats. + + The Tor 0.2.5.x release series is now in patch-freeze: no feature + patches not already written will be considered for inclusion in 0.2.5.x. + + o Major features (relay security, DoS-resistance): + - When deciding whether we have run out of memory and we need to + close circuits, also consider memory allocated in buffers for + streams attached to each circuit. + + This change, which extends an anti-DoS feature introduced in + 0.2.4.13-alpha and improved in 0.2.4.14-alpha, lets Tor exit relays + better resist more memory-based DoS attacks than before. Since the + MaxMemInCellQueues option now applies to all queues, it is renamed + to MaxMemInQueues. This feature fixes bug 10169. + - Avoid hash-flooding denial-of-service attacks by using the secure + SipHash-2-4 hash function for our hashtables. Without this + feature, an attacker could degrade performance of a targeted + client or server by flooding their data structures with a large + number of entries to be stored at the same hash table position, + thereby slowing down the Tor instance. With this feature, hash + table positions are derived from a randomized cryptographic key, + and an attacker cannot predict which entries will collide. Closes + ticket 4900. + - Decrease the lower limit of MaxMemInQueues to 256 MBytes (but leave + the default at 8GBytes), to better support Raspberry Pi users. Fixes + bug 9686; bugfix on 0.2.4.14-alpha. + + o Minor features (bridges, pluggable transports): + - Bridges now write the SHA1 digest of their identity key + fingerprint (that is, a hash of a hash of their public key) to + notice-level logs, and to a new hashed-fingerprint file. This + information will help bridge operators look up their bridge in + Globe and similar tools. Resolves ticket 10884. + - Improve the message that Tor displays when running as a bridge + using pluggable transports without an Extended ORPort listener. + Also, log the message in the log file too. Resolves ticket 11043. + + o Minor features (other): + - Add a new option, PredictedPortsRelevanceTime, to control how long + after having received a request to connect to a given port Tor + will try to keep circuits ready in anticipation of future requests + for that port. Patch from "unixninja92"; implements ticket 9176. + - Generate a warning if any ports are listed in the SocksPolicy, + DirPolicy, AuthDirReject, AuthDirInvalid, AuthDirBadDir, or + AuthDirBadExit options. (These options only support address + ranges.) Fixes part of ticket 11108. + - Update geoip and geoip6 to the February 7 2014 Maxmind GeoLite2 + Country database. + + o Minor bugfixes (new since 0.2.5.2-alpha, also in 0.2.4.21): + - Build without warnings under clang 3.4. (We have some macros that + define static functions only some of which will get used later in + the module. Starting with clang 3.4, these give a warning unless the + unused attribute is set on them.) Resolves ticket 10904. + - Fix build warnings about missing "a2x" comment when building the + manpages from scratch on OpenBSD; OpenBSD calls it "a2x.py". + Fixes bug 10929; bugfix on 0.2.2.9-alpha. Patch from Dana Koch. + + o Minor bugfixes (client): + - Improve the log message when we can't connect to a hidden service + because all of the hidden service directory nodes hosting its + descriptor are excluded. Improves on our fix for bug 10722, which + was a bugfix on 0.2.0.10-alpha. + - Raise a control port warning when we fail to connect to all of + our bridges. Previously, we didn't inform the controller, and + the bootstrap process would stall. Fixes bug 11069; bugfix on + 0.2.1.2-alpha. + - Exit immediately when a process-owning controller exits. + Previously, tor relays would wait for a little while after their + controller exited, as if they had gotten an INT signal -- but this + was problematic, since there was no feedback for the user. To do a + clean shutdown, controllers should send an INT signal and give Tor + a chance to clean up. Fixes bug 10449; bugfix on 0.2.2.28-beta. + - Stop attempting to connect to bridges before our pluggable + transports are configured (harmless but resulted in some erroneous + log messages). Fixes bug 11156; bugfix on 0.2.3.2-alpha. + - Fix connections to IPv6 addresses over SOCKS5. Previously, we were + generating incorrect SOCKS5 responses, and confusing client + applications. Fixes bug 10987; bugfix on 0.2.4.7-alpha. + + o Minor bugfixes (relays and bridges): + - Avoid crashing on a malformed resolv.conf file when running a + relay using Libevent 1. Fixes bug 8788; bugfix on 0.1.1.23. + - Non-exit relays no longer launch mock DNS requests to check for + DNS hijacking. This has been unnecessary since 0.2.1.7-alpha, when + non-exit relays stopped servicing DNS requests. Fixes bug 965; + bugfix on 0.2.1.7-alpha. Patch from Matt Pagan. + - Bridges now report complete directory request statistics. Related + to bug 5824; bugfix on 0.2.2.1-alpha. + - Bridges now never collect statistics that were designed for + relays. Fixes bug 5824; bugfix on 0.2.3.8-alpha. + - Stop giving annoying warning messages when we decide not to launch + a pluggable transport proxy that we don't need (because there are + no bridges configured to use it). Resolves ticket 5018; bugfix + on 0.2.5.2-alpha. + - Give the correct URL in the warning message when trying to run a + relay on an ancient version of Windows. Fixes bug 9393. + + o Minor bugfixes (backtrace support): + - Support automatic backtraces on more platforms by using the + "-fasynchronous-unwind-tables" compiler option. This option is + needed for platforms like 32-bit Intel where "-fomit-frame-pointer" + is on by default and table generation is not. This doesn't yet + add Windows support; only Linux, OSX, and some BSDs are affected. + Reported by 'cypherpunks'; fixes bug 11047; bugfix on 0.2.5.2-alpha. + - Avoid strange behavior if two threads hit failed assertions at the + same time and both try to log backtraces at once. (Previously, if + this had happened, both threads would have stored their intermediate + results in the same buffer, and generated junk outputs.) Reported by + "cypherpunks". Fixes bug 11048; bugfix on 0.2.5.2-alpha. + - Fix a compiler warning in format_number_sigsafe(). Bugfix on + 0.2.5.2-alpha; patch from Nick Hopper. + + o Minor bugfixes (unit tests): + - Fix a small bug in the unit tests that might have made the tests + call 'chmod' with an uninitialized bitmask. Fixes bug 10928; + bugfix on 0.2.5.1-alpha. Patch from Dana Koch. + + o Removed code: + - Remove all remaining code related to version-0 hidden service + descriptors: they have not been in use since 0.2.2.1-alpha. Fixes + the rest of bug 10841. + + o Documentation: + - Document in the manpage that "KBytes" may also be written as + "kilobytes" or "KB", that "Kbits" may also be written as + "kilobits", and so forth. Closes ticket 9222. + - Document that the ClientOnly config option overrides ORPort. + Our old explanation made ClientOnly sound as though it did + nothing at all. Resolves bug 9059. + - Explain that SocksPolicy, DirPolicy, and similar options don't + take port arguments. Fixes the other part of ticket 11108. + - Fix a comment about the rend_server_descriptor_t.protocols field + to more accurately describe its range. Also, make that field + unsigned, to more accurately reflect its usage. Fixes bug 9099; + bugfix on 0.2.1.5-alpha. + - Fix the manpage's description of HiddenServiceAuthorizeClient: + the maximum client name length is 16, not 19. Fixes bug 11118; + bugfix on 0.2.1.6-alpha. + + o Code simplifications and refactoring: + - Get rid of router->address, since in all cases it was just the + string representation of router->addr. Resolves ticket 5528. + + o Test infrastructure: + - Update to the latest version of tinytest. + - Improve the tinytest implementation of string operation tests so + that comparisons with NULL strings no longer crash the tests; they + now just fail, normally. Fixes bug 9004; bugfix on 0.2.2.4-alpha. + + +Changes in version 0.2.4.21 - 2014-02-28 + Tor 0.2.4.21 further improves security against potential adversaries who + find breaking 1024-bit crypto doable, and backports several stability + and robustness patches from the 0.2.5 branch. + + o Major features (client security): + - When we choose a path for a 3-hop circuit, make sure it contains + at least one relay that supports the NTor circuit extension + handshake. Otherwise, there is a chance that we're building + a circuit that's worth attacking by an adversary who finds + breaking 1024-bit crypto doable, and that chance changes the game + theory. Implements ticket 9777. + + o Major bugfixes: + - Do not treat streams that fail with reason + END_STREAM_REASON_INTERNAL as indicating a definite circuit failure, + since it could also indicate an ENETUNREACH connection error. Fixes + part of bug 10777; bugfix on 0.2.4.8-alpha. + + o Code simplification and refactoring: + - Remove data structures which were introduced to implement the + CellStatistics option: they are now redundant with the new timestamp + field in the regular packed_cell_t data structure, which we did + in 0.2.4.18-rc in order to resolve bug 9093. Resolves ticket 10870. + + o Minor features: + - Always clear OpenSSL bignums before freeing them -- even bignums + that don't contain secrets. Resolves ticket 10793. Patch by + Florent Daigniere. + - Build without warnings under clang 3.4. (We have some macros that + define static functions only some of which will get used later in + the module. Starting with clang 3.4, these give a warning unless the + unused attribute is set on them.) Resolves ticket 10904. + - Update geoip and geoip6 files to the February 7 2014 Maxmind + GeoLite2 Country database. + + o Minor bugfixes: + - Set the listen() backlog limit to the largest actually supported + on the system, not to the value in a header file. Fixes bug 9716; + bugfix on every released Tor. + - Treat ENETUNREACH, EACCES, and EPERM connection failures at an + exit node as a NOROUTE error, not an INTERNAL error, since they + can apparently happen when trying to connect to the wrong sort + of netblocks. Fixes part of bug 10777; bugfix on 0.1.0.1-rc. + - Fix build warnings about missing "a2x" comment when building the + manpages from scratch on OpenBSD; OpenBSD calls it "a2x.py". + Fixes bug 10929; bugfix on 0.2.2.9-alpha. Patch from Dana Koch. + - Avoid a segfault on SIGUSR1, where we had freed a connection but did + not entirely remove it from the connection lists. Fixes bug 9602; + bugfix on 0.2.4.4-alpha. + - Fix a segmentation fault in our benchmark code when running with + Fedora's OpenSSL package, or any other OpenSSL that provides + ECDH but not P224. Fixes bug 10835; bugfix on 0.2.4.8-alpha. + - Turn "circuit handshake stats since last time" log messages into a + heartbeat message. Fixes bug 10485; bugfix on 0.2.4.17-rc. + + o Documentation fixes: + - Document that all but one DirPort entry must have the NoAdvertise + flag set. Fixes bug 10470; bugfix on 0.2.3.3-alpha / 0.2.3.16-alpha. + + +Changes in version 0.2.5.2-alpha - 2014-02-13 + Tor 0.2.5.2-alpha includes all the fixes from 0.2.4.18-rc and 0.2.4.20, + like the "poor random number generation" fix and the "building too many + circuits" fix. It also further improves security against potential + adversaries who find breaking 1024-bit crypto doable, and launches + pluggable transports on demand (which gets us closer to integrating + pluggable transport support by default -- not to be confused with Tor + bundles enabling pluggable transports and bridges by default). + + o Major features (client security): + - When we choose a path for a 3-hop circuit, make sure it contains + at least one relay that supports the NTor circuit extension + handshake. Otherwise, there is a chance that we're building + a circuit that's worth attacking by an adversary who finds + breaking 1024-bit crypto doable, and that chance changes the game + theory. Implements ticket 9777. + - Clients now look at the "usecreatefast" consensus parameter to + decide whether to use CREATE_FAST or CREATE cells for the first hop + of their circuit. This approach can improve security on connections + where Tor's circuit handshake is stronger than the available TLS + connection security levels, but the tradeoff is more computational + load on guard relays. Implements proposal 221. Resolves ticket 9386. + + o Major features (bridges): + - Don't launch pluggable transport proxies if we don't have any + bridges configured that would use them. Now we can list many + pluggable transports, and Tor will dynamically start one when it + hears a bridge address that needs it. Resolves ticket 5018. + - The bridge directory authority now assigns status flags (Stable, + Guard, etc) to bridges based on thresholds calculated over all + Running bridges. Now bridgedb can finally make use of its features + to e.g. include at least one Stable bridge in its answers. Fixes + bug 9859. + + o Major features (other): + - Extend ORCONN controller event to include an "ID" parameter, + and add four new controller event types CONN_BW, CIRC_BW, + CELL_STATS, and TB_EMPTY that show connection and circuit usage. + The new events are emitted in private Tor networks only, with the + goal of being able to better track performance and load during + full-network simulations. Implements proposal 218 and ticket 7359. + - On some platforms (currently: recent OSX versions, glibc-based + platforms that support the ELF format, and a few other + Unix-like operating systems), Tor can now dump stack traces + when a crash occurs or an assertion fails. By default, traces + are dumped to stderr (if possible) and to any logs that are + reporting errors. Implements ticket 9299. + + o Major bugfixes: + - Avoid a segfault on SIGUSR1, where we had freed a connection but did + not entirely remove it from the connection lists. Fixes bug 9602; + bugfix on 0.2.4.4-alpha. + - Do not treat streams that fail with reason + END_STREAM_REASON_INTERNAL as indicating a definite circuit failure, + since it could also indicate an ENETUNREACH connection error. Fixes + part of bug 10777; bugfix on 0.2.4.8-alpha. + + o Major bugfixes (new since 0.2.5.1-alpha, also in 0.2.4.20): + - Do not allow OpenSSL engines to replace the PRNG, even when + HardwareAccel is set. The only default builtin PRNG engine uses + the Intel RDRAND instruction to replace the entire PRNG, and + ignores all attempts to seed it with more entropy. That's + cryptographically stupid: the right response to a new alleged + entropy source is never to discard all previously used entropy + sources. Fixes bug 10402; works around behavior introduced in + OpenSSL 1.0.0. Diagnosis and investigation thanks to "coderman" + and "rl1987". + - Fix assertion failure when AutomapHostsOnResolve yields an IPv6 + address. Fixes bug 10465; bugfix on 0.2.4.7-alpha. + - Avoid launching spurious extra circuits when a stream is pending. + This fixes a bug where any circuit that _wasn't_ unusable for new + streams would be treated as if it were, causing extra circuits to + be launched. Fixes bug 10456; bugfix on 0.2.4.12-alpha. + + o Major bugfixes (new since 0.2.5.1-alpha, also in 0.2.4.18-rc): + - No longer stop reading or writing on cpuworker connections when + our rate limiting buckets go empty. Now we should handle circuit + handshake requests more promptly. Resolves bug 9731. + - Stop trying to bootstrap all our directory information from + only our first guard. Discovered while fixing bug 9946; bugfix + on 0.2.4.8-alpha. + + o Minor features (bridges, pluggable transports): + - Add threshold cutoffs to the networkstatus document created by + the Bridge Authority. Fixes bug 1117. + - On Windows, spawn background processes using the CREATE_NO_WINDOW + flag. Now Tor Browser Bundle 3.5 with pluggable transports enabled + doesn't pop up a blank console window. (In Tor Browser Bundle 2.x, + Vidalia set this option for us.) Implements ticket 10297. + + o Minor features (security): + - Always clear OpenSSL bignums before freeing them -- even bignums + that don't contain secrets. Resolves ticket 10793. Patch by + Florent Daignière. + + o Minor features (config options and command line): + - Add an --allow-missing-torrc commandline option that tells Tor to + run even if the configuration file specified by -f is not available. + Implements ticket 10060. + - Add support for the TPROXY transparent proxying facility on Linux. + See documentation for the new TransProxyType option for more + details. Implementation by "thomo". Closes ticket 10582. + + o Minor features (controller): + - Add a new "HS_DESC" controller event that reports activities + related to hidden service descriptors. Resolves ticket 8510. + - New "DROPGUARDS" controller command to forget all current entry + guards. Not recommended for ordinary use, since replacing guards + too frequently makes several attacks easier. Resolves ticket 9934; + patch from "ra". + + o Minor features (build): + - Assume that a user using ./configure --host wants to cross-compile, + and give an error if we cannot find a properly named + tool-chain. Add a --disable-tool-name-check option to proceed + nevertheless. Addresses ticket 9869. Patch by Benedikt Gollatz. + - If we run ./configure and the compiler recognizes -fstack-protector + but the linker rejects it, warn the user about a potentially missing + libssp package. Addresses ticket 9948. Patch from Benedikt Gollatz. + + o Minor features (testing): + - If Python is installed, "make check" now runs extra tests beyond + the unit test scripts. + - When bootstrapping a test network, sometimes very few relays get + the Guard flag. Now a new option "TestingDirAuthVoteGuard" can + specify a set of relays which should be voted Guard regardless of + their uptime or bandwidth. Addresses ticket 9206. + + o Minor features (log messages): + - When ServerTransportPlugin is set on a bridge, Tor can write more + useful statistics about bridge use in its extrainfo descriptors, + but only if the Extended ORPort ("ExtORPort") is set too. Add a + log message to inform the user in this case. Resolves ticket 9651. + - When receiving a new controller connection, log the origin address. + Resolves ticket 9698; patch from "sigpipe". + - When logging OpenSSL engine status at startup, log the status of + more engines. Fixes ticket 10043; patch from Joshua Datko. + - Turn "circuit handshake stats since last time" log messages into a + heartbeat message. Fixes bug 10485; bugfix on 0.2.4.17-rc. + + o Minor features (new since 0.2.5.1-alpha, also in 0.2.4.18-rc): + - Improve the circuit queue out-of-memory handler. Previously, when + we ran low on memory, we'd close whichever circuits had the most + queued cells. Now, we close those that have the *oldest* queued + cells, on the theory that those are most responsible for us + running low on memory. Based on analysis from a forthcoming paper + by Jansen, Tschorsch, Johnson, and Scheuermann. Fixes bug 9093. + - Generate bootstrapping status update events correctly when fetching + microdescriptors. Fixes bug 9927. + - Update to the October 2 2013 Maxmind GeoLite Country database. + + o Minor bugfixes (clients): + - When closing a channel that has already been open, do not close + pending circuits that were waiting to connect to the same relay. + Fixes bug 9880; bugfix on 0.2.5.1-alpha. Thanks to skruffy for + finding this bug. + + o Minor bugfixes (relays): + - Treat ENETUNREACH, EACCES, and EPERM connection failures at an + exit node as a NOROUTE error, not an INTERNAL error, since they + can apparently happen when trying to connect to the wrong sort + of netblocks. Fixes part of bug 10777; bugfix on 0.1.0.1-rc. + + o Minor bugfixes (bridges): + - Fix a bug where the first connection works to a bridge that uses a + pluggable transport with client-side parameters, but we don't send + the client-side parameters on subsequent connections. (We don't + use any pluggable transports with client-side parameters yet, + but ScrambleSuit will soon become the first one.) Fixes bug 9162; + bugfix on 0.2.0.3-alpha. Based on a patch from "rl1987". + + o Minor bugfixes (node selection): + - If ExcludeNodes is set, consider non-excluded hidden service + directory servers before excluded ones. Do not consider excluded + hidden service directory servers at all if StrictNodes is + set. (Previously, we would sometimes decide to connect to those + servers, and then realize before we initiated a connection that + we had excluded them.) Fixes bug 10722; bugfix on 0.2.0.10-alpha. + Reported by "mr-4". + - If we set the ExitNodes option but it doesn't include any nodes + that have the Exit flag, we would choose not to bootstrap. Now we + bootstrap so long as ExitNodes includes nodes which can exit to + some port. Fixes bug 10543; bugfix on 0.2.4.10-alpha. + + o Minor bugfixes (controller and command-line): + - If changing a config option via "setconf" fails in a recoverable + way, we used to nonetheless write our new control ports to the + file described by the "ControlPortWriteToFile" option. Now we only + write out that file if we successfully switch to the new config + option. Fixes bug 5605; bugfix on 0.2.2.26-beta. Patch from "Ryman". + - When a command-line option such as --version or --help that + ordinarily implies --hush appears on the command line along with + --quiet, then actually obey --quiet. Previously, we obeyed --quiet + only if it appeared later on the command line. Fixes bug 9578; + bugfix on 0.2.5.1-alpha. + + o Minor bugfixes (code correctness): + - Previously we used two temporary files when writing descriptors to + disk; now we only use one. Fixes bug 1376. + - Remove an erroneous (but impossible and thus harmless) pointer + comparison that would have allowed compilers to skip a bounds + check in channeltls.c. Fixes bugs 10313 and 9980; bugfix on + 0.2.0.10-alpha. Noticed by Jared L Wong and David Fifield. + - Fix an always-true assertion in pluggable transports code so it + actually checks what it was trying to check. Fixes bug 10046; + bugfix on 0.2.3.9-alpha. Found by "dcb". + + o Minor bugfixes (protocol correctness): + - When receiving a VERSIONS cell with an odd number of bytes, close + the connection immediately since the cell is malformed. Fixes bug + 10365; bugfix on 0.2.0.10-alpha. Spotted by "bobnomnom"; fix by + "rl1987". + + o Minor bugfixes (build): + - Restore the ability to compile Tor with V2_HANDSHAKE_SERVER + turned off (that is, without support for v2 link handshakes). Fixes + bug 4677; bugfix on 0.2.3.2-alpha. Patch from "piet". + - Fix compilation warnings and startup issues when running with + "Sandbox 1" and libseccomp-2.1.0. Fixes bug 10563; bugfix on + 0.2.5.1-alpha. + - Fix compilation on Solaris 9, which didn't like us having an + identifier named "sun". Fixes bug 10565; bugfix in 0.2.5.1-alpha. + + o Minor bugfixes (testing): + - Fix a segmentation fault in our benchmark code when running with + Fedora's OpenSSL package, or any other OpenSSL that provides + ECDH but not P224. Fixes bug 10835; bugfix on 0.2.4.8-alpha. + + o Minor bugfixes (log messages): + - Fix a bug where clients using bridges would report themselves + as 50% bootstrapped even without a live consensus document. + Fixes bug 9922; bugfix on 0.2.1.1-alpha. + - Suppress a warning where, if there's only one directory authority + in the network, we would complain that votes and signatures cannot + be uploaded to other directory authorities. Fixes bug 10842; + bugfix on 0.2.2.26-beta. + - Report bootstrapping progress correctly when we're downloading + microdescriptors. We had updated our "do we have enough microdescs + to begin building circuits?" logic most recently in 0.2.4.10-alpha + (see bug 5956), but we left the bootstrap status event logic at + "how far through getting 1/4 of them are we?" Fixes bug 9958; + bugfix on 0.2.2.36, which is where they diverged (see bug 5343). + + o Minor bugfixes (new since 0.2.5.1-alpha, also in 0.2.4.20): + - Avoid a crash bug when starting with a corrupted microdescriptor + cache file. Fixes bug 10406; bugfix on 0.2.2.6-alpha. + - If we fail to dump a previously cached microdescriptor to disk, avoid + freeing duplicate data later on. Fixes bug 10423; bugfix on + 0.2.4.13-alpha. Spotted by "bobnomnom". + + o Minor bugfixes on 0.2.4.x (new since 0.2.5.1-alpha, also in 0.2.4.18-rc): + - Correctly log long IPv6 exit policies, instead of truncating them + or reporting an error. Fixes bug 9596; bugfix on 0.2.4.7-alpha. + - Our default TLS ecdhe groups were backwards: we meant to be using + P224 for relays (for performance win) and P256 for bridges (since + it is more common in the wild). Instead we had it backwards. After + reconsideration, we decided that the default should be P256 on all + hosts, since its security is probably better, and since P224 is + reportedly used quite little in the wild. Found by "skruffy" on + IRC. Fix for bug 9780; bugfix on 0.2.4.8-alpha. + - Free directory authority certificate download statuses on exit + rather than leaking them. Fixes bug 9644; bugfix on 0.2.4.13-alpha. + + o Minor bugfixes on 0.2.3.x (new since 0.2.5.1-alpha, also in 0.2.4.18-rc): + - If the guard we choose first doesn't answer, we would try the + second guard, but once we connected to the second guard we would + abandon it and retry the first one, slowing down bootstrapping. + The fix is to treat all our initially chosen guards as acceptable + to use. Fixes bug 9946; bugfix on 0.1.1.11-alpha. + - Fix an assertion failure that would occur when disabling the + ORPort setting on a running Tor process while accounting was + enabled. Fixes bug 6979; bugfix on 0.2.2.18-alpha. + - When examining the list of network interfaces to find our address, + do not consider non-running or disabled network interfaces. Fixes + bug 9904; bugfix on 0.2.3.11-alpha. Patch from "hantwister". + - Avoid an off-by-one error when checking buffer boundaries when + formatting the exit status of a pluggable transport helper. + This is probably not an exploitable bug, but better safe than + sorry. Fixes bug 9928; bugfix on 0.2.3.18-rc. Bug found by + Pedro Ribeiro. + + o Removed code and features: + - Clients now reject any directory authority certificates lacking + a dir-key-crosscert element. These have been included since + 0.2.1.9-alpha, so there's no real reason for them to be optional + any longer. Completes proposal 157. Resolves ticket 10162. + - Remove all code that existed to support the v2 directory system, + since there are no longer any v2 directory authorities. Resolves + ticket 10758. + - Remove the HSAuthoritativeDir and AlternateHSAuthority torrc + options, which were used for designating authorities as "Hidden + service authorities". There has been no use of hidden service + authorities since 0.2.2.1-alpha, when we stopped uploading or + downloading v0 hidden service descriptors. Fixes bug 10881; also + part of a fix for bug 10841. + + o Code simplification and refactoring: + - Remove some old fallback code designed to keep Tor clients working + in a network with only two working relays. Elsewhere in the code we + have long since stopped supporting such networks, so there wasn't + much point in keeping it around. Addresses ticket 9926. + - Reject 0-length EXTEND2 cells more explicitly. Fixes bug 10536; + bugfix on 0.2.4.8-alpha. Reported by "cypherpunks". + - Remove data structures which were introduced to implement the + CellStatistics option: they are now redundant with the addition + of a timestamp to the regular packed_cell_t data structure, which + we did in 0.2.4.18-rc in order to resolve ticket 9093. Implements + ticket 10870. + + o Documentation (man page) fixes: + - Update manpage to describe some of the files you can expect to + find in Tor's DataDirectory. Addresses ticket 9839. + - Document that all but one DirPort entry must have the NoAdvertise + flag set. Fixes bug 10470; bugfix on 0.2.3.3-alpha / 0.2.3.16-alpha. + + o Documentation fixes (new since 0.2.5.1-alpha, also in 0.2.4.18-rc): + - Clarify the usage and risks of setting the ContactInfo torrc line + for your relay or bridge. Resolves ticket 9854. + - Add anchors to the manpage so we can link to the html version of + the documentation for specific options. Resolves ticket 9866. + - Replace remaining references to DirServer in man page and + log entries. Resolves ticket 10124. + + o Tool changes: + - Make the "tor-gencert" tool used by directory authority operators + create 2048-bit signing keys by default (rather than 1024-bit, since + 1024-bit is uncomfortably small these days). Addresses ticket 10324. + + +Changes in version 0.2.4.20 - 2013-12-22 + Tor 0.2.4.20 fixes potentially poor random number generation for users + who 1) use OpenSSL 1.0.0 or later, 2) set "HardwareAccel 1" in their + torrc file, 3) have "Sandy Bridge" or "Ivy Bridge" Intel processors, + and 4) have no state file in their DataDirectory (as would happen on + first start). Users who generated relay or hidden service identity + keys in such a situation should discard them and generate new ones. + + This release also fixes a logic error that caused Tor clients to build + many more preemptive circuits than they actually need. + + o Major bugfixes: + - Do not allow OpenSSL engines to replace the PRNG, even when + HardwareAccel is set. The only default builtin PRNG engine uses + the Intel RDRAND instruction to replace the entire PRNG, and + ignores all attempts to seed it with more entropy. That's + cryptographically stupid: the right response to a new alleged + entropy source is never to discard all previously used entropy + sources. Fixes bug 10402; works around behavior introduced in + OpenSSL 1.0.0. Diagnosis and investigation thanks to "coderman" + and "rl1987". + - Fix assertion failure when AutomapHostsOnResolve yields an IPv6 + address. Fixes bug 10465; bugfix on 0.2.4.7-alpha. + - Avoid launching spurious extra circuits when a stream is pending. + This fixes a bug where any circuit that _wasn't_ unusable for new + streams would be treated as if it were, causing extra circuits to + be launched. Fixes bug 10456; bugfix on 0.2.4.12-alpha. + + o Minor bugfixes: + - Avoid a crash bug when starting with a corrupted microdescriptor + cache file. Fixes bug 10406; bugfix on 0.2.2.6-alpha. + - If we fail to dump a previously cached microdescriptor to disk, avoid + freeing duplicate data later on. Fixes bug 10423; bugfix on + 0.2.4.13-alpha. Spotted by "bobnomnom". + + +Changes in version 0.2.4.19 - 2013-12-11 + The Tor 0.2.4 release series is dedicated to the memory of Aaron Swartz + (1986-2013). Aaron worked on diverse projects including helping to guide + Creative Commons, playing a key role in stopping SOPA/PIPA, bringing + transparency to the U.S government's PACER documents, and contributing + design and development for Tor and Tor2Web. Aaron was one of the latest + martyrs in our collective fight for civil liberties and human rights, + and his death is all the more painful because he was one of us. + + Tor 0.2.4.19, the first stable release in the 0.2.4 branch, features + a new circuit handshake and link encryption that use ECC to provide + better security and efficiency; makes relays better manage circuit + creation requests; uses "directory guards" to reduce client enumeration + risks; makes bridges collect and report statistics about the pluggable + transports they support; cleans up and improves our geoip database; + gets much closer to IPv6 support for clients, bridges, and relays; makes + directory authorities use measured bandwidths rather than advertised + ones when computing flags and thresholds; disables client-side DNS + caching to reduce tracking risks; and fixes a big bug in bridge + reachability testing. This release introduces two new design + abstractions in the code: a new "channel" abstraction between circuits + and or_connections to allow for implementing alternate relay-to-relay + transports, and a new "circuitmux" abstraction storing the queue of + circuits for a channel. The release also includes many stability, + security, and privacy fixes. + + +Changes in version 0.2.4.18-rc - 2013-11-16 + Tor 0.2.4.18-rc is the fourth release candidate for the Tor 0.2.4.x + series. It takes a variety of fixes from the 0.2.5.x branch to improve + stability, performance, and better handling of edge cases. + + o Major features: + - Re-enable TLS 1.1 and 1.2 when built with OpenSSL 1.0.1e or later. + Resolves ticket 6055. (OpenSSL before 1.0.1 didn't have TLS 1.1 or + 1.2, and OpenSSL from 1.0.1 through 1.0.1d had bugs that prevented + renegotiation from working with TLS 1.1 or 1.2, so we had disabled + them to solve bug 6033.) + + o Major bugfixes: + - No longer stop reading or writing on cpuworker connections when + our rate limiting buckets go empty. Now we should handle circuit + handshake requests more promptly. Resolves bug 9731. + - If we are unable to save a microdescriptor to the journal, do not + drop it from memory and then reattempt downloading it. Fixes bug + 9645; bugfix on 0.2.2.6-alpha. + - Stop trying to bootstrap all our directory information from + only our first guard. Discovered while fixing bug 9946; bugfix + on 0.2.4.8-alpha. + - The new channel code sometimes lost track of in-progress circuits, + causing long-running clients to stop building new circuits. The + fix is to always call circuit_n_chan_done(chan, 0) from + channel_closed(). Fixes bug 9776; bugfix on 0.2.4.17-rc. + + o Minor bugfixes (on 0.2.4.x): + - Correctly log long IPv6 exit policies, instead of truncating them + or reporting an error. Fixes bug 9596; bugfix on 0.2.4.7-alpha. + - Our default TLS ecdhe groups were backwards: we meant to be using + P224 for relays (for performance win) and P256 for bridges (since + it is more common in the wild). Instead we had it backwards. After + reconsideration, we decided that the default should be P256 on all + hosts, since its security is probably better, and since P224 is + reportedly used quite little in the wild. Found by "skruffy" on + IRC. Fix for bug 9780; bugfix on 0.2.4.8-alpha. + - Free directory authority certificate download statuses on exit + rather than leaking them. Fixes bug 9644; bugfix on 0.2.4.13-alpha. + + o Minor bugfixes (on 0.2.3.x and earlier): + - If the guard we choose first doesn't answer, we would try the + second guard, but once we connected to the second guard we would + abandon it and retry the first one, slowing down bootstrapping. + The fix is to treat all our initially chosen guards as acceptable + to use. Fixes bug 9946; bugfix on 0.1.1.11-alpha. + - Fix an assertion failure that would occur when disabling the + ORPort setting on a running Tor process while accounting was + enabled. Fixes bug 6979; bugfix on 0.2.2.18-alpha. + - When examining the list of network interfaces to find our address, + do not consider non-running or disabled network interfaces. Fixes + bug 9904; bugfix on 0.2.3.11-alpha. Patch from "hantwister". + - Avoid an off-by-one error when checking buffer boundaries when + formatting the exit status of a pluggable transport helper. + This is probably not an exploitable bug, but better safe than + sorry. Fixes bug 9928; bugfix on 0.2.3.18-rc. Bug found by + Pedro Ribeiro. + + o Minor features (protecting client timestamps): + - Clients no longer send timestamps in their NETINFO cells. These were + not used for anything, and they provided one small way for clients + to be distinguished from each other as they moved from network to + network or behind NAT. Implements part of proposal 222. + - Clients now round timestamps in INTRODUCE cells down to the nearest + 10 minutes. If a new Support022HiddenServices option is set to 0, or + if it's set to "auto" and the feature is disabled in the consensus, + the timestamp is sent as 0 instead. Implements part of proposal 222. + - Stop sending timestamps in AUTHENTICATE cells. This is not such + a big deal from a security point of view, but it achieves no actual + good purpose, and isn't needed. Implements part of proposal 222. + - Reduce down accuracy of timestamps in hidden service descriptors. + Implements part of proposal 222. + + o Minor features (other): + - Improve the circuit queue out-of-memory handler. Previously, when + we ran low on memory, we'd close whichever circuits had the most + queued cells. Now, we close those that have the *oldest* queued + cells, on the theory that those are most responsible for us + running low on memory. Based on analysis from a forthcoming paper + by Jansen, Tschorsch, Johnson, and Scheuermann. Fixes bug 9093. + - Generate bootstrapping status update events correctly when fetching + microdescriptors. Fixes bug 9927. + - Update to the October 2 2013 Maxmind GeoLite Country database. + + o Documentation fixes: + - Clarify the usage and risks of setting the ContactInfo torrc line + for your relay or bridge. Resolves ticket 9854. + - Add anchors to the manpage so we can link to the html version of + the documentation for specific options. Resolves ticket 9866. + - Replace remaining references to DirServer in man page and + log entries. Resolves ticket 10124. + + +Changes in version 0.2.5.1-alpha - 2013-10-02 + Tor 0.2.5.1-alpha introduces experimental support for syscall sandboxing + on Linux, allows bridges that offer pluggable transports to report usage + statistics, fixes many issues to make testing easier, and provides + a pile of minor features and bugfixes that have been waiting for a + release of the new branch. + + This is the first alpha release in a new series, so expect there to + be bugs. Users who would rather test out a more stable branch should + stay with 0.2.4.x for now. + + o Major features (security): + - Use the seccomp2 syscall filtering facility on Linux to limit + which system calls Tor can invoke. This is an experimental, + Linux-only feature to provide defense-in-depth against unknown + attacks. To try turning it on, set "Sandbox 1" in your torrc + file. Please be ready to report bugs. We hope to add support + for better sandboxing in the future, including more fine-grained + filters, better division of responsibility, and support for more + platforms. This work has been done by Cristian-Matei Toader for + Google Summer of Code. + - Re-enable TLS 1.1 and 1.2 when built with OpenSSL 1.0.1e or later. + Resolves ticket 6055. (OpenSSL before 1.0.1 didn't have TLS 1.1 or + 1.2, and OpenSSL from 1.0.1 through 1.0.1d had bugs that prevented + renegotiation from working with TLS 1.1 or 1.2, so we had disabled + them to solve bug 6033.) + + o Major features (other): + - Add support for passing arguments to managed pluggable transport + proxies. Implements ticket 3594. + - Bridges now track GeoIP information and the number of their users + even when pluggable transports are in use, and report usage + statistics in their extra-info descriptors. Resolves tickets 4773 + and 5040. + - Make testing Tor networks bootstrap better: lower directory fetch + retry schedules and maximum interval without directory requests, + and raise maximum download tries. Implements ticket 6752. + - Add make target 'test-network' to run tests on a Chutney network. + Implements ticket 8530. + - The ntor handshake is now on-by-default, no matter what the + directory authorities recommend. Implements ticket 8561. + + o Major bugfixes: + - Instead of writing destroy cells directly to outgoing connection + buffers, queue them and intersperse them with other outgoing cells. + This can prevent a set of resource starvation conditions where too + many pending destroy cells prevent data cells from actually getting + delivered. Reported by "oftc_must_be_destroyed". Fixes bug 7912; + bugfix on 0.2.0.1-alpha. + - If we are unable to save a microdescriptor to the journal, do not + drop it from memory and then reattempt downloading it. Fixes bug + 9645; bugfix on 0.2.2.6-alpha. + - The new channel code sometimes lost track of in-progress circuits, + causing long-running clients to stop building new circuits. The + fix is to always call circuit_n_chan_done(chan, 0) from + channel_closed(). Fixes bug 9776; bugfix on 0.2.4.17-rc. + + o Build features: + - Tor now builds each source file in two modes: a mode that avoids + exposing identifiers needlessly, and another mode that exposes + more identifiers for testing. This lets the compiler do better at + optimizing the production code, while enabling us to take more + radical measures to let the unit tests test things. + - The production builds no longer include functions used only in + the unit tests; all functions exposed from a module only for + unit-testing are now static in production builds. + - Add an --enable-coverage configuration option to make the unit + tests (and a new src/or/tor-cov target) to build with gcov test + coverage support. + + o Testing: + - We now have rudimentary function mocking support that our unit + tests can use to test functions in isolation. Function mocking + lets the tests temporarily replace a function's dependencies with + stub functions, so that the tests can check the function without + invoking the other functions it calls. + - Add more unit tests for the <circid,channel>->circuit map, and + the destroy-cell-tracking code to fix bug 7912. + - Unit tests for failing cases of the TAP onion handshake. + - More unit tests for address-manipulation functions. + + o Minor features (protecting client timestamps): + - Clients no longer send timestamps in their NETINFO cells. These were + not used for anything, and they provided one small way for clients + to be distinguished from each other as they moved from network to + network or behind NAT. Implements part of proposal 222. + - Clients now round timestamps in INTRODUCE cells down to the nearest + 10 minutes. If a new Support022HiddenServices option is set to 0, or + if it's set to "auto" and the feature is disabled in the consensus, + the timestamp is sent as 0 instead. Implements part of proposal 222. + - Stop sending timestamps in AUTHENTICATE cells. This is not such + a big deal from a security point of view, but it achieves no actual + good purpose, and isn't needed. Implements part of proposal 222. + - Reduce down accuracy of timestamps in hidden service descriptors. + Implements part of proposal 222. + + o Minor features (config options): + - Config (torrc) lines now handle fingerprints which are missing + their initial '$'. Resolves ticket 4341; improvement over 0.0.9pre5. + - Support a --dump-config option to print some or all of the + configured options. Mainly useful for debugging the command-line + option parsing code. Helps resolve ticket 4647. + - Raise awareness of safer logging: notify user of potentially + unsafe config options, like logging more verbosely than severity + "notice" or setting SafeLogging to 0. Resolves ticket 5584. + - Add a new configuration option TestingV3AuthVotingStartOffset + that bootstraps a network faster by changing the timing for + consensus votes. Addresses ticket 8532. + - Add a new torrc option "ServerTransportOptions" that allows + bridge operators to pass configuration parameters to their + pluggable transports. Resolves ticket 8929. + - The config (torrc) file now accepts bandwidth and space limits in + bits as well as bytes. (Anywhere that you can say "2 Kilobytes", + you can now say "16 kilobits", and so on.) Resolves ticket 9214. + Patch by CharlieB. + + o Minor features (build): + - Add support for `--library-versions` flag. Implements ticket 6384. + - Return the "unexpected sendme" warnings to a warn severity, but make + them rate limited, to help diagnose ticket 8093. + - Detect a missing asciidoc, and warn the user about it, during + configure rather than at build time. Fixes issue 6506. Patch from + Arlo Breault. + + o Minor features (other): + - Use the SOCK_NONBLOCK socket type, if supported, to open nonblocking + sockets in a single system call. Implements ticket 5129. + - Log current accounting state (bytes sent and received + remaining + time for the current accounting period) in the relay's heartbeat + message. Implements ticket 5526; patch from Peter Retzlaff. + - Implement the TRANSPORT_LAUNCHED control port event that + notifies controllers about new launched pluggable + transports. Resolves ticket 5609. + - If we're using the pure-C 32-bit curve25519_donna implementation + of curve25519, build it with the -fomit-frame-pointer option to + make it go faster on register-starved hosts. This improves our + handshake performance by about 6% on i386 hosts without nacl. + Closes ticket 8109. + - Update to the September 4 2013 Maxmind GeoLite Country database. + + o Minor bugfixes: + - Set the listen() backlog limit to the largest actually supported + on the system, not to the value in a header file. Fixes bug 9716; + bugfix on every released Tor. + - No longer accept malformed http headers when parsing urls from + headers. Now we reply with Bad Request ("400"). Fixes bug 2767; + bugfix on 0.0.6pre1. + - In munge_extrainfo_into_routerinfo(), check the return value of + memchr(). This would have been a serious issue if we ever passed + it a non-extrainfo. Fixes bug 8791; bugfix on 0.2.0.6-alpha. Patch + from Arlo Breault. + - On the chance that somebody manages to build Tor on a + platform where time_t is unsigned, correct the way that + microdesc_add_to_cache() handles negative time arguments. + Fixes bug 8042; bugfix on 0.2.3.1-alpha. + - Reject relative control socket paths and emit a warning. Previously, + single-component control socket paths would be rejected, but Tor + would not log why it could not validate the config. Fixes bug 9258; + bugfix on 0.2.3.16-alpha. + + o Minor bugfixes (command line): + - Use a single command-line parser for parsing torrc options on the + command line and for finding special command-line options to avoid + inconsistent behavior for torrc option arguments that have the same + names as command-line options. Fixes bugs 4647 and 9578; bugfix on + 0.0.9pre5. + - No longer allow 'tor --hash-password' with no arguments. Fixes bug + 9573; bugfix on 0.0.9pre5. + + o Minor fixes (build, auxiliary programs): + - Stop preprocessing the "torify" script with autoconf, since + it no longer refers to LOCALSTATEDIR. Fixes bug 5505; patch + from Guilhem. + - The tor-fw-helper program now follows the standard convention and + exits with status code "0" on success. Fixes bug 9030; bugfix on + 0.2.3.1-alpha. Patch by Arlo Breault. + - Corrected ./configure advice for what openssl dev package you should + install on Debian. Fixes bug 9207; bugfix on 0.2.0.1-alpha. + + o Minor code improvements: + - Remove constants and tests for PKCS1 padding; it's insecure and + shouldn't be used for anything new. Fixes bug 8792; patch + from Arlo Breault. + - Remove instances of strcpy() from the unit tests. They weren't + hurting anything, since they were only in the unit tests, but it's + embarassing to have strcpy() in the code at all, and some analysis + tools don't like it. Fixes bug 8790; bugfix on 0.2.3.6-alpha and + 0.2.3.8-alpha. Patch from Arlo Breault. + + o Removed features: + - Remove migration code from when we renamed the "cached-routers" + file to "cached-descriptors" back in 0.2.0.8-alpha. This + incidentally resolves ticket 6502 by cleaning up the related code + a bit. Patch from Akshay Hebbar. + + o Code simplification and refactoring: + - Extract the common duplicated code for creating a subdirectory + of the data directory and writing to a file in it. Fixes ticket + 4282; patch from Peter Retzlaff. + - Since OpenSSL 0.9.7, the i2d_*() functions support allocating output + buffer. Avoid calling twice: i2d_RSAPublicKey(), i2d_DHparams(), + i2d_X509(), and i2d_PublicKey(). Resolves ticket 5170. + - Add a set of accessor functions for the circuit timeout data + structure. Fixes ticket 6153; patch from "piet". + - Clean up exit paths from connection_listener_new(). Closes ticket + 8789. Patch from Arlo Breault. + - Since we rely on OpenSSL 0.9.8 now, we can use EVP_PKEY_cmp() + and drop our own custom pkey_eq() implementation. Fixes bug 9043. + - Use a doubly-linked list to implement the global circuit list. + Resolves ticket 9108. Patch from Marek Majkowski. + - Remove contrib/id_to_fp.c since it wasn't used anywhere. + + +Changes in version 0.2.4.17-rc - 2013-09-05 + Tor 0.2.4.17-rc is the third release candidate for the Tor 0.2.4.x + series. It adds an emergency step to help us tolerate the massive + influx of users: 0.2.4 clients using the new (faster and safer) "NTor" + circuit-level handshakes now effectively jump the queue compared to + the 0.2.3 clients using "TAP" handshakes. This release also fixes a + big bug hindering bridge reachability tests. + + o Major features: + - Relays now process the new "NTor" circuit-level handshake requests + with higher priority than the old "TAP" circuit-level handshake + requests. We still process some TAP requests to not totally starve + 0.2.3 clients when NTor becomes popular. A new consensus parameter + "NumNTorsPerTAP" lets us tune the balance later if we need to. + Implements ticket 9574. + + o Major bugfixes: + - If the circuit build timeout logic is disabled (via the consensus, + or because we are an authority), then don't build testing circuits. + Fixes bug 9657; bugfix on 0.2.2.14-alpha. + - Bridges now send AUTH_CHALLENGE cells during their v3 handshakes; + previously they did not, which prevented them from receiving + successful connections from relays for self-test or bandwidth + testing. Also, when a relay is extending a circuit to a bridge, + it needs to send a NETINFO cell, even when the bridge hasn't sent + an AUTH_CHALLENGE cell. Fixes bug 9546; bugfix on 0.2.3.6-alpha. + - If the time to download the next old-style networkstatus is in + the future, do not decline to consider whether to download the + next microdescriptor networkstatus. Fixes bug 9564; bugfix on + 0.2.3.14-alpha. + + o Minor bugfixes: + - Avoid double-closing the listener socket in our socketpair() + replacement (used on Windows) in the case where the addresses on + our opened sockets don't match what we expected. Fixes bug 9400; + bugfix on 0.0.2pre7. Found by Coverity. + + o Minor fixes (config options): + - Avoid overflows when the user sets MaxCircuitDirtiness to a + ridiculously high value, by imposing a (ridiculously high) 30-day + maximum on MaxCircuitDirtiness. + - Fix the documentation of HeartbeatPeriod to say that the heartbeat + message is logged at notice, not at info. + - Warn and fail if a server is configured not to advertise any + ORPorts at all. (We need *something* to put in our descriptor, + or we just won't work.) + + o Minor features: + - Track how many "TAP" and "NTor" circuit handshake requests we get, + and how many we complete, and log it every hour to help relay + operators follow trends in network load. Addresses ticket 9658. + - Update to the August 7 2013 Maxmind GeoLite Country database. + + +Changes in version 0.2.4.16-rc - 2013-08-10 + Tor 0.2.4.16-rc is the second release candidate for the Tor 0.2.4.x + series. It fixes several crash bugs in the 0.2.4 branch. + + o Major bugfixes: + - Fix a bug in the voting algorithm that could yield incorrect results + when a non-naming authority declared too many flags. Fixes bug 9200; + bugfix on 0.2.0.3-alpha. + - Fix an uninitialized read that could in some cases lead to a remote + crash while parsing INTRODUCE2 cells. Bugfix on 0.2.4.1-alpha. + Anybody running a hidden service on the experimental 0.2.4.x + branch should upgrade. (This is, so far as we know, unrelated to + the recent news.) + - Avoid an assertion failure when processing DNS replies without the + answer types we expected. Fixes bug 9337; bugfix on 0.2.4.7-alpha. + - Avoid a crash when using --hash-password. Fixes bug 9295; bugfix on + 0.2.4.15-rc. Found by stem integration tests. + + o Minor bugfixes: + - Fix an invalid memory read that occured when a pluggable + transport proxy failed its configuration protocol. + Fixes bug 9288; bugfix on 0.2.4.1-alpha. + - When evaluating whether to use a connection that we haven't + decided is canonical using a recent link protocol version, + decide that it's canonical only if it used address _does_ + match the desired address. Fixes bug 9309; bugfix on + 0.2.4.4-alpha. Reported by skruffy. + - Make the default behavior of NumDirectoryGuards be to track + NumEntryGuards. Now a user who changes only NumEntryGuards will get + the behavior she expects. Fixes bug 9354; bugfix on 0.2.4.8-alpha. + - Fix a spurious compilation warning with some older versions of + GCC on FreeBSD. Fixes bug 9254; bugfix on 0.2.4.14-alpha. + + o Minor features: + - Update to the July 3 2013 Maxmind GeoLite Country database. + + +Changes in version 0.2.4.15-rc - 2013-07-01 + Tor 0.2.4.15-rc is the first release candidate for the Tor 0.2.4.x + series. It fixes a few smaller bugs, but generally appears stable. + Please test it and let us know whether it is! + + o Major bugfixes: + - When receiving a new configuration file via the control port's + LOADCONF command, do not treat the defaults file as absent. + Fixes bug 9122; bugfix on 0.2.3.9-alpha. + + o Minor features: + - Issue a warning when running with the bufferevents backend enabled. + It's still not stable, and people should know that they're likely + to hit unexpected problems. Closes ticket 9147. + + +Changes in version 0.2.4.14-alpha - 2013-06-18 + Tor 0.2.4.14-alpha fixes a pair of client guard enumeration problems + present in 0.2.4.13-alpha. + + o Major bugfixes: + - When we have too much memory queued in circuits (according to a new + MaxMemInCellQueues option), close the circuits consuming the most + memory. This prevents us from running out of memory as a relay if + circuits fill up faster than they can be drained. Fixes bug 9063; + bugfix on the 54th commit of Tor. This bug is a further fix beyond + bug 6252, whose fix was merged into 0.2.3.21-rc. + + This change also fixes an earlier approach taken in 0.2.4.13-alpha, + where we tried to solve this issue simply by imposing an upper limit + on the number of queued cells for a single circuit. That approach + proved to be problematic, since there are ways to provoke clients to + send a number of cells in excess of any such reasonable limit. Fixes + bug 9072; bugfix on 0.2.4.13-alpha. + + - Limit hidden service descriptors to at most ten introduction + points, to slow one kind of guard enumeration. Fixes bug 9002; + bugfix on 0.1.1.11-alpha. + + +Changes in version 0.2.4.13-alpha - 2013-06-14 + Tor 0.2.4.13-alpha fixes a variety of potential remote crash + vulnerabilities, makes socks5 username/password circuit isolation + actually actually work (this time for sure!), and cleans up a bunch + of other issues in preparation for a release candidate. + + o Major bugfixes (robustness): + - Close any circuit that has too many cells queued on it. Fixes + bug 9063; bugfix on the 54th commit of Tor. This bug is a further + fix beyond bug 6252, whose fix was merged into 0.2.3.21-rc. + - Prevent the get_freelists() function from running off the end of + the list of freelists if it somehow gets an unrecognized + allocation. Fixes bug 8844; bugfix on 0.2.0.16-alpha. Reported by + eugenis. + - Avoid an assertion failure on OpenBSD (and perhaps other BSDs) + when an exit connection with optimistic data succeeds immediately + rather than returning EINPROGRESS. Fixes bug 9017; bugfix on + 0.2.3.1-alpha. + - Fix a directory authority crash bug when building a consensus + using an older consensus as its basis. Fixes bug 8833. Bugfix + on 0.2.4.12-alpha. + + o Major bugfixes: + - Avoid a memory leak where we would leak a consensus body when we + find that a consensus which we couldn't previously verify due to + missing certificates is now verifiable. Fixes bug 8719; bugfix + on 0.2.0.10-alpha. + - We used to always request authority certificates by identity digest, + meaning we'd get the newest one even when we wanted one with a + different signing key. Then we would complain about being given + a certificate we already had, and never get the one we really + wanted. Now we use the "fp-sk/" resource as well as the "fp/" + resource to request the one we want. Fixes bug 5595; bugfix on + 0.2.0.8-alpha. + - Follow the socks5 protocol when offering username/password + authentication. The fix for bug 8117 exposed this bug, and it + turns out real-world applications like Pidgin do care. Bugfix on + 0.2.3.2-alpha; fixes bug 8879. + - Prevent failures on Windows Vista and later when rebuilding the + microdescriptor cache. Diagnosed by Robert Ransom. Fixes bug 8822; + bugfix on 0.2.4.12-alpha. + + o Minor bugfixes: + - Fix an impossible buffer overrun in the AES unit tests. Fixes + bug 8845; bugfix on 0.2.0.7-alpha. Found by eugenis. + - If for some reason we fail to write a microdescriptor while + rebuilding the cache, do not let the annotations from that + microdescriptor linger in the cache file, and do not let the + microdescriptor stay recorded as present in its old location. + Fixes bug 9047; bugfix on 0.2.2.6-alpha. + - Fix a memory leak that would occur whenever a configuration + option changed. Fixes bug 8718; bugfix on 0.2.3.3-alpha. + - Paste the description for PathBias parameters from the man + page into or.h, so the code documents them too. Fixes bug 7982; + bugfix on 0.2.3.17-beta and 0.2.4.8-alpha. + - Relays now treat a changed IPv6 ORPort as sufficient reason to + publish an updated descriptor. Fixes bug 6026; bugfix on + 0.2.4.1-alpha. + - When launching a resolve request on behalf of an AF_UNIX control + socket, omit the address field of the new entry connection, used in + subsequent controller events, rather than letting tor_dup_addr() + set it to "<unknown address type>". Fixes bug 8639; bugfix on + 0.2.4.12-alpha. + + o Minor bugfixes (log messages): + - Fix a scaling issue in the path bias accounting code that + resulted in "Bug:" log messages from either + pathbias_scale_close_rates() or pathbias_count_build_success(). + This represents a bugfix on a previous bugfix: the original fix + attempted in 0.2.4.10-alpha was incomplete. Fixes bug 8235; bugfix + on 0.2.4.1-alpha. + - Give a less useless error message when the user asks for an IPv4 + address on an IPv6-only port, or vice versa. Fixes bug 8846; bugfix + on 0.2.4.7-alpha. + + o Minor features: + - Downgrade "unexpected SENDME" warnings to protocol-warn for 0.2.4.x, + to tolerate bug 8093 for now. + - Add an "ignoring-advertised-bws" boolean to the flag-threshold lines + in directory authority votes to describe whether they have enough + measured bandwidths to ignore advertised (relay descriptor) + bandwidth claims. Resolves ticket 8711. + - Update to the June 5 2013 Maxmind GeoLite Country database. + + o Removed documentation: + - Remove some of the older contents of doc/ as obsolete; move others + to torspec.git. Fixes bug 8965. + + o Code simplification and refactoring: + - Avoid using character buffers when constructing most directory + objects: this approach was unwieldy and error-prone. Instead, + build smartlists of strings, and concatenate them when done. + + +Changes in version 0.2.4.12-alpha - 2013-04-18 + Tor 0.2.4.12-alpha moves Tor forward on several fronts: it starts the + process for lengthening the guard rotation period, makes directory + authority opinions in the consensus a bit less gameable, makes socks5 + username/password circuit isolation actually work, and fixes a wide + variety of other issues. + + o Major features: + - Raise the default time that a client keeps an entry guard from + "1-2 months" to "2-3 months", as suggested by Tariq Elahi's WPES + 2012 paper. (We would make it even longer, but we need better client + load balancing first.) Also, make the guard lifetime controllable + via a new GuardLifetime torrc option and a GuardLifetime consensus + parameter. Start of a fix for bug 8240; bugfix on 0.1.1.11-alpha. + - Directory authorities now prefer using measured bandwidths to + advertised ones when computing flags and thresholds. Resolves + ticket 8273. + - Directory authorities that have more than a threshold number + of relays with measured bandwidths now treat relays with unmeasured + bandwidths as having bandwidth 0. Resolves ticket 8435. + + o Major bugfixes (assert / resource use): + - Avoid a bug where our response to TLS renegotiation under certain + network conditions could lead to a busy-loop, with 100% CPU + consumption. Fixes bug 5650; bugfix on 0.2.0.16-alpha. + - Avoid an assertion when we discover that we'd like to write a cell + onto a closing connection: just discard the cell. Fixes another + case of bug 7350; bugfix on 0.2.4.4-alpha. + + o Major bugfixes (client-side privacy): + - When we mark a circuit as unusable for new circuits, have it + continue to be unusable for new circuits even if MaxCircuitDirtiness + is increased too much at the wrong time, or the system clock jumps + backwards. Fixes bug 6174; bugfix on 0.0.2pre26. + - If ClientDNSRejectInternalAddresses ("do not believe DNS queries + which have resolved to internal addresses") is set, apply that + rule to IPv6 as well. Fixes bug 8475; bugfix on 0.2.0.7-alpha. + - When an exit relay rejects a stream with reason "exit policy", but + we only know an exit policy summary (e.g. from the microdesc + consensus) for it, do not mark the relay as useless for all exiting. + Instead, mark just the circuit as unsuitable for that particular + address. Fixes part of bug 7582; bugfix on 0.2.3.2-alpha. + - Allow applications to get proper stream isolation with + IsolateSOCKSAuth. Many SOCKS5 clients that want to offer + username/password authentication also offer "no authentication". Tor + had previously preferred "no authentication", so the applications + never actually sent Tor their auth details. Now Tor selects + username/password authentication if it's offered. You can disable + this behavior on a per-SOCKSPort basis via PreferSOCKSNoAuth. Fixes + bug 8117; bugfix on 0.2.3.3-alpha. + + o Major bugfixes (other): + - When unable to find any working directory nodes to use as a + directory guard, give up rather than adding the same non-working + nodes to the directory guard list over and over. Fixes bug 8231; + bugfix on 0.2.4.8-alpha. + + o Minor features: + - Reject as invalid most directory objects containing a NUL. + Belt-and-suspender fix for bug 8037. + - In our testsuite, create temporary directories with a bit more + entropy in their name to make name collisions less likely. Fixes + bug 8638. + - Add CACHED keyword to ADDRMAP events in the control protocol + to indicate whether a DNS result will be cached or not. Resolves + ticket 8596. + - Update to the April 3 2013 Maxmind GeoLite Country database. + + o Minor features (build): + - Detect and reject attempts to build Tor with threading support + when OpenSSL has been compiled without threading support. + Fixes bug 6673. + - Clarify that when autoconf is checking for nacl, it is checking + specifically for nacl with a fast curve25519 implementation. + Fixes bug 8014. + - Warn if building on a platform with an unsigned time_t: there + are too many places where Tor currently assumes that time_t can + hold negative values. We'd like to fix them all, but probably + some will remain. + + o Minor bugfixes (build): + - Fix some bugs in tor-fw-helper-natpmp when trying to build and + run it on Windows. More bugs likely remain. Patch from Gisle Vanem. + Fixes bug 7280; bugfix on 0.2.3.1-alpha. + - Add the old src/or/micro-revision.i filename to CLEANFILES. + On the off chance that somebody has one, it will go away as soon + as they run "make clean". Fix for bug 7143; bugfix on 0.2.4.1-alpha. + - Build Tor correctly on 32-bit platforms where the compiler can build + but not run code using the "uint128_t" construction. Fixes bug 8587; + bugfix on 0.2.4.8-alpha. + - Fix compilation warning with some versions of clang that would + prefer the -Wswitch-enum compiler flag to warn about switch + statements with missing enum values, even if those switch + statements have a "default:" statement. Fixes bug 8598; bugfix + on 0.2.4.10-alpha. + + o Minor bugfixes (protocol): + - Fix the handling of a TRUNCATE cell when it arrives while the + circuit extension is in progress. Fixes bug 7947; bugfix on 0.0.7.1. + - Fix a misframing issue when reading the version numbers in a + VERSIONS cell. Previously we would recognize [00 01 00 02] as + 'version 1, version 2, and version 0x100', when it should have + only included versions 1 and 2. Fixes bug 8059; bugfix on + 0.2.0.10-alpha. Reported pseudonymously. + - Make the format and order of STREAM events for DNS lookups + consistent among the various ways to launch DNS lookups. Fixes + bug 8203; bugfix on 0.2.0.24-rc. Patch by "Desoxy." + - Correct our check for which versions of Tor support the EXTEND2 + cell. We had been willing to send it to Tor 0.2.4.7-alpha and + later, when support was really added in version 0.2.4.8-alpha. + Fixes bug 8464; bugfix on 0.2.4.8-alpha. + + o Minor bugfixes (other): + - Correctly store microdescriptors and extrainfo descriptors with + an internal NUL byte. Fixes bug 8037; bugfix on 0.2.0.1-alpha. + Bug reported by "cypherpunks". + - Increase the width of the field used to remember a connection's + link protocol version to two bytes. Harmless for now, since the + only currently recognized versions are one byte long. Reported + pseudonymously. Fixes bug 8062; bugfix on 0.2.0.10-alpha. + - If the state file's path bias counts are invalid (presumably from a + buggy Tor prior to 0.2.4.10-alpha), make them correct. Also add + additional checks and log messages to the scaling of Path Bias + counts, in case there still are remaining issues with scaling. + Should help resolve bug 8235. + - Eliminate several instances where we use "Nickname=ID" to refer to + nodes in logs. Use "Nickname (ID)" instead. (Elsewhere, we still use + "$ID=Nickname", which is also acceptable.) Fixes bug 7065. Bugfix + on 0.2.3.21-rc, 0.2.4.5-alpha, 0.2.4.8-alpha, and 0.2.4.10-alpha. + + o Minor bugfixes (syscalls): + - Always check the return values of functions fcntl() and + setsockopt(). We don't believe these are ever actually failing in + practice, but better safe than sorry. Also, checking these return + values should please analysis tools like Coverity. Patch from + 'flupzor'. Fixes bug 8206; bugfix on all versions of Tor. + - Use direct writes rather than stdio when building microdescriptor + caches, in an attempt to mitigate bug 8031, or at least make it + less common. + + o Minor bugfixes (config): + - When rejecting a configuration because we were unable to parse a + quoted string, log an actual error message. Fixes bug 7950; bugfix + on 0.2.0.16-alpha. + - Behave correctly when the user disables LearnCircuitBuildTimeout + but doesn't tell us what they would like the timeout to be. Fixes + bug 6304; bugfix on 0.2.2.14-alpha. + - When autodetecting the number of CPUs, use the number of available + CPUs in preference to the number of configured CPUs. Inform the + user if this reduces the number of available CPUs. Fixes bug 8002; + bugfix on 0.2.3.1-alpha. + - Make it an error when you set EntryNodes but disable UseGuardNodes, + since it will (surprisingly to some users) ignore EntryNodes. Fixes + bug 8180; bugfix on 0.2.3.11-alpha. + - Allow TestingTorNetworks to override the 4096-byte minimum for + the Fast threshold. Otherwise they can't bootstrap until they've + observed more traffic. Fixes bug 8508; bugfix on 0.2.4.10-alpha. + - Fix some logic errors when the user manually overrides the + PathsNeededToBuildCircuits option in torrc. Fixes bug 8599; bugfix + on 0.2.4.10-alpha. + + o Minor bugfixes (log messages to help diagnose bugs): + - If we fail to free a microdescriptor because of bug 7164, log + the filename and line number from which we tried to free it. + - Add another diagnostic to the heartbeat message: track and log + overhead that TLS is adding to the data we write. If this is + high, we are sending too little data to SSL_write at a time. + Diagnostic for bug 7707. + - Add more detail to a log message about relaxed timeouts, to help + track bug 7799. + - Warn more aggressively when flushing microdescriptors to a + microdescriptor cache fails, in an attempt to mitigate bug 8031, + or at least make it more diagnosable. + - Improve debugging output to help track down bug 8185 ("Bug: + outgoing relay cell has n_chan==NULL. Dropping.") + - Log the purpose of a path-bias testing circuit correctly. + Improves a log message from bug 8477; bugfix on 0.2.4.8-alpha. + + o Minor bugfixes (0.2.4.x log messages that were too noisy): + - Don't attempt to relax the timeout of already opened 1-hop circuits. + They might never timeout. This should eliminate some/all cases of + the relaxed timeout log message. + - Use circuit creation time for network liveness evaluation. This + should eliminate warning log messages about liveness caused + by changes in timeout evaluation. Fixes bug 6572; bugfix on + 0.2.4.8-alpha. + - Reduce a path bias length check from notice to info. The message + is triggered when creating controller circuits. Fixes bug 8196; + bugfix on 0.2.4.8-alpha. + - Fix a path state issue that triggered a notice during relay startup. + Fixes bug 8320; bugfix on 0.2.4.10-alpha. + - Reduce occurrences of warns about circuit purpose in + connection_ap_expire_building(). Fixes bug 8477; bugfix on + 0.2.4.11-alpha. + + o Minor bugfixes (pre-0.2.4.x log messages that were too noisy): + - If we encounter a write failure on a SOCKS connection before we + finish our SOCKS handshake, don't warn that we closed the + connection before we could send a SOCKS reply. Fixes bug 8427; + bugfix on 0.1.0.1-rc. + - Correctly recognize that [::1] is a loopback address. Fixes + bug 8377; bugfix on 0.2.1.3-alpha. + - Fix a directory authority warn caused when we have a large amount + of badexit bandwidth. Fixes bug 8419; bugfix on 0.2.2.10-alpha. + - Don't log inappropriate heartbeat messages when hibernating: a + hibernating node is _expected_ to drop out of the consensus, + decide it isn't bootstrapped, and so forth. Fixes bug 7302; + bugfix on 0.2.3.1-alpha. + - Don't complain about bootstrapping problems while hibernating. + These complaints reflect a general code problem, but not one + with any problematic effects (no connections are actually + opened). Fixes part of bug 7302; bugfix on 0.2.3.2-alpha. + + o Documentation fixes: + - Update tor-fw-helper.1.txt and tor-fw-helper.c to make option + names match. Fixes bug 7768. + - Make the torify manpage no longer refer to tsocks; torify hasn't + supported tsocks since 0.2.3.14-alpha. + - Make the tor manpage no longer reference tsocks. + - Fix the GeoIPExcludeUnknown documentation to refer to + ExcludeExitNodes rather than the currently nonexistent + ExcludeEntryNodes. Spotted by "hamahangi" on tor-talk. + + o Removed files: + - The tor-tsocks.conf is no longer distributed or installed. We + recommend that tsocks users use torsocks instead. Resolves + ticket 8290. + + +Changes in version 0.2.4.11-alpha - 2013-03-11 + Tor 0.2.4.11-alpha makes relay measurement by directory authorities + more robust, makes hidden service authentication work again, and + resolves a DPI fingerprint for Tor's SSL transport. + + o Major features (directory authorities): + - Directory authorities now support a new consensus method (17) + where they cap the published bandwidth of servers for which + insufficient bandwidth measurements exist. Fixes part of bug 2286. + - Directory authorities that set "DisableV2DirectoryInfo_ 1" no longer + serve any v2 directory information. Now we can test disabling the + old deprecated v2 directory format, and see whether doing so has + any effect on network load. Begins to fix bug 6783. + - Directory authorities now include inside each vote a statement of + the performance thresholds they used when assigning flags. + Implements ticket 8151. + + o Major bugfixes (directory authorities): + - Stop marking every relay as having been down for one hour every + time we restart a directory authority. These artificial downtimes + were messing with our Stable and Guard flag calculations. Fixes + bug 8218 (introduced by the fix for 1035). Bugfix on 0.2.2.23-alpha. + + o Major bugfixes (hidden services): + - Allow hidden service authentication to succeed again. When we + refactored the hidden service introduction code back + in 0.2.4.1-alpha, we didn't update the code that checks + whether authentication information is present, causing all + authentication checks to return "false". Fix for bug 8207; bugfix + on 0.2.4.1-alpha. Found by Coverity; this is CID 718615. + + o Minor features (relays, bridges): + - Make bridge relays check once a minute for whether their IP + address has changed, rather than only every 15 minutes. Resolves + bugs 1913 and 1992. + - Refactor resolve_my_address() so it returns the method by which we + decided our public IP address (explicitly configured, resolved from + explicit hostname, guessed from interfaces, learned by gethostname). + Now we can provide more helpful log messages when a relay guesses + its IP address incorrectly (e.g. due to unexpected lines in + /etc/hosts). Resolves ticket 2267. + - Teach bridge-using clients to avoid 0.2.2 bridges when making + microdescriptor-related dir requests, and only fall back to normal + descriptors if none of their bridges can handle microdescriptors + (as opposed to the fix in ticket 4013, which caused them to fall + back to normal descriptors if *any* of their bridges preferred + them). Resolves ticket 4994. + - Randomize the lifetime of our SSL link certificate, so censors can't + use the static value for filtering Tor flows. Resolves ticket 8443; + related to ticket 4014 which was included in 0.2.2.33. + - Support a new version of the link protocol that allows 4-byte circuit + IDs. Previously, circuit IDs were limited to 2 bytes, which presented + a possible resource exhaustion issue. Closes ticket 7351; implements + proposal 214. + + o Minor features (portability): + - Tweak the curve25519-donna*.c implementations to tolerate systems + that lack stdint.h. Fixes bug 3894; bugfix on 0.2.4.8-alpha. + - Use Ville Laurikari's implementation of AX_CHECK_SIGN() to determine + the signs of types during autoconf. This is better than our old + approach, which didn't work when cross-compiling. + - Detect the sign of enum values, rather than assuming that MSC is the + only compiler where enum types are all signed. Fixes bug 7727; + bugfix on 0.2.4.10-alpha. + + o Minor features (other): + - Say "KBytes" rather than "KB" in the man page (for various values + of K), to further reduce confusion about whether Tor counts in + units of memory or fractions of units of memory. Resolves ticket 7054. + - Clear the high bit on curve25519 public keys before passing them to + our backend, in case we ever wind up using a backend that doesn't do + so itself. If we used such a backend, and *didn't* clear the high bit, + we could wind up in a situation where users with such backends would + be distinguishable from users without. Fixes bug 8121; bugfix on + 0.2.4.8-alpha. + - Update to the March 6 2013 Maxmind GeoLite Country database. + + o Minor bugfixes (clients): + - When we receive a RELAY_END cell with the reason DONE, or with no + reason, before receiving a RELAY_CONNECTED cell, report the SOCKS + status as "connection refused". Previously we reported these cases + as success but then immediately closed the connection. Fixes bug + 7902; bugfix on 0.1.0.1-rc. Reported by "oftc_must_be_destroyed". + - Downgrade an assertion in connection_ap_expire_beginning to an + LD_BUG message. The fix for bug 8024 should prevent this message + from displaying, but just in case, a warn that we can diagnose + is better than more assert crashes. Fixes bug 8065; bugfix on + 0.2.4.8-alpha. + - Lower path use bias thresholds to .80 for notice and .60 for warn. + Also make the rate limiting flags for the path use bias log messages + independent from the original path bias flags. Fixes bug 8161; + bugfix on 0.2.4.10-alpha. + + o Minor bugfixes (relays): + - Stop trying to resolve our hostname so often (e.g. every time we + think about doing a directory fetch). Now we reuse the cached + answer in some cases. Fixes bugs 1992 (bugfix on 0.2.0.20-rc) + and 2410 (bugfix on 0.1.2.2-alpha). + - Stop sending a stray "(null)" in some cases for the server status + "EXTERNAL_ADDRESS" controller event. Resolves bug 8200; bugfix + on 0.1.2.6-alpha. + - When choosing which stream on a formerly stalled circuit to wake + first, make better use of the platform's weak RNG. Previously, + we had been using the % ("modulo") operator to try to generate a + 1/N chance of picking each stream, but this behaves badly with + many platforms' choice of weak RNG. Fixes bug 7801; bugfix on + 0.2.2.20-alpha. + - Use our own weak RNG when we need a weak RNG. Windows's rand() and + Irix's random() only return 15 bits; Solaris's random() returns more + bits but its RAND_MAX says it only returns 15, and so on. Motivated + by the fix for bug 7801; bugfix on 0.2.2.20-alpha. + + o Minor bugfixes (directory authorities): + - Directory authorities now use less space when formatting identical + microdescriptor lines in directory votes. Fixes bug 8158; bugfix + on 0.2.4.1-alpha. + + o Minor bugfixes (memory leaks spotted by Coverity -- bug 7816): + - Avoid leaking memory if we fail to compute a consensus signature + or we generate a consensus we can't parse. Bugfix on 0.2.0.5-alpha. + - Fix a memory leak when receiving headers from an HTTPS proxy. Bugfix + on 0.2.1.1-alpha. + - Fix a memory leak during safe-cookie controller authentication. + Bugfix on 0.2.3.13-alpha. + - Avoid memory leak of IPv6 policy content if we fail to format it into + a router descriptor. Bugfix on 0.2.4.7-alpha. + + o Minor bugfixes (other code correctness issues): + - Avoid a crash if we fail to generate an extrainfo descriptor. + Fixes bug 8208; bugfix on 0.2.3.16-alpha. Found by Coverity; + this is CID 718634. + - When detecting the largest possible file descriptor (in order to + close all file descriptors when launching a new program), actually + use _SC_OPEN_MAX. The old code for doing this was very, very broken. + Fixes bug 8209; bugfix on 0.2.3.1-alpha. Found by Coverity; this + is CID 743383. + - Fix a copy-and-paste error when adding a missing A1 to a routerset + because of GeoIPExcludeUnknown. Fix for Coverity CID 980650. + Bugfix on 0.2.4.10-alpha. + - Fix an impossible-to-trigger integer overflow when estimating how + long our onionskin queue would take. (This overflow would require us + to accept 4 million onionskins before processing 100 of them.) Fixes + bug 8210; bugfix on 0.2.4.10-alpha. + + o Code simplification and refactoring: + - Add a wrapper function for the common "log a message with a + rate-limit" case. + + +Changes in version 0.2.4.10-alpha - 2013-02-04 + Tor 0.2.4.10-alpha adds defenses at the directory authority level from + certain attacks that flood the network with relays; changes the queue + for circuit create requests from a sized-based limit to a time-based + limit; resumes building with MSVC on Windows; and fixes a wide variety + of other issues. + + o Major bugfixes (directory authority): + - When computing directory thresholds, ignore any rejected-as-sybil + nodes during the computation so that they can't influence Fast, + Guard, etc. (We should have done this for proposal 109.) Fixes + bug 8146. + - When marking a node as a likely sybil, reset its uptime metrics + to zero, so that it cannot time towards getting marked as Guard, + Stable, or HSDir. (We should have done this for proposal 109.) Fixes + bug 8147. + + o Major bugfixes: + - When a TLS write is partially successful but incomplete, remember + that the flushed part has been flushed, and notice that bytes were + actually written. Reported and fixed pseudonymously. Fixes bug + 7708; bugfix on Tor 0.1.0.5-rc. + - Reject bogus create and relay cells with 0 circuit ID or 0 stream + ID: these could be used to create unexpected streams and circuits + which would count as "present" to some parts of Tor but "absent" + to others, leading to zombie circuits and streams or to a bandwidth + denial-of-service. Fixes bug 7889; bugfix on every released version + of Tor. Reported by "oftc_must_be_destroyed". + - Rename all macros in our local copy of queue.h to begin with "TOR_". + This change seems the only good way to permanently prevent conflicts + with queue.h on various operating systems. Fixes bug 8107; bugfix + on 0.2.4.6-alpha. + + o Major features (relay): + - Instead of limiting the number of queued onionskins (aka circuit + create requests) to a fixed, hard-to-configure number, we limit + the size of the queue based on how many we expect to be able to + process in a given amount of time. We estimate the time it will + take to process an onionskin based on average processing time + of previous onionskins. Closes ticket 7291. You'll never have to + configure MaxOnionsPending again. + + o Major features (portability): + - Resume building correctly with MSVC and Makefile.nmake. This patch + resolves numerous bugs and fixes reported by ultramage, including + 7305, 7308, 7309, 7310, 7312, 7313, 7315, 7316, and 7669. + - Make the ntor and curve25519 code build correctly with MSVC. + Fix on 0.2.4.8-alpha. + + o Minor features: + - When directory authorities are computing thresholds for flags, + never let the threshold for the Fast flag fall below 4096 + bytes. Also, do not consider nodes with extremely low bandwidths + when deciding thresholds for various directory flags. This change + should raise our threshold for Fast relays, possibly in turn + improving overall network performance; see ticket 1854. Resolves + ticket 8145. + - The Tor client now ignores sub-domain components of a .onion + address. This change makes HTTP "virtual" hosting + possible: http://foo.aaaaaaaaaaaaaaaa.onion/ and + http://bar.aaaaaaaaaaaaaaaa.onion/ can be two different websites + hosted on the same hidden service. Implements proposal 204. + - We compute the overhead from passing onionskins back and forth to + cpuworkers, and report it when dumping statistics in response to + SIGUSR1. Supports ticket 7291. + + o Minor features (path selection): + - When deciding whether we have enough descriptors to build circuits, + instead of looking at raw relay counts, look at which fraction + of (bandwidth-weighted) paths we're able to build. This approach + keeps clients from building circuits if their paths are likely to + stand out statistically. The default fraction of paths needed is + taken from the consensus directory; you can override it with the + new PathsNeededToBuildCircuits option. Fixes ticket 5956. + - When any country code is listed in ExcludeNodes or ExcludeExitNodes, + and we have GeoIP information, also exclude all nodes with unknown + countries "??" and "A1". This behavior is controlled by the + new GeoIPExcludeUnknown option: you can make such nodes always + excluded with "GeoIPExcludeUnknown 1", and disable the feature + with "GeoIPExcludeUnknown 0". Setting "GeoIPExcludeUnknown auto" + gets you the default behavior. Implements feature 7706. + - Path Use Bias: Perform separate accounting for successful circuit + use. Keep separate statistics on stream attempt rates versus stream + success rates for each guard. Provide configurable thresholds to + determine when to emit log messages or disable use of guards that + fail too many stream attempts. Resolves ticket 7802. + + o Minor features (log messages): + - When learning a fingerprint for a bridge, log its corresponding + transport type. Implements ticket 7896. + - Improve the log message when "Bug/attack: unexpected sendme cell + from client" occurs, to help us track bug 8093. + + o Minor bugfixes: + - Remove a couple of extraneous semicolons that were upsetting the + cparser library. Patch by Christian Grothoff. Fixes bug 7115; + bugfix on 0.2.2.1-alpha. + - Remove a source of rounding error during path bias count scaling; + don't count cannibalized circuits as used for path bias until we + actually try to use them; and fix a circuit_package_relay_cell() + warning message about n_chan==NULL. Fixes bug 7802. + - Detect nacl when its headers are in a nacl/ subdirectory. Also, + actually link against nacl when we're configured to use it. Fixes + bug 7972; bugfix on 0.2.4.8-alpha. + - Compile correctly with the --disable-curve25519 option. Fixes + bug 8153; bugfix on 0.2.4.8-alpha. + + o Build improvements: + - Do not report status verbosely from autogen.sh unless the -v flag + is specified. Fixes issue 4664. Patch from Onizuka. + - Replace all calls to snprintf() outside of src/ext with + tor_snprintf(). Also remove the #define to replace snprintf with + _snprintf on Windows; they have different semantics, and all of + our callers should be using tor_snprintf() anyway. Fixes bug 7304. + - Try to detect if we are ever building on a platform where + memset(...,0,...) does not set the value of a double to 0.0. Such + platforms are permitted by the C standard, though in practice + they're pretty rare (since IEEE 754 is nigh-ubiquitous). We don't + currently support them, but it's better to detect them and fail + than to perform erroneously. + + o Removed features: + - Stop exporting estimates of v2 and v3 directory traffic shares + in extrainfo documents. They were unneeded and sometimes inaccurate. + Also stop exporting any v2 directory request statistics. Resolves + ticket 5823. + - Drop support for detecting and warning about versions of Libevent + before 1.3e. Nothing reasonable ships with them any longer; + warning the user about them shouldn't be needed. Resolves ticket + 6826. + + o Code simplifications and refactoring: + - Rename "isin" functions to "contains", for grammar. Resolves + ticket 5285. + - Rename Tor's logging function log() to tor_log(), to avoid conflicts + with the natural logarithm function from the system libm. Resolves + ticket 7599. + + +Changes in version 0.2.4.9-alpha - 2013-01-15 + Tor 0.2.4.9-alpha provides a quick fix to make the new ntor handshake + work more robustly. + + o Major bugfixes: + - Fix backward compatibility logic when receiving an embedded ntor + handshake tunneled in a CREATE cell. This clears up the "Bug: + couldn't format CREATED cell" warning. Fixes bug 7959; bugfix + on 0.2.4.8-alpha. + + +Changes in version 0.2.4.8-alpha - 2013-01-14 + Tor 0.2.4.8-alpha introduces directory guards to reduce user enumeration + risks, adds a new stronger and faster circuit handshake, and offers + stronger and faster link encryption when both sides support it. + + o Major features: + - Preliminary support for directory guards (proposal 207): when + possible, clients now use their entry guards for non-anonymous + directory requests. This can help prevent client enumeration. Note + that this behavior only works when we have a usable consensus + directory, and when options about what to download are more or less + standard. In the future we should re-bootstrap from our guards, + rather than re-bootstrapping from the preconfigured list of + directory sources that ships with Tor. Resolves ticket 6526. + - Tor relays and clients now support a better CREATE/EXTEND cell + format, allowing the sender to specify multiple address, identity, + and handshake types. Implements Robert Ransom's proposal 200; + closes ticket 7199. + + o Major features (new circuit handshake): + - Tor now supports a new circuit extension handshake designed by Ian + Goldberg, Douglas Stebila, and Berkant Ustaoglu. Our original + circuit extension handshake, later called "TAP", was a bit slow + (especially on the relay side), had a fragile security proof, and + used weaker keys than we'd now prefer. The new circuit handshake + uses Dan Bernstein's "curve25519" elliptic-curve Diffie-Hellman + function, making it significantly more secure than the older + handshake, and significantly faster. Tor can use one of two built-in + pure-C curve25519-donna implementations by Adam Langley, or it + can link against the "nacl" library for a tuned version if present. + + The built-in version is very fast for 64-bit systems when building + with GCC. The built-in 32-bit version is still faster than the + old TAP protocol, but using libnacl is better on most such hosts. + + Clients don't currently use this protocol by default, since + comparatively few clients support it so far. To try it, set + UseNTorHandshake to 1. + + Implements proposal 216; closes ticket 7202. + + o Major features (better link encryption): + - Relays can now enable the ECDHE TLS ciphersuites when available + and appropriate. These ciphersuites let us negotiate forward-secure + TLS secret keys more safely and more efficiently than with our + previous use of Diffie-Hellman modulo a 1024-bit prime. By default, + public relays prefer the (faster) P224 group, and bridges prefer + the (more common) P256 group; you can override this with the + TLSECGroup option. + + Enabling these ciphers was a little tricky, since for a long time, + clients had been claiming to support them without actually doing + so, in order to foil fingerprinting. But with the client-side + implementation of proposal 198 in 0.2.3.17-beta, clients can now + match the ciphers from recent Firefox versions *and* list the + ciphers they actually mean, so relays can believe such clients + when they advertise ECDHE support in their TLS ClientHello messages. + + This feature requires clients running 0.2.3.17-beta or later, + and requires both sides to be running OpenSSL 1.0.0 or later + with ECC support. OpenSSL 1.0.1, with the compile-time option + "enable-ec_nistp_64_gcc_128", is highly recommended. + + Implements the relay side of proposal 198; closes ticket 7200. + + o Major bugfixes: + - Avoid crashing when, as a relay without IPv6-exit support, a + client insists on getting an IPv6 address or nothing. Fixes bug + 7814; bugfix on 0.2.4.7-alpha. + + o Minor features: + - Improve circuit build timeout handling for hidden services. + In particular: adjust build timeouts more accurately depending + upon the number of hop-RTTs that a particular circuit type + undergoes. Additionally, launch intro circuits in parallel + if they timeout, and take the first one to reply as valid. + - Work correctly on Unix systems where EAGAIN and EWOULDBLOCK are + separate error codes; or at least, don't break for that reason. + Fixes bug 7935. Reported by "oftc_must_be_destroyed". + - Update to the January 2 2013 Maxmind GeoLite Country database. + + o Minor features (testing): + - Add benchmarks for DH (1024-bit multiplicative group) and ECDH + (P-256) Diffie-Hellman handshakes to src/or/bench. + - Add benchmark functions to test onion handshake performance. + + o Minor features (path bias detection): + - Alter the Path Bias log messages to be more descriptive in terms + of reporting timeouts and other statistics. + - Create three levels of Path Bias log messages, as opposed to just + two. These are configurable via consensus as well as via the torrc + options PathBiasNoticeRate, PathBiasWarnRate, PathBiasExtremeRate. + The default values are 0.70, 0.50, and 0.30 respectively. + - Separate the log message levels from the decision to drop guards, + which also is available via torrc option PathBiasDropGuards. + PathBiasDropGuards still defaults to 0 (off). + - Deprecate PathBiasDisableRate in favor of PathBiasDropGuards + in combination with PathBiasExtremeRate. + - Increase the default values for PathBiasScaleThreshold and + PathBiasCircThreshold from (200, 20) to (300, 150). + - Add in circuit usage accounting to path bias. If we try to use a + built circuit but fail for any reason, it counts as path bias. + Certain classes of circuits where the adversary gets to pick your + destination node are exempt from this accounting. Usage accounting + can be specifically disabled via consensus parameter or torrc. + - Convert all internal path bias state to double-precision floating + point, to avoid roundoff error and other issues. + - Only record path bias information for circuits that have completed + *two* hops. Assuming end-to-end tagging is the attack vector, this + makes us more resilient to ambient circuit failure without any + detection capability loss. + + o Minor bugfixes (log messages): + - Rate-limit the "No circuits are opened. Relaxed timeout for a + circuit with channel state open..." message to once per hour to + keep it from filling the notice logs. Mitigates bug 7799 but does + not fix the underlying cause. Bugfix on 0.2.4.7-alpha. + - Avoid spurious warnings when configuring multiple client ports of + which only some are nonlocal. Previously, we had claimed that some + were nonlocal when in fact they weren't. Fixes bug 7836; bugfix on + 0.2.3.3-alpha. + + o Code simplifications and refactoring: + - Get rid of a couple of harmless clang warnings, where we compared + enums to ints. These warnings are newly introduced in clang 3.2. + - Split the onion.c file into separate modules for the onion queue + and the different handshakes it supports. + - Remove the marshalling/unmarshalling code for sending requests to + cpuworkers over a socket, and instead just send structs. The + recipient will always be the same Tor binary as the sender, so + any encoding is overkill. + + +Changes in version 0.2.4.7-alpha - 2012-12-24 + Tor 0.2.4.7-alpha introduces a new approach to providing fallback + directory mirrors for more robust bootstrapping; fixes more issues where + clients with changing network conditions refuse to make any circuits; + adds initial support for exiting to IPv6 addresses; resumes being able + to update our GeoIP database, and includes the geoip6 file this time; + turns off the client-side DNS cache by default due to privacy risks; + and fixes a variety of other issues. + + o Major features (client resilience): + - Add a new "FallbackDir" torrc option to use when we can't use + a directory mirror from the consensus (either because we lack a + consensus, or because they're all down). Currently, all authorities + are fallbacks by default, and there are no other default fallbacks, + but that will change. This option will allow us to give clients a + longer list of servers to try to get a consensus from when first + connecting to the Tor network, and thereby reduce load on the + directory authorities. Implements proposal 206, "Preconfigured + directory sources for bootstrapping". We also removed the old + "FallbackNetworkstatus" option, since we never got it working well + enough to use it. Closes bug 572. + - If we have no circuits open, use a relaxed timeout (the + 95-percentile cutoff) until a circuit succeeds. This heuristic + should allow Tor to succeed at building circuits even when the + network connection drastically changes. Should help with bug 3443. + + o Major features (IPv6): + - Relays can now exit to IPv6 addresses: make sure that you have IPv6 + connectivity, then set the IPv6Exit flag to 1. Also make sure your + exit policy reads as you would like: the address * applies to all + address families, whereas *4 is IPv4 address only, and *6 is IPv6 + addresses only. On the client side, you'll need to wait until the + authorities have upgraded, wait for enough exits to support IPv6, + apply the "IPv6Traffic" flag to a SocksPort, and use Socks5. Closes + ticket 5547, implements proposal 117 as revised in proposal 208. + + We DO NOT recommend that clients with actual anonymity needs start + using IPv6 over Tor yet, since not enough exits support it yet. + + o Major features (geoip database): + - Maxmind began labelling Tor relays as being in country "A1", + which breaks by-country node selection inside Tor. Now we use a + script to replace "A1" ("Anonymous Proxy") entries in our geoip + file with real country codes. This script fixes about 90% of "A1" + entries automatically and uses manual country code assignments to + fix the remaining 10%. See src/config/README.geoip for details. + Fixes bug 6266. Also update to the December 5 2012 Maxmind GeoLite + Country database, as modified above. + + o Major bugfixes (client-side DNS): + - Turn off the client-side DNS cache by default. Updating and using + the DNS cache is now configurable on a per-client-port + level. SOCKSPort, DNSPort, etc lines may now contain + {No,}Cache{IPv4,IPv6,}DNS lines to indicate that we shouldn't + cache these types of DNS answers when we receive them from an + exit node in response to an application request on this port, and + {No,}UseCached{IPv4,IPv6,DNS} lines to indicate that if we have + cached DNS answers of these types, we shouldn't use them. It's + potentially risky to use cached DNS answers at the client, since + doing so can indicate to one exit what answers we've gotten + for DNS lookups in the past. With IPv6, this becomes especially + problematic. Using cached DNS answers for requests on the same + circuit would present less linkability risk, since all traffic + on a circuit is already linkable, but it would also provide + little performance benefit: the exit node caches DNS replies + too. Implements a simplified version of Proposal 205. Implements + ticket 7570. + + o Major bugfixes (other): + - Alter circuit build timeout measurement to start at the point + where we begin the CREATE/CREATE_FAST step (as opposed to circuit + initialization). This should make our timeout measurements more + uniform. Previously, we were sometimes including ORconn setup time + in our circuit build time measurements. Should resolve bug 3443. + - Fix an assertion that could trigger in hibernate_go_dormant() when + closing an or_connection_t: call channel_mark_for_close() rather + than connection_mark_for_close(). Fixes bug 7267. Bugfix on + 0.2.4.4-alpha. + - Include the geoip6 IPv6 GeoIP database in the tarball. Fixes bug + 7655; bugfix on 0.2.4.6-alpha. + + o Minor features: + - Add a new torrc option "ServerTransportListenAddr" to let bridge + operators select the address where their pluggable transports will + listen for connections. Resolves ticket 7013. + - Allow an optional $ before the node identity digest in the + controller command GETINFO ns/id/<identity>, for consistency with + md/id/<identity> and desc/id/<identity>. Resolves ticket 7059. + - Log packaged cell fullness as part of the heartbeat message. + Diagnosis to try to determine the extent of bug 7743. + + o Minor features (IPv6): + - AutomapHostsOnResolve now supports IPv6 addresses. By default, we + prefer to hand out virtual IPv6 addresses, since there are more of + them and we can't run out. To override this behavior and make IPv4 + addresses preferred, set NoPreferIPv6Automap on whatever SOCKSPort + or DNSPort you're using for resolving. Implements ticket 7571. + - AutomapHostsOnResolve responses are now randomized, to avoid + annoying situations where Tor is restarted and applications + connect to the wrong addresses. + - Never try more than 1000 times to pick a new virtual address when + AutomapHostsOnResolve is set. That's good enough so long as we + aren't close to handing out our entire virtual address space; + if you're getting there, it's best to switch to IPv6 virtual + addresses anyway. + + o Minor bugfixes: + - The ADDRMAP command can no longer generate an ill-formed error + code on a failed MAPADDRESS. It now says "internal" rather than + an English sentence fragment with spaces in the middle. Bugfix on + Tor 0.2.0.19-alpha. + - Fix log messages and comments to avoid saying "GMT" when we mean + "UTC". Fixes bug 6113. + - Compile on win64 using mingw64. Fixes bug 7260; patches from + "yayooo". + - Fix a crash when debugging unit tests on Windows: deallocate a + shared library with FreeLibrary, not CloseHandle. Fixes bug 7306; + bugfix on 0.2.2.17-alpha. Reported by "ultramage". + + o Renamed options: + - The DirServer option is now DirAuthority, for consistency with + current naming patterns. You can still use the old DirServer form. + + o Code simplification and refactoring: + - Move the client-side address-map/virtual-address/DNS-cache code + out of connection_edge.c into a new addressmap.c module. + - Remove unused code for parsing v1 directories and "running routers" + documents. Fixes bug 6887. + + +Changes in version 0.2.3.25 - 2012-11-19 + The Tor 0.2.3 release series is dedicated to the memory of Len "rabbi" + Sassaman (1980-2011), a long-time cypherpunk, anonymity researcher, + Mixmaster maintainer, Pynchon Gate co-designer, CodeCon organizer, + programmer, and friend. Unstinting in his dedication to the cause of + freedom, he inspired and helped many of us as we began our work on + anonymity, and inspires us still. Please honor his memory by writing + software to protect people's freedoms, and by helping others to do so. + + Tor 0.2.3.25, the first stable release in the 0.2.3 branch, features + significantly reduced directory overhead (via microdescriptors), + enormous crypto performance improvements for fast relays on new + enough hardware, a new v3 TLS handshake protocol that can better + resist fingerprinting, support for protocol obfuscation plugins (aka + pluggable transports), better scalability for hidden services, IPv6 + support for bridges, performance improvements like allowing clients + to skip the first round-trip on the circuit ("optimistic data") and + refilling token buckets more often, a new "stream isolation" design + to isolate different applications on different circuits, and many + stability, security, and privacy fixes. + + o Major bugfixes: + - Tor tries to wipe potentially sensitive data after using it, so + that if some subsequent security failure exposes Tor's memory, + the damage will be limited. But we had a bug where the compiler + was eliminating these wipe operations when it decided that the + memory was no longer visible to a (correctly running) program, + hence defeating our attempt at defense in depth. We fix that + by using OpenSSL's OPENSSL_cleanse() operation, which a compiler + is unlikely to optimize away. Future versions of Tor may use + a less ridiculously heavy approach for this. Fixes bug 7352. + Reported in an article by Andrey Karpov. + + o Minor bugfixes: + - Fix a harmless bug when opting against publishing a relay descriptor + because DisableNetwork is set. Fixes bug 7464; bugfix on + 0.2.3.9-alpha. + + +Changes in version 0.2.4.6-alpha - 2012-11-13 + Tor 0.2.4.6-alpha fixes an assert bug that has been plaguing relays, + makes our defense-in-depth memory wiping more reliable, and begins to + count IPv6 addresses in bridge statistics, + + o Major bugfixes: + - Fix an assertion failure that could occur when closing a connection + with a spliced rendezvous circuit. Fix for bug 7212; bugfix on + Tor 0.2.4.4-alpha. + - Tor tries to wipe potentially sensitive data after using it, so + that if some subsequent security failure exposes Tor's memory, + the damage will be limited. But we had a bug where the compiler + was eliminating these wipe operations when it decided that the + memory was no longer visible to a (correctly running) program, + hence defeating our attempt at defense in depth. We fix that + by using OpenSSL's OPENSSL_cleanse() operation, which a compiler + is unlikely to optimize away. Future versions of Tor may use + a less ridiculously heavy approach for this. Fixes bug 7352. + Reported in an article by Andrey Karpov. + + o Minor features: + - Add GeoIP database for IPv6 addresses. The new config option + is GeoIPv6File. + - Bridge statistics now count bridge clients connecting over IPv6: + bridge statistics files now list "bridge-ip-versions" and + extra-info documents list "geoip6-db-digest". The control protocol + "CLIENTS_SEEN" and "ip-to-country" queries now support IPv6. Initial + implementation by "shkoo", addressing ticket 5055. + + o Minor bugfixes: + - Warn when we are binding low ports when hibernation is enabled; + previously we had warned when we were _advertising_ low ports with + hibernation enabled. Fixes bug 7285; bugfix on 0.2.3.9-alpha. + - Fix a harmless bug when opting against publishing a relay descriptor + because DisableNetwork is set. Fixes bug 7464; bugfix on + 0.2.3.9-alpha. + - Add warning message when a managed proxy dies during configuration. + Fixes bug 7195; bugfix on 0.2.4.2-alpha. + - Fix a linking error when building tor-fw-helper without miniupnp. + Fixes bug 7235; bugfix on 0.2.4.2-alpha. Fix by Anthony G. Basile. + - Check for closing an or_connection_t without going through correct + channel functions; emit a warning and then call + connection_or_close_for_error() so we don't assert as in bugs 7212 + and 7267. + - Compile correctly on compilers without C99 designated initializer + support. Fixes bug 7286; bugfix on 0.2.4.4-alpha. + - Avoid a possible assert that can occur when channel_send_destroy() is + called on a channel in CHANNEL_STATE_CLOSING, CHANNEL_STATE_CLOSED, + or CHANNEL_STATE_ERROR when the Tor process is resumed after being + blocked for a long interval. Fixes bug 7350; bugfix on 0.2.4.4-alpha. + - Fix a memory leak on failing cases of channel_tls_process_certs_cell. + Fixes bug 7422; bugfix on 0.2.4.4-alpha. + + o Code simplification and refactoring: + - Start using OpenBSD's implementation of queue.h, so that we don't + need to hand-roll our own pointer and list structures whenever we + need them. (We can't rely on a sys/queue.h, since some operating + systems don't have them, and the ones that do have them don't all + present the same extensions.) + + +Changes in version 0.2.4.5-alpha - 2012-10-25 + Tor 0.2.4.5-alpha comes hard at the heels of 0.2.4.4-alpha, to fix + two important security vulnerabilities that could lead to remotely + triggerable relay crashes, fix a major bug that was preventing clients + from choosing suitable exit nodes, and refactor some of our code. + + o Major bugfixes (security, also in 0.2.3.24-rc): + - Fix a group of remotely triggerable assertion failures related to + incorrect link protocol negotiation. Found, diagnosed, and fixed + by "some guy from France". Fix for CVE-2012-2250; bugfix on + 0.2.3.6-alpha. + - Fix a denial of service attack by which any directory authority + could crash all the others, or by which a single v2 directory + authority could crash everybody downloading v2 directory + information. Fixes bug 7191; bugfix on 0.2.0.10-alpha. + + o Major bugfixes (also in 0.2.3.24-rc): + - When parsing exit policy summaries from microdescriptors, we had + previously been ignoring the last character in each one, so that + "accept 80,443,8080" would be treated by clients as indicating + a node that allows access to ports 80, 443, and 808. That would + lead to clients attempting connections that could never work, + and ignoring exit nodes that would support their connections. Now + clients parse these exit policy summaries correctly. Fixes bug 7192; + bugfix on 0.2.3.1-alpha. + + o Minor bugfixes (also in 0.2.3.24-rc): + - Clients now consider the ClientRejectInternalAddresses config option + when using a microdescriptor consensus stanza to decide whether + an exit relay would allow exiting to an internal address. Fixes + bug 7190; bugfix on 0.2.3.1-alpha. + + o Minor bugfixes: + - Only disable TLS session ticket support when running as a TLS + server. Now clients will blend better with regular Firefox + connections. Fixes bug 7189; bugfix on Tor 0.2.3.23-rc. + + o Code simplification and refactoring: + - Start using OpenBSD's implementation of queue.h (originally by + Niels Provos). + - Move the entry node code from circuitbuild.c to its own file. + - Move the circuit build timeout tracking code from circuitbuild.c + to its own file. + + +Changes in version 0.2.3.24-rc - 2012-10-25 + Tor 0.2.3.24-rc fixes two important security vulnerabilities that + could lead to remotely triggerable relay crashes, and fixes + a major bug that was preventing clients from choosing suitable exit + nodes. + + o Major bugfixes (security): + - Fix a group of remotely triggerable assertion failures related to + incorrect link protocol negotiation. Found, diagnosed, and fixed + by "some guy from France". Fix for CVE-2012-2250; bugfix on + 0.2.3.6-alpha. + - Fix a denial of service attack by which any directory authority + could crash all the others, or by which a single v2 directory + authority could crash everybody downloading v2 directory + information. Fixes bug 7191; bugfix on 0.2.0.10-alpha. + + o Major bugfixes: + - When parsing exit policy summaries from microdescriptors, we had + previously been ignoring the last character in each one, so that + "accept 80,443,8080" would be treated by clients as indicating + a node that allows access to ports 80, 443, and 808. That would + lead to clients attempting connections that could never work, + and ignoring exit nodes that would support their connections. Now + clients parse these exit policy summaries correctly. Fixes bug 7192; + bugfix on 0.2.3.1-alpha. + + o Minor bugfixes: + - Clients now consider the ClientRejectInternalAddresses config option + when using a microdescriptor consensus stanza to decide whether + an exit relay would allow exiting to an internal address. Fixes + bug 7190; bugfix on 0.2.3.1-alpha. + + +Changes in version 0.2.4.4-alpha - 2012-10-20 + Tor 0.2.4.4-alpha adds a new v3 directory authority, fixes a privacy + vulnerability introduced by a change in OpenSSL, fixes a remotely + triggerable assert, and adds new channel_t and circuitmux_t abstractions + that will make it easier to test new connection transport and cell + scheduling algorithms. + + o New directory authorities (also in 0.2.3.23-rc): + - Add Faravahar (run by Sina Rabbani) as the ninth v3 directory + authority. Closes ticket 5749. + + o Major bugfixes (security/privacy, also in 0.2.3.23-rc): + - Disable TLS session tickets. OpenSSL's implementation was giving + our TLS session keys the lifetime of our TLS context objects, when + perfect forward secrecy would want us to discard anything that + could decrypt a link connection as soon as the link connection + was closed. Fixes bug 7139; bugfix on all versions of Tor linked + against OpenSSL 1.0.0 or later. Found by Florent Daignière. + - Discard extraneous renegotiation attempts once the V3 link + protocol has been initiated. Failure to do so left us open to + a remotely triggerable assertion failure. Fixes CVE-2012-2249; + bugfix on 0.2.3.6-alpha. Reported by "some guy from France". + + o Internal abstraction features: + - Introduce new channel_t abstraction between circuits and + or_connection_t to allow for implementing alternate OR-to-OR + transports. A channel_t is an abstract object which can either be a + cell-bearing channel, which is responsible for authenticating and + handshaking with the remote OR and transmitting cells to and from + it, or a listening channel, which spawns new cell-bearing channels + at the request of remote ORs. Implements part of ticket 6465. + - Also new is the channel_tls_t subclass of channel_t, adapting it + to the existing or_connection_t code. The V2/V3 protocol handshaking + code which formerly resided in command.c has been moved below the + channel_t abstraction layer and may be found in channeltls.c now. + Implements the rest of ticket 6465. + - Introduce new circuitmux_t storing the queue of circuits for + a channel; this encapsulates and abstracts the queue logic and + circuit selection policy, and allows the latter to be overridden + easily by switching out a policy object. The existing EWMA behavior + is now implemented as a circuitmux_policy_t. Resolves ticket 6816. + + o Required libraries: + - Tor now requires OpenSSL 0.9.8 or later. OpenSSL 1.0.0 or later is + strongly recommended. + + o Minor features: + - Warn users who run hidden services on a Tor client with + UseEntryGuards disabled that their hidden services will be + vulnerable to http://freehaven.net/anonbib/#hs-attack06 (the + attack which motivated Tor to support entry guards in the first + place). Resolves ticket 6889. + - Tor now builds correctly on Bitrig, an OpenBSD fork. Patch from + dhill. Resolves ticket 6982. + - Option OutboundBindAddress can be specified multiple times and + accepts IPv6 addresses. Resolves ticket 6876. + + o Minor bugfixes (also in 0.2.3.23-rc): + - Don't serve or accept v2 hidden service descriptors over a + relay's DirPort. It's never correct to do so, and disabling it + might make it more annoying to exploit any bugs that turn up in the + descriptor-parsing code. Fixes bug 7149. + - Fix two cases in src/or/transports.c where we were calling + fmt_addr() twice in a parameter list. Bug found by David + Fifield. Fixes bug 7014; bugfix on 0.2.3.9-alpha. + - Fix memory leaks whenever we logged any message about the "path + bias" detection. Fixes bug 7022; bugfix on 0.2.3.21-rc. + - When relays refuse a "create" cell because their queue of pending + create cells is too big (typically because their cpu can't keep up + with the arrival rate), send back reason "resource limit" rather + than reason "internal", so network measurement scripts can get a + more accurate picture. Fixes bug 7037; bugfix on 0.1.1.11-alpha. + + o Minor bugfixes: + - Command-line option "--version" implies "--quiet". Fixes bug 6997. + - Free some more still-in-use memory at exit, to make hunting for + memory leaks easier. Resolves bug 7029. + - When a Tor client gets a "truncated" relay cell, the first byte of + its payload specifies why the circuit was truncated. We were + ignoring this 'reason' byte when tearing down the circuit, resulting + in the controller not being told why the circuit closed. Now we + pass the reason from the truncated cell to the controller. Bugfix + on 0.1.2.3-alpha; fixes bug 7039. + - Downgrade "Failed to hand off onionskin" messages to "debug" + severity, since they're typically redundant with the "Your computer + is too slow" messages. Fixes bug 7038; bugfix on 0.2.2.16-alpha. + - Make clients running with IPv6 bridges connect over IPv6 again, + even without setting new config options ClientUseIPv6 and + ClientPreferIPv6ORPort. Fixes bug 6757; bugfix on 0.2.4.1-alpha. + - Use square brackets around IPv6 addresses in numerous places + that needed them, including log messages, HTTPS CONNECT proxy + requests, TransportProxy statefile entries, and pluggable transport + extra-info lines. Fixes bug 7011; patch by David Fifield. + + o Code refactoring and cleanup: + - Source files taken from other packages now reside in src/ext; + previously they were scattered around the rest of Tor. + - Avoid use of reserved identifiers in our C code. The C standard + doesn't like us declaring anything that starts with an + underscore, so let's knock it off before we get in trouble. Fix + for bug 1031; bugfix on the first Tor commit. + + +Changes in version 0.2.3.23-rc - 2012-10-20 + Tor 0.2.3.23-rc adds a new v3 directory authority, fixes a privacy + vulnerability introduced by a change in OpenSSL, and fixes a variety + of smaller bugs in preparation for the release. + + o New directory authorities: + - Add Faravahar (run by Sina Rabbani) as the ninth v3 directory + authority. Closes ticket 5749. + + o Major bugfixes (security/privacy): + - Disable TLS session tickets. OpenSSL's implementation was giving + our TLS session keys the lifetime of our TLS context objects, when + perfect forward secrecy would want us to discard anything that + could decrypt a link connection as soon as the link connection + was closed. Fixes bug 7139; bugfix on all versions of Tor linked + against OpenSSL 1.0.0 or later. Found by Florent Daignière. + - Discard extraneous renegotiation attempts once the V3 link + protocol has been initiated. Failure to do so left us open to + a remotely triggerable assertion failure. Fixes CVE-2012-2249; + bugfix on 0.2.3.6-alpha. Reported by "some guy from France". + + o Major bugfixes: + - Fix a possible crash bug when checking for deactivated circuits + in connection_or_flush_from_first_active_circuit(). Fixes bug 6341; + bugfix on 0.2.2.7-alpha. Bug report and fix received pseudonymously. + + o Minor bugfixes (on 0.2.3.x): + - Fix two cases in src/or/transports.c where we were calling + fmt_addr() twice in a parameter list. Bug found by David + Fifield. Fixes bug 7014; bugfix on 0.2.3.9-alpha. + - Convert an assert in the pathbias code to a log message. The assert + appears to only be triggerable by Tor2Web mode. Fixes bug 6866; + bugfix on 0.2.3.17-beta. + - Fix memory leaks whenever we logged any message about the "path + bias" detection. Fixes bug 7022; bugfix on 0.2.3.21-rc. + + o Minor bugfixes (on 0.2.2.x and earlier): + - Don't serve or accept v2 hidden service descriptors over a relay's + DirPort. It's never correct to do so, and disabling it might + make it more annoying to exploit any bugs that turn up in the + descriptor-parsing code. Fixes bug 7149. + - When relays refuse a "create" cell because their queue of pending + create cells is too big (typically because their cpu can't keep up + with the arrival rate), send back reason "resource limit" rather + than reason "internal", so network measurement scripts can get a + more accurate picture. Bugfix on 0.1.1.11-alpha; fixes bug 7037. + - Correct file sizes when reading binary files on Cygwin, to avoid + a bug where Tor would fail to read its state file. Fixes bug 6844; + bugfix on 0.1.2.7-alpha. + - Avoid undefined behaviour when parsing the list of supported + rendezvous/introduction protocols in a hidden service descriptor. + Previously, Tor would have confused (as-yet-unused) protocol version + numbers greater than 32 with lower ones on many platforms. Fixes + bug 6827; bugfix on 0.2.0.10-alpha. Found by George Kadianakis. + + o Documentation fixes: + - Clarify that hidden services are TCP only. Fixes bug 6024. + + +Changes in version 0.2.4.3-alpha - 2012-09-22 + Tor 0.2.4.3-alpha fixes another opportunity for a remotely triggerable + assertion, resumes letting relays test reachability of their DirPort, + and cleans up a bunch of smaller bugs. + + o Security fixes: + - Fix an assertion failure in tor_timegm() that could be triggered + by a badly formatted directory object. Bug found by fuzzing with + Radamsa. Fixes bug 6811; bugfix on 0.2.0.20-rc. + + o Major bugfixes: + - Fix a possible crash bug when checking for deactivated circuits + in connection_or_flush_from_first_active_circuit(). Fixes bug 6341; + bugfix on 0.2.2.7-alpha. Bug report and fix received pseudonymously. + - Allow routers to detect that their own DirPorts are running. When + we removed support for versions_supports_begindir, we also + accidentally removed the mechanism we used to self-test our + DirPort. Diagnosed with help from kargig. Fixes bugs 6814 and 6815; + bugfix on 0.2.4.2-alpha. + + o Security features: + - Switch to a completely time-invariant approach for picking nodes + weighted by bandwidth. Our old approach would run through the + part of the loop after it had made its choice slightly slower + than it ran through the part of the loop before it had made its + choice. Addresses ticket 6538. + - Disable the use of Guard nodes when in Tor2WebMode. Guard usage + by tor2web clients allows hidden services to identify tor2web + clients through their repeated selection of the same rendezvous + and introduction point circuit endpoints (their guards). Resolves + ticket 6888. + + o Minor features: + - Enable Tor to read configuration, state, and key information from + a FIFO. Previously Tor would only read from files with a positive + stat.st_size. Code from meejah; fixes bug 6044. + + o Minor bugfixes: + - Correct file sizes when reading binary files on Cygwin, to avoid + a bug where Tor would fail to read its state file. Fixes bug 6844; + bugfix on 0.1.2.7-alpha. + - Correctly handle votes with more than 31 flags. Fixes bug 6853; + bugfix on 0.2.0.3-alpha. + - When complaining about a client port on a public address, log + which address we're complaining about. Fixes bug 4020; bugfix on + 0.2.3.3-alpha. Patch by Tom Fitzhenry. + - Convert an assert in the pathbias code to a log message. The assert + appears to only be triggerable by Tor2Web mode. Fixes bug 6866; + bugfix on 0.2.3.17-beta. + - Our new buildsystem was overzealous about rebuilding manpages: it + would rebuild them all whenever any one of them changed. Now our + dependency checking should be correct. Fixes bug 6843; bugfix on + 0.2.4.1-alpha. + - Don't do reachability testing over IPv6 unless AuthDirPublishIPv6 + is set. Fixes bug 6880. Bugfix on 0.2.4.1-alpha. + - Correct log printout about which address family is preferred + when connecting to a bridge with both an IPv4 and IPv6 OR port. + Fixes bug 6884; bugfix on 0.2.4.1-alpha. + + o Minor bugfixes (code cleanliness): + - Fix round_to_power_of_2() so it doesn't invoke undefined behavior + with large values. This situation was untriggered, but nevertheless + incorrect. Fixes bug 6831; bugfix on 0.2.0.1-alpha. + - Reject consensus votes with more than 64 known-flags. We aren't even + close to that limit yet, and our code doesn't handle it correctly. + Fixes bug 6833; bugfix on 0.2.0.1-alpha. + - Avoid undefined behaviour when parsing the list of supported + rendezvous/introduction protocols in a hidden service descriptor. + Previously, Tor would have confused (as-yet-unused) protocol version + numbers greater than 32 with lower ones on many platforms. Fixes + bug 6827; bugfix on 0.2.0.10-alpha. Found by George Kadianakis. + - Fix handling of rendezvous client authorization types over 8. + Fixes bug 6861; bugfix on 0.2.1.5-alpha. + - Fix building with older versions of GCC (2.95, for one) that don't + like preprocessor directives inside macro arguments. Found by + grarpamp. Fixes bug 6842; bugfix on 0.2.4.2-alpha. + - Switch weighted node selection rule from using a list of doubles + to using a list of int64_t. This change should make the process + slightly easier to debug and maintain. Needed to finish ticket 6538. + + o Code simplification and refactoring: + - Move the generic "config" code into a new file, and have "config.c" + hold only torrc- and state-related code. Resolves ticket 6823. + - Move the core of our "choose a weighted element at random" logic + into its own function, and give it unit tests. Now the logic is + testable, and a little less fragile too. + - Removed the testing_since field of node_t, which hasn't been used + for anything since 0.2.0.9-alpha. + + o Documentation fixes: + - Clarify that hidden services are TCP only. Fixes bug 6024. + - Resolve a typo in torrc.sample.in. Fixes bug 6819; bugfix on + 0.2.3.14-alpha. + + +Changes in version 0.2.3.22-rc - 2012-09-11 + Tor 0.2.3.22-rc fixes another opportunity for a remotely triggerable + assertion. + + o Security fixes: + - Fix an assertion failure in tor_timegm() that could be triggered + by a badly formatted directory object. Bug found by fuzzing with + Radamsa. Fixes bug 6811; bugfix on 0.2.0.20-rc. + + o Minor bugfixes: + - Avoid segfault when starting up having run with an extremely old + version of Tor and parsing its state file. Fixes bug 6801; bugfix + on 0.2.2.23-alpha. + + +Changes in version 0.2.2.39 - 2012-09-11 + Tor 0.2.2.39 fixes two more opportunities for remotely triggerable + assertions. + + o Security fixes: + - Fix an assertion failure in tor_timegm() that could be triggered + by a badly formatted directory object. Bug found by fuzzing with + Radamsa. Fixes bug 6811; bugfix on 0.2.0.20-rc. + - Do not crash when comparing an address with port value 0 to an + address policy. This bug could have been used to cause a remote + assertion failure by or against directory authorities, or to + allow some applications to crash clients. Fixes bug 6690; bugfix + on 0.2.1.10-alpha. + + +Changes in version 0.2.4.2-alpha - 2012-09-10 + Tor 0.2.4.2-alpha enables port forwarding for pluggable transports, + raises the default rate limiting even more, and makes the bootstrapping + log messages less noisy. + + o Major features: + - Automatically forward the TCP ports of pluggable transport + proxies using tor-fw-helper if PortForwarding is enabled. Implements + ticket 4567. + + o Major bugfixes: + - Raise the default BandwidthRate/BandwidthBurst values from 5MB/10MB + to 1GB/1GB. The previous defaults were intended to be "basically + infinite", but it turns out they're now limiting our 100mbit+ + relays and bridges. Fixes bug 6605; bugfix on 0.2.0.10-alpha (the + last time we raised it). + + o Minor features: + - Detect when we're running with a version of OpenSSL other than the + one we compiled with. This has occasionally given people hard-to- + track-down errors. + - Log fewer lines at level "notice" about our OpenSSL and Libevent + versions and capabilities when everything is going right. Resolves + part of ticket 6736. + - Directory authorities no long accept descriptors for any version of + Tor before 0.2.2.35, or for any 0.2.3 release before 0.2.3.10-alpha. + These versions are insecure, unsupported, or both. Implements + ticket 6789. + + o Minor bugfixes: + - Rename the (internal-use-only) UsingTestingNetworkDefaults option + to start with a triple-underscore so the controller won't touch it. + Patch by Meejah. Fixes bug 3155. Bugfix on 0.2.2.23-alpha. + - Avoid segfault when starting up having run with an extremely old + version of Tor and parsing its state file. Fixes bug 6801; bugfix + on 0.2.2.23-alpha. + - Rename the (testing-use-only) _UseFilteringSSLBufferevents option + so it doesn't start with _. Fixes bug 3155. Bugfix on 0.2.3.1-alpha. + - Don't follow the NULL pointer if microdescriptor generation fails. + (This does not appear to be triggerable, but it's best to be safe.) + Found by "f. tp.". Fixes bug 6797; bugfix on 0.2.4.1-alpha. + - Fix mis-declared dependencies on src/common/crypto.c and + src/or/tor_main.c that could break out-of-tree builds under some + circumstances. Fixes bug 6778; bugfix on 0.2.4.1-alpha. + - Avoid a warning when building common_sha1.i out of tree. Fixes bug + 6778; bugfix on 0.2.4.1-alpha. + - Fix a harmless (in this case) build warning for implicitly + converting a strlen() to an int. Bugfix on 0.2.4.1-alpha. + + o Removed features: + - Now that all versions before 0.2.2.x are disallowed, we no longer + need to work around their missing features. Thus we can remove a + bunch of compatibility code. + + o Code refactoring: + - Tweak tor-fw-helper to accept an arbitrary amount of arbitrary + TCP ports to forward. In the past it only accepted two ports: + the ORPort and the DirPort. + + +Changes in version 0.2.4.1-alpha - 2012-09-05 + Tor 0.2.4.1-alpha lets bridges publish their pluggable transports to + bridgedb; lets relays use IPv6 addresses and directory authorities + advertise them; and switches to a cleaner build interface. + + This is the first alpha release in a new series, so expect there to + be bugs. Users who would rather test out a more stable branch should + stay with 0.2.3.x for now. + + o Major features (bridges): + - Bridges now report the pluggable transports they support to the + bridge authority, so it can pass the supported transports on to + bridgedb and/or eventually do reachability testing. Implements + ticket 3589. + + o Major features (IPv6): + - Bridge authorities now accept IPv6 bridge addresses and include + them in network status documents. Implements ticket 5534. + - Clients who set "ClientUseIPv6 1" may connect to entry nodes over + IPv6. Set "ClientPreferIPv6ORPort 1" to make this even more likely + to happen. Implements ticket 5535. + - All kind of relays, not just bridges, can now advertise an IPv6 + OR port. Implements ticket 6362. + - Directory authorities vote on IPv6 OR ports using the new consensus + method 14. Implements ticket 6363. + + o Major features (build): + - Switch to a nonrecursive Makefile structure. Now instead of each + Makefile.am invoking other Makefile.am's, there is a master + Makefile.am that includes the others. This change makes our build + process slightly more maintainable, and improves parallelism for + building with make -j. Original patch by Stewart Smith; various + fixes by Jim Meyering. + - Where available, we now use automake's "silent" make rules by + default, so that warnings are easier to spot. You can get the old + behavior with "make V=1". Patch by Stewart Smith for ticket 6522. + + o Minor features (code security and spec conformance): + - Clear keys and key-derived material left on the stack in + rendservice.c and rendclient.c. Check return value of + crypto_pk_write_private_key_to_string() in rend_service_load_keys(). + These fixes should make us more forward-secure against cold-boot + attacks and the like. Fixes bug 2385. + - Reject EXTEND cells sent to nonexistent streams. According to the + spec, an EXTEND cell sent to _any_ nonzero stream ID is invalid, but + we were only checking for stream IDs that were currently in use. + Found while hunting for more instances of bug 6271. Bugfix on + 0.0.2pre8, which introduced incremental circuit construction. + + o Minor features (streamlining); + - No longer include the "opt" prefix when generating routerinfos + or v2 directories: it has been needless since Tor 0.1.2. Closes + ticket 5124. + - Remove some now-needless code that tried to aggressively flush + OR connections as data was added to them. Since 0.2.0.1-alpha, our + cell queue logic has saved us from the failure mode that this code + was supposed to prevent. Removing this code will limit the number + of baroque control flow paths through Tor's network logic. Reported + pseudonymously on IRC. Fixes bug 6468; bugfix on 0.2.0.1-alpha. + + o Minor features (controller): + - Add a "GETINFO signal/names" control port command. Implements + ticket 3842. + - Provide default values for all options via "GETINFO config/defaults". + Implements ticket 4971. + + o Minor features (IPv6): + - New config option "AuthDirHasIPv6Connectivity 1" that directory + authorities should set if they have IPv6 connectivity and want to + do reachability tests for IPv6 relays. Implements feature 5974. + - A relay with an IPv6 OR port now sends that address in NETINFO + cells (in addition to its other address). Implements ticket 6364. + + o Minor features (log messages): + - Omit the first heartbeat log message, because it never has anything + useful to say, and it clutters up the bootstrapping messages. + Resolves ticket 6758. + - Don't log about reloading the microdescriptor cache at startup. Our + bootstrap warnings are supposed to tell the user when there's a + problem, and our bootstrap notices say when there isn't. Resolves + ticket 6759; bugfix on 0.2.2.6-alpha. + - Don't log "I learned some more directory information" when we're + reading cached directory information. Reserve it for when new + directory information arrives in response to a fetch. Resolves + ticket 6760. + - Prevent rounding error in path bias counts when scaling + them down, and use the correct scale factor default. Also demote + some path bias related log messages down a level and make others + less scary sounding. Fixes bug 6647. Bugfix against 0.2.3.17-beta. + - We no longer warn so much when generating manpages from their + asciidoc source. + + o Code simplifications and refactoring: + - Enhance our internal sscanf replacement so that we can eliminate + the last remaining uses of the system sscanf. (Though those uses + of sscanf were safe, sscanf itself is generally error prone, so + we want to eliminate when we can.) Fixes ticket 4195 and Coverity + CID 448. + - Move ipv6_preferred from routerinfo_t to node_t. Addresses bug 4620. + - Move last_reachable and testing_since from routerinfo_t to node_t. + Implements ticket 5529. + - Add replaycache_t structure, functions and unit tests, then refactor + rend_service_introduce() to be more clear to read, improve, debug, + and test. Resolves bug 6177. + - Finally remove support for malloc_good_size and malloc_usable_size. + We had hoped that these functions would let us eke a little more + memory out of our malloc implementation. Unfortunately, the only + implementations that provided these functions are also ones that + are already efficient about not overallocation: they never got us + more than 7 or so bytes per allocation. Removing them saves us a + little code complexity and a nontrivial amount of build complexity. + + o New requirements: + - Tor maintainers now require Automake version 1.9 or later to build + Tor from the Git repository. (Automake is not required when building + from a source distribution.) + + +Changes in version 0.2.3.21-rc - 2012-09-05 + Tor 0.2.3.21-rc is the fourth release candidate for the Tor 0.2.3.x + series. It fixes a trio of potential security bugs, fixes a bug where + we were leaving some of the fast relays out of the microdescriptor + consensus, resumes interpreting "ORPort 0" and "DirPort 0" correctly, + and cleans up other smaller issues. + + o Major bugfixes (security): + - Tear down the circuit if we get an unexpected SENDME cell. Clients + could use this trick to make their circuits receive cells faster + than our flow control would have allowed, or to gum up the network, + or possibly to do targeted memory denial-of-service attacks on + entry nodes. Fixes bug 6252. Bugfix on the 54th commit on Tor -- + from July 2002, before the release of Tor 0.0.0. We had committed + this patch previously, but we had to revert it because of bug 6271. + Now that 6271 is fixed, this patch appears to work. + - Reject any attempt to extend to an internal address. Without + this fix, a router could be used to probe addresses on an internal + network to see whether they were accepting connections. Fixes bug + 6710; bugfix on 0.0.8pre1. + - Do not crash when comparing an address with port value 0 to an + address policy. This bug could have been used to cause a remote + assertion failure by or against directory authorities, or to + allow some applications to crash clients. Fixes bug 6690; bugfix + on 0.2.1.10-alpha. + + o Major bugfixes: + - Remove the upper bound on microdescriptor length. We were hitting + the limit for routers with complex exit policies or family + declarations, causing clients to not use them. Fixes the first + piece of bug 6404; fix on 0.2.2.6-alpha. + - Detect "ORPort 0" as meaning, uniformly, that we're not running + as a relay. Previously, some of our code would treat the presence + of any ORPort line as meaning that we should act like a relay, + even though our new listener code would correctly not open any + ORPorts for ORPort 0. Similar bugs in other Port options are also + fixed. Fixes the first half of bug 6507; bugfix on 0.2.3.3-alpha. + + o Minor bugfixes: + - Avoid a pair of double-free and use-after-mark bugs that can + occur with certain timings in canceled and re-received DNS + requests. Fixes bug 6472; bugfix on 0.0.7rc1. + - Fix build and 64-bit compile warnings from --enable-openbsd-malloc. + Fixes bug 6379. Bugfix on 0.2.0.20-rc. + - Allow one-hop directory fetching circuits the full "circuit build + timeout" period, rather than just half of it, before failing them + and marking the relay down. This fix should help reduce cases where + clients declare relays (or worse, bridges) unreachable because + the TLS handshake takes a few seconds to complete. Fixes bug 6743; + bugfix on 0.2.2.2-alpha, where we changed the timeout from a static + 30 seconds. + - Authorities no longer include any router in their microdescriptor + consensuses for which they couldn't generate or agree on a + microdescriptor. Fixes the second piece of bug 6404; fix on + 0.2.2.6-alpha. + - Detect and reject attempts to specify both "FooPort" and + "FooPort 0" in the same configuration domain. (It's still okay + to have a FooPort in your configuration file, and use "FooPort 0" + on the command line to disable it.) Fixes the second half of bug + 6507; bugfix on 0.2.3.3-alpha. + - Make wildcarded addresses (that is, ones beginning with "*.") work + when provided via the controller's MapAddress command. Previously, + they were accepted, but we never actually noticed that they were + wildcards. Fixes bug 6244; bugfix on 0.2.3.9-alpha. + - Avoid crashing on a malformed state file where EntryGuardPathBias + precedes EntryGuard. Fix for bug 6774; bugfix on 0.2.3.17-beta. + - Add a (probably redundant) memory clear between iterations of + the router status voting loop, to prevent future coding errors + where data might leak between iterations of the loop. Resolves + ticket 6514. + + o Minor bugfixes (log messages): + - Downgrade "set buildtimeout to low value" messages to "info" + severity; they were never an actual problem, there was never + anything reasonable to do about them, and they tended to spam logs + from time to time. Fixes bug 6251; bugfix on 0.2.2.2-alpha. + - Downgrade path-bias warning messages to "info". We'll try to get + them working better in 0.2.4. Add internal circuit construction + state to protect against the noisy warn message "Unexpectedly high + circuit_successes". Also add some additional rate-limited notice + messages to help determine the root cause of the warn. Fixes bug + 6475. Bugfix against 0.2.3.17-beta. + - Move log message when unable to find a microdesc in a routerstatus + entry to parse time. Previously we'd spam this warning every time + we tried to figure out which microdescriptors to download. Fixes + the third piece of bug 6404; fix on 0.2.3.18-rc. + + o Minor features: + - Consider new, removed or changed IPv6 OR ports a non-cosmetic + change when the authority is deciding whether to accept a newly + uploaded descriptor. Implements ticket 6423. + - Add missing documentation for consensus and microdesc files. + Resolves ticket 6732. + + +Changes in version 0.2.2.38 - 2012-08-12 + Tor 0.2.2.38 fixes a remotely triggerable crash bug, and fixes a timing + attack that could in theory leak path information. + + o Security fixes: + - Avoid an uninitialized memory read when reading a vote or consensus + document that has an unrecognized flavor name. This read could + lead to a remote crash bug. Fixes bug 6530; bugfix on 0.2.2.6-alpha. + - Try to leak less information about what relays a client is + choosing to a side-channel attacker. Previously, a Tor client would + stop iterating through the list of available relays as soon as it + had chosen one, thus finishing a little earlier when it picked + a router earlier in the list. If an attacker can recover this + timing information (nontrivial but not proven to be impossible), + they could learn some coarse-grained information about which relays + a client was picking (middle nodes in particular are likelier to + be affected than exits). The timing attack might be mitigated by + other factors (see bug 6537 for some discussion), but it's best + not to take chances. Fixes bug 6537; bugfix on 0.0.8rc1. + + +Changes in version 0.2.3.20-rc - 2012-08-05 + Tor 0.2.3.20-rc is the third release candidate for the Tor 0.2.3.x + series. It fixes a pair of code security bugs and a potential anonymity + issue, updates our RPM spec files, and cleans up other smaller issues. + + o Security fixes: + - Avoid read-from-freed-memory and double-free bugs that could occur + when a DNS request fails while launching it. Fixes bug 6480; + bugfix on 0.2.0.1-alpha. + - Avoid an uninitialized memory read when reading a vote or consensus + document that has an unrecognized flavor name. This read could + lead to a remote crash bug. Fixes bug 6530; bugfix on 0.2.2.6-alpha. + - Try to leak less information about what relays a client is + choosing to a side-channel attacker. Previously, a Tor client would + stop iterating through the list of available relays as soon as it + had chosen one, thus finishing a little earlier when it picked + a router earlier in the list. If an attacker can recover this + timing information (nontrivial but not proven to be impossible), + they could learn some coarse-grained information about which relays + a client was picking (middle nodes in particular are likelier to + be affected than exits). The timing attack might be mitigated by + other factors (see bug 6537 for some discussion), but it's best + not to take chances. Fixes bug 6537; bugfix on 0.0.8rc1. + + o Minor features: + - Try to make the warning when giving an obsolete SOCKSListenAddress + a little more useful. + - Terminate active server managed proxies if Tor stops being a + relay. Addresses parts of bug 6274; bugfix on 0.2.3.6-alpha. + - Provide a better error message about possible OSX Asciidoc failure + reasons. Fixes bug 6436. + - Warn when Tor is configured to use accounting in a way that can + link a hidden service to some other hidden service or public + address. Resolves ticket 6490. + + o Minor bugfixes: + - Check return value of fputs() when writing authority certificate + file. Fixes Coverity issue 709056; bugfix on 0.2.0.1-alpha. + - Ignore ServerTransportPlugin lines when Tor is not configured as + a relay. Fixes bug 6274; bugfix on 0.2.3.6-alpha. + - When disabling guards for having too high a proportion of failed + circuits, make sure to look at each guard. Fixes bug 6397; bugfix + on 0.2.3.17-beta. + + o Packaging (RPM): + - Update our default RPM spec files to work with mock and rpmbuild + on RHEL/Fedora. They have an updated set of dependencies and + conflicts, a fix for an ancient typo when creating the "_tor" + user, and better instructions. Thanks to Ondrej Mikle for the + patch series. Fixes bug 6043. + + o Testing: + - Make it possible to set the TestingTorNetwork configuration + option using AlternateDirAuthority and AlternateBridgeAuthority + as an alternative to setting DirServer. Addresses ticket 6377. + + o Documentation: + - Clarify the documentation for the Alternate*Authority options. + Fixes bug 6387. + - Fix some typos in the manpages. Patch from A. Costa. Fixes bug 6500. + + o Code simplification and refactoring: + - Do not use SMARTLIST_FOREACH for any loop whose body exceeds + 10 lines. Also, don't nest them. Doing so in the past has + led to hard-to-debug code. The new style is to use the + SMARTLIST_FOREACH_{BEGIN,END} pair. Addresses issue 6400. + + +Changes in version 0.2.3.19-rc - 2012-07-06 + Tor 0.2.3.19-rc is the second release candidate for the Tor 0.2.3.x + series. It fixes the compile on Windows, reverts to a GeoIP database + that isn't as broken, and fixes a flow control bug that has been around + since the beginning of Tor. + + o Major bugfixes: + - Fix a bug handling SENDME cells on nonexistent streams that could + result in bizarre window values. Report and patch contributed + pseudonymously. Fixes part of bug 6271. This bug was introduced + before the first Tor release, in svn commit r152. + - Revert to the May 1 2012 Maxmind GeoLite Country database. In the + June 2012 database, Maxmind marked many Tor relays as country "A1", + which will cause risky behavior for clients that set EntryNodes + or ExitNodes. Addresses bug 6334; bugfix on 0.2.3.17-beta. + - Instead of ENOBUFS on Windows, say WSAENOBUFS. Fixes compilation + on Windows. Fixes bug 6296; bugfix on 0.2.3.18-rc. + + o Minor bugfixes: + - Fix wrong TCP port range in parse_port_range(). Fixes bug 6218; + bugfix on 0.2.1.10-alpha. + + Changes in version 0.2.3.18-rc - 2012-06-28 Tor 0.2.3.18-rc is the first release candidate for the Tor 0.2.3.x series. It fixes a few smaller bugs, but generally appears stable. @@ -225,7 +3604,7 @@ Changes in version 0.2.3.16-alpha - 2012-06-05 indefinitely. Fixes bug 5380; bugfix on 0.2.1.14-rc. - When fetching a bridge descriptor from a bridge authority, always do so anonymously, whether we have been able to open - circuits or not. Partial fix for bug 1938; bugfix on 2.0.7-alpha. + circuits or not. Partial fix for bug 1938; bugfix on 0.2.0.7-alpha. This behavior makes it *safer* to use UpdateBridgesFromAuthority, but we'll need to wait for bug 6010 before it's actually usable. @@ -955,7 +4334,8 @@ Changes in version 0.2.3.11-alpha - 2012-01-22 FastFlagMaxThreshold) to control the range of allowable bandwidths for the Fast directory flag. These allow authorities to run experiments on appropriate requirements for being a "Fast" node. - The AuthDirFastGuarantee config value still applies. + The AuthDirFastGuarantee config value still applies. Implements + ticket 3946. - Document the GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays directory authority option (introduced in Tor 0.2.2.34). @@ -1270,6 +4650,29 @@ Changes in version 0.2.2.35 - 2011-12-16 by removing an absolute path from makensis.exe command. +Changes in version 0.2.1.32 - 2011-12-16 + Tor 0.2.1.32 backports important security and privacy fixes for + oldstable. This release is intended only for package maintainers and + others who cannot use the 0.2.2 stable series. All others should be + using Tor 0.2.2.x or newer. + + The Tor 0.2.1.x series will reach formal end-of-life some time in + early 2012; we will stop releasing patches for it then. + + o Major bugfixes (also included in 0.2.2.x): + - Correctly sanity-check that we don't underflow on a memory + allocation (and then assert) for hidden service introduction + point decryption. Bug discovered by Dan Rosenberg. Fixes bug 4410; + bugfix on 0.2.1.5-alpha. + - Fix a heap overflow bug that could occur when trying to pull + data into the first chunk of a buffer, when that chunk had + already had some data drained from it. Fixes CVE-2011-2778; + bugfix on 0.2.0.16-alpha. Reported by "Vektor". + + o Minor features: + - Update to the December 6 2011 Maxmind GeoLite Country database. + + Changes in version 0.2.3.9-alpha - 2011-12-08 Tor 0.2.3.9-alpha introduces initial IPv6 support for bridges, adds a "DisableNetwork" security feature that bundles can use to avoid @@ -2034,7 +5437,7 @@ Changes in version 0.2.3.4-alpha - 2011-09-13 by an attacker who controls both an introduction point and a rendezvous point, and who uses the malleability of AES-CTR to alter the encrypted g^x portion of the INTRODUCE1 cell. We think - that these attacks is infeasible (requiring the attacker to send + that these attacks are infeasible (requiring the attacker to send on the order of zettabytes of altered cells in a short interval), but we'd rather block them off in case there are any classes of this attack that we missed. Reported by Willem Pinckaers. |