diff options
134 files changed, 2242 insertions, 570 deletions
@@ -1,3 +1,1045 @@ +Changes in version 0.3.4.11 - 2019-02-21 + Tor 0.3.4.11 is the third stable release in its series. It includes + a fix for a medium-severity security bug affecting Tor 0.3.2.1-alpha and + later. All Tor instances running an affected release should upgrade to + 0.3.3.12, 0.3.4.11, 0.3.5.8, or 0.4.0.2-alpha. + + o Major bugfixes (cell scheduler, KIST, security): + - Make KIST consider the outbuf length when computing what it can + put in the outbuf. Previously, KIST acted as though the outbuf + were empty, which could lead to the outbuf becoming too full. It + is possible that an attacker could exploit this bug to cause a Tor + client or relay to run out of memory and crash. Fixes bug 29168; + bugfix on 0.3.2.1-alpha. This issue is also being tracked as + TROVE-2019-001 and CVE-2019-8955. + + o Minor features (geoip): + - Update geoip and geoip6 to the February 5 2019 Maxmind GeoLite2 + Country database. Closes ticket 29478. + + o Minor bugfixes (build, compatibility, rust, backport from 0.4.0.2-alpha): + - Update Cargo.lock file to match the version made by the latest + version of Rust, so that "make distcheck" will pass again. Fixes + bug 29244; bugfix on 0.3.3.4-alpha. + + o Minor bugfixes (onion services, backport from 0.4.0.2-alpha): + - Stop logging "Tried to establish rendezvous on non-OR circuit..." + as a warning. Instead, log it as a protocol warning, because there + is nothing that relay operators can do to fix it. Fixes bug 29029; + bugfix on 0.2.5.7-rc. + + +Changes in version 0.3.4.10 - 2019-01-07 + Tor 0.3.4.10 is the second stable release in its series; it backports + numerous fixes, including an important fix for relays, and for anyone + using OpenSSL 1.1.1. Anyone running an earlier version of Tor 0.3.4 + should upgrade. + + As a reminder, the Tor 0.3.4 series will be supported until 10 June + 2019. Some time between now and then, users should switch to the Tor + 0.3.5 series, which will receive long-term support until at least 1 + Feb 2022. + + o Major bugfixes (OpenSSL, portability, backport from 0.3.5.5-alpha): + - Fix our usage of named groups when running as a TLS 1.3 client in + OpenSSL 1.1.1. Previously, we only initialized EC groups when + running as a relay, which caused clients to fail to negotiate TLS + 1.3 with relays. Fixes bug 28245; bugfix on 0.2.9.15 (when TLS 1.3 + support was added). + + o Major bugfixes (relay, directory, backport from 0.3.5.7): + - Always reactivate linked connections in the main loop so long as + any linked connection has been active. Previously, connections + serving directory information wouldn't get reactivated after the + first chunk of data was sent (usually 32KB), which would prevent + clients from bootstrapping. Fixes bug 28912; bugfix on + 0.3.4.1-alpha. Patch by "cypherpunks3". + + o Minor features (continuous integration, Windows, backport from 0.3.5.6-rc): + - Always show the configure and test logs, and upload them as build + artifacts, when building for Windows using Appveyor CI. + Implements 28459. + + o Minor features (controller, backport from 0.3.5.1-alpha): + - For purposes of CIRC_BW-based dropped cell detection, track half- + closed stream ids, and allow their ENDs, SENDMEs, DATA and path + bias check cells to arrive without counting it as dropped until + either the END arrives, or the windows are empty. Closes + ticket 25573. + + o Minor features (fallback directory list, backport from 0.3.5.6-rc): + - Replace the 150 fallbacks originally introduced in Tor + 0.3.3.1-alpha in January 2018 (of which ~115 were still + functional), with a list of 157 fallbacks (92 new, 65 existing, 85 + removed) generated in December 2018. Closes ticket 24803. + + o Minor features (geoip): + - Update geoip and geoip6 to the November 6 2018 Maxmind GeoLite2 + Country database. Closes ticket 28395. + + o Minor features (OpenSSL bug workaround, backport from 0.3.5.7): + - Work around a bug in OpenSSL 1.1.1a, which prevented the TLS 1.3 + key export function from handling long labels. When this bug is + detected, Tor will disable TLS 1.3. We recommend upgrading to a + version of OpenSSL without this bug when it becomes available. + Closes ticket 28973. + + o Minor bugfixes (compilation, backport from 0.3.5.5-alpha): + - Initialize a variable unconditionally in aes_new_cipher(), since + some compilers cannot tell that we always initialize it before + use. Fixes bug 28413; bugfix on 0.2.9.3-alpha. + + o Minor bugfixes (connection, relay, backport from 0.3.5.5-alpha): + - Avoid a logging a BUG() stacktrace when closing connection held + open because the write side is rate limited but not the read side. + Now, the connection read side is simply shut down until Tor is + able to flush the connection and close it. Fixes bug 27750; bugfix + on 0.3.4.1-alpha. + + o Minor bugfixes (continuous integration, Windows, backport from 0.3.5.5-alpha): + - Manually configure the zstd compiler options, when building using + mingw on Appveyor Windows CI. The MSYS2 mingw zstd package does + not come with a pkg-config file. Fixes bug 28454; bugfix + on 0.3.4.1-alpha. + - Stop using an external OpenSSL install, and stop installing MSYS2 + packages, when building using mingw on Appveyor Windows CI. Fixes + bug 28399; bugfix on 0.3.4.1-alpha. + + o Minor bugfixes (continuous integration, Windows, backport from 0.3.5.6-rc): + - Explicitly specify the path to the OpenSSL library and do not + download OpenSSL from Pacman, but instead use the library that is + already provided by AppVeyor. Fixes bug 28574; bugfix on master. + + o Minor bugfixes (directory permissions, backport form 0.3.5.3-alpha): + - When a user requests a group-readable DataDirectory, give it to + them. Previously, when the DataDirectory and the CacheDirectory + were the same, the default setting (0) for + CacheDirectoryGroupReadable would override the setting for + DataDirectoryGroupReadable. Fixes bug 26913; bugfix + on 0.3.3.1-alpha. + + o Minor bugfixes (memory leaks, backport from 0.3.5.5-alpha): + - Fix a harmless memory leak in libtorrunner.a. Fixes bug 28419; + bugfix on 0.3.3.1-alpha. Patch from Martin Kepplinger. + + o Minor bugfixes (onion service v3, backport from 0.3.5.3-alpha): + - Don't warn so loudly when Tor is unable to decode an onion + descriptor. This can now happen as a normal use case if a client + gets a descriptor with client authorization but the client is not + authorized. Fixes bug 27550; bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (onion service v3, backport from 0.3.5.6-rc): + - When deleting an ephemeral onion service (DEL_ONION), do not close + any rendezvous circuits in order to let the existing client + connections finish by themselves or closed by the application. The + HS v2 is doing that already so now we have the same behavior for + all versions. Fixes bug 28619; bugfix on 0.3.3.1-alpha. + + o Minor bugfixes (relay statistics, backport from 0.3.5.7): + - Update relay descriptor on bandwidth changes only when the uptime + is smaller than 24h, in order to reduce the efficiency of guard + discovery attacks. Fixes bug 24104; bugfix on 0.1.1.6-alpha. + + o Minor bugfixes (unit tests, guard selection, backport from 0.3.5.6-rc): + - Stop leaking memory in an entry guard unit test. Fixes bug 28554; + bugfix on 0.3.0.1-alpha. + + +Changes in version 0.3.4.9 - 2018-11-02 + Tor 0.3.4.9 is the second stable release in its series; it backports + numerous fixes, including a fix for a bandwidth management bug that + was causing memory exhaustion on relays. Anyone running an earlier + version of Tor 0.3.4.9 should upgrade. + + o Major bugfixes (compilation, backport from 0.3.5.3-alpha): + - Fix compilation on ARM (and other less-used CPUs) when compiling + with OpenSSL before 1.1. Fixes bug 27781; bugfix on 0.3.4.1-alpha. + + o Major bugfixes (mainloop, bootstrap, backport from 0.3.5.3-alpha): + - Make sure Tor bootstraps and works properly if only the + ControlPort is set. Prior to this fix, Tor would only bootstrap + when a client port was set (Socks, Trans, NATD, DNS or HTTPTunnel + port). Fixes bug 27849; bugfix on 0.3.4.1-alpha. + + o Major bugfixes (relay, backport from 0.3.5.3-alpha): + - When our write bandwidth limit is exhausted, stop writing on the + connection. Previously, we had a typo in the code that would make + us stop reading instead, leading to relay connections being stuck + indefinitely and consuming kernel RAM. Fixes bug 28089; bugfix + on 0.3.4.1-alpha. + + o Major bugfixes (restart-in-process, backport from 0.3.5.1-alpha): + - Fix a use-after-free error that could be caused by passing Tor an + impossible set of options that would fail during options_act(). + Fixes bug 27708; bugfix on 0.3.3.1-alpha. + + o Minor features (continuous integration, backport from 0.3.5.1-alpha): + - Don't do a distcheck with --disable-module-dirauth in Travis. + Implements ticket 27252. + - Only run one online rust build in Travis, to reduce network + errors. Skip offline rust builds on Travis for Linux gcc, because + they're redundant. Implements ticket 27252. + - Skip gcc on OSX in Travis CI, because it's rarely used. Skip a + duplicate hardening-off build in Travis on Tor 0.2.9. Skip gcc on + Linux with default settings, because all the non-default builds + use gcc on Linux. Implements ticket 27252. + + o Minor features (continuous integration, backport from 0.3.5.3-alpha): + - Use the Travis Homebrew addon to install packages on macOS during + Travis CI. The package list is the same, but the Homebrew addon + does not do a `brew update` by default. Implements ticket 27738. + + o Minor features (geoip): + - Update geoip and geoip6 to the October 9 2018 Maxmind GeoLite2 + Country database. Closes ticket 27991. + + o Minor bugfixes (32-bit OSX and iOS, timing, backport from 0.3.5.2-alpha): + - Fix an integer overflow bug in our optimized 32-bit millisecond- + difference algorithm for 32-bit Apple platforms. Previously, it + would overflow when calculating the difference between two times + more than 47 days apart. Fixes part of bug 27139; bugfix + on 0.3.4.1-alpha. + - Improve the precision of our 32-bit millisecond difference + algorithm for 32-bit Apple platforms. Fixes part of bug 27139; + bugfix on 0.3.4.1-alpha. + - Relax the tolerance on the mainloop/update_time_jumps test when + running on 32-bit Apple platforms. Fixes part of bug 27139; bugfix + on 0.3.4.1-alpha. + + o Minor bugfixes (C correctness, to appear in 0.3.5.4-alpha): + - Avoid undefined behavior in an end-of-string check when parsing + the BEGIN line in a directory object. Fixes bug 28202; bugfix + on 0.2.0.3-alpha. + + o Minor bugfixes (CI, appveyor, to appear in 0.3.5.4-alpha): + - Only install the necessary mingw packages during our appveyor + builds. This change makes the build a little faster, and prevents + a conflict with a preinstalled mingw openssl that appveyor now + ships. Fixes bugs 27943 and 27765; bugfix on 0.3.4.2-alpha. + + o Minor bugfixes (code safety, backport from 0.3.5.3-alpha): + - Rewrite our assertion macros so that they no longer suppress the + compiler's -Wparentheses warnings. Fixes bug 27709; bugfix + + o Minor bugfixes (continuous integration, backport from 0.3.5.1-alpha): + - Stop reinstalling identical packages in our Windows CI. Fixes bug + 27464; bugfix on 0.3.4.1-alpha. + + o Minor bugfixes (directory authority, to appear in 0.3.5.4-alpha): + - Log additional info when we get a relay that shares an ed25519 ID + with a different relay, instead making a BUG() warning. Fixes bug + 27800; bugfix on 0.3.2.1-alpha. + + o Minor bugfixes (directory connection shutdown, backport from 0.3.5.1-alpha): + - Avoid a double-close when shutting down a stalled directory + connection. Fixes bug 26896; bugfix on 0.3.4.1-alpha. + + o Minor bugfixes (HTTP tunnel, backport from 0.3.5.1-alpha): + - Fix a bug warning when closing an HTTP tunnel connection due to an + HTTP request we couldn't handle. Fixes bug 26470; bugfix + on 0.3.2.1-alpha. + + o Minor bugfixes (netflow padding, backport from 0.3.5.1-alpha): + - Ensure circuitmux queues are empty before scheduling or sending + padding. Fixes bug 25505; bugfix on 0.3.1.1-alpha. + + o Minor bugfixes (onion service v3, backport from 0.3.5.1-alpha): + - When the onion service directory can't be created or has the wrong + permissions, do not log a stack trace. Fixes bug 27335; bugfix + on 0.3.2.1-alpha. + + o Minor bugfixes (onion service v3, backport from 0.3.5.2-alpha): + - Close all SOCKS request (for the same .onion) if the newly fetched + descriptor is unusable. Before that, we would close only the first + one leaving the other hanging and let to time out by themselves. + Fixes bug 27410; bugfix on 0.3.2.1-alpha. + + o Minor bugfixes (onion service v3, backport from 0.3.5.3-alpha): + - When selecting a v3 rendezvous point, don't only look at the + protover, but also check whether the curve25519 onion key is + present. This way we avoid picking a relay that supports the v3 + rendezvous but for which we don't have the microdescriptor. Fixes + bug 27797; bugfix on 0.3.2.1-alpha. + + o Minor bugfixes (protover, backport from 0.3.5.3-alpha): + - Reject protocol names containing bytes other than alphanumeric + characters and hyphens ([A-Za-z0-9-]). Fixes bug 27316; bugfix + on 0.2.9.4-alpha. + + o Minor bugfixes (rust, backport from 0.3.5.1-alpha): + - Compute protover votes correctly in the rust version of the + protover code. Previously, the protover rewrite in 24031 allowed + repeated votes from the same voter for the same protocol version + to be counted multiple times in protover_compute_vote(). Fixes bug + 27649; bugfix on 0.3.3.5-rc. + - Reject protover names that contain invalid characters. Fixes bug + 27687; bugfix on 0.3.3.1-alpha. + + o Minor bugfixes (rust, backport from 0.3.5.2-alpha): + - protover_all_supported() would attempt to allocate up to 16GB on + some inputs, leading to a potential memory DoS. Fixes bug 27206; + bugfix on 0.3.3.5-rc. + + o Minor bugfixes (rust, directory authority, to appear in 0.3.5.4-alpha): + - Fix an API mismatch in the rust implementation of + protover_compute_vote(). This bug could have caused crashes on any + directory authorities running Tor with Rust (which we do not yet + recommend). Fixes bug 27741; bugfix on 0.3.3.6. + + o Minor bugfixes (rust, to appear in 0.3.5.4-alpha): + - Fix a potential null dereference in protover_all_supported(). Add + a test for it. Fixes bug 27804; bugfix on 0.3.3.1-alpha. + - Return a string that can be safely freed by C code, not one + created by the rust allocator, in protover_all_supported(). Fixes + bug 27740; bugfix on 0.3.3.1-alpha. + + o Minor bugfixes (testing, backport from 0.3.5.1-alpha): + - If a unit test running in a subprocess exits abnormally or with a + nonzero status code, treat the test as having failed, even if the + test reported success. Without this fix, memory leaks don't cause + the tests to fail, even with LeakSanitizer. Fixes bug 27658; + bugfix on 0.2.2.4-alpha. + + o Minor bugfixes (testing, backport from 0.3.5.3-alpha): + - Make the hs_service tests use the same time source when creating + the introduction point and when testing it. Now tests work better + on very slow systems like ARM or Travis. Fixes bug 27810; bugfix + on 0.3.2.1-alpha. + + o Minor bugfixes (testing, to appear in 0.3.5.4-alpha): + - Treat backtrace test failures as expected on BSD-derived systems + (NetBSD, OpenBSD, and macOS/Darwin) until we solve bug 17808. + (FreeBSD failures have been treated as expected since 18204 in + 0.2.8.) Fixes bug 27948; bugfix on 0.2.5.2-alpha. + + +Changes in version 0.3.4.8 - 2018-09-10 + Tor 0.3.4.8 is the first stable release in its series; it includes + compilation and portability fixes. + + The Tor 0.3.4 series includes improvements for running Tor in + low-power and embedded environments, which should help performance in + general. We've begun work on better modularity, and included preliminary + changes on the directory authority side to accommodate a new bandwidth + measurement system. We've also integrated more continuous-integration + systems into our development process, and made corresponding changes to + Tor's testing infrastructure. Finally, we've continued to refine + our anti-denial-of-service code. + + Below are the changes since 0.3.4.7-rc. For a complete list of changes + since 0.3.3.9, see the ReleaseNotes file. + + o Minor features (compatibility): + - Tell OpenSSL to maintain backward compatibility with previous + RSA1024/DH1024 users in Tor. With OpenSSL 1.1.1-pre6, these + ciphers are disabled by default. Closes ticket 27344. + + o Minor features (continuous integration): + - Log the compiler path and version during Appveyor builds. + Implements ticket 27449. + - Show config.log and test-suite.log after failed Appveyor builds. + Also upload the zipped full logs as a build artifact. Implements + ticket 27430. + + o Minor bugfixes (compilation): + - Silence a spurious compiler warning on the GetAdaptersAddresses + function pointer cast. This issue is already fixed by 26481 in + 0.3.5 and later, by removing the lookup and cast. Fixes bug 27465; + bugfix on 0.2.3.11-alpha. + - Stop calling SetProcessDEPPolicy() on 64-bit Windows. It is not + supported, and always fails. Some compilers warn about the + function pointer cast on 64-bit Windows. Fixes bug 27461; bugfix + on 0.2.2.23-alpha. + + o Minor bugfixes (continuous integration): + - Disable gcc hardening in Appveyor Windows 64-bit builds. As of + August 29 2018, Appveyor images come with gcc 8.2.0 by default. + Executables compiled for 64-bit Windows with this version of gcc + crash when Tor's --enable-gcc-hardening flag is set. Fixes bug + 27460; bugfix on 0.3.4.1-alpha. + - When a Travis build fails, and showing a log fails, keep trying to + show the other logs. Fixes bug 27453; bugfix on 0.3.4.7-rc. + - When we use echo in Travis, don't pass a --flag as the first + argument. Fixes bug 27418; bugfix on 0.3.4.7-rc. + + o Minor bugfixes (onion services): + - Silence a spurious compiler warning in + rend_client_send_introduction(). Fixes bug 27463; bugfix + on 0.1.1.2-alpha. + + o Minor bugfixes (testing, chutney): + - When running make test-network-all, use the mixed+hs-v2 network. + (A previous fix to chutney removed v3 onion services from the + mixed+hs-v23 network, so seeing "mixed+hs-v23" in tests is + confusing.) Fixes bug 27345; bugfix on 0.3.2.1-alpha. + - Before running make test-network-all, delete old logs and test + result files, to avoid spurious failures. Fixes bug 27295; bugfix + on 0.2.7.3-rc. + + +Changes in version 0.3.4.7-rc - 2018-08-24 + Tor 0.3.4.7-rc fixes several small compilation, portability, and + correctness issues in previous versions of Tor. This version is a + release candidate: if no serious bugs are found, we expect that the + stable 0.3.4 release will be (almost) the same as this release. + + o Minor features (bug workaround): + - Compile correctly on systems that provide the C11 stdatomic.h + header, but where C11 atomic functions don't actually compile. + Closes ticket 26779; workaround for Debian issue 903709. + + o Minor features (continuous integration): + - Backport Travis rust distcheck to 0.3.3. Closes ticket 24629. + - Enable macOS builds in our Travis CI configuration. Closes + ticket 24629. + - Install libcap-dev and libseccomp2-dev so these optional + dependencies get tested on Travis CI. Closes ticket 26560. + - Only post Appveyor IRC notifications when the build fails. + Implements ticket 27275. + - Run asciidoc during Travis CI. Implements ticket 27087. + - Use ccache in our Travis CI configuration. Closes ticket 26952. + + o Minor features (continuous integration, rust): + - Use cargo cache in our Travis CI configuration. Closes + ticket 26952. + + o Minor features (directory authorities): + - Authorities no longer vote to make the subprotocol version + "LinkAuth=1" a requirement: it is unsupportable with NSS, and + hasn't been needed since Tor 0.3.0.1-alpha. Closes ticket 27286. + + o Minor features (geoip): + - Update geoip and geoip6 to the August 7 2018 Maxmind GeoLite2 + Country database. Closes ticket 27089. + + o Minor bugfixes (compilation, windows): + - Don't link or search for pthreads when building for Windows, even + if we are using build environment (like mingw) that provides a + pthreads library. Fixes bug 27081; bugfix on 0.1.0.1-rc. + + o Minor bugfixes (continuous integration): + - Improve Appveyor CI IRC logging. Generate correct branches and + URLs for pull requests and tags. Use unambiguous short commits. + Fixes bug 26979; bugfix on master. + - Build with zstd on macOS. Fixes bug 27090; bugfix on 0.3.1.5-alpha. + - Pass the module flags to distcheck configure, and log the flags + before running configure. (Backported to 0.2.9 and later as a + precaution.) Fixes bug 27088; bugfix on 0.3.4.1-alpha. + + o Minor bugfixes (in-process restart): + - Always call tor_free_all() when leaving tor_run_main(). When we + did not, restarting tor in-process would cause an assertion + failure. Fixes bug 26948; bugfix on 0.3.3.1-alpha. + + o Minor bugfixes (linux seccomp2 sandbox): + - Fix a bug in our sandboxing rules for the openat() syscall. + Previously, no openat() call would be permitted, which would break + filesystem operations on recent glibc versions. Fixes bug 25440; + bugfix on 0.2.9.15. Diagnosis and patch from Daniel Pinto. + + o Minor bugfixes (onion services): + - Fix bug that causes services to not ever rotate their descriptors + if they were getting SIGHUPed often. Fixes bug 26932; bugfix + on 0.3.2.1-alpha. + + o Minor bugfixes (portability): + - Fix compilation of the unit tests on GNU/Hurd, which does not + define PATH_MAX. Fixes bug 26873; bugfix on 0.3.3.1-alpha. Patch + from "paulusASol". + + o Minor bugfixes (rust): + - Backport test_rust.sh from master. Fixes bug 26497; bugfix + on 0.3.1.5-alpha. + - Consistently use ../../.. as a fallback for $abs_top_srcdir in + test_rust.sh. Fixes bug 27093; bugfix on 0.3.4.3-alpha. + - Protover parsing was accepting the presence of whitespace in + version strings, which the C implementation would choke on, e.g. + "Desc=1\t,2". Fixes bug 27177; bugfix on 0.3.3.5-rc. + - Protover parsing was ignoring a 2nd hyphen and everything after + it, accepting entries like "Link=1-5-foo". Fixes bug 27164; bugfix + on 0.3.3.1-alpha. + - Stop setting $CARGO_HOME. cargo will use the user's $CARGO_HOME, or + $HOME/.cargo by default. Fixes bug 26497; bugfix on 0.3.1.5-alpha. + - cd to ${abs_top_builddir}/src/rust before running cargo in + src/test/test_rust.sh. This makes the working directory consistent + between builds and tests. Fixes bug 26497; bugfix on 0.3.3.2-alpha. + + o Minor bugfixes (testing, bootstrap): + - When calculating bootstrap progress, check exit policies and the + exit flag. Previously, Tor would only check the exit flag, which + caused race conditions in small and fast networks like chutney. + Fixes bug 27236; bugfix on 0.2.6.3-alpha. + + o Minor bugfixes (testing, openssl compatibility): + - Our "tortls/cert_matches_key" unit test no longer relies on + OpenSSL internals. Previously, it relied on unsupported OpenSSL + behavior in a way that caused it to crash with OpenSSL 1.0.2p. + Fixes bug 27226; bugfix on 0.2.5.1-alpha. + + o Minor bugfixes (Windows, compilation): + - Silence a compilation warning on MSVC 2017 and clang-cl. Fixes bug + 27185; bugfix on 0.2.2.2-alpha. + + +Changes in version 0.3.4.6-rc - 2018-08-06 + Tor 0.3.4.6-rc fixes several small compilation, portability, and + correctness issues in previous versions of Tor. This version is a + release candidate: if no serious bugs are found, we expect that the + stable 0.3.4 release will be (almost) the same as this release. + + o Major bugfixes (event scheduler): + - When we enable a periodic event, schedule it in the event loop + rather than running it immediately. Previously, we would re-run + periodic events immediately in the middle of (for example) + changing our options, with unpredictable effects. Fixes bug 27003; + bugfix on 0.3.4.1-alpha. + + o Minor features (compilation): + - When building Tor, prefer to use Python 3 over Python 2, and more + recent (contemplated) versions over older ones. Closes + ticket 26372. + - When compiling with --enable-openbsd-malloc or --enable-tcmalloc, + tell the compiler not to include the system malloc implementation. + Fixes bug 20424; bugfix on 0.2.0.20-rc. + - Don't try to use a pragma to temporarily disable the + -Wunused-const-variable warning if the compiler doesn't support + it. Fixes bug 26785; bugfix on 0.3.2.11. + + o Minor bugfixes (continuous integration): + - Skip a pair of unreliable key generation tests on Windows, until + the underlying issue in bug 26076 is resolved. Fixes bug 26830 and + bug 26853; bugfix on 0.2.7.3-rc and 0.3.2.1-alpha respectively. + + o Minor features (controller): + - The control port now exposes the list of HTTPTunnelPorts and + ExtOrPorts via GETINFO net/listeners/httptunnel and + net/listeners/extor respectively. Closes ticket 26647. + + o Minor bugfixes (directory authority): + - When voting for recommended versions, make sure that all of the + versions are well-formed and parsable. Fixes bug 26485; bugfix + on 0.1.1.6-alpha. + + o Minor features (geoip): + - Update geoip and geoip6 to the July 3 2018 Maxmind GeoLite2 + Country database. Closes ticket 26674. + + o Minor features (Rust, portability): + - Rust cross-compilation is now supported. Closes ticket 25895. + + o Minor bugfixes (compilation): + - Update build system so that tor builds again with --disable-unittests + after recent refactoring. Fixes bug 26789; bugfix on 0.3.4.3-alpha. + - Fix a compilation warning on some versions of GCC when building + code that calls routerinfo_get_my_routerinfo() twice, assuming + that the second call will succeed if the first one did. Fixes bug + 26269; bugfix on 0.2.8.2-alpha. + + o Minor bugfixes (controller): + - Report the port correctly when a port is configured to bind to + "auto". Fixes bug 26568; bugfix on 0.3.4.1-alpha. + - Parse the "HSADDRESS=" parameter in HSPOST commands properly. + Previously, it was misparsed and ignored. Fixes bug 26523; bugfix + on 0.3.3.1-alpha. Patch by "akwizgran". + + o Minor bugfixes (correctness, flow control): + - Upon receiving a stream-level SENDME cell, verify that our window + has not grown too large. Fixes bug 26214; bugfix on svn + r54 (pre-0.0.1) + + o Minor bugfixes (memory, correctness): + - Fix a number of small memory leaks identified by coverity. Fixes + bug 26467; bugfix on numerous Tor versions. + + o Minor bugfixes (logging): + - Improve the log message when connection initiators fail to + authenticate direct connections to relays. Fixes bug 26927; bugfix + on 0.3.0.1-alpha. + + o Minor bugfixes (portability): + - Avoid a compilation error in test_bwmgt.c on Solaris 10. Fixes bug + 26994; bugfix on 0.3.4.1-alpha. + - Work around two different bugs in the OS X 10.10 and later SDKs + that would prevent us from successfully targeting earlier versions + of OS X. Fixes bug 26876; bugfix on 0.3.3.1-alpha. + + o Minor bugfixes (single onion services, Tor2web): + - Log a protocol warning when single onion services or Tor2web + clients fail to authenticate direct connections to relays. Fixes + bug 26924; bugfix on 0.2.9.1-alpha. + + o Minor bugfixes (testing): + - Disable core dumps in test_bt.sh, to avoid failures in "make + distcheck". Fixes bug 26787; bugfix on 0.2.5.2-alpha. + + o Minor bugfixes (testing, compatibility): + - When running the ntor_ref.py and hs_ntor_ref.py tests, make sure + only to pass strings (rather than "bytes" objects) to the Python + subprocess module. Python 3 on Windows seems to require this. + Fixes bug 26535; bugfix on 0.2.5.5-alpha (for ntor_ref.py) and + 0.3.1.1-alpha (for hs_ntor_ref.py). + + o Minor bugfixes (v3 onion services): + - Stop sending ed25519 link specifiers in v3 onion service introduce + cells and descriptors, when the rendezvous or introduction point + doesn't support ed25519 link authentication. Fixes bug 26627; + bugfix on 0.3.2.4-alpha. + + +Changes in version 0.3.4.5-rc - 2018-07-13 + Tor 0.3.4.5-rc moves to a new bridge authority, meaning people running + bridge relays should upgrade. + + o Directory authority changes: + - The "Bifroest" bridge authority has been retired; the new bridge + authority is "Serge", and it is operated by George from the + TorBSD project. Closes ticket 26771. + + +Changes in version 0.3.3.9 - 2018-07-13 + Tor 0.3.3.9 moves to a new bridge authority, meaning people running + bridge relays should upgrade. + + o Directory authority changes: + - The "Bifroest" bridge authority has been retired; the new bridge + authority is "Serge", and it is operated by George from the + TorBSD project. Closes ticket 26771. + + +Changes in version 0.3.2.11 - 2018-07-13 + Tor 0.3.2.11 moves to a new bridge authority, meaning people running + bridge relays should upgrade. We also take this opportunity to backport + other minor fixes. + + o Directory authority changes: + - The "Bifroest" bridge authority has been retired; the new bridge + authority is "Serge", and it is operated by George from the + TorBSD project. Closes ticket 26771. + + o Directory authority changes (backport from 0.3.3.7): + - Add an IPv6 address for the "dannenberg" directory authority. + Closes ticket 26343. + + o Major bugfixes (directory authorities, backport from 0.3.4.1-alpha): + - When directory authorities read a zero-byte bandwidth file, they + would previously log a warning with the contents of an + uninitialised buffer. They now log a warning about the empty file + instead. Fixes bug 26007; bugfix on 0.2.2.1-alpha. + + o Major bugfixes (onion service, backport from 0.3.4.1-alpha): + - Correctly detect when onion services get disabled after HUP. Fixes + bug 25761; bugfix on 0.3.2.1. + + o Minor features (sandbox, backport from 0.3.3.4-alpha): + - Explicitly permit the poll() system call when the Linux + seccomp2-based sandbox is enabled: apparently, some versions of + libc use poll() when calling getpwnam(). Closes ticket 25313. + + o Minor feature (continuous integration, backport from 0.3.3.5-rc): + - Update the Travis CI configuration to use the stable Rust channel, + now that we have decided to require that. Closes ticket 25714. + + o Minor features (continuous integration, backport from 0.3.4.1-alpha): + - Our .travis.yml configuration now includes support for testing the + results of "make distcheck". (It's not uncommon for "make check" + to pass but "make distcheck" to fail.) Closes ticket 25814. + - Our Travis CI configuration now integrates with the Coveralls + coverage analysis tool. Closes ticket 25818. + + o Minor features (relay, diagnostic, backport from 0.3.4.3-alpha): + - Add several checks to detect whether Tor relays are uploading + their descriptors without specifying why they regenerated them. + Diagnostic for ticket 25686. + + o Minor features (compilation, backport from 0.3.4.4-rc): + - When building Tor, prefer to use Python 3 over Python 2, and more + recent (contemplated) versions over older ones. Closes + ticket 26372. + + o Minor features (geoip): + - Update geoip and geoip6 to the July 3 2018 Maxmind GeoLite2 + Country database. Closes ticket 26674. + + o Minor bugfixes (correctness, client, backport from 0.3.4.1-alpha): + - Upon receiving a malformed connected cell, stop processing the + cell immediately. Previously we would mark the connection for + close, but continue processing the cell as if the connection were + open. Fixes bug 26072; bugfix on 0.2.4.7-alpha. + + o Minor bugfixes (Linux seccomp2 sandbox, backport from 0.3.4.1-alpha): + - Allow the nanosleep() system call, which glibc uses to implement + sleep() and usleep(). Fixes bug 24969; bugfix on 0.2.5.1-alpha. + + o Minor bugfixes (testing, compatibility, backport from 0.3.4.4-rc): + - When running the hs_ntor_ref.py test, make sure only to pass + strings (rather than "bytes" objects) to the Python subprocess + module. Python 3 on Windows seems to require this. Fixes bug + 26535; bugfix on 0.3.1.1-alpha. + - When running the ntor_ref.py test, make sure only to pass strings + (rather than "bytes" objects) to the Python subprocess module. + Python 3 on Windows seems to require this. Fixes bug 26535; bugfix + on 0.2.5.5-alpha. + + o Minor bugfixes (compatibility, openssl, backport from 0.3.4.2-alpha): + - Work around a change in OpenSSL 1.1.1 where return values that + would previously indicate "no password" now indicate an empty + password. Without this workaround, Tor instances running with + OpenSSL 1.1.1 would accept descriptors that other Tor instances + would reject. Fixes bug 26116; bugfix on 0.2.5.16. + + o Minor bugfixes (documentation, backport from 0.3.3.5-rc): + - Document that the PerConnBW{Rate,Burst} options will fall back to + their corresponding consensus parameters only if those parameters + are set. Previously we had claimed that these values would always + be set in the consensus. Fixes bug 25296; bugfix on 0.2.2.7-alpha. + + o Minor bugfixes (compilation, backport from 0.3.4.4-rc): + - Fix a compilation warning on some versions of GCC when building + code that calls routerinfo_get_my_routerinfo() twice, assuming + that the second call will succeed if the first one did. Fixes bug + 26269; bugfix on 0.2.8.2-alpha. + + o Minor bugfixes (client, backport from 0.3.4.1-alpha): + - Don't consider Tor running as a client if the ControlPort is open, + but no actual client ports are open. Fixes bug 26062; bugfix + on 0.2.9.4-alpha. + + o Minor bugfixes (hardening, backport from 0.3.4.2-alpha): + - Prevent a possible out-of-bounds smartlist read in + protover_compute_vote(). Fixes bug 26196; bugfix on 0.2.9.4-alpha. + + o Minor bugfixes (C correctness, backport from 0.3.3.4-alpha): + - Fix a very unlikely (impossible, we believe) null pointer + dereference. Fixes bug 25629; bugfix on 0.2.9.15. Found by + Coverity; this is CID 1430932. + + o Minor bugfixes (onion service, backport from 0.3.4.1-alpha): + - Fix a memory leak when a v3 onion service is configured and gets a + SIGHUP signal. Fixes bug 25901; bugfix on 0.3.2.1-alpha. + - When parsing the descriptor signature, look for the token plus an + extra white-space at the end. This is more correct but also will + allow us to support new fields that might start with "signature". + Fixes bug 26069; bugfix on 0.3.0.1-alpha. + + o Minor bugfixes (relay, backport from 0.3.4.3-alpha): + - Relays now correctly block attempts to re-extend to the previous + relay by Ed25519 identity. Previously they would warn in this + case, but not actually reject the attempt. Fixes bug 26158; bugfix + on 0.3.0.1-alpha. + + o Minor bugfixes (relay, crash, backport from 0.3.4.1-alpha): + - Avoid a crash when running with DirPort set but ORPort turned off. + Fixes a case of bug 23693; bugfix on 0.3.1.1-alpha. + + o Minor bugfixes (compilation, backport from 0.3.4.2-alpha): + - Silence unused-const-variable warnings in zstd.h with some GCC + versions. Fixes bug 26272; bugfix on 0.3.1.1-alpha. + + o Minor bugfixes (testing, backport from 0.3.3.4-alpha): + - Avoid intermittent test failures due to a test that had relied on + onion service introduction point creation finishing within 5 + seconds of real clock time. Fixes bug 25450; bugfix + on 0.3.1.3-alpha. + + o Minor bugfixes (compilation, backport from 0.3.3.4-alpha): + - Fix a C99 compliance issue in our configuration script that caused + compilation issues when compiling Tor with certain versions of + xtools. Fixes bug 25474; bugfix on 0.3.2.5-alpha. + + o Minor bugfixes (memory, correctness, backport from 0.3.4.4-rc): + - Fix a number of small memory leaks identified by coverity. Fixes + bug 26467; bugfix on numerous Tor versions. + + o Code simplification and refactoring (backport from 0.3.3.5-rc): + - Move the list of default directory authorities to its own file. + Closes ticket 24854. Patch by "beastr0". + + +Changes in version 0.2.9.16 - 2018-07-13 + Tor 0.2.9.16 moves to a new bridge authority, meaning people running + bridge relays should upgrade. We also take this opportunity to backport + other minor fixes. + + o Directory authority changes: + - The "Bifroest" bridge authority has been retired; the new bridge + authority is "Serge", and it is operated by George from the + TorBSD project. Closes ticket 26771. + + o Directory authority changes (backport from 0.3.3.7): + - Add an IPv6 address for the "dannenberg" directory authority. + Closes ticket 26343. + + o Major bugfixes (directory authorities, backport from 0.3.4.1-alpha): + - When directory authorities read a zero-byte bandwidth file, they + would previously log a warning with the contents of an + uninitialised buffer. They now log a warning about the empty file + instead. Fixes bug 26007; bugfix on 0.2.2.1-alpha. + + o Minor features (sandbox, backport from 0.3.3.4-alpha): + - Explicitly permit the poll() system call when the Linux + seccomp2-based sandbox is enabled: apparently, some versions of + libc use poll() when calling getpwnam(). Closes ticket 25313. + + o Minor features (continuous integration, backport from 0.3.4.1-alpha): + - Our .travis.yml configuration now includes support for testing the + results of "make distcheck". (It's not uncommon for "make check" + to pass but "make distcheck" to fail.) Closes ticket 25814. + - Our Travis CI configuration now integrates with the Coveralls + coverage analysis tool. Closes ticket 25818. + + o Minor features (compilation, backport from 0.3.4.4-rc): + - When building Tor, prefer to use Python 3 over Python 2, and more + recent (contemplated) versions over older ones. Closes + ticket 26372. + + o Minor features (geoip): + - Update geoip and geoip6 to the July 3 2018 Maxmind GeoLite2 + Country database. Closes ticket 26674. + + o Minor bugfixes (correctness, client, backport from 0.3.4.1-alpha): + - Upon receiving a malformed connected cell, stop processing the + cell immediately. Previously we would mark the connection for + close, but continue processing the cell as if the connection were + open. Fixes bug 26072; bugfix on 0.2.4.7-alpha. + + o Minor bugfixes (Linux seccomp2 sandbox, backport from 0.3.4.1-alpha): + - Allow the nanosleep() system call, which glibc uses to implement + sleep() and usleep(). Fixes bug 24969; bugfix on 0.2.5.1-alpha. + + o Minor bugfixes (testing, compatibility, backport from 0.3.4.4-rc): + - When running the ntor_ref.py test, make sure only to pass strings + (rather than "bytes" objects) to the Python subprocess module. + Python 3 on Windows seems to require this. Fixes bug 26535; bugfix + on 0.2.5.5-alpha. + + o Minor bugfixes (compatibility, openssl, backport from 0.3.4.2-alpha): + - Work around a change in OpenSSL 1.1.1 where return values that + would previously indicate "no password" now indicate an empty + password. Without this workaround, Tor instances running with + OpenSSL 1.1.1 would accept descriptors that other Tor instances + would reject. Fixes bug 26116; bugfix on 0.2.5.16. + + o Minor bugfixes (compilation, backport from 0.3.4.4-rc): + - Fix a compilation warning on some versions of GCC when building + code that calls routerinfo_get_my_routerinfo() twice, assuming + that the second call will succeed if the first one did. Fixes bug + 26269; bugfix on 0.2.8.2-alpha. + + o Minor bugfixes (client, backport from 0.3.4.1-alpha): + - Don't consider Tor running as a client if the ControlPort is open, + but no actual client ports are open. Fixes bug 26062; bugfix + on 0.2.9.4-alpha. + + o Minor bugfixes (hardening, backport from 0.3.4.2-alpha): + - Prevent a possible out-of-bounds smartlist read in + protover_compute_vote(). Fixes bug 26196; bugfix on 0.2.9.4-alpha. + + o Minor bugfixes (C correctness, backport from 0.3.3.4-alpha): + - Fix a very unlikely (impossible, we believe) null pointer + dereference. Fixes bug 25629; bugfix on 0.2.9.15. Found by + Coverity; this is CID 1430932. + + o Minor bugfixes (memory, correctness, backport from 0.3.4.4-rc): + - Fix a number of small memory leaks identified by coverity. Fixes + bug 26467; bugfix on numerous Tor versions. + + o Code simplification and refactoring (backport from 0.3.3.5-rc): + - Move the list of default directory authorities to its own file. + Closes ticket 24854. Patch by "beastr0". + + +Changes in version 0.3.4.4-rc - 2018-07-09 + Tor 0.3.4.4-rc fixes several small compilation, portability, and + correctness issues in previous versions of Tor. This version is a + release candidate: if no serious bugs are found, we expect that the + stable 0.3.4 release will be (almost) the same as this release. + + o Minor features (compilation): + - When building Tor, prefer to use Python 3 over Python 2, and more + recent (contemplated) versions over older ones. Closes + ticket 26372. + + o Minor features (geoip): + - Update geoip and geoip6 to the July 3 2018 Maxmind GeoLite2 + Country database. Closes ticket 26674. + + o Minor features (Rust, portability): + - Rust cross-compilation is now supported. Closes ticket 25895. + + o Minor bugfixes (compilation): + - Fix a compilation warning on some versions of GCC when building + code that calls routerinfo_get_my_routerinfo() twice, assuming + that the second call will succeed if the first one did. Fixes bug + 26269; bugfix on 0.2.8.2-alpha. + + o Minor bugfixes (control port): + - Report the port correctly when a port is configured to bind to + "auto". Fixes bug 26568; bugfix on 0.3.4.1-alpha. + - Handle the HSADDRESS= argument to the HSPOST command properly. + (Previously, this argument was misparsed and thus ignored.) Fixes + bug 26523; bugfix on 0.3.3.1-alpha. Patch by "akwizgran". + + o Minor bugfixes (correctness, flow control): + - Upon receiving a stream-level SENDME cell, verify that our window + has not grown too large. Fixes bug 26214; bugfix on svn + r54 (pre-0.0.1). + + o Minor bugfixes (memory, correctness): + - Fix a number of small memory leaks identified by coverity. Fixes + bug 26467; bugfix on numerous Tor versions. + + o Minor bugfixes (testing, compatibility): + - When running the hs_ntor_ref.py test, make sure only to pass + strings (rather than "bytes" objects) to the Python subprocess + module. Python 3 on Windows seems to require this. Fixes bug + 26535; bugfix on 0.3.1.1-alpha. + - When running the ntor_ref.py test, make sure only to pass strings + (rather than "bytes" objects) to the Python subprocess module. + Python 3 on Windows seems to require this. Fixes bug 26535; bugfix + on 0.2.5.5-alpha. + + +Changes in version 0.3.3.8 - 2018-07-09 + Tor 0.3.3.8 backports several changes from the 0.3.4.x series, including + fixes for a memory leak affecting directory authorities. + + o Major bugfixes (directory authority, backport from 0.3.4.3-alpha): + - Stop leaking memory on directory authorities when planning to + vote. This bug was crashing authorities by exhausting their + memory. Fixes bug 26435; bugfix on 0.3.3.6. + + o Major bugfixes (rust, testing, backport from 0.3.4.3-alpha): + - Make sure that failing tests in Rust will actually cause the build + to fail: previously, they were ignored. Fixes bug 26258; bugfix + on 0.3.3.4-alpha. + + o Minor features (compilation, backport from 0.3.4.4-rc): + - When building Tor, prefer to use Python 3 over Python 2, and more + recent (contemplated) versions over older ones. Closes + ticket 26372. + + o Minor features (geoip): + - Update geoip and geoip6 to the July 3 2018 Maxmind GeoLite2 + Country database. Closes ticket 26674. + + o Minor features (relay, diagnostic, backport from 0.3.4.3-alpha): + - Add several checks to detect whether Tor relays are uploading + their descriptors without specifying why they regenerated them. + Diagnostic for ticket 25686. + + o Minor bugfixes (circuit path selection, backport from 0.3.4.1-alpha): + - Don't count path selection failures as circuit build failures. + This change should eliminate cases where Tor blames its guard or + the network for situations like insufficient microdescriptors + and/or overly restrictive torrc settings. Fixes bug 25705; bugfix + on 0.3.3.1-alpha. + + o Minor bugfixes (compilation, backport from 0.3.4.4-rc): + - Fix a compilation warning on some versions of GCC when building + code that calls routerinfo_get_my_routerinfo() twice, assuming + that the second call will succeed if the first one did. Fixes bug + 26269; bugfix on 0.2.8.2-alpha. + + o Minor bugfixes (control port, backport from 0.3.4.4-rc): + - Handle the HSADDRESS= argument to the HSPOST command properly. + (Previously, this argument was misparsed and thus ignored.) Fixes + bug 26523; bugfix on 0.3.3.1-alpha. Patch by "akwizgran". + + o Minor bugfixes (memory, correctness, backport from 0.3.4.4-rc): + - Fix a number of small memory leaks identified by coverity. Fixes + bug 26467; bugfix on numerous Tor versions. + + o Minor bugfixes (relay, backport from 0.3.4.3-alpha): + - Relays now correctly block attempts to re-extend to the previous + relay by Ed25519 identity. Previously they would warn in this + case, but not actually reject the attempt. Fixes bug 26158; bugfix + on 0.3.0.1-alpha. + + o Minor bugfixes (restart-in-process, backport from 0.3.4.1-alpha): + - When shutting down, Tor now clears all the flags in the control.c + module. This should prevent a bug where authentication cookies are + not generated on restart. Fixes bug 25512; bugfix on 0.3.3.1-alpha. + + o Minor bugfixes (testing, compatibility, backport from 0.3.4.4-rc): + - When running the hs_ntor_ref.py test, make sure only to pass + strings (rather than "bytes" objects) to the Python subprocess + module. Python 3 on Windows seems to require this. Fixes bug + 26535; bugfix on 0.3.1.1-alpha. + - When running the ntor_ref.py test, make sure only to pass strings + (rather than "bytes" objects) to the Python subprocess module. + Python 3 on Windows seems to require this. Fixes bug 26535; bugfix + on 0.2.5.5-alpha. + + +Changes in version 0.3.4.3-alpha - 2018-06-26 + Tor 0.3.4.3-alpha fixes several bugs in earlier versions, including + one that was causing stability issues on directory authorities. + + o Major bugfixes (directory authority): + - Stop leaking memory on directory authorities when planning to + vote. This bug was crashing authorities by exhausting their + memory. Fixes bug 26435; bugfix on 0.3.3.6. + + o Major bugfixes (rust, testing): + - Make sure that failing tests in Rust will actually cause the build + to fail: previously, they were ignored. Fixes bug 26258; bugfix + on 0.3.3.4-alpha. + + o Minor feature (directory authorities): + - Stop warning about incomplete bw lines before the first complete + bw line has been found, so that additional header lines can be + ignored. Fixes bug 25960; bugfix on 0.2.2.1-alpha + + o Minor features (relay, diagnostic): + - Add several checks to detect whether Tor relays are uploading + their descriptors without specifying why they regenerated them. + Diagnostic for ticket 25686. + + o Minor features (unit tests): + - Test complete bandwidth measurements files, and test that + incomplete bandwidth lines only give warnings when the end of the + header has not been detected. Fixes bug 25947; bugfix + on 0.2.2.1-alpha + + o Minor bugfixes (compilation): + - Refrain from compiling unit testing related object files when + --disable-unittests is set to configure script. Fixes bug 24891; + bugfix on 0.2.5.1-alpha. + - When linking the libtor_testing.a library, only include the + dirauth object files once. Previously, they were getting added + twice. Fixes bug 26402; bugfix on 0.3.4.1-alpha. + - The --enable-fatal-warnings flag now affects Rust code as well. + Closes ticket 26245. + + o Minor bugfixes (onion services): + - Recompute some consensus information after detecting a clock jump, + or after transitioning from a non-live consensus to a live + consensus. We do this to avoid having an outdated state, and + miscalculating the index for next-generation onion services. Fixes + bug 24977; bugfix on 0.3.2.1-alpha. + + o Minor bugfixes (relay): + - Relays now correctly block attempts to re-extend to the previous + relay by Ed25519 identity. Previously they would warn in this + case, but not actually reject the attempt. Fixes bug 26158; bugfix + on 0.3.0.1-alpha. + + o Minor bugfixes (testing): + - Fix compilation of the doctests in the Rust crypto crate. Fixes + bug 26415; bugfix on 0.3.4.1-alpha. + - Instead of trying to read the geoip configuration files from + within the unit tests, instead create our own ersatz files with + just enough geoip data in the format we expect. Trying to read + from the source directory created problems on Windows with mingw, + where the build system's paths are not the same as the platform's + paths. Fixes bug 25787; bugfix on 0.3.4.1-alpha. + - Refrain from trying to get an item from an empty smartlist in + test_bridges_clear_bridge_list. Set DEBUG_SMARTLIST in unit tests + to catch improper smartlist usage. Furthermore, enable + DEBUG_SMARTLIST globally when build is configured with fragile + hardening. Fixes bug 26196; bugfix on 0.3.4.1-alpha. + + Changes in version 0.3.3.7 - 2018-06-12 Tor 0.3.3.7 backports several changes from the 0.3.4.x series, including fixes for bugs affecting compatibility and stability. @@ -196,7 +1238,7 @@ Changes in version 0.3.3.6 - 2018-05-22 Fixes bug 26069; bugfix on 0.3.0.1-alpha. o Minor bugfixes (relay, crash, backport from 0.3.4.1-alpha): - - Avoid a crash when running with DirPort set but ORPort tuned off. + - Avoid a crash when running with DirPort set but ORPort turned off. Fixes a case of bug 23693; bugfix on 0.3.1.1-alpha. o Documentation (backport from 0.3.4.1-alpha): @@ -232,9 +1274,9 @@ Changes in version 0.3.4.1-alpha - 2018-05-17 - Tor no longer enables all of its periodic events by default. Previously, Tor would enable all possible main loop events, regardless of whether it needed them. Furthermore, many of these - events are now disabled with Tor is hibernating or DisableNetwork + events are now disabled when Tor is hibernating or DisableNetwork is set. This is a big step towards reducing client CPU usage by - reducing the amount of wake-ups the daemon does. Closes ticket + reducing the amount of wake-ups the daemon does. Closes tickets 25376 and 25762. - The bandwidth-limitation logic has been refactored so that bandwidth calculations are performed on-demand, rather than every @@ -499,7 +1541,7 @@ Changes in version 0.3.4.1-alpha - 2018-05-17 here.) Fixes bug 24910; bugfix on 0.2.4.17-rc. o Minor bugfixes (relay, crash): - - Avoid a crash when running with DirPort set but ORPort tuned off. + - Avoid a crash when running with DirPort set but ORPort turned off. Fixes a case of bug 23693; bugfix on 0.3.1.1-alpha. o Minor bugfixes (restart-in-process): @@ -28476,4 +29518,3 @@ Changes in version 0.0.2pre13 - 2003-10-19 - If --DebugLogFile is specified, log to it at -l debug - If --LogFile is specified, use it instead of commandline - If --RunAsDaemon is set, tor forks and backgrounds on startup - diff --git a/ReleaseNotes b/ReleaseNotes index 8a38289c2c..cba32f82e7 100644 --- a/ReleaseNotes +++ b/ReleaseNotes @@ -2,6 +2,1200 @@ This document summarizes new features and bugfixes in each stable release of Tor. If you want to see more detailed descriptions of the changes in each development snapshot, see the ChangeLog file. +Changes in version 0.3.4.11 - 2019-02-21 + Tor 0.3.4.11 is the third stable release in its series. It includes + a fix for a medium-severity security bug affecting Tor 0.3.2.1-alpha and + later. All Tor instances running an affected release should upgrade to + 0.3.3.12, 0.3.4.11, 0.3.5.8, or 0.4.0.2-alpha. + + o Major bugfixes (cell scheduler, KIST, security): + - Make KIST consider the outbuf length when computing what it can + put in the outbuf. Previously, KIST acted as though the outbuf + were empty, which could lead to the outbuf becoming too full. It + is possible that an attacker could exploit this bug to cause a Tor + client or relay to run out of memory and crash. Fixes bug 29168; + bugfix on 0.3.2.1-alpha. This issue is also being tracked as + TROVE-2019-001 and CVE-2019-8955. + + o Minor features (geoip): + - Update geoip and geoip6 to the February 5 2019 Maxmind GeoLite2 + Country database. Closes ticket 29478. + + o Minor bugfixes (build, compatibility, rust, backport from 0.4.0.2-alpha): + - Update Cargo.lock file to match the version made by the latest + version of Rust, so that "make distcheck" will pass again. Fixes + bug 29244; bugfix on 0.3.3.4-alpha. + + o Minor bugfixes (onion services, backport from 0.4.0.2-alpha): + - Stop logging "Tried to establish rendezvous on non-OR circuit..." + as a warning. Instead, log it as a protocol warning, because there + is nothing that relay operators can do to fix it. Fixes bug 29029; + bugfix on 0.2.5.7-rc. + + +Changes in version 0.3.4.10 - 2019-01-07 + Tor 0.3.4.9 is the second stable release in its series; it backports + numerous fixes, including an important fix for relays, and for anyone + using OpenSSL 1.1.1. Anyone running an earlier version of Tor 0.3.4 + should upgrade. + + As a reminder, the Tor 0.3.4 series will be supported until 10 June + 2019. Some time between now and then, users should switch to the Tor + 0.3.5 series, which will receive long-term support until at least 1 + Feb 2022. + + o Major bugfixes (OpenSSL, portability, backport from 0.3.5.5-alpha): + - Fix our usage of named groups when running as a TLS 1.3 client in + OpenSSL 1.1.1. Previously, we only initialized EC groups when + running as a relay, which caused clients to fail to negotiate TLS + 1.3 with relays. Fixes bug 28245; bugfix on 0.2.9.15 (when TLS 1.3 + support was added). + + o Major bugfixes (relay, directory, backport from 0.3.5.7): + - Always reactivate linked connections in the main loop so long as + any linked connection has been active. Previously, connections + serving directory information wouldn't get reactivated after the + first chunk of data was sent (usually 32KB), which would prevent + clients from bootstrapping. Fixes bug 28912; bugfix on + 0.3.4.1-alpha. Patch by "cypherpunks3". + + o Minor features (continuous integration, Windows, backport from 0.3.5.6-rc): + - Always show the configure and test logs, and upload them as build + artifacts, when building for Windows using Appveyor CI. + Implements 28459. + + o Minor features (controller, backport from 0.3.5.1-alpha): + - For purposes of CIRC_BW-based dropped cell detection, track half- + closed stream ids, and allow their ENDs, SENDMEs, DATA and path + bias check cells to arrive without counting it as dropped until + either the END arrives, or the windows are empty. Closes + ticket 25573. + + o Minor features (fallback directory list, backport from 0.3.5.6-rc): + - Replace the 150 fallbacks originally introduced in Tor + 0.3.3.1-alpha in January 2018 (of which ~115 were still + functional), with a list of 157 fallbacks (92 new, 65 existing, 85 + removed) generated in December 2018. Closes ticket 24803. + + o Minor features (geoip): + - Update geoip and geoip6 to the November 6 2018 Maxmind GeoLite2 + Country database. Closes ticket 28395. + + o Minor features (OpenSSL bug workaround, backport from 0.3.5.7): + - Work around a bug in OpenSSL 1.1.1a, which prevented the TLS 1.3 + key export function from handling long labels. When this bug is + detected, Tor will disable TLS 1.3. We recommend upgrading to a + version of OpenSSL without this bug when it becomes available. + Closes ticket 28973. + + o Minor bugfixes (compilation, backport from 0.3.5.5-alpha): + - Initialize a variable unconditionally in aes_new_cipher(), since + some compilers cannot tell that we always initialize it before + use. Fixes bug 28413; bugfix on 0.2.9.3-alpha. + + o Minor bugfixes (connection, relay, backport from 0.3.5.5-alpha): + - Avoid a logging a BUG() stacktrace when closing connection held + open because the write side is rate limited but not the read side. + Now, the connection read side is simply shut down until Tor is + able to flush the connection and close it. Fixes bug 27750; bugfix + on 0.3.4.1-alpha. + + o Minor bugfixes (continuous integration, Windows, backport from 0.3.5.5-alpha): + - Manually configure the zstd compiler options, when building using + mingw on Appveyor Windows CI. The MSYS2 mingw zstd package does + not come with a pkg-config file. Fixes bug 28454; bugfix + on 0.3.4.1-alpha. + - Stop using an external OpenSSL install, and stop installing MSYS2 + packages, when building using mingw on Appveyor Windows CI. Fixes + bug 28399; bugfix on 0.3.4.1-alpha. + + o Minor bugfixes (continuous integration, Windows, backport from 0.3.5.6-rc): + - Explicitly specify the path to the OpenSSL library and do not + download OpenSSL from Pacman, but instead use the library that is + already provided by AppVeyor. Fixes bug 28574; bugfix on master. + + o Minor bugfixes (directory permissions, backport form 0.3.5.3-alpha): + - When a user requests a group-readable DataDirectory, give it to + them. Previously, when the DataDirectory and the CacheDirectory + were the same, the default setting (0) for + CacheDirectoryGroupReadable would override the setting for + DataDirectoryGroupReadable. Fixes bug 26913; bugfix + on 0.3.3.1-alpha. + + o Minor bugfixes (memory leaks, backport from 0.3.5.5-alpha): + - Fix a harmless memory leak in libtorrunner.a. Fixes bug 28419; + bugfix on 0.3.3.1-alpha. Patch from Martin Kepplinger. + + o Minor bugfixes (onion service v3, backport from 0.3.5.3-alpha): + - Don't warn so loudly when Tor is unable to decode an onion + descriptor. This can now happen as a normal use case if a client + gets a descriptor with client authorization but the client is not + authorized. Fixes bug 27550; bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (onion service v3, backport from 0.3.5.6-rc): + - When deleting an ephemeral onion service (DEL_ONION), do not close + any rendezvous circuits in order to let the existing client + connections finish by themselves or closed by the application. The + HS v2 is doing that already so now we have the same behavior for + all versions. Fixes bug 28619; bugfix on 0.3.3.1-alpha. + + o Minor bugfixes (relay statistics, backport from 0.3.5.7): + - Update relay descriptor on bandwidth changes only when the uptime + is smaller than 24h, in order to reduce the efficiency of guard + discovery attacks. Fixes bug 24104; bugfix on 0.1.1.6-alpha. + + o Minor bugfixes (unit tests, guard selection, backport from 0.3.5.6-rc): + - Stop leaking memory in an entry guard unit test. Fixes bug 28554; + bugfix on 0.3.0.1-alpha. + + +Changes in version 0.3.4.9 - 2018-11-02 + Tor 0.3.4.9 is the second stable release in its series; it backports + numerous fixes, including a fix for a bandwidth management bug that + was causing memory exhaustion on relays. Anyone running an earlier + version of Tor 0.3.4.9 should upgrade. + + o Major bugfixes (compilation, backport from 0.3.5.3-alpha): + - Fix compilation on ARM (and other less-used CPUs) when compiling + with OpenSSL before 1.1. Fixes bug 27781; bugfix on 0.3.4.1-alpha. + + o Major bugfixes (mainloop, bootstrap, backport from 0.3.5.3-alpha): + - Make sure Tor bootstraps and works properly if only the + ControlPort is set. Prior to this fix, Tor would only bootstrap + when a client port was set (Socks, Trans, NATD, DNS or HTTPTunnel + port). Fixes bug 27849; bugfix on 0.3.4.1-alpha. + + o Major bugfixes (relay, backport from 0.3.5.3-alpha): + - When our write bandwidth limit is exhausted, stop writing on the + connection. Previously, we had a typo in the code that would make + us stop reading instead, leading to relay connections being stuck + indefinitely and consuming kernel RAM. Fixes bug 28089; bugfix + on 0.3.4.1-alpha. + + o Major bugfixes (restart-in-process, backport from 0.3.5.1-alpha): + - Fix a use-after-free error that could be caused by passing Tor an + impossible set of options that would fail during options_act(). + Fixes bug 27708; bugfix on 0.3.3.1-alpha. + + o Minor features (continuous integration, backport from 0.3.5.1-alpha): + - Don't do a distcheck with --disable-module-dirauth in Travis. + Implements ticket 27252. + - Only run one online rust build in Travis, to reduce network + errors. Skip offline rust builds on Travis for Linux gcc, because + they're redundant. Implements ticket 27252. + - Skip gcc on OSX in Travis CI, because it's rarely used. Skip a + duplicate hardening-off build in Travis on Tor 0.2.9. Skip gcc on + Linux with default settings, because all the non-default builds + use gcc on Linux. Implements ticket 27252. + + o Minor features (continuous integration, backport from 0.3.5.3-alpha): + - Use the Travis Homebrew addon to install packages on macOS during + Travis CI. The package list is the same, but the Homebrew addon + does not do a `brew update` by default. Implements ticket 27738. + + o Minor features (geoip): + - Update geoip and geoip6 to the October 9 2018 Maxmind GeoLite2 + Country database. Closes ticket 27991. + + o Minor bugfixes (32-bit OSX and iOS, timing, backport from 0.3.5.2-alpha): + - Fix an integer overflow bug in our optimized 32-bit millisecond- + difference algorithm for 32-bit Apple platforms. Previously, it + would overflow when calculating the difference between two times + more than 47 days apart. Fixes part of bug 27139; bugfix + on 0.3.4.1-alpha. + - Improve the precision of our 32-bit millisecond difference + algorithm for 32-bit Apple platforms. Fixes part of bug 27139; + bugfix on 0.3.4.1-alpha. + - Relax the tolerance on the mainloop/update_time_jumps test when + running on 32-bit Apple platforms. Fixes part of bug 27139; bugfix + on 0.3.4.1-alpha. + + o Minor bugfixes (C correctness, to appear in 0.3.5.4-alpha): + - Avoid undefined behavior in an end-of-string check when parsing + the BEGIN line in a directory object. Fixes bug 28202; bugfix + on 0.2.0.3-alpha. + + o Minor bugfixes (CI, appveyor, to appear in 0.3.5.4-alpha): + - Only install the necessary mingw packages during our appveyor + builds. This change makes the build a little faster, and prevents + a conflict with a preinstalled mingw openssl that appveyor now + ships. Fixes bugs 27943 and 27765; bugfix on 0.3.4.2-alpha. + + o Minor bugfixes (code safety, backport from 0.3.5.3-alpha): + - Rewrite our assertion macros so that they no longer suppress the + compiler's -Wparentheses warnings. Fixes bug 27709; bugfix + + o Minor bugfixes (continuous integration, backport from 0.3.5.1-alpha): + - Stop reinstalling identical packages in our Windows CI. Fixes bug + 27464; bugfix on 0.3.4.1-alpha. + + o Minor bugfixes (directory authority, to appear in 0.3.5.4-alpha): + - Log additional info when we get a relay that shares an ed25519 ID + with a different relay, instead making a BUG() warning. Fixes bug + 27800; bugfix on 0.3.2.1-alpha. + + o Minor bugfixes (directory connection shutdown, backport from 0.3.5.1-alpha): + - Avoid a double-close when shutting down a stalled directory + connection. Fixes bug 26896; bugfix on 0.3.4.1-alpha. + + o Minor bugfixes (HTTP tunnel, backport from 0.3.5.1-alpha): + - Fix a bug warning when closing an HTTP tunnel connection due to an + HTTP request we couldn't handle. Fixes bug 26470; bugfix + on 0.3.2.1-alpha. + + o Minor bugfixes (netflow padding, backport from 0.3.5.1-alpha): + - Ensure circuitmux queues are empty before scheduling or sending + padding. Fixes bug 25505; bugfix on 0.3.1.1-alpha. + + o Minor bugfixes (onion service v3, backport from 0.3.5.1-alpha): + - When the onion service directory can't be created or has the wrong + permissions, do not log a stack trace. Fixes bug 27335; bugfix + on 0.3.2.1-alpha. + + o Minor bugfixes (onion service v3, backport from 0.3.5.2-alpha): + - Close all SOCKS request (for the same .onion) if the newly fetched + descriptor is unusable. Before that, we would close only the first + one leaving the other hanging and let to time out by themselves. + Fixes bug 27410; bugfix on 0.3.2.1-alpha. + + o Minor bugfixes (onion service v3, backport from 0.3.5.3-alpha): + - When selecting a v3 rendezvous point, don't only look at the + protover, but also check whether the curve25519 onion key is + present. This way we avoid picking a relay that supports the v3 + rendezvous but for which we don't have the microdescriptor. Fixes + bug 27797; bugfix on 0.3.2.1-alpha. + + o Minor bugfixes (protover, backport from 0.3.5.3-alpha): + - Reject protocol names containing bytes other than alphanumeric + characters and hyphens ([A-Za-z0-9-]). Fixes bug 27316; bugfix + on 0.2.9.4-alpha. + + o Minor bugfixes (rust, backport from 0.3.5.1-alpha): + - Compute protover votes correctly in the rust version of the + protover code. Previously, the protover rewrite in 24031 allowed + repeated votes from the same voter for the same protocol version + to be counted multiple times in protover_compute_vote(). Fixes bug + 27649; bugfix on 0.3.3.5-rc. + - Reject protover names that contain invalid characters. Fixes bug + 27687; bugfix on 0.3.3.1-alpha. + + o Minor bugfixes (rust, backport from 0.3.5.2-alpha): + - protover_all_supported() would attempt to allocate up to 16GB on + some inputs, leading to a potential memory DoS. Fixes bug 27206; + bugfix on 0.3.3.5-rc. + + o Minor bugfixes (rust, directory authority, to appear in 0.3.5.4-alpha): + - Fix an API mismatch in the rust implementation of + protover_compute_vote(). This bug could have caused crashes on any + directory authorities running Tor with Rust (which we do not yet + recommend). Fixes bug 27741; bugfix on 0.3.3.6. + + o Minor bugfixes (rust, to appear in 0.3.5.4-alpha): + - Fix a potential null dereference in protover_all_supported(). Add + a test for it. Fixes bug 27804; bugfix on 0.3.3.1-alpha. + - Return a string that can be safely freed by C code, not one + created by the rust allocator, in protover_all_supported(). Fixes + bug 27740; bugfix on 0.3.3.1-alpha. + + o Minor bugfixes (testing, backport from 0.3.5.1-alpha): + - If a unit test running in a subprocess exits abnormally or with a + nonzero status code, treat the test as having failed, even if the + test reported success. Without this fix, memory leaks don't cause + the tests to fail, even with LeakSanitizer. Fixes bug 27658; + bugfix on 0.2.2.4-alpha. + + o Minor bugfixes (testing, backport from 0.3.5.3-alpha): + - Make the hs_service tests use the same time source when creating + the introduction point and when testing it. Now tests work better + on very slow systems like ARM or Travis. Fixes bug 27810; bugfix + on 0.3.2.1-alpha. + + o Minor bugfixes (testing, to appear in 0.3.5.4-alpha): + - Treat backtrace test failures as expected on BSD-derived systems + (NetBSD, OpenBSD, and macOS/Darwin) until we solve bug 17808. + (FreeBSD failures have been treated as expected since 18204 in + 0.2.8.) Fixes bug 27948; bugfix on 0.2.5.2-alpha. + + +Changes in version 0.3.4.8 - 2018-09-10 + Tor 0.3.4.8 is the first stable release in its series; it includes + compilation and portability fixes. + + The Tor 0.3.4 series includes improvements for running Tor in + low-power and embedded environments, which should help performance in + general. We've begun work on better modularity, and included preliminary + changes on the directory authority side to accommodate a new bandwidth + measurement system. We've also integrated more continuous-integration + systems into our development process, and made corresponding changes to + Tor's testing infrastructure. Finally, we've continued to refine + our anti-denial-of-service code. + + Below are the changes since 0.3.3.9. For a list of only the changes + since 0.3.4.7-rc, see the ChangeLog file. + + o New system requirements: + - Tor no longer tries to support old operating systems without + mmap() or some local equivalent. Apparently, compilation on such + systems has been broken for some time, without anybody noticing or + complaining. Closes ticket 25398. + + o Major features (directory authority, modularization): + - The directory authority subsystem has been modularized. The code + is now located in src/or/dirauth/, and is compiled in by default. + To disable the module, the configure option + --disable-module-dirauth has been added. This module may be + disabled by default in some future release. Closes ticket 25610. + + o Major features (main loop, CPU usage): + - When Tor is disabled (via DisableNetwork or via hibernation), it + no longer needs to run any per-second events. This change should + make it easier for mobile applications to disable Tor while the + device is sleeping, or Tor is not running. Closes ticket 26063. + - Tor no longer enables all of its periodic events by default. + Previously, Tor would enable all possible main loop events, + regardless of whether it needed them. Furthermore, many of these + events are now disabled when Tor is hibernating or DisableNetwork + is set. This is a big step towards reducing client CPU usage by + reducing the amount of wake-ups the daemon does. Closes tickets + 25376 and 25762. + - The bandwidth-limitation logic has been refactored so that + bandwidth calculations are performed on-demand, rather than every + TokenBucketRefillInterval milliseconds. This change should improve + the granularity of our bandwidth calculations, and limit the + number of times that the Tor process needs to wake up when it is + idle. Closes ticket 25373. + - Move responsibility for many operations from a once-per-second + callback to a callback that is only scheduled as needed. Moving + this functionality has allowed us to disable the callback when + Tor's network is disabled. Once enough items are removed from our + once-per-second callback, we can eliminate it entirely to conserve + CPU when idle. The functionality removed includes: closing + connections, circuits, and channels (ticket 25932); consensus + voting (25937); flushing log callbacks (25951); honoring delayed + SIGNEWNYM requests (25949); rescanning the consensus cache + (25931); saving the state file to disk (25948); warning relay + operators about unreachable ports (25952); and keeping track of + Tor's uptime (26009). + + o Minor features (accounting): + - When Tor becomes dormant, it now uses a scheduled event to wake up + at the right time. Previously, we would use the per-second timer + to check whether to wake up, but we no longer have any per-second + timers enabled when the network is disabled. Closes ticket 26064. + + o Minor features (bug workaround): + - Compile correctly on systems that provide the C11 stdatomic.h + header, but where C11 atomic functions don't actually compile. + Closes ticket 26779; workaround for Debian issue 903709. + + o Minor features (code quality): + - Add optional spell-checking for the Tor codebase, using the + "misspell" program. To use this feature, run "make check-typos". + Closes ticket 25024. + + o Minor features (compatibility): + - Tell OpenSSL to maintain backward compatibility with previous + RSA1024/DH1024 users in Tor. With OpenSSL 1.1.1-pre6, these + ciphers are disabled by default. Closes ticket 27344. + - Tor now detects versions of OpenSSL 1.1.0 and later compiled with + the no-deprecated option, and builds correctly with them. Closes + tickets 19429, 19981, and 25353. + + o Minor features (compilation): + - When compiling with --enable-openbsd-malloc or --enable-tcmalloc, + tell the compiler not to include the system malloc implementation. + Fixes bug 20424; bugfix on 0.2.0.20-rc. + - Don't try to use a pragma to temporarily disable the + -Wunused-const-variable warning if the compiler doesn't support + it. Fixes bug 26785; bugfix on 0.3.2.11. + - When building Tor, prefer to use Python 3 over Python 2, and more + recent (contemplated) versions over older ones. Closes + ticket 26372. + + o Minor features (compression, zstd): + - When running with zstd, Tor now considers using advanced functions + that the zstd maintainers have labeled as potentially unstable. To + prevent breakage, Tor will only use this functionality when the + runtime version of the zstd library matches the version with which + Tor was compiled. Closes ticket 25162. + + o Minor features (configuration): + - The "DownloadSchedule" options have been renamed to end with + "DownloadInitialDelay". The old names are still allowed, but will + produce a warning. Comma-separated lists are still permitted for + these options, but all values after the first are ignored (as they + have been since 0.2.9). Closes ticket 23354. + + o Minor features (continuous integration): + - Log the compiler path and version during Appveyor builds. + Implements ticket 27449. + - Show config.log and test-suite.log after failed Appveyor builds. + Also upload the zipped full logs as a build artifact. Implements + ticket 27430. + - Backport Travis rust distcheck to 0.3.3. Closes ticket 24629. + - Enable macOS builds in our Travis CI configuration. Closes + ticket 24629. + - Install libcap-dev and libseccomp2-dev so these optional + dependencies get tested on Travis CI. Closes ticket 26560. + - Only post Appveyor IRC notifications when the build fails. + Implements ticket 27275. + - Run asciidoc during Travis CI. Implements ticket 27087. + - Use ccache in our Travis CI configuration. Closes ticket 26952. + - Add the necessary configuration files for continuous integration + testing on Windows, via the Appveyor platform. Closes ticket + 25549. Patches from Marcin Cieślak and Isis Lovecruft. + + o Minor features (continuous integration, rust): + - Use cargo cache in our Travis CI configuration. Closes + ticket 26952. + + o Minor features (control port): + - Introduce GETINFO "current-time/{local,utc}" to return the local + and UTC times respectively in ISO format. This helps a controller + like Tor Browser detect a time-related error. Closes ticket 25511. + Patch by Neel Chauhan. + - Introduce new fields to the CIRC_BW event. There are two new + fields in each of the read and written directions. The DELIVERED + fields report the total valid data on the circuit, as measured by + the payload sizes of verified and error-checked relay command + cells. The OVERHEAD fields report the total unused bytes in each + of these cells. Closes ticket 25903. + + o Minor features (controller): + - The control port now exposes the list of HTTPTunnelPorts and + ExtOrPorts via GETINFO net/listeners/httptunnel and + net/listeners/extor respectively. Closes ticket 26647. + + o Minor features (directory authorities): + - Stop warning about incomplete bw lines before the first complete + bw line has been found, so that additional header lines can be + ignored. Fixes bug 25960; bugfix on 0.2.2.1-alpha + - Authorities no longer vote to make the subprotocol version + "LinkAuth=1" a requirement: it is unsupportable with NSS, and + hasn't been needed since Tor 0.3.0.1-alpha. Closes ticket 27286. + + o Minor features (directory authority): + - Directory authorities now open their key-pinning files as O_SYNC, + to limit their chances of accidentally writing partial lines. + Closes ticket 23909. + + o Minor features (directory authority, forward compatibility): + - Make the lines of the measured bandwidth file able to contain + their entries in any order. Previously, the node_id entry needed + to come first. Closes ticket 26004. + + o Minor features (entry guards): + - Introduce a new torrc option NumPrimaryGuards for controlling the + number of primary guards. Closes ticket 25843. + + o Minor features (geoip): + - Update geoip and geoip6 to the August 7 2018 Maxmind GeoLite2 + Country database. Closes ticket 27089. + + o Minor features (performance): + - Avoid a needless call to malloc() when processing an incoming + relay cell. Closes ticket 24914. + - Make our timing-wheel code run a tiny bit faster on 32-bit + platforms, by preferring 32-bit math to 64-bit. Closes + ticket 24688. + - Avoid a needless malloc()/free() pair every time we handle an ntor + handshake. Closes ticket 25150. + + o Minor features (Rust, portability): + - Rust cross-compilation is now supported. Closes ticket 25895. + + o Minor features (testing): + - Add a unit test for voting_schedule_get_start_of_next_interval(). + Closes ticket 26014, and helps make unit test coverage + more deterministic. + - A new unittests module specifically for testing the functions in + the (new-ish) bridges.c module has been created with new + unittests, raising the code coverage percentages. Closes 25425. + - We now have improved testing for addressmap_get_virtual_address() + function. This should improve our test coverage, and make our test + coverage more deterministic. Closes ticket 25993. + + o Minor features (timekeeping, circuit scheduling): + - When keeping track of how busy each circuit have been recently on + a given connection, use coarse-grained monotonic timers rather + than gettimeofday(). This change should marginally increase + accuracy and performance. Implements part of ticket 25927. + + o Minor features (unit tests): + - Test complete bandwidth measurements files, and test that + incomplete bandwidth lines only give warnings when the end of the + header has not been detected. Fixes bug 25947; bugfix + on 0.2.2.1-alpha + + o Minor bugfixes (bandwidth management): + - Consider ourselves "low on write bandwidth" if we have exhausted + our write bandwidth some time in the last second. This was the + documented behavior before, but the actual behavior was to change + this value every TokenBucketRefillInterval. Fixes bug 25828; + bugfix on 0.2.3.5-alpha. + + o Minor bugfixes (C correctness): + - Add a missing lock acquisition in the shutdown code of the control + subsystem. Fixes bug 25675; bugfix on 0.2.7.3-rc. Found by + Coverity; this is CID 1433643. + + o Minor bugfixes (code style): + - Fixed multiple includes of transports.h in src/or/connection.c + Fixes bug 25261; bugfix on 0.2.5.1-alpha. + - Remove the unused variable n_possible from the function + channel_get_for_extend(). Fixes bug 25645; bugfix on 0.2.4.4-alpha + + o Minor bugfixes (compilation): + - Silence a spurious compiler warning on the GetAdaptersAddresses + function pointer cast. This issue is already fixed by 26481 in + 0.3.5 and later, by removing the lookup and cast. Fixes bug 27465; + bugfix on 0.2.3.11-alpha. + - Stop calling SetProcessDEPPolicy() on 64-bit Windows. It is not + supported, and always fails. Some compilers warn about the + function pointer cast on 64-bit Windows. Fixes bug 27461; bugfix + on 0.2.2.23-alpha. + - Fix a compilation warning on some versions of GCC when building + code that calls routerinfo_get_my_routerinfo() twice, assuming + that the second call will succeed if the first one did. Fixes bug + 26269; bugfix on 0.2.8.2-alpha. + - Refrain from compiling unit testing related object files when + --disable-unittests is set to configure script. Fixes bug 24891; + bugfix on 0.2.5.1-alpha. + - The --enable-fatal-warnings flag now affects Rust code as well. + Closes ticket 26245. + - Avoid a compiler warning when casting the return value of + smartlist_len() to double with DEBUG_SMARTLIST enabled. Fixes bug + 26283; bugfix on 0.2.4.10-alpha. + + o Minor bugfixes (compilation, windows): + - Don't link or search for pthreads when building for Windows, even + if we are using build environment (like mingw) that provides a + pthreads library. Fixes bug 27081; bugfix on 0.1.0.1-rc. + + o Minor bugfixes (continuous integration): + - Build with zstd on macOS. Fixes bug 27090; bugfix on 0.3.1.5-alpha. + - Skip a pair of unreliable key generation tests on Windows, until + the underlying issue in bug 26076 is resolved. Fixes bug 26830 and + bug 26853; bugfix on 0.2.7.3-rc and 0.3.2.1-alpha respectively. + + o Minor bugfixes (control port): + - Respond with more human-readable error messages to GETINFO exit- + policy/* requests. Also, let controller know if an error is + transient (response code 551) or not (response code 552). Fixes + bug 25852; bugfix on 0.2.8.1-alpha. + - Parse the "HSADDRESS=" parameter in HSPOST commands properly. + Previously, it was misparsed and ignored. Fixes bug 26523; bugfix + on 0.3.3.1-alpha. Patch by "akwizgran". + - Make CIRC_BW event reflect the total of all data sent on a + circuit, including padding and dropped cells. Also fix a mis- + counting bug when STREAM_BW events were enabled. Fixes bug 25400; + bugfix on 0.2.5.2-alpha. + + o Minor bugfixes (correctness, flow control): + - Upon receiving a stream-level SENDME cell, verify that our window + has not grown too large. Fixes bug 26214; bugfix on svn + r54 (pre-0.0.1) + + o Minor bugfixes (directory authority): + - When voting for recommended versions, make sure that all of the + versions are well-formed and parsable. Fixes bug 26485; bugfix + on 0.1.1.6-alpha. + + o Minor bugfixes (directory client): + - When unverified-consensus is verified, rename it to cached- + consenus. Fixes bug 4187; bugfix on 0.2.0.3-alpha. + - Fixed launching a certificate fetch always during the scheduled + periodic consensus fetch by fetching only in those cases when + consensus are waiting for certs. Fixes bug 24740; bugfix + on 0.2.9.1-alpha. + + o Minor bugfixes (error reporting): + - Improve tolerance for directory authorities with skewed clocks. + Previously, an authority with a clock more than 60 seconds ahead + could cause a client with a correct clock to warn that the + client's clock was behind. Now the clocks of a majority of + directory authorities have to be ahead of the client before this + warning will occur. Fixes bug 25756; bugfix on 0.2.2.25-alpha. + + o Minor bugfixes (in-process restart): + - Always call tor_free_all() when leaving tor_run_main(). When we + did not, restarting tor in-process would cause an assertion + failure. Fixes bug 26948; bugfix on 0.3.3.1-alpha. + + o Minor bugfixes (Linux seccomp2 sandbox): + - Fix a bug in our sandboxing rules for the openat() syscall. + Previously, no openat() call would be permitted, which would break + filesystem operations on recent glibc versions. Fixes bug 25440; + bugfix on 0.2.9.15. Diagnosis and patch from Daniel Pinto. + + o Minor bugfixes (logging): + - Improve the log message when connection initiators fail to + authenticate direct connections to relays. Fixes bug 26927; bugfix + on 0.3.0.1-alpha. + + o Minor bugfixes (onion services): + - Silence a spurious compiler warning in + rend_client_send_introduction(). Fixes bug 27463; bugfix + on 0.1.1.2-alpha. + - Fix bug that causes services to not ever rotate their descriptors + if they were getting SIGHUPed often. Fixes bug 26932; bugfix + on 0.3.2.1-alpha. + - Recompute some consensus information after detecting a clock jump, + or after transitioning from a non-live consensus to a live + consensus. We do this to avoid having an outdated state, and + miscalculating the index for next-generation onion services. Fixes + bug 24977; bugfix on 0.3.2.1-alpha. + + o Minor bugfixes (portability): + - Fix compilation of the unit tests on GNU/Hurd, which does not + define PATH_MAX. Fixes bug 26873; bugfix on 0.3.3.1-alpha. Patch + from "paulusASol". + - Work around two different bugs in the OS X 10.10 and later SDKs + that would prevent us from successfully targeting earlier versions + of OS X. Fixes bug 26876; bugfix on 0.3.3.1-alpha. + - Do not align mmap length, as it is not required by POSIX, and the + getpagesize function is deprecated. Fixes bug 25399; bugfix + on 0.1.1.23. + + o Minor bugfixes (portability, FreeBSD): + - In have_enough_mem_for_dircache(), the variable DIRCACHE_MIN_MEM_MB + does not stringify on FreeBSD, so we switch to tor_asprintf(). + Fixes bug 20887; bugfix on 0.2.8.1-alpha. Patch by Neel Chauhan. + + o Minor bugfixes (relay statistics): + - When a relay is collecting internal statistics about how many + create cell requests it has seen of each type, accurately count + the requests from relays that temporarily fall out of the + consensus. (To be extra conservative, we were already ignoring + requests from clients in our counts, and we continue ignoring them + here.) Fixes bug 24910; bugfix on 0.2.4.17-rc. + + o Minor bugfixes (rust): + - Backport test_rust.sh from master. Fixes bug 26497; bugfix + on 0.3.1.5-alpha. + - Protover parsing was accepting the presence of whitespace in + version strings, which the C implementation would choke on, e.g. + "Desc=1\t,2". Fixes bug 27177; bugfix on 0.3.3.5-rc. + - Protover parsing was ignoring a 2nd hyphen and everything after + it, accepting entries like "Link=1-5-foo". Fixes bug 27164; bugfix + on 0.3.3.1-alpha. + - Stop setting $CARGO_HOME. cargo will use the user's $CARGO_HOME, or + $HOME/.cargo by default. Fixes bug 26497; bugfix on 0.3.1.5-alpha. + - cd to ${abs_top_builddir}/src/rust before running cargo in + src/test/test_rust.sh. This makes the working directory consistent + between builds and tests. Fixes bug 26497; bugfix on 0.3.3.2-alpha. + + o Minor bugfixes (single onion services, Tor2web): + - Log a protocol warning when single onion services or Tor2web + clients fail to authenticate direct connections to relays. Fixes + bug 26924; bugfix on 0.2.9.1-alpha. + + o Minor bugfixes (test coverage tools): + - Update our "cov-diff" script to handle output from the latest + version of gcov, and to remove extraneous timestamp information + from its output. Fixes bugs 26101 and 26102; bugfix + on 0.2.5.1-alpha. + + o Minor bugfixes (testing): + - Disable core dumps in test_bt.sh, to avoid failures in "make + distcheck". Fixes bug 26787; bugfix on 0.2.5.2-alpha. + - When testing workqueue event-cancellation, make sure that we + actually cancel an event, and that cancel each event with equal + probability. (It was previously possible, though extremely + unlikely, for our event-canceling test not to cancel any events.) + Fixes bug 26008; bugfix on 0.2.6.3-alpha. + - Repeat part of the test in test_client_pick_intro() a number of + times, to give it consistent coverage. Fixes bug 25996; bugfix + on 0.3.2.1-alpha. + - Remove randomness from the hs_common/responsible_hsdirs test, so + that it always takes the same path through the function it tests. + Fixes bug 25997; bugfix on 0.3.2.1-alpha. + - Change the behavior of the "channel/outbound" test so that it + never causes a 10-second rollover for the EWMA circuitmux code. + Previously, this behavior would happen randomly, and result in + fluctuating test coverage. Fixes bug 25994; bugfix + on 0.3.3.1-alpha. + - Use X509_new() to allocate certificates that will be freed later + with X509_free(). Previously, some parts of the unit tests had + used tor_malloc_zero(), which is incorrect, and which caused test + failures on Windows when they were built with extra hardening. + Fixes bugs 25943 and 25944; bugfix on 0.2.8.1-alpha. Patch by + Marcin Cieślak. + - While running the circuit_timeout test, fix the PRNG to a + deterministic AES stream, so that the test coverage from this test + will itself be deterministic. Fixes bug 25995; bugfix + on 0.2.2.2-alpha. + + o Minor bugfixes (testing, bootstrap): + - When calculating bootstrap progress, check exit policies and the + exit flag. Previously, Tor would only check the exit flag, which + caused race conditions in small and fast networks like chutney. + Fixes bug 27236; bugfix on 0.2.6.3-alpha. + + o Minor bugfixes (testing, chutney): + - When running make test-network-all, use the mixed+hs-v2 network. + (A previous fix to chutney removed v3 onion services from the + mixed+hs-v23 network, so seeing "mixed+hs-v23" in tests is + confusing.) Fixes bug 27345; bugfix on 0.3.2.1-alpha. + - Before running make test-network-all, delete old logs and test + result files, to avoid spurious failures. Fixes bug 27295; bugfix + on 0.2.7.3-rc. + + o Minor bugfixes (testing, openssl compatibility): + - Our "tortls/cert_matches_key" unit test no longer relies on + OpenSSL internals. Previously, it relied on unsupported OpenSSL + behavior in a way that caused it to crash with OpenSSL 1.0.2p. + Fixes bug 27226; bugfix on 0.2.5.1-alpha. + + o Minor bugfixes (v3 onion services): + - Stop sending ed25519 link specifiers in v3 onion service introduce + cells and descriptors, when the rendezvous or introduction point + doesn't support ed25519 link authentication. Fixes bug 26627; + bugfix on 0.3.2.4-alpha. + + o Minor bugfixes (vanguards): + - Allow the last hop in a vanguard circuit to be the same as our + first, to prevent the adversary from influencing guard node choice + by choice of last hop. Also prevent the creation of A - B - A + paths, or A - A paths, which are forbidden by relays. Fixes bug + 25870; bugfix on 0.3.3.1-alpha. + + o Minor bugfixes (Windows, compilation): + - Silence a compilation warning on MSVC 2017 and clang-cl. Fixes bug + 27185; bugfix on 0.2.2.2-alpha. + + o Code simplification and refactoring: + - Remove duplicate code in parse_{c,s}method_line and bootstrap + their functionalities into a single function. Fixes bug 6236; + bugfix on 0.2.3.6-alpha. + - We remove the PortForwsrding and PortForwardingHelper options, + related functions, and the port_forwarding tests. These options + were used by the now-deprecated Vidalia to help ordinary users + become Tor relays or bridges. Closes ticket 25409. Patch by + Neel Chauhan. + - In order to make the OR and dir checking function in router.c less + confusing we renamed some functions and + consider_testing_reachability() has been split into + router_should_check_reachability() and + router_do_reachability_checks(). Also we improved the documentation + in some functions. Closes ticket 18918. + - Initial work to isolate Libevent usage to a handful of modules in + our codebase, to simplify our call structure, and so that we can + more easily change event loops in the future if needed. Closes + ticket 23750. + - Introduce a function to call getsockname() and return tor_addr_t, + to save a little complexity throughout the codebase. Closes + ticket 18105. + - Make hsdir_index in node_t a hsdir_index_t rather than a pointer + as hsdir_index is always present. Also, we move hsdir_index_t into + or.h. Closes ticket 23094. Patch by Neel Chauhan. + - Merge functions used for describing nodes and suppress the + functions that do not allocate memory for the output buffer + string. NODE_DESC_BUF_LEN constant and format_node_description() + function cannot be used externally from router.c module anymore. + Closes ticket 25432. Patch by valentecaio. + - Our main loop has been simplified so that all important operations + happen inside events. Previously, some operations had to happen + outside the event loop, to prevent infinite sequences of event + activations. Closes ticket 25374. + - Put a SHA1 public key digest in hs_service_intro_point_t, and use + it in register_intro_circ() and service_intro_point_new(). This + prevents the digest from being re-calculated each time. Closes + ticket 23107. Patch by Neel Chauhan. + - Refactor token-bucket implementations to use a common backend. + Closes ticket 25766. + - Remove extern declaration of stats_n_seconds_working variable from + main, protecting its accesses with get_uptime() and reset_uptime() + functions. Closes ticket 25081, patch by “valentecaio”. + - Remove our previous logic for "cached gettimeofday()" -- our + coarse monotonic timers are fast enough for this purpose, and far + less error-prone. Implements part of ticket 25927. + - Remove the return value for fascist_firewall_choose_address_base(), + and sister functions such as fascist_firewall_choose_address_node() + and fascist_firewall_choose_address_rs(). Also, while we're here, + initialize the ap argument as leaving it uninitialized can pose a + security hazard. Closes ticket 24734. Patch by Neel Chauhan. + - Rename two fields of connection_t struct. timestamp_lastwritten is + renamed to timestamp_last_write_allowed and timestamp_lastread is + renamed to timestamp_last_read_allowed. Closes ticket 24714, patch + by "valentecaio". + - Since Tor requires C99, remove our old workaround code for libc + implementations where free(NULL) doesn't work. Closes ticket 24484. + - Use our standard rate-limiting code to deal with excessive + libevent failures, rather than the hand-rolled logic we had + before. Closes ticket 26016. + - We remove the return value of node_get_prim_orport() and + node_get_prim_dirport(), and introduce node_get_prim_orport() in + node_ipv6_or_preferred() and node_ipv6_dir_preferred() in order to + check for a null address. Closes ticket 23873. Patch by + Neel Chauhan. + - We switch to should_record_bridge_info() in + geoip_note_client_seen() and options_need_geoip_info() instead of + accessing the configuration values directly. Fixes bug 25290; + bugfix on 0.2.1.6-alpha. Patch by Neel Chauhan. + + o Deprecated features: + - As we are not recommending 0.2.5 anymore, we require relays that + once had an ed25519 key associated with their RSA key to always + have that key, instead of allowing them to drop back to a version + that didn't support ed25519. This means they need to use a new RSA + key if the want to downgrade to an older version of tor without + ed25519. Closes ticket 20522. + + o Removed features: + - Directory authorities will no longer support voting according to + any consensus method before consensus method 25. This keeps + authorities compatible with all authorities running 0.2.9.8 and + later, and does not break any clients or relays. Implements ticket + 24378 and proposal 290. + - The PortForwarding and PortForwardingHelper features have been + removed. The reasoning is, given that implementations of NAT + traversal protocols within common consumer grade routers are + frequently buggy, and that the target audience for a NAT punching + feature is a perhaps less-technically-inclined relay operator, + when the helper fails to setup traversal the problems are usually + deep, ugly, and very router specific, making them horrendously + impossible for technical support to reliable assist with, and thus + resulting in frustration all around. Unfortunately, relay + operators who would like to run relays behind NATs will need to + become more familiar with the port forwarding configurations on + their local router. Closes 25409. + - The TestingEnableTbEmptyEvent option has been removed. It was used + in testing simulations to measure how often connection buckets + were emptied, in order to improve our scheduling, but it has not + been actively used in years. Closes ticket 25760. + - The old "round-robin" circuit multiplexer (circuitmux) + implementation has been removed, along with a fairly large set of + code that existed to support it. It has not been the default + circuitmux since we introduced the "EWMA" circuitmux in 0.2.4.x, + but it still required an unreasonable amount of memory and CPU. + Closes ticket 25268. + + +Changes in version 0.3.3.9 - 2018-07-13 + Tor 0.3.3.9 moves to a new bridge authority, meaning people running + bridge relays should upgrade. + + o Directory authority changes: + - The "Bifroest" bridge authority has been retired; the new bridge + authority is "Serge", and it is operated by George from the + TorBSD project. Closes ticket 26771. + + +Changes in version 0.3.2.11 - 2018-07-13 + Tor 0.3.2.11 moves to a new bridge authority, meaning people running + bridge relays should upgrade. We also take this opportunity to backport + other minor fixes. + + o Directory authority changes: + - The "Bifroest" bridge authority has been retired; the new bridge + authority is "Serge", and it is operated by George from the + TorBSD project. Closes ticket 26771. + + o Directory authority changes (backport from 0.3.3.7): + - Add an IPv6 address for the "dannenberg" directory authority. + Closes ticket 26343. + + o Major bugfixes (directory authorities, backport from 0.3.4.1-alpha): + - When directory authorities read a zero-byte bandwidth file, they + would previously log a warning with the contents of an + uninitialised buffer. They now log a warning about the empty file + instead. Fixes bug 26007; bugfix on 0.2.2.1-alpha. + + o Major bugfixes (onion service, backport from 0.3.4.1-alpha): + - Correctly detect when onion services get disabled after HUP. Fixes + bug 25761; bugfix on 0.3.2.1. + + o Minor features (sandbox, backport from 0.3.3.4-alpha): + - Explicitly permit the poll() system call when the Linux + seccomp2-based sandbox is enabled: apparently, some versions of + libc use poll() when calling getpwnam(). Closes ticket 25313. + + o Minor feature (continuous integration, backport from 0.3.3.5-rc): + - Update the Travis CI configuration to use the stable Rust channel, + now that we have decided to require that. Closes ticket 25714. + + o Minor features (continuous integration, backport from 0.3.4.1-alpha): + - Our .travis.yml configuration now includes support for testing the + results of "make distcheck". (It's not uncommon for "make check" + to pass but "make distcheck" to fail.) Closes ticket 25814. + - Our Travis CI configuration now integrates with the Coveralls + coverage analysis tool. Closes ticket 25818. + + o Minor features (relay, diagnostic, backport from 0.3.4.3-alpha): + - Add several checks to detect whether Tor relays are uploading + their descriptors without specifying why they regenerated them. + Diagnostic for ticket 25686. + + o Minor features (compilation, backport from 0.3.4.4-rc): + - When building Tor, prefer to use Python 3 over Python 2, and more + recent (contemplated) versions over older ones. Closes + ticket 26372. + + o Minor features (geoip): + - Update geoip and geoip6 to the July 3 2018 Maxmind GeoLite2 + Country database. Closes ticket 26674. + + o Minor bugfixes (correctness, client, backport from 0.3.4.1-alpha): + - Upon receiving a malformed connected cell, stop processing the + cell immediately. Previously we would mark the connection for + close, but continue processing the cell as if the connection were + open. Fixes bug 26072; bugfix on 0.2.4.7-alpha. + + o Minor bugfixes (Linux seccomp2 sandbox, backport from 0.3.4.1-alpha): + - Allow the nanosleep() system call, which glibc uses to implement + sleep() and usleep(). Fixes bug 24969; bugfix on 0.2.5.1-alpha. + + o Minor bugfixes (testing, compatibility, backport from 0.3.4.4-rc): + - When running the hs_ntor_ref.py test, make sure only to pass + strings (rather than "bytes" objects) to the Python subprocess + module. Python 3 on Windows seems to require this. Fixes bug + 26535; bugfix on 0.3.1.1-alpha. + - When running the ntor_ref.py test, make sure only to pass strings + (rather than "bytes" objects) to the Python subprocess module. + Python 3 on Windows seems to require this. Fixes bug 26535; bugfix + on 0.2.5.5-alpha. + + o Minor bugfixes (compatibility, openssl, backport from 0.3.4.2-alpha): + - Work around a change in OpenSSL 1.1.1 where return values that + would previously indicate "no password" now indicate an empty + password. Without this workaround, Tor instances running with + OpenSSL 1.1.1 would accept descriptors that other Tor instances + would reject. Fixes bug 26116; bugfix on 0.2.5.16. + + o Minor bugfixes (documentation, backport from 0.3.3.5-rc): + - Document that the PerConnBW{Rate,Burst} options will fall back to + their corresponding consensus parameters only if those parameters + are set. Previously we had claimed that these values would always + be set in the consensus. Fixes bug 25296; bugfix on 0.2.2.7-alpha. + + o Minor bugfixes (compilation, backport from 0.3.4.4-rc): + - Fix a compilation warning on some versions of GCC when building + code that calls routerinfo_get_my_routerinfo() twice, assuming + that the second call will succeed if the first one did. Fixes bug + 26269; bugfix on 0.2.8.2-alpha. + + o Minor bugfixes (client, backport from 0.3.4.1-alpha): + - Don't consider Tor running as a client if the ControlPort is open, + but no actual client ports are open. Fixes bug 26062; bugfix + on 0.2.9.4-alpha. + + o Minor bugfixes (hardening, backport from 0.3.4.2-alpha): + - Prevent a possible out-of-bounds smartlist read in + protover_compute_vote(). Fixes bug 26196; bugfix on 0.2.9.4-alpha. + + o Minor bugfixes (C correctness, backport from 0.3.3.4-alpha): + - Fix a very unlikely (impossible, we believe) null pointer + dereference. Fixes bug 25629; bugfix on 0.2.9.15. Found by + Coverity; this is CID 1430932. + + o Minor bugfixes (onion service, backport from 0.3.4.1-alpha): + - Fix a memory leak when a v3 onion service is configured and gets a + SIGHUP signal. Fixes bug 25901; bugfix on 0.3.2.1-alpha. + - When parsing the descriptor signature, look for the token plus an + extra white-space at the end. This is more correct but also will + allow us to support new fields that might start with "signature". + Fixes bug 26069; bugfix on 0.3.0.1-alpha. + + o Minor bugfixes (relay, backport from 0.3.4.3-alpha): + - Relays now correctly block attempts to re-extend to the previous + relay by Ed25519 identity. Previously they would warn in this + case, but not actually reject the attempt. Fixes bug 26158; bugfix + on 0.3.0.1-alpha. + + o Minor bugfixes (relay, crash, backport from 0.3.4.1-alpha): + - Avoid a crash when running with DirPort set but ORPort turned off. + Fixes a case of bug 23693; bugfix on 0.3.1.1-alpha. + + o Minor bugfixes (compilation, backport from 0.3.4.2-alpha): + - Silence unused-const-variable warnings in zstd.h with some GCC + versions. Fixes bug 26272; bugfix on 0.3.1.1-alpha. + + o Minor bugfixes (testing, backport from 0.3.3.4-alpha): + - Avoid intermittent test failures due to a test that had relied on + onion service introduction point creation finishing within 5 + seconds of real clock time. Fixes bug 25450; bugfix + on 0.3.1.3-alpha. + + o Minor bugfixes (compilation, backport from 0.3.3.4-alpha): + - Fix a C99 compliance issue in our configuration script that caused + compilation issues when compiling Tor with certain versions of + xtools. Fixes bug 25474; bugfix on 0.3.2.5-alpha. + + o Minor bugfixes (memory, correctness, backport from 0.3.4.4-rc): + - Fix a number of small memory leaks identified by coverity. Fixes + bug 26467; bugfix on numerous Tor versions. + + o Code simplification and refactoring (backport from 0.3.3.5-rc): + - Move the list of default directory authorities to its own file. + Closes ticket 24854. Patch by "beastr0". + + +Changes in version 0.2.9.16 - 2018-07-13 + Tor 0.2.9.16 moves to a new bridge authority, meaning people running + bridge relays should upgrade. We also take this opportunity to backport + other minor fixes. + + o Directory authority changes: + - The "Bifroest" bridge authority has been retired; the new bridge + authority is "Serge", and it is operated by George from the + TorBSD project. Closes ticket 26771. + + o Directory authority changes (backport from 0.3.3.7): + - Add an IPv6 address for the "dannenberg" directory authority. + Closes ticket 26343. + + o Major bugfixes (directory authorities, backport from 0.3.4.1-alpha): + - When directory authorities read a zero-byte bandwidth file, they + would previously log a warning with the contents of an + uninitialised buffer. They now log a warning about the empty file + instead. Fixes bug 26007; bugfix on 0.2.2.1-alpha. + + o Minor features (sandbox, backport from 0.3.3.4-alpha): + - Explicitly permit the poll() system call when the Linux + seccomp2-based sandbox is enabled: apparently, some versions of + libc use poll() when calling getpwnam(). Closes ticket 25313. + + o Minor features (continuous integration, backport from 0.3.4.1-alpha): + - Our .travis.yml configuration now includes support for testing the + results of "make distcheck". (It's not uncommon for "make check" + to pass but "make distcheck" to fail.) Closes ticket 25814. + - Our Travis CI configuration now integrates with the Coveralls + coverage analysis tool. Closes ticket 25818. + + o Minor features (compilation, backport from 0.3.4.4-rc): + - When building Tor, prefer to use Python 3 over Python 2, and more + recent (contemplated) versions over older ones. Closes + ticket 26372. + + o Minor features (geoip): + - Update geoip and geoip6 to the July 3 2018 Maxmind GeoLite2 + Country database. Closes ticket 26674. + + o Minor bugfixes (correctness, client, backport from 0.3.4.1-alpha): + - Upon receiving a malformed connected cell, stop processing the + cell immediately. Previously we would mark the connection for + close, but continue processing the cell as if the connection were + open. Fixes bug 26072; bugfix on 0.2.4.7-alpha. + + o Minor bugfixes (Linux seccomp2 sandbox, backport from 0.3.4.1-alpha): + - Allow the nanosleep() system call, which glibc uses to implement + sleep() and usleep(). Fixes bug 24969; bugfix on 0.2.5.1-alpha. + + o Minor bugfixes (testing, compatibility, backport from 0.3.4.4-rc): + - When running the ntor_ref.py test, make sure only to pass strings + (rather than "bytes" objects) to the Python subprocess module. + Python 3 on Windows seems to require this. Fixes bug 26535; bugfix + on 0.2.5.5-alpha. + + o Minor bugfixes (compatibility, openssl, backport from 0.3.4.2-alpha): + - Work around a change in OpenSSL 1.1.1 where return values that + would previously indicate "no password" now indicate an empty + password. Without this workaround, Tor instances running with + OpenSSL 1.1.1 would accept descriptors that other Tor instances + would reject. Fixes bug 26116; bugfix on 0.2.5.16. + + o Minor bugfixes (compilation, backport from 0.3.4.4-rc): + - Fix a compilation warning on some versions of GCC when building + code that calls routerinfo_get_my_routerinfo() twice, assuming + that the second call will succeed if the first one did. Fixes bug + 26269; bugfix on 0.2.8.2-alpha. + + o Minor bugfixes (client, backport from 0.3.4.1-alpha): + - Don't consider Tor running as a client if the ControlPort is open, + but no actual client ports are open. Fixes bug 26062; bugfix + on 0.2.9.4-alpha. + + o Minor bugfixes (hardening, backport from 0.3.4.2-alpha): + - Prevent a possible out-of-bounds smartlist read in + protover_compute_vote(). Fixes bug 26196; bugfix on 0.2.9.4-alpha. + + o Minor bugfixes (C correctness, backport from 0.3.3.4-alpha): + - Fix a very unlikely (impossible, we believe) null pointer + dereference. Fixes bug 25629; bugfix on 0.2.9.15. Found by + Coverity; this is CID 1430932. + + o Minor bugfixes (memory, correctness, backport from 0.3.4.4-rc): + - Fix a number of small memory leaks identified by coverity. Fixes + bug 26467; bugfix on numerous Tor versions. + + o Code simplification and refactoring (backport from 0.3.3.5-rc): + - Move the list of default directory authorities to its own file. + Closes ticket 24854. Patch by "beastr0". + + +Changes in version 0.3.3.8 - 2018-07-09 + Tor 0.3.3.8 backports several changes from the 0.3.4.x series, including + fixes for a memory leak affecting directory authorities. + + o Major bugfixes (directory authority, backport from 0.3.4.3-alpha): + - Stop leaking memory on directory authorities when planning to + vote. This bug was crashing authorities by exhausting their + memory. Fixes bug 26435; bugfix on 0.3.3.6. + + o Major bugfixes (rust, testing, backport from 0.3.4.3-alpha): + - Make sure that failing tests in Rust will actually cause the build + to fail: previously, they were ignored. Fixes bug 26258; bugfix + on 0.3.3.4-alpha. + + o Minor features (compilation, backport from 0.3.4.4-rc): + - When building Tor, prefer to use Python 3 over Python 2, and more + recent (contemplated) versions over older ones. Closes + ticket 26372. + + o Minor features (geoip): + - Update geoip and geoip6 to the July 3 2018 Maxmind GeoLite2 + Country database. Closes ticket 26674. + + o Minor features (relay, diagnostic, backport from 0.3.4.3-alpha): + - Add several checks to detect whether Tor relays are uploading + their descriptors without specifying why they regenerated them. + Diagnostic for ticket 25686. + + o Minor bugfixes (circuit path selection, backport from 0.3.4.1-alpha): + - Don't count path selection failures as circuit build failures. + This change should eliminate cases where Tor blames its guard or + the network for situations like insufficient microdescriptors + and/or overly restrictive torrc settings. Fixes bug 25705; bugfix + on 0.3.3.1-alpha. + + o Minor bugfixes (compilation, backport from 0.3.4.4-rc): + - Fix a compilation warning on some versions of GCC when building + code that calls routerinfo_get_my_routerinfo() twice, assuming + that the second call will succeed if the first one did. Fixes bug + 26269; bugfix on 0.2.8.2-alpha. + + o Minor bugfixes (control port, backport from 0.3.4.4-rc): + - Handle the HSADDRESS= argument to the HSPOST command properly. + (Previously, this argument was misparsed and thus ignored.) Fixes + bug 26523; bugfix on 0.3.3.1-alpha. Patch by "akwizgran". + + o Minor bugfixes (memory, correctness, backport from 0.3.4.4-rc): + - Fix a number of small memory leaks identified by coverity. Fixes + bug 26467; bugfix on numerous Tor versions. + + o Minor bugfixes (relay, backport from 0.3.4.3-alpha): + - Relays now correctly block attempts to re-extend to the previous + relay by Ed25519 identity. Previously they would warn in this + case, but not actually reject the attempt. Fixes bug 26158; bugfix + on 0.3.0.1-alpha. + + o Minor bugfixes (restart-in-process, backport from 0.3.4.1-alpha): + - When shutting down, Tor now clears all the flags in the control.c + module. This should prevent a bug where authentication cookies are + not generated on restart. Fixes bug 25512; bugfix on 0.3.3.1-alpha. + + o Minor bugfixes (testing, compatibility, backport from 0.3.4.4-rc): + - When running the hs_ntor_ref.py test, make sure only to pass + strings (rather than "bytes" objects) to the Python subprocess + module. Python 3 on Windows seems to require this. Fixes bug + 26535; bugfix on 0.3.1.1-alpha. + - When running the ntor_ref.py test, make sure only to pass strings + (rather than "bytes" objects) to the Python subprocess module. + Python 3 on Windows seems to require this. Fixes bug 26535; bugfix + on 0.2.5.5-alpha. + + Changes in version 0.3.3.7 - 2018-06-12 Tor 0.3.3.7 backports several changes from the 0.3.4.x series, including fixes for bugs affecting compatibility and stability. @@ -562,7 +1756,7 @@ Changes in version 0.3.3.6 - 2018-05-22 hop. Fixes bug 23100; bugfix on 0.2.2.2-alpha. o Minor bugfixes (relay, crash, backport from 0.3.4.1-alpha): - - Avoid a crash when running with DirPort set but ORPort tuned off. + - Avoid a crash when running with DirPort set but ORPort turned off. Fixes a case of bug 23693; bugfix on 0.3.1.1-alpha. o Minor bugfixes (Rust FFI): @@ -12405,7 +13599,7 @@ Changes in version 0.2.1.31 - 2011-10-26 circuit EXTEND request. Now relays can protect clients from the CVE-2011-2768 issue even if the clients haven't upgraded yet. - Bridges now refuse CREATE or CREATE_FAST cells on OR connections - that they initiated. Relays could distinguish incoming bridge + that they initiated. Relays could distinguish incoming bridge connections from client connections, creating another avenue for enumerating bridges. Fixes CVE-2011-2769. Bugfix on 0.2.0.3-alpha. Found by "frosty_un". @@ -19024,4 +20218,3 @@ Changes in version 0.0.2pre13 - 2003-10-19 - If --DebugLogFile is specified, log to it at -l debug - If --LogFile is specified, use it instead of commandline - If --RunAsDaemon is set, tor forks and backgrounds on startup - diff --git a/changes/27286 b/changes/27286 deleted file mode 100644 index 5f5f7a4ae7..0000000000 --- a/changes/27286 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (directory authorities): - - Authorities no longer vote to make the subprotocol version "LinkAuth=1" - a requirement: it is unsupportable with NSS, and hasn't been needed - since Tor 0.3.0.1-alpha. Closes ticket 27286. diff --git a/changes/bug20424_029_minimal b/changes/bug20424_029_minimal deleted file mode 100644 index eb7886233e..0000000000 --- a/changes/bug20424_029_minimal +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (compilation): - - When compiling with --enable-openbsd-malloc or --enable-tcmalloc, tell - the compiler not to include the system malloc implementation. Fixes bug - 20424; bugfix on 0.2.0.20-rc. diff --git a/changes/bug24104 b/changes/bug24104 deleted file mode 100644 index ca2a3537fa..0000000000 --- a/changes/bug24104 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfix (relay statistics): - - Update relay descriptor on bandwidth changes only when the uptime is - smaller than 24h in order to reduce the efficiency of guard discovery - attacks. Fixes bug 24104; bugfix on 0.1.1.6-alpha. diff --git a/changes/bug24891 b/changes/bug24891 deleted file mode 100644 index 403b2b1123..0000000000 --- a/changes/bug24891 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (compilation): - - Refrain from compiling unit testing related object files - when --disable-unittests is set to configure script. - Fixes bug 24891; bugfix on 0.2.5.1-alpha. diff --git a/changes/bug24977 b/changes/bug24977 deleted file mode 100644 index f8127a2a73..0000000000 --- a/changes/bug24977 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (onion services): - - Recompute some consensus information after clock skews or when we - transition from a non-live consensus to a live consensus. We do this to - avoid having an outdated state which could impact next-generation onion - services. Fixes bug 24977; bugfix on 0.3.2.1-alpha. diff --git a/changes/bug25440 b/changes/bug25440 deleted file mode 100644 index f8d9dd4fab..0000000000 --- a/changes/bug25440 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (linux seccomp2 sandbox): - - Fix a bug in out sandboxing rules for the openat() syscall. - Previously, no openat() call would be permitted, which would break - filesystem operations on recent glibc versions. Fixes bug 25440; - bugfix on 0.2.9.15. Diagnosis and patch from Daniel Pinto. diff --git a/changes/bug25505 b/changes/bug25505 deleted file mode 100644 index 101c7d5246..0000000000 --- a/changes/bug25505 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (netflow padding): - - Ensure circuitmux queues are empty before scheduling or sending padding. - Fixes bug 25505; bugfix on 0.3.1.1-alpha. diff --git a/changes/bug25686_diagnostic b/changes/bug25686_diagnostic deleted file mode 100644 index 96323145d8..0000000000 --- a/changes/bug25686_diagnostic +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (relay, diagnostic): - - Add several checks to detect whether Tor relays are uploading their - descriptors without specifying why they regenerated. Diagnostic for - ticket 25686. diff --git a/changes/bug25787 b/changes/bug25787 deleted file mode 100644 index 3041e8a603..0000000000 --- a/changes/bug25787 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes (testing): - - Instead of trying to read the geoip configuration files from within the - unit tests, instead create our own ersatz files with just enough - geoip data in the format we expect. Trying to read from the source - directory created problems on Windows with mingw, where the - build system's paths are not the same as the platform's paths. - Fixes bug 25787; bugfix on 0.3.4.1-alpha. diff --git a/changes/bug26158 b/changes/bug26158 deleted file mode 100644 index 0d74cf1167..0000000000 --- a/changes/bug26158 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (relay): - - Relays now correctly block attempts to re-extend to the previous - relay by Ed25519 identity. Previously they would warn in this case, - but not actually reject the attempt. Fixes bug 26158; bugfix on - 0.3.0.1-alpha. diff --git a/changes/bug26196 b/changes/bug26196 deleted file mode 100644 index e63f09a2d6..0000000000 --- a/changes/bug26196 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes (testing, compilation): - - Refrain from trying to get an item from empty smartlist in - test_bridges_clear_bridge_list. Set DEBUG_SMARTLIST in unit - tests to catch improper smartlist usage. Furthermore, - enable DEBUG_SMARTLIST globally when build is configured - with fragile hardening. Fixes bug 26196; bugfix on - 0.3.4.1-alpha. diff --git a/changes/bug26214 b/changes/bug26214 deleted file mode 100644 index 4277b9c6ec..0000000000 --- a/changes/bug26214 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (correctness, flow control): - - Upon receiving a stream-level SENDME cell, verify that our window has - not grown too large. Fixes bug 26214; bugfix on svn r54 (pre-0.0.1) diff --git a/changes/bug26245 b/changes/bug26245 deleted file mode 100644 index 7a14cea0bc..0000000000 --- a/changes/bug26245 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (compilation): - o The --enable-fatal-warnings flag now affects Rust code as well. - Closes ticket 26245. diff --git a/changes/bug26258_033 b/changes/bug26258_033 deleted file mode 100644 index ceca383335..0000000000 --- a/changes/bug26258_033 +++ /dev/null @@ -1,4 +0,0 @@ - o Major bugfixes (rust, testing): - - Fix a bug where a failure in the rust unit tests would not actually - cause the build to fail. Fixes bug 26258; bugfix on 0.3.3.4-alpha. - diff --git a/changes/bug26269 b/changes/bug26269 deleted file mode 100644 index 73dcdbf5c5..0000000000 --- a/changes/bug26269 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (compilation): - - Fix a compilation warning on some versions of GCC when - building code that calls routerinfo_get_my_routerinfo() twice, - assuming that the second call will succeed if the first one did. - Fixes bug 26269; bugfix on 0.2.8.2-alpha. diff --git a/changes/bug26402 b/changes/bug26402 deleted file mode 100644 index b21283a2d2..0000000000 --- a/changes/bug26402 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (compilation): - - When linking the libtor_testing.a library, only include the dirauth - object files once. Previously, they were getting added twice. - Fixes bug 26402; bugfix on 0.3.4.1-alpha. diff --git a/changes/bug26415 b/changes/bug26415 deleted file mode 100644 index 497fbb7365..0000000000 --- a/changes/bug26415 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (testing): - - Fix compilation of the doctests in the Rust crypto crate. Fixes - bug 26415; bugfix on 0.3.4.1-alpha. diff --git a/changes/bug26435 b/changes/bug26435 deleted file mode 100644 index f66c503dd5..0000000000 --- a/changes/bug26435 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes (directory authority): - - Fix a memory leak where directory authorities would leak a chunk - of memory for every router descriptor every time they considered - voting. This bug was taking down directory authorities due to - out-of-memory issues. Fixes bug 26435; bugfix on 0.3.3.6. diff --git a/changes/bug26470 b/changes/bug26470 deleted file mode 100644 index 854ec7ea72..0000000000 --- a/changes/bug26470 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (HTTP tunnel): - - Fix a bug warning when closing an HTTP tunnel connection due to - an HTTP request we couldn't handle. Fixes bug 26470; bugfix on - 0.3.2.1-alpha. diff --git a/changes/bug26485 b/changes/bug26485 deleted file mode 100644 index 5a40b7a78e..0000000000 --- a/changes/bug26485 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (directory authority): - - When voting for recommended versions, make sure that all of the - versions are well-formed and parsable. Fixes bug 26485; bugfix on - 0.1.1.6-alpha. diff --git a/changes/bug26497 b/changes/bug26497 deleted file mode 100644 index d0c05ff3e4..0000000000 --- a/changes/bug26497 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (rust): - - Stop setting $CARGO_HOME. cargo will use the user's $CARGO_HOME, or - $HOME/.cargo by default. Fixes bug 26497; bugfix on 0.3.1.5-alpha. diff --git a/changes/bug26497-backport b/changes/bug26497-backport deleted file mode 100644 index 1d86e01bf3..0000000000 --- a/changes/bug26497-backport +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (rust): - - Backport test_rust.sh from master. - Fixes bug 26497; bugfix on 0.3.1.5-alpha. diff --git a/changes/bug26497-cd b/changes/bug26497-cd deleted file mode 100644 index 37bf1bc956..0000000000 --- a/changes/bug26497-cd +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (rust): - - cd to ${abs_top_builddir}/src/rust before running cargo in - src/test/test_rust.sh. This makes the working directory consistent - between builds and tests. Fixes bug 26497; bugfix on 0.3.3.2-alpha. diff --git a/changes/bug26523 b/changes/bug26523 deleted file mode 100644 index a739d240e9..0000000000 --- a/changes/bug26523 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (hidden service, control port): - - The HSPOST command wasn't parsing properly the HSADDRESS= parameter and - thus not using it. It now handles it correctly. Fixes bug 26523; bugfix on - 0.3.3.1-alpha. Patch by "akwizgran". - diff --git a/changes/bug26535.029 b/changes/bug26535.029 deleted file mode 100644 index 111b539f17..0000000000 --- a/changes/bug26535.029 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (testing, compatibility): - - When running the ntor_ref.py test, make sure only to pass strings - (rather than "bytes" objects) to the Python subprocess module. - Python 3 on Windows seems to require this. Fixes bug 26535; bugfix on - 0.2.5.5-alpha. diff --git a/changes/bug26535.032 b/changes/bug26535.032 deleted file mode 100644 index 395d08d816..0000000000 --- a/changes/bug26535.032 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (testing, compatibility): - - When running the hs_ntor_ref.py test, make sure only to pass strings - (rather than "bytes" objects) to the Python subprocess module. - Python 3 on Windows seems to require this. Fixes bug 26535; bugfix on - 0.3.1.1-alpha. diff --git a/changes/bug26568 b/changes/bug26568 deleted file mode 100644 index 0c4c05d043..0000000000 --- a/changes/bug26568 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (controller): - - Report the port correctly when a port is configured to bind to "auto". - Fixes bug 26568; bugfix on 0.3.4.1-alpha. diff --git a/changes/bug26627 b/changes/bug26627 deleted file mode 100644 index d28bd05d53..0000000000 --- a/changes/bug26627 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes (v3 onion services): - - Stop sending ed25519 link specifiers in v3 onion service introduce - cells, when the rendezvous point doesn't support ed25519 link - authentication. Fixes bug 26627; bugfix on 0.3.2.4-alpha. - - Stop putting ed25519 link specifiers in v3 onion service descriptors, - when the intro point doesn't support ed25519 link authentication. - Fixes bug 26627; bugfix on 0.3.2.4-alpha. diff --git a/changes/bug26779 b/changes/bug26779 deleted file mode 100644 index fb7f6160ea..0000000000 --- a/changes/bug26779 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (bug workaround): - - Compile correctly on systems that provide the C11 stdatomic.h header, - but where C11 atomic functions don't actually compile. - Closes ticket 26779; workaround for Debian issue 903709. diff --git a/changes/bug26785 b/changes/bug26785 deleted file mode 100644 index e6392fcbdd..0000000000 --- a/changes/bug26785 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (compilation, portability): - - Don't try to use a pragma to temporarily disable - -Wunused-const-variable if the compiler doesn't support it. - Fixes bug 26785; bugfix on 0.3.2.11. diff --git a/changes/bug26787 b/changes/bug26787 deleted file mode 100644 index b32e519a93..0000000000 --- a/changes/bug26787 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (testing): - - Disable core dumps in test_bt.sh, to avoid failures in "make - distcheck". Fixes bug 26787; bugfix on 0.2.5.2-alpha. diff --git a/changes/bug26789 b/changes/bug26789 deleted file mode 100644 index 9b3520543d..0000000000 --- a/changes/bug26789 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (compilation): - - Update build system so that tor builds again with - --disable-unittests after recent refactoring efforts. - Fixes bug 26789; bugfix on 0.3.4.3-alpha. diff --git a/changes/bug26830 b/changes/bug26830 deleted file mode 100644 index c002f19530..0000000000 --- a/changes/bug26830 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (continuous integration): - - Skip an unreliable key generation test on Windows, until the underlying - issue in bug 26076 is resolved. Fixes bug 26830; bugfix on 0.2.7.3-rc. diff --git a/changes/bug26853 b/changes/bug26853 deleted file mode 100644 index 6ee47789b9..0000000000 --- a/changes/bug26853 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (continuous integration): - - Skip an unreliable key expiration test on Windows, until the underlying - issue in bug 26076 is resolved. Fixes bug 26853; bugfix on 0.3.2.1-alpha. diff --git a/changes/bug26873 b/changes/bug26873 deleted file mode 100644 index 565f8bf0b1..0000000000 --- a/changes/bug26873 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (portability): - - Fix compilation of the unit tests on GNU/Hurd, which does not - define PATH_MAX. Fixes bug 26873; bugfix on 0.3.3.1-alpha. - Patch from "paulusASol". diff --git a/changes/bug26876 b/changes/bug26876 deleted file mode 100644 index b661104236..0000000000 --- a/changes/bug26876 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (portability): - - Work around two different bugs in the OS X 10.10 and later SDKs that - would prevent us from successfully targeting earlier versions of OS X. - Fixes bug 26876; bugfix on 0.3.3.1-alpha. diff --git a/changes/bug26896 b/changes/bug26896 deleted file mode 100644 index 9762dc7fac..0000000000 --- a/changes/bug26896 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (directory connection shutdown): - - Avoid a double-close when shutting down a stalled directory connection. - Fixes bug 26896; bugfix on 0.3.4.1-alpha. diff --git a/changes/bug26924 b/changes/bug26924 deleted file mode 100644 index 882db56b40..0000000000 --- a/changes/bug26924 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (single onion services, Tor2web): - - Log a protocol warning when single onion services or Tor2web clients - fail to authenticate direct connections to relays. - Fixes bug 26924; bugfix on 0.2.9.1-alpha. diff --git a/changes/bug26927 b/changes/bug26927 deleted file mode 100644 index cd035bba8e..0000000000 --- a/changes/bug26927 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (logging): - - Improve the log message when connection initiators fail to authenticate - direct connections to relays. - Fixes bug 26927; bugfix on 0.3.0.1-alpha. diff --git a/changes/bug26932 b/changes/bug26932 deleted file mode 100644 index 7d9481dcd3..0000000000 --- a/changes/bug26932 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (onion services): - - Fix bug that causes services to not ever rotate their descriptors if they - were getting SIGHUPed often. Fixes bug 26932; bugfix on 0.3.2.1-alpha.
\ No newline at end of file diff --git a/changes/bug26948 b/changes/bug26948 deleted file mode 100644 index 0f0728843f..0000000000 --- a/changes/bug26948 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (in-process restart): - - Always call tor_free_all() when leaving tor_run_main(). When we - did not, restarting tor in-process would cause an assertion failure. - Fixes bug 26948; bugfix on 0.3.3.1-alpha. diff --git a/changes/bug26979 b/changes/bug26979 deleted file mode 100644 index e615207b74..0000000000 --- a/changes/bug26979 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (appveyor ci): - - Improve Appveyor CI IRC logging. Generate correct branches and URLs for - pull requests and tags. Use unambiguous short commits. - Fixes bug 26979; bugfix on master. diff --git a/changes/bug26994 b/changes/bug26994 deleted file mode 100644 index 664894a7fc..0000000000 --- a/changes/bug26994 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (portability): - - Avoid a compilation error in test_bwmgt.c on Solaris 10. - Fixes bug 26994; bugfix on 0.3.4.1-alpha. diff --git a/changes/bug27003 b/changes/bug27003 deleted file mode 100644 index 4f2045afc7..0000000000 --- a/changes/bug27003 +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfixes (event scheduler): - - When we enable a periodic event, schedule it in the event loop - rather than running it immediately. Previously, we would re-run - periodic events immediately in the middle of (for example) - changing our options, with unpredictable effects. Fixes bug - 27003; bugfix on 0.3.4.1-alpha. diff --git a/changes/bug27081 b/changes/bug27081 deleted file mode 100644 index 74e0efbd29..0000000000 --- a/changes/bug27081 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (compilation, windows): - - Don't link or search for pthreads when building for Windows, even if we - are using build environment (like mingw) that provides a pthreads - library. Fixes bug 27081; bugfix on 0.1.0.1-rc. diff --git a/changes/bug27088 b/changes/bug27088 deleted file mode 100644 index d4d3b292c5..0000000000 --- a/changes/bug27088 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (continuous integration): - - Pass the module flags to distcheck configure, and - log the flags before running configure. (Backported - to 0.2.9 and later as a precaution.) - Fixes bug 27088; bugfix on 0.3.4.1-alpha. diff --git a/changes/bug27090 b/changes/bug27090 deleted file mode 100644 index 3d119a9c30..0000000000 --- a/changes/bug27090 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (continuous integration): - - Build with zstd on macOS. - Fixes bug 27090; bugfix on 0.3.1.5-alpha. diff --git a/changes/bug27093 b/changes/bug27093 deleted file mode 100644 index 6c097f1196..0000000000 --- a/changes/bug27093 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (rust): - - Consistently use ../../.. as a fallback for $abs_top_srcdir in - test_rust.sh. Fixes bug 27093; bugfix on 0.3.4.3-alpha. diff --git a/changes/bug27139 b/changes/bug27139 deleted file mode 100644 index 0d1e3b4329..0000000000 --- a/changes/bug27139 +++ /dev/null @@ -1,14 +0,0 @@ - o Minor bugfixes (32-bit OSX and iOS, timing): - - Fix an integer overflow bug in our optimized 32-bit millisecond- - difference algorithm for 32-bit Apple platforms. Previously, it - would overflow when calculating the difference between two times - more than 47 days apart. Fixes part of bug 27139; bugfix on - 0.3.4.1-alpha. - - Improve the precision of our 32-bit millisecond difference - algorithm for 32-bit Apple platforms. Fixes part of bug 27139; - bugfix on 0.3.4.1-alpha. - - Relax the tolerance on the mainloop/update_time_jumps test - when running on 32-bit Apple platforms. Fixes part of bug 27139; - bugfix on 0.3.4.1-alpha. - - diff --git a/changes/bug27164 b/changes/bug27164 deleted file mode 100644 index d04d2f28f4..0000000000 --- a/changes/bug27164 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (rust): - - Protover parsing was ignoring a 2nd hyphen and everything after it, - accepting entries like "Link=1-5-foo". Fixes bug 27164; bugfix on - 0.3.3.1-alpha. diff --git a/changes/bug27177 b/changes/bug27177 deleted file mode 100644 index b03bbc96ea..0000000000 --- a/changes/bug27177 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (rust): - - Protover parsing was accepting the presence of whitespace in version - strings, which the C implementation would choke on, e.g. "Desc=1\t,2". - Fixes bug 27177; bugfix on 0.3.3.5-rc. diff --git a/changes/bug27185 b/changes/bug27185 deleted file mode 100644 index 79221b3df4..0000000000 --- a/changes/bug27185 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (Windows, compilation): - - Silence a compilation warning on MSVC 2017 and clang-cl. - Fixes bug 27185; bugfix on 0.2.2.2-alpha. diff --git a/changes/bug27206 b/changes/bug27206 deleted file mode 100644 index c0fbbed702..0000000000 --- a/changes/bug27206 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (rust): - - protover_all_supported() would attempt to allocate up to 16GB on some - inputs, leading to a potential memory DoS. Fixes bug 27206; bugfix on - 0.3.3.5-rc. diff --git a/changes/bug27226 b/changes/bug27226 deleted file mode 100644 index 9030773cd5..0000000000 --- a/changes/bug27226 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (testing, openssl compatibility): - - Our "tortls/cert_matches_key" unit test no longer relies on OpenSSL - internals. Previously, it relied on unsupported OpenSSL behavior in - a way that caused it to crash with OpenSSL 1.0.2p. Fixes bug 27226; - bugfix on 0.2.5.1-alpha. diff --git a/changes/bug27236 b/changes/bug27236 deleted file mode 100644 index 76d792f4c9..0000000000 --- a/changes/bug27236 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (testing, bootstrap): - - When calculating bootstrap progress, check exit policies and the exit - flag. Previously, Tor would only check the exit flag, which caused - race conditions in small and fast networks like chutney. - Fixes bug 27236; bugfix on 0.2.6.3-alpha. diff --git a/changes/bug27295 b/changes/bug27295 deleted file mode 100644 index c5a364877a..0000000000 --- a/changes/bug27295 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (testing, chutney): - - Before running make test-network-all, delete old logs and test result - files, to avoid spurious failures. Fixes bug 27295; bugfix on 0.2.7.3-rc. diff --git a/changes/bug27316 b/changes/bug27316 deleted file mode 100644 index cec9348912..0000000000 --- a/changes/bug27316 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (protover): - - Reject protocol names containing bytes other than alphanumeric characters - and hyphens ([A-Za-z0-9-]). Fixes bug 27316; bugfix on 0.2.9.4-alpha. diff --git a/changes/bug27335 b/changes/bug27335 deleted file mode 100644 index dcc55a945a..0000000000 --- a/changes/bug27335 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (hidden service v3): - - In case the hidden service directory can't be created or has wrong - permissions, do not BUG() on it which lead to a non fatal stacktrace. - Fixes bug 27335; bugfix on 0.3.2.1. diff --git a/changes/bug27344 b/changes/bug27344 deleted file mode 100644 index 9f66855586..0000000000 --- a/changes/bug27344 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (compatibility): - - Tell OpenSSL to maintain backward compatibility with previous - RSA1024/DH1024 users in Tor. With OpenSSL 1.1.1-pre6, these ciphers - are disabled by default. Closes ticket 27344. diff --git a/changes/bug27345 b/changes/bug27345 deleted file mode 100644 index d98f4afbcc..0000000000 --- a/changes/bug27345 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (testing): - - When running make test-network-all, use the mixed+hs-v2 network. - (A previous fix to chutney removed v3 onion services from the - mixed+hs-v23 network, so seeing "mixed+hs-v23" in tests is - confusing.) Fixes bug 27345; bugfix on 0.3.2.1-alpha. diff --git a/changes/bug27418 b/changes/bug27418 deleted file mode 100644 index 1d99497dc4..0000000000 --- a/changes/bug27418 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (continuous integration): - - When we use echo in Travis, don't pass a --flag as the first argument. - Fixes bug 27418; bugfix on 0.3.4.7-rc. diff --git a/changes/bug27453 b/changes/bug27453 deleted file mode 100644 index 4501346d2c..0000000000 --- a/changes/bug27453 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (continuous integration): - - When a Travis build fails, and showing a log fails, keep trying to - show the other logs. Fixes bug 27453; bugfix on 0.3.4.7-rc. diff --git a/changes/bug27460 b/changes/bug27460 deleted file mode 100644 index 53c4c7daf3..0000000000 --- a/changes/bug27460 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (continuous integration): - - Disable gcc hardening in Appveyor Windows 64-bit builds. As of - August 29, 2018, Appveyor images come with gcc 8.2.0 by default. - 64-bit Windows executables compiled with gcc 8.2.0 and - tor's --enable-gcc-hardening crash. - Fixes bug 27460; bugfix on 0.3.4.1-alpha. diff --git a/changes/bug27461 b/changes/bug27461 deleted file mode 100644 index 3571ee816a..0000000000 --- a/changes/bug27461 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (compilation): - - Stop calling SetProcessDEPPolicy() on 64-bit Windows. It is not - supported, and always fails. Some compilers warn about the function - pointer cast on 64-bit Windows. - Fixes bug 27461; bugfix on 0.2.2.23-alpha. diff --git a/changes/bug27463 b/changes/bug27463 deleted file mode 100644 index 073acdd997..0000000000 --- a/changes/bug27463 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (onion services): - - Silence a spurious compiler warning in rend_client_send_introduction(). - Fixes bug 27463; bugfix on 0.1.1.2-alpha. diff --git a/changes/bug27464 b/changes/bug27464 deleted file mode 100644 index 9dedd06f41..0000000000 --- a/changes/bug27464 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (continuous integration): - - Stop reinstalling identical packages in our Windows CI. - Fixes bug 27464; bugfix on 0.3.4.1-alpha. diff --git a/changes/bug27465 b/changes/bug27465 deleted file mode 100644 index 743b35130f..0000000000 --- a/changes/bug27465 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (compilation): - - Silence a spurious compiler warning on the GetAdaptersAddresses - function pointer cast. This issue is already fixed by 26481 in - 0.3.5 and later, by removing the lookup and cast. - Fixes bug 27465; bugfix on 0.2.3.11-alpha. diff --git a/changes/bug27649 b/changes/bug27649 deleted file mode 100644 index 55bfc3a842..0000000000 --- a/changes/bug27649 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (rust): - - The protover rewrite in 24031 allowed repeated votes from the same - voter for the same protocol version to be counted multiple times in - protover_compute_vote(). Fixes bug 27649; bugfix on 0.3.3.5-rc. diff --git a/changes/bug27658 b/changes/bug27658 deleted file mode 100644 index 8cc0aa4714..0000000000 --- a/changes/bug27658 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (testing): - - If a unit test running in a subprocess exits abnormally or with a - nonzero status code, treat the test as having failed, even if - the test reported success. Without this fix, memory leaks don't cause - cause the tests to fail, even with LeakSanitizer. Fixes bug 27658; - bugfix on 0.2.2.4-alpha. diff --git a/changes/bug27687 b/changes/bug27687 deleted file mode 100644 index 8b7903b63e..0000000000 --- a/changes/bug27687 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (rust): - - protover parsed and accepted unknown protocol names containing invalid - characters outside the range [A-Za-z0-9-]. Fixes bug 27687; bugfix on - 0.3.3.1-alpha. diff --git a/changes/bug27708 b/changes/bug27708 deleted file mode 100644 index d283b19515..0000000000 --- a/changes/bug27708 +++ /dev/null @@ -1,4 +0,0 @@ - o Major bugfixes (restart-in-process): - - Fix a use-after-free error that could be caused by passing Tor an - impossible set of options that would fail during options_act(). - Fixes bug 27708; bugfix on 0.3.3.1-alpha. diff --git a/changes/bug27709 b/changes/bug27709 deleted file mode 100644 index 49e87cbb0a..0000000000 --- a/changes/bug27709 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (code safety): - - Rewrite our assertion macros so that they no longer suppress - the compiler's -Wparentheses warnings on their inputs. Fixes bug 27709; - bugfix on 0.0.6. diff --git a/changes/bug27740 b/changes/bug27740 deleted file mode 100644 index 76a17b7dda..0000000000 --- a/changes/bug27740 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (rust): - - Return a string that can be safely freed by C code, not one created by - the rust allocator, in protover_all_supported(). Fixes bug 27740; bugfix - on 0.3.3.1-alpha. diff --git a/changes/bug27741 b/changes/bug27741 deleted file mode 100644 index 531e264b63..0000000000 --- a/changes/bug27741 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (rust, directory authority): - - Fix an API mismatch in the rust implementation of - protover_compute_vote(). This bug could have caused crashes on any - directory authorities running Tor with Rust (which we do not yet - recommend). Fixes bug 27741; bugfix on 0.3.3.6. diff --git a/changes/bug27750 b/changes/bug27750 deleted file mode 100644 index c234788b1c..0000000000 --- a/changes/bug27750 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (connection, relay): - - Avoid a wrong BUG() stacktrace in case a closing connection is being held - open because the write side is rate limited but not the read side. Now, - the connection read side is simply shutdown instead of kept open until tor - is able to flush the connection and then fully close it. Fixes bug 27750; - bugfix on 0.3.4.1-alpha. diff --git a/changes/bug27781 b/changes/bug27781 deleted file mode 100644 index 44d838af8a..0000000000 --- a/changes/bug27781 +++ /dev/null @@ -1,4 +0,0 @@ - o Major bugfixes (compilation): - - Fix compilation on arm (and other less-used CPUs) - when compiling with OpenSSL before 1.1. Fixes bug 27781; - bugfix on 0.3.4.1-alpha. diff --git a/changes/bug27800 b/changes/bug27800 deleted file mode 100644 index 63d5dbc681..0000000000 --- a/changes/bug27800 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (directory authority): - - Log additional info when we get a relay that shares an ed25519 - ID with a different relay, instead making a BUG() warning. - Fixes bug 27800; bugfix on 0.3.2.1-alpha. diff --git a/changes/bug27804 b/changes/bug27804 deleted file mode 100644 index fa7fec0bc5..0000000000 --- a/changes/bug27804 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (rust): - - Fix a potential null dereference in protover_all_supported(). - Add a test for it. Fixes bug 27804; bugfix on 0.3.3.1-alpha. diff --git a/changes/bug27948 b/changes/bug27948 deleted file mode 100644 index fea16f3d0f..0000000000 --- a/changes/bug27948 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (tests): - - Treat backtrace test failures as expected on BSD-derived systems - (NetBSD, OpenBSD, and macOS/Darwin) until we solve bug 17808. - (FreeBSD failures have been treated as expected since 18204 in 0.2.8.) - Fixes bug 27948; bugfix on 0.2.5.2-alpha. - diff --git a/changes/bug28202 b/changes/bug28202 deleted file mode 100644 index 182daac4f1..0000000000 --- a/changes/bug28202 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (C correctness): - - Avoid undefined behavior in an end-of-string check when parsing the - BEGIN line in a directory object. Fixes bug 28202; bugfix on - 0.2.0.3-alpha. diff --git a/changes/bug28245 b/changes/bug28245 deleted file mode 100644 index d7e6deb810..0000000000 --- a/changes/bug28245 +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfixes (OpenSSL, portability): - - Fix our usage of named groups when running as a TLS 1.3 client in - OpenSSL 1.1.1. Previously, we only initialized EC groups when running - as a server, which caused clients to fail to negotiate TLS 1.3 with - relays. Fixes bug 28245; bugfix on 0.2.9.15 when TLS 1.3 support was - added. diff --git a/changes/bug28399 b/changes/bug28399 deleted file mode 100644 index 9096db70b0..0000000000 --- a/changes/bug28399 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (continuous integration, Windows): - - Stop using an external OpenSSL install, and stop installing MSYS2 - packages, when building using mingw on Appveyor Windows CI. - Fixes bug 28399; bugfix on 0.3.4.1-alpha. diff --git a/changes/bug28413 b/changes/bug28413 deleted file mode 100644 index 4c88bea7e7..0000000000 --- a/changes/bug28413 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (compilation): - - Initialize a variable in aes_new_cipher(), since some compilers - cannot tell that we always initialize it before use. Fixes bug 28413; - bugfix on 0.2.9.3-alpha. diff --git a/changes/bug28419 b/changes/bug28419 deleted file mode 100644 index 52ceb0a2a7..0000000000 --- a/changes/bug28419 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (memory leaks): - - Fix a harmless memory leak in libtorrunner.a. Fixes bug 28419; - bugfix on 0.3.3.1-alpha. Patch from Martin Kepplinger.
\ No newline at end of file diff --git a/changes/bug28454 b/changes/bug28454 deleted file mode 100644 index ca46ae2777..0000000000 --- a/changes/bug28454 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (continuous integration, Windows): - - Manually configure the zstd compiler options, when building using - mingw on Appveyor Windows CI. The MSYS2 mingw zstd package does not - come with a pkg-config file. Fixes bug 28454; bugfix on 0.3.4.1-alpha. diff --git a/changes/bug28554 b/changes/bug28554 deleted file mode 100644 index 9a0b281406..0000000000 --- a/changes/bug28554 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (unit tests, guard selection): - - Stop leaking memory in an entry guard unit test. Fixes bug 28554; - bugfix on 0.3.0.1-alpha. diff --git a/changes/bug28619 b/changes/bug28619 deleted file mode 100644 index 86be8cb2fb..0000000000 --- a/changes/bug28619 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (hidden service v3): - - When deleting an ephemeral onion service (DEL_ONION), do not close any - rendezvous circuits in order to let the existing client connections - finish by themselves or closed by the application. The HS v2 is doing - that already so now we have the same behavior for all versions. Fixes - bug 28619; bugfix on 0.3.3.1-alpha. diff --git a/changes/bug29029 b/changes/bug29029 deleted file mode 100644 index e100a8c2ed..0000000000 --- a/changes/bug29029 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (logging, onion services): - - Stop logging "Tried to establish rendezvous on non-OR circuit..." as - a warning. Instead, log it as a protocol warning, because there is - nothing that relay operators can do to fix it. Fixes bug 29029; - bugfix on 0.2.5.7-rc. diff --git a/changes/bug29244 b/changes/bug29244 deleted file mode 100644 index 6206a95463..0000000000 --- a/changes/bug29244 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (build, compatibility): - - Update Cargo.lock file to match the version made by the latest - version of Rust, so that "make distcheck" will pass again. - Fixes bug 29244; bugfix on 0.3.3.4-alpha. diff --git a/changes/feature26372_029 b/changes/feature26372_029 deleted file mode 100644 index 150ac30555..0000000000 --- a/changes/feature26372_029 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (compilation): - - - When building Tor, prefer to use Python 3 over Python 2, and more - recent (contemplated) versions over older ones. Closes ticket 26372. diff --git a/changes/geoip-2018-07-03 b/changes/geoip-2018-07-03 deleted file mode 100644 index e921d63c99..0000000000 --- a/changes/geoip-2018-07-03 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (geoip): - - Update geoip and geoip6 to the July 3 2018 Maxmind GeoLite2 - Country database. Closes ticket 26674. - diff --git a/changes/geoip-2018-08-07 b/changes/geoip-2018-08-07 deleted file mode 100644 index 9ddbe7b1b2..0000000000 --- a/changes/geoip-2018-08-07 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (geoip): - - Update geoip and geoip6 to the August 7 2018 Maxmind GeoLite2 - Country database. Closes ticket 27089. - diff --git a/changes/geoip-2018-09-06 b/changes/geoip-2018-09-06 deleted file mode 100644 index 851ec46e25..0000000000 --- a/changes/geoip-2018-09-06 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (geoip): - - Update geoip and geoip6 to the September 6 2018 Maxmind GeoLite2 - Country database. Closes ticket 27631. - diff --git a/changes/geoip-2018-10-09 b/changes/geoip-2018-10-09 deleted file mode 100644 index 9b8e621852..0000000000 --- a/changes/geoip-2018-10-09 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (geoip): - - Update geoip and geoip6 to the October 9 2018 Maxmind GeoLite2 - Country database. Closes ticket 27991. - diff --git a/changes/geoip-2018-11-06 b/changes/geoip-2018-11-06 deleted file mode 100644 index 5c18ea4244..0000000000 --- a/changes/geoip-2018-11-06 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (geoip): - - Update geoip and geoip6 to the November 6 2018 Maxmind GeoLite2 - Country database. Closes ticket 28395. - diff --git a/changes/geoip-2018-12-05 b/changes/geoip-2018-12-05 deleted file mode 100644 index 20ccf2d8a5..0000000000 --- a/changes/geoip-2018-12-05 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (geoip): - - Update geoip and geoip6 to the December 5 2018 Maxmind GeoLite2 - Country database. Closes ticket 28744. - diff --git a/changes/geoip-2019-01-03 b/changes/geoip-2019-01-03 deleted file mode 100644 index 27ffb7f460..0000000000 --- a/changes/geoip-2019-01-03 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (geoip): - - Update geoip and geoip6 to the January 3 2019 Maxmind GeoLite2 - Country database. Closes ticket 29012. - diff --git a/changes/geoip-2019-02-05 b/changes/geoip-2019-02-05 deleted file mode 100644 index 78ee6d4242..0000000000 --- a/changes/geoip-2019-02-05 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (geoip): - - Update geoip and geoip6 to the February 5 2019 Maxmind GeoLite2 - Country database. Closes ticket 29478. - diff --git a/changes/rust_cross b/changes/rust_cross deleted file mode 100644 index d490403a28..0000000000 --- a/changes/rust_cross +++ /dev/null @@ -1,2 +0,0 @@ - o Minor feature (Rust, portability): - - Rust cross-compilation is now supported. Closes ticket 25895. diff --git a/changes/task26771 b/changes/task26771 deleted file mode 100644 index fd700900f7..0000000000 --- a/changes/task26771 +++ /dev/null @@ -1,4 +0,0 @@ - o Directory authority changes: - - The "Bifroest" bridge authority has been retired; the new bridge - authority is "Serge", and it is operated by George from the - TorBSD project. Closes ticket 26771. diff --git a/changes/ticket24629 b/changes/ticket24629 deleted file mode 100644 index 482c0a1a6d..0000000000 --- a/changes/ticket24629 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (continuous integration): - - Enable macOS builds in our Travis CI configuration. - Closes ticket 24629. diff --git a/changes/ticket24629-backport b/changes/ticket24629-backport deleted file mode 100644 index dfbc465634..0000000000 --- a/changes/ticket24629-backport +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (continuous integration): - - Backport Travis rust distcheck to 0.3.3. - Closes ticket 24629. diff --git a/changes/ticket24803 b/changes/ticket24803 deleted file mode 100644 index e76a9eeab9..0000000000 --- a/changes/ticket24803 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features (fallback directory list): - - Replace the 150 fallbacks originally introduced in Tor 0.3.3.1-alpha in - January 2018 (of which ~115 were still functional), with a list of - 157 fallbacks (92 new, 65 existing, 85 removed) generated in - December 2018. Closes ticket 24803. diff --git a/changes/ticket25573 b/changes/ticket25573 deleted file mode 100644 index 9939601b50..0000000000 --- a/changes/ticket25573 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features (controller): - - For purposes of CIRC_BW-based dropped cell detection, track half-closed - stream ids, and allow their ENDs, SENDMEs, DATA and path bias check - cells to arrive without counting it as dropped until either the END arrvies, - or the windows are empty. Closes ticket 25573. diff --git a/changes/ticket25947 b/changes/ticket25947 deleted file mode 100644 index 68559a73f8..0000000000 --- a/changes/ticket25947 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor feature (unit tests): - - Test complete bandwidth measurements files and test that incomplete lines - only give warnings when the end of the header has not been - detected. Fixes bug 25947; bugfix on 0.2.2.1-alpha diff --git a/changes/ticket25960 b/changes/ticket25960 deleted file mode 100644 index 0d1be2119b..0000000000 --- a/changes/ticket25960 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor feature (directory authorities): - - Stop warning about incomplete bw lines before the first complete bw line - has been found, so that additional header lines can be ignored. - Fixes bug 25960; bugfix on 0.2.2.1-alpha - diff --git a/changes/ticket26467 b/changes/ticket26467 deleted file mode 100644 index 45883786c2..0000000000 --- a/changes/ticket26467 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (memory, correctness): - - Fix a number of small memory leaks identified by coverity. Fixes - bug 26467; bugfix on numerous Tor versions. diff --git a/changes/ticket26560 b/changes/ticket26560 deleted file mode 100644 index 5b4fb1bfe7..0000000000 --- a/changes/ticket26560 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (continuous integration): - - Install libcap-dev and libseccomp2-dev so these optional - dependencies get tested on Travis CI. Closes ticket 26560. diff --git a/changes/ticket26647 b/changes/ticket26647 deleted file mode 100644 index 1c2e917c6d..0000000000 --- a/changes/ticket26647 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (controller): - - The control port now exposes the list of HTTPTunnelPorts and - ExtOrPorts via GETINFO net/listeners/httptunnel and net/listeners/extor - respectively. Closes ticket 26647. diff --git a/changes/ticket26913 b/changes/ticket26913 deleted file mode 100644 index d6555764ec..0000000000 --- a/changes/ticket26913 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes (directory permissions): - - When a user requests a group-readable DataDirectory, give it to - them. Previously, when the DataDirectory and the CacheDirectory - were the same, the default setting (0) for - CacheDirectoryGroupReadable would always override the setting for - DataDirectoryGroupReadable. Fixes bug 26913; bugfix on - 0.3.3.1-alpha. diff --git a/changes/ticket26952-cargo b/changes/ticket26952-cargo deleted file mode 100644 index e1efdfcd74..0000000000 --- a/changes/ticket26952-cargo +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (continuous integration, rust): - - Use cargo cache in our Travis CI configuration. - Closes ticket 26952. diff --git a/changes/ticket26952-ccache b/changes/ticket26952-ccache deleted file mode 100644 index edc115e9de..0000000000 --- a/changes/ticket26952-ccache +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (continuous integration): - - Use ccache in our Travis CI configuration. - Closes ticket 26952. diff --git a/changes/ticket27087 b/changes/ticket27087 deleted file mode 100644 index b8af70aaa0..0000000000 --- a/changes/ticket27087 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (continuous integration): - - Run asciidoc during Travis CI. - Implements ticket 27087. diff --git a/changes/ticket27252 b/changes/ticket27252 deleted file mode 100644 index 410ddef8c0..0000000000 --- a/changes/ticket27252 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor features (continuous integration): - - Skip gcc on OSX in Travis CI, it's rarely used. - Skip a duplicate hardening-off build in Travis on Tor 0.2.9. - Skip gcc on Linux with default settings, because all the non-default - builds use gcc on Linux. - Implements ticket 27252. diff --git a/changes/ticket27252-032 b/changes/ticket27252-032 deleted file mode 100644 index 4752aedcf6..0000000000 --- a/changes/ticket27252-032 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features (continuous integration): - - Only run one online rust build in Travis, to reduce network errors. - Skip offline rust builds on Travis for Linux gcc, because they're - redundant. - Implements ticket 27252. diff --git a/changes/ticket27252-034 b/changes/ticket27252-034 deleted file mode 100644 index 620ad83efe..0000000000 --- a/changes/ticket27252-034 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (continuous integration): - - Don't do a distcheck with --disable-module-dirauth in Travis. - Implements ticket 27252. diff --git a/changes/ticket27275 b/changes/ticket27275 deleted file mode 100644 index d1332e9540..0000000000 --- a/changes/ticket27275 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (continuous integration): - - Only post Appveyor IRC notifications when the build fails. - Implements ticket 27275. diff --git a/changes/ticket27410 b/changes/ticket27410 deleted file mode 100644 index a21fdde58e..0000000000 --- a/changes/ticket27410 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (hidden service v3): - - Close all SOCKS request (for the same .onion) if the newly fetched - descriptor is unusable. Before that, we would close only the first one - leaving the other hanging and let to time out by themselves. Fixes bug - 27410; bugfix on 0.3.2.1-alpha. diff --git a/changes/ticket27430 b/changes/ticket27430 deleted file mode 100644 index 4e016e91e7..0000000000 --- a/changes/ticket27430 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (continuous integration): - - Show config.log and test-suite.log after failed Appveyor builds. - Also upload the zipped full logs as a build artifact. - Implements ticket 27430. diff --git a/changes/ticket27449 b/changes/ticket27449 deleted file mode 100644 index 2a0984c09c..0000000000 --- a/changes/ticket27449 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (continuous integration): - - Log the compiler path and version during Appveyor builds. - Implements ticket 27449. diff --git a/changes/ticket27550 b/changes/ticket27550 deleted file mode 100644 index 87f9b5cbe9..0000000000 --- a/changes/ticket27550 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (hidden service v3): - - Don't warn so loudly when tor is unable to decode a descriptor. This can - now happen as a normal use case if a client gets a descriptor with - client authorization but the client is not authorized. Fixes bug 27550; - bugfix on 0.3.5.1-alpha. diff --git a/changes/ticket27738 b/changes/ticket27738 deleted file mode 100644 index f23bfb019e..0000000000 --- a/changes/ticket27738 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (continuous integration): - - Use the Travis Homebrew addon to install packages on macOS. The package - list is the same, but the Homebrew addon does not do a `brew update` by - default. Implements ticket 27738. diff --git a/changes/ticket27797 b/changes/ticket27797 deleted file mode 100644 index f07e35f84c..0000000000 --- a/changes/ticket27797 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (node, hidden service v3): - - When selecting a v3 rendezvous point, not only look at the protover but - also if the curve25519 onion key is present. That way we avoid picking a - node that supports the v3 rendezvous but for which we don't have the - descriptor yet for the key. Fixes bug 27797; bugfix on 0.3.2.1-alpha. diff --git a/changes/ticket27810 b/changes/ticket27810 deleted file mode 100644 index 119f781cb9..0000000000 --- a/changes/ticket27810 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (test, hidden service v3): - - Make the the hs_service tests uses the same time source when creating - the introduction point and testing it. This helps make test work on very - slow system like ARM or Travis. Fixes bug 27810; bugfix on - 0.3.2.1-alpha. diff --git a/changes/ticket27849 b/changes/ticket27849 deleted file mode 100644 index c2babeffc7..0000000000 --- a/changes/ticket27849 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes (mainloop, bootstrap): - - Make sure Tor bootstraps and works properly if only the ControlPort is - set. Prior to this fix, Tor would only bootstrap with at least a client - port being set (Socks, Trans, NATD, DNS or HTTPTunnel port). Fixes bug - 27849; bugfix on 0.3.4.1-alpha. diff --git a/changes/ticket28089 b/changes/ticket28089 deleted file mode 100644 index a900ec18f5..0000000000 --- a/changes/ticket28089 +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfixes (relay): - - When our write bandwidth limit is exhausted, stop writing on the - connection. Previously, we had a typo in the code that would make us stop - reading leading to relay connections being stuck indefinitely. Fixes bug - 28089; bugfix on 0.3.4.1-alpha. - diff --git a/changes/ticket28459 b/changes/ticket28459 deleted file mode 100644 index 6b5839b52b..0000000000 --- a/changes/ticket28459 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (continuous integration, Windows): - - Always show the configure and test logs, and upload them as build - artifacts, when building for Windows using Appveyor CI. - Implements 28459. diff --git a/changes/ticket28574 b/changes/ticket28574 deleted file mode 100644 index 562810f511..0000000000 --- a/changes/ticket28574 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (continuous integration, Windows): - - Explicitly specify the path to the OpenSSL library and do not download - OpenSSL from Pacman, but instead use the library that is already provided - by AppVeyor. Fixes bug 28574; bugfix on master. diff --git a/changes/ticket28912 b/changes/ticket28912 deleted file mode 100644 index 4119b778bc..0000000000 --- a/changes/ticket28912 +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfixes (relay, directory): - - A connection serving directory information wouldn't get reactivated after - the first chunk of data was sent (usually 32KB). Tor now always activate - the main loop event that goes through these connections as long as at - least one connection is still active. Fixes bug 28912; bugfix on - 0.3.4.1-alpha. Patch by "cypherpunks3". diff --git a/changes/ticket28973 b/changes/ticket28973 deleted file mode 100644 index b1d208ee51..0000000000 --- a/changes/ticket28973 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor features (OpenSSL bug workaround): - - Work around a bug in OpenSSL 1.1.1a, which prevented the TLS 1.3 - key export function from handling long labels. When this bug - is detected, Tor will disable TLS 1.3. We recommend upgrading to - a version of OpenSSL without this bug when it becomes available. - Closes ticket 28973. diff --git a/changes/ticket29168 b/changes/ticket29168 deleted file mode 100644 index 65c5232f65..0000000000 --- a/changes/ticket29168 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes (cell scheduler, KIST): - - Make KIST to always take into account the outbuf length when computing - what we can actually put in the outbuf. This could lead to the outbuf - being filled up and thus a possible memory DoS vector. TROVE-2019-001. - Fixes bug 29168; bugfix on 0.3.2.1-alpha. diff --git a/changes/tickets_27765_27943 b/changes/tickets_27765_27943 deleted file mode 100644 index e8468545f1..0000000000 --- a/changes/tickets_27765_27943 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (CI, appveyor): - - Only install the necessary mingw packages during our appveyor - builds. This change makes the build a little faster, and prevents a - conflict with a preinstalled mingw openssl that appveyor now ships. - Fixes bugs 27943 and 27765; bugfix on 0.3.4.2-alpha. |