aboutsummaryrefslogtreecommitdiff
path: root/ChangeLog
diff options
context:
space:
mode:
Diffstat (limited to 'ChangeLog')
-rw-r--r--ChangeLog535
1 files changed, 531 insertions, 4 deletions
diff --git a/ChangeLog b/ChangeLog
index d44ce316c7..ddfdd75dcb 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,530 @@
+Changes in version 0.4.1.9 - 2020-03-18
+ Tor 0.4.1.9 backports important fixes from later Tor releases,
+ including a fix for TROVE-2020-002, a major denial-of-service
+ vulnerability that affected all released Tor instances since
+ 0.2.1.5-alpha. Using this vulnerability, an attacker could cause Tor
+ instances to consume a huge amount of CPU, disrupting their operations
+ for several seconds or minutes. This attack could be launched by
+ anybody against a relay, or by a directory cache against any client
+ that had connected to it. The attacker could launch this attack as
+ much as they wanted, thereby disrupting service or creating patterns
+ that could aid in traffic analysis. This issue was found by OSS-Fuzz,
+ and is also tracked as CVE-2020-10592.
+
+ We do not have reason to believe that this attack is currently being
+ exploited in the wild, but nonetheless we advise everyone to upgrade
+ as soon as packages are available.
+
+ o Major bugfixes (security, denial-of-service, backport from 0.4.3.3-alpha):
+ - Fix a denial-of-service bug that could be used by anyone to
+ consume a bunch of CPU on any Tor relay or authority, or by
+ directories to consume a bunch of CPU on clients or hidden
+ services. Because of the potential for CPU consumption to
+ introduce observable timing patterns, we are treating this as a
+ high-severity security issue. Fixes bug 33119; bugfix on
+ 0.2.1.5-alpha. Found by OSS-Fuzz. We are also tracking this issue
+ as TROVE-2020-002 and CVE-2020-10592.
+
+ o Major bugfixes (circuit padding, memory leak, backport from 0.4.3.3-alpha):
+ - Avoid a remotely triggered memory leak in the case that a circuit
+ padding machine is somehow negotiated twice on the same circuit.
+ Fixes bug 33619; bugfix on 0.4.0.1-alpha. Found by Tobias Pulls.
+ This is also tracked as TROVE-2020-004 and CVE-2020-10593.
+
+ o Minor bugfixes (bridges, backport from 0.4.3.1-alpha):
+ - Lowercase the configured value of BridgeDistribution before adding
+ it to the descriptor. Fixes bug 32753; bugfix on 0.3.2.3-alpha.
+
+ o Minor bugfixes (logging, backport from 0.4.3.2-alpha):
+ - If we encounter a bug when flushing a buffer to a TLS connection,
+ only log the bug once per invocation of the Tor process.
+ Previously we would log with every occurrence, which could cause
+ us to run out of disk space. Fixes bug 33093; bugfix
+ on 0.3.2.2-alpha.
+
+ o Minor bugfixes (onion services v3, backport from 0.4.3.3-alpha):
+ - Fix an assertion failure that could result from a corrupted
+ ADD_ONION control port command. Found by Saibato. Fixes bug 33137;
+ bugfix on 0.3.3.1-alpha. This issue is also tracked
+ as TROVE-2020-003.
+
+ o Minor bugfixes (rust, build, backport from 0.4.3.2-alpha):
+ - Fix a syntax warning given by newer versions of Rust that was
+ creating problems for our continuous integration. Fixes bug 33212;
+ bugfix on 0.3.5.1-alpha.
+
+ o Testing (Travis CI, backport from 0.4.3.3-alpha):
+ - Remove a redundant distcheck job. Closes ticket 33194.
+ - Sort the Travis jobs in order of speed: putting the slowest jobs
+ first takes full advantage of Travis job concurrency. Closes
+ ticket 33194.
+ - Stop allowing the Chutney IPv6 Travis job to fail. This job was
+ previously configured to fast_finish (which requires
+ allow_failure), to speed up the build. Closes ticket 33195.
+ - When a Travis chutney job fails, use chutney's new "diagnostics.sh"
+ tool to produce detailed diagnostic output. Closes ticket 32792.
+
+
+Changes in version 0.4.1.8 - 2020-01-30
+ This release backports several bugfixes from later release series,
+ including some that had affected the Linux seccomp2 sandbox or Windows
+ services. If you're running with one of those configurations, you'll
+ probably want to upgrade; otherwise, you should be fine with your
+ current version of 0.4.1.x.
+
+ o Major bugfixes (linux seccomp sandbox, backport from 0.4.3.1-alpha):
+ - Correct how we use libseccomp. Particularly, stop assuming that
+ rules are applied in a particular order or that more rules are
+ processed after the first match. Neither is the case! In
+ libseccomp <2.4.0 this lead to some rules having no effect.
+ libseccomp 2.4.0 changed how rules are generated, leading to a
+ different ordering, which in turn led to a fatal crash during
+ startup. Fixes bug 29819; bugfix on 0.2.5.1-alpha. Patch by
+ Peter Gerber.
+ - Fix crash when reloading logging configuration while the
+ experimental sandbox is enabled. Fixes bug 32841; bugfix on
+ 0.4.1.7. Patch by Peter Gerber.
+
+ o Minor bugfixes (crash, backport form 0.4.2.4-rc):
+ - When running Tor with an option like --verify-config or
+ --dump-config that does not start the event loop, avoid crashing
+ if we try to exit early because of an error. Fixes bug 32407;
+ bugfix on 0.3.3.1-alpha.
+
+ o Minor bugfixes (windows service, backport from 0.4.3.1-alpha):
+ - Initialize the publish/subscribe system when running as a windows
+ service. Fixes bug 32778; bugfix on 0.4.1.1-alpha.
+
+ o Testing (backport from 0.4.3.1-alpha):
+ - Turn off Tor's Sandbox in Chutney jobs, and run those jobs on
+ Ubuntu Bionic. Turning off the Sandbox is a work-around, until we
+ fix the sandbox errors in 32722. Closes ticket 32240.
+ - Re-enable the Travis CI macOS Chutney build, but don't let it
+ prevent the Travis job from finishing. (The Travis macOS jobs are
+ slow, so we don't want to have it delay the whole CI process.)
+ Closes ticket 32629.
+
+ o Testing (continuous integration, backport from 0.4.3.1-alpha):
+ - Use zstd in our Travis Linux builds. Closes ticket 32242.
+
+
+Changes in version 0.4.1.7 - 2019-12-09
+ This release backports several bugfixes to improve stability and
+ correctness. Anyone experiencing build problems or crashes with 0.4.1.6,
+ including all relays relying on AccountingMax, should upgrade.
+
+ o Major features (directory authorities, backport from 0.4.2.2-alpha):
+ - Directory authorities now reject relays running all currently
+ deprecated release series. The currently supported release series
+ are: 0.2.9, 0.3.5, 0.4.0, 0.4.1, and 0.4.2. Closes ticket 31549.
+
+ o Major bugfixes (embedded Tor, backport from 0.4.2.2-alpha):
+ - Avoid a possible crash when restarting Tor in embedded mode and
+ enabling a different set of publish/subscribe messages. Fixes bug
+ 31898; bugfix on 0.4.1.1-alpha.
+
+ o Major bugfixes (relay, backport from 0.4.2.3-alpha):
+ - Relays now respect their AccountingMax bandwidth again. When
+ relays entered "soft" hibernation (which typically starts when
+ we've hit 90% of our AccountingMax), we had stopped checking
+ whether we should enter hard hibernation. Soft hibernation refuses
+ new connections and new circuits, but the existing circuits can
+ continue, meaning that relays could have exceeded their configured
+ AccountingMax. Fixes bug 32108; bugfix on 0.4.0.1-alpha.
+
+ o Major bugfixes (torrc parsing, backport from 0.4.2.2-alpha):
+ - Stop ignoring torrc options after an %include directive, when the
+ included directory ends with a file that does not contain any
+ config options (but does contain comments or whitespace). Fixes
+ bug 31408; bugfix on 0.3.1.1-alpha.
+
+ o Major bugfixes (v3 onion services, backport from 0.4.2.3-alpha):
+ - Onion services now always use the exact number of intro points
+ configured with the HiddenServiceNumIntroductionPoints option (or
+ fewer if nodes are excluded). Before, a service could sometimes
+ pick more intro points than configured. Fixes bug 31548; bugfix
+ on 0.3.2.1-alpha.
+
+ o Minor features (continuous integration, backport from 0.4.2.2-alpha):
+ - When building on Appveyor and Travis, pass the "-k" flag to make,
+ so that we are informed of all compilation failures, not just the
+ first one or two. Closes ticket 31372.
+
+ o Minor features (geoip, backport from 0.4.2.5):
+ - Update geoip and geoip6 to the December 3 2019 Maxmind GeoLite2
+ Country database. Closes ticket 32685.
+
+ o Minor bugfixes (Appveyor CI, backport from 0.4.2.2-alpha):
+ - Avoid spurious errors when Appveyor CI fails before the install step.
+ Fixes bug 31884; bugfix on 0.3.4.2-alpha.
+
+ o Minor bugfixes (client, onion service v3, backport from 0.4.2.4-rc):
+ - Fix a BUG() assertion that occurs within a very small race window
+ between when a client intro circuit opens and when its descriptor
+ gets cleaned up from the cache. The circuit is now closed early,
+ which will trigger a re-fetch of the descriptor and continue the
+ connection. Fixes bug 28970; bugfix on 0.3.2.1-alpha.
+
+ o Minor bugfixes (connections, backport from 0.4.2.3-rc):
+ - Avoid trying to read data from closed connections, which can cause
+ needless loops in Libevent and infinite loops in Shadow. Fixes bug
+ 30344; bugfix on 0.1.1.1-alpha.
+
+ o Minor bugfixes (error handling, backport from 0.4.2.1-alpha):
+ - On abort, try harder to flush the output buffers of log messages.
+ On some platforms (macOS), log messages could be discarded when
+ the process terminates. Fixes bug 31571; bugfix on 0.3.5.1-alpha.
+ - Report the tor version whenever an assertion fails. Previously, we
+ only reported the Tor version on some crashes, and some non-fatal
+ assertions. Fixes bug 31571; bugfix on 0.3.5.1-alpha.
+ - When tor aborts due to an error, close log file descriptors before
+ aborting. Closing the logs makes some OSes flush log file buffers,
+ rather than deleting buffered log lines. Fixes bug 31594; bugfix
+ on 0.2.5.2-alpha.
+
+ o Minor bugfixes (logging, backport from 0.4.2.2-alpha):
+ - Add a missing check for HAVE_PTHREAD_H, because the backtrace code
+ uses mutexes. Fixes bug 31614; bugfix on 0.2.5.2-alpha.
+ - Disable backtrace signal handlers when shutting down tor. Fixes
+ bug 31614; bugfix on 0.2.5.2-alpha.
+ - Rate-limit our the logging message about the obsolete .exit
+ notation. Previously, there was no limit on this warning, which
+ could potentially be triggered many times by a hostile website.
+ Fixes bug 31466; bugfix on 0.2.2.1-alpha.
+
+ o Minor bugfixes (logging, protocol violations, backport from 0.4.2.2-alpha):
+ - Do not log a nonfatal assertion failure when receiving a VERSIONS
+ cell on a connection using the obsolete v1 link protocol. Log a
+ protocol_warn instead. Fixes bug 31107; bugfix on 0.2.4.4-alpha.
+
+ o Minor bugfixes (mainloop, periodic events, in-process API, backport from 0.4.2.3-alpha):
+ - Reset the periodic events' "enabled" flag when Tor is shut down
+ cleanly. Previously, this flag was left on, which caused periodic
+ events not to be re-enabled when Tor was relaunched in-process
+ with tor_api.h after a shutdown. Fixes bug 32058; bugfix
+ on 0.3.3.1-alpha.
+
+ o Minor bugfixes (multithreading, backport from 0.4.2.2-alpha):
+ - Avoid some undefined behaviour when freeing mutexes. Fixes bug
+ 31736; bugfix on 0.0.7.
+
+ o Minor bugfixes (process management, backport from 0.4.2.3-alpha):
+ - Remove overly strict assertions that triggered when a pluggable
+ transport failed to launch. Fixes bug 31091; bugfix
+ on 0.4.0.1-alpha.
+ - Remove an assertion in the Unix process backend. This assertion
+ would trigger when we failed to find the executable for a child
+ process. Fixes bug 31810; bugfix on 0.4.0.1-alpha.
+
+ o Minor bugfixes (relay, backport from 0.4.2.2-alpha):
+ - Avoid crashing when starting with a corrupt keys directory where
+ the old ntor key and the new ntor key are identical. Fixes bug
+ 30916; bugfix on 0.2.4.8-alpha.
+
+ o Minor bugfixes (testing, backport from 0.4.2.3-alpha):
+ - When testing port rebinding, don't busy-wait for tor to log.
+ Instead, actually sleep for a short time before polling again.
+ Also improve the formatting of control commands and log messages.
+ Fixes bug 31837; bugfix on 0.3.5.1-alpha.
+
+ o Minor bugfixes (tests, SunOS, backport from 0.4.2.2-alpha):
+ - Avoid a map_anon_nofork test failure due to a signed/unsigned
+ integer comparison. Fixes bug 31897; bugfix on 0.4.1.1-alpha.
+
+ o Minor bugfixes (tls, logging, backport from 0.4.2.3-alpha):
+ - Log bugs about the TLS read buffer's length only once, rather than
+ filling the logs with similar warnings. Fixes bug 31939; bugfix
+ on 0.3.0.4-rc.
+
+ o Documentation (backport from 0.4.2.2-alpha):
+ - Explain why we can't destroy the backtrace buffer mutex. Explain
+ why we don't need to destroy the log mutex. Closes ticket 31736.
+
+ o Testing (continuous integration, backport from 0.4.2.3-alpha):
+ - Disable all but one Travis CI macOS build, to mitigate slow
+ scheduling of Travis macOS jobs. Closes ticket 32177.
+ - Run the chutney IPv6 networks as part of Travis CI. Closes
+ ticket 30860.
+ - Simplify the Travis CI build matrix, and optimise for build time.
+ Closes ticket 31859.
+ - Use Windows Server 2019 instead of Windows Server 2016 in our
+ Appveyor builds. Closes ticket 32086.
+
+ o Testing (continuous integration, backport from 0.4.2.4-rc):
+ - In Travis, use Xcode 11.2 on macOS 10.14. Closes ticket 32241.
+ - Use Ubuntu Bionic images for our Travis CI builds, so we can get a
+ recent version of coccinelle. But leave chutney on Ubuntu Trusty,
+ until we can fix some Bionic permissions issues (see ticket
+ 32240). Related to ticket 31919.
+ - Install the mingw OpenSSL package in Appveyor. This makes sure
+ that the OpenSSL headers and libraries match in Tor's Appveyor
+ builds. (This bug was triggered by an Appveyor image update.)
+ Fixes bug 32449; bugfix on 0.3.5.6-rc.
+
+ o Testing (continuous integration, backport from 0.4.2.5):
+ - Require C99 standards-conforming code in Travis CI, but allow GNU gcc
+ extensions. Also activates clang's -Wtypedef-redefinition warnings.
+ Build some jobs with -std=gnu99, and some jobs without.
+ Closes ticket 32500.
+
+
+Changes in version 0.4.1.6 - 2019-09-19
+ This release backports several bugfixes to improve stability and
+ correctness. Anyone experiencing build problems or crashes with 0.4.1.5,
+ or experiencing reliability issues with single onion services, should
+ upgrade.
+
+ o Major bugfixes (crash, Linux, Android, backport from 0.4.2.1-alpha):
+ - Tolerate systems (including some Android installations) where
+ madvise and MADV_DONTDUMP are available at build-time, but not at
+ run time. Previously, these systems would notice a failed syscall
+ and abort. Fixes bug 31570; bugfix on 0.4.1.1-alpha.
+ - Tolerate systems (including some Linux installations) where
+ madvise and/or MADV_DONTFORK are available at build-time, but not
+ at run time. Previously, these systems would notice a failed
+ syscall and abort. Fixes bug 31696; bugfix on 0.4.1.1-alpha.
+
+ o Minor features (stem tests, backport from 0.4.2.1-alpha):
+ - Change "make test-stem" so it only runs the stem tests that use
+ tor. This change makes test-stem faster and more reliable. Closes
+ ticket 31554.
+
+ o Minor bugfixes (build system, backport form 0.4.2.1-alpha):
+ - Do not include the deprecated <sys/sysctl.h> on Linux or Windows
+ systems. Fixes bug 31673; bugfix on 0.2.5.4-alpha.
+
+ o Minor bugfixes (compilation, backport from 0.4.2.1-alpha):
+ - Add more stub functions to fix compilation on Android with link-
+ time optimization when --disable-module-dirauth is used.
+ Previously, these compilation settings would make the compiler
+ look for functions that didn't exist. Fixes bug 31552; bugfix
+ on 0.4.1.1-alpha.
+ - Suppress spurious float-conversion warnings from GCC when calling
+ floating-point classifier functions on FreeBSD. Fixes part of bug
+ 31687; bugfix on 0.3.1.5-alpha.
+
+ o Minor bugfixes (controller protocol):
+ - Fix the MAPADDRESS controller command to accept one or more
+ arguments. Previously, it required two or more arguments, and ignored
+ the first. Fixes bug 31772; bugfix on 0.4.1.1-alpha.
+
+ o Minor bugfixes (FreeBSD, PF-based proxy, IPv6, backport from 0.4.2.1-alpha):
+ - When extracting an IPv6 address from a PF-based proxy, verify that
+ we are actually configured to receive an IPv6 address, and log an
+ internal error if not. Fixes part of bug 31687; bugfix
+ on 0.2.3.4-alpha.
+
+ o Minor bugfixes (guards, backport from 0.4.2.1-alpha):
+ - When tor is missing descriptors for some primary entry guards,
+ make the log message less alarming. It's normal for descriptors to
+ expire, as long as tor fetches new ones soon after. Fixes bug
+ 31657; bugfix on 0.3.3.1-alpha.
+
+ o Minor bugfixes (logging, backport from 0.4.2.1-alpha):
+ - Change log level of message "Hash of session info was not as
+ expected" to LOG_PROTOCOL_WARN. Fixes bug 12399; bugfix
+ on 0.1.1.10-alpha.
+
+ o Minor bugfixes (rust, backport from 0.4.2.1-alpha):
+ - Correctly exclude a redundant rust build job in Travis. Fixes bug
+ 31463; bugfix on 0.3.5.4-alpha.
+
+ o Minor bugfixes (v2 single onion services, backport from 0.4.2.1-alpha):
+ - Always retry v2 single onion service intro and rend circuits with
+ a 3-hop path. Previously, v2 single onion services used a 3-hop
+ path when rendezvous circuits were retried after a remote or
+ delayed failure, but a 1-hop path for immediate retries. Fixes bug
+ 23818; bugfix on 0.2.9.3-alpha.
+
+ o Minor bugfixes (v3 single onion services, backport from 0.4.2.1-alpha):
+ - Always retry v3 single onion service intro and rend circuits with
+ a 3-hop path. Previously, v3 single onion services used a 3-hop
+ path when rend circuits were retried after a remote or delayed
+ failure, but a 1-hop path for immediate retries. Fixes bug 23818;
+ bugfix on 0.3.2.1-alpha.
+ - Make v3 single onion services fall back to a 3-hop intro, when all
+ intro points are unreachable via a 1-hop path. Previously, v3
+ single onion services failed when all intro nodes were unreachable
+ via a 1-hop path. Fixes bug 23507; bugfix on 0.3.2.1-alpha.
+
+ o Documentation (backport from 0.4.2.1-alpha):
+ - Use RFC 2397 data URL scheme to embed an image into tor-exit-
+ notice.html so that operators no longer have to host it
+ themselves. Closes ticket 31089.
+
+
+Changes in version 0.4.1.5 - 2019-08-20
+ This is the first stable release in the 0.4.1.x series. This series
+ adds experimental circuit-level padding, authenticated SENDME cells to
+ defend against certain attacks, and several performance improvements
+ to save on CPU consumption. It fixes bugs in bootstrapping and v3
+ onion services. It also includes numerous smaller features and
+ bugfixes on earlier versions.
+
+ Per our support policy, we will support the 0.4.1.x series for nine
+ months, or until three months after the release of a stable 0.4.2.x:
+ whichever is longer. If you need longer-term support, please stick
+ with 0.3.5.x, which will we plan to support until Feb 2022.
+
+ Below are the changes since 0.4.1.4-rc. For a complete list of changes
+ since 0.4.0.5, see the ReleaseNotes file.
+
+ o Directory authority changes:
+ - The directory authority "dizum" has a new IP address. Closes
+ ticket 31406.
+
+ o Minor features (circuit padding logging):
+ - Demote noisy client-side warn logs about circuit padding to
+ protocol warnings. Add additional log messages and circuit ID
+ fields to help with bug 30992 and any other future issues.
+
+ o Minor bugfixes (circuit padding negotiation):
+ - Bump the circuit padding protocol version to explicitly signify
+ that the HS setup machine support is finalized in 0.4.1.x-stable.
+ This also means that 0.4.1.x-alpha clients will not negotiate
+ padding with 0.4.1.x-stable relays, and 0.4.1.x-stable clients
+ will not negotiate padding with 0.4.1.x-alpha relays (or 0.4.0.x
+ relays). Fixes bug 31356; bugfix on 0.4.1.1-alpha.
+
+ o Minor bugfixes (circuit padding):
+ - Ignore non-padding cells on padding circuits. This addresses
+ various warning messages from subsystems that were not expecting
+ padding circuits. Fixes bug 30942; bugfix on 0.4.1.1-alpha.
+
+ o Minor bugfixes (clock skew detection):
+ - Don't believe clock skew results from NETINFO cells that appear to
+ arrive before we sent the VERSIONS cells they are responding to.
+ Previously, we would accept them up to 3 minutes "in the past".
+ Fixes bug 31343; bugfix on 0.2.4.4-alpha.
+
+ o Minor bugfixes (compatibility, standards compliance):
+ - Fix a bug that would invoke undefined behavior on certain
+ operating systems when trying to asprintf() a string exactly
+ INT_MAX bytes long. We don't believe this is exploitable, but it's
+ better to fix it anyway. Fixes bug 31001; bugfix on 0.2.2.11-alpha.
+ Found and fixed by Tobias Stoeckmann.
+
+ o Minor bugfixes (compilation warning):
+ - Fix a compilation warning on Windows about casting a function
+ pointer for GetTickCount64(). Fixes bug 31374; bugfix
+ on 0.2.9.1-alpha.
+
+ o Minor bugfixes (compilation):
+ - Avoid using labs() on time_t, which can cause compilation warnings
+ on 64-bit Windows builds. Fixes bug 31343; bugfix on 0.2.4.4-alpha.
+
+ o Minor bugfixes (distribution):
+ - Do not ship any temporary files found in the
+ scripts/maint/practracker directory. Fixes bug 31311; bugfix
+ on 0.4.1.1-alpha.
+
+ o Testing (continuous integration):
+ - In Travis, make stem log a controller trace to the console, and
+ tail stem's tor log after failure. Closes ticket 30591.
+ - In Travis, only run the stem tests that use a tor binary. Closes
+ ticket 30694.
+
+
+Changes in version 0.4.1.4-rc - 2019-07-25
+ Tor 0.4.1.4-rc fixes a few bugs from previous versions of Tor, and
+ updates to a new list of fallback directories. If no new bugs are
+ found, the next release in the 0.4.1.x serious should be stable.
+
+ o Major bugfixes (circuit build, guard):
+ - When considering upgrading circuits from "waiting for guard" to
+ "open", always ignore circuits that are marked for close. Otherwise,
+ we can end up in the situation where a subsystem is notified that
+ a closing circuit has just opened, leading to undesirable
+ behavior. Fixes bug 30871; bugfix on 0.3.0.1-alpha.
+
+ o Minor features (continuous integration):
+ - Our Travis configuration now uses Chutney to run some network
+ integration tests automatically. Closes ticket 29280.
+
+ o Minor features (fallback directory list):
+ - Replace the 157 fallbacks originally introduced in Tor 0.3.5.6-rc
+ in December 2018 (of which ~122 were still functional), with a
+ list of 148 fallbacks (70 new, 78 existing, 79 removed) generated
+ in June 2019. Closes ticket 28795.
+
+ o Minor bugfixes (circuit padding):
+ - On relays, properly check that a padding machine is absent before
+ logging a warning about it being absent. Fixes bug 30649; bugfix
+ on 0.4.0.1-alpha.
+ - Add two NULL checks in unreachable places to silence Coverity (CID
+ 144729 and 1447291) and better future-proof ourselves. Fixes bug
+ 31024; bugfix on 0.4.1.1-alpha.
+
+ o Minor bugfixes (crash on exit):
+ - Avoid a set of possible code paths that could try to use freed
+ memory in routerlist_free() while Tor was exiting. Fixes bug
+ 31003; bugfix on 0.1.2.2-alpha.
+
+ o Minor bugfixes (logging):
+ - Fix a conflict between the flag used for messaging-domain log
+ messages, and the LD_NO_MOCK testing flag. Fixes bug 31080; bugfix
+ on 0.4.1.1-alpha.
+
+ o Minor bugfixes (memory leaks):
+ - Fix a trivial memory leak when parsing an invalid value from a
+ download schedule in the configuration. Fixes bug 30894; bugfix
+ on 0.3.4.1-alpha.
+
+ o Code simplification and refactoring:
+ - Remove some dead code from circpad_machine_remove_token() to fix
+ some Coverity warnings (CID 1447298). Fixes bug 31027; bugfix
+ on 0.4.1.1-alpha.
+
+
+Changes in version 0.4.1.3-alpha - 2019-06-25
+ Tor 0.4.1.3-alpha resolves numerous bugs left over from the previous
+ alpha, most of them from earlier release series.
+
+ o Major bugfixes (Onion service reachability):
+ - Properly clean up the introduction point map when circuits change
+ purpose from onion service circuits to pathbias, measurement, or
+ other circuit types. This should fix some service-side instances
+ of introduction point failure. Fixes bug 29034; bugfix
+ on 0.3.2.1-alpha.
+
+ o Minor features (geoip):
+ - Update geoip and geoip6 to the June 10 2019 Maxmind GeoLite2
+ Country database. Closes ticket 30852.
+
+ o Minor features (logging):
+ - Give a more useful assertion failure message if we think we have
+ minherit() but we fail to make a region non-inheritable. Give a
+ compile-time warning if our support for minherit() is incomplete.
+ Closes ticket 30686.
+
+ o Minor bugfixes (circuit isolation):
+ - Fix a logic error that prevented the SessionGroup sub-option from
+ being accepted. Fixes bug 22619; bugfix on 0.2.7.2-alpha.
+
+ o Minor bugfixes (continuous integration):
+ - Allow the test-stem job to fail in Travis, because it sometimes
+ hangs. Fixes bug 30744; bugfix on 0.3.5.4-alpha.
+ - Skip test_rebind on macOS in Travis, because it is unreliable on
+ macOS on Travis. Fixes bug 30713; bugfix on 0.3.5.1-alpha.
+ - Skip test_rebind when the TOR_SKIP_TEST_REBIND environment
+ variable is set. Fixes bug 30713; bugfix on 0.3.5.1-alpha.
+
+ o Minor bugfixes (directory authorities):
+ - Stop crashing after parsing an unknown descriptor purpose
+ annotation. We think this bug can only be triggered by modifying a
+ local file. Fixes bug 30781; bugfix on 0.2.0.8-alpha.
+
+ o Minor bugfixes (pluggable transports):
+ - When running as a bridge with pluggable transports, always publish
+ pluggable transport information in our extrainfo descriptor, even
+ if ExtraInfoStatistics is 0. This information is needed by
+ BridgeDB. Fixes bug 30956; bugfix on 0.4.1.1-alpha.
+
+ o Documentation:
+ - Mention URLs for Travis/Appveyor/Jenkins in ReleasingTor.md.
+ Closes ticket 30630.
+
+
Changes in version 0.4.1.2-alpha - 2019-06-06
Tor 0.4.1.2-alpha resolves numerous bugs--some of them from the
previous alpha, and some much older. It also contains minor testing
@@ -134,7 +661,7 @@ Changes in version 0.4.1.1-alpha - 2019-05-22
circuits. This feature is only enabled when also supported by the
circuit's middle node. (Clients may specify fixed middle nodes
with the MiddleNodes option, and may force-disable this feature
- with the CircuitPadding torrc.) Closes ticket 28634.
+ with the CircuitPadding option.) Closes ticket 28634.
o Major features (code organization):
- Tor now includes a generic publish-subscribe message-passing
@@ -318,7 +845,7 @@ Changes in version 0.4.1.1-alpha - 2019-05-22
o Minor bugfixes (directory authority, ipv6):
- Directory authorities with IPv6 support now always mark themselves
- as reachable via IPv6. Fixes bug 24338; bugfix on 0.4.0.2-alpha.
+ as reachable via IPv6. Fixes bug 24338; bugfix on 0.2.4.1-alpha.
Patch by Neel Chauhan.
o Minor bugfixes (documentation):
@@ -356,7 +883,7 @@ Changes in version 0.4.1.1-alpha - 2019-05-22
Neel Chauhan.
- When relaunching a circuit to a rendezvous service, mark the
circuit as needing high-uptime routers as appropriate. Fixes bug
- 17357; bugfix on 0.4.0.2-alpha. Patch by Neel Chauhan.
+ 17357; bugfix on 0.1.0.1-rc. Patch by Neel Chauhan.
- Stop ignoring IPv6 link specifiers sent to v3 onion services.
(IPv6 support for v3 onion services is still incomplete: see
ticket 23493 for details.) Fixes bug 23588; bugfix on
@@ -1290,7 +1817,7 @@ Changes in version 0.4.0.1-alpha - 2019-01-18
we had added up the sum of all nodes with a descriptor, but that
could cause us to build failing circuits when we had either too
many bridges or not enough guard nodes. Fixes bug 25885; bugfix on
- 0.3.6.1-alpha. Patch by Neel Chauhan.
+ 0.2.3.1-alpha. Patch by Neel Chauhan.
o Minor bugfixes (IPv6):
- Fix tor_ersatz_socketpair on IPv6-only systems. Previously, the
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion