diff options
Diffstat (limited to 'changes')
167 files changed, 269 insertions, 553 deletions
diff --git a/changes/25857 b/changes/25857 new file mode 100644 index 0000000000..e457af2f82 --- /dev/null +++ b/changes/25857 @@ -0,0 +1,3 @@ + o Documentation: + - Correct an IPv6 error in the documentation for ExitPolicy. + Closes ticket 25857. Patch from "CTassisF". diff --git a/changes/TROVE-2018-005 b/changes/TROVE-2018-005 new file mode 100644 index 0000000000..769c653f43 --- /dev/null +++ b/changes/TROVE-2018-005 @@ -0,0 +1,6 @@ + o Major bugfixes (security, directory authority, denial-of-service): + - Fix a bug that could have allowed an attacker to force a + directory authority to use up all its RAM by passing it a + maliciously crafted protocol versions string. Fixes bug 25517; + bugfix on 0.2.9.4-alpha. This issue is also tracked as + TROVE-2018-005. diff --git a/changes/bastet_v6 b/changes/bastet_v6 deleted file mode 100644 index ee4e2c8094..0000000000 --- a/changes/bastet_v6 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (directory authority): - - Add an IPv6 address for the "bastet" directory authority. - Closes ticket 24394. - diff --git a/changes/bug18859 b/changes/bug18859 deleted file mode 100644 index 1fe5bc2107..0000000000 --- a/changes/bug18859 +++ /dev/null @@ -1,7 +0,0 @@ - o Major bugfixes (circuit prediction): - - Fix circuit prediction logic so that a client doesn't treat a stream as - being "handled" by a circuit if that circuit already has isolation - settings on it that might make it incompatible with the stream. This - change should make Tor clients more responsive by improving their - chances of having a pre-created circuit ready for use when a new client - request arrives. Fixes bug 18859; bugfix on 0.2.3.3-alpha. diff --git a/changes/bug20532 b/changes/bug20532 deleted file mode 100644 index 7c190ea032..0000000000 --- a/changes/bug20532 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (bridges): - - Overwrite the bridge address earlier in the process of directly - retrieving its descriptor, to make sure we reach it on the configured - address. Fixes bug 20532; bugfix on 0.2.0.10-alpha. diff --git a/changes/bug20963 b/changes/bug20963 deleted file mode 100644 index a65c58399c..0000000000 --- a/changes/bug20963 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (logging): - - Improve the message we log when re-enabling circuit build timeouts - after having received a consensus. Closes ticket 20963. - diff --git a/changes/bug21074_downgrade b/changes/bug21074_downgrade deleted file mode 100644 index 1bc1f8523a..0000000000 --- a/changes/bug21074_downgrade +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (portability): - - Don't exit the Tor process if setrlimit() fails to change the file - limit (which can happen sometimes on some versions of OSX). Fixes - bug 21074; bugfix on 0.0.9pre5. diff --git a/changes/bug21394 b/changes/bug21394 deleted file mode 100644 index e5452e20ba..0000000000 --- a/changes/bug21394 +++ /dev/null @@ -1,9 +0,0 @@ - o Major bugfixes (Exit nodes): - - Fix an issue causing high-bandwidth exit nodes to fail a majority - or all of their DNS requests, making them basically unsuitable for - regular usage in Tor circuits. The problem is related to - libevent's DNS handling, but we can work around it in Tor. Fixes - bugs 21394 and 18580; bugfix on 0.1.2.2-alpha which introduced - eventdns. Credit goes to Dhalgren for identifying and finding a - workaround to this bug and to gamambel, arthuredelstein and - arma in helping to track it down and analyze it. diff --git a/changes/bug21394.2 b/changes/bug21394.2 new file mode 100644 index 0000000000..b580d2a786 --- /dev/null +++ b/changes/bug21394.2 @@ -0,0 +1,7 @@ + o Minor bugfix (Exit node DNS retries): + - Re-attempt timed-out DNS queries 3 times before failure, since our + timeout is 5 seconds for them, but clients wait 10-15. Also allow + slightly more timeouts per resolver before giving up on it in the + case where an exit has multiple resolvers configured. Fixes bug 21394; + bugfix on 0.3.1.9. + diff --git a/changes/bug21509 b/changes/bug21509 deleted file mode 100644 index 593a01ef20..0000000000 --- a/changes/bug21509 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (hidden service v3, fuzzing): - - Fix the hidden service v3 descriptor decoding fuzzing to use the latest - decoding API correctly. Fixes bug 21509; bugfix on 0.3.2.1-alpha. diff --git a/changes/bug22310 b/changes/bug22310 new file mode 100644 index 0000000000..c8017daffe --- /dev/null +++ b/changes/bug22310 @@ -0,0 +1,8 @@ + o Major bugfixes (performance, load balancing): + - Directory authorities no longer vote in favor of the Guard flag + for relays that don't advertise directory support. Starting in Tor + 0.3.0.1-alpha, Tor clients have been avoiding using such relays in + the Guard position, leading to increasingly broken load balancing + for the 5%-or-so of Guards that don't advertise directory support. + Fixes bug 22310; bugfix on 0.3.0.6. + diff --git a/changes/bug23318 b/changes/bug23318 deleted file mode 100644 index 7fcb8d4487..0000000000 --- a/changes/bug23318 +++ /dev/null @@ -1,11 +0,0 @@ - o Minor bugfixes (path selection): - - When selecting relays by bandwidth, avoid a rounding error that - could sometimes cause load to be imbalanced incorrectly. Previously, - we would always round upwards; now, we round towards the nearest - integer. This had the biggest effect when a relay's weight adjustments - should have given it weight 0, but it got weight 1 instead. - Fixes bug 23318; bugfix on 0.2.4.3-alpha. - - When calculating the fraction of nodes that have descriptors, and all - all nodes in the network have zero bandwidths, count the number of nodes - instead. - Fixes bug 23318; bugfix on 0.2.4.10-alpha. diff --git a/changes/bug23603 b/changes/bug23603 deleted file mode 100644 index dfb2052c9a..0000000000 --- a/changes/bug23603 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes (hidden service v3): - - Fix a race between the circuit close and free where the service would - launch a new intro circuit after the close, and then fail to register it - before the free of the previously closed circuit. This was making the - service unable to find the established intro circuit and thus not upload - its descriptor. It can make a service unavailable for up to 24 hours. - Fixes bug 23603; bugfix on 0.3.2.1-alpha. diff --git a/changes/bug23623 b/changes/bug23623 deleted file mode 100644 index 1e2e5c2ac0..0000000000 --- a/changes/bug23623 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (onion services): - - Cache some needed onion service client information instead of - continuously computing it over and over again. Fixes bug 23623; bugfix - on 0.3.2.1-alpha. diff --git a/changes/bug23653 b/changes/bug23653 deleted file mode 100644 index 81760cbb82..0000000000 --- a/changes/bug23653 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes (hidden service client): - - When getting multiple SOCKS request for the same .onion address, don't - trigger multiple descriptor fetches. - - When the descriptor fetch fails with an internal error, no more HSDir to - query or we aren't allowed to fetch (FetchHidServDescriptors 0), close - all pending SOCKS request for that .onion. Fixes bug 23653; bugfix on - 0.3.2.1-alpha. diff --git a/changes/bug23662 b/changes/bug23662 deleted file mode 100644 index 1000bde3d6..0000000000 --- a/changes/bug23662 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (onion services): - - Silence a warning about failed v3 onion descriptor uploads since it can - happen naturally under certain edge-cases. Fixes part of bug 23662; - bugfix on 0.3.2.1-alpha. diff --git a/changes/bug23670 b/changes/bug23670 deleted file mode 100644 index 039bc39478..0000000000 --- a/changes/bug23670 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (entry guards): - - Improve logs issued when we are missing descriptors of primary guards. - Resolves ticket 23670. diff --git a/changes/bug23678 b/changes/bug23678 deleted file mode 100644 index 8138ea71ea..0000000000 --- a/changes/bug23678 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes (warnings): - - When we get an HTTP request on a SOCKS port, tell the user about - the new HTTPTunnelPort option. Previously, we would give a - "Tor is not an HTTP Proxy" message, which stopped being true when - HTTPTunnelPort was introduced. Fixes bug 23678; bugfix on - 0.3.2.1-alpha. - diff --git a/changes/bug23681 b/changes/bug23681 deleted file mode 100644 index e317f36d50..0000000000 --- a/changes/bug23681 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (hidden service client): - - The introduction circuit was being timed out too quickly while waiting - for the rendezvous circuit to complete. Keep the intro circuit around - longer instead of timing out and reopening new ones constantly. Fixes - bug 23681; bugfix on 0.2.4.8-alpha. diff --git a/changes/bug23693 b/changes/bug23693 deleted file mode 100644 index 796398be51..0000000000 --- a/changes/bug23693 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (relay, crash): - - Avoid a crash when transitioning from client mode to bridge mode. - Previously, we would launch the worker threads whenever our "public - server" mode changed, but not when our "server" mode changed. - Fixes bug 23693; bugfix on 0.2.6.3-alpha. - diff --git a/changes/bug23696 b/changes/bug23696 deleted file mode 100644 index c5d18583d4..0000000000 --- a/changes/bug23696 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfix (KIST scheduler): - - Downgrade a warning to log info when the monotonic time diff is - negative. This can happen on platform not supporting monotonic time. The - scheduler recovers from this without any problem. Fixes bug 23696; - bugfix on 0.3.2.1-alpha. diff --git a/changes/bug23739 b/changes/bug23739 deleted file mode 100644 index 3207b5eaf3..0000000000 --- a/changes/bug23739 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (documentation): - - Document better how to read gcov and what our postprocessing scripts do. - Fixes bug 23739; bugfix on 0.2.9.1-alpha. diff --git a/changes/bug23741 b/changes/bug23741 deleted file mode 100644 index 92f06f5270..0000000000 --- a/changes/bug23741 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (testing): - - Prevent scripts/test/coverage from attempting to move gcov - output to the root directory. Fixes bug 23741; bugfix on - 0.2.5.1-alpha. diff --git a/changes/bug23748 b/changes/bug23748 deleted file mode 100644 index 0bd3f3f8ff..0000000000 --- a/changes/bug23748 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (hidden service): - - Always make sure the hidden service generate the public key file if it - is missing. Prior to this, if the public key was deleted from disk, it - wouldn't get recreated. Fixes bug 23748; bugfix on 0.3.2.2-alpha. - Patch from "cathugger". diff --git a/changes/bug23751 b/changes/bug23751 deleted file mode 100644 index 2fd7021664..0000000000 --- a/changes/bug23751 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (scheduler, channel): - - Ignore channels that have been closed while flushing cells. This can - happen if the write on the connection fails leading to the channel being - closed while in the scheduler loop. This is not a complete fix, it is a - bandaid until we are able to refactor those interactions. Fixes bug - 23751; bugfix on 0.3.2.1-alpha. diff --git a/changes/bug23753 b/changes/bug23753 deleted file mode 100644 index 8782a8e2d0..0000000000 --- a/changes/bug23753 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (logging, scheduler): - - Introduce a SCHED_BUG() function to log extra information about the - scheduler state if we ever catch a bug in the scheduler. Closes ticket - 23753. diff --git a/changes/bug23755 b/changes/bug23755 deleted file mode 100644 index 98f0970344..0000000000 --- a/changes/bug23755 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (testing): - - Stop unconditionally mirroring the tor repository in GitLab CI. - This prevented developers from enabling GitLab CI on master. - Fixes bug 23755; bugfix on 0.3.2.2-alpha. diff --git a/changes/bug23757 b/changes/bug23757 deleted file mode 100644 index 02507a0b4d..0000000000 --- a/changes/bug23757 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (testing): - - Adjust the GitLab CI configuration to more closely match that of Travis - CI. Fixes bug 23757; bugfix on 0.3.2.2-alpha. - diff --git a/changes/bug23758 b/changes/bug23758 deleted file mode 100644 index 565791e8f4..0000000000 --- a/changes/bug23758 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (testing): - - Skip a test that would fail if run as root (because it expects a - permissions error). This affects some continuous integration setups. - Fixes bug 23758; bugfix on 0.3.2.2-alpha. diff --git a/changes/bug23762 b/changes/bug23762 deleted file mode 100644 index 741a88e21f..0000000000 --- a/changes/bug23762 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (hidden service v3): - - Properly retry HSv3 descriptor fetches in the case where we were initially - missing required directory information. Fixes bug 23762; bugfix on - 0.3.2.1-alpha. diff --git a/changes/bug23774 b/changes/bug23774 deleted file mode 100644 index 2ea5c0122a..0000000000 --- a/changes/bug23774 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (memory leak): - - Fix a minor memory-leak-at-exit in the KIST scheduler. This - bug should have no user-visible impact. Fixes bug 23774; - bugfix on 0.3.2.1-alpha. diff --git a/changes/bug23783 b/changes/bug23783 deleted file mode 100644 index 98c583a12b..0000000000 --- a/changes/bug23783 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (compilation, windows): - - When detecting OpenSSL on Windows from our configure script, make sure - to try linking with the ws2_32 library. Fixes bug 23783; bugfix on - 0.3.2.2-alpha. - diff --git a/changes/bug23790 b/changes/bug23790 deleted file mode 100644 index 5ebe77f806..0000000000 --- a/changes/bug23790 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (hidden service v2): - - When reloading tor (HUP) configured with hidden service(s), some - information weren't copy to the new service object. One problem with - this was that tor would wait at least the RendPostPeriod time before - uploading the descriptor if the reload happened before the descriptor - needed to be published. Fixes bug 23790; bugfix on 0.2.1.9-alpha. diff --git a/changes/bug23816 b/changes/bug23816 deleted file mode 100644 index 6139dec9e8..0000000000 --- a/changes/bug23816 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (directory client): - - On failure to download directory information, delay retry attempts - by a random amount based on the "decorrelated jitter" algorithm. - Our previous delay algorithm tended to produce extra-long delays too - easily. Fixes bug 23816; bugfix on 0.2.9.1-alpha. - diff --git a/changes/bug23817 b/changes/bug23817 deleted file mode 100644 index 4740942799..0000000000 --- a/changes/bug23817 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (descriptors): - - Don't try fetching microdescriptors from relays that have failed to - deliver them in the past. Fixes bug 23817; bugfix on 0.3.0.1-alpha. diff --git a/changes/bug23820 b/changes/bug23820 deleted file mode 100644 index 4e920d0498..0000000000 --- a/changes/bug23820 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (IPv6, v3 single onion services): - - Remove buggy code for IPv6-only v3 single onion services, and reject - attempts to configure them. This release supports IPv4, dual-stack, and - IPv6-only v3 hidden services; and IPv4 and dual-stack v3 single onion - services. Fixes bug 23820; bugfix on 0.3.2.1-alpha. diff --git a/changes/bug23861 b/changes/bug23861 deleted file mode 100644 index c6f017640d..0000000000 --- a/changes/bug23861 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (logging, relay): - - Suppress a log notice when relay descriptors arrive. We already have a - bootstrap progress for this so no need to log notice everytime tor - receives relay descriptors. Microdescriptors behave the same. Fixes bug - 23861; bugfix on 0.2.8.2-alpha. diff --git a/changes/bug23862 b/changes/bug23862 deleted file mode 100644 index 301ce73672..0000000000 --- a/changes/bug23862 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (entry guards): - - Tor now updates its guard state when it reads a consensus regardless of - whether it's missing descriptors. That makes tor use its primary guards - to fetch descriptors in some edge cases where it would have used fallback - directories in the past. Fixes bug 23862; bugfix on 0.3.0.1-alpha.
\ No newline at end of file diff --git a/changes/bug23874 b/changes/bug23874 deleted file mode 100644 index bf6620553d..0000000000 --- a/changes/bug23874 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (memory safety): - - Clear the address when node_get_prim_orport() returns early. - Fixes bug 23874; bugfix on 0.2.8.2-alpha. diff --git a/changes/bug23952 b/changes/bug23952 deleted file mode 100644 index ab1462e522..0000000000 --- a/changes/bug23952 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (relay): - - Avoid a BUG warning when receiving a dubious CREATE cell while - an option transition is in progress. Fixes bug 23952; bugfix on - 0.3.2.1-alpha. diff --git a/changes/bug23985 b/changes/bug23985 deleted file mode 100644 index 9cb5937962..0000000000 --- a/changes/bug23985 +++ /dev/null @@ -1,9 +0,0 @@ - o Minor bugfixes (bootstrapping): - - Fetch descriptors aggressively whenever we lack enough - to build circuits, regardless of how many descriptors we are missing. - Previously, we would delay launching the fetch when we had fewer than - 15 missing descriptors, even if some of those descriptors were - blocking circuits from building. Fixes bug 23985; bugfix on - 0.1.1.11-alpha. The effects of this bug became worse in 0.3.0.3-alpha, - when we began treating missing descriptors from our primary guards - as a reason to delay circuits. diff --git a/changes/bug24002 b/changes/bug24002 deleted file mode 100644 index cdb6081110..0000000000 --- a/changes/bug24002 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (hidden service): - - Make sure that we have a usable ed25519 key when the intro point relay - does support ed25519 link authentication. We do check for an empty key - when the relay does not support it so this makes it nice and symmetric. - Fixes bug 24002; bugfix on 0.3.2.1-alpha. diff --git a/changes/bug24025 b/changes/bug24025 deleted file mode 100644 index 1d7841af53..0000000000 --- a/changes/bug24025 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (logging, relay): - - Downgrade a warning to a protocol warning in the case the ed25519 key is - not consistent between the descriptor and micro descriptor of a relay. - This can happen for instance if the relay has been flagged - NoEdConsensus. Fixes bug 24025; bugfix on 0.3.2.1-alpha. diff --git a/changes/bug24031 b/changes/bug24031 new file mode 100644 index 0000000000..2bb0e83091 --- /dev/null +++ b/changes/bug24031 @@ -0,0 +1,13 @@ + o Major bugfixes (protover, voting): + - Revise Rust implementation of protover to use a more memory-efficient + voting algorithm and corresponding data structures, thus avoiding a + potential (but small impact) DoS attack where specially crafted protocol + strings would expand to several potential megabytes in memory. In the + process, several portions of code were revised to be methods on new, + custom types, rather than functions taking interchangeable types, thus + increasing type safety of the module. Custom error types and handling + were added as well, in order to facilitate better error dismissal/handling + in outside crates and avoid mistakenly passing an internal error string to + C over the FFI boundary. Many tests were added, and some previous + differences between the C and Rust implementations have been + remedied. Fixes bug 24031; bugfix on 0.3.3.1-alpha. diff --git a/changes/bug24050 b/changes/bug24050 deleted file mode 100644 index d184a77ac0..0000000000 --- a/changes/bug24050 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (client): - - By default, do not enable storage of client-side DNS values. - These values were unused by default previously, but they should - not have been cached at all. Fixes bug 24050; bugfix on - 0.2.6.3-alpha. diff --git a/changes/bug24082 b/changes/bug24082 deleted file mode 100644 index 1523239351..0000000000 --- a/changes/bug24082 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (testing): - - Fix a spurious fuzzing-only use of an uninitialized value. - Found by Brian Carpenter. Fixes bug 24082; bugfix on 0.3.0.3-alpha. diff --git a/changes/bug24086 b/changes/bug24086 deleted file mode 100644 index 2ae0b37e65..0000000000 --- a/changes/bug24086 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes (directory cache): - - When a consensus diff calculation is only partially successful, only - record the successful parts as having succeeded. Partial success - can happen if (for example) one compression method fails but - the others succeed. Previously we misrecorded all the calculations as - having succeeded, which would later cause a nonfatal assertion failure. - Fixes bug 24086; bugfix on 0.3.1.1-alpha. diff --git a/changes/bug24099 b/changes/bug24099 deleted file mode 100644 index dca3992664..0000000000 --- a/changes/bug24099 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (directory cache): - - Recover better from empty or corrupt files in the consensus cache - directory. Fixes bug 24099; bugfix on 0.3.1.1-alpha. - diff --git a/changes/bug24115 b/changes/bug24115 deleted file mode 100644 index 767f13840b..0000000000 --- a/changes/bug24115 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (manpage, hidden service): - - Mention that the HiddenServiceNumIntroductionPoints option is 0-10 for - v2 service and 0-20 for v3 service. Fixes bug 24115; bugfix on - 0.3.2.1-alpha. diff --git a/changes/bug24150 b/changes/bug24150 deleted file mode 100644 index cfda7c40da..0000000000 --- a/changes/bug24150 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (v3 onion services): - - Fix a memory leak when decrypting a badly formatted v3 onion - service descriptor. Fixes bug 24150; bugfix on 0.3.2.1-alpha. - Found by OSS-Fuzz; this is OSS-Fuzz issue 3994. diff --git a/changes/bug24167 b/changes/bug24167 deleted file mode 100644 index fd0d87efff..0000000000 --- a/changes/bug24167 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes (network layer): - - When closing a connection via close_connection_immediately(), we - mark it as "not blocked on bandwidth", to prevent later calls - from trying to unblock it, and give it permission to read. This - fixes a backtrace warning that can happen on relays under various - circumstances. Fixes bug 24167; bugfix on 0.1.0.1-rc. - diff --git a/changes/bug24170 b/changes/bug24170 deleted file mode 100644 index d3d7347693..0000000000 --- a/changes/bug24170 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (path selection): - - Actually log the total bandwidth in compute_weighted_bandwidths(). - Fixes bug 24170; bugfix on 0.2.4.3-alpha. diff --git a/changes/bug24198 b/changes/bug24198 deleted file mode 100644 index 6790706872..0000000000 --- a/changes/bug24198 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (controller, linux seccomp2 sandbox): - - Avoid a crash when attempting to use the seccomp2 sandbox - together with the OwningControllerProcess feature. - Fixes bug 24198; bugfix on 0.2.5.1-alpha. diff --git a/changes/bug24230 b/changes/bug24230 deleted file mode 100644 index b08c4cde24..0000000000 --- a/changes/bug24230 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (control port, hidden service): - - Control port was reporting the action "UPLOAD_FAILED" instead of - "FAILED" for the HS_DESC event when a service was not able to upload a - descriptor. Fixes bug 24230; bugfix on 0.2.7.1-alpha. diff --git a/changes/bug24247 b/changes/bug24247 deleted file mode 100644 index 1f4ddcdde2..0000000000 --- a/changes/bug24247 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (fuzzing): - - Fix a bug in our fuzzing mock replacement for crypto_pk_checksig(), to - correctly handle cases where a caller gives it an RSA key of under 160 - bits. (This is not actually a bug in Tor itself, but wrather in our - fuzzing code.) Fixes bug 24247; bugfix on 0.3.0.3-alpha. - Found by OSS-Fuzz as issue 4177. diff --git a/changes/bug24262 b/changes/bug24262 deleted file mode 100644 index eee69512e4..0000000000 --- a/changes/bug24262 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (hidden service): - - Fix the consensus parameter "hsdir-interval" to "hsdir_interval" so it - matches the dir-spec.txt. Fixes bug 24262; bugfix on 0.3.1.1-alpha. diff --git a/changes/bug24279 b/changes/bug24279 deleted file mode 100644 index ab2932b341..0000000000 --- a/changes/bug24279 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (compilation, hardening): - - Fix a memory leak warning in one of the libevent-related - configuration tests that could occur when manually specifying - -fsanitize=address. Fixes bug 24279; bugfix on 0.3.0.2-alpha. - Found and patched by Alex Xu. diff --git a/changes/bug24313 b/changes/bug24313 deleted file mode 100644 index b927ec3ba6..0000000000 --- a/changes/bug24313 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes (security, hidden service v2): - - Fix a use-after-free error that could crash v2 Tor hidden services - when it failed to open circuits while expiring introductions - points. Fixes bug 24313; bugfix on 0.2.7.2-alpha. This - issue is also tracked as TROVE-2017-013 and CVE-2017-8823. diff --git a/changes/bug24345 b/changes/bug24345 deleted file mode 100644 index 22eb412514..0000000000 --- a/changes/bug24345 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (tests): - - Fix a unit test in one of the bridge-distribution test cases. - Fixes bug 24345; bugfix on 0.3.2.3-alpha. diff --git a/changes/bug24367 b/changes/bug24367 deleted file mode 100644 index 09ef3bb877..0000000000 --- a/changes/bug24367 +++ /dev/null @@ -1,13 +0,0 @@ - o Minor bugfixes (bridge clients, bootstrap): - - Retry directory downloads when we get our first bridge descriptor - during bootstrap or while reconnecting to the network. Keep retrying - every time we get a bridge descriptor, until we have a reachable bridge. - Fixes bug 24367; bugfix on 0.2.0.3-alpha. - - Stop delaying bridge descriptor fetches when we have cached bridge - descriptors. Instead, only delay bridge descriptor fetches when we - have at least one reachable bridge. - Fixes bug 24367; bugfix on 0.2.0.3-alpha. - - Stop delaying directory fetches when we have cached bridge descriptors. - Instead, only delay bridge descriptor fetches when all our bridges are - definitely unreachable. - Fixes bug 24367; bugfix on 0.2.0.3-alpha. diff --git a/changes/bug24424 b/changes/bug24424 deleted file mode 100644 index 63c2d39ba1..0000000000 --- a/changes/bug24424 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (portability): - - Tor now compiles correctly on arm64 with libseccomp-dev installed. - (It doesn't yet work with the sandbox enabled.) Closes ticket 24424. diff --git a/changes/bug24480 b/changes/bug24480 deleted file mode 100644 index 94e5b91a0c..0000000000 --- a/changes/bug24480 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (compilation): - - Fix a signed/unsigned comparison warning introduced by our - fix to TROVE-2017-009. Fixes bug 24480; bugfix on 0.2.5.16. diff --git a/changes/bug24502 b/changes/bug24502 deleted file mode 100644 index 3fa6fb58dd..0000000000 --- a/changes/bug24502 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (scheduler): - - Properly set the scheduler state of an unopened channel in the KIST - scheduler main loop. This prevents a harmless but annoying log warning. - Fixes bug 24502; bugfix on 0.3.2.4-alpha. diff --git a/changes/bug24526 b/changes/bug24526 deleted file mode 100644 index 4d69defa9b..0000000000 --- a/changes/bug24526 +++ /dev/null @@ -1,4 +0,0 @@ - o Documentation: - - Document that operators who run more than one relay or bridge are - expected to set MyFamily and ContactInfo correctly. Closes ticket - 24526. diff --git a/changes/bug24590 b/changes/bug24590 deleted file mode 100644 index 77e039f8d2..0000000000 --- a/changes/bug24590 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (scheduler, KIST): - - Avoid a possible integer overflow when computing the available space on - the TCP buffer of a channel. This has no security implications but can - make KIST not behave properly by allowing more cells on a already - saturated connection. Fixes bug 24590; bugfix on 0.3.2.1-alpha. diff --git a/changes/bug24633 b/changes/bug24633 deleted file mode 100644 index 028c7cc143..0000000000 --- a/changes/bug24633 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (portability, msvc): - - Fix a bug in the bit-counting parts of our timing-wheel code on - MSVC. (Note that MSVC is still not a supported build platform, - due to cyptographic timing channel risks.) Fixes bug 24633; - bugfix on 0.2.9.1-alpha. diff --git a/changes/bug24634 b/changes/bug24634 deleted file mode 100644 index ac82b94fbb..0000000000 --- a/changes/bug24634 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (compilation): - - Resolve a few shadowed-variable warnings in the onion service code. - Fixes bug 24634; bugfix on 0.3.2.1-alpha. diff --git a/changes/bug24652 b/changes/bug24652 deleted file mode 100644 index 6e35e259e9..0000000000 --- a/changes/bug24652 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (build, compatibility, rust, OSX): - - - When building with Rust on OSX, link against libresolv, to - work around the issue at - https://github.com/rust-lang/rust/issues/46797. Fixes bug - 24652; bugfix on 0.3.1.1-alpha. diff --git a/changes/bug24665 b/changes/bug24665 deleted file mode 100644 index f950d9dd01..0000000000 --- a/changes/bug24665 +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfixes (KIST, scheduler): - - The KIST scheduler did not correctly account for data already enqueued - in each connection's send socket buffer, particularly in cases when the - TCP/IP congestion window was reduced between scheduler calls. This - situation lead to excessive per-connection buffering in the kernel, and - a potential memory DoS. Fixes bug 24665; bugfix on 0.3.2.1-alpha. diff --git a/changes/bug24666 b/changes/bug24666 deleted file mode 100644 index 830775f5f6..0000000000 --- a/changes/bug24666 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes (memory usage): - - - When queuing DESTROY cells on a channel, only queue the - circuit-id and reason fields: not the entire 514-byte - cell. This fix should help mitigate any bugs or attacks that - fill up these queues, and free more RAM for other uses. Fixes - bug 24666; bugfix on 0.2.5.1-alpha. diff --git a/changes/bug24671 b/changes/bug24671 deleted file mode 100644 index 34d09e704d..0000000000 --- a/changes/bug24671 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (scheduler, KIST): - - Use a sane write limit for KISTLite when writing onto a connection - buffer instead of using INT_MAX and shoving as much as it can. Because - the OOM handler cleans up circuit queues, we are better off at keeping - them in that queue instead of the connection's buffer. Fixes bug 24671; - bugfix on 0.3.2.1-alpha. diff --git a/changes/bug24700 b/changes/bug24700 deleted file mode 100644 index 74dc581a0b..0000000000 --- a/changes/bug24700 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (scheduler, KIST): - - Avoid adding the same channel twice in the KIST scheduler pending list - wasting CPU cycles at handling the same channel twice. Fixes bug 24700; - bugfix on 0.3.2.1-alpha. diff --git a/changes/bug24736 b/changes/bug24736 deleted file mode 100644 index 632560932a..0000000000 --- a/changes/bug24736 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (address selection): - - When the fascist_firewall_choose_address_ functions don't find a - reachable address, set the returned address to the null address and port. - This is a precautionary measure, because some callers do not check the - return value. - Fixes bug 24736; bugfix on 0.2.8.2-alpha. diff --git a/changes/bug24767 b/changes/bug24767 new file mode 100644 index 0000000000..56fbe51a98 --- /dev/null +++ b/changes/bug24767 @@ -0,0 +1,5 @@ + o Major bugfixes (relay, connection): + - Refuse to connect again to a relay from which we failed previously with + a connection refused, timeout or error (at the TCP level). The relay + won't be retried for 60 seconds after the failure occured. Fixes bug + 24767; bugfix on 0.0.6. diff --git a/changes/bug24769 b/changes/bug24769 new file mode 100644 index 0000000000..2893e0ff07 --- /dev/null +++ b/changes/bug24769 @@ -0,0 +1,7 @@ + o Minor bugfixes (performance): + - Reduce the number of circuits that can be opened at once during the + circuit build timeout phase. This is done by increasing the idle timeout + to 3 minutes, and lowering the maximum number of concurrent learning + circuits to 10. Fixes bug 24769; bugfix on 0.3.1.1-alpha. + + diff --git a/changes/bug24782 b/changes/bug24782 new file mode 100644 index 0000000000..59bbdad123 --- /dev/null +++ b/changes/bug24782 @@ -0,0 +1,4 @@ + o Minor features (config options): + - Change the way the default value for MaxMemInQueues is calculated. We now + use 0.4 * RAM if the system have 8 GB RAM or more, otherwise we use the + former value of 0.75 * RAM. Closes ticket 24782. diff --git a/changes/bug24826_031 b/changes/bug24826_031 deleted file mode 100644 index 3d4a66184a..0000000000 --- a/changes/bug24826_031 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (performance, fragile-hardening): - - Improve the performance of our consensus-diff application code when Tor - is built with the --enable-fragile-hardening option set. Fixes bug - 24826; bugfix on 0.3.1.1-alpha. diff --git a/changes/bug24859 b/changes/bug24859 deleted file mode 100644 index 122109d650..0000000000 --- a/changes/bug24859 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (logging): - - Don't treat inability to store a cached consensus object as a - bug: it can happen normally when we are out of disk space. - Fixes bug 24859; bugfix on 0.3.1.1-alpha. diff --git a/changes/bug24894 b/changes/bug24894 deleted file mode 100644 index b08cdce1f0..0000000000 --- a/changes/bug24894 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes (v3 onion services): - - New-style (v3) onion services now obey the "max rendezvous circuit - attempts" logic. Previously they would make as many rendezvous - circuit attempts as they could fit in the MAX_REND_TIMEOUT second - window before giving up. Fixes bug 24894; bugfix on 0.3.2.1-alpha. diff --git a/changes/bug24895 b/changes/bug24895 deleted file mode 100644 index 7edde94a0b..0000000000 --- a/changes/bug24895 +++ /dev/null @@ -1,8 +0,0 @@ - o Major bugfixes (onion services): - - Fix an "off by 2" error in counting rendezvous failures on the onion - service side. While we thought we would stop the rendezvous attempt - after one failed circuit, we were actually making three circuit attempts - before giving up. Now switch to a default of 2, and allow the consensus - parameter "hs_service_max_rdv_failures" to override. Fixes bug 24895; - bugfix on 0.0.6. - diff --git a/changes/bug24898 b/changes/bug24898 deleted file mode 100644 index f64340d71b..0000000000 --- a/changes/bug24898 +++ /dev/null @@ -1,8 +0,0 @@ - o Major bugfixes (relays): - - Fix a set of false positives where relays would consider connections - to other relays as being client-only connections (and thus e.g. - deserving different link padding schemes) if those relays fell out - of the consensus briefly. Now we look only at the initial handshake - and whether the connection authenticated as a relay. Fixes bug - 24898; bugfix on 0.3.1.1-alpha. - diff --git a/changes/bug24903 b/changes/bug24903 new file mode 100644 index 0000000000..01c9b53f23 --- /dev/null +++ b/changes/bug24903 @@ -0,0 +1,5 @@ + o Minor bugfixes (controller, reliability): + - Avoid a (nonfatal) assertion failure when extending a one-hop circuit + from the controller to become a multihop circuit. Fixes bug 24903; + bugfix on 0.2.5.2-alpha. + diff --git a/changes/bug24904 b/changes/bug24904 new file mode 100644 index 0000000000..648d9a5834 --- /dev/null +++ b/changes/bug24904 @@ -0,0 +1,4 @@ + o Minor bugfix (channel, client): + - Better identify client connection when reporting to the geoip client + cache. Fixes bug 24904; bugfix on 0.3.1.7. + diff --git a/changes/bug24952 b/changes/bug24952 deleted file mode 100644 index 93174c04f5..0000000000 --- a/changes/bug24952 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfix (channel connection): - - The accurate address of a connection is real_addr, not the addr member. - TLS Channel remote address is now real_addr content instead of addr - member. Fixes bug 24952; bugfix on 707c1e2e26 in 0.2.4.11-alpha. - Patch by "ffmancera". diff --git a/changes/bug24972 b/changes/bug24972 deleted file mode 100644 index 5adf970abf..0000000000 --- a/changes/bug24972 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (logging, diagnostic): - - When logging a failure to check a hidden service's certificate, - also log what the problem with the certificate was. Diagnostic - for ticket 24972. diff --git a/changes/bug24975 b/changes/bug24975 deleted file mode 100644 index 32a5dfc929..0000000000 --- a/changes/bug24975 +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfixes (scheduler, consensus): - - A logic in the code was preventing the scheduler subystem to properly - make a decision based on the latest consensus when it arrives. This lead - to the scheduler failing to notice any consensus parameters that might - have changed between consensuses. Fixes bug 24975; bugfix on - 0.3.2.1-alpha. diff --git a/changes/bug24976 b/changes/bug24976 deleted file mode 100644 index 9c3be86eab..0000000000 --- a/changes/bug24976 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (hidden service v3 client): - - Remove a BUG() statement which can be triggered in normal circumstances - where a client fetches a descriptor that has a lower revision counter - than the one in its cache. This can happen due to HSDir desync. Fixes - bug 24976; bugfix on 0.3.2.1-alpha. diff --git a/changes/bug24989 b/changes/bug24989 new file mode 100644 index 0000000000..a0ea6acf03 --- /dev/null +++ b/changes/bug24989 @@ -0,0 +1,4 @@ + o Minor bugfixes (hidden services): + - Re-instate counting pending client HSDir fetch circuits against the + MaxClientCircuitsPending rate limit. Fixes bug 24989; bugfix on + 0.3.3.0-alpha-dev. diff --git a/changes/bug25005 b/changes/bug25005 deleted file mode 100644 index dedf283aa9..0000000000 --- a/changes/bug25005 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (unit tests): - - Fix a memory leak in the scheduler/loop_kist unit test. Fixes bug - 25005; bugfix on 0.3.2.7-rc. - diff --git a/changes/bug25070 b/changes/bug25070 deleted file mode 100644 index c2f4e58c45..0000000000 --- a/changes/bug25070 +++ /dev/null @@ -1,3 +0,0 @@ - o Major bugfixes (protocol versions): - - Add Link protocol version 5 to the supported protocols list. - Fixes bug 25070; bugfix on 0.3.1.1-alpha. diff --git a/changes/bug25105 b/changes/bug25105 deleted file mode 100644 index 36d1a5f16f..0000000000 --- a/changes/bug25105 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (v3 onion services): - - Look at the "HSRend" protocol version, not the "HSDir" protocol - version, when deciding whether a consensus entry can support - the v3 onion service protocol as a rendezvous point. - Fixes bug 25105; bugfix on 0.3.2.1-alpha. diff --git a/changes/bug25120 b/changes/bug25120 new file mode 100644 index 0000000000..7215756ef3 --- /dev/null +++ b/changes/bug25120 @@ -0,0 +1,4 @@ + o Minor features (logging): + - Clarify the log messages produced when getrandom() or a related + entropy-generation mechanism gives an error. Closes ticket + 25120. diff --git a/changes/bug25213 b/changes/bug25213 new file mode 100644 index 0000000000..bb196ca724 --- /dev/null +++ b/changes/bug25213 @@ -0,0 +1,5 @@ + o Minor bugfixes (warnings, ipv6): + - Avoid a bug warning that could occur when trying to connect to + a relay over IPv6 on a Tor instance that downloads router descriptors, + but prefers to use microdescriptors. Fixes bug 25213; bugfix on + 0.3.3.1-alpha. diff --git a/changes/bug25226 b/changes/bug25226 new file mode 100644 index 0000000000..b594a7a424 --- /dev/null +++ b/changes/bug25226 @@ -0,0 +1,4 @@ + o Major bugfixes (relay, denial of service): + - Impose a limit on circuit cell queue size. The limit can be controlled by + a consensus parameter. Fixes bug 25226; bugfix on 0.2.4.14-alpha. + diff --git a/changes/bug25306 b/changes/bug25306 new file mode 100644 index 0000000000..a2e6306f42 --- /dev/null +++ b/changes/bug25306 @@ -0,0 +1,6 @@ + o Minor bugfixes (hidden service v3): + - Avoid asserting when building descriptors in the next rotation time is + out of sync with the consensus valid after time. Instead, log a bug + warning with extra information to hunt down the cause of this assert. + Fixes bug 25306; bugfix on 0.3.2.1-alpha. + diff --git a/changes/bug25372 b/changes/bug25372 new file mode 100644 index 0000000000..4cceab3a45 --- /dev/null +++ b/changes/bug25372 @@ -0,0 +1,3 @@ + o Minor features (log messages): + - Improve log message in the out of memory handler to include information + about memory usage from the different compression backends. Closes ticket 25372. diff --git a/changes/bug25378 b/changes/bug25378 new file mode 100644 index 0000000000..4648a0a313 --- /dev/null +++ b/changes/bug25378 @@ -0,0 +1,4 @@ + o Documentation: + - Update the documentation for "Log" to include the current list + of logging domains. Closes ticket 25378. + diff --git a/changes/bug25415 b/changes/bug25415 new file mode 100644 index 0000000000..ec851aee8d --- /dev/null +++ b/changes/bug25415 @@ -0,0 +1,4 @@ + o Major bugfixes (directory authority): + - Avoid a crash when testing router reachability on a router that could + have an ed25519 ID, but which does not. Fixes bug 25415; bugfix on + 0.3.3.2-alpha. diff --git a/changes/bug25479 b/changes/bug25479 new file mode 100644 index 0000000000..e693b8ec7a --- /dev/null +++ b/changes/bug25479 @@ -0,0 +1,4 @@ + o Major bugfixes (benchmarks): + - Fix a crash when running benchmark tests on win32 systems which + was due to an uninitialised mutex before logging and options + were initialised. Fixes bug 25479; bugfix on 0.3.3.3-alpha. diff --git a/changes/bug25505 b/changes/bug25505 new file mode 100644 index 0000000000..101c7d5246 --- /dev/null +++ b/changes/bug25505 @@ -0,0 +1,3 @@ + o Minor bugfixes (netflow padding): + - Ensure circuitmux queues are empty before scheduling or sending padding. + Fixes bug 25505; bugfix on 0.3.1.1-alpha. diff --git a/changes/bug25512 b/changes/bug25512 new file mode 100644 index 0000000000..4b6491867e --- /dev/null +++ b/changes/bug25512 @@ -0,0 +1,5 @@ + o Minor bugfixes (restart-in-process): + - When shutting down, Tor now clears all the flags in the control.c + module. This should prevent a bug where authentication cookies + are not generated on restart. Fixes bug 25512; bugfix on 0.3.3.1-alpha. + diff --git a/changes/bug25560 b/changes/bug25560 new file mode 100644 index 0000000000..5947fa03a3 --- /dev/null +++ b/changes/bug25560 @@ -0,0 +1,5 @@ + o Minor bugfixes (testing, rust): + - Some of our Rust crates were not having their tests run with `make + test-rust` due to a static string in the `src/test/test_rust.sh` script + specifying which crates to test. Rust crates are not automatically + detected and tested. Fixes bug 25560; bugfix on 0.3.3.3-alpha. diff --git a/changes/bug25581 b/changes/bug25581 new file mode 100644 index 0000000000..86f2491db7 --- /dev/null +++ b/changes/bug25581 @@ -0,0 +1,4 @@ + o Minor bugfixes (configuration): + - Remove undescores from the _HSLayer{2,3}Nodes options. This expert-user + configuration can now be enabled as HSLayer{2,3}Nodes. Fixes bug 25581; + bugfix on 0.3.3.1-alpha diff --git a/changes/bug25582 b/changes/bug25582 new file mode 100644 index 0000000000..609b94aac6 --- /dev/null +++ b/changes/bug25582 @@ -0,0 +1,3 @@ + o Minor bugfixes (documentation): + - Revert a misformatting issue in the ExitPolicy + documentation. Fixes bug 25582; bugfix on 0.3.3.1-alpha. diff --git a/changes/bug25617 b/changes/bug25617 new file mode 100644 index 0000000000..5de655d69e --- /dev/null +++ b/changes/bug25617 @@ -0,0 +1,5 @@ + o Minor bugfixes (controller): + - Restore the correct operation of the RESOLVE command, which had + been broken since we added the ability to enable/disable DNS + on specific listener ports. Fixes bug 25617; bugfix on 0.2.9.3-alpha. + diff --git a/changes/bug25664 b/changes/bug25664 new file mode 100644 index 0000000000..c8b3ca6187 --- /dev/null +++ b/changes/bug25664 @@ -0,0 +1,3 @@ + o New system requirements: + - When built with Rust, Tor now depends on version 0.2.39 of the libc + crate. Closes tickets 25310 and 25664. diff --git a/changes/bug25679 b/changes/bug25679 new file mode 100644 index 0000000000..9247a29153 --- /dev/null +++ b/changes/bug25679 @@ -0,0 +1,4 @@ + o Minor bugfixes (compilation, rust): + - Build correctly when the rust dependencies submodule is loaded, + but the TOR_RUST_DEPENDENCIES environment variable is not set. + Fixes bug 25679; bugfix on 0.3.3.1-alpha. diff --git a/changes/bug25691 b/changes/bug25691 new file mode 100644 index 0000000000..5f630d5032 --- /dev/null +++ b/changes/bug25691 @@ -0,0 +1,6 @@ + o Minor bugfixes (client): + - When using a listed relay as a bridge, and also using + microdescriptors, and considering that relay as a non-bridge in + a circuit, consider its microdescriptor as a valid source of information + about that relay. Fixes bug 25691; bugfix on 0.3.3.4-alpha. + diff --git a/changes/bug25691_again b/changes/bug25691_again new file mode 100644 index 0000000000..3d0d91bfd3 --- /dev/null +++ b/changes/bug25691_again @@ -0,0 +1,6 @@ + o Minor bugfixes (path selection): + - Only select relays when they have the descriptors we prefer to + use for them. This change fixes a bug where we could select + a relay because it had _some_ descriptor, but reject it later with + a nonfatal assertion error because it didn't have the exact one we + wanted. Fixes bugs 25691 and 25692; bugfix on 0.3.3.4-alpha. diff --git a/changes/bug25705 b/changes/bug25705 new file mode 100644 index 0000000000..360d96d4c6 --- /dev/null +++ b/changes/bug25705 @@ -0,0 +1,5 @@ + o Minor bugfixes (circuit path selection): + - Don't count path selection failures as circuit build failures. This + should eliminate cases where Tor blames its guard or the network + for situations like insufficient microdescriptors and/or overly + restrictive torrc settings. Fixes bug 25705; bugfix on 0.3.3.1-alpha. diff --git a/changes/bug25732 b/changes/bug25732 new file mode 100644 index 0000000000..49ffae29e5 --- /dev/null +++ b/changes/bug25732 @@ -0,0 +1,4 @@ + o Minor bugfixes (distribution, compilation): + - Actually include all of our Rust source in our source + distributions. (Previously, a few of the files were accidentally + omitted.) Fixes bug 25732; bugfix on 0.3.3.2-alpha. diff --git a/changes/bug25733 b/changes/bug25733 new file mode 100644 index 0000000000..775c1ae00e --- /dev/null +++ b/changes/bug25733 @@ -0,0 +1,4 @@ + o Minor bugfixes (Assert crash): + - Avoid an assert in the circuit build timeout code if we fail to + allow any circuits to actually complete. Fixes bug 25733; + bugfix on 0.2.2.2-alpha. diff --git a/changes/bug26052 b/changes/bug26052 new file mode 100644 index 0000000000..4721933fa5 --- /dev/null +++ b/changes/bug26052 @@ -0,0 +1,6 @@ + o Minor bugfixes (documentation): + - Stop saying in the manual that clients cache ipv4 dns answers + from exit relays. We haven't used them since 0.2.6.3-alpha, and + in ticket 24050 we stopped even caching them as of 0.3.2.6-alpha, + but we forgot to say so in the man page. Fixes bug 26052; bugfix + on 0.3.2.6-alpha. diff --git a/changes/bug26121 b/changes/bug26121 new file mode 100644 index 0000000000..5f734dd56b --- /dev/null +++ b/changes/bug26121 @@ -0,0 +1,6 @@ + o Minor bugfixes (controller): + - Improve accuracy of the BUILDTIMEOUT_SET control port event's + TIMEOUT_RATE and CLOSE_RATE fields. (We were previously miscounting + the total number of circuits for these field values.) Fixes bug + 26121; bugfix on 0.3.3.1-alpha. + diff --git a/changes/bug26258_033 b/changes/bug26258_033 new file mode 100644 index 0000000000..ceca383335 --- /dev/null +++ b/changes/bug26258_033 @@ -0,0 +1,4 @@ + o Major bugfixes (rust, testing): + - Fix a bug where a failure in the rust unit tests would not actually + cause the build to fail. Fixes bug 26258; bugfix on 0.3.3.4-alpha. + diff --git a/changes/bug26435 b/changes/bug26435 new file mode 100644 index 0000000000..f66c503dd5 --- /dev/null +++ b/changes/bug26435 @@ -0,0 +1,5 @@ + o Major bugfixes (directory authority): + - Fix a memory leak where directory authorities would leak a chunk + of memory for every router descriptor every time they considered + voting. This bug was taking down directory authorities due to + out-of-memory issues. Fixes bug 26435; bugfix on 0.3.3.6. diff --git a/changes/bug26497-cd b/changes/bug26497-cd new file mode 100644 index 0000000000..37bf1bc956 --- /dev/null +++ b/changes/bug26497-cd @@ -0,0 +1,4 @@ + o Minor bugfixes (rust): + - cd to ${abs_top_builddir}/src/rust before running cargo in + src/test/test_rust.sh. This makes the working directory consistent + between builds and tests. Fixes bug 26497; bugfix on 0.3.3.2-alpha. diff --git a/changes/bug26523 b/changes/bug26523 new file mode 100644 index 0000000000..a739d240e9 --- /dev/null +++ b/changes/bug26523 @@ -0,0 +1,5 @@ + o Minor bugfixes (hidden service, control port): + - The HSPOST command wasn't parsing properly the HSADDRESS= parameter and + thus not using it. It now handles it correctly. Fixes bug 26523; bugfix on + 0.3.3.1-alpha. Patch by "akwizgran". + diff --git a/changes/bug26627 b/changes/bug26627 new file mode 100644 index 0000000000..d28bd05d53 --- /dev/null +++ b/changes/bug26627 @@ -0,0 +1,7 @@ + o Minor bugfixes (v3 onion services): + - Stop sending ed25519 link specifiers in v3 onion service introduce + cells, when the rendezvous point doesn't support ed25519 link + authentication. Fixes bug 26627; bugfix on 0.3.2.4-alpha. + - Stop putting ed25519 link specifiers in v3 onion service descriptors, + when the intro point doesn't support ed25519 link authentication. + Fixes bug 26627; bugfix on 0.3.2.4-alpha. diff --git a/changes/bug26779 b/changes/bug26779 new file mode 100644 index 0000000000..fb7f6160ea --- /dev/null +++ b/changes/bug26779 @@ -0,0 +1,4 @@ + o Minor features (bug workaround): + - Compile correctly on systems that provide the C11 stdatomic.h header, + but where C11 atomic functions don't actually compile. + Closes ticket 26779; workaround for Debian issue 903709. diff --git a/changes/bug26873 b/changes/bug26873 new file mode 100644 index 0000000000..565f8bf0b1 --- /dev/null +++ b/changes/bug26873 @@ -0,0 +1,4 @@ + o Minor bugfixes (portability): + - Fix compilation of the unit tests on GNU/Hurd, which does not + define PATH_MAX. Fixes bug 26873; bugfix on 0.3.3.1-alpha. + Patch from "paulusASol". diff --git a/changes/bug26876 b/changes/bug26876 new file mode 100644 index 0000000000..b661104236 --- /dev/null +++ b/changes/bug26876 @@ -0,0 +1,4 @@ + o Minor bugfixes (portability): + - Work around two different bugs in the OS X 10.10 and later SDKs that + would prevent us from successfully targeting earlier versions of OS X. + Fixes bug 26876; bugfix on 0.3.3.1-alpha. diff --git a/changes/bug26948 b/changes/bug26948 new file mode 100644 index 0000000000..0f0728843f --- /dev/null +++ b/changes/bug26948 @@ -0,0 +1,4 @@ + o Minor bugfixes (in-process restart): + - Always call tor_free_all() when leaving tor_run_main(). When we + did not, restarting tor in-process would cause an assertion failure. + Fixes bug 26948; bugfix on 0.3.3.1-alpha. diff --git a/changes/bug27164 b/changes/bug27164 new file mode 100644 index 0000000000..d04d2f28f4 --- /dev/null +++ b/changes/bug27164 @@ -0,0 +1,4 @@ + o Minor bugfixes (rust): + - Protover parsing was ignoring a 2nd hyphen and everything after it, + accepting entries like "Link=1-5-foo". Fixes bug 27164; bugfix on + 0.3.3.1-alpha. diff --git a/changes/bug27177 b/changes/bug27177 new file mode 100644 index 0000000000..b03bbc96ea --- /dev/null +++ b/changes/bug27177 @@ -0,0 +1,4 @@ + o Minor bugfixes (rust): + - Protover parsing was accepting the presence of whitespace in version + strings, which the C implementation would choke on, e.g. "Desc=1\t,2". + Fixes bug 27177; bugfix on 0.3.3.5-rc. diff --git a/changes/bug27206 b/changes/bug27206 new file mode 100644 index 0000000000..c0fbbed702 --- /dev/null +++ b/changes/bug27206 @@ -0,0 +1,4 @@ + o Minor bugfixes (rust): + - protover_all_supported() would attempt to allocate up to 16GB on some + inputs, leading to a potential memory DoS. Fixes bug 27206; bugfix on + 0.3.3.5-rc. diff --git a/changes/bug27649 b/changes/bug27649 new file mode 100644 index 0000000000..55bfc3a842 --- /dev/null +++ b/changes/bug27649 @@ -0,0 +1,4 @@ + o Minor bugfixes (rust): + - The protover rewrite in 24031 allowed repeated votes from the same + voter for the same protocol version to be counted multiple times in + protover_compute_vote(). Fixes bug 27649; bugfix on 0.3.3.5-rc. diff --git a/changes/bug27687 b/changes/bug27687 new file mode 100644 index 0000000000..8b7903b63e --- /dev/null +++ b/changes/bug27687 @@ -0,0 +1,4 @@ + o Minor bugfixes (rust): + - protover parsed and accepted unknown protocol names containing invalid + characters outside the range [A-Za-z0-9-]. Fixes bug 27687; bugfix on + 0.3.3.1-alpha. diff --git a/changes/bug27708 b/changes/bug27708 new file mode 100644 index 0000000000..d283b19515 --- /dev/null +++ b/changes/bug27708 @@ -0,0 +1,4 @@ + o Major bugfixes (restart-in-process): + - Fix a use-after-free error that could be caused by passing Tor an + impossible set of options that would fail during options_act(). + Fixes bug 27708; bugfix on 0.3.3.1-alpha. diff --git a/changes/bugs_25036_25055 b/changes/bugs_25036_25055 new file mode 100644 index 0000000000..daa46321c0 --- /dev/null +++ b/changes/bugs_25036_25055 @@ -0,0 +1,7 @@ + o Minor bugfixes (networking): + - Tor will not reject IPv6 address strings from TorBrowser when they + are passed as hostnames in SOCKS5 requests. Fixes bug 25036, + bugfix on Tor 0.3.1.2. + - string_is_valid_hostname() will not consider IP strings to be valid + hostnames. Fixes bug 25055; bugfix on Tor 0.2.5.5. + diff --git a/changes/feature18329 b/changes/feature18329 deleted file mode 100644 index 1dabf50244..0000000000 --- a/changes/feature18329 +++ /dev/null @@ -1,9 +0,0 @@ - o Minor features (bridge): - - Bridge relays can now set the BridgeDistribution config option to - add a "bridge-distribution-request" line to their bridge descriptor, - which tells BridgeDB how they'd like their bridge address to be - given out. (Note that as of Oct 2017, BridgeDB does not yet implement - this feature.) As a side benefit, this feature provides a way - to distinguish bridge descriptors from non-bridge descriptors. - Implements tickets 18329. - diff --git a/changes/geoip-2017-11-06 b/changes/geoip-2017-11-06 deleted file mode 100644 index f034be9006..0000000000 --- a/changes/geoip-2017-11-06 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (geoip): - - Update geoip and geoip6 to the November 6 2017 Maxmind GeoLite2 - Country database. - diff --git a/changes/geoip-2017-12-06 b/changes/geoip-2017-12-06 deleted file mode 100644 index ae4fb1149f..0000000000 --- a/changes/geoip-2017-12-06 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (geoip): - - Update geoip and geoip6 to the December 6 2017 Maxmind GeoLite2 - Country database. - diff --git a/changes/geoip-2018-01-05 b/changes/geoip-2018-01-05 deleted file mode 100644 index 59aba02d09..0000000000 --- a/changes/geoip-2018-01-05 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (geoip): - - Update geoip and geoip6 to the January 5 2018 Maxmind GeoLite2 - Country database. - diff --git a/changes/geoip-2018-02-07 b/changes/geoip-2018-02-07 deleted file mode 100644 index f45228fd76..0000000000 --- a/changes/geoip-2018-02-07 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (geoip): - - Update geoip and geoip6 to the February 7 2018 Maxmind GeoLite2 - Country database. - diff --git a/changes/geoip-october2017 b/changes/geoip-october2017 deleted file mode 100644 index 11f623e85f..0000000000 --- a/changes/geoip-october2017 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (geoip): - - Update geoip and geoip6 to the October 4 2017 Maxmind GeoLite2 - Country database. - diff --git a/changes/hsdescv3_fuzz_more b/changes/hsdescv3_fuzz_more deleted file mode 100644 index 25626bb9a4..0000000000 --- a/changes/hsdescv3_fuzz_more +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (testing): - - Our fuzzing tests now test the encrypted portions of the - v3 hidden service descriptors. Implements more of 21509. diff --git a/changes/longclaw_23592 b/changes/longclaw_23592 deleted file mode 100644 index 91e2da8972..0000000000 --- a/changes/longclaw_23592 +++ /dev/null @@ -1,3 +0,0 @@ - o Directory authority changes: - - The directory authority "Longclaw" has changed its IP address. - Closes ticket 23592. diff --git a/changes/refactor23814 b/changes/refactor23814 new file mode 100644 index 0000000000..a67b6989f8 --- /dev/null +++ b/changes/refactor23814 @@ -0,0 +1,4 @@ + o Code simplification and refactoring: + - Remove the old (deterministic) directory retry logic entirely: + We've used exponential backoff exclusively for some time. + Closes ticket 23814. diff --git a/changes/stack b/changes/stack deleted file mode 100644 index ffdf536cb9..0000000000 --- a/changes/stack +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes (correctness): - - Fix several places in our codebase where a C compiler would be likely - to eliminate a check, based on assuming that undefined behavior had not - happened elsewhere in the code. These cases are usually a sign of - redundant checking, or dubious arithmetic. Found by Georg Koppen using - the "STACK" tool from Wang, Zeldovich, Kaashoek, and - Solar-Lezama. Fixes bug 24423; bugfix on various Tor versions. diff --git a/changes/ticket21031 b/changes/ticket21031 deleted file mode 100644 index b081fb018f..0000000000 --- a/changes/ticket21031 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor features (removed deprecations): - - The ClientDNSRejectInternalAddresses flag can once again be set in - non-testing Tor networks, so long as they do not use the default - directory authorities. - This change also removes the deprecation of this - flag in 0.2.9.2-alpha. Closes ticket 21031. - diff --git a/changes/ticket23635 b/changes/ticket23635 new file mode 100644 index 0000000000..54d303e4b8 --- /dev/null +++ b/changes/ticket23635 @@ -0,0 +1,3 @@ + o Documentation: + - Improved the documentation of AccountingStart paremeter. + Closes ticket 23635. diff --git a/changes/ticket23637 b/changes/ticket23637 deleted file mode 100644 index 0c524f34c3..0000000000 --- a/changes/ticket23637 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features (directory authority): - - Make the "Exit" flag assignment only depend on whether the exit - policy allows connections to ports 80 and 443. Previously relays - would get the Exit flag if they allowed connections to one of - these ports and also port 6667. Resolves ticket 23637. diff --git a/changes/ticket23856 b/changes/ticket23856 deleted file mode 100644 index 049da18d06..0000000000 --- a/changes/ticket23856 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor feature (relay statistics): - - Change relay bandwidth reporting stats interval from 4 hours to 24 hours - in order to reduce the efficiency of guard discovery attacks. Fixes - ticket 23856. diff --git a/changes/ticket23910 b/changes/ticket23910 deleted file mode 100644 index eb38fcf32f..0000000000 --- a/changes/ticket23910 +++ /dev/null @@ -1,3 +0,0 @@ - o Directory authority changes: - - Add bastet as a ninth directory authority to the default list. Closes - ticket 23910. diff --git a/changes/ticket24097 b/changes/ticket24097 deleted file mode 100644 index 36547a8ddb..0000000000 --- a/changes/ticket24097 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (logging): - - Downgrade a pair of log messages that could occur when an exit's - resolver gave us an unusual (but not forbidden) response. - Closes ticket 24097. diff --git a/changes/ticket24109 b/changes/ticket24109 deleted file mode 100644 index f66271817d..0000000000 --- a/changes/ticket24109 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (integration tests): - - Test that IPv6-only clients can use microdescriptors when running - "make test-network-all". Requires chutney master 61c28b9 or later. - Closes ticket 24109. diff --git a/changes/ticket24158 b/changes/ticket24158 deleted file mode 100644 index 3cdc06afae..0000000000 --- a/changes/ticket24158 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (logging): - Only log about no longer having KIST support once. Fixes bug 24158; bugfix - on 0.3.2 diff --git a/changes/ticket24254 b/changes/ticket24254 deleted file mode 100644 index 98d5d6bacd..0000000000 --- a/changes/ticket24254 +++ /dev/null @@ -1,3 +0,0 @@ - o Documentation: - Add notes in man page regarding OS support for the various scheduler types. - Attempt to use less jargon in the scheduler section. Closes ticket 24254. diff --git a/changes/ticket24315 b/changes/ticket24315 deleted file mode 100644 index df34dbf412..0000000000 --- a/changes/ticket24315 +++ /dev/null @@ -1,3 +0,0 @@ - o Major features (linux seccomp2 sandbox): - - Update the sandbox rules so that they should now work correctly with - Glibc 2.26. Closes ticket 24315. diff --git a/changes/ticket24343 b/changes/ticket24343 new file mode 100644 index 0000000000..e62d65eb54 --- /dev/null +++ b/changes/ticket24343 @@ -0,0 +1,6 @@ + o Minor bugfixes (man page, SocksPort): + - Remove dead code about the old "SocksSockets" option. To do so, the + SocksSocketsGroupWritable option has been renamed to + UnixSockssGroupWritable which does the same exact thing. The old option + is still usable but will warn that it is deprecated. Fixes bug 24343; + bugfix on 0.2.6.3. diff --git a/changes/ticket24425 b/changes/ticket24425 deleted file mode 100644 index aa6f082bcc..0000000000 --- a/changes/ticket24425 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (hidden service v3): - - Bump hsdir_spread_store parameter from 3 to 4 in order to increase the - probability of reaching a service for a client missing microdescriptors. - Fixes bug 24425; bugfix on 0.3.2.1-alpha. diff --git a/changes/ticket24500 b/changes/ticket24500 deleted file mode 100644 index b49b7a5551..0000000000 --- a/changes/ticket24500 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (logging): - - Provide better warnings when the getrandom() syscall fails. - Closes ticket 24500. diff --git a/changes/ticket24629-backport b/changes/ticket24629-backport new file mode 100644 index 0000000000..dfbc465634 --- /dev/null +++ b/changes/ticket24629-backport @@ -0,0 +1,3 @@ + o Minor features (continuous integration): + - Backport Travis rust distcheck to 0.3.3. + Closes ticket 24629. diff --git a/changes/ticket24681 b/changes/ticket24681 deleted file mode 100644 index cc0a42b2e0..0000000000 --- a/changes/ticket24681 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor features (fallback directory mirrors): - - Make the default DirAuthorityFallbackRate 0.1, so that clients on the - public tor network prefer to bootstrap off fallback directory mirrors. - This is a follow-up to 24679, which removed weights from the default - fallbacks. - Implements ticket 24681. diff --git a/changes/ticket24902 b/changes/ticket24902 deleted file mode 100644 index 1a2ef95cc9..0000000000 --- a/changes/ticket24902 +++ /dev/null @@ -1,13 +0,0 @@ - o Major features (denial of service mitigation): - - Give relays some defenses against the recent network overload. We start - with three defenses (default parameters in parentheses). First: if a - single client address makes too many concurrent connections (>100), hang - up on further connections. Second: if a single client address makes - circuits too quickly (more than 3 per second, with an allowed burst of - 90) while also having too many connections open (3), refuse new create - cells for the next while (1-2 hours). Third: if a client asks to - establish a rendezvous point to you directly, ignore the request. These - defenses can be manually controlled by new torrc options, but relays - will also take guidance from consensus parameters, so there's no need to - configure anything manually. Implements ticket 24902. - diff --git a/changes/ticket25071 b/changes/ticket25071 new file mode 100644 index 0000000000..5e2917e10b --- /dev/null +++ b/changes/ticket25071 @@ -0,0 +1,4 @@ + o Minor features (testing): + - Add a "make test-rust" target to run the rust tests only. + Closes ticket 25071. + diff --git a/changes/ticket25122 b/changes/ticket25122 deleted file mode 100644 index 2921811b22..0000000000 --- a/changes/ticket25122 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor feature (geoip cache): - - Make our OOM handler aware of the geoip client history cache so it - doesn't fill up the memory which is especially important for IPv6 and - our DoS mitigation subsystem. Closes ticket 25122. diff --git a/changes/ticket25170 b/changes/ticket25170 deleted file mode 100644 index 0652139400..0000000000 --- a/changes/ticket25170 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfix (directory authority, documentation): - - When a fingerprint or network address is marked as rejected, the - returned message by the authority now explicitly mention to set a valid - ContactInfo address and contact the bad-relays@ mailing list. Fixes bug - 25170; bugfix on 0.2.9.1. diff --git a/changes/ticket25248 b/changes/ticket25248 new file mode 100644 index 0000000000..67ccdb6313 --- /dev/null +++ b/changes/ticket25248 @@ -0,0 +1,4 @@ + o Documentation (manpage, denial of service): + - Better detail the denial of service options by listing the different + mitigation in place. Closes ticket 25248. + diff --git a/changes/ticket26006 b/changes/ticket26006 new file mode 100644 index 0000000000..e33e3f1cd2 --- /dev/null +++ b/changes/ticket26006 @@ -0,0 +1,4 @@ + o Minor features (compilation, portability): + - Avoid some compilation warnings with recent versions + of LibreSSL. Closes ticket 26006. + diff --git a/changes/ticket_24801 b/changes/ticket_24801 deleted file mode 100644 index f5f6c831af..0000000000 --- a/changes/ticket_24801 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features (new fallback directories): - - The fallback directory list has been re-generated based on the - current status of the network. Tor uses fallback directories to - bootstrap it doesn't yet have up-to-date directory - information. Closes ticket 24801. diff --git a/changes/trove-2017-009 b/changes/trove-2017-009 deleted file mode 100644 index 166a5faec6..0000000000 --- a/changes/trove-2017-009 +++ /dev/null @@ -1,10 +0,0 @@ - o Major bugfixes (security): - - When checking for replays in the INTRODUCE1 cell data for a (legacy) - hiddden service, correctly detect replays in the RSA-encrypted part of - the cell. We were previously checking for replays on the entire cell, - but those can be circumvented due to the malleability of Tor's legacy - hybrid encryption. This fix helps prevent a traffic confirmation - attack. Fixes bug 24244; bugfix on 0.2.4.1-alpha. This issue is also - tracked as TROVE-2017-009 and CVE-2017-8819. - - diff --git a/changes/trove-2017-010 b/changes/trove-2017-010 deleted file mode 100644 index d5bf9333da..0000000000 --- a/changes/trove-2017-010 +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfixes (security): - - Fix a denial-of-service issue where an attacker could crash - a directory authority using a malformed router descriptor. - Fixes bug 24245; bugfix on 0.2.9.4-alpha. Also tracked - as TROVE-2017-010 and CVE-2017-8820. - diff --git a/changes/trove-2017-011 b/changes/trove-2017-011 deleted file mode 100644 index 82d20d9e78..0000000000 --- a/changes/trove-2017-011 +++ /dev/null @@ -1,8 +0,0 @@ - o Major bugfixes (security): - - Fix a denial of service bug where an attacker could use a malformed - directory object to cause a Tor instance to pause while OpenSSL would - try to read a passphrase from the terminal. (If the terminal was not - available, tor would continue running.) Fixes bug 24246; bugfix on - every version of Tor. Also tracked as TROVE-2017-011 and - CVE-2017-8821. Found by OSS-Fuzz as testcase 6360145429790720. - diff --git a/changes/trove-2017-012-part1 b/changes/trove-2017-012-part1 deleted file mode 100644 index 9fccc2cf65..0000000000 --- a/changes/trove-2017-012-part1 +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfixes (security, relay): - - When running as a relay, make sure that we never build a path through - ourselves, even in the case where we have somehow lost the version of - our descriptor appearing in the consensus. Fixes part of bug 21534; - bugfix on 0.2.0.1-alpha. This issue is also tracked as TROVE-2017-012 - and CVE-2017-8822. diff --git a/changes/trove-2017-012-part2 b/changes/trove-2017-012-part2 deleted file mode 100644 index ed994c5b02..0000000000 --- a/changes/trove-2017-012-part2 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes (security, relay): - - When running as a relay, make sure that we never ever choose ourselves - as a guard. Previously, this was possible. Fixes part of bug 21534; - bugfix on 0.3.0.1-alpha. This issue is also tracked as TROVE-2017-012 - and CVE-2017-8822. |