Release 0.54.0
core:
* Make XRef reconstruction a bit better. Bug #100509
glib:
* Expose movie play mode. Bug #99625
* demo: Show play mode in movie properties view
qt5:
* Compile with -DQT_NO_CAST_FROM_BYTEARRAY. Bug #100311
utils:
* pdfimages: don't fail listing if inline image data contains 'EI'. Bug #100737
Release 0.53.0
core:
* Form support improvements
* SplashOutputDev: Fix memory leak when rendering images with colormap and matte color
* Minor fix in GlobalParams documentation
qt5:
* Expose form calculate order
* Expose Form additional actions
utils:
* pdfimages: support 16bpc png and tiff images. Bug #99988
* pdftohtml: fix small memory leak when constructing some filenames
* pdfinfo: fix leak when printing JS
build sytem:
* Compile in C++11 mode
* Update naxsi to 0.55.3
Changes with nginx 1.13.0 25 Apr 2017
- Change: SSL renegotiation is now allowed on backend connections.
- Feature: the "rcvbuf" and "sndbuf" parameters of the "listen"
directives of the mail proxy and stream modules.
- Feature: the "return" and "error_page" directives can now be used to
return 308 redirections.
Thanks to Simon Leblanc.
- Feature: the "TLSv1.3" parameter of the "ssl_protocols" directive.
- Feature: when logging signals nginx now logs PID of the process which
sent the signal.
- Bugfix: in memory allocation error handling.
- Bugfix: if a server in the stream module listened on a wildcard
address, the source address of a response UDP datagram could differ
from the original datagram destination address.
Changes with nginx 1.11.13 04 Apr 2017
- Feature: the "http_429" parameter of the "proxy_next_upstream",
"fastcgi_next_upstream", "scgi_next_upstream", and
"uwsgi_next_upstream" directives.
Thanks to Piotr Sikora.
- Bugfix: in memory allocation error handling.
- Bugfix: requests might hang when using the "sendfile" and
"timer_resolution" directives on Linux.
- Bugfix: requests might hang when using the "sendfile" and "aio_write"
directives with subrequests.
- Bugfix: in the ngx_http_v2_module.
Thanks to Piotr Sikora.
- Bugfix: a segmentation fault might occur in a worker process when
using HTTP/2.
- Bugfix: requests might hang when using the "limit_rate",
"sendfile_max_chunk", "limit_req" directives, or the $r->sleep()
embedded perl method with subrequests.
- Bugfix: in the ngx_http_slice_module.
Changes with nginx 1.11.12 24 Mar 2017
- Bugfix: nginx might hog CPU; the bug had appeared in 1.11.11.
Changes with nginx 1.11.11 21 Mar 2017
- Feature: the "worker_shutdown_timeout" directive.
- Feature: vim syntax highlighting scripts improvements.
Thanks to Wei-Ko Kao.
- Bugfix: a segmentation fault might occur in a worker process if the
$limit_rate variable was set to an empty string.
- Bugfix: the "proxy_cache_background_update",
"fastcgi_cache_background_update", "scgi_cache_background_update",
and "uwsgi_cache_background_update" directives might work incorrectly
if the "if" directive was used.
- Bugfix: a segmentation fault might occur in a worker process if
number of large_client_header_buffers in a virtual server was
different from the one in the default server.
- Bugfix: in the mail proxy server.
Changes with nginx 1.11.10 14 Feb 2017
- Change: cache header format has been changed, previously cached
responses will be invalidated.
- Feature: support of "stale-while-revalidate" and "stale-if-error"
extensions in the "Cache-Control" backend response header line.
- Feature: the "proxy_cache_background_update",
"fastcgi_cache_background_update", "scgi_cache_background_update",
and "uwsgi_cache_background_update" directives.
- Feature: nginx is now able to cache responses with the "Vary" header
line up to 128 characters long (instead of 42 characters in previous
versions).
- Feature: the "build" parameter of the "server_tokens" directive.
Thanks to Tom Thorogood.
- Bugfix: "[crit] SSL_write() failed" messages might appear in logs
when handling requests with the "Expect: 100-continue" request header
line.
- Bugfix: the ngx_http_slice_module did not work in named locations.
- Bugfix: a segmentation fault might occur in a worker process when
using AIO after an "X-Accel-Redirect" redirection.
- Bugfix: reduced memory consumption for long-lived requests using
gzipping.
* Update naxsi to 0.55.3.
Approximate changelog since nginx 1.10.3 follows.
Changes with nginx 1.12.0 12 Apr 2017
- 1.12.x stable branch.
Changes with nginx 1.11.13 04 Apr 2017
- Feature: the "http_429" parameter of the "proxy_next_upstream",
"fastcgi_next_upstream", "scgi_next_upstream", and
"uwsgi_next_upstream" directives.
Thanks to Piotr Sikora.
- Bugfix: in memory allocation error handling.
- Bugfix: requests might hang when using the "sendfile" and
"timer_resolution" directives on Linux.
- Bugfix: requests might hang when using the "sendfile" and "aio_write"
directives with subrequests.
- Bugfix: in the ngx_http_v2_module.
Thanks to Piotr Sikora.
- Bugfix: a segmentation fault might occur in a worker process when
using HTTP/2.
- Bugfix: requests might hang when using the "limit_rate",
"sendfile_max_chunk", "limit_req" directives, or the $r->sleep()
embedded perl method with subrequests.
- Bugfix: in the ngx_http_slice_module.
Changes with nginx 1.11.12 24 Mar 2017
- Bugfix: nginx might hog CPU; the bug had appeared in 1.11.11.
Changes with nginx 1.11.11 21 Mar 2017
- Feature: the "worker_shutdown_timeout" directive.
- Feature: vim syntax highlighting scripts improvements.
Thanks to Wei-Ko Kao.
- Bugfix: a segmentation fault might occur in a worker process if the
$limit_rate variable was set to an empty string.
- Bugfix: the "proxy_cache_background_update",
"fastcgi_cache_background_update", "scgi_cache_background_update",
and "uwsgi_cache_background_update" directives might work incorrectly
if the "if" directive was used.
- Bugfix: a segmentation fault might occur in a worker process if
number of large_client_header_buffers in a virtual server was
different from the one in the default server.
- Bugfix: in the mail proxy server.
Changes with nginx 1.11.10 14 Feb 2017
- Change: cache header format has been changed, previously cached
responses will be invalidated.
- Feature: support of "stale-while-revalidate" and "stale-if-error"
extensions in the "Cache-Control" backend response header line.
- Feature: the "proxy_cache_background_update",
"fastcgi_cache_background_update", "scgi_cache_background_update",
and "uwsgi_cache_background_update" directives.
- Feature: nginx is now able to cache responses with the "Vary" header
line up to 128 characters long (instead of 42 characters in previous
versions).
- Feature: the "build" parameter of the "server_tokens" directive.
Thanks to Tom Thorogood.
- Bugfix: "[crit] SSL_write() failed" messages might appear in logs
when handling requests with the "Expect: 100-continue" request header
line.
- Bugfix: the ngx_http_slice_module did not work in named locations.
- Bugfix: a segmentation fault might occur in a worker process when
using AIO after an "X-Accel-Redirect" redirection.
- Bugfix: reduced memory consumption for long-lived requests using
gzipping.
Changes with nginx 1.11.9 24 Jan 2017
- Bugfix: nginx might hog CPU when using the stream module; the bug had
appeared in 1.11.5.
- Bugfix: EXTERNAL authentication mechanism in mail proxy was accepted
even if it was not enabled in the configuration.
- Bugfix: a segmentation fault might occur in a worker process if the
"ssl_verify_client" directive of the stream module was used.
- Bugfix: the "ssl_verify_client" directive of the stream module might
not work.
- Bugfix: closing keepalive connections due to no free worker
connections might be too aggressive.
Thanks to Joel Cunningham.
- Bugfix: an incorrect response might be returned when using the
"sendfile" directive on FreeBSD and macOS; the bug had appeared in
1.7.8.
- Bugfix: a truncated response might be stored in cache when using the
"aio_write" directive.
- Bugfix: a socket leak might occur when using the "aio_write"
directive.
Changes with nginx 1.11.8 27 Dec 2016
- Feature: the "absolute_redirect" directive.
- Feature: the "escape" parameter of the "log_format" directive.
- Feature: client SSL certificates verification in the stream module.
- Feature: the "ssl_session_ticket_key" directive supports AES256
encryption of TLS session tickets when used with 80-byte keys.
- Feature: vim-commentary support in vim scripts.
Thanks to Armin Grodon.
- Bugfix: recursion when evaluating variables was not limited.
- Bugfix: in the ngx_stream_ssl_preread_module.
- Bugfix: if a server in an upstream in the stream module failed, it
was considered alive only when a test connection sent to it after
fail_timeout was closed; now a successfully established connection is
enough.
- Bugfix: nginx/Windows could not be built with 64-bit Visual Studio.
- Bugfix: nginx/Windows could not be built with OpenSSL 1.1.0.
Changes with nginx 1.11.7 13 Dec 2016
- Change: now in case of a client certificate verification error the
$ssl_client_verify variable contains a string with the failure
reason, for example, "FAILED:certificate has expired".
- Feature: the $ssl_ciphers, $ssl_curves, $ssl_client_v_start,
$ssl_client_v_end, and $ssl_client_v_remain variables.
- Feature: the "volatile" parameter of the "map" directive.
- Bugfix: dependencies specified for a module were ignored while
building dynamic modules.
- Bugfix: when using HTTP/2 and the "limit_req" or "auth_request"
directives client request body might be corrupted; the bug had
appeared in 1.11.0.
- Bugfix: a segmentation fault might occur in a worker process when
using HTTP/2; the bug had appeared in 1.11.3.
- Bugfix: in the ngx_http_mp4_module.
Thanks to Congcong Hu.
- Bugfix: in the ngx_http_perl_module.
Changes in version 0.3.0.6 - 2017-04-26
Tor 0.3.0.6 is the first stable release of the Tor 0.3.0 series.
With the 0.3.0 series, clients and relays now use Ed25519 keys to
authenticate their link connections to relays, rather than the old
RSA1024 keys that they used before. (Circuit crypto has been
Curve25519-authenticated since 0.2.4.8-alpha.) We have also replaced
the guard selection and replacement algorithm to behave more robustly
in the presence of unreliable networks, and to resist guard-
capture attacks.
This series also includes numerous other small features and bugfixes,
along with more groundwork for the upcoming hidden-services revamp.
Per our stable release policy, we plan to support the Tor 0.3.0
release series for at least the next nine months, or for three months
after the first stable release of the 0.3.1 series: whichever is
longer. If you need a release with long-term support, we recommend
that you stay with the 0.2.9 series.
Below are the changes since 0.2.9.10. For a list of only the changes
since 0.3.0.5-rc, see the ChangeLog file.
o Major features (directory authority, security):
- The default for AuthDirPinKeys is now 1: directory authorities
will reject relays where the RSA identity key matches a previously
seen value, but the Ed25519 key has changed. Closes ticket 18319.
o Major features (guard selection algorithm):
- Tor's guard selection algorithm has been redesigned from the
ground up, to better support unreliable networks and restrictive
sets of entry nodes, and to better resist guard-capture attacks by
hostile local networks. Implements proposal 271; closes
ticket 19877.
o Major features (next-generation hidden services):
- Relays can now handle v3 ESTABLISH_INTRO cells as specified by
prop224 aka "Next Generation Hidden Services". Service and clients
don't use this functionality yet. Closes ticket 19043. Based on
initial code by Alec Heifetz.
- Relays now support the HSDir version 3 protocol, so that they can
can store and serve v3 descriptors. This is part of the next-
generation onion service work detailled in proposal 224. Closes
ticket 17238.
o Major features (protocol, ed25519 identity keys):
- Clients now support including Ed25519 identity keys in the EXTEND2
cells they generate. By default, this is controlled by a consensus
parameter, currently disabled. You can turn this feature on for
testing by setting ExtendByEd25519ID in your configuration. This
might make your traffic appear different than the traffic
generated by other users, however. Implements part of ticket
15056; part of proposal 220.
- Relays now understand requests to extend to other relays by their
Ed25519 identity keys. When an Ed25519 identity key is included in
an EXTEND2 cell, the relay will only extend the circuit if the
other relay can prove ownership of that identity. Implements part
of ticket 15056; part of proposal 220.
- Relays now use Ed25519 to prove their Ed25519 identities and to
one another, and to clients. This algorithm is faster and more
secure than the RSA-based handshake we've been doing until now.
Implements the second big part of proposal 220; Closes
ticket 15055.
o Major features (security):
- Change the algorithm used to decide DNS TTLs on client and server
side, to better resist DNS-based correlation attacks like the
DefecTor attack of Greschbach, Pulls, Roberts, Winter, and
Feamster. Now relays only return one of two possible DNS TTL
values, and clients are willing to believe DNS TTL values up to 3
hours long. Closes ticket 19769.
o Major bugfixes (client, onion service, also in 0.2.9.9):
- Fix a client-side onion service reachability bug, where multiple
socks requests to an onion service (or a single slow request)
could cause us to mistakenly mark some of the service's
introduction points as failed, and we cache that failure so
eventually we run out and can't reach the service. Also resolves a
mysterious "Remote server sent bogus reason code 65021" log
warning. The bug was introduced in ticket 17218, where we tried to
remember the circuit end reason as a uint16_t, which mangled
negative values. Partially fixes bug 21056 and fixes bug 20307;
bugfix on 0.2.8.1-alpha.
o Major bugfixes (crash, directory connections):
- Fix a rare crash when sending a begin cell on a circuit whose
linked directory connection had already been closed. Fixes bug
21576; bugfix on 0.2.9.3-alpha. Reported by Alec Muffett.
o Major bugfixes (directory authority):
- During voting, when marking a relay as a probable sybil, do not
clear its BadExit flag: sybils can still be bad in other ways
too. (We still clear the other flags.) Fixes bug 21108; bugfix
on 0.2.0.13-alpha.
o Major bugfixes (DNS):
- Fix a bug that prevented exit nodes from caching DNS records for
more than 60 seconds. Fixes bug 19025; bugfix on 0.2.4.7-alpha.
o Major bugfixes (IPv6 Exits):
- Stop rejecting all IPv6 traffic on Exits whose exit policy rejects
any IPv6 addresses. Instead, only reject a port over IPv6 if the
exit policy rejects that port on more than an IPv6 /16 of
addresses. This bug was made worse by 17027 in 0.2.8.1-alpha,
which rejected a relay's own IPv6 address by default. Fixes bug
21357; bugfix on commit 004f3f4e53 in 0.2.4.7-alpha.
o Major bugfixes (parsing):
- Fix an integer underflow bug when comparing malformed Tor
versions. This bug could crash Tor when built with
--enable-expensive-hardening, or on Tor 0.2.9.1-alpha through Tor
0.2.9.8, which were built with -ftrapv by default. In other cases
it was harmless. Part of TROVE-2017-001. Fixes bug 21278; bugfix
on 0.0.8pre1. Found by OSS-Fuzz.
- When parsing a malformed content-length field from an HTTP
message, do not read off the end of the buffer. This bug was a
potential remote denial-of-service attack against Tor clients and
relays. A workaround was released in October 2016, to prevent this
bug from crashing Tor. This is a fix for the underlying issue,
which should no longer matter (if you applied the earlier patch).
Fixes bug 20894; bugfix on 0.2.0.16-alpha. Bug found by fuzzing
using AFL (http://lcamtuf.coredump.cx/afl/).
o Major bugfixes (scheduler):
- Actually compare circuit policies in ewma_cmp_cmux(). This bug
caused the channel scheduler to behave more or less randomly,
rather than preferring channels with higher-priority circuits.
Fixes bug 20459; bugfix on 0.2.6.2-alpha.
o Major bugfixes (security, also in 0.2.9.9):
- Downgrade the "-ftrapv" option from "always on" to "only on when
--enable-expensive-hardening is provided." This hardening option,
like others, can turn survivable bugs into crashes--and having it
on by default made a (relatively harmless) integer overflow bug
into a denial-of-service bug. Fixes bug 21278 (TROVE-2017-001);
bugfix on 0.2.9.1-alpha.
o Minor feature (client):
- Enable IPv6 traffic on the SocksPort by default. To disable this,
a user will have to specify "NoIPv6Traffic". Closes ticket 21269.
o Minor feature (fallback scripts):
- Add a check_existing mode to updateFallbackDirs.py, which checks
if fallbacks in the hard-coded list are working. Closes ticket
20174. Patch by haxxpop.
o Minor feature (protocol versioning):
- Add new protocol version for proposal 224. HSIntro now advertises
version "3-4" and HSDir version "1-2". Fixes ticket 20656.
o Minor features (ciphersuite selection):
- Allow relays to accept a wider range of ciphersuites, including
chacha20-poly1305 and AES-CCM. Closes the other part of 15426.
- Clients now advertise a list of ciphersuites closer to the ones
preferred by Firefox. Closes part of ticket 15426.
o Minor features (controller):
- Add "GETINFO sr/current" and "GETINFO sr/previous" keys, to expose
shared-random values to the controller. Closes ticket 19925.
- When HSFETCH arguments cannot be parsed, say "Invalid argument"
rather than "unrecognized." Closes ticket 20389; patch from
Ivan Markin.
o Minor features (controller, configuration):
- Each of the *Port options, such as SocksPort, ORPort, ControlPort,
and so on, now comes with a __*Port variant that will not be saved
to the torrc file by the controller's SAVECONF command. This
change allows TorBrowser to set up a single-use domain socket for
each time it launches Tor. Closes ticket 20956.
- The GETCONF command can now query options that may only be
meaningful in context-sensitive lists. This allows the controller
to query the mixed SocksPort/__SocksPort style options introduced
in feature 20956. Implements ticket 21300.
o Minor features (diagnostic, directory client):
- Warn when we find an unexpected inconsistency in directory
download status objects. Prevents some negative consequences of
bug 20593.
o Minor features (directory authorities):
- Directory authorities now reject descriptors that claim to be
malformed versions of Tor. Helps prevent exploitation of
bug 21278.
- Reject version numbers with components that exceed INT32_MAX.
Otherwise 32-bit and 64-bit platforms would behave inconsistently.
Fixes bug 21450; bugfix on 0.0.8pre1.
o Minor features (directory authority):
- Add a new authority-only AuthDirTestEd25519LinkKeys option (on by
default) to control whether authorities should try to probe relays
by their Ed25519 link keys. This option will go away in a few
releases--unless we encounter major trouble in our ed25519 link
protocol rollout, in which case it will serve as a safety option.
o Minor features (directory cache):
- Relays and bridges will now refuse to serve the consensus they
have if they know it is too old for a client to use. Closes
ticket 20511.
o Minor features (ed25519 link handshake):
- Advertise support for the ed25519 link handshake using the
subprotocol-versions mechanism, so that clients can tell which
relays can identity themselves by Ed25519 ID. Closes ticket 20552.
o Minor features (entry guards):
- Add UseEntryGuards to TEST_OPTIONS_DEFAULT_VALUES in order to not
break regression tests.
- Require UseEntryGuards when UseBridges is set, in order to make
sure bridges aren't bypassed. Resolves ticket 20502.
o Minor features (fallback directories):
- Allow 3 fallback relays per operator, which is safe now that we
are choosing 200 fallback relays. Closes ticket 20912.
- Annotate updateFallbackDirs.py with the bandwidth and consensus
weight for each candidate fallback. Closes ticket 20878.
- Display the relay fingerprint when downloading consensuses from
fallbacks. Closes ticket 20908.
- Exclude relays affected by bug 20499 from the fallback list.
Exclude relays from the fallback list if they are running versions
known to be affected by bug 20499, or if in our tests they deliver
a stale consensus (i.e. one that expired more than 24 hours ago).
Closes ticket 20539.
- Make it easier to change the output sort order of fallbacks.
Closes ticket 20822.
- Reduce the minimum fallback bandwidth to 1 MByte/s. Part of
ticket 18828.
- Require fallback directories to have the same address and port for
7 days (now that we have enough relays with this stability).
Relays whose OnionOO stability timer is reset on restart by bug
18050 should upgrade to Tor 0.2.8.7 or later, which has a fix for
this issue. Closes ticket 20880; maintains short-term fix
in 0.2.8.2-alpha.
- Require fallbacks to have flags for 90% of the time (weighted
decaying average), rather than 95%. This allows at least 73% of
clients to bootstrap in the first 5 seconds without contacting an
authority. Part of ticket 18828.
- Select 200 fallback directories for each release. Closes
ticket 20881.
o Minor features (fingerprinting resistence, authentication):
- Extend the length of RSA keys used for TLS link authentication to
2048 bits. (These weren't used for forward secrecy; for forward
secrecy, we used P256.) Closes ticket 13752.
o Minor features (geoip):
- Update geoip and geoip6 to the April 4 2017 Maxmind GeoLite2
Country database.
o Minor features (geoip, also in 0.2.9.9):
- Update geoip and geoip6 to the January 4 2017 Maxmind GeoLite2
Country database.
o Minor features (infrastructure):
- Implement smartlist_add_strdup() function. Replaces the use of
smartlist_add(sl, tor_strdup(str)). Closes ticket 20048.
o Minor features (linting):
- Enhance the changes file linter to warn on Tor versions that are
prefixed with "tor-". Closes ticket 21096.
o Minor features (logging):
- In several places, describe unset ed25519 keys as "<unset>",
rather than the scary "AAAAAAAA...AAA". Closes ticket 21037.
o Minor features (portability, compilation):
- Autoconf now checks to determine if OpenSSL structures are opaque,
instead of explicitly checking for OpenSSL version numbers. Part
of ticket 21359.
- Support building with recent LibreSSL code that uses opaque
structures. Closes ticket 21359.
o Minor features (relay):
- We now allow separation of exit and relay traffic to different
source IP addresses, using the OutboundBindAddressExit and
OutboundBindAddressOR options respectively. Closes ticket 17975.
Written by Michael Sonntag.
o Minor features (reliability, crash):
- Try better to detect problems in buffers where they might grow (or
think they have grown) over 2 GB in size. Diagnostic for
bug 21369.
o Minor features (testing):
- During 'make test-network-all', if tor logs any warnings, ask
chutney to output them. Requires a recent version of chutney with
the 21572 patch. Implements 21570.
o Minor bugfix (control protocol):
- The reply to a "GETINFO config/names" request via the control
protocol now spells the type "Dependent" correctly. This is a
breaking change in the control protocol. (The field seems to be
ignored by the most common known controllers.) Fixes bug 18146;
bugfix on 0.1.1.4-alpha.
- The GETINFO extra-info/digest/<digest> command was broken because
of a wrong base16 decode return value check, introduced when
refactoring that API. Fixes bug 22034; bugfix on 0.2.9.1-alpha.
o Minor bugfix (logging):
- Don't recommend the use of Tor2web in non-anonymous mode.
Recommending Tor2web is a bad idea because the client loses all
anonymity. Tor2web should only be used in specific cases by users
who *know* and understand the issues. Fixes bug 21294; bugfix
on 0.2.9.3-alpha.
o Minor bugfixes (bug resilience):
- Fix an unreachable size_t overflow in base64_decode(). Fixes bug
19222; bugfix on 0.2.0.9-alpha. Found by Guido Vranken; fixed by
Hans Jerry Illikainen.
o Minor bugfixes (build):
- Replace obsolete Autoconf macros with their modern equivalent and
prevent similar issues in the future. Fixes bug 20990; bugfix
on 0.1.0.1-rc.
o Minor bugfixes (certificate expiration time):
- Avoid using link certificates that don't become valid till some
time in the future. Fixes bug 21420; bugfix on 0.2.4.11-alpha
o Minor bugfixes (client):
- Always recover from failures in extend_info_from_node(), in an
attempt to prevent any recurrence of bug 21242. Fixes bug 21372;
bugfix on 0.2.3.1-alpha.
- When clients that use bridges start up with a cached consensus on
disk, they were ignoring it and downloading a new one. Now they
use the cached one. Fixes bug 20269; bugfix on 0.2.3.12-alpha.
o Minor bugfixes (code correctness):
- Repair a couple of (unreachable or harmless) cases of the risky
comparison-by-subtraction pattern that caused bug 21278.
o Minor bugfixes (config):
- Don't assert on startup when trying to get the options list and
LearnCircuitBuildTimeout is set to 0: we are currently parsing the
options so of course they aren't ready yet. Fixes bug 21062;
bugfix on 0.2.9.3-alpha.
o Minor bugfixes (configuration):
- Accept non-space whitespace characters after the severity level in
the `Log` option. Fixes bug 19965; bugfix on 0.2.1.1-alpha.
- Support "TByte" and "TBytes" units in options given in bytes.
"TB", "terabyte(s)", "TBit(s)" and "terabit(s)" were already
supported. Fixes bug 20622; bugfix on 0.2.0.14-alpha.
o Minor bugfixes (configure, autoconf):
- Rename the configure option --enable-expensive-hardening to
--enable-fragile-hardening. Expensive hardening makes the tor
daemon abort when some kinds of issues are detected. Thus, it
makes tor more at risk of remote crashes but safer against RCE or
heartbleed bug category. We now try to explain this issue in a
message from the configure script. Fixes bug 21290; bugfix
on 0.2.5.4-alpha.
o Minor bugfixes (consensus weight):
- Add new consensus method that initializes bw weights to 1 instead
of 0. This prevents a zero weight from making it all the way to
the end (happens in small testing networks) and causing an error.
Fixes bug 14881; bugfix on 0.2.2.17-alpha.
o Minor bugfixes (crash prevention):
- Fix an (currently untriggerable, but potentially dangerous) crash
bug when base32-encoding inputs whose sizes are not a multiple of
5. Fixes bug 21894; bugfix on 0.2.9.1-alpha.
o Minor bugfixes (dead code):
- Remove a redundant check for PidFile changes at runtime in
options_transition_allowed(): this check is already performed
regardless of whether the sandbox is active. Fixes bug 21123;
bugfix on 0.2.5.4-alpha.
o Minor bugfixes (descriptors):
- Correctly recognise downloaded full descriptors as valid, even
when using microdescriptors as circuits. This affects clients with
FetchUselessDescriptors set, and may affect directory authorities.
Fixes bug 20839; bugfix on 0.2.3.2-alpha.
o Minor bugfixes (directory mirrors):
- Allow relays to use directory mirrors without a DirPort: these
relays need to be contacted over their ORPorts using a begindir
connection. Fixes one case of bug 20711; bugfix on 0.2.8.2-alpha.
- Clarify the message logged when a remote relay is unexpectedly
missing an ORPort or DirPort: users were confusing this with a
local port. Fixes another case of bug 20711; bugfix
on 0.2.8.2-alpha.
o Minor bugfixes (directory system):
- Bridges and relays now use microdescriptors (like clients do)
rather than old-style router descriptors. Now bridges will blend
in with clients in terms of the circuits they build. Fixes bug
6769; bugfix on 0.2.3.2-alpha.
- Download all consensus flavors, descriptors, and authority
certificates when FetchUselessDescriptors is set, regardless of
whether tor is a directory cache or not. Fixes bug 20667; bugfix
on all recent tor versions.
o Minor bugfixes (documentation):
- Update the tor manual page to document every option that can not
be changed while tor is running. Fixes bug 21122.
o Minor bugfixes (ed25519 certificates):
- Correctly interpret ed25519 certificates that would expire some
time after 19 Jan 2038. Fixes bug 20027; bugfix on 0.2.7.2-alpha.
o Minor bugfixes (fallback directories):
- Avoid checking fallback candidates' DirPorts if they are down in
OnionOO. When a relay operator has multiple relays, this
prioritizes relays that are up over relays that are down. Fixes
bug 20926; bugfix on 0.2.8.3-alpha.
- Stop failing when OUTPUT_COMMENTS is True in updateFallbackDirs.py.
Fixes bug 20877; bugfix on 0.2.8.3-alpha.
- Stop failing when a relay has no uptime data in
updateFallbackDirs.py. Fixes bug 20945; bugfix on 0.2.8.1-alpha.
o Minor bugfixes (hidden service):
- Clean up the code for expiring intro points with no associated
circuits. It was causing, rarely, a service with some expiring
introduction points to not open enough additional introduction
points. Fixes part of bug 21302; bugfix on 0.2.7.2-alpha.
- Resolve two possible underflows which could lead to creating and
closing a lot of introduction point circuits in a non-stop loop.
Fixes bug 21302; bugfix on 0.2.7.2-alpha.
- Stop setting the torrc option HiddenServiceStatistics to "0" just
because we're not a bridge or relay. Instead, we preserve whatever
value the user set (or didn't set). Fixes bug 21150; bugfix
on 0.2.6.2-alpha.
o Minor bugfixes (hidden services):
- Make hidden services check for failed intro point connections,
even when they have exceeded their intro point creation limit.
Fixes bug 21596; bugfix on 0.2.7.2-alpha. Reported by Alec Muffett.
- Make hidden services with 8 to 10 introduction points check for
failed circuits immediately after startup. Previously, they would
wait for 5 minutes before performing their first checks. Fixes bug
21594; bugfix on 0.2.3.9-alpha. Reported by Alec Muffett.
- Stop ignoring misconfigured hidden services. Instead, refuse to
start tor until the misconfigurations have been corrected. Fixes
bug 20559; bugfix on multiple commits in 0.2.7.1-alpha
and earlier.
o Minor bugfixes (IPv6):
- Make IPv6-using clients try harder to find an IPv6 directory
server. Fixes bug 20999; bugfix on 0.2.8.2-alpha.
- When IPv6 addresses have not been downloaded yet (microdesc
consensus documents don't list relay IPv6 addresses), use hard-
coded addresses for authorities, fallbacks, and configured
bridges. Now IPv6-only clients can use microdescriptors. Fixes bug
20996; bugfix on b167e82 from 19608 in 0.2.8.5-alpha.
o Minor bugfixes (memory leak at exit):
- Fix a small harmless memory leak at exit of the previously unused
RSA->Ed identity cross-certificate. Fixes bug 17779; bugfix
on 0.2.7.2-alpha.
o Minor bugfixes (onion services):
- Allow the number of introduction points to be as low as 0, rather
than as low as 3. Fixes bug 21033; bugfix on 0.2.7.2-alpha.
o Minor bugfixes (portability):
- Use "OpenBSD" compiler macro instead of "OPENBSD" or "__OpenBSD__".
It is supported by OpenBSD itself, and also by most OpenBSD
variants (such as Bitrig). Fixes bug 20980; bugfix
on 0.1.2.1-alpha.
o Minor bugfixes (portability, also in 0.2.9.9):
- Avoid crashing when Tor is built using headers that contain
CLOCK_MONOTONIC_COARSE, but then tries to run on an older kernel
without CLOCK_MONOTONIC_COARSE. Fixes bug 21035; bugfix
on 0.2.9.1-alpha.
- Fix Libevent detection on platforms without Libevent 1 headers
installed. Fixes bug 21051; bugfix on 0.2.9.1-alpha.
o Minor bugfixes (relay):
- Avoid a double-marked-circuit warning that could happen when we
receive DESTROY cells under heavy load. Fixes bug 20059; bugfix
on 0.1.0.1-rc.
- Honor DataDirectoryGroupReadable when tor is a relay. Previously,
initializing the keys would reset the DataDirectory to 0700
instead of 0750 even if DataDirectoryGroupReadable was set to 1.
Fixes bug 19953; bugfix on 0.0.2pre16. Patch by "redfish".
o Minor bugfixes (testing):
- Fix Raspbian build issues related to missing socket errno in
test_util.c. Fixes bug 21116; bugfix on 0.2.8.2. Patch by "hein".
- Remove undefined behavior from the backtrace generator by removing
its signal handler. Fixes bug 21026; bugfix on 0.2.5.2-alpha.
- Use bash in src/test/test-network.sh. This ensures we reliably
call chutney's newer tools/test-network.sh when available. Fixes
bug 21562; bugfix on 0.2.9.1-alpha.
o Minor bugfixes (tor-resolve):
- The tor-resolve command line tool now rejects hostnames over 255
characters in length. Previously, it would silently truncate them,
which could lead to bugs. Fixes bug 21280; bugfix on 0.0.9pre5.
Patch by "junglefowl".
o Minor bugfixes (unit tests):
- Allow the unit tests to pass even when DNS lookups of bogus
addresses do not fail as expected. Fixes bug 20862 and 20863;
bugfix on unit tests introduced in 0.2.8.1-alpha
through 0.2.9.4-alpha.
o Minor bugfixes (util):
- When finishing writing a file to disk, if we were about to replace
the file with the temporary file created before and we fail to
replace it, remove the temporary file so it doesn't stay on disk.
Fixes bug 20646; bugfix on 0.2.0.7-alpha. Patch by fk.
o Minor bugfixes (Windows services):
- Be sure to initialize the monotonic time subsystem before using
it, even when running as an NT service. Fixes bug 21356; bugfix
on 0.2.9.1-alpha.
o Minor bugfixes (Windows):
- Check for getpagesize before using it to mmap files. This fixes
compilation in some MinGW environments. Fixes bug 20530; bugfix on
0.1.2.1-alpha. Reported by "ice".
o Code simplification and refactoring:
- Abolish all global guard context in entrynodes.c; replace with new
guard_selection_t structure as preparation for proposal 271.
Closes ticket 19858.
- Extract magic numbers in circuituse.c into defined variables.
- Introduce rend_service_is_ephemeral() that tells if given onion
service is ephemeral. Replace unclear NULL-checkings for service
directory with this function. Closes ticket 20526.
- Refactor circuit_is_available_for_use to remove unnecessary check.
- Refactor circuit_predict_and_launch_new for readability and
testability. Closes ticket 18873.
- Refactor code to manipulate global_origin_circuit_list into
separate functions. Closes ticket 20921.
- Refactor large if statement in purpose_needs_anonymity to use
switch statement instead. Closes part of ticket 20077.
- Refactor the hashing API to return negative values for errors, as
is done as throughout the codebase. Closes ticket 20717.
- Remove data structures that were used to index or_connection
objects by their RSA identity digests. These structures are fully
redundant with the similar structures used in the
channel abstraction.
- Remove duplicate code in the channel_write_*cell() functions.
Closes ticket 13827; patch from Pingl.
- Remove redundant behavior of is_sensitive_dir_purpose, refactor to
use only purpose_needs_anonymity. Closes part of ticket 20077.
- The code to generate and parse EXTEND and EXTEND2 cells has been
replaced with code automatically generated by the
"trunnel" utility.
o Documentation (formatting):
- Clean up formatting of tor.1 man page and HTML doc, where <pre>
blocks were incorrectly appearing. Closes ticket 20885.
o Documentation (man page):
- Clarify many options in tor.1 and add some min/max values for
HiddenService options. Closes ticket 21058.
o Documentation:
- Change '1' to 'weight_scale' in consensus bw weights calculation
comments, as that is reality. Closes ticket 20273. Patch
from pastly.
- Clarify that when ClientRejectInternalAddresses is enabled (which
is the default), multicast DNS hostnames for machines on the local
network (of the form *.local) are also rejected. Closes
ticket 17070.
- Correct the value for AuthDirGuardBWGuarantee in the manpage, from
250 KBytes to 2 MBytes. Fixes bug 20435; bugfix on 0.2.5.6-alpha.
- Include the "TBits" unit in Tor's man page. Fixes part of bug
20622; bugfix on 0.2.5.1-alpha.
- Small fixes to the fuzzing documentation. Closes ticket 21472.
- Stop the man page from incorrectly stating that HiddenServiceDir
must already exist. Fixes 20486.
- Update the description of the directory server options in the
manual page, to clarify that a relay no longer needs to set
DirPort in order to be a directory cache. Closes ticket 21720.
o Removed features:
- The AuthDirMaxServersPerAuthAddr option no longer exists: The same
limit for relays running on a single IP applies to authority IP
addresses as well as to non-authority IP addresses. Closes
ticket 20960.
- The UseDirectoryGuards torrc option no longer exists: all users
that use entry guards will also use directory guards. Related to
proposal 271; implements part of ticket 20831.
o Testing:
- Add tests for networkstatus_compute_bw_weights_v10.
- Add unit tests circuit_predict_and_launch_new.
- Extract dummy_origin_circuit_new so it can be used by other
test functions.
- New unit tests for tor_htonll(). Closes ticket 19563. Patch
from "overcaffeinated".
- Perform the coding style checks when running the tests and fail
when coding style violations are found. Closes ticket 5500.
1.5.6:
* [Feature] Add unigramms support in bayes
* [Feature] Allow configurable sign headers for DKIM
* [Feature] Allow to add unigramm metatokens from Lua
* [Feature] DKIM Signing: envelope match exception for local IPs
* [Feature] UCL: register parser variables from Lua
* [Fix] Always try to adjust filename
* [Fix] Do extra copy to ensure that original content is never touched
* [Fix] Fix SPOOF_REPLYTO rule
* [Fix] Ignore Rmilter added Received
* [Fix] More fixes for hashed email dnsbls
* [Fix] Plug memory leak in chartable module
* [WebUI] Display multiple alerts at once
2017-04-05 version 3.3.0 (C++/Java/Python/PHP/Objective-C/C#/Ruby/JavaScript)
Planned Future Changes
* There are some changes that are not included in this release but are
planned for the near future:
- Preserve unknown fields in proto3: please read this doc:
https://docs.google.com/document/d/1KMRX-G91Aa-Y2FkEaHeeviLRRNblgIahbsk4wA14gRk/view
for the timeline and follow up this github issue:
https://github.com/google/protobuf/issues/272
for discussion.
- Make C++ implementation C++11 only: we plan to require C++11 to build
protobuf code starting from 3.4.0 or 3.5.0 release. Please join this
github issue:
https://github.com/google/protobuf/issues/2780
to provide your feedback.
C++
* Fixed map fields serialization of DynamicMessage to correctly serialize
both key and value regardless of their presence.
* Parser now rejects field number 0 correctly.
* New API Message::SpaceUsedLong() that’s equivalent to
Message::SpaceUsed() but returns the value in size_t.
* JSON support
- New flag always_print_enums_as_ints in JsonPrintOptions.
- New flag preserve_proto_field_names in JsonPrintOptions. It will instruct
the JSON printer to use the original field name declared in the .proto
file instead of converting them to lowerCamelCase when printing JSON.
- JsonPrintOptions.always_print_primtive_fields now works for oneof message
fields.
- Fixed a bug that doesn’t allow different fields to set the same json_name
value.
- Fixed a performance bug that causes excessive memory copy when printing
large messages.
* Various performance optimizations.
Java
* Map field setters eagerly validate inputs and throw NullPointerExceptions
as appropriate.
* Added ByteBuffer overloads to the generated parsing methods and the Parser
interface.
* proto3 enum's getNumber() method now throws on UNRECOGNIZED values.
* Output of JsonFormat is now locale independent.
Python
* Added FindServiceByName() in the pure-Python DescriptorPool. This works only
for descriptors added with DescriptorPool.Add(). Generated descriptor_pool
does not support this yet.
* Added a descriptor_pool parameter for parsing Any in text_format.Parse().
* descriptor_pool.FindFileContainingSymbol() now is able to find nested
extensions.
* Extending empty [] to repeated field now sets parent message presence.
PHP
* Added file option php_class_prefix. The prefix will be prepended to all
generated classes defined in the file.
* When encoding, negative int32 values are sign-extended to int64.
* Repeated/Map field setter accepts a regular PHP array. Type checking is
done on the array elements.
* encode/decode are renamed to serializeToString/mergeFromString.
* Added mergeFrom, clear method on Message.
* Fixed a bug that oneof accessor didn’t return the field name that is
actually set.
* C extension now works with php7.
* This is the first GA release of PHP. We guarantee that old generated code
can always work with new runtime and new generated code.
Objective-C
* Fixed help for GPBTimestamp for dates before the epoch that contain
fractional seconds.
* Added GPBMessageDropUnknownFieldsRecursively() to remove unknowns from a
message and any sub messages.
* Addressed a threading race in extension registration/lookup.
* Increased the max message parsing depth to 100 to match the other languages.
* Removed some use of dispatch_once in favor of atomic compare/set since it
needs to be heap based.
* Fixes for new Xcode 8.3 warnings.
C#
* Fixed MapField.Values.CopyTo, which would throw an exception unnecessarily
if provided exactly the right size of array to copy to.
* Fixed enum JSON formatting when multiple names mapped to the same numeric
value.
* Added JSON formatting option to format enums as integers.
* Modified RepeatedField<T> to implement IReadOnlyList<T>.
* Introduced the start of custom option handling; it's not as pleasant as it
might be, but the information is at least present. We expect to extend code
generation to improve this in the future.
* Introduced ByteString.FromStream and ByteString.FromStreamAsync to
efficiently create a ByteString from a stream.
* Added whole-message deprecation, which decorates the class with [Obsolete].
Ruby
* Fixed Message#to_h for messages with map fields.
* Fixed memcpy() in binary gems to work for old glibc, without breaking the
build for non-glibc libc’s like musl.
Javascript
* Added compatibility tests for version 3.0.0.
* Added conformance tests.
* Fixed serialization of extensions: we need to emit a value even if it is
falsy (like the number 0).
* Use closurebuilder.py in favor of calcdeps.py for compiling JavaScript.
1.27 2017-04-29
- When more than one required parameters are missing, the list of missing
parameters in the error message is sorted by name. Patch by E. Choroba. GH
#14.
libopenmpt 0.2-beta23 (2017-04-23)
[Change] The libmpg123 binary download script on Windows now downloads libmpg123 1.24.0.
[Change] MSVC builds of libopenmpt will now only load known DMO plugins.
[Bug] foo_openmpt: Interpolation filter and volume ramping settings were confused in previous versions. This version resets both to the defaults.
Overview of changes leading to 1.4.6
Sunday, April 23, 2017
====================================
- Graphite2: Fix RTL positioning issue.
- Backlist GDEF of more versions of Padauk and Tahoma.
- New, experimental, cmake alternative build system.
2017-04-28 Richard Russon <rich@flatcap.org>
* Bug Fixes
- Fix and simplify handling of GPGME in configure.ac (@gahr)
* Docs
- Fix typo in README.neomutt (@l2dy)
* Upstream
- Fix km_error_key() infinite loop and unget buffer pollution
- Fix error message when opening a mailbox with no read permission
This xkbcomp release mostly contains a couple of bugfixes and parser
improvements. Notably, ignoring keycodes that X11 can never support
means that we can start using those keycodes, which xkbcommon
supports.
Benno Schulenberg (1):
When overriding a key, adjust also its number of levels (#57242).
Daniel Stone (2):
keycodes: Ignore high keycodes
xkbcomp 1.4.0
Emil Velikov (1):
autogen.sh: use quoted string variables
Mihail Konev (1):
autogen: add default patch prefix
Peter Hutterer (1):
autogen.sh: use exec instead of waiting for configure to finish
Ran Benita (1):
When a file contains several maps, look for a default map
It doesn't build even on netbsd+gcc5.4 (it did in the previous version)
Also helps SmartOS because we're currently not matching SmartOS with this
logic block, although matching GCC versions would do the trick.
Drop comment which isn't specific to fiber
pkgsrc changes:
- Explicitly pass --disable-braille: needs liblouis that at the moment is not
in pkgsrc. Despite that leave existents REPLACE_BASH to avoid any further work
if we will enable it in the future. Please notice that bash:run is
still needed despite that.
Changes:
1.13.5
------
- foomatic-rip: When called via the utility cupsfilter from
CUPS, foomatic-rip was not able to read the PPD file with
the file name supplied as environment variable PPD (Bug
#1388).
- driverless: Improved error message output.
- libcupsfilters: Fixed error handling of the PPD file
generator for driverless printing, so that callers get
decent error messages.
- libcupsfilters: Do not generate a PPD file where the only
output data format is JPEG, as JPEG does not support
multi-page documents.
- libcupsfilters: Let PPD generator skip broken page size
records and add warnings for debugging to the PPD.
- libcupsfilters: Updated PPD generator to match with the
current GIT state of the one of CUPS.
- braille: Automatically select a table according to the
current locale.
- braille: Update for liblouis table list.
- braille: Added support for text margins.
- cups-browsed: When creating a local queue for a remote CUPS
printer, add the line '*APRemoteQueueID: ""' to the PPD file
so that CUPS sets the CUPS_PRINTER_REMOTE bit for the
printer type of the local queue (Bug #1386).
Changes:
version 2017.05.01
Core
+ [extractor/common] Extract view count from JSON-LD
* [utils] Improve unified_timestamp
+ [utils] Add video/mp2t to mimetype2ext
* [downloader/external] Properly handle live stream downloading cancellation
(#8932)
+ [utils] Add support for unicode whitespace in clean_html on python 2 (#12906)
Extractors
* [infoq] Make audio format extraction non fatal (#12938)
* [brightcove] Allow whitespace around attribute names in embedded code
+ [zaq1] Add support for zaq1.pl (#12693)
+ [xvideos] Extract duration (#12828)
* [vevo] Fix extraction (#12879)
+ [noovo] Add support for noovo.ca (#12792)
+ [washingtonpost] Add support for embeds (#12699)
* [yandexmusic:playlist] Fix extraction for python 3 (#12888)
* [anvato] Improve extraction (#12913)
* Promote to regular shortcut based extractor
* Add mcp to access key mapping table
* Add support for embeds extraction
* Add support for anvato embeds in generic extractor
* [xtube] Fix extraction for older FLV videos (#12734)
* [tvplayer] Fix extraction (#12908)
version 2017.04.28
Core
+ [adobepass] Use geo verification headers for all requests
- [downloader/fragment] Remove assert for resume_len when no fragments
downloaded
+ [extractor/common] Add manifest_url for explicit group rendition formats
* [extractor/common] Fix manifest_url for m3u8 formats
- [extractor/common] Don't list master m3u8 playlists in format list (#12832)
Extractor
* [aenetworks] Fix extraction for shows with single season
+ [go] Add support for Disney, DisneyJunior and DisneyXD show pages
* [youtube] Recognize new locale-based player URLs (#12885)
+ [streamable] Add support for new embedded URL schema (#12844)
* [arte:+7] Relax URL regular expression (#12837)
Changelog:
Fixed
* Background images not working and other issues related to embedded images when composing email
* Google Oauth setup can sometimes not progress to the next step
changes in sbcl-1.3.17 relative to sbcl-1.3.16:
* enhancement: memory overhead from the garbage collector's metadata
is reduced on 64-bit architectures; no change for 32-bit.
* enhancement: further garbage collector speedups affecting
pinned objects on conservative backends, and simple-vectors.
* enhancement: on Linux a custom handler for SIGSEGV can be called
for page faults outside of dynamic space by changing the C symbol
"sbcl_fallback_sigsegv_handler".
* bug fix: sb-cover does not lose source positions for AND/OR/COND.
* bug fix: random disassembler failures. (lp#1527931)
* The bundled sb-md5 contrib has been updated to release 2.0.4
which is licensed under Creative Commons CC0 per author's statement
fd134e71b7
(Refer to NEWS and COPYING in the contrib/sb-md5 subdirectory)
