diff options
Diffstat (limited to 'changes')
145 files changed, 324 insertions, 391 deletions
diff --git a/changes/19974 b/changes/19974 deleted file mode 100644 index 5496143ddf..0000000000 --- a/changes/19974 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (unit tests): - - Fix tolerances in unit tests for monotonic time comparisons between - nanoseconds and microseconds. Previously, we accepted a 10 us - difference only, which is not realistic on every platform's - clock_gettime(). Fixes bug 19974; bugfix on 0.2.9.1-alpha. diff --git a/changes/20460 b/changes/20460 deleted file mode 100644 index 9fbb4a7986..0000000000 --- a/changes/20460 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (testing): - - Use ECDHE ciphers instead of ECDH in tortls tests. LibreSSL has - removed the ECDH ciphers which caused the tests to fail on - platforms which use it. Fixes bug 20460; bugfix on 0.2.8.1-alpha. diff --git a/changes/20492 b/changes/20492 deleted file mode 100644 index fdcd4d0b4b..0000000000 --- a/changes/20492 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfix (build): - - The current Git revision when building from a local repository is now - detected correctly when using git worktrees. Fixes bug 20492; bugfix on - 0.2.3.9-alpha. diff --git a/changes/21359 b/changes/21359 deleted file mode 100644 index cc9b377d52..0000000000 --- a/changes/21359 +++ /dev/null @@ -1,8 +0,0 @@ - - o Minor features (portability, compilationc) - - Support building with recent LibreSSL code that uses opaque - structures. Closes ticket 21359. - - Autoconf now check to determine if OpenSSL - structures are opaque, instead of explicitly checking for - OpenSSL version numbers. - Part of ticket 21359. diff --git a/changes/bug16082 b/changes/bug16082 new file mode 100644 index 0000000000..0f2f04fb35 --- /dev/null +++ b/changes/bug16082 @@ -0,0 +1,4 @@ + o Documentation: + - Correctly note that bandwidth accounting values are stored in the + state file, and the bw_accounting file is now obsolete. Closes + ticket 16082. diff --git a/changes/bug17857 b/changes/bug17857 new file mode 100644 index 0000000000..6c88638231 --- /dev/null +++ b/changes/bug17857 @@ -0,0 +1,6 @@ + o Minor features (defensive programming): + - Create a pair of consensus parameters nf_pad_tor2web and + nf_pad_single_onion that allow us to disable netflow padding in the + consensus for non-anonymous connections, in case the overhead is high. + Closes #17857. + diff --git a/changes/bug18100 b/changes/bug18100 deleted file mode 100644 index cd3ba2c977..0000000000 --- a/changes/bug18100 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes (linux TPROXY support): - - Fix a typo that had prevented TPROXY-based transparent proxying from - working under Linux. Fixes bug 18100; bugfix on 0.2.6.3-alpha. - Patch from "d4fq0fQAgoJ". - diff --git a/changes/bug19025 b/changes/bug19025 deleted file mode 100644 index 0f365f52ba..0000000000 --- a/changes/bug19025 +++ /dev/null @@ -1,4 +0,0 @@ - o Major bugfixes (DNS): - - Fix a bug that prevented exit nodes from caching DNS records for more - than 60 seconds. - Fixes bug 19025; bugfix on 0.2.4.7-alpha. diff --git a/changes/bug19418 b/changes/bug19418 new file mode 100644 index 0000000000..fb5f6ad5df --- /dev/null +++ b/changes/bug19418 @@ -0,0 +1,7 @@ + o Minor bugfixes (robustness, error handling): + - Improve our handling of the cases where OpenSSL encounters a + memory error while encoding keys and certificates. We haven't + observed these happening in the wild, but if they do happen, + we now detect and respond better. Fixes bug 19418; bugfix + on all versions of Tor. Reported by Guido Vranken. + diff --git a/changes/bug19869 b/changes/bug19869 deleted file mode 100644 index 430048f161..0000000000 --- a/changes/bug19869 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (DNSPort): - - On DNSPort, stop logging a BUG warning on a failed hostname lookup. - Fixes bug 19869; bugfix on 0.2.9.1-alpha. - diff --git a/changes/bug19926_029_info b/changes/bug19926_029_info deleted file mode 100644 index 93fd81b6cb..0000000000 --- a/changes/bug19926_029_info +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (logging): - - Downgrade a harmless log message about the pending_entry_connections - list from "warn" to "info". Mitigates bug 19926. diff --git a/changes/bug19960 b/changes/bug19960 deleted file mode 100644 index 5d655859a6..0000000000 --- a/changes/bug19960 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (netbsd, unit tests): - - Stop expecting NetBSD unit tests to report success for ipfw; - on NetBSD, it's only pf that's supported. - Part of a fix for bug 19960; bugfix on 0.2.9.5-alpha. diff --git a/changes/bug19968 b/changes/bug19968 deleted file mode 100644 index b285706e70..0000000000 --- a/changes/bug19968 +++ /dev/null @@ -1,11 +0,0 @@ - o Minor bugfixes (relay): - - Do not try to parallelize workers more than 16x without the - user explicitly configuring us to do so, even if we do detect more than - 16 CPU cores. Fixes bug 19968; bugfix on - 0.2.3.1-alpha. - - - o Minor bugfixes (testing): - - Avoid a unit test failure on systems with over 16 detectable - CPU cores. Fixes bug 19968; bugfix on - 0.2.3.1-alpha. diff --git a/changes/bug19969 b/changes/bug19969 deleted file mode 100644 index c760c6de03..0000000000 --- a/changes/bug19969 +++ /dev/null @@ -1,10 +0,0 @@ - o Major bugfixes (client performance): - - Clients now respond to new application stream requests when - they arrive, rather than waiting up to one second before starting - to handle them. Fixes part of bug 19969; bugfix on 0.2.8.1-alpha. - - o Major bugfixes (clients on flaky network connections): - - When Tor leaves standby because of a new application request, open - circuits as needed to serve that request. Previously, we would - potentially wait a very long time. Fixes part of bug 19969; bugfix - on 0.2.8.1-alpha. diff --git a/changes/bug20059 b/changes/bug20059 deleted file mode 100644 index 091fab06d1..0000000000 --- a/changes/bug20059 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (relay): - - Avoid a double-marked-circuit warning that can happen when we receive - DESTROY cells under heavy load. Fixes bug 20059; bugfix on 0.1.0.1-rc. diff --git a/changes/bug20085 b/changes/bug20085 deleted file mode 100644 index fd10e7eeeb..0000000000 --- a/changes/bug20085 +++ /dev/null @@ -1,4 +0,0 @@ - o Documentation: - - Correct the minimum bandwidth value in torrc.sample, and queue a - corresponding change for torrc.minimal. Closes ticket 20085. - diff --git a/changes/bug20235 b/changes/bug20235 deleted file mode 100644 index 54026a8943..0000000000 --- a/changes/bug20235 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (compatibility): - - Work around a bug in the OSX 10.12 SDK that would prevent us - from successfully targetting earlier versions of OSX. - Resolves ticket 20235. diff --git a/changes/bug20306_029 b/changes/bug20306_029 deleted file mode 100644 index ada2676b2b..0000000000 --- a/changes/bug20306_029 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (fascistfirewall): - - Avoid spurious warnings when ReachableAddresses or FascistFirewall - is set. Fixes bug 20306; bugfix on 0.2.8.2-alpha. - diff --git a/changes/bug20307 b/changes/bug20307 deleted file mode 100644 index 9112c9c78d..0000000000 --- a/changes/bug20307 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes (circuit, hidden service) - - When closing a circuit, the reason for doing so was assigned from an int - value to a uint16_t which is quite a problem for negative values that are - our internal reasons (ex: END_CIRC_REASON_IP_NOW_REDUNDANT). On the HS - side, this was causing introduction points to be flagged as unusable - because the reason wasn't the right one due to the bad conversion. - Partially fixes bug 21056 and fixes bug 20307; Bugfix on 0.2.8.1-alpha. diff --git a/changes/bug20401 b/changes/bug20401 deleted file mode 100644 index 85ab3c7322..0000000000 --- a/changes/bug20401 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (relay): - - Avoid a small memory leak when informing worker threads about rotated - onion keys. Fixes bug 20401; bugfix on 0.2.6.3-alpha. - diff --git a/changes/bug20423 b/changes/bug20423 deleted file mode 100644 index 32bdc3f081..0000000000 --- a/changes/bug20423 +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfixes: - - For relays that don't know their own address, avoid attempting - a local hostname resolve for each descriptor we download. Also cut - down on the number of "Success: chose address 'x.x.x.x'" log lines. - Fixes bugs 20423 and 20610; bugfix on 0.2.8.1-alpha. - diff --git a/changes/bug20472 b/changes/bug20472 deleted file mode 100644 index 4d90c39f5b..0000000000 --- a/changes/bug20472 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (circuits): - - Remove a BUG warning in circuit_pick_extend_handshake. Instead, assume - all nodes support EXTEND2. Use ntor whenever a key is available. - Fixes bug 20472; bugfix on 0.2.9.3-alpha. - diff --git a/changes/bug20484 b/changes/bug20484 deleted file mode 100644 index 9a0b95cb39..0000000000 --- a/changes/bug20484 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (single onion services): - - Start correctly when creating a single onion service in a - directory that did not previously exist. Fixes bug 20484; bugfix on - 0.2.9.3-alpha. - diff --git a/changes/bug20487 b/changes/bug20487 deleted file mode 100644 index 4435f14a95..0000000000 --- a/changes/bug20487 +++ /dev/null @@ -1,4 +0,0 @@ - o Documentation: - - Clarify that setting HiddenServiceNonAnonymousMode requires - you to also set "SOCKSPort 0". Fixes bug 20487; bugfix on - 0.2.9.3-alpha. diff --git a/changes/bug20509 b/changes/bug20509 deleted file mode 100644 index a39ca9f60b..0000000000 --- a/changes/bug20509 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features: - - Directory authorities now reject relays running versions - 0.2.9.1-alpha through 0.2.9.4-alpha, because those relays - suffer from bug 20499 and don't keep their consensus cache - up-to-date. Resolves ticket 20509. diff --git a/changes/bug20529 b/changes/bug20529 deleted file mode 100644 index 276be5b2b6..0000000000 --- a/changes/bug20529 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (hidden services): - - When configuring hidden services, check every hidden service directory's - permissions. Previously, we only checked the last hidden service. - Fixes bug 20529; bugfix on 13942 commit 85bfad1 in 0.2.6.2-alpha. diff --git a/changes/bug20533 b/changes/bug20533 deleted file mode 100644 index 7d1a456328..0000000000 --- a/changes/bug20533 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes (consensus downloads): - - If a consensus expires while we are waiting for certificates to download, - stop waiting for certificates. - - If we stop waiting for certificates less than a minute after we started - downloading them, do not consider the certificate download failure a - separate failure. - Fixes bug 20533; bugfix on commit e0204f21 in 0.2.0.9-alpha. diff --git a/changes/bug20534 b/changes/bug20534 deleted file mode 100644 index 49db433a01..0000000000 --- a/changes/bug20534 +++ /dev/null @@ -1,8 +0,0 @@ - o Minor bugfixes (directory download scheduling): - - Remove the maximum delay on exponential-backoff scheduling. - Since we now allow an infinite number of failures (see ticket - 20536), we must now allow the time to grow longer on each failure. - Fixes part of bug 20534; bugfix on 0.2.9.1-alpha. - - Use initial delays and decrements in download scheduling closer to - those from 0.2.8. Fixes another part of bug 20534; bugfix on - 0.2.9.1-alpha. diff --git a/changes/bug20536 b/changes/bug20536 deleted file mode 100644 index 9e0dd164bb..0000000000 --- a/changes/bug20536 +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfixes (download scheduling): - - When using an exponential backoff schedule, do not give up on - dowloading just because we have failed a bunch of times. Since - each delay is longer than the last, retrying indefinitely won't - hurt. Fixes bug 20536; bugfix on 0.2.9.1-alpha. - diff --git a/changes/bug20551 b/changes/bug20551 deleted file mode 100644 index b7ec4ca7cc..0000000000 --- a/changes/bug20551 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (compilation): - - Fix implicit conversion warnings under OpenSSL 1.1. - Fixes bug 20551; bugfix on 0.2.1.1-alpha. diff --git a/changes/bug20553 b/changes/bug20553 deleted file mode 100644 index 12a2780303..0000000000 --- a/changes/bug20553 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (memory leak): - - Work around a memory leak in OpenSSL 1.1 when encoding public keys. - Fixes bug 20553; bugfix on 0.0.2pre8. diff --git a/changes/bug20560 b/changes/bug20560 deleted file mode 100644 index 43d605b296..0000000000 --- a/changes/bug20560 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (portability): - - Run correctly when built on Windows build environments that require - _vcsprintf(). Fixes bug 20560; bugfix on 0.2.2.11-alpha. - diff --git a/changes/bug20587 b/changes/bug20587 deleted file mode 100644 index 341b001363..0000000000 --- a/changes/bug20587 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (download timing): - - When determining when to download a directory object, handle times - after 2038 if the operating system supports that. (Someday this will be - important!) Fixes bug 20587; bugfix on 0.2.8.1-alpha. - diff --git a/changes/bug20588 b/changes/bug20588 deleted file mode 100644 index 832ef81336..0000000000 --- a/changes/bug20588 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (portability): - - Fix compilation with OpenSSL 1.1 and less commonly-used - CPU architectures. Closes ticket 20588. diff --git a/changes/bug20591 b/changes/bug20591 deleted file mode 100644 index deaa738f5e..0000000000 --- a/changes/bug20591 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (relay bootstrap): - - Ensure relays don't make multiple connections during bootstrap. - Fixes bug 20591; bugfix on 0.2.8.1-alpha. diff --git a/changes/bug20593 b/changes/bug20593 deleted file mode 100644 index e9f54d317a..0000000000 --- a/changes/bug20593 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (client directory scheduling): - - Treat "relay too busy to answer request" as a failed request and a - reason to back off on our retry frequency. This is safe now that - exponential backups retry indefinitely, and avoids a bug where we would - reset our download schedule erroneously. - Fixes bug 20593; bugfix on 0.2.9.1-alpha. diff --git a/changes/bug20597 b/changes/bug20597 deleted file mode 100644 index f199b63933..0000000000 --- a/changes/bug20597 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (test networks, exponential backoff): - - When using exponential backoff in test networks, use a lower exponent, - so the delays do not vary as much. This helps test networks bootstrap - consistently. Fixes bug 20597; bugfix on 20499; not in any released - version of tor. diff --git a/changes/bug20613 b/changes/bug20613 deleted file mode 100644 index 19bb61f4e0..0000000000 --- a/changes/bug20613 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (single onion services, Tor2web): - - Stop logging long-term one-hop circuits deliberately created by single - onion services and Tor2web. These log messages are intended to diagnose - issue 8387, which relates to circuits hanging around forever for no - reason. - Fixes bug 20613; bugfix on 0.2.9.1-alpha. Reported by "pastly". diff --git a/changes/bug20634 b/changes/bug20634 deleted file mode 100644 index 62fc9f4787..0000000000 --- a/changes/bug20634 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (unit tests): - - Stop spurious failures in the local interface address discovery unit - tests. Fixes bug 20634; bugfix on 0.2.8.1-alpha; patch by Neel Chauhan. diff --git a/changes/bug20638 b/changes/bug20638 deleted file mode 100644 index 260d7d0a75..0000000000 --- a/changes/bug20638 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (hidden services): - - Stop ignoring hidden service key anonymity when first starting tor. - Instead, refuse to start tor if any hidden service key has been used in - a different hidden service anonymity mode. - Fixes bug 20638; bugfix on 17178 in 0.2.9.3-alpha; reported by ahf. diff --git a/changes/bug20710_025 b/changes/bug20710_025 deleted file mode 100644 index 12bd07536c..0000000000 --- a/changes/bug20710_025 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (memory leak, use-after-free, linux seccomp2 sandbox): - - Fix a memory leak and use-after-free error when removing entries - from the sandbox's getaddrinfo() cache. Fixes bug 20710; bugfix on - 0.2.5.5-alpha. Patch from "cypherpunks". diff --git a/changes/bug20715 b/changes/bug20715 deleted file mode 100644 index 737a560cec..0000000000 --- a/changes/bug20715 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (memory leak) - - When moving a signed descriptor object from a source to an existing - destination, free the allocated memory inside that destination object. - Bugfix on tor-0.2.8.3-alpha; Closes #20715. diff --git a/changes/bug20716 b/changes/bug20716 deleted file mode 100644 index 37fd6feecf..0000000000 --- a/changes/bug20716 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (client, memory leak): - - Fix a small memory leak when receiving AF_UNIX connections on - a SocksPort. Fixes bug 20716; bugfix on 0.2.6.3-alpha. diff --git a/changes/bug20810 b/changes/bug20810 deleted file mode 100644 index 5420a73175..0000000000 --- a/changes/bug20810 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (relay) - - When computing old Tor protocol line version in protover, we were - looking at 0.2.7.5 twice instead of a specific case for 0.2.9.1-alpha. - Bugfix on tor-0.2.9.4-alpha. diff --git a/changes/bug20864 b/changes/bug20864 deleted file mode 100644 index 7b8c70fad6..0000000000 --- a/changes/bug20864 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (unit tests, hidden services): - - Remove a double-free in the single onion service unit test. Stop - ignoring a return value. Make future changes less error-prone. - Fixes bug 20864; bugfix on 0.2.9.6-rc. diff --git a/changes/bug20875 b/changes/bug20875 deleted file mode 100644 index 6bba2cbc12..0000000000 --- a/changes/bug20875 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (download scheduling) - - Resolve a "bug" warning when considering a download schedule whose - delay had approached INT_MAX. Fixes 20875; bugfix on 0.2.9.5-alpha. - diff --git a/changes/bug20935 b/changes/bug20935 deleted file mode 100644 index 78068c7c06..0000000000 --- a/changes/bug20935 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (portability): - - Use the correct spelling of MAC_OS_X_VERSION_10_12 on configure.ac - Fixes bug 20935; bugfix on 0.2.9.6-rc. diff --git a/changes/bug21018 b/changes/bug21018 deleted file mode 100644 index 49a8b47a25..0000000000 --- a/changes/bug21018 +++ /dev/null @@ -1,11 +0,0 @@ - o Major bugfixes (parsing, security): - - - Fix a bug in parsing that could cause clients to read a single - byte past the end of an allocated region. This bug could be - used to cause hardened clients (built with - --enable-expensive-hardening) to crash if they tried to visit - a hostile hidden service. Non-hardened clients are only - affected depending on the details of their platform's memory - allocator. Fixes bug 21018; bugfix on 0.2.0.8-alpha. Found by - using libFuzzer. Also tracked as TROVE-2016-12-002 and as - CVE-2016-1254. diff --git a/changes/bug21035 b/changes/bug21035 deleted file mode 100644 index bbf3340787..0000000000 --- a/changes/bug21035 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (portability): - - Avoid crashing when Tor is built using headers that contain - CLOCK_MONOTONIC_COARSE, but then tries to run on an older kernel - without CLOCK_MONOTONIC_COARSE. Fixes bug 21035; bugfix on - 0.2.9.1-alpha. - diff --git a/changes/bug21051 b/changes/bug21051 deleted file mode 100644 index 8bb4f80c8e..0000000000 --- a/changes/bug21051 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (compilation): - - Fix Libevent detection on platforms without Libevent 1 headers - installed. Fixes bug 21051; bugfix on 0.2.9.1-alpha. diff --git a/changes/bug21108_029 b/changes/bug21108_029 deleted file mode 100644 index 3a3f004fc6..0000000000 --- a/changes/bug21108_029 +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfixes (directory authority): - - During voting, when marking a node as a probable sybil, do not - clear its BadExit flag: sybils can still be bad in other ways - too. (We still clear the other flags.) Fixes bug 21108; bugfix - on 0.2.0.13-alpha. - diff --git a/changes/bug21278_extras b/changes/bug21278_extras deleted file mode 100644 index ffdf4a047b..0000000000 --- a/changes/bug21278_extras +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (code correctness): - - Repair a couple of (unreachable or harmless) cases of the risky - comparison-by-subtraction pattern that caused bug 21278. diff --git a/changes/bug21278_prevention b/changes/bug21278_prevention deleted file mode 100644 index e07f0a670c..0000000000 --- a/changes/bug21278_prevention +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (directory authority): - - Directory authorities now reject descriptors that claim to be - malformed versions of Tor. Helps prevent exploitation of bug 21278. - diff --git a/changes/bug21280 b/changes/bug21280 deleted file mode 100644 index e9f0bc174c..0000000000 --- a/changes/bug21280 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (tor-resolve): - - The tor-resolve command line tool now rejects hostnames over 255 - characters in length. Previously, it would silently truncate - them, which could lead to bugs. Fixes bug 21280; bugfix on 0.0.9pre5. - Patch by "junglefowl". diff --git a/changes/bug21357 b/changes/bug21357 deleted file mode 100644 index a1cb43a78a..0000000000 --- a/changes/bug21357 +++ /dev/null @@ -1,7 +0,0 @@ - o Major bugfixes (IPv6 Exits): - - Stop rejecting all IPv6 traffic on Exits whose exit policy rejects IPv6 - addresses. Instead, only reject a port over IPv6 if the exit policy - rejects that port on more than an IPv6 /16 of addresses. This bug was - made worse by 17027 in 0.2.8.1-alpha, which rejects a relay's own IPv6 - address by default. - Fixes bug 21357; bugfix on commit 004f3f4e53 in 0.2.4.7-alpha. diff --git a/changes/bug21450 b/changes/bug21450 deleted file mode 100644 index a1cf89ab41..0000000000 --- a/changes/bug21450 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (voting consistency): - - Reject version numbers with components that exceed INT32_MAX. - Otherwise 32-bit and 64-bit platforms would behave inconsistently. - Fixes bug 21450; bugfix on 0.0.8pre1. diff --git a/changes/bug21507 b/changes/bug21507 deleted file mode 100644 index f83e291b63..0000000000 --- a/changes/bug21507 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (voting consistency): - - Reject version numbers with non-numeric prefixes (such as +, -, and - whitespace). Disallowing whitespace prevents differential version - parsing between POSIX-based and Windows platforms. - Fixes bug 21507 and part of 21508; bugfix on 0.0.8pre1. diff --git a/changes/bug21576 b/changes/bug21576 deleted file mode 100644 index 68d8471192..0000000000 --- a/changes/bug21576 +++ /dev/null @@ -1,4 +0,0 @@ - o Major bugfixes (crash, directory connections): - - Fix a rare crash when sending a begin cell on a circuit whose linked - directory connection has already been closed. Fixes bug 21576; - bugfix on Tor 0.2.9.3-alpha. Reported by alecmuffett. diff --git a/changes/bug21943 b/changes/bug21943 deleted file mode 100644 index dbe2c726d9..0000000000 --- a/changes/bug21943 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (Linux seccomp2 sandbox): - - The getpid() system call is now permitted under the Linux seccomp2 - sandbox, to avoid crashing with versions of OpenSSL (and other - libraries) that attempt to learn the process's PID by using the - syscall rather than the VDSO code. Fixes bug 21943; bugfix on - 0.2.5.1-alpha. diff --git a/changes/bug22034 b/changes/bug22034 deleted file mode 100644 index 6d9e188740..0000000000 --- a/changes/bug22034 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (control port, regression): - - The GETINFO extra-info/digest/<digest> command was broken because of a - wrong base16 decode return value check. In was introduced in a refactor - of that API. Fixex bug #22034; bugfix on tor-0.2.9.1-alpha. diff --git a/changes/bug22159 b/changes/bug22159 new file mode 100644 index 0000000000..c319c7e322 --- /dev/null +++ b/changes/bug22159 @@ -0,0 +1,7 @@ + o Minor bugfixes (hidden service): + - A service is allowed to open a maximum number of circuits for a specific + period of time. That value was lower than it should be (8 vs 12) in the + normal case of 3 introduction points. Fixes bug 22159.; bugfix on + tor-0.3.0.5-rc. + - Rate limit the log if we ever go above the maximum number of allowed + intro circuits. Fixes bug 22159.; bugfix on tor-0.3.1.1-alpha. diff --git a/changes/bug22212 b/changes/bug22212 new file mode 100644 index 0000000000..f92d6701d3 --- /dev/null +++ b/changes/bug22212 @@ -0,0 +1,5 @@ + o Minor bugfixes (netflow padding logging): + - Demote a warn that was caused by libevent delays to info if + the padding is less than 4.5 seconds late, or notice if it is more + (4.5 seconds is the amount of time that a netflow record might + be emitted after, if we chose the maximum timeout). Fixes bug #22212. diff --git a/changes/bug22245 b/changes/bug22245 deleted file mode 100644 index 6ae18593ea..0000000000 --- a/changes/bug22245 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (bandwidth accounting): - - Roll over monthly accounting at the configured hour and minute, - rather than always at 00:00. - Fixes bug 22245; bugfix on 0.0.9rc1. - Found by Andrey Karpov with PVS-Studio. diff --git a/changes/bug22286 b/changes/bug22286 new file mode 100644 index 0000000000..f72e8fe2c7 --- /dev/null +++ b/changes/bug22286 @@ -0,0 +1,3 @@ + o Minor features (tests): + - Add a couple more tests for compression backend initialization. + Closes ticket 22286. diff --git a/changes/bug22347 b/changes/bug22347 new file mode 100644 index 0000000000..f294ba0a2d --- /dev/null +++ b/changes/bug22347 @@ -0,0 +1,2 @@ + o Documentation: + - Add a manpage description for the key-pinning-journal file. diff --git a/changes/bug22356 b/changes/bug22356 new file mode 100644 index 0000000000..0082b542be --- /dev/null +++ b/changes/bug22356 @@ -0,0 +1,5 @@ + o Minor bugfixes (logging, relay): + - Downgrade "assigned_to_cpuworker failed" message to INFO-level + severity. In every case that can reach it, either a better warning + has already been logged, or no warning is warranted. Fixes bug 22356; + bugfix on 0.2.6.3-alpha. diff --git a/changes/bug22370 b/changes/bug22370 deleted file mode 100644 index e0e87e3339..0000000000 --- a/changes/bug22370 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (memory handling): - - When directory authorities reject a router descriptor due to keypinning, - free the router descriptor rather than leaking the memory. - Fixes bug 22370; bugfix on 0.2.7.2-alpha. diff --git a/changes/bug22400_01 b/changes/bug22400_01 new file mode 100644 index 0000000000..454c5f746f --- /dev/null +++ b/changes/bug22400_01 @@ -0,0 +1,4 @@ + o Major bugfixes (entry guards): + - When starting with an old consensus, do not add new entry guards + unless the consensus is "reasonably live" (under 1 day old). Fixes + one root cause of bug 22400; bugfix on 0.3.0.1-alpha. diff --git a/changes/bug22460_case2 b/changes/bug22460_case2 deleted file mode 100644 index 0a11759832..0000000000 --- a/changes/bug22460_case2 +++ /dev/null @@ -1,8 +0,0 @@ - o Major bugfixes (relay, link handshake): - - - When performing the v3 link handshake on a TLS connection, report that - we have the x509 certificate that we actually used on that connection, - even if we have changed certificates since that connection was first - opened. Previously, we would claim to have used our most recent x509 - link certificate, which would sometimes make the link handshake fail. - Fixes one case of bug 22460; bugfix on 0.2.3.6-alpha. diff --git a/changes/bug22490 b/changes/bug22490 deleted file mode 100644 index 244dd50b36..0000000000 --- a/changes/bug22490 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (correctness): - - Avoid undefined behavior when parsing IPv6 entries from the geoip6 - file. Fixes bug 22490; bugfix on 0.2.4.6-alpha. diff --git a/changes/bug22502_part1 b/changes/bug22502_part1 new file mode 100644 index 0000000000..bd95b7c7c4 --- /dev/null +++ b/changes/bug22502_part1 @@ -0,0 +1,12 @@ + o Major bugfixes (compression, zstd): + - Correctly detect a full buffer when decompessing a large + zstd-compressed input. Fixes bug 22628; bugfix on 0.3.1.1-alpha. + + o Minor bugfixes (compression): + - When compressing or decompressing a buffer, check for a failure to + create a compression object. Fixes bug 22626; bugfix on + 0.3.1.1-alpha. + + - When decompressing a buffer, check for extra data after the end of + the compressed data. Fixes bug 22629; bugfix on 0.3.1.1-alpha. + diff --git a/changes/bug22520 b/changes/bug22520 new file mode 100644 index 0000000000..cc14f7214c --- /dev/null +++ b/changes/bug22520 @@ -0,0 +1,5 @@ + o Minor bugfixes (error reporting, windows): + - When formatting Windows error messages, use the English format + to avoid codepage issues. Fixes bug 22520; bugfix on + 0.1.2.8-alpha. Patch from "Vort". + diff --git a/changes/bug22669 b/changes/bug22669 new file mode 100644 index 0000000000..804a39e781 --- /dev/null +++ b/changes/bug22669 @@ -0,0 +1,4 @@ + o Minor bugfixes (compression): + - When serving directory votes compressed with zlib, + do not claim to have compressed them with zstd. Fixes bug 22669; + bugfix on 0.3.1.1-alpha. diff --git a/changes/bug22670 b/changes/bug22670 new file mode 100644 index 0000000000..47403277d2 --- /dev/null +++ b/changes/bug22670 @@ -0,0 +1,4 @@ + o Minor bugfixes (logging, compression): + - When decompressing, do not warn if we fail to decompress using a + compression method that we merely guessed. Fixes part of + bug 22670; bugfix on 0.1.1.14-alpha. diff --git a/changes/bug22670_02 b/changes/bug22670_02 new file mode 100644 index 0000000000..3e7a428faf --- /dev/null +++ b/changes/bug22670_02 @@ -0,0 +1,4 @@ + o Minor bugfixes (logging, compression): + - When decompressing, treat mismatch between content-encoding and + actual compression type as a protocol warning. Fixes part of bug + 22670; bugfix on 0.1.1.9-alpha. diff --git a/changes/bug22670_03 b/changes/bug22670_03 new file mode 100644 index 0000000000..8a7aa49bcd --- /dev/null +++ b/changes/bug22670_03 @@ -0,0 +1,6 @@ + o Minor bugfixes (compression): + - When decompressing an object received over an anonymous directory + connection, if we have already successfully decompressed it using an + acceptable compression method, do not reject it for looking like an + unacceptable compression method. Fixes part of bug 22670; bugfix on + 0.3.1.1-alpha. diff --git a/changes/bug22672 b/changes/bug22672 new file mode 100644 index 0000000000..ec6681149d --- /dev/null +++ b/changes/bug22672 @@ -0,0 +1,5 @@ + o Minor features (compression, defensive programming): + - Detect and break out of infinite loops in our compression code. + We don't think that any such loops exist now, but it's best to be + safe. Closes ticket 22672. + diff --git a/changes/bug22702 b/changes/bug22702 new file mode 100644 index 0000000000..a2044c70bf --- /dev/null +++ b/changes/bug22702 @@ -0,0 +1,5 @@ + o Major bugfixes (directory protocol): + - Ensure that we sent "304 Not modified" as HTTP status code when a + client is attempting to fetch a consensus or consensus diff that + matches the latest consensus we have available. Fixes bug 22702; + bugfix on 0.3.1.1-alpha. diff --git a/changes/bug22719 b/changes/bug22719 new file mode 100644 index 0000000000..bfcda0a4e1 --- /dev/null +++ b/changes/bug22719 @@ -0,0 +1,7 @@ + o Minor bugfixes (compression): + - When spooling compressed data to an output buffer, don't try to + spool more data when there is no more data to spool and we are + not trying to flush the input. Previously, we would sometimes + launch compression requests with nothing to do, which interferes + with our 22672 checks. Fixes bug 22719; bugfix on 0.2.0.16-alpha. + diff --git a/changes/bug22720 b/changes/bug22720 new file mode 100644 index 0000000000..4893b577f0 --- /dev/null +++ b/changes/bug22720 @@ -0,0 +1,9 @@ + o Minor bugfixes (process behavior): + - When exiting because of an error, always exit with a nonzero + exit status. Previously, we would fail to report an error in + our exit status in cases related to lockfile contention, + __OwningControllerProcess failure, and Ed25519 key + initialization. Fixes bug 22720; bugfix on versions + 0.2.1.6-alpha, 0.2.2.28-beta, and 0.2.7.2-alpha + respectively. Reported by "f55jwk4f"; patch from "huyvq". + diff --git a/changes/bug22751 b/changes/bug22751 new file mode 100644 index 0000000000..714525c8af --- /dev/null +++ b/changes/bug22751 @@ -0,0 +1,5 @@ + o Major bugfixes (compression): + - Fix crash in LZMA module, when the Sandbox is enabled, where + liblzma would allocate more than 16 MB of memory. We solve this + by bumping the mprotect() limit in the Sandbox module from 16 MB + to 20 MB. Fixes bug 22751; bugfix on 0.3.1.1-alpha. diff --git a/changes/bug22752_simple b/changes/bug22752_simple new file mode 100644 index 0000000000..7e60357052 --- /dev/null +++ b/changes/bug22752_simple @@ -0,0 +1,6 @@ + o Major bugfixes (windows, directory cache): + - On windows, do not try to delete cached consensus documents and + diffs, until they unmapped from memory. Allow the diff storage + directory to grow larger in order to handle files that might + need to stay around longer. Fixes bug 22752; bugfix on + 0.3.1.1-alpha. diff --git a/changes/bug22753 b/changes/bug22753 new file mode 100644 index 0000000000..32a6dfa56c --- /dev/null +++ b/changes/bug22753 @@ -0,0 +1,7 @@ + o Major bugfixes (path selection, security): + - When choosing which guard to use for a circuit, avoid the + exit's family along with the exit itself. Previously, the new + guard selection logic avoided the exit, but did not consider + its family. Fixes bug 22753; bugfix on 0.3.0.1-alpha. Tracked + as TROVE-2016-006 and CVE-2017-0377. + diff --git a/changes/bug22803 b/changes/bug22803 new file mode 100644 index 0000000000..80b4b9f589 --- /dev/null +++ b/changes/bug22803 @@ -0,0 +1,3 @@ + o Minor bugfixes (unit tests): + - Fix a memory leak in the link-handshake/certs_ok_ed25519 test. + Fixes bug 22803; bugfix on 0.3.0.1-alpha. diff --git a/changes/bug22830 b/changes/bug22830 new file mode 100644 index 0000000000..123b725aff --- /dev/null +++ b/changes/bug22830 @@ -0,0 +1,5 @@ + o Minor bugfixes: + - Fix a problem with Rust toolchains not being found when building + without --enable-cargo-online-mode, due to setting the $HOME + environment variable instead of $CARGO_HOME. Fixes bug 22830; + fix by Chelsea Komlo. Bugfix on 0.3.1.1-alpha. diff --git a/changes/bug22838_028 b/changes/bug22838_028 deleted file mode 100644 index 1d0a4fbfd1..0000000000 --- a/changes/bug22838_028 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (compilation, mingw, backport from 0.3.1.1-alpha): - - Backport a fix for an "unused variable" warning that appeared - in some versions of mingw. Fixes bug 22838; bugfix on - 0.2.8.1-alpha. - diff --git a/changes/bug22883-config b/changes/bug22883-config new file mode 100644 index 0000000000..d60594d9ae --- /dev/null +++ b/changes/bug22883-config @@ -0,0 +1,7 @@ + o Minor features (directory cache, consensus diff): + - Add a new MaxConsensusAgeForDiffs option to allow directory cache + operators with low-resource environments to adjust the number of + consensuses they'll store and generate diffs from. Most cache operators + should leave it unchanged. Helps to work around bug 22883. + + diff --git a/changes/bug22883-priority b/changes/bug22883-priority new file mode 100644 index 0000000000..4b3531c30b --- /dev/null +++ b/changes/bug22883-priority @@ -0,0 +1,8 @@ + o Major bugfixes (relay, performance): + + - Perform circuit handshake operations at a higher priority than we use + for consensus diff creation and compression. This should prevent + circuits from starving when a relay or bridge receive a new consensus, + especially on lower-powered machines. Fixes bug 22883; bugfix on + 0.3.1.1-alpha. + diff --git a/changes/bug22892 b/changes/bug22892 new file mode 100644 index 0000000000..9a70cb0576 --- /dev/null +++ b/changes/bug22892 @@ -0,0 +1,4 @@ + o Minor bugfixes (compilation): + - Compile correctly when both openssl 1.1.0 and libscrypt are detected. + Previously this would cause an error. Fixes bug 22892; bugfix on + 0.3.1.1-alpha. diff --git a/changes/bug22927 b/changes/bug22927 new file mode 100644 index 0000000000..6e68e6ff08 --- /dev/null +++ b/changes/bug22927 @@ -0,0 +1,6 @@ + o Minor bugfixes (compatibility, zstd): + - Write zstd epilogues correctly when the epilogue requires reallocation + of the output buffer, even with zstd 1.3.0. (Previously, + we worked on 1.2.0 and failed with 1.3.0). Fixes bug 22927; bugfix on + 0.3.1.1-alpha. + diff --git a/changes/bug23053 b/changes/bug23053 new file mode 100644 index 0000000000..082e239409 --- /dev/null +++ b/changes/bug23053 @@ -0,0 +1,5 @@ + o Minor bugfixes (memory leak): + - Fix a small memory leak when validating a configuration that + uses two or more AF_UNIX sockets for the same port type. + Fixes bug 23053; bugfix on 0.2.6.3-alpha. This is CID + 1415725. diff --git a/changes/bug23071 b/changes/bug23071 new file mode 100644 index 0000000000..4756dd6252 --- /dev/null +++ b/changes/bug23071 @@ -0,0 +1,5 @@ + o Minor bugfixes (tests): + - Port the hs_ntor handshake test to work correctly with recent + versions of the pysha3 module. Fixes bug 23071; bugfix on + 0.3.1.1-alpha. + diff --git a/changes/bug23077 b/changes/bug23077 new file mode 100644 index 0000000000..5ed1c56742 --- /dev/null +++ b/changes/bug23077 @@ -0,0 +1,4 @@ + o Minor bugfixes (unit tests): + - Fix a channelpadding unit test failure on extremely slow systems + by using mocked time instead of actual time. Fixes bug 23077; bugfix on + 0.3.1.1-alpha. diff --git a/changes/bug23078 b/changes/bug23078 new file mode 100644 index 0000000000..67624007cf --- /dev/null +++ b/changes/bug23078 @@ -0,0 +1,7 @@ + o Minor bugfixes (logging, relay): + - Remove a log_warn() that has been forgotten when an introduction point + successfully established a hidden service prop224 circuit with a client. + - Three other log_warn() for an introduction point have been changed to + protocol warning because they can be failure from the network and are + not relevant to the operator. Fixes bug 23078; bugfix on + tor-0.3.0.1-alpha and tor-0.3.0.2-alpha. diff --git a/changes/bug23105-diagnostic b/changes/bug23105-diagnostic new file mode 100644 index 0000000000..8ba4931e36 --- /dev/null +++ b/changes/bug23105-diagnostic @@ -0,0 +1,4 @@ + o Minor features (diagnostic): + - Add a stack trace to the bug warnings that can be logged when + trying to send an outgoing relay cell with n_chan == 0. + Diagnostic attempt for bug 23105. diff --git a/changes/bug23139 b/changes/bug23139 new file mode 100644 index 0000000000..ed63ce85e2 --- /dev/null +++ b/changes/bug23139 @@ -0,0 +1,3 @@ + o Minor bugfixes (directory cache): + - Fix a memory leak in the code that recovers space in the consensus + directory cache. Fixes bug 23139; bugfix on 0.3.1.1-alpha. diff --git a/changes/bug23155 b/changes/bug23155 new file mode 100644 index 0000000000..4c24ab136c --- /dev/null +++ b/changes/bug23155 @@ -0,0 +1,4 @@ + o Minor bugfixes (stability): + - Avoid crashing on double-free when unable to load or process + an included file. Fixes bug 23155; bugfix on 0.3.1.1-alpha. + Found with the clang static analyzer. diff --git a/changes/bug23233 b/changes/bug23233 new file mode 100644 index 0000000000..689a99a2a8 --- /dev/null +++ b/changes/bug23233 @@ -0,0 +1,4 @@ + o Minor bugfixes (hidden service): + - Fix a BUG alert during HSv3 descriptor decoding that could trigger with a + specially crafted descriptor. Fixes bug #23233; bugfix on 0.3.0.1-alpha. + Bug found by "haxxpop". diff --git a/changes/bug23275 b/changes/bug23275 new file mode 100644 index 0000000000..d6c3c47743 --- /dev/null +++ b/changes/bug23275 @@ -0,0 +1,5 @@ + o Minor bugfixes (relay): + - When a relay is not running as a directory cache, it will no longer + generate compressed consensuses and consensus diff information. + Previously, this was a waste of disk and CPU. Fixes bug 23275; + bugfix on 0.3.1.1-alpha. diff --git a/changes/bug23533 b/changes/bug23533 new file mode 100644 index 0000000000..b5bfdc0ce2 --- /dev/null +++ b/changes/bug23533 @@ -0,0 +1,4 @@ + o Minor bugfixes (relay): + - Inform the geoip and rephist modules about all requests, even + on relays that are only fetching microdescriptors. Fixes a bug related + to 21585; bugfix on 0.3.0.1-alpha. diff --git a/changes/bug23551 b/changes/bug23551 new file mode 100644 index 0000000000..2f918bfa3a --- /dev/null +++ b/changes/bug23551 @@ -0,0 +1,3 @@ + o Minor bugfixes (compression): + - Handle a pathological case when decompressing Zstandard data when the + output buffer size is zero. Fixes bug 23551; bugfix on 0.3.1.1-alpha. diff --git a/changes/bug23568 b/changes/bug23568 new file mode 100644 index 0000000000..cac4655687 --- /dev/null +++ b/changes/bug23568 @@ -0,0 +1,4 @@ + o Minor bugfixes (compilation): + - Fix a compilation warning when building with zstd support + on 32-bit platforms. Fixes bug 23568; bugfix on 0.3.1.1-alpha. + Found and fixed by Andreas Stieger. diff --git a/changes/bug23608 b/changes/bug23608 new file mode 100644 index 0000000000..16cf88aa3d --- /dev/null +++ b/changes/bug23608 @@ -0,0 +1,4 @@ + o Minor bugfixes (unit tests): + - Fix additional channelpadding unit test failures by using mocked time + instead of actual time for all tests. Fixes bug 23608; + bugfix on 0.3.1.1-alpha. diff --git a/changes/bug23610 b/changes/bug23610 new file mode 100644 index 0000000000..f2dc8bd1a6 --- /dev/null +++ b/changes/bug23610 @@ -0,0 +1,4 @@ + o Minor bugfixes (hidden service, relay): + - Avoid a possible double close of a circuit by the intro point on error + of sending the INTRO_ESTABLISHED cell. Fixes ticket 23610; bugfix on + 0.3.0.1-alpha. diff --git a/changes/bug23693.1 b/changes/bug23693.1 new file mode 100644 index 0000000000..4b16788814 --- /dev/null +++ b/changes/bug23693.1 @@ -0,0 +1,4 @@ + o Minor bugfixes (relay, crash): + - Avoid a crash when running with DirPort set but ORPort tuned off. + Fixes a case of bug 23693; bugfix on 0.3.1.1-alpha. + diff --git a/changes/bug23817 b/changes/bug23817 new file mode 100644 index 0000000000..4740942799 --- /dev/null +++ b/changes/bug23817 @@ -0,0 +1,3 @@ + o Minor bugfixes (descriptors): + - Don't try fetching microdescriptors from relays that have failed to + deliver them in the past. Fixes bug 23817; bugfix on 0.3.0.1-alpha. diff --git a/changes/bug23862 b/changes/bug23862 new file mode 100644 index 0000000000..301ce73672 --- /dev/null +++ b/changes/bug23862 @@ -0,0 +1,5 @@ + o Minor bugfixes (entry guards): + - Tor now updates its guard state when it reads a consensus regardless of + whether it's missing descriptors. That makes tor use its primary guards + to fetch descriptors in some edge cases where it would have used fallback + directories in the past. Fixes bug 23862; bugfix on 0.3.0.1-alpha.
\ No newline at end of file diff --git a/changes/bug23908 b/changes/bug23908 new file mode 100644 index 0000000000..f641b66bb9 --- /dev/null +++ b/changes/bug23908 @@ -0,0 +1,3 @@ + o Minor bugfixes (directory authority, backport from 0.3.2.1-alpha): + - Remove the length limit on HTTP status lines that authorities can send + in their replies. Fixes bug 23499; bugfix on 0.3.1.6-rc. diff --git a/changes/bug24086 b/changes/bug24086 new file mode 100644 index 0000000000..2ae0b37e65 --- /dev/null +++ b/changes/bug24086 @@ -0,0 +1,7 @@ + o Minor bugfixes (directory cache): + - When a consensus diff calculation is only partially successful, only + record the successful parts as having succeeded. Partial success + can happen if (for example) one compression method fails but + the others succeed. Previously we misrecorded all the calculations as + having succeeded, which would later cause a nonfatal assertion failure. + Fixes bug 24086; bugfix on 0.3.1.1-alpha. diff --git a/changes/bug24099 b/changes/bug24099 new file mode 100644 index 0000000000..dca3992664 --- /dev/null +++ b/changes/bug24099 @@ -0,0 +1,4 @@ + o Minor bugfixes (directory cache): + - Recover better from empty or corrupt files in the consensus cache + directory. Fixes bug 24099; bugfix on 0.3.1.1-alpha. + diff --git a/changes/bug24262 b/changes/bug24262 new file mode 100644 index 0000000000..eee69512e4 --- /dev/null +++ b/changes/bug24262 @@ -0,0 +1,3 @@ + o Minor bugfixes (hidden service): + - Fix the consensus parameter "hsdir-interval" to "hsdir_interval" so it + matches the dir-spec.txt. Fixes bug 24262; bugfix on 0.3.1.1-alpha. diff --git a/changes/bug24826_031 b/changes/bug24826_031 new file mode 100644 index 0000000000..3d4a66184a --- /dev/null +++ b/changes/bug24826_031 @@ -0,0 +1,4 @@ + o Minor bugfixes (performance, fragile-hardening): + - Improve the performance of our consensus-diff application code when Tor + is built with the --enable-fragile-hardening option set. Fixes bug + 24826; bugfix on 0.3.1.1-alpha. diff --git a/changes/bug24859 b/changes/bug24859 new file mode 100644 index 0000000000..122109d650 --- /dev/null +++ b/changes/bug24859 @@ -0,0 +1,4 @@ + o Minor bugfixes (logging): + - Don't treat inability to store a cached consensus object as a + bug: it can happen normally when we are out of disk space. + Fixes bug 24859; bugfix on 0.3.1.1-alpha. diff --git a/changes/bug24898 b/changes/bug24898 new file mode 100644 index 0000000000..f64340d71b --- /dev/null +++ b/changes/bug24898 @@ -0,0 +1,8 @@ + o Major bugfixes (relays): + - Fix a set of false positives where relays would consider connections + to other relays as being client-only connections (and thus e.g. + deserving different link padding schemes) if those relays fell out + of the consensus briefly. Now we look only at the initial handshake + and whether the connection authenticated as a relay. Fixes bug + 24898; bugfix on 0.3.1.1-alpha. + diff --git a/changes/bug25070 b/changes/bug25070 new file mode 100644 index 0000000000..c2f4e58c45 --- /dev/null +++ b/changes/bug25070 @@ -0,0 +1,3 @@ + o Major bugfixes (protocol versions): + - Add Link protocol version 5 to the supported protocols list. + Fixes bug 25070; bugfix on 0.3.1.1-alpha. diff --git a/changes/bug26069 b/changes/bug26069 new file mode 100644 index 0000000000..192e97d782 --- /dev/null +++ b/changes/bug26069 @@ -0,0 +1,5 @@ + o Minor bugfixes (hidden service v3): + - When parsing the descriptor signature, look for the token plus an extra + white-space at the end. This is more correct but also will allow us to + support new fields that might start with "signature". Fixes bug 26069; + bugfix on 0.3.0.1-alpha. diff --git a/changes/bug26158 b/changes/bug26158 new file mode 100644 index 0000000000..0d74cf1167 --- /dev/null +++ b/changes/bug26158 @@ -0,0 +1,5 @@ + o Minor bugfixes (relay): + - Relays now correctly block attempts to re-extend to the previous + relay by Ed25519 identity. Previously they would warn in this case, + but not actually reject the attempt. Fixes bug 26158; bugfix on + 0.3.0.1-alpha. diff --git a/changes/bug26272 b/changes/bug26272 new file mode 100644 index 0000000000..9dcf42f0e1 --- /dev/null +++ b/changes/bug26272 @@ -0,0 +1,3 @@ + o Minor bugfixes (compilation): + - Silence unused-const-variable warnings in zstd.h on some gcc versions. + Fixes bug 26272; bugfix on 0.3.1.1-alpha. diff --git a/changes/diagnose_22752 b/changes/diagnose_22752 new file mode 100644 index 0000000000..b5bda05ec0 --- /dev/null +++ b/changes/diagnose_22752 @@ -0,0 +1,4 @@ + o Minor features (bug mitigation, diagnostics, logging): + - Avoid an assertion failure, and log a better error message, + when unable to remove a file from the consensus cache on + Windows. Attempts to mitigate and diagnose bug 22752. diff --git a/changes/geoip-april2017 b/changes/geoip-april2017 deleted file mode 100644 index b489eaf016..0000000000 --- a/changes/geoip-april2017 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - Update geoip and geoip6 to the April 4 2017 Maxmind GeoLite2 - Country database. - diff --git a/changes/geoip-december2016 b/changes/geoip-december2016 deleted file mode 100644 index 60754ea21d..0000000000 --- a/changes/geoip-december2016 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - Update geoip and geoip6 to the December 7 2016 Maxmind GeoLite2 - Country database. - diff --git a/changes/geoip-february2017 b/changes/geoip-february2017 deleted file mode 100644 index ec54b6122a..0000000000 --- a/changes/geoip-february2017 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - Update geoip and geoip6 to the February 8 2017 Maxmind GeoLite2 - Country database. - diff --git a/changes/geoip-january2017 b/changes/geoip-january2017 deleted file mode 100644 index 77bc9a5991..0000000000 --- a/changes/geoip-january2017 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (geoip): - - Update geoip and geoip6 to the January 4 2017 Maxmind GeoLite2 - Country database. - diff --git a/changes/geoip-march2017 b/changes/geoip-march2017 deleted file mode 100644 index 6dc92baa2f..0000000000 --- a/changes/geoip-march2017 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - Update geoip and geoip6 to the March 7 2017 Maxmind GeoLite2 - Country database. - diff --git a/changes/geoip-may2017 b/changes/geoip-may2017 deleted file mode 100644 index 4e504d7a0a..0000000000 --- a/changes/geoip-may2017 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2 - Country database. - diff --git a/changes/geoip-november2016 b/changes/geoip-november2016 deleted file mode 100644 index b3f9913bb1..0000000000 --- a/changes/geoip-november2016 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (ge0oip): - - Update geoip and geoip6 to the November 3 2016 Maxmind GeoLite2 - Country database. - diff --git a/changes/more-files b/changes/more-files new file mode 100644 index 0000000000..861d6a3143 --- /dev/null +++ b/changes/more-files @@ -0,0 +1,4 @@ + o Documentation: + - Document more of the files in the Tor data directory, including + cached-extrainfo, secret_onion_key{,_ntor}.old, hidserv-stats, + approved-routers, sr-random, and diff-cache. diff --git a/changes/more-threads b/changes/more-threads new file mode 100644 index 0000000000..eae88b70fd --- /dev/null +++ b/changes/more-threads @@ -0,0 +1,3 @@ + o Minor features (relay, performance): + - Always start relays with at least two worker threads, to prevent + priority inversion on slow tasks. Part of the fix for bug 22883. diff --git a/changes/more_module_docs b/changes/more_module_docs deleted file mode 100644 index 0066ddfcf0..0000000000 --- a/changes/more_module_docs +++ /dev/null @@ -1,4 +0,0 @@ - o Documentation: - - Module-level documentation for several more modules. Closes tickets - 19287 and - 19290. diff --git a/changes/multi-priority b/changes/multi-priority new file mode 100644 index 0000000000..6f19314b53 --- /dev/null +++ b/changes/multi-priority @@ -0,0 +1,5 @@ + o Minor features (relay, thread pool): + - Allow background work to be queued with different priorities, so + that a big pile of slow low-priority jobs will not starve out + higher priority jobs. This lays the groundwork for a fix for bug + 22883. diff --git a/changes/new_requirement_pkgconfig b/changes/new_requirement_pkgconfig new file mode 100644 index 0000000000..503ff58c9e --- /dev/null +++ b/changes/new_requirement_pkgconfig @@ -0,0 +1,5 @@ + o New dependencies: + - To build with zstd and lzma support, Tor now requires the + pkg-config tool at build time. (This requirement was new in + 0.3.1.1-alpha, but was not noted at the time. Noting it here to + close ticket 22623.) diff --git a/changes/prop275-minimal b/changes/prop275-minimal deleted file mode 100644 index 83d42f850b..0000000000 --- a/changes/prop275-minimal +++ /dev/null @@ -1,9 +0,0 @@ - o Minor features (future-proofing): - - - Tor no longer refuses to download microdescriptors or descriptors if - they are listed as "published in the future". This change will - eventually allow us to stop listing meaningful "published" dates - in microdescriptor consensuses, and thereby allow us to reduce the - resources required to download consensus diffs by over 50%. - Implements part of ticket 21642; implements part of proposal 275. - diff --git a/changes/task-22207 b/changes/task-22207 new file mode 100644 index 0000000000..63544834bf --- /dev/null +++ b/changes/task-22207 @@ -0,0 +1,4 @@ + o Minor features: + - Add "fingerprint" line to networkstatus-bridges produced by + bridge authorities. Implements #22207. + diff --git a/changes/ticket19769 b/changes/ticket19769 deleted file mode 100644 index 9fc05c3e9e..0000000000 --- a/changes/ticket19769 +++ /dev/null @@ -1,7 +0,0 @@ - o Major features (security): - - Change the algorithm used to decide DNS TTLs on client and server side, - to better resist DNS-based correlation attacks like the DefecTor attack - of Greschbach, Pulls, Roberts, Winter, and Feamster). Now - relays only return one of two possible DNS TTL values, and clients - are willing to believe DNS TTL values up to 3 hours long. - Closes ticket 19769. diff --git a/changes/ticket20170-v3 b/changes/ticket20170-v3 deleted file mode 100644 index d634e72053..0000000000 --- a/changes/ticket20170-v3 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features (fallback directory list): - - Replace the 81 remaining fallbacks of the 100 originally introduced - in Tor 0.2.8.3-alpha in March 2016, with a list of 177 fallbacks - (123 new, 54 existing, 27 removed) generated in December 2016. - Resolves ticket 20170. diff --git a/changes/ticket21564 b/changes/ticket21564 deleted file mode 100644 index 7e01f41f8f..0000000000 --- a/changes/ticket21564 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor features (fallback directory list): - - Replace the 177 fallbacks originally introduced in Tor 0.2.9.8 in - December 2016 (of which ~126 were still functional), with a list of - 151 fallbacks (32 new, 119 existing, 58 removed) generated in - May 2017. - Resolves ticket 21564. diff --git a/changes/ticket21953 b/changes/ticket21953 deleted file mode 100644 index 7cc84f506d..0000000000 --- a/changes/ticket21953 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor features: - - Enable a couple of pieces of Windows hardening: one - (HeapEnableTerminationOnCorruption) that has been on-by-default since - Windows 8, and unavailable before Windows 7, and one - (PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION) which we believe doesn't - affect us, but shouldn't do any harm. Closes ticket 21953. diff --git a/changes/ticket22348 b/changes/ticket22348 new file mode 100644 index 0000000000..49ae94cdf3 --- /dev/null +++ b/changes/ticket22348 @@ -0,0 +1,5 @@ + o Minor features (directory authority): + - Improve the message that authorities report to relays when + the RSA/Ed25519 key pair they present conflicts with a previously + pinned key. Closes ticket 22348. + diff --git a/changes/ticket22870 b/changes/ticket22870 new file mode 100644 index 0000000000..07cc8a1d04 --- /dev/null +++ b/changes/ticket22870 @@ -0,0 +1,5 @@ + o Minor bugfixes (consensus diff): + - test_consdiff_base64cmp would fail on OS X because while OS X + follows the standard of (less than zero/zero/greater than zero), + it doesn't follow the convention of (-1/0/+1). Make the test + comply with the standard. Fixes bug 22870; bugfix on 0.3.1.1-alpha. diff --git a/changes/ticket25323 b/changes/ticket25323 new file mode 100644 index 0000000000..836825de5d --- /dev/null +++ b/changes/ticket25323 @@ -0,0 +1,4 @@ + o Code simplification and refactoring: + - Update the "rust dependencies" submodule to be an project-level + repository, rather than a user repository. Closes ticket 25323. + diff --git a/changes/ticket25714 b/changes/ticket25714 new file mode 100644 index 0000000000..63823fc6ca --- /dev/null +++ b/changes/ticket25714 @@ -0,0 +1,4 @@ + o Minor feature (continuous integration): + - Update the Travis CI configuration to use the stable Rust + channel, now that we have decided to require that. Closes + ticket 25714. diff --git a/changes/trove-2017-001 b/changes/trove-2017-001 deleted file mode 100644 index 5187e6d5f1..0000000000 --- a/changes/trove-2017-001 +++ /dev/null @@ -1,8 +0,0 @@ - o Major bugfixes (security): - - Downgrade the "-ftrapv" option from "always on" to "only on when - --enable-expensive-hardening is provided." This hardening option, like - others, can turn survivable bugs into crashes--and having it on by - default made a (relatively harmless) integer overflow bug into a - denial-of-service bug. Fixes bug 21278 (TROVE-2017-001); bugfix on - 0.2.9.1-alpha. - diff --git a/changes/trove-2017-001.2 b/changes/trove-2017-001.2 deleted file mode 100644 index 3ef073cf9f..0000000000 --- a/changes/trove-2017-001.2 +++ /dev/null @@ -1,8 +0,0 @@ - o Major bugfixes (parsing): - - Fix an integer underflow bug when comparing malformed Tor versions. - This bug is harmless, except when Tor has been built with - --enable-expensive-hardening, which would turn it into a crash; - or on Tor 0.2.9.1-alpha through Tor 0.2.9.8, which were built with - -ftrapv by default. - Part of TROVE-2017-001. Fixes bug 21278; bugfix on - 0.0.8pre1. Found by OSS-Fuzz. diff --git a/changes/trove-2017-005 b/changes/trove-2017-005 deleted file mode 100644 index cebb013f86..0000000000 --- a/changes/trove-2017-005 +++ /dev/null @@ -1,7 +0,0 @@ - o Major bugfixes (hidden service, relay, security): - - Fix an assertion failure caused by receiving a BEGIN_DIR cell on - a hidden service rendezvous circuit. Fixes bug 22494, tracked as - TROVE-2017-005 and CVE-2017-0376; bugfix on 0.2.2.1-alpha. Found - by armadev. - - diff --git a/changes/trove-2017-012-part2 b/changes/trove-2017-012-part2 new file mode 100644 index 0000000000..ed994c5b02 --- /dev/null +++ b/changes/trove-2017-012-part2 @@ -0,0 +1,5 @@ + o Major bugfixes (security, relay): + - When running as a relay, make sure that we never ever choose ourselves + as a guard. Previously, this was possible. Fixes part of bug 21534; + bugfix on 0.3.0.1-alpha. This issue is also tracked as TROVE-2017-012 + and CVE-2017-8822. |