Changes in version 0.2.4.19 - 2013-12-11
The Tor 0.2.4 release series is dedicated to the memory of Aaron Swartz
(1986-2013). Aaron worked on diverse projects including helping to guide
Creative Commons, playing a key role in stopping SOPA/PIPA, bringing
transparency to the U.S government's PACER documents, and contributing
design and development for Tor and Tor2Web. Aaron was one of the latest
martyrs in our collective fight for civil liberties and human rights,
and his death is all the more painful because he was one of us.

Tor 0.2.4.19, the first stable release in the 0.2.4 branch, features
a new circuit handshake and link encryption that use ECC to provide
better security and efficiency; makes relays better manage circuit
creation requests; uses "directory guards" to reduce client enumeration
risks; makes bridges collect and report statistics about the pluggable
transports they support; cleans up and improves our geoip database;
gets much closer to IPv6 support for clients, bridges, and relays; makes
directory authorities use measured bandwidths rather than advertised
ones when computing flags and thresholds; disables client-side DNS
caching to reduce tracking risks; and fixes a big bug in bridge
reachability testing. This release introduces two new design
abstractions in the code: a new "channel" abstraction between circuits
and or_connections to allow for implementing alternate relay-to-relay
transports, and a new "circuitmux" abstraction storing the queue of
circuits for a channel. The release also includes many stability,
security, and privacy fixes.

Changes in version 0.2.4.20 - 2013-12-22
Tor 0.2.4.20 fixes potentially poor random number generation for users
who 1) use OpenSSL 1.0.0 or later, 2) set "HardwareAccel 1" in their
torrc file, 3) have "Sandy Bridge" or "Ivy Bridge" Intel processors,
and 4) have no state file in their DataDirectory (as would happen on
first start). Users who generated relay or hidden service identity
keys in such a situation should discard them and generate new ones.

This release also fixes a logic error that caused Tor clients to build
many more preemptive circuits than they actually need.

o Major bugfixes:
- Do not allow OpenSSL engines to replace the PRNG, even when
HardwareAccel is set. The only default builtin PRNG engine uses
the Intel RDRAND instruction to replace the entire PRNG, and
ignores all attempts to seed it with more entropy. That's
cryptographically stupid: the right response to a new alleged
entropy source is never to discard all previously used entropy
sources. Fixes bug 10402; works around behavior introduced in
OpenSSL 1.0.0. Diagnosis and investigation thanks to "coderman"
and "rl1987".
- Fix assertion failure when AutomapHostsOnResolve yields an IPv6
address. Fixes bug 10465; bugfix on 0.2.4.7-alpha.
- Avoid launching spurious extra circuits when a stream is pending.
This fixes a bug where any circuit that _wasn't_ unusable for new
streams would be treated as if it were, causing extra circuits to
be launched. Fixes bug 10456; bugfix on 0.2.4.12-alpha.

o Minor bugfixes:
- Avoid a crash bug when starting with a corrupted microdescriptor
cache file. Fixes bug 10406; bugfix on 0.2.2.6-alpha.
- If we fail to dump a previously cached microdescriptor to disk, avoid
freeing duplicate data later on. Fixes bug 10423; bugfix on
0.2.4.13-alpha. Spotted by "bobnomnom".

Changes in version 0.2.4.20 - 2013-12-22
Tor 0.2.4.20 fixes potentially poor random number generation for users
who 1) use OpenSSL 1.0.0 or later, 2) set "HardwareAccel 1" in their
torrc file, 3) have "Sandy Bridge" or "Ivy Bridge" Intel processors,
and 4) have no state file in their DataDirectory (as would happen on
first start). Users who generated relay or hidden service identity
keys in such a situation should discard them and generate new ones.

This release also fixes a logic error that caused Tor clients to build
many more preemptive circuits than they actually need.

o Major bugfixes:
- Do not allow OpenSSL engines to replace the PRNG, even when
HardwareAccel is set. The only default builtin PRNG engine uses
the Intel RDRAND instruction to replace the entire PRNG, and
ignores all attempts to seed it with more entropy. That's
cryptographically stupid: the right response to a new alleged
entropy source is never to discard all previously used entropy
sources. Fixes bug 10402; works around behavior introduced in
OpenSSL 1.0.0. Diagnosis and investigation thanks to "coderman"
and "rl1987".
- Fix assertion failure when AutomapHostsOnResolve yields an IPv6
address. Fixes bug 10465; bugfix on 0.2.4.7-alpha.
- Avoid launching spurious extra circuits when a stream is pending.
This fixes a bug where any circuit that _wasn't_ unusable for new
streams would be treated as if it were, causing extra circuits to
be launched. Fixes bug 10456; bugfix on 0.2.4.12-alpha.

o Minor bugfixes:
- Avoid a crash bug when starting with a corrupted microdescriptor
cache file. Fixes bug 10406; bugfix on 0.2.2.6-alpha.
- If we fail to dump a previously cached microdescriptor to disk, avoid
freeing duplicate data later on. Fixes bug 10423; bugfix on
0.2.4.13-alpha. Spotted by "bobnomnom".

ALL PLATFORMS:
Bug 10447: Remove SocksListenAddress to allow multiple socks ports.
Bug 10464: Remove addons.mozilla.org from NoScript whitelist
Update Tor to 0.2.4.20
Update OpenSSL to 1.0.1f
Update NoScript to 2.6.8.12
Update HTTPS-Everywhere to 3.4.5
Update Torbutton to 1.6.5.5:
Bug 9486: Clear NoScript Temporary Permissions on New Identity
Bug 10403: Include Arabic translations
Update Tor Launcher to 0.2.4.3:
Bug 10403: Include Arabic translations
WINDOWS:
Bug 9259: Enable Accessibility (screen reader) support
MAC:
misc: Update bundle version field in Info.plist (for MacUpdates service)

Changes in version 0.2.4.21 - 2014-02-28
Tor 0.2.4.21 further improves security against potential adversaries who
find breaking 1024-bit crypto doable, and backports several stability
and robustness patches from the 0.2.5 branch.

o Major features (client security):
- When we choose a path for a 3-hop circuit, make sure it contains
at least one relay that supports the NTor circuit extension
handshake. Otherwise, there is a chance that we're building
a circuit that's worth attacking by an adversary who finds
breaking 1024-bit crypto doable, and that chance changes the game
theory. Implements ticket 9777.

o Major bugfixes:
- Do not treat streams that fail with reason
END_STREAM_REASON_INTERNAL as indicating a definite circuit failure,
since it could also indicate an ENETUNREACH connection error. Fixes
part of bug 10777; bugfix on 0.2.4.8-alpha.

o Code simplification and refactoring:
- Remove data structures which were introduced to implement the
CellStatistics option: they are now redundant with the new timestamp
field in the regular packed_cell_t data structure, which we did
in 0.2.4.18-rc in order to resolve bug 9093. Resolves ticket 10870.

o Minor features:
- Always clear OpenSSL bignums before freeing them -- even bignums
that don't contain secrets. Resolves ticket 10793. Patch by
Florent Daigniere.
- Build without warnings under clang 3.4. (We have some macros that
define static functions only some of which will get used later in
the module. Starting with clang 3.4, these give a warning unless the
unused attribute is set on them.) Resolves ticket 10904.
- Update geoip and geoip6 files to the February 7 2014 Maxmind
GeoLite2 Country database.

o Minor bugfixes:
- Set the listen() backlog limit to the largest actually supported
on the system, not to the value in a header file. Fixes bug 9716;
bugfix on every released Tor.
- Treat ENETUNREACH, EACCES, and EPERM connection failures at an
exit node as a NOROUTE error, not an INTERNAL error, since they
can apparently happen when trying to connect to the wrong sort
of netblocks. Fixes part of bug 10777; bugfix on 0.1.0.1-rc.
- Fix build warnings about missing "a2x" comment when building the
manpages from scratch on OpenBSD; OpenBSD calls it "a2x.py".
Fixes bug 10929; bugfix on 0.2.2.9-alpha. Patch from Dana Koch.
- Avoid a segfault on SIGUSR1, where we had freed a connection but did
not entirely remove it from the connection lists. Fixes bug 9602;
bugfix on 0.2.4.4-alpha.
- Fix a segmentation fault in our benchmark code when running with
Fedora's OpenSSL package, or any other OpenSSL that provides
ECDH but not P224. Fixes bug 10835; bugfix on 0.2.4.8-alpha.
- Turn "circuit handshake stats since last time" log messages into a
heartbeat message. Fixes bug 10485; bugfix on 0.2.4.17-rc.

o Documentation fixes:
- Document that all but one DirPort entry must have the NoAdvertise
flag set. Fixes bug 10470; bugfix on 0.2.3.3-alpha / 0.2.3.16-alpha.

Tor Browser Bundle 3.6-beta-1 -- Mar 17 2014
* All Platforms
* Update Firefox to 24.4.0esr
* Include Pluggable Transports by default:
* Obfsproxy3 0.2.4, Flashproxy 1.6, and FTE 0.2.6 are now included
* Update Tor Launcher to 0.2.5.1
* Bug 10418: Provide UI configuration for Pluggable Transports
* Bug 10604: Allow Tor status & error messages to be translated
* Bug 10894: Make bridge UI clear that helpdesk is a last resort for
bridges
* Bug 10610: Clarify wizard UI text describing obstacles/blocking
* Bug 11074: Support Tails use case (XULRunner and optional
customizations)
* Update Torbutton to 1.6.7.0:
* Bug 9901: Fix browser freeze due to content type sniffing
* Bug 10611: Add Swedish (sv) to extra locales to update
* Update NoScript to 2.6.8.17
* Update Tor to 0.2.4.21
* Backport Pending Tor Patches:
* Bug 5018: Don't launch Pluggable Transport helpers if not in use
* Bug 9229: Eliminate 60 second stall during bootstrap with some PTs
* Bug 11069: Detect and report Pluggable Transport bootstrap failures
* Bug 11156: Prevent spurious warning about missing pluggable transports
* Bug 10237: Disable the media cache to prevent disk leaks for videos
* Bug 10703: Force the default charset to avoid locale fingerprinting
* Bug 10104: Update gitian to fix LXC build issues (for non-KVM/VT builders)
* Mac:
* Bug 4271: Use DMG instead of ZIP for Mac packages
* Linux:
* Bug 9533: Fix keyboard input on Ubuntu 13.10
* Bug 9896: Provide debug symbols for Tor Browser binary
* Bug 10472: Pass arguments to the browser from Linux startup script

Tor Browser Bundle 3.5.3 -- Mar 19 2014
* All Platforms
* Update Firefox to 24.4.0esr
* Update Torbutton to 1.6.7.0:
* Bug 9901: Fix browser freeze due to content type sniffing
* Bug 10611: Add Swedish (sv) to extra locales to update
* Update NoScript to 2.6.8.17
* Update Tor to 0.2.4.21
* Bug 10237: Disable the media cache to prevent disk leaks for videos
* Bug 10703: Force the default charset to avoid locale fingerprinting
* Bug 10104: Update gitian to fix LXC build issues (for non-KVM/VT builders)
* Linux:
* Bug 9533: Fix keyboard input on Ubuntu 13.10
* Bug 9896: Provide debug symbols for Tor Browser binary
* Bug 10472: Pass arguments to the browser from Linux startup script

Changes in version 0.2.4.21 - 2014-02-28
Tor 0.2.4.21 further improves security against potential adversaries who
find breaking 1024-bit crypto doable, and backports several stability
and robustness patches from the 0.2.5 branch.

o Major features (client security):
- When we choose a path for a 3-hop circuit, make sure it contains
at least one relay that supports the NTor circuit extension
handshake. Otherwise, there is a chance that we're building
a circuit that's worth attacking by an adversary who finds
breaking 1024-bit crypto doable, and that chance changes the game
theory. Implements ticket 9777.

o Major bugfixes:
- Do not treat streams that fail with reason
END_STREAM_REASON_INTERNAL as indicating a definite circuit failure,
since it could also indicate an ENETUNREACH connection error. Fixes
part of bug 10777; bugfix on 0.2.4.8-alpha.

o Code simplification and refactoring:
- Remove data structures which were introduced to implement the
CellStatistics option: they are now redundant with the new timestamp
field in the regular packed_cell_t data structure, which we did
in 0.2.4.18-rc in order to resolve bug 9093. Resolves ticket 10870.

o Minor features:
- Always clear OpenSSL bignums before freeing them -- even bignums
that don't contain secrets. Resolves ticket 10793. Patch by
Florent Daigniere.
- Build without warnings under clang 3.4. (We have some macros that
define static functions only some of which will get used later in
the module. Starting with clang 3.4, these give a warning unless the
unused attribute is set on them.) Resolves ticket 10904.
- Update geoip and geoip6 files to the February 7 2014 Maxmind
GeoLite2 Country database.

o Minor bugfixes:
- Set the listen() backlog limit to the largest actually supported
on the system, not to the value in a header file. Fixes bug 9716;
bugfix on every released Tor.
- Treat ENETUNREACH, EACCES, and EPERM connection failures at an
exit node as a NOROUTE error, not an INTERNAL error, since they
can apparently happen when trying to connect to the wrong sort
of netblocks. Fixes part of bug 10777; bugfix on 0.1.0.1-rc.
- Fix build warnings about missing "a2x" comment when building the
manpages from scratch on OpenBSD; OpenBSD calls it "a2x.py".
Fixes bug 10929; bugfix on 0.2.2.9-alpha. Patch from Dana Koch.
- Avoid a segfault on SIGUSR1, where we had freed a connection but did
not entirely remove it from the connection lists. Fixes bug 9602;
bugfix on 0.2.4.4-alpha.
- Fix a segmentation fault in our benchmark code when running with
Fedora's OpenSSL package, or any other OpenSSL that provides
ECDH but not P224. Fixes bug 10835; bugfix on 0.2.4.8-alpha.
- Turn "circuit handshake stats since last time" log messages into a
heartbeat message. Fixes bug 10485; bugfix on 0.2.4.17-rc.

o Documentation fixes:
- Document that all but one DirPort entry must have the NoAdvertise
flag set. Fixes bug 10470; bugfix on 0.2.3.3-alpha / 0.2.3.16-alpha.

Tor Browser Bundle 3.5.4 -- Apr 7 2014
* All Platforms
* Update OpenSSL to 1.0.1g

Tor Browser Bundle 3.6-beta-2 -- Apr 8 2014
* All Platforms
* Update OpenSSL to 1.0.1g
* Bug 9010: Add Turkish language support.
* Bug 9387 testing: Disable JS JIT, type inference, asmjs, and ion.
* Update fte transport to 0.2.12
* Update NoScript to 2.6.8.19
* Update Torbutton to 1.6.8.1
* Bug 11242: Fix improper "update needed" message after in-place upgrade.
* Bug 10398: Ease translation of about:tor page elements
* Update Tor Launcher to 0.2.5.3
* Bug 9665: Localize Tor's unreachable bridges bootstrap error
* Backport Pending Tor Patches:
* Bug 9665: Report a bootstrap error if all bridges are unreachable
* Bug 11200: Prevent spurious error message prior to enabling network.
* Linux:
* Bug 11190: Switch linux PT build process to python2
* Bug 10383: Enable NIST P224 and P256 accel support for 64bit builds.
* Windows:
* Bug 11286: Fix fte transport launch error

Tor Browser Bundle 3.6 -- Apr 29 2014
* All Platforms
* Update Firefox to 24.5.0esr
* Update Tor Launcher to 0.2.5.4
* Bug #11482: Hide bridge settings prompt if no default bridges.
* Bug #11484: Show help button even if no default bridges.
* Update Torbutton to 1.6.9.0
* Bug 7439: Improve download warning dialog text.
* Bug 11384: Completely remove hidden toggle menu item.
* Update NoScript to 2.6.8.20
* Update fte transport to 0.2.13
* Backport Pending Tor Patches:
* Bug 11156: Additional obfsproxy startup error message fixes
* Bug 11586: Include license files for component software in Docs directory.
* Windows and Mac:
* Bug 9308: Prevent install path from leaking in some JS exceptions
on Mac and Windows builds

Tor Browser Bundle 3.6.1 -- May 6 2014
* All Platforms
* Update HTTPS-Everywhere to 3.5.1
+ * Update NoScript to 2.6.8.22
* Bug 11658: Fix proxy configuration for non-Pluggable Transports users
* Backport Pending Tor Patches:
* Bug 8402: Allow Tor proxy configuration while PTs are present
https://gitweb.torproject.org/builders/tor-...s/ChangeLog.txt