advertising the ECDH (not to be confused with ECDHE) ciphersuites.
Resolves ticket 11438.
- o Major bugfixes (undefined behavior):
- - Fix various instances of undefined behavior in channeltls.c,
- tor_memmem(), and eventdns.c, that would cause us to construct
- pointers to memory outside an allocated object. (These invalid
- pointers were not accessed, but C does not even allow them to
- exist.) Fixes bug #10363; bugfixes on 0.2.0.10-alpha,
- 0.2.3.6-alpha, 0.1.1.1-alpha, and 0.1.2.1-alpha. Reported by
- "bobnomnom".
- - Use the AddressSanitizer and Ubsan sanitizers (in clang-3.4) to
- fix some miscellaneous errors in our tests and codebase. Fix for
- bug 11232. Bugfixes on versions back as far as 0.2.1.11-alpha.
-
o Minor features (Transparent proxy, *BSD):
- Support FreeBSD's ipfw firewall interface for TransPort ports. on
FreeBSD. To enable it, set "TransProxyType ipfw". Resolves ticket
memory. Right now, this includes AddressSanitizer and UbSan, which
are supported in newer versions of GCC and Clang. Closes ticket
11477.
- - If you don't specify MaxMemInQueues yourself, Tor now tries to
- pick a good value based on your total system memory. Previously,
- the default was always 8 GB. You can still override the default by
- setting MaxMemInQueues yourself. Resolves ticket 11396.
o Minor features (log verbosity):
- Demote the message that we give when a flushing connection times
at every 5% of progress. Fixes bug 9963.
o Minor features (relay):
+ - If you don't specify MaxMemInQueues yourself, Tor now tries to
+ pick a good value based on your total system memory. Previously,
+ the default was always 8 GB. You can still override the default by
+ setting MaxMemInQueues yourself. Resolves ticket 11396.
- If a circuit timed out for at least 3 minutes, check if we have a
new external IP address, and publish a new descriptor with the new
IP address if it changed. Resolves ticket 2454.
usage may no longer match the configured MaxMemInQueues value. The
real limit is now exposed via GETINFO limits/max-mem-in-queues.
- o Minor features (misc):
- - Always check return values for unlink, munmap, UnmapViewOfFile;
- check strftime return values more often. In some cases all we can
- do is report a warning, but this may help prevent deeper bugs from
- going unnoticed. Closes ticket 8787.
- - Fix numerous warnings from the clang "scan-build" static analyzer.
- Some of these are programming style issues; some of them are false
- positives that indicated awkward code; some are undefined behavior
- cases related to constructing (but not using) invalid pointers;
- some are assumptions about API behavior; some are using
- sizeof(ptr) when sizeof(*ptr) would be correct; and one or two are
- genuine bugs that weren't reachable from the rest of the program.
- Fixes bug 8793; bugfixes on many, many tor versions.
-
o Minor features (bridge client):
- Report a more useful failure message when we can't connect to a
bridge because we don't have the right pluggable transport
might be cleaning a microdescriptor for being too old if it's
still referenced by a live node_t object.
- o Minor bugfixes (logging):
+ o Minor bugfixes (client, DNSPort):
+ - When using DNSPort, try to respond to AAAA requests with AAAA
+ answers. Previously, we hadn't looked at the request type when
+ deciding which answer type to prefer. Fixes bug 10468; bugfix on
+ 0.2.4.7-alpha.
+ - When receiving a DNS query for an unsupported record type, reply
+ with no answer rather than with a NOTIMPL error. This behavior
+ isn't correct either, but it will break fewer client programs, we
+ hope. Fixes bug 10268; bugfix on 0.2.0.1-alpha. Original patch
+ from "epoch".
+
+ o Minor bugfixes (exit):
+ - Stop leaking memory when we successfully resolve a PTR record.
+ Fixes bug 11437; bugfix on 0.2.4.7-alpha.
+
+ o Minor bugfixes (bridge client):
+ - Stop accepting bridge lines containing hostnames. Doing so would
+ cause clients to perform DNS requests on the hostnames, which was
+ not sensible behavior. Fixes bug 10801; bugfix on 0.2.0.1-alpha.
+ - Avoid a 60-second delay in the bootstrapping process when a Tor
+ client with pluggable transports re-reads its configuration at
+ just the wrong time. Re-fixes bug 11156; bugfix on 0.2.5.3-alpha.
+ - Avoid 60-second delays in the bootstrapping process when Tor is
+ launching for a second time while using bridges. Fixes bug 9229;
+ bugfix on 0.2.0.3-alpha.
+
+ o Minor bugfixes (client, logging during bootstrap):
- Warn only once we start logging in an unsafe way. Previously, we
complain as many times we had problems. Fix for #9870; bugfix on
0.2.5.1-alpha.
- - Using the Linux seccomp2 sandbox no longer prevents stack-trace
- logging on crashes or errors. Fixes part 11465; bugfix on
- 0.2.5.1-alpha.
- Only report the first fatal bootstrap error on a given OR
connection. This stops us from telling the controller bogus error
messages like "DONE". Fixes bug 10431; bugfix on 0.2.1.1-alpha.
side managed proxy with ORPort or ExtORPort temporarily disabled.
Fixes bug 9650; bugfix on 0.2.3.16-alpha.
- o Minor bugfixes (misc):
- - Don't re-initialize a second set of OpenSSL mutexes when starting
- up. Previously, we'd make one set of mutexes, and then immediately
- replace them with another. Fixes bug 11726; bugfix on
- 0.2.5.3-alpha.
-
o Minor bugfixes (platform-specific):
- Fix compilation on Solaris, which does not have <endian.h>. Fixes
bug 11426; bugfix on 0.2.5.3-alpha.
11275; bugfix on 0.2.4.13-alpha.
- Free placeholder entries in our circuit table at exit; fixes a
harmless memory leak. Fixes bug 11278; bugfix on 0.2.5.1-alpha.
+ - Don't re-initialize a second set of OpenSSL mutexes when starting
+ up. Previously, we'd make one set of mutexes, and then immediately
+ replace them with another. Fixes bug 11726; bugfix on
+ 0.2.5.3-alpha.
- Resolve some memory leaks found by coverity in the unit tests, on
exit in tor-gencert, and on a failure to compute digests for our
own keys when generating a v3 networkstatus vote. These leaks
- Only retry attempts to connect to a chosen rendezvous point 8
times, not 30. Fixes bug #4241; bugfix on 0.1.0.1-rc.
- o Minor bugfixes (bridge client):
- - Stop accepting bridge lines containing hostnames. Doing so would
- cause clients to perform DNS requests on the hostnames, which was
- not sensible behavior. Fixes bug 10801; bugfix on 0.2.0.1-alpha.
- - Avoid a 60-second delay in the bootstrapping process when a Tor
- client with pluggable transports re-reads its configuration at
- just the wrong time. Re-fixes bug 11156; bugfix on 0.2.5.3-alpha.
- - Avoid 60-second delays in the bootstrapping process when Tor is
- launching for a second time while using bridges. Fixes bug 9229;
- bugfix on 0.2.0.3-alpha.
-
- o Minor bugfixes (DNS):
- - When receiving a DNS query for an unsupported record type, reply
- with no answer rather than with a NOTIMPL error. This behavior
- isn't correct either, but it will break fewer client programs, we
- hope. Fixes bug 10268; bugfix on 0.2.0.1-alpha. Original patch
- from "epoch".
-
- o Minor bugfixes (exit):
- - Stop leaking memory when we successfully resolve a PTR record.
- Fixes bug 11437; bugfix on 0.2.4.7-alpha.
-
- o Minor bugfixes (IPv6):
- - When using DNSPort, try to respond to AAAA requests with AAAA
- answers. Previously, we hadn't looked at the request type when
- deciding which answer type to prefer. Fixes bug 10468; bugfix on
- 0.2.4.7-alpha.
+ o Minor bugfixes (misc correctness):
+ - Fix various instances of undefined behavior in channeltls.c,
+ tor_memmem(), and eventdns.c, that would cause us to construct
+ pointers to memory outside an allocated object. (These invalid
+ pointers were not accessed, but C does not even allow them to
+ exist.) Fixes bug #10363; bugfixes on 0.2.0.10-alpha,
+ 0.2.3.6-alpha, 0.1.1.1-alpha, and 0.1.2.1-alpha. Reported by
+ "bobnomnom".
+ - Use the AddressSanitizer and Ubsan sanitizers (in clang-3.4) to
+ fix some miscellaneous errors in our tests and codebase. Fix for
+ bug 11232. Bugfixes on versions back as far as 0.2.1.11-alpha.
+ - Always check return values for unlink, munmap, UnmapViewOfFile;
+ check strftime return values more often. In some cases all we can
+ do is report a warning, but this may help prevent deeper bugs from
+ going unnoticed. Closes ticket 8787; bugfixes on many, many tor
+ versions.
+ - Fix numerous warnings from the clang "scan-build" static analyzer.
+ Some of these are programming style issues; some of them are false
+ positives that indicated awkward code; some are undefined behavior
+ cases related to constructing (but not using) invalid pointers;
+ some are assumptions about API behavior; some are using
+ sizeof(ptr) when sizeof(*ptr) would be correct; and one or two are
+ genuine bugs that weren't reachable from the rest of the program.
+ Fixes bug 8793; bugfixes on many, many tor versions.
o Documentation:
- Build the torify.1 manpage again. Previously, we were only trying
projects / thirdparty / tor.git / commitdiff
