diff options
35 files changed, 188 insertions, 181 deletions
@@ -1,3 +1,191 @@ +Changes in version 0.2.8.3-alpha - 2016-05-2? + Tor 0.2.8.3-alpha resolves several bugs, most of them introduced over + the course of the 0.2.8 development cycle. It improves the behavior of + directory clients, fixes several crash bugs, fixes a gap in compiler + hardening, and allows the full integration test suite to run on + more platforms. + + o Major bugfixes (security, client, DNS proxy): + - Stop a crash that could occur when a client running with DNSPort + received a query with multiple address types, and the first + address type was not supported. Found and fixed by Scott Dial. + Fixes bug 18710; bugfix on 0.2.5.4-alpha. + + o Major bugfixes (security, compilation): + - Correctly detect compiler flags on systems where _FORTIFY_SOURCE + is predefined. Previously, our use of -D_FORTIFY_SOURCE would + cause a compiler warning, thereby making other checks fail, and + needlessly disabling compiler-hardening support. Fixes one case of + bug 18841; bugfix on 0.2.3.17-beta. Patch from "trudokal". + + o Major bugfixes (security, directory authorities): + - Fix a crash and out-of-bounds write during authority voting, when + the list of relays includes duplicate ed25519 identity keys. Fixes + bug 19032; bugfix on 0.2.8.2-alpha. + + o Major bugfixes (client, bootstrapping): + - Check if bootstrap consensus downloads are still needed when the + linked connection attaches. This prevents tor making unnecessary + begindir-style connections, which are the only directory + connections tor clients make since the fix for 18483 was merged. + - Fix some edge cases where consensus download connections may not + have been closed, even though they were not needed. Related to fix + for 18809. + - Make relays retry consensus downloads the correct number of times, + rather than the more aggressive client retry count. Fixes part of + ticket 18809. + - Stop downloading consensuses when we have a consensus, even if we + don't have all the certificates for it yet. Fixes bug 18809; + bugfix on 0.2.8.1-alpha. Patches by arma and teor. + + o Major bugfixes (directory mirrors): + - Decide whether to advertise begindir support in the the same way + we decide whether to advertise our DirPort. Allowing these + decisions to become out-of-sync led to surprising behavior like + advertising begindir support when hibernation made us not + advertise a DirPort. Resolves bug 18616; bugfix on 0.2.8.1-alpha. + Patch by teor. + + o Major bugfixes (IPv6 bridges, client): + - Actually use IPv6 addresses when selecting directory addresses for + IPv6 bridges. Fixes bug 18921; bugfix on 0.2.8.1-alpha. Patch + by "teor". + + o Major bugfixes (key management): + - If OpenSSL fails to generate an RSA key, do not retain a dangling + pointer to the previous (uninitialized) key value. The impact here + should be limited to a difficult-to-trigger crash, if OpenSSL is + running an engine that makes key generation failures possible, or + if OpenSSL runs out of memory. Fixes bug 19152; bugfix on + 0.2.1.10-alpha. Found by Yuan Jochen Kang, Suman Jana, and + Baishakhi Ray. + + o Major bugfixes (testing): + - Fix a bug that would block 'make test-network-all' on systems where + IPv6 packets were lost. Fixes bug 19008; bugfix on tor-0.2.7.3-rc. + + o Minor features (clients): + - Make clients, onion services, and bridge relays always use an + encrypted begindir connection for directory requests. Resolves + ticket 18483. Patch by "teor". + + o Minor features (fallback directory mirrors): + - Give each fallback the same weight for client selection; restrict + fallbacks to one per operator; report fallback directory detail + changes when rebuilding list; add new fallback directory mirrors + to the whitelist; update fallback directories based on the latest + OnionOO data; and any other minor simplifications and fixes. + Closes tasks 17158, 17905, 18749, bug 18689, and fixes part of bug + 18812 on 0.2.8.1-alpha; patch by "teor". + + o Minor features (geoip): + - Update geoip and geoip6 to the May 4 2016 Maxmind GeoLite2 + Country database. + + o Minor bugfixes (assert, portability): + - Fix an assertion failure in memarea.c on systems where "long" is + shorter than the size of a pointer. Fixes bug 18716; bugfix + on 0.2.1.1-alpha. + + o Minor bugfixes (bootstrap): + - Consistently use the consensus download schedule for authority + certificates. Fixes bug 18816; bugfix on 0.2.4.13-alpha. + + o Minor bugfixes (build): + - Remove a pair of redundant AM_CONDITIONAL declarations from + configure.ac. Fixes one final case of bug 17744; bugfix + on 0.2.8.2-alpha. + - Resolve warnings when building on systems that are concerned with + signed char. Fixes bug 18728; bugfix on 0.2.7.2-alpha + and 0.2.6.1-alpha. + - When libscrypt.h is found, but no libscrypt library can be linked, + treat libscrypt as absent. Fixes bug 19161; bugfix + on 0.2.6.1-alpha. + + o Minor bugfixes (client): + - Turn all TestingClientBootstrap* into non-testing torrc options. + This changes simply renames them by removing "Testing" in front of + them and they do not require TestingTorNetwork to be enabled + anymore. Fixes bug 18481; bugfix on 0.2.8.1-alpha. + - Make directory node selection more reliable, mainly for IPv6-only + clients and clients with few reachable addresses. Fixes bug 18929; + bugfix on 0.2.8.1-alpha. Patch by "teor". + + o Minor bugfixes (controller, microdescriptors): + - Make GETINFO dir/status-vote/current/consensus conform to the + control specification by returning "551 Could not open cached + consensus..." when not caching consensuses. Fixes bug 18920; + bugfix on 0.2.2.6-alpha. + + o Minor bugfixes (crypto, portability): + - The SHA3 and SHAKE routines now produce the correct output on Big + Endian systems. No code calls either algorithm yet, so this is + primarily a build fix. Fixes bug 18943; bugfix on 0.2.8.1-alpha. + - Tor now builds again with the recent OpenSSL 1.1 development + branch (tested against 1.1.0-pre4 and 1.1.0-pre5-dev). Closes + ticket 18286. + + o Minor bugfixes (directories): + - When fetching extrainfo documents, compare their SHA256 digests + and Ed25519 signing key certificates with the routerinfo that led + us to fetch them, rather than with the most recent routerinfo. + Otherwise we generate many spurious warnings about mismatches. + Fixes bug 17150; bugfix on 0.2.7.2-alpha. + + o Minor bugfixes (logging): + - When we can't generate a signing key because OfflineMasterKey is + set, do not imply that we should have been able to load it. Fixes + bug 18133; bugfix on 0.2.7.2-alpha. + - Stop periodic_event_dispatch() from blasting twelve lines per + second at loglevel debug. Fixes bug 18729; fix on 0.2.8.1-alpha. + - When rejecting a misformed INTRODUCE2 cell, only log at + PROTOCOL_WARN severity. Fixes bug 18761; bugfix on 0.2.8.2-alpha. + + o Minor bugfixes (pluggable transports): + - Avoid reporting a spurious error when we decide that we don't need + to terminate a pluggable transport because it has already exited. + Fixes bug 18686; bugfix on 0.2.5.5-alpha. + + o Minor bugfixes (pointer arithmetic): + - Fix a bug in memarea_alloc() that could have resulted in remote + heap write access, if Tor had ever passed an unchecked size to + memarea_alloc(). Fortunately, all the sizes we pass to + memarea_alloc() are pre-checked to be less than 128 kilobytes. + Fixes bug 19150; bugfix on 0.2.1.1-alpha. Bug found by + Guido Vranken. + + o Minor bugfixes (relays): + - Consider more config options when relays decide whether to + regenerate their descriptor. Fixes more of bug 12538; bugfix + on 0.2.8.1-alpha. + - Resolve some edge cases where we might launch an ORPort + reachability check even when DisableNetwork is set. Noticed while + fixing bug 18616; bugfix on 0.2.3.9-alpha. + + o Minor bugfixes (statistics): + - We now include consensus downloads via IPv6 in our directory- + request statistics. Fixes bug 18460; bugfix on 0.2.3.14-alpha. + + o Minor bugfixes (testing): + - Allow directories in small networks to bootstrap by skipping + DirPort checks when the consensus has no exits. Fixes bug 19003; + bugfix on 0.2.8.1-alpha. Patch by teor. + - Fix a small memory leak that would occur when the + TestingEnableCellStatsEvent option was turned on. Fixes bug 18673; + bugfix on 0.2.5.2-alpha. + + o Minor bugfixes (time handling): + - When correcting a corrupt 'struct tm' value, fill in the tm_wday + field. Otherwise, our unit tests crash on Windows. Fixes bug + 18977; bugfix on 0.2.2.25-alpha. + + o Documentation: + - Document the contents of the 'datadir/keys' subdirectory in the + manual page. Closes ticket 17621. + - Stop recommending use of nicknames to identify relays in our + MapAddress documentation. Closes ticket 18312. + + Changes in version 0.2.8.2-alpha - 2016-03-28 Tor 0.2.8.2-alpha is the second alpha in its series. It fixes numerous bugs in earlier versions of Tor, including some that prevented diff --git a/changes/bug17150 b/changes/bug17150 deleted file mode 100644 index 686cc34296..0000000000 --- a/changes/bug17150 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes (directory warnings): - - When fetching extrainfo documents, compare their SHA256 digests - and Ed25519 signing key certificates - with the routerinfo that led us to fetch them, rather than - with the most recent routerinfo. Otherwise we generate many - spurious warnings about mismatches. Fixes bug 17150; bugfix - on 0.2.7.2-alpha. diff --git a/changes/bug17744_redux b/changes/bug17744_redux deleted file mode 100644 index d61e17fec3..0000000000 --- a/changes/bug17744_redux +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (build): - - Remove a pair of redundant AM_CONDITIONAL declarations from - configure.ac. Fixes one final case of bug 17744; bugfix on - 0.2.8.2-alpha. - diff --git a/changes/bug18133 b/changes/bug18133 deleted file mode 100644 index 177d286495..0000000000 --- a/changes/bug18133 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (logging): - - When we can't generate a signing key because OfflineMasterKey is set, - do not imply that we should have been able to load it. - Fixes bug 18133; bugfix on 0.2.7.2-alpha. diff --git a/changes/bug18286 b/changes/bug18286 deleted file mode 100644 index e398fb004b..0000000000 --- a/changes/bug18286 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features (build): - - Tor now builds again with the recent OpenSSL 1.1 development branch - (tested against 1.1.0-pre4 and 1.1.0-pre5-dev). Closes ticket 18286. - - diff --git a/changes/bug18312 b/changes/bug18312 deleted file mode 100644 index 7dcb3266bf..0000000000 --- a/changes/bug18312 +++ /dev/null @@ -1,4 +0,0 @@ - o Documentation: - - Stop recommending use of nicknames to identify relays in our - MapAddress documentation. Closes ticket 18312. - diff --git a/changes/bug18460 b/changes/bug18460 deleted file mode 100644 index a8c1a19774..0000000000 --- a/changes/bug18460 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (statistics): - - We now include consensus downloads via IPv6 in our directory-request statistics. - Fixes bug 18460; bugfix on 0.2.3.14-alpha. - diff --git a/changes/bug18481 b/changes/bug18481 deleted file mode 100644 index 6fd882b36b..0000000000 --- a/changes/bug18481 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (client): - - Turn all TestingClientBootstrap* into non-testing torrc options. This - changes simply renames them by removing "Testing" in front of them and - they do not require TestingTorNetwork to be enabled anymore. Fixes - bug 18481; bugfix on 0.2.8.1-alpha. diff --git a/changes/bug18616 b/changes/bug18616 deleted file mode 100644 index ec59e846ed..0000000000 --- a/changes/bug18616 +++ /dev/null @@ -1,14 +0,0 @@ - o Major bugfixes (directory mirrors): - - Decide whether to advertise begindir support the same way we decide - whether to advertise our DirPort. These decisions being out of sync - led to surprising behavior like advertising begindir support when - our hibernation config options made us not advertise a DirPort. - Resolves bug 18616; bugfix on 0.2.8.1-alpha. Patch by teor. - - o Minor bugfixes: - - Consider more config options when relays decide whether to regenerate - their descriptor. Fixes more of bug 12538; bugfix on 0.2.8.1-alpha. - - Resolve some edge cases where we might launch an ORPort reachability - check even when DisableNetwork is set. Noticed while fixing bug - 18616; bugfix on 0.2.3.9-alpha. - diff --git a/changes/bug18673 b/changes/bug18673 deleted file mode 100644 index 5d6161718a..0000000000 --- a/changes/bug18673 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (memory leak): - - Fix a small memory leak that would occur when the - TestingEnableCellStatsEvent option was turned on. Fixes bug 18673; - bugfix on 0.2.5.2-alpha. diff --git a/changes/bug18686 b/changes/bug18686 deleted file mode 100644 index 23547d211d..0000000000 --- a/changes/bug18686 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (pluggable transports): - - Avoid reporting a spurious error when we decide that we don't - need to terminate a pluggable transport because it has already - exited. Fixes bug 18686; bugfix on 0.2.5.5-alpha. - diff --git a/changes/bug18710 b/changes/bug18710 deleted file mode 100644 index 269395563d..0000000000 --- a/changes/bug18710 +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfixes (DNS proxy): - - Stop a crash that could occur when a client running with DNSPort - received a query with multiple address types, where the first - address type was not supported. Found and fixed by Scott Dial. - Fixes bug 18710; bugfix on 0.2.5.4-alpha. - diff --git a/changes/bug18716 b/changes/bug18716 deleted file mode 100644 index b15a343f4c..0000000000 --- a/changes/bug18716 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (assert, portability): - - Fix an assertion failure in memarea.c on systems where "long" is - shorter than the size of a pointer. - Fixes bug 18716; bugfix on 0.2.1.1-alpha diff --git a/changes/bug18728 b/changes/bug18728 deleted file mode 100644 index e181c17e65..0000000000 --- a/changes/bug18728 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (build): - - Resolve warnings when building on systems that are concerned with - signed char. Fixes bug 18728; bugfix on 0.2.7.2-alpha and - 0.2.6.1-alpha. diff --git a/changes/bug18729 b/changes/bug18729 deleted file mode 100644 index 4ec9ca3254..0000000000 --- a/changes/bug18729 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (logging): - - Stop blasting twelve lines per second from periodic_event_dispatch() - at loglevel debug. Resolves ticket 18729; fix on 0.2.8.1-alpha. diff --git a/changes/bug18761 b/changes/bug18761 deleted file mode 100644 index 78500a88ea..0000000000 --- a/changes/bug18761 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor feature (logging): - - When rejecting a misformed INTRODUCE2 cell, only log at PROTOCOL_WARN - severity. Closes ticket 18761. diff --git a/changes/bug18809 b/changes/bug18809 deleted file mode 100644 index 1e151874b7..0000000000 --- a/changes/bug18809 +++ /dev/null @@ -1,16 +0,0 @@ - o Major bugfixes (bootstrap): - - Check if bootstrap consensus downloads are still needed - when the linked connection attaches. This prevents tor - making unnecessary begindir-style connections, which are - the only directory connections tor clients make since - the fix for 18483 was merged. - - Fix some edge cases where consensus download connections - may not have been closed, even though they were not needed. - Related to fix 18809. - - Make relays retry consensus downloads the correct number of - times, rather than the more aggressive client retry count. - Fixes part of ticket 18809. - - Stop downloading consensuses when we have a consensus, - even if we don't have all the certificates for it yet. - Fixes bug 18809; bugfix on 0.2.8.1-alpha. - Patches by arma and teor. diff --git a/changes/bug18816 b/changes/bug18816 deleted file mode 100644 index 103f816962..0000000000 --- a/changes/bug18816 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfix (bootstrap): - - Consistently use the consensus download schedule for - authority certificates. - Fixes bug 18816; bugfix on 0.2.4.13-alpha. diff --git a/changes/bug18841.1 b/changes/bug18841.1 deleted file mode 100644 index 205ee5a425..0000000000 --- a/changes/bug18841.1 +++ /dev/null @@ -1,7 +0,0 @@ - o Major bugfixes (compilation): - - Correctly detect compiler flags on systems where _FORTIFY_SOURCE - is predefined. Previously, our use of -D_FORTIFY_SOURCE would - cause a compiler warning, thereby making other checks fail. - Fixes one case of bug 18841; bugfix on 0.2.3.17-beta. Patch from - "trudokal". - diff --git a/changes/bug18920 b/changes/bug18920 deleted file mode 100644 index 1babfd6656..0000000000 --- a/changes/bug18920 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (controller, microdescriptors): - - Make GETINFO dir/status-vote/current/consensus conform to the control - specification by returning "551 Could not open cached consensus..." - when not caching consensuses. - Fixes bug 18920; bugfix on 0.2.2.6-alpha. diff --git a/changes/bug18921 b/changes/bug18921 deleted file mode 100644 index cdd868a005..0000000000 --- a/changes/bug18921 +++ /dev/null @@ -1,4 +0,0 @@ - o Major bugfixes (IPv6 bridges): - - Fix directory address selection for IPv6 bridges. - Fixes bug 18921; bugfix on 0.2.8.1-alpha. - Patch by "teor". diff --git a/changes/bug18929 b/changes/bug18929 deleted file mode 100644 index c607e630a6..0000000000 --- a/changes/bug18929 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (IPv6): - - Make directory node selection more reliable, mainly for - IPv6-only clients and clients with few reachable addresses. - Fixes bug 18929; bugfix on 0.2.8.1-alpha. - Patch by "teor". diff --git a/changes/bug18943 b/changes/bug18943 deleted file mode 100644 index 6bcd868460..0000000000 --- a/changes/bug18943 +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfixes (crypto, portability): - - The SHA3 and SHAKE routines now produce the correct output on - Big Endian systems, unbreaking the unit tests. No code calls - either algorithm family yet, so this is primarily a build fix. - Fixes bug 18943; bugfix on 0.2.8.1-alpha. - diff --git a/changes/bug18977 b/changes/bug18977 deleted file mode 100644 index 3f46b09fba..0000000000 --- a/changes/bug18977 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (time handling): - - When correcting a corrupt 'struct tm' value, fill in the tm_wday - field. Otherwise, our unit tests crash on Windows. - Fixes bug 18977; bugfix on 0.2.2.25-alpha. diff --git a/changes/bug19003 b/changes/bug19003 deleted file mode 100644 index ca94938ef9..0000000000 --- a/changes/bug19003 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (small networks): - - Allow directories in small networks to bootstrap by - skipping DirPort checks when the consensus has no exits. - Fixes bug 19003; bugfix on 0.2.8.1-alpha. - Patch by teor. diff --git a/changes/bug19008 b/changes/bug19008 deleted file mode 100644 index c51c98faa6..0000000000 --- a/changes/bug19008 +++ /dev/null @@ -1,3 +0,0 @@ - o Major bugfixes (testing): - - Fix a bug that would block 'make test-network-all' on systems - where IPv6 packets were lost. Fixes bug 19008; bugfix on tor-0.2.7.3-rc. diff --git a/changes/bug19032 b/changes/bug19032 deleted file mode 100644 index 93f17c2f91..0000000000 --- a/changes/bug19032 +++ /dev/null @@ -1,4 +0,0 @@ - o Major bugfixes (security, directory authorities): - - Fix a crash and out-of-bounds write during authority voting, when the - list of relays includes duplicate ed25519 identity keys. Fixes bug 19032; - bugfix on 0.2.8.2-alpha. diff --git a/changes/bug19161 b/changes/bug19161 deleted file mode 100644 index 78c2165308..0000000000 --- a/changes/bug19161 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (compilation): - - When libscrypt.h is found, but no libscrypt library can be linked, - treat libscrypt as absent. Fixes bug 19161; bugfix on 0.2.6.1-alpha. diff --git a/changes/doc17621 b/changes/doc17621 deleted file mode 100644 index ab37d29b50..0000000000 --- a/changes/doc17621 +++ /dev/null @@ -1,3 +0,0 @@ - o Documentation: - - Document the contents of the 'datadir/keys' subdirectory in the manual - page. Closes ticket 17621. diff --git a/changes/fallbacks-201604 b/changes/fallbacks-201604 deleted file mode 100644 index 7acefaaf08..0000000000 --- a/changes/fallbacks-201604 +++ /dev/null @@ -1,9 +0,0 @@ - o Minor features (fallback directory mirrors): - - Give each fallback the same weight for client selection; - restrict fallbacks to one per operator; - report fallback directory detail changes when rebuilding list; - add new fallback directory mirrors to the whitelist; - update fallback directories based on the latest OnionOO data; - and any other minor simplifications and fixes. - Closes tasks 17158, 17905, 18749, bug 18689, and fixes part of - bug 18812 on 0.2.8.1-alpha; patch by "teor". diff --git a/changes/feature18483 b/changes/feature18483 deleted file mode 100644 index d0fa8df58d..0000000000 --- a/changes/feature18483 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (clients): - - Make clients, onion services, and bridge relays always - use an encrypted begindir connection for directory requests. - Resolves ticket 18483. Patch by "teor". diff --git a/changes/geoip-april2016 b/changes/geoip-april2016 deleted file mode 100644 index c55aa179b5..0000000000 --- a/changes/geoip-april2016 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (geoip): - - Update geoip and geoip6 to the April 5 2016 Maxmind GeoLite2 - Country database. - diff --git a/changes/geoip-may2016 b/changes/geoip-may2016 deleted file mode 100644 index cf78ab10c7..0000000000 --- a/changes/geoip-may2016 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (geoip): - - Update geoip and geoip6 to the May 4 2016 Maxmind GeoLite2 - Country database. - diff --git a/changes/memarea_overflow b/changes/memarea_overflow deleted file mode 100644 index 8fdc38cc09..0000000000 --- a/changes/memarea_overflow +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes (pointer arithmetic): - - Fix a bug in memarea_alloc() that could have resulted in remote heap - write access, if Tor had ever passed an unchecked size to - memarea_alloc(). Fortunately, all the sizes we pass to memarea_alloc() - are pre-checked to be less than 128 kilobytes. Fixes bug 19150; bugfix - on 0.2.1.1-alpha. Bug found by Guido Vranken. - diff --git a/changes/rsa_init_bug b/changes/rsa_init_bug deleted file mode 100644 index 6b5fb4f2f9..0000000000 --- a/changes/rsa_init_bug +++ /dev/null @@ -1,7 +0,0 @@ - o Major bugfixes (key management): - - If OpenSSL fails to generate an RSA key, do not retain a dangling pointer - to the previous (uninitialized) key value. The impact here should be - limited to a difficult-to-trigger crash, if OpenSSL is running an - engine that makes key generation failures possible, or if OpenSSL runs - out of memory. Fixes bug 19152; bugfix on 0.2.1.10-alpha. Found by - Yuan Jochen Kang, Suman Jana, and Baishakhi Ray. |