fold in some new changelog stanzas

2025-02-23 14:40:51 +01:00 · 2012-01-07 07:42:07 -05:00 · 2012-01-07 07:42:07 -05:00 · 36721e940d
commit 36721e940d
parent 19c372daf0
24 changed files with 148 additions and 177 deletions
--- a/148
+++ b/148
@ -1,4 +1,150 @@
-Changes in version 0.2.3.11-alpha - 201?-??-??
+Changes in version 0.2.3.11-alpha - 2012-01-0?
  o Major features:
    - Now that Tor 0.2.0.x is completely deprecated, enable the final
      part of "Proposal 110: Avoiding infinite length circuits" by
      refusing all circuit-extend requests that do not use a relay_early
      cell. This change helps Tor resist a class of denial-of-service
      attacks by limiting the maximum circuit length.
    - Adjust the number of introduction points that a hidden service
      will try to maintain based on how long its introduction points
      remain in use and how many introductions they handle. Fixes
      part of bug 3825.
    - Try to use system facilities for enumerating local interface
      addresses, before falling back to our old approach (which was
      binding a UDP socket, and calling getsockname() on it). That
      approach was scaring OS X users whose draconian firewall
      software warned about binding to UDP sockets, regardless of
      whether packets were sent. Now we try to use getifaddrs(),
      SIOCGIFCONF, or GetAdaptersAddresses(), depending on what the
      system supports. Resolves ticket 1827.
  o Major security workaround:
    - When building or running with any version of OpenSSL earlier
      than 0.9.8s or 1.0.0f, disable SSLv3 support. These OpenSSL
      versions have a bug (CVE-2011-4576) in which their block cipher
      padding includes uninitialized data, potentially leaking sensitive
      information to any peer with whom they make a SSLv3 connection. Tor
      does not use SSL v3 by default, but a hostile client or server
      could force an SSLv3 connection in order to gain information that
      they shouldn't have been able to get. The best solution here is to
      upgrade to OpenSSL 0.9.8s or 1.0.0f (or later). But when building
      or running with a non-upgraded OpenSSL, we disable SSLv3 entirely
      to make sure that the bug can't happen.
  o Major bugfixes:
    - Correct our replacements for the timeradd() and timersub() functions
      on platforms that lack them (for example, Windows). The timersub()
      function is used when expiring circuits, while timeradd() is
      currently unused. Bug report and patch by Vektor. Bugfix on
      0.2.2.24-alpha and 0.2.3.1-alpha; fixes bug 4778.
    - Do not use OpenSSL 1.0.0's counter mode: it has a critical bug
      that was fixed in OpenSSL 1.0.0a. Fixes bug 4779; bugfix on
      Tor 0.2.3.9-alpha. Found by Pascal.
  o Minor features:
    - Directory servers now reject versions of Tor older than 0.2.1.30,
      and Tor versions between 0.2.2.1-alpha and 0.2.2.20-alpha
      (inclusive). These versions accounted for only a small fraction of
      the Tor network, and have numerous known security issues. Resolves
      issue 4788.
    - Use absolute path names when reporting the torrc filename in the
      control protocol, so a controller can more easily find the torrc
      file. Resolves bug 1101.
    - If EntryNodes are given, but UseEntryGuards is set to 0, warn that
      EntryNodes will have no effect. Resolves issue 2571.
    - Extend the control protocol to report flags that control a circuit's
      path selection in CIRC events and in replies to 'GETINFO
      circuit-status'. Implements part of ticket 2411.
    - Extend the control protocol to report the hidden service address
      and current state of a hidden-service-related circuit in CIRC
      events and in replies to 'GETINFO circuit-status'. Implements part
      of ticket 2411.
    - Update to the January 3 2012 Maxmind GeoLite Country database.
  o Minor bugfixes (hidden services):
    - Don't close hidden service client circuits which have almost
      finished connecting to their destination when they reach
      the normal circuit-build timeout. Previously, we would close
      introduction circuits which are waiting for an acknowledgement
      from the introduction point, and rendezvous circuits which have
      been specified in an INTRODUCE1 cell sent to a hidden service,
      after the normal CBT. Now, we mark them as 'timed out', and launch
      another rendezvous attempt in parallel. This behavior change can
      be disabled using the new CloseHSClientCircuitsImmediatelyOnTimeout
      option. Fixes part of bug 1297.
    - Don't close hidden-service-side rendezvous circuits when they
      reach the normal circuit-build timeout. This behaviour change can
      be disabled using the new
      CloseHSServiceRendCircuitsImmediatelyOnTimeout option. Fixes the
      remaining part of bug 1297.
    - Make sure we never mark the wrong rendezvous circuit as having
      had its introduction cell acknowleged by the introduction-point
      relay. Previously, when we received an INTRODUCE_ACK cell on a
      client-side hidden-service introduction circuit, we might have
      marked a rendezvous circuit other than the one we specified in
      the INTRODUCE1 cell as INTRO_ACKED, which would have produced
      a warning message and interfered with the hidden service
      connection-establishment process. Bugfix on 0.2.3.3-alpha, when we
      added the stream-isolation feature which might cause Tor to open
      multiple rendezvous circuits for the same hidden service. Fixes
      bug 4759.
    - Don't trigger an assertion failure when we mark a new client-side
      hidden-service introduction circuit for close during the process
      of creating it. Bugfix on 0.2.3.6-alpha. Fixes bug 4796; reported
      by murb.
  o Minor bugfixes (other):
    - Fix null-pointer access that could occur if TLS allocation failed.
      Fixes bug 4531; bugfix on 0.2.0.20-rc. Found by "troll_un". This was
      erroneously listed as fixed in 0.2.3.9-alpha, but the fix had
      accidentally been reverted.
    - Fix an assertion failure when, while running with bufferevents, a
      connection finishes connecting after it is marked for close, but
      before it is closed. Fixes bug 4697; bugfix on 0.2.3.1-alpha.
    - Older Linux kernels erroneously respond to strange nmap behavior
      by having accept() return successfully with a zero-length
      socket. When this happens, just close the connection. Previously,
      we would try harder to learn the remote address: but there was
      no such remote address to learn, and our method for trying to
      learn it was incorrect. Fixes bugs 1240, 4745, and 4747. Bugfix
      on 0.1.0.3-rc. Reported and diagnosed by "r1eo".
    - test_util_spawn_background_ok() hardcoded the expected value
      for ENOENT to 2. This isn't portable as error numbers are
      platform specific, and particularly the hurd has ENOENT at
      0x40000002. Construct expected string at runtime, using the correct
      value for ENOENT. Fixes bug 4733; bugfix on 0.2.3.1-alpha.
    - Correctly spell "connect" in a log message on failure to create a
      controlsocket. Fixes bug 4803; bugfix on 0.2.2.26-beta and
      0.2.3.2-alpha.
    - During configure, search for library containing cos function as
      libm lives in libcore on some platforms (BeOS/Haiku).
      Linking against libm was hard-coded before. Bugfix on
      0.2.2.2-alpha; fixes the first part of bug 4727. Patch and
      analysis by Martin Hebnes Pedersen.
    - Preprocessor directives should not be put inside the arguments
      of a macro. This would break compilation with GCC releases prior
      to version 3.3. We would never recommend such an old GCC
      version, but it is apparently required for binary compatibility
      on some platforms (namely, certain builds of Haiku). Bugfix on
      0.2.3.3-alpha; fixes the other part of bug 4727. Patch and
      analysis by Martin Hebnes Pedersen.
  - Feature removal:
    - When sending or relaying a RELAY_EARLY cell, we used to convert
      it to a RELAY cell if the connection was using the v1 link
      protocol. This was a workaround for older versions of Tor, which
      didn't handle RELAY_EARLY cells properly. Now that all supported
      versions can handle RELAY_EARLY cells, and now that we're enforcing
      the "no RELAY_EXTEND commands except in RELAY_EARLY cells" rule,
      remove this workaround. Addresses bug 4786.
  o Code simplifications and refactoring:
    - During configure, detect when we're building with clang version
      3.0 or lower and disable the -Wnormalized=id and -Woverride-init
      CFLAGS. clang doesn't support them yet.
    - Use OpenSSL's built-in SSL_state_string_long() instead of our
      own homebrewed ssl_state_to_string() replacement. Patch from
      Emile Snyder. Fixes bug 4653.
 Changes in version 0.2.3.10-alpha - 2011-12-16
--- a/changes/bug1101
+++ b/changes/bug1101
@ -1,3 +0,0 @@
  o Minor features:
    - Use absolute path names when reporting the torrc filename, so
      that a controller can more easily find it. Resolves bug 1101.
--- a/changes/bug1240
+++ b/changes/bug1240
@ -1,8 +0,0 @@
  o Minor bugfixes:
    - When running with an older Linux kernel that erroneously responds
      to strange nmap behavior by having accept() return successfully
      with a zero-length socket, just close the connection. Previously,
      we would try harder to learn the remote address: but there was no
      such remote address to learn, and our method for trying to learn
      it was incorrect. Fixes bugs #1240, #4745, and #4747. Bugfix on
      0.1.0.3-rc. Reported and diagnosed by "r1eo".
--- a/changes/bug1297b
+++ b/changes/bug1297b
@ -1,20 +0,0 @@
  o Minor bugfixes:
    - Don't close hidden service client circuits which have almost
      finished connecting to their destination when they reach the
      normal circuit-build timeout.  Previously, we would close
      introduction circuits which are waiting for an acknowledgement
      from the introduction-point relay and rendezvous circuits which
      have been specified in an INTRODUCE1 cell sent to a hidden
      service after the normal CBT; now, we mark them as 'timed out',
      and launch another rendezvous attempt in parallel.  This
      behaviour change can be disabled using the new
      CloseHSClientCircuitsImmediatelyOnTimeout option.  Fixes part of
      bug 1297.
    - Don't close hidden-service-side rendezvous circuits when they
      reach the normal circuit-build timeout.  Previously, we would
      close them.  This behaviour change can be disabled using the new
      CloseHSServiceRendCircuitsImmediatelyOnTimeout option.  Fixes
      the remaining part of bug 1297.
--- a/changes/bug1827
+++ b/changes/bug1827
@ -1,9 +0,0 @@
  - Minor features:
    - Try to use system facilities for enumerating local interface
      addresses, before falling back to our old approach (which was
      binding a UDP socket, and calling getsockname() on it). That
      approach was confusing people whose draconian firewall software
      didn't like binding to UDP sockets, regardless of whether
      packets were sent. Now we try to use getifaddrs(), SIOCGIFCONF,
      or GetAdaptersAddresses(), depending on what the system
      supports. Resolves ticket #1827.
--- a/changes/bug2571
+++ b/changes/bug2571
@ -1,3 +0,0 @@
  - Minor features:
    - If EntryNodes are given, but UseEntryGuards is set to 0, warn that
      EntryNodes will have no effect. Resolves issue 2571.
--- a/changes/bug3825b
+++ b/changes/bug3825b
@ -1,7 +0,0 @@
  o Major features:
    - Adjust the number of introduction points that a hidden service
      will try to maintain based on how long its introduction points
      remain in use and how many introductions they handle.  Fixes
      part of bug 3825.
--- a/changes/bug4531_take2
+++ b/changes/bug4531_take2
@ -1,5 +0,0 @@
  o Minor bugfixes:
    - Fix null-pointer access that could occur if TLS allocation failed.
      Fixes bug 4531; bugfix on 0.2.0.20-rc. Found by "troll_un". This was
      erroneously listed as fixed in 0.2.3.9-alpha, but the fix had
      accidentally been reverted.
--- a/changes/bug4653
+++ b/changes/bug4653
@ -1,4 +0,0 @@
  o Code simplification and refactoring:
    - Use OpenSSL's built-in SSL_state_string_long() instead of our
      own homebrewed ssl_state_to_string() replacement. Patch from
      Emile Snyder. Fixes bug 4653.
--- a/changes/bug4697
+++ b/changes/bug4697
@ -1,5 +0,0 @@
  o Minor bugfixes:
    - Fix an assertion failure when, while running with bufferevents, a
      connection finishes connecting after it is marked for close, but
      before it is closed. Fix for bug 4697; Bugfix on 0.2.3.1-alpha.
--- a/changes/bug4733
+++ b/changes/bug4733
@ -1,6 +0,0 @@
  o Minor fix:
    test_util_spawn_background_ok() hardcoded the expected value
    for ENOENT to 2.  This isn't portable as error numbers are
    platform specific, and particularly the hurd has ENOENT at
    0x40000002.  Construct expected string at runtime, using the
    correct value for ENOENT (closes: #4733).  Bugfix on 0.2.3.1-alpha.
--- a/changes/bug4759
+++ b/changes/bug4759
@ -1,14 +0,0 @@
  o Minor bugfixes:
    - Make sure we never mark the wrong rendezvous circuit as having
      had its introduction cell acknowleged by the introduction-point
      relay.  Previously, when we received an INTRODUCE_ACK cell on a
      client-side hidden-service introduction circuit, we might have
      marked a rendezvous circuit other than the one we specified in
      the INTRODUCE1 cell as INTRO_ACKED, which would have produced a
      warning message and interfered with the hidden service
      connection-establishment process.  Bugfix on 0.2.3.3-alpha, when
      the stream-isolation feature which might cause Tor to open
      multiple rendezvous circuits for the same hidden service was
      added.  Fixes bug 4759.
--- a/changes/bug4779
+++ b/changes/bug4779
@ -1,4 +0,0 @@
  o Minor bugfixes:
    - Do not use OpenSSL 1.0.0's counter mode: it has a critical bug
      that was fixed in OpenSSL 1.0.0a. Fixes bug 4779; bugfix on
      Tor 0.2.3.9-alpha. Found by Pascal.
--- a/changes/bug4786
+++ b/changes/bug4786
@ -1,9 +0,0 @@
  - Feature removal:
    - When sending or relaying a RELAY_EARLY cell, we used to convert
      it to a RELAY cell if the connection was using the v1 link
      protocol. This was a workaround for older versions of Tor, which
      didn't handle RELAY_EARLY cells properly. Now that all supported
      versions can handle RELAY_EARLY cells, and now that we're
      enforcing the "no RELAY_EXTEND commands except in RELAY_EARLY
      cells" rule, we're removing this workaround. Addresses bug 4786.
--- a/changes/bug4788
+++ b/changes/bug4788
@ -1,6 +0,0 @@
  o Minor features (directory server):
    - Directory servers now reject versions of Tor older than 0.2.1.30,
      and Tor versions between 0.2.2.1-alpha and 0.2.2.20-alpha
      (inclusive). These versions accounted for only a small fraction of
      the Tor network, and have numerous known security issues. Resolves
      issue #4788.
--- a/changes/bug4796
+++ b/changes/bug4796
@ -1,7 +0,0 @@
  o Minor bugfixes:
    - Don't exit with an assertion failure when we mark a new
      client-side hidden-service introduction circuit for close during
      the process of creating it.  Bugfix on 0.2.3.6-alpha.  Fixes bug
      4796; reported by murb.
--- a/changes/bug4803
+++ b/changes/bug4803
@ -1,4 +0,0 @@
  o Minor bugfixes:
    - Correctly spell "connect" in a log message when creating a controlsocket
      fails. Fixes bug 4803; bugfix on 0.2.2.26-beta/0.2.3.2-alpha.
--- a/changes/bug4822
+++ b/changes/bug4822
@ -1,13 +0,0 @@
  o Major security workaround:
    - When building or running with any version of OpenSSL earlier
      than 0.9.8s or 1.0.0f, disable SSLv3 support. These versions had
      a bug (CVE-2011-4576) in which their block cipher padding
      included uninitialized data, potentially leaking sensitive
      information to any peer with whom they made a SSLv3
      connection. Tor does not use SSL v3 by default, but a hostile
      client or server could force an SSLv3 connection in order to
      gain information that they shouldn't have been able to get. The
      best solution here is to upgrade to OpenSSL 0.9.8s or 1.0.0f (or
      later). But when building or running with a non-upgraded
      OpenSSL, we should instead make sure that the bug can't happen
      by disabling SSLv3 entirely.
--- a/changes/clang_30_options
+++ b/changes/clang_30_options
@ -1,5 +0,0 @@
  o Code simplifications and refactoring:
    - During configure, detect when we're building with clang version 3.0 or
      lower and disable the -Wnormalized=id and -Woverride-init CFLAGS.
      clang doesn't support them yet.
--- a/changes/feature2411
+++ b/changes/feature2411
@ -1,12 +0,0 @@
  o Minor features:
    - Report flags that control a circuit's path selection to
      controllers in CIRC events and in replies to 'GETINFO
      circuit-status'.  Implements part of ticket 2411.
    - Report the hidden service address and current state of a
      hidden-service-related circuit to controllers in CIRC events and
      in replies to 'GETINFO circuit-status'.  Implements part of
      ticket 2411.
--- a/changes/geoip-january2012
+++ b/changes/geoip-january2012
@ -1,3 +0,0 @@
  o Minor features:
    - Update to the January 3 2012 Maxmind GeoLite Country database.
--- a/changes/portability_01_haiku
+++ b/changes/portability_01_haiku
@ -1,14 +0,0 @@
  o Minor buxfixes:
    - During configure, search for library containing cos function as
      libm lives in libcore on some platforms (BeOS/Haiku).
      Linking against libm was hard-coded before. Bugfix on
      0.2.2.2-alpha, fixes the first part of bug 4727. Patch and
      analysis by Martin Hebnes Pedersen.
    - Preprocessor directives should not be put inside the arguments
      of a macro. This would break compilation with GCC releases prior
      to version 3.3. We would never recommend such an old GCC
      version, but it is apparently required for binary compatibility
      on some platforms (namely, certain builds of Haiku). Bugfix on
      0.2.3.3-alpha, fixes the other part of bug 4727. Patch and
      analysis by Martin Hebnes Pedersen.
--- a/changes/prop110
+++ b/changes/prop110
@ -1,7 +0,0 @@
  o Major features:
    - Now that Tor 0.2.0.x is completely deprecated, we can enable the
      final part of "Proposal 110: Avoiding infinite length circuits"
      by refusing all circuit-extend requests that do not appear in a
      "relay_early" cell. This change helps Tor to resist a class of
      denial-of-service attacks by limiting the maximum circuit length.
--- a/changes/timersub_bug
+++ b/changes/timersub_bug
@ -1,7 +0,0 @@
  o Major bugfixes:
    - Provide correct replacements for the timeradd() and timersub() functions
      for platforms that lack them (for example, windows). The timersub()
      function is used when expiring circuits, timeradd() is currently unused.
      Patch written by Vektor, who also reported the bug. Thanks! Bugfix
      on 0.2.2.24-alpha/0.2.3.1-alpha, fixes bug 4778.
		`@ -1,3 +0,0 @@`
			`o Minor features:`
			`- Update to the January 3 2012 Maxmind GeoLite Country database.`