- o Major features (Ed25519 identity keys: #12498, Prop220):
+ o Major features (Ed25519 identity keys, Prop220):
- All relays now maintain a stronger identity key, using the
Ed25519 elliptic curve signature format. This master key is
designed so that it can be kept offline. Relays also generate
an online signing key, and a set of other Ed25519 keys and certificates.
- These are all automatically regenerated and rotated as needed.
+ These are all automatically regenerated and rotated as needed.
- Directory authorities track which Ed25519 identity keys have been
used with which RSA1024 identity keys, and do not allow them to vary
freely.
- o Controller fixes:
+ o Minor bugfixes (controller):
- Add the descriptor ID in each HS_DESC control event. It was missing
- but specified in control-spec.txt. Fixes ticket 15881.
+ but specified in control-spec.txt. Fixes bug 15881; bugfix
+ on 0.2.5.2-alpha.
o Minor fixes (threads, comments):
- Check for NULL values in getinfo_helper_onions
- Patch by "teor".
- Fix on 915c7438a77e in Tor 0.2.7.1-alpha.
+ Patch by "teor". Fixes part of bug 16115; bugfix on 0.2.7.1-alpha.
o Minor fixes (threads, comments):
- Always initialise return value in compute_desc_id in rendcommon.c
Patch by "teor".
- Fix on e6a581f126ba, released in 0.2.7.1-alpha.
+ Fixes part of bug 16115; bugfix on 0.2.7.1-alpha.
+++ /dev/null
- o Minor fixes (threads, comments):
- - Ensure signing_key is non-NULL before accessing one of its members
- signing_key can be NULL in ed_key_init_from_file in routerkeys.c.
- Discovered by clang 3.7 address sanitizer.
- Patch by "teor".
- Fix on c03694938ed0, not in any released version of Tor.
+++ /dev/null
- o Minor fixes (threads, comments):
- - Fix an incorrect comment on spawn_func in compat_pthreads.c.
- spawn_func calls pthread_create on unix, not fork
- Patch by "teor".
- Bugfix on unknown tor version (existing code split out of
- compat.c into compat_pthreads.c in c2f0d52b7fb9 on 22 Sep 2013).
- Remove undefined directive-in-macro in test_util_writepid
clang 3.7 complains that using a preprocessor directive inside
a macro invocation in test_util_writepid in test_util.c is undefined.
- Patch by "teor".
- Fix on 79e85313aa61 on 0.2.7.1-alpha.
+ Patch by "teor". Fixes part of bug 16115; bugfix on 0.2.7.1-alpha.
+++ /dev/null
- o Minor fixes (threads, comments):
- - Silence unused variable warnings in find_cipher_by_id
- Unused variable warnings were still generated under some versions
- of OpenSSL. Instead, make sure all variables are used under all
- versions of OpenSSL.
- Patch by "teor".
- Fix on 496df21c89d1, not in any released version of tor.
current circuit exit node which resulted in changing the original
intro point choice. This resulted in the hidden service skipping
excluded nodes like for instance reconnecting to an expired intro
- point.; Fixes #16260; bugfixes on tor-0.1.0.1-rc~460.
+ point. Fixes bug 16260; bugfix on 0.1.0.1-rc.
This is particularly important for the introduction point retry
- behavior (#8239) since cannibalization is allowed, which is desired,
- so it's important to pin the chosen exit point.
+ behavior (see bug 8239) since cannibalization is allowed, which is
+ desired, so it's important to pin the chosen exit point.
tor_accept_socket_nonblocking() which made tor go beyond the open
file limit set previously. With this fix, before opening a new socket,
tor validates the open file limit just before and if the max has been
- reached, return EMFILE.; Fixes #16288; bugfix on tor-0.1.1.1-alpha~74.
+ reached, return EMFILE. Fixes bug 16288; bugfix on 0.1.1.1-alpha.
o Minor fixes (sandbox, files):
- Use the sandbox in tor_open_cloexec whether or not O_CLOEXEC is defined.
- Patch by "teor". Fix on 0.2.3.1-alpha.
+ Patch by "teor". Fixes bug 16515; bugfix on 0.2.3.1-alpha.
- - Removed features:
+ o Removed features:
- Remove the HidServDirectoryV2 option. Now all relays offer to store
hidden service descriptors. Related to 16543.
- Remove the VoteOnHidServDirectoriesV2 option, since all authorities
- Remove the introduction point adaptative algorithm which is leaking
popularity by changing the amount of introduction points depending on
the amount of traffic the HS sees. With this, we stick to only 3
- introduction points.
+ introduction points. Closes ticket 4862.
- Add the torrc option HiddenServiceNumIntroductionPoints for an
operatory to specify a fix amount of introduction points. Maximum
- value is 10 and default is 3.
+ value is 10 and default is 3. Closes ticket 4862.
Add clang dynamic sanitizer blacklist in
contrib/clang/sanitizer_blacklist.txt to exempt known undefined
behavior. Include detailed usage instructions in the blacklist.
- Patch by "teor".
+ Patch by "teor". Closes ticket 15817.
- o Features (control protocl):
- - Support network-liveness GETINFO key and NETWORK_LIVENESS events in the
- control protocol. Resolves ticket #15358.
+ o Features (control protocl):
+ - Support network-liveness GETINFO key and NETWORK_LIVENESS events in the
+ control protocol. Resolves ticket 15358.
are on an operating system that has not upgraded to OpenSSL 1.0
or later, and you compile Tor from source, you will need to
install a more recent OpenSSL to link Tor against.)
+ Resolves ticket 16034.
Elliptic Curve Cryptography. In particular support for at least one of
P256 or P224 is now required, with manual configuration needed if only
P224 is available.
+ Resolves ticket 16140.
- o Features (crypto, testing):
- - Now that OpenSSL has its own scrypt implementation, add an unit
- test that checks for interoperability between libscrypt_scrypt()
- and OpenSSL's EVP_PBE_scrypt() so that we could not use libscrypt
- and rely on EVP_PBE_scrypt() whenever possible. Resolves ticket
- 16189.
+ o Minor Features (crypto, testing):
+ - Now that OpenSSL has its own scrypt implementation, add an unit
+ test that checks for interoperability between libscrypt_scrypt()
+ and OpenSSL's EVP_PBE_scrypt() so that we could not use libscrypt
+ and rely on EVP_PBE_scrypt() whenever possible. Resolves ticket
+ 16189.
projects / thirdparty / tor.git / commitdiff
