diff options
Diffstat (limited to 'changes')
94 files changed, 208 insertions, 271 deletions
diff --git a/changes/19974 b/changes/19974 deleted file mode 100644 index 5496143ddf..0000000000 --- a/changes/19974 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (unit tests): - - Fix tolerances in unit tests for monotonic time comparisons between - nanoseconds and microseconds. Previously, we accepted a 10 us - difference only, which is not realistic on every platform's - clock_gettime(). Fixes bug 19974; bugfix on 0.2.9.1-alpha. diff --git a/changes/20460 b/changes/20460 deleted file mode 100644 index 9fbb4a7986..0000000000 --- a/changes/20460 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (testing): - - Use ECDHE ciphers instead of ECDH in tortls tests. LibreSSL has - removed the ECDH ciphers which caused the tests to fail on - platforms which use it. Fixes bug 20460; bugfix on 0.2.8.1-alpha. diff --git a/changes/20492 b/changes/20492 deleted file mode 100644 index fdcd4d0b4b..0000000000 --- a/changes/20492 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfix (build): - - The current Git revision when building from a local repository is now - detected correctly when using git worktrees. Fixes bug 20492; bugfix on - 0.2.3.9-alpha. diff --git a/changes/21359 b/changes/21359 deleted file mode 100644 index cc9b377d52..0000000000 --- a/changes/21359 +++ /dev/null @@ -1,8 +0,0 @@ - - o Minor features (portability, compilationc) - - Support building with recent LibreSSL code that uses opaque - structures. Closes ticket 21359. - - Autoconf now check to determine if OpenSSL - structures are opaque, instead of explicitly checking for - OpenSSL version numbers. - Part of ticket 21359. diff --git a/changes/bug19025 b/changes/bug19025 deleted file mode 100644 index 0f365f52ba..0000000000 --- a/changes/bug19025 +++ /dev/null @@ -1,4 +0,0 @@ - o Major bugfixes (DNS): - - Fix a bug that prevented exit nodes from caching DNS records for more - than 60 seconds. - Fixes bug 19025; bugfix on 0.2.4.7-alpha. diff --git a/changes/bug19869 b/changes/bug19869 deleted file mode 100644 index 430048f161..0000000000 --- a/changes/bug19869 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (DNSPort): - - On DNSPort, stop logging a BUG warning on a failed hostname lookup. - Fixes bug 19869; bugfix on 0.2.9.1-alpha. - diff --git a/changes/bug19926_029_info b/changes/bug19926_029_info deleted file mode 100644 index 93fd81b6cb..0000000000 --- a/changes/bug19926_029_info +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (logging): - - Downgrade a harmless log message about the pending_entry_connections - list from "warn" to "info". Mitigates bug 19926. diff --git a/changes/bug19960 b/changes/bug19960 deleted file mode 100644 index 5d655859a6..0000000000 --- a/changes/bug19960 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (netbsd, unit tests): - - Stop expecting NetBSD unit tests to report success for ipfw; - on NetBSD, it's only pf that's supported. - Part of a fix for bug 19960; bugfix on 0.2.9.5-alpha. diff --git a/changes/bug19968 b/changes/bug19968 deleted file mode 100644 index b285706e70..0000000000 --- a/changes/bug19968 +++ /dev/null @@ -1,11 +0,0 @@ - o Minor bugfixes (relay): - - Do not try to parallelize workers more than 16x without the - user explicitly configuring us to do so, even if we do detect more than - 16 CPU cores. Fixes bug 19968; bugfix on - 0.2.3.1-alpha. - - - o Minor bugfixes (testing): - - Avoid a unit test failure on systems with over 16 detectable - CPU cores. Fixes bug 19968; bugfix on - 0.2.3.1-alpha. diff --git a/changes/bug19969 b/changes/bug19969 deleted file mode 100644 index c760c6de03..0000000000 --- a/changes/bug19969 +++ /dev/null @@ -1,10 +0,0 @@ - o Major bugfixes (client performance): - - Clients now respond to new application stream requests when - they arrive, rather than waiting up to one second before starting - to handle them. Fixes part of bug 19969; bugfix on 0.2.8.1-alpha. - - o Major bugfixes (clients on flaky network connections): - - When Tor leaves standby because of a new application request, open - circuits as needed to serve that request. Previously, we would - potentially wait a very long time. Fixes part of bug 19969; bugfix - on 0.2.8.1-alpha. diff --git a/changes/bug20085 b/changes/bug20085 deleted file mode 100644 index fd10e7eeeb..0000000000 --- a/changes/bug20085 +++ /dev/null @@ -1,4 +0,0 @@ - o Documentation: - - Correct the minimum bandwidth value in torrc.sample, and queue a - corresponding change for torrc.minimal. Closes ticket 20085. - diff --git a/changes/bug20235 b/changes/bug20235 deleted file mode 100644 index 54026a8943..0000000000 --- a/changes/bug20235 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (compatibility): - - Work around a bug in the OSX 10.12 SDK that would prevent us - from successfully targetting earlier versions of OSX. - Resolves ticket 20235. diff --git a/changes/bug20270 b/changes/bug20270 new file mode 100644 index 0000000000..d538a358dc --- /dev/null +++ b/changes/bug20270 @@ -0,0 +1,6 @@ + o Minor bugfixes (directory authority): + - When rejecting a router descriptor because the relay is running an + obsolete version of Tor without ntor support, warn about the obsolete + tor version, not the missing ntor key. Fixes bug 20270; + bugfix on 0.2.9.3-alpha. + diff --git a/changes/bug20306_029 b/changes/bug20306_029 deleted file mode 100644 index ada2676b2b..0000000000 --- a/changes/bug20306_029 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (fascistfirewall): - - Avoid spurious warnings when ReachableAddresses or FascistFirewall - is set. Fixes bug 20306; bugfix on 0.2.8.2-alpha. - diff --git a/changes/bug20307 b/changes/bug20307 deleted file mode 100644 index 9112c9c78d..0000000000 --- a/changes/bug20307 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes (circuit, hidden service) - - When closing a circuit, the reason for doing so was assigned from an int - value to a uint16_t which is quite a problem for negative values that are - our internal reasons (ex: END_CIRC_REASON_IP_NOW_REDUNDANT). On the HS - side, this was causing introduction points to be flagged as unusable - because the reason wasn't the right one due to the bad conversion. - Partially fixes bug 21056 and fixes bug 20307; Bugfix on 0.2.8.1-alpha. diff --git a/changes/bug20401 b/changes/bug20401 deleted file mode 100644 index 85ab3c7322..0000000000 --- a/changes/bug20401 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (relay): - - Avoid a small memory leak when informing worker threads about rotated - onion keys. Fixes bug 20401; bugfix on 0.2.6.3-alpha. - diff --git a/changes/bug20423 b/changes/bug20423 deleted file mode 100644 index 32bdc3f081..0000000000 --- a/changes/bug20423 +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfixes: - - For relays that don't know their own address, avoid attempting - a local hostname resolve for each descriptor we download. Also cut - down on the number of "Success: chose address 'x.x.x.x'" log lines. - Fixes bugs 20423 and 20610; bugfix on 0.2.8.1-alpha. - diff --git a/changes/bug20472 b/changes/bug20472 deleted file mode 100644 index 4d90c39f5b..0000000000 --- a/changes/bug20472 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (circuits): - - Remove a BUG warning in circuit_pick_extend_handshake. Instead, assume - all nodes support EXTEND2. Use ntor whenever a key is available. - Fixes bug 20472; bugfix on 0.2.9.3-alpha. - diff --git a/changes/bug20484 b/changes/bug20484 deleted file mode 100644 index 9a0b95cb39..0000000000 --- a/changes/bug20484 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (single onion services): - - Start correctly when creating a single onion service in a - directory that did not previously exist. Fixes bug 20484; bugfix on - 0.2.9.3-alpha. - diff --git a/changes/bug20487 b/changes/bug20487 deleted file mode 100644 index 4435f14a95..0000000000 --- a/changes/bug20487 +++ /dev/null @@ -1,4 +0,0 @@ - o Documentation: - - Clarify that setting HiddenServiceNonAnonymousMode requires - you to also set "SOCKSPort 0". Fixes bug 20487; bugfix on - 0.2.9.3-alpha. diff --git a/changes/bug20529 b/changes/bug20529 deleted file mode 100644 index 276be5b2b6..0000000000 --- a/changes/bug20529 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (hidden services): - - When configuring hidden services, check every hidden service directory's - permissions. Previously, we only checked the last hidden service. - Fixes bug 20529; bugfix on 13942 commit 85bfad1 in 0.2.6.2-alpha. diff --git a/changes/bug20533 b/changes/bug20533 deleted file mode 100644 index 7d1a456328..0000000000 --- a/changes/bug20533 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes (consensus downloads): - - If a consensus expires while we are waiting for certificates to download, - stop waiting for certificates. - - If we stop waiting for certificates less than a minute after we started - downloading them, do not consider the certificate download failure a - separate failure. - Fixes bug 20533; bugfix on commit e0204f21 in 0.2.0.9-alpha. diff --git a/changes/bug20534 b/changes/bug20534 deleted file mode 100644 index 49db433a01..0000000000 --- a/changes/bug20534 +++ /dev/null @@ -1,8 +0,0 @@ - o Minor bugfixes (directory download scheduling): - - Remove the maximum delay on exponential-backoff scheduling. - Since we now allow an infinite number of failures (see ticket - 20536), we must now allow the time to grow longer on each failure. - Fixes part of bug 20534; bugfix on 0.2.9.1-alpha. - - Use initial delays and decrements in download scheduling closer to - those from 0.2.8. Fixes another part of bug 20534; bugfix on - 0.2.9.1-alpha. diff --git a/changes/bug20536 b/changes/bug20536 deleted file mode 100644 index 9e0dd164bb..0000000000 --- a/changes/bug20536 +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfixes (download scheduling): - - When using an exponential backoff schedule, do not give up on - dowloading just because we have failed a bunch of times. Since - each delay is longer than the last, retrying indefinitely won't - hurt. Fixes bug 20536; bugfix on 0.2.9.1-alpha. - diff --git a/changes/bug20551 b/changes/bug20551 deleted file mode 100644 index b7ec4ca7cc..0000000000 --- a/changes/bug20551 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (compilation): - - Fix implicit conversion warnings under OpenSSL 1.1. - Fixes bug 20551; bugfix on 0.2.1.1-alpha. diff --git a/changes/bug20553 b/changes/bug20553 deleted file mode 100644 index 12a2780303..0000000000 --- a/changes/bug20553 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (memory leak): - - Work around a memory leak in OpenSSL 1.1 when encoding public keys. - Fixes bug 20553; bugfix on 0.0.2pre8. diff --git a/changes/bug20560 b/changes/bug20560 deleted file mode 100644 index 43d605b296..0000000000 --- a/changes/bug20560 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (portability): - - Run correctly when built on Windows build environments that require - _vcsprintf(). Fixes bug 20560; bugfix on 0.2.2.11-alpha. - diff --git a/changes/bug20587 b/changes/bug20587 deleted file mode 100644 index 341b001363..0000000000 --- a/changes/bug20587 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (download timing): - - When determining when to download a directory object, handle times - after 2038 if the operating system supports that. (Someday this will be - important!) Fixes bug 20587; bugfix on 0.2.8.1-alpha. - diff --git a/changes/bug20588 b/changes/bug20588 deleted file mode 100644 index 832ef81336..0000000000 --- a/changes/bug20588 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (portability): - - Fix compilation with OpenSSL 1.1 and less commonly-used - CPU architectures. Closes ticket 20588. diff --git a/changes/bug20591 b/changes/bug20591 deleted file mode 100644 index deaa738f5e..0000000000 --- a/changes/bug20591 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (relay bootstrap): - - Ensure relays don't make multiple connections during bootstrap. - Fixes bug 20591; bugfix on 0.2.8.1-alpha. diff --git a/changes/bug20593 b/changes/bug20593 deleted file mode 100644 index e9f54d317a..0000000000 --- a/changes/bug20593 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (client directory scheduling): - - Treat "relay too busy to answer request" as a failed request and a - reason to back off on our retry frequency. This is safe now that - exponential backups retry indefinitely, and avoids a bug where we would - reset our download schedule erroneously. - Fixes bug 20593; bugfix on 0.2.9.1-alpha. diff --git a/changes/bug20597 b/changes/bug20597 deleted file mode 100644 index f199b63933..0000000000 --- a/changes/bug20597 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (test networks, exponential backoff): - - When using exponential backoff in test networks, use a lower exponent, - so the delays do not vary as much. This helps test networks bootstrap - consistently. Fixes bug 20597; bugfix on 20499; not in any released - version of tor. diff --git a/changes/bug20613 b/changes/bug20613 deleted file mode 100644 index 19bb61f4e0..0000000000 --- a/changes/bug20613 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (single onion services, Tor2web): - - Stop logging long-term one-hop circuits deliberately created by single - onion services and Tor2web. These log messages are intended to diagnose - issue 8387, which relates to circuits hanging around forever for no - reason. - Fixes bug 20613; bugfix on 0.2.9.1-alpha. Reported by "pastly". diff --git a/changes/bug20634 b/changes/bug20634 deleted file mode 100644 index 62fc9f4787..0000000000 --- a/changes/bug20634 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (unit tests): - - Stop spurious failures in the local interface address discovery unit - tests. Fixes bug 20634; bugfix on 0.2.8.1-alpha; patch by Neel Chauhan. diff --git a/changes/bug20638 b/changes/bug20638 deleted file mode 100644 index 260d7d0a75..0000000000 --- a/changes/bug20638 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (hidden services): - - Stop ignoring hidden service key anonymity when first starting tor. - Instead, refuse to start tor if any hidden service key has been used in - a different hidden service anonymity mode. - Fixes bug 20638; bugfix on 17178 in 0.2.9.3-alpha; reported by ahf. diff --git a/changes/bug20710_025 b/changes/bug20710_025 deleted file mode 100644 index 12bd07536c..0000000000 --- a/changes/bug20710_025 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (memory leak, use-after-free, linux seccomp2 sandbox): - - Fix a memory leak and use-after-free error when removing entries - from the sandbox's getaddrinfo() cache. Fixes bug 20710; bugfix on - 0.2.5.5-alpha. Patch from "cypherpunks". diff --git a/changes/bug20711 b/changes/bug20711 new file mode 100644 index 0000000000..0bc0d94fb1 --- /dev/null +++ b/changes/bug20711 @@ -0,0 +1,7 @@ + o Minor bugfixes (directory mirrors): + - Allow relays to use directory mirrors without a DirPort: these relays + need to be contacted over their ORPorts using a begindir connection. + Fixes bug 20711; bugfix on 0.2.8.2-alpha. + - Clarify the message logged when a remote relay is unexpectedly missing + an ORPort or DirPort: users were confusing this with a local port. + Fixes bug 20711; bugfix on 0.2.8.2-alpha. diff --git a/changes/bug20715 b/changes/bug20715 deleted file mode 100644 index 737a560cec..0000000000 --- a/changes/bug20715 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (memory leak) - - When moving a signed descriptor object from a source to an existing - destination, free the allocated memory inside that destination object. - Bugfix on tor-0.2.8.3-alpha; Closes #20715. diff --git a/changes/bug20716 b/changes/bug20716 deleted file mode 100644 index 37fd6feecf..0000000000 --- a/changes/bug20716 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (client, memory leak): - - Fix a small memory leak when receiving AF_UNIX connections on - a SocksPort. Fixes bug 20716; bugfix on 0.2.6.3-alpha. diff --git a/changes/bug20810 b/changes/bug20810 deleted file mode 100644 index 5420a73175..0000000000 --- a/changes/bug20810 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (relay) - - When computing old Tor protocol line version in protover, we were - looking at 0.2.7.5 twice instead of a specific case for 0.2.9.1-alpha. - Bugfix on tor-0.2.9.4-alpha. diff --git a/changes/bug20864 b/changes/bug20864 deleted file mode 100644 index 7b8c70fad6..0000000000 --- a/changes/bug20864 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (unit tests, hidden services): - - Remove a double-free in the single onion service unit test. Stop - ignoring a return value. Make future changes less error-prone. - Fixes bug 20864; bugfix on 0.2.9.6-rc. diff --git a/changes/bug20875 b/changes/bug20875 deleted file mode 100644 index 6bba2cbc12..0000000000 --- a/changes/bug20875 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (download scheduling) - - Resolve a "bug" warning when considering a download schedule whose - delay had approached INT_MAX. Fixes 20875; bugfix on 0.2.9.5-alpha. - diff --git a/changes/bug20894 b/changes/bug20894 new file mode 100644 index 0000000000..2dbf9b9aa9 --- /dev/null +++ b/changes/bug20894 @@ -0,0 +1,9 @@ + o Major bugfixes (HTTP, parsing): + - When parsing a malformed content-length field from an HTTP message, + do not read off the end of the buffer. This bug was a potential + remote denial-of-service attack against Tor clients and relays. + A workaround was released in October 2016, which prevents this + bug from crashing Tor. This is a fix for the underlying issue, + which should no longer matter (if you applied the earlier patch). + Fixes bug 20894; bugfix on 0.2.0.16-alpha. Bug found by fuzzing + using AFL (http://lcamtuf.coredump.cx/afl/). diff --git a/changes/bug20935 b/changes/bug20935 deleted file mode 100644 index 78068c7c06..0000000000 --- a/changes/bug20935 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (portability): - - Use the correct spelling of MAC_OS_X_VERSION_10_12 on configure.ac - Fixes bug 20935; bugfix on 0.2.9.6-rc. diff --git a/changes/bug21007_case2 b/changes/bug21007_case2 new file mode 100644 index 0000000000..43344449ec --- /dev/null +++ b/changes/bug21007_case2 @@ -0,0 +1,4 @@ + o Minor bugfixes (guards): + - Don't warn about a missing guard state on timeout-measurement + circuits: they aren't supposed to be using guards. Fixes an + instance of bug 21007; bugfix on 0.3.0.1-alpha. diff --git a/changes/bug21018 b/changes/bug21018 deleted file mode 100644 index 49a8b47a25..0000000000 --- a/changes/bug21018 +++ /dev/null @@ -1,11 +0,0 @@ - o Major bugfixes (parsing, security): - - - Fix a bug in parsing that could cause clients to read a single - byte past the end of an allocated region. This bug could be - used to cause hardened clients (built with - --enable-expensive-hardening) to crash if they tried to visit - a hostile hidden service. Non-hardened clients are only - affected depending on the details of their platform's memory - allocator. Fixes bug 21018; bugfix on 0.2.0.8-alpha. Found by - using libFuzzer. Also tracked as TROVE-2016-12-002 and as - CVE-2016-1254. diff --git a/changes/bug21027 b/changes/bug21027 new file mode 100644 index 0000000000..d20df876fa --- /dev/null +++ b/changes/bug21027 @@ -0,0 +1,8 @@ + o Major bugfixes (bridges): + + - When the same bridge is configured multiple times at different + address:port combinations (but with the same identity), treat + those bridge instances as separate guards. This allows clients to + configure the same bridge with multiple pluggable transports, once + again. Fixes bug 21027; bugfix on 0.3.0.1-alpha. + diff --git a/changes/bug21035 b/changes/bug21035 deleted file mode 100644 index bbf3340787..0000000000 --- a/changes/bug21035 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (portability): - - Avoid crashing when Tor is built using headers that contain - CLOCK_MONOTONIC_COARSE, but then tries to run on an older kernel - without CLOCK_MONOTONIC_COARSE. Fixes bug 21035; bugfix on - 0.2.9.1-alpha. - diff --git a/changes/bug21051 b/changes/bug21051 deleted file mode 100644 index 8bb4f80c8e..0000000000 --- a/changes/bug21051 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (compilation): - - Fix Libevent detection on platforms without Libevent 1 headers - installed. Fixes bug 21051; bugfix on 0.2.9.1-alpha. diff --git a/changes/bug21108_029 b/changes/bug21108_029 deleted file mode 100644 index 3a3f004fc6..0000000000 --- a/changes/bug21108_029 +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfixes (directory authority): - - During voting, when marking a node as a probable sybil, do not - clear its BadExit flag: sybils can still be bad in other ways - too. (We still clear the other flags.) Fixes bug 21108; bugfix - on 0.2.0.13-alpha. - diff --git a/changes/bug21116 b/changes/bug21116 new file mode 100644 index 0000000000..2304ab0fd6 --- /dev/null +++ b/changes/bug21116 @@ -0,0 +1,3 @@ + o Minor bugfixes (test): + - Fix Raspbian build missing socket errno in test util. Fixes bug 21116.; + bugfix on tor-0.2.8.2. Patch by "hein". diff --git a/changes/bug21280 b/changes/bug21280 deleted file mode 100644 index e9f0bc174c..0000000000 --- a/changes/bug21280 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (tor-resolve): - - The tor-resolve command line tool now rejects hostnames over 255 - characters in length. Previously, it would silently truncate - them, which could lead to bugs. Fixes bug 21280; bugfix on 0.0.9pre5. - Patch by "junglefowl". diff --git a/changes/bug21357 b/changes/bug21357 deleted file mode 100644 index a1cb43a78a..0000000000 --- a/changes/bug21357 +++ /dev/null @@ -1,7 +0,0 @@ - o Major bugfixes (IPv6 Exits): - - Stop rejecting all IPv6 traffic on Exits whose exit policy rejects IPv6 - addresses. Instead, only reject a port over IPv6 if the exit policy - rejects that port on more than an IPv6 /16 of addresses. This bug was - made worse by 17027 in 0.2.8.1-alpha, which rejects a relay's own IPv6 - address by default. - Fixes bug 21357; bugfix on commit 004f3f4e53 in 0.2.4.7-alpha. diff --git a/changes/bug21369_check b/changes/bug21369_check new file mode 100644 index 0000000000..2cd808c9b6 --- /dev/null +++ b/changes/bug21369_check @@ -0,0 +1,3 @@ + o Minor features (reliability, crash): + - Try better to detect problems in buffers where they might grow (or + think they have grown) over 2 GB in size. Diagnostic for bug 21369. diff --git a/changes/bug21415 b/changes/bug21415 new file mode 100644 index 0000000000..f0aa72f81f --- /dev/null +++ b/changes/bug21415 @@ -0,0 +1,4 @@ + o Minor bugfix (entry guards): + - Silence a BUG() warning when attempting to use a guard whose descriptor + we don't know and make this scenario more unlikely to happen. Fixes bug + 21415; bugfix on 0.3.0.1-alpha. diff --git a/changes/bug21420 b/changes/bug21420 new file mode 100644 index 0000000000..014404466a --- /dev/null +++ b/changes/bug21420 @@ -0,0 +1,3 @@ + o Minor bugfixes (certificate expiration time): + - Avoid using link certificates that don't become valid till + some time in the future. Fixes bug 21420; bugfix on 0.2.4.11-alpha diff --git a/changes/bug21447 b/changes/bug21447 new file mode 100644 index 0000000000..c025b92313 --- /dev/null +++ b/changes/bug21447 @@ -0,0 +1,4 @@ + o Minor bugfixes (testing): + - Rename "make fuzz" to "make test-fuzz-corpora", since it doesn't + actually fuzz anything. Fixes bug 21447; bugfix on 0.3.0.3-alpha. + diff --git a/changes/bug21471 b/changes/bug21471 new file mode 100644 index 0000000000..684035b19c --- /dev/null +++ b/changes/bug21471 @@ -0,0 +1,5 @@ + o Major bugfixes (hidden service directory v3): + - When a descriptor lookup was done and it was not found in the directory + cache, it would crash on a NULL pointer instead of returning the 404 + code back to the client like it was suppose to. Fixes bug 21471.; + bugfixes on tor-0.3.0.1-alpha. diff --git a/changes/bug21472 b/changes/bug21472 new file mode 100644 index 0000000000..f31ec9157e --- /dev/null +++ b/changes/bug21472 @@ -0,0 +1,3 @@ + o Documentation: + - Small fixes to the fuzzing documentation. Closes ticket + 21472. diff --git a/changes/bug21492 b/changes/bug21492 new file mode 100644 index 0000000000..2ed7947771 --- /dev/null +++ b/changes/bug21492 @@ -0,0 +1,5 @@ + o Minor bugfixes (correctness): + - Remove a redundant check for the UseEntryGuards option from the + options_transition_affects_guards() function. Fixes bug 21492; + bugfix on 0.3.0.1-alpha. + diff --git a/changes/bug21553 b/changes/bug21553 new file mode 100644 index 0000000000..6ffa3e29a2 --- /dev/null +++ b/changes/bug21553 @@ -0,0 +1,7 @@ + o Minor bugfixes (hidden service): + - When encoding a legacy ESTABLISH_INTRO cell, we were using the sizeof() + on a pointer instead of real size of the destination buffer leading to + an overflow passing an enormous value to the signing digest function. + Fortunately, that value was only used to make sure the destination + buffer length was big enough for the key size and in this case it was. + Fixes bug 21553; bugfix on tor-0.3.0.1-alpha. diff --git a/changes/bug21562 b/changes/bug21562 new file mode 100644 index 0000000000..48396a00e7 --- /dev/null +++ b/changes/bug21562 @@ -0,0 +1,4 @@ + o Minor bugfixes (testing): + - Use bash in src/test/test-network.sh. This ensures we reliably call + chutney's newer tools/test-network.sh when available. + Fixes bug 21562; bugfix on tor-0.2.9.1-alpha. diff --git a/changes/bug21581 b/changes/bug21581 new file mode 100644 index 0000000000..1077719856 --- /dev/null +++ b/changes/bug21581 @@ -0,0 +1,5 @@ + o Minor bugfixes (testing): + - Restore support for test-network.sh on BSD and other systems without + bash. (But use bash if it's available.) This is a workaround until we + remove bash-specific code in 19699. + Fixes bug 21581; bugfix on 21562, not in any released version of tor. diff --git a/changes/bug21594 b/changes/bug21594 new file mode 100644 index 0000000000..e624d1226d --- /dev/null +++ b/changes/bug21594 @@ -0,0 +1,5 @@ + o Minor bugfixes (hidden services): + - Make hidden services with 8 to 10 introduction points check for failed + circuits immediately after startup. Previously, they would wait for 5 + minutes before performing their first checks. Fixes bug 21594; bugfix on + commit 190aac0eab9 in Tor 0.2.3.9-alpha. Reported by alecmuffett. diff --git a/changes/bug21596 b/changes/bug21596 new file mode 100644 index 0000000000..ec0a46bb81 --- /dev/null +++ b/changes/bug21596 @@ -0,0 +1,5 @@ + o Minor bugfixes (hidden services): + - Make hidden services check for failed intro point connections, even when + they have exceeded their intro point creation limit. Fixes bug 21596; + bugfix on commit d67bf8b2f23 in Tor 0.2.7.2-alpha. Reported by + alecmuffett. diff --git a/changes/bug21682 b/changes/bug21682 new file mode 100644 index 0000000000..ab7126e4d6 --- /dev/null +++ b/changes/bug21682 @@ -0,0 +1,3 @@ + o Minor bugfixes (memory leaks): + - Fix a memory leak when using GETCONF on a port option. + Fixes bug 21682; bugfix on 0.3.0.3-alpha. diff --git a/changes/bug21720 b/changes/bug21720 new file mode 100644 index 0000000000..6d2fbcf711 --- /dev/null +++ b/changes/bug21720 @@ -0,0 +1,5 @@ + o Documentation: + - Update the description of the directory server options in the manual + page, to clarify that DirPort is no longer necessary to be a directory + cache. Closes ticket 21720. + diff --git a/changes/bug21771 b/changes/bug21771 new file mode 100644 index 0000000000..f814c75c0b --- /dev/null +++ b/changes/bug21771 @@ -0,0 +1,5 @@ + o Minor bugfixes (guard selection): + - Fix a guard selection bug where Tor would refuse to bootstrap in some + cases if the user swapped a bridge for another bridge in their + configuration file. + Fixes bug 21771; bugfix on 0.3.0.1-alpha. Reported by "torvlnt33r". diff --git a/changes/bug21799 b/changes/bug21799 new file mode 100644 index 0000000000..ee2e904a35 --- /dev/null +++ b/changes/bug21799 @@ -0,0 +1,6 @@ + o Minor bugfixes (tests): + - Run the entry_guard_parse_from_state_full test with the time set + to a specific date. (The guard state that this test was parsing + contained guards that had expired since the test was first + written.) Fixes bug 21799; bugfix on 0.3.0.1-alpha. + diff --git a/changes/bug21825 b/changes/bug21825 new file mode 100644 index 0000000000..8f14b32f84 --- /dev/null +++ b/changes/bug21825 @@ -0,0 +1,6 @@ + o Minor bugfix (compilation): + - Functions in hs_service.c was only compiled for unit test making the + created object (.o) contain no symbols in src/or/libor.a resulting in a + compilation warning from clang. We now expose those functions for the + unit tests. This will be changed in 0.3.2 release. Fixes bug 21825.; + bugfix on tor-0.3.0.1-alpha. diff --git a/changes/bug21894_029 b/changes/bug21894_029 new file mode 100644 index 0000000000..e3a84fa721 --- /dev/null +++ b/changes/bug21894_029 @@ -0,0 +1,5 @@ + o Minor bugfixes (crash prevention): + - Fix an (currently untriggerable, but potentially dangerous) crash + bug when base32-encoding inputs whose sizes are not a multiple of + 5. Fixes bug 21894; bugfix on 0.2.9.1-alpha. + diff --git a/changes/bug21969 b/changes/bug21969 new file mode 100644 index 0000000000..9b116fc4cc --- /dev/null +++ b/changes/bug21969 @@ -0,0 +1,3 @@ + o Major bugfixes (entry guards): + - Don't block bootstrapping when a primary bridge is offline and we can't + get its descriptor. Fixes bug 21969; bugfix on 0.3.0.3-alpha. diff --git a/changes/bug22246 b/changes/bug22246 new file mode 100644 index 0000000000..dbdf31a433 --- /dev/null +++ b/changes/bug22246 @@ -0,0 +1,6 @@ + o Major bugfixes (hidden service directory, security): + - Fix an assertion failure in the hidden service directory code, which + could be used by an attacker to remotely cause a Tor relay process to + exit. Relays running earlier versions of Tor 0.3.0.x should upgrade. + This security issue is tracked as tracked as + TROVE-2017-002. Fixes bug 22246; bugfix on 0.3.0.1-alpha. diff --git a/changes/bug22252 b/changes/bug22252 new file mode 100644 index 0000000000..42b9d8e095 --- /dev/null +++ b/changes/bug22252 @@ -0,0 +1,3 @@ + o Minor bugfixes (configuration): + - Do not crash when starting with LearnCircuitBuildTimeout 0. + Fixes bug 22252; bugfix on 0.2.9.3-alpha. diff --git a/changes/bug22400_01 b/changes/bug22400_01 new file mode 100644 index 0000000000..454c5f746f --- /dev/null +++ b/changes/bug22400_01 @@ -0,0 +1,4 @@ + o Major bugfixes (entry guards): + - When starting with an old consensus, do not add new entry guards + unless the consensus is "reasonably live" (under 1 day old). Fixes + one root cause of bug 22400; bugfix on 0.3.0.1-alpha. diff --git a/changes/bug22447 b/changes/bug22447 new file mode 100644 index 0000000000..f5649d633c --- /dev/null +++ b/changes/bug22447 @@ -0,0 +1,3 @@ + o Major bugfixes (hidden service v3): + - HSDir failed to validate the encrypted size of a v3 descriptor and thus + rejecting it. Fixes bug 22447; bugfix on tor-0.3.0.1-alpha. diff --git a/changes/bug22460_case1 b/changes/bug22460_case1 new file mode 100644 index 0000000000..cfe78ad791 --- /dev/null +++ b/changes/bug22460_case1 @@ -0,0 +1,16 @@ + o Major bugfixes (relays, key management): + - Regenerate link and authentication certificates whenever the key that + signs them changes; also, regenerate link certificates whenever the + signed key changes. Previously, these processes were only weakly + coupled, and we relays could (for minutes to hours) wind up with an + inconsistent set of keys and certificates, which other relays + would not accept. Fixes two cases of bug 22460; bugfix on + 0.3.0.1-alpha. + - When sending an Ed25519 signing->link certificate in a CERTS cell, + send the certificate that matches the x509 certificate that we used + on the TLS connection. Previously, there was a race condition if + the TLS context rotated after we began the TLS handshake but + before we sent the CERTS cell. Fixes a case of bug 22460; bugfix + on 0.3.0.1-alpha. + + diff --git a/changes/bug22466_regenerate b/changes/bug22466_regenerate new file mode 100644 index 0000000000..8dbda89c8f --- /dev/null +++ b/changes/bug22466_regenerate @@ -0,0 +1,8 @@ + o Minor bugfixes (link handshake): + - Lower the lifetime of the RSA->Ed25519 cross-certificate to + six months, and regenerate it when it is within one month of expiring. + Previously, we had generated this certificate at startup with + a ten-year lifetime, but that could lead to weird behavior when + Tor was started with a grossly inaccurate clock. Mitigates + bug 22466; mitigation on 0.3.0.1-alpha. + diff --git a/changes/bug22753 b/changes/bug22753 new file mode 100644 index 0000000000..32a6dfa56c --- /dev/null +++ b/changes/bug22753 @@ -0,0 +1,7 @@ + o Major bugfixes (path selection, security): + - When choosing which guard to use for a circuit, avoid the + exit's family along with the exit itself. Previously, the new + guard selection logic avoided the exit, but did not consider + its family. Fixes bug 22753; bugfix on 0.3.0.1-alpha. Tracked + as TROVE-2016-006 and CVE-2017-0377. + diff --git a/changes/bug22803 b/changes/bug22803 new file mode 100644 index 0000000000..80b4b9f589 --- /dev/null +++ b/changes/bug22803 @@ -0,0 +1,3 @@ + o Minor bugfixes (unit tests): + - Fix a memory leak in the link-handshake/certs_ok_ed25519 test. + Fixes bug 22803; bugfix on 0.3.0.1-alpha. diff --git a/changes/bug23078 b/changes/bug23078 new file mode 100644 index 0000000000..67624007cf --- /dev/null +++ b/changes/bug23078 @@ -0,0 +1,7 @@ + o Minor bugfixes (logging, relay): + - Remove a log_warn() that has been forgotten when an introduction point + successfully established a hidden service prop224 circuit with a client. + - Three other log_warn() for an introduction point have been changed to + protocol warning because they can be failure from the network and are + not relevant to the operator. Fixes bug 23078; bugfix on + tor-0.3.0.1-alpha and tor-0.3.0.2-alpha. diff --git a/changes/bug23610 b/changes/bug23610 new file mode 100644 index 0000000000..f2dc8bd1a6 --- /dev/null +++ b/changes/bug23610 @@ -0,0 +1,4 @@ + o Minor bugfixes (hidden service, relay): + - Avoid a possible double close of a circuit by the intro point on error + of sending the INTRO_ESTABLISHED cell. Fixes ticket 23610; bugfix on + 0.3.0.1-alpha. diff --git a/changes/bug23862 b/changes/bug23862 new file mode 100644 index 0000000000..301ce73672 --- /dev/null +++ b/changes/bug23862 @@ -0,0 +1,5 @@ + o Minor bugfixes (entry guards): + - Tor now updates its guard state when it reads a consensus regardless of + whether it's missing descriptors. That makes tor use its primary guards + to fetch descriptors in some edge cases where it would have used fallback + directories in the past. Fixes bug 23862; bugfix on 0.3.0.1-alpha.
\ No newline at end of file diff --git a/changes/feature21570 b/changes/feature21570 new file mode 100644 index 0000000000..40555eefa9 --- /dev/null +++ b/changes/feature21570 @@ -0,0 +1,5 @@ + o Minor features (testing): + - During 'make test-network-all', if tor logs any warnings, ask chutney + to output them. Requires a recent version of chutney with the 21572 + patch. + Implements 21570. diff --git a/changes/geoip-december2016 b/changes/geoip-december2016 deleted file mode 100644 index 60754ea21d..0000000000 --- a/changes/geoip-december2016 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - Update geoip and geoip6 to the December 7 2016 Maxmind GeoLite2 - Country database. - diff --git a/changes/geoip-january2017 b/changes/geoip-january2017 deleted file mode 100644 index 77bc9a5991..0000000000 --- a/changes/geoip-january2017 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (geoip): - - Update geoip and geoip6 to the January 4 2017 Maxmind GeoLite2 - Country database. - diff --git a/changes/geoip-november2016 b/changes/geoip-november2016 deleted file mode 100644 index b3f9913bb1..0000000000 --- a/changes/geoip-november2016 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (ge0oip): - - Update geoip and geoip6 to the November 3 2016 Maxmind GeoLite2 - Country database. - diff --git a/changes/more_module_docs b/changes/more_module_docs deleted file mode 100644 index 0066ddfcf0..0000000000 --- a/changes/more_module_docs +++ /dev/null @@ -1,4 +0,0 @@ - o Documentation: - - Module-level documentation for several more modules. Closes tickets - 19287 and - 19290. diff --git a/changes/ticket19769 b/changes/ticket19769 deleted file mode 100644 index 9fc05c3e9e..0000000000 --- a/changes/ticket19769 +++ /dev/null @@ -1,7 +0,0 @@ - o Major features (security): - - Change the algorithm used to decide DNS TTLs on client and server side, - to better resist DNS-based correlation attacks like the DefecTor attack - of Greschbach, Pulls, Roberts, Winter, and Feamster). Now - relays only return one of two possible DNS TTL values, and clients - are willing to believe DNS TTL values up to 3 hours long. - Closes ticket 19769. diff --git a/changes/ticket20170-v3 b/changes/ticket20170-v3 deleted file mode 100644 index d634e72053..0000000000 --- a/changes/ticket20170-v3 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features (fallback directory list): - - Replace the 81 remaining fallbacks of the 100 originally introduced - in Tor 0.2.8.3-alpha in March 2016, with a list of 177 fallbacks - (123 new, 54 existing, 27 removed) generated in December 2016. - Resolves ticket 20170. diff --git a/changes/ticket20656 b/changes/ticket20656 new file mode 100644 index 0000000000..28192e8978 --- /dev/null +++ b/changes/ticket20656 @@ -0,0 +1,3 @@ + o Minor feature (protover): + - Add new protocol version for proposal 224. HSIntro now advertises + version "3-4" and HSDir version "1-2". Fixes ticket 20656. diff --git a/changes/trove-2017-001 b/changes/trove-2017-001 deleted file mode 100644 index 5187e6d5f1..0000000000 --- a/changes/trove-2017-001 +++ /dev/null @@ -1,8 +0,0 @@ - o Major bugfixes (security): - - Downgrade the "-ftrapv" option from "always on" to "only on when - --enable-expensive-hardening is provided." This hardening option, like - others, can turn survivable bugs into crashes--and having it on by - default made a (relatively harmless) integer overflow bug into a - denial-of-service bug. Fixes bug 21278 (TROVE-2017-001); bugfix on - 0.2.9.1-alpha. - diff --git a/changes/trove-2017-004 b/changes/trove-2017-004 new file mode 100644 index 0000000000..af1567f220 --- /dev/null +++ b/changes/trove-2017-004 @@ -0,0 +1,6 @@ + o Major bugfixes (hidden service, relay, security): + - Fix an assertion failure when a hidden service handles a + malformed BEGIN cell. This bug resulted in the service crashing + triggered by a tor_assert(). Fixes bug 22493, tracked as + TROVE-2017-004 and as CVE-2017-0375; bugfix on 0.3.0.1-alpha. + Found by armadev. diff --git a/changes/trove-2017-012-part2 b/changes/trove-2017-012-part2 new file mode 100644 index 0000000000..ed994c5b02 --- /dev/null +++ b/changes/trove-2017-012-part2 @@ -0,0 +1,5 @@ + o Major bugfixes (security, relay): + - When running as a relay, make sure that we never ever choose ourselves + as a guard. Previously, this was possible. Fixes part of bug 21534; + bugfix on 0.3.0.1-alpha. This issue is also tracked as TROVE-2017-012 + and CVE-2017-8822. |