Bug Discovered By Clang Address Sanitizer
Minor bugfixes (compilation): – Fix a compilation warning within the unit assessments on programs the place char is signed. The vast majority of the channel unit exams have been rewritten and the code coverage has now been raised to 83.6% for channel.c. And even should you just have to attend in a damaged car! Major bugfixes (safety, relay): – When running as a relay, ensure that we never construct a path through ourselves, even in the case where we have by some means lost the model of our descriptor showing within the consensus. Major bugfixes (security, onion service v2): – Fix a use-after-free error that might crash v2 Tor onion companies when they failed to open circuits whereas expiring introduction factors. Fixes bug 24480; bugfix on 0.2.5.16. o Minor bugfixes (correctness): – Fix a number of places in our codebase the place a C compiler could be prone to eradicate a test, based on assuming that undefined conduct had not occurred elsewhere within the code. Closes ticket 21151. – Document the default habits of NumEntryGuards and NumDirectoryGuards accurately. Implements ticket 24681. o Minor features (geoip): – Update geoip and geoip6 to the January 5 2018 Maxmind GeoLite2 Country database. Just a day after the discharge of Ubuntu 20.04.5 LTS, which ships with Linux kernel 5.15 LTS from Ubuntu 22.04 LTS by default, a brand new kernel update is now available to address a number of safety points, together with CVE-2022-1729, a race condition discovered by Norbert Slusarek within the perf subsystem that might permit a privileged local attacker to cause a denial of service (system crash) or possibly execute arbitrary code.
Closes ticket 24394. o Minor bugfixes (consumer): – By default, don’t allow storage of shopper-facet DNS values. Closes ticket 23709. – Remove different lifeless code from the channel subsystem: All collectively, this cleanup has eliminated greater than 1500 traces of code general and including very little except for unit take a look at. Code simplification and refactoring (circuit rendezvous): – Split the shopper-side rendezvous circuit lookup into two capabilities: one which returns only established circuits and one other that returns all sorts of circuits. Fixes bug 22895; bugfix on 0.2.7.2-alpha. o Minor bugfixes (logging, relay shutdown, annoyance, backport from 0.3.2.2-alpha): – When a circuit is marked for shut, do not try and package deal any cells for channels on that circuit. Fixes bug 24425; bugfix on 0.3.2.1-alpha. o Minor bugfixes (memory usage): – When queuing DESTROY cells on a channel, only queue the circuit-id and cause fields: not all the 514-byte cell. Fixes bug 18859; bugfix on 0.2.3.3-alpha. o Minor options (logging): – Provide higher warnings when the getrandom() syscall fails. Minor features (safety, memory erasure, backport from 0.2.8.1-alpha): – Make memwipe() do nothing when passed a NULL pointer or buffer of zero measurement.
Fixes bug 23693; bugfix on 0.2.6.3-alpha. o Minor bugfixes (testing, backport from 0.3.1.6-rc): – Fix an undersized buffer in take a look at-memwipe.c. Because the OOM handler cleans up circuit queues, we are better off at holding them in that queue as an alternative of the connection’s buffer. This alteration should make Tor purchasers more responsive by enhancing their chances of getting a pre-created circuit ready for use when a request arrives. If you’re buying and also you see something you like at a superb value, purchase tons of it, chances are high you will not be seeing it once more on your next go to (turn-arounds are fast in some stores, and won’t re-stock the identical items again). Related to bug 16248. o Minor features (DoS-resistance, backport from 0.2.7.1-alpha): – Make it tougher for can dogs eat weed attackers to overload hidden services with introductions, by blocking multiple introduction requests on the same circuit. Major bugfixes (circuit prediction): – Fix circuit prediction logic in order that a client doesn’t deal with a port as being “dealt with” by a circuit if that circuit already has isolation settings on it. Fixes a part of bug 19969; bugfix on 0.2.8.1-alpha. o Major bugfixes (shopper performance, backport from 0.2.9.5-alpha): – Clients now reply to new software stream requests immediately when they arrive, rather than ready up to at least one second before starting to handle them.
Fixes bug 24671; bugfix on 0.3.2.1-alpha. Changes in version 0.3.2.7-rc – 2017-12-14 Tor 0.3.2.7-rc fixes varied bugs in earlier variations of Tor, including some that would affect reliability or correctness. Changes in model 0.2.8.17 – 2017-12-01 Tor 0.2.8.17 backports necessary security and stability bugfixes from later Tor releases. Changes in version 0.2.9.14 – 2017-12-01 Tor 0.3.0.13 backports important safety and stability bugfixes from later Tor releases. Fixes bug 23696; bugfix on 0.3.2.1-alpha. Changes in model 0.3.2.6-alpha – 2017-12-01 This version of Tor is the most recent within the 0.3.2 alpha collection. Implements ticket 24489. Changes in version 0.3.2.9 – 2018-01-09 Tor 0.3.2.9 is the primary stable launch within the 0.3.2 sequence. That is the first launch candidate in the 0.3.2 collection. Note: the Tor 0.2.8 collection will no longer be supported after 1 Jan 2018. In case you need a release with lengthy-time period support, please stick with the 0.2.9 sequence. Instead, allow the consensus cache directory to develop larger, to hold recordsdata which may want to remain round longer.
