diff options
Diffstat (limited to 'changes')
53 files changed, 156 insertions, 143 deletions
diff --git a/changes/.dummy b/changes/.dummy new file mode 100644 index 0000000000..dd9738feb2 --- /dev/null +++ b/changes/.dummy @@ -0,0 +1,37 @@ +This file is here to keep git from removing the changes directory when +all the changes files have been merged. + + + + + + + + + + + + + + + + + + + + + + + + +"I'm Nobody! Who are you? + Are you--Nobody--too? + Then there's a pair of us! + Don’t tell! they'd advertise--you know! + + How dreary--to be--Somebody! + How public--like a Frog-- + To tell one's name--the livelong June-- + To an admiring Bog!" + -- Emily Dickinson + diff --git a/changes/15188 b/changes/15188 deleted file mode 100644 index 2065b3974c..0000000000 --- a/changes/15188 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (testing): - - Avoid a side-effect in a tor_assert() in the unit tests. Fixes bug - 15188; bugfix on 0.1.2.3-alpha. Patch from Tom van der Woerdt. diff --git a/changes/bug11447 b/changes/bug11447 deleted file mode 100644 index 8cd4f5b467..0000000000 --- a/changes/bug11447 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features (DoS-resistance): - - Decrease the amount of reattempts that a hidden service is - willing to perform when its rendezvous circuits fail. This - reduces the computational cost for hidden service under heavy - load. Resolves ticket #11447.
\ No newline at end of file diff --git a/changes/bug11454 b/changes/bug11454 deleted file mode 100644 index b37a7d9728..0000000000 --- a/changes/bug11454 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (certificate handling): - - Remove any old authority certificates that have been superseded - for at least two days. Previously, we would keep superseded - certificates until they expired, if they were published close - in time to the certificate that superseded them. - Fixes bug 11454; bugfix on 0.2.1.8-alpha. diff --git a/changes/bug11457 b/changes/bug11457 deleted file mode 100644 index cf64c1d10d..0000000000 --- a/changes/bug11457 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (certificate handling): - - If an authority operator accidentally makes a signing certificate with - a future publication time, do not discard its real signing - certificates. Fixes bug 11457; bugfix on 0.2.0.3-alpha. - diff --git a/changes/bug12498 b/changes/bug12498 new file mode 100644 index 0000000000..9f0147cc83 --- /dev/null +++ b/changes/bug12498 @@ -0,0 +1,29 @@ + o Major features (Ed25519 identity keys: #12498, Prop220): + - All relays now maintain a stronger identity key, using the + Ed25519 elliptic curve signature format. This master key is + designed so that it can be kept offline. Relays also generate + an online signing key, and a set of other Ed25519 keys and certificates. + These are all automatically regenerated and rotated as needed. + - Directory authorities track which Ed25519 identity keys have been + used with which RSA1024 identity keys, and do not allow them to vary + freely. + - Directory authorities now vote on Ed25519 identity keys along with + RSA1024 keys. + - Microdescriptors now include ed25519 identity keys. + + o Major features (onion key cross-certification): + - Relay descriptors now include signatures of the identity keys using + the TAP and ntor onion keys. This allows relays to prove ownership of + their own onion keys. Because of this change, microdescriptors no longer + need to include RSA identity keys. Implements proposal 228; + closes ticket 12499. + + o Code simplification and refactoring: + - The link authentication code has been refactored for better testability + and reliability. It now uses code generated with the "trunnel" + binary encoding generator, to reduce the risk of bugs due to + programmer error. Done as part of ticket 12498. + + o Testing: + - The link authentication protocol code now has extensive tests. + - The relay descriptor signature testing code now has extensive tests. diff --git a/changes/bug14848_redux b/changes/bug14848_redux deleted file mode 100644 index c10320fb23..0000000000 --- a/changes/bug14848_redux +++ /dev/null @@ -1,5 +0,0 @@ - o Removed code: - - Remove some lingering dead code that once supported mempools. Mempools - were disabled by default in 0.2.5, and removed entirely in - 0.2.6.3-alpha. Closes more of ticket 14848; patch by "cypherpunks". - diff --git a/changes/bug14950 b/changes/bug14950 deleted file mode 100644 index 33cea9cb58..0000000000 --- a/changes/bug14950 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (logs): - - Quiet some log messages in the heartbeat and at startup. Closes - ticket 14950.
\ No newline at end of file diff --git a/changes/bug14980 b/changes/bug14980 deleted file mode 100644 index b873bb009c..0000000000 --- a/changes/bug14980 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (testing): - - Fix endianness issues in unit test for resolve_my_address() to - have it pass on big endian systems. Fixes bug 14980; bugfix on - Tor 0.2.6.3-alpha. diff --git a/changes/bug14988 b/changes/bug14988 deleted file mode 100644 index 67dc96e443..0000000000 --- a/changes/bug14988 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (compilation): - - Fix a compilation warning on s390. Fixes bug 14988; bugfix on - 0.2.5.2-alpha. - diff --git a/changes/bug14989 b/changes/bug14989 deleted file mode 100644 index f4432d468b..0000000000 --- a/changes/bug14989 +++ /dev/null @@ -1,4 +0,0 @@ - o Major bugfixes (Linux seccomp2 sandbox): - - Pass IPPROTO_TCP rather than 0 to socket(), so that the - Linux seccomp2 sandbox doesn't fail. Fixes bug 14989; - bugfix on 0.2.6.3-alpha. diff --git a/changes/bug15003 b/changes/bug15003 deleted file mode 100644 index 2dcce74dfe..0000000000 --- a/changes/bug15003 +++ /dev/null @@ -1,3 +0,0 @@ - o Major bugfixes (linux seccomp2 sandbox): - - Allow AF_UNIX hidden services to be used with the seccomp2 sandbox. - Fixes bug 15003; bugfix on 0.2.6.3-alpha. diff --git a/changes/bug15033 b/changes/bug15033 deleted file mode 100644 index 953e6c3d59..0000000000 --- a/changes/bug15033 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (tests): - - When running the zero-length-keys check, do not use the default - torrc file. Fixes bug 15033; bugfix on 0.2.6.3-alpha. Reported - by "reezer". diff --git a/changes/bug15037 b/changes/bug15037 deleted file mode 100644 index 587d63186e..0000000000 --- a/changes/bug15037 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (testing): - - When running the new 'make test-stem' target, use the configured - python binary. Fixes bug 15037; bugfix on 0.2.6.3-alpha. Patch - from "cypherpunks". diff --git a/changes/bug15064 b/changes/bug15064 deleted file mode 100644 index e6bd747b1f..0000000000 --- a/changes/bug15064 +++ /dev/null @@ -1,4 +0,0 @@ - o Major bugfixes (FreeBSD IPFW transparent proxy): - - Fix address detection with FreeBSD transparent proxies, - when "TransProxyType ipfw" is in use. - Fixes bug 15064; bugfix on 0.2.5.4-alpha. diff --git a/changes/bug15083 b/changes/bug15083 deleted file mode 100644 index 5cc79b5ba1..0000000000 --- a/changes/bug15083 +++ /dev/null @@ -1,10 +0,0 @@ - o Major bugfixes (relay, stability, possible security): - - Fix a bug that could lead to a relay crashing with an assertion - failure if a buffer of exactly the wrong layout was passed - to buf_pullup() at exactly the wrong time. Fixes bug 15083; - bugfix on 0.2.0.10-alpha. Patch from 'cypherpunks'. - - - Do not assert if the 'data' pointer on a buffer is advanced to the very - end of the buffer; log a BUG message instead. Only assert if it is - past that point. Fixes bug 15083; bugfix on 0.2.0.10-alpha. - diff --git a/changes/bug15088 b/changes/bug15088 deleted file mode 100644 index 95878bdb39..0000000000 --- a/changes/bug15088 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (Linux seccomp2 sandbox): - - Upon receiving sighup, do not crash during attempts to call - wait4. Fixes bug 15088; bugfix on 0.2.5.1-alpha. Patch from - "sanic". diff --git a/changes/bug15151 b/changes/bug15151 deleted file mode 100644 index b9c3061554..0000000000 --- a/changes/bug15151 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (compilation): - - Fix a compilation warning on FreeBSD. Fixes bug 15151; bugfix on - 0.2.6.2-alpha. diff --git a/changes/bug15205 b/changes/bug15205 deleted file mode 100644 index 0cb9f3f4bc..0000000000 --- a/changes/bug15205 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes (crash, OSX, security): - - Fix a remote denial-of-service opportunity caused by a bug - in OSX's _strlcat_chk() function. Fixes bug 15205; bug first - appeared in OSX 10.9. - diff --git a/changes/bug15240 b/changes/bug15240 deleted file mode 100644 index e11f804a12..0000000000 --- a/changes/bug15240 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (pluggable transports): - - Initialize the extended OR Port authentication cookie before launching - pluggable transports. This prevents a race condition that occured when - server-side pluggable transports would cache the authentication cookie - before it has been (re)generated. Fixes bug 15240; bugfix on - 0.2.5.1-alpha. diff --git a/changes/bug15245 b/changes/bug15245 deleted file mode 100644 index 520a370eeb..0000000000 --- a/changes/bug15245 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes: - - Avoid crashing when making certain configuration option changes - on clients. Fixes bug 15245; bugfix on 0.2.6.3-alpha. Reported - by "anonym". - diff --git a/changes/bug15436 b/changes/bug15436 deleted file mode 100644 index 4fa44d1e16..0000000000 --- a/changes/bug15436 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (portability): - - Use the correct datatype in the SipHash-2-4 function to prevent compilers - from assuming any sort of alignment. Fixes bug 15436; bugfix on - 0.2.5.3-alpha. diff --git a/changes/bug15515 b/changes/bug15515 deleted file mode 100644 index dda7c2fcd8..0000000000 --- a/changes/bug15515 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (DoS-resistance): - - Make it harder for attackers to overwhelm hidden services with - introductions, by blocking multiple introduction requests on the - same circuit. Resolves ticket #15515. diff --git a/changes/bug15600 b/changes/bug15600 deleted file mode 100644 index ee1d6cfe19..0000000000 --- a/changes/bug15600 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes (security, hidden service): - - Fix an issue that would allow a malicious client to trigger - an assertion failure and halt a hidden service. Fixes - bug 15600; bugfix on 0.2.1.6-alpha. Reported by "skruffy". - diff --git a/changes/bug15601 b/changes/bug15601 deleted file mode 100644 index 2cc880af7f..0000000000 --- a/changes/bug15601 +++ /dev/null @@ -1,4 +0,0 @@ - o Major bugfixes (security, hidden service): - - Fix a bug that could cause a client to crash with an assertion - failure when parsing a malformed hidden service descriptor. - Fixes bug 15601; bugfix on 0.2.1.5-alpha. Found by "DonnCha". diff --git a/changes/bug15823 b/changes/bug15823 deleted file mode 100644 index 987de5d9ac..0000000000 --- a/changes/bug15823 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (hidden service): - - Fix an out-of-bounds read when parsing invalid INTRODUCE2 cells - on a client authorized hidden service. Fixes bug 15823; bugfix - on 0.2.1.6-alpha. diff --git a/changes/bug15850 b/changes/bug15850 deleted file mode 100644 index 48a7c7bdd7..0000000000 --- a/changes/bug15850 +++ /dev/null @@ -1,4 +0,0 @@ - o Major bugfix - - Revert commit that made directory authority assign the HSDir flag to - relay without a DirPort which is bad because relay can't handle - BEGIN_DIR cells. Fixes #15850. Bugfix on tor-0.2.6.3-alpha; diff --git a/changes/bug15881 b/changes/bug15881 new file mode 100644 index 0000000000..5cf561e07f --- /dev/null +++ b/changes/bug15881 @@ -0,0 +1,3 @@ + o Controller fixes: + - Add the descriptor ID in each HS_DESC control event. It was missing + but specified in control-spec.txt. Fixes ticket 15881. diff --git a/changes/bug16060 b/changes/bug16060 new file mode 100644 index 0000000000..eb0b50f7ed --- /dev/null +++ b/changes/bug16060 @@ -0,0 +1,4 @@ + o Minor bugfixes (hidden service): + - Fix a crash when reloading configuration while at least one + configured and one ephemeral hidden service exists. Fixes bug 16060; + bugfix on 0.2.7.1-alpha. diff --git a/changes/bug16115-NULL-getinfo-onions b/changes/bug16115-NULL-getinfo-onions new file mode 100644 index 0000000000..ec1661e18d --- /dev/null +++ b/changes/bug16115-NULL-getinfo-onions @@ -0,0 +1,4 @@ + o Minor fixes (threads, comments): + - Check for NULL values in getinfo_helper_onions + Patch by "teor". + Fix on 915c7438a77e in Tor 0.2.7.1-alpha. diff --git a/changes/bug16115-init-var b/changes/bug16115-init-var new file mode 100644 index 0000000000..e3e924a3e3 --- /dev/null +++ b/changes/bug16115-init-var @@ -0,0 +1,4 @@ + o Minor fixes (threads, comments): + - Always initialise return value in compute_desc_id in rendcommon.c + Patch by "teor". + Fix on e6a581f126ba, released in 0.2.7.1-alpha. diff --git a/changes/bug16115-signing-key-NULL-check b/changes/bug16115-signing-key-NULL-check new file mode 100644 index 0000000000..3d4f05bc28 --- /dev/null +++ b/changes/bug16115-signing-key-NULL-check @@ -0,0 +1,6 @@ + o Minor fixes (threads, comments): + - Ensure signing_key is non-NULL before accessing one of its members + signing_key can be NULL in ed_key_init_from_file in routerkeys.c. + Discovered by clang 3.7 address sanitizer. + Patch by "teor". + Fix on c03694938ed0, not in any released version of Tor. diff --git a/changes/bug16115-spawn-comment b/changes/bug16115-spawn-comment new file mode 100644 index 0000000000..7792564688 --- /dev/null +++ b/changes/bug16115-spawn-comment @@ -0,0 +1,6 @@ + o Minor fixes (threads, comments): + - Fix an incorrect comment on spawn_func in compat_pthreads.c. + spawn_func calls pthread_create on unix, not fork + Patch by "teor". + Bugfix on unknown tor version (existing code split out of + compat.c into compat_pthreads.c in c2f0d52b7fb9 on 22 Sep 2013). diff --git a/changes/bug16115-undef-directive-in-macro b/changes/bug16115-undef-directive-in-macro new file mode 100644 index 0000000000..8031267cdf --- /dev/null +++ b/changes/bug16115-undef-directive-in-macro @@ -0,0 +1,6 @@ + o Minor fixes (threads, comments): + - Remove undefined directive-in-macro in test_util_writepid + clang 3.7 complains that using a preprocessor directive inside + a macro invocation in test_util_writepid in test_util.c is undefined. + Patch by "teor". + Fix on 79e85313aa61 on 0.2.7.1-alpha. diff --git a/changes/bug16115-unused-find-cipher b/changes/bug16115-unused-find-cipher new file mode 100644 index 0000000000..0f04d6795b --- /dev/null +++ b/changes/bug16115-unused-find-cipher @@ -0,0 +1,7 @@ + o Minor fixes (threads, comments): + - Silence unused variable warnings in find_cipher_by_id + Unused variable warnings were still generated under some versions + of OpenSSL. Instead, make sure all variables are used under all + versions of OpenSSL. + Patch by "teor". + Fix on 496df21c89d1, not in any released version of tor. diff --git a/changes/bug16152 b/changes/bug16152 new file mode 100644 index 0000000000..8b93a60715 --- /dev/null +++ b/changes/bug16152 @@ -0,0 +1,3 @@ + o Minor bugfixes (systemd): + - Fix an accidental formatting error that broke the systemd + configuration file. Fixes bug 16152; bugfix on 0.2.7.1-alpha. diff --git a/changes/bug16228 b/changes/bug16228 new file mode 100644 index 0000000000..bf36cf82ea --- /dev/null +++ b/changes/bug16228 @@ -0,0 +1,4 @@ + o Minor bugfixes (hidden services): + - Avoid crashing with a double-free bug when we create an + ephemeral hidden service but adding it fails for some reason. + Fixes bug 16228; bugfix on 0.2.7.1-alpha. diff --git a/changes/bug16260 b/changes/bug16260 new file mode 100644 index 0000000000..a75cb1df0d --- /dev/null +++ b/changes/bug16260 @@ -0,0 +1,11 @@ + o Minor bugfix (Hidden service) + - When cannibalizing a circuit for an introduction point, always extend + to the chosen exit node creating a 4 hop circuit instead of using the + current circuit exit node which resulted in changing the original + intro point choice. This resulted in the hidden service skipping + excluded nodes like for instance reconnecting to an expired intro + point.; Fixes #16260; bugfixes on tor-0.1.0.1-rc~460. + + This is particularly important for the introduction point retry + behavior (#8239) since cannibalization is allowed, which is desired, + so it's important to pin the chosen exit point. diff --git a/changes/bug9495_redux b/changes/bug9495_redux deleted file mode 100644 index 74b0cdf2a8..0000000000 --- a/changes/bug9495_redux +++ /dev/null @@ -1,4 +0,0 @@ - o Major bugfixes (portability): - - Do not crash on startup when running on Solaris. Fixes a bug - related to our fix for 9495; bugfix on 0.2.6.1-alpha. Reported - by "ruebezahl". diff --git a/changes/feature13642 b/changes/feature13642 new file mode 100644 index 0000000000..a1a9b25d59 --- /dev/null +++ b/changes/feature13642 @@ -0,0 +1,5 @@ + o Major features: + - Add support for offline encrypted ed25519 master keys. To use + this feature on your tor relay, run "tor --keygen" to make a new + master key (or to make a new signing key if you already have a + master key). Closes ticket 13642. diff --git a/changes/feature15006 b/changes/feature15006 deleted file mode 100644 index 168a440ba0..0000000000 --- a/changes/feature15006 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (controller): - - Messages about problems in the bootstrap process now include - information about the server we were trying to connect to when we - noticed the problem. Closes ticket 15006. diff --git a/changes/feature15817-clang-sanitizers b/changes/feature15817-clang-sanitizers new file mode 100644 index 0000000000..8bdf061c3a --- /dev/null +++ b/changes/feature15817-clang-sanitizers @@ -0,0 +1,7 @@ + o Minor enhancements (correctness, testing): + - Document use of coverity, clang static analyzer, and clang dynamic + undefined behavior and address sanitizers in doc/HACKING. + Add clang dynamic sanitizer blacklist in + contrib/clang/sanitizer_blacklist.txt to exempt known undefined + behavior. Include detailed usage instructions in the blacklist. + Patch by "teor". diff --git a/changes/feature16052 b/changes/feature16052 new file mode 100644 index 0000000000..cd09b58867 --- /dev/null +++ b/changes/feature16052 @@ -0,0 +1,5 @@ + o Minor features (hidden service): + - Add the new options "HiddenServiceMaxStreams" and + "HiddenServiceMaxStreamsCloseCircuit" to allow hidden services to limit + the maximum number of simultaneous streams per circuit, and optionally + tear down the circuit when the limit is exceeded. Part of ticket 16052. diff --git a/changes/geoip-april2015 b/changes/geoip-april2015 deleted file mode 100644 index 7db38ed797..0000000000 --- a/changes/geoip-april2015 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update geoip to the April 8 2015 Maxmind GeoLite2 Country database. - diff --git a/changes/geoip-march2015 b/changes/geoip-march2015 deleted file mode 100644 index 565781280a..0000000000 --- a/changes/geoip-march2015 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update geoip to the March 3 2015 Maxmind GeoLite2 Country database. - diff --git a/changes/geoip6-april2015 b/changes/geoip6-april2015 deleted file mode 100644 index 241c9119b6..0000000000 --- a/changes/geoip6-april2015 +++ /dev/null @@ -1,2 +0,0 @@ - o Minor features: - - Update geoip6 to the April 8 2015 Maxmind GeoLite2 Country database. diff --git a/changes/geoip6-march2015 b/changes/geoip6-march2015 deleted file mode 100644 index 9a38c65e62..0000000000 --- a/changes/geoip6-march2015 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update geoip6 to the March 3 2015 Maxmind GeoLite2 Country database. - diff --git a/changes/ticket14487 b/changes/ticket14487 deleted file mode 100644 index 577337ff24..0000000000 --- a/changes/ticket14487 +++ /dev/null @@ -1,3 +0,0 @@ - o Directory authority IP change: - - The directory authority Faravahar has a new IP address. Closes - ticket 14487. diff --git a/changes/ticket15176 b/changes/ticket15176 deleted file mode 100644 index 6d12723728..0000000000 --- a/changes/ticket15176 +++ /dev/null @@ -1,3 +0,0 @@ - o Code simplification and refactoring: - - Refactor main loop to extract the 'loop' part. This makes it easier - to run Tor under Shadow. Closes ticket 15176. diff --git a/changes/ticket15212 b/changes/ticket15212 deleted file mode 100644 index 2c41e3865c..0000000000 --- a/changes/ticket15212 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor features (heartbeat): - - - On relays, report how many connections we negotiated using each - version of the Tor link protocols. This information will let us - know if removing support for very old versions of the Tor - protocols is harming the network. Closes ticket 15212. diff --git a/changes/ticket15358 b/changes/ticket15358 new file mode 100644 index 0000000000..8c85d51007 --- /dev/null +++ b/changes/ticket15358 @@ -0,0 +1,3 @@ + o Features (control protocl): + - Support network-liveness GETINFO key and NETWORK_LIVENESS events in the + control protocol. Resolves ticket #15358. diff --git a/changes/ticket16034 b/changes/ticket16034 new file mode 100644 index 0000000000..b909946cd4 --- /dev/null +++ b/changes/ticket16034 @@ -0,0 +1,6 @@ + o Removed features: + + - Tor no longer supports versions of OpenSSL before 1.0. (If you + are on an operating system that has not upgraded to OpenSSL 1.0 + or later, and you compile Tor from source, you will need to + install a more recent OpenSSL to link Tor against.) diff --git a/changes/ticket16140 b/changes/ticket16140 new file mode 100644 index 0000000000..00c19f1778 --- /dev/null +++ b/changes/ticket16140 @@ -0,0 +1,6 @@ + o Removed features: + + - Tor no longer supports copies of OpenSSL that are missing support for + Elliptic Curve Cryptography. In particular support for at least one of + P256 or P224 is now required, with manual configuration needed if only + P224 is available. |