Next | Query returned 214 messages, browsing 91 to 100 | Previous

History of commit frequency

CVS Commit History:


   2016-03-05 12:29:49 by Jonathan Perkin | Files touched by this commit (1813)
Log message:
Bump PKGREVISION for security/openssl ABI bump.
   2015-12-13 22:24:01 by Thomas Klausner | Files touched by this commit (2)
Log message:
Update tor to 0.2.7.6:

Changes in version 0.2.7.6 - 2015-12-10
  Tor version 0.2.7.6 fixes a major bug in entry guard selection, as
  well as a minor bug in hidden service reliability.

  o Major bugfixes (guard selection):
    - Actually look at the Guard flag when selecting a new directory
      guard. When we implemented the directory guard design, we
      accidentally started treating all relays as if they have the Guard
      flag during guard selection, leading to weaker anonymity and worse
      performance. Fixes bug 17772; bugfix on 0.2.4.8-alpha. Discovered
      by Mohsen Imani.

  o Minor features (geoip):
    - Update geoip and geoip6 to the December 1 2015 Maxmind GeoLite2
      Country database.

  o Minor bugfixes (compilation):
    - When checking for net/pfvar.h, include netinet/in.h if possible.
      This fixes transparent proxy detection on OpenBSD. Fixes bug
      17551; bugfix on 0.1.2.1-alpha. Patch from "rubiate".
    - Fix a compilation warning with Clang 3.6: Do not check the
      presence of an address which can never be NULL. Fixes bug 17781.

  o Minor bugfixes (correctness):
    - When displaying an IPv6 exit policy, include the mask bits
      correctly even when the number is greater than 31. Fixes bug
      16056; bugfix on 0.2.4.7-alpha. Patch from "gturner".
    - The wrong list was used when looking up expired intro points in a
      rend service object, causing what we think could be reachability
      issues for hidden services, and triggering a BUG log. Fixes bug
      16702; bugfix on 0.2.7.2-alpha.
    - Fix undefined behavior in the tor_cert_checksig function. Fixes
      bug 17722; bugfix on 0.2.7.2-alpha.
   2015-12-11 13:13:00 by Thomas Klausner | Files touched by this commit (4)
Log message:
Fix two problems when building on NetBSD-6.x.

Mention upstream bug reports filed for them.

Addresses PR 50521 by Uwe Toenjes.

While here, add reload command to rc.d script and bump PKGREVISION.
   2015-12-08 14:19:38 by Thomas Klausner | Files touched by this commit (4) | Package updated
Log message:
Update tor to latest stable release, 0.2.7.5.

Changes in version 0.2.7.5 - 2015-11-20
  The Tor 0.2.7 release series is dedicated to the memory of Tor user
  and privacy advocate Caspar Bowden (1961-2015). Caspar worked
  tirelessly to advocate human rights regardless of national borders,
  and oppose the encroachments of mass surveillance. He opposed national
  exceptionalism, he brought clarity to legal and policy debates, he
  understood and predicted the impact of mass surveillance on the world,
  and he laid the groundwork for resisting it. While serving on the Tor
  Project's board of directors, he brought us his uncompromising focus
  on technical excellence in the service of humankind. Caspar was an
  inimitable force for good and a wonderful friend. He was kind,
  humorous, generous, gallant, and believed we should protect one
  another without exception. We honor him here for his ideals, his
  efforts, and his accomplishments. Please honor his memory with works
  that would make him proud.

  Tor 0.2.7.5 is the first stable release in the Tor 0.2.7 series.

  The 0.2.7 series adds a more secure identity key type for relays,
  improves cryptography performance, resolves several longstanding
  hidden-service performance issues, improves controller support for
  hidden services, and includes small bugfixes and performance
  improvements throughout the program. This release series also includes
  more tests than before, and significant simplifications to which parts
  of Tor invoke which others.

  (This release contains no code changes since 0.2.7.4-rc.)

Changes in version 0.2.7.4-rc - 2015-10-21
  Tor 0.2.7.4-rc is the second release candidate in the 0.2.7 series. It
  fixes some important memory leaks, and a scary-looking (but mostly
  harmless in practice) invalid-read bug. It also has a few small
  bugfixes, notably fixes for compilation and portability on different
  platforms. If no further significant bounds are found, the next
  release will the the official stable release.

  o Major bugfixes (security, correctness):
    - Fix an error that could cause us to read 4 bytes before the
      beginning of an openssl string. This bug could be used to cause
      Tor to crash on systems with unusual malloc implementations, or
      systems with unusual hardening installed. Fixes bug 17404; bugfix
      on 0.2.3.6-alpha.

  o Major bugfixes (correctness):
    - Fix a use-after-free bug in validate_intro_point_failure(). Fixes
      bug 17401; bugfix on 0.2.7.3-rc.

  o Major bugfixes (memory leaks):
    - Fix a memory leak in ed25519 batch signature checking. Fixes bug
      17398; bugfix on 0.2.6.1-alpha.
    - Fix a memory leak in rend_cache_failure_entry_free(). Fixes bug
      17402; bugfix on 0.2.7.3-rc.
    - Fix a memory leak when reading an expired signing key from disk.
      Fixes bug 17403; bugfix on 0.2.7.2-rc.

  o Minor features (geoIP):
    - Update geoip and geoip6 to the October 9 2015 Maxmind GeoLite2
      Country database.

  o Minor bugfixes (compilation):
    - Repair compilation with the most recent (unreleased, alpha)
      vesions of OpenSSL 1.1. Fixes part of ticket 17237.
    - Fix an integer overflow warning in test_crypto_slow.c. Fixes bug
      17251; bugfix on 0.2.7.2-alpha.
    - Fix compilation of sandbox.c with musl-libc. Fixes bug 17347;
      bugfix on 0.2.5.1-alpha. Patch from 'jamestk'.

  o Minor bugfixes (portability):
    - Use libexecinfo on FreeBSD to enable backtrace support. Fixes part
      of bug 17151; bugfix on 0.2.5.2-alpha. Patch from Marcin Cieślak.

  o Minor bugfixes (sandbox):
    - Add the "hidserv-stats" filename to our sandbox filter for the
      HiddenServiceStatistics option to work properly. Fixes bug 17354;
      bugfix on tor-0.2.6.2-alpha. Patch from David Goulet.

  o Minor bugfixes (testing):
    - Add unit tests for get_interface_address* failure cases. Fixes bug
      17173; bugfix on 0.2.7.3-rc. Patch by fk/teor.
    - Fix breakage when running 'make check' with BSD make. Fixes bug
      17154; bugfix on 0.2.7.3-rc. Patch by Marcin Cieślak.
    - Make the get_ifaddrs_* unit tests more tolerant of different
      network configurations. (Don't assume every test box has an IPv4
      address, and don't assume every test box has a non-localhost
      address.) Fixes bug 17255; bugfix on 0.2.7.3-rc. Patch by "teor".
    - Skip backtrace tests when backtrace support is not compiled in.
      Fixes part of bug 17151; bugfix on 0.2.7.1-alpha. Patch from
      Marcin Cieślak.

  o Documentation:
    - Fix capitalization of SOCKS in sample torrc. Closes ticket 15609.
    - Note that HiddenServicePorts can take a unix domain socket. Closes
      ticket 17364.

Changes in version 0.2.7.3-rc - 2015-09-25
  Tor 0.2.7.3-rc is the first release candidate in the 0.2.7 series. It
  contains numerous usability fixes for Ed25519 keys, safeguards against
  several misconfiguration problems, significant simplifications to
  Tor's callgraph, and numerous bugfixes and small features.

  This is the most tested release of Tor to date. The unit tests cover
  39.40% of the code, and the integration tests (accessible with "make
  test-full-online", requiring stem and chutney and a network
  connection) raise the coverage to 64.49%.

  o Major features (security, hidden services):
    - Hidden services, if using the EntryNodes option, are required to
      use more than one EntryNode, in order to avoid a guard discovery
      attack. (This would only affect people who had configured hidden
      services and manually specified the EntryNodes option with a
      single entry-node. The impact was that it would be easy to
      remotely identify the guard node used by such a hidden service.
      See ticket for more information.) Fixes ticket 14917.

  o Major features (Ed25519 keys, keypinning):
    - The key-pinning option on directory authorities is now advisory-
      only by default. In a future version, or when the AuthDirPinKeys
      option is set, pins are enforced again. Disabling key-pinning
      seemed like a good idea so that we can survive the fallout of any
      usability problems associated with Ed25519 keys. Closes
      ticket 17135.

  o Major features (Ed25519 performance):
    - Improve the speed of Ed25519 operations and Curve25519 keypair
      generation when built targeting 32 bit x86 platforms with SSE2
      available. Implements ticket 16535.
    - Improve the runtime speed of Ed25519 signature verification by
      using Ed25519-donna's batch verification support. Implements
      ticket 16533.

  o Major features (performance testing):
    - The test-network.sh script now supports performance testing.
      Requires corresponding chutney performance testing changes. Patch
      by "teor". Closes ticket 14175.

  o Major features (relay, Ed25519):
    - Significant usability improvements for Ed25519 key management. Log
      messages are better, and the code can recover from far more
      failure conditions. Thanks to "s7r" for reporting and diagnosing
      so many of these!
    - Add a new OfflineMasterKey option to tell Tor never to try loading
      or generating a secret Ed25519 identity key. You can use this in
      combination with tor --keygen to manage offline and/or encrypted
      Ed25519 keys. Implements ticket 16944.
    - Add a --newpass option to allow changing or removing the
      passphrase of an encrypted key with tor --keygen. Implements part
      of ticket 16769.
    - On receiving a HUP signal, check to see whether the Ed25519
      signing key has changed, and reload it if so. Closes ticket 16790.

  o Major bugfixes (relay, Ed25519):
    - Avoid crashing on 'tor --keygen'. Fixes bug 16679; bugfix on
      0.2.7.2-alpha. Reported by "s7r".
    - Improve handling of expired signing keys with offline master keys.
      Fixes bug 16685; bugfix on 0.2.7.2-alpha. Reported by "s7r".

  o Minor features (client-side privacy):
    - New KeepAliveIsolateSOCKSAuth option to indefinitely extend circuit
      lifespan when IsolateSOCKSAuth and streams with SOCKS
      authentication are attached to the circuit. This allows
      applications like TorBrowser to manage circuit lifetime on their
      own. Implements feature 15482.
    - When logging malformed hostnames from SOCKS5 requests, respect
      SafeLogging configuration. Fixes bug 16891; bugfix on 0.1.1.16-rc.

  o Minor features (compilation):
    - Give a warning as early as possible when trying to build with an
      unsupported OpenSSL version. Closes ticket 16901.
    - Fail during configure if we're trying to build against an OpenSSL
      built without ECC support. Fixes bug 17109, bugfix on 0.2.7.1-alpha
      which started requiring ECC.

  o Minor features (geoip):
    - Update geoip and geoip6 to the September 3 2015 Maxmind GeoLite2
      Country database.

  o Minor features (hidden services):
    - Relays need to have the Fast flag to get the HSDir flag. As this
      is being written, we'll go from 2745 HSDirs down to 2342, a ~14%
      drop. This change should make some attacks against the hidden
      service directory system harder. Fixes ticket 15963.
    - Turn on hidden service statistics collection by setting the torrc
      option HiddenServiceStatistics to "1" by default. (This keeps
      track only of the fraction of traffic used by hidden services, and
      the total number of hidden services in existence.) Closes
      ticket 15254.
    - Client now uses an introduction point failure cache to know when
      to fetch or keep a descriptor in their cache. Previously, failures
      were recorded implicitly, but not explicitly remembered. Closes
      ticket 16389.

  o Minor features (testing, authorities, documentation):
    - New TestingDirAuthVote{Exit,Guard,HSDir}IsStrict flags to
      explicitly manage consensus flags in testing networks. Patch by
      "robgjansen", modified by "teor". Implements part of \ 
ticket 14882.

  o Minor bugfixes (security, exit policies):
    - ExitPolicyRejectPrivate now also rejects the relay's published
      IPv6 address (if any), and any publicly routable IPv4 or IPv6
      addresses on any local interfaces. ticket 17027. Patch by "teor".
      Fixes bug 17027; bugfix on 0.2.0.11-alpha.

  o Minor bug fixes (torrc exit policies):
    - In torrc, "accept6 *" and "reject6 *" ExitPolicy lines \ 
now only
      produce IPv6 wildcard addresses. Previously they would produce
      both IPv4 and IPv6 wildcard addresses. Patch by "teor". Fixes part
      of bug 16069; bugfix on 0.2.4.7-alpha.
    - When parsing torrc ExitPolicies, we now warn for a number of cases
      where the user's intent is likely to differ from Tor's actual
      behavior. These include: using an IPv4 address with an accept6 or
      reject6 line; using "private" on an accept6 or reject6 line; and
      including any ExitPolicy lines after accept *:* or reject *:*.
      Related to ticket 16069.
    - When parsing torrc ExitPolicies, we now issue an info-level
      message when expanding an "accept/reject *" line to include both
      IPv4 and IPv6 wildcard addresses. Related to ticket 16069.
    - In each instance above, usage advice is provided to avoid the
      message. Resolves ticket 16069. Patch by "teor". Fixes part of bug
      16069; bugfix on 0.2.4.7-alpha.

  o Minor bugfixes (authority):
    - Don't assign "HSDir" to a router if it isn't Valid and Running.
      Fixes bug 16524; bugfix on 0.2.7.2-alpha.
    - Downgrade log messages about Ed25519 key issues if they are in old
      cached router descriptors. Fixes part of bug 16286; bugfix
      on 0.2.7.2-alpha.
    - When we find an Ed25519 key issue in a cached descriptor, stop
      saying the descriptor was just "uploaded". Fixes another part of
      bug 16286; bugfix on 0.2.7.2-alpha.

  o Minor bugfixes (control port):
    - Repair a warning and a spurious result when getting the maximum
      number of file descriptors from the controller. Fixes bug 16697;
      bugfix on 0.2.7.2-alpha.

  o Minor bugfixes (correctness):
    - When calling channel_free_list(), avoid calling smartlist_remove()
      while inside a FOREACH loop. This partially reverts commit
      17356fe7fd96af where the correct SMARTLIST_DEL_CURRENT was
      incorrectly removed. Fixes bug 16924; bugfix on 0.2.4.4-alpha.

  o Minor bugfixes (documentation):
    - Advise users on how to configure separate IPv4 and IPv6 exit
      policies in the manpage and sample torrcs. Related to ticket 16069.
    - Fix the usage message of tor-resolve(1) so that it no longer lists
      the removed -F option. Fixes bug 16913; bugfix on 0.2.2.28-beta.
    - Fix an error in the manual page and comments for
      TestingDirAuthVoteHSDir[IsStrict], which suggested that a HSDir
      required "ORPort connectivity". While this is true, it is in no
      way unique to the HSDir flag. Of all the flags, only HSDirs need a
      DirPort configured in order for the authorities to assign that
      particular flag. Patch by "teor". Fixed as part of 14882; bugfix
      on 0.2.6.3-alpha.

  o Minor bugfixes (Ed25519):
    - Fix a memory leak when reading router descriptors with expired
      Ed25519 certificates. Fixes bug 16539; bugfix on 0.2.7.2-alpha.

  o Minor bugfixes (linux seccomp2 sandbox):
    - Allow bridge authorities to run correctly under the seccomp2
      sandbox. Fixes bug 16964; bugfix on 0.2.5.1-alpha.
    - Allow routers with ed25519 keys to run correctly under the
      seccomp2 sandbox. Fixes bug 16965; bugfix on 0.2.7.2-alpha.

  o Minor bugfixes (open file limit):
    - Fix set_max_file_descriptors() to set by default the max open file
      limit to the current limit when setrlimit() fails. Fixes bug
      16274; bugfix on tor- 0.2.0.10-alpha. Patch by dgoulet.

  o Minor bugfixes (portability):
    - Try harder to normalize the exit status of the Tor process to the
      standard-provided range. Fixes bug 16975; bugfix on every version
      of Tor ever.
    - Check correctly for Windows socket errors in the workqueue
      backend. Fixes bug 16741; bugfix on 0.2.6.3-alpha.
    - Fix the behavior of crypto_rand_time_range() when told to consider
      times before 1970. (These times were possible when running in a
      simulated network environment where time()'s output starts at
      zero.) Fixes bug 16980; bugfix on 0.2.7.1-alpha.
    - Restore correct operation of TLS client-cipher detection on
      OpenSSL 1.1. Fixes bug 14047; bugfix on 0.2.7.2-alpha.

  o Minor bugfixes (relay):
    - Ensure that worker threads actually exit when a fatal error or
      shutdown is indicated. This fix doesn't currently affect the
      behavior of Tor, because Tor workers never indicates fatal error
      or shutdown except in the unit tests. Fixes bug 16868; bugfix
      on 0.2.6.3-alpha.
    - Unblock threads before releasing the work queue mutex to ensure
      predictable scheduling behavior. Fixes bug 16644; bugfix
      on 0.2.6.3-alpha.

  o Code simplification and refactoring:
    - Change the function that's called when we need to retry all
      downloads so that it only reschedules the downloads to happen
      immediately, rather than launching them all at once itself. This
      further simplifies Tor's callgraph.
    - Move some format-parsing functions out of crypto.c and
      crypto_curve25519.c into crypto_format.c and/or util_format.c.
    - Move the client-only parts of init_keys() into a separate
      function. Closes ticket 16763.
    - Simplify the microdesc_free() implementation so that it no longer
      appears (to code analysis tools) to potentially invoke a huge
      suite of other microdesc functions.
    - Simply the control graph further by deferring the inner body of
      directory_all_unreachable() into a callback. Closes ticket 16762.
    - Treat the loss of an owning controller as equivalent to a SIGTERM
      signal. This removes a tiny amount of duplicated code, and
      simplifies our callgraph. Closes ticket 16788.
    - When generating an event to send to the controller, we no longer
      put the event over the network immediately. Instead, we queue
      these events, and use a Libevent callback to deliver them. This
      change simplifies Tor's callgraph by reducing the number of
      functions from which all other Tor functions are reachable. Closes
      ticket 16695.
    - Wrap Windows-only C files inside '#ifdef _WIN32' so that tools
      that try to scan or compile every file on Unix won't decide that
      they are broken.
    - Remove the unused "nulterminate" argument from buf_pullup().

  o Documentation:
    - Recommend a 40 GB example AccountingMax in torrc.sample rather
      than a 4 GB max. Closes ticket 16742.
    - Include the TUNING document in our source tarball. It is referred
      to in the ChangeLog and an error message. Fixes bug 16929; bugfix
      on 0.2.6.1-alpha.

  o Removed code:
    - The internal pure-C tor-fw-helper tool is now removed from the Tor
      distribution, in favor of the pure-Go clone available from
      https://gitweb.torproject.org/tor-fw-helper.git/ . The libraries
      used by the C tor-fw-helper are not, in our opinion, very
      confidence- inspiring in their secure-programming techniques.
      Closes ticket 13338.
    - Remove the code that would try to aggressively flush controller
      connections while writing to them. This code was introduced in
      0.1.2.7-alpha, in order to keep output buffers from exceeding
      their limits. But there is no longer a maximum output buffer size,
      and flushing data in this way caused some undesirable recursions
      in our call graph. Closes ticket 16480.

  o Testing:
    - Make "bridges+hs" the default test network. This tests almost all
      tor functionality during make test-network, while allowing tests
      to succeed on non-IPv6 systems. Requires chutney commit 396da92 in
      test-network-bridges-hs. Closes tickets 16945 (tor) and 16946
      (chutney). Patches by "teor".
    - Autodetect CHUTNEY_PATH if the chutney and Tor sources are side-
      by-side in the same parent directory. Closes ticket 16903. Patch
      by "teor".
    - Use environment variables rather than autoconf substitutions to
      send variables from the build system to the test scripts. This
      change should be easier to maintain, and cause 'make distcheck' to
      work better than before. Fixes bug 17148.
    - Add a new set of callgraph analysis scripts that use clang to
      produce a list of which Tor functions are reachable from which
      other Tor functions. We're planning to use these to help simplify
      our code structure by identifying illogical dependencies.
    - Add new 'test-full' and 'test-full-online' targets to run all
      tests, including integration tests with stem and chutney.
    - Make the test-workqueue test work on Windows by initializing the
      network before we begin.
    - New make target (make test-network-all) to run multiple applicable
      chutney test cases. Patch from Teor; closes 16953.
    - Unit test dns_resolve(), dns_clip_ttl() and dns_get_expiry_ttl()
      functions in dns.c. Implements a portion of ticket 16831.
    - When building Tor with testing coverage enabled, run Chutney tests
      (if any) using the 'tor-cov' coverage binary.
    - When running test-network or test-stem, check for the absence of
      stem/chutney before doing any build operations.

Changes in version 0.2.7.2-alpha - 2015-07-27
  This, the second alpha in the Tor 0.2.7 series, has a number of new
  features, including a way to manually pick the number of introduction
  points for hidden services, and the much stronger Ed25519 signing key
  algorithm for regular Tor relays (including support for encrypted
  offline identity keys in the new algorithm).

  Support for Ed25519 on relays is currently limited to signing router
  descriptors; later alphas in this series will extend Ed25519 key
  support to more parts of the Tor protocol.

  o Major features (Ed25519 identity keys, Proposal 220):
    - All relays now maintain a stronger identity key, using the Ed25519
      elliptic curve signature format. This master key is designed so
      that it can be kept offline. Relays also generate an online
      signing key, and a set of other Ed25519 keys and certificates.
      These are all automatically regenerated and rotated as needed.
      Implements part of ticket 12498.
    - Directory authorities now vote on Ed25519 identity keys along with
      RSA1024 keys. Implements part of ticket 12498.
    - Directory authorities track which Ed25519 identity keys have been
      used with which RSA1024 identity keys, and do not allow them to
      vary freely. Implements part of ticket 12498.
    - Microdescriptors now include Ed25519 identity keys. Implements
      part of ticket 12498.
    - Add support for offline encrypted Ed25519 master keys. To use this
      feature on your tor relay, run "tor --keygen" to make a new master
      key (or to make a new signing key if you already have a master
      key). Closes ticket 13642.

  o Major features (Hidden services):
    - Add the torrc option HiddenServiceNumIntroductionPoints, to
      specify a fixed number of introduction points. Its maximum value
      is 10 and default is 3. Using this option can increase a hidden
      service's reliability under load, at the cost of making it more
      visible that the hidden service is facing extra load. Closes
      ticket 4862.
    - Remove the adaptive algorithm for choosing the number of
      introduction points, which used to change the number of
      introduction points (poorly) depending on the number of
      connections the HS sees. Closes ticket 4862.

  o Major features (onion key cross-certification):
    - Relay descriptors now include signatures of their own identity
      keys, made using the TAP and ntor onion keys. These signatures
      allow relays to prove ownership of their own onion keys. Because
      of this change, microdescriptors will no longer need to include
      RSA identity keys. Implements proposal 228; closes ticket 12499.

  o Major features (performance):
    - Improve the runtime speed of Ed25519 operations by using the
      public-domain Ed25519-donna by Andrew M. ("floodyberry").
      Implements ticket 16467.
    - Improve the runtime speed of the ntor handshake by using an
      optimized curve25519 basepoint scalarmult implementation from the
      public-domain Ed25519-donna by Andrew M. ("floodyberry"), based on
      ideas by Adam Langley. Implements ticket 9663.

  o Major bugfixes (client-side privacy, also in 0.2.6.9):
    - Properly separate out each SOCKSPort when applying stream
      isolation. The error occurred because each port's session group
      was being overwritten by a default value when the listener
      connection was initialized. Fixes bug 16247; bugfix on
      0.2.6.3-alpha. Patch by "jojelino".

  o Major bugfixes (hidden service clients, stability, also in 0.2.6.10):
    - Stop refusing to store updated hidden service descriptors on a
      client. This reverts commit 9407040c59218 (which indeed fixed bug
      14219, but introduced a major hidden service reachability
      regression detailed in bug 16381). This is a temporary fix since
      we can live with the minor issue in bug 14219 (it just results in
      some load on the network) but the regression of 16381 is too much
      of a setback. First-round fix for bug 16381; bugfix
      on 0.2.6.3-alpha.

  o Major bugfixes (hidden services):
    - When cannibalizing a circuit for an introduction point, always
      extend to the chosen exit node (creating a 4 hop circuit).
      Previously Tor would use the current circuit exit node, which
      changed the original choice of introduction point, and could cause
      the hidden service to skip excluded introduction points or
      reconnect to a skipped introduction point. Fixes bug 16260; bugfix
      on 0.1.0.1-rc.

  o Major bugfixes (open file limit):
    - The open file limit wasn't checked before calling
      tor_accept_socket_nonblocking(), which would make Tor exceed the
      limit. Now, before opening a new socket, Tor validates the open
      file limit just before, and if the max has been reached, return an
      error. Fixes bug 16288; bugfix on 0.1.1.1-alpha.

  o Major bugfixes (stability, also in 0.2.6.10):
    - Stop crashing with an assertion failure when parsing certain kinds
      of malformed or truncated microdescriptors. Fixes bug 16400;
      bugfix on 0.2.6.1-alpha. Found by "torkeln"; fix based on a patch
      by "cypherpunks_backup".
    - Stop random client-side assertion failures that could occur when
      connecting to a busy hidden service, or connecting to a hidden
      service while a NEWNYM is in progress. Fixes bug 16013; bugfix
      on 0.1.0.1-rc.

  o Minor features (directory authorities, security, also in 0.2.6.9):
    - The HSDir flag given by authorities now requires the Stable flag.
      For the current network, this results in going from 2887 to 2806
      HSDirs. Also, it makes it harder for an attacker to launch a sybil
      attack by raising the effort for a relay to become Stable to
      require at the very least 7 days, while maintaining the 96 hours
      uptime requirement for HSDir. Implements ticket 8243.

  o Minor features (client):
    - Relax the validation of hostnames in SOCKS5 requests, allowing the
      character '_' to appear, in order to cope with domains observed in
      the wild that are serving non-RFC compliant records. Resolves
      ticket 16430.
    - Relax the validation done to hostnames in SOCKS5 requests, and
      allow a single trailing '.' to cope with clients that pass FQDNs
      using that syntax to explicitly indicate that the domain name is
      fully-qualified. Fixes bug 16674; bugfix on 0.2.6.2-alpha.
    - Add GroupWritable and WorldWritable options to unix-socket based
      SocksPort and ControlPort options. These options apply to a single
      socket, and override {Control,Socks}SocketsGroupWritable. Closes
      ticket 15220.

  o Minor features (control protocol):
    - Support network-liveness GETINFO key and NETWORK_LIVENESS event in
      the control protocol. Resolves ticket 15358.

  o Minor features (directory authorities):
    - Directory authorities no longer vote against the "Fast", \ 
"Stable",
      and "HSDir" flags just because they were going to vote against
      "Running": if the consensus turns out to be that the router was
      running, then the authority's vote should count. Patch from Peter
      Retzlaff; closes issue 8712.

  o Minor features (geoip, also in 0.2.6.10):
    - Update geoip to the June 3 2015 Maxmind GeoLite2 Country database.
    - Update geoip6 to the June 3 2015 Maxmind GeoLite2 Country database.

  o Minor features (hidden services):
    - Add the new options "HiddenServiceMaxStreams" and
      "HiddenServiceMaxStreamsCloseCircuit" to allow hidden services to
      limit the maximum number of simultaneous streams per circuit, and
      optionally tear down the circuit when the limit is exceeded. Part
      of ticket 16052.

  o Minor features (portability):
    - Use C99 variadic macros when the compiler is not GCC. This avoids
      failing compilations on MSVC, and fixes a log-file-based race
      condition in our old workarounds. Original patch from Gisle Vanem.

  o Minor bugfixes (compilation, also in 0.2.6.9):
    - Build with --enable-systemd correctly when libsystemd is
      installed, but systemd is not. Fixes bug 16164; bugfix on
      0.2.6.3-alpha. Patch from Peter Palfrader.

  o Minor bugfixes (controller):
    - Add the descriptor ID in each HS_DESC control event. It was
      missing, but specified in control-spec.txt. Fixes bug 15881;
      bugfix on 0.2.5.2-alpha.

  o Minor bugfixes (crypto error-handling, also in 0.2.6.10):
    - Check for failures from crypto_early_init, and refuse to continue.
      A previous typo meant that we could keep going with an
      uninitialized crypto library, and would have OpenSSL initialize
      its own PRNG. Fixes bug 16360; bugfix on 0.2.5.2-alpha, introduced
      when implementing ticket 4900. Patch by "teor".

  o Minor bugfixes (hidden services):
    - Fix a crash when reloading configuration while at least one
      configured and one ephemeral hidden service exists. Fixes bug
      16060; bugfix on 0.2.7.1-alpha.
    - Avoid crashing with a double-free bug when we create an ephemeral
      hidden service but adding it fails for some reason. Fixes bug
      16228; bugfix on 0.2.7.1-alpha.

  o Minor bugfixes (Linux seccomp2 sandbox):
    - Use the sandbox in tor_open_cloexec whether or not O_CLOEXEC is
      defined. Patch by "teor". Fixes bug 16515; bugfix on 0.2.3.1-alpha.

  o Minor bugfixes (Linux seccomp2 sandbox, also in 0.2.6.10):
    - Allow pipe() and pipe2() syscalls in the seccomp2 sandbox: we need
      these when eventfd2() support is missing. Fixes bug 16363; bugfix
      on 0.2.6.3-alpha. Patch from "teor".

  o Minor bugfixes (Linux seccomp2 sandbox, also in 0.2.6.9):
    - Fix sandboxing to work when running as a relay, by allowing the
      renaming of secret_id_key, and allowing the eventfd2 and futex
      syscalls. Fixes bug 16244; bugfix on 0.2.6.1-alpha. Patch by
      Peter Palfrader.
    - Allow systemd connections to work with the Linux seccomp2 sandbox
      code. Fixes bug 16212; bugfix on 0.2.6.2-alpha. Patch by
      Peter Palfrader.

  o Minor bugfixes (relay):
    - Fix a rarely-encountered memory leak when failing to initialize
      the thread pool. Fixes bug 16631; bugfix on 0.2.6.3-alpha. Patch
      from "cypherpunks".

  o Minor bugfixes (systemd):
    - Fix an accidental formatting error that broke the systemd
      configuration file. Fixes bug 16152; bugfix on 0.2.7.1-alpha.
    - Tor's systemd unit file no longer contains extraneous spaces.
      These spaces would sometimes confuse tools like deb-systemd-
      helper. Fixes bug 16162; bugfix on 0.2.5.5-alpha.

  o Minor bugfixes (tests):
    - Use the configured Python executable when running test-stem-full.
      Fixes bug 16470; bugfix on 0.2.7.1-alpha.

  o Minor bugfixes (tests, also in 0.2.6.9):
    - Fix a crash in the unit tests when built with MSVC2013. Fixes bug
      16030; bugfix on 0.2.6.2-alpha. Patch from "NewEraCracker".

  o Minor bugfixes (threads, comments):
    - Always initialize return value in compute_desc_id in rendcommon.c
      Patch by "teor". Fixes part of bug 16115; bugfix on 0.2.7.1-alpha.
    - Check for NULL values in getinfo_helper_onions(). Patch by "teor".
      Fixes part of bug 16115; bugfix on 0.2.7.1-alpha.
    - Remove undefined directive-in-macro in test_util_writepid clang
      3.7 complains that using a preprocessor directive inside a macro
      invocation in test_util_writepid in test_util.c is undefined.
      Patch by "teor". Fixes part of bug 16115; bugfix on 0.2.7.1-alpha.

  o Code simplification and refactoring:
    - Define WINVER and _WIN32_WINNT centrally, in orconfig.h, in order
      to ensure they remain consistent and visible everywhere.
    - Remove some vestigial workarounds for the MSVC6 compiler. We
      haven't supported that in ages.
    - The link authentication code has been refactored for better
      testability and reliability. It now uses code generated with the
      "trunnel" binary encoding generator, to reduce the risk of bugs
      due to programmer error. Done as part of ticket 12498.

  o Documentation:
    - Include a specific and (hopefully) accurate documentation of the
      torrc file's meta-format in doc/torrc_format.txt. This is mainly
      of interest to people writing programs to parse or generate torrc
      files. This document is not a commitment to long-term
      compatibility; some aspects of the current format are a bit
      ridiculous. Closes ticket 2325.

  o Removed features:
    - Tor no longer supports copies of OpenSSL that are missing support
      for Elliptic Curve Cryptography. (We began using ECC when
      available in 0.2.4.8-alpha, for more safe and efficient key
      negotiation.) In particular, support for at least one of P256 or
      P224 is now required, with manual configuration needed if only
      P224 is available. Resolves ticket 16140.
    - Tor no longer supports versions of OpenSSL before 1.0. (If you are
      on an operating system that has not upgraded to OpenSSL 1.0 or
      later, and you compile Tor from source, you will need to install a
      more recent OpenSSL to link Tor against.) These versions of
      OpenSSL are still supported by the OpenSSL, but the numerous
      cryptographic improvements in later OpenSSL releases makes them a
      clear choice. Resolves ticket 16034.
    - Remove the HidServDirectoryV2 option. Now all relays offer to
      store hidden service descriptors. Related to 16543.
    - Remove the VoteOnHidServDirectoriesV2 option, since all
      authorities have long set it to 1. Closes ticket 16543.

  o Testing:
    - Document use of coverity, clang static analyzer, and clang dynamic
      undefined behavior and address sanitizers in doc/HACKING. Include
      detailed usage instructions in the blacklist. Patch by "teor".
      Closes ticket 15817.
    - The link authentication protocol code now has extensive tests.
    - The relay descriptor signature testing code now has
      extensive tests.
    - The test_workqueue program now runs faster, and is enabled by
      default as a part of "make check".
    - Now that OpenSSL has its own scrypt implementation, add an unit
      test that checks for interoperability between libscrypt_scrypt()
      and OpenSSL's EVP_PBE_scrypt() so that we could not use libscrypt
      and rely on EVP_PBE_scrypt() whenever possible. Resolves
      ticket 16189.
   2015-11-04 01:35:47 by Alistair G. Crooks | Files touched by this commit (748)
Log message:
Add SHA512 digests for distfiles for net category

Problems found with existing digests:
	Package haproxy distfile haproxy-1.5.14.tar.gz
	159f5beb8fdc6b8059ae51b53dc935d91c0fb51f [recorded]
	da39a3ee5e6b4b0d3255bfef95601890afd80709 [calculated]

Problems found locating distfiles:
	Package bsddip: missing distfile bsddip-1.02.tar.Z
	Package citrix_ica: missing distfile citrix_ica-10.6.115659/en.linuxx86.tar.gz
	Package djbdns: missing distfile djbdns-1.05-test25.diff.bz2
	Package djbdns: missing distfile djbdns-cachestats.patch
	Package djbdns: missing distfile 0002-dnscache-cache-soa-records.patch
	Package gated: missing distfile gated-3-5-11.tar.gz
	Package owncloudclient: missing distfile owncloudclient-2.0.2.tar.xz
	Package poink: missing distfile poink-1.6.tar.gz
	Package ra-rtsp-proxy: missing distfile rtspd-src-1.0.0.0.tar.gz
	Package ucspi-ssl: missing distfile ucspi-ssl-0.70-ucspitls-0.1.patch
	Package waste: missing distfile waste-source.tar.gz

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.
   2015-07-19 14:04:48 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
Update to 0.2.6.10:

Changes in version 0.2.6.10 - 2015-07-12
  Tor version 0.2.6.10 fixes some significant stability and hidden
  service client bugs, bulletproofs the cryptography init process, and
  fixes a bug when using the sandbox code with some older versions of
  Linux. Everyone running an older version, especially an older version
  of 0.2.6, should upgrade.

  o Major bugfixes (hidden service clients, stability):
    - Stop refusing to store updated hidden service descriptors on a
      client. This reverts commit 9407040c59218 (which indeed fixed bug
      14219, but introduced a major hidden service reachability
      regression detailed in bug 16381). This is a temporary fix since
      we can live with the minor issue in bug 14219 (it just results in
      some load on the network) but the regression of 16381 is too much
      of a setback. First-round fix for bug 16381; bugfix
      on 0.2.6.3-alpha.

  o Major bugfixes (stability):
    - Stop crashing with an assertion failure when parsing certain kinds
      of malformed or truncated microdescriptors. Fixes bug 16400;
      bugfix on 0.2.6.1-alpha. Found by "torkeln"; fix based on a patch
      by "cypherpunks_backup".
    - Stop random client-side assertion failures that could occur when
      connecting to a busy hidden service, or connecting to a hidden
      service while a NEWNYM is in progress. Fixes bug 16013; bugfix
      on 0.1.0.1-rc.

  o Minor features (geoip):
    - Update geoip to the June 3 2015 Maxmind GeoLite2 Country database.
    - Update geoip6 to the June 3 2015 Maxmind GeoLite2 Country database.

  o Minor bugfixes (crypto error-handling):
    - Check for failures from crypto_early_init, and refuse to continue.
      A previous typo meant that we could keep going with an
      uninitialized crypto library, and would have OpenSSL initialize
      its own PRNG. Fixes bug 16360; bugfix on 0.2.5.2-alpha, introduced
      when implementing ticket 4900. Patch by "teor".

  o Minor bugfixes (Linux seccomp2 sandbox):
    - Allow pipe() and pipe2() syscalls in the seccomp2 sandbox: we need
      these when eventfd2() support is missing. Fixes bug 16363; bugfix
      on 0.2.6.3-alpha. Patch from "teor".
   2015-06-14 18:39:41 by Thomas Klausner | Files touched by this commit (2)
Log message:
Update to 0.2.6.9:

Changes in version 0.2.6.9 - 2015-06-11
  Tor 0.2.6.9 fixes a regression in the circuit isolation code, increases the
  requirements for receiving an HSDir flag, and addresses some other small
  bugs in the systemd and sandbox code. Clients using circuit isolation
  should upgrade; all directory authorities should upgrade.

  o Major bugfixes (client-side privacy):
    - Properly separate out each SOCKSPort when applying stream
      isolation. The error occurred because each port's session group was
      being overwritten by a default value when the listener connection
      was initialized. Fixes bug 16247; bugfix on 0.2.6.3-alpha. Patch
      by "jojelino".

  o Minor feature (directory authorities, security):
    - The HSDir flag given by authorities now requires the Stable flag.
      For the current network, this results in going from 2887 to 2806
      HSDirs. Also, it makes it harder for an attacker to launch a sybil
      attack by raising the effort for a relay to become Stable which
      takes at the very least 7 days to do so and by keeping the 96
      hours uptime requirement for HSDir. Implements ticket 8243.

  o Minor bugfixes (compilation):
    - Build with --enable-systemd correctly when libsystemd is
      installed, but systemd is not. Fixes bug 16164; bugfix on
      0.2.6.3-alpha. Patch from Peter Palfrader.

  o Minor bugfixes (Linux seccomp2 sandbox):
    - Fix sandboxing to work when running as a relaymby renaming of
      secret_id_key, and allowing the eventfd2 and futex syscalls. Fixes
      bug 16244; bugfix on 0.2.6.1-alpha. Patch by Peter Palfrader.
    - Allow systemd connections to work with the Linux seccomp2 sandbox
      code. Fixes bug 16212; bugfix on 0.2.6.2-alpha. Patch by
      Peter Palfrader.

  o Minor bugfixes (tests):
    - Fix a crash in the unit tests when built with MSVC2013. Fixes bug
      16030; bugfix on 0.2.6.2-alpha. Patch from "NewEraCracker".
   2015-05-23 10:53:11 by Benny Siegert | Files touched by this commit (3)
Log message:
Update tor to 0.2.6.8. From Christian Sturm in PR pkg/49917.

Changes in version 0.2.6.8 - 2015-05-21
  Tor 0.2.6.8 fixes a bit of dodgy code in parsing INTRODUCE2 cells, and
  fixes an authority-side bug in assigning the HSDir flag. All directory
  authorities should upgrade.

  o Major bugfixes (hidden services, backport from 0.2.7.1-alpha):
    - Revert commit that made directory authorities assign the HSDir
      flag to relay without a DirPort; this was bad because such relays
      can't handle BEGIN_DIR cells. Fixes bug 15850; bugfix
      on tor-0.2.6.3-alpha.

  o Minor bugfixes (hidden service, backport from 0.2.7.1-alpha):
    - Fix an out-of-bounds read when parsing invalid INTRODUCE2 cells on
      a client authorized hidden service. Fixes bug 15823; bugfix
      on 0.2.1.6-alpha.

  o Minor features (geoip):
    - Update geoip to the April 8 2015 Maxmind GeoLite2 Country database.
    - Update geoip6 to the April 8 2015 Maxmind GeoLite2
      Country database.

Changes in version 0.2.6.7 - 2015-04-06
  Tor 0.2.6.7 fixes two security issues that could be used by an
  attacker to crash hidden services, or crash clients visiting hidden
  services. Hidden services should upgrade as soon as possible; clients
  should upgrade whenever packages become available.

  This release also contains two simple improvements to make hidden
  services a bit less vulnerable to denial-of-service attacks.

  o Major bugfixes (security, hidden service):
    - Fix an issue that would allow a malicious client to trigger an
      assertion failure and halt a hidden service. Fixes bug 15600;
      bugfix on 0.2.1.6-alpha. Reported by "disgleirio".
    - Fix a bug that could cause a client to crash with an assertion
      failure when parsing a malformed hidden service descriptor. Fixes
      bug 15601; bugfix on 0.2.1.5-alpha. Found by "DonnchaC".

  o Minor features (DoS-resistance, hidden service):
    - Introduction points no longer allow multiple INTRODUCE1 cells to
      arrive on the same circuit. This should make it more expensive for
      attackers to overwhelm hidden services with introductions.
      Resolves ticket 15515.
    - Decrease the amount of reattempts that a hidden service performs
      when its rendezvous circuits fail. This reduces the computational
      cost for running a hidden service under heavy load. Resolves
      ticket 11447.
   2015-04-08 07:26:02 by Thomas Klausner | Files touched by this commit (2)
Log message:
Update to 0.2.5.12,  from Christian Sturm in PR 49823.

Changes in version 0.2.5.12 - 2015-04-06
  Tor 0.2.5.12 backports two fixes from 0.2.6.7 for security issues that
  could be used by an attacker to crash hidden services, or crash clients
  visiting hidden services. Hidden services should upgrade as soon as
  possible; clients should upgrade whenever packages become available.

  This release also backports a simple improvement to make hidden
  services a bit less vulnerable to denial-of-service attacks.

  o Major bugfixes (security, hidden service):
    - Fix an issue that would allow a malicious client to trigger an
      assertion failure and halt a hidden service. Fixes bug 15600;
      bugfix on 0.2.1.6-alpha. Reported by "disgleirio".
    - Fix a bug that could cause a client to crash with an assertion
      failure when parsing a malformed hidden service descriptor. Fixes
      bug 15601; bugfix on 0.2.1.5-alpha. Found by "DonnchaC".

  o Minor features (DoS-resistance, hidden service):
    - Introduction points no longer allow multiple INTRODUCE1 cells to
      arrive on the same circuit. This should make it more expensive for
      attackers to overwhelm hidden services with introductions.
      Resolves ticket 15515.
   2015-03-27 13:41:17 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
Update to 0.2.5.11, provided by Christian Sturm in PR 49794. Security update.

Changes in version 0.2.5.11 - 2015-03-17
  Tor 0.2.5.11 is the second stable release in the 0.2.5 series.

  It backports several bugfixes from the 0.2.6 branch, including a
  couple of medium-level security fixes for relays and exit nodes.
  It also updates the list of directory authorities.

  o Directory authority changes:
    - Remove turtles as a directory authority.
    - Add longclaw as a new (v3) directory authority. This implements
      ticket 13296. This keeps the directory authority count at 9.
    - The directory authority Faravahar has a new IP address. This
      closes ticket 14487.

  o Major bugfixes (crash, OSX, security):
    - Fix a remote denial-of-service opportunity caused by a bug in
      OSX's _strlcat_chk() function. Fixes bug 15205; bug first appeared
      in OSX 10.9.

  o Major bugfixes (relay, stability, possible security):
    - Fix a bug that could lead to a relay crashing with an assertion
      failure if a buffer of exactly the wrong layout was passed to
      buf_pullup() at exactly the wrong time. Fixes bug 15083; bugfix on
      0.2.0.10-alpha. Patch from 'cypherpunks'.
    - Do not assert if the 'data' pointer on a buffer is advanced to the
      very end of the buffer; log a BUG message instead. Only assert if
      it is past that point. Fixes bug 15083; bugfix on 0.2.0.10-alpha.

  o Major bugfixes (exit node stability):
    - Fix an assertion failure that could occur under high DNS load.
      Fixes bug 14129; bugfix on Tor 0.0.7rc1. Found by "jowr";
      diagnosed and fixed by "cypherpunks".

  o Major bugfixes (Linux seccomp2 sandbox):
    - Upon receiving sighup with the seccomp2 sandbox enabled, do not
      crash during attempts to call wait4. Fixes bug 15088; bugfix on
      0.2.5.1-alpha. Patch from "sanic".

  o Minor features (controller):
    - New "GETINFO bw-event-cache" to get information about recent
      bandwidth events. Closes ticket 14128. Useful for controllers to
      get recent bandwidth history after the fix for ticket 13988.

  o Minor features (geoip):
    - Update geoip to the March 3 2015 Maxmind GeoLite2 Country database.
    - Update geoip6 to the March 3 2015 Maxmind GeoLite2
      Country database.

  o Minor bugfixes (client, automapping):
    - Avoid crashing on torrc lines for VirtualAddrNetworkIPv[4|6] when
      no value follows the option. Fixes bug 14142; bugfix on
      0.2.4.7-alpha. Patch by "teor".
    - Fix a memory leak when using AutomapHostsOnResolve. Fixes bug
      14195; bugfix on 0.1.0.1-rc.

  o Minor bugfixes (compilation):
    - Build without warnings with the stock OpenSSL srtp.h header, which
      has a duplicate declaration of SSL_get_selected_srtp_profile().
      Fixes bug 14220; this is OpenSSL's bug, not ours.

  o Minor bugfixes (directory authority):
    - Allow directory authorities to fetch more data from one another if
      they find themselves missing lots of votes. Previously, they had
      been bumping against the 10 MB queued data limit. Fixes bug 14261;
      bugfix on 0.1.2.5-alpha.
    - Enlarge the buffer to read bwauth generated files to avoid an
      issue when parsing the file in dirserv_read_measured_bandwidths().
      Fixes bug 14125; bugfix on 0.2.2.1-alpha.

  o Minor bugfixes (statistics):
    - Increase period over which bandwidth observations are aggregated
      from 15 minutes to 4 hours. Fixes bug 13988; bugfix on 0.0.8pre1.

  o Minor bugfixes (preventative security, C safety):
    - When reading a hexadecimal, base-32, or base-64 encoded value from
      a string, always overwrite the whole output buffer. This prevents
      some bugs where we would look at (but fortunately, not reveal)
      uninitialized memory on the stack. Fixes bug 14013; bugfix on all
      versions of Tor.

Next | Query returned 214 messages, browsing 91 to 100 | Previous