pkgsrc-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: PR/51745 CVS commit: pkgsrc/net/tor
The following reply was made to PR pkg/51745; it has been noted by GNATS.
From: Benny Siegert <bsiegert%gmail.com@localhost>
To: gnats-bugs%netbsd.org@localhost
Cc:
Subject: Re: PR/51745 CVS commit: pkgsrc/net/tor
Date: Sun, 08 Jan 2017 13:29:06 +0000
--94eb2c114896e075f00545953c2f
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Does this need to be pulled up to 2016Q4?
Maya Rashish <maya%netbsd.org@localhost> schrieb am So. 8. Jan. 2017 um 13:55:
> The following reply was made to PR pkg/51745; it has been noted by GNATS.
>
>
>
> From: "Maya Rashish" <maya%netbsd.org@localhost>
>
> To: gnats-bugs%gnats.NetBSD.org@localhost
>
> Cc:
>
> Subject: PR/51745 CVS commit: pkgsrc/net/tor
>
> Date: Sun, 8 Jan 2017 12:50:41 +0000
>
>
>
> Module Name: pkgsrc
>
> Committed By: maya
>
> Date: Sun Jan 8 12:50:41 UTC 2017
>
>
>
> Modified Files:
>
> pkgsrc/net/tor: Makefile distinfo
>
>
>
> Log Message:
>
> tor: update to 0.2.9.8
>
> Updated provided by reezer (maintainer) in PR pkg/51745
>
>
>
> Changes in version 0.2.9.8 - 2016-12-19
>
> Tor 0.2.9.8 is the first stable release of the Tor 0.2.9 series.
>
>
>
> The Tor 0.2.9 series makes mandatory a number of security features
>
> that were formerly optional. It includes support for a new shared-
>
> randomness protocol that will form the basis for next generation
>
> hidden services, includes a single-hop hidden service mode for
>
> optimizing .onion services that don't actually want to be hidden,
>
> tries harder not to overload the directory authorities with excessive
>
> downloads, and supports a better protocol versioning scheme for
>
> improved compatibility with other implementations of the Tor protocol.
>
>
>
> And of course, there are numerous other bugfixes and improvements.
>
>
>
> This release also includes a fix for a medium-severity issue (bug
>
> 21018 below) where Tor clients could crash when attempting to visit a
>
> hostile hidden service. Clients are recommended to upgrade as packages
>
> become available for their systems.
>
>
>
> Below are listed the changes since Tor 0.2.8.11. For a list of
>
> changes since 0.2.9.7-rc, see the ChangeLog file.
>
>
>
> o New system requirements:
>
> - When building with OpenSSL, Tor now requires version 1.0.1 or
>
> later. OpenSSL 1.0.0 and earlier are no longer supported by the
>
> OpenSSL team, and should not be used. Closes ticket 20303.
>
> - Tor now requires Libevent version 2.0.10-stable or later. Older
>
> versions of Libevent have less efficient backends for several
>
> platforms, and lack the DNS code that we use for our server-side
>
> DNS support. This implements ticket 19554.
>
> - Tor now requires zlib version 1.2 or later, for security,
>
> efficiency, and (eventually) gzip support. (Back when we started,
>
> zlib 1.1 and zlib 1.0 were still found in the wild. 1.2 was
>
> released in 2003. We recommend the latest version.)
>
>
>
> o Deprecated features:
>
> - A number of DNS-cache-related sub-options for client ports are now
>
> deprecated for security reasons, and may be removed in a future
>
> version of Tor. (We believe that client-side DNS caching is a bad
>
> idea for anonymity, and you should not turn it on.) The options
>
> are: CacheDNS, CacheIPv4DNS, CacheIPv6DNS, UseDNSCache,
>
> UseIPv4Cache, and UseIPv6Cache.
>
> - A number of options are deprecated for security reasons, and may
>
> be removed in a future version of Tor. The options are:
>
> AllowDotExit, AllowInvalidNodes, AllowSingleHopCircuits,
>
> AllowSingleHopExits, ClientDNSRejectInternalAddresses,
>
> CloseHSClientCircuitsImmediatelyOnTimeout,
>
> CloseHSServiceRendCircuitsImmediatelyOnTimeout,
>
> ExcludeSingleHopRelays, FastFirstHopPK, TLSECGroup,
>
> UseNTorHandshake, and WarnUnsafeSocks.
>
> - The *ListenAddress options are now deprecated as unnecessary: the
>
> corresponding *Port options should be used instead. These options
>
> may someday be removed. The affected options are:
>
> ControlListenAddress, DNSListenAddress, DirListenAddress,
>
> NATDListenAddress, ORListenAddress, SocksListenAddress,
>
> and TransListenAddress.
>
>
>
> o Major bugfixes (parsing, security, new since 0.2.9.7-rc):
>
> - Fix a bug in parsing that could cause clients to read a single
>
> byte past the end of an allocated region. This bug could be used
>
> to cause hardened clients (built with --enable-expensive-hardening=
)
>
> to crash if they tried to visit a hostile hidden service. Non-
>
> hardened clients are only affected depending on the details of
>
> their platform's memory allocator. Fixes bug 21018; bugfix on
>
> 0.2.0.8-alpha. Found by using libFuzzer. Also tracked as TROVE-
>
> 2016-12-002 and as CVE-2016-1254.
>
>
>
> o Major features (build, hardening):
>
> - Tor now builds with -ftrapv by default on compilers that support
>
> it. This option detects signed integer overflow (which C forbids),
>
> and turns it into a hard-failure. We do not apply this option to
>
> code that needs to run in constant time to avoid side-channels;
>
> instead, we use -fwrapv in that code. Closes ticket 17983.
>
> - When --enable-expensive-hardening is selected, stop applying the
>
> clang/gcc sanitizers to code that needs to run in constant time.
>
> Although we are aware of no introduced side-channels, we are not
>
> able to prove that there are none. Related to ticket 17983.
>
>
>
> o Major features (circuit building, security):
>
> - Authorities, relays, and clients now require ntor keys in all
>
> descriptors, for all hops (except for rare hidden service protocol
>
> cases), for all circuits, and for all other roles. Part of
>
> ticket 19163.
>
> - Authorities, relays, and clients only use ntor, except for
>
> rare cases in the hidden service protocol. Part of ticket 19163.
>
>
>
> o Major features (compilation):
>
> - Our big list of extra GCC warnings is now enabled by default when
>
> building with GCC (or with anything like Clang that claims to be
>
> GCC-compatible). To make all warnings into fatal compilation
>
> errors, pass --enable-fatal-warnings to configure. Closes
>
> ticket 19044.
>
> - Use the Autoconf macro AC_USE_SYSTEM_EXTENSIONS to automatically
>
> turn on C and POSIX extensions. (Previously, we attempted to do
>
> this on an ad hoc basis.) Closes ticket 19139.
>
>
>
> o Major features (directory authorities, hidden services):
>
> - Directory authorities can now perform the shared randomness
>
> protocol specified by proposal 250. Using this protocol, directory
>
> authorities generate a global fresh random value every day. In the
>
> future, this value will be used by hidden services to select
>
> HSDirs. This release implements the directory authority feature;
>
> the hidden service side will be implemented in the future as part
>
> of proposal 224. Resolves ticket 16943; implements proposal 250.
>
>
>
> o Major features (downloading, random exponential backoff):
>
> - When we fail to download an object from a directory service, wait
>
> for an (exponentially increasing) randomized amount of time before
>
> retrying, rather than a fixed interval as we did before. This
>
> prevents a group of Tor instances from becoming too synchronized,
>
> or a single Tor instance from becoming too predictable, in its
>
> download schedule. Closes ticket 15942.
>
>
>
> o Major features (resource management):
>
> - Tor can now notice it is about to run out of sockets, and
>
> preemptively close connections of lower priority. (This feature is
>
> off by default for now, since the current prioritizing method is
>
> yet not mature enough. You can enable it by setting
>
> "DisableOOSCheck 0", but watch out: it might close some sockets
>
> you would rather have it keep.) Closes ticket 18640.
>
>
>
> o Major features (single-hop "hidden" services):
>
> - Add experimental HiddenServiceSingleHopMode and
>
> HiddenServiceNonAnonymousMode options. When both are set to 1,
>
> every hidden service on that Tor instance becomes a non-anonymous
>
> Single Onion Service. Single Onions make one-hop (direct)
>
> connections to their introduction and rendezvous points. One-hop
>
> circuits make Single Onion servers easily locatable, but clients
>
> remain location-anonymous. This is compatible with the existing
>
> hidden service implementation, and works on the current Tor
>
> network without any changes to older relays or clients. Implements
>
> proposal 260, completes ticket 17178. Patch by teor and asn.
>
>
>
> o Major features (subprotocol versions):
>
> - Tor directory authorities now vote on a set of recommended
>
> "subprotocol versions", and on a set of required subprotocol
>
> versions. Clients and relays that lack support for a _required_
>
> subprotocol version will not start; those that lack support for a
>
> _recommended_ subprotocol version will warn the user to upgrade.
>
> This change allows compatible implementations of the Tor protocol(=
s)
>
> to exist without pretending to be 100% bug-compatible with
>
> particular releases of Tor itself. Closes ticket 19958; implements
>
> part of proposal 264.
>
>
>
> o Major bugfixes (circuit building):
>
> - Hidden service client-to-intro-point and service-to-rendezvous-
>
> point circuits use the TAP key supplied by the protocol, to avoid
>
> epistemic attacks. Fixes bug 19163; bugfix on 0.2.4.18-rc.
>
>
>
> o Major bugfixes (download scheduling):
>
> - Avoid resetting download status for consensuses hourly, since we
>
> already have another, smarter retry mechanism. Fixes bug 8625;
>
> bugfix on 0.2.0.9-alpha.
>
> - If a consensus expires while we are waiting for certificates to
>
> download, stop waiting for certificates.
>
> - If we stop waiting for certificates less than a minute after we
>
> started downloading them, do not consider the certificate download
>
> failure a separate failure. Fixes bug 20533; bugfix
>
> on 0.2.0.9-alpha.
>
> - When using exponential backoff in test networks, use a lower
>
> exponent, so the delays do not vary as much. This helps test
>
> networks bootstrap consistently. Fixes bug 20597; bugfix on 20499.
>
>
>
> o Major bugfixes (exit policies):
>
> - Avoid disclosing exit outbound bind addresses, configured port
>
> bind addresses, and local interface addresses in relay descriptors
>
> by default under ExitPolicyRejectPrivate. Instead, only reject
>
> these (otherwise unlisted) addresses if
>
> ExitPolicyRejectLocalInterfaces is set. Fixes bug 18456; bugfix on
>
> 0.2.7.2-alpha. Patch by teor.
>
>
>
> o Major bugfixes (hidden services):
>
> - Allow Tor clients with appropriate controllers to work with
>
> FetchHidServDescriptors set to 0. Previously, this option also
>
> disabled descriptor cache lookup, thus breaking hidden services
>
> entirely. Fixes bug 18704; bugfix on 0.2.0.20-rc. Patch by "twim".
>
> - Clients now require hidden services to include the TAP keys for
>
> their intro points in the hidden service descriptor. This prevents
>
> an inadvertent upgrade to ntor, which a malicious hidden service
>
> could use to distinguish clients by consensus version. Fixes bug
>
> 20012; bugfix on 0.2.4.8-alpha. Patch by teor.
>
>
>
> o Major bugfixes (relay, resolver, logging):
>
> - For relays that don't know their own address, avoid attempting a
>
> local hostname resolve for each descriptor we download. This
>
> will cut down on the number of "Success: chose address 'x.x.x.x'"
>
> log lines, and also avoid confusing clock jumps if the resolver
>
> is slow. Fixes bugs 20423 and 20610; bugfix on 0.2.8.1-alpha.
>
>
>
> o Minor features (port flags):
>
> - Add new flags to the *Port options to give finer control over whic=
h
>
> requests are allowed. The flags are NoDNSRequest, NoOnionTraffic,
>
> and the synthetic flag OnionTrafficOnly, which is equivalent to
>
> NoDNSRequest, NoIPv4Traffic, and NoIPv6Traffic. Closes enhancement
>
> 18693; patch by "teor".
>
>
>
> o Minor features (build, hardening):
>
> - Detect and work around a libclang_rt problem that would prevent
>
> clang from finding __mulodi4() on some 32-bit platforms, and thus
>
> keep -ftrapv from linking on those systems. Closes ticket 19079.
>
> - When building on a system without runtime support for the runtime
>
> hardening options, try to log a useful warning at configuration
>
> time, rather than an incomprehensible warning at link time. If
>
> expensive hardening was requested, this warning becomes an error.
>
> Closes ticket 18895.
>
>
>
> o Minor features (client, directory):
>
> - Since authorities now omit all routers that lack the Running and
>
> Valid flags, we assume that any relay listed in the consensus must
>
> have those flags. Closes ticket 20001; implements part of
>
> proposal 272.
>
>
>
> o Minor features (code safety):
>
> - In our integer-parsing functions, ensure that the maximum value we
>
> allow is no smaller than the minimum value. Closes ticket 19063;
>
> patch from "U+039b".
>
>
>
> o Minor features (compilation, portability):
>
> - Compile correctly on MacOS 10.12 (aka "Sierra"). Closes
>
> ticket 20241.
>
>
>
> o Minor features (config):
>
> - Warn users when descriptor and port addresses are inconsistent.
>
> Mitigates bug 13953; patch by teor.
>
>
>
> o Minor features (controller):
>
> - Allow controllers to configure basic client authorization on
>
> hidden services when they create them with the ADD_ONION controlle=
r
>
> command. Implements ticket 15588. Patch by "special".
>
> - Fire a STATUS_SERVER controller event whenever the hibernation
>
> status changes between "awake"/"soft"/"hard". Closes ticket 18685.
>
> - Implement new GETINFO queries for all downloads that use
>
> download_status_t to schedule retries. This allows controllers to
>
> examine the schedule for pending downloads. Closes ticket 19323.
>
>
>
> o Minor features (development tools, etags):
>
> - Teach the "make tags" Makefile target how to correctly find
>
> "MOCK_IMPL" function definitions. Patch from nherring; closes
>
> ticket 16869.
>
>
>
> o Minor features (directory authority):
>
> - After voting, if the authorities decide that a relay is not
>
> "Valid", they no longer include it in the consensus at all. Closes
>
> ticket 20002; implements part of proposal 272.
>
> - Directory authorities now only give the Guard flag to a relay if
>
> they are also giving it the Stable flag. This change allows us to
>
> simplify path selection for clients. It should have minimal effect
>
> in practice, since >99% of Guards already have the Stable flag.
>
> Implements ticket 18624.
>
> - Directory authorities now write their v3-status-votes file out to
>
> disk earlier in the consensus process, so we have a record of the
>
> votes even if we abort the consensus process. Resolves
>
> ticket 19036.
>
>
>
> o Minor features (fallback directory list, new since 0.2.9.7-rc):
>
> - Replace the 81 remaining fallbacks of the 100 originally
>
> introduced in Tor 0.2.8.3-alpha in March 2016, with a list of 177
>
> fallbacks (123 new, 54 existing, 27 removed) generated in December
>
> 2016. Resolves ticket 20170.
>
>
>
> o Minor features (hidden service):
>
> - Stop being so strict about the payload length of "rendezvous1"
>
> cells. We used to be locked in to the "TAP" handshake length, and
>
> now we can handle better handshakes like "ntor". Resolves
>
> ticket 18998.
>
>
>
> o Minor features (infrastructure, time):
>
> - Tor now includes an improved timer backend, so that we can
>
> efficiently support tens or hundreds of thousands of concurrent
>
> timers, as will be needed for some of our planned anti-traffic-
>
> analysis work. This code is based on William Ahern's "timeout.c"
>
> project, which implements a "tickless hierarchical timing wheel".
>
> Closes ticket 18365.
>
> - Tor now uses the operating system's monotonic timers (where
>
> available) for internal fine-grained timing. Previously we would
>
> look at the system clock, and then attempt to compensate for the
>
> clock running backwards. Closes ticket 18908.
>
>
>
> o Minor features (logging):
>
> - Add a set of macros to check nonfatal assertions, for internal
>
> use. Migrating more of our checks to these should help us avoid
>
> needless crash bugs. Closes ticket 18613.
>
> - Provide a more useful warning message when configured with an
>
> invalid Nickname. Closes ticket 18300; patch from "icanhasaccount"=
.
>
> - When dumping unparseable router descriptors, optionally store them
>
> in separate files, named by digest, up to a configurable size
>
> limit. You can change the size limit by setting the
>
> MaxUnparseableDescSizeToLog option, and disable this feature by
>
> setting that option to 0. Closes ticket 18322.
>
>
>
> o Minor features (performance):
>
> - Change the "optimistic data" extension from "off by default" to
>
> "on by default". The default was ordinarily overridden by a
>
> consensus option, but when clients were bootstrapping for the
>
> first time, they would not have a consensus to get the option
>
> from. Changing this default saves a round-trip during startup.
>
> Closes ticket 18815.
>
>
>
> o Minor features (relay, usability):
>
> - When the directory authorities refuse a bad relay's descriptor,
>
> encourage the relay operator to contact us. Many relay operators
>
> won't notice this line in their logs, but it's a win if even a few
>
> learn why we don't like what their relay was doing. Resolves
>
> ticket 18760.
>
>
>
> o Minor features (security, TLS):
>
> - Servers no longer support clients that lack AES ciphersuites.
>
> (3DES is no longer considered an acceptable cipher.) We believe
>
> that no such Tor clients currently exist, since Tor has required
>
> OpenSSL 0.9.7 or later since 2009. Closes ticket 19998.
>
>
>
> o Minor features (testing):
>
> - Disable memory protections on OpenBSD when performing our unit
>
> tests for memwipe(). The test deliberately invokes undefined
>
> behavior, and the OpenBSD protections interfere with this. Patch
>
> from "rubiate". Closes ticket 20066.
>
> - Move the test-network.sh script to chutney, and modify tor's test-
>
> network.sh to call the (newer) chutney version when available.
>
> Resolves ticket 19116. Patch by teor.
>
> - Use the lcov convention for marking lines as unreachable, so that
>
> we don't count them when we're generating test coverage data.
>
> Update our coverage tools to understand this convention. Closes
>
> ticket 16792.
>
> - Our link-handshake unit tests now check that when invalid
>
> handshakes fail, they fail with the error messages we expected.
>
> - Our unit testing code that captures log messages no longer
>
> prevents them from being written out if the user asked for them
>
> (by passing --debug or --info or --notice or --warn to the "test"
>
> binary). This change prevents us from missing unexpected log
>
> messages simply because we were looking for others. Related to
>
> ticket 19999.
>
> - The unit tests now log all warning messages with the "BUG" flag.
>
> Previously, they only logged errors by default. This change will
>
> help us make our testing code more correct, and make sure that we
>
> only hit this code when we mean to. In the meantime, however,
>
> there will be more warnings in the unit test logs than before.
>
> This is preparatory work for ticket 19999.
>
> - The unit tests now treat any failure of a "tor_assert_nonfatal()"
>
> assertion as a test failure.
>
> - We've done significant work to make the unit tests run faster.
>
>
>
> o Minor features (testing, ipv6):
>
> - Add the hs-ipv6 chutney target to make test-network-all's IPv6
>
> tests. Remove bridges+hs, as it's somewhat redundant. This
>
> requires a recent chutney version that supports IPv6 clients,
>
> relays, and authorities. Closes ticket 20069; patch by teor.
>
> - Add the single-onion and single-onion-ipv6 chutney targets to
>
> "make test-network-all". This requires a recent chutney version
>
> with the single onion network flavors (git c72a652 or later).
>
> Closes ticket 20072; patch by teor.
>
>
>
> o Minor features (Tor2web):
>
> - Make Tor2web clients respect ReachableAddresses. This feature was
>
> inadvertently enabled in 0.2.8.6, then removed by bugfix 19973 on
>
> 0.2.8.7. Implements feature 20034. Patch by teor.
>
>
>
> o Minor features (unix domain sockets):
>
> - When configuring a unix domain socket for a SocksPort,
>
> ControlPort, or Hidden service, you can now wrap the address in
>
> quotes, using C-style escapes inside the quotes. This allows unix
>
> domain socket paths to contain spaces. Resolves ticket 18753.
>
>
>
> o Minor features (user interface):
>
> - Tor now supports the ability to declare options deprecated, so
>
> that we can recommend that people stop using them. Previously, thi=
s
>
> was done in an ad-hoc way. There is a new --list-deprecated-option=
s
>
> command-line option to list all of the deprecated options. Closes
>
> ticket 19820.
>
>
>
> o Minor features (virtual addresses):
>
> - Increase the maximum number of bits for the IPv6 virtual network
>
> prefix from 16 to 104. In this way, the condition for address
>
> allocation is less restrictive. Closes ticket 20151; feature
>
> on 0.2.4.7-alpha.
>
>
>
> o Minor bug fixes (circuits):
>
> - Use the CircuitBuildTimeout option whenever
>
> LearnCircuitBuildTimeout is disabled. Previously, we would respect
>
> the option when a user disabled it, but not when it was disabled
>
> because some other option was set. Fixes bug 20073; bugfix on
>
> 0.2.4.12-alpha. Patch by teor.
>
>
>
> o Minor bugfixes (build):
>
> - The current Git revision when building from a local repository is
>
> now detected correctly when using git worktrees. Fixes bug 20492;
>
> bugfix on 0.2.3.9-alpha.
>
>
>
> o Minor bugfixes (relay address discovery):
>
> - Stop reordering IP addresses returned by the OS. This makes it
>
> more likely that Tor will guess the same relay IP address every
>
> time. Fixes issue 20163; bugfix on 0.2.7.1-alpha, ticket 17027.
>
> Reported by Ren=C3=A9 Mayrhofer, patch by "cypherpunks".
>
>
>
> o Minor bugfixes (memory allocation):
>
> - Change how we allocate memory for large chunks on buffers, to
>
> avoid a (currently impossible) integer overflow, and to waste less
>
> space when allocating unusually large chunks. Fixes bug 20081;
>
> bugfix on 0.2.0.16-alpha. Issue identified by Guido Vranken.
>
>
>
> o Minor bugfixes (bootstrap):
>
> - Remember the directory server we fetched the consensus or previous
>
> certificates from, and use it to fetch future authority
>
> certificates. This change improves bootstrapping performance.
>
> Fixes bug 18963; bugfix on 0.2.8.1-alpha.
>
>
>
> o Minor bugfixes (circuits):
>
> - Make sure extend_info_from_router() is only called on servers.
>
> Fixes bug 19639; bugfix on 0.2.8.1-alpha.
>
>
>
> o Minor bugfixes (client, fascistfirewall):
>
> - Avoid spurious warnings when ReachableAddresses or FascistFirewall
>
> is set. Fixes bug 20306; bugfix on 0.2.8.2-alpha.
>
>
>
> o Minor bugfixes (client, unix domain sockets):
>
> - Disable IsolateClientAddr when using AF_UNIX backed SocksPorts as
>
> the client address is meaningless. Fixes bug 20261; bugfix
>
> on 0.2.6.3-alpha.
>
>
>
> o Minor bugfixes (code style):
>
> - Fix an integer signedness conversion issue in the case conversion
>
> tables. Fixes bug 19168; bugfix on 0.2.1.11-alpha.
>
>
>
> o Minor bugfixes (compilation):
>
> - Build correctly on versions of libevent2 without support for
>
> evutil_secure_rng_add_bytes(). Fixes bug 19904; bugfix
>
> on 0.2.5.4-alpha.
>
> - When building with Clang, use a full set of GCC warnings.
>
> (Previously, we included only a subset, because of the way we
>
> detected them.) Fixes bug 19216; bugfix on 0.2.0.1-alpha.
>
> - Detect Libevent2 functions correctly on systems that provide
>
> libevent2, but where libevent1 is linked with -levent. Fixes bug
>
> 19904; bugfix on 0.2.2.24-alpha. Patch from Rubiate.
>
> - Run correctly when built on Windows build environments that
>
> require _vcsprintf(). Fixes bug 20560; bugfix on 0.2.2.11-alpha.
>
>
>
> o Minor bugfixes (configuration):
>
> - When parsing quoted configuration values from the torrc file,
>
> handle Windows line endings correctly. Fixes bug 19167; bugfix on
>
> 0.2.0.16-alpha. Patch from "Pingl".
>
>
>
> o Minor bugfixes (directory authority):
>
> - Authorities now sort the "package" lines in their votes, for ease
>
> of debugging. (They are already sorted in consensus documents.)
>
> Fixes bug 18840; bugfix on 0.2.6.3-alpha.
>
> - Die with a more useful error when the operator forgets to place
>
> the authority_signing_key file into the keys directory. This
>
> avoids an uninformative assert & traceback about having an invalid
>
> key. Fixes bug 20065; bugfix on 0.2.0.1-alpha.
>
> - When allowing private addresses, mark Exits that only exit to
>
> private locations as such. Fixes bug 20064; bugfix
>
> on 0.2.2.9-alpha.
>
> - When parsing a detached signature, make sure we use the length of
>
> the digest algorithm instead of a hardcoded DIGEST256_LEN in
>
> order to avoid comparing bytes out-of-bounds with a smaller digest
>
> length such as SHA1. Fixes bug 19066; bugfix on 0.2.2.6-alpha.
>
>
>
> o Minor bugfixes (getpass):
>
> - Defensively fix a non-triggerable heap corruption at do_getpass()
>
> to protect ourselves from mistakes in the future. Fixes bug
>
> 19223; bugfix on 0.2.7.3-rc. Bug found by Guido Vranken, patch
>
> by nherring.
>
>
>
> o Minor bugfixes (guard selection):
>
> - Don't mark guards as unreachable if connection_connect() fails.
>
> That function fails for local reasons, so it shouldn't reveal
>
> anything about the status of the guard. Fixes bug 14334; bugfix
>
> on 0.2.3.10-alpha.
>
> - Use a single entry guard even if the NumEntryGuards consensus
>
> parameter is not provided. Fixes bug 17688; bugfix
>
> on 0.2.5.6-alpha.
>
>
>
> o Minor bugfixes (hidden services):
>
> - Increase the minimum number of internal circuits we preemptively
>
> build from 2 to 3, so a circuit is available when a client
>
> connects to another onion service. Fixes bug 13239; bugfix
>
> on 0.1.0.1-rc.
>
> - Allow hidden services to run on IPv6 addresses even when the
>
> IPv6Exit option is not set. Fixes bug 18357; bugfix
>
> on 0.2.4.7-alpha.
>
> - Stop logging intro point details to the client log on certain
>
> error conditions. Fixed as part of bug 20012; bugfix on
>
> 0.2.4.8-alpha. Patch by teor.
>
> - When deleting an ephemeral hidden service, close its intro points
>
> even if they are not completely open. Fixes bug 18604; bugfix
>
> on 0.2.7.1-alpha.
>
> - When configuring hidden services, check every hidden service
>
> directory's permissions. Previously, we only checked the last
>
> hidden service. Fixes bug 20529; bugfix on 0.2.6.2-alpha.
>
>
>
> o Minor bugfixes (IPv6, testing):
>
> - Check for IPv6 correctly on Linux when running test networks.
>
> Fixes bug 19905; bugfix on 0.2.7.3-rc; patch by teor.
>
>
>
> o Minor bugfixes (Linux seccomp2 sandbox):
>
> - Add permission to run the sched_yield() and sigaltstack() system
>
> calls, in order to support versions of Tor compiled with asan or
>
> ubsan code that use these calls. Now "sandbox 1" and
>
> "--enable-expensive-hardening" should be compatible on more
>
> systems. Fixes bug 20063; bugfix on 0.2.5.1-alpha.
>
>
>
> o Minor bugfixes (logging):
>
> - Downgrade a harmless log message about the
>
> pending_entry_connections list from "warn" to "info". Mitigates
>
> bug 19926.
>
> - Log a more accurate message when we fail to dump a microdescriptor=
.
>
> Fixes bug 17758; bugfix on 0.2.2.8-alpha. Patch from Daniel Pinto.
>
> - When logging a directory ownership mismatch, log the owning
>
> username correctly. Fixes bug 19578; bugfix on 0.2.2.29-beta.
>
> - When we are unable to remove the bw_accounting file, do not warn
>
> if the reason we couldn't remove it was that it didn't exist.
>
> Fixes bug 19964; bugfix on 0.2.5.4-alpha. Patch from pastly.
>
>
>
> o Minor bugfixes (memory leak):
>
> - Fix a series of slow memory leaks related to parsing torrc files
>
> and options. Fixes bug 19466; bugfix on 0.2.1.6-alpha.
>
> - Avoid a small memory leak when informing worker threads about
>
> rotated onion keys. Fixes bug 20401; bugfix on 0.2.6.3-alpha.
>
> - Fix a small memory leak when receiving AF_UNIX connections on a
>
> SocksPort. Fixes bug 20716; bugfix on 0.2.6.3-alpha.
>
> - When moving a signed descriptor object from a source to an
>
> existing destination, free the allocated memory inside that
>
> destination object. Fixes bug 20715; bugfix on 0.2.8.3-alpha.
>
> - Fix a memory leak and use-after-free error when removing entries
>
> from the sandbox's getaddrinfo() cache. Fixes bug 20710; bugfix on
>
> 0.2.5.5-alpha. Patch from "cypherpunks".
>
> - Fix a small, uncommon memory leak that could occur when reading a
>
> truncated ed25519 key file. Fixes bug 18956; bugfix
>
> on 0.2.6.1-alpha.
>
>
>
> o Minor bugfixes (option parsing):
>
> - Count unix sockets when counting client listeners (SOCKS, Trans,
>
> NATD, and DNS). This has no user-visible behavior changes: these
>
> options are set once, and never read. Required for correct
>
> behavior in ticket 17178. Fixes bug 19677; bugfix on
>
> 0.2.6.3-alpha. Patch by teor.
>
>
>
> o Minor bugfixes (options):
>
> - Check the consistency of UseEntryGuards and EntryNodes more
>
> reliably. Fixes bug 20074; bugfix on 0.2.4.12-alpha. Patch
>
> by teor.
>
> - Stop changing the configured value of UseEntryGuards on
>
> authorities and Tor2web clients. Fixes bug 20074; bugfix on
>
> commits 51fc6799 in 0.1.1.16-rc and acda1735 in 0.2.4.3-alpha.
>
> Patch by teor.
>
>
>
> o Minor bugfixes (relay):
>
> - Ensure relays don't make multiple connections during bootstrap.
>
> Fixes bug 20591; bugfix on 0.2.8.1-alpha.
>
> - Do not try to parallelize workers more than 16x without the user
>
> explicitly configuring us to do so, even if we do detect more than
>
> 16 CPU cores. Fixes bug 19968; bugfix on 0.2.3.1-alpha.
>
>
>
> o Minor bugfixes (testing):
>
> - The test-stem and test-network makefile targets now depend only on
>
> the tor binary that they are testing. Previously, they depended on
>
> "make all". Fixes bug 18240; bugfix on 0.2.8.2-alpha. Based on a
>
> patch from "cypherpunks".
>
> - Allow clients to retry HSDirs much faster in test networks. Fixes
>
> bug 19702; bugfix on 0.2.7.1-alpha. Patch by teor.
>
> - Avoid a unit test failure on systems with over 16 detectable CPU
>
> cores. Fixes bug 19968; bugfix on 0.2.3.1-alpha.
>
> - Let backtrace tests work correctly under AddressSanitizer:
>
> disable ASAN's detection of segmentation faults while running
>
> test_bt.sh, so that we can make sure that our own backtrace
>
> generation code works. Fixes bug 18934; bugfix
>
> on 0.2.5.2-alpha. Patch from "cypherpunks".
>
> - Fix the test-network-all target on out-of-tree builds by using the
>
> correct path to the test driver script. Fixes bug 19421; bugfix
>
> on 0.2.7.3-rc.
>
> - Stop spurious failures in the local interface address discovery
>
> unit tests. Fixes bug 20634; bugfix on 0.2.8.1-alpha; patch by
>
> Neel Chauhan.
>
> - Use ECDHE ciphers instead of ECDH in tortls tests. LibreSSL has
>
> removed the ECDH ciphers which caused the tests to fail on
>
> platforms which use it. Fixes bug 20460; bugfix on 0.2.8.1-alpha.
>
> - The tor_tls_server_info_callback unit test no longer crashes when
>
> debug-level logging is turned on. Fixes bug 20041; bugfix
>
> on 0.2.8.1-alpha.
>
>
>
> o Minor bugfixes (time):
>
> - Improve overflow checks in tv_udiff and tv_mdiff. Fixes bug 19483;
>
> bugfix on all released tor versions.
>
> - When computing the difference between two times in milliseconds,
>
> we now round to the nearest millisecond correctly. Previously, we
>
> could sometimes round in the wrong direction. Fixes bug 19428;
>
> bugfix on 0.2.2.2-alpha.
>
>
>
> o Minor bugfixes (Tor2web):
>
> - Prevent Tor2web clients from running hidden services: these servic=
es
>
> are not anonymous due to the one-hop client paths. Fixes bug
>
> 19678. Patch by teor.
>
>
>
> o Minor bugfixes (user interface):
>
> - Display a more accurate number of suppressed messages in the log
>
> rate-limiter. Previously, there was a potential integer overflow
>
> in the counter. Now, if the number of messages hits a maximum, the
>
> rate-limiter doesn't count any further. Fixes bug 19435; bugfix
>
> on 0.2.4.11-alpha.
>
> - Fix a typo in the passphrase prompt for the ed25519 identity key.
>
> Fixes bug 19503; bugfix on 0.2.7.2-alpha.
>
>
>
> o Code simplification and refactoring:
>
> - Remove redundant declarations of the MIN macro. Closes
>
> ticket 18889.
>
> - Rename tor_dup_addr() to tor_addr_to_str_dup() to avoid confusion.
>
> Closes ticket 18462; patch from "icanhasaccount".
>
> - Split the 600-line directory_handle_command_get function into
>
> separate functions for different URL types. Closes ticket 16698.
>
>
>
> o Documentation:
>
> - Add module-level internal documentation for 36 C files that
>
> previously didn't have a high-level overview. Closes ticket 20385.
>
> - Correct the IPv6 syntax in our documentation for the
>
> VirtualAddrNetworkIPv6 torrc option. Closes ticket 19743.
>
> - Correct the minimum bandwidth value in torrc.sample, and queue a
>
> corresponding change for torrc.minimal. Closes ticket 20085.
>
> - Fix spelling of "--enable-tor2web-mode" in the manpage. Closes
>
> ticket 19153. Patch from "U+039b".
>
> - Module-level documentation for several more modules. Closes
>
> tickets 19287 and 19290.
>
> - Document the --passphrase-fd option in the tor manpage. Fixes bug
>
> 19504; bugfix on 0.2.7.3-rc.
>
> - Document the default PathsNeededToBuildCircuits value that's used
>
> by clients when the directory authorities don't set
>
> min_paths_for_circs_pct. Fixes bug 20117; bugfix on 0.2.4.10-alpha=
.
>
> Patch by teor, reported by Jesse V.
>
> - Fix manual for the User option: it takes a username, not a UID.
>
> Fixes bug 19122; bugfix on 0.0.2pre16 (the first version to have
>
> a manpage!).
>
> - Fix the description of the --passphrase-fd option in the
>
> tor-gencert manpage. The option is used to pass the number of a
>
> file descriptor to read the passphrase from, not to read the file
>
> descriptor from. Fixes bug 19505; bugfix on 0.2.0.20-alpha.
>
>
>
> o Removed code:
>
> - We no longer include the (dead, deprecated) bufferevent code in
>
> Tor. Closes ticket 19450. Based on a patch from "U+039b".
>
>
>
> o Removed features:
>
> - Remove support for "GET /tor/bytes.txt" DirPort request, and
>
> "GETINFO dir-usage" controller request, which were only available
>
> via a compile-time option in Tor anyway. Feature was added in
>
> 0.2.2.1-alpha. Resolves ticket 19035.
>
> - There is no longer a compile-time option to disable support for
>
> TransPort. (If you don't want TransPort, just don't use it.) Patch
>
> from "U+039b". Closes ticket 19449.
>
>
>
> o Testing:
>
> - Run more workqueue tests as part of "make check". These had
>
> previously been implemented, but you needed to know special
>
> command-line options to enable them.
>
> - We now have unit tests for our code to reject zlib "compression
>
> bombs". (Fortunately, the code works fine.)
>
>
>
>
>
> To generate a diff of this commit:
>
> cvs rdiff -u -r1.115 -r1.116 pkgsrc/net/tor/Makefile
>
> cvs rdiff -u -r1.76 -r1.77 pkgsrc/net/tor/distinfo
>
>
>
> Please note that diffs are not public domain; they are subject to the
>
> copyright notices on the relevant files.
>
>
>
>
--94eb2c114896e075f00545953c2f
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<div>Does this need to be pulled up to 2016Q4?</div><div><br><div class=3D"=
gmail_quote"><div>Maya Rashish <<a href=3D"mailto:maya%netbsd.org@localhost";>maya@=
netbsd.org</a>> schrieb am So. 8. Jan. 2017 um 13:55:<br></div><blockquo=
te class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc so=
lid;padding-left:1ex">The following reply was made to PR pkg/51745; it has =
been noted by GNATS.<br class=3D"gmail_msg"><br><br class=3D"gmail_msg"><br=
>From: "Maya Rashish" <<a href=3D"mailto:maya%netbsd.org@localhost"; clas=
s=3D"gmail_msg" target=3D"_blank">maya%netbsd.org@localhost</a>><br class=3D"gmail=
_msg"><br>To: <a href=3D"mailto:gnats-bugs%gnats.NetBSD.org@localhost"; class=3D"gmail=
_msg" target=3D"_blank">gnats-bugs%gnats.NetBSD.org@localhost</a><br class=3D"gmail_m=
sg"><br>Cc:<br class=3D"gmail_msg"><br>Subject: PR/51745 CVS commit: pkgsrc=
/net/tor<br class=3D"gmail_msg"><br>Date: Sun, 8 Jan 2017 12:50:41 +0000<br=
class=3D"gmail_msg"><br><br class=3D"gmail_msg"><br>=C2=A0Module Name:=C2=
=A0 =C2=A0pkgsrc<br class=3D"gmail_msg"><br>=C2=A0Committed By:=C2=A0 maya<=
br class=3D"gmail_msg"><br>=C2=A0Date:=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Su=
n Jan=C2=A0 8 12:50:41 UTC 2017<br class=3D"gmail_msg"><br><br class=3D"gma=
il_msg"><br>=C2=A0Modified Files:<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =
=C2=A0 =C2=A0 pkgsrc/net/tor: Makefile distinfo<br class=3D"gmail_msg"><br>=
<br class=3D"gmail_msg"><br>=C2=A0Log Message:<br class=3D"gmail_msg"><br>=
=C2=A0tor: update to 0.2.9.8<br class=3D"gmail_msg"><br>=C2=A0Updated provi=
ded by reezer (maintainer) in PR pkg/51745<br class=3D"gmail_msg"><br><br c=
lass=3D"gmail_msg"><br>=C2=A0Changes in version 0.2.9.8 - 2016-12-19<br cla=
ss=3D"gmail_msg"><br>=C2=A0 =C2=A0Tor 0.2.9.8 is the first stable release o=
f the Tor 0.2.9 series.<br class=3D"gmail_msg"><br><br class=3D"gmail_msg">=
<br>=C2=A0 =C2=A0The Tor 0.2.9 series makes mandatory a number of security =
features<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0that were formerly optiona=
l. It includes support for a new shared-<br class=3D"gmail_msg"><br>=C2=A0 =
=C2=A0randomness protocol that will form the basis for next generation<br c=
lass=3D"gmail_msg"><br>=C2=A0 =C2=A0hidden services, includes a single-hop =
hidden service mode for<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0optimizing =
.onion services that don't actually want to be hidden,<br class=3D"gmai=
l_msg"><br>=C2=A0 =C2=A0tries harder not to overload the directory authorit=
ies with excessive<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0downloads, and s=
upports a better protocol versioning scheme for<br class=3D"gmail_msg"><br>=
=C2=A0 =C2=A0improved compatibility with other implementations of the Tor p=
rotocol.<br class=3D"gmail_msg"><br><br class=3D"gmail_msg"><br>=C2=A0 =C2=
=A0And of course, there are numerous other bugfixes and improvements.<br cl=
ass=3D"gmail_msg"><br><br class=3D"gmail_msg"><br>=C2=A0 =C2=A0This release=
also includes a fix for a medium-severity issue (bug<br class=3D"gmail_msg=
"><br>=C2=A0 =C2=A021018 below) where Tor clients could crash when attempti=
ng to visit a<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0hostile hidden servic=
e. Clients are recommended to upgrade as packages<br class=3D"gmail_msg"><b=
r>=C2=A0 =C2=A0become available for their systems.<br class=3D"gmail_msg"><=
br><br class=3D"gmail_msg"><br>=C2=A0 =C2=A0Below are listed the changes si=
nce Tor 0.2.8.11.=C2=A0 For a list of<br class=3D"gmail_msg"><br>=C2=A0 =C2=
=A0changes since 0.2.9.7-rc, see the ChangeLog file.<br class=3D"gmail_msg"=
><br><br class=3D"gmail_msg"><br>=C2=A0 =C2=A0o New system requirements:<br=
class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0- When building with OpenSSL, =
Tor now requires version 1.0.1 or<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =
=C2=A0 =C2=A0later. OpenSSL 1.0.0 and earlier are no longer supported by th=
e<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0OpenSSL team, and s=
hould not be used. Closes ticket 20303.<br class=3D"gmail_msg"><br>=C2=A0 =
=C2=A0 =C2=A0- Tor now requires Libevent version 2.0.10-stable or later. Ol=
der<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0versions of Libev=
ent have less efficient backends for several<br class=3D"gmail_msg"><br>=C2=
=A0 =C2=A0 =C2=A0 =C2=A0platforms, and lack the DNS code that we use for ou=
r server-side<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0DNS sup=
port. This implements ticket 19554.<br class=3D"gmail_msg"><br>=C2=A0 =C2=
=A0 =C2=A0- Tor now requires zlib version 1.2 or later, for security,<br cl=
ass=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0efficiency, and (eventuall=
y) gzip support. (Back when we started,<br class=3D"gmail_msg"><br>=C2=A0 =
=C2=A0 =C2=A0 =C2=A0zlib 1.1 and zlib 1.0 were still found in the wild. 1.2=
was<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0released in 2003=
. We recommend the latest version.)<br class=3D"gmail_msg"><br><br class=3D=
"gmail_msg"><br>=C2=A0 =C2=A0o Deprecated features:<br class=3D"gmail_msg">=
<br>=C2=A0 =C2=A0 =C2=A0- A number of DNS-cache-related sub-options for cli=
ent ports are now<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0dep=
recated for security reasons, and may be removed in a future<br class=3D"gm=
ail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0version of Tor. (We believe that cl=
ient-side DNS caching is a bad<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=
=A0 =C2=A0idea for anonymity, and you should not turn it on.) The options<b=
r class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0are: CacheDNS, CacheIP=
v4DNS, CacheIPv6DNS, UseDNSCache,<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =
=C2=A0 =C2=A0UseIPv4Cache, and UseIPv6Cache.<br class=3D"gmail_msg"><br>=C2=
=A0 =C2=A0 =C2=A0- A number of options are deprecated for security reasons,=
and may<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0be removed i=
n a future version of Tor. The options are:<br class=3D"gmail_msg"><br>=C2=
=A0 =C2=A0 =C2=A0 =C2=A0AllowDotExit, AllowInvalidNodes, AllowSingleHopCirc=
uits,<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0AllowSingleHopE=
xits, ClientDNSRejectInternalAddresses,<br class=3D"gmail_msg"><br>=C2=A0 =
=C2=A0 =C2=A0 =C2=A0CloseHSClientCircuitsImmediatelyOnTimeout,<br class=3D"=
gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0CloseHSServiceRendCircuitsImmedia=
telyOnTimeout,<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0Exclud=
eSingleHopRelays, FastFirstHopPK, TLSECGroup,<br class=3D"gmail_msg"><br>=
=C2=A0 =C2=A0 =C2=A0 =C2=A0UseNTorHandshake, and WarnUnsafeSocks.<br class=
=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0- The *ListenAddress options are now=
deprecated as unnecessary: the<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =
=C2=A0 =C2=A0corresponding *Port options should be used instead. These opti=
ons<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0may someday be re=
moved. The affected options are:<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =
=C2=A0 =C2=A0ControlListenAddress, DNSListenAddress, DirListenAddress,<br c=
lass=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0NATDListenAddress, ORList=
enAddress, SocksListenAddress,<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=
=A0 =C2=A0and TransListenAddress.<br class=3D"gmail_msg"><br><br class=3D"g=
mail_msg"><br>=C2=A0 =C2=A0o Major bugfixes (parsing, security, new since 0=
.2.9.7-rc):<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0- Fix a bug in p=
arsing that could cause clients to read a single<br class=3D"gmail_msg"><br=
>=C2=A0 =C2=A0 =C2=A0 =C2=A0byte past the end of an allocated region. This =
bug could be used<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0to =
cause hardened clients (built with --enable-expensive-hardening)<br class=
=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0to crash if they tried to vis=
it a hostile hidden service. Non-<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =
=C2=A0 =C2=A0hardened clients are only affected depending on the details of=
<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0their platform's=
memory allocator. Fixes bug 21018; bugfix on<br class=3D"gmail_msg"><br>=
=C2=A0 =C2=A0 =C2=A0 =C2=A00.2.0.8-alpha. Found by using libFuzzer. Also tr=
acked as TROVE-<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A02016-=
12-002 and as CVE-2016-1254.<br class=3D"gmail_msg"><br><br class=3D"gmail_=
msg"><br>=C2=A0 =C2=A0o Major features (build, hardening):<br class=3D"gmai=
l_msg"><br>=C2=A0 =C2=A0 =C2=A0- Tor now builds with -ftrapv by default on =
compilers that support<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=
=A0it. This option detects signed integer overflow (which C forbids),<br cl=
ass=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0and turns it into a hard-f=
ailure. We do not apply this option to<br class=3D"gmail_msg"><br>=C2=A0 =
=C2=A0 =C2=A0 =C2=A0code that needs to run in constant time to avoid side-c=
hannels;<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0instead, we =
use -fwrapv in that code. Closes ticket 17983.<br class=3D"gmail_msg"><br>=
=C2=A0 =C2=A0 =C2=A0- When --enable-expensive-hardening is selected, stop a=
pplying the<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0clang/gcc=
sanitizers to code that needs to run in constant time.<br class=3D"gmail_m=
sg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0Although we are aware of no introduced s=
ide-channels, we are not<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =
=C2=A0able to prove that there are none. Related to ticket 17983.<br class=
=3D"gmail_msg"><br><br class=3D"gmail_msg"><br>=C2=A0 =C2=A0o Major feature=
s (circuit building, security):<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =
=C2=A0- Authorities, relays, and clients now require ntor keys in all<br cl=
ass=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0descriptors, for all hops =
(except for rare hidden service protocol<br class=3D"gmail_msg"><br>=C2=A0 =
=C2=A0 =C2=A0 =C2=A0cases), for all circuits, and for all other roles. Part=
of<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0ticket 19163.<br =
class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0- Authorities, relays, and clie=
nts only use ntor, except for<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=
=A0 =C2=A0rare cases in the hidden service protocol. Part of ticket 19163.<=
br class=3D"gmail_msg"><br><br class=3D"gmail_msg"><br>=C2=A0 =C2=A0o Major=
features (compilation):<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0- O=
ur big list of extra GCC warnings is now enabled by default when<br class=
=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0building with GCC (or with an=
ything like Clang that claims to be<br class=3D"gmail_msg"><br>=C2=A0 =C2=
=A0 =C2=A0 =C2=A0GCC-compatible). To make all warnings into fatal compilati=
on<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0errors, pass --ena=
ble-fatal-warnings to configure. Closes<br class=3D"gmail_msg"><br>=C2=A0 =
=C2=A0 =C2=A0 =C2=A0ticket 19044.<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =
=C2=A0- Use the Autoconf macro AC_USE_SYSTEM_EXTENSIONS to automatically<br=
class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0turn on C and POSIX ext=
ensions. (Previously, we attempted to do<br class=3D"gmail_msg"><br>=C2=A0 =
=C2=A0 =C2=A0 =C2=A0this on an ad hoc basis.) Closes ticket 19139.<br class=
=3D"gmail_msg"><br><br class=3D"gmail_msg"><br>=C2=A0 =C2=A0o Major feature=
s (directory authorities, hidden services):<br class=3D"gmail_msg"><br>=C2=
=A0 =C2=A0 =C2=A0- Directory authorities can now perform the shared randomn=
ess<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0protocol specifie=
d by proposal 250. Using this protocol, directory<br class=3D"gmail_msg"><b=
r>=C2=A0 =C2=A0 =C2=A0 =C2=A0authorities generate a global fresh random val=
ue every day. In the<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0=
future, this value will be used by hidden services to select<br class=3D"gm=
ail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0HSDirs. This release implements the=
directory authority feature;<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=
=A0 =C2=A0the hidden service side will be implemented in the future as part=
<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0of proposal 224. Res=
olves ticket 16943; implements proposal 250.<br class=3D"gmail_msg"><br><br=
class=3D"gmail_msg"><br>=C2=A0 =C2=A0o Major features (downloading, random=
exponential backoff):<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0- Whe=
n we fail to download an object from a directory service, wait<br class=3D"=
gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0for an (exponentially increasing)=
randomized amount of time before<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =
=C2=A0 =C2=A0retrying, rather than a fixed interval as we did before. This<=
br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0prevents a group of T=
or instances from becoming too synchronized,<br class=3D"gmail_msg"><br>=C2=
=A0 =C2=A0 =C2=A0 =C2=A0or a single Tor instance from becoming too predicta=
ble, in its<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0download =
schedule. Closes ticket 15942.<br class=3D"gmail_msg"><br><br class=3D"gmai=
l_msg"><br>=C2=A0 =C2=A0o Major features (resource management):<br class=3D=
"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0- Tor can now notice it is about to run=
out of sockets, and<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0=
preemptively close connections of lower priority. (This feature is<br class=
=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0off by default for now, since=
the current prioritizing method is<br class=3D"gmail_msg"><br>=C2=A0 =C2=
=A0 =C2=A0 =C2=A0yet not mature enough. You can enable it by setting<br cla=
ss=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0"DisableOOSCheck 0&quo=
t;, but watch out: it might close some sockets<br class=3D"gmail_msg"><br>=
=C2=A0 =C2=A0 =C2=A0 =C2=A0you would rather have it keep.) Closes ticket 18=
640.<br class=3D"gmail_msg"><br><br class=3D"gmail_msg"><br>=C2=A0 =C2=A0o =
Major features (single-hop "hidden" services):<br class=3D"gmail_=
msg"><br>=C2=A0 =C2=A0 =C2=A0- Add experimental HiddenServiceSingleHopMode =
and<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0HiddenServiceNonA=
nonymousMode options. When both are set to 1,<br class=3D"gmail_msg"><br>=
=C2=A0 =C2=A0 =C2=A0 =C2=A0every hidden service on that Tor instance become=
s a non-anonymous<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0Sin=
gle Onion Service. Single Onions make one-hop (direct)<br class=3D"gmail_ms=
g"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0connections to their introduction and ren=
dezvous points. One-hop<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=
=A0circuits make Single Onion servers easily locatable, but clients<br clas=
s=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0remain location-anonymous. T=
his is compatible with the existing<br class=3D"gmail_msg"><br>=C2=A0 =C2=
=A0 =C2=A0 =C2=A0hidden service implementation, and works on the current To=
r<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0network without any=
changes to older relays or clients. Implements<br class=3D"gmail_msg"><br>=
=C2=A0 =C2=A0 =C2=A0 =C2=A0proposal 260, completes ticket 17178. Patch by t=
eor and asn.<br class=3D"gmail_msg"><br><br class=3D"gmail_msg"><br>=C2=A0 =
=C2=A0o Major features (subprotocol versions):<br class=3D"gmail_msg"><br>=
=C2=A0 =C2=A0 =C2=A0- Tor directory authorities now vote on a set of recomm=
ended<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0"subprotoc=
ol versions", and on a set of required subprotocol<br class=3D"gmail_m=
sg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0versions. Clients and relays that lack s=
upport for a _required_<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=
=A0subprotocol version will not start; those that lack support for a<br cla=
ss=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0_recommended_ subprotocol v=
ersion will warn the user to upgrade.<br class=3D"gmail_msg"><br>=C2=A0 =C2=
=A0 =C2=A0 =C2=A0This change allows compatible implementations of the Tor p=
rotocol(s)<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0to exist w=
ithout pretending to be 100% bug-compatible with<br class=3D"gmail_msg"><br=
>=C2=A0 =C2=A0 =C2=A0 =C2=A0particular releases of Tor itself. Closes ticke=
t 19958; implements<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0p=
art of proposal 264.<br class=3D"gmail_msg"><br><br class=3D"gmail_msg"><br=
>=C2=A0 =C2=A0o Major bugfixes (circuit building):<br class=3D"gmail_msg"><=
br>=C2=A0 =C2=A0 =C2=A0- Hidden service client-to-intro-point and service-t=
o-rendezvous-<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0point c=
ircuits use the TAP key supplied by the protocol, to avoid<br class=3D"gmai=
l_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0epistemic attacks. Fixes bug 19163; b=
ugfix on 0.2.4.18-rc.<br class=3D"gmail_msg"><br><br class=3D"gmail_msg"><b=
r>=C2=A0 =C2=A0o Major bugfixes (download scheduling):<br class=3D"gmail_ms=
g"><br>=C2=A0 =C2=A0 =C2=A0- Avoid resetting download status for consensuse=
s hourly, since we<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0al=
ready have another, smarter retry mechanism. Fixes bug 8625;<br class=3D"gm=
ail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0bugfix on 0.2.0.9-alpha.<br class=
=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0- If a consensus expires while we ar=
e waiting for certificates to<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=
=A0 =C2=A0download, stop waiting for certificates.<br class=3D"gmail_msg"><=
br>=C2=A0 =C2=A0 =C2=A0- If we stop waiting for certificates less than a mi=
nute after we<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0started=
downloading them, do not consider the certificate download<br class=3D"gma=
il_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0failure a separate failure. Fixes bu=
g 20533; bugfix<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0on 0.=
2.0.9-alpha.<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0- When using ex=
ponential backoff in test networks, use a lower<br class=3D"gmail_msg"><br>=
=C2=A0 =C2=A0 =C2=A0 =C2=A0exponent, so the delays do not vary as much. Thi=
s helps test<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0networks=
bootstrap consistently. Fixes bug 20597; bugfix on 20499.<br class=3D"gmai=
l_msg"><br><br class=3D"gmail_msg"><br>=C2=A0 =C2=A0o Major bugfixes (exit =
policies):<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0- Avoid disclosin=
g exit outbound bind addresses, configured port<br class=3D"gmail_msg"><br>=
=C2=A0 =C2=A0 =C2=A0 =C2=A0bind addresses, and local interface addresses in=
relay descriptors<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0by=
default under ExitPolicyRejectPrivate. Instead, only reject<br class=3D"gm=
ail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0these (otherwise unlisted) addresse=
s if<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0ExitPolicyReject=
LocalInterfaces is set. Fixes bug 18456; bugfix on<br class=3D"gmail_msg"><=
br>=C2=A0 =C2=A0 =C2=A0 =C2=A00.2.7.2-alpha. Patch by teor.<br class=3D"gma=
il_msg"><br><br class=3D"gmail_msg"><br>=C2=A0 =C2=A0o Major bugfixes (hidd=
en services):<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0- Allow Tor cl=
ients with appropriate controllers to work with<br class=3D"gmail_msg"><br>=
=C2=A0 =C2=A0 =C2=A0 =C2=A0FetchHidServDescriptors set to 0. Previously, th=
is option also<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0disabl=
ed descriptor cache lookup, thus breaking hidden services<br class=3D"gmail=
_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0entirely. Fixes bug 18704; bugfix on 0=
.2.0.20-rc. Patch by "twim".<br class=3D"gmail_msg"><br>=C2=A0 =
=C2=A0 =C2=A0- Clients now require hidden services to include the TAP keys =
for<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0their intro point=
s in the hidden service descriptor. This prevents<br class=3D"gmail_msg"><b=
r>=C2=A0 =C2=A0 =C2=A0 =C2=A0an inadvertent upgrade to ntor, which a malici=
ous hidden service<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0co=
uld use to distinguish clients by consensus version. Fixes bug<br class=3D"=
gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A020012; bugfix on 0.2.4.8-alpha. P=
atch by teor.<br class=3D"gmail_msg"><br><br class=3D"gmail_msg"><br>=C2=A0=
=C2=A0o Major bugfixes (relay, resolver, logging):<br class=3D"gmail_msg">=
<br>=C2=A0 =C2=A0 =C2=A0- For relays that don't know their own address,=
avoid attempting a<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0l=
ocal hostname resolve for each descriptor we download. This<br class=3D"gma=
il_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0will cut down on the number of "=
;Success: chose address 'x.x.x.x'"<br class=3D"gmail_msg"><br>=
=C2=A0 =C2=A0 =C2=A0 =C2=A0log lines, and also avoid confusing clock jumps =
if the resolver<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0is sl=
ow. Fixes bugs 20423 and 20610; bugfix on 0.2.8.1-alpha.<br class=3D"gmail_=
msg"><br><br class=3D"gmail_msg"><br>=C2=A0 =C2=A0o Minor features (port fl=
ags):<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0- Add new flags to the=
*Port options to give finer control over which<br class=3D"gmail_msg"><br>=
=C2=A0 =C2=A0 =C2=A0 =C2=A0requests are allowed. The flags are NoDNSRequest=
, NoOnionTraffic,<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0and=
the synthetic flag OnionTrafficOnly, which is equivalent to<br class=3D"gm=
ail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0NoDNSRequest, NoIPv4Traffic, and No=
IPv6Traffic. Closes enhancement<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =
=C2=A0 =C2=A018693; patch by "teor".<br class=3D"gmail_msg"><br><=
br class=3D"gmail_msg"><br>=C2=A0 =C2=A0o Minor features (build, hardening)=
:<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0- Detect and work around a=
libclang_rt problem that would prevent<br class=3D"gmail_msg"><br>=C2=A0 =
=C2=A0 =C2=A0 =C2=A0clang from finding __mulodi4() on some 32-bit platforms=
, and thus<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0keep -ftra=
pv from linking on those systems. Closes ticket 19079.<br class=3D"gmail_ms=
g"><br>=C2=A0 =C2=A0 =C2=A0- When building on a system without runtime supp=
ort for the runtime<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0h=
ardening options, try to log a useful warning at configuration<br class=3D"=
gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0time, rather than an incomprehens=
ible warning at link time. If<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=
=A0 =C2=A0expensive hardening was requested, this warning becomes an error.=
<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0Closes ticket 18895.=
<br class=3D"gmail_msg"><br><br class=3D"gmail_msg"><br>=C2=A0 =C2=A0o Mino=
r features (client, directory):<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =
=C2=A0- Since authorities now omit all routers that lack the Running and<br=
class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0Valid flags, we assume =
that any relay listed in the consensus must<br class=3D"gmail_msg"><br>=C2=
=A0 =C2=A0 =C2=A0 =C2=A0have those flags. Closes ticket 20001; implements p=
art of<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0proposal 272.<=
br class=3D"gmail_msg"><br><br class=3D"gmail_msg"><br>=C2=A0 =C2=A0o Minor=
features (code safety):<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0- I=
n our integer-parsing functions, ensure that the maximum value we<br class=
=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0allow is no smaller than the =
minimum value. Closes ticket 19063;<br class=3D"gmail_msg"><br>=C2=A0 =C2=
=A0 =C2=A0 =C2=A0patch from "U+039b".<br class=3D"gmail_msg"><br>=
<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0o Minor features (compilation, por=
tability):<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0- Compile correct=
ly on MacOS 10.12 (aka "Sierra"). Closes<br class=3D"gmail_msg"><=
br>=C2=A0 =C2=A0 =C2=A0 =C2=A0ticket 20241.<br class=3D"gmail_msg"><br><br =
class=3D"gmail_msg"><br>=C2=A0 =C2=A0o Minor features (config):<br class=3D=
"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0- Warn users when descriptor and port a=
ddresses are inconsistent.<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =
=C2=A0Mitigates bug 13953; patch by teor.<br class=3D"gmail_msg"><br><br cl=
ass=3D"gmail_msg"><br>=C2=A0 =C2=A0o Minor features (controller):<br class=
=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0- Allow controllers to configure bas=
ic client authorization on<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =
=C2=A0hidden services when they create them with the ADD_ONION controller<b=
r class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0command. Implements ti=
cket 15588. Patch by "special".<br class=3D"gmail_msg"><br>=C2=A0=
=C2=A0 =C2=A0- Fire a STATUS_SERVER controller event whenever the hibernat=
ion<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0status changes be=
tween "awake"/"soft"/"hard". Closes ticket 18=
685.<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0- Implement new GETINFO=
queries for all downloads that use<br class=3D"gmail_msg"><br>=C2=A0 =C2=
=A0 =C2=A0 =C2=A0download_status_t to schedule retries. This allows control=
lers to<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0examine the s=
chedule for pending downloads. Closes ticket 19323.<br class=3D"gmail_msg">=
<br><br class=3D"gmail_msg"><br>=C2=A0 =C2=A0o Minor features (development =
tools, etags):<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0- Teach the &=
quot;make tags" Makefile target how to correctly find<br class=3D"gmai=
l_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0"MOCK_IMPL" function defini=
tions. Patch from nherring; closes<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0=
=C2=A0 =C2=A0ticket 16869.<br class=3D"gmail_msg"><br><br class=3D"gmail_m=
sg"><br>=C2=A0 =C2=A0o Minor features (directory authority):<br class=3D"gm=
ail_msg"><br>=C2=A0 =C2=A0 =C2=A0- After voting, if the authorities decide =
that a relay is not<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0&=
quot;Valid", they no longer include it in the consensus at all. Closes=
<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0ticket 20002; implem=
ents part of proposal 272.<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0-=
Directory authorities now only give the Guard flag to a relay if<br class=
=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0they are also giving it the S=
table flag. This change allows us to<br class=3D"gmail_msg"><br>=C2=A0 =C2=
=A0 =C2=A0 =C2=A0simplify path selection for clients. It should have minima=
l effect<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0in practice,=
since >99% of Guards already have the Stable flag.<br class=3D"gmail_ms=
g"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0Implements ticket 18624.<br class=3D"gmai=
l_msg"><br>=C2=A0 =C2=A0 =C2=A0- Directory authorities now write their v3-s=
tatus-votes file out to<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=
=A0disk earlier in the consensus process, so we have a record of the<br cla=
ss=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0votes even if we abort the =
consensus process. Resolves<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0=
=C2=A0ticket 19036.<br class=3D"gmail_msg"><br><br class=3D"gmail_msg"><br=
>=C2=A0 =C2=A0o Minor features (fallback directory list, new since 0.2.9.7-=
rc):<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0- Replace the 81 remain=
ing fallbacks of the 100 originally<br class=3D"gmail_msg"><br>=C2=A0 =C2=
=A0 =C2=A0 =C2=A0introduced in Tor 0.2.8.3-alpha in March 2016, with a list=
of 177<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0fallbacks (12=
3 new, 54 existing, 27 removed) generated in December<br class=3D"gmail_msg=
"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A02016. Resolves ticket 20170.<br class=3D"g=
mail_msg"><br><br class=3D"gmail_msg"><br>=C2=A0 =C2=A0o Minor features (hi=
dden service):<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0- Stop being =
so strict about the payload length of "rendezvous1"<br class=3D"g=
mail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0cells. We used to be locked in to =
the "TAP" handshake length, and<br class=3D"gmail_msg"><br>=C2=A0=
=C2=A0 =C2=A0 =C2=A0now we can handle better handshakes like "ntor&qu=
ot;. Resolves<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0ticket =
18998.<br class=3D"gmail_msg"><br><br class=3D"gmail_msg"><br>=C2=A0 =C2=A0=
o Minor features (infrastructure, time):<br class=3D"gmail_msg"><br>=C2=A0 =
=C2=A0 =C2=A0- Tor now includes an improved timer backend, so that we can<b=
r class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0efficiently support te=
ns or hundreds of thousands of concurrent<br class=3D"gmail_msg"><br>=C2=A0=
=C2=A0 =C2=A0 =C2=A0timers, as will be needed for some of our planned anti=
-traffic-<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0analysis wo=
rk. This code is based on William Ahern's "timeout.c"<br clas=
s=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0project, which implements a =
"tickless hierarchical timing wheel".<br class=3D"gmail_msg"><br>=
=C2=A0 =C2=A0 =C2=A0 =C2=A0Closes ticket 18365.<br class=3D"gmail_msg"><br>=
=C2=A0 =C2=A0 =C2=A0- Tor now uses the operating system's monotonic tim=
ers (where<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0available)=
for internal fine-grained timing. Previously we would<br class=3D"gmail_ms=
g"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0look at the system clock, and then attemp=
t to compensate for the<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=
=A0clock running backwards. Closes ticket 18908.<br class=3D"gmail_msg"><br=
><br class=3D"gmail_msg"><br>=C2=A0 =C2=A0o Minor features (logging):<br cl=
ass=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0- Add a set of macros to check no=
nfatal assertions, for internal<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =
=C2=A0 =C2=A0use. Migrating more of our checks to these should help us avoi=
d<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0needless crash bugs=
. Closes ticket 18613.<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0- Pro=
vide a more useful warning message when configured with an<br class=3D"gmai=
l_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0invalid Nickname. Closes ticket 18300=
; patch from "icanhasaccount".<br class=3D"gmail_msg"><br>=C2=A0 =
=C2=A0 =C2=A0- When dumping unparseable router descriptors, optionally stor=
e them<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0in separate fi=
les, named by digest, up to a configurable size<br class=3D"gmail_msg"><br>=
=C2=A0 =C2=A0 =C2=A0 =C2=A0limit. You can change the size limit by setting =
the<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0MaxUnparseableDes=
cSizeToLog option, and disable this feature by<br class=3D"gmail_msg"><br>=
=C2=A0 =C2=A0 =C2=A0 =C2=A0setting that option to 0. Closes ticket 18322.<b=
r class=3D"gmail_msg"><br><br class=3D"gmail_msg"><br>=C2=A0 =C2=A0o Minor =
features (performance):<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0- Ch=
ange the "optimistic data" extension from "off by default&qu=
ot; to<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0"on by de=
fault". The default was ordinarily overridden by a<br class=3D"gmail_m=
sg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0consensus option, but when clients were =
bootstrapping for the<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=
=A0first time, they would not have a consensus to get the option<br class=
=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0from. Changing this default s=
aves a round-trip during startup.<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =
=C2=A0 =C2=A0Closes ticket 18815.<br class=3D"gmail_msg"><br><br class=3D"g=
mail_msg"><br>=C2=A0 =C2=A0o Minor features (relay, usability):<br class=3D=
"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0- When the directory authorities refuse=
a bad relay's descriptor,<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=
=A0 =C2=A0encourage the relay operator to contact us. Many relay operators<=
br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0won't notice this=
line in their logs, but it's a win if even a few<br class=3D"gmail_msg=
"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0learn why we don't like what their rel=
ay was doing. Resolves<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=
=A0ticket 18760.<br class=3D"gmail_msg"><br><br class=3D"gmail_msg"><br>=C2=
=A0 =C2=A0o Minor features (security, TLS):<br class=3D"gmail_msg"><br>=C2=
=A0 =C2=A0 =C2=A0- Servers no longer support clients that lack AES ciphersu=
ites.<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0(3DES is no lon=
ger considered an acceptable cipher.) We believe<br class=3D"gmail_msg"><br=
>=C2=A0 =C2=A0 =C2=A0 =C2=A0that no such Tor clients currently exist, since=
Tor has required<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0Ope=
nSSL 0.9.7 or later since 2009. Closes ticket 19998.<br class=3D"gmail_msg"=
><br><br class=3D"gmail_msg"><br>=C2=A0 =C2=A0o Minor features (testing):<b=
r class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0- Disable memory protections =
on OpenBSD when performing our unit<br class=3D"gmail_msg"><br>=C2=A0 =C2=
=A0 =C2=A0 =C2=A0tests for memwipe(). The test deliberately invokes undefin=
ed<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0behavior, and the =
OpenBSD protections interfere with this. Patch<br class=3D"gmail_msg"><br>=
=C2=A0 =C2=A0 =C2=A0 =C2=A0from "rubiate". Closes ticket 20066.<b=
r class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0- Move the test-network.sh sc=
ript to chutney, and modify tor's test-<br class=3D"gmail_msg"><br>=C2=
=A0 =C2=A0 =C2=A0 =C2=A0network.sh to call the (newer) chutney version when=
available.<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0Resolves =
ticket 19116. Patch by teor.<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=
=A0- Use the lcov convention for marking lines as unreachable, so that<br c=
lass=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0we don't count them w=
hen we're generating test coverage data.<br class=3D"gmail_msg"><br>=C2=
=A0 =C2=A0 =C2=A0 =C2=A0Update our coverage tools to understand this conven=
tion. Closes<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0ticket 1=
6792.<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0- Our link-handshake u=
nit tests now check that when invalid<br class=3D"gmail_msg"><br>=C2=A0 =C2=
=A0 =C2=A0 =C2=A0handshakes fail, they fail with the error messages we expe=
cted.<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0- Our unit testing cod=
e that captures log messages no longer<br class=3D"gmail_msg"><br>=C2=A0 =
=C2=A0 =C2=A0 =C2=A0prevents them from being written out if the user asked =
for them<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0(by passing =
--debug or --info or --notice or --warn to the "test"<br class=3D=
"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0binary). This change prevents us=
from missing unexpected log<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=
=A0 =C2=A0messages simply because we were looking for others. Related to<br=
class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0ticket 19999.<br class=
=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0- The unit tests now log all warning=
messages with the "BUG" flag.<br class=3D"gmail_msg"><br>=C2=A0 =
=C2=A0 =C2=A0 =C2=A0Previously, they only logged errors by default. This ch=
ange will<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0help us mak=
e our testing code more correct, and make sure that we<br class=3D"gmail_ms=
g"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0only hit this code when we mean to. In th=
e meantime, however,<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0=
there will be more warnings in the unit test logs than before.<br class=3D"=
gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0This is preparatory work for tick=
et 19999.<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0- The unit tests n=
ow treat any failure of a "tor_assert_nonfatal()"<br class=3D"gma=
il_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0assertion as a test failure.<br clas=
s=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0- We've done significant work t=
o make the unit tests run faster.<br class=3D"gmail_msg"><br><br class=3D"g=
mail_msg"><br>=C2=A0 =C2=A0o Minor features (testing, ipv6):<br class=3D"gm=
ail_msg"><br>=C2=A0 =C2=A0 =C2=A0- Add the hs-ipv6 chutney target to make t=
est-network-all's IPv6<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =
=C2=A0tests. Remove bridges+hs, as it's somewhat redundant. This<br cla=
ss=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0requires a recent chutney v=
ersion that supports IPv6 clients,<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0=
=C2=A0 =C2=A0relays, and authorities. Closes ticket 20069; patch by teor.<=
br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0- Add the single-onion and s=
ingle-onion-ipv6 chutney targets to<br class=3D"gmail_msg"><br>=C2=A0 =C2=
=A0 =C2=A0 =C2=A0"make test-network-all". This requires a recent =
chutney version<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0with =
the single onion network flavors (git c72a652 or later).<br class=3D"gmail_=
msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0Closes ticket 20072; patch by teor.<br =
class=3D"gmail_msg"><br><br class=3D"gmail_msg"><br>=C2=A0 =C2=A0o Minor fe=
atures (Tor2web):<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0- Make Tor=
2web clients respect ReachableAddresses. This feature was<br class=3D"gmail=
_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0inadvertently enabled in 0.2.8.6, then=
removed by bugfix 19973 on<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0=
=C2=A00.2.8.7. Implements feature 20034. Patch by teor.<br class=3D"gmail_=
msg"><br><br class=3D"gmail_msg"><br>=C2=A0 =C2=A0o Minor features (unix do=
main sockets):<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0- When config=
uring a unix domain socket for a SocksPort,<br class=3D"gmail_msg"><br>=C2=
=A0 =C2=A0 =C2=A0 =C2=A0ControlPort, or Hidden service, you can now wrap th=
e address in<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0quotes, =
using C-style escapes inside the quotes. This allows unix<br class=3D"gmail=
_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0domain socket paths to contain spaces.=
Resolves ticket 18753.<br class=3D"gmail_msg"><br><br class=3D"gmail_msg">=
<br>=C2=A0 =C2=A0o Minor features (user interface):<br class=3D"gmail_msg">=
<br>=C2=A0 =C2=A0 =C2=A0- Tor now supports the ability to declare options d=
eprecated, so<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0that we=
can recommend that people stop using them. Previously, this<br class=3D"gm=
ail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0was done in an ad-hoc way. There is=
a new --list-deprecated-options<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =
=C2=A0 =C2=A0command-line option to list all of the deprecated options. Clo=
ses<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0ticket 19820.<br =
class=3D"gmail_msg"><br><br class=3D"gmail_msg"><br>=C2=A0 =C2=A0o Minor fe=
atures (virtual addresses):<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0=
- Increase the maximum number of bits for the IPv6 virtual network<br class=
=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0prefix from 16 to 104. In thi=
s way, the condition for address<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =
=C2=A0 =C2=A0allocation is less restrictive. Closes ticket 20151; feature<b=
r class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0on 0.2.4.7-alpha.<br c=
lass=3D"gmail_msg"><br><br class=3D"gmail_msg"><br>=C2=A0 =C2=A0o Minor bug=
fixes (circuits):<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0- Use the=
CircuitBuildTimeout option whenever<br class=3D"gmail_msg"><br>=C2=A0 =C2=
=A0 =C2=A0 =C2=A0LearnCircuitBuildTimeout is disabled. Previously, we would=
respect<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0the option w=
hen a user disabled it, but not when it was disabled<br class=3D"gmail_msg"=
><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0because some other option was set. Fixes bu=
g 20073; bugfix on<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A00.=
2.4.12-alpha. Patch by teor.<br class=3D"gmail_msg"><br><br class=3D"gmail_=
msg"><br>=C2=A0 =C2=A0o Minor bugfixes (build):<br class=3D"gmail_msg"><br>=
=C2=A0 =C2=A0 =C2=A0- The current Git revision when building from a local r=
epository is<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0now dete=
cted correctly when using git worktrees. Fixes bug 20492;<br class=3D"gmail=
_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0bugfix on 0.2.3.9-alpha.<br class=3D"g=
mail_msg"><br><br class=3D"gmail_msg"><br>=C2=A0 =C2=A0o Minor bugfixes (re=
lay address discovery):<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0- St=
op reordering IP addresses returned by the OS. This makes it<br class=3D"gm=
ail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0more likely that Tor will guess the=
same relay IP address every<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=
=A0 =C2=A0time. Fixes issue 20163; bugfix on 0.2.7.1-alpha, ticket 17027.<b=
r class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0Reported by Ren=C3=A9 =
Mayrhofer, patch by "cypherpunks".<br class=3D"gmail_msg"><br><br=
class=3D"gmail_msg"><br>=C2=A0 =C2=A0o Minor bugfixes (memory allocation):=
<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0- Change how we allocate me=
mory for large chunks on buffers, to<br class=3D"gmail_msg"><br>=C2=A0 =C2=
=A0 =C2=A0 =C2=A0avoid a (currently impossible) integer overflow, and to wa=
ste less<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0space when a=
llocating unusually large chunks. Fixes bug 20081;<br class=3D"gmail_msg"><=
br>=C2=A0 =C2=A0 =C2=A0 =C2=A0bugfix on 0.2.0.16-alpha. Issue identified by=
Guido Vranken.<br class=3D"gmail_msg"><br><br class=3D"gmail_msg"><br>=C2=
=A0 =C2=A0o Minor bugfixes (bootstrap):<br class=3D"gmail_msg"><br>=C2=A0 =
=C2=A0 =C2=A0- Remember the directory server we fetched the consensus or pr=
evious<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0certificates f=
rom, and use it to fetch future authority<br class=3D"gmail_msg"><br>=C2=A0=
=C2=A0 =C2=A0 =C2=A0certificates. This change improves bootstrapping perfo=
rmance.<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0Fixes bug 189=
63; bugfix on 0.2.8.1-alpha.<br class=3D"gmail_msg"><br><br class=3D"gmail_=
msg"><br>=C2=A0 =C2=A0o Minor bugfixes (circuits):<br class=3D"gmail_msg"><=
br>=C2=A0 =C2=A0 =C2=A0- Make sure extend_info_from_router() is only called=
on servers.<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0Fixes bu=
g 19639; bugfix on 0.2.8.1-alpha.<br class=3D"gmail_msg"><br><br class=3D"g=
mail_msg"><br>=C2=A0 =C2=A0o Minor bugfixes (client, fascistfirewall):<br c=
lass=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0- Avoid spurious warnings when R=
eachableAddresses or FascistFirewall<br class=3D"gmail_msg"><br>=C2=A0 =C2=
=A0 =C2=A0 =C2=A0is set. Fixes bug 20306; bugfix on 0.2.8.2-alpha.<br class=
=3D"gmail_msg"><br><br class=3D"gmail_msg"><br>=C2=A0 =C2=A0o Minor bugfixe=
s (client, unix domain sockets):<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =
=C2=A0- Disable IsolateClientAddr when using AF_UNIX backed SocksPorts as<b=
r class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0the client address is =
meaningless. Fixes bug 20261; bugfix<br class=3D"gmail_msg"><br>=C2=A0 =C2=
=A0 =C2=A0 =C2=A0on 0.2.6.3-alpha.<br class=3D"gmail_msg"><br><br class=3D"=
gmail_msg"><br>=C2=A0 =C2=A0o Minor bugfixes (code style):<br class=3D"gmai=
l_msg"><br>=C2=A0 =C2=A0 =C2=A0- Fix an integer signedness conversion issue=
in the case conversion<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=
=A0tables. Fixes bug 19168; bugfix on 0.2.1.11-alpha.<br class=3D"gmail_msg=
"><br><br class=3D"gmail_msg"><br>=C2=A0 =C2=A0o Minor bugfixes (compilatio=
n):<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0- Build correctly on ver=
sions of libevent2 without support for<br class=3D"gmail_msg"><br>=C2=A0 =
=C2=A0 =C2=A0 =C2=A0evutil_secure_rng_add_bytes(). Fixes bug 19904; bugfix<=
br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0on 0.2.5.4-alpha.<br =
class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0- When building with Clang, use=
a full set of GCC warnings.<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=
=A0 =C2=A0(Previously, we included only a subset, because of the way we<br =
class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0detected them.) Fixes bu=
g 19216; bugfix on 0.2.0.1-alpha.<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =
=C2=A0- Detect Libevent2 functions correctly on systems that provide<br cla=
ss=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0libevent2, but where libeve=
nt1 is linked with -levent. Fixes bug<br class=3D"gmail_msg"><br>=C2=A0 =C2=
=A0 =C2=A0 =C2=A019904; bugfix on 0.2.2.24-alpha. Patch from Rubiate.<br cl=
ass=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0- Run correctly when built on Win=
dows build environments that<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=
=A0 =C2=A0require _vcsprintf(). Fixes bug 20560; bugfix on 0.2.2.11-alpha.<=
br class=3D"gmail_msg"><br><br class=3D"gmail_msg"><br>=C2=A0 =C2=A0o Minor=
bugfixes (configuration):<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0-=
When parsing quoted configuration values from the torrc file,<br class=3D"=
gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0handle Windows line endings corre=
ctly. Fixes bug 19167; bugfix on<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =
=C2=A0 =C2=A00.2.0.16-alpha. Patch from "Pingl".<br class=3D"gmai=
l_msg"><br><br class=3D"gmail_msg"><br>=C2=A0 =C2=A0o Minor bugfixes (direc=
tory authority):<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0- Authoriti=
es now sort the "package" lines in their votes, for ease<br class=
=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0of debugging. (They are alrea=
dy sorted in consensus documents.)<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0=
=C2=A0 =C2=A0Fixes bug 18840; bugfix on 0.2.6.3-alpha.<br class=3D"gmail_m=
sg"><br>=C2=A0 =C2=A0 =C2=A0- Die with a more useful error when the operato=
r forgets to place<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0th=
e authority_signing_key file into the keys directory. This<br class=3D"gmai=
l_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0avoids an uninformative assert & =
traceback about having an invalid<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =
=C2=A0 =C2=A0key. Fixes bug 20065; bugfix on 0.2.0.1-alpha.<br class=3D"gma=
il_msg"><br>=C2=A0 =C2=A0 =C2=A0- When allowing private addresses, mark Exi=
ts that only exit to<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0=
private locations as such. Fixes bug 20064; bugfix<br class=3D"gmail_msg"><=
br>=C2=A0 =C2=A0 =C2=A0 =C2=A0on 0.2.2.9-alpha.<br class=3D"gmail_msg"><br>=
=C2=A0 =C2=A0 =C2=A0- When parsing a detached signature, make sure we use t=
he length of<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0the dige=
st algorithm instead of a hardcoded DIGEST256_LEN in<br class=3D"gmail_msg"=
><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0order to avoid comparing bytes out-of-bound=
s with a smaller digest<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=
=A0length such as SHA1. Fixes bug 19066; bugfix on 0.2.2.6-alpha.<br class=
=3D"gmail_msg"><br><br class=3D"gmail_msg"><br>=C2=A0 =C2=A0o Minor bugfixe=
s (getpass):<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0- Defensively f=
ix a non-triggerable heap corruption at do_getpass()<br class=3D"gmail_msg"=
><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0to protect ourselves from mistakes in the f=
uture. Fixes bug<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A01922=
3; bugfix on 0.2.7.3-rc. Bug found by Guido Vranken, patch<br class=3D"gmai=
l_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0by nherring.<br class=3D"gmail_msg"><=
br><br class=3D"gmail_msg"><br>=C2=A0 =C2=A0o Minor bugfixes (guard selecti=
on):<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0- Don't mark guards=
as unreachable if connection_connect() fails.<br class=3D"gmail_msg"><br>=
=C2=A0 =C2=A0 =C2=A0 =C2=A0That function fails for local reasons, so it sho=
uldn't reveal<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0any=
thing about the status of the guard. Fixes bug 14334; bugfix<br class=3D"gm=
ail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0on 0.2.3.10-alpha.<br class=3D"gmai=
l_msg"><br>=C2=A0 =C2=A0 =C2=A0- Use a single entry guard even if the NumEn=
tryGuards consensus<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0p=
arameter is not provided. Fixes bug 17688; bugfix<br class=3D"gmail_msg"><b=
r>=C2=A0 =C2=A0 =C2=A0 =C2=A0on 0.2.5.6-alpha.<br class=3D"gmail_msg"><br><=
br class=3D"gmail_msg"><br>=C2=A0 =C2=A0o Minor bugfixes (hidden services):=
<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0- Increase the minimum numb=
er of internal circuits we preemptively<br class=3D"gmail_msg"><br>=C2=A0 =
=C2=A0 =C2=A0 =C2=A0build from 2 to 3, so a circuit is available when a cli=
ent<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0connects to anoth=
er onion service. Fixes bug 13239; bugfix<br class=3D"gmail_msg"><br>=C2=A0=
=C2=A0 =C2=A0 =C2=A0on 0.1.0.1-rc.<br class=3D"gmail_msg"><br>=C2=A0 =C2=
=A0 =C2=A0- Allow hidden services to run on IPv6 addresses even when the<br=
class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0IPv6Exit option is not =
set. Fixes bug 18357; bugfix<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=
=A0 =C2=A0on 0.2.4.7-alpha.<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0=
- Stop logging intro point details to the client log on certain<br class=3D=
"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0error conditions. Fixed as part =
of bug 20012; bugfix on<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=
=A00.2.4.8-alpha. Patch by teor.<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =
=C2=A0- When deleting an ephemeral hidden service, close its intro points<b=
r class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0even if they are not c=
ompletely open. Fixes bug 18604; bugfix<br class=3D"gmail_msg"><br>=C2=A0 =
=C2=A0 =C2=A0 =C2=A0on 0.2.7.1-alpha.<br class=3D"gmail_msg"><br>=C2=A0 =C2=
=A0 =C2=A0- When configuring hidden services, check every hidden service<br=
class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0directory's permiss=
ions. Previously, we only checked the last<br class=3D"gmail_msg"><br>=C2=
=A0 =C2=A0 =C2=A0 =C2=A0hidden service. Fixes bug 20529; bugfix on 0.2.6.2-=
alpha.<br class=3D"gmail_msg"><br><br class=3D"gmail_msg"><br>=C2=A0 =C2=A0=
o Minor bugfixes (IPv6, testing):<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =
=C2=A0- Check for IPv6 correctly on Linux when running test networks.<br cl=
ass=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0Fixes bug 19905; bugfix on=
0.2.7.3-rc; patch by teor.<br class=3D"gmail_msg"><br><br class=3D"gmail_m=
sg"><br>=C2=A0 =C2=A0o Minor bugfixes (Linux seccomp2 sandbox):<br class=3D=
"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0- Add permission to run the sched_yield=
() and sigaltstack() system<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0=
=C2=A0calls, in order to support versions of Tor compiled with asan or<br =
class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0ubsan code that use thes=
e calls. Now "sandbox 1" and<br class=3D"gmail_msg"><br>=C2=A0 =
=C2=A0 =C2=A0 =C2=A0"--enable-expensive-hardening" should be comp=
atible on more<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0system=
s. Fixes bug 20063; bugfix on 0.2.5.1-alpha.<br class=3D"gmail_msg"><br><br=
class=3D"gmail_msg"><br>=C2=A0 =C2=A0o Minor bugfixes (logging):<br class=
=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0- Downgrade a harmless log message a=
bout the<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0pending_entr=
y_connections list from "warn" to "info". Mitigates<br =
class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0bug 19926.<br class=3D"g=
mail_msg"><br>=C2=A0 =C2=A0 =C2=A0- Log a more accurate message when we fai=
l to dump a microdescriptor.<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=
=A0 =C2=A0Fixes bug 17758; bugfix on 0.2.2.8-alpha. Patch from Daniel Pinto=
.<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0- When logging a directory=
ownership mismatch, log the owning<br class=3D"gmail_msg"><br>=C2=A0 =C2=
=A0 =C2=A0 =C2=A0username correctly. Fixes bug 19578; bugfix on 0.2.2.29-be=
ta.<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0- When we are unable to =
remove the bw_accounting file, do not warn<br class=3D"gmail_msg"><br>=C2=
=A0 =C2=A0 =C2=A0 =C2=A0if the reason we couldn't remove it was that it=
didn't exist.<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0Fi=
xes bug 19964; bugfix on 0.2.5.4-alpha. Patch from pastly.<br class=3D"gmai=
l_msg"><br><br class=3D"gmail_msg"><br>=C2=A0 =C2=A0o Minor bugfixes (memor=
y leak):<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0- Fix a series of s=
low memory leaks related to parsing torrc files<br class=3D"gmail_msg"><br>=
=C2=A0 =C2=A0 =C2=A0 =C2=A0and options. Fixes bug 19466; bugfix on 0.2.1.6-=
alpha.<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0- Avoid a small memor=
y leak when informing worker threads about<br class=3D"gmail_msg"><br>=C2=
=A0 =C2=A0 =C2=A0 =C2=A0rotated onion keys. Fixes bug 20401; bugfix on 0.2.=
6.3-alpha.<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0- Fix a small mem=
ory leak when receiving AF_UNIX connections on a<br class=3D"gmail_msg"><br=
>=C2=A0 =C2=A0 =C2=A0 =C2=A0SocksPort. Fixes bug 20716; bugfix on 0.2.6.3-a=
lpha.<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0- When moving a signed=
descriptor object from a source to an<br class=3D"gmail_msg"><br>=C2=A0 =
=C2=A0 =C2=A0 =C2=A0existing destination, free the allocated memory inside =
that<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0destination obje=
ct. Fixes bug 20715; bugfix on 0.2.8.3-alpha.<br class=3D"gmail_msg"><br>=
=C2=A0 =C2=A0 =C2=A0- Fix a memory leak and use-after-free error when remov=
ing entries<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0from the =
sandbox's getaddrinfo() cache. Fixes bug 20710; bugfix on<br class=3D"g=
mail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A00.2.5.5-alpha. Patch from "cy=
pherpunks".<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0- Fix a sma=
ll, uncommon memory leak that could occur when reading a<br class=3D"gmail_=
msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0truncated ed25519 key file. Fixes bug 1=
8956; bugfix<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0on 0.2.6=
.1-alpha.<br class=3D"gmail_msg"><br><br class=3D"gmail_msg"><br>=C2=A0 =C2=
=A0o Minor bugfixes (option parsing):<br class=3D"gmail_msg"><br>=C2=A0 =C2=
=A0 =C2=A0- Count unix sockets when counting client listeners (SOCKS, Trans=
,<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0NATD, and DNS). Thi=
s has no user-visible behavior changes: these<br class=3D"gmail_msg"><br>=
=C2=A0 =C2=A0 =C2=A0 =C2=A0options are set once, and never read. Required f=
or correct<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0behavior i=
n ticket 17178. Fixes bug 19677; bugfix on<br class=3D"gmail_msg"><br>=C2=
=A0 =C2=A0 =C2=A0 =C2=A00.2.6.3-alpha. Patch by teor.<br class=3D"gmail_msg=
"><br><br class=3D"gmail_msg"><br>=C2=A0 =C2=A0o Minor bugfixes (options):<=
br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0- Check the consistency of U=
seEntryGuards and EntryNodes more<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =
=C2=A0 =C2=A0reliably. Fixes bug 20074; bugfix on 0.2.4.12-alpha. Patch<br =
class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0by teor.<br class=3D"gma=
il_msg"><br>=C2=A0 =C2=A0 =C2=A0- Stop changing the configured value of Use=
EntryGuards on<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0author=
ities and Tor2web clients. Fixes bug 20074; bugfix on<br class=3D"gmail_msg=
"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0commits 51fc6799 in 0.1.1.16-rc and acda17=
35 in 0.2.4.3-alpha.<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0=
Patch by teor.<br class=3D"gmail_msg"><br><br class=3D"gmail_msg"><br>=C2=
=A0 =C2=A0o Minor bugfixes (relay):<br class=3D"gmail_msg"><br>=C2=A0 =C2=
=A0 =C2=A0- Ensure relays don't make multiple connections during bootst=
rap.<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0Fixes bug 20591;=
bugfix on 0.2.8.1-alpha.<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0- =
Do not try to parallelize workers more than 16x without the user<br class=
=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0explicitly configuring us to =
do so, even if we do detect more than<br class=3D"gmail_msg"><br>=C2=A0 =C2=
=A0 =C2=A0 =C2=A016 CPU cores. Fixes bug 19968; bugfix on 0.2.3.1-alpha.<br=
class=3D"gmail_msg"><br><br class=3D"gmail_msg"><br>=C2=A0 =C2=A0o Minor b=
ugfixes (testing):<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0- The tes=
t-stem and test-network makefile targets now depend only on<br class=3D"gma=
il_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0the tor binary that they are testing=
. Previously, they depended on<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=
=A0 =C2=A0"make all". Fixes bug 18240; bugfix on 0.2.8.2-alpha. B=
ased on a<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0patch from =
"cypherpunks".<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0- A=
llow clients to retry HSDirs much faster in test networks. Fixes<br class=
=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0bug 19702; bugfix on 0.2.7.1-=
alpha. Patch by teor.<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0- Avoi=
d a unit test failure on systems with over 16 detectable CPU<br class=3D"gm=
ail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0cores. Fixes bug 19968; bugfix on 0=
.2.3.1-alpha.<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0- Let backtrac=
e tests work correctly under AddressSanitizer:<br class=3D"gmail_msg"><br>=
=C2=A0 =C2=A0 =C2=A0 =C2=A0disable ASAN's detection of segmentation fau=
lts while running<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0tes=
t_bt.sh, so that we can make sure that our own backtrace<br class=3D"gmail_=
msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0generation code works. Fixes bug 18934;=
bugfix<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0on 0.2.5.2-al=
pha. Patch from "cypherpunks".<br class=3D"gmail_msg"><br>=C2=A0 =
=C2=A0 =C2=A0- Fix the test-network-all target on out-of-tree builds by usi=
ng the<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0correct path t=
o the test driver script. Fixes bug 19421; bugfix<br class=3D"gmail_msg"><b=
r>=C2=A0 =C2=A0 =C2=A0 =C2=A0on 0.2.7.3-rc.<br class=3D"gmail_msg"><br>=C2=
=A0 =C2=A0 =C2=A0- Stop spurious failures in the local interface address di=
scovery<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0unit tests. F=
ixes bug 20634; bugfix on 0.2.8.1-alpha; patch by<br class=3D"gmail_msg"><b=
r>=C2=A0 =C2=A0 =C2=A0 =C2=A0Neel Chauhan.<br class=3D"gmail_msg"><br>=C2=
=A0 =C2=A0 =C2=A0- Use ECDHE ciphers instead of ECDH in tortls tests. Libre=
SSL has<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0removed the E=
CDH ciphers which caused the tests to fail on<br class=3D"gmail_msg"><br>=
=C2=A0 =C2=A0 =C2=A0 =C2=A0platforms which use it. Fixes bug 20460; bugfix =
on 0.2.8.1-alpha.<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0- The tor_=
tls_server_info_callback unit test no longer crashes when<br class=3D"gmail=
_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0debug-level logging is turned on. Fixe=
s bug 20041; bugfix<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0o=
n 0.2.8.1-alpha.<br class=3D"gmail_msg"><br><br class=3D"gmail_msg"><br>=C2=
=A0 =C2=A0o Minor bugfixes (time):<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0=
=C2=A0- Improve overflow checks in tv_udiff and tv_mdiff. Fixes bug 19483;=
<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0bugfix on all releas=
ed tor versions.<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0- When comp=
uting the difference between two times in milliseconds,<br class=3D"gmail_m=
sg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0we now round to the nearest millisecond =
correctly. Previously, we<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =
=C2=A0could sometimes round in the wrong direction. Fixes bug 19428;<br cla=
ss=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0bugfix on 0.2.2.2-alpha.<br=
class=3D"gmail_msg"><br><br class=3D"gmail_msg"><br>=C2=A0 =C2=A0o Minor b=
ugfixes (Tor2web):<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0- Prevent=
Tor2web clients from running hidden services: these services<br class=3D"g=
mail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0are not anonymous due to the one-h=
op client paths. Fixes bug<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =
=C2=A019678. Patch by teor.<br class=3D"gmail_msg"><br><br class=3D"gmail_m=
sg"><br>=C2=A0 =C2=A0o Minor bugfixes (user interface):<br class=3D"gmail_m=
sg"><br>=C2=A0 =C2=A0 =C2=A0- Display a more accurate number of suppressed =
messages in the log<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0r=
ate-limiter. Previously, there was a potential integer overflow<br class=3D=
"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0in the counter. Now, if the numb=
er of messages hits a maximum, the<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0=
=C2=A0 =C2=A0rate-limiter doesn't count any further. Fixes bug 19435; =
bugfix<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0on 0.2.4.11-al=
pha.<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0- Fix a typo in the pas=
sphrase prompt for the ed25519 identity key.<br class=3D"gmail_msg"><br>=C2=
=A0 =C2=A0 =C2=A0 =C2=A0Fixes bug 19503; bugfix on 0.2.7.2-alpha.<br class=
=3D"gmail_msg"><br><br class=3D"gmail_msg"><br>=C2=A0 =C2=A0o Code simplifi=
cation and refactoring:<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0- Re=
move redundant declarations of the MIN macro. Closes<br class=3D"gmail_msg"=
><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0ticket 18889.<br class=3D"gmail_msg"><br>=
=C2=A0 =C2=A0 =C2=A0- Rename tor_dup_addr() to tor_addr_to_str_dup() to avo=
id confusion.<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0Closes =
ticket 18462; patch from "icanhasaccount".<br class=3D"gmail_msg"=
><br>=C2=A0 =C2=A0 =C2=A0- Split the 600-line directory_handle_command_get =
function into<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0separat=
e functions for different URL types. Closes ticket 16698.<br class=3D"gmail=
_msg"><br><br class=3D"gmail_msg"><br>=C2=A0 =C2=A0o Documentation:<br clas=
s=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0- Add module-level internal documen=
tation for 36 C files that<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =
=C2=A0previously didn't have a high-level overview. Closes ticket 20385=
.<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0- Correct the IPv6 syntax =
in our documentation for the<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=
=A0 =C2=A0VirtualAddrNetworkIPv6 torrc option. Closes ticket 19743.<br clas=
s=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0- Correct the minimum bandwidth val=
ue in torrc.sample, and queue a<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =
=C2=A0 =C2=A0corresponding change for torrc.minimal. Closes ticket 20085.<b=
r class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0- Fix spelling of "--ena=
ble-tor2web-mode" in the manpage. Closes<br class=3D"gmail_msg"><br>=
=C2=A0 =C2=A0 =C2=A0 =C2=A0ticket 19153. Patch from "U+039b".<br =
class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0- Module-level documentation fo=
r several more modules. Closes<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=
=A0 =C2=A0tickets 19287 and 19290.<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0=
=C2=A0- Document the --passphrase-fd option in the tor manpage. Fixes bug<=
br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A019504; bugfix on 0.2.=
7.3-rc.<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0- Document the defau=
lt PathsNeededToBuildCircuits value that's used<br class=3D"gmail_msg">=
<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0by clients when the directory authorities do=
n't set<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0min_paths=
_for_circs_pct. Fixes bug 20117; bugfix on 0.2.4.10-alpha.<br class=3D"gmai=
l_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0Patch by teor, reported by Jesse V.<b=
r class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0- Fix manual for the User opt=
ion: it takes a username, not a UID.<br class=3D"gmail_msg"><br>=C2=A0 =C2=
=A0 =C2=A0 =C2=A0Fixes bug 19122; bugfix on 0.0.2pre16 (the first version t=
o have<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0a manpage!).<b=
r class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0- Fix the description of the =
--passphrase-fd option in the<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=
=A0 =C2=A0tor-gencert manpage. The option is used to pass the number of a<b=
r class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0file descriptor to rea=
d the passphrase from, not to read the file<br class=3D"gmail_msg"><br>=C2=
=A0 =C2=A0 =C2=A0 =C2=A0descriptor from. Fixes bug 19505; bugfix on 0.2.0.2=
0-alpha.<br class=3D"gmail_msg"><br><br class=3D"gmail_msg"><br>=C2=A0 =C2=
=A0o Removed code:<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0- We no l=
onger include the (dead, deprecated) bufferevent code in<br class=3D"gmail_=
msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0Tor. Closes ticket 19450. Based on a pa=
tch from "U+039b".<br class=3D"gmail_msg"><br><br class=3D"gmail_=
msg"><br>=C2=A0 =C2=A0o Removed features:<br class=3D"gmail_msg"><br>=C2=A0=
=C2=A0 =C2=A0- Remove support for "GET /tor/bytes.txt" DirPort r=
equest, and<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0"GET=
INFO dir-usage" controller request, which were only available<br class=
=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0via a compile-time option in =
Tor anyway. Feature was added in<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =
=C2=A0 =C2=A00.2.2.1-alpha. Resolves ticket 19035.<br class=3D"gmail_msg"><=
br>=C2=A0 =C2=A0 =C2=A0- There is no longer a compile-time option to disabl=
e support for<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0TransPo=
rt. (If you don't want TransPort, just don't use it.) Patch<br clas=
s=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0from "U+039b". Clo=
ses ticket 19449.<br class=3D"gmail_msg"><br><br class=3D"gmail_msg"><br>=
=C2=A0 =C2=A0o Testing:<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0- Ru=
n more workqueue tests as part of "make check". These had<br clas=
s=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0previously been implemented,=
but you needed to know special<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =
=C2=A0 =C2=A0command-line options to enable them.<br class=3D"gmail_msg"><b=
r>=C2=A0 =C2=A0 =C2=A0- We now have unit tests for our code to reject zlib =
"compression<br class=3D"gmail_msg"><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0bom=
bs". (Fortunately, the code works fine.)<br class=3D"gmail_msg"><br><b=
r class=3D"gmail_msg"><br><br class=3D"gmail_msg"><br>=C2=A0To generate a d=
iff of this commit:<br class=3D"gmail_msg"><br>=C2=A0cvs rdiff -u -r1.115 -=
r1.116 pkgsrc/net/tor/Makefile<br class=3D"gmail_msg"><br>=C2=A0cvs rdiff -=
u -r1.76 -r1.77 pkgsrc/net/tor/distinfo<br class=3D"gmail_msg"><br><br clas=
s=3D"gmail_msg"><br>=C2=A0Please note that diffs are not public domain; the=
y are subject to the<br class=3D"gmail_msg"><br>=C2=A0copyright notices on =
the relevant files.<br class=3D"gmail_msg"><br><br class=3D"gmail_msg"><br>=
</blockquote></div></div>
--94eb2c114896e075f00545953c2f--
Home |
Main Index |
Thread Index |
Old Index