[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[or-cvs] r17359: {tor} and forward-port those (tor/trunk)



Author: arma
Date: 2008-11-22 00:14:12 -0500 (Sat, 22 Nov 2008)
New Revision: 17359

Modified:
   tor/trunk/ChangeLog
   tor/trunk/ReleaseNotes
Log:
and forward-port those


Modified: tor/trunk/ChangeLog
===================================================================
--- tor/trunk/ChangeLog	2008-11-22 05:13:36 UTC (rev 17358)
+++ tor/trunk/ChangeLog	2008-11-22 05:14:12 UTC (rev 17359)
@@ -21,6 +21,72 @@
     - Return circuit purposes in response to GETINFO circuit-status.  Fixes
       bug 858.
 
+
+Changes in version 0.2.0.32 - 2008-11-20
+  o Security fixes:
+    - The "User" and "Group" config options did not clear the
+      supplementary group entries for the Tor process. The "User" option
+      is now more robust, and we now set the groups to the specified
+      user's primary group. The "Group" option is now ignored. For more
+      detailed logging on credential switching, set CREDENTIAL_LOG_LEVEL
+      in common/compat.c to LOG_NOTICE or higher. Patch by Jacob Appelbaum
+      and Steven Murdoch. Bugfix on 0.0.2pre14. Fixes bug 848 and 857.
+    - The "ClientDNSRejectInternalAddresses" config option wasn't being
+      consistently obeyed: if an exit relay refuses a stream because its
+      exit policy doesn't allow it, we would remember what IP address
+      the relay said the destination address resolves to, even if it's
+      an internal IP address. Bugfix on 0.2.0.7-alpha; patch by rovv.
+
+  o Major bugfixes:
+    - Fix a DOS opportunity during the voting signature collection process
+      at directory authorities. Spotted by rovv. Bugfix on 0.2.0.x.
+
+  o Major bugfixes (hidden services):
+    - When fetching v0 and v2 rendezvous service descriptors in parallel,
+      we were failing the whole hidden service request when the v0
+      descriptor fetch fails, even if the v2 fetch is still pending and
+      might succeed. Similarly, if the last v2 fetch fails, we were
+      failing the whole hidden service request even if a v0 fetch is
+      still pending. Fixes bug 814. Bugfix on 0.2.0.10-alpha.
+    - When extending a circuit to a hidden service directory to upload a
+      rendezvous descriptor using a BEGIN_DIR cell, almost 1/6 of all
+      requests failed, because the router descriptor has not been
+      downloaded yet. In these cases, do not attempt to upload the
+      rendezvous descriptor, but wait until the router descriptor is
+      downloaded and retry. Likewise, do not attempt to fetch a rendezvous
+      descriptor from a hidden service directory for which the router
+      descriptor has not yet been downloaded. Fixes bug 767. Bugfix
+      on 0.2.0.10-alpha.
+
+  o Minor bugfixes:
+    - Fix several infrequent memory leaks spotted by Coverity.
+    - When testing for libevent functions, set the LDFLAGS variable
+      correctly. Found by Riastradh.
+    - Avoid a bug where the FastFirstHopPK 0 option would keep Tor from
+      bootstrapping with tunneled directory connections. Bugfix on
+      0.1.2.5-alpha. Fixes bug 797. Found by Erwin Lam.
+    - When asked to connect to A.B.exit:80, if we don't know the IP for A
+      and we know that server B rejects most-but-not all connections to
+      port 80, we would previously reject the connection. Now, we assume
+      the user knows what they were asking for. Fixes bug 752. Bugfix
+      on 0.0.9rc5. Diagnosed by BarkerJr.
+    - If we overrun our per-second write limits a little, count this as
+      having used up our write allocation for the second, and choke
+      outgoing directory writes. Previously, we had only counted this when
+      we had met our limits precisely. Fixes bug 824. Patch from by rovv.
+      Bugfix on 0.2.0.x (??).
+    - Remove the old v2 directory authority 'lefkada' from the default
+      list. It has been gone for many months.
+    - Stop doing unaligned memory access that generated bus errors on
+      sparc64. Bugfix on 0.2.0.10-alpha. Fixes bug 862.
+    - Make USR2 log-level switch take effect immediately. Bugfix on
+      0.1.2.8-beta.
+
+  o Minor bugfixes (controller):
+    - Make DNS resolved events into "CLOSED", not "FAILED". Bugfix on
+      0.1.2.5-alpha. Fix by Robert Hogan. Resolves bug 807.
+
+
 Changes in version 0.2.1.7-alpha - 2008-11-08
   o Security fixes:
     - The "ClientDNSRejectInternalAddresses" config option wasn't being

Modified: tor/trunk/ReleaseNotes
===================================================================
--- tor/trunk/ReleaseNotes	2008-11-22 05:13:36 UTC (rev 17358)
+++ tor/trunk/ReleaseNotes	2008-11-22 05:14:12 UTC (rev 17359)
@@ -3,6 +3,71 @@
 of Tor. If you want to see more detailed descriptions of the changes in
 each development snapshot, see the ChangeLog file.
 
+Changes in version 0.2.0.32 - 2008-11-20
+  o Security fixes:
+    - The "User" and "Group" config options did not clear the
+      supplementary group entries for the Tor process. The "User" option
+      is now more robust, and we now set the groups to the specified
+      user's primary group. The "Group" option is now ignored. For more
+      detailed logging on credential switching, set CREDENTIAL_LOG_LEVEL
+      in common/compat.c to LOG_NOTICE or higher. Patch by Jacob Appelbaum
+      and Steven Murdoch. Bugfix on 0.0.2pre14. Fixes bug 848 and 857.
+    - The "ClientDNSRejectInternalAddresses" config option wasn't being
+      consistently obeyed: if an exit relay refuses a stream because its
+      exit policy doesn't allow it, we would remember what IP address
+      the relay said the destination address resolves to, even if it's
+      an internal IP address. Bugfix on 0.2.0.7-alpha; patch by rovv.
+
+  o Major bugfixes:
+    - Fix a DOS opportunity during the voting signature collection process
+      at directory authorities. Spotted by rovv. Bugfix on 0.2.0.x.
+
+  o Major bugfixes (hidden services):
+    - When fetching v0 and v2 rendezvous service descriptors in parallel,
+      we were failing the whole hidden service request when the v0
+      descriptor fetch fails, even if the v2 fetch is still pending and
+      might succeed. Similarly, if the last v2 fetch fails, we were
+      failing the whole hidden service request even if a v0 fetch is
+      still pending. Fixes bug 814. Bugfix on 0.2.0.10-alpha.
+    - When extending a circuit to a hidden service directory to upload a
+      rendezvous descriptor using a BEGIN_DIR cell, almost 1/6 of all
+      requests failed, because the router descriptor has not been
+      downloaded yet. In these cases, do not attempt to upload the
+      rendezvous descriptor, but wait until the router descriptor is
+      downloaded and retry. Likewise, do not attempt to fetch a rendezvous
+      descriptor from a hidden service directory for which the router
+      descriptor has not yet been downloaded. Fixes bug 767. Bugfix
+      on 0.2.0.10-alpha.
+
+  o Minor bugfixes:
+    - Fix several infrequent memory leaks spotted by Coverity.
+    - When testing for libevent functions, set the LDFLAGS variable
+      correctly. Found by Riastradh.
+    - Avoid a bug where the FastFirstHopPK 0 option would keep Tor from
+      bootstrapping with tunneled directory connections. Bugfix on
+      0.1.2.5-alpha. Fixes bug 797. Found by Erwin Lam.
+    - When asked to connect to A.B.exit:80, if we don't know the IP for A
+      and we know that server B rejects most-but-not all connections to
+      port 80, we would previously reject the connection. Now, we assume
+      the user knows what they were asking for. Fixes bug 752. Bugfix
+      on 0.0.9rc5. Diagnosed by BarkerJr.
+    - If we overrun our per-second write limits a little, count this as
+      having used up our write allocation for the second, and choke
+      outgoing directory writes. Previously, we had only counted this when
+      we had met our limits precisely. Fixes bug 824. Patch from by rovv.
+      Bugfix on 0.2.0.x (??).
+    - Remove the old v2 directory authority 'lefkada' from the default
+      list. It has been gone for many months.
+    - Stop doing unaligned memory access that generated bus errors on
+      sparc64. Bugfix on 0.2.0.10-alpha. Fixes bug 862.
+    - Make USR2 log-level switch take effect immediately. Bugfix on
+      0.1.2.8-beta.
+
+  o Minor bugfixes (controller):
+    - Make DNS resolved events into "CLOSED", not "FAILED". Bugfix on
+      0.1.2.5-alpha. Fix by Robert Hogan. Resolves bug 807.
+
+
 Changes in version 0.2.0.31 - 2008-09-03
   Tor 0.2.0.31 addresses two potential anonymity issues, starts to fix
   a big bug we're seeing where in rare cases traffic from one Tor stream