diff options
Diffstat (limited to 'changes')
160 files changed, 405 insertions, 408 deletions
diff --git a/changes/.dummy b/changes/.dummy new file mode 100644 index 0000000000..dd9738feb2 --- /dev/null +++ b/changes/.dummy @@ -0,0 +1,37 @@ +This file is here to keep git from removing the changes directory when +all the changes files have been merged. + + + + + + + + + + + + + + + + + + + + + + + + +"I'm Nobody! Who are you? + Are you--Nobody--too? + Then there's a pair of us! + Don’t tell! they'd advertise--you know! + + How dreary--to be--Somebody! + How public--like a Frog-- + To tell one's name--the livelong June-- + To an admiring Bog!" + -- Emily Dickinson + diff --git a/changes/13295 b/changes/13295 deleted file mode 100644 index 433432595f..0000000000 --- a/changes/13295 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - Disable sandbox name resolver cache when running tor-resolve: - tor-resolve doesn't use the sandbox code, and turning it on was - breaking attempts to do tor-resolve on a non-default server on - Linux. Fixes bug 13295; bugfix on 0.2.5.3-alpha. diff --git a/changes/asciidoc-UTC b/changes/asciidoc-UTC new file mode 100644 index 0000000000..21fbfc1d67 --- /dev/null +++ b/changes/asciidoc-UTC @@ -0,0 +1,4 @@ + o Minor bugfixes (build): + - When building manual pages, set the timezone to "UTC", so that the + output is reproducible. Fixes bug 19558; bugfix on 0.2.2.9-alpha. + Patch from intrigeri. diff --git a/changes/bastet_v6 b/changes/bastet_v6 new file mode 100644 index 0000000000..ee4e2c8094 --- /dev/null +++ b/changes/bastet_v6 @@ -0,0 +1,4 @@ + o Minor features (directory authority): + - Add an IPv6 address for the "bastet" directory authority. + Closes ticket 24394. + diff --git a/changes/broken-028-fallbacks b/changes/broken-028-fallbacks new file mode 100644 index 0000000000..698fd6e37a --- /dev/null +++ b/changes/broken-028-fallbacks @@ -0,0 +1,3 @@ + o Minor feature (fallback directories): + - Remove broken fallbacks from the hard-coded fallback directory list. + Closes ticket 20190; patch by teor. diff --git a/changes/bug20384 b/changes/buf-sentinel index 591015ad94..7c5b829c19 100644 --- a/changes/bug20384 +++ b/changes/buf-sentinel @@ -1,10 +1,11 @@ o Major features (security fixes): + - Prevent a class of security bugs caused by treating the contents - of a buffer chunk as if they were a NUL-terminated string. At + of a buffer chunk as if they were a NUL-terminated string. At least one such bug seems to be present in all currently used versions of Tor, and would allow an attacker to remotely crash most Tor instances, especially those compiled with extra compiler hardening. With this defense in place, such bugs can't crash Tor, - though we should still fix them as they occur. Closes ticket - 20384 (TROVE-2016-10-001). + though we should still fix them as they occur. Closes ticket 20384 + (TROVE-2016-10-001). diff --git a/changes/bufferevent_compilation b/changes/bufferevent_compilation deleted file mode 100644 index 3a328731fe..0000000000 --- a/changes/bufferevent_compilation +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes: - - Fix compilation when building with bufferevents enabled. (This - configuration is still not expected to work, however.) - Fixes bugs 12438, 12474, 11578; bugfixes on 0.2.5.1-alpha and - 0.2.5.3-alpha. Patches from Anthony G. Basile and Sathyanarayanan - Gunasekaran. diff --git a/changes/bug1038-3 b/changes/bug1038-3 deleted file mode 100644 index 5af4afa46f..0000000000 --- a/changes/bug1038-3 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes: - - Warn and drop the circuit if we receive an inbound 'relay early' - cell. Those used to be normal to receive on hidden service circuits - due to bug 1038, but the buggy Tor versions are long gone from - the network so we can afford to resume watching for them. Resolves - the rest of bug 1038; bugfix on 0.2.1.19. diff --git a/changes/bug11200-caching b/changes/bug11200-caching deleted file mode 100644 index e3fbaeca73..0000000000 --- a/changes/bug11200-caching +++ /dev/null @@ -1,7 +0,0 @@ - o Major bugfixes: - - When Tor starts with DisabledNetwork set, it would correctly - conclude that it shouldn't try making circuits, but it would - mistakenly cache this conclusion and continue believing it even - when DisableNetwork is set to 0. Fixes the bug introduced by the - fix for bug 11200; bugfix on 0.2.5.4-alpha. - diff --git a/changes/bug12160 b/changes/bug12160 deleted file mode 100644 index 2a7ace3410..0000000000 --- a/changes/bug12160 +++ /dev/null @@ -1,4 +0,0 @@ - o Bugfixes - - Correctly update the local mark on the controlling channel when changing - the address of an or_connection_t after the handshake. Fixes bug #12160; - bugfix on 0.2.4.4-alpha. diff --git a/changes/bug12602 b/changes/bug12602 deleted file mode 100644 index 29fa49ac45..0000000000 --- a/changes/bug12602 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (portability): - - Compile correctly with builds and forks of OpenSSL (such as - LibreSSL) that disable compression. Fixes bug 12602; bugfix on - 0.2.1.1-alpha. Patch from "dhill". - diff --git a/changes/bug12700 b/changes/bug12700 deleted file mode 100644 index 1d8caeb8bd..0000000000 --- a/changes/bug12700 +++ /dev/null @@ -1,10 +0,0 @@ - o Minor bugfixes: - - When logging information about an EXTEND2 or EXTENDED2 cell, log - their names correctly. Fixes part of bug 12700; bugfix on - 0.2.4.8-alpha. - - o Minor bugfixes: - - When logging information about a relay cell whose command we - don't recognize, log its command as an integer. Fixes part of - bug 12700; bugfix on 0.2.1.10-alpha. - diff --git a/changes/bug12718 b/changes/bug12718 deleted file mode 100644 index 0c5f708446..0000000000 --- a/changes/bug12718 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - Correct a confusing error message when trying to extend a circuit - via the control protocol but we don't know a descriptor or - microdescriptor for one of the specified relays. Fixes bug 12718; - bugfix on 0.2.3.1-alpha. diff --git a/changes/bug12730-systemd-verify-config b/changes/bug12730-systemd-verify-config deleted file mode 100644 index 221633c78e..0000000000 --- a/changes/bug12730-systemd-verify-config +++ /dev/null @@ -1,3 +0,0 @@ - o Distribution: - - Verify configuration file via ExecStartPre in the systemd unit file. - Patch from intrigeri; resolves ticket 12730. diff --git a/changes/bug12731-systemd-no-run-as-daemon b/changes/bug12731-systemd-no-run-as-daemon deleted file mode 100644 index f92e5aff00..0000000000 --- a/changes/bug12731-systemd-no-run-as-daemon +++ /dev/null @@ -1,9 +0,0 @@ - o Distribution: - - Explicitly disable RunAsDaemon in the systemd unit file. - Our current systemd unit uses "Type = simple", so systemd does - not expect tor to fork. If the user has "RunAsDaemon 1" in their - torrc, then things won't work as expected. This is e.g. the case - on Debian (and derivatives), since there we pass - "--defaults-torrc /usr/share/tor/tor-service-defaults-torrc" - (that contains "RunAsDaemon 1") by default. - Patch by intrigeri; resolves ticket 12731. diff --git a/changes/bug12830 b/changes/bug12830 deleted file mode 100644 index 835ebe2fa7..0000000000 --- a/changes/bug12830 +++ /dev/null @@ -1,4 +0,0 @@ - o Documentation: - - Adjust the URLs in the README to refer to the new locations of - several documents on the website. Patch from Matt Pagan. Fixes - bug 12830. diff --git a/changes/bug12848 b/changes/bug12848 deleted file mode 100644 index 7aa79c395e..0000000000 --- a/changes/bug12848 +++ /dev/null @@ -1,4 +0,0 @@ - o Major bugfixes (relay): - - Avoid queuing or sending destroy cells for circuit ID zero when - we fail to send a CREATE cell. Fixes bug 12848; bugfix on - 0.0.8pre1. Found and fixed by "cypherpunks". diff --git a/changes/bug12864 b/changes/bug12864 deleted file mode 100644 index 79e751f427..0000000000 --- a/changes/bug12864 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes: - - Restore the functionality of CookieAuthFileGroupReadable. Fixes bug - 12864; bugfix on 0.2.5.1-alpha. - - o Minor features: - - Add an ExtORPortCookieAuthFileGroupReadable option to make the - cookie file for the ExtORPort g+r by default. diff --git a/changes/bug12878 b/changes/bug12878 deleted file mode 100644 index a05fc446b9..0000000000 --- a/changes/bug12878 +++ /dev/null @@ -1,3 +0,0 @@ - o Documentation: - - Document 'reject6' and 'accept6' ExitPolicy entries. Resolves - ticket 12878. diff --git a/changes/bug12908 b/changes/bug12908 deleted file mode 100644 index bd6784cbd2..0000000000 --- a/changes/bug12908 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - Warn about attempts to run hidden services and relays in the - same process: that's probably not a good idea. Closes ticket - 12908. diff --git a/changes/bug12948 b/changes/bug12948 deleted file mode 100644 index 431c0a1019..0000000000 --- a/changes/bug12948 +++ /dev/null @@ -1,8 +0,0 @@ - o Major bugfixes: - - Resume expanding abbreviations for command-line options. The fix - for bug 4647 accidentally removed our hack from bug 586 that rewrote - HashedControlPassword to __HashedControlSessionPassword when it - appears on the commandline (which allowed the user to set her - own HashedControlPassword in the torrc file while the controller - generates a fresh session password for each run). Fixes bug 12948; - bugfix on 0.2.5.1-alpha. diff --git a/changes/bug12996 b/changes/bug12996 deleted file mode 100644 index 4b4fb0dceb..0000000000 --- a/changes/bug12996 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - Downgrade "Unexpected onionskin length after decryption" warning - to a protocol-warn, since there's nothing relay operators can do - about a client that sends them a malformed create cell. Resolves - bug 12996; bugfix on 0.0.6rc1. diff --git a/changes/bug12997 b/changes/bug12997 deleted file mode 100644 index fb6e7a8459..0000000000 --- a/changes/bug12997 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Log more specific warnings when we get an ESTABLISH_RENDEZVOUS cell - on a cannibalized or non-OR circuit. Resolves ticket 12997. diff --git a/changes/bug13071 b/changes/bug13071 deleted file mode 100644 index 8212b6c049..0000000000 --- a/changes/bug13071 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (relay): - - Escape all strings from the directory connection before logging them. - Fixes bug 13071; bugfix on 0.1.1.15. Patch from "teor". diff --git a/changes/bug13081 b/changes/bug13081 deleted file mode 100644 index 154f73fb0a..0000000000 --- a/changes/bug13081 +++ /dev/null @@ -1,3 +0,0 @@ - o Compilation fixes: - - Make the nmake make files work again. Fixes bug 13081. Bugfix on 0.2.5.1-alpha. Patch - from "NewEraCracker". diff --git a/changes/bug13085 b/changes/bug13085 deleted file mode 100644 index a46457c797..0000000000 --- a/changes/bug13085 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (controller): - - Actually send TRANSPORT_LAUNCHED and HS_DESC events to controllers. - Fixes bug 13085; bugfix on 0.2.5.1-alpha. Patch by "teor". diff --git a/changes/bug13096 b/changes/bug13096 deleted file mode 100644 index 521faaf143..0000000000 --- a/changes/bug13096 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (conformance): - - In routerlist_assert_ok(), don't take the address of a routerinfo's - cache_info member unless that routerinfo is non-NULL. Fixes bug - 13096; bugfix on 0.1.1.9-alpha. Patch by "teor". diff --git a/changes/bug13100 b/changes/bug13100 deleted file mode 100644 index bbe43e65a7..0000000000 --- a/changes/bug13100 +++ /dev/null @@ -1,3 +0,0 @@ - o Directory authority changes: - - Change IP address for gabelmoo (v3 directory authority). - diff --git a/changes/bug13124 b/changes/bug13124 deleted file mode 100644 index be7df70347..0000000000 --- a/changes/bug13124 +++ /dev/null @@ -1,8 +0,0 @@ - o Minor bugfixes: - - Reduce the log severity of the "Pluggable transport proxy does - not provide any needed transports and will not be launched." - message, since Tor Browser includes several ClientTransportPlugin - lines in its torrc-defaults file, leading every Tor Browser user - who looks at her logs to see these notices and wonder if they're - dangerous. Resolves bug 13124; bugfix on 0.2.5.3-alpha. - diff --git a/changes/bug13151-client b/changes/bug13151-client deleted file mode 100644 index 1218dfdfab..0000000000 --- a/changes/bug13151-client +++ /dev/null @@ -1,13 +0,0 @@ - o Major bugfixes: - - Clients now send the correct address for their chosen rendezvous - point when trying to access a hidden service. They used to send - the wrong address, which would still work some of the time because - they also sent the identity digest of the rendezvous point, and if - the hidden service happened to try connecting to the rendezvous - point from a relay that already had a connection open to it, - the relay would reuse that connection. Now connections to hidden - services should be more robust and faster. Also, this bug meant - that clients were leaking to the hidden service whether they were - on a little-endian (common) or big-endian (rare) system, which for - some users might have reduced their anonymity. Fixes bug 13151; - bugfix on 0.2.1.5-alpha. diff --git a/changes/bug13296 b/changes/bug13296 deleted file mode 100644 index d6fe038c30..0000000000 --- a/changes/bug13296 +++ /dev/null @@ -1,5 +0,0 @@ - o Directory authority changes: - - Remove turtles as a directory authority. - - Add longclaw as a new (v3) directory authority. This implements - ticket 13296. This keeps the directory authority count at 9. - diff --git a/changes/bug13325 b/changes/bug13325 deleted file mode 100644 index b1da4d0bd5..0000000000 --- a/changes/bug13325 +++ /dev/null @@ -1,4 +0,0 @@ - o Compilation fixes: - - Build and run correctly on systems like OpenBSD-current that - have patched OpenSSL to remove get_cipher_by_char and/or its - implementations. Fixes issue 13325. diff --git a/changes/bug13471 b/changes/bug13471 deleted file mode 100644 index c116a4aeeb..0000000000 --- a/changes/bug13471 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes (openssl bug workaround): - - Avoid crashing when using OpenSSL version 0.9.8zc, 1.0.0o, or - 1.0.1j, built with the 'no-ssl3' configuration option. Fixes - bug 13471. This is a workaround for an OpenSSL bug. - diff --git a/changes/bug13988 b/changes/bug13988 deleted file mode 100644 index e816335a3b..0000000000 --- a/changes/bug13988 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (statistics): - - Increase period over which bandwidth observations are aggregated - from 15 minutes to 4 hours. Fixes bug 13988; bugfix on 0.0.8pre1. diff --git a/changes/bug14013 b/changes/bug14013 deleted file mode 100644 index 640cf859f5..0000000000 --- a/changes/bug14013 +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfixes: - - When reading a hexadecimal, base-32, or base-64 encoded value - from a string, always overwrite the complete output buffer. This - prevents some bugs where we would look at (but fortunately, not - reveal) uninitialized memory on the stack. Fixes bug 14013; - bugfix on all versions of Tor. diff --git a/changes/bug14125 b/changes/bug14125 deleted file mode 100644 index fe6821a332..0000000000 --- a/changes/bug14125 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (dirauth): - - Enlarge the buffer to read bw-auth generated files to avoid an - issue when parsing the file in dirserv_read_measured_bandwidths(). - Bugfix on 0.2.2.1-alpha, fixes #14125. - diff --git a/changes/bug14129 b/changes/bug14129 deleted file mode 100644 index 6153cd84fd..0000000000 --- a/changes/bug14129 +++ /dev/null @@ -1,7 +0,0 @@ - o Major bugfixes (exit node stability): - - - Fix an assertion failure that could occur under high DNS load. Fixes - bug 14129; bugfix on Tor 0.0.7rc1. Found by "jowr"; diagnosed and fixed - by "cypherpunks". - - diff --git a/changes/bug14142-parse-virtual-addr b/changes/bug14142-parse-virtual-addr deleted file mode 100644 index f78b7c7d81..0000000000 --- a/changes/bug14142-parse-virtual-addr +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes (client): - - Check for a missing option value in parse_virtual_addr_network - before asserting on the NULL in tor_addr_parse_mask_ports. - This avoids crashing on torrc lines like - Vi[rtualAddrNetworkIPv[4|6]] when no value follows the option. - Bugfix on 0.2.3 (de4cc126cbb5 on 24 November 2012), fixes #14142. - Patch by "teor". diff --git a/changes/bug14195 b/changes/bug14195 deleted file mode 100644 index d2b82f31b0..0000000000 --- a/changes/bug14195 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (client): - - Fix a memory leak when using AutomapHostsOnResolve. - Fixes bug 14195; bugfix on 0.1.0.1-rc. diff --git a/changes/bug14220 b/changes/bug14220 deleted file mode 100644 index 51cfa502bc..0000000000 --- a/changes/bug14220 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (compilation): - - Build without warnings with the stock OpenSSL srtp.h header, - which has a duplicate declaration of SSL_get_selected_srtp_profile(). - Fixes bug 14220; this is OpenSSL's bug, not ours. diff --git a/changes/bug14261 b/changes/bug14261 deleted file mode 100644 index 1260ccba1e..0000000000 --- a/changes/bug14261 +++ /dev/null @@ -1,5 +0,0 @@ - O Minor bugfixes (directory authority): - - Allow directory authorities to fetch more data from one - another if they find themselves missing lots of votes. - Previously, they had been bumping against the 10 MB queued - data limit. Fixes bug 14261. Bugfix on 0.1.2.5-alpha. diff --git a/changes/bug15083 b/changes/bug15083 deleted file mode 100644 index 5cc79b5ba1..0000000000 --- a/changes/bug15083 +++ /dev/null @@ -1,10 +0,0 @@ - o Major bugfixes (relay, stability, possible security): - - Fix a bug that could lead to a relay crashing with an assertion - failure if a buffer of exactly the wrong layout was passed - to buf_pullup() at exactly the wrong time. Fixes bug 15083; - bugfix on 0.2.0.10-alpha. Patch from 'cypherpunks'. - - - Do not assert if the 'data' pointer on a buffer is advanced to the very - end of the buffer; log a BUG message instead. Only assert if it is - past that point. Fixes bug 15083; bugfix on 0.2.0.10-alpha. - diff --git a/changes/bug15088 b/changes/bug15088 deleted file mode 100644 index 95878bdb39..0000000000 --- a/changes/bug15088 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (Linux seccomp2 sandbox): - - Upon receiving sighup, do not crash during attempts to call - wait4. Fixes bug 15088; bugfix on 0.2.5.1-alpha. Patch from - "sanic". diff --git a/changes/bug15205 b/changes/bug15205 deleted file mode 100644 index 0cb9f3f4bc..0000000000 --- a/changes/bug15205 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes (crash, OSX, security): - - Fix a remote denial-of-service opportunity caused by a bug - in OSX's _strlcat_chk() function. Fixes bug 15205; bug first - appeared in OSX 10.9. - diff --git a/changes/bug15515 b/changes/bug15515 deleted file mode 100644 index dda7c2fcd8..0000000000 --- a/changes/bug15515 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (DoS-resistance): - - Make it harder for attackers to overwhelm hidden services with - introductions, by blocking multiple introduction requests on the - same circuit. Resolves ticket #15515. diff --git a/changes/bug15600 b/changes/bug15600 deleted file mode 100644 index ee1d6cfe19..0000000000 --- a/changes/bug15600 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes (security, hidden service): - - Fix an issue that would allow a malicious client to trigger - an assertion failure and halt a hidden service. Fixes - bug 15600; bugfix on 0.2.1.6-alpha. Reported by "skruffy". - diff --git a/changes/bug15601 b/changes/bug15601 deleted file mode 100644 index 2cc880af7f..0000000000 --- a/changes/bug15601 +++ /dev/null @@ -1,4 +0,0 @@ - o Major bugfixes (security, hidden service): - - Fix a bug that could cause a client to crash with an assertion - failure when parsing a malformed hidden service descriptor. - Fixes bug 15601; bugfix on 0.2.1.5-alpha. Found by "DonnCha". diff --git a/changes/bug15823 b/changes/bug15823 deleted file mode 100644 index 987de5d9ac..0000000000 --- a/changes/bug15823 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (hidden service): - - Fix an out-of-bounds read when parsing invalid INTRODUCE2 cells - on a client authorized hidden service. Fixes bug 15823; bugfix - on 0.2.1.6-alpha. diff --git a/changes/bug16248 b/changes/bug16248 deleted file mode 100644 index 399b7093cd..0000000000 --- a/changes/bug16248 +++ /dev/null @@ -1,8 +0,0 @@ - o Major bugfixes (dns proxy mode, crash): - - Avoid crashing when running as a DNS proxy. Closes bug 16248; bugfix on - 0.2.0.1-alpha. Patch from 'cypherpunks'. - - o Minor features (bug-resistance): - - Make Tor survive errors involving connections without a corresponding - event object. Previously we'd fail with an assertion; now we produce a - log message. Related to bug 16248. diff --git a/changes/bug16360-failed-crypto-early-init b/changes/bug16360-failed-crypto-early-init deleted file mode 100644 index 21972bce52..0000000000 --- a/changes/bug16360-failed-crypto-early-init +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes (crypto error-handling): - - If crypto_early_init fails, a typo in a return value from tor_init - means that tor_main continues running, rather than returning - an error value. - Fixes bug 16360; bugfix on d3fb846d8c98 in 0.2.5.2-alpha, - introduced when implementing #4900. - Patch by "teor". diff --git a/changes/bug17150 b/changes/bug17150 new file mode 100644 index 0000000000..686cc34296 --- /dev/null +++ b/changes/bug17150 @@ -0,0 +1,7 @@ + o Minor bugfixes (directory warnings): + - When fetching extrainfo documents, compare their SHA256 digests + and Ed25519 signing key certificates + with the routerinfo that led us to fetch them, rather than + with the most recent routerinfo. Otherwise we generate many + spurious warnings about mismatches. Fixes bug 17150; bugfix + on 0.2.7.2-alpha. diff --git a/changes/bug17404 b/changes/bug17404 deleted file mode 100644 index d524f6662d..0000000000 --- a/changes/bug17404 +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfixes (security, correctness): - - Fix a programming error that could cause us to read 4 bytes before - the beginning of an openssl string. This could be used to provoke - a crash on systems with an unusual malloc implementation, or - systems with unsual hardening installed. Fixes bug 17404; bugfix - on 0.2.3.6-alpha. diff --git a/changes/bug17744_redux b/changes/bug17744_redux new file mode 100644 index 0000000000..d61e17fec3 --- /dev/null +++ b/changes/bug17744_redux @@ -0,0 +1,5 @@ + o Minor bugfixes (build): + - Remove a pair of redundant AM_CONDITIONAL declarations from + configure.ac. Fixes one final case of bug 17744; bugfix on + 0.2.8.2-alpha. + diff --git a/changes/bug17772 b/changes/bug17772 deleted file mode 100644 index 54d457c601..0000000000 --- a/changes/bug17772 +++ /dev/null @@ -1,7 +0,0 @@ - o Major bugfixes (guard selection): - - Actually look at the Guard flag when selecting a new directory - guard. When we implemented the directory guard design, we - accidentally started treating all relays as if they have the Guard - flag during guard selection, leading to weaker anonymity and worse - performance. Fixes bug 17222; bugfix on 0.2.4.8-alpha. Discovered - by Mohsen Imani. diff --git a/changes/bug17781 b/changes/bug17781 deleted file mode 100644 index 01ed231b0a..0000000000 --- a/changes/bug17781 +++ /dev/null @@ -1,3 +0,0 @@ - o Compilation fixes: - - Fix a compilation warning with Clang 3.6: Do not check the - presence of an address which can never be NULL. Fixes bug 17781. diff --git a/changes/bug17906 b/changes/bug17906 deleted file mode 100644 index fff76d1c59..0000000000 --- a/changes/bug17906 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (authorities): - - Update the V3 identity key for dannenberg, it was changed on - 18 November 2015. - Closes task #17906. Patch by "teor". diff --git a/changes/bug18089 b/changes/bug18089 deleted file mode 100644 index c1fb342f77..0000000000 --- a/changes/bug18089 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor fixes (security): - - Make memwipe() do nothing when passed a NULL pointer - or zero size. Check size argument to memwipe() for underflow. - Closes bug #18089. Reported by "gk", patch by "teor". - Bugfix on 0.2.3.25 and 0.2.4.6-alpha (#7352), - commit 49dd5ef3 on 7 Nov 2012. diff --git a/changes/bug18133 b/changes/bug18133 new file mode 100644 index 0000000000..177d286495 --- /dev/null +++ b/changes/bug18133 @@ -0,0 +1,4 @@ + o Minor bugfixes (logging): + - When we can't generate a signing key because OfflineMasterKey is set, + do not imply that we should have been able to load it. + Fixes bug 18133; bugfix on 0.2.7.2-alpha. diff --git a/changes/bug18162 b/changes/bug18162 deleted file mode 100644 index 0844d6f62f..0000000000 --- a/changes/bug18162 +++ /dev/null @@ -1,7 +0,0 @@ - o Major bugfixes (security, pointers): - - - Avoid a difficult-to-trigger heap corruption attack when extending - a smartlist to contain over 16GB of pointers. Fixes bug #18162; - bugfix on Tor 0.1.1.11-alpha, which fixed a related bug - incompletely. Reported by Guido Vranken. - diff --git a/changes/bug18286 b/changes/bug18286 new file mode 100644 index 0000000000..e398fb004b --- /dev/null +++ b/changes/bug18286 @@ -0,0 +1,5 @@ + o Minor features (build): + - Tor now builds again with the recent OpenSSL 1.1 development branch + (tested against 1.1.0-pre4 and 1.1.0-pre5-dev). Closes ticket 18286. + + diff --git a/changes/bug18312 b/changes/bug18312 new file mode 100644 index 0000000000..7dcb3266bf --- /dev/null +++ b/changes/bug18312 @@ -0,0 +1,4 @@ + o Documentation: + - Stop recommending use of nicknames to identify relays in our + MapAddress documentation. Closes ticket 18312. + diff --git a/changes/bug18397 b/changes/bug18397 new file mode 100644 index 0000000000..53993da4e6 --- /dev/null +++ b/changes/bug18397 @@ -0,0 +1,7 @@ + o Minor bugfixes (Linux seccomp2 sandbox): + - Add a few missing syscalls to the seccomp2 sandbox: sysinfo, + getsockopt(SO_SNDBUF), and setsockopt(SO_SNDBUFFORCE). On + some systems, these are required for Tor to start with + "Sandbox 1" enabled. + Fixes bug 18397; bugfix on 0.2.5.1-alpha. Patch from + Daniel Pinto. diff --git a/changes/bug18460 b/changes/bug18460 new file mode 100644 index 0000000000..a8c1a19774 --- /dev/null +++ b/changes/bug18460 @@ -0,0 +1,4 @@ + o Minor bugfixes (statistics): + - We now include consensus downloads via IPv6 in our directory-request statistics. + Fixes bug 18460; bugfix on 0.2.3.14-alpha. + diff --git a/changes/bug18481 b/changes/bug18481 new file mode 100644 index 0000000000..6fd882b36b --- /dev/null +++ b/changes/bug18481 @@ -0,0 +1,5 @@ + o Minor bugfixes (client): + - Turn all TestingClientBootstrap* into non-testing torrc options. This + changes simply renames them by removing "Testing" in front of them and + they do not require TestingTorNetwork to be enabled anymore. Fixes + bug 18481; bugfix on 0.2.8.1-alpha. diff --git a/changes/bug18616 b/changes/bug18616 new file mode 100644 index 0000000000..ec59e846ed --- /dev/null +++ b/changes/bug18616 @@ -0,0 +1,14 @@ + o Major bugfixes (directory mirrors): + - Decide whether to advertise begindir support the same way we decide + whether to advertise our DirPort. These decisions being out of sync + led to surprising behavior like advertising begindir support when + our hibernation config options made us not advertise a DirPort. + Resolves bug 18616; bugfix on 0.2.8.1-alpha. Patch by teor. + + o Minor bugfixes: + - Consider more config options when relays decide whether to regenerate + their descriptor. Fixes more of bug 12538; bugfix on 0.2.8.1-alpha. + - Resolve some edge cases where we might launch an ORPort reachability + check even when DisableNetwork is set. Noticed while fixing bug + 18616; bugfix on 0.2.3.9-alpha. + diff --git a/changes/bug18668 b/changes/bug18668 new file mode 100644 index 0000000000..4b186b5c05 --- /dev/null +++ b/changes/bug18668 @@ -0,0 +1,3 @@ + o Minor bugfixes (tests): + - Avoid "WSANOTINITIALISED" warnings in the unit tests. Fixes bug 18668; + bugfix on 0.2.8.1-alpha. diff --git a/changes/bug18673 b/changes/bug18673 new file mode 100644 index 0000000000..5d6161718a --- /dev/null +++ b/changes/bug18673 @@ -0,0 +1,4 @@ + o Minor bugfixes (memory leak): + - Fix a small memory leak that would occur when the + TestingEnableCellStatsEvent option was turned on. Fixes bug 18673; + bugfix on 0.2.5.2-alpha. diff --git a/changes/bug18686 b/changes/bug18686 new file mode 100644 index 0000000000..23547d211d --- /dev/null +++ b/changes/bug18686 @@ -0,0 +1,5 @@ + o Minor bugfixes (pluggable transports): + - Avoid reporting a spurious error when we decide that we don't + need to terminate a pluggable transport because it has already + exited. Fixes bug 18686; bugfix on 0.2.5.5-alpha. + diff --git a/changes/bug18716 b/changes/bug18716 new file mode 100644 index 0000000000..b15a343f4c --- /dev/null +++ b/changes/bug18716 @@ -0,0 +1,4 @@ + o Minor bugfixes (assert, portability): + - Fix an assertion failure in memarea.c on systems where "long" is + shorter than the size of a pointer. + Fixes bug 18716; bugfix on 0.2.1.1-alpha diff --git a/changes/bug18728 b/changes/bug18728 new file mode 100644 index 0000000000..e181c17e65 --- /dev/null +++ b/changes/bug18728 @@ -0,0 +1,4 @@ + o Minor bugfixes (build): + - Resolve warnings when building on systems that are concerned with + signed char. Fixes bug 18728; bugfix on 0.2.7.2-alpha and + 0.2.6.1-alpha. diff --git a/changes/bug18729 b/changes/bug18729 new file mode 100644 index 0000000000..4ec9ca3254 --- /dev/null +++ b/changes/bug18729 @@ -0,0 +1,3 @@ + o Minor features (logging): + - Stop blasting twelve lines per second from periodic_event_dispatch() + at loglevel debug. Resolves ticket 18729; fix on 0.2.8.1-alpha. diff --git a/changes/bug18761 b/changes/bug18761 new file mode 100644 index 0000000000..78500a88ea --- /dev/null +++ b/changes/bug18761 @@ -0,0 +1,3 @@ + o Minor feature (logging): + - When rejecting a misformed INTRODUCE2 cell, only log at PROTOCOL_WARN + severity. Closes ticket 18761. diff --git a/changes/bug18809 b/changes/bug18809 new file mode 100644 index 0000000000..1e151874b7 --- /dev/null +++ b/changes/bug18809 @@ -0,0 +1,16 @@ + o Major bugfixes (bootstrap): + - Check if bootstrap consensus downloads are still needed + when the linked connection attaches. This prevents tor + making unnecessary begindir-style connections, which are + the only directory connections tor clients make since + the fix for 18483 was merged. + - Fix some edge cases where consensus download connections + may not have been closed, even though they were not needed. + Related to fix 18809. + - Make relays retry consensus downloads the correct number of + times, rather than the more aggressive client retry count. + Fixes part of ticket 18809. + - Stop downloading consensuses when we have a consensus, + even if we don't have all the certificates for it yet. + Fixes bug 18809; bugfix on 0.2.8.1-alpha. + Patches by arma and teor. diff --git a/changes/bug18812 b/changes/bug18812 new file mode 100644 index 0000000000..793e1102f7 --- /dev/null +++ b/changes/bug18812 @@ -0,0 +1,4 @@ + o Minor bugfixes (bootstrap): + - When a fallback changes its fingerprint from the hard-coded + fingerprint, log a less severe, more explanatory log message. + Fixes bug 18812; bugfix on 0.2.8.1-alpha. Patch by teor. diff --git a/changes/bug18816 b/changes/bug18816 new file mode 100644 index 0000000000..103f816962 --- /dev/null +++ b/changes/bug18816 @@ -0,0 +1,4 @@ + o Minor bugfix (bootstrap): + - Consistently use the consensus download schedule for + authority certificates. + Fixes bug 18816; bugfix on 0.2.4.13-alpha. diff --git a/changes/bug18841.1 b/changes/bug18841.1 new file mode 100644 index 0000000000..205ee5a425 --- /dev/null +++ b/changes/bug18841.1 @@ -0,0 +1,7 @@ + o Major bugfixes (compilation): + - Correctly detect compiler flags on systems where _FORTIFY_SOURCE + is predefined. Previously, our use of -D_FORTIFY_SOURCE would + cause a compiler warning, thereby making other checks fail. + Fixes one case of bug 18841; bugfix on 0.2.3.17-beta. Patch from + "trudokal". + diff --git a/changes/bug18849 b/changes/bug18849 new file mode 100644 index 0000000000..b12a8da011 --- /dev/null +++ b/changes/bug18849 @@ -0,0 +1,4 @@ + o Minor bugfix (logging): + - Reduce excessive logging when directories can't be found. + Fixes bug 18849; bugfix on 0.2.8.3-alpha and 0.2.8.1-alpha. + Patch by teor. diff --git a/changes/bug18920 b/changes/bug18920 new file mode 100644 index 0000000000..1babfd6656 --- /dev/null +++ b/changes/bug18920 @@ -0,0 +1,5 @@ + o Minor bugfixes (controller, microdescriptors): + - Make GETINFO dir/status-vote/current/consensus conform to the control + specification by returning "551 Could not open cached consensus..." + when not caching consensuses. + Fixes bug 18920; bugfix on 0.2.2.6-alpha. diff --git a/changes/bug18921 b/changes/bug18921 new file mode 100644 index 0000000000..cdd868a005 --- /dev/null +++ b/changes/bug18921 @@ -0,0 +1,4 @@ + o Major bugfixes (IPv6 bridges): + - Fix directory address selection for IPv6 bridges. + Fixes bug 18921; bugfix on 0.2.8.1-alpha. + Patch by "teor". diff --git a/changes/bug18929 b/changes/bug18929 new file mode 100644 index 0000000000..c607e630a6 --- /dev/null +++ b/changes/bug18929 @@ -0,0 +1,5 @@ + o Minor bugfixes (IPv6): + - Make directory node selection more reliable, mainly for + IPv6-only clients and clients with few reachable addresses. + Fixes bug 18929; bugfix on 0.2.8.1-alpha. + Patch by "teor". diff --git a/changes/bug18943 b/changes/bug18943 new file mode 100644 index 0000000000..6bcd868460 --- /dev/null +++ b/changes/bug18943 @@ -0,0 +1,6 @@ + o Major bugfixes (crypto, portability): + - The SHA3 and SHAKE routines now produce the correct output on + Big Endian systems, unbreaking the unit tests. No code calls + either algorithm family yet, so this is primarily a build fix. + Fixes bug 18943; bugfix on 0.2.8.1-alpha. + diff --git a/changes/bug18977 b/changes/bug18977 new file mode 100644 index 0000000000..3f46b09fba --- /dev/null +++ b/changes/bug18977 @@ -0,0 +1,4 @@ + o Minor bugfixes (time handling): + - When correcting a corrupt 'struct tm' value, fill in the tm_wday + field. Otherwise, our unit tests crash on Windows. + Fixes bug 18977; bugfix on 0.2.2.25-alpha. diff --git a/changes/bug19003 b/changes/bug19003 new file mode 100644 index 0000000000..ca94938ef9 --- /dev/null +++ b/changes/bug19003 @@ -0,0 +1,5 @@ + o Minor bugfixes (small networks): + - Allow directories in small networks to bootstrap by + skipping DirPort checks when the consensus has no exits. + Fixes bug 19003; bugfix on 0.2.8.1-alpha. + Patch by teor. diff --git a/changes/bug19008 b/changes/bug19008 new file mode 100644 index 0000000000..c51c98faa6 --- /dev/null +++ b/changes/bug19008 @@ -0,0 +1,3 @@ + o Major bugfixes (testing): + - Fix a bug that would block 'make test-network-all' on systems + where IPv6 packets were lost. Fixes bug 19008; bugfix on tor-0.2.7.3-rc. diff --git a/changes/bug19032 b/changes/bug19032 new file mode 100644 index 0000000000..93f17c2f91 --- /dev/null +++ b/changes/bug19032 @@ -0,0 +1,4 @@ + o Major bugfixes (security, directory authorities): + - Fix a crash and out-of-bounds write during authority voting, when the + list of relays includes duplicate ed25519 identity keys. Fixes bug 19032; + bugfix on 0.2.8.2-alpha. diff --git a/changes/bug19161 b/changes/bug19161 new file mode 100644 index 0000000000..78c2165308 --- /dev/null +++ b/changes/bug19161 @@ -0,0 +1,3 @@ + o Minor bugfixes (compilation): + - When libscrypt.h is found, but no libscrypt library can be linked, + treat libscrypt as absent. Fixes bug 19161; bugfix on 0.2.6.1-alpha. diff --git a/changes/bug19191 b/changes/bug19191 new file mode 100644 index 0000000000..8670aaa7fd --- /dev/null +++ b/changes/bug19191 @@ -0,0 +1,5 @@ + o Minor bugfixes (downloading): + - Predict more correctly whether we'll be downloading over HTTP when we + determine the maximum length of a URL. This should avoid a "BUG" + warning about the Squid HTTP proxy and its URL limits. Fixes bug 19191; + bugfix on ?????. diff --git a/changes/bug19203 b/changes/bug19203 new file mode 100644 index 0000000000..96bc1e855a --- /dev/null +++ b/changes/bug19203 @@ -0,0 +1,4 @@ + o Major bugfixes (user interface): + - Correctly give a warning in the cases where a relay is specified by + nickname, and one such relay is found, but it is not officially Named. + Fixes bug 19203; bugfix on 0.2.3.1-alpha. diff --git a/changes/bug19213 b/changes/bug19213 new file mode 100644 index 0000000000..6217814fb4 --- /dev/null +++ b/changes/bug19213 @@ -0,0 +1,3 @@ + o Minor bugfixes (compilation): + - Cause the unit tests to compile correctly on mingw64 versions + that lack sscanf. Fixes bug 19213; bugfix on 0.2.7.1-alpha. diff --git a/changes/bug19406 b/changes/bug19406 new file mode 100644 index 0000000000..e8b661b512 --- /dev/null +++ b/changes/bug19406 @@ -0,0 +1,4 @@ + o Minor features (build): + - Tor now again builds with the recent OpenSSL 1.1 development branch + (tested against 1.1.0-pre5 and 1.1.0-pre6-dev). + diff --git a/changes/bug19454 b/changes/bug19454 new file mode 100644 index 0000000000..05650b5c61 --- /dev/null +++ b/changes/bug19454 @@ -0,0 +1,3 @@ + o Minor bugfixes (heartbeat): + - Fix regression that crashes Tor when disabling heartbeats. Fixes bug + 19454; bugfix on tor-0.2.8.1-alpha. Reported by "kubaku". diff --git a/changes/bug19464 b/changes/bug19464 new file mode 100644 index 0000000000..22c9e73dc7 --- /dev/null +++ b/changes/bug19464 @@ -0,0 +1,6 @@ + o Minor bugfixes (user interface): + - Remove a warning message "Service [scrubbed] not found after + descriptor upload". This message appears when one uses HSPOST control + command to upload a service descriptor. Since there is only a descriptor + and no service, showing this message is pointless and confusing. + Fixes bug 19464; bugfix on 0.2.7.2-alpha. diff --git a/changes/bug19499 b/changes/bug19499 new file mode 100644 index 0000000000..59bdb29dfa --- /dev/null +++ b/changes/bug19499 @@ -0,0 +1,4 @@ + o Minor features (build): + - Tor now again builds with the recent OpenSSL 1.1 development branch + (tested against 1.1.0-pre6-dev). Closes ticket 19499. + diff --git a/changes/bug19556 b/changes/bug19556 new file mode 100644 index 0000000000..31856b3db9 --- /dev/null +++ b/changes/bug19556 @@ -0,0 +1,7 @@ + o Minor bugfixes (sandboxing): + - When sandboxing is enabled, we could not write any stats to + disk. check_or_create_data_subdir("stats"), which prepares the + private stats directory, calls check_private_dir(), which also + opens and not just stats() the directory. Therefore, we need to + also allow open() for the stats dir in our sandboxing setup. + Fixes bug 19556; bugfix on 0.2.5.1-alpha. diff --git a/changes/bug19557 b/changes/bug19557 new file mode 100644 index 0000000000..55214b0c97 --- /dev/null +++ b/changes/bug19557 @@ -0,0 +1,4 @@ + o Major bugfixes (sandboxing): + - Our sandboxing code would not allow us to write to stats/hidserv-stats, + causing tor to abort while trying to write stats. This was previously + masked by bug 19556. Fixes bug 19557; bugfix on 0.2.6.1-alpha. diff --git a/changes/bug19608 b/changes/bug19608 new file mode 100644 index 0000000000..66c2de214e --- /dev/null +++ b/changes/bug19608 @@ -0,0 +1,6 @@ + o Minor bugfixes (IPv6, microdescriptors): + - Don't check node addresses when we only have a routerstatus. + This allows IPv6-only clients to bootstrap by fetching + microdescriptors from fallback directory mirrors. + (The microdescriptor consensus has no IPv6 addresses in it.) + Fixes bug 19608; bugfix on c281c036 in 0.2.8.2-alpha. diff --git a/changes/bug19660 b/changes/bug19660 new file mode 100644 index 0000000000..72d32c8fe2 --- /dev/null +++ b/changes/bug19660 @@ -0,0 +1,8 @@ + o Minor bugfixes (sandboxing): + - If we did not find a non-private IPaddress by iterating over + interfaces, we would try to get one via + get_interface_address6_via_udp_socket_hack(). This opens a + datagram socket with IPPROTO_UDP. Previously all our datagram + sockets (via libevent) used IPPROTO_IP, so we did not have that + in the sandboxing whitelist. Add (SOCK_DGRAM, IPPROTO_UDP) + sockets to the sandboxing whitelist. Fixes bug 19660. diff --git a/changes/bug19682 b/changes/bug19682 new file mode 100644 index 0000000000..c799c417ac --- /dev/null +++ b/changes/bug19682 @@ -0,0 +1,3 @@ + o Minor bugfixes (compilation): + - Fix compilation warning in the unit tests on systems where + char is signed. Fixes bug 19682; bugfix on 0.2.8.1-alpha. diff --git a/changes/bifroest b/changes/bug19728 index 41af658ed8..98ba34290f 100644 --- a/changes/bifroest +++ b/changes/bug19728 @@ -1,3 +1,3 @@ - o Directory authority changes (also in 0.2.8.7): + o Directory authority changes: - The "Tonga" bridge authority has been retired; the new bridge authority is "Bifroest". Closes tickets 19728 and 19690. diff --git a/changes/bug19782 b/changes/bug19782 new file mode 100644 index 0000000000..37660ead73 --- /dev/null +++ b/changes/bug19782 @@ -0,0 +1,3 @@ + o Minor bugfixes (fallback directories): + - Remove a fallback that was on the hardcoded list, then opted-out. + Fixes bug 19782; update to fallback list from 0.2.8.2-alpha. diff --git a/changes/bug19903 b/changes/bug19903 new file mode 100644 index 0000000000..33aa8789d7 --- /dev/null +++ b/changes/bug19903 @@ -0,0 +1,4 @@ + o Minor bugfixes (compilation): + - Remove an inappropriate "inline" in tortls.c that was causing warnings + on older versions of GCC. Fixes bug 19903; 0.2.8.1-alpha. + diff --git a/changes/bug19947 b/changes/bug19947 new file mode 100644 index 0000000000..b9dce8b753 --- /dev/null +++ b/changes/bug19947 @@ -0,0 +1,4 @@ + o Minor bugfixes (fallback directories): + - Avoid logging a NULL string pointer when loading fallback directory information. + Fixes bug 19947; bugfix on 0.2.4.7-alpha and 0.2.8.1-alpha. + Report and patch by "rubiate". diff --git a/changes/bug19969 b/changes/bug19969 new file mode 100644 index 0000000000..0bdd880bb7 --- /dev/null +++ b/changes/bug19969 @@ -0,0 +1,10 @@ + o Major bugfixes (client performance); + - Clients now respond to new application stream requests when + they arrive, rather than waiting up to one second before starting + to handle them. Fixes part of bug 19969; bugfix on 0.2.8.1-alpha. + + o Major bugfixes (clients on flaky network connections); + - When Tor leaves standby because of a new application request, open + circuits as needed to serve that request. Previously, we would + potentially wait a very long time. Fixes part of bug 19969; bugfix + on 0.2.8.1-alpha. diff --git a/changes/bug19973 b/changes/bug19973 new file mode 100644 index 0000000000..7bd5c554f9 --- /dev/null +++ b/changes/bug19973 @@ -0,0 +1,6 @@ + o Major bugfixes (client, security): + - Only use the ReachableAddresses option to restrict the first hop + in a path. Previously, it would apply to every hop in the path, + with a possible degredation in anonymity for anyone using an + uncommon ReachableAddress setting. Fixes bug 19973; bugfix on + 0.2.8.2-alpha. diff --git a/changes/bug20103 b/changes/bug20103 new file mode 100644 index 0000000000..bf0aeec009 --- /dev/null +++ b/changes/bug20103 @@ -0,0 +1,7 @@ + o Major bugfixes (crash): + + - Fix a complicated crash bug that could affect Tor clients + configured to use bridges when replacing a networkstatus consensus + in which one of their bridges was mentioned. OpenBSD users saw + more crashes here, but all platforms were potentially affected. + Fixes bug 20103; bugfix on 0.2.8.2-alpha. diff --git a/changes/bug20203 b/changes/bug20203 new file mode 100644 index 0000000000..711c91ba85 --- /dev/null +++ b/changes/bug20203 @@ -0,0 +1,6 @@ + o Major bugfixes (relay, OOM handler): + - Fix a timing-dependent assertion failure that could occur when we + tried to flush from a circuit after having freed its cells because + of an out-of-memory condition. Fixes bug 20203; bugfix on + 0.2.8.1-alpha. Thanks to "cypherpunks" for help diagnosing this + one. diff --git a/changes/bug20235 b/changes/bug20235 new file mode 100644 index 0000000000..54026a8943 --- /dev/null +++ b/changes/bug20235 @@ -0,0 +1,4 @@ + o Minor features (compatibility): + - Work around a bug in the OSX 10.12 SDK that would prevent us + from successfully targetting earlier versions of OSX. + Resolves ticket 20235. diff --git a/changes/bug20551 b/changes/bug20551 new file mode 100644 index 0000000000..1e0746b666 --- /dev/null +++ b/changes/bug20551 @@ -0,0 +1,3 @@ + o Minor bugfixes (compilation); + - Fix implicit conversion warnings under OpenSSL 1.1. + Fixes bug 20551; bugfix on 0.2.1.1-alpha. diff --git a/changes/bug20553 b/changes/bug20553 new file mode 100644 index 0000000000..12a2780303 --- /dev/null +++ b/changes/bug20553 @@ -0,0 +1,3 @@ + o Minor bugfixes (memory leak): + - Work around a memory leak in OpenSSL 1.1 when encoding public keys. + Fixes bug 20553; bugfix on 0.0.2pre8. diff --git a/changes/bug20588 b/changes/bug20588 new file mode 100644 index 0000000000..be199b2de0 --- /dev/null +++ b/changes/bug20588 @@ -0,0 +1,3 @@ + o Minor bugfixes (portability): + - Fix compilation with OpenSSL 1.1 and less commonly-used + CPU architectures. Closes ticket 20588. diff --git a/changes/bug20865 b/changes/bug20865 new file mode 100644 index 0000000000..575d886a3e --- /dev/null +++ b/changes/bug20865 @@ -0,0 +1,7 @@ + o Minor bugfixes (portability): + - Avoid compilation errors when building on OSX Sierra. Sierra began + to support the getentropy() API, but created a few problems in + doing so. Tor 0.2.9 has a more thorough set of workarounds; in + 0.2.8, we are just using the /dev/urandom interface. Fixes + bug 20865. Bugfix on 0.2.8.1-alpha. + diff --git a/changes/bug22838_028 b/changes/bug22838_028 new file mode 100644 index 0000000000..1d0a4fbfd1 --- /dev/null +++ b/changes/bug22838_028 @@ -0,0 +1,5 @@ + o Minor bugfixes (compilation, mingw, backport from 0.3.1.1-alpha): + - Backport a fix for an "unused variable" warning that appeared + in some versions of mingw. Fixes bug 22838; bugfix on + 0.2.8.1-alpha. + diff --git a/changes/bug23291 b/changes/bug23291 new file mode 100644 index 0000000000..a5b0efda0a --- /dev/null +++ b/changes/bug23291 @@ -0,0 +1,3 @@ + o Minor bugfixes (testing): + - Fix an undersized buffer in test-memwipe.c. Fixes bug 23291; bugfix on + 0.2.7.2-alpha. Found and patched by Ties Stuij. diff --git a/changes/bug23690 b/changes/bug23690 new file mode 100644 index 0000000000..36ff32e499 --- /dev/null +++ b/changes/bug23690 @@ -0,0 +1,5 @@ + o Major bugfixes (relay, crash, assertion failure): + - Fix a timing-based assertion failure that could occur when the + circuit out-of-memory handler freed a connection's output buffer. + Fixes bug 23690; bugfix on 0.2.6.1-alpha. + diff --git a/changes/bug24313 b/changes/bug24313 new file mode 100644 index 0000000000..b927ec3ba6 --- /dev/null +++ b/changes/bug24313 @@ -0,0 +1,5 @@ + o Major bugfixes (security, hidden service v2): + - Fix a use-after-free error that could crash v2 Tor hidden services + when it failed to open circuits while expiring introductions + points. Fixes bug 24313; bugfix on 0.2.7.2-alpha. This + issue is also tracked as TROVE-2017-013 and CVE-2017-8823. diff --git a/changes/bug8093 b/changes/bug8093 deleted file mode 100644 index f0fbc618c2..0000000000 --- a/changes/bug8093 +++ /dev/null @@ -1,3 +0,0 @@ - o Downgraded warnings: - - Downgrade the severity of the 'unexpected sendme cell from client' from - 'warn' to 'protocol warning'. Closes ticket 8093. diff --git a/changes/bug8387 b/changes/bug8387 deleted file mode 100644 index 2ec0487bf8..0000000000 --- a/changes/bug8387 +++ /dev/null @@ -1,11 +0,0 @@ - o Major bugfixes (client): - - - Perform circuit cleanup operations even when circuit - construction operations are disabled (because the network is - disabled, or because there isn't enough directory information). - Previously, when we were not building predictive circuits, we - were not closing expired circuits either. - - Fixes bug 8387; bugfix on 0.1.1.11-alpha. This bug became visible - in 0.2.4.10-alpha when we became more strict about when we have - "enough directory information to build circuits". diff --git a/changes/curve25519-donna32-bug b/changes/curve25519-donna32-bug deleted file mode 100644 index 7fccab1b0c..0000000000 --- a/changes/curve25519-donna32-bug +++ /dev/null @@ -1,12 +0,0 @@ - o Major bugfixes: - - - Fix a bug in the bounds-checking in the 32-bit curve25519-donna - implementation that caused incorrect results on 32-bit - implementations when certain malformed inputs were used along with - a small class of private ntor keys. This bug does not currently - appear to allow an attacker to learn private keys or impersonate a - Tor server, but it could provide a means to distinguish 32-bit Tor - implementations from 64-bit Tor implementations. Fixes bug 12694; - bugfix on 0.2.4.8-alpha. Bug found by Robert Ransom; fix from - Adam Langley. - diff --git a/changes/disable_sslv3 b/changes/disable_sslv3 deleted file mode 100644 index bb4c2df7a2..0000000000 --- a/changes/disable_sslv3 +++ /dev/null @@ -1,4 +0,0 @@ - o Major security fixes: - - Disable support for SSLv3. All versions of OpenSSL in use with - Tor today support TLS 1.0 or later, so we can safely turn off - support for this old (and insecure) protocol. Fixes bug 13426. diff --git a/changes/doc17621 b/changes/doc17621 new file mode 100644 index 0000000000..ab37d29b50 --- /dev/null +++ b/changes/doc17621 @@ -0,0 +1,3 @@ + o Documentation: + - Document the contents of the 'datadir/keys' subdirectory in the manual + page. Closes ticket 17621. diff --git a/changes/fallbacks-201604 b/changes/fallbacks-201604 new file mode 100644 index 0000000000..7acefaaf08 --- /dev/null +++ b/changes/fallbacks-201604 @@ -0,0 +1,9 @@ + o Minor features (fallback directory mirrors): + - Give each fallback the same weight for client selection; + restrict fallbacks to one per operator; + report fallback directory detail changes when rebuilding list; + add new fallback directory mirrors to the whitelist; + update fallback directories based on the latest OnionOO data; + and any other minor simplifications and fixes. + Closes tasks 17158, 17905, 18749, bug 18689, and fixes part of + bug 18812 on 0.2.8.1-alpha; patch by "teor". diff --git a/changes/feature18483 b/changes/feature18483 new file mode 100644 index 0000000000..d0fa8df58d --- /dev/null +++ b/changes/feature18483 @@ -0,0 +1,4 @@ + o Minor features (clients): + - Make clients, onion services, and bridge relays always + use an encrypted begindir connection for directory requests. + Resolves ticket 18483. Patch by "teor". diff --git a/changes/further-12184-diagnostic b/changes/further-12184-diagnostic deleted file mode 100644 index 89e9f4612f..0000000000 --- a/changes/further-12184-diagnostic +++ /dev/null @@ -1,2 +0,0 @@ - o Minor features (diagnostic): - - Slightly enhance the diagnostic message for bug 12184. diff --git a/changes/geoip-april2015 b/changes/geoip-april2015 deleted file mode 100644 index 7db38ed797..0000000000 --- a/changes/geoip-april2015 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update geoip to the April 8 2015 Maxmind GeoLite2 Country database. - diff --git a/changes/geoip-april2016 b/changes/geoip-april2016 index 4cd03e556b..c55aa179b5 100644 --- a/changes/geoip-april2016 +++ b/changes/geoip-april2016 @@ -1,4 +1,4 @@ - o Minor features: + o Minor features (geoip): - Update geoip and geoip6 to the April 5 2016 Maxmind GeoLite2 Country database. diff --git a/changes/geoip-august2014 b/changes/geoip-august2014 deleted file mode 100644 index 90d8ecb300..0000000000 --- a/changes/geoip-august2014 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update geoip to the August 7 2014 Maxmind GeoLite2 Country database. - diff --git a/changes/geoip-december2015 b/changes/geoip-december2015 deleted file mode 100644 index 597bcc92f8..0000000000 --- a/changes/geoip-december2015 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - Update geoip and geoip6 to the December 1 2015 Maxmind GeoLite2 - Country database. - diff --git a/changes/geoip-february2016 b/changes/geoip-february2016 deleted file mode 100644 index 49a8041fad..0000000000 --- a/changes/geoip-february2016 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - Update geoip and geoip6 to the February 2 2016 Maxmind GeoLite2 - Country database. - diff --git a/changes/geoip-january2015 b/changes/geoip-january2015 deleted file mode 100644 index 67324f27f2..0000000000 --- a/changes/geoip-january2015 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update geoip to the January 7 2015 Maxmind GeoLite2 Country database. - diff --git a/changes/geoip-january2016 b/changes/geoip-january2016 deleted file mode 100644 index fe2d5c7dc7..0000000000 --- a/changes/geoip-january2016 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - Update geoip and geoip6 to the January 5 2016 Maxmind GeoLite2 - Country database. - diff --git a/changes/geoip-july2014 b/changes/geoip-july2014 deleted file mode 100644 index a0523ecac9..0000000000 --- a/changes/geoip-july2014 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update geoip to the July 10 2014 Maxmind GeoLite2 Country database. - diff --git a/changes/geoip-july2015 b/changes/geoip-july2015 deleted file mode 100644 index 381c2df231..0000000000 --- a/changes/geoip-july2015 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update geoip and geoip6 to the July 8 2015 Maxmind GeoLite2 Country database. - diff --git a/changes/geoip-jun2016 b/changes/geoip-jun2016 index 8d308f6f72..6c9847ca58 100644 --- a/changes/geoip-jun2016 +++ b/changes/geoip-jun2016 @@ -1,4 +1,4 @@ - o Minor features: + o Minor features (geoip): - Update geoip and geoip6 to the June 7 2016 Maxmind GeoLite2 Country database. diff --git a/changes/geoip-june2015 b/changes/geoip-june2015 deleted file mode 100644 index 9d6cd3658b..0000000000 --- a/changes/geoip-june2015 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update geoip to the June 3 2015 Maxmind GeoLite2 Country database. - diff --git a/changes/geoip-march2015 b/changes/geoip-march2015 deleted file mode 100644 index 565781280a..0000000000 --- a/changes/geoip-march2015 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update geoip to the March 3 2015 Maxmind GeoLite2 Country database. - diff --git a/changes/geoip-march2016 b/changes/geoip-march2016 deleted file mode 100644 index d7b1bd42f9..0000000000 --- a/changes/geoip-march2016 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - Update geoip and geoip6 to the March 3 2016 Maxmind GeoLite2 - Country database. - diff --git a/changes/geoip-may2016 b/changes/geoip-may2016 index 3fd42dce24..cf78ab10c7 100644 --- a/changes/geoip-may2016 +++ b/changes/geoip-may2016 @@ -1,4 +1,4 @@ - o Minor features: + o Minor features (geoip): - Update geoip and geoip6 to the May 4 2016 Maxmind GeoLite2 Country database. diff --git a/changes/geoip-november2014 b/changes/geoip-november2014 deleted file mode 100644 index 52cbeb3e41..0000000000 --- a/changes/geoip-november2014 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update geoip to the November 15 2014 Maxmind GeoLite2 Country database. - diff --git a/changes/geoip-october2015 b/changes/geoip-october2015 deleted file mode 100644 index f20febec5a..0000000000 --- a/changes/geoip-october2015 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update geoip and geoip6 to the October 9 2015 Maxmind GeoLite2 Country database. - diff --git a/changes/geoip-september2015 b/changes/geoip-september2015 deleted file mode 100644 index a4f99efaa2..0000000000 --- a/changes/geoip-september2015 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update geoip and geoip6 to the September 3 2015 Maxmind GeoLite2 Country database. - diff --git a/changes/geoip-september2016 b/changes/geoip-september2016 index a14c7c699f..1bf5570f2d 100644 --- a/changes/geoip-september2016 +++ b/changes/geoip-september2016 @@ -1,4 +1,4 @@ - o Minor features: + o Minor features (geoip): - Update geoip and geoip6 to the September 6 2016 Maxmind GeoLite2 Country database. diff --git a/changes/geoip6-april2015 b/changes/geoip6-april2015 deleted file mode 100644 index 241c9119b6..0000000000 --- a/changes/geoip6-april2015 +++ /dev/null @@ -1,2 +0,0 @@ - o Minor features: - - Update geoip6 to the April 8 2015 Maxmind GeoLite2 Country database. diff --git a/changes/geoip6-august2014 b/changes/geoip6-august2014 deleted file mode 100644 index 7e7c9a975d..0000000000 --- a/changes/geoip6-august2014 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update geoip6 to the August 7 2014 Maxmind GeoLite2 Country database. - diff --git a/changes/geoip6-january2015 b/changes/geoip6-january2015 deleted file mode 100644 index b86fe2be57..0000000000 --- a/changes/geoip6-january2015 +++ /dev/null @@ -1,2 +0,0 @@ - o Minor features: - - Update geoip6 to the January 7 2015 Maxmind GeoLite2 Country database. diff --git a/changes/geoip6-july2014 b/changes/geoip6-july2014 deleted file mode 100644 index 155788ef88..0000000000 --- a/changes/geoip6-july2014 +++ /dev/null @@ -1,2 +0,0 @@ - o Minor features: - - Update geoip6 to the July 10 2014 Maxmind GeoLite2 Country database. diff --git a/changes/geoip6-june2015 b/changes/geoip6-june2015 deleted file mode 100644 index 527dbff53b..0000000000 --- a/changes/geoip6-june2015 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update geoip6 to the June 3 2015 Maxmind GeoLite2 Country database. - diff --git a/changes/geoip6-march2015 b/changes/geoip6-march2015 deleted file mode 100644 index 9a38c65e62..0000000000 --- a/changes/geoip6-march2015 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update geoip6 to the March 3 2015 Maxmind GeoLite2 Country database. - diff --git a/changes/geoip6-november2014 b/changes/geoip6-november2014 deleted file mode 100644 index e91fcc0d3b..0000000000 --- a/changes/geoip6-november2014 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update geoip6 to the November 15 2014 Maxmind GeoLite2 Country database. - diff --git a/changes/longclaw-ipv6 b/changes/longclaw-ipv6 new file mode 100644 index 0000000000..75899c9d07 --- /dev/null +++ b/changes/longclaw-ipv6 @@ -0,0 +1,6 @@ + o Minor features (directory authorities): + - Remove longclaw's IPv6 address, as it will soon change. + Authority IPv6 addresses were originally added in 0.2.8.1-alpha. + This leaves 3/8 directory authorities with IPv6 addresses, but there + are also 52 fallback directory mirrors with IPv6 addresses. + Resolves 19760. diff --git a/changes/memarea_overflow b/changes/memarea_overflow new file mode 100644 index 0000000000..8fdc38cc09 --- /dev/null +++ b/changes/memarea_overflow @@ -0,0 +1,7 @@ + o Minor bugfixes (pointer arithmetic): + - Fix a bug in memarea_alloc() that could have resulted in remote heap + write access, if Tor had ever passed an unchecked size to + memarea_alloc(). Fortunately, all the sizes we pass to memarea_alloc() + are pre-checked to be less than 128 kilobytes. Fixes bug 19150; bugfix + on 0.2.1.1-alpha. Bug found by Guido Vranken. + diff --git a/changes/test.h_msvc b/changes/test.h_msvc deleted file mode 100644 index 3afbc13aaa..0000000000 --- a/changes/test.h_msvc +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (compilation): - - Fix compilation of test.h with MSVC. Patch from Gisle Vanem; - bugfix on 0.2.5.5-alpha. diff --git a/changes/ticket12688 b/changes/ticket12688 deleted file mode 100644 index 88228e5506..0000000000 --- a/changes/ticket12688 +++ /dev/null @@ -1,6 +0,0 @@ - Major features: - - Make the number of entry guards configurable via a new - NumEntryGuards consensus parameter, and the number of directory - guards configurable via a new NumDirectoryGuards consensus - parameter. Implements ticket 12688. - diff --git a/changes/ticket12690 b/changes/ticket12690 deleted file mode 100644 index 5091883602..0000000000 --- a/changes/ticket12690 +++ /dev/null @@ -1,9 +0,0 @@ - o Minor features: - - Authorities now assign the Guard flag to the fastest 25% of the - network (it used to be the fastest 50%). Also raise the consensus - weight that guarantees the Guard flag from 250 to 2000. For the - current network, this results in about 1100 guards, down from 2500. - This step paves the way for moving the number of entry guards - down to 1 (proposal 236) while still providing reasonable expected - performance for most users. Implements ticket 12690. - diff --git a/changes/ticket13036 b/changes/ticket13036 deleted file mode 100644 index 1b4784358a..0000000000 --- a/changes/ticket13036 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - Fix a large number of false positive warnings from the clang - analyzer static analysis tool. This should make real warnings - easier for clang analyzer to find. Patch from "teor". Closes - ticket 13036. diff --git a/changes/ticket14128 b/changes/ticket14128 deleted file mode 100644 index 38b25fa7dc..0000000000 --- a/changes/ticket14128 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features (controller): - - New "GETINFO bw-event-cache" to get information about recent bandwidth - events. Closes ticket 14128. Useful for controllers to get recent - bandwidth history after the fix for 13988. - diff --git a/changes/ticket14487 b/changes/ticket14487 deleted file mode 100644 index 577337ff24..0000000000 --- a/changes/ticket14487 +++ /dev/null @@ -1,3 +0,0 @@ - o Directory authority IP change: - - The directory authority Faravahar has a new IP address. Closes - ticket 14487. diff --git a/changes/ticket19071-19480 b/changes/ticket19071-19480 new file mode 100644 index 0000000000..ab5c72a2d1 --- /dev/null +++ b/changes/ticket19071-19480 @@ -0,0 +1,13 @@ + o Minor bugfixes (fallback directory selection): + - Avoid errors during fallback selection if there are no eligible + fallbacks. Fixes bug 19480; bugfix on ba76910 and 78ec782 in + 0.2.8.3-alpha. Patch by teor. + o Minor features (fallback directory list): + - Update hard-coded fallback list to remove unsuitable fallbacks. + Resolves ticket 19071. Patch by teor. + - Add a comment to the generated list that explains how to comment-out + unsuitable fallbacks in a way that's compatible with the stem fallback + parser. + - Update fallback whitelist and blacklist based on relay operator + emails. Blacklist unsuitable fallbacks. Resolves ticket 19071. + Patch by teor. diff --git a/changes/ticket20170-v3 b/changes/ticket20170-v3 new file mode 100644 index 0000000000..d634e72053 --- /dev/null +++ b/changes/ticket20170-v3 @@ -0,0 +1,5 @@ + o Minor features (fallback directory list): + - Replace the 81 remaining fallbacks of the 100 originally introduced + in Tor 0.2.8.3-alpha in March 2016, with a list of 177 fallbacks + (123 new, 54 existing, 27 removed) generated in December 2016. + Resolves ticket 20170. diff --git a/changes/ticket21564 b/changes/ticket21564 new file mode 100644 index 0000000000..7e01f41f8f --- /dev/null +++ b/changes/ticket21564 @@ -0,0 +1,6 @@ + o Minor features (fallback directory list): + - Replace the 177 fallbacks originally introduced in Tor 0.2.9.8 in + December 2016 (of which ~126 were still functional), with a list of + 151 fallbacks (32 new, 119 existing, 58 removed) generated in + May 2017. + Resolves ticket 21564. diff --git a/changes/trove-2017-008 b/changes/trove-2017-008 new file mode 100644 index 0000000000..4b9c5b0a12 --- /dev/null +++ b/changes/trove-2017-008 @@ -0,0 +1,5 @@ + o Major bugfixes (security, hidden services, loggging): + - Fix a bug where we could log uninitialized stack when a certain + hidden service error occurred while SafeLogging was disabled. + Fixes bug #23490; bugfix on 0.2.7.2-alpha. + This is also tracked as TROVE-2017-008 and CVE-2017-0380. |