diff options
78 files changed, 1363 insertions, 319 deletions
@@ -1,3 +1,458 @@ +Changes in version 0.4.2.8 - 2020-07-09 + Tor 0.4.2.8 backports various fixes from later releases, including + several that affect usability and portability. + + This release also fixes TROVE-2020-001, a medium-severity denial of + service vulnerability affecting all versions of Tor when compiled with + the NSS encryption library. (This is not the default configuration.) + Using this vulnerability, an attacker could cause an affected Tor + instance to crash remotely. This issue is also tracked as CVE-2020- + 15572. Anybody running a version of Tor built with the NSS library + should upgrade to 0.3.5.11, 0.4.2.8, 0.4.3.6, or 0.4.4.2-alpha + or later. + + o Major bugfixes (NSS, security, backport from 0.4.4.2-alpha): + - Fix a crash due to an out-of-bound memory access when Tor is + compiled with NSS support. Fixes bug 33119; bugfix on + 0.3.5.1-alpha. This issue is also tracked as TROVE-2020-001 + and CVE-2020-15572. + + o Major bugfixes (DoS defenses, bridges, pluggable transport, backport from 0.4.3.4-rc): + - Fix a bug that was preventing DoS defenses from running on bridges + with a pluggable transport. Previously, the DoS subsystem was not + given the transport name of the client connection, thus failed to + find the GeoIP cache entry for that client address. Fixes bug + 33491; bugfix on 0.3.3.2-alpha. + + o Minor feature (sendme, flow control, backport form 0.4.3.4-rc): + - Default to sending SENDME version 1 cells. (Clients are already + sending these, because of a consensus parameter telling them to do + so: this change only affects what clients would do if the + consensus didn't contain a recommendation.) Closes ticket 33623. + + o Minor features (diagnostic, backport from 0.4.3.3-alpha): + - Improve assertions and add some memory-poisoning code to try to + track down possible causes of a rare crash (32564) in the EWMA + code. Closes ticket 33290. + + o Minor features (testing, backport from 0.4.3.4-rc): + - The unit tests now support a "TOR_SKIP_TESTCASES" environment + variable to specify a list of space-separated test cases that + should not be executed. We will use this to disable certain tests + that are failing on Appveyor because of mismatched OpenSSL + libraries. Part of ticket 33643. + + o Minor bugfix (CI, Windows, backport from 0.4.4.2-alpha): + - Use the correct 64-bit printf format when compiling with MINGW on + Appveyor. Fixes bug 40026; bugfix on 0.3.5.5-alpha. + + o Minor bugfix (relay, configuration, backport from 0.4.3.3-alpha): + - Warn if the ContactInfo field is not set, and tell the relay + operator that not having a ContactInfo field set might cause their + relay to get rejected in the future. Fixes bug 33361; bugfix + on 0.1.1.10-alpha. + + o Minor bugfixes (client performance, backport from 0.4.4.1-alpha): + - Resume use of preemptively-built circuits when UseEntryGuards is set + to 0. We accidentally disabled this feature with that config + setting, leading to slower load times. Fixes bug 34303; bugfix + on 0.3.3.2-alpha. + + o Minor bugfixes (compiler compatibility, backport from 0.4.3.5): + - Avoid compiler warnings from Clang 10 related to the use of GCC- + style "/* falls through */" comments. Both Clang and GCC allow + __attribute__((fallthrough)) instead, so that's what we're using + now. Fixes bug 34078; bugfix on 0.3.1.3-alpha. + - Fix compilation warnings with GCC 10.0.1. Fixes bug 34077; bugfix + on 0.4.0.3-alpha. + + o Minor bugfixes (compiler warnings, backport from 0.4.4.2-alpha): + - Fix a compiler warning on platforms with 32-bit time_t values. + Fixes bug 40028; bugfix on 0.3.2.8-rc. + + o Minor bugfixes (controller protocol, backport from 0.4.3.2-alpha): + - When receiving "ACTIVE" or "DORMANT" signals on the control port, + report them as SIGNAL events. Previously we would log a bug + warning. Fixes bug 33104; bugfix on 0.4.0.1-alpha. + + o Minor bugfixes (embedded Tor, backport from 0.4.3.1-alpha): + - When starting Tor any time after the first time in a process, + register the thread in which it is running as the main thread. + Previously, we only did this on Windows, which could lead to bugs + like 23081 on non-Windows platforms. Fixes bug 32884; bugfix + on 0.3.3.1-alpha. + + o Minor bugfixes (key portability, backport from 0.4.3.4-rc): + - When reading PEM-encoded key data, tolerate CRLF line-endings even + if we are not running on Windows. Previously, non-Windows hosts + would reject these line-endings in certain positions, making + certain key files hard to move from one host to another. Fixes bug + 33032; bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (logging, backport from 0.4.3.2-rc): + - When logging a bug, do not say "Future instances of this warning + will be silenced" unless we are actually going to silence them. + Previously we would say this whenever a BUG() check failed in the + code. Fixes bug 33095; bugfix on 0.4.1.1-alpha. + + o Minor bugfixes (logging, backport from 0.4.3.4-rc): + - Flush stderr, stdout, and file logs during shutdown, if supported + by the OS. This change helps make sure that any final logs are + recorded. Fixes bug 33087; bugfix on 0.4.1.6. + + o Minor bugfixes (logging, backport from 0.4.4.2-alpha): + - Downgrade a noisy log message that could occur naturally when + receiving an extrainfo document that we no longer want. Fixes bug + 16016; bugfix on 0.2.6.3-alpha. + + o Minor bugfixes (onion service v3, client, backport from 0.4.3.3-alpha): + - Remove a BUG() warning that would cause a stack trace if an onion + service descriptor was freed while we were waiting for a + rendezvous circuit to complete. Fixes bug 28992; bugfix + on 0.3.2.1-alpha. + + o Testing (CI, backport from 0.4.3.4-rc): + - In our Appveyor Windows CI, copy required DLLs to test and app + directories, before running tor's tests. This ensures that tor.exe + and test*.exe use the correct version of each DLL. This fix is not + required, but we hope it will avoid DLL search issues in future. + Fixes bug 33673; bugfix on 0.3.4.2-alpha. + - On Appveyor, skip the crypto/openssl_version test, which is + failing because of a mismatched library installation. Fix + for 33643. + + +Changes in version 0.4.2.7 - 2020-03-18 + This is the third stable release in the 0.4.2.x series. It backports + numerous fixes from later releases, including a fix for TROVE-2020- + 002, a major denial-of-service vulnerability that affected all + released Tor instances since 0.2.1.5-alpha. Using this vulnerability, + an attacker could cause Tor instances to consume a huge amount of CPU, + disrupting their operations for several seconds or minutes. This + attack could be launched by anybody against a relay, or by a directory + cache against any client that had connected to it. The attacker could + launch this attack as much as they wanted, thereby disrupting service + or creating patterns that could aid in traffic analysis. This issue + was found by OSS-Fuzz, and is also tracked as CVE-2020-10592. + + We do not have reason to believe that this attack is currently being + exploited in the wild, but nonetheless we advise everyone to upgrade + as soon as packages are available. + + o Major bugfixes (security, denial-of-service, backport from 0.4.3.3-alpha): + - Fix a denial-of-service bug that could be used by anyone to + consume a bunch of CPU on any Tor relay or authority, or by + directories to consume a bunch of CPU on clients or hidden + services. Because of the potential for CPU consumption to + introduce observable timing patterns, we are treating this as a + high-severity security issue. Fixes bug 33119; bugfix on + 0.2.1.5-alpha. Found by OSS-Fuzz. We are also tracking this issue + as TROVE-2020-002 and CVE-2020-10592. + + o Major bugfixes (circuit padding, memory leak, backport from 0.4.3.3-alpha): + - Avoid a remotely triggered memory leak in the case that a circuit + padding machine is somehow negotiated twice on the same circuit. + Fixes bug 33619; bugfix on 0.4.0.1-alpha. Found by Tobias Pulls. + This is also tracked as TROVE-2020-004 and CVE-2020-10593. + + o Major bugfixes (directory authority, backport from 0.4.3.3-alpha): + - Directory authorities will now send a 503 (not enough bandwidth) + code to clients when under bandwidth pressure. Known relays and + other authorities will always be answered regardless of the + bandwidth situation. Fixes bug 33029; bugfix on 0.1.2.5-alpha. + + o Minor features (continuous integration, backport from 0.4.3.2-alpha): + - Stop allowing failures on the Travis CI stem tests job. It looks + like all the stem hangs we were seeing before are now fixed. + Closes ticket 33075. + + o Minor bugfixes (bridges, backport from 0.4.3.1-alpha): + - Lowercase the configured value of BridgeDistribution before adding + it to the descriptor. Fixes bug 32753; bugfix on 0.3.2.3-alpha. + + o Minor bugfixes (logging, backport from 0.4.3.2-alpha): + - If we encounter a bug when flushing a buffer to a TLS connection, + only log the bug once per invocation of the Tor process. + Previously we would log with every occurrence, which could cause + us to run out of disk space. Fixes bug 33093; bugfix + on 0.3.2.2-alpha. + + o Minor bugfixes (onion services v3, backport from 0.4.3.3-alpha): + - Fix an assertion failure that could result from a corrupted + ADD_ONION control port command. Found by Saibato. Fixes bug 33137; + bugfix on 0.3.3.1-alpha. This issue is also tracked + as TROVE-2020-003. + + o Minor bugfixes (rust, build, backport from 0.4.3.2-alpha): + - Fix a syntax warning given by newer versions of Rust that was + creating problems for our continuous integration. Fixes bug 33212; + bugfix on 0.3.5.1-alpha. + + o Testing (Travis CI, backport from 0.4.3.3-alpha): + - Remove a redundant distcheck job. Closes ticket 33194. + - Sort the Travis jobs in order of speed: putting the slowest jobs + first takes full advantage of Travis job concurrency. Closes + ticket 33194. + - Stop allowing the Chutney IPv6 Travis job to fail. This job was + previously configured to fast_finish (which requires + allow_failure), to speed up the build. Closes ticket 33195. + - When a Travis chutney job fails, use chutney's new "diagnostics.sh" + tool to produce detailed diagnostic output. Closes ticket 32792. + + +Changes in version 0.4.2.6 - 2020-01-30 + This is the second stable release in the 0.4.2.x series. It backports + several bugfixes from 0.4.3.1-alpha, including some that had affected + the Linux seccomp2 sandbox or Windows services. If you're running with + one of those configurations, you'll probably want to upgrade; + otherwise, you should be fine with 0.4.2.5. + + o Major bugfixes (linux seccomp sandbox, backport from 0.4.3.1-alpha): + - Correct how we use libseccomp. Particularly, stop assuming that + rules are applied in a particular order or that more rules are + processed after the first match. Neither is the case! In + libseccomp <2.4.0 this lead to some rules having no effect. + libseccomp 2.4.0 changed how rules are generated, leading to a + different ordering, which in turn led to a fatal crash during + startup. Fixes bug 29819; bugfix on 0.2.5.1-alpha. Patch by + Peter Gerber. + - Fix crash when reloading logging configuration while the + experimental sandbox is enabled. Fixes bug 32841; bugfix on + 0.4.1.7. Patch by Peter Gerber. + + o Minor bugfixes (correctness checks, backport from 0.4.3.1-alpha): + - Use GCC/Clang's printf-checking feature to make sure that + tor_assertf() arguments are correctly typed. Fixes bug 32765; + bugfix on 0.4.1.1-alpha. + + o Minor bugfixes (logging, crash, backport from 0.4.3.1-alpha): + - Avoid a possible crash when trying to log a (fatal) assertion + failure about mismatched magic numbers in configuration objects. + Fixes bug 32771; bugfix on 0.4.2.1-alpha. + + o Minor bugfixes (testing, backport from 0.4.3.1-alpha): + - When TOR_DISABLE_PRACTRACKER is set, do not apply it to the + test_practracker.sh script. Doing so caused a test failure. Fixes + bug 32705; bugfix on 0.4.2.1-alpha. + - When TOR_DISABLE_PRACTRACKER is set, log a notice to stderr when + skipping practracker checks. Fixes bug 32705; bugfix + on 0.4.2.1-alpha. + + o Minor bugfixes (windows service, backport from 0.4.3.1-alpha): + - Initialize the publish/subscribe system when running as a windows + service. Fixes bug 32778; bugfix on 0.4.1.1-alpha. + + o Testing (backport from 0.4.3.1-alpha): + - Turn off Tor's Sandbox in Chutney jobs, and run those jobs on + Ubuntu Bionic. Turning off the Sandbox is a work-around, until we + fix the sandbox errors in 32722. Closes ticket 32240. + - Re-enable the Travis CI macOS Chutney build, but don't let it + prevent the Travis job from finishing. (The Travis macOS jobs are + slow, so we don't want to have it delay the whole CI process.) + Closes ticket 32629. + + o Testing (continuous integration, backport from 0.4.3.1-alpha): + - Use zstd in our Travis Linux builds. Closes ticket 32242. + + +Changes in version 0.4.2.5 - 2019-12-09 + This is the first stable release in the 0.4.2.x series. This series + improves reliability and stability, and includes several stability and + correctness improvements for onion services. It also fixes many smaller + bugs present in previous series. + + Per our support policy, we will support the 0.4.2.x series for nine + months, or until three months after the release of a stable 0.4.3.x: + whichever is longer. If you need longer-term support, please stick + with 0.3.5.x, which will we plan to support until Feb 2022. + + Per our support policy, we will support the 0.4.2.x series for nine + months, or until three months after the release of a stable 0.4.3.x: + whichever is longer. If you need longer-term support, please stick + with 0.3.5.x, which will we plan to support until Feb 2022. + + Below are the changes since 0.4.1.4-rc. For a complete list of changes + since 0.4.1.5, see the ReleaseNotes file. + + o Minor features (geoip): + - Update geoip and geoip6 to the December 3 2019 Maxmind GeoLite2 + Country database. Closes ticket 32685. + + o Testing: + - Require C99 standards-conforming code in Travis CI, but allow GNU + gcc extensions. Also activates clang's -Wtypedef-redefinition + warnings. Build some jobs with -std=gnu99, and some jobs without. + Closes ticket 32500. + + +Changes in version 0.4.2.4-rc - 2019-11-15 + Tor 0.4.2.4-rc is the first release candidate in its series. It fixes + several bugs from earlier versions, including a few that would result in + stack traces or incorrect behavior. + + o Minor features (build system): + - Make pkg-config use --prefix when cross-compiling, if + PKG_CONFIG_PATH is not set. Closes ticket 32191. + + o Minor features (geoip): + - Update geoip and geoip6 to the November 6 2019 Maxmind GeoLite2 + Country database. Closes ticket 32440. + + o Minor bugfixes (client, onion service v3): + - Fix a BUG() assertion that occurs within a very small race window + between when a client intro circuit opens and when its descriptor + gets cleaned up from the cache. The circuit is now closed early, + which will trigger a re-fetch of the descriptor and continue the + connection. Fixes bug 28970; bugfix on 0.3.2.1-alpha. + + o Minor bugfixes (code quality): + - Fix "make check-includes" so it runs correctly on out-of-tree + builds. Fixes bug 31335; bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (configuration): + - Log the option name when skipping an obsolete option. Fixes bug + 32295; bugfix on 0.4.2.1-alpha. + + o Minor bugfixes (crash): + - When running Tor with an option like --verify-config or + --dump-config that does not start the event loop, avoid crashing + if we try to exit early because of an error. Fixes bug 32407; + bugfix on 0.3.3.1-alpha. + + o Minor bugfixes (directory): + - When checking if a directory connection is anonymous, test if the + circuit was marked for close before looking at its channel. This + avoids a BUG() stacktrace if the circuit was previously closed. + Fixes bug 31958; bugfix on 0.4.2.1-alpha. + + o Minor bugfixes (shellcheck): + - Fix minor shellcheck errors in the git-*.sh scripts. Fixes bug + 32402; bugfix on 0.4.2.1-alpha. + - Start checking most scripts for shellcheck errors again. Fixes bug + 32402; bugfix on 0.4.2.1-alpha. + + o Testing (continuous integration): + - Use Ubuntu Bionic images for our Travis CI builds, so we can get a + recent version of coccinelle. But leave chutney on Ubuntu Trusty, + until we can fix some Bionic permissions issues (see ticket + 32240). Related to ticket 31919. + - Install the mingw OpenSSL package in Appveyor. This makes sure + that the OpenSSL headers and libraries match in Tor's Appveyor + builds. (This bug was triggered by an Appveyor image update.) + Fixes bug 32449; bugfix on 0.3.5.6-rc. + - In Travis, use Xcode 11.2 on macOS 10.14. Closes ticket 32241. + + +Changes in version 0.4.2.3-alpha - 2019-10-24 + This release fixes several bugs from the previous alpha release, and + from earlier versions of Tor. + + o Major bugfixes (relay): + - Relays now respect their AccountingMax bandwidth again. When + relays entered "soft" hibernation (which typically starts when + we've hit 90% of our AccountingMax), we had stopped checking + whether we should enter hard hibernation. Soft hibernation refuses + new connections and new circuits, but the existing circuits can + continue, meaning that relays could have exceeded their configured + AccountingMax. Fixes bug 32108; bugfix on 0.4.0.1-alpha. + + o Major bugfixes (v3 onion services): + - Onion services now always use the exact number of intro points + configured with the HiddenServiceNumIntroductionPoints option (or + fewer if nodes are excluded). Before, a service could sometimes + pick more intro points than configured. Fixes bug 31548; bugfix + on 0.3.2.1-alpha. + + o Minor feature (onion services, control port): + - The ADD_ONION command's keyword "BEST" now defaults to ED25519-V3 + (v3) onion services. Previously it defaulted to RSA1024 (v2). + Closes ticket 29669. + + o Minor features (testing): + - When running tests that attempt to look up hostnames, replace the + libc name lookup functions with ones that do not actually touch + the network. This way, the tests complete more quickly in the + presence of a slow or missing DNS resolver. Closes ticket 31841. + + o Minor features (testing, continuous integration): + - Disable all but one Travis CI macOS build, to mitigate slow + scheduling of Travis macOS jobs. Closes ticket 32177. + - Run the chutney IPv6 networks as part of Travis CI. Closes + ticket 30860. + - Simplify the Travis CI build matrix, and optimise for build time. + Closes ticket 31859. + - Use Windows Server 2019 instead of Windows Server 2016 in our + Appveyor builds. Closes ticket 32086. + + o Minor bugfixes (build system): + - Interpret "--disable-module-dirauth=no" correctly. Fixes bug + 32124; bugfix on 0.3.4.1-alpha. + - Interpret "--with-tcmalloc=no" correctly. Fixes bug 32124; bugfix + on 0.2.0.20-rc. + - Stop failing when jemalloc is requested, but tcmalloc is not + found. Fixes bug 32124; bugfix on 0.3.5.1-alpha. + - When pkg-config is not installed, or a library that depends on + pkg-config is not found, tell the user what to do to fix the + problem. Fixes bug 31922; bugfix on 0.3.1.1-alpha. + + o Minor bugfixes (connections): + - Avoid trying to read data from closed connections, which can cause + needless loops in Libevent and infinite loops in Shadow. Fixes bug + 30344; bugfix on 0.1.1.1-alpha. + + o Minor bugfixes (error handling): + - Always lock the backtrace buffer before it is used. Fixes bug + 31734; bugfix on 0.2.5.3-alpha. + + o Minor bugfixes (mainloop, periodic events, in-process API): + - Reset the periodic events' "enabled" flag when Tor is shut down + cleanly. Previously, this flag was left on, which caused periodic + events not to be re-enabled when Tor was relaunched in-process + with tor_api.h after a shutdown. Fixes bug 32058; bugfix + on 0.3.3.1-alpha. + + o Minor bugfixes (process management): + - Remove overly strict assertions that triggered when a pluggable + transport failed to launch. Fixes bug 31091; bugfix + on 0.4.0.1-alpha. + - Remove an assertion in the Unix process backend. This assertion + would trigger when we failed to find the executable for a child + process. Fixes bug 31810; bugfix on 0.4.0.1-alpha. + + o Minor bugfixes (testing): + - Avoid intermittent test failures due to a test that had relied on + inconsistent timing sources. Fixes bug 31995; bugfix + on 0.3.1.3-alpha. + - When testing port rebinding, don't busy-wait for tor to log. + Instead, actually sleep for a short time before polling again. + Also improve the formatting of control commands and log messages. + Fixes bug 31837; bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (tls, logging): + - Log bugs about the TLS read buffer's length only once, rather than + filling the logs with similar warnings. Fixes bug 31939; bugfix + on 0.3.0.4-rc. + + o Minor bugfixes (v3 onion services): + - Fix an implicit conversion from ssize_t to size_t discovered by + Coverity. Fixes bug 31682; bugfix on 0.4.2.1-alpha. + - Fix a memory leak in an unlikely error code path when encoding HS + DoS establish intro extension cell. Fixes bug 32063; bugfix + on 0.4.2.1-alpha. + - When cleaning up intro circuits for a v3 onion service, don't + remove circuits that have an established or pending circuit, even + if they ran out of retries. This way, we don't remove a circuit on + its last retry. Fixes bug 31652; bugfix on 0.3.2.1-alpha. + + o Documentation: + - Correct the description of "GuardLifetime". Fixes bug 31189; + bugfix on 0.3.0.1-alpha. + - Make clear in the man page, in both the bandwidth section and the + AccountingMax section, that Tor counts in powers of two, not + powers of ten: 1 GByte is 1024*1024*1024 bytes, not one billion + bytes. Resolves ticket 32106. + + Changes in version 0.4.2.2-alpha - 2019-10-07 This release fixes several bugs from the previous alpha release, and from earlier versions. It also includes a change in authorities, so diff --git a/ReleaseNotes b/ReleaseNotes index ad24efd606..4ec7ba36ca 100644 --- a/ReleaseNotes +++ b/ReleaseNotes @@ -2,6 +2,914 @@ This document summarizes new features and bugfixes in each stable release of Tor. If you want to see more detailed descriptions of the changes in each development snapshot, see the ChangeLog file. +Changes in version 0.4.2.8 - 2020-07-09 + Tor 0.4.2.8 backports various fixes from later releases, including + several that affect usability and portability. + + This release also fixes TROVE-2020-001, a medium-severity denial of + service vulnerability affecting all versions of Tor when compiled with + the NSS encryption library. (This is not the default configuration.) + Using this vulnerability, an attacker could cause an affected Tor + instance to crash remotely. This issue is also tracked as CVE-2020- + 15572. Anybody running a version of Tor built with the NSS library + should upgrade to 0.3.5.11, 0.4.2.8, 0.4.3.6, or 0.4.4.2-alpha + or later. + + o Major bugfixes (NSS, security, backport from 0.4.4.2-alpha): + - Fix a crash due to an out-of-bound memory access when Tor is + compiled with NSS support. Fixes bug 33119; bugfix on + 0.3.5.1-alpha. This issue is also tracked as TROVE-2020-001 + and CVE-2020-15572. + + o Major bugfixes (DoS defenses, bridges, pluggable transport, backport from 0.4.3.4-rc): + - Fix a bug that was preventing DoS defenses from running on bridges + with a pluggable transport. Previously, the DoS subsystem was not + given the transport name of the client connection, thus failed to + find the GeoIP cache entry for that client address. Fixes bug + 33491; bugfix on 0.3.3.2-alpha. + + o Minor feature (sendme, flow control, backport form 0.4.3.4-rc): + - Default to sending SENDME version 1 cells. (Clients are already + sending these, because of a consensus parameter telling them to do + so: this change only affects what clients would do if the + consensus didn't contain a recommendation.) Closes ticket 33623. + + o Minor features (diagnostic, backport from 0.4.3.3-alpha): + - Improve assertions and add some memory-poisoning code to try to + track down possible causes of a rare crash (32564) in the EWMA + code. Closes ticket 33290. + + o Minor features (testing, backport from 0.4.3.4-rc): + - The unit tests now support a "TOR_SKIP_TESTCASES" environment + variable to specify a list of space-separated test cases that + should not be executed. We will use this to disable certain tests + that are failing on Appveyor because of mismatched OpenSSL + libraries. Part of ticket 33643. + + o Minor bugfix (CI, Windows, backport from 0.4.4.2-alpha): + - Use the correct 64-bit printf format when compiling with MINGW on + Appveyor. Fixes bug 40026; bugfix on 0.3.5.5-alpha. + + o Minor bugfix (relay, configuration, backport from 0.4.3.3-alpha): + - Warn if the ContactInfo field is not set, and tell the relay + operator that not having a ContactInfo field set might cause their + relay to get rejected in the future. Fixes bug 33361; bugfix + on 0.1.1.10-alpha. + + o Minor bugfixes (client performance, backport from 0.4.4.1-alpha): + - Resume use of preemptively-built circuits when UseEntryGuards is set + to 0. We accidentally disabled this feature with that config + setting, leading to slower load times. Fixes bug 34303; bugfix + on 0.3.3.2-alpha. + + o Minor bugfixes (compiler compatibility, backport from 0.4.3.5): + - Avoid compiler warnings from Clang 10 related to the use of GCC- + style "/* falls through */" comments. Both Clang and GCC allow + __attribute__((fallthrough)) instead, so that's what we're using + now. Fixes bug 34078; bugfix on 0.3.1.3-alpha. + - Fix compilation warnings with GCC 10.0.1. Fixes bug 34077; bugfix + on 0.4.0.3-alpha. + + o Minor bugfixes (compiler warnings, backport from 0.4.4.2-alpha): + - Fix a compiler warning on platforms with 32-bit time_t values. + Fixes bug 40028; bugfix on 0.3.2.8-rc. + + o Minor bugfixes (controller protocol, backport from 0.4.3.2-alpha): + - When receiving "ACTIVE" or "DORMANT" signals on the control port, + report them as SIGNAL events. Previously we would log a bug + warning. Fixes bug 33104; bugfix on 0.4.0.1-alpha. + + o Minor bugfixes (embedded Tor, backport from 0.4.3.1-alpha): + - When starting Tor any time after the first time in a process, + register the thread in which it is running as the main thread. + Previously, we only did this on Windows, which could lead to bugs + like 23081 on non-Windows platforms. Fixes bug 32884; bugfix + on 0.3.3.1-alpha. + + o Minor bugfixes (key portability, backport from 0.4.3.4-rc): + - When reading PEM-encoded key data, tolerate CRLF line-endings even + if we are not running on Windows. Previously, non-Windows hosts + would reject these line-endings in certain positions, making + certain key files hard to move from one host to another. Fixes bug + 33032; bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (logging, backport from 0.4.3.2-rc): + - When logging a bug, do not say "Future instances of this warning + will be silenced" unless we are actually going to silence them. + Previously we would say this whenever a BUG() check failed in the + code. Fixes bug 33095; bugfix on 0.4.1.1-alpha. + + o Minor bugfixes (logging, backport from 0.4.3.4-rc): + - Flush stderr, stdout, and file logs during shutdown, if supported + by the OS. This change helps make sure that any final logs are + recorded. Fixes bug 33087; bugfix on 0.4.1.6. + + o Minor bugfixes (logging, backport from 0.4.4.2-alpha): + - Downgrade a noisy log message that could occur naturally when + receiving an extrainfo document that we no longer want. Fixes bug + 16016; bugfix on 0.2.6.3-alpha. + + o Minor bugfixes (onion service v3, client, backport from 0.4.3.3-alpha): + - Remove a BUG() warning that would cause a stack trace if an onion + service descriptor was freed while we were waiting for a + rendezvous circuit to complete. Fixes bug 28992; bugfix + on 0.3.2.1-alpha. + + o Testing (CI, backport from 0.4.3.4-rc): + - In our Appveyor Windows CI, copy required DLLs to test and app + directories, before running tor's tests. This ensures that tor.exe + and test*.exe use the correct version of each DLL. This fix is not + required, but we hope it will avoid DLL search issues in future. + Fixes bug 33673; bugfix on 0.3.4.2-alpha. + - On Appveyor, skip the crypto/openssl_version test, which is + failing because of a mismatched library installation. Fix + for 33643. + + +Changes in version 0.4.2.7 - 2020-03-18 + This is the third stable release in the 0.4.2.x series. It backports + numerous fixes from later releases, including a fix for TROVE-2020- + 002, a major denial-of-service vulnerability that affected all + released Tor instances since 0.2.1.5-alpha. Using this vulnerability, + an attacker could cause Tor instances to consume a huge amount of CPU, + disrupting their operations for several seconds or minutes. This + attack could be launched by anybody against a relay, or by a directory + cache against any client that had connected to it. The attacker could + launch this attack as much as they wanted, thereby disrupting service + or creating patterns that could aid in traffic analysis. This issue + was found by OSS-Fuzz, and is also tracked as CVE-2020-10592. + + We do not have reason to believe that this attack is currently being + exploited in the wild, but nonetheless we advise everyone to upgrade + as soon as packages are available. + + o Major bugfixes (security, denial-of-service, backport from 0.4.3.3-alpha): + - Fix a denial-of-service bug that could be used by anyone to + consume a bunch of CPU on any Tor relay or authority, or by + directories to consume a bunch of CPU on clients or hidden + services. Because of the potential for CPU consumption to + introduce observable timing patterns, we are treating this as a + high-severity security issue. Fixes bug 33119; bugfix on + 0.2.1.5-alpha. Found by OSS-Fuzz. We are also tracking this issue + as TROVE-2020-002 and CVE-2020-10592. + + o Major bugfixes (circuit padding, memory leak, backport from 0.4.3.3-alpha): + - Avoid a remotely triggered memory leak in the case that a circuit + padding machine is somehow negotiated twice on the same circuit. + Fixes bug 33619; bugfix on 0.4.0.1-alpha. Found by Tobias Pulls. + This is also tracked as TROVE-2020-004 and CVE-2020-10593. + + o Major bugfixes (directory authority, backport from 0.4.3.3-alpha): + - Directory authorities will now send a 503 (not enough bandwidth) + code to clients when under bandwidth pressure. Known relays and + other authorities will always be answered regardless of the + bandwidth situation. Fixes bug 33029; bugfix on 0.1.2.5-alpha. + + o Minor features (continuous integration, backport from 0.4.3.2-alpha): + - Stop allowing failures on the Travis CI stem tests job. It looks + like all the stem hangs we were seeing before are now fixed. + Closes ticket 33075. + + o Minor bugfixes (bridges, backport from 0.4.3.1-alpha): + - Lowercase the configured value of BridgeDistribution before adding + it to the descriptor. Fixes bug 32753; bugfix on 0.3.2.3-alpha. + + o Minor bugfixes (logging, backport from 0.4.3.2-alpha): + - If we encounter a bug when flushing a buffer to a TLS connection, + only log the bug once per invocation of the Tor process. + Previously we would log with every occurrence, which could cause + us to run out of disk space. Fixes bug 33093; bugfix + on 0.3.2.2-alpha. + + o Minor bugfixes (onion services v3, backport from 0.4.3.3-alpha): + - Fix an assertion failure that could result from a corrupted + ADD_ONION control port command. Found by Saibato. Fixes bug 33137; + bugfix on 0.3.3.1-alpha. This issue is also tracked + as TROVE-2020-003. + + o Minor bugfixes (rust, build, backport from 0.4.3.2-alpha): + - Fix a syntax warning given by newer versions of Rust that was + creating problems for our continuous integration. Fixes bug 33212; + bugfix on 0.3.5.1-alpha. + + o Testing (Travis CI, backport from 0.4.3.3-alpha): + - Remove a redundant distcheck job. Closes ticket 33194. + - Sort the Travis jobs in order of speed: putting the slowest jobs + first takes full advantage of Travis job concurrency. Closes + ticket 33194. + - Stop allowing the Chutney IPv6 Travis job to fail. This job was + previously configured to fast_finish (which requires + allow_failure), to speed up the build. Closes ticket 33195. + - When a Travis chutney job fails, use chutney's new "diagnostics.sh" + tool to produce detailed diagnostic output. Closes ticket 32792. + + +Changes in version 0.4.2.6 - 2020-01-30 + This is the second stable release in the 0.4.2.x series. It backports + several bugfixes from 0.4.3.1-alpha, including some that had affected + the Linux seccomp2 sandbox or Windows services. If you're running with + one of those configurations, you'll probably want to upgrade; + otherwise, you should be fine with 0.4.2.5. + + o Major bugfixes (linux seccomp sandbox, backport from 0.4.3.1-alpha): + - Correct how we use libseccomp. Particularly, stop assuming that + rules are applied in a particular order or that more rules are + processed after the first match. Neither is the case! In + libseccomp <2.4.0 this lead to some rules having no effect. + libseccomp 2.4.0 changed how rules are generated, leading to a + different ordering, which in turn led to a fatal crash during + startup. Fixes bug 29819; bugfix on 0.2.5.1-alpha. Patch by + Peter Gerber. + - Fix crash when reloading logging configuration while the + experimental sandbox is enabled. Fixes bug 32841; bugfix on + 0.4.1.7. Patch by Peter Gerber. + + o Minor bugfixes (correctness checks, backport from 0.4.3.1-alpha): + - Use GCC/Clang's printf-checking feature to make sure that + tor_assertf() arguments are correctly typed. Fixes bug 32765; + bugfix on 0.4.1.1-alpha. + + o Minor bugfixes (logging, crash, backport from 0.4.3.1-alpha): + - Avoid a possible crash when trying to log a (fatal) assertion + failure about mismatched magic numbers in configuration objects. + Fixes bug 32771; bugfix on 0.4.2.1-alpha. + + o Minor bugfixes (testing, backport from 0.4.3.1-alpha): + - When TOR_DISABLE_PRACTRACKER is set, do not apply it to the + test_practracker.sh script. Doing so caused a test failure. Fixes + bug 32705; bugfix on 0.4.2.1-alpha. + - When TOR_DISABLE_PRACTRACKER is set, log a notice to stderr when + skipping practracker checks. Fixes bug 32705; bugfix + on 0.4.2.1-alpha. + + o Minor bugfixes (windows service, backport from 0.4.3.1-alpha): + - Initialize the publish/subscribe system when running as a windows + service. Fixes bug 32778; bugfix on 0.4.1.1-alpha. + + o Testing (backport from 0.4.3.1-alpha): + - Turn off Tor's Sandbox in Chutney jobs, and run those jobs on + Ubuntu Bionic. Turning off the Sandbox is a work-around, until we + fix the sandbox errors in 32722. Closes ticket 32240. + - Re-enable the Travis CI macOS Chutney build, but don't let it + prevent the Travis job from finishing. (The Travis macOS jobs are + slow, so we don't want to have it delay the whole CI process.) + Closes ticket 32629. + + o Testing (continuous integration, backport from 0.4.3.1-alpha): + - Use zstd in our Travis Linux builds. Closes ticket 32242. + + +Changes in version 0.4.2.5 - 2019-12-09 + This is the first stable release in the 0.4.2.x series. This series + improves reliability and stability, and includes several stability and + correctness improvements for onion services. It also fixes many smaller + bugs present in previous series. + + Per our support policy, we will support the 0.4.2.x series for nine + months, or until three months after the release of a stable 0.4.3.x: + whichever is longer. If you need longer-term support, please stick + with 0.3.5.x, which will we plan to support until Feb 2022. + + Below are the changes since 0.4.1.4-rc. For a complete list of only + the changes since 0.4.2.4-rc, see the ChangeLog file. + + o Major features (directory authorities): + - Directory authorities now reject relays running all currently + deprecated release series. The currently supported release series + are: 0.2.9, 0.3.5, 0.4.0, 0.4.1, and 0.4.2. Closes ticket 31549. + + o Major features (onion service v3, denial of service): + - Add onion service introduction denial of service defenses. Intro + points can now rate-limit client introduction requests, using + parameters that can be sent by the service within the + ESTABLISH_INTRO cell. If the cell extension for this is not used, + the intro point will honor the consensus parameters. Closes + ticket 30924. + + o Major bugfixes (circuit build, guard): + - When considering upgrading circuits from "waiting for guard" to + "open", always ignore circuits that are marked for close. + Previously we could end up in the situation where a subsystem is + notified of a circuit opening, but the circuit is still marked for + close, leading to undesirable behavior. Fixes bug 30871; bugfix + on 0.3.0.1-alpha. + + o Major bugfixes (crash, Linux, Android): + - Tolerate systems (including some Android installations) where + madvise and MADV_DONTDUMP are available at build-time, but not at + run time. Previously, these systems would notice a failed syscall + and abort. Fixes bug 31570; bugfix on 0.4.1.1-alpha. + - Tolerate systems (including some Linux installations) where + madvise and/or MADV_DONTFORK are available at build-time, but not + at run time. Previously, these systems would notice a failed + syscall and abort. Fixes bug 31696; bugfix on 0.4.1.1-alpha. + + o Major bugfixes (embedded Tor): + - Avoid a possible crash when restarting Tor in embedded mode and + enabling a different set of publish/subscribe messages. Fixes bug + 31898; bugfix on 0.4.1.1-alpha. + + o Major bugfixes (relay): + - Relays now respect their AccountingMax bandwidth again. When + relays entered "soft" hibernation (which typically starts when + we've hit 90% of our AccountingMax), we had stopped checking + whether we should enter hard hibernation. Soft hibernation refuses + new connections and new circuits, but the existing circuits can + continue, meaning that relays could have exceeded their configured + AccountingMax. Fixes bug 32108; bugfix on 0.4.0.1-alpha. + + o Major bugfixes (torrc parsing): + - Stop ignoring torrc options after an %include directive, when the + included directory ends with a file that does not contain any + config options (but does contain comments or whitespace). Fixes + bug 31408; bugfix on 0.3.1.1-alpha. + + o Major bugfixes (v3 onion services): + - Onion services now always use the exact number of intro points + configured with the HiddenServiceNumIntroductionPoints option (or + fewer if nodes are excluded). Before, a service could sometimes + pick more intro points than configured. Fixes bug 31548; bugfix + on 0.3.2.1-alpha. + + o Minor feature (onion services, control port): + - The ADD_ONION command's keyword "BEST" now defaults to ED25519-V3 + (v3) onion services. Previously it defaulted to RSA1024 (v2). + Closes ticket 29669. + + o Minor features (auto-formatting scripts): + - When annotating C macros, never generate a line that our check- + spaces script would reject. Closes ticket 31759. + - When annotating C macros, try to remove cases of double-negation. + Closes ticket 31779. + + o Minor features (best practices tracker): + - Our best-practices tracker now integrates with our include-checker + tool to keep track of how many layering violations we have not yet + fixed. We hope to reduce this number over time to improve Tor's + modularity. Closes ticket 31176. + - Add a TOR_PRACTRACKER_OPTIONS variable for passing arguments to + practracker from the environment. We may want this for continuous + integration. Closes ticket 31309. + - Give a warning rather than an error when a practracker exception + is violated by a small amount, add a --list-overbroad option to + practracker that lists exceptions that are stricter than they need + to be, and provide an environment variable for disabling + practracker. Closes ticket 30752. + - Our best-practices tracker now looks at headers as well as C + files. Closes ticket 31175. + + o Minor features (build system): + - Make pkg-config use --prefix when cross-compiling, if + PKG_CONFIG_PATH is not set. Closes ticket 32191. + - Add --disable-manpage and --disable-html-manual options to + configure script. This will enable shortening build times by not + building documentation. Resolves issue 19381. + + o Minor features (compilation): + - Log a more useful error message when we are compiling and one of + the compile-time hardening options we have selected can be linked + but not executed. Closes ticket 27530. + + o Minor features (configuration): + - The configuration code has been extended to allow splitting + configuration data across multiple objects. Previously, all + configuration data needed to be kept in a single object, which + tended to become bloated. Closes ticket 31240. + + o Minor features (continuous integration): + - When building on Appveyor and Travis, pass the "-k" flag to make, + so that we are informed of all compilation failures, not just the + first one or two. Closes ticket 31372. + - When running CI builds on Travis, put some random data in + ~/.torrc, to make sure no tests are reading the Tor configuration + file from its default location. Resolves issue 30102. + + o Minor features (debugging): + - Log a nonfatal assertion failure if we encounter a configuration + line whose command is "CLEAR" but which has a nonempty value. This + should be impossible, according to the rules of our configuration + line parsing. Closes ticket 31529. + + o Minor features (geoip): + - Update geoip and geoip6 to the December 3 2019 Maxmind GeoLite2 + Country database. Closes ticket 32685. + + o Minor features (git hooks): + - Our pre-commit git hook now checks for a special file before + running practracker, so that practracker only runs on branches + that are based on master. Since the pre-push hook calls the pre- + commit hook, practracker will also only run before pushes of + branches based on master. Closes ticket 30979. + + o Minor features (git scripts): + - Add a "--" command-line argument, to separate git-push-all.sh + script arguments from arguments that are passed through to git + push. Closes ticket 31314. + - Add a -r <remote-name> argument to git-push-all.sh, so the script + can push test branches to a personal remote. Closes ticket 31314. + - Add a -t <test-branch-prefix> argument to git-merge-forward.sh and + git-push-all.sh, which makes these scripts create, merge forward, + and push test branches. Closes ticket 31314. + - Add a -u argument to git-merge-forward.sh, so that the script can + re-use existing test branches after a merge failure and fix. + Closes ticket 31314. + - Add a TOR_GIT_PUSH env var, which sets the default git push + command and arguments for git-push-all.sh. Closes ticket 31314. + - Add a TOR_PUSH_DELAY variable to git-push-all.sh, which makes the + script push master and maint branches with a delay between each + branch. These delays trigger the CI jobs in a set order, which + should show the most likely failures first. Also make pushes + atomic by default, and make the script pass any command-line + arguments to git push. Closes ticket 29879. + - Call the shellcheck script from the pre-commit hook. Closes + ticket 30967. + - Skip pushing test branches that are the same as a remote + maint/release/master branch in git-push-all.sh by default. Add a + -s argument, so git-push-all.sh can push all test branches. Closes + ticket 31314. + + o Minor features (IPv6, logging): + - Log IPv6 addresses as well as IPv4 addresses when describing + routerinfos, routerstatuses, and nodes. Closes ticket 21003. + + o Minor features (maintenance scripts): + - Add a Coccinelle script to detect bugs caused by incrementing or + decrementing a variable inside a call to log_debug(). Since + log_debug() is a macro whose arguments are conditionally + evaluated, it is usually an error to do this. One such bug was + 30628, in which SENDME cells were miscounted by a decrement + operator inside a log_debug() call. Closes ticket 30743. + + o Minor features (onion service v3): + - Do not allow single hop clients to fetch or post an HS descriptor + from an HSDir. Closes ticket 24964. + + o Minor features (onion service): + - Disallow single-hop clients at the introduction point. We've + removed Tor2web support a while back and single-hop rendezvous + attempts are blocked at the relays. This change should remove load + off the network from spammy clients. Close ticket 24963. + + o Minor features (onion services v3): + - Assist users who try to setup v2 client authorization in v3 onion + services by pointing them to the right documentation. Closes + ticket 28966. + + o Minor features (stem tests): + - Change "make test-stem" so it only runs the stem tests that use + tor. This change makes test-stem faster and more reliable. Closes + ticket 31554. + + o Minor features (testing): + - When running tests that attempt to look up hostnames, replace the + libc name lookup functions with ones that do not actually touch + the network. This way, the tests complete more quickly in the + presence of a slow or missing DNS resolver. Closes ticket 31841. + - Add a script to invoke "tor --dump-config" and "tor + --verify-config" with various configuration options, and see + whether tor's resulting configuration or error messages are what + we expect. Use it for integration testing of our +Option and + /Option flags. Closes ticket 31637. + - Improve test coverage for our existing configuration parsing and + management API. Closes ticket 30893. + - Add integration tests to make sure that practracker gives the + outputs we expect. Closes ticket 31477. + - The practracker self-tests are now run as part of the Tor test + suite. Closes ticket 31304. + + o Minor features (testing, continuous integration): + - Disable all but one Travis CI macOS build, to mitigate slow + scheduling of Travis macOS jobs. Closes ticket 32177. + - Run the chutney IPv6 networks as part of Travis CI. Closes + ticket 30860. + - Simplify the Travis CI build matrix, and optimise for build time. + Closes ticket 31859. + - Use Windows Server 2019 instead of Windows Server 2016 in our + Appveyor builds. Closes ticket 32086. + + o Minor features (token bucket): + - Implement a generic token bucket that uses a single counter, for + use in anti-DoS onion service work. Closes ticket 30687. + + o Minor bugfixes (Appveyor continuous integration): + - Avoid spurious errors when Appveyor CI fails before the install + step. Fixes bug 31884; bugfix on 0.3.4.2-alpha. + + o Minor bugfixes (best practices tracker): + - Fix a few issues in the best-practices script, including tests, + tab tolerance, error reporting, and directory-exclusion logic. + Fixes bug 29746; bugfix on 0.4.1.1-alpha. + - When running check-best-practices, only consider files in the src + subdirectory. Previously we had recursively considered all + subdirectories, which made us get confused by the temporary + directories made by "make distcheck". Fixes bug 31578; bugfix + on 0.4.1.1-alpha. + + o Minor bugfixes (build system): + - Interpret "--disable-module-dirauth=no" correctly. Fixes bug + 32124; bugfix on 0.3.4.1-alpha. + - Interpret "--with-tcmalloc=no" correctly. Fixes bug 32124; bugfix + on 0.2.0.20-rc. + - Stop failing when jemalloc is requested, but tcmalloc is not + found. Fixes bug 32124; bugfix on 0.3.5.1-alpha. + - When pkg-config is not installed, or a library that depends on + pkg-config is not found, tell the user what to do to fix the + problem. Fixes bug 31922; bugfix on 0.3.1.1-alpha. + - Do not include the deprecated <sys/sysctl.h> on Linux or Windows + systems. Fixes bug 31673; bugfix on 0.2.5.4-alpha. + + o Minor bugfixes (chutney, makefiles, documentation): + - "make test-network-all" now shows the warnings from each test- + network.sh run on the console, so developers see new warnings + early. We've also improved the documentation for this feature, and + renamed a Makefile variable so the code is self-documenting. Fixes + bug 30455; bugfix on 0.3.0.4-rc. + + o Minor bugfixes (client, onion service v3): + - Fix a BUG() assertion that occurs within a very small race window + between when a client intro circuit opens and when its descriptor + gets cleaned up from the cache. The circuit is now closed early, + which will trigger a re-fetch of the descriptor and continue the + connection. Fixes bug 28970; bugfix on 0.3.2.1-alpha. + + o Minor bugfixes (code quality): + - Fix "make check-includes" so it runs correctly on out-of-tree + builds. Fixes bug 31335; bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (compilation): + - Add more stub functions to fix compilation on Android with link- + time optimization when --disable-module-dirauth is used. + Previously, these compilation settings would make the compiler + look for functions that didn't exist. Fixes bug 31552; bugfix + on 0.4.1.1-alpha. + - Suppress spurious float-conversion warnings from GCC when calling + floating-point classifier functions on FreeBSD. Fixes part of bug + 31687; bugfix on 0.3.1.5-alpha. + + o Minor bugfixes (configuration): + - Invalid floating-point values in the configuration file are now + treated as errors in the configuration. Previously, they were + ignored and treated as zero. Fixes bug 31475; bugfix on 0.0.1. + + o Minor bugfixes (connections): + - Avoid trying to read data from closed connections, which can cause + needless loops in Libevent and infinite loops in Shadow. Fixes bug + 30344; bugfix on 0.1.1.1-alpha. + + o Minor bugfixes (controller protocol): + - Fix the MAPADDRESS controller command to accept one or more + arguments. Previously, it required two or more arguments, and + ignored the first. Fixes bug 31772; bugfix on 0.4.1.1-alpha. + + o Minor bugfixes (coverity): + - Add an assertion when parsing a BEGIN cell so that coverity can be + sure that we are not about to dereference a NULL address. Fixes + bug 31026; bugfix on 0.2.4.7-alpha. This is CID 1447296. + - In our siphash implementation, when building for coverity, use + memcpy in place of a switch statement, so that coverity can tell + we are not accessing out-of-bounds memory. Fixes bug 31025; bugfix + on 0.2.8.1-alpha. This is tracked as CID 1447293 and 1447295. + - Fix several coverity warnings from our unit tests. Fixes bug + 31030; bugfix on 0.2.4.1-alpha, 0.3.2.1-alpha, and 0.4.0.1-alpha. + + o Minor bugfixes (crash): + - When running Tor with an option like --verify-config or + --dump-config that does not start the event loop, avoid crashing + if we try to exit early because of an error. Fixes bug 32407; + bugfix on 0.3.3.1-alpha. + + o Minor bugfixes (developer tooling): + - Only log git script changes in the post-merge script when the + merge was to the master branch. Fixes bug 31040; bugfix + on 0.4.1.1-alpha. + + o Minor bugfixes (directory authorities): + - Return a distinct status when formatting annotations fails. Fixes + bug 30780; bugfix on 0.2.0.8-alpha. + + o Minor bugfixes (error handling): + - Always lock the backtrace buffer before it is used. Fixes bug + 31734; bugfix on 0.2.5.3-alpha. + - On abort, try harder to flush the output buffers of log messages. + On some platforms (macOS), log messages could be discarded when + the process terminates. Fixes bug 31571; bugfix on 0.3.5.1-alpha. + - Report the tor version whenever an assertion fails. Previously, we + only reported the Tor version on some crashes, and some non-fatal + assertions. Fixes bug 31571; bugfix on 0.3.5.1-alpha. + - When tor aborts due to an error, close log file descriptors before + aborting. Closing the logs makes some OSes flush log file buffers, + rather than deleting buffered log lines. Fixes bug 31594; bugfix + on 0.2.5.2-alpha. + + o Minor bugfixes (FreeBSD, PF-based proxy, IPv6): + - When extracting an IPv6 address from a PF-based proxy, verify that + we are actually configured to receive an IPv6 address, and log an + internal error if not. Fixes part of bug 31687; bugfix + on 0.2.3.4-alpha. + + o Minor bugfixes (git hooks): + - Remove a duplicate call to practracker from the pre-push hook. The + pre-push hook already calls the pre-commit hook, which calls + practracker. Fixes bug 31462; bugfix on 0.4.1.1-alpha. + + o Minor bugfixes (git scripts): + - Stop hard-coding the bash path in the git scripts. Some OSes don't + have bash in /usr/bin, others have an ancient bash at this path. + Fixes bug 30840; bugfix on 0.4.0.1-alpha. + - Stop hard-coding the tor master branch name and worktree path in + the git scripts. Fixes bug 30841; bugfix on 0.4.0.1-alpha. + - Allow git-push-all.sh to be run from any directory. Previously, + the script only worked if run from an upstream worktree directory. + Closes ticket 31678. + + o Minor bugfixes (guards): + - When tor is missing descriptors for some primary entry guards, + make the log message less alarming. It's normal for descriptors to + expire, as long as tor fetches new ones soon after. Fixes bug + 31657; bugfix on 0.3.3.1-alpha. + + o Minor bugfixes (ipv6): + - Check for private IPv6 addresses alongside their IPv4 equivalents + when authorities check descriptors. Previously, we only checked + for private IPv4 addresses. Fixes bug 31088; bugfix on + 0.2.3.21-rc. Patch by Neel Chauhan. + - When parsing microdescriptors, we should check the IPv6 exit + policy alongside IPv4. Previously, we checked both exit policies + for only router info structures, while microdescriptors were + IPv4-only. Fixes bug 27284; bugfix on 0.2.3.1-alpha. Patch by + Neel Chauhan. + + o Minor bugfixes (logging): + - Add a missing check for HAVE_PTHREAD_H, because the backtrace code + uses mutexes. Fixes bug 31614; bugfix on 0.2.5.2-alpha. + - Disable backtrace signal handlers when shutting down tor. Fixes + bug 31614; bugfix on 0.2.5.2-alpha. + - Rate-limit our the logging message about the obsolete .exit + notation. Previously, there was no limit on this warning, which + could potentially be triggered many times by a hostile website. + Fixes bug 31466; bugfix on 0.2.2.1-alpha. + - When initialising log domain masks, only set known log domains. + Fixes bug 31854; bugfix on 0.2.1.1-alpha. + - Change log level of message "Hash of session info was not as + expected" to LOG_PROTOCOL_WARN. Fixes bug 12399; bugfix + on 0.1.1.10-alpha. + - Fix a code issue that would have broken our parsing of log domains + as soon as we had 33 of them. Fortunately, we still only have 29. + Fixes bug 31451; bugfix on 0.4.1.4-rc. + + o Minor bugfixes (logging, protocol violations): + - Do not log a nonfatal assertion failure when receiving a VERSIONS + cell on a connection using the obsolete v1 link protocol. Log a + protocol_warn instead. Fixes bug 31107; bugfix on 0.2.4.4-alpha. + + o Minor bugfixes (mainloop, periodic events, in-process API): + - Reset the periodic events' "enabled" flag when Tor is shut down + cleanly. Previously, this flag was left on, which caused periodic + events not to be re-enabled when Tor was relaunched in-process + with tor_api.h after a shutdown. Fixes bug 32058; bugfix + on 0.3.3.1-alpha. + + o Minor bugfixes (memory management): + - Stop leaking a small amount of memory in nt_service_install(), in + unreachable code. Fixes bug 30799; bugfix on 0.2.0.7-alpha. Patch + by Xiaoyin Liu. + + o Minor bugfixes (modules): + - Explain what the optional Directory Authority module is, and what + happens when it is disabled. Fixes bug 31825; bugfix + on 0.3.4.1-alpha. + + o Minor bugfixes (multithreading): + - Avoid some undefined behaviour when freeing mutexes. Fixes bug + 31736; bugfix on 0.0.7. + + o Minor bugfixes (networking, IP addresses): + - When parsing addresses via Tor's internal DNS lookup API, reject + IPv4 addresses in square brackets, and accept IPv6 addresses in + square brackets. This change completes the work started in 23082, + making address parsing consistent between tor's internal DNS + lookup and address parsing APIs. Fixes bug 30721; bugfix + on 0.2.1.5-alpha. + - When parsing addresses via Tor's internal address:port parsing and + DNS lookup APIs, require IPv6 addresses with ports to have square + brackets. But allow IPv6 addresses without ports, whether or not + they have square brackets. Fixes bug 30721; bugfix + on 0.2.1.5-alpha. + + o Minor bugfixes (onion service v3): + - When purging the client descriptor cache, close any introduction + point circuits associated with purged cache entries. This avoids + picking those circuits later when connecting to the same + introduction points. Fixes bug 30921; bugfix on 0.3.2.1-alpha. + + o Minor bugfixes (onion services): + - In the hs_ident_circuit_t data structure, remove the unused field + circuit_type and the respective argument in hs_ident_circuit_new(). + This field was set by clients (for introduction) and services (for + introduction and rendezvous) but was never used afterwards. Fixes + bug 31490; bugfix on 0.3.2.1-alpha. Patch by Neel Chauhan. + + o Minor bugfixes (operator tools): + - Make tor-print-ed-signing-cert(1) print certificate expiration + date in RFC 1123 and UNIX timestamp formats, to make output + machine readable. Fixes bug 31012; bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (process management): + - Remove overly strict assertions that triggered when a pluggable + transport failed to launch. Fixes bug 31091; bugfix + on 0.4.0.1-alpha. + - Remove an assertion in the Unix process backend. This assertion + would trigger when we failed to find the executable for a child + process. Fixes bug 31810; bugfix on 0.4.0.1-alpha. + + o Minor bugfixes (relay): + - Avoid crashing when starting with a corrupt keys directory where + the old ntor key and the new ntor key are identical. Fixes bug + 30916; bugfix on 0.2.4.8-alpha. + + o Minor bugfixes (rust): + - Correctly exclude a redundant rust build job in Travis. Fixes bug + 31463; bugfix on 0.3.5.4-alpha. + - Raise the minimum rustc version to 1.31.0, as checked by configure + and CI. Fixes bug 31442; bugfix on 0.3.5.4-alpha. + + o Minor bugfixes (sendme, code structure): + - Rename the trunnel SENDME file definition from sendme.trunnel to + sendme_cell.trunnel to avoid having twice sendme.{c|h} in the + repository. Fixes bug 30769; bugfix on 0.4.1.1-alpha. + + o Minor bugfixes (statistics): + - Stop removing the ed25519 signature if the extra info file is too + big. If the signature data was removed, but the keyword was kept, + this could result in an unparseable extra info file. Fixes bug + 30958; bugfix on 0.2.7.2-alpha. + + o Minor bugfixes (subsystems): + - Make the subsystem init order match the subsystem module + dependencies. Call windows process security APIs as early as + possible. Initialize logging before network and time, so that + network and time can use logging. Fixes bug 31615; bugfix + on 0.4.0.1-alpha. + + o Minor bugfixes (testing): + - Avoid intermittent test failures due to a test that had relied on + inconsistent timing sources. Fixes bug 31995; bugfix + on 0.3.1.3-alpha. + - When testing port rebinding, don't busy-wait for tor to log. + Instead, actually sleep for a short time before polling again. + Also improve the formatting of control commands and log messages. + Fixes bug 31837; bugfix on 0.3.5.1-alpha. + - Teach the util/socketpair_ersatz test to work correctly when we + have no network stack configured. Fixes bug 30804; bugfix + on 0.2.5.1-alpha. + + o Minor bugfixes (tests, SunOS): + - Avoid a map_anon_nofork test failure due to a signed/unsigned + integer comparison. Fixes bug 31897; bugfix on 0.4.1.1-alpha. + + o Minor bugfixes (tls, logging): + - Log bugs about the TLS read buffer's length only once, rather than + filling the logs with similar warnings. Fixes bug 31939; bugfix + on 0.3.0.4-rc. + + o Minor bugfixes (v2 single onion services): + - Always retry v2 single onion service intro and rend circuits with + a 3-hop path. Previously, v2 single onion services used a 3-hop + path when rendezvous circuits were retried after a remote or + delayed failure, but a 1-hop path for immediate retries. Fixes bug + 23818; bugfix on 0.2.9.3-alpha. + + o Minor bugfixes (v3 onion services): + - When cleaning up intro circuits for a v3 onion service, don't + remove circuits that have an established or pending circuit, even + if they ran out of retries. This way, we don't remove a circuit on + its last retry. Fixes bug 31652; bugfix on 0.3.2.1-alpha. + + o Minor bugfixes (v3 single onion services): + - Always retry v3 single onion service intro and rend circuits with + a 3-hop path. Previously, v3 single onion services used a 3-hop + path when rend circuits were retried after a remote or delayed + failure, but a 1-hop path for immediate retries. Fixes bug 23818; + bugfix on 0.3.2.1-alpha. + - Make v3 single onion services fall back to a 3-hop intro, when all + intro points are unreachable via a 1-hop path. Previously, v3 + single onion services failed when all intro nodes were unreachable + via a 1-hop path. Fixes bug 23507; bugfix on 0.3.2.1-alpha. + + o Code simplification and refactoring: + - Refactor connection_control_process_inbuf() to reduce the size of + a practracker exception. Closes ticket 31840. + - Refactor the microdescs_parse_from_string() function into smaller + pieces, for better comprehensibility. Closes ticket 31675. + - Use SEVERITY_MASK_IDX() to find the LOG_* mask indexes in the unit + tests and fuzzers, rather than using hard-coded values. Closes + ticket 31334. + - Interface for function `decrypt_desc_layer` cleaned up. Closes + ticket 31589. + + o Documentation: + - Correct the description of "GuardLifetime". Fixes bug 31189; + bugfix on 0.3.0.1-alpha. + - Make clear in the man page, in both the bandwidth section and the + AccountingMax section, that Tor counts in powers of two, not + powers of ten: 1 GByte is 1024*1024*1024 bytes, not one billion + bytes. Resolves ticket 32106. + - Document the signal-safe logging behaviour in the tor man page. + Also add some comments to the relevant functions. Closes + ticket 31839. + - Explain why we can't destroy the backtrace buffer mutex. Explain + why we don't need to destroy the log mutex. Closes ticket 31736. + - The Tor source code repository now includes a (somewhat dated) + description of Tor's modular architecture, in doc/HACKING/design. + This is based on the old "tor-guts.git" repository, which we are + adopting and superseding. Closes ticket 31849. + - Improve documentation in circuit padding subsystem. Patch by + Tobias Pulls. Closes ticket 31113. + - Include an example usage for IPv6 ORPort in our sample torrc. + Closes ticket 31320; patch from Ali Raheem. + - Use RFC 2397 data URL scheme to embed an image into tor-exit- + notice.html so that operators no longer have to host it + themselves. Closes ticket 31089. + + o Removed features: + - No longer include recommended package digests in votes as detailed + in proposal 301. The RecommendedPackages torrc option is + deprecated and will no longer have any effect. "package" lines + will still be considered when computing consensuses for consensus + methods that include them. (This change has no effect on the list + of recommended Tor versions, which is still in use.) Closes + ticket 29738. + - Remove torctl.in from contrib/dist directory. Resolves + ticket 30550. + + o Testing: + - Require C99 standards-conforming code in Travis CI, but allow GNU + gcc extensions. Also activates clang's -Wtypedef-redefinition + warnings. Build some jobs with -std=gnu99, and some jobs without. + Closes ticket 32500. + - Run shellcheck for all non-third-party shell scripts that are + shipped with Tor. Closes ticket 29533. + - When checking shell scripts, ignore any user-created directories. + Closes ticket 30967. + + o Code simplification and refactoring (config handling): + - Extract our variable manipulation code from confparse.c to a new + lower-level typedvar.h module. Closes ticket 30864. + - Lower another layer of object management from confparse.c to a + more general tool. Now typed structure members are accessible via + an abstract type. Implements ticket 30914. + - Move our backend logic for working with configuration and state + files into a lower-level library, since it no longer depends on + any tor-specific functionality. Closes ticket 31626. + - Numerous simplifications in configuration-handling logic: remove + duplicated macro definitions, replace magical names with flags, + and refactor "TestingTorNetwork" to use the same default-option + logic as the rest of Tor. Closes ticket 30935. + - Replace our ad-hoc set of flags for configuration variables and + configuration variable types with fine-grained orthogonal flags + corresponding to the actual behavior we want. Closes ticket 31625. + + o Code simplification and refactoring (misc): + - Eliminate some uses of lower-level control reply abstractions, + primarily in the onion_helper functions. Closes ticket 30889. + - Rework bootstrap tracking to use the new publish-subscribe + subsystem. Closes ticket 29976. + - Rewrite format_node_description() and router_get_verbose_nickname() + to use strlcpy() and strlcat(). The previous implementation used + memcpy() and pointer arithmetic, which was error-prone. Closes + ticket 31545. This is CID 1452819. + - Split extrainfo_dump_to_string() into smaller functions. Closes + ticket 30956. + - Use the ptrdiff_t type consistently for expressing variable + offsets and pointer differences. Previously we incorrectly (but + harmlessly) used int and sometimes off_t for these cases. Closes + ticket 31532. + - Use the subsystems mechanism to manage the main event loop code. + Closes ticket 30806. + - Various simplifications and minor improvements to the circuit + padding machines. Patch by Tobias Pulls. Closes tickets 31112 + and 31098. + + o Documentation (hard-coded directories): + - Improve the documentation for the DirAuthority and FallbackDir + torrc options. Closes ticket 30955. + + o Documentation (tor.1 man page): + - Fix typo in tor.1 man page: the option is "--help", not "-help". + Fixes bug 31008; bugfix on 0.2.2.9-alpha. + + o Testing (continuous integration): + - Use Ubuntu Bionic images for our Travis CI builds, so we can get a + recent version of coccinelle. But leave chutney on Ubuntu Trusty, + until we can fix some Bionic permissions issues (see ticket + 32240). Related to ticket 31919. + - Install the mingw OpenSSL package in Appveyor. This makes sure + that the OpenSSL headers and libraries match in Tor's Appveyor + builds. (This bug was triggered by an Appveyor image update.) + Fixes bug 32449; bugfix on 0.3.5.6-rc. + - In Travis, use Xcode 11.2 on macOS 10.14. Closes ticket 32241. + + Changes in version 0.4.1.6 - 2019-09-19 This release backports several bugfixes to improve stability and correctness. Anyone experiencing build problems or crashes with 0.4.1.5, diff --git a/changes/bug16016 b/changes/bug16016 deleted file mode 100644 index 313ef672e9..0000000000 --- a/changes/bug16016 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (logging): - - Downgrade a noisy log message that could occur naturally when - receiving an extrainfo document that we no longer want. - Fixes bug 16016; bugfix on 0.2.6.3-alpha. diff --git a/changes/bug29819 b/changes/bug29819 deleted file mode 100644 index d37ac83d66..0000000000 --- a/changes/bug29819 +++ /dev/null @@ -1,8 +0,0 @@ - o Minor bugfixes (linux seccomp sandbox): - - Correct how we use libseccomp. Particularly, stop assuming that - rules are applied in a particular order or that more rules are - processed after the first match. Neither is the case! In libseccomp - <2.4.0 this lead to some rules having no effect. Libseccomp 2.4.0 - changed how rules are generated leading to a different ordering - which in turn lead to a fatal crash during startup. Fixes bug - 29819; bugfix on 0.2.5.1-alpha. Patch by Peter Gerber. diff --git a/changes/bug30344 b/changes/bug30344 deleted file mode 100644 index 37561bf944..0000000000 --- a/changes/bug30344 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (connection): - - Avoid reading data from closed connections, which can cause needless - loops in libevent and infinite loops in Shadow. Fixes bug 30344; bugfix - on 0.1.1.1-alpha. diff --git a/changes/bug31335 b/changes/bug31335 deleted file mode 100644 index f633cf8b24..0000000000 --- a/changes/bug31335 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (code quality): - - Fix "make check-includes" so it runs correctly on out-of-tree builds. - Fixes bug 31335; bugfix on 0.3.5.1-alpha. diff --git a/changes/bug31652 b/changes/bug31652 deleted file mode 100644 index c4eca7994a..0000000000 --- a/changes/bug31652 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (onion services): - - When we clean up intro circuits for a v3 onion service, don't remove - circuits that have an established or pending circuit even if ran out of - retries. This way, we don't cleanup the circuit of the last retry. Fixes - bug 31652; bugfix on 0.3.2.1-alpha. diff --git a/changes/bug31734 b/changes/bug31734 deleted file mode 100644 index ce989ea5db..0000000000 --- a/changes/bug31734 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (error handling): - - Always lock the backtrace buffer before it is used. - Fixes bug 31734; bugfix on 0.2.5.3-alpha. diff --git a/changes/bug31810 b/changes/bug31810 deleted file mode 100644 index 628d12f09b..0000000000 --- a/changes/bug31810 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (process management): - - Remove assertion in the Unix process backend. This assertion would trigger - when a new process is spawned where the executable is not found leading to - a stack trace from the child process. Fixes bug 31810; bugfix on 0.4.0.1-alpha. diff --git a/changes/bug31837 b/changes/bug31837 deleted file mode 100644 index 0f976edfe0..0000000000 --- a/changes/bug31837 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (testing): - - When testing port rebinding, don't busy-wait for tor to log. Instead, - actually sleep for a short time before polling again. Also improve the - formatting of control commands and log messages. - Fixes bug 31837; bugfix on 0.3.5.1-alpha. diff --git a/changes/bug31922 b/changes/bug31922 deleted file mode 100644 index e6f31ce66a..0000000000 --- a/changes/bug31922 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (configuration): - - When pkg-config is not installed, or a library that depends on - pkg-config is not found, tell the user what to do to fix the - problem. Fixes bug 31922; bugfix on 0.3.1.1-alpha. diff --git a/changes/bug31939 b/changes/bug31939 deleted file mode 100644 index a36ea495d6..0000000000 --- a/changes/bug31939 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (tls, logging): - - Log TLS read buffer length bugs once, rather than filling the logs - with similar warnings. Fixes bug 31939; bugfix on 0.3.0.4-rc. diff --git a/changes/bug31995 b/changes/bug31995 deleted file mode 100644 index c7ddd437a6..0000000000 --- a/changes/bug31995 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (testing): - - Avoid intermittent test failures due to a test that had relied on - inconsistent timing sources. Fixes bug 31995; bugfix on 0.3.1.3-alpha. diff --git a/changes/bug32106 b/changes/bug32106 deleted file mode 100644 index c6e8e95860..0000000000 --- a/changes/bug32106 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features (documentation): - - Make clear in the man page, in both the bandwidth section and the - accountingmax section, that Tor counts in powers of two, not - powers of ten: 1 GByte is 1024*1024*1024 bytes, not one billion - bytes. Resolves ticket 32106. diff --git a/changes/bug32108 b/changes/bug32108 deleted file mode 100644 index 2806fa3e5d..0000000000 --- a/changes/bug32108 +++ /dev/null @@ -1,8 +0,0 @@ - o Major bugfixes (relay): - - Relays now respect their AccountingMax bandwidth again. When relays - entered "soft" hibernation (which typically starts when we've hit - 90% of our AccountingMax), we had stopped checking whether we should - enter hard hibernation. Soft hibernation refuses new connections and - new circuits, but the existing circuits can continue, meaning that - relays could have exceeded their configured AccountingMax. Fixes - bug 32108; bugfix on 0.4.0.1-alpha. diff --git a/changes/bug32124 b/changes/bug32124 deleted file mode 100644 index 164b33c7e3..0000000000 --- a/changes/bug32124 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes (build system): - - Stop failing when jemalloc is requested, but tcmalloc is not found. - Fixes bug 32124; bugfix on 0.3.5.1-alpha. - - Interpret --disable-module-dirauth=no correctly. - Fixes bug 32124; bugfix on 0.3.4.1-alpha. - - Interpret --with-tcmalloc=no correctly. - Fixes bug 32124; bugfix on 0.2.0.20-rc. diff --git a/changes/bug32295 b/changes/bug32295 deleted file mode 100644 index e5e5a4399d..0000000000 --- a/changes/bug32295 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (configuration): - - Log the option name when skipping an obsolete option. - Fixes bug 32295; bugfix on 0.4.2.1-alpha. diff --git a/changes/bug32402 b/changes/bug32402 deleted file mode 100644 index 0654389be3..0000000000 --- a/changes/bug32402 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (shellcheck): - - Start checking most scripts for shellcheck errors again. - Fixes bug 32402; bugfix on 0.4.2.1-alpha. diff --git a/changes/bug32402_git_scripts b/changes/bug32402_git_scripts deleted file mode 100644 index 2b10a8998a..0000000000 --- a/changes/bug32402_git_scripts +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (shellcheck): - - Fix minor shellcheck errors in the git-*.sh scripts. - Fixes bug 32402; bugfix on 0.4.2.1-alpha. diff --git a/changes/bug32449 b/changes/bug32449 deleted file mode 100644 index 213d8a1014..0000000000 --- a/changes/bug32449 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (CI, appveyor): - - Install the mingw OpenSSL package in Appveyor. This makes sure that - the OpenSSL headers and libraries match in Tor's Appveyor builds. - (This bug was triggered by an Appveyor image update.) - Fixes bug 32449; bugfix on 0.3.5.6-rc. diff --git a/changes/bug32753 b/changes/bug32753 deleted file mode 100644 index 6f59c7729d..0000000000 --- a/changes/bug32753 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (bridges): - - Lowercase the value of BridgeDistribution from torrc before adding it to - the descriptor. Fixes bug 32753; bugfix on 0.3.2.3-alpha. diff --git a/changes/bug32771 b/changes/bug32771 deleted file mode 100644 index 606bcf4be4..0000000000 --- a/changes/bug32771 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (logging, crash): - - Avoid a possible crash when trying to log a (fatal) assertion failure - about mismatched magic numbers in configuration objects. Fixes bug 32771; - bugfix on 0.4.2.1-alpha. diff --git a/changes/bug32778 b/changes/bug32778 deleted file mode 100644 index ccb6104692..0000000000 --- a/changes/bug32778 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (windows service): - - Initialize publish/subscribe system when running as a windows service. - Fixes bug 32778; bugfix on 0.4.1.1-alpha. diff --git a/changes/bug32841 b/changes/bug32841 deleted file mode 100644 index 48568f6a61..0000000000 --- a/changes/bug32841 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (linux seccomp sandbox): - - Fix crash when reloading logging configuration while the - experimental sandbox is enabled. Fixes bug 32841; bugfix - on 0.4.1.7. Patch by Peter Gerber. diff --git a/changes/bug32884 b/changes/bug32884 deleted file mode 100644 index 9ab1d24464..0000000000 --- a/changes/bug32884 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (embedded Tor): - - When starting Tor any time after the first time in a process, register - the thread in which it is running as the main thread. Previously, we - only did this on Windows, which could lead to bugs like 23081 on - non-Windows platforms. Fixes bug 32884; bugfix on 0.3.3.1-alpha. diff --git a/changes/bug33032 b/changes/bug33032 deleted file mode 100644 index 0c665f25df..0000000000 --- a/changes/bug33032 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (key portability): - - When reading PEM-encoded key data, tolerate CRLF line-endings even if - we are not running on Windows. Previously, non-Windows hosts - would reject these line-endings in certain positions, making - certain key files hard to move from one host to another. - Fixes bug 33032; bugfix on 0.3.5.1-alpha. diff --git a/changes/bug33087 b/changes/bug33087 deleted file mode 100644 index 7acf72a835..0000000000 --- a/changes/bug33087 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (logging): - - Stop closing stderr and stdout during shutdown. Closing these file - descriptors can hide sanitiser logs. - Fixes bug 33087; bugfix on 0.4.1.6. diff --git a/changes/bug33093_logging b/changes/bug33093_logging deleted file mode 100644 index e26e4a64af..0000000000 --- a/changes/bug33093_logging +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (logging): - - If we encounter a bug when flushing a buffer to a TLS connection, - only log the bug once per invocation of the Tor process. Previously we - would log with every occurrence, which could cause us to run out of - disk space. Fixes bug 33093; bugfix on 0.3.2.2-alpha. diff --git a/changes/bug33095_041 b/changes/bug33095_041 deleted file mode 100644 index 7d1f04e279..0000000000 --- a/changes/bug33095_041 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (logging, bug reporting): - - When logging a bug, do not say "Future instances of this warning - will be silenced" unless we are actually going to do - so. Previously we would say this whenever a BUG() check failed in - the code. Fixes bug 33095; bugfix on 0.4.1.1-alpha. diff --git a/changes/bug33104 b/changes/bug33104 deleted file mode 100644 index b5478df108..0000000000 --- a/changes/bug33104 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (controller): - - When receiving "ACTIVE" or "DORMANT" signals on the control port, - report them as SIGNAL events. Fixes bug 33104; bugfix on - 0.4.0.1-alpha. diff --git a/changes/bug33119 b/changes/bug33119 deleted file mode 100644 index c976654b26..0000000000 --- a/changes/bug33119 +++ /dev/null @@ -1,4 +0,0 @@ - o Major bugfixes (NSS): - - Fix out-of-bound memory access in `tor_tls_cert_matches_key()` when Tor is - compiled with NSS support. Fixes bug 33119; bugfix on 0.3.5.1-alpha. This - issue is also tracked as TROVE-2020-001. diff --git a/changes/bug33673 b/changes/bug33673 deleted file mode 100644 index 37c00f2e6e..0000000000 --- a/changes/bug33673 +++ /dev/null @@ -1,6 +0,0 @@ - o Testing: - - In our Appveyor Windows CI, copy required DLLs to test and app, before - running tor's tests. This ensures that tor.exe and test*.exe use the - correct version of each DLL. This fix is not required, but we hope it - will avoid DLL search issues in future. - Fixes bug 33673; bugfix on 0.3.4.2-alpha. diff --git a/changes/bug34077 b/changes/bug34077 deleted file mode 100644 index 29458bd9de..0000000000 --- a/changes/bug34077 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (compiler warnings): - - Fix compilation warnings with GCC 10.0.1. Fixes bug 34077; bugfix on - 0.4.0.3-alpha. diff --git a/changes/bug34078 b/changes/bug34078 deleted file mode 100644 index 1015d24547..0000000000 --- a/changes/bug34078 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (compiler compatibility): - - Avoid compiler warnings from Clang 10 related to the use of - GCC-style "/* falls through */" comments. Both Clang and GCC allow - __attribute__((fallthrough)) instead, so that's what we're using now. - Fixes bug 34078; bugfix on 0.3.1.3-alpha. diff --git a/changes/bug34303 b/changes/bug34303 deleted file mode 100644 index dce57f4646..0000000000 --- a/changes/bug34303 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (client performance): - - Resume being willing to use preemptively-built circuits when - UseEntryGuards is set to 0. We accidentally disabled this feature - with that config setting, leading to slower load times. Fixes bug - 34303; bugfix on 0.3.3.2-alpha. diff --git a/changes/bug40028 b/changes/bug40028 deleted file mode 100644 index cfd1ffe516..0000000000 --- a/changes/bug40028 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (compiler warnings): - - Fix a compiler warning on platforms with 32-bit time_t values. - Fixes bug 40028; bugfix on 0.3.2.8-rc. diff --git a/changes/geoip-2019-11-06 b/changes/geoip-2019-11-06 deleted file mode 100644 index a470981012..0000000000 --- a/changes/geoip-2019-11-06 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (geoip): - - Update geoip and geoip6 to the November 6 2019 Maxmind GeoLite2 - Country database. Closes ticket 32440. - diff --git a/changes/geoip-2019-12-03 b/changes/geoip-2019-12-03 deleted file mode 100644 index ea62b6ee89..0000000000 --- a/changes/geoip-2019-12-03 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (geoip): - - Update geoip and geoip6 to the December 3 2019 Maxmind GeoLite2 - Country database. Closes ticket 32685. - diff --git a/changes/ticket28970 b/changes/ticket28970 deleted file mode 100644 index 138c575fcc..0000000000 --- a/changes/ticket28970 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (clietn, hidden service v3): - - Fix a BUG() assertion that occurs within a very small race window between - a client intro circuit opens and its descriptor that gets cleaned up from - the cache. The circuit is now closed which will trigger a re-fetch of the - descriptor and continue the HS connection. Fixes bug 28970; bugfix on - 0.3.2.1-alpha. diff --git a/changes/ticket28992 b/changes/ticket28992 deleted file mode 100644 index 3e45d73e45..0000000000 --- a/changes/ticket28992 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (onion service v3, client): - - Remove a BUG() that is causing a stacktrace for a situation that very - rarely happens but still can. Fixes bug 28992; bugfix on 0.3.2.1-alpha. diff --git a/changes/ticket29669 b/changes/ticket29669 deleted file mode 100644 index f7e98a16ce..0000000000 --- a/changes/ticket29669 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor feature (hidden service, control port): - - The ADD_ONION key blob keyword "BEST" now defaults from RSA1024 (v2) to - ED25519-V3 (v3). Closes ticket 29669. diff --git a/changes/ticket30860 b/changes/ticket30860 deleted file mode 100644 index b946f735c4..0000000000 --- a/changes/ticket30860 +++ /dev/null @@ -1,3 +0,0 @@ - o Testing: - - Run the chutney IPv6 networks as part of Travis CI. - Closes ticket 30860. diff --git a/changes/ticket31091 b/changes/ticket31091 deleted file mode 100644 index 3cb9a2c37b..0000000000 --- a/changes/ticket31091 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (pluggable transports): - - Remove overly strict assertions that triggers when a pluggable transport - is spawned in an unsuccessful manner. Fixes bug 31091; bugfix on 0.4.0.1-alpha. diff --git a/changes/ticket31189 b/changes/ticket31189 deleted file mode 100644 index 318941c794..0000000000 --- a/changes/ticket31189 +++ /dev/null @@ -1,3 +0,0 @@ - o Documentation: - - Correct the description of "GuardLifetime". Fixes bug 31189; bugfix on - 0.3.0.1-alpha. diff --git a/changes/ticket31548 b/changes/ticket31548 deleted file mode 100644 index fef0b5d01f..0000000000 --- a/changes/ticket31548 +++ /dev/null @@ -1,7 +0,0 @@ - o Major bugfixes (hidden service v3): - - Make onion service always use the exact amount of configured intro points - (or less due to node exlusion). Before, a service could sometimes pick - more intro points than configured with the - HiddenServiceNumIntroductionPoints option. Fixes bug 31548; bugfix on - 0.3.2.1-alpha. - diff --git a/changes/ticket31682 b/changes/ticket31682 deleted file mode 100644 index 9777dec1f3..0000000000 --- a/changes/ticket31682 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (hidden service v3, coverity): - - Fix an implicit conversion from ssize_t to size_t discovered by Coverity. - Fixes bug 31682; bugfix on 0.4.2.1-alpha. diff --git a/changes/ticket31841 b/changes/ticket31841 deleted file mode 100644 index 6e7fbc1da1..0000000000 --- a/changes/ticket31841 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features (testing): - - When running tests that attempt to look up hostname, replace the libc - name lookup functions with ones that do not actually touch the network. - This way, the tests complete more quickly in the presence of a slow or - missing DNS resolver. Closes ticket 31841. diff --git a/changes/ticket31859 b/changes/ticket31859 deleted file mode 100644 index dbc591e00b..0000000000 --- a/changes/ticket31859 +++ /dev/null @@ -1,3 +0,0 @@ - o Testing: - - Simplify the Travis CI build matrix, and optimise for build time. - Closes ticket 31859. diff --git a/changes/ticket31919_bionic b/changes/ticket31919_bionic deleted file mode 100644 index eb41644555..0000000000 --- a/changes/ticket31919_bionic +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features (continuous integration): - - Use Ubuntu Bionic images for our Travis CI builds, so we can get - a recent version of coccinelle. But leave chutney on Ubuntu Trusty, - until we can fix some Bionic permissions issues (see ticket 32240). - Related to ticket 31919. diff --git a/changes/ticket31958 b/changes/ticket31958 deleted file mode 100644 index 8206064dfe..0000000000 --- a/changes/ticket31958 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (directory): - - When checking if a directory connection is anonymous, test if the circuit - was marked for close before looking at its channel. This avoids a BUG() - stacktrace in case it was previously closed. Fixes bug 31958; bugfix on - 0.4.2.1-alpha. diff --git a/changes/ticket32058 b/changes/ticket32058 deleted file mode 100644 index b40bcda416..0000000000 --- a/changes/ticket32058 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (mainloop, periodic events): - - Periodic events enabled flag was not unset properly when shutting down tor - cleanly. This had the side effect to not re-enable periodic events when - tor_api.h is used to relaunch tor after a shutdown. Fixes bug 32058; - bugfix on 0.3.3.1-alpha. diff --git a/changes/ticket32063 b/changes/ticket32063 deleted file mode 100644 index 2c0246917c..0000000000 --- a/changes/ticket32063 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (hs-v3, memory leak): - - Fix memory leak in unlikely error code path when encoding HS DoS establish - intro extension cell. Fixes bug 32063; bugfix on 0.4.2.1-alpha. diff --git a/changes/ticket32086 b/changes/ticket32086 deleted file mode 100644 index b9312c2bea..0000000000 --- a/changes/ticket32086 +++ /dev/null @@ -1,3 +0,0 @@ - o Testing: - - Use Windows Server 2019 instead of Windows Server 2016 in our - Appveyor builds. Closes ticket 32086. diff --git a/changes/ticket32191 b/changes/ticket32191 deleted file mode 100644 index 6988328115..0000000000 --- a/changes/ticket32191 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (build system): - - Make pkg-config use --prefix when cross-compiling, if PKG_CONFIG_PATH - is not set. Closes ticket 32191. diff --git a/changes/ticket32240 b/changes/ticket32240 deleted file mode 100644 index 35cc3df27e..0000000000 --- a/changes/ticket32240 +++ /dev/null @@ -1,4 +0,0 @@ - o Testing: - - Turn off Tor's Sandbox in Chutney jobs, and run those jobs on Ubuntu - Bionic. Turning off the Sandbox is a work-around, until we fix the - sandbox errors in 32722. Closes ticket 32240. diff --git a/changes/ticket32241 b/changes/ticket32241 deleted file mode 100644 index 4243cec175..0000000000 --- a/changes/ticket32241 +++ /dev/null @@ -1,2 +0,0 @@ - o Testing (continuous integration): - - In Travis, use Xcode 11.2 on macOS 10.14. Closes ticket 32241. diff --git a/changes/ticket32242 b/changes/ticket32242 deleted file mode 100644 index d63d5a586e..0000000000 --- a/changes/ticket32242 +++ /dev/null @@ -1,2 +0,0 @@ - o Testing (continuous integration): - - Use zstd in our Travis Linux builds. Closes ticket 32242. diff --git a/changes/ticket32407 b/changes/ticket32407 deleted file mode 100644 index badb09abfe..0000000000 --- a/changes/ticket32407 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (crash): - - When running Tor with an option like --verify-config or --dump-config - that does not start the event loop, avoid crashing if we try to exit - early because of an error. Fixes bug 32407; bugfix on 0.3.3.1-alpha. diff --git a/changes/ticket32500 b/changes/ticket32500 deleted file mode 100644 index 2c0f35df72..0000000000 --- a/changes/ticket32500 +++ /dev/null @@ -1,5 +0,0 @@ - o Testing: - - Require C99 standards-conforming code in Travis CI, but allow GNU gcc - extensions. Also activates clang's -Wtypedef-redefinition warnings. - Build some jobs with -std=gnu99, and some jobs without. - Closes ticket 32500. diff --git a/changes/ticket32629 b/changes/ticket32629 deleted file mode 100644 index 740746c572..0000000000 --- a/changes/ticket32629 +++ /dev/null @@ -1,4 +0,0 @@ - o Testing: - - Re-enable the Travis CI macOS Chutney build, but allow the job to finish - before it finishes, because the Travis macOS jobs are slow. - Closes ticket 32629. diff --git a/changes/ticket32705_disable b/changes/ticket32705_disable deleted file mode 100644 index 6d5b0779ab..0000000000 --- a/changes/ticket32705_disable +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes (testing): - - When TOR_DISABLE_PRACTRACKER is set, do not apply it to the - test_practracker.sh script. Doing so caused a test failure. - Fixes bug 32705; bugfix on 0.4.2.1-alpha. - - When TOR_DISABLE_PRACTRACKER is set, log a notice to stderr - when skipping practracker checks. - Fixes bug 32705; bugfix on 0.4.2.1-alpha. diff --git a/changes/ticket32765 b/changes/ticket32765 deleted file mode 100644 index a9663a5df3..0000000000 --- a/changes/ticket32765 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (correctness checks): - - Use GCC/Clang's printf-checking feature to make sure that - tor_assertf() arguments are correctly typed. Fixes bug 32765; - bugfix on 0.4.1.1-alpha. diff --git a/changes/ticket32792 b/changes/ticket32792 deleted file mode 100644 index 553cf0ca81..0000000000 --- a/changes/ticket32792 +++ /dev/null @@ -1,3 +0,0 @@ - o Testing: - - When a Travis chutney job fails, use chutney's new "diagnostics.sh" tool - to produce detailed diagnostic output. Closes ticket 32792. diff --git a/changes/ticket33029 b/changes/ticket33029 deleted file mode 100644 index c32ee4ad84..0000000000 --- a/changes/ticket33029 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes (directory authority): - - Directory authorities will now send a 503 (not enough bandwidth) code to - clients when under bandwidth pressure. Known relays and other authorities - will always be answered regardless of the bandwidth situation. Fixes bug - 33029; bugfix on 0.1.2.5-alpha. diff --git a/changes/ticket33075 b/changes/ticket33075 deleted file mode 100644 index 69698d90b3..0000000000 --- a/changes/ticket33075 +++ /dev/null @@ -1,4 +0,0 @@ - o Testing: - - Stop allowing failures on the Travis CI stem tests job. It looks like all - the stem hangs we were seeing are now fixed, but let's make sure we see - them if they happen again. Closes ticket 33075. diff --git a/changes/ticket33119 b/changes/ticket33119 deleted file mode 100644 index 11c20bc7a2..0000000000 --- a/changes/ticket33119 +++ /dev/null @@ -1,8 +0,0 @@ - o Major bugfixes (security, denial-of-service): - - Fix a denial-of-service bug that could be used by anyone to consume a - bunch of CPU on any Tor relay or authority, or by directories to - consume a bunch of CPU on clients or hidden services. Because - of the potential for CPU consumption to introduce observable - timing patterns, we are treating this as a high-severity security - issue. Fixes bug 33119; bugfix on 0.2.1.5-alpha. We are also tracking - this issue as TROVE-2020-002. diff --git a/changes/ticket33194 b/changes/ticket33194 deleted file mode 100644 index b87e55348e..0000000000 --- a/changes/ticket33194 +++ /dev/null @@ -1,4 +0,0 @@ - o Testing: - - Remove a redundant distcheck job. Closes ticket 33194. - - Sort the Travis jobs in order of speed. Putting the slowest jobs first - takes full advantage of Travis job concurrency. Closes ticket 33194. diff --git a/changes/ticket33195 b/changes/ticket33195 deleted file mode 100644 index 11abd4816e..0000000000 --- a/changes/ticket33195 +++ /dev/null @@ -1,4 +0,0 @@ - o Testing: - - Stop allowing the Chutney IPv6 Travis job to fail. This job was - previously configured to fast_finish (which requires allow_failure), to - speed up the build. Closes ticket 33195. diff --git a/changes/ticket33212 b/changes/ticket33212 deleted file mode 100644 index aeb09e0c67..0000000000 --- a/changes/ticket33212 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (rust, build): - - Fix a syntax warning given by newer versions of Rust, and creating - problems for our continuous integration. - Fixes bug 33212; bugfix on 0.3.5.1-alpha. diff --git a/changes/ticket33290 b/changes/ticket33290 deleted file mode 100644 index 882764020e..0000000000 --- a/changes/ticket33290 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (diagnostic): - - Improve assertions and add some memory-poisoning code to try to track - down possible causes of a rare crash (32564) in the EWMA code. - Closes ticket 33290. diff --git a/changes/ticket33361 b/changes/ticket33361 deleted file mode 100644 index bc9715d6a1..0000000000 --- a/changes/ticket33361 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfix (relay, configuration): - - Now warn if the ContactInfo field is not set and mention that the relay - might get rejected if so. Fixes bug 33361; bugfix on 0.1.1.10-alpha. diff --git a/changes/ticket33491 b/changes/ticket33491 deleted file mode 100644 index 595ea863ea..0000000000 --- a/changes/ticket33491 +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfixes (DoS defenses, bridges, pluggable transport): - - DoS subsystem was not given the transport name of the client connection - when tor is a bridge and thus failing to find the GeoIP cache entry for - that client address. This resulted in failing to apply DoS defenses on - bridges with a pluggable transport. Fixes bug 33491; bugfix on - 0.3.3.2-alpha. diff --git a/changes/ticket33619 b/changes/ticket33619 deleted file mode 100644 index 3c52858b35..0000000000 --- a/changes/ticket33619 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes (circuit padding, memory leaks): - - Avoid a remotely triggered memory leak in the case that a circuit - padding machine is somehow negotiated twice on the same circuit. Fixes - bug 33619; bugfix on 0.4.0.1-alpha. Found by Tobias Pulls. This is - also tracked as TROVE-2020-004. diff --git a/changes/ticket33623 b/changes/ticket33623 deleted file mode 100644 index 528af3ca02..0000000000 --- a/changes/ticket33623 +++ /dev/null @@ -1,2 +0,0 @@ - o Minor feature (sendme, flow control): - - Default on sending SENDME version 1 cells. Closes ticket 33623. diff --git a/changes/ticket33643 b/changes/ticket33643 deleted file mode 100644 index 7fddab74eb..0000000000 --- a/changes/ticket33643 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features (testing): - - The unit tests now support a "TOR_SKIP_TESTCASES" environment variable - to specify a list of space-separated test cases that should not be - executed. We will use this to disable certain tests that are failing on - Appveyor because of mismatched OpenSSL libraries. Part of ticket 33643. diff --git a/changes/ticket33643_part2 b/changes/ticket33643_part2 deleted file mode 100644 index 28193d2af5..0000000000 --- a/changes/ticket33643_part2 +++ /dev/null @@ -1,3 +0,0 @@ - o Testing (CI): - - On appveyor, skip the crypto/openssl_version test, which is failing - because of a mismatched library installation. Fix for 33643. diff --git a/changes/ticket40026 b/changes/ticket40026 deleted file mode 100644 index f87c2964e0..0000000000 --- a/changes/ticket40026 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfix (CI, Windows): - - Don't use stdio 64 bit printf format when compiling with MINGW on - Appveyor. Fixes bug 40026; bugfix on 0.3.5.5-alpha. diff --git a/changes/trove_2020_003 b/changes/trove_2020_003 deleted file mode 100644 index aa1a8f1c78..0000000000 --- a/changes/trove_2020_003 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (onion services v3): - - Fix assertion failure that could result from a corrupted ADD_ONION control - port command. Found by Saibato. Fixes bug 33137; bugfix on - 0.3.3.1-alpha. This issue is also being tracked as TROVE-2020-003. |