openSUSE Contrib
Threads by month
- ----- 2024 -----
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
January 2012
- 8 participants
- 19 discussions
[obs delete-request 98961] openSUSE:Factory:Contrib/jigdo: created by AndreasStieger
by andreas.stieger@gmx.de 05 Jan '12
by andreas.stieger@gmx.de 05 Jan '12
05 Jan '12
openSUSE:Factory:Contrib/jigdo
https://build.opensuse.org/request/show/98961
Description: migrated to network:utilities, now in openSUSE:Factory
To REVIEW against the previous version:
osc request show --diff 98961
To ACCEPT the request:
osc request accept 98961 --message="reviewed ok."
To DECLINE the request:
osc request decline 98961 --message="declined for reason xyz (see ... for background / policy / ...)."
To REVOKE the request:
osc request revoke 98961 --message="retracted because ..., sorry / thx / see better version ..."
--
Hermes messaging (http://hermes.opensuse.org)
openSUSE Build Service (https://build.opensuse.org/)
Collaboration: http://en.opensuse.org/Build_Service/Collaboration
--
To unsubscribe, e-mail: opensuse-contrib+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-contrib+owner(a)opensuse.org
1
0
[obs delete-request 98552] openSUSE:11.4:Contrib/tor: created by AndreasStieger
by andreas.stieger@gmx.de 03 Jan '12
by andreas.stieger@gmx.de 03 Jan '12
03 Jan '12
openSUSE:11.4:Contrib/tor
https://build.opensuse.org/request/show/98552
Description: This upstream release is no longer maintained. Package has since migrated to network / tor and openSUSE:Factory.
changes files:
--------------
++++++ deleted changes files:
--- tor.changes
old:
----
tor-0.2.1.30.tar.bz2
tor.changes
tor.spec
tor_initscript.patch
spec files:
-----------
++++++ deleted spec files:
--- tor.spec
other changes:
--------------
++++++ deleted files:
--- tor-0.2.1.30.tar.bz2
--- tor_initscript.patch
To REVIEW against the previous version:
osc request show --diff 98552
To ACCEPT the request:
osc request accept 98552 --message="reviewed ok."
To DECLINE the request:
osc request decline 98552 --message="declined for reason xyz (see ... for background / policy / ...)."
To REVOKE the request:
osc request revoke 98552 --message="retracted because ..., sorry / thx / see better version ..."
--
Hermes messaging (http://hermes.opensuse.org)
openSUSE Build Service (https://build.opensuse.org/)
Collaboration: http://en.opensuse.org/Build_Service/Collaboration
--
To unsubscribe, e-mail: opensuse-contrib+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-contrib+owner(a)opensuse.org
3
2
https://bugzilla.novell.com/show_bug.cgi?id=739133
https://bugzilla.novell.com/show_bug.cgi?id=739133#c2
--- Comment #2 from Andreas Stieger <Andreas.Stieger(a)gmx.de> 2012-01-03 00:38:54 UTC ---
SRs to update openSUSE:11.[3,4]:Contrib to 0.2.2.35:
https://build.opensuse.org/request/show/98573
https://build.opensuse.org/request/show/98574
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
--
To unsubscribe, e-mail: opensuse-contrib+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-contrib+owner(a)opensuse.org
1
0
[obs delete-request 98552] openSUSE:11.4:Contrib/tor: revoked by AndreasStieger
by andreas.stieger@gmx.de 03 Jan '12
by andreas.stieger@gmx.de 03 Jan '12
03 Jan '12
State of delete-request #98552 was changed by AndreasStieger:
new -> revoked
Comment:
https://build.opensuse.org/request/diff/98552
--
Hermes messaging (http://hermes.opensuse.org)
openSUSE Build Service (https://build.opensuse.org/)
--
To unsubscribe, e-mail: opensuse-contrib+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-contrib+owner(a)opensuse.org
1
0
[obs delete-request 98551] openSUSE:11.3:Contrib/tor: revoked by AndreasStieger
by andreas.stieger@gmx.de 03 Jan '12
by andreas.stieger@gmx.de 03 Jan '12
03 Jan '12
State of delete-request #98551 was changed by AndreasStieger:
new -> revoked
Comment:
https://build.opensuse.org/request/diff/98551
--
Hermes messaging (http://hermes.opensuse.org)
openSUSE Build Service (https://build.opensuse.org/)
--
To unsubscribe, e-mail: opensuse-contrib+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-contrib+owner(a)opensuse.org
1
0
[obs submit-request 98574] openSUSE:11.4:Contrib/tor: created by AndreasStieger
by andreas.stieger@gmx.de 03 Jan '12
by andreas.stieger@gmx.de 03 Jan '12
03 Jan '12
home:AndreasStieger:branches:openSUSE:11.4:Contrib/tor -> openSUSE:11.4:Contrib/tor
https://build.opensuse.org/request/show/98574
Description: - update to upstream 0.2.2.35, which is the current stable and maintained version
- add CVE references in changelog, fixing bug #739133
changes files:
--------------
--- tor.changes
+++ tor.changes
@@ -1,0 +2,1436 @@
+Mon Jan 2 16:51:20 UTC 2012 - andreas.stieger(a)gmx.de
+
+- add CVE references in changelog, fixing bug #739133
+
+-------------------------------------------------------------------
+Fri Dec 16 20:37:05 UTC 2011 - andreas.stieger(a)gmx.de
+
+- update to upstream 0.2.2.35, which fixes a critical heap-overflow
+ security issue: CVE-2011-2778 For a full list of changes, see:
+ https://gitweb.torproject.org/tor.git/blob_plain/release-0.2.2:/ReleaseNotes
+
+------------------------------------------------------------------
+Mon Dec 12 15:42:09 UTC 2011 - cfarrell(a)suse.com
+
+- license update: BSD-3-Clause
+ SPDX format
+
+-------------------------------------------------------------------
+Sun Dec 11 18:42:57 UTC 2011 - andreas.stieger(a)gmx.de
+
+- fix factory warning by removing INSTALL file from docs dir
+
+-------------------------------------------------------------------
+Sun Dec 11 17:11:11 UTC 2011 - andreas.stieger(a)gmx.de
+
+- format spec file to include copyright notice
+ package is based on a former package in SUSE/openSUSE
+
+-------------------------------------------------------------------
+Sun Dec 11 12:37:14 UTC 2011 - andreas.stieger(a)gmx.de
+
+- update license from "3-clause BSD" to "BSD3c"
+
+-------------------------------------------------------------------
+Fri Oct 28 19:49:39 UTC 2011 - andreas.stieger(a)gmx.de
+
+- update to upstream 0.2.2.34
+- fixes CVE-2011-4895 Tor Bridge circuit building information disclosure
+- fixes CVE-2011-4894 Tor DirPort information disclosure
+
+Changes in version 0.2.2.34 - 2011-10-26
+ Tor 0.2.2.34 fixes a critical anonymity vulnerability where an attacker
+ can deanonymize Tor users. Everybody should upgrade.
+
+ The attack relies on four components: 1) Clients reuse their TLS cert
+ when talking to different relays, so relays can recognize a user by
+ the identity key in her cert. 2) An attacker who knows the client's
+ identity key can probe each guard relay to see if that identity key
+ is connected to that guard relay right now. 3) A variety of active
+ attacks in the literature (starting from "Low-Cost Traffic Analysis
+ of Tor" by Murdoch and Danezis in 2005) allow a malicious website to
+ discover the guard relays that a Tor user visiting the website is using.
+ 4) Clients typically pick three guards at random, so the set of guards
+ for a given user could well be a unique fingerprint for her. This
+ release fixes components #1 and #2, which is enough to block the attack;
+ the other two remain as open research problems. Special thanks to
+ "frosty_un" for reporting the issue to us!
+
+ Clients should upgrade so they are no longer recognizable by the TLS
+ certs they present. Relays should upgrade so they no longer allow a
+ remote attacker to probe them to test whether unpatched clients are
+ currently connected to them.
+
+ This release also fixes several vulnerabilities that allow an attacker
+ to enumerate bridge relays. Some bridge enumeration attacks still
+ remain; see for example proposal 188.
+
+ o Privacy/anonymity fixes (clients):
+ - Clients and bridges no longer send TLS certificate chains on
+ outgoing OR connections. Previously, each client or bridge would
+ use the same cert chain for all outgoing OR connections until
+ its IP address changes, which allowed any relay that the client
+ or bridge contacted to determine which entry guards it is using.
+ Fixes CVE-2011-2768. Bugfix on 0.0.9pre5; found by "frosty_un".
+ - If a relay receives a CREATE_FAST cell on a TLS connection, it
+ no longer considers that connection as suitable for satisfying a
+ circuit EXTEND request. Now relays can protect clients from the
+ CVE-2011-2768 issue even if the clients haven't upgraded yet.
+ - Directory authorities no longer assign the Guard flag to relays
+ that haven't upgraded to the above "refuse EXTEND requests
+ to client connections" fix. Now directory authorities can
+ protect clients from the CVE-2011-2768 issue even if neither
+ the clients nor the relays have upgraded yet. There's a new
+ "GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays" config option
+ to let us transition smoothly, else tomorrow there would be no
+ guard relays.
+
+ o Privacy/anonymity fixes (bridge enumeration):
+ - Bridge relays now do their directory fetches inside Tor TLS
+ connections, like all the other clients do, rather than connecting
+ directly to the DirPort like public relays do. Removes another
+ avenue for enumerating bridges. Fixes bug 4115; bugfix on 0.2.0.35.
+ - Bridges relays now build circuits for themselves in a more similar
+ way to how clients build them. Removes another avenue for
+ enumerating bridges. Fixes bug 4124; bugfix on 0.2.0.3-alpha,
+ when bridges were introduced.
+ - Bridges now refuse CREATE or CREATE_FAST cells on OR connections
+ that they initiated. Relays could distinguish incoming bridge
+ connections from client connections, creating another avenue for
+ enumerating bridges. Fixes CVE-2011-2769. Bugfix on 0.2.0.3-alpha.
+ Found by "frosty_un".
+
+ o Major bugfixes:
+ - Fix a crash bug when changing node restrictions while a DNS lookup
+ is in-progress. Fixes bug 4259; bugfix on 0.2.2.25-alpha. Bugfix
+ by "Tey'".
+ - Don't launch a useless circuit after failing to use one of a
+ hidden service's introduction points. Previously, we would
+ launch a new introduction circuit, but not set the hidden service
+ which that circuit was intended to connect to, so it would never
+ actually be used. A different piece of code would then create a
+ new introduction circuit correctly. Bug reported by katmagic and
+ found by Sebastian Hahn. Bugfix on 0.2.1.13-alpha; fixes bug 4212.
+
+ o Minor bugfixes:
+ - Change an integer overflow check in the OpenBSD_Malloc code so
+ that GCC is less likely to eliminate it as impossible. Patch
+ from Mansour Moufid. Fixes bug 4059.
+ - When a hidden service turns an extra service-side introduction
+ circuit into a general-purpose circuit, free the rend_data and
+ intro_key fields first, so we won't leak memory if the circuit
+ is cannibalized for use as another service-side introduction
+ circuit. Bugfix on 0.2.1.7-alpha; fixes bug 4251.
+ - Bridges now skip DNS self-tests, to act a little more stealthily.
+ Fixes bug 4201; bugfix on 0.2.0.3-alpha, which first introduced
+ bridges. Patch by "warms0x".
+ - Fix internal bug-checking logic that was supposed to catch
+ failures in digest generation so that it will fail more robustly
+ if we ask for a nonexistent algorithm. Found by Coverity Scan.
+ Bugfix on 0.2.2.1-alpha; fixes Coverity CID 479.
+ - Report any failure in init_keys() calls launched because our
+ IP address has changed. Spotted by Coverity Scan. Bugfix on
+ 0.1.1.4-alpha; fixes CID 484.
+
+ o Minor bugfixes (log messages and documentation):
+ - Remove a confusing dollar sign from the example fingerprint in the
+ man page, and also make the example fingerprint a valid one. Fixes
+ bug 4309; bugfix on 0.2.1.3-alpha.
+ - The next version of Windows will be called Windows 8, and it has
+ a major version of 6, minor version of 2. Correctly identify that
+ version instead of calling it "Very recent version". Resolves
+ ticket 4153; reported by funkstar.
+ - Downgrade log messages about circuit timeout calibration from
+ "notice" to "info": they don't require or suggest any human
+ intervention. Patch from Tom Lowenthal. Fixes bug 4063;
+ bugfix on 0.2.2.14-alpha.
+
+ o Minor features:
+ - Turn on directory request statistics by default and include them in
+ extra-info descriptors. Don't break if we have no GeoIP database.
+ Backported from 0.2.3.1-alpha; implements ticket 3951.
+ - Update to the October 4 2011 Maxmind GeoLite Country database.
+
+
+-------------------------------------------------------------------
+Tue Sep 20 20:58:56 UTC 2011 - andreas.stieger(a)gmx.de
+
+- update to upstream 0.2.2.33
+
+Changes in version 0.2.2.33 - 2011-09-13
+ Tor 0.2.2.33 fixes several bugs, and includes a slight tweak to Tor's
+ TLS handshake that makes relays and bridges that run this new version
+ reachable from Iran again.
+
+ o Major bugfixes:
+ - Avoid an assertion failure when reloading a configuration with
+ TrackExitHosts changes. Found and fixed by 'laruldan'. Fixes bug
+ 3923; bugfix on 0.2.2.25-alpha.
+
+ o Minor features (security):
+ - Check for replays of the public-key encrypted portion of an
+ INTRODUCE1 cell, in addition to the current check for replays of
+ the g^x value. This prevents a possible class of active attacks
+ by an attacker who controls both an introduction point and a
+ rendezvous point, and who uses the malleability of AES-CTR to
+ alter the encrypted g^x portion of the INTRODUCE1 cell. We think
+ that these attacks are infeasible (requiring the attacker to send
+ on the order of zettabytes of altered cells in a short interval),
+ but we'd rather block them off in case there are any classes of
+ this attack that we missed. Reported by Willem Pinckaers.
+
+ o Minor features:
+ - Adjust the expiration time on our SSL session certificates to
+ better match SSL certs seen in the wild. Resolves ticket 4014.
+ - Change the default required uptime for a relay to be accepted as
+ a HSDir (hidden service directory) from 24 hours to 25 hours.
+ Improves on 0.2.0.10-alpha; resolves ticket 2649.
+ - Add a VoteOnHidServDirectoriesV2 config option to allow directory
+ authorities to abstain from voting on assignment of the HSDir
+ consensus flag. Related to bug 2649.
+ - Update to the September 6 2011 Maxmind GeoLite Country database.
+
+ o Minor bugfixes (documentation and log messages):
+ - Correct the man page to explain that HashedControlPassword and
+ CookieAuthentication can both be set, in which case either method
+ is sufficient to authenticate to Tor. Bugfix on 0.2.0.7-alpha,
+ when we decided to allow these config options to both be set. Issue
+ raised by bug 3898.
+ - Demote the 'replay detected' log message emitted when a hidden
+ service receives the same Diffie-Hellman public key in two different
+ INTRODUCE2 cells to info level. A normal Tor client can cause that
+ log message during its normal operation. Bugfix on 0.2.1.6-alpha;
+ fixes part of bug 2442.
+ - Demote the 'INTRODUCE2 cell is too {old,new}' log message to info
+ level. There is nothing that a hidden service's operator can do
+ to fix its clients' clocks. Bugfix on 0.2.1.6-alpha; fixes part
+ of bug 2442.
+ - Clarify a log message specifying the characters permitted in
+ HiddenServiceAuthorizeClient client names. Previously, the log
+ message said that "[A-Za-z0-9+-_]" were permitted; that could have
+ given the impression that every ASCII character between "+" and "_"
+ was permitted. Now we say "[A-Za-z0-9+_-]". Bugfix on 0.2.1.5-alpha.
+
+ o Build fixes:
+ - Provide a substitute implementation of lround() for MSVC, which
+ apparently lacks it. Patch from Gisle Vanem.
+ - Clean up some code issues that prevented Tor from building on older
+ BSDs. Fixes bug 3894; reported by "grarpamp".
+ - Search for a platform-specific version of "ar" when cross-compiling.
+ Should fix builds on iOS. Resolves bug 3909, found by Marco Bonetti.
+
+
+-------------------------------------------------------------------
+Fri Sep 2 19:55:23 UTC 2011 - andreas.stieger(a)gmx.de
+
+- updated ot upstream 0.2.2.32
+- removed tor_initscript.patch
+- fixes CVE-2011-4897 Tor Nickname information disclosure
+- fixes CVE-2011-4896 Tor Bridge information disclosure
+
+Changes in version 0.2.2.32 - 2011-08-27
+ The Tor 0.2.2 release series is dedicated to the memory of Andreas
+ Pfitzmann (1958-2010), a pioneer in anonymity and privacy research,
+ a founder of the PETS community, a leader in our field, a mentor,
+ and a friend. He left us with these words: "I had the possibility
+ to contribute to this world that is not as it should be. I hope I
+ could help in some areas to make the world a better place, and that
+ I could also encourage other people to be engaged in improving the
+ world. Please, stay engaged. This world needs you, your love, your
+ initiative -- now I cannot be part of that anymore."
+
+ Tor 0.2.2.32, the first stable release in the 0.2.2 branch, is finally
+ ready. More than two years in the making, this release features improved
+ client performance and hidden service reliability, better compatibility
+ for Android, correct behavior for bridges that listen on more than
+ one address, more extensible and flexible directory object handling,
+ better reporting of network statistics, improved code security, and
+ many many other features and bugfixes.
+
+ o Major features (client performance):
+ - When choosing which cells to relay first, relays now favor circuits
+ that have been quiet recently, to provide lower latency for
+ low-volume circuits. By default, relays enable or disable this
+ feature based on a setting in the consensus. They can override
+ this default by using the new "CircuitPriorityHalflife" config
+ option. Design and code by Ian Goldberg, Can Tang, and Chris
+ Alexander.
+ - Directory authorities now compute consensus weightings that instruct
+ clients how to weight relays flagged as Guard, Exit, Guard+Exit,
+ and no flag. Clients use these weightings to distribute network load
+ more evenly across these different relay types. The weightings are
+ in the consensus so we can change them globally in the future. Extra
+ thanks to "outofwords" for finding some nasty security bugs in
+ the first implementation of this feature.
+
+ o Major features (client performance, circuit build timeout):
+ - Tor now tracks how long it takes to build client-side circuits
+ over time, and adapts its timeout to local network performance.
+ Since a circuit that takes a long time to build will also provide
+ bad performance, we get significant latency improvements by
+ discarding the slowest 20% of circuits. Specifically, Tor creates
+ circuits more aggressively than usual until it has enough data
+ points for a good timeout estimate. Implements proposal 151.
+ - Circuit build timeout constants can be controlled by consensus
+ parameters. We set good defaults for these parameters based on
+ experimentation on broadband and simulated high-latency links.
+ - Circuit build time learning can be disabled via consensus parameter
+ or by the client via a LearnCircuitBuildTimeout config option. We
+ also automatically disable circuit build time calculation if either
+ AuthoritativeDirectory is set, or if we fail to write our state
+ file. Implements ticket 1296.
+
+ o Major features (relays use their capacity better):
+ - Set SO_REUSEADDR socket option on all sockets, not just
+ listeners. This should help busy exit nodes avoid running out of
+ useable ports just because all the ports have been used in the
+ near past. Resolves issue 2850.
+ - Relays now save observed peak bandwidth throughput rates to their
+ state file (along with total usage, which was already saved),
+ so that they can determine their correct estimated bandwidth on
+ restart. Resolves bug 1863, where Tor relays would reset their
+ estimated bandwidth to 0 after restarting.
+ - Lower the maximum weighted-fractional-uptime cutoff to 98%. This
+ should give us approximately 40-50% more Guard-flagged nodes,
+ improving the anonymity the Tor network can provide and also
+ decreasing the dropoff in throughput that relays experience when
+ they first get the Guard flag.
+ - Directory authorities now take changes in router IP address and
+ ORPort into account when determining router stability. Previously,
+ if a router changed its IP or ORPort, the authorities would not
+ treat it as having any downtime for the purposes of stability
+ calculation, whereas clients would experience downtime since the
+ change would take a while to propagate to them. Resolves issue 1035.
+ - New AccelName and AccelDir options add support for dynamic OpenSSL
+ hardware crypto acceleration engines.
+
+ o Major features (relays control their load better):
+ - Exit relays now try harder to block exit attempts from unknown
+ relays, to make it harder for people to use them as one-hop proxies
+ a la tortunnel. Controlled by the refuseunknownexits consensus
+ parameter (currently enabled), or you can override it on your
+ relay with the RefuseUnknownExits torrc option. Resolves bug 1751;
+ based on a variant of proposal 163.
+ - Add separate per-conn write limiting to go with the per-conn read
+ limiting. We added a global write limit in Tor 0.1.2.5-alpha,
+ but never per-conn write limits.
+ - New consensus params "bwconnrate" and "bwconnburst" to let us
+ rate-limit client connections as they enter the network. It's
+ controlled in the consensus so we can turn it on and off for
+ experiments. It's starting out off. Based on proposal 163.
+
+ o Major features (controllers):
+ - Export GeoIP information on bridge usage to controllers even if we
+ have not yet been running for 24 hours. Now Vidalia bridge operators
+ can get more accurate and immediate feedback about their
+ contributions to the network.
+ - Add an __OwningControllerProcess configuration option and a
+ TAKEOWNERSHIP control-port command. Now a Tor controller can ensure
+ that when it exits, Tor will shut down. Implements feature 3049.
+
+ o Major features (directory authorities):
+ - Directory authorities now create, vote on, and serve multiple
+ parallel formats of directory data as part of their voting process.
+ Partially implements Proposal 162: "Publish the consensus in
+ multiple flavors".
+ - Directory authorities now agree on and publish small summaries
+ of router information that clients can use in place of regular
+ server descriptors. This transition will allow Tor 0.2.3 clients
+ to use far less bandwidth for downloading information about the
+ network. Begins the implementation of Proposal 158: "Clients
+ download consensus + microdescriptors".
+ - The directory voting system is now extensible to use multiple hash
+ algorithms for signatures and resource selection. Newer formats
+ are signed with SHA256, with a possibility for moving to a better
+ hash algorithm in the future.
+ - Directory authorities can now vote on arbitary integer values as
+ part of the consensus process. This is designed to help set
+ network-wide parameters. Implements proposal 167.
+
+ o Major features and bugfixes (node selection):
+ - Revise and reconcile the meaning of the ExitNodes, EntryNodes,
+ ExcludeEntryNodes, ExcludeExitNodes, ExcludeNodes, and Strict*Nodes
+ options. Previously, we had been ambiguous in describing what
+ counted as an "exit" node, and what operations exactly "StrictNodes
+ 0" would permit. This created confusion when people saw nodes built
+ through unexpected circuits, and made it hard to tell real bugs from
+ surprises. Now the intended behavior is:
+ . "Exit", in the context of ExitNodes and ExcludeExitNodes, means
+ a node that delivers user traffic outside the Tor network.
+ . "Entry", in the context of EntryNodes, means a node used as the
+ first hop of a multihop circuit. It doesn't include direct
+ connections to directory servers.
+ . "ExcludeNodes" applies to all nodes.
+ . "StrictNodes" changes the behavior of ExcludeNodes only. When
+ StrictNodes is set, Tor should avoid all nodes listed in
+ ExcludeNodes, even when it will make user requests fail. When
+ StrictNodes is *not* set, then Tor should follow ExcludeNodes
+ whenever it can, except when it must use an excluded node to
+ perform self-tests, connect to a hidden service, provide a
+ hidden service, fulfill a .exit request, upload directory
+ information, or fetch directory information.
+ Collectively, the changes to implement the behavior fix bug 1090.
+ - If EntryNodes, ExitNodes, ExcludeNodes, or ExcludeExitNodes
+ change during a config reload, mark and discard all our origin
+ circuits. This fix should address edge cases where we change the
+ config options and but then choose a circuit that we created before
+ the change.
+ - Make EntryNodes config option much more aggressive even when
+ StrictNodes is not set. Before it would prepend your requested
+ entrynodes to your list of guard nodes, but feel free to use others
+ after that. Now it chooses only from your EntryNodes if any of
+ those are available, and only falls back to others if a) they're
+ all down and b) StrictNodes is not set.
+ - Now we refresh your entry guards from EntryNodes at each consensus
+ fetch -- rather than just at startup and then they slowly rot as
+ the network changes.
+ - Add support for the country code "{??}" in torrc options like
+ ExcludeNodes, to indicate all routers of unknown country. Closes
+ bug 1094.
+ - ExcludeNodes now takes precedence over EntryNodes and ExitNodes: if
+ a node is listed in both, it's treated as excluded.
+ - ExcludeNodes now applies to directory nodes -- as a preference if
+ StrictNodes is 0, or an absolute requirement if StrictNodes is 1.
+ Don't exclude all the directory authorities and set StrictNodes to 1
+ unless you really want your Tor to break.
+ - ExcludeNodes and ExcludeExitNodes now override exit enclaving.
+ - ExcludeExitNodes now overrides .exit requests.
+ - We don't use bridges listed in ExcludeNodes.
+ - When StrictNodes is 1:
+ . We now apply ExcludeNodes to hidden service introduction points
+ and to rendezvous points selected by hidden service users. This
+ can make your hidden service less reliable: use it with caution!
+ . If we have used ExcludeNodes on ourself, do not try relay
+ reachability self-tests.
+ . If we have excluded all the directory authorities, we will not
+ even try to upload our descriptor if we're a relay.
+ . Do not honor .exit requests to an excluded node.
+ - When the set of permitted nodes changes, we now remove any mappings
+ introduced via TrackExitHosts to now-excluded nodes. Bugfix on
+ 0.1.0.1-rc.
+ - We never cannibalize a circuit that had excluded nodes on it, even
+ if StrictNodes is 0. Bugfix on 0.1.0.1-rc.
+ - Improve log messages related to excluded nodes.
+
+ o Major features (misc):
+ - Numerous changes, bugfixes, and workarounds from Nathan Freitas
+ to help Tor build correctly for Android phones.
+ - The options SocksPort, ControlPort, and so on now all accept a
+ value "auto" that opens a socket on an OS-selected port. A
+ new ControlPortWriteToFile option tells Tor to write its
+ actual control port or ports to a chosen file. If the option
+ ControlPortFileGroupReadable is set, the file is created as
+ group-readable. Now users can run two Tor clients on the same
+ system without needing to manually mess with parameters. Resolves
+ part of ticket 3076.
+ - Tor now supports tunneling all of its outgoing connections over
+ a SOCKS proxy, using the SOCKS4Proxy and/or SOCKS5Proxy
+ configuration options. Code by Christopher Davis.
+
+ o Code security improvements:
+ - Replace all potentially sensitive memory comparison operations
+ with versions whose runtime does not depend on the data being
+ compared. This will help resist a class of attacks where an
+ adversary can use variations in timing information to learn
+ sensitive data. Fix for one case of bug 3122. (Safe memcmp
+ implementation by Robert Ransom based partially on code by DJB.)
+ - Enable Address Space Layout Randomization (ASLR) and Data Execution
+ Prevention (DEP) by default on Windows to make it harder for
+ attackers to exploit vulnerabilities. Patch from John Brooks.
+ - New "--enable-gcc-hardening" ./configure flag (off by default)
+ to turn on gcc compile time hardening options. It ensures
+ that signed ints have defined behavior (-fwrapv), enables
+ -D_FORTIFY_SOURCE=2 (requiring -O2), adds stack smashing protection
+ with canaries (-fstack-protector-all), turns on ASLR protection if
+ supported by the kernel (-fPIE, -pie), and adds additional security
+ related warnings. Verified to work on Mac OS X and Debian Lenny.
+ - New "--enable-linker-hardening" ./configure flag (off by default)
+ to turn on ELF specific hardening features (relro, now). This does
+ not work with Mac OS X or any other non-ELF binary format.
+ - Always search the Windows system directory for system DLLs, and
+ nowhere else. Bugfix on 0.1.1.23; fixes bug 1954.
+ - New DisableAllSwap option. If set to 1, Tor will attempt to lock all
+ current and future memory pages via mlockall(). On supported
+ platforms (modern Linux and probably BSD but not Windows or OS X),
+ this should effectively disable any and all attempts to page out
+ memory. This option requires that you start your Tor as root --
+ if you use DisableAllSwap, please consider using the User option
+ to properly reduce the privileges of your Tor.
+
+ o Major bugfixes (crashes):
+ - Fix crash bug on platforms where gmtime and localtime can return
+ NULL. Windows 7 users were running into this one. Fixes part of bug
+ 2077. Bugfix on all versions of Tor. Found by boboper.
+ - Introduce minimum/maximum values that clients will believe
+ from the consensus. Now we'll have a better chance to avoid crashes
+ or worse when a consensus param has a weird value.
+ - Fix a rare crash bug that could occur when a client was configured
+ with a large number of bridges. Fixes bug 2629; bugfix on
+ 0.2.1.2-alpha. Bugfix by trac user "shitlei".
+ - Do not crash when our configuration file becomes unreadable, for
+ example due to a permissions change, between when we start up
+ and when a controller calls SAVECONF. Fixes bug 3135; bugfix
+ on 0.0.9pre6.
+ - If we're in the pathological case where there's no exit bandwidth
+ but there is non-exit bandwidth, or no guard bandwidth but there
+ is non-guard bandwidth, don't crash during path selection. Bugfix
+ on 0.2.0.3-alpha.
+ - Fix a crash bug when trying to initialize the evdns module in
+ Libevent 2. Bugfix on 0.2.1.16-rc.
+
+ o Major bugfixes (stability):
+ - Fix an assert in parsing router descriptors containing IPv6
+ addresses. This one took down the directory authorities when
+ somebody tried some experimental code. Bugfix on 0.2.1.3-alpha.
+ - Fix an uncommon assertion failure when running with DNSPort under
+ heavy load. Fixes bug 2933; bugfix on 0.2.0.1-alpha.
+ - Treat an unset $HOME like an empty $HOME rather than triggering an
+ assert. Bugfix on 0.0.8pre1; fixes bug 1522.
+ - More gracefully handle corrupt state files, removing asserts
+ in favor of saving a backup and resetting state.
+ - Instead of giving an assertion failure on an internal mismatch
+ on estimated freelist size, just log a BUG warning and try later.
+ Mitigates but does not fix bug 1125.
+ - Fix an assert that got triggered when using the TestingTorNetwork
+ configuration option and then issuing a GETINFO config-text control
+ command. Fixes bug 2250; bugfix on 0.2.1.2-alpha.
+ - If the cached cert file is unparseable, warn but don't exit.
+
+ o Privacy fixes (relays/bridges):
+ - Don't list Windows capabilities in relay descriptors. We never made
+ use of them, and maybe it's a bad idea to publish them. Bugfix
+ on 0.1.1.8-alpha.
+ - If the Nickname configuration option isn't given, Tor would pick a
+ nickname based on the local hostname as the nickname for a relay.
+ Because nicknames are not very important in today's Tor and the
+ "Unnamed" nickname has been implemented, this is now problematic
+ behavior: It leaks information about the hostname without being
+ useful at all. Fixes bug 2979; bugfix on 0.1.2.2-alpha, which
+ introduced the Unnamed nickname. Reported by tagnaq.
+ - Maintain separate TLS contexts and certificates for incoming and
+ outgoing connections in bridge relays. Previously we would use the
+ same TLS contexts and certs for incoming and outgoing connections.
+ Bugfix on 0.2.0.3-alpha; addresses bug 988.
+ - Maintain separate identity keys for incoming and outgoing TLS
+ contexts in bridge relays. Previously we would use the same
+ identity keys for incoming and outgoing TLS contexts. Bugfix on
+ 0.2.0.3-alpha; addresses the other half of bug 988.
+ - Make the bridge directory authority refuse to answer directory
+ requests for "all descriptors". It used to include bridge
+ descriptors in its answer, which was a major information leak.
+ Found by "piebeer". Bugfix on 0.2.0.3-alpha.
+
+ o Privacy fixes (clients):
+ - When receiving a hidden service descriptor, check that it is for
+ the hidden service we wanted. Previously, Tor would store any
+ hidden service descriptors that a directory gave it, whether it
+ wanted them or not. This wouldn't have let an attacker impersonate
+ a hidden service, but it did let directories pre-seed a client
+ with descriptors that it didn't want. Bugfix on 0.0.6.
+ - Start the process of disabling ".exit" address notation, since it
+ can be used for a variety of esoteric application-level attacks
+ on users. To reenable it, set "AllowDotExit 1" in your torrc. Fix
+ on 0.0.9rc5.
+ - Reject attempts at the client side to open connections to private
+ IP addresses (like 127.0.0.1, 10.0.0.1, and so on) with
+ a randomly chosen exit node. Attempts to do so are always
+ ill-defined, generally prevented by exit policies, and usually
+ in error. This will also help to detect loops in transparent
+ proxy configurations. You can disable this feature by setting
+ "ClientRejectInternalAddresses 0" in your torrc.
+ - Log a notice when we get a new control connection. Now it's easier
+ for security-conscious users to recognize when a local application
+ is knocking on their controller door. Suggested by bug 1196.
+
+ o Privacy fixes (newnym):
+ - Avoid linkability based on cached hidden service descriptors: forget
+ all hidden service descriptors cached as a client when processing a
+ SIGNAL NEWNYM command. Fixes bug 3000; bugfix on 0.0.6.
+ - On SIGHUP, do not clear out all TrackHostExits mappings, client
+ DNS cache entries, and virtual address mappings: that's what
+ NEWNYM is for. Fixes bug 1345; bugfix on 0.1.0.1-rc.
+ - Don't attach new streams to old rendezvous circuits after SIGNAL
+ NEWNYM. Previously, we would keep using an existing rendezvous
+ circuit if it remained open (i.e. if it were kept open by a
+ long-lived stream, or if a new stream were attached to it before
+ Tor could notice that it was old and no longer in use). Bugfix on
+ 0.1.1.15-rc; fixes bug 3375.
+
+ o Major bugfixes (relay bandwidth accounting):
+ - Fix a bug that could break accounting on 64-bit systems with large
+ time_t values, making them hibernate for impossibly long intervals.
+ Fixes bug 2146. Bugfix on 0.0.9pre6; fix by boboper.
+ - Fix a bug in bandwidth accounting that could make us use twice
+ the intended bandwidth when our interval start changes due to
+ daylight saving time. Now we tolerate skew in stored vs computed
+ interval starts: if the start of the period changes by no more than
+ 50% of the period's duration, we remember bytes that we transferred
+ in the old period. Fixes bug 1511; bugfix on 0.0.9pre5.
+
+ o Major bugfixes (bridges):
+ - Bridges now use "reject *:*" as their default exit policy. Bugfix
+ on 0.2.0.3-alpha. Fixes bug 1113.
+ - If you configure your bridge with a known identity fingerprint,
+ and the bridge authority is unreachable (as it is in at least
+ one country now), fall back to directly requesting the descriptor
+ from the bridge. Finishes the feature started in 0.2.0.10-alpha;
+ closes bug 1138.
+ - Fix a bug where bridge users who configure the non-canonical
+ address of a bridge automatically switch to its canonical
+ address. If a bridge listens at more than one address, it
+ should be able to advertise those addresses independently and
+ any non-blocked addresses should continue to work. Bugfix on Tor
+ 0.2.0.3-alpha. Fixes bug 2510.
+ - If you configure Tor to use bridge A, and then quit and
+ configure Tor to use bridge B instead (or if you change Tor
+ to use bridge B via the controller), it would happily continue
+ to use bridge A if it's still reachable. While this behavior is
+ a feature if your goal is connectivity, in some scenarios it's a
+ dangerous bug. Bugfix on Tor 0.2.0.1-alpha; fixes bug 2511.
+ - When the controller configures a new bridge, don't wait 10 to 60
+ seconds before trying to fetch its descriptor. Bugfix on
+ 0.2.0.3-alpha; fixes bug 3198 (suggested by 2355).
+
+ o Major bugfixes (directory authorities):
+ - Many relays have been falling out of the consensus lately because
+ not enough authorities know about their descriptor for them to get
+ a majority of votes. When we deprecated the v2 directory protocol,
+ we got rid of the only way that v3 authorities can hear from each
+ other about other descriptors. Now authorities examine every v3
+ vote for new descriptors, and fetch them from that authority. Bugfix
+ on 0.2.1.23.
+ - Authorities could be tricked into giving out the Exit flag to relays
+ that didn't allow exiting to any ports. This bug could screw
+ with load balancing and stats. Bugfix on 0.1.1.6-alpha; fixes bug
+ 1238. Bug discovered by Martin Kowalczyk.
+ - If all authorities restart at once right before a consensus vote,
+ nobody will vote about "Running", and clients will get a consensus
+ with no usable relays. Instead, authorities refuse to build a
+ consensus if this happens. Bugfix on 0.2.0.10-alpha; fixes bug 1066.
+
+ o Major bugfixes (stream-level fairness):
+ - When receiving a circuit-level SENDME for a blocked circuit, try
+ to package cells fairly from all the streams that had previously
+ been blocked on that circuit. Previously, we had started with the
+ oldest stream, and allowed each stream to potentially exhaust
+ the circuit's package window. This gave older streams on any
+ given circuit priority over newer ones. Fixes bug 1937. Detected
+ originally by Camilo Viecco. This bug was introduced before the
+ first Tor release, in svn commit r152: it is the new winner of
+ the longest-lived bug prize.
+ - Fix a stream fairness bug that would cause newer streams on a given
+ circuit to get preference when reading bytes from the origin or
+ destination. Fixes bug 2210. Fix by Mashael AlSabah. This bug was
+ introduced before the first Tor release, in svn revision r152.
+ - When the exit relay got a circuit-level sendme cell, it started
+ reading on the exit streams, even if had 500 cells queued in the
+ circuit queue already, so the circuit queue just grew and grew in
+ some cases. We fix this by not re-enabling reading on receipt of a
+ sendme cell when the cell queue is blocked. Fixes bug 1653. Bugfix
+ on 0.2.0.1-alpha. Detected by Mashael AlSabah. Original patch by
+ "yetonetime".
+ - Newly created streams were allowed to read cells onto circuits,
+ even if the circuit's cell queue was blocked and waiting to drain.
+ This created potential unfairness, as older streams would be
+ blocked, but newer streams would gladly fill the queue completely.
+ We add code to detect this situation and prevent any stream from
+ getting more than one free cell. Bugfix on 0.2.0.1-alpha. Partially
+ fixes bug 1298.
+
+ o Major bugfixes (hidden services):
+ - Apply circuit timeouts to opened hidden-service-related circuits
+ based on the correct start time. Previously, we would apply the
+ circuit build timeout based on time since the circuit's creation;
+ it was supposed to be applied based on time since the circuit
+ entered its current state. Bugfix on 0.0.6; fixes part of bug 1297.
+ - Improve hidden service robustness: When we find that we have
+ extended a hidden service's introduction circuit to a relay not
+ listed as an introduction point in the HS descriptor we currently
+ have, retry with an introduction point from the current
+ descriptor. Previously we would just give up. Fixes bugs 1024 and
+ 1930; bugfix on 0.2.0.10-alpha.
+ - Directory authorities now use data collected from their own
+ uptime observations when choosing whether to assign the HSDir flag
+ to relays, instead of trusting the uptime value the relay reports in
+ its descriptor. This change helps prevent an attack where a small
+ set of nodes with frequently-changing identity keys can blackhole
+ a hidden service. (Only authorities need upgrade; others will be
+ fine once they do.) Bugfix on 0.2.0.10-alpha; fixes bug 2709.
+ - Stop assigning the HSDir flag to relays that disable their
+ DirPort (and thus will refuse to answer directory requests). This
+ fix should dramatically improve the reachability of hidden services:
+ hidden services and hidden service clients pick six HSDir relays
+ to store and retrieve the hidden service descriptor, and currently
+ about half of the HSDir relays will refuse to work. Bugfix on
+ 0.2.0.10-alpha; fixes part of bug 1693.
+
+ o Major bugfixes (misc):
+ - Clients now stop trying to use an exit node associated with a given
+ destination by TrackHostExits if they fail to reach that exit node.
+ Fixes bug 2999. Bugfix on 0.2.0.20-rc.
+ - Fix a regression that caused Tor to rebind its ports if it receives
+ SIGHUP while hibernating. Bugfix in 0.1.1.6-alpha; closes bug 919.
+ - Remove an extra pair of quotation marks around the error
+ message in control-port STATUS_GENERAL BUG events. Bugfix on
+ 0.1.2.6-alpha; fixes bug 3732.
+
+ o Minor features (relays):
+ - Ensure that no empty [dirreq-](read|write)-history lines are added
+ to an extrainfo document. Implements ticket 2497.
+ - When bandwidth accounting is enabled, be more generous with how
+ much bandwidth we'll use up before entering "soft hibernation".
+ Previously, we'd refuse new connections and circuits once we'd
+ used up 95% of our allotment. Now, we use up 95% of our allotment,
+ AND make sure that we have no more than 500MB (or 3 hours of
+ expected traffic, whichever is lower) remaining before we enter
+ soft hibernation.
+ - Relays now log the reason for publishing a new relay descriptor,
+ so we have a better chance of hunting down instances of bug 1810.
+ Resolves ticket 3252.
+ - Log a little more clearly about the times at which we're no longer
+ accepting new connections (e.g. due to hibernating). Resolves
+ bug 2181.
+ - When AllowSingleHopExits is set, print a warning to explain to the
+ relay operator why most clients are avoiding her relay.
+ - Send END_STREAM_REASON_NOROUTE in response to EHOSTUNREACH errors.
+ Clients before 0.2.1.27 didn't handle NOROUTE correctly, but such
+ clients are already deprecated because of security bugs.
+
+ o Minor features (network statistics):
+ - Directory mirrors that set "DirReqStatistics 1" write statistics
+ about directory requests to disk every 24 hours. As compared to the
+ "--enable-geoip-stats" ./configure flag in 0.2.1.x, there are a few
+ improvements: 1) stats are written to disk exactly every 24 hours;
+ 2) estimated shares of v2 and v3 requests are determined as mean
+ values, not at the end of a measurement period; 3) unresolved
+ requests are listed with country code '??'; 4) directories also
+ measure download times.
+ - Exit nodes that set "ExitPortStatistics 1" write statistics on the
+ number of exit streams and transferred bytes per port to disk every
+ 24 hours.
+ - Relays that set "CellStatistics 1" write statistics on how long
+ cells spend in their circuit queues to disk every 24 hours.
+ - Entry nodes that set "EntryStatistics 1" write statistics on the
+ rough number and origins of connecting clients to disk every 24
+ hours.
+ - Relays that write any of the above statistics to disk and set
+ "ExtraInfoStatistics 1" include the past 24 hours of statistics in
+ their extra-info documents. Implements proposal 166.
+
+ o Minor features (GeoIP and statistics):
+ - Provide a log message stating which geoip file we're parsing
+ instead of just stating that we're parsing the geoip file.
+ Implements ticket 2432.
+ - Make sure every relay writes a state file at least every 12 hours.
+ Previously, a relay could go for weeks without writing its state
+ file, and on a crash could lose its bandwidth history, capacity
+ estimates, client country statistics, and so on. Addresses bug 3012.
+ - Relays report the number of bytes spent on answering directory
+ requests in extra-info descriptors similar to {read,write}-history.
+ Implements enhancement 1790.
+ - Report only the top 10 ports in exit-port stats in order not to
+ exceed the maximum extra-info descriptor length of 50 KB. Implements
+ task 2196.
+ - If writing the state file to disk fails, wait up to an hour before
+ retrying again, rather than trying again each second. Fixes bug
+ 2346; bugfix on Tor 0.1.1.3-alpha.
+ - Delay geoip stats collection by bridges for 6 hours, not 2 hours,
+ when we switch from being a public relay to a bridge. Otherwise
+ there will still be clients that see the relay in their consensus,
+ and the stats will end up wrong. Bugfix on 0.2.1.15-rc; fixes
+ bug 932.
+ - Update to the August 2 2011 Maxmind GeoLite Country database.
+
+ o Minor features (clients):
+ - When expiring circuits, use microsecond timers rather than
+ one-second timers. This can avoid an unpleasant situation where a
+ circuit is launched near the end of one second and expired right
+ near the beginning of the next, and prevent fluctuations in circuit
+ timeout values.
+ - If we've configured EntryNodes and our network goes away and/or all
+ our entrynodes get marked down, optimistically retry them all when
+ a new socks application request appears. Fixes bug 1882.
+ - Always perform router selections using weighted relay bandwidth,
+ even if we don't need a high capacity circuit at the time. Non-fast
+ circuits now only differ from fast ones in that they can use relays
+ not marked with the Fast flag. This "feature" could turn out to
+ be a horrible bug; we should investigate more before it goes into
+ a stable release.
+ - When we run out of directory information such that we can't build
+ circuits, but then get enough that we can build circuits, log when
+ we actually construct a circuit, so the user has a better chance of
+ knowing what's going on. Fixes bug 1362.
+ - Log SSL state transitions at debug level during handshake, and
+ include SSL states in error messages. This may help debug future
+ SSL handshake issues.
+
+ o Minor features (directory authorities):
+ - When a router changes IP address or port, authorities now launch
+ a new reachability test for it. Implements ticket 1899.
+ - Directory authorities now reject relays running any versions of
+ Tor between 0.2.1.3-alpha and 0.2.1.18 inclusive; they have
+ known bugs that keep RELAY_EARLY cells from working on rendezvous
+ circuits. Followup to fix for bug 2081.
+ - Directory authorities now reject relays running any version of Tor
+ older than 0.2.0.26-rc. That version is the earliest that fetches
+ current directory information correctly. Fixes bug 2156.
+ - Directory authorities now do an immediate reachability check as soon
+ as they hear about a new relay. This change should slightly reduce
+ the time between setting up a relay and getting listed as running
+ in the consensus. It should also improve the time between setting
+ up a bridge and seeing use by bridge users.
+ - Directory authorities no longer launch a TLS connection to every
+ relay as they startup. Now that we have 2k+ descriptors cached,
+ the resulting network hiccup is becoming a burden. Besides,
+ authorities already avoid voting about Running for the first half
+ hour of their uptime.
+ - Directory authorities now log the source of a rejected POSTed v3
+ networkstatus vote, so we can track failures better.
+ - Backport code from 0.2.3.x that allows directory authorities to
+ clean their microdescriptor caches. Needed to resolve bug 2230.
+
+ o Minor features (hidden services):
+ - Use computed circuit-build timeouts to decide when to launch
+ parallel introduction circuits for hidden services. (Previously,
+ we would retry after 15 seconds.)
+ - Don't allow v0 hidden service authorities to act as clients.
+ Required by fix for bug 3000.
+ - Ignore SIGNAL NEWNYM commands on relay-only Tor instances. Required
+ by fix for bug 3000.
+ - Make hidden services work better in private Tor networks by not
+ requiring any uptime to join the hidden service descriptor
+ DHT. Implements ticket 2088.
+ - Log (at info level) when purging pieces of hidden-service-client
+ state because of SIGNAL NEWNYM.
+
+ o Minor features (controller interface):
+ - New "GETINFO net/listeners/(type)" controller command to return
+ a list of addresses and ports that are bound for listeners for a
+ given connection type. This is useful when the user has configured
+ "SocksPort auto" and the controller needs to know which port got
+ chosen. Resolves another part of ticket 3076.
+ - Have the controller interface give a more useful message than
+ "Internal Error" in response to failed GETINFO requests.
+ - Add a TIMEOUT_RATE keyword to the BUILDTIMEOUT_SET control port
+ event, to give information on the current rate of circuit timeouts
+ over our stored history.
+ - The 'EXTENDCIRCUIT' control port command can now be used with
+ a circ id of 0 and no path. This feature will cause Tor to build
+ a new 'fast' general purpose circuit using its own path selection
+ algorithms.
+ - Added a BUILDTIMEOUT_SET controller event to describe changes
+ to the circuit build timeout.
+ - New controller command "getinfo config-text". It returns the
+ contents that Tor would write if you send it a SAVECONF command,
+ so the controller can write the file to disk itself.
+
+ o Minor features (controller protocol):
+ - Add a new ControlSocketsGroupWritable configuration option: when
+ it is turned on, ControlSockets are group-writeable by the default
+ group of the current user. Patch by Jérémy Bobbio; implements
+ ticket 2972.
+ - Tor now refuses to create a ControlSocket in a directory that is
+ world-readable (or group-readable if ControlSocketsGroupWritable
+ is 0). This is necessary because some operating systems do not
+ enforce permissions on an AF_UNIX sockets. Permissions on the
+ directory holding the socket, however, seems to work everywhere.
+ - Warn when CookieAuthFileGroupReadable is set but CookieAuthFile is
+ not. This would lead to a cookie that is still not group readable.
+ Closes bug 1843. Suggested by katmagic.
+ - Future-proof the controller protocol a bit by ignoring keyword
+ arguments we do not recognize.
+
+ o Minor features (more useful logging):
+ - Revise most log messages that refer to nodes by nickname to
+ instead use the "$key=nickname at address" format. This should be
+ more useful, especially since nicknames are less and less likely
+ to be unique. Resolves ticket 3045.
+ - When an HTTPS proxy reports "403 Forbidden", we now explain
+ what it means rather than calling it an unexpected status code.
+ Closes bug 2503. Patch from Michael Yakubovich.
+ - Rate-limit a warning about failures to download v2 networkstatus
+ documents. Resolves part of bug 1352.
+ - Rate-limit the "your application is giving Tor only an IP address"
+ warning. Addresses bug 2000; bugfix on 0.0.8pre2.
+ - Rate-limit "Failed to hand off onionskin" warnings.
+ - When logging a rate-limited warning, we now mention how many messages
+ got suppressed since the last warning.
+ - Make the formerly ugly "2 unknown, 7 missing key, 0 good, 0 bad,
+ 2 no signature, 4 required" messages about consensus signatures
+ easier to read, and make sure they get logged at the same severity
+ as the messages explaining which keys are which. Fixes bug 1290.
+ - Don't warn when we have a consensus that we can't verify because
+ of missing certificates, unless those certificates are ones
+ that we have been trying and failing to download. Fixes bug 1145.
+
+ o Minor features (log domains):
+ - Add documentation for configuring logging at different severities in
+ different log domains. We've had this feature since 0.2.1.1-alpha,
+ but for some reason it never made it into the manpage. Fixes
+ bug 2215.
+ - Make it simpler to specify "All log domains except for A and B".
+ Previously you needed to say "[*,~A,~B]". Now you can just say
+ "[~A,~B]".
+ - Add a "LogMessageDomains 1" option to include the domains of log
+ messages along with the messages. Without this, there's no way
+ to use log domains without reading the source or doing a lot
+ of guessing.
+ - Add a new "Handshake" log domain for activities that happen
+ during the TLS handshake.
+
+ o Minor features (build process):
+ - Make compilation with clang possible when using
+ "--enable-gcc-warnings" by removing two warning options that clang
+ hasn't implemented yet and by fixing a few warnings. Resolves
+ ticket 2696.
+ - Detect platforms that brokenly use a signed size_t, and refuse to
+ build there. Found and analyzed by doorss and rransom.
+ - Fix a bunch of compile warnings revealed by mingw with gcc 4.5.
+ Resolves bug 2314.
+ - Add support for statically linking zlib by specifying
+ "--enable-static-zlib", to go with our support for statically
+ linking openssl and libevent. Resolves bug 1358.
+ - Instead of adding the svn revision to the Tor version string, report
+ the git commit (when we're building from a git checkout).
+ - Rename the "log.h" header to "torlog.h" so as to conflict with fewer
+ system headers.
+ - New --digests command-line switch to output the digests of the
+ source files Tor was built with.
+ - Generate our manpage and HTML documentation using Asciidoc. This
+ change should make it easier to maintain the documentation, and
+ produce nicer HTML. The build process fails if asciidoc cannot
+ be found and building with asciidoc isn't disabled (via the
+ "--disable-asciidoc" argument to ./configure. Skipping the manpage
+ speeds up the build considerably.
+
+ o Minor features (options / torrc):
+ - Warn when the same option is provided more than once in a torrc
+ file, on the command line, or in a single SETCONF statement, and
+ the option is one that only accepts a single line. Closes bug 1384.
+ - Warn when the user configures two HiddenServiceDir lines that point
+ to the same directory. Bugfix on 0.0.6 (the version introducing
+ HiddenServiceDir); fixes bug 3289.
+ - Add new "perconnbwrate" and "perconnbwburst" consensus params to
+ do individual connection-level rate limiting of clients. The torrc
+ config options with the same names trump the consensus params, if
+ both are present. Replaces the old "bwconnrate" and "bwconnburst"
+ consensus params which were broken from 0.2.2.7-alpha through
+ 0.2.2.14-alpha. Closes bug 1947.
+ - New config option "WarnUnsafeSocks 0" disables the warning that
+ occurs whenever Tor receives a socks handshake using a version of
+ the socks protocol that can only provide an IP address (rather
+ than a hostname). Setups that do DNS locally over Tor are fine,
+ and we shouldn't spam the logs in that case.
+ - New config option "CircuitStreamTimeout" to override our internal
+ timeout schedule for how many seconds until we detach a stream from
+ a circuit and try a new circuit. If your network is particularly
+ slow, you might want to set this to a number like 60.
+ - New options for SafeLogging to allow scrubbing only log messages
+ generated while acting as a relay. Specify "SafeLogging relay" if
+ you want to ensure that only messages known to originate from
+ client use of the Tor process will be logged unsafely.
+ - Time and memory units in the configuration file can now be set to
+ fractional units. For example, "2.5 GB" is now a valid value for
+ AccountingMax.
+ - Support line continuations in the torrc config file. If a line
+ ends with a single backslash character, the newline is ignored, and
+ the configuration value is treated as continuing on the next line.
+ Resolves bug 1929.
+
+ o Minor features (unit tests):
+ - Revise our unit tests to use the "tinytest" framework, so we
+ can run tests in their own processes, have smarter setup/teardown
+ code, and so on. The unit test code has moved to its own
+ subdirectory, and has been split into multiple modules.
+ - Add a unit test for cross-platform directory-listing code.
+ - Add some forgotten return value checks during unit tests. Found
+ by coverity.
+ - Use GetTempDir to find the proper temporary directory location on
+ Windows when generating temporary files for the unit tests. Patch
+ by Gisle Vanem.
+
+ o Minor features (misc):
+ - The "torify" script now uses torsocks where available.
+ - Make Libevent log messages get delivered to controllers later,
+ and not from inside the Libevent log handler. This prevents unsafe
+ reentrant Libevent calls while still letting the log messages
+ get through.
+ - Certain Tor clients (such as those behind check.torproject.org) may
+ want to fetch the consensus in an extra early manner. To enable this
+ a user may now set FetchDirInfoExtraEarly to 1. This also depends on
+ setting FetchDirInfoEarly to 1. Previous behavior will stay the same
+ as only certain clients who must have this information sooner should
+ set this option.
+ - Expand homedirs passed to tor-checkkey. This should silence a
+ coverity complaint about passing a user-supplied string into
+ open() without checking it.
+ - Make sure to disable DirPort if running as a bridge. DirPorts aren't
+ used on bridges, and it makes bridge scanning somewhat easier.
+ - Create the /var/run/tor directory on startup on OpenSUSE if it is
+ not already created. Patch from Andreas Stieger. Fixes bug 2573.
+
+ o Minor bugfixes (relays):
+ - When a relay decides that its DNS is too broken for it to serve
+ as an exit server, it advertised itself as a non-exit, but
+ continued to act as an exit. This could create accidental
+ partitioning opportunities for users. Instead, if a relay is
+ going to advertise reject *:* as its exit policy, it should
+ really act with exit policy "reject *:*". Fixes bug 2366.
+ Bugfix on Tor 0.1.2.5-alpha. Bugfix by user "postman" on trac.
+ - Publish a router descriptor even if generating an extra-info
+ descriptor fails. Previously we would not publish a router
+ descriptor without an extra-info descriptor; this can cause fast
+ exit relays collecting exit-port statistics to drop from the
+ consensus. Bugfix on 0.1.2.9-rc; fixes bug 2195.
+ - When we're trying to guess whether we know our IP address as
+ a relay, we would log various ways that we failed to guess
+ our address, but never log that we ended up guessing it
+ successfully. Now add a log line to help confused and anxious
+ relay operators. Bugfix on 0.1.2.1-alpha; fixes bug 1534.
+ - For bandwidth accounting, calculate our expected bandwidth rate
+ based on the time during which we were active and not in
+ soft-hibernation during the last interval. Previously, we were
+ also considering the time spent in soft-hibernation. If this
+ was a long time, we would wind up underestimating our bandwidth
+ by a lot, and skewing our wakeup time towards the start of the
+ accounting interval. Fixes bug 1789. Bugfix on 0.0.9pre5.
+ - Demote a confusing TLS warning that relay operators might get when
+ someone tries to talk to their ORPort. It is not the operator's
+ fault, nor can they do anything about it. Fixes bug 1364; bugfix
+ on 0.2.0.14-alpha.
+ - Change "Application request when we're believed to be offline."
+ notice to "Application request when we haven't used client
+ functionality lately.", to clarify that it's not an error. Bugfix
+ on 0.0.9.3; fixes bug 1222.
+
+ o Minor bugfixes (bridges):
+ - When a client starts or stops using bridges, never use a circuit
+ that was built before the configuration change. This behavior could
+ put at risk a user who uses bridges to ensure that her traffic
+ only goes to the chosen addresses. Bugfix on 0.2.0.3-alpha; fixes
+ bug 3200.
+ - Do not reset the bridge descriptor download status every time we
+ re-parse our configuration or get a configuration change. Fixes
+ bug 3019; bugfix on 0.2.0.3-alpha.
+ - Users couldn't configure a regular relay to be their bridge. It
+ didn't work because when Tor fetched the bridge descriptor, it found
+ that it already had it, and didn't realize that the purpose of the
+ descriptor had changed. Now we replace routers with a purpose other
+ than bridge with bridge descriptors when fetching them. Bugfix on
+ 0.1.1.9-alpha. Fixes bug 1776.
+ - In the special case where you configure a public exit relay as your
+ bridge, Tor would be willing to use that exit relay as the last
+ hop in your circuit as well. Now we fail that circuit instead.
+ Bugfix on 0.2.0.12-alpha. Fixes bug 2403. Reported by "piebeer".
+
+ o Minor bugfixes (clients):
+ - We now ask the other side of a stream (the client or the exit)
+ for more data on that stream when the amount of queued data on
+ that stream dips low enough. Previously, we wouldn't ask the
+ other side for more data until either it sent us more data (which
+ it wasn't supposed to do if it had exhausted its window!) or we
+ had completely flushed all our queued data. This flow control fix
+ should improve throughput. Fixes bug 2756; bugfix on the earliest
+ released versions of Tor (svn commit r152).
+ - When a client finds that an origin circuit has run out of 16-bit
+ stream IDs, we now mark it as unusable for new streams. Previously,
+ we would try to close the entire circuit. Bugfix on 0.0.6.
+ - Make it explicit that we don't cannibalize one-hop circuits. This
+ happens in the wild, but doesn't turn out to be a problem because
+ we fortunately don't use those circuits. Many thanks to outofwords
+ for the initial analysis and to swissknife who confirmed that
+ two-hop circuits are actually created.
+ - Resolve an edge case in path weighting that could make us misweight
+ our relay selection. Fixes bug 1203; bugfix on 0.0.8rc1.
+ - Make the DNSPort option work with libevent 2.x. Don't alter the
+ behaviour for libevent 1.x. Fixes bug 1143. Found by SwissTorExit.
+
+ o Minor bugfixes (directory authorities):
+ - Make directory authorities more accurate at recording when
+ relays that have failed several reachability tests became
+ unreachable, so we can provide more accuracy at assigning Stable,
+ Guard, HSDir, etc flags. Bugfix on 0.2.0.6-alpha. Resolves bug 2716.
+ - Directory authorities are now more robust to hops back in time
+ when calculating router stability. Previously, if a run of uptime
+ or downtime appeared to be negative, the calculation could give
+ incorrect results. Bugfix on 0.2.0.6-alpha; noticed when fixing
+ bug 1035.
+ - Directory authorities will now attempt to download consensuses
+ if their own efforts to make a live consensus have failed. This
+ change means authorities that restart will fetch a valid
+ consensus, and it means authorities that didn't agree with the
+ current consensus will still fetch and serve it if it has enough
+ signatures. Bugfix on 0.2.0.9-alpha; fixes bug 1300.
+ - Never vote for a server as "Running" if we have a descriptor for
+ it claiming to be hibernating, and that descriptor was published
+ more recently than our last contact with the server. Bugfix on
+ 0.2.0.3-alpha; fixes bug 911.
+ - Directory authorities no longer change their opinion of, or vote on,
+ whether a router is Running, unless they have themselves been
+ online long enough to have some idea. Bugfix on 0.2.0.6-alpha.
+ Fixes bug 1023.
+
+ o Minor bugfixes (hidden services):
+ - Log malformed requests for rendezvous descriptors as protocol
+ warnings, not warnings. Also, use a more informative log message
+ in case someone sees it at log level warning without prior
+ info-level messages. Fixes bug 2748; bugfix on 0.2.0.10-alpha.
+ - Accept hidden service descriptors if we think we might be a hidden
+ service directory, regardless of what our consensus says. This
+ helps robustness, since clients and hidden services can sometimes
+ have a more up-to-date view of the network consensus than we do,
+ and if they think that the directory authorities list us a HSDir,
+ we might actually be one. Related to bug 2732; bugfix on
+ 0.2.0.10-alpha.
+ - Correct the warning displayed when a rendezvous descriptor exceeds
+ the maximum size. Fixes bug 2750; bugfix on 0.2.1.5-alpha. Found by
+ John Brooks.
+ - Clients and hidden services now use HSDir-flagged relays for hidden
+ service descriptor downloads and uploads even if the relays have no
+ DirPort set and the client has disabled TunnelDirConns. This will
+ eventually allow us to give the HSDir flag to relays with no
+ DirPort. Fixes bug 2722; bugfix on 0.2.1.6-alpha.
+ - Only limit the lengths of single HS descriptors, even when multiple
+ HS descriptors are published to an HSDir relay in a single POST
+ operation. Fixes bug 2948; bugfix on 0.2.1.5-alpha. Found by hsdir.
+
+ o Minor bugfixes (controllers):
+ - Allow GETINFO fingerprint to return a fingerprint even when
+ we have not yet built a router descriptor. Fixes bug 3577;
+ bugfix on 0.2.0.1-alpha.
+ - Send a SUCCEEDED stream event to the controller when a reverse
+ resolve succeeded. Fixes bug 3536; bugfix on 0.0.8pre1. Issue
+ discovered by katmagic.
+ - Remove a trailing asterisk from "exit-policy/default" in the
+ output of the control port command "GETINFO info/names". Bugfix
+ on 0.1.2.5-alpha.
+ - Make the SIGNAL DUMP controller command work on FreeBSD. Fixes bug
+ 2917. Bugfix on 0.1.1.1-alpha.
+ - When we restart our relay, we might get a successful connection
+ from the outside before we've started our reachability tests,
+ triggering a warning: "ORPort found reachable, but I have no
+ routerinfo yet. Failing to inform controller of success." This
+ bug was harmless unless Tor is running under a controller
+ like Vidalia, in which case the controller would never get a
+ REACHABILITY_SUCCEEDED status event. Bugfix on 0.1.2.6-alpha;
+ fixes bug 1172.
+ - When a controller changes TrackHostExits, remove mappings for
+ hosts that should no longer have their exits tracked. Bugfix on
+ 0.1.0.1-rc.
+ - When a controller changes VirtualAddrNetwork, remove any mappings
+ for hosts that were automapped to the old network. Bugfix on
+ 0.1.1.19-rc.
+ - When a controller changes one of the AutomapHosts* options, remove
+ any mappings for hosts that should no longer be automapped. Bugfix
+ on 0.2.0.1-alpha.
+ - Fix an off-by-one error in calculating some controller command
+ argument lengths. Fortunately, this mistake is harmless since
+ the controller code does redundant NUL termination too. Found by
+ boboper. Bugfix on 0.1.1.1-alpha.
+ - Fix a bug in the controller interface where "GETINFO ns/asdaskljkl"
+ would return "551 Internal error" rather than "552 Unrecognized key
+ ns/asdaskljkl". Bugfix on 0.1.2.3-alpha.
+ - Don't spam the controller with events when we have no file
+ descriptors available. Bugfix on 0.2.1.5-alpha. (Rate-limiting
+ for log messages was already solved from bug 748.)
+ - Emit a GUARD DROPPED controller event for a case we missed.
+ - Ensure DNS requests launched by "RESOLVE" commands from the
+ controller respect the __LeaveStreamsUnattached setconf options. The
+ same goes for requests launched via DNSPort or transparent
+ proxying. Bugfix on 0.2.0.1-alpha; fixes bug 1525.
+
+ o Minor bugfixes (config options):
+ - Tor used to limit HttpProxyAuthenticator values to 48 characters.
+ Change the limit to 512 characters by removing base64 newlines.
+ Fixes bug 2752. Fix by Michael Yakubovich.
+ - Complain if PublishServerDescriptor is given multiple arguments that
+ include 0 or 1. This configuration will be rejected in the future.
+ Bugfix on 0.2.0.1-alpha; closes bug 1107.
+ - Disallow BridgeRelay 1 and ORPort 0 at once in the configuration.
+ Bugfix on 0.2.0.13-alpha; closes bug 928.
+
+ o Minor bugfixes (log subsystem fixes):
+ - When unable to format an address as a string, report its value
+ as "???" rather than reusing the last formatted address. Bugfix
+ on 0.2.1.5-alpha.
+ - Be more consistent in our treatment of file system paths. "~" should
+ get expanded to the user's home directory in the Log config option.
+ Fixes bug 2971; bugfix on 0.2.0.1-alpha, which introduced the
+ feature for the -f and --DataDirectory options.
+
+ o Minor bugfixes (memory management):
+ - Don't stack-allocate the list of supplementary GIDs when we're
+ about to log them. Stack-allocating NGROUPS_MAX gid_t elements
+ could take up to 256K, which is way too much stack. Found by
+ Coverity; CID #450. Bugfix on 0.2.1.7-alpha.
+ - Save a couple bytes in memory allocation every time we escape
+ certain characters in a string. Patch from Florian Zumbiehl.
+
+ o Minor bugfixes (protocol correctness):
+ - When checking for 1024-bit keys, check for 1024 bits, not 128
+ bytes. This allows Tor to correctly discard keys of length 1017
+ through 1023. Bugfix on 0.0.9pre5.
+ - Require that introduction point keys and onion handshake keys
+ have a public exponent of 65537. Starts to fix bug 3207; bugfix
+ on 0.2.0.10-alpha.
+ - Handle SOCKS messages longer than 128 bytes long correctly, rather
+ than waiting forever for them to finish. Fixes bug 2330; bugfix
+ on 0.2.0.16-alpha. Found by doorss.
+ - Never relay a cell for a circuit we have already destroyed.
+ Between marking a circuit as closeable and finally closing it,
+ it may have been possible for a few queued cells to get relayed,
+ even though they would have been immediately dropped by the next
+ OR in the circuit. Fixes bug 1184; bugfix on 0.2.0.1-alpha.
+ - Never queue a cell for a circuit that's already been marked
+ for close.
+ - Fix a spec conformance issue: the network-status-version token
+ must be the first token in a v3 consensus or vote. Discovered by
+ "parakeep". Bugfix on 0.2.0.3-alpha.
+ - A networkstatus vote must contain exactly one signature. Spec
+ conformance issue. Bugfix on 0.2.0.3-alpha.
+ - When asked about a DNS record type we don't support via a
+ client DNSPort, reply with NOTIMPL rather than an empty
+ reply. Patch by intrigeri. Fixes bug 3369; bugfix on 2.0.1-alpha.
+ - Make more fields in the controller protocol case-insensitive, since
+ control-spec.txt said they were.
+
+ o Minor bugfixes (log messages):
+ - Fix a log message that said "bits" while displaying a value in
+ bytes. Found by wanoskarnet. Fixes bug 3318; bugfix on
+ 0.2.0.1-alpha.
+ - Downgrade "no current certificates known for authority" message from
+ Notice to Info. Fixes bug 2899; bugfix on 0.2.0.10-alpha.
+ - Correctly describe errors that occur when generating a TLS object.
+ Previously we would attribute them to a failure while generating a
+ TLS context. Patch by Robert Ransom. Bugfix on 0.1.0.4-rc; fixes
+ bug 1994.
+ - Fix an instance where a Tor directory mirror might accidentally
+ log the IP address of a misbehaving Tor client. Bugfix on
+ 0.1.0.1-rc.
+ - Stop logging at severity 'warn' when some other Tor client tries
+ to establish a circuit with us using weak DH keys. It's a protocol
+ violation, but that doesn't mean ordinary users need to hear about
+ it. Fixes the bug part of bug 1114. Bugfix on 0.1.0.13.
+ - If your relay can't keep up with the number of incoming create
+ cells, it would log one warning per failure into your logs. Limit
+ warnings to 1 per minute. Bugfix on 0.0.2pre10; fixes bug 1042.
+
+ o Minor bugfixes (build fixes):
+ - Fix warnings from GCC 4.6's "-Wunused-but-set-variable" option.
+ - When warning about missing zlib development packages during compile,
+ give the correct package names. Bugfix on 0.2.0.1-alpha.
+ - Fix warnings that newer versions of autoconf produce during
+ ./autogen.sh. These warnings appear to be harmless in our case,
+ but they were extremely verbose. Fixes bug 2020.
+ - Squash a compile warning on OpenBSD. Reported by Tas; fixes
+ bug 1848.
+
+ o Minor bugfixes (portability):
+ - Write several files in text mode, on OSes that distinguish text
+ mode from binary mode (namely, Windows). These files are:
+ 'buffer-stats', 'dirreq-stats', and 'entry-stats' on relays
+ that collect those statistics; 'client_keys' and 'hostname' for
+ hidden services that use authentication; and (in the tor-gencert
+ utility) newly generated identity and signing keys. Previously,
+ we wouldn't specify text mode or binary mode, leading to an
+ assertion failure. Fixes bug 3607. Bugfix on 0.2.1.1-alpha (when
+ the DirRecordUsageByCountry option which would have triggered
+ the assertion failure was added), although this assertion failure
+ would have occurred in tor-gencert on Windows in 0.2.0.1-alpha.
+ - Selectively disable deprecation warnings on OS X because Lion
+ started deprecating the shipped copy of openssl. Fixes bug 3643.
+ - Use a wide type to hold sockets when built for 64-bit Windows.
+ Fixes bug 3270.
+ - Fix an issue that prevented static linking of libevent on
+ some platforms (notably Linux). Fixes bug 2698; bugfix on 0.2.1.23,
+ where we introduced the "--with-static-libevent" configure option.
+ - Fix a bug with our locking implementation on Windows that couldn't
+ correctly detect when a file was already locked. Fixes bug 2504,
+ bugfix on 0.2.1.6-alpha.
+ - Build correctly on OSX with zlib 1.2.4 and higher with all warnings
+ enabled.
+ - Fix IPv6-related connect() failures on some platforms (BSD, OS X).
+ Bugfix on 0.2.0.3-alpha; fixes first part of bug 2660. Patch by
+ "piebeer".
+
+ o Minor bugfixes (code correctness):
+ - Always NUL-terminate the sun_path field of a sockaddr_un before
+ passing it to the kernel. (Not a security issue: kernels are
+ smart enough to reject bad sockaddr_uns.) Found by Coverity;
+ CID #428. Bugfix on Tor 0.2.0.3-alpha.
+ - Make connection_printf_to_buf()'s behaviour sane. Its callers
+ expect it to emit a CRLF iff the format string ends with CRLF;
+ it actually emitted a CRLF iff (a) the format string ended with
+ CRLF or (b) the resulting string was over 1023 characters long or
+ (c) the format string did not end with CRLF *and* the resulting
+ string was 1021 characters long or longer. Bugfix on 0.1.1.9-alpha;
+ fixes part of bug 3407.
+ - Make send_control_event_impl()'s behaviour sane. Its callers
+ expect it to always emit a CRLF at the end of the string; it
+ might have emitted extra control characters as well. Bugfix on
+ 0.1.1.9-alpha; fixes another part of bug 3407.
+ - Make crypto_rand_int() check the value of its input correctly.
+ Previously, it accepted values up to UINT_MAX, but could return a
+ negative number if given a value above INT_MAX+1. Found by George
+ Kadianakis. Fixes bug 3306; bugfix on 0.2.2pre14.
+ - Fix a potential null-pointer dereference while computing a
+ consensus. Bugfix on tor-0.2.0.3-alpha, found with the help of
+ clang's analyzer.
+ - If we fail to compute the identity digest of a v3 legacy keypair,
+ warn, and don't use a buffer-full of junk instead. Bugfix on
+ 0.2.1.1-alpha; fixes bug 3106.
+ - Resolve an untriggerable issue in smartlist_string_num_isin(),
+ where if the function had ever in the future been used to check
+ for the presence of a too-large number, it would have given an
+ incorrect result. (Fortunately, we only used it for 16-bit
+ values.) Fixes bug 3175; bugfix on 0.1.0.1-rc.
+ - Be more careful about reporting the correct error from a failed
+ connect() system call. Under some circumstances, it was possible to
+ look at an incorrect value for errno when sending the end reason.
+ Bugfix on 0.1.0.1-rc.
+ - Correctly handle an "impossible" overflow cases in connection byte
+ counting, where we write or read more than 4GB on an edge connection
+ in a single second. Bugfix on 0.1.2.8-beta.
+ - Avoid a double mark-for-free warning when failing to attach a
+ transparent proxy connection. Bugfix on 0.1.2.1-alpha. Fixes
+ bug 2279.
+ - Correctly detect failure to allocate an OpenSSL BIO. Fixes bug 2378;
+ found by "cypherpunks". This bug was introduced before the first
+ Tor release, in svn commit r110.
+ - Fix a bug in bandwidth history state parsing that could have been
+ triggered if a future version of Tor ever changed the timing
+ granularity at which bandwidth history is measured. Bugfix on
+ Tor 0.1.1.11-alpha.
+ - Add assertions to check for overflow in arguments to
+ base32_encode() and base32_decode(); fix a signed-unsigned
+ comparison there too. These bugs are not actually reachable in Tor,
+ but it's good to prevent future errors too. Found by doorss.
+ - Avoid a bogus overlapped memcpy in tor_addr_copy(). Reported by
+ "memcpyfail".
+ - Set target port in get_interface_address6() correctly. Bugfix
+ on 0.1.1.4-alpha and 0.2.0.3-alpha; fixes second part of bug 2660.
+ - Fix an impossible-to-actually-trigger buffer overflow in relay
+ descriptor generation. Bugfix on 0.1.0.15.
+ - Fix numerous small code-flaws found by Coverity Scan Rung 3.
+
+ o Minor bugfixes (code improvements):
+ - After we free an internal connection structure, overwrite it
+ with a different memory value than we use for overwriting a freed
+ internal circuit structure. Should help with debugging. Suggested
+ by bug 1055.
+ - If OpenSSL fails to make a duplicate of a private or public key, log
+ an error message and try to exit cleanly. May help with debugging
+ if bug 1209 ever remanifests.
+ - Some options used different conventions for uppercasing of acronyms
+ when comparing manpage and source. Fix those in favor of the
+ manpage, as it makes sense to capitalize acronyms.
+ - Take a first step towards making or.h smaller by splitting out
+ function definitions for all source files in src/or/. Leave
+ structures and defines in or.h for now.
+ - Remove a few dead assignments during router parsing. Found by
+ coverity.
+ - Don't use 1-bit wide signed bit fields. Found by coverity.
+ - Avoid signed/unsigned comparisons by making SIZE_T_CEILING unsigned.
+ None of the cases where we did this before were wrong, but by making
+ this change we avoid warnings. Fixes bug 2475; bugfix on 0.2.1.28.
+ - The memarea code now uses a sentinel value at the end of each area
+ to make sure nothing writes beyond the end of an area. This might
+ help debug some conceivable causes of bug 930.
+ - Always treat failure to allocate an RSA key as an unrecoverable
+ allocation error.
+ - Add some more defensive programming for architectures that can't
+ handle unaligned integer accesses. We don't know of any actual bugs
+ right now, but that's the best time to fix them. Fixes bug 1943.
+
+ o Minor bugfixes (misc):
+ - Fix a rare bug in rend_fn unit tests: we would fail a test when
+ a randomly generated port is 0. Diagnosed by Matt Edman. Bugfix
+ on 0.2.0.10-alpha; fixes bug 1808.
+ - Where available, use Libevent 2.0's periodic timers so that our
+ once-per-second cleanup code gets called even more closely to
+ once per second than it would otherwise. Fixes bug 943.
+ - Ignore OutboundBindAddress when connecting to localhost.
+ Connections to localhost need to come _from_ localhost, or else
+ local servers (like DNS and outgoing HTTP/SOCKS proxies) will often
+ refuse to listen.
+ - Update our OpenSSL 0.9.8l fix so that it works with OpenSSL 0.9.8m
+ too.
+ - If any of the v3 certs we download are unparseable, we should
+ actually notice the failure so we don't retry indefinitely. Bugfix
+ on 0.2.0.x; reported by "rotator".
+ - When Tor fails to parse a descriptor of any kind, dump it to disk.
+ Might help diagnosing bug 1051.
+ - Make our 'torify' script more portable; if we have only one of
+ 'torsocks' or 'tsocks' installed, don't complain to the user;
+ and explain our warning about tsocks better.
+ - Fix some urls in the exit notice file and make it XHTML1.1 strict
+ compliant. Based on a patch from Christian Kujau.
+
+ o Documentation changes:
+ - Modernize the doxygen configuration file slightly. Fixes bug 2707.
+ - Resolve all doxygen warnings except those for missing documentation.
+ Fixes bug 2705.
+ - Add doxygen documentation for more functions, fields, and types.
+ - Convert the HACKING file to asciidoc, and add a few new sections
+ to it, explaining how we use Git, how we make changelogs, and
+ what should go in a patch.
+ - Document the default socks host and port (127.0.0.1:9050) for
+ tor-resolve.
+ - Removed some unnecessary files from the source distribution. The
+ AUTHORS file has now been merged into the people page on the
+ website. The roadmaps and design doc can now be found in the
+ projects directory in svn.
+
+ o Deprecated and removed features (config):
+ - Remove the torrc.complete file. It hasn't been kept up to date
+ and users will have better luck checking out the manpage.
+ - Remove the HSAuthorityRecordStats option that version 0 hidden
+ service authorities could use to track statistics of overall v0
+ hidden service usage.
+ - Remove the obsolete "NoPublish" option; it has been flagged
+ as obsolete and has produced a warning since 0.1.1.18-rc.
+ - Caches no longer download and serve v2 networkstatus documents
+ unless FetchV2Networkstatus flag is set: these documents haven't
+ haven't been used by clients or relays since 0.2.0.x. Resolves
+ bug 3022.
+
+ o Deprecated and removed features (controller):
+ - The controller no longer accepts the old obsolete "addr-mappings/"
+ or "unregistered-servers-" GETINFO values.
+ - The EXTENDED_EVENTS and VERBOSE_NAMES controller features are now
+ always on; using them is necessary for correct forward-compatible
+ controllers.
+
+ o Deprecated and removed features (misc):
+ - Hidden services no longer publish version 0 descriptors, and clients
+ do not request or use version 0 descriptors. However, the old hidden
+ service authorities still accept and serve version 0 descriptors
+ when contacted by older hidden services/clients.
+ - Remove undocumented option "-F" from tor-resolve: it hasn't done
+ anything since 0.2.1.16-rc.
+ - Remove everything related to building the expert bundle for OS X.
+ It has confused many users, doesn't work right on OS X 10.6,
+ and is hard to get rid of once installed. Resolves bug 1274.
+ - Remove support for .noconnect style addresses. Nobody was using
+ them, and they provided another avenue for detecting Tor users
+ via application-level web tricks.
+ - When we fixed bug 1038 we had to put in a restriction not to send
+ RELAY_EARLY cells on rend circuits. This was necessary as long
+ as relays using Tor 0.2.1.3-alpha through 0.2.1.18-alpha were
+ active. Now remove this obsolete check. Resolves bug 2081.
+ - Remove workaround code to handle directory responses from servers
+ that had bug 539 (they would send HTTP status 503 responses _and_
+ send a body too). Since only server versions before
+ 0.2.0.16-alpha/0.1.2.19 were affected, there is no longer reason to
+ keep the workaround in place.
+ - Remove the old 'fuzzy time' logic. It was supposed to be used for
+ handling calculations where we have a known amount of clock skew and
+ an allowed amount of unknown skew. But we only used it in three
+ places, and we never adjusted the known/unknown skew values. This is
+ still something we might want to do someday, but if we do, we'll
+ want to do it differently.
+ - Remove the "--enable-iphone" option to ./configure. According to
+ reports from Marco Bonetti, Tor builds fine without any special
+ tweaking on recent iPhone SDK versions.
+
+-------------------------------------------------------------------
old:
----
tor-0.2.1.30.tar.bz2
tor_initscript.patch
new:
----
tor-0.2.2.35.tar.bz2
spec files:
-----------
--- tor.spec
+++ tor.spec
@@ -1,15 +1,29 @@
-# norootforbuild
+#
+# spec file for package tor
+#
+# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via http://bugs.opensuse.org/
+#
Name: tor
-Version: 0.2.1.30
-Release: 1
+Version: 0.2.2.35
+Release: 0
BuildRoot: %{_tmppath}/%{name}-%{version}-build
-License: 3-clause BSD
Summary: Anonymizing overlay network for TCP (The onion router)
-URL: https://www.torproject.org/
+License: BSD-3-Clause
Group: Productivity/Networking/Security
+Url: https://www.torproject.org/
Source: %{name}-%{version}.tar.bz2
-Patch0: tor_initscript.patch
Requires: logrotate
BuildRequires: openssl-devel
%if 0%{?suse_version} > 1100
@@ -18,7 +32,6 @@
BuildRequires: libevent
%endif
-
%define toruser %{name}
%define torgroup %{name}
%define home_dir /var/lib/empty
@@ -48,12 +61,12 @@
%prep
%setup -q
-%patch0
%build
%configure \
--with-tor-user=%{toruser} \
- --with-tor-group=%{torgroup}
+ --with-tor-group=%{torgroup} \
+ --docdir=%{_docdir}/%{name}
%__make %{?jobs:-j%{jobs}}
@@ -103,7 +116,7 @@
%files
%defattr(-,root,root)
-%doc AUTHORS INSTALL LICENSE README ChangeLog doc/HACKING doc/TODO
+%doc LICENSE README ChangeLog doc/HACKING doc/TODO doc/*.html
%doc %{_mandir}/man*/*
%{_bindir}/%{name}
%{_bindir}/%{name}ctl
other changes:
--------------
++++++ tor-0.2.1.30.tar.bz2 -> tor-0.2.2.35.tar.bz2
(198859 lines skipped)
++++++ deleted files:
--- tor_initscript.patch
To REVIEW against the previous version:
osc request show --diff 98574
To ACCEPT the request:
osc request accept 98574 --message="reviewed ok."
To DECLINE the request:
osc request decline 98574 --message="declined for reason xyz (see ... for background / policy / ...)."
To REVOKE the request:
osc request revoke 98574 --message="retracted because ..., sorry / thx / see better version ..."
--
Hermes messaging (http://hermes.opensuse.org)
openSUSE Build Service (https://build.opensuse.org/)
Collaboration: http://en.opensuse.org/Build_Service/Collaboration
--
To unsubscribe, e-mail: opensuse-contrib+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-contrib+owner(a)opensuse.org
1
0
[obs submit-request 98573] openSUSE:11.3:Contrib/tor: created by AndreasStieger
by andreas.stieger@gmx.de 03 Jan '12
by andreas.stieger@gmx.de 03 Jan '12
03 Jan '12
home:AndreasStieger:branches:openSUSE:11.3:Contrib/tor -> openSUSE:11.3:Contrib/tor
https://build.opensuse.org/request/show/98573
Description: - update to upstream 0.2.2.35, which is the current stable and maintained version
- add CVE references in changelog, fixing bug #739133
changes files:
--------------
--- tor.changes
+++ tor.changes
@@ -1,0 +2,1586 @@
+Mon Jan 2 16:51:20 UTC 2012 - andreas.stieger(a)gmx.de
+
+- add CVE references in changelog, fixing bug #739133
+
+-------------------------------------------------------------------
+Fri Dec 16 20:37:05 UTC 2011 - andreas.stieger(a)gmx.de
+
+- update to upstream 0.2.2.35, which fixes a critical heap-overflow
+ security issue: CVE-2011-2778 For a full list of changes, see:
+ https://gitweb.torproject.org/tor.git/blob_plain/release-0.2.2:/ReleaseNotes
+
+------------------------------------------------------------------
+Mon Dec 12 15:42:09 UTC 2011 - cfarrell(a)suse.com
+
+- license update: BSD-3-Clause
+ SPDX format
+
+-------------------------------------------------------------------
+Sun Dec 11 18:42:57 UTC 2011 - andreas.stieger(a)gmx.de
+
+- fix factory warning by removing INSTALL file from docs dir
+
+-------------------------------------------------------------------
+Sun Dec 11 17:11:11 UTC 2011 - andreas.stieger(a)gmx.de
+
+- format spec file to include copyright notice
+ package is based on a former package in SUSE/openSUSE
+
+-------------------------------------------------------------------
+Sun Dec 11 12:37:14 UTC 2011 - andreas.stieger(a)gmx.de
+
+- update license from "3-clause BSD" to "BSD3c"
+
+-------------------------------------------------------------------
+Fri Oct 28 19:49:39 UTC 2011 - andreas.stieger(a)gmx.de
+
+- update to upstream 0.2.2.34
+- fixes CVE-2011-4895 Tor Bridge circuit building information disclosure
+- fixes CVE-2011-4894 Tor DirPort information disclosure
+
+Changes in version 0.2.2.34 - 2011-10-26
+ Tor 0.2.2.34 fixes a critical anonymity vulnerability where an attacker
+ can deanonymize Tor users. Everybody should upgrade.
+
+ The attack relies on four components: 1) Clients reuse their TLS cert
+ when talking to different relays, so relays can recognize a user by
+ the identity key in her cert. 2) An attacker who knows the client's
+ identity key can probe each guard relay to see if that identity key
+ is connected to that guard relay right now. 3) A variety of active
+ attacks in the literature (starting from "Low-Cost Traffic Analysis
+ of Tor" by Murdoch and Danezis in 2005) allow a malicious website to
+ discover the guard relays that a Tor user visiting the website is using.
+ 4) Clients typically pick three guards at random, so the set of guards
+ for a given user could well be a unique fingerprint for her. This
+ release fixes components #1 and #2, which is enough to block the attack;
+ the other two remain as open research problems. Special thanks to
+ "frosty_un" for reporting the issue to us!
+
+ Clients should upgrade so they are no longer recognizable by the TLS
+ certs they present. Relays should upgrade so they no longer allow a
+ remote attacker to probe them to test whether unpatched clients are
+ currently connected to them.
+
+ This release also fixes several vulnerabilities that allow an attacker
+ to enumerate bridge relays. Some bridge enumeration attacks still
+ remain; see for example proposal 188.
+
+ o Privacy/anonymity fixes (clients):
+ - Clients and bridges no longer send TLS certificate chains on
+ outgoing OR connections. Previously, each client or bridge would
+ use the same cert chain for all outgoing OR connections until
+ its IP address changes, which allowed any relay that the client
+ or bridge contacted to determine which entry guards it is using.
+ Fixes CVE-2011-2768. Bugfix on 0.0.9pre5; found by "frosty_un".
+ - If a relay receives a CREATE_FAST cell on a TLS connection, it
+ no longer considers that connection as suitable for satisfying a
+ circuit EXTEND request. Now relays can protect clients from the
+ CVE-2011-2768 issue even if the clients haven't upgraded yet.
+ - Directory authorities no longer assign the Guard flag to relays
+ that haven't upgraded to the above "refuse EXTEND requests
+ to client connections" fix. Now directory authorities can
+ protect clients from the CVE-2011-2768 issue even if neither
+ the clients nor the relays have upgraded yet. There's a new
+ "GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays" config option
+ to let us transition smoothly, else tomorrow there would be no
+ guard relays.
+
+ o Privacy/anonymity fixes (bridge enumeration):
+ - Bridge relays now do their directory fetches inside Tor TLS
+ connections, like all the other clients do, rather than connecting
+ directly to the DirPort like public relays do. Removes another
+ avenue for enumerating bridges. Fixes bug 4115; bugfix on 0.2.0.35.
+ - Bridges relays now build circuits for themselves in a more similar
+ way to how clients build them. Removes another avenue for
+ enumerating bridges. Fixes bug 4124; bugfix on 0.2.0.3-alpha,
+ when bridges were introduced.
+ - Bridges now refuse CREATE or CREATE_FAST cells on OR connections
+ that they initiated. Relays could distinguish incoming bridge
+ connections from client connections, creating another avenue for
+ enumerating bridges. Fixes CVE-2011-2769. Bugfix on 0.2.0.3-alpha.
+ Found by "frosty_un".
+
+ o Major bugfixes:
+ - Fix a crash bug when changing node restrictions while a DNS lookup
+ is in-progress. Fixes bug 4259; bugfix on 0.2.2.25-alpha. Bugfix
+ by "Tey'".
+ - Don't launch a useless circuit after failing to use one of a
+ hidden service's introduction points. Previously, we would
+ launch a new introduction circuit, but not set the hidden service
+ which that circuit was intended to connect to, so it would never
+ actually be used. A different piece of code would then create a
+ new introduction circuit correctly. Bug reported by katmagic and
+ found by Sebastian Hahn. Bugfix on 0.2.1.13-alpha; fixes bug 4212.
+
+ o Minor bugfixes:
+ - Change an integer overflow check in the OpenBSD_Malloc code so
+ that GCC is less likely to eliminate it as impossible. Patch
+ from Mansour Moufid. Fixes bug 4059.
+ - When a hidden service turns an extra service-side introduction
+ circuit into a general-purpose circuit, free the rend_data and
+ intro_key fields first, so we won't leak memory if the circuit
+ is cannibalized for use as another service-side introduction
+ circuit. Bugfix on 0.2.1.7-alpha; fixes bug 4251.
+ - Bridges now skip DNS self-tests, to act a little more stealthily.
+ Fixes bug 4201; bugfix on 0.2.0.3-alpha, which first introduced
+ bridges. Patch by "warms0x".
+ - Fix internal bug-checking logic that was supposed to catch
+ failures in digest generation so that it will fail more robustly
+ if we ask for a nonexistent algorithm. Found by Coverity Scan.
+ Bugfix on 0.2.2.1-alpha; fixes Coverity CID 479.
+ - Report any failure in init_keys() calls launched because our
+ IP address has changed. Spotted by Coverity Scan. Bugfix on
+ 0.1.1.4-alpha; fixes CID 484.
+
+ o Minor bugfixes (log messages and documentation):
+ - Remove a confusing dollar sign from the example fingerprint in the
+ man page, and also make the example fingerprint a valid one. Fixes
+ bug 4309; bugfix on 0.2.1.3-alpha.
+ - The next version of Windows will be called Windows 8, and it has
+ a major version of 6, minor version of 2. Correctly identify that
+ version instead of calling it "Very recent version". Resolves
+ ticket 4153; reported by funkstar.
+ - Downgrade log messages about circuit timeout calibration from
+ "notice" to "info": they don't require or suggest any human
+ intervention. Patch from Tom Lowenthal. Fixes bug 4063;
+ bugfix on 0.2.2.14-alpha.
+
+ o Minor features:
+ - Turn on directory request statistics by default and include them in
+ extra-info descriptors. Don't break if we have no GeoIP database.
+ Backported from 0.2.3.1-alpha; implements ticket 3951.
+ - Update to the October 4 2011 Maxmind GeoLite Country database.
+
+
+-------------------------------------------------------------------
+Tue Sep 20 20:58:56 UTC 2011 - andreas.stieger(a)gmx.de
+
+- update to upstream 0.2.2.33
+
+Changes in version 0.2.2.33 - 2011-09-13
+ Tor 0.2.2.33 fixes several bugs, and includes a slight tweak to Tor's
+ TLS handshake that makes relays and bridges that run this new version
+ reachable from Iran again.
+
+ o Major bugfixes:
+ - Avoid an assertion failure when reloading a configuration with
+ TrackExitHosts changes. Found and fixed by 'laruldan'. Fixes bug
+ 3923; bugfix on 0.2.2.25-alpha.
+
+ o Minor features (security):
+ - Check for replays of the public-key encrypted portion of an
+ INTRODUCE1 cell, in addition to the current check for replays of
+ the g^x value. This prevents a possible class of active attacks
+ by an attacker who controls both an introduction point and a
+ rendezvous point, and who uses the malleability of AES-CTR to
+ alter the encrypted g^x portion of the INTRODUCE1 cell. We think
+ that these attacks are infeasible (requiring the attacker to send
+ on the order of zettabytes of altered cells in a short interval),
+ but we'd rather block them off in case there are any classes of
+ this attack that we missed. Reported by Willem Pinckaers.
+
+ o Minor features:
+ - Adjust the expiration time on our SSL session certificates to
+ better match SSL certs seen in the wild. Resolves ticket 4014.
+ - Change the default required uptime for a relay to be accepted as
+ a HSDir (hidden service directory) from 24 hours to 25 hours.
+ Improves on 0.2.0.10-alpha; resolves ticket 2649.
+ - Add a VoteOnHidServDirectoriesV2 config option to allow directory
+ authorities to abstain from voting on assignment of the HSDir
+ consensus flag. Related to bug 2649.
+ - Update to the September 6 2011 Maxmind GeoLite Country database.
+
+ o Minor bugfixes (documentation and log messages):
+ - Correct the man page to explain that HashedControlPassword and
+ CookieAuthentication can both be set, in which case either method
+ is sufficient to authenticate to Tor. Bugfix on 0.2.0.7-alpha,
+ when we decided to allow these config options to both be set. Issue
+ raised by bug 3898.
+ - Demote the 'replay detected' log message emitted when a hidden
+ service receives the same Diffie-Hellman public key in two different
+ INTRODUCE2 cells to info level. A normal Tor client can cause that
+ log message during its normal operation. Bugfix on 0.2.1.6-alpha;
+ fixes part of bug 2442.
+ - Demote the 'INTRODUCE2 cell is too {old,new}' log message to info
+ level. There is nothing that a hidden service's operator can do
+ to fix its clients' clocks. Bugfix on 0.2.1.6-alpha; fixes part
+ of bug 2442.
+ - Clarify a log message specifying the characters permitted in
+ HiddenServiceAuthorizeClient client names. Previously, the log
+ message said that "[A-Za-z0-9+-_]" were permitted; that could have
+ given the impression that every ASCII character between "+" and "_"
+ was permitted. Now we say "[A-Za-z0-9+_-]". Bugfix on 0.2.1.5-alpha.
+
+ o Build fixes:
+ - Provide a substitute implementation of lround() for MSVC, which
+ apparently lacks it. Patch from Gisle Vanem.
+ - Clean up some code issues that prevented Tor from building on older
+ BSDs. Fixes bug 3894; reported by "grarpamp".
+ - Search for a platform-specific version of "ar" when cross-compiling.
+ Should fix builds on iOS. Resolves bug 3909, found by Marco Bonetti.
+
+
+-------------------------------------------------------------------
+Fri Sep 2 19:55:23 UTC 2011 - andreas.stieger(a)gmx.de
+
+- updated ot upstream 0.2.2.32
+- removed tor_initscript.patch
+- fixes CVE-2011-4897 Tor Nickname information disclosure
+- fixes CVE-2011-4896 Tor Bridge information disclosure
+
+Changes in version 0.2.2.32 - 2011-08-27
+ The Tor 0.2.2 release series is dedicated to the memory of Andreas
+ Pfitzmann (1958-2010), a pioneer in anonymity and privacy research,
+ a founder of the PETS community, a leader in our field, a mentor,
+ and a friend. He left us with these words: "I had the possibility
+ to contribute to this world that is not as it should be. I hope I
+ could help in some areas to make the world a better place, and that
+ I could also encourage other people to be engaged in improving the
+ world. Please, stay engaged. This world needs you, your love, your
+ initiative -- now I cannot be part of that anymore."
+
+ Tor 0.2.2.32, the first stable release in the 0.2.2 branch, is finally
+ ready. More than two years in the making, this release features improved
+ client performance and hidden service reliability, better compatibility
+ for Android, correct behavior for bridges that listen on more than
+ one address, more extensible and flexible directory object handling,
+ better reporting of network statistics, improved code security, and
+ many many other features and bugfixes.
+
+ o Major features (client performance):
+ - When choosing which cells to relay first, relays now favor circuits
+ that have been quiet recently, to provide lower latency for
+ low-volume circuits. By default, relays enable or disable this
+ feature based on a setting in the consensus. They can override
+ this default by using the new "CircuitPriorityHalflife" config
+ option. Design and code by Ian Goldberg, Can Tang, and Chris
+ Alexander.
+ - Directory authorities now compute consensus weightings that instruct
+ clients how to weight relays flagged as Guard, Exit, Guard+Exit,
+ and no flag. Clients use these weightings to distribute network load
+ more evenly across these different relay types. The weightings are
+ in the consensus so we can change them globally in the future. Extra
+ thanks to "outofwords" for finding some nasty security bugs in
+ the first implementation of this feature.
+
+ o Major features (client performance, circuit build timeout):
+ - Tor now tracks how long it takes to build client-side circuits
+ over time, and adapts its timeout to local network performance.
+ Since a circuit that takes a long time to build will also provide
+ bad performance, we get significant latency improvements by
+ discarding the slowest 20% of circuits. Specifically, Tor creates
+ circuits more aggressively than usual until it has enough data
+ points for a good timeout estimate. Implements proposal 151.
+ - Circuit build timeout constants can be controlled by consensus
+ parameters. We set good defaults for these parameters based on
+ experimentation on broadband and simulated high-latency links.
+ - Circuit build time learning can be disabled via consensus parameter
+ or by the client via a LearnCircuitBuildTimeout config option. We
+ also automatically disable circuit build time calculation if either
+ AuthoritativeDirectory is set, or if we fail to write our state
+ file. Implements ticket 1296.
+
+ o Major features (relays use their capacity better):
+ - Set SO_REUSEADDR socket option on all sockets, not just
+ listeners. This should help busy exit nodes avoid running out of
+ useable ports just because all the ports have been used in the
+ near past. Resolves issue 2850.
+ - Relays now save observed peak bandwidth throughput rates to their
+ state file (along with total usage, which was already saved),
+ so that they can determine their correct estimated bandwidth on
+ restart. Resolves bug 1863, where Tor relays would reset their
+ estimated bandwidth to 0 after restarting.
+ - Lower the maximum weighted-fractional-uptime cutoff to 98%. This
+ should give us approximately 40-50% more Guard-flagged nodes,
+ improving the anonymity the Tor network can provide and also
+ decreasing the dropoff in throughput that relays experience when
+ they first get the Guard flag.
+ - Directory authorities now take changes in router IP address and
+ ORPort into account when determining router stability. Previously,
+ if a router changed its IP or ORPort, the authorities would not
+ treat it as having any downtime for the purposes of stability
+ calculation, whereas clients would experience downtime since the
+ change would take a while to propagate to them. Resolves issue 1035.
+ - New AccelName and AccelDir options add support for dynamic OpenSSL
+ hardware crypto acceleration engines.
+
+ o Major features (relays control their load better):
+ - Exit relays now try harder to block exit attempts from unknown
+ relays, to make it harder for people to use them as one-hop proxies
+ a la tortunnel. Controlled by the refuseunknownexits consensus
+ parameter (currently enabled), or you can override it on your
+ relay with the RefuseUnknownExits torrc option. Resolves bug 1751;
+ based on a variant of proposal 163.
+ - Add separate per-conn write limiting to go with the per-conn read
+ limiting. We added a global write limit in Tor 0.1.2.5-alpha,
+ but never per-conn write limits.
+ - New consensus params "bwconnrate" and "bwconnburst" to let us
+ rate-limit client connections as they enter the network. It's
+ controlled in the consensus so we can turn it on and off for
+ experiments. It's starting out off. Based on proposal 163.
+
+ o Major features (controllers):
+ - Export GeoIP information on bridge usage to controllers even if we
+ have not yet been running for 24 hours. Now Vidalia bridge operators
+ can get more accurate and immediate feedback about their
+ contributions to the network.
+ - Add an __OwningControllerProcess configuration option and a
+ TAKEOWNERSHIP control-port command. Now a Tor controller can ensure
+ that when it exits, Tor will shut down. Implements feature 3049.
+
+ o Major features (directory authorities):
+ - Directory authorities now create, vote on, and serve multiple
+ parallel formats of directory data as part of their voting process.
+ Partially implements Proposal 162: "Publish the consensus in
+ multiple flavors".
+ - Directory authorities now agree on and publish small summaries
+ of router information that clients can use in place of regular
+ server descriptors. This transition will allow Tor 0.2.3 clients
+ to use far less bandwidth for downloading information about the
+ network. Begins the implementation of Proposal 158: "Clients
+ download consensus + microdescriptors".
+ - The directory voting system is now extensible to use multiple hash
+ algorithms for signatures and resource selection. Newer formats
+ are signed with SHA256, with a possibility for moving to a better
+ hash algorithm in the future.
+ - Directory authorities can now vote on arbitary integer values as
+ part of the consensus process. This is designed to help set
+ network-wide parameters. Implements proposal 167.
+
+ o Major features and bugfixes (node selection):
+ - Revise and reconcile the meaning of the ExitNodes, EntryNodes,
+ ExcludeEntryNodes, ExcludeExitNodes, ExcludeNodes, and Strict*Nodes
+ options. Previously, we had been ambiguous in describing what
+ counted as an "exit" node, and what operations exactly "StrictNodes
+ 0" would permit. This created confusion when people saw nodes built
+ through unexpected circuits, and made it hard to tell real bugs from
+ surprises. Now the intended behavior is:
+ . "Exit", in the context of ExitNodes and ExcludeExitNodes, means
+ a node that delivers user traffic outside the Tor network.
+ . "Entry", in the context of EntryNodes, means a node used as the
+ first hop of a multihop circuit. It doesn't include direct
+ connections to directory servers.
+ . "ExcludeNodes" applies to all nodes.
+ . "StrictNodes" changes the behavior of ExcludeNodes only. When
+ StrictNodes is set, Tor should avoid all nodes listed in
+ ExcludeNodes, even when it will make user requests fail. When
+ StrictNodes is *not* set, then Tor should follow ExcludeNodes
+ whenever it can, except when it must use an excluded node to
+ perform self-tests, connect to a hidden service, provide a
+ hidden service, fulfill a .exit request, upload directory
+ information, or fetch directory information.
+ Collectively, the changes to implement the behavior fix bug 1090.
+ - If EntryNodes, ExitNodes, ExcludeNodes, or ExcludeExitNodes
+ change during a config reload, mark and discard all our origin
+ circuits. This fix should address edge cases where we change the
+ config options and but then choose a circuit that we created before
+ the change.
+ - Make EntryNodes config option much more aggressive even when
+ StrictNodes is not set. Before it would prepend your requested
+ entrynodes to your list of guard nodes, but feel free to use others
+ after that. Now it chooses only from your EntryNodes if any of
+ those are available, and only falls back to others if a) they're
+ all down and b) StrictNodes is not set.
+ - Now we refresh your entry guards from EntryNodes at each consensus
+ fetch -- rather than just at startup and then they slowly rot as
+ the network changes.
+ - Add support for the country code "{??}" in torrc options like
+ ExcludeNodes, to indicate all routers of unknown country. Closes
+ bug 1094.
+ - ExcludeNodes now takes precedence over EntryNodes and ExitNodes: if
+ a node is listed in both, it's treated as excluded.
+ - ExcludeNodes now applies to directory nodes -- as a preference if
+ StrictNodes is 0, or an absolute requirement if StrictNodes is 1.
+ Don't exclude all the directory authorities and set StrictNodes to 1
+ unless you really want your Tor to break.
+ - ExcludeNodes and ExcludeExitNodes now override exit enclaving.
+ - ExcludeExitNodes now overrides .exit requests.
+ - We don't use bridges listed in ExcludeNodes.
+ - When StrictNodes is 1:
+ . We now apply ExcludeNodes to hidden service introduction points
+ and to rendezvous points selected by hidden service users. This
+ can make your hidden service less reliable: use it with caution!
+ . If we have used ExcludeNodes on ourself, do not try relay
+ reachability self-tests.
+ . If we have excluded all the directory authorities, we will not
+ even try to upload our descriptor if we're a relay.
+ . Do not honor .exit requests to an excluded node.
+ - When the set of permitted nodes changes, we now remove any mappings
+ introduced via TrackExitHosts to now-excluded nodes. Bugfix on
+ 0.1.0.1-rc.
+ - We never cannibalize a circuit that had excluded nodes on it, even
+ if StrictNodes is 0. Bugfix on 0.1.0.1-rc.
+ - Improve log messages related to excluded nodes.
+
+ o Major features (misc):
+ - Numerous changes, bugfixes, and workarounds from Nathan Freitas
+ to help Tor build correctly for Android phones.
+ - The options SocksPort, ControlPort, and so on now all accept a
+ value "auto" that opens a socket on an OS-selected port. A
+ new ControlPortWriteToFile option tells Tor to write its
+ actual control port or ports to a chosen file. If the option
+ ControlPortFileGroupReadable is set, the file is created as
+ group-readable. Now users can run two Tor clients on the same
+ system without needing to manually mess with parameters. Resolves
+ part of ticket 3076.
+ - Tor now supports tunneling all of its outgoing connections over
+ a SOCKS proxy, using the SOCKS4Proxy and/or SOCKS5Proxy
+ configuration options. Code by Christopher Davis.
+
+ o Code security improvements:
+ - Replace all potentially sensitive memory comparison operations
+ with versions whose runtime does not depend on the data being
+ compared. This will help resist a class of attacks where an
+ adversary can use variations in timing information to learn
+ sensitive data. Fix for one case of bug 3122. (Safe memcmp
+ implementation by Robert Ransom based partially on code by DJB.)
+ - Enable Address Space Layout Randomization (ASLR) and Data Execution
+ Prevention (DEP) by default on Windows to make it harder for
+ attackers to exploit vulnerabilities. Patch from John Brooks.
+ - New "--enable-gcc-hardening" ./configure flag (off by default)
+ to turn on gcc compile time hardening options. It ensures
+ that signed ints have defined behavior (-fwrapv), enables
+ -D_FORTIFY_SOURCE=2 (requiring -O2), adds stack smashing protection
+ with canaries (-fstack-protector-all), turns on ASLR protection if
+ supported by the kernel (-fPIE, -pie), and adds additional security
+ related warnings. Verified to work on Mac OS X and Debian Lenny.
+ - New "--enable-linker-hardening" ./configure flag (off by default)
+ to turn on ELF specific hardening features (relro, now). This does
+ not work with Mac OS X or any other non-ELF binary format.
+ - Always search the Windows system directory for system DLLs, and
+ nowhere else. Bugfix on 0.1.1.23; fixes bug 1954.
+ - New DisableAllSwap option. If set to 1, Tor will attempt to lock all
+ current and future memory pages via mlockall(). On supported
+ platforms (modern Linux and probably BSD but not Windows or OS X),
+ this should effectively disable any and all attempts to page out
+ memory. This option requires that you start your Tor as root --
+ if you use DisableAllSwap, please consider using the User option
+ to properly reduce the privileges of your Tor.
+
+ o Major bugfixes (crashes):
+ - Fix crash bug on platforms where gmtime and localtime can return
+ NULL. Windows 7 users were running into this one. Fixes part of bug
+ 2077. Bugfix on all versions of Tor. Found by boboper.
+ - Introduce minimum/maximum values that clients will believe
+ from the consensus. Now we'll have a better chance to avoid crashes
+ or worse when a consensus param has a weird value.
+ - Fix a rare crash bug that could occur when a client was configured
+ with a large number of bridges. Fixes bug 2629; bugfix on
+ 0.2.1.2-alpha. Bugfix by trac user "shitlei".
+ - Do not crash when our configuration file becomes unreadable, for
+ example due to a permissions change, between when we start up
+ and when a controller calls SAVECONF. Fixes bug 3135; bugfix
+ on 0.0.9pre6.
+ - If we're in the pathological case where there's no exit bandwidth
+ but there is non-exit bandwidth, or no guard bandwidth but there
+ is non-guard bandwidth, don't crash during path selection. Bugfix
+ on 0.2.0.3-alpha.
+ - Fix a crash bug when trying to initialize the evdns module in
+ Libevent 2. Bugfix on 0.2.1.16-rc.
+
+ o Major bugfixes (stability):
+ - Fix an assert in parsing router descriptors containing IPv6
+ addresses. This one took down the directory authorities when
+ somebody tried some experimental code. Bugfix on 0.2.1.3-alpha.
+ - Fix an uncommon assertion failure when running with DNSPort under
+ heavy load. Fixes bug 2933; bugfix on 0.2.0.1-alpha.
+ - Treat an unset $HOME like an empty $HOME rather than triggering an
+ assert. Bugfix on 0.0.8pre1; fixes bug 1522.
+ - More gracefully handle corrupt state files, removing asserts
+ in favor of saving a backup and resetting state.
+ - Instead of giving an assertion failure on an internal mismatch
+ on estimated freelist size, just log a BUG warning and try later.
+ Mitigates but does not fix bug 1125.
+ - Fix an assert that got triggered when using the TestingTorNetwork
+ configuration option and then issuing a GETINFO config-text control
+ command. Fixes bug 2250; bugfix on 0.2.1.2-alpha.
+ - If the cached cert file is unparseable, warn but don't exit.
+
+ o Privacy fixes (relays/bridges):
+ - Don't list Windows capabilities in relay descriptors. We never made
+ use of them, and maybe it's a bad idea to publish them. Bugfix
+ on 0.1.1.8-alpha.
+ - If the Nickname configuration option isn't given, Tor would pick a
+ nickname based on the local hostname as the nickname for a relay.
+ Because nicknames are not very important in today's Tor and the
+ "Unnamed" nickname has been implemented, this is now problematic
+ behavior: It leaks information about the hostname without being
+ useful at all. Fixes bug 2979; bugfix on 0.1.2.2-alpha, which
+ introduced the Unnamed nickname. Reported by tagnaq.
+ - Maintain separate TLS contexts and certificates for incoming and
+ outgoing connections in bridge relays. Previously we would use the
+ same TLS contexts and certs for incoming and outgoing connections.
+ Bugfix on 0.2.0.3-alpha; addresses bug 988.
+ - Maintain separate identity keys for incoming and outgoing TLS
+ contexts in bridge relays. Previously we would use the same
+ identity keys for incoming and outgoing TLS contexts. Bugfix on
+ 0.2.0.3-alpha; addresses the other half of bug 988.
+ - Make the bridge directory authority refuse to answer directory
+ requests for "all descriptors". It used to include bridge
+ descriptors in its answer, which was a major information leak.
+ Found by "piebeer". Bugfix on 0.2.0.3-alpha.
+
+ o Privacy fixes (clients):
+ - When receiving a hidden service descriptor, check that it is for
+ the hidden service we wanted. Previously, Tor would store any
+ hidden service descriptors that a directory gave it, whether it
+ wanted them or not. This wouldn't have let an attacker impersonate
+ a hidden service, but it did let directories pre-seed a client
+ with descriptors that it didn't want. Bugfix on 0.0.6.
+ - Start the process of disabling ".exit" address notation, since it
+ can be used for a variety of esoteric application-level attacks
+ on users. To reenable it, set "AllowDotExit 1" in your torrc. Fix
+ on 0.0.9rc5.
+ - Reject attempts at the client side to open connections to private
+ IP addresses (like 127.0.0.1, 10.0.0.1, and so on) with
+ a randomly chosen exit node. Attempts to do so are always
+ ill-defined, generally prevented by exit policies, and usually
+ in error. This will also help to detect loops in transparent
+ proxy configurations. You can disable this feature by setting
+ "ClientRejectInternalAddresses 0" in your torrc.
+ - Log a notice when we get a new control connection. Now it's easier
+ for security-conscious users to recognize when a local application
+ is knocking on their controller door. Suggested by bug 1196.
+
+ o Privacy fixes (newnym):
+ - Avoid linkability based on cached hidden service descriptors: forget
+ all hidden service descriptors cached as a client when processing a
+ SIGNAL NEWNYM command. Fixes bug 3000; bugfix on 0.0.6.
+ - On SIGHUP, do not clear out all TrackHostExits mappings, client
+ DNS cache entries, and virtual address mappings: that's what
+ NEWNYM is for. Fixes bug 1345; bugfix on 0.1.0.1-rc.
+ - Don't attach new streams to old rendezvous circuits after SIGNAL
+ NEWNYM. Previously, we would keep using an existing rendezvous
+ circuit if it remained open (i.e. if it were kept open by a
+ long-lived stream, or if a new stream were attached to it before
+ Tor could notice that it was old and no longer in use). Bugfix on
+ 0.1.1.15-rc; fixes bug 3375.
+
+ o Major bugfixes (relay bandwidth accounting):
+ - Fix a bug that could break accounting on 64-bit systems with large
+ time_t values, making them hibernate for impossibly long intervals.
+ Fixes bug 2146. Bugfix on 0.0.9pre6; fix by boboper.
+ - Fix a bug in bandwidth accounting that could make us use twice
+ the intended bandwidth when our interval start changes due to
+ daylight saving time. Now we tolerate skew in stored vs computed
+ interval starts: if the start of the period changes by no more than
+ 50% of the period's duration, we remember bytes that we transferred
+ in the old period. Fixes bug 1511; bugfix on 0.0.9pre5.
+
+ o Major bugfixes (bridges):
+ - Bridges now use "reject *:*" as their default exit policy. Bugfix
+ on 0.2.0.3-alpha. Fixes bug 1113.
+ - If you configure your bridge with a known identity fingerprint,
+ and the bridge authority is unreachable (as it is in at least
+ one country now), fall back to directly requesting the descriptor
+ from the bridge. Finishes the feature started in 0.2.0.10-alpha;
+ closes bug 1138.
+ - Fix a bug where bridge users who configure the non-canonical
+ address of a bridge automatically switch to its canonical
+ address. If a bridge listens at more than one address, it
+ should be able to advertise those addresses independently and
+ any non-blocked addresses should continue to work. Bugfix on Tor
+ 0.2.0.3-alpha. Fixes bug 2510.
+ - If you configure Tor to use bridge A, and then quit and
+ configure Tor to use bridge B instead (or if you change Tor
+ to use bridge B via the controller), it would happily continue
+ to use bridge A if it's still reachable. While this behavior is
+ a feature if your goal is connectivity, in some scenarios it's a
+ dangerous bug. Bugfix on Tor 0.2.0.1-alpha; fixes bug 2511.
+ - When the controller configures a new bridge, don't wait 10 to 60
+ seconds before trying to fetch its descriptor. Bugfix on
+ 0.2.0.3-alpha; fixes bug 3198 (suggested by 2355).
+
+ o Major bugfixes (directory authorities):
+ - Many relays have been falling out of the consensus lately because
+ not enough authorities know about their descriptor for them to get
+ a majority of votes. When we deprecated the v2 directory protocol,
+ we got rid of the only way that v3 authorities can hear from each
+ other about other descriptors. Now authorities examine every v3
+ vote for new descriptors, and fetch them from that authority. Bugfix
+ on 0.2.1.23.
+ - Authorities could be tricked into giving out the Exit flag to relays
+ that didn't allow exiting to any ports. This bug could screw
+ with load balancing and stats. Bugfix on 0.1.1.6-alpha; fixes bug
+ 1238. Bug discovered by Martin Kowalczyk.
+ - If all authorities restart at once right before a consensus vote,
+ nobody will vote about "Running", and clients will get a consensus
+ with no usable relays. Instead, authorities refuse to build a
+ consensus if this happens. Bugfix on 0.2.0.10-alpha; fixes bug 1066.
+
+ o Major bugfixes (stream-level fairness):
+ - When receiving a circuit-level SENDME for a blocked circuit, try
+ to package cells fairly from all the streams that had previously
+ been blocked on that circuit. Previously, we had started with the
+ oldest stream, and allowed each stream to potentially exhaust
+ the circuit's package window. This gave older streams on any
+ given circuit priority over newer ones. Fixes bug 1937. Detected
+ originally by Camilo Viecco. This bug was introduced before the
+ first Tor release, in svn commit r152: it is the new winner of
+ the longest-lived bug prize.
+ - Fix a stream fairness bug that would cause newer streams on a given
+ circuit to get preference when reading bytes from the origin or
+ destination. Fixes bug 2210. Fix by Mashael AlSabah. This bug was
+ introduced before the first Tor release, in svn revision r152.
+ - When the exit relay got a circuit-level sendme cell, it started
+ reading on the exit streams, even if had 500 cells queued in the
+ circuit queue already, so the circuit queue just grew and grew in
+ some cases. We fix this by not re-enabling reading on receipt of a
+ sendme cell when the cell queue is blocked. Fixes bug 1653. Bugfix
+ on 0.2.0.1-alpha. Detected by Mashael AlSabah. Original patch by
+ "yetonetime".
+ - Newly created streams were allowed to read cells onto circuits,
+ even if the circuit's cell queue was blocked and waiting to drain.
+ This created potential unfairness, as older streams would be
+ blocked, but newer streams would gladly fill the queue completely.
+ We add code to detect this situation and prevent any stream from
+ getting more than one free cell. Bugfix on 0.2.0.1-alpha. Partially
+ fixes bug 1298.
+
+ o Major bugfixes (hidden services):
+ - Apply circuit timeouts to opened hidden-service-related circuits
+ based on the correct start time. Previously, we would apply the
+ circuit build timeout based on time since the circuit's creation;
+ it was supposed to be applied based on time since the circuit
+ entered its current state. Bugfix on 0.0.6; fixes part of bug 1297.
+ - Improve hidden service robustness: When we find that we have
+ extended a hidden service's introduction circuit to a relay not
+ listed as an introduction point in the HS descriptor we currently
+ have, retry with an introduction point from the current
+ descriptor. Previously we would just give up. Fixes bugs 1024 and
+ 1930; bugfix on 0.2.0.10-alpha.
+ - Directory authorities now use data collected from their own
+ uptime observations when choosing whether to assign the HSDir flag
+ to relays, instead of trusting the uptime value the relay reports in
+ its descriptor. This change helps prevent an attack where a small
+ set of nodes with frequently-changing identity keys can blackhole
+ a hidden service. (Only authorities need upgrade; others will be
+ fine once they do.) Bugfix on 0.2.0.10-alpha; fixes bug 2709.
+ - Stop assigning the HSDir flag to relays that disable their
+ DirPort (and thus will refuse to answer directory requests). This
+ fix should dramatically improve the reachability of hidden services:
+ hidden services and hidden service clients pick six HSDir relays
+ to store and retrieve the hidden service descriptor, and currently
+ about half of the HSDir relays will refuse to work. Bugfix on
+ 0.2.0.10-alpha; fixes part of bug 1693.
+
+ o Major bugfixes (misc):
+ - Clients now stop trying to use an exit node associated with a given
+ destination by TrackHostExits if they fail to reach that exit node.
+ Fixes bug 2999. Bugfix on 0.2.0.20-rc.
+ - Fix a regression that caused Tor to rebind its ports if it receives
+ SIGHUP while hibernating. Bugfix in 0.1.1.6-alpha; closes bug 919.
+ - Remove an extra pair of quotation marks around the error
+ message in control-port STATUS_GENERAL BUG events. Bugfix on
+ 0.1.2.6-alpha; fixes bug 3732.
+
+ o Minor features (relays):
+ - Ensure that no empty [dirreq-](read|write)-history lines are added
+ to an extrainfo document. Implements ticket 2497.
+ - When bandwidth accounting is enabled, be more generous with how
+ much bandwidth we'll use up before entering "soft hibernation".
+ Previously, we'd refuse new connections and circuits once we'd
+ used up 95% of our allotment. Now, we use up 95% of our allotment,
+ AND make sure that we have no more than 500MB (or 3 hours of
+ expected traffic, whichever is lower) remaining before we enter
+ soft hibernation.
+ - Relays now log the reason for publishing a new relay descriptor,
+ so we have a better chance of hunting down instances of bug 1810.
+ Resolves ticket 3252.
+ - Log a little more clearly about the times at which we're no longer
+ accepting new connections (e.g. due to hibernating). Resolves
+ bug 2181.
+ - When AllowSingleHopExits is set, print a warning to explain to the
+ relay operator why most clients are avoiding her relay.
+ - Send END_STREAM_REASON_NOROUTE in response to EHOSTUNREACH errors.
+ Clients before 0.2.1.27 didn't handle NOROUTE correctly, but such
+ clients are already deprecated because of security bugs.
+
+ o Minor features (network statistics):
+ - Directory mirrors that set "DirReqStatistics 1" write statistics
+ about directory requests to disk every 24 hours. As compared to the
+ "--enable-geoip-stats" ./configure flag in 0.2.1.x, there are a few
+ improvements: 1) stats are written to disk exactly every 24 hours;
+ 2) estimated shares of v2 and v3 requests are determined as mean
+ values, not at the end of a measurement period; 3) unresolved
+ requests are listed with country code '??'; 4) directories also
+ measure download times.
+ - Exit nodes that set "ExitPortStatistics 1" write statistics on the
+ number of exit streams and transferred bytes per port to disk every
+ 24 hours.
+ - Relays that set "CellStatistics 1" write statistics on how long
+ cells spend in their circuit queues to disk every 24 hours.
+ - Entry nodes that set "EntryStatistics 1" write statistics on the
+ rough number and origins of connecting clients to disk every 24
+ hours.
+ - Relays that write any of the above statistics to disk and set
+ "ExtraInfoStatistics 1" include the past 24 hours of statistics in
+ their extra-info documents. Implements proposal 166.
+
+ o Minor features (GeoIP and statistics):
+ - Provide a log message stating which geoip file we're parsing
+ instead of just stating that we're parsing the geoip file.
+ Implements ticket 2432.
+ - Make sure every relay writes a state file at least every 12 hours.
+ Previously, a relay could go for weeks without writing its state
+ file, and on a crash could lose its bandwidth history, capacity
+ estimates, client country statistics, and so on. Addresses bug 3012.
+ - Relays report the number of bytes spent on answering directory
+ requests in extra-info descriptors similar to {read,write}-history.
+ Implements enhancement 1790.
+ - Report only the top 10 ports in exit-port stats in order not to
+ exceed the maximum extra-info descriptor length of 50 KB. Implements
+ task 2196.
+ - If writing the state file to disk fails, wait up to an hour before
+ retrying again, rather than trying again each second. Fixes bug
+ 2346; bugfix on Tor 0.1.1.3-alpha.
+ - Delay geoip stats collection by bridges for 6 hours, not 2 hours,
+ when we switch from being a public relay to a bridge. Otherwise
+ there will still be clients that see the relay in their consensus,
+ and the stats will end up wrong. Bugfix on 0.2.1.15-rc; fixes
+ bug 932.
+ - Update to the August 2 2011 Maxmind GeoLite Country database.
+
+ o Minor features (clients):
+ - When expiring circuits, use microsecond timers rather than
+ one-second timers. This can avoid an unpleasant situation where a
+ circuit is launched near the end of one second and expired right
+ near the beginning of the next, and prevent fluctuations in circuit
+ timeout values.
+ - If we've configured EntryNodes and our network goes away and/or all
+ our entrynodes get marked down, optimistically retry them all when
+ a new socks application request appears. Fixes bug 1882.
+ - Always perform router selections using weighted relay bandwidth,
+ even if we don't need a high capacity circuit at the time. Non-fast
+ circuits now only differ from fast ones in that they can use relays
+ not marked with the Fast flag. This "feature" could turn out to
+ be a horrible bug; we should investigate more before it goes into
+ a stable release.
+ - When we run out of directory information such that we can't build
+ circuits, but then get enough that we can build circuits, log when
+ we actually construct a circuit, so the user has a better chance of
+ knowing what's going on. Fixes bug 1362.
+ - Log SSL state transitions at debug level during handshake, and
+ include SSL states in error messages. This may help debug future
+ SSL handshake issues.
+
+ o Minor features (directory authorities):
+ - When a router changes IP address or port, authorities now launch
+ a new reachability test for it. Implements ticket 1899.
+ - Directory authorities now reject relays running any versions of
+ Tor between 0.2.1.3-alpha and 0.2.1.18 inclusive; they have
+ known bugs that keep RELAY_EARLY cells from working on rendezvous
+ circuits. Followup to fix for bug 2081.
+ - Directory authorities now reject relays running any version of Tor
+ older than 0.2.0.26-rc. That version is the earliest that fetches
+ current directory information correctly. Fixes bug 2156.
+ - Directory authorities now do an immediate reachability check as soon
+ as they hear about a new relay. This change should slightly reduce
+ the time between setting up a relay and getting listed as running
+ in the consensus. It should also improve the time between setting
+ up a bridge and seeing use by bridge users.
+ - Directory authorities no longer launch a TLS connection to every
+ relay as they startup. Now that we have 2k+ descriptors cached,
+ the resulting network hiccup is becoming a burden. Besides,
+ authorities already avoid voting about Running for the first half
+ hour of their uptime.
+ - Directory authorities now log the source of a rejected POSTed v3
+ networkstatus vote, so we can track failures better.
+ - Backport code from 0.2.3.x that allows directory authorities to
+ clean their microdescriptor caches. Needed to resolve bug 2230.
+
+ o Minor features (hidden services):
+ - Use computed circuit-build timeouts to decide when to launch
+ parallel introduction circuits for hidden services. (Previously,
+ we would retry after 15 seconds.)
+ - Don't allow v0 hidden service authorities to act as clients.
+ Required by fix for bug 3000.
+ - Ignore SIGNAL NEWNYM commands on relay-only Tor instances. Required
+ by fix for bug 3000.
+ - Make hidden services work better in private Tor networks by not
+ requiring any uptime to join the hidden service descriptor
+ DHT. Implements ticket 2088.
+ - Log (at info level) when purging pieces of hidden-service-client
+ state because of SIGNAL NEWNYM.
+
+ o Minor features (controller interface):
+ - New "GETINFO net/listeners/(type)" controller command to return
+ a list of addresses and ports that are bound for listeners for a
+ given connection type. This is useful when the user has configured
+ "SocksPort auto" and the controller needs to know which port got
+ chosen. Resolves another part of ticket 3076.
+ - Have the controller interface give a more useful message than
+ "Internal Error" in response to failed GETINFO requests.
+ - Add a TIMEOUT_RATE keyword to the BUILDTIMEOUT_SET control port
+ event, to give information on the current rate of circuit timeouts
+ over our stored history.
+ - The 'EXTENDCIRCUIT' control port command can now be used with
+ a circ id of 0 and no path. This feature will cause Tor to build
+ a new 'fast' general purpose circuit using its own path selection
+ algorithms.
+ - Added a BUILDTIMEOUT_SET controller event to describe changes
+ to the circuit build timeout.
+ - New controller command "getinfo config-text". It returns the
+ contents that Tor would write if you send it a SAVECONF command,
+ so the controller can write the file to disk itself.
+
+ o Minor features (controller protocol):
+ - Add a new ControlSocketsGroupWritable configuration option: when
+ it is turned on, ControlSockets are group-writeable by the default
+ group of the current user. Patch by Jérémy Bobbio; implements
+ ticket 2972.
+ - Tor now refuses to create a ControlSocket in a directory that is
+ world-readable (or group-readable if ControlSocketsGroupWritable
+ is 0). This is necessary because some operating systems do not
+ enforce permissions on an AF_UNIX sockets. Permissions on the
+ directory holding the socket, however, seems to work everywhere.
+ - Warn when CookieAuthFileGroupReadable is set but CookieAuthFile is
+ not. This would lead to a cookie that is still not group readable.
+ Closes bug 1843. Suggested by katmagic.
+ - Future-proof the controller protocol a bit by ignoring keyword
+ arguments we do not recognize.
+
+ o Minor features (more useful logging):
+ - Revise most log messages that refer to nodes by nickname to
+ instead use the "$key=nickname at address" format. This should be
+ more useful, especially since nicknames are less and less likely
+ to be unique. Resolves ticket 3045.
+ - When an HTTPS proxy reports "403 Forbidden", we now explain
+ what it means rather than calling it an unexpected status code.
+ Closes bug 2503. Patch from Michael Yakubovich.
+ - Rate-limit a warning about failures to download v2 networkstatus
+ documents. Resolves part of bug 1352.
+ - Rate-limit the "your application is giving Tor only an IP address"
+ warning. Addresses bug 2000; bugfix on 0.0.8pre2.
+ - Rate-limit "Failed to hand off onionskin" warnings.
+ - When logging a rate-limited warning, we now mention how many messages
+ got suppressed since the last warning.
+ - Make the formerly ugly "2 unknown, 7 missing key, 0 good, 0 bad,
+ 2 no signature, 4 required" messages about consensus signatures
+ easier to read, and make sure they get logged at the same severity
+ as the messages explaining which keys are which. Fixes bug 1290.
+ - Don't warn when we have a consensus that we can't verify because
+ of missing certificates, unless those certificates are ones
+ that we have been trying and failing to download. Fixes bug 1145.
+
+ o Minor features (log domains):
+ - Add documentation for configuring logging at different severities in
+ different log domains. We've had this feature since 0.2.1.1-alpha,
+ but for some reason it never made it into the manpage. Fixes
+ bug 2215.
+ - Make it simpler to specify "All log domains except for A and B".
+ Previously you needed to say "[*,~A,~B]". Now you can just say
+ "[~A,~B]".
+ - Add a "LogMessageDomains 1" option to include the domains of log
+ messages along with the messages. Without this, there's no way
+ to use log domains without reading the source or doing a lot
+ of guessing.
+ - Add a new "Handshake" log domain for activities that happen
+ during the TLS handshake.
+
+ o Minor features (build process):
+ - Make compilation with clang possible when using
+ "--enable-gcc-warnings" by removing two warning options that clang
+ hasn't implemented yet and by fixing a few warnings. Resolves
+ ticket 2696.
+ - Detect platforms that brokenly use a signed size_t, and refuse to
+ build there. Found and analyzed by doorss and rransom.
+ - Fix a bunch of compile warnings revealed by mingw with gcc 4.5.
+ Resolves bug 2314.
+ - Add support for statically linking zlib by specifying
+ "--enable-static-zlib", to go with our support for statically
+ linking openssl and libevent. Resolves bug 1358.
+ - Instead of adding the svn revision to the Tor version string, report
+ the git commit (when we're building from a git checkout).
+ - Rename the "log.h" header to "torlog.h" so as to conflict with fewer
+ system headers.
+ - New --digests command-line switch to output the digests of the
+ source files Tor was built with.
+ - Generate our manpage and HTML documentation using Asciidoc. This
+ change should make it easier to maintain the documentation, and
+ produce nicer HTML. The build process fails if asciidoc cannot
+ be found and building with asciidoc isn't disabled (via the
+ "--disable-asciidoc" argument to ./configure. Skipping the manpage
+ speeds up the build considerably.
+
+ o Minor features (options / torrc):
+ - Warn when the same option is provided more than once in a torrc
+ file, on the command line, or in a single SETCONF statement, and
+ the option is one that only accepts a single line. Closes bug 1384.
+ - Warn when the user configures two HiddenServiceDir lines that point
+ to the same directory. Bugfix on 0.0.6 (the version introducing
+ HiddenServiceDir); fixes bug 3289.
+ - Add new "perconnbwrate" and "perconnbwburst" consensus params to
+ do individual connection-level rate limiting of clients. The torrc
+ config options with the same names trump the consensus params, if
+ both are present. Replaces the old "bwconnrate" and "bwconnburst"
+ consensus params which were broken from 0.2.2.7-alpha through
+ 0.2.2.14-alpha. Closes bug 1947.
+ - New config option "WarnUnsafeSocks 0" disables the warning that
+ occurs whenever Tor receives a socks handshake using a version of
+ the socks protocol that can only provide an IP address (rather
+ than a hostname). Setups that do DNS locally over Tor are fine,
+ and we shouldn't spam the logs in that case.
+ - New config option "CircuitStreamTimeout" to override our internal
+ timeout schedule for how many seconds until we detach a stream from
+ a circuit and try a new circuit. If your network is particularly
+ slow, you might want to set this to a number like 60.
+ - New options for SafeLogging to allow scrubbing only log messages
+ generated while acting as a relay. Specify "SafeLogging relay" if
+ you want to ensure that only messages known to originate from
+ client use of the Tor process will be logged unsafely.
+ - Time and memory units in the configuration file can now be set to
+ fractional units. For example, "2.5 GB" is now a valid value for
+ AccountingMax.
+ - Support line continuations in the torrc config file. If a line
+ ends with a single backslash character, the newline is ignored, and
+ the configuration value is treated as continuing on the next line.
+ Resolves bug 1929.
+
+ o Minor features (unit tests):
+ - Revise our unit tests to use the "tinytest" framework, so we
+ can run tests in their own processes, have smarter setup/teardown
+ code, and so on. The unit test code has moved to its own
+ subdirectory, and has been split into multiple modules.
+ - Add a unit test for cross-platform directory-listing code.
+ - Add some forgotten return value checks during unit tests. Found
+ by coverity.
+ - Use GetTempDir to find the proper temporary directory location on
+ Windows when generating temporary files for the unit tests. Patch
+ by Gisle Vanem.
+
+ o Minor features (misc):
+ - The "torify" script now uses torsocks where available.
+ - Make Libevent log messages get delivered to controllers later,
+ and not from inside the Libevent log handler. This prevents unsafe
+ reentrant Libevent calls while still letting the log messages
+ get through.
+ - Certain Tor clients (such as those behind check.torproject.org) may
+ want to fetch the consensus in an extra early manner. To enable this
+ a user may now set FetchDirInfoExtraEarly to 1. This also depends on
+ setting FetchDirInfoEarly to 1. Previous behavior will stay the same
+ as only certain clients who must have this information sooner should
+ set this option.
+ - Expand homedirs passed to tor-checkkey. This should silence a
+ coverity complaint about passing a user-supplied string into
+ open() without checking it.
+ - Make sure to disable DirPort if running as a bridge. DirPorts aren't
+ used on bridges, and it makes bridge scanning somewhat easier.
+ - Create the /var/run/tor directory on startup on OpenSUSE if it is
+ not already created. Patch from Andreas Stieger. Fixes bug 2573.
+
+ o Minor bugfixes (relays):
+ - When a relay decides that its DNS is too broken for it to serve
+ as an exit server, it advertised itself as a non-exit, but
+ continued to act as an exit. This could create accidental
+ partitioning opportunities for users. Instead, if a relay is
+ going to advertise reject *:* as its exit policy, it should
+ really act with exit policy "reject *:*". Fixes bug 2366.
+ Bugfix on Tor 0.1.2.5-alpha. Bugfix by user "postman" on trac.
+ - Publish a router descriptor even if generating an extra-info
+ descriptor fails. Previously we would not publish a router
+ descriptor without an extra-info descriptor; this can cause fast
+ exit relays collecting exit-port statistics to drop from the
+ consensus. Bugfix on 0.1.2.9-rc; fixes bug 2195.
+ - When we're trying to guess whether we know our IP address as
+ a relay, we would log various ways that we failed to guess
+ our address, but never log that we ended up guessing it
+ successfully. Now add a log line to help confused and anxious
+ relay operators. Bugfix on 0.1.2.1-alpha; fixes bug 1534.
+ - For bandwidth accounting, calculate our expected bandwidth rate
+ based on the time during which we were active and not in
+ soft-hibernation during the last interval. Previously, we were
+ also considering the time spent in soft-hibernation. If this
+ was a long time, we would wind up underestimating our bandwidth
+ by a lot, and skewing our wakeup time towards the start of the
+ accounting interval. Fixes bug 1789. Bugfix on 0.0.9pre5.
+ - Demote a confusing TLS warning that relay operators might get when
+ someone tries to talk to their ORPort. It is not the operator's
+ fault, nor can they do anything about it. Fixes bug 1364; bugfix
+ on 0.2.0.14-alpha.
+ - Change "Application request when we're believed to be offline."
+ notice to "Application request when we haven't used client
+ functionality lately.", to clarify that it's not an error. Bugfix
+ on 0.0.9.3; fixes bug 1222.
+
+ o Minor bugfixes (bridges):
+ - When a client starts or stops using bridges, never use a circuit
+ that was built before the configuration change. This behavior could
+ put at risk a user who uses bridges to ensure that her traffic
+ only goes to the chosen addresses. Bugfix on 0.2.0.3-alpha; fixes
+ bug 3200.
+ - Do not reset the bridge descriptor download status every time we
+ re-parse our configuration or get a configuration change. Fixes
+ bug 3019; bugfix on 0.2.0.3-alpha.
+ - Users couldn't configure a regular relay to be their bridge. It
+ didn't work because when Tor fetched the bridge descriptor, it found
+ that it already had it, and didn't realize that the purpose of the
+ descriptor had changed. Now we replace routers with a purpose other
+ than bridge with bridge descriptors when fetching them. Bugfix on
+ 0.1.1.9-alpha. Fixes bug 1776.
+ - In the special case where you configure a public exit relay as your
+ bridge, Tor would be willing to use that exit relay as the last
+ hop in your circuit as well. Now we fail that circuit instead.
+ Bugfix on 0.2.0.12-alpha. Fixes bug 2403. Reported by "piebeer".
+
+ o Minor bugfixes (clients):
+ - We now ask the other side of a stream (the client or the exit)
+ for more data on that stream when the amount of queued data on
+ that stream dips low enough. Previously, we wouldn't ask the
+ other side for more data until either it sent us more data (which
+ it wasn't supposed to do if it had exhausted its window!) or we
+ had completely flushed all our queued data. This flow control fix
+ should improve throughput. Fixes bug 2756; bugfix on the earliest
+ released versions of Tor (svn commit r152).
+ - When a client finds that an origin circuit has run out of 16-bit
+ stream IDs, we now mark it as unusable for new streams. Previously,
+ we would try to close the entire circuit. Bugfix on 0.0.6.
+ - Make it explicit that we don't cannibalize one-hop circuits. This
+ happens in the wild, but doesn't turn out to be a problem because
+ we fortunately don't use those circuits. Many thanks to outofwords
+ for the initial analysis and to swissknife who confirmed that
+ two-hop circuits are actually created.
+ - Resolve an edge case in path weighting that could make us misweight
+ our relay selection. Fixes bug 1203; bugfix on 0.0.8rc1.
+ - Make the DNSPort option work with libevent 2.x. Don't alter the
+ behaviour for libevent 1.x. Fixes bug 1143. Found by SwissTorExit.
+
+ o Minor bugfixes (directory authorities):
+ - Make directory authorities more accurate at recording when
+ relays that have failed several reachability tests became
+ unreachable, so we can provide more accuracy at assigning Stable,
+ Guard, HSDir, etc flags. Bugfix on 0.2.0.6-alpha. Resolves bug 2716.
+ - Directory authorities are now more robust to hops back in time
+ when calculating router stability. Previously, if a run of uptime
+ or downtime appeared to be negative, the calculation could give
+ incorrect results. Bugfix on 0.2.0.6-alpha; noticed when fixing
+ bug 1035.
+ - Directory authorities will now attempt to download consensuses
+ if their own efforts to make a live consensus have failed. This
+ change means authorities that restart will fetch a valid
+ consensus, and it means authorities that didn't agree with the
+ current consensus will still fetch and serve it if it has enough
+ signatures. Bugfix on 0.2.0.9-alpha; fixes bug 1300.
+ - Never vote for a server as "Running" if we have a descriptor for
+ it claiming to be hibernating, and that descriptor was published
+ more recently than our last contact with the server. Bugfix on
+ 0.2.0.3-alpha; fixes bug 911.
+ - Directory authorities no longer change their opinion of, or vote on,
+ whether a router is Running, unless they have themselves been
+ online long enough to have some idea. Bugfix on 0.2.0.6-alpha.
+ Fixes bug 1023.
+
+ o Minor bugfixes (hidden services):
+ - Log malformed requests for rendezvous descriptors as protocol
+ warnings, not warnings. Also, use a more informative log message
+ in case someone sees it at log level warning without prior
+ info-level messages. Fixes bug 2748; bugfix on 0.2.0.10-alpha.
+ - Accept hidden service descriptors if we think we might be a hidden
+ service directory, regardless of what our consensus says. This
+ helps robustness, since clients and hidden services can sometimes
+ have a more up-to-date view of the network consensus than we do,
+ and if they think that the directory authorities list us a HSDir,
+ we might actually be one. Related to bug 2732; bugfix on
+ 0.2.0.10-alpha.
+ - Correct the warning displayed when a rendezvous descriptor exceeds
+ the maximum size. Fixes bug 2750; bugfix on 0.2.1.5-alpha. Found by
+ John Brooks.
+ - Clients and hidden services now use HSDir-flagged relays for hidden
+ service descriptor downloads and uploads even if the relays have no
+ DirPort set and the client has disabled TunnelDirConns. This will
+ eventually allow us to give the HSDir flag to relays with no
+ DirPort. Fixes bug 2722; bugfix on 0.2.1.6-alpha.
+ - Only limit the lengths of single HS descriptors, even when multiple
+ HS descriptors are published to an HSDir relay in a single POST
+ operation. Fixes bug 2948; bugfix on 0.2.1.5-alpha. Found by hsdir.
+
+ o Minor bugfixes (controllers):
+ - Allow GETINFO fingerprint to return a fingerprint even when
+ we have not yet built a router descriptor. Fixes bug 3577;
+ bugfix on 0.2.0.1-alpha.
+ - Send a SUCCEEDED stream event to the controller when a reverse
+ resolve succeeded. Fixes bug 3536; bugfix on 0.0.8pre1. Issue
+ discovered by katmagic.
+ - Remove a trailing asterisk from "exit-policy/default" in the
+ output of the control port command "GETINFO info/names". Bugfix
+ on 0.1.2.5-alpha.
+ - Make the SIGNAL DUMP controller command work on FreeBSD. Fixes bug
+ 2917. Bugfix on 0.1.1.1-alpha.
+ - When we restart our relay, we might get a successful connection
+ from the outside before we've started our reachability tests,
+ triggering a warning: "ORPort found reachable, but I have no
+ routerinfo yet. Failing to inform controller of success." This
+ bug was harmless unless Tor is running under a controller
+ like Vidalia, in which case the controller would never get a
+ REACHABILITY_SUCCEEDED status event. Bugfix on 0.1.2.6-alpha;
+ fixes bug 1172.
+ - When a controller changes TrackHostExits, remove mappings for
+ hosts that should no longer have their exits tracked. Bugfix on
+ 0.1.0.1-rc.
+ - When a controller changes VirtualAddrNetwork, remove any mappings
+ for hosts that were automapped to the old network. Bugfix on
+ 0.1.1.19-rc.
+ - When a controller changes one of the AutomapHosts* options, remove
+ any mappings for hosts that should no longer be automapped. Bugfix
+ on 0.2.0.1-alpha.
+ - Fix an off-by-one error in calculating some controller command
+ argument lengths. Fortunately, this mistake is harmless since
+ the controller code does redundant NUL termination too. Found by
+ boboper. Bugfix on 0.1.1.1-alpha.
+ - Fix a bug in the controller interface where "GETINFO ns/asdaskljkl"
+ would return "551 Internal error" rather than "552 Unrecognized key
+ ns/asdaskljkl". Bugfix on 0.1.2.3-alpha.
+ - Don't spam the controller with events when we have no file
+ descriptors available. Bugfix on 0.2.1.5-alpha. (Rate-limiting
+ for log messages was already solved from bug 748.)
+ - Emit a GUARD DROPPED controller event for a case we missed.
+ - Ensure DNS requests launched by "RESOLVE" commands from the
+ controller respect the __LeaveStreamsUnattached setconf options. The
+ same goes for requests launched via DNSPort or transparent
+ proxying. Bugfix on 0.2.0.1-alpha; fixes bug 1525.
+
+ o Minor bugfixes (config options):
+ - Tor used to limit HttpProxyAuthenticator values to 48 characters.
+ Change the limit to 512 characters by removing base64 newlines.
+ Fixes bug 2752. Fix by Michael Yakubovich.
+ - Complain if PublishServerDescriptor is given multiple arguments that
+ include 0 or 1. This configuration will be rejected in the future.
+ Bugfix on 0.2.0.1-alpha; closes bug 1107.
+ - Disallow BridgeRelay 1 and ORPort 0 at once in the configuration.
+ Bugfix on 0.2.0.13-alpha; closes bug 928.
+
+ o Minor bugfixes (log subsystem fixes):
+ - When unable to format an address as a string, report its value
+ as "???" rather than reusing the last formatted address. Bugfix
+ on 0.2.1.5-alpha.
+ - Be more consistent in our treatment of file system paths. "~" should
+ get expanded to the user's home directory in the Log config option.
+ Fixes bug 2971; bugfix on 0.2.0.1-alpha, which introduced the
+ feature for the -f and --DataDirectory options.
+
+ o Minor bugfixes (memory management):
+ - Don't stack-allocate the list of supplementary GIDs when we're
+ about to log them. Stack-allocating NGROUPS_MAX gid_t elements
+ could take up to 256K, which is way too much stack. Found by
+ Coverity; CID #450. Bugfix on 0.2.1.7-alpha.
+ - Save a couple bytes in memory allocation every time we escape
+ certain characters in a string. Patch from Florian Zumbiehl.
+
+ o Minor bugfixes (protocol correctness):
+ - When checking for 1024-bit keys, check for 1024 bits, not 128
+ bytes. This allows Tor to correctly discard keys of length 1017
+ through 1023. Bugfix on 0.0.9pre5.
+ - Require that introduction point keys and onion handshake keys
+ have a public exponent of 65537. Starts to fix bug 3207; bugfix
+ on 0.2.0.10-alpha.
+ - Handle SOCKS messages longer than 128 bytes long correctly, rather
+ than waiting forever for them to finish. Fixes bug 2330; bugfix
+ on 0.2.0.16-alpha. Found by doorss.
+ - Never relay a cell for a circuit we have already destroyed.
+ Between marking a circuit as closeable and finally closing it,
+ it may have been possible for a few queued cells to get relayed,
+ even though they would have been immediately dropped by the next
+ OR in the circuit. Fixes bug 1184; bugfix on 0.2.0.1-alpha.
+ - Never queue a cell for a circuit that's already been marked
+ for close.
+ - Fix a spec conformance issue: the network-status-version token
+ must be the first token in a v3 consensus or vote. Discovered by
+ "parakeep". Bugfix on 0.2.0.3-alpha.
+ - A networkstatus vote must contain exactly one signature. Spec
+ conformance issue. Bugfix on 0.2.0.3-alpha.
+ - When asked about a DNS record type we don't support via a
+ client DNSPort, reply with NOTIMPL rather than an empty
+ reply. Patch by intrigeri. Fixes bug 3369; bugfix on 2.0.1-alpha.
+ - Make more fields in the controller protocol case-insensitive, since
+ control-spec.txt said they were.
+
+ o Minor bugfixes (log messages):
+ - Fix a log message that said "bits" while displaying a value in
+ bytes. Found by wanoskarnet. Fixes bug 3318; bugfix on
+ 0.2.0.1-alpha.
+ - Downgrade "no current certificates known for authority" message from
+ Notice to Info. Fixes bug 2899; bugfix on 0.2.0.10-alpha.
+ - Correctly describe errors that occur when generating a TLS object.
+ Previously we would attribute them to a failure while generating a
+ TLS context. Patch by Robert Ransom. Bugfix on 0.1.0.4-rc; fixes
+ bug 1994.
+ - Fix an instance where a Tor directory mirror might accidentally
+ log the IP address of a misbehaving Tor client. Bugfix on
+ 0.1.0.1-rc.
+ - Stop logging at severity 'warn' when some other Tor client tries
+ to establish a circuit with us using weak DH keys. It's a protocol
+ violation, but that doesn't mean ordinary users need to hear about
+ it. Fixes the bug part of bug 1114. Bugfix on 0.1.0.13.
+ - If your relay can't keep up with the number of incoming create
+ cells, it would log one warning per failure into your logs. Limit
+ warnings to 1 per minute. Bugfix on 0.0.2pre10; fixes bug 1042.
+
+ o Minor bugfixes (build fixes):
+ - Fix warnings from GCC 4.6's "-Wunused-but-set-variable" option.
+ - When warning about missing zlib development packages during compile,
+ give the correct package names. Bugfix on 0.2.0.1-alpha.
+ - Fix warnings that newer versions of autoconf produce during
+ ./autogen.sh. These warnings appear to be harmless in our case,
+ but they were extremely verbose. Fixes bug 2020.
+ - Squash a compile warning on OpenBSD. Reported by Tas; fixes
+ bug 1848.
+
+ o Minor bugfixes (portability):
+ - Write several files in text mode, on OSes that distinguish text
+ mode from binary mode (namely, Windows). These files are:
+ 'buffer-stats', 'dirreq-stats', and 'entry-stats' on relays
+ that collect those statistics; 'client_keys' and 'hostname' for
+ hidden services that use authentication; and (in the tor-gencert
+ utility) newly generated identity and signing keys. Previously,
+ we wouldn't specify text mode or binary mode, leading to an
+ assertion failure. Fixes bug 3607. Bugfix on 0.2.1.1-alpha (when
+ the DirRecordUsageByCountry option which would have triggered
+ the assertion failure was added), although this assertion failure
+ would have occurred in tor-gencert on Windows in 0.2.0.1-alpha.
+ - Selectively disable deprecation warnings on OS X because Lion
+ started deprecating the shipped copy of openssl. Fixes bug 3643.
+ - Use a wide type to hold sockets when built for 64-bit Windows.
+ Fixes bug 3270.
+ - Fix an issue that prevented static linking of libevent on
+ some platforms (notably Linux). Fixes bug 2698; bugfix on 0.2.1.23,
+ where we introduced the "--with-static-libevent" configure option.
+ - Fix a bug with our locking implementation on Windows that couldn't
+ correctly detect when a file was already locked. Fixes bug 2504,
+ bugfix on 0.2.1.6-alpha.
+ - Build correctly on OSX with zlib 1.2.4 and higher with all warnings
+ enabled.
+ - Fix IPv6-related connect() failures on some platforms (BSD, OS X).
+ Bugfix on 0.2.0.3-alpha; fixes first part of bug 2660. Patch by
+ "piebeer".
+
+ o Minor bugfixes (code correctness):
+ - Always NUL-terminate the sun_path field of a sockaddr_un before
+ passing it to the kernel. (Not a security issue: kernels are
+ smart enough to reject bad sockaddr_uns.) Found by Coverity;
+ CID #428. Bugfix on Tor 0.2.0.3-alpha.
+ - Make connection_printf_to_buf()'s behaviour sane. Its callers
+ expect it to emit a CRLF iff the format string ends with CRLF;
+ it actually emitted a CRLF iff (a) the format string ended with
+ CRLF or (b) the resulting string was over 1023 characters long or
+ (c) the format string did not end with CRLF *and* the resulting
+ string was 1021 characters long or longer. Bugfix on 0.1.1.9-alpha;
+ fixes part of bug 3407.
+ - Make send_control_event_impl()'s behaviour sane. Its callers
+ expect it to always emit a CRLF at the end of the string; it
+ might have emitted extra control characters as well. Bugfix on
+ 0.1.1.9-alpha; fixes another part of bug 3407.
+ - Make crypto_rand_int() check the value of its input correctly.
+ Previously, it accepted values up to UINT_MAX, but could return a
+ negative number if given a value above INT_MAX+1. Found by George
+ Kadianakis. Fixes bug 3306; bugfix on 0.2.2pre14.
+ - Fix a potential null-pointer dereference while computing a
+ consensus. Bugfix on tor-0.2.0.3-alpha, found with the help of
+ clang's analyzer.
+ - If we fail to compute the identity digest of a v3 legacy keypair,
+ warn, and don't use a buffer-full of junk instead. Bugfix on
+ 0.2.1.1-alpha; fixes bug 3106.
+ - Resolve an untriggerable issue in smartlist_string_num_isin(),
+ where if the function had ever in the future been used to check
+ for the presence of a too-large number, it would have given an
+ incorrect result. (Fortunately, we only used it for 16-bit
+ values.) Fixes bug 3175; bugfix on 0.1.0.1-rc.
+ - Be more careful about reporting the correct error from a failed
+ connect() system call. Under some circumstances, it was possible to
+ look at an incorrect value for errno when sending the end reason.
+ Bugfix on 0.1.0.1-rc.
+ - Correctly handle an "impossible" overflow cases in connection byte
+ counting, where we write or read more than 4GB on an edge connection
+ in a single second. Bugfix on 0.1.2.8-beta.
+ - Avoid a double mark-for-free warning when failing to attach a
+ transparent proxy connection. Bugfix on 0.1.2.1-alpha. Fixes
+ bug 2279.
+ - Correctly detect failure to allocate an OpenSSL BIO. Fixes bug 2378;
+ found by "cypherpunks". This bug was introduced before the first
+ Tor release, in svn commit r110.
+ - Fix a bug in bandwidth history state parsing that could have been
+ triggered if a future version of Tor ever changed the timing
+ granularity at which bandwidth history is measured. Bugfix on
+ Tor 0.1.1.11-alpha.
+ - Add assertions to check for overflow in arguments to
+ base32_encode() and base32_decode(); fix a signed-unsigned
+ comparison there too. These bugs are not actually reachable in Tor,
+ but it's good to prevent future errors too. Found by doorss.
+ - Avoid a bogus overlapped memcpy in tor_addr_copy(). Reported by
+ "memcpyfail".
+ - Set target port in get_interface_address6() correctly. Bugfix
+ on 0.1.1.4-alpha and 0.2.0.3-alpha; fixes second part of bug 2660.
+ - Fix an impossible-to-actually-trigger buffer overflow in relay
+ descriptor generation. Bugfix on 0.1.0.15.
+ - Fix numerous small code-flaws found by Coverity Scan Rung 3.
+
+ o Minor bugfixes (code improvements):
+ - After we free an internal connection structure, overwrite it
+ with a different memory value than we use for overwriting a freed
+ internal circuit structure. Should help with debugging. Suggested
+ by bug 1055.
+ - If OpenSSL fails to make a duplicate of a private or public key, log
+ an error message and try to exit cleanly. May help with debugging
+ if bug 1209 ever remanifests.
+ - Some options used different conventions for uppercasing of acronyms
+ when comparing manpage and source. Fix those in favor of the
+ manpage, as it makes sense to capitalize acronyms.
+ - Take a first step towards making or.h smaller by splitting out
+ function definitions for all source files in src/or/. Leave
+ structures and defines in or.h for now.
+ - Remove a few dead assignments during router parsing. Found by
+ coverity.
+ - Don't use 1-bit wide signed bit fields. Found by coverity.
+ - Avoid signed/unsigned comparisons by making SIZE_T_CEILING unsigned.
+ None of the cases where we did this before were wrong, but by making
+ this change we avoid warnings. Fixes bug 2475; bugfix on 0.2.1.28.
+ - The memarea code now uses a sentinel value at the end of each area
+ to make sure nothing writes beyond the end of an area. This might
+ help debug some conceivable causes of bug 930.
+ - Always treat failure to allocate an RSA key as an unrecoverable
+ allocation error.
+ - Add some more defensive programming for architectures that can't
+ handle unaligned integer accesses. We don't know of any actual bugs
+ right now, but that's the best time to fix them. Fixes bug 1943.
+
+ o Minor bugfixes (misc):
+ - Fix a rare bug in rend_fn unit tests: we would fail a test when
+ a randomly generated port is 0. Diagnosed by Matt Edman. Bugfix
+ on 0.2.0.10-alpha; fixes bug 1808.
+ - Where available, use Libevent 2.0's periodic timers so that our
+ once-per-second cleanup code gets called even more closely to
+ once per second than it would otherwise. Fixes bug 943.
+ - Ignore OutboundBindAddress when connecting to localhost.
+ Connections to localhost need to come _from_ localhost, or else
+ local servers (like DNS and outgoing HTTP/SOCKS proxies) will often
+ refuse to listen.
+ - Update our OpenSSL 0.9.8l fix so that it works with OpenSSL 0.9.8m
+ too.
+ - If any of the v3 certs we download are unparseable, we should
+ actually notice the failure so we don't retry indefinitely. Bugfix
+ on 0.2.0.x; reported by "rotator".
+ - When Tor fails to parse a descriptor of any kind, dump it to disk.
+ Might help diagnosing bug 1051.
+ - Make our 'torify' script more portable; if we have only one of
+ 'torsocks' or 'tsocks' installed, don't complain to the user;
+ and explain our warning about tsocks better.
+ - Fix some urls in the exit notice file and make it XHTML1.1 strict
+ compliant. Based on a patch from Christian Kujau.
+
+ o Documentation changes:
+ - Modernize the doxygen configuration file slightly. Fixes bug 2707.
+ - Resolve all doxygen warnings except those for missing documentation.
+ Fixes bug 2705.
+ - Add doxygen documentation for more functions, fields, and types.
+ - Convert the HACKING file to asciidoc, and add a few new sections
+ to it, explaining how we use Git, how we make changelogs, and
+ what should go in a patch.
+ - Document the default socks host and port (127.0.0.1:9050) for
+ tor-resolve.
+ - Removed some unnecessary files from the source distribution. The
+ AUTHORS file has now been merged into the people page on the
+ website. The roadmaps and design doc can now be found in the
+ projects directory in svn.
+
+ o Deprecated and removed features (config):
+ - Remove the torrc.complete file. It hasn't been kept up to date
+ and users will have better luck checking out the manpage.
+ - Remove the HSAuthorityRecordStats option that version 0 hidden
+ service authorities could use to track statistics of overall v0
+ hidden service usage.
+ - Remove the obsolete "NoPublish" option; it has been flagged
+ as obsolete and has produced a warning since 0.1.1.18-rc.
+ - Caches no longer download and serve v2 networkstatus documents
+ unless FetchV2Networkstatus flag is set: these documents haven't
+ haven't been used by clients or relays since 0.2.0.x. Resolves
+ bug 3022.
+
+ o Deprecated and removed features (controller):
+ - The controller no longer accepts the old obsolete "addr-mappings/"
+ or "unregistered-servers-" GETINFO values.
+ - The EXTENDED_EVENTS and VERBOSE_NAMES controller features are now
+ always on; using them is necessary for correct forward-compatible
+ controllers.
+
+ o Deprecated and removed features (misc):
+ - Hidden services no longer publish version 0 descriptors, and clients
+ do not request or use version 0 descriptors. However, the old hidden
+ service authorities still accept and serve version 0 descriptors
+ when contacted by older hidden services/clients.
+ - Remove undocumented option "-F" from tor-resolve: it hasn't done
+ anything since 0.2.1.16-rc.
+ - Remove everything related to building the expert bundle for OS X.
+ It has confused many users, doesn't work right on OS X 10.6,
+ and is hard to get rid of once installed. Resolves bug 1274.
+ - Remove support for .noconnect style addresses. Nobody was using
+ them, and they provided another avenue for detecting Tor users
+ via application-level web tricks.
+ - When we fixed bug 1038 we had to put in a restriction not to send
+ RELAY_EARLY cells on rend circuits. This was necessary as long
+ as relays using Tor 0.2.1.3-alpha through 0.2.1.18-alpha were
+ active. Now remove this obsolete check. Resolves bug 2081.
+ - Remove workaround code to handle directory responses from servers
+ that had bug 539 (they would send HTTP status 503 responses _and_
+ send a body too). Since only server versions before
+ 0.2.0.16-alpha/0.1.2.19 were affected, there is no longer reason to
+ keep the workaround in place.
+ - Remove the old 'fuzzy time' logic. It was supposed to be used for
+ handling calculations where we have a known amount of clock skew and
+ an allowed amount of unknown skew. But we only used it in three
+ places, and we never adjusted the known/unknown skew values. This is
+ still something we might want to do someday, but if we do, we'll
+ want to do it differently.
+ - Remove the "--enable-iphone" option to ./configure. According to
+ reports from Marco Bonetti, Tor builds fine without any special
+ tweaking on recent iPhone SDK versions.
+
+-------------------------------------------------------------------
+Mon Feb 28 21:29:12 UTC 2011 - andreas.stieger(a)gmx.de
+
+- updated to upstram 0.2.1.30
+
+ Tor 0.2.1.30 fixes a variety of less critical bugs. The main other
+ change is a slight tweak to Tor's TLS handshake that makes relays
+ and bridges that run this new version reachable from Iran again.
+ We don't expect this tweak will win the arms race long-term, but it
+ buys us time until we roll out a better solution.
+
+ o Major bugfixes:
+ - Stop sending a CLOCK_SKEW controller status event whenever
+ we fetch directory information from a relay that has a wrong clock.
+ Instead, only inform the controller when it's a trusted authority
+ that claims our clock is wrong. Bugfix on 0.1.2.6-alpha; fixes
+ the rest of bug 1074.
+ - Fix a bounds-checking error that could allow an attacker to
+ remotely crash a directory authority. Bugfix on 0.2.1.5-alpha.
+ Found by "piebeer".
+ - If relays set RelayBandwidthBurst but not RelayBandwidthRate,
+ Tor would ignore their RelayBandwidthBurst setting,
+ potentially using more bandwidth than expected. Bugfix on
+ 0.2.0.1-alpha. Reported by Paul Wouters. Fixes bug 2470.
+ - Ignore and warn if the user mistakenly sets "PublishServerDescriptor
+ hidserv" in her torrc. The 'hidserv' argument never controlled
+ publication of hidden service descriptors. Bugfix on 0.2.0.1-alpha.
+
+ o Minor features:
+ - Adjust our TLS Diffie-Hellman parameters to match those used by
+ Apache's mod_ssl.
+ - Update to the February 1 2011 Maxmind GeoLite Country database.
+
+ o Minor bugfixes:
+ - Check for and reject overly long directory certificates and
+ directory tokens before they have a chance to hit any assertions.
+ Bugfix on 0.2.1.28. Found by "doorss".
+ - Bring the logic that gathers routerinfos and assesses the
+ acceptability of circuits into line. This prevents a Tor OP from
+ getting locked in a cycle of choosing its local OR as an exit for a
+ path (due to a .exit request) and then rejecting the circuit because
+ its OR is not listed yet. It also prevents Tor clients from using an
+ OR running in the same instance as an exit (due to a .exit request)
+ if the OR does not meet the same requirements expected of an OR
+ running elsewhere. Fixes bug 1859; bugfix on 0.1.0.1-rc.
+
+ o Packaging changes:
+ - Stop shipping the Tor specs files and development proposal documents
+ in the tarball. They are now in a separate git repository at
+ git://git.torproject.org/torspec.git
+ - Do not include Git version tags as though they are SVN tags when
+ generating a tarball from inside a repository that has switched
+ between branches. Bugfix on 0.2.1.15-rc; fixes bug 2402.
+
+-------------------------------------------------------------------
+Wed Feb 16 21:13:00 UTC 2011 - andreas.stieger(a)gmx.de
+
+- fix bug #671821 - /var/run/tor might not exist
+
+-------------------------------------------------------------------
+Mon Jan 17 19:47:20 UTC 2011 - andreas.stieger(a)gmx.de
+
+- updated to upstream 0.2.1.29
+
+ o Major bugfixes (security):
+ - Fix a heap overflow bug where an adversary could cause heap
+ corruption. This bug probably allows remote code execution
+ attacks. Reported by "debuger". Fixes CVE-2011-0427. Bugfix on
+ 0.1.2.10-rc.
+ - Prevent a denial-of-service attack by disallowing any
+ zlib-compressed data whose compression factor is implausibly
+ high. Fixes part of bug 2324; reported by "doorss".
+ - Zero out a few more keys in memory before freeing them. Fixes
+ bug 2384 and part of bug 2385. These key instances found by
+ "cypherpunks", based on Andrew Case's report about being able
+ to find sensitive data in Tor's memory space if you have enough
+ permissions. Bugfix on 0.0.2pre9.
+
+ o Major bugfixes (crashes):
+ - Prevent calls to Libevent from inside Libevent log handlers.
+ This had potential to cause a nasty set of crashes, especially
+ if running Libevent with debug logging enabled, and running
+ Tor with a controller watching for low-severity log messages.
+ Bugfix on 0.1.0.2-rc. Fixes bug 2190.
+ - Add a check for SIZE_T_MAX to tor_realloc() to try to avoid
+ underflow errors there too. Fixes the other part of bug 2324.
+ - Fix a bug where we would assert if we ever had a
+ cached-descriptors.new file (or another file read directly into
+ memory) of exactly SIZE_T_CEILING bytes. Fixes bug 2326; bugfix
+ on 0.2.1.25. Found by doorss.
+ - Fix some potential asserts and parsing issues with grossly
+ malformed router caches. Fixes bug 2352; bugfix on Tor 0.2.1.27.
+ Found by doorss.
+
+ o Minor bugfixes (other):
+ - Fix a bug with handling misformed replies to reverse DNS lookup
+ requests in DNSPort. Bugfix on Tor 0.2.0.1-alpha. Related to a
+ bug reported by doorss.
+ - Fix compilation on mingw when a pthreads compatibility library
+ has been installed. (We don't want to use it, so we shouldn't
+ be including pthread.h.) Fixes bug 2313; bugfix on 0.1.0.1-rc.
+ - Fix a bug where we would declare that we had run out of virtual
+ addresses when the address space was only half-exhausted. Bugfix
+ on 0.1.2.1-alpha.
+ - Correctly handle the case where AutomapHostsOnResolve is set but
+ no virtual addresses are available. Fixes bug 2328; bugfix on
+ 0.1.2.1-alpha. Bug found by doorss.
+ - Correctly handle wrapping around when we run out of virtual
+ address space. Found by cypherpunks, bugfix on 0.2.0.5-alpha.
+
+ o Minor features:
+ - Update to the January 1 2011 Maxmind GeoLite Country database.
+ - Introduce output size checks on all of our decryption functions.
+
+ o Build changes:
+ - Tor does not build packages correctly with Automake 1.6 and earlier;
+ added a check to Makefile.am to make sure that we're building with
+ Automake 1.7 or later.
+ - The 0.2.1.28 tarball was missing src/common/OpenBSD_malloc_Linux.c
+ because we built it with a too-old version of automake. Thus that
+ release broke ./configure --enable-openbsd-malloc, which is popular
+ among really fast exit relays on Linux.
+
+-------------------------------------------------------------------
+Mon Dec 20 21:24:19 UTC 2010 - andreas.stieger(a)gmx.de
+
+- updated to upstream 0.2.1.28
+ - Major bugfixes:
+ - Fix a remotely exploitable bug that could be used to crash instances
+ of Tor remotely by overflowing on the heap. Remote-code execution
+ hasn't been confirmed, but can't be ruled out. Everyone should
+ upgrade. Bugfix on the 0.1.1 series and later.
+
+ - Directory authority changes:
+ - Change IP address and ports for gabelmoo (v3 directory authority).
+
+ - Minor features:
+ - Update to the December 1 2010 Maxmind GeoLite Country database.
+
+-------------------------------------------------------------------
+Fri Nov 26 17:12:40 UTC 2010 - andreas.stieger(a)gmx.de
+
+- updated to upstream 0.2.1.27
+
+-------------------------------------------------------------------
+Fri Aug 6 03:53:35 UTC 2010 - cristian.rodriguez(a)opensuse.org
+
+- %ghost the pid file so /var/run can be mounted tmpfs
+- require logrotate
+
+-------------------------------------------------------------------
old:
----
tor-0.2.1.26.tar.bz2
new:
----
tor-0.2.2.35.tar.bz2
spec files:
-----------
--- tor.spec
+++ tor.spec
@@ -1,15 +1,30 @@
-# norootforbuild
+#
+# spec file for package tor
+#
+# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via http://bugs.opensuse.org/
+#
Name: tor
-Version: 0.2.1.26
-Release: 1
+Version: 0.2.2.35
+Release: 0
BuildRoot: %{_tmppath}/%{name}-%{version}-build
-License: 3-clause BSD
Summary: Anonymizing overlay network for TCP (The onion router)
-URL: https://www.torproject.org/
+License: BSD-3-Clause
Group: Productivity/Networking/Security
+Url: https://www.torproject.org/
Source: %{name}-%{version}.tar.bz2
-
+Requires: logrotate
BuildRequires: openssl-devel
%if 0%{?suse_version} > 1100
BuildRequires: libevent-devel
@@ -17,7 +32,6 @@
BuildRequires: libevent
%endif
-
%define toruser %{name}
%define torgroup %{name}
%define home_dir /var/lib/empty
@@ -46,12 +60,13 @@
for high-stakes anonymity.
%prep
-%setup
+%setup -q
%build
%configure \
--with-tor-user=%{toruser} \
- --with-tor-group=%{torgroup}
+ --with-tor-group=%{torgroup} \
+ --docdir=%{_docdir}/%{name}
%__make %{?jobs:-j%{jobs}}
@@ -101,7 +116,7 @@
%files
%defattr(-,root,root)
-%doc AUTHORS INSTALL LICENSE README ChangeLog doc/HACKING doc/TODO
+%doc LICENSE README ChangeLog doc/HACKING doc/TODO doc/*.html
%doc %{_mandir}/man*/*
%{_bindir}/%{name}
%{_bindir}/%{name}ctl
@@ -116,7 +131,7 @@
%dir %attr(0755,root,%{torgroup}) %{_sysconfdir}/%{name}
%config(noreplace) %attr(0644,root,%{torgroup}) %{_sysconfdir}/%{name}/*
%attr(0700,%{toruser},%{torgroup}) %dir %{_localstatedir}/lib/%{name}
-%attr(0750,%{toruser},%{torgroup}) %dir %{_localstatedir}/run/%{name}
+%ghost %attr(0750,%{toruser},%{torgroup}) %dir %{_localstatedir}/run/%{name}
%attr(0750,%{toruser},%{torgroup}) %dir %{_localstatedir}/log/%{name}
%changelog
other changes:
--------------
++++++ tor-0.2.1.26.tar.bz2 -> tor-0.2.2.35.tar.bz2
(303274 lines skipped)
To REVIEW against the previous version:
osc request show --diff 98573
To ACCEPT the request:
osc request accept 98573 --message="reviewed ok."
To DECLINE the request:
osc request decline 98573 --message="declined for reason xyz (see ... for background / policy / ...)."
To REVOKE the request:
osc request revoke 98573 --message="retracted because ..., sorry / thx / see better version ..."
--
Hermes messaging (http://hermes.opensuse.org)
openSUSE Build Service (https://build.opensuse.org/)
Collaboration: http://en.opensuse.org/Build_Service/Collaboration
--
To unsubscribe, e-mail: opensuse-contrib+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-contrib+owner(a)opensuse.org
1
0
https://bugzilla.novell.com/show_bug.cgi?id=739133
https://bugzilla.novell.com/show_bug.cgi?id=739133#c
Andreas Stieger <Andreas.Stieger(a)gmx.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |opensuse-contrib(a)opensuse.o
| |rg
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
--
To unsubscribe, e-mail: opensuse-contrib+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-contrib+owner(a)opensuse.org
1
0
[obs delete-request 98551] openSUSE:11.3:Contrib/tor: created by AndreasStieger
by andreas.stieger@gmx.de 02 Jan '12
by andreas.stieger@gmx.de 02 Jan '12
02 Jan '12
openSUSE:11.3:Contrib/tor
https://build.opensuse.org/request/show/98551
Description: This upstream release is no longer maintained. Package has since migrated to network / tor and openSUSE:Factory.
changes files:
--------------
++++++ deleted changes files:
--- tor.changes
old:
----
tor-0.2.1.26.tar.bz2
tor.changes
tor.spec
spec files:
-----------
++++++ deleted spec files:
--- tor.spec
other changes:
--------------
++++++ deleted files:
--- tor-0.2.1.26.tar.bz2
To REVIEW against the previous version:
osc request show --diff 98551
To ACCEPT the request:
osc request accept 98551 --message="reviewed ok."
To DECLINE the request:
osc request decline 98551 --message="declined for reason xyz (see ... for background / policy / ...)."
To REVOKE the request:
osc request revoke 98551 --message="retracted because ..., sorry / thx / see better version ..."
--
Hermes messaging (http://hermes.opensuse.org)
openSUSE Build Service (https://build.opensuse.org/)
Collaboration: http://en.opensuse.org/Build_Service/Collaboration
--
To unsubscribe, e-mail: opensuse-contrib+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-contrib+owner(a)opensuse.org
1
0