[tor-commits] [tor/master] fold in some new changelog stanzas
arma at torproject.org
arma at torproject.org
Sat Jan 7 12:44:36 UTC 2012
commit 36721e940d77c8331ce13ad96ed3a6c80b13958b
Author: Roger Dingledine <arma at torproject.org>
Date: Sat Jan 7 07:42:07 2012 -0500
fold in some new changelog stanzas
---
ChangeLog | 150 +++++++++++++++++++++++++++++++++++++++++-
changes/bug1101 | 3 -
changes/bug1240 | 8 --
changes/bug1297b | 20 ------
changes/bug1827 | 9 ---
changes/bug2571 | 3 -
changes/bug3825b | 7 --
changes/bug4531_take2 | 5 --
changes/bug4653 | 4 -
changes/bug4697 | 5 --
changes/bug4733 | 6 --
changes/bug4759 | 14 ----
changes/bug4779 | 4 -
changes/bug4786 | 9 ---
changes/bug4788 | 6 --
changes/bug4796 | 7 --
changes/bug4803 | 4 -
changes/bug4822 | 13 ----
changes/clang_30_options | 5 --
changes/feature2411 | 12 ----
changes/geoip-january2012 | 3 -
changes/portability_01_haiku | 14 ----
changes/prop110 | 7 --
changes/timersub_bug | 7 --
24 files changed, 148 insertions(+), 177 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 667a953..9d20a8a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,150 @@
-Changes in version 0.2.3.11-alpha - 201?-??-??
+Changes in version 0.2.3.11-alpha - 2012-01-0?
+ o Major features:
+ - Now that Tor 0.2.0.x is completely deprecated, enable the final
+ part of "Proposal 110: Avoiding infinite length circuits" by
+ refusing all circuit-extend requests that do not use a relay_early
+ cell. This change helps Tor resist a class of denial-of-service
+ attacks by limiting the maximum circuit length.
+ - Adjust the number of introduction points that a hidden service
+ will try to maintain based on how long its introduction points
+ remain in use and how many introductions they handle. Fixes
+ part of bug 3825.
+ - Try to use system facilities for enumerating local interface
+ addresses, before falling back to our old approach (which was
+ binding a UDP socket, and calling getsockname() on it). That
+ approach was scaring OS X users whose draconian firewall
+ software warned about binding to UDP sockets, regardless of
+ whether packets were sent. Now we try to use getifaddrs(),
+ SIOCGIFCONF, or GetAdaptersAddresses(), depending on what the
+ system supports. Resolves ticket 1827.
+
+ o Major security workaround:
+ - When building or running with any version of OpenSSL earlier
+ than 0.9.8s or 1.0.0f, disable SSLv3 support. These OpenSSL
+ versions have a bug (CVE-2011-4576) in which their block cipher
+ padding includes uninitialized data, potentially leaking sensitive
+ information to any peer with whom they make a SSLv3 connection. Tor
+ does not use SSL v3 by default, but a hostile client or server
+ could force an SSLv3 connection in order to gain information that
+ they shouldn't have been able to get. The best solution here is to
+ upgrade to OpenSSL 0.9.8s or 1.0.0f (or later). But when building
+ or running with a non-upgraded OpenSSL, we disable SSLv3 entirely
+ to make sure that the bug can't happen.
+
+ o Major bugfixes:
+ - Correct our replacements for the timeradd() and timersub() functions
+ on platforms that lack them (for example, Windows). The timersub()
+ function is used when expiring circuits, while timeradd() is
+ currently unused. Bug report and patch by Vektor. Bugfix on
+ 0.2.2.24-alpha and 0.2.3.1-alpha; fixes bug 4778.
+ - Do not use OpenSSL 1.0.0's counter mode: it has a critical bug
+ that was fixed in OpenSSL 1.0.0a. Fixes bug 4779; bugfix on
+ Tor 0.2.3.9-alpha. Found by Pascal.
+
+ o Minor features:
+ - Directory servers now reject versions of Tor older than 0.2.1.30,
+ and Tor versions between 0.2.2.1-alpha and 0.2.2.20-alpha
+ (inclusive). These versions accounted for only a small fraction of
+ the Tor network, and have numerous known security issues. Resolves
+ issue 4788.
+ - Use absolute path names when reporting the torrc filename in the
+ control protocol, so a controller can more easily find the torrc
+ file. Resolves bug 1101.
+ - If EntryNodes are given, but UseEntryGuards is set to 0, warn that
+ EntryNodes will have no effect. Resolves issue 2571.
+ - Extend the control protocol to report flags that control a circuit's
+ path selection in CIRC events and in replies to 'GETINFO
+ circuit-status'. Implements part of ticket 2411.
+ - Extend the control protocol to report the hidden service address
+ and current state of a hidden-service-related circuit in CIRC
+ events and in replies to 'GETINFO circuit-status'. Implements part
+ of ticket 2411.
+ - Update to the January 3 2012 Maxmind GeoLite Country database.
+
+ o Minor bugfixes (hidden services):
+ - Don't close hidden service client circuits which have almost
+ finished connecting to their destination when they reach
+ the normal circuit-build timeout. Previously, we would close
+ introduction circuits which are waiting for an acknowledgement
+ from the introduction point, and rendezvous circuits which have
+ been specified in an INTRODUCE1 cell sent to a hidden service,
+ after the normal CBT. Now, we mark them as 'timed out', and launch
+ another rendezvous attempt in parallel. This behavior change can
+ be disabled using the new CloseHSClientCircuitsImmediatelyOnTimeout
+ option. Fixes part of bug 1297.
+ - Don't close hidden-service-side rendezvous circuits when they
+ reach the normal circuit-build timeout. This behaviour change can
+ be disabled using the new
+ CloseHSServiceRendCircuitsImmediatelyOnTimeout option. Fixes the
+ remaining part of bug 1297.
+ - Make sure we never mark the wrong rendezvous circuit as having
+ had its introduction cell acknowleged by the introduction-point
+ relay. Previously, when we received an INTRODUCE_ACK cell on a
+ client-side hidden-service introduction circuit, we might have
+ marked a rendezvous circuit other than the one we specified in
+ the INTRODUCE1 cell as INTRO_ACKED, which would have produced
+ a warning message and interfered with the hidden service
+ connection-establishment process. Bugfix on 0.2.3.3-alpha, when we
+ added the stream-isolation feature which might cause Tor to open
+ multiple rendezvous circuits for the same hidden service. Fixes
+ bug 4759.
+ - Don't trigger an assertion failure when we mark a new client-side
+ hidden-service introduction circuit for close during the process
+ of creating it. Bugfix on 0.2.3.6-alpha. Fixes bug 4796; reported
+ by murb.
+
+ o Minor bugfixes (other):
+ - Fix null-pointer access that could occur if TLS allocation failed.
+ Fixes bug 4531; bugfix on 0.2.0.20-rc. Found by "troll_un". This was
+ erroneously listed as fixed in 0.2.3.9-alpha, but the fix had
+ accidentally been reverted.
+ - Fix an assertion failure when, while running with bufferevents, a
+ connection finishes connecting after it is marked for close, but
+ before it is closed. Fixes bug 4697; bugfix on 0.2.3.1-alpha.
+ - Older Linux kernels erroneously respond to strange nmap behavior
+ by having accept() return successfully with a zero-length
+ socket. When this happens, just close the connection. Previously,
+ we would try harder to learn the remote address: but there was
+ no such remote address to learn, and our method for trying to
+ learn it was incorrect. Fixes bugs 1240, 4745, and 4747. Bugfix
+ on 0.1.0.3-rc. Reported and diagnosed by "r1eo".
+ - test_util_spawn_background_ok() hardcoded the expected value
+ for ENOENT to 2. This isn't portable as error numbers are
+ platform specific, and particularly the hurd has ENOENT at
+ 0x40000002. Construct expected string at runtime, using the correct
+ value for ENOENT. Fixes bug 4733; bugfix on 0.2.3.1-alpha.
+ - Correctly spell "connect" in a log message on failure to create a
+ controlsocket. Fixes bug 4803; bugfix on 0.2.2.26-beta and
+ 0.2.3.2-alpha.
+ - During configure, search for library containing cos function as
+ libm lives in libcore on some platforms (BeOS/Haiku).
+ Linking against libm was hard-coded before. Bugfix on
+ 0.2.2.2-alpha; fixes the first part of bug 4727. Patch and
+ analysis by Martin Hebnes Pedersen.
+ - Preprocessor directives should not be put inside the arguments
+ of a macro. This would break compilation with GCC releases prior
+ to version 3.3. We would never recommend such an old GCC
+ version, but it is apparently required for binary compatibility
+ on some platforms (namely, certain builds of Haiku). Bugfix on
+ 0.2.3.3-alpha; fixes the other part of bug 4727. Patch and
+ analysis by Martin Hebnes Pedersen.
+
+ - Feature removal:
+ - When sending or relaying a RELAY_EARLY cell, we used to convert
+ it to a RELAY cell if the connection was using the v1 link
+ protocol. This was a workaround for older versions of Tor, which
+ didn't handle RELAY_EARLY cells properly. Now that all supported
+ versions can handle RELAY_EARLY cells, and now that we're enforcing
+ the "no RELAY_EXTEND commands except in RELAY_EARLY cells" rule,
+ remove this workaround. Addresses bug 4786.
+
+ o Code simplifications and refactoring:
+ - During configure, detect when we're building with clang version
+ 3.0 or lower and disable the -Wnormalized=id and -Woverride-init
+ CFLAGS. clang doesn't support them yet.
+ - Use OpenSSL's built-in SSL_state_string_long() instead of our
+ own homebrewed ssl_state_to_string() replacement. Patch from
+ Emile Snyder. Fixes bug 4653.
Changes in version 0.2.3.10-alpha - 2011-12-16
@@ -786,7 +932,7 @@ Changes in version 0.2.1.31 - 2011-10-26
circuit EXTEND request. Now relays can protect clients from the
CVE-2011-2768 issue even if the clients haven't upgraded yet.
- Bridges now refuse CREATE or CREATE_FAST cells on OR connections
- that they initiated. Relays could distinguish incoming bridge
+ that they initiated. Relays could distinguish incoming bridge
connections from client connections, creating another avenue for
enumerating bridges. Fixes CVE-2011-2769. Bugfix on 0.2.0.3-alpha.
Found by "frosty_un".
diff --git a/changes/bug1101 b/changes/bug1101
deleted file mode 100644
index 784ae08..0000000
--- a/changes/bug1101
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor features:
- - Use absolute path names when reporting the torrc filename, so
- that a controller can more easily find it. Resolves bug 1101.
diff --git a/changes/bug1240 b/changes/bug1240
deleted file mode 100644
index 6570664..0000000
--- a/changes/bug1240
+++ /dev/null
@@ -1,8 +0,0 @@
- o Minor bugfixes:
- - When running with an older Linux kernel that erroneously responds
- to strange nmap behavior by having accept() return successfully
- with a zero-length socket, just close the connection. Previously,
- we would try harder to learn the remote address: but there was no
- such remote address to learn, and our method for trying to learn
- it was incorrect. Fixes bugs #1240, #4745, and #4747. Bugfix on
- 0.1.0.3-rc. Reported and diagnosed by "r1eo".
diff --git a/changes/bug1297b b/changes/bug1297b
deleted file mode 100644
index fb0d00c..0000000
--- a/changes/bug1297b
+++ /dev/null
@@ -1,20 +0,0 @@
- o Minor bugfixes:
-
- - Don't close hidden service client circuits which have almost
- finished connecting to their destination when they reach the
- normal circuit-build timeout. Previously, we would close
- introduction circuits which are waiting for an acknowledgement
- from the introduction-point relay and rendezvous circuits which
- have been specified in an INTRODUCE1 cell sent to a hidden
- service after the normal CBT; now, we mark them as 'timed out',
- and launch another rendezvous attempt in parallel. This
- behaviour change can be disabled using the new
- CloseHSClientCircuitsImmediatelyOnTimeout option. Fixes part of
- bug 1297.
-
- - Don't close hidden-service-side rendezvous circuits when they
- reach the normal circuit-build timeout. Previously, we would
- close them. This behaviour change can be disabled using the new
- CloseHSServiceRendCircuitsImmediatelyOnTimeout option. Fixes
- the remaining part of bug 1297.
-
diff --git a/changes/bug1827 b/changes/bug1827
deleted file mode 100644
index 0701876..0000000
--- a/changes/bug1827
+++ /dev/null
@@ -1,9 +0,0 @@
- - Minor features:
- - Try to use system facilities for enumerating local interface
- addresses, before falling back to our old approach (which was
- binding a UDP socket, and calling getsockname() on it). That
- approach was confusing people whose draconian firewall software
- didn't like binding to UDP sockets, regardless of whether
- packets were sent. Now we try to use getifaddrs(), SIOCGIFCONF,
- or GetAdaptersAddresses(), depending on what the system
- supports. Resolves ticket #1827.
diff --git a/changes/bug2571 b/changes/bug2571
deleted file mode 100644
index dfb4f3b..0000000
--- a/changes/bug2571
+++ /dev/null
@@ -1,3 +0,0 @@
- - Minor features:
- - If EntryNodes are given, but UseEntryGuards is set to 0, warn that
- EntryNodes will have no effect. Resolves issue 2571.
diff --git a/changes/bug3825b b/changes/bug3825b
deleted file mode 100644
index 08c0c2d..0000000
--- a/changes/bug3825b
+++ /dev/null
@@ -1,7 +0,0 @@
- o Major features:
-
- - Adjust the number of introduction points that a hidden service
- will try to maintain based on how long its introduction points
- remain in use and how many introductions they handle. Fixes
- part of bug 3825.
-
diff --git a/changes/bug4531_take2 b/changes/bug4531_take2
deleted file mode 100644
index fd4f5f0..0000000
--- a/changes/bug4531_take2
+++ /dev/null
@@ -1,5 +0,0 @@
- o Minor bugfixes:
- - Fix null-pointer access that could occur if TLS allocation failed.
- Fixes bug 4531; bugfix on 0.2.0.20-rc. Found by "troll_un". This was
- erroneously listed as fixed in 0.2.3.9-alpha, but the fix had
- accidentally been reverted.
diff --git a/changes/bug4653 b/changes/bug4653
deleted file mode 100644
index 3c0596f..0000000
--- a/changes/bug4653
+++ /dev/null
@@ -1,4 +0,0 @@
- o Code simplification and refactoring:
- - Use OpenSSL's built-in SSL_state_string_long() instead of our
- own homebrewed ssl_state_to_string() replacement. Patch from
- Emile Snyder. Fixes bug 4653.
diff --git a/changes/bug4697 b/changes/bug4697
deleted file mode 100644
index c3c940d..0000000
--- a/changes/bug4697
+++ /dev/null
@@ -1,5 +0,0 @@
- o Minor bugfixes:
- - Fix an assertion failure when, while running with bufferevents, a
- connection finishes connecting after it is marked for close, but
- before it is closed. Fix for bug 4697; Bugfix on 0.2.3.1-alpha.
-
diff --git a/changes/bug4733 b/changes/bug4733
deleted file mode 100644
index 672cfbc..0000000
--- a/changes/bug4733
+++ /dev/null
@@ -1,6 +0,0 @@
- o Minor fix:
- test_util_spawn_background_ok() hardcoded the expected value
- for ENOENT to 2. This isn't portable as error numbers are
- platform specific, and particularly the hurd has ENOENT at
- 0x40000002. Construct expected string at runtime, using the
- correct value for ENOENT (closes: #4733). Bugfix on 0.2.3.1-alpha.
diff --git a/changes/bug4759 b/changes/bug4759
deleted file mode 100644
index 19138ab..0000000
--- a/changes/bug4759
+++ /dev/null
@@ -1,14 +0,0 @@
- o Minor bugfixes:
-
- - Make sure we never mark the wrong rendezvous circuit as having
- had its introduction cell acknowleged by the introduction-point
- relay. Previously, when we received an INTRODUCE_ACK cell on a
- client-side hidden-service introduction circuit, we might have
- marked a rendezvous circuit other than the one we specified in
- the INTRODUCE1 cell as INTRO_ACKED, which would have produced a
- warning message and interfered with the hidden service
- connection-establishment process. Bugfix on 0.2.3.3-alpha, when
- the stream-isolation feature which might cause Tor to open
- multiple rendezvous circuits for the same hidden service was
- added. Fixes bug 4759.
-
diff --git a/changes/bug4779 b/changes/bug4779
deleted file mode 100644
index 4535a2b..0000000
--- a/changes/bug4779
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfixes:
- - Do not use OpenSSL 1.0.0's counter mode: it has a critical bug
- that was fixed in OpenSSL 1.0.0a. Fixes bug 4779; bugfix on
- Tor 0.2.3.9-alpha. Found by Pascal.
diff --git a/changes/bug4786 b/changes/bug4786
deleted file mode 100644
index 7c1c60f..0000000
--- a/changes/bug4786
+++ /dev/null
@@ -1,9 +0,0 @@
- - Feature removal:
- - When sending or relaying a RELAY_EARLY cell, we used to convert
- it to a RELAY cell if the connection was using the v1 link
- protocol. This was a workaround for older versions of Tor, which
- didn't handle RELAY_EARLY cells properly. Now that all supported
- versions can handle RELAY_EARLY cells, and now that we're
- enforcing the "no RELAY_EXTEND commands except in RELAY_EARLY
- cells" rule, we're removing this workaround. Addresses bug 4786.
-
diff --git a/changes/bug4788 b/changes/bug4788
deleted file mode 100644
index d65c001..0000000
--- a/changes/bug4788
+++ /dev/null
@@ -1,6 +0,0 @@
- o Minor features (directory server):
- - Directory servers now reject versions of Tor older than 0.2.1.30,
- and Tor versions between 0.2.2.1-alpha and 0.2.2.20-alpha
- (inclusive). These versions accounted for only a small fraction of
- the Tor network, and have numerous known security issues. Resolves
- issue #4788.
diff --git a/changes/bug4796 b/changes/bug4796
deleted file mode 100644
index bcb795f..0000000
--- a/changes/bug4796
+++ /dev/null
@@ -1,7 +0,0 @@
- o Minor bugfixes:
-
- - Don't exit with an assertion failure when we mark a new
- client-side hidden-service introduction circuit for close during
- the process of creating it. Bugfix on 0.2.3.6-alpha. Fixes bug
- 4796; reported by murb.
-
diff --git a/changes/bug4803 b/changes/bug4803
deleted file mode 100644
index cd25266..0000000
--- a/changes/bug4803
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfixes:
- - Correctly spell "connect" in a log message when creating a controlsocket
- fails. Fixes bug 4803; bugfix on 0.2.2.26-beta/0.2.3.2-alpha.
-
diff --git a/changes/bug4822 b/changes/bug4822
deleted file mode 100644
index 73f43f0..0000000
--- a/changes/bug4822
+++ /dev/null
@@ -1,13 +0,0 @@
- o Major security workaround:
- - When building or running with any version of OpenSSL earlier
- than 0.9.8s or 1.0.0f, disable SSLv3 support. These versions had
- a bug (CVE-2011-4576) in which their block cipher padding
- included uninitialized data, potentially leaking sensitive
- information to any peer with whom they made a SSLv3
- connection. Tor does not use SSL v3 by default, but a hostile
- client or server could force an SSLv3 connection in order to
- gain information that they shouldn't have been able to get. The
- best solution here is to upgrade to OpenSSL 0.9.8s or 1.0.0f (or
- later). But when building or running with a non-upgraded
- OpenSSL, we should instead make sure that the bug can't happen
- by disabling SSLv3 entirely.
diff --git a/changes/clang_30_options b/changes/clang_30_options
deleted file mode 100644
index e8e34c8..0000000
--- a/changes/clang_30_options
+++ /dev/null
@@ -1,5 +0,0 @@
- o Code simplifications and refactoring:
- - During configure, detect when we're building with clang version 3.0 or
- lower and disable the -Wnormalized=id and -Woverride-init CFLAGS.
- clang doesn't support them yet.
-
diff --git a/changes/feature2411 b/changes/feature2411
deleted file mode 100644
index 633a5ce..0000000
--- a/changes/feature2411
+++ /dev/null
@@ -1,12 +0,0 @@
- o Minor features:
-
- - Report flags that control a circuit's path selection to
- controllers in CIRC events and in replies to 'GETINFO
- circuit-status'. Implements part of ticket 2411.
-
- - Report the hidden service address and current state of a
- hidden-service-related circuit to controllers in CIRC events and
- in replies to 'GETINFO circuit-status'. Implements part of
- ticket 2411.
-
-
diff --git a/changes/geoip-january2012 b/changes/geoip-january2012
deleted file mode 100644
index 2f4180e..0000000
--- a/changes/geoip-january2012
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor features:
- - Update to the January 3 2012 Maxmind GeoLite Country database.
-
diff --git a/changes/portability_01_haiku b/changes/portability_01_haiku
deleted file mode 100644
index 74887fe..0000000
--- a/changes/portability_01_haiku
+++ /dev/null
@@ -1,14 +0,0 @@
- o Minor buxfixes:
- - During configure, search for library containing cos function as
- libm lives in libcore on some platforms (BeOS/Haiku).
- Linking against libm was hard-coded before. Bugfix on
- 0.2.2.2-alpha, fixes the first part of bug 4727. Patch and
- analysis by Martin Hebnes Pedersen.
- - Preprocessor directives should not be put inside the arguments
- of a macro. This would break compilation with GCC releases prior
- to version 3.3. We would never recommend such an old GCC
- version, but it is apparently required for binary compatibility
- on some platforms (namely, certain builds of Haiku). Bugfix on
- 0.2.3.3-alpha, fixes the other part of bug 4727. Patch and
- analysis by Martin Hebnes Pedersen.
-
diff --git a/changes/prop110 b/changes/prop110
deleted file mode 100644
index 843595e..0000000
--- a/changes/prop110
+++ /dev/null
@@ -1,7 +0,0 @@
- o Major features:
- - Now that Tor 0.2.0.x is completely deprecated, we can enable the
- final part of "Proposal 110: Avoiding infinite length circuits"
- by refusing all circuit-extend requests that do not appear in a
- "relay_early" cell. This change helps Tor to resist a class of
- denial-of-service attacks by limiting the maximum circuit length.
-
diff --git a/changes/timersub_bug b/changes/timersub_bug
deleted file mode 100644
index 9183862..0000000
--- a/changes/timersub_bug
+++ /dev/null
@@ -1,7 +0,0 @@
- o Major bugfixes:
- - Provide correct replacements for the timeradd() and timersub() functions
- for platforms that lack them (for example, windows). The timersub()
- function is used when expiring circuits, timeradd() is currently unused.
- Patch written by Vektor, who also reported the bug. Thanks! Bugfix
- on 0.2.2.24-alpha/0.2.3.1-alpha, fixes bug 4778.
-
More information about the tor-commits
mailing list