diff options
85 files changed, 491 insertions, 419 deletions
@@ -1,3 +1,494 @@ +Changes in version 0.3.2.8-rc - 2017-12-21 + Tor 0.3.2.8-rc fixes a pair of bugs in the KIST and KISTLite + schedulers that had led servers under heavy load to overload their + outgoing connections. All relay operators running earlier 0.3.2.x + versions should upgrade. This version also includes a mitigation for + over-full DESTROY queues leading to out-of-memory conditions: if it + works, we will soon backport it to earlier release series. + + This is the second release candidate in the 0.3.2 series. If we find + no new bugs or regression here, then the first stable 0.3.2 release + will be nearly identical to this. + + o Major bugfixes (KIST, scheduler): + - The KIST scheduler did not correctly account for data already + enqueued in each connection's send socket buffer, particularly in + cases when the TCP/IP congestion window was reduced between + scheduler calls. This situation lead to excessive per-connection + buffering in the kernel, and a potential memory DoS. Fixes bug + 24665; bugfix on 0.3.2.1-alpha. + + o Minor features (geoip): + - Update geoip and geoip6 to the December 6 2017 Maxmind GeoLite2 + Country database. + + o Minor bugfixes (hidden service v3): + - Bump hsdir_spread_store parameter from 3 to 4 in order to increase + the probability of reaching a service for a client missing + microdescriptors. Fixes bug 24425; bugfix on 0.3.2.1-alpha. + + o Minor bugfixes (memory usage): + - When queuing DESTROY cells on a channel, only queue the circuit-id + and reason fields: not the entire 514-byte cell. This fix should + help mitigate any bugs or attacks that fill up these queues, and + free more RAM for other uses. Fixes bug 24666; bugfix + on 0.2.5.1-alpha. + + o Minor bugfixes (scheduler, KIST): + - Use a sane write limit for KISTLite when writing onto a connection + buffer instead of using INT_MAX and shoving as much as it can. + Because the OOM handler cleans up circuit queues, we are better + off at keeping them in that queue instead of the connection's + buffer. Fixes bug 24671; bugfix on 0.3.2.1-alpha. + + +Changes in version 0.3.2.7-rc - 2017-12-14 + Tor 0.3.2.7-rc fixes various bugs in earlier versions of Tor, + including some that could affect reliability or correctness. + + This is the first release candidate in the 0.3.2 series. If we find no + new bugs or regression here, then the first stable 0.3.2. release will + be nearly identical to this. + + o Major bugfixes (circuit prediction): + - Fix circuit prediction logic so that a client doesn't treat a port + as being "handled" by a circuit if that circuit already has + isolation settings on it. This change should make Tor clients more + responsive by improving their chances of having a pre-created + circuit ready for use when a request arrives. Fixes bug 18859; + bugfix on 0.2.3.3-alpha. + + o Minor features (logging): + - Provide better warnings when the getrandom() syscall fails. Closes + ticket 24500. + + o Minor features (portability): + - Tor now compiles correctly on arm64 with libseccomp-dev installed. + (It doesn't yet work with the sandbox enabled.) Closes + ticket 24424. + + o Minor bugfixes (bridge clients, bootstrap): + - Retry directory downloads when we get our first bridge descriptor + during bootstrap or while reconnecting to the network. Keep + retrying every time we get a bridge descriptor, until we have a + reachable bridge. Fixes part of bug 24367; bugfix on 0.2.0.3-alpha. + - Stop delaying bridge descriptor fetches when we have cached bridge + descriptors. Instead, only delay bridge descriptor fetches when we + have at least one reachable bridge. Fixes part of bug 24367; + bugfix on 0.2.0.3-alpha. + - Stop delaying directory fetches when we have cached bridge + descriptors. Instead, only delay bridge descriptor fetches when + all our bridges are definitely unreachable. Fixes part of bug + 24367; bugfix on 0.2.0.3-alpha. + + o Minor bugfixes (compilation): + - Fix a signed/unsigned comparison warning introduced by our fix to + TROVE-2017-009. Fixes bug 24480; bugfix on 0.2.5.16. + + o Minor bugfixes (correctness): + - Fix several places in our codebase where a C compiler would be + likely to eliminate a check, based on assuming that undefined + behavior had not happened elsewhere in the code. These cases are + usually a sign of redundant checking or dubious arithmetic. Found + by Georg Koppen using the "STACK" tool from Wang, Zeldovich, + Kaashoek, and Solar-Lezama. Fixes bug 24423; bugfix on various + Tor versions. + + o Minor bugfixes (onion service v3): + - Fix a race where an onion service would launch a new intro circuit + after closing an old one, but fail to register it before freeing + the previously closed circuit. This bug was making the service + unable to find the established intro circuit and thus not upload + its descriptor, thus making a service unavailable for up to 24 + hours. Fixes bug 23603; bugfix on 0.3.2.1-alpha. + + o Minor bugfixes (scheduler, KIST): + - Properly set the scheduler state of an unopened channel in the + KIST scheduler main loop. This prevents a harmless but annoying + log warning. Fixes bug 24502; bugfix on 0.3.2.4-alpha. + - Avoid a possible integer overflow when computing the available + space on the TCP buffer of a channel. This had no security + implications; but could make KIST allow too many cells on a + saturated connection. Fixes bug 24590; bugfix on 0.3.2.1-alpha. + - Downgrade to "info" a harmless warning about the monotonic time + moving backwards: This can happen on platform not supporting + monotonic time. Fixes bug 23696; bugfix on 0.3.2.1-alpha. + + +Changes in version 0.3.2.6-alpha - 2017-12-01 + This version of Tor is the latest in the 0.3.2 alpha series. It + includes fixes for several important security issues. All Tor users + should upgrade to this release, or to one of the other releases coming + out today. + + o Major bugfixes (security): + - Fix a denial of service bug where an attacker could use a + malformed directory object to cause a Tor instance to pause while + OpenSSL would try to read a passphrase from the terminal. (Tor + instances run without a terminal, which is the case for most Tor + packages, are not impacted.) Fixes bug 24246; bugfix on every + version of Tor. Also tracked as TROVE-2017-011 and CVE-2017-8821. + Found by OSS-Fuzz as testcase 6360145429790720. + - Fix a denial of service issue where an attacker could crash a + directory authority using a malformed router descriptor. Fixes bug + 24245; bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2017-010 + and CVE-2017-8820. + - When checking for replays in the INTRODUCE1 cell data for a + (legacy) onion service, correctly detect replays in the RSA- + encrypted part of the cell. We were previously checking for + replays on the entire cell, but those can be circumvented due to + the malleability of Tor's legacy hybrid encryption. This fix helps + prevent a traffic confirmation attack. Fixes bug 24244; bugfix on + 0.2.4.1-alpha. This issue is also tracked as TROVE-2017-009 + and CVE-2017-8819. + + o Major bugfixes (security, onion service v2): + - Fix a use-after-free error that could crash v2 Tor onion services + when they failed to open circuits while expiring introduction + points. Fixes bug 24313; bugfix on 0.2.7.2-alpha. This issue is + also tracked as TROVE-2017-013 and CVE-2017-8823. + + o Major bugfixes (security, relay): + - When running as a relay, make sure that we never build a path + through ourselves, even in the case where we have somehow lost the + version of our descriptor appearing in the consensus. Fixes part + of bug 21534; bugfix on 0.2.0.1-alpha. This issue is also tracked + as TROVE-2017-012 and CVE-2017-8822. + - When running as a relay, make sure that we never choose ourselves + as a guard. Fixes part of bug 21534; bugfix on 0.3.0.1-alpha. This + issue is also tracked as TROVE-2017-012 and CVE-2017-8822. + + o Minor feature (relay statistics): + - Change relay bandwidth reporting stats interval from 4 hours to 24 + hours in order to reduce the efficiency of guard discovery + attacks. Fixes ticket 23856. + + o Minor features (directory authority): + - Add an IPv6 address for the "bastet" directory authority. Closes + ticket 24394. + + o Minor bugfixes (client): + - By default, do not enable storage of client-side DNS values. These + values were unused by default previously, but they should not have + been cached at all. Fixes bug 24050; bugfix on 0.2.6.3-alpha. + + +Changes in version 0.3.2.5-alpha - 2017-11-22 + Tor 0.3.2.5-alpha is the fifth alpha release in the 0.3.2.x series. It + fixes several stability and reliability bugs, including a fix for + intermittent bootstrapping failures that some people have been seeing + since the 0.3.0.x series. + + Please test this alpha out -- many of these fixes will soon be + backported to stable Tor versions if no additional bugs are found + in them. + + o Major bugfixes (bootstrapping): + - Fetch descriptors aggressively whenever we lack enough to build + circuits, regardless of how many descriptors we are missing. + Previously, we would delay launching the fetch when we had fewer + than 15 missing descriptors, even if some of those descriptors + were blocking circuits from building. Fixes bug 23985; bugfix on + 0.1.1.11-alpha. The effects of this bug became worse in + 0.3.0.3-alpha, when we began treating missing descriptors from our + primary guards as a reason to delay circuits. + - Don't try fetching microdescriptors from relays that have failed + to deliver them in the past. Fixes bug 23817; bugfix + on 0.3.0.1-alpha. + + o Minor features (directory authority): + - Make the "Exit" flag assignment only depend on whether the exit + policy allows connections to ports 80 and 443. Previously relays + would get the Exit flag if they allowed connections to one of + these ports and also port 6667. Resolves ticket 23637. + + o Minor features (geoip): + - Update geoip and geoip6 to the November 6 2017 Maxmind GeoLite2 + Country database. + + o Minor features (linux seccomp2 sandbox): + - Update the sandbox rules so that they should now work correctly + with Glibc 2.26. Closes ticket 24315. + + o Minor features (logging): + - Downgrade a pair of log messages that could occur when an exit's + resolver gave us an unusual (but not forbidden) response. Closes + ticket 24097. + - Improve the message we log when re-enabling circuit build timeouts + after having received a consensus. Closes ticket 20963. + + o Minor bugfixes (compilation): + - Fix a memory leak warning in one of the libevent-related + configuration tests that could occur when manually specifying + -fsanitize=address. Fixes bug 24279; bugfix on 0.3.0.2-alpha. + Found and patched by Alex Xu. + - When detecting OpenSSL on Windows from our configure script, make + sure to try linking with the ws2_32 library. Fixes bug 23783; + bugfix on 0.3.2.2-alpha. + + o Minor bugfixes (control port, linux seccomp2 sandbox): + - Avoid a crash when attempting to use the seccomp2 sandbox together + with the OwningControllerProcess feature. Fixes bug 24198; bugfix + on 0.2.5.1-alpha. + + o Minor bugfixes (control port, onion services): + - Report "FAILED" instead of "UPLOAD_FAILED" "FAILED" for the + HS_DESC event when a service is not able to upload a descriptor. + Fixes bug 24230; bugfix on 0.2.7.1-alpha. + + o Minor bugfixes (directory cache): + - Recover better from empty or corrupt files in the consensus cache + directory. Fixes bug 24099; bugfix on 0.3.1.1-alpha. + - When a consensus diff calculation is only partially successful, + only record the successful parts as having succeeded. Partial + success can happen if (for example) one compression method fails + but the others succeed. Previously we misrecorded all the + calculations as having succeeded, which would later cause a + nonfatal assertion failure. Fixes bug 24086; bugfix + on 0.3.1.1-alpha. + + o Minor bugfixes (logging): + - Only log once if we notice that KIST support is gone. Fixes bug + 24158; bugfix on 0.3.2.1-alpha. + - Suppress a log notice when relay descriptors arrive. We already + have a bootstrap progress for this so no need to log notice + everytime tor receives relay descriptors. Microdescriptors behave + the same. Fixes bug 23861; bugfix on 0.2.8.2-alpha. + + o Minor bugfixes (network layer): + - When closing a connection via close_connection_immediately(), we + mark it as "not blocked on bandwidth", to prevent later calls from + trying to unblock it, and give it permission to read. This fixes a + backtrace warning that can happen on relays under various + circumstances. Fixes bug 24167; bugfix on 0.1.0.1-rc. + + o Minor bugfixes (onion services): + - The introduction circuit was being timed out too quickly while + waiting for the rendezvous circuit to complete. Keep the intro + circuit around longer instead of timing out and reopening new ones + constantly. Fixes bug 23681; bugfix on 0.2.4.8-alpha. + - Rename the consensus parameter "hsdir-interval" to "hsdir_interval" + so it matches dir-spec.txt. Fixes bug 24262; bugfix + on 0.3.1.1-alpha. + - Silence a warning about failed v3 onion descriptor uploads that + can happen naturally under certain edge cases. Fixes part of bug + 23662; bugfix on 0.3.2.1-alpha. + + o Minor bugfixes (tests): + - Fix a memory leak in one of the bridge-distribution test cases. + Fixes bug 24345; bugfix on 0.3.2.3-alpha. + - Fix a bug in our fuzzing mock replacement for crypto_pk_checksig(), + to correctly handle cases where a caller gives it an RSA key of + under 160 bits. (This is not actually a bug in Tor itself, but + rather in our fuzzing code.) Fixes bug 24247; bugfix on + 0.3.0.3-alpha. Found by OSS-Fuzz as issue 4177. + + o Documentation: + - Add notes in man page regarding OS support for the various + scheduler types. Attempt to use less jargon in the scheduler + section. Closes ticket 24254. + + +Changes in version 0.3.2.4-alpha - 2017-11-08 + Tor 0.3.2.4-alpha is the fourth alpha release in the 0.3.2.x series. + It fixes several stability and reliability bugs, especially including + a major reliability issue that has been plaguing fast exit relays in + recent months. + + o Major bugfixes (exit relays, DNS): + - Fix an issue causing DNS to fail on high-bandwidth exit nodes, + making them nearly unusable. Fixes bugs 21394 and 18580; bugfix on + 0.1.2.2-alpha, which introduced eventdns. Thanks to Dhalgren for + identifying and finding a workaround to this bug and to Moritz, + Arthur Edelstein, and Roger for helping to track it down and + analyze it. + + o Major bugfixes (scheduler, channel): + - Stop processing scheduled channels if they closed while flushing + cells. This can happen if the write on the connection fails + leading to the channel being closed while in the scheduler loop. + Fixes bug 23751; bugfix on 0.3.2.1-alpha. + + o Minor features (logging, scheduler): + - Introduce a SCHED_BUG() function to log extra information about + the scheduler state if we ever catch a bug in the scheduler. + Closes ticket 23753. + + o Minor features (removed deprecations): + - The ClientDNSRejectInternalAddresses flag can once again be set in + non-testing Tor networks, so long as they do not use the default + directory authorities. This change also removes the deprecation of + this flag from 0.2.9.2-alpha. Closes ticket 21031. + + o Minor features (testing): + - Our fuzzing tests now test the encrypted portions of v3 onion + service descriptors. Implements more of 21509. + + o Minor bugfixes (directory client): + - On failure to download directory information, delay retry attempts + by a random amount based on the "decorrelated jitter" algorithm. + Our previous delay algorithm tended to produce extra-long delays + too easily. Fixes bug 23816; bugfix on 0.2.9.1-alpha. + + o Minor bugfixes (IPv6, v3 single onion services): + - Remove buggy code for IPv6-only v3 single onion services, and + reject attempts to configure them. This release supports IPv4, + dual-stack, and IPv6-only v3 onion services; and IPv4 and dual- + stack v3 single onion services. Fixes bug 23820; bugfix + on 0.3.2.1-alpha. + + o Minor bugfixes (logging, relay): + - Give only a protocol warning when the ed25519 key is not + consistent between the descriptor and microdescriptor of a relay. + This can happen, for instance, if the relay has been flagged + NoEdConsensus. Fixes bug 24025; bugfix on 0.3.2.1-alpha. + + o Minor bugfixes (manpage, onion service): + - Document that the HiddenServiceNumIntroductionPoints option is + 0-10 for v2 services and 0-20 for v3 services. Fixes bug 24115; + bugfix on 0.3.2.1-alpha. + + o Minor bugfixes (memory leaks): + - Fix a minor memory leak at exit in the KIST scheduler. This bug + should have no user-visible impact. Fixes bug 23774; bugfix + on 0.3.2.1-alpha. + - Fix a memory leak when decrypting a badly formatted v3 onion + service descriptor. Fixes bug 24150; bugfix on 0.3.2.1-alpha. + Found by OSS-Fuzz; this is OSS-Fuzz issue 3994. + + o Minor bugfixes (onion services): + - Cache some needed onion service client information instead of + constantly computing it over and over again. Fixes bug 23623; + bugfix on 0.3.2.1-alpha. + - Properly retry HSv3 descriptor fetches when missing required + directory information. Fixes bug 23762; bugfix on 0.3.2.1-alpha. + + o Minor bugfixes (path selection): + - When selecting relays by bandwidth, avoid a rounding error that + could sometimes cause load to be imbalanced incorrectly. + Previously, we would always round upwards; now, we round towards + the nearest integer. This had the biggest effect when a relay's + weight adjustments should have given it weight 0, but it got + weight 1 instead. Fixes bug 23318; bugfix on 0.2.4.3-alpha. + - When calculating the fraction of nodes that have descriptors, and + all nodes in the network have zero bandwidths, count the number of + nodes instead. Fixes bug 23318; bugfix on 0.2.4.10-alpha. + - Actually log the total bandwidth in compute_weighted_bandwidths(). + Fixes bug 24170; bugfix on 0.2.4.3-alpha. + + o Minor bugfixes (relay, crash): + - Avoid a crash when transitioning from client mode to bridge mode. + Previously, we would launch the worker threads whenever our + "public server" mode changed, but not when our "server" mode + changed. Fixes bug 23693; bugfix on 0.2.6.3-alpha. + + o Minor bugfixes (testing): + - Fix a spurious fuzzing-only use of an uninitialized value. Found + by Brian Carpenter. Fixes bug 24082; bugfix on 0.3.0.3-alpha. + - Test that IPv6-only clients can use microdescriptors when running + "make test-network-all". Requires chutney master 61c28b9 or later. + Closes ticket 24109. + + +Changes in version 0.3.2.3-alpha - 2017-10-27 + Tor 0.3.2.3-alpha is the third release in the 0.3.2 series. It fixes + numerous small bugs in earlier versions of 0.3.2.x, and adds a new + directory authority, Bastet. + + o Directory authority changes: + - Add "Bastet" as a ninth directory authority to the default list. + Closes ticket 23910. + - The directory authority "Longclaw" has changed its IP address. + Closes ticket 23592. + + o Minor features (bridge): + - Bridge relays can now set the BridgeDistribution config option to + add a "bridge-distribution-request" line to their bridge + descriptor, which tells BridgeDB how they'd like their bridge + address to be given out. (Note that as of Oct 2017, BridgeDB does + not yet implement this feature.) As a side benefit, this feature + provides a way to distinguish bridge descriptors from non-bridge + descriptors. Implements tickets 18329. + + o Minor features (client, entry guards): + - Improve log messages when missing descriptors for primary guards. + Resolves ticket 23670. + + o Minor features (geoip): + - Update geoip and geoip6 to the October 4 2017 Maxmind GeoLite2 + Country database. + + o Minor bugfixes (bridge): + - Overwrite the bridge address earlier in the process of retrieving + its descriptor, to make sure we reach it on the configured + address. Fixes bug 20532; bugfix on 0.2.0.10-alpha. + + o Minor bugfixes (documentation): + - Document better how to read gcov, and what our gcov postprocessing + scripts do. Fixes bug 23739; bugfix on 0.2.9.1-alpha. + + o Minor bugfixes (entry guards): + - Tor now updates its guard state when it reads a consensus + regardless of whether it's missing descriptors. That makes tor use + its primary guards to fetch descriptors in some edge cases where + it would previously have used fallback directories. Fixes bug + 23862; bugfix on 0.3.0.1-alpha. + + o Minor bugfixes (hidden service client): + - When handling multiple SOCKS request for the same .onion address, + only fetch the service descriptor once. + - When a descriptor fetch fails with a non-recoverable error, close + all pending SOCKS requests for that .onion. Fixes bug 23653; + bugfix on 0.3.2.1-alpha. + + o Minor bugfixes (hidden service): + - Always regenerate missing hidden service public key files. Prior + to this, if the public key was deleted from disk, it wouldn't get + recreated. Fixes bug 23748; bugfix on 0.3.2.2-alpha. Patch + from "cathugger". + - Make sure that we have a usable ed25519 key when the intro point + relay supports ed25519 link authentication. Fixes bug 24002; + bugfix on 0.3.2.1-alpha. + + o Minor bugfixes (hidden service, v2): + - When reloading configured hidden services, copy all information + from the old service object. Previously, some data was omitted, + causing delays in descriptor upload, and other bugs. Fixes bug + 23790; bugfix on 0.2.1.9-alpha. + + o Minor bugfixes (memory safety, defensive programming): + - Clear the target address when node_get_prim_orport() returns + early. Fixes bug 23874; bugfix on 0.2.8.2-alpha. + + o Minor bugfixes (relay): + - Avoid a BUG warning when receiving a dubious CREATE cell while an + option transition is in progress. Fixes bug 23952; bugfix + on 0.3.2.1-alpha. + + o Minor bugfixes (testing): + - Adjust the GitLab CI configuration to more closely match that of + Travis CI. Fixes bug 23757; bugfix on 0.3.2.2-alpha. + - Prevent scripts/test/coverage from attempting to move gcov output + to the root directory. Fixes bug 23741; bugfix on 0.2.5.1-alpha. + - When running unit tests as root, skip a test that would fail + because it expects a permissions error. This affects some + continuous integration setups. Fixes bug 23758; bugfix + on 0.3.2.2-alpha. + - Stop unconditionally mirroring the tor repository in GitLab CI. + This prevented developers from enabling GitLab CI on master. Fixes + bug 23755; bugfix on 0.3.2.2-alpha. + - Fix the hidden service v3 descriptor decoding fuzzing to use the + latest decoding API correctly. Fixes bug 21509; bugfix + on 0.3.2.1-alpha. + + o Minor bugfixes (warnings): + - When we get an HTTP request on a SOCKS port, tell the user about + the new HTTPTunnelPort option. Previously, we would give a "Tor is + not an HTTP Proxy" message, which stopped being true when + HTTPTunnelPort was introduced. Fixes bug 23678; bugfix + on 0.3.2.1-alpha. + + Changes in version 0.3.2.2-alpha - 2017-09-29 Tor 0.3.2.2-alpha is the second release in the 0.3.2 series. This release fixes several minor bugs in the new scheduler and next- diff --git a/changes/bastet_v6 b/changes/bastet_v6 deleted file mode 100644 index ee4e2c8094..0000000000 --- a/changes/bastet_v6 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (directory authority): - - Add an IPv6 address for the "bastet" directory authority. - Closes ticket 24394. - diff --git a/changes/bug18859 b/changes/bug18859 deleted file mode 100644 index 1fe5bc2107..0000000000 --- a/changes/bug18859 +++ /dev/null @@ -1,7 +0,0 @@ - o Major bugfixes (circuit prediction): - - Fix circuit prediction logic so that a client doesn't treat a stream as - being "handled" by a circuit if that circuit already has isolation - settings on it that might make it incompatible with the stream. This - change should make Tor clients more responsive by improving their - chances of having a pre-created circuit ready for use when a new client - request arrives. Fixes bug 18859; bugfix on 0.2.3.3-alpha. diff --git a/changes/bug20532 b/changes/bug20532 deleted file mode 100644 index 7c190ea032..0000000000 --- a/changes/bug20532 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (bridges): - - Overwrite the bridge address earlier in the process of directly - retrieving its descriptor, to make sure we reach it on the configured - address. Fixes bug 20532; bugfix on 0.2.0.10-alpha. diff --git a/changes/bug20963 b/changes/bug20963 deleted file mode 100644 index a65c58399c..0000000000 --- a/changes/bug20963 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (logging): - - Improve the message we log when re-enabling circuit build timeouts - after having received a consensus. Closes ticket 20963. - diff --git a/changes/bug21394 b/changes/bug21394 deleted file mode 100644 index e5452e20ba..0000000000 --- a/changes/bug21394 +++ /dev/null @@ -1,9 +0,0 @@ - o Major bugfixes (Exit nodes): - - Fix an issue causing high-bandwidth exit nodes to fail a majority - or all of their DNS requests, making them basically unsuitable for - regular usage in Tor circuits. The problem is related to - libevent's DNS handling, but we can work around it in Tor. Fixes - bugs 21394 and 18580; bugfix on 0.1.2.2-alpha which introduced - eventdns. Credit goes to Dhalgren for identifying and finding a - workaround to this bug and to gamambel, arthuredelstein and - arma in helping to track it down and analyze it. diff --git a/changes/bug21509 b/changes/bug21509 deleted file mode 100644 index 593a01ef20..0000000000 --- a/changes/bug21509 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (hidden service v3, fuzzing): - - Fix the hidden service v3 descriptor decoding fuzzing to use the latest - decoding API correctly. Fixes bug 21509; bugfix on 0.3.2.1-alpha. diff --git a/changes/bug23318 b/changes/bug23318 deleted file mode 100644 index 7fcb8d4487..0000000000 --- a/changes/bug23318 +++ /dev/null @@ -1,11 +0,0 @@ - o Minor bugfixes (path selection): - - When selecting relays by bandwidth, avoid a rounding error that - could sometimes cause load to be imbalanced incorrectly. Previously, - we would always round upwards; now, we round towards the nearest - integer. This had the biggest effect when a relay's weight adjustments - should have given it weight 0, but it got weight 1 instead. - Fixes bug 23318; bugfix on 0.2.4.3-alpha. - - When calculating the fraction of nodes that have descriptors, and all - all nodes in the network have zero bandwidths, count the number of nodes - instead. - Fixes bug 23318; bugfix on 0.2.4.10-alpha. diff --git a/changes/bug23603 b/changes/bug23603 deleted file mode 100644 index dfb2052c9a..0000000000 --- a/changes/bug23603 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes (hidden service v3): - - Fix a race between the circuit close and free where the service would - launch a new intro circuit after the close, and then fail to register it - before the free of the previously closed circuit. This was making the - service unable to find the established intro circuit and thus not upload - its descriptor. It can make a service unavailable for up to 24 hours. - Fixes bug 23603; bugfix on 0.3.2.1-alpha. diff --git a/changes/bug23623 b/changes/bug23623 deleted file mode 100644 index 1e2e5c2ac0..0000000000 --- a/changes/bug23623 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (onion services): - - Cache some needed onion service client information instead of - continuously computing it over and over again. Fixes bug 23623; bugfix - on 0.3.2.1-alpha. diff --git a/changes/bug23653 b/changes/bug23653 deleted file mode 100644 index 81760cbb82..0000000000 --- a/changes/bug23653 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes (hidden service client): - - When getting multiple SOCKS request for the same .onion address, don't - trigger multiple descriptor fetches. - - When the descriptor fetch fails with an internal error, no more HSDir to - query or we aren't allowed to fetch (FetchHidServDescriptors 0), close - all pending SOCKS request for that .onion. Fixes bug 23653; bugfix on - 0.3.2.1-alpha. diff --git a/changes/bug23662 b/changes/bug23662 deleted file mode 100644 index 1000bde3d6..0000000000 --- a/changes/bug23662 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (onion services): - - Silence a warning about failed v3 onion descriptor uploads since it can - happen naturally under certain edge-cases. Fixes part of bug 23662; - bugfix on 0.3.2.1-alpha. diff --git a/changes/bug23670 b/changes/bug23670 deleted file mode 100644 index 039bc39478..0000000000 --- a/changes/bug23670 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (entry guards): - - Improve logs issued when we are missing descriptors of primary guards. - Resolves ticket 23670. diff --git a/changes/bug23678 b/changes/bug23678 deleted file mode 100644 index 8138ea71ea..0000000000 --- a/changes/bug23678 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes (warnings): - - When we get an HTTP request on a SOCKS port, tell the user about - the new HTTPTunnelPort option. Previously, we would give a - "Tor is not an HTTP Proxy" message, which stopped being true when - HTTPTunnelPort was introduced. Fixes bug 23678; bugfix on - 0.3.2.1-alpha. - diff --git a/changes/bug23681 b/changes/bug23681 deleted file mode 100644 index e317f36d50..0000000000 --- a/changes/bug23681 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (hidden service client): - - The introduction circuit was being timed out too quickly while waiting - for the rendezvous circuit to complete. Keep the intro circuit around - longer instead of timing out and reopening new ones constantly. Fixes - bug 23681; bugfix on 0.2.4.8-alpha. diff --git a/changes/bug23693 b/changes/bug23693 deleted file mode 100644 index 796398be51..0000000000 --- a/changes/bug23693 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (relay, crash): - - Avoid a crash when transitioning from client mode to bridge mode. - Previously, we would launch the worker threads whenever our "public - server" mode changed, but not when our "server" mode changed. - Fixes bug 23693; bugfix on 0.2.6.3-alpha. - diff --git a/changes/bug23696 b/changes/bug23696 deleted file mode 100644 index c5d18583d4..0000000000 --- a/changes/bug23696 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfix (KIST scheduler): - - Downgrade a warning to log info when the monotonic time diff is - negative. This can happen on platform not supporting monotonic time. The - scheduler recovers from this without any problem. Fixes bug 23696; - bugfix on 0.3.2.1-alpha. diff --git a/changes/bug23739 b/changes/bug23739 deleted file mode 100644 index 3207b5eaf3..0000000000 --- a/changes/bug23739 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (documentation): - - Document better how to read gcov and what our postprocessing scripts do. - Fixes bug 23739; bugfix on 0.2.9.1-alpha. diff --git a/changes/bug23741 b/changes/bug23741 deleted file mode 100644 index 92f06f5270..0000000000 --- a/changes/bug23741 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (testing): - - Prevent scripts/test/coverage from attempting to move gcov - output to the root directory. Fixes bug 23741; bugfix on - 0.2.5.1-alpha. diff --git a/changes/bug23748 b/changes/bug23748 deleted file mode 100644 index 0bd3f3f8ff..0000000000 --- a/changes/bug23748 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (hidden service): - - Always make sure the hidden service generate the public key file if it - is missing. Prior to this, if the public key was deleted from disk, it - wouldn't get recreated. Fixes bug 23748; bugfix on 0.3.2.2-alpha. - Patch from "cathugger". diff --git a/changes/bug23751 b/changes/bug23751 deleted file mode 100644 index 2fd7021664..0000000000 --- a/changes/bug23751 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (scheduler, channel): - - Ignore channels that have been closed while flushing cells. This can - happen if the write on the connection fails leading to the channel being - closed while in the scheduler loop. This is not a complete fix, it is a - bandaid until we are able to refactor those interactions. Fixes bug - 23751; bugfix on 0.3.2.1-alpha. diff --git a/changes/bug23753 b/changes/bug23753 deleted file mode 100644 index 8782a8e2d0..0000000000 --- a/changes/bug23753 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (logging, scheduler): - - Introduce a SCHED_BUG() function to log extra information about the - scheduler state if we ever catch a bug in the scheduler. Closes ticket - 23753. diff --git a/changes/bug23755 b/changes/bug23755 deleted file mode 100644 index 98f0970344..0000000000 --- a/changes/bug23755 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (testing): - - Stop unconditionally mirroring the tor repository in GitLab CI. - This prevented developers from enabling GitLab CI on master. - Fixes bug 23755; bugfix on 0.3.2.2-alpha. diff --git a/changes/bug23757 b/changes/bug23757 deleted file mode 100644 index 02507a0b4d..0000000000 --- a/changes/bug23757 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (testing): - - Adjust the GitLab CI configuration to more closely match that of Travis - CI. Fixes bug 23757; bugfix on 0.3.2.2-alpha. - diff --git a/changes/bug23758 b/changes/bug23758 deleted file mode 100644 index 565791e8f4..0000000000 --- a/changes/bug23758 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (testing): - - Skip a test that would fail if run as root (because it expects a - permissions error). This affects some continuous integration setups. - Fixes bug 23758; bugfix on 0.3.2.2-alpha. diff --git a/changes/bug23762 b/changes/bug23762 deleted file mode 100644 index 741a88e21f..0000000000 --- a/changes/bug23762 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (hidden service v3): - - Properly retry HSv3 descriptor fetches in the case where we were initially - missing required directory information. Fixes bug 23762; bugfix on - 0.3.2.1-alpha. diff --git a/changes/bug23774 b/changes/bug23774 deleted file mode 100644 index 2ea5c0122a..0000000000 --- a/changes/bug23774 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (memory leak): - - Fix a minor memory-leak-at-exit in the KIST scheduler. This - bug should have no user-visible impact. Fixes bug 23774; - bugfix on 0.3.2.1-alpha. diff --git a/changes/bug23783 b/changes/bug23783 deleted file mode 100644 index 98c583a12b..0000000000 --- a/changes/bug23783 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (compilation, windows): - - When detecting OpenSSL on Windows from our configure script, make sure - to try linking with the ws2_32 library. Fixes bug 23783; bugfix on - 0.3.2.2-alpha. - diff --git a/changes/bug23790 b/changes/bug23790 deleted file mode 100644 index 5ebe77f806..0000000000 --- a/changes/bug23790 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (hidden service v2): - - When reloading tor (HUP) configured with hidden service(s), some - information weren't copy to the new service object. One problem with - this was that tor would wait at least the RendPostPeriod time before - uploading the descriptor if the reload happened before the descriptor - needed to be published. Fixes bug 23790; bugfix on 0.2.1.9-alpha. diff --git a/changes/bug23816 b/changes/bug23816 deleted file mode 100644 index 6139dec9e8..0000000000 --- a/changes/bug23816 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (directory client): - - On failure to download directory information, delay retry attempts - by a random amount based on the "decorrelated jitter" algorithm. - Our previous delay algorithm tended to produce extra-long delays too - easily. Fixes bug 23816; bugfix on 0.2.9.1-alpha. - diff --git a/changes/bug23817 b/changes/bug23817 deleted file mode 100644 index 4740942799..0000000000 --- a/changes/bug23817 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (descriptors): - - Don't try fetching microdescriptors from relays that have failed to - deliver them in the past. Fixes bug 23817; bugfix on 0.3.0.1-alpha. diff --git a/changes/bug23820 b/changes/bug23820 deleted file mode 100644 index 4e920d0498..0000000000 --- a/changes/bug23820 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (IPv6, v3 single onion services): - - Remove buggy code for IPv6-only v3 single onion services, and reject - attempts to configure them. This release supports IPv4, dual-stack, and - IPv6-only v3 hidden services; and IPv4 and dual-stack v3 single onion - services. Fixes bug 23820; bugfix on 0.3.2.1-alpha. diff --git a/changes/bug23861 b/changes/bug23861 deleted file mode 100644 index c6f017640d..0000000000 --- a/changes/bug23861 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (logging, relay): - - Suppress a log notice when relay descriptors arrive. We already have a - bootstrap progress for this so no need to log notice everytime tor - receives relay descriptors. Microdescriptors behave the same. Fixes bug - 23861; bugfix on 0.2.8.2-alpha. diff --git a/changes/bug23862 b/changes/bug23862 deleted file mode 100644 index 301ce73672..0000000000 --- a/changes/bug23862 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (entry guards): - - Tor now updates its guard state when it reads a consensus regardless of - whether it's missing descriptors. That makes tor use its primary guards - to fetch descriptors in some edge cases where it would have used fallback - directories in the past. Fixes bug 23862; bugfix on 0.3.0.1-alpha.
\ No newline at end of file diff --git a/changes/bug23874 b/changes/bug23874 deleted file mode 100644 index bf6620553d..0000000000 --- a/changes/bug23874 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (memory safety): - - Clear the address when node_get_prim_orport() returns early. - Fixes bug 23874; bugfix on 0.2.8.2-alpha. diff --git a/changes/bug23952 b/changes/bug23952 deleted file mode 100644 index ab1462e522..0000000000 --- a/changes/bug23952 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (relay): - - Avoid a BUG warning when receiving a dubious CREATE cell while - an option transition is in progress. Fixes bug 23952; bugfix on - 0.3.2.1-alpha. diff --git a/changes/bug23985 b/changes/bug23985 deleted file mode 100644 index 9cb5937962..0000000000 --- a/changes/bug23985 +++ /dev/null @@ -1,9 +0,0 @@ - o Minor bugfixes (bootstrapping): - - Fetch descriptors aggressively whenever we lack enough - to build circuits, regardless of how many descriptors we are missing. - Previously, we would delay launching the fetch when we had fewer than - 15 missing descriptors, even if some of those descriptors were - blocking circuits from building. Fixes bug 23985; bugfix on - 0.1.1.11-alpha. The effects of this bug became worse in 0.3.0.3-alpha, - when we began treating missing descriptors from our primary guards - as a reason to delay circuits. diff --git a/changes/bug24002 b/changes/bug24002 deleted file mode 100644 index cdb6081110..0000000000 --- a/changes/bug24002 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (hidden service): - - Make sure that we have a usable ed25519 key when the intro point relay - does support ed25519 link authentication. We do check for an empty key - when the relay does not support it so this makes it nice and symmetric. - Fixes bug 24002; bugfix on 0.3.2.1-alpha. diff --git a/changes/bug24025 b/changes/bug24025 deleted file mode 100644 index 1d7841af53..0000000000 --- a/changes/bug24025 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (logging, relay): - - Downgrade a warning to a protocol warning in the case the ed25519 key is - not consistent between the descriptor and micro descriptor of a relay. - This can happen for instance if the relay has been flagged - NoEdConsensus. Fixes bug 24025; bugfix on 0.3.2.1-alpha. diff --git a/changes/bug24050 b/changes/bug24050 deleted file mode 100644 index d184a77ac0..0000000000 --- a/changes/bug24050 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (client): - - By default, do not enable storage of client-side DNS values. - These values were unused by default previously, but they should - not have been cached at all. Fixes bug 24050; bugfix on - 0.2.6.3-alpha. diff --git a/changes/bug24082 b/changes/bug24082 deleted file mode 100644 index 1523239351..0000000000 --- a/changes/bug24082 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (testing): - - Fix a spurious fuzzing-only use of an uninitialized value. - Found by Brian Carpenter. Fixes bug 24082; bugfix on 0.3.0.3-alpha. diff --git a/changes/bug24086 b/changes/bug24086 deleted file mode 100644 index 2ae0b37e65..0000000000 --- a/changes/bug24086 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes (directory cache): - - When a consensus diff calculation is only partially successful, only - record the successful parts as having succeeded. Partial success - can happen if (for example) one compression method fails but - the others succeed. Previously we misrecorded all the calculations as - having succeeded, which would later cause a nonfatal assertion failure. - Fixes bug 24086; bugfix on 0.3.1.1-alpha. diff --git a/changes/bug24099 b/changes/bug24099 deleted file mode 100644 index dca3992664..0000000000 --- a/changes/bug24099 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (directory cache): - - Recover better from empty or corrupt files in the consensus cache - directory. Fixes bug 24099; bugfix on 0.3.1.1-alpha. - diff --git a/changes/bug24115 b/changes/bug24115 deleted file mode 100644 index 767f13840b..0000000000 --- a/changes/bug24115 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (manpage, hidden service): - - Mention that the HiddenServiceNumIntroductionPoints option is 0-10 for - v2 service and 0-20 for v3 service. Fixes bug 24115; bugfix on - 0.3.2.1-alpha. diff --git a/changes/bug24150 b/changes/bug24150 deleted file mode 100644 index cfda7c40da..0000000000 --- a/changes/bug24150 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (v3 onion services): - - Fix a memory leak when decrypting a badly formatted v3 onion - service descriptor. Fixes bug 24150; bugfix on 0.3.2.1-alpha. - Found by OSS-Fuzz; this is OSS-Fuzz issue 3994. diff --git a/changes/bug24167 b/changes/bug24167 deleted file mode 100644 index fd0d87efff..0000000000 --- a/changes/bug24167 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes (network layer): - - When closing a connection via close_connection_immediately(), we - mark it as "not blocked on bandwidth", to prevent later calls - from trying to unblock it, and give it permission to read. This - fixes a backtrace warning that can happen on relays under various - circumstances. Fixes bug 24167; bugfix on 0.1.0.1-rc. - diff --git a/changes/bug24170 b/changes/bug24170 deleted file mode 100644 index d3d7347693..0000000000 --- a/changes/bug24170 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (path selection): - - Actually log the total bandwidth in compute_weighted_bandwidths(). - Fixes bug 24170; bugfix on 0.2.4.3-alpha. diff --git a/changes/bug24198 b/changes/bug24198 deleted file mode 100644 index 6790706872..0000000000 --- a/changes/bug24198 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (controller, linux seccomp2 sandbox): - - Avoid a crash when attempting to use the seccomp2 sandbox - together with the OwningControllerProcess feature. - Fixes bug 24198; bugfix on 0.2.5.1-alpha. diff --git a/changes/bug24230 b/changes/bug24230 deleted file mode 100644 index b08c4cde24..0000000000 --- a/changes/bug24230 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (control port, hidden service): - - Control port was reporting the action "UPLOAD_FAILED" instead of - "FAILED" for the HS_DESC event when a service was not able to upload a - descriptor. Fixes bug 24230; bugfix on 0.2.7.1-alpha. diff --git a/changes/bug24247 b/changes/bug24247 deleted file mode 100644 index 1f4ddcdde2..0000000000 --- a/changes/bug24247 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (fuzzing): - - Fix a bug in our fuzzing mock replacement for crypto_pk_checksig(), to - correctly handle cases where a caller gives it an RSA key of under 160 - bits. (This is not actually a bug in Tor itself, but wrather in our - fuzzing code.) Fixes bug 24247; bugfix on 0.3.0.3-alpha. - Found by OSS-Fuzz as issue 4177. diff --git a/changes/bug24262 b/changes/bug24262 deleted file mode 100644 index eee69512e4..0000000000 --- a/changes/bug24262 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (hidden service): - - Fix the consensus parameter "hsdir-interval" to "hsdir_interval" so it - matches the dir-spec.txt. Fixes bug 24262; bugfix on 0.3.1.1-alpha. diff --git a/changes/bug24279 b/changes/bug24279 deleted file mode 100644 index ab2932b341..0000000000 --- a/changes/bug24279 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (compilation, hardening): - - Fix a memory leak warning in one of the libevent-related - configuration tests that could occur when manually specifying - -fsanitize=address. Fixes bug 24279; bugfix on 0.3.0.2-alpha. - Found and patched by Alex Xu. diff --git a/changes/bug24313 b/changes/bug24313 deleted file mode 100644 index b927ec3ba6..0000000000 --- a/changes/bug24313 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes (security, hidden service v2): - - Fix a use-after-free error that could crash v2 Tor hidden services - when it failed to open circuits while expiring introductions - points. Fixes bug 24313; bugfix on 0.2.7.2-alpha. This - issue is also tracked as TROVE-2017-013 and CVE-2017-8823. diff --git a/changes/bug24345 b/changes/bug24345 deleted file mode 100644 index 22eb412514..0000000000 --- a/changes/bug24345 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (tests): - - Fix a unit test in one of the bridge-distribution test cases. - Fixes bug 24345; bugfix on 0.3.2.3-alpha. diff --git a/changes/bug24367 b/changes/bug24367 deleted file mode 100644 index 09ef3bb877..0000000000 --- a/changes/bug24367 +++ /dev/null @@ -1,13 +0,0 @@ - o Minor bugfixes (bridge clients, bootstrap): - - Retry directory downloads when we get our first bridge descriptor - during bootstrap or while reconnecting to the network. Keep retrying - every time we get a bridge descriptor, until we have a reachable bridge. - Fixes bug 24367; bugfix on 0.2.0.3-alpha. - - Stop delaying bridge descriptor fetches when we have cached bridge - descriptors. Instead, only delay bridge descriptor fetches when we - have at least one reachable bridge. - Fixes bug 24367; bugfix on 0.2.0.3-alpha. - - Stop delaying directory fetches when we have cached bridge descriptors. - Instead, only delay bridge descriptor fetches when all our bridges are - definitely unreachable. - Fixes bug 24367; bugfix on 0.2.0.3-alpha. diff --git a/changes/bug24424 b/changes/bug24424 deleted file mode 100644 index 63c2d39ba1..0000000000 --- a/changes/bug24424 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (portability): - - Tor now compiles correctly on arm64 with libseccomp-dev installed. - (It doesn't yet work with the sandbox enabled.) Closes ticket 24424. diff --git a/changes/bug24480 b/changes/bug24480 deleted file mode 100644 index 94e5b91a0c..0000000000 --- a/changes/bug24480 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (compilation): - - Fix a signed/unsigned comparison warning introduced by our - fix to TROVE-2017-009. Fixes bug 24480; bugfix on 0.2.5.16. diff --git a/changes/bug24502 b/changes/bug24502 deleted file mode 100644 index 3fa6fb58dd..0000000000 --- a/changes/bug24502 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (scheduler): - - Properly set the scheduler state of an unopened channel in the KIST - scheduler main loop. This prevents a harmless but annoying log warning. - Fixes bug 24502; bugfix on 0.3.2.4-alpha. diff --git a/changes/bug24590 b/changes/bug24590 deleted file mode 100644 index 77e039f8d2..0000000000 --- a/changes/bug24590 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (scheduler, KIST): - - Avoid a possible integer overflow when computing the available space on - the TCP buffer of a channel. This has no security implications but can - make KIST not behave properly by allowing more cells on a already - saturated connection. Fixes bug 24590; bugfix on 0.3.2.1-alpha. diff --git a/changes/bug24665 b/changes/bug24665 deleted file mode 100644 index f950d9dd01..0000000000 --- a/changes/bug24665 +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfixes (KIST, scheduler): - - The KIST scheduler did not correctly account for data already enqueued - in each connection's send socket buffer, particularly in cases when the - TCP/IP congestion window was reduced between scheduler calls. This - situation lead to excessive per-connection buffering in the kernel, and - a potential memory DoS. Fixes bug 24665; bugfix on 0.3.2.1-alpha. diff --git a/changes/bug24666 b/changes/bug24666 deleted file mode 100644 index 830775f5f6..0000000000 --- a/changes/bug24666 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes (memory usage): - - - When queuing DESTROY cells on a channel, only queue the - circuit-id and reason fields: not the entire 514-byte - cell. This fix should help mitigate any bugs or attacks that - fill up these queues, and free more RAM for other uses. Fixes - bug 24666; bugfix on 0.2.5.1-alpha. diff --git a/changes/bug24671 b/changes/bug24671 deleted file mode 100644 index 34d09e704d..0000000000 --- a/changes/bug24671 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (scheduler, KIST): - - Use a sane write limit for KISTLite when writing onto a connection - buffer instead of using INT_MAX and shoving as much as it can. Because - the OOM handler cleans up circuit queues, we are better off at keeping - them in that queue instead of the connection's buffer. Fixes bug 24671; - bugfix on 0.3.2.1-alpha. diff --git a/changes/feature18329 b/changes/feature18329 deleted file mode 100644 index 1dabf50244..0000000000 --- a/changes/feature18329 +++ /dev/null @@ -1,9 +0,0 @@ - o Minor features (bridge): - - Bridge relays can now set the BridgeDistribution config option to - add a "bridge-distribution-request" line to their bridge descriptor, - which tells BridgeDB how they'd like their bridge address to be - given out. (Note that as of Oct 2017, BridgeDB does not yet implement - this feature.) As a side benefit, this feature provides a way - to distinguish bridge descriptors from non-bridge descriptors. - Implements tickets 18329. - diff --git a/changes/geoip-2017-11-06 b/changes/geoip-2017-11-06 deleted file mode 100644 index f034be9006..0000000000 --- a/changes/geoip-2017-11-06 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (geoip): - - Update geoip and geoip6 to the November 6 2017 Maxmind GeoLite2 - Country database. - diff --git a/changes/geoip-2017-12-06 b/changes/geoip-2017-12-06 deleted file mode 100644 index ae4fb1149f..0000000000 --- a/changes/geoip-2017-12-06 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (geoip): - - Update geoip and geoip6 to the December 6 2017 Maxmind GeoLite2 - Country database. - diff --git a/changes/geoip-october2017 b/changes/geoip-october2017 deleted file mode 100644 index 11f623e85f..0000000000 --- a/changes/geoip-october2017 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (geoip): - - Update geoip and geoip6 to the October 4 2017 Maxmind GeoLite2 - Country database. - diff --git a/changes/hsdescv3_fuzz_more b/changes/hsdescv3_fuzz_more deleted file mode 100644 index 25626bb9a4..0000000000 --- a/changes/hsdescv3_fuzz_more +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (testing): - - Our fuzzing tests now test the encrypted portions of the - v3 hidden service descriptors. Implements more of 21509. diff --git a/changes/longclaw_23592 b/changes/longclaw_23592 deleted file mode 100644 index 91e2da8972..0000000000 --- a/changes/longclaw_23592 +++ /dev/null @@ -1,3 +0,0 @@ - o Directory authority changes: - - The directory authority "Longclaw" has changed its IP address. - Closes ticket 23592. diff --git a/changes/stack b/changes/stack deleted file mode 100644 index ffdf536cb9..0000000000 --- a/changes/stack +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes (correctness): - - Fix several places in our codebase where a C compiler would be likely - to eliminate a check, based on assuming that undefined behavior had not - happened elsewhere in the code. These cases are usually a sign of - redundant checking, or dubious arithmetic. Found by Georg Koppen using - the "STACK" tool from Wang, Zeldovich, Kaashoek, and - Solar-Lezama. Fixes bug 24423; bugfix on various Tor versions. diff --git a/changes/ticket21031 b/changes/ticket21031 deleted file mode 100644 index b081fb018f..0000000000 --- a/changes/ticket21031 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor features (removed deprecations): - - The ClientDNSRejectInternalAddresses flag can once again be set in - non-testing Tor networks, so long as they do not use the default - directory authorities. - This change also removes the deprecation of this - flag in 0.2.9.2-alpha. Closes ticket 21031. - diff --git a/changes/ticket23637 b/changes/ticket23637 deleted file mode 100644 index 0c524f34c3..0000000000 --- a/changes/ticket23637 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features (directory authority): - - Make the "Exit" flag assignment only depend on whether the exit - policy allows connections to ports 80 and 443. Previously relays - would get the Exit flag if they allowed connections to one of - these ports and also port 6667. Resolves ticket 23637. diff --git a/changes/ticket23856 b/changes/ticket23856 deleted file mode 100644 index 049da18d06..0000000000 --- a/changes/ticket23856 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor feature (relay statistics): - - Change relay bandwidth reporting stats interval from 4 hours to 24 hours - in order to reduce the efficiency of guard discovery attacks. Fixes - ticket 23856. diff --git a/changes/ticket23910 b/changes/ticket23910 deleted file mode 100644 index eb38fcf32f..0000000000 --- a/changes/ticket23910 +++ /dev/null @@ -1,3 +0,0 @@ - o Directory authority changes: - - Add bastet as a ninth directory authority to the default list. Closes - ticket 23910. diff --git a/changes/ticket24097 b/changes/ticket24097 deleted file mode 100644 index 36547a8ddb..0000000000 --- a/changes/ticket24097 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (logging): - - Downgrade a pair of log messages that could occur when an exit's - resolver gave us an unusual (but not forbidden) response. - Closes ticket 24097. diff --git a/changes/ticket24109 b/changes/ticket24109 deleted file mode 100644 index f66271817d..0000000000 --- a/changes/ticket24109 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (integration tests): - - Test that IPv6-only clients can use microdescriptors when running - "make test-network-all". Requires chutney master 61c28b9 or later. - Closes ticket 24109. diff --git a/changes/ticket24158 b/changes/ticket24158 deleted file mode 100644 index 3cdc06afae..0000000000 --- a/changes/ticket24158 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (logging): - Only log about no longer having KIST support once. Fixes bug 24158; bugfix - on 0.3.2 diff --git a/changes/ticket24254 b/changes/ticket24254 deleted file mode 100644 index 98d5d6bacd..0000000000 --- a/changes/ticket24254 +++ /dev/null @@ -1,3 +0,0 @@ - o Documentation: - Add notes in man page regarding OS support for the various scheduler types. - Attempt to use less jargon in the scheduler section. Closes ticket 24254. diff --git a/changes/ticket24315 b/changes/ticket24315 deleted file mode 100644 index df34dbf412..0000000000 --- a/changes/ticket24315 +++ /dev/null @@ -1,3 +0,0 @@ - o Major features (linux seccomp2 sandbox): - - Update the sandbox rules so that they should now work correctly with - Glibc 2.26. Closes ticket 24315. diff --git a/changes/ticket24425 b/changes/ticket24425 deleted file mode 100644 index aa6f082bcc..0000000000 --- a/changes/ticket24425 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (hidden service v3): - - Bump hsdir_spread_store parameter from 3 to 4 in order to increase the - probability of reaching a service for a client missing microdescriptors. - Fixes bug 24425; bugfix on 0.3.2.1-alpha. diff --git a/changes/ticket24500 b/changes/ticket24500 deleted file mode 100644 index b49b7a5551..0000000000 --- a/changes/ticket24500 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (logging): - - Provide better warnings when the getrandom() syscall fails. - Closes ticket 24500. diff --git a/changes/trove-2017-009 b/changes/trove-2017-009 deleted file mode 100644 index 166a5faec6..0000000000 --- a/changes/trove-2017-009 +++ /dev/null @@ -1,10 +0,0 @@ - o Major bugfixes (security): - - When checking for replays in the INTRODUCE1 cell data for a (legacy) - hiddden service, correctly detect replays in the RSA-encrypted part of - the cell. We were previously checking for replays on the entire cell, - but those can be circumvented due to the malleability of Tor's legacy - hybrid encryption. This fix helps prevent a traffic confirmation - attack. Fixes bug 24244; bugfix on 0.2.4.1-alpha. This issue is also - tracked as TROVE-2017-009 and CVE-2017-8819. - - diff --git a/changes/trove-2017-010 b/changes/trove-2017-010 deleted file mode 100644 index d5bf9333da..0000000000 --- a/changes/trove-2017-010 +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfixes (security): - - Fix a denial-of-service issue where an attacker could crash - a directory authority using a malformed router descriptor. - Fixes bug 24245; bugfix on 0.2.9.4-alpha. Also tracked - as TROVE-2017-010 and CVE-2017-8820. - diff --git a/changes/trove-2017-011 b/changes/trove-2017-011 deleted file mode 100644 index 82d20d9e78..0000000000 --- a/changes/trove-2017-011 +++ /dev/null @@ -1,8 +0,0 @@ - o Major bugfixes (security): - - Fix a denial of service bug where an attacker could use a malformed - directory object to cause a Tor instance to pause while OpenSSL would - try to read a passphrase from the terminal. (If the terminal was not - available, tor would continue running.) Fixes bug 24246; bugfix on - every version of Tor. Also tracked as TROVE-2017-011 and - CVE-2017-8821. Found by OSS-Fuzz as testcase 6360145429790720. - diff --git a/changes/trove-2017-012-part1 b/changes/trove-2017-012-part1 deleted file mode 100644 index 9fccc2cf65..0000000000 --- a/changes/trove-2017-012-part1 +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfixes (security, relay): - - When running as a relay, make sure that we never build a path through - ourselves, even in the case where we have somehow lost the version of - our descriptor appearing in the consensus. Fixes part of bug 21534; - bugfix on 0.2.0.1-alpha. This issue is also tracked as TROVE-2017-012 - and CVE-2017-8822. diff --git a/changes/trove-2017-012-part2 b/changes/trove-2017-012-part2 deleted file mode 100644 index ed994c5b02..0000000000 --- a/changes/trove-2017-012-part2 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes (security, relay): - - When running as a relay, make sure that we never ever choose ourselves - as a guard. Previously, this was possible. Fixes part of bug 21534; - bugfix on 0.3.0.1-alpha. This issue is also tracked as TROVE-2017-012 - and CVE-2017-8822. |