aboutsummaryrefslogtreecommitdiff
path: root/changes
diff options
context:
space:
mode:
Diffstat (limited to 'changes')
-rw-r--r--changes/abandon-rend-circs-on-newnym8
-rw-r--r--changes/bridgepassword11
-rw-r--r--changes/buffer_bug7
-rw-r--r--changes/bug12408
-rw-r--r--changes/bug1297a16
-rw-r--r--changes/bug134513
-rw-r--r--changes/bug13524
-rw-r--r--changes/bug18106
-rw-r--r--changes/bug23558
-rw-r--r--changes/bug2355_revert7
-rw-r--r--changes/bug24428
-rw-r--r--changes/bug2442b8
-rw-r--r--changes/bug25034
-rw-r--r--changes/bug25743
-rw-r--r--changes/bug2649a5
-rw-r--r--changes/bug2649b5
-rw-r--r--changes/bug2732-simple7
-rw-r--r--changes/bug274810
-rw-r--r--changes/bug27525
-rw-r--r--changes/bug2792_checkdir8
-rw-r--r--changes/bug28505
-rw-r--r--changes/bug29725
-rw-r--r--changes/bug30194
-rw-r--r--changes/bug30226
-rw-r--r--changes/bug30264
-rw-r--r--changes/bug30456
-rw-r--r--changes/bug3122_memcmp7
-rw-r--r--changes/bug31356
-rw-r--r--changes/bug31757
-rw-r--r--changes/bug31984
-rw-r--r--changes/bug32006
-rw-r--r--changes/bug32074
-rw-r--r--changes/bug32086
-rw-r--r--changes/bug32134
-rw-r--r--changes/bug32164
-rw-r--r--changes/bug32283
-rw-r--r--changes/bug32524
-rw-r--r--changes/bug32704
-rw-r--r--changes/bug32895
-rw-r--r--changes/bug33069
-rw-r--r--changes/bug330913
-rw-r--r--changes/bug33187
-rw-r--r--changes/bug33217
-rw-r--r--changes/bug33694
-rw-r--r--changes/bug33935
-rw-r--r--changes/bug3465-0226
-rw-r--r--changes/bug35365
-rw-r--r--changes/bug35774
-rw-r--r--changes/bug360715
-rw-r--r--changes/bug36434
-rw-r--r--changes/bug37327
-rw-r--r--changes/bug37476
-rw-r--r--changes/bug38944
-rw-r--r--changes/bug3898a6
-rw-r--r--changes/bug39093
-rw-r--r--changes/bug39235
-rw-r--r--changes/bug39635
-rw-r--r--changes/bug4012_0223
-rw-r--r--changes/bug40143
-rw-r--r--changes/bug40595
-rw-r--r--changes/bug41157
-rw-r--r--changes/bug41246
-rw-r--r--changes/bug42015
-rw-r--r--changes/bug421213
-rw-r--r--changes/bug42305
-rw-r--r--changes/bug42518
-rw-r--r--changes/bug42594
-rw-r--r--changes/bug42995
-rw-r--r--changes/bug43095
-rw-r--r--changes/bug43314
-rw-r--r--changes/bug43405
-rw-r--r--changes/bug43494
-rw-r--r--changes/bug43537
-rw-r--r--changes/bug43835
-rw-r--r--changes/bug44105
-rw-r--r--changes/bug44246
-rw-r--r--changes/bug44268
-rw-r--r--changes/bug44375
-rw-r--r--changes/bug44579
-rw-r--r--changes/bug45184
-rw-r--r--changes/bug45213
-rw-r--r--changes/bug45295
-rw-r--r--changes/bug45306
-rw-r--r--changes/bug45314
-rw-r--r--changes/bug4533_part25
-rw-r--r--changes/bug45353
-rw-r--r--changes/bug47869
-rw-r--r--changes/bug47886
-rw-r--r--changes/bug48034
-rw-r--r--changes/bug482213
-rw-r--r--changes/bug48563
-rw-r--r--changes/bug50053
-rw-r--r--changes/bug50655
-rw-r--r--changes/bug50675
-rw-r--r--changes/bug50907
-rw-r--r--changes/bug52593
-rw-r--r--changes/bug52836
-rw-r--r--changes/bug53403
-rw-r--r--changes/bug53423
-rw-r--r--changes/bug53437
-rw-r--r--changes/bug53468
-rw-r--r--changes/bug55933
-rw-r--r--changes/bug56445
-rw-r--r--changes/bug56474
-rw-r--r--changes/bug56505
-rw-r--r--changes/bug57603
-rw-r--r--changes/bug5786_range8
-rw-r--r--changes/bug57964
-rw-r--r--changes/bug5969_0227
-rw-r--r--changes/bug60075
-rw-r--r--changes/bug60242
-rw-r--r--changes/bug60336
-rw-r--r--changes/bug60436
-rw-r--r--changes/bug60948
-rw-r--r--changes/bug62183
-rw-r--r--changes/bug6244_part_c6
-rw-r--r--changes/bug62516
-rw-r--r--changes/bug6252_again11
-rw-r--r--changes/bug62717
-rw-r--r--changes/bug62743
-rw-r--r--changes/bug6274_23
-rw-r--r--changes/bug62964
-rw-r--r--changes/bug63415
-rw-r--r--changes/bug63774
-rw-r--r--changes/bug63796
-rw-r--r--changes/bug63873
-rw-r--r--changes/bug63974
-rw-r--r--changes/bug640416
-rw-r--r--changes/bug64233
-rw-r--r--changes/bug64363
-rw-r--r--changes/bug64724
-rw-r--r--changes/bug64756
-rw-r--r--changes/bug64805
-rw-r--r--changes/bug64904
-rw-r--r--changes/bug65002
-rw-r--r--changes/bug650715
-rw-r--r--changes/bug65145
-rw-r--r--changes/bug67106
-rw-r--r--changes/bug67323
-rw-r--r--changes/bug67439
-rw-r--r--changes/bug67744
-rw-r--r--changes/bug68015
-rw-r--r--changes/bug68279
-rw-r--r--changes/bug68444
-rw-r--r--changes/bug68664
-rw-r--r--changes/bug70145
-rw-r--r--changes/bug70223
-rw-r--r--changes/bug70376
-rw-r--r--changes/bug71906
-rw-r--r--changes/bug719210
-rw-r--r--changes/bug735212
-rw-r--r--changes/bug74644
-rw-r--r--changes/bug78898
-rw-r--r--changes/bug82084
-rw-r--r--changes/bug83773
-rw-r--r--changes/bug88446
-rw-r--r--changes/check-fetched-rend-desc-service-id7
-rw-r--r--changes/check-public-key-exponents5
-rw-r--r--changes/cid_4285
-rw-r--r--changes/cid_4505
-rw-r--r--changes/clang_30_options5
-rw-r--r--changes/cov4795
-rw-r--r--changes/cov4844
-rw-r--r--changes/cov7090564
-rw-r--r--changes/coverity_maint9
-rw-r--r--changes/cve-2012-22495
-rw-r--r--changes/dirreq-stats-default5
-rw-r--r--changes/dirserv-BUGGY-a7
-rw-r--r--changes/dirvote_null_deref4
-rw-r--r--changes/disable_pathbias_messages3
-rw-r--r--changes/exit-policy-default-is-not-a-prefix5
-rw-r--r--changes/feature30496
-rw-r--r--changes/feature307614
-rw-r--r--changes/feature44848
-rw-r--r--changes/fix-connection_printf_to_buf15
-rw-r--r--changes/fmt_addr4
-rw-r--r--changes/geoip-april20123
-rw-r--r--changes/geoip-august20113
-rw-r--r--changes/geoip-december20113
-rw-r--r--changes/geoip-february20123
-rw-r--r--changes/geoip-january20123
-rw-r--r--changes/geoip-july20113
-rw-r--r--changes/geoip-june20113
-rw-r--r--changes/geoip-june20123
-rw-r--r--changes/geoip-march20123
-rw-r--r--changes/geoip-may20113
-rw-r--r--changes/geoip-may20123
-rw-r--r--changes/geoip-november20113
-rw-r--r--changes/geoip-october20113
-rw-r--r--changes/geoip-september20113
-rw-r--r--changes/ides-becomes-turtles4
-rw-r--r--changes/issue-2011-10-19L28
-rw-r--r--changes/issue-2011-10-23G9
-rw-r--r--changes/link_negotiation_assert6
-rw-r--r--changes/maatuska-ip3
-rw-r--r--changes/md_cache_replace6
-rw-r--r--changes/mdesc_null_deref5
-rw-r--r--changes/memleak_rendcache4
-rw-r--r--changes/msvc_lround4
-rw-r--r--changes/port_doc3
-rw-r--r--changes/replay-firstpart13
-rw-r--r--changes/routerlist_ins_replace5
-rw-r--r--changes/safecookie9
-rw-r--r--changes/smartlist_foreach8
-rw-r--r--changes/ticket-40636
-rw-r--r--changes/ticket57493
-rw-r--r--changes/timersub_bug7
-rw-r--r--changes/typo-fix-ohkah8Ah9
-rw-r--r--changes/win-bundle-path4
-rw-r--r--changes/windows_85
210 files changed, 291 insertions, 924 deletions
diff --git a/changes/abandon-rend-circs-on-newnym b/changes/abandon-rend-circs-on-newnym
deleted file mode 100644
index 67cb2dce2f..0000000000
--- a/changes/abandon-rend-circs-on-newnym
+++ /dev/null
@@ -1,8 +0,0 @@
- o Security fixes:
- - Don't attach new streams to old rendezvous circuits after SIGNAL
- NEWNYM. Previously, we would keep using an existing rendezvous
- circuit if it remained open (i.e. if it were kept open by a
- long-lived stream or if a new stream were attached to it before
- Tor could notice that it was old and no longer in use and close
- it). Bugfix on 0.1.1.15-rc; fixes bug 3375.
-
diff --git a/changes/bridgepassword b/changes/bridgepassword
deleted file mode 100644
index 5f0e250ff6..0000000000
--- a/changes/bridgepassword
+++ /dev/null
@@ -1,11 +0,0 @@
- o Security fixes:
- - When using the debuging BridgePassword field, a bridge authority
- now compares alleged passwords by hashing them, then comparing
- the result to a digest of the expected authenticator. This avoids
- a potential side-channel attack in the previous code, which
- had foolishly used strcmp(). Fortunately, the BridgePassword field
- *is not in use*, but if it had been, the timing
- behavior of strcmp() might have allowed an adversary to guess the
- BridgePassword value, and enumerate the bridges. Bugfix on
- 0.2.0.14-alpha. Fixes bug 5543.
-
diff --git a/changes/buffer_bug b/changes/buffer_bug
deleted file mode 100644
index 634f609533..0000000000
--- a/changes/buffer_bug
+++ /dev/null
@@ -1,7 +0,0 @@
-
- o Major bugfixes:
- - Fix a heap overflow bug that could occur when trying to pull
- data into the first chunk of a buffer, when that chunk had
- already had some data drained from it. Fixes CVE-2011-2778;
- bugfix on 0.2.0.16-alpha. Reported by "Vektor".
-
diff --git a/changes/bug1240 b/changes/bug1240
deleted file mode 100644
index 657066491c..0000000000
--- a/changes/bug1240
+++ /dev/null
@@ -1,8 +0,0 @@
- o Minor bugfixes:
- - When running with an older Linux kernel that erroneously responds
- to strange nmap behavior by having accept() return successfully
- with a zero-length socket, just close the connection. Previously,
- we would try harder to learn the remote address: but there was no
- such remote address to learn, and our method for trying to learn
- it was incorrect. Fixes bugs #1240, #4745, and #4747. Bugfix on
- 0.1.0.3-rc. Reported and diagnosed by "r1eo".
diff --git a/changes/bug1297a b/changes/bug1297a
deleted file mode 100644
index 140b94e3b0..0000000000
--- a/changes/bug1297a
+++ /dev/null
@@ -1,16 +0,0 @@
- o Major bugfixes:
- - Apply circuit timeouts to opened hidden-service-related circuits
- based on the correct start time. Previously, we would apply the
- circuit build timeout based on time since the circuit's
- creation; it was supposed to be applied based on time since the
- circuit entered its current state. Bugfix on 0.0.6; fixes part
- of bug 1297.
- - Use the same circuit timeout for client-side introduction
- circuits as for other four-hop circuits. Previously,
- client-side introduction circuits were closed after the same
- timeout as single-hop directory-fetch circuits; this was
- appropriate with the static circuit build timeout in 0.2.1.x and
- earlier, but caused many hidden service access attempts to fail
- with the adaptive CBT introduced in 0.2.2.2-alpha. Bugfix on
- 0.2.2.2-alpha; fixes another part of bug 1297.
-
diff --git a/changes/bug1345 b/changes/bug1345
deleted file mode 100644
index 0c9375a35d..0000000000
--- a/changes/bug1345
+++ /dev/null
@@ -1,13 +0,0 @@
- o Minor bugfixes:
- - On SIGHUP, do not clear out all TrackHostExits mappings, client DNS
- cache entries, and virtual address mappings: that's what NEWNYM is
- for. Bugfix on Tor 0.1.0.1-rc; fixes bug 1345.
- - When TrackHostExits is changed from a controller, remove any
- mappings for hosts that should no longer have their exits tracked.
- Bugfix on Tor 0.1.0.1-rc.
- - When VirtualAddrNetwork option is changed from a controller,
- remove any mappings for hosts that were automapped to
- that network. Bugfix on 0.1.1.19-rc.
- - When one of the AutomapHosts* options is changed from a
- controller, remove any mappings for hosts that should no longer be
- automapped. Bugfix on 0.2.0.1-alpha.
diff --git a/changes/bug1352 b/changes/bug1352
deleted file mode 100644
index bde0192401..0000000000
--- a/changes/bug1352
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor features
- - Rate-limit a warning about failures to download v2 networkstatus
- documents. Resolves part of bug 1352.
-
diff --git a/changes/bug1810 b/changes/bug1810
deleted file mode 100644
index 11e561f7cf..0000000000
--- a/changes/bug1810
+++ /dev/null
@@ -1,6 +0,0 @@
- o Major bugfixes:
- - Don't decide to make a new descriptor when receiving a HUP signal.
- This bug has caused a lot of relays to disappear from the consensus
- periodically. Fixes the most common case of triggering bug 1810;
- bugfix on 0.2.2.7-alpha.
-
diff --git a/changes/bug2355 b/changes/bug2355
deleted file mode 100644
index ee0ae4b96a..0000000000
--- a/changes/bug2355
+++ /dev/null
@@ -1,8 +0,0 @@
- o Major features:
- - If "UseBridges 1" is set and no bridges are configured, Tor will
- now refuse to build any circuits until some bridges are set.
- If "UseBridges auto" is set, Tor will use bridges if they are
- configured and we are not running as a server, but otherwise
- will make circuits as usual. The new default is "auto". Patch
- by anonym.
-
diff --git a/changes/bug2355_revert b/changes/bug2355_revert
deleted file mode 100644
index 2ded40ad8e..0000000000
--- a/changes/bug2355_revert
+++ /dev/null
@@ -1,7 +0,0 @@
- o Minor bugfixes:
- - Revert the UseBridges option to its behavior before 0.2.2.28-beta.
- When we changed the default behavior to "use bridges if any are
- listed in the torrc", we broke a number of users who had bridges
- in their torrc files but who didn't actually want to use them.
- Partial resolution for bug 3354.
-
diff --git a/changes/bug2442 b/changes/bug2442
deleted file mode 100644
index cbcc22bb80..0000000000
--- a/changes/bug2442
+++ /dev/null
@@ -1,8 +0,0 @@
- * Minor bugfixes:
-
- - Demote the 'replay detected' log message emitted when a hidden
- service receives the same Diffie-Hellman public key in two
- different INTRODUCE2 cells to info level. A normal Tor client
- can cause that log message during its normal operation. Bugfix
- on 0.2.1.6-alpha; fixes part of bug 2442.
-
diff --git a/changes/bug2442b b/changes/bug2442b
deleted file mode 100644
index 02e1636e91..0000000000
--- a/changes/bug2442b
+++ /dev/null
@@ -1,8 +0,0 @@
- * Minor bugfixes:
-
- - Demote the 'INTRODUCE2 cell is too {old,new}' log message to
- info level. There is nothing that a hidden service's operator
- can do to fix its clients' clocks. Bugfix on 0.2.1.6-alpha;
- fixes part of bug 2442.
-
-
diff --git a/changes/bug2503 b/changes/bug2503
deleted file mode 100644
index 50b8bf50c2..0000000000
--- a/changes/bug2503
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor features:
- - When an HTTPS proxy reports "403 Forbidden", we now explain
- what it means rather than calling it an unexpected status code.
- Closes bug 2503. Patch from "mikey".
diff --git a/changes/bug2574 b/changes/bug2574
deleted file mode 100644
index 5cf2daebfa..0000000000
--- a/changes/bug2574
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor features:
- - Allow nameservers with IPv6 address. Fixes bug 2574.
-
diff --git a/changes/bug2649a b/changes/bug2649a
deleted file mode 100644
index 4ee31ebdb6..0000000000
--- a/changes/bug2649a
+++ /dev/null
@@ -1,5 +0,0 @@
- o Minor features:
- - Add a VoteOnHidServDirectoriesV2 configuration option to allow
- directory authorities to abstain from voting on assignment of
- the HSDir consensus flag. Related to bug 2649.
-
diff --git a/changes/bug2649b b/changes/bug2649b
deleted file mode 100644
index 1ff14e5569..0000000000
--- a/changes/bug2649b
+++ /dev/null
@@ -1,5 +0,0 @@
- o Minor bugfixes:
- - Change the default required uptime for a relay to be accepted as
- a HSDir from 24 hours to 25 hours. Bugfix on 0.2.0.10-alpha;
- fixes bug 2649.
-
diff --git a/changes/bug2732-simple b/changes/bug2732-simple
deleted file mode 100644
index 367836152d..0000000000
--- a/changes/bug2732-simple
+++ /dev/null
@@ -1,7 +0,0 @@
- o Minor bugfixes
- - Do not reject hidden service descriptors simply because we don't
- think we have not been assigned the HSDir flag. Clients and
- hidden services can have a more up-to-date view of the network
- consensus, and if they think that the directory authorities
- list us a HSDir, we might actually be one. Related to bug 2732;
- bugfix on 0.2.0.10-alpha.
diff --git a/changes/bug2748 b/changes/bug2748
deleted file mode 100644
index b522560a92..0000000000
--- a/changes/bug2748
+++ /dev/null
@@ -1,10 +0,0 @@
- o Minor bugfixes
- - Remove dead code from rend_cache_lookup_v2_desc_as_dir. Fixes
- part of bug 2748; bugfix on 0.2.0.10-alpha.
- - Log malformed requests for rendezvous descriptors as protocol
- warnings, not warnings. Also, use a more informative log
- message in case someone sees it at log level warning without
- prior info-level messages. Fixes the other part of bug 2748;
- bugfix on 0.2.0.10-alpha.
-
-
diff --git a/changes/bug2752 b/changes/bug2752
deleted file mode 100644
index b872d3374a..0000000000
--- a/changes/bug2752
+++ /dev/null
@@ -1,5 +0,0 @@
- o Minor features:
- - Tor used to limit HttpProxyAuthenticator values to 48 characters.
- Changed the limit to 512 characters by removing base64 newlines.
- Fixes bug 2752. Fix by Michael Yakubovich.
-
diff --git a/changes/bug2792_checkdir b/changes/bug2792_checkdir
deleted file mode 100644
index 10de1deb2d..0000000000
--- a/changes/bug2792_checkdir
+++ /dev/null
@@ -1,8 +0,0 @@
- o Minor features:
- - Tor now refuses to create a ControlSocket in a directory that is
- world-readable (or group-readable if ControlSocketsGroupWritable
- is 0). This is necessary because some operating systems do not
- check the permissions on an AF_UNIX socket when programs try to
- connect to it. Checking permissions on the directory holding
- the socket, however, seems to work everywhere.
-
diff --git a/changes/bug2850 b/changes/bug2850
deleted file mode 100644
index 77ccbfa25d..0000000000
--- a/changes/bug2850
+++ /dev/null
@@ -1,5 +0,0 @@
- - Minor features
- o Set SO_REUSEADDR on all sockets, not just listeners. This should
- help busy exit nodes avoid running out of useable ports just because
- all the ports have been used in the near past. Resolves issue 2850.
-
diff --git a/changes/bug2972 b/changes/bug2972
deleted file mode 100644
index 26afcca421..0000000000
--- a/changes/bug2972
+++ /dev/null
@@ -1,5 +0,0 @@
- o Minor features:
- - Allow ControlSockets to be group-writable when the
- ControlSocksGroupWritable configuration option is turned on. Patch
- by Jérémy Bobbio; implements ticket 2972.
-
diff --git a/changes/bug3019 b/changes/bug3019
deleted file mode 100644
index 4df709fb3b..0000000000
--- a/changes/bug3019
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfixes:
- - Do not reset the bridge descriptor download status every time we
- re-parse our configuration or get a configuration change. Fixes
- bug 3019; bugfix on Tor 0.2.0.3-alpha.
diff --git a/changes/bug3022 b/changes/bug3022
deleted file mode 100644
index 9472e6d196..0000000000
--- a/changes/bug3022
+++ /dev/null
@@ -1,6 +0,0 @@
- o Removed features
- - Caches no longer download and serve v2 networkstatus documents
- unless FetchV2Networkstatus flag is set: these documents haven't
- haven't been used by clients or relays since 0.2.0.x. Resolves
- bug 3022.
-
diff --git a/changes/bug3026 b/changes/bug3026
deleted file mode 100644
index c0c0a3860a..0000000000
--- a/changes/bug3026
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfixes (directory authority)
- - Do not upload our own vote or signature set to ourself. It would
- tell us nothing new. Also, as of Tor 0.2.2.24-alpha, we started
- to warn about receiving duplicate votes. Resolves bug 3026.
diff --git a/changes/bug3045 b/changes/bug3045
deleted file mode 100644
index 1cbcabaff6..0000000000
--- a/changes/bug3045
+++ /dev/null
@@ -1,6 +0,0 @@
- o Minor features:
- - Revise most log messages that refer to nodes by nickname to
- instead use the "$key=nickname at address" format. This should be
- more useful, especially since nicknames are less and less likely
- to be unique. Fixes bug 3045.
-
diff --git a/changes/bug3122_memcmp b/changes/bug3122_memcmp
deleted file mode 100644
index a049476743..0000000000
--- a/changes/bug3122_memcmp
+++ /dev/null
@@ -1,7 +0,0 @@
- o Security fixes
- - Replace all potentially sensitive memory comparison operations
- with versions whose runtime does not depend on the data being
- compared. This will help resist a class of attacks where an
- adversary can use variations in timing information to learn
- sensitive data. Fix for one case of bug 3122. (Safe memcmp
- implementation by Robert Ransom based partially on code by DJB.)
diff --git a/changes/bug3135 b/changes/bug3135
deleted file mode 100644
index d761123480..0000000000
--- a/changes/bug3135
+++ /dev/null
@@ -1,6 +0,0 @@
- o Minor bugfixes
- - Do not crash when our configuration file becomes unreadable
- (usually due to a permissions change) between when we start
- up and when a controller calls SAVECONF. Fixes bug 3135;
- bugfix on 0.0.9pre6.
-
diff --git a/changes/bug3175 b/changes/bug3175
deleted file mode 100644
index 3360fbce00..0000000000
--- a/changes/bug3175
+++ /dev/null
@@ -1,7 +0,0 @@
- o Minor bugfixes:
- - Resolve an untriggerable issue in smartlist_string_num_isin(),
- where if the function had ever in the future been used to check
- for the presence of a too-large number, it would have given an
- incorrect result. (Fortunately, we only used it for 16-bit
- values.) Fixes bug 3175; bugfix on Tor 0.1.0.1-rc.
-
diff --git a/changes/bug3198 b/changes/bug3198
deleted file mode 100644
index 29c16852e1..0000000000
--- a/changes/bug3198
+++ /dev/null
@@ -1,4 +0,0 @@
- o Major bugfixes:
- - When we configure a new bridge via the controller, don't wait up
- to ten seconds before trying to fetch its descriptor. Bugfix on
- 0.2.0.3-alpha; fixes bug 3198 (suggested by 2355).
diff --git a/changes/bug3200 b/changes/bug3200
deleted file mode 100644
index a80d51633e..0000000000
--- a/changes/bug3200
+++ /dev/null
@@ -1,6 +0,0 @@
- o Minor bugfixes:
- - When a client starts or stops using bridges, never use a circuit
- that was built before the configuration change. This behavior could
- put at risk a user who uses bridges to ensure that her traffic
- only goes to the chosen addresses. Bugfix on 0.2.0.3-alpha; fixes
- bug 3200.
diff --git a/changes/bug3207 b/changes/bug3207
deleted file mode 100644
index 65a7dac1ab..0000000000
--- a/changes/bug3207
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfixes:
- - Require that onion keys have exponent 65537 in microdescriptors too.
- Fixes part of bug 3207; bugfix on 0.2.2.25-alpha
-
diff --git a/changes/bug3208 b/changes/bug3208
deleted file mode 100644
index fd737ba695..0000000000
--- a/changes/bug3208
+++ /dev/null
@@ -1,6 +0,0 @@
- o Removed options:
- - Remove undocumented option "-F" from tor-resolve: it hasn't done
- anything since 0.2.1.16-rc.
-
- o Minor bugfixes:
- - Fix warnings from GCC 4.6's "-Wunused-but-set-variable" option.
diff --git a/changes/bug3213 b/changes/bug3213
deleted file mode 100644
index ab7de2d629..0000000000
--- a/changes/bug3213
+++ /dev/null
@@ -1,4 +0,0 @@
- o Major bugfixes:
- - Fix a crash bug when changing bridges in a running Tor process.
- Fixes bug 3213; bugfix on 0.2.2.26-beta.
-
diff --git a/changes/bug3216 b/changes/bug3216
deleted file mode 100644
index 599b5e162f..0000000000
--- a/changes/bug3216
+++ /dev/null
@@ -1,4 +0,0 @@
- o Major bugfixes:
- - Don't try to build descriptors if "ORPort auto" is set and we
- don't know our actual ORPort yet. Fix for bug 3216; bugfix on
- 0.2.2.26-beta.
diff --git a/changes/bug3228 b/changes/bug3228
deleted file mode 100644
index 4aca810d3c..0000000000
--- a/changes/bug3228
+++ /dev/null
@@ -1,3 +0,0 @@
- o Major bugfixes:
- - Resolve a crash that occured when setting BridgeRelay to 1 with
- accounting enabled. Fixes bug 3228; bugfix on 0.2.2.18-alpha.
diff --git a/changes/bug3252 b/changes/bug3252
deleted file mode 100644
index f85f633fbd..0000000000
--- a/changes/bug3252
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor features:
- - Relays now log the reason for publishing a new relay descriptor,
- so we have a better chance of hunting down the root cause of bug
- 1810. Resolves ticket 3252.
diff --git a/changes/bug3270 b/changes/bug3270
deleted file mode 100644
index b37bb983cc..0000000000
--- a/changes/bug3270
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfixes
- - Use a wide type to hold sockets when built for 64-bit Windows builds.
- Fixes bug 3270.
-
diff --git a/changes/bug3289 b/changes/bug3289
deleted file mode 100644
index c469796d6e..0000000000
--- a/changes/bug3289
+++ /dev/null
@@ -1,5 +0,0 @@
- o Minor bugfixes:
- - Warn when the user configures two HiddenServiceDir lines that point
- to the same directory. Bugfix on 0.0.6 (the version introducing
- HiddenServiceDir); fixes bug 3289.
-
diff --git a/changes/bug3306 b/changes/bug3306
deleted file mode 100644
index f868a24af0..0000000000
--- a/changes/bug3306
+++ /dev/null
@@ -1,9 +0,0 @@
- o Minor bugfixes:
- - Make our crypto_rand_int() function check the value of its input
- correctly. Previously, it accepted values up to UINT_MAX, but
- could return a negative number if given a value above INT_MAX+1.
- Found by George Kadianakis. Fixes bug 3306; bugfix on 0.2.2pre14.
-
- - Avoid a segfault when reading a malformed circuit build state
- with more than INT_MAX entries. Found by wanoskarnet. Bugfix on
- 0.2.2.4-alpha.
diff --git a/changes/bug3309 b/changes/bug3309
deleted file mode 100644
index 104056d8e3..0000000000
--- a/changes/bug3309
+++ /dev/null
@@ -1,13 +0,0 @@
- o Minor bugfixes:
- - Clear the table recording the time of the last request for each
- hidden service descriptor from each HS directory on SIGNAL
- NEWNYM. Previously, we would clear our HS descriptor cache on
- SIGNAL NEWNYM, but if we had previously retrieved a descriptor
- (or tried to) from every directory responsible for it, we would
- refuse to fetch it again for up to 15 minutes. Bugfix on
- 0.2.2.25-alpha; fixes bug 3309.
-
- o Minor features:
- - Log (at info level) when purging pieces of hidden-service-client
- state on SIGNAL NEWNYM.
-
diff --git a/changes/bug3318 b/changes/bug3318
deleted file mode 100644
index 8a3c27825f..0000000000
--- a/changes/bug3318
+++ /dev/null
@@ -1,7 +0,0 @@
- o Minor bugfixes:
- - Fix a log message that said "bits" while displaying a value in
- bytes. Found by wanoskarnet. Fixes bug 3318; bugfix on
- 0.2.0.1-alpha.
- - When checking for 1024-bit keys, check for 1024 bits, not 128
- bytes. This allows Tor to correctly discard keys of length
- 1017 through 1023. Bugfix on 0.0.9pre5.
diff --git a/changes/bug3321 b/changes/bug3321
deleted file mode 100644
index 3605efce2d..0000000000
--- a/changes/bug3321
+++ /dev/null
@@ -1,7 +0,0 @@
- o Minor bugfixes:
- - In bug 2511 we fixed a case where you could use an unconfigured
- bridge if you had configured it as a bridge the last time you ran
- Tor. Now fix another edge case: if you had configured it as a bridge
- but then switched to a different bridge via the controller, you
- would still be willing to use the old one. Bugfix on 0.2.0.1-alpha;
- fixes bug 3321.
diff --git a/changes/bug3369 b/changes/bug3369
deleted file mode 100644
index 9c0d0e699a..0000000000
--- a/changes/bug3369
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfixes:
- - When asked about a DNS record type we don't support via a
- client DNSPort, reply with NOTIMPL rather than an empty
- reply. Patch by intrigeri. Fixes bug 3369; bugfix on 2.0.1-alpha.
diff --git a/changes/bug3393 b/changes/bug3393
deleted file mode 100644
index 677bcb7be2..0000000000
--- a/changes/bug3393
+++ /dev/null
@@ -1,5 +0,0 @@
- o Minor bugfixes:
- - Fix a bug when using ControlSocketsGroupWritable with User. The
- directory's group would be checked against the current group, not
- the configured group. Patch by Jérémy Bobbio. Fixes bug3393; bugfix
- on Tor 0.2.2.26-beta. \ No newline at end of file
diff --git a/changes/bug3465-022 b/changes/bug3465-022
deleted file mode 100644
index 2d226162aa..0000000000
--- a/changes/bug3465-022
+++ /dev/null
@@ -1,6 +0,0 @@
- o Minor bugfixes:
-
- - Add BUILDTIMEOUT_SET to the list returned by the 'GETINFO
- events/names' control-port command. Bugfix on 0.2.2.9-alpha;
- fixes part of bug 3465.
-
diff --git a/changes/bug3536 b/changes/bug3536
deleted file mode 100644
index d3cec131ba..0000000000
--- a/changes/bug3536
+++ /dev/null
@@ -1,5 +0,0 @@
- o Minor bugfixes:
- - Send a SUCCEEDED stream event to the controller when a reverse
- resolve succeeded. Fixes bug 3536; bugfix on 0.0.8pre1. Issue
- discovered by katmagic.
-
diff --git a/changes/bug3577 b/changes/bug3577
deleted file mode 100644
index 6335272752..0000000000
--- a/changes/bug3577
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfixes:
- - Allow GETINFO fingerprint to return a fingerprint even when
- we have not yet built a router descriptor. Fixes bug 3577;
- bugfix on 0.2.0.1-alpha.
diff --git a/changes/bug3607 b/changes/bug3607
deleted file mode 100644
index 5ece21934b..0000000000
--- a/changes/bug3607
+++ /dev/null
@@ -1,15 +0,0 @@
- o Minor bugfixes:
-
- - Write several files in text mode, on OSes that distinguish text
- mode from binary mode (namely, Windows). These files are:
- buffer-stats, dirreq-stats, and entry-stats on relays that collect
- those statistics; client_keys and hostname files for hidden
- services that use authentication; and (in the tor-gencert utility)
- newly generated identity and signing keys. Previously, we
- wouldn't specify text mode or binary mode, leading to an assertion
- failure. Fixes bug 3607. Bugfix on 0.2.1.1-alpha (when the
- DirRecordUsageByCountry option which would have triggered the
- assertion failure was added), although this assertion failure
- would have occurred in tor-gencert on Windows in 0.2.0.1-alpha.
-
-
diff --git a/changes/bug3643 b/changes/bug3643
deleted file mode 100644
index 86bd920cac..0000000000
--- a/changes/bug3643
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfixes:
- - Selectively disable deprecation warnings on OS X because Lion started
- deprecating the shipped copy of openssl. Fixes bug 3643.
-
diff --git a/changes/bug3732 b/changes/bug3732
deleted file mode 100644
index 7a71d1aef3..0000000000
--- a/changes/bug3732
+++ /dev/null
@@ -1,7 +0,0 @@
- o Major bugfixes:
-
- - Remove an extra pair of quotation marks around the error
- message in control-port STATUS_GENERAL BUG events. Bugfix on
- 0.1.2.6-alpha; fixes bug 3732.
-
-
diff --git a/changes/bug3747 b/changes/bug3747
deleted file mode 100644
index 052dab1bd0..0000000000
--- a/changes/bug3747
+++ /dev/null
@@ -1,6 +0,0 @@
- o Major bugfixes:
- - Write control ports to disk only after switching UID and
- creating the data directory. This way, we don't fail when
- starting up with a nonexistant DataDirectory and a
- ControlPortWriteToFile setting based on that directory. Fixes
- bug 3747; bugfix on Tor 0.2.2.26-beta. \ No newline at end of file
diff --git a/changes/bug3894 b/changes/bug3894
deleted file mode 100644
index 4c2220aba8..0000000000
--- a/changes/bug3894
+++ /dev/null
@@ -1,4 +0,0 @@
- o Build fixes:
- - Clean up some code issues that prevented Tor from building on older
- BSDs. Fixes bug 3894; reported by grarpamp.
-
diff --git a/changes/bug3898a b/changes/bug3898a
deleted file mode 100644
index d40445e340..0000000000
--- a/changes/bug3898a
+++ /dev/null
@@ -1,6 +0,0 @@
- o Minor bugfixes:
- - Correct the man page to explain that HashedControlPassword and
- CookieAuthentication can both be set, in which case either method
- is sufficient to authenticate to Tor. Bugfix on 0.2.0.7-alpha,
- when we decided to allow these config options to both be set. Issue
- raised by bug 3898.
diff --git a/changes/bug3909 b/changes/bug3909
deleted file mode 100644
index 0b4b292030..0000000000
--- a/changes/bug3909
+++ /dev/null
@@ -1,3 +0,0 @@
- o Build fixes:
- - Search for a platform-specific version of "ar" when cross-compiling.
- Should fix builds on iOS. Found by Marco Bonetti.
diff --git a/changes/bug3923 b/changes/bug3923
deleted file mode 100644
index 9c0e138826..0000000000
--- a/changes/bug3923
+++ /dev/null
@@ -1,5 +0,0 @@
- o Major bugfies:
- - Avoid an assertion failure when reloading a configuration with
- TrackExitHosts changes. Found and fixed by 'laruldan'. Fixes
- bug 3923; bugfix on 0.2.2.25-alpha.
-
diff --git a/changes/bug3963 b/changes/bug3963
deleted file mode 100644
index 2fc44a095c..0000000000
--- a/changes/bug3963
+++ /dev/null
@@ -1,5 +0,0 @@
- o Minor bugfixes:
- - When configuring, starting, or stopping an NT service, stop
- immediately after the service configuration attempt has succeeded
- or failed. Fixes bug3963; bugfix on 0.2.0.7-alpha.
-
diff --git a/changes/bug4012_022 b/changes/bug4012_022
deleted file mode 100644
index f101db5535..0000000000
--- a/changes/bug4012_022
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor bugfixes (documentation):
- - Document the GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays
- directory authority option (introduced in Tor 0.2.2.34).
diff --git a/changes/bug4014 b/changes/bug4014
deleted file mode 100644
index 9c20c6c337..0000000000
--- a/changes/bug4014
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor features:
- - Adjust the expiration time on our SSL session certificates to
- better match SSL certs seen in the wild. Resolves ticket 4014.
diff --git a/changes/bug4059 b/changes/bug4059
deleted file mode 100644
index 82a4b1a10c..0000000000
--- a/changes/bug4059
+++ /dev/null
@@ -1,5 +0,0 @@
- o Minor bugfixes:
- - Change an integer overflow check in the OpenBSD_Malloc code so
- that GCC is less likely to eliminate it as impossible. Patch
- from Mansour Moufid. Fixes bug 4059.
-
diff --git a/changes/bug4115 b/changes/bug4115
deleted file mode 100644
index 626791a806..0000000000
--- a/changes/bug4115
+++ /dev/null
@@ -1,7 +0,0 @@
- o Security fixes:
- - Bridge relays now do their directory fetches inside Tor TLS
- connections, like all the other clients do, rather than connecting
- directly to the DirPort like public relays do. Removes another
- avenue for enumerating bridges. Fixes part of bug 4115; bugfix
- on 0.2.0.35.
-
diff --git a/changes/bug4124 b/changes/bug4124
deleted file mode 100644
index abe93ccdd8..0000000000
--- a/changes/bug4124
+++ /dev/null
@@ -1,6 +0,0 @@
- o Security fixes:
- - Bridges relays now build circuits for themselves in a more similar
- way to how clients build them. Removes another avenue for
- enumerating bridges. Fixes bug 4124; bugfix on 0.2.0.3-alpha,
- when bridges were introduced.
-
diff --git a/changes/bug4201 b/changes/bug4201
deleted file mode 100644
index 6f7d715af2..0000000000
--- a/changes/bug4201
+++ /dev/null
@@ -1,5 +0,0 @@
- o Minor bugfixes:
- - Bridges now skip DNS self-tests, to act a little more stealthily.
- Fixes bug 4201; bugfix on 0.2.0.3-alpha, which first introduced
- bridges. Patch by "warms0x".
-
diff --git a/changes/bug4212 b/changes/bug4212
deleted file mode 100644
index 6222a59978..0000000000
--- a/changes/bug4212
+++ /dev/null
@@ -1,13 +0,0 @@
- o Major bugfixes:
-
- - Don't launch a useless circuit after failing to use one of a
- hidden service's introduction points. Previously, we would
- launch a new introduction circuit, but not set the hidden
- service which that circuit was intended to connect to, so it
- would never actually be used. A different piece of code would
- then create a new introduction circuit correctly, so this bug
- was harmless until it caused an assertion in the client-side
- part of the #3825 fix to fail. Bug reported by katmagic and
- found by Sebastian Hahn. Bugfix on 0.2.1.13-alpha; fixes bug
- 4212.
-
diff --git a/changes/bug4230 b/changes/bug4230
deleted file mode 100644
index c1ba5847fc..0000000000
--- a/changes/bug4230
+++ /dev/null
@@ -1,5 +0,0 @@
- o Minor bugfixes:
- - Resolve an integer overflow bug in smartlist_ensure_capacity.
- Fixes bug 4230; bugfix on Tor 0.1.0.1-rc. Based on a patch by
- Mansour Moufid.
-
diff --git a/changes/bug4251 b/changes/bug4251
deleted file mode 100644
index 303c9e6364..0000000000
--- a/changes/bug4251
+++ /dev/null
@@ -1,8 +0,0 @@
- o Minor bugfixes:
-
- - When a hidden service turns an extra service-side introduction
- circuit into a general-purpose circuit, free the rend_data and
- intro_key fields first, so they won't be leaked if the circuit
- is cannibalized for use as another service-side introduction
- circuit. Bugfix on 0.2.1.7-alpha; fixes bug 4251.
-
diff --git a/changes/bug4259 b/changes/bug4259
deleted file mode 100644
index bfccd3aee8..0000000000
--- a/changes/bug4259
+++ /dev/null
@@ -1,4 +0,0 @@
- o Major bugfixes:
- - Fix a crash bug when changing node restrictions while a DNS lookup
- is in-progress. Fixes bug 4259; bugfix on 0.2.2.25-alpha. Bugfix
- by "Tey'".
diff --git a/changes/bug4299 b/changes/bug4299
deleted file mode 100644
index c43d81460a..0000000000
--- a/changes/bug4299
+++ /dev/null
@@ -1,5 +0,0 @@
- o Major bugfix:
- - Do not process cells on a marked-for-close connection. We previously
- avoided this by not calling read handlers on marked connections, but
- that's not adequate for the case when cells are very small. Fixes
- bug 4299; bugfix on 0.2.0.20-rc which first made small cells possible.
diff --git a/changes/bug4309 b/changes/bug4309
deleted file mode 100644
index f4f910e7ff..0000000000
--- a/changes/bug4309
+++ /dev/null
@@ -1,5 +0,0 @@
- o Minor bugfixes:
- - Remove a confusing dollar sign from the example fingerprint in the
- man page, and also make example fingerprint a valid one. Fixes bug
- 4309; bugfix on 0.2.1.3-alpha.
-
diff --git a/changes/bug4331 b/changes/bug4331
deleted file mode 100644
index 011238a962..0000000000
--- a/changes/bug4331
+++ /dev/null
@@ -1,4 +0,0 @@
- o Trivial fixes:
- - Fixed a typo in a hibernation-related log message. Fixes bug 4331;
- bugfix on 0.2.2.23-alpha; found by "tmpname0901".
-
diff --git a/changes/bug4340 b/changes/bug4340
deleted file mode 100644
index 08098b1cd5..0000000000
--- a/changes/bug4340
+++ /dev/null
@@ -1,5 +0,0 @@
- o Major bugfixes:
- - Don't crash when we're running as a relay and don't have a geoip
- file. Bugfix on tor-0.2.2.34; fixes bug 4340. This backports a fix
- we've had in master already.
-
diff --git a/changes/bug4349 b/changes/bug4349
deleted file mode 100644
index 633916bdfd..0000000000
--- a/changes/bug4349
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfixes:
- - When sending a NETINFO cell, include the original address
- received for the other side, not its canonical address. Found
- by "troll_un"; fixes bug 4349; bugfix on 0.2.0.10-alpha.
diff --git a/changes/bug4353 b/changes/bug4353
deleted file mode 100644
index 5e80c902c8..0000000000
--- a/changes/bug4353
+++ /dev/null
@@ -1,7 +0,0 @@
- o Minor bugfixes:
- - When running as client without a geoip database, do not print a
- misleading (and plain wrong) log message that we're collecting
- dirreq statistics - we're not collecting statistics as clients.
- Also don't create a useless (because empty) stats file in the
- stats/ directory. Fixes bug 4353, bugfix on 0.2.2.34.
-
diff --git a/changes/bug4383 b/changes/bug4383
deleted file mode 100644
index e618b8c8fb..0000000000
--- a/changes/bug4383
+++ /dev/null
@@ -1,5 +0,0 @@
- o Minor bugfixes:
- - Fix a memleak in launch_direct_bridge_descriptor_fetch() that
- occured when a client tried to fetch a descriptor for a bridge
- in ExcludeNodes. Fixes #4383; bugfix on 0.2.2.25-alpha.
-
diff --git a/changes/bug4410 b/changes/bug4410
deleted file mode 100644
index f42893adf4..0000000000
--- a/changes/bug4410
+++ /dev/null
@@ -1,5 +0,0 @@
- o Major bugfixes:
- - Correctly sanity-check that we don't underflow on a memory allocation
- for introduction point decryption. Bug discovered by Dan Rosenberg.
- Fixes bug 4410; bugfix on 0.2.1.5-alpha.
-
diff --git a/changes/bug4424 b/changes/bug4424
deleted file mode 100644
index 443625dca6..0000000000
--- a/changes/bug4424
+++ /dev/null
@@ -1,6 +0,0 @@
- o Major bugfixes
-
- - Don't leak memory when we check whether a hidden service
- descriptor has any usable introduction points left. Fixes bug
- 4424. Bugfix on 0.2.2.25-alpha.
-
diff --git a/changes/bug4426 b/changes/bug4426
deleted file mode 100644
index 1322243d09..0000000000
--- a/changes/bug4426
+++ /dev/null
@@ -1,8 +0,0 @@
- o Minor features:
-
- - When Tor ignores a hidden service specified in its
- configuration, include the hidden service's directory in the
- warning message. Previously, we would only tell the user that
- some hidden service was ignored. Bugfix on 0.0.6; fixes bug
- 4426.
-
diff --git a/changes/bug4437 b/changes/bug4437
deleted file mode 100644
index 985c670b15..0000000000
--- a/changes/bug4437
+++ /dev/null
@@ -1,5 +0,0 @@
- o Minor bugfixes:
- - Don't warn about unused log_mutex in log.c when building with
- --disable-threads using a recent GCC. Fixes bug 4437; bugfix on
- 0.1.0.6-rc which introduced --disable-threads.
-
diff --git a/changes/bug4457 b/changes/bug4457
deleted file mode 100644
index fe7c95ff80..0000000000
--- a/changes/bug4457
+++ /dev/null
@@ -1,9 +0,0 @@
- o Minor bugfixes:
- - Initialize Libevent with the EVENT_BASE_FLAG_NOLOCK flag enabled, so
- that it doesn't attempt to allocate a socketpair. This could cause
- some problems on windows systems with overzealous firewalls. Fix for
- bug 4457; workaround for Libevent versions 2.0.1-alpha through
- 2.0.15-stable.
-
- - Detect failure to initialize Libevent. Better detection for bug 4457.
-
diff --git a/changes/bug4518 b/changes/bug4518
deleted file mode 100644
index 8dcb93bf72..0000000000
--- a/changes/bug4518
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfixes (performance):
- - Avoid frequent calls to the fairly expensive cull_wedged_cpuworkers
- function. This was eating up hideously large amounts of time on some
- busy servers. Fixes bug 4518.
diff --git a/changes/bug4521 b/changes/bug4521
deleted file mode 100644
index 9b0bae9b00..0000000000
--- a/changes/bug4521
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor bugfixes:
- - Backport fixes for a pair of compilation warnings on Windows.
- Fixes bug 4521; bugfix on 0.2.2.28-beta and on 0.2.2.29-beta.
diff --git a/changes/bug4529 b/changes/bug4529
deleted file mode 100644
index 89d10b2f6b..0000000000
--- a/changes/bug4529
+++ /dev/null
@@ -1,5 +0,0 @@
- o Minor bufixes:
- - If we had ever tried to call tor_addr_to_str on an address of
- unknown type, we would have done a strdup on an uninitialized
- buffer. Now we won't. Fixes bug 4529; bugfix on 0.2.1.3-alpha.
- Reported by "troll_un".
diff --git a/changes/bug4530 b/changes/bug4530
deleted file mode 100644
index 7cd4726e57..0000000000
--- a/changes/bug4530
+++ /dev/null
@@ -1,6 +0,0 @@
- o Minor bugfixes:
-
- - Correctly detect and handle transient lookup failures from
- tor_addr_lookup. Fixes bug 4530; bugfix on 0.2.1.5-alpha.
- Reported by "troll_un".
-
diff --git a/changes/bug4531 b/changes/bug4531
deleted file mode 100644
index 6209f9a058..0000000000
--- a/changes/bug4531
+++ /dev/null
@@ -1,4 +0,0 @@
- o Major bugfixes:
- - Fix null-pointer access that could occur if TLS allocation failed.
- Fixes bug 4531; bugfix on 0.2.0.20-rc. Found by "troll_un".
-
diff --git a/changes/bug4533_part2 b/changes/bug4533_part2
deleted file mode 100644
index 7e0f7c313e..0000000000
--- a/changes/bug4533_part2
+++ /dev/null
@@ -1,5 +0,0 @@
- o Major bugfixes:
- - Fix the SOCKET_OK test that we use to tell when socket
- creation fails so that it works on Win64. Fixes part of bug
- 4533; bugfix on 0.2.2.29-beta. Bug found by wanoskarnet.
-
diff --git a/changes/bug4535 b/changes/bug4535
deleted file mode 100644
index 57ced29d0b..0000000000
--- a/changes/bug4535
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor bugfixes:
- - Use tor_socket_t type for listener argument to accept(). Fixes bug
- 4535; bugfix on 0.2.2.28-beta. Found by "troll_un".
diff --git a/changes/bug4786 b/changes/bug4786
deleted file mode 100644
index 7c1c60f632..0000000000
--- a/changes/bug4786
+++ /dev/null
@@ -1,9 +0,0 @@
- - Feature removal:
- - When sending or relaying a RELAY_EARLY cell, we used to convert
- it to a RELAY cell if the connection was using the v1 link
- protocol. This was a workaround for older versions of Tor, which
- didn't handle RELAY_EARLY cells properly. Now that all supported
- versions can handle RELAY_EARLY cells, and now that we're
- enforcing the "no RELAY_EXTEND commands except in RELAY_EARLY
- cells" rule, we're removing this workaround. Addresses bug 4786.
-
diff --git a/changes/bug4788 b/changes/bug4788
deleted file mode 100644
index d65c0015a0..0000000000
--- a/changes/bug4788
+++ /dev/null
@@ -1,6 +0,0 @@
- o Minor features (directory server):
- - Directory servers now reject versions of Tor older than 0.2.1.30,
- and Tor versions between 0.2.2.1-alpha and 0.2.2.20-alpha
- (inclusive). These versions accounted for only a small fraction of
- the Tor network, and have numerous known security issues. Resolves
- issue #4788.
diff --git a/changes/bug4803 b/changes/bug4803
deleted file mode 100644
index cd25266c75..0000000000
--- a/changes/bug4803
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfixes:
- - Correctly spell "connect" in a log message when creating a controlsocket
- fails. Fixes bug 4803; bugfix on 0.2.2.26-beta/0.2.3.2-alpha.
-
diff --git a/changes/bug4822 b/changes/bug4822
deleted file mode 100644
index 73f43f0452..0000000000
--- a/changes/bug4822
+++ /dev/null
@@ -1,13 +0,0 @@
- o Major security workaround:
- - When building or running with any version of OpenSSL earlier
- than 0.9.8s or 1.0.0f, disable SSLv3 support. These versions had
- a bug (CVE-2011-4576) in which their block cipher padding
- included uninitialized data, potentially leaking sensitive
- information to any peer with whom they made a SSLv3
- connection. Tor does not use SSL v3 by default, but a hostile
- client or server could force an SSLv3 connection in order to
- gain information that they shouldn't have been able to get. The
- best solution here is to upgrade to OpenSSL 0.9.8s or 1.0.0f (or
- later). But when building or running with a non-upgraded
- OpenSSL, we should instead make sure that the bug can't happen
- by disabling SSLv3 entirely.
diff --git a/changes/bug4856 b/changes/bug4856
deleted file mode 100644
index fa284a09f5..0000000000
--- a/changes/bug4856
+++ /dev/null
@@ -1,3 +0,0 @@
- o Trivial bugfixes
- - Fix a typo in a log message in rend_service_rendezvous_has_opened().
- Fixes bug 4856; bugfix on Tor 0.0.6.
diff --git a/changes/bug5005 b/changes/bug5005
deleted file mode 100644
index 04d8dfe6a5..0000000000
--- a/changes/bug5005
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor bugfixes:
- - Update "ClientOnly" man page entry to explain that there isn't
- really any point to messing with it. Resolves ticket 5005.
diff --git a/changes/bug5065 b/changes/bug5065
deleted file mode 100644
index d195313623..0000000000
--- a/changes/bug5065
+++ /dev/null
@@ -1,5 +0,0 @@
- o Major bugfixes:
- - Fix build if path to sed, openssl or sha1sum contains spaces.
- This is pretty common on Windows. Fixes bug 5065; bugfix on
- 0.2.2.1-alpha.
-
diff --git a/changes/bug5067 b/changes/bug5067
deleted file mode 100644
index d94b921ce9..0000000000
--- a/changes/bug5067
+++ /dev/null
@@ -1,5 +0,0 @@
- o Minor bugfixes (usability):
- - Downgrade the "We're missing a certificate" message from notice
- to info: people kept mistaking it for a real problem, whereas it
- is only a problem when we are failing to bootstrap. Fixes bug
- 5067; bugfix on 0.2.10-alpha.
diff --git a/changes/bug5090 b/changes/bug5090
deleted file mode 100644
index d47858cb11..0000000000
--- a/changes/bug5090
+++ /dev/null
@@ -1,7 +0,0 @@
- o Minor bugfixes:
- - Detect and reject certain misformed escape sequences in configuration
- values. Previously, these values would cause us to crash if received
- in a torrc file or over an (authenticated) control port. Bug found by
- Esteban Manchado Velázquez. Patch by Alexander Schrijver. Fix for
- bug 5090; bugfix on 0.2.0.16-alpha.
-
diff --git a/changes/bug5259 b/changes/bug5259
deleted file mode 100644
index bdada586e9..0000000000
--- a/changes/bug5259
+++ /dev/null
@@ -1,3 +0,0 @@
- o Documentation fixes:
- - Clarify the behavior of MaxCircuitDirtiness with hidden service
- circuits. Fix for issue 5259.
diff --git a/changes/bug5283 b/changes/bug5283
deleted file mode 100644
index f0325cf26c..0000000000
--- a/changes/bug5283
+++ /dev/null
@@ -1,6 +0,0 @@
- o Major bugfixes:
- - Fix an edge case where if we fetch or publish a hidden service
- descriptor, we might build a 4-hop circuit and then use that circuit
- for exiting afterwards -- even if the new last hop doesn't obey our
- ExitNodes config option. Fixes bug 5283; bugfix on 0.2.0.10-alpha.
-
diff --git a/changes/bug5340 b/changes/bug5340
deleted file mode 100644
index 708988af08..0000000000
--- a/changes/bug5340
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor bugfixes:
- - Fix a compile warning when using the --enable-openbsd-malloc configure
- option. Fixes bug 5340; bugfix on 0.2.0.20-rc.
diff --git a/changes/bug5342 b/changes/bug5342
deleted file mode 100644
index b2ae4515a9..0000000000
--- a/changes/bug5342
+++ /dev/null
@@ -1,3 +0,0 @@
- o Security fixes:
- - Never use a bridge as an exit, even if it claims to be one. Found by
- wanoskarnet. Fixes bug 5342. Bugfix on ????.
diff --git a/changes/bug5343 b/changes/bug5343
deleted file mode 100644
index e4e14897f6..0000000000
--- a/changes/bug5343
+++ /dev/null
@@ -1,7 +0,0 @@
- o Security fixes:
- - Only build circuits if we have a sufficient threshold of the total
- descriptors marked in the consensus with the "Exit" flag. This
- mitigates an attack proposed by wanoskarnet, in which all of a
- client's bridges collude to restrict the exit nodes that the
- client knows about. Fixes bug 5343.
-
diff --git a/changes/bug5346 b/changes/bug5346
deleted file mode 100644
index 3d21f90144..0000000000
--- a/changes/bug5346
+++ /dev/null
@@ -1,8 +0,0 @@
- o Minor bugfixes:
- - Correct parsing of certain date types in parse_http_time().
- Without this patch, If-Modified-Since would behave
- incorrectly. Fix for bug 5346; bugfix on 0.2.0.2-alpha. Patch from
- Esteban Manchado Velázques.
- - Reject out-of-range times like 23:59:61. Fix for bug 5346;
- bugfix on 0.0.8pre3.
-
diff --git a/changes/bug5593 b/changes/bug5593
deleted file mode 100644
index 358e8de60d..0000000000
--- a/changes/bug5593
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor bugfixes:
- - When sending an HTTP/1.1 proxy request, include a Host header.
- Fixes bug 5593; bugfix on 0.2.2.1-alpha.
diff --git a/changes/bug5644 b/changes/bug5644
deleted file mode 100644
index a390eba996..0000000000
--- a/changes/bug5644
+++ /dev/null
@@ -1,5 +0,0 @@
- o Major bugfixes
- - Prevent a client-side assertion failure when receiving an
- INTRODUCE2 cell by an exit relay, in a general purpose
- circuit. Fixes bug 5644; bugfix on tor-0.2.1.6-alpha
-
diff --git a/changes/bug5647 b/changes/bug5647
deleted file mode 100644
index 92f41c8559..0000000000
--- a/changes/bug5647
+++ /dev/null
@@ -1,4 +0,0 @@
- o Major bugfixes:
- - Avoid logging uninitialized data when unable to decode a hidden
- service descriptor cookie. Fixes bug 5647; bugfix on 0.2.1.5-alpha.
-
diff --git a/changes/bug5650 b/changes/bug5650
new file mode 100644
index 0000000000..401e317074
--- /dev/null
+++ b/changes/bug5650
@@ -0,0 +1,5 @@
+ o Major bugfixes:
+ - Avoid a bug where our response to TLS renegotation under certain
+ network conditions could lead to a busy-loop, with 100% CPU
+ consumption. Fixes bug 5650; bugfix on 0.2.0.16-alpha.
+
diff --git a/changes/bug5760 b/changes/bug5760
deleted file mode 100644
index a26407b588..0000000000
--- a/changes/bug5760
+++ /dev/null
@@ -1,3 +0,0 @@
- o Major bugfixes:
- - End AUTHCHALLENGE error response messages with a CRLF. Fixes bug 5760;
- bugfix on 0.2.3.16-alpha, and backported to maint-0.2.2
diff --git a/changes/bug5786_range b/changes/bug5786_range
deleted file mode 100644
index 40ac4d2467..0000000000
--- a/changes/bug5786_range
+++ /dev/null
@@ -1,8 +0,0 @@
- o Minor bugfixes:
- - Make our number-parsing functions always treat too-large values
- as an error, even when those values exceed the width of the
- underlying type. Previously, if the caller provided these
- functions with minima or maxima set to the extreme values of the
- underlying integer type, these functions would return those
- values on overflow rather than treating overflow as an error.
- Fix for part of bug 5786; bugfix on Tor 0.0.9. \ No newline at end of file
diff --git a/changes/bug5796 b/changes/bug5796
deleted file mode 100644
index b92659f74a..0000000000
--- a/changes/bug5796
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfixes (controller):
- - Fix a NULL-pointer derefernce on a badly formed
- SETCIRCUITPURPOSE command. Found by mikeyc. Fixes bug 5796;
- bugfix on 0.2.2.9-alpha.
diff --git a/changes/bug5969_022 b/changes/bug5969_022
deleted file mode 100644
index 57c8744267..0000000000
--- a/changes/bug5969_022
+++ /dev/null
@@ -1,7 +0,0 @@
- o Minor bugfixes
- - Fix a build warning with Clang 3.1 related to our use of vasprint.
- Fix for bug 5969. Bugfix on 0.2.2.11-alpha.
-
- o Compilation improvements:
- - Tell GCC and Clang to check for any errors in format strings passed
- to the tor_v*(print|scan)f functions.
diff --git a/changes/bug6007 b/changes/bug6007
deleted file mode 100644
index 4e815754aa..0000000000
--- a/changes/bug6007
+++ /dev/null
@@ -1,5 +0,0 @@
- o Major bugfixes (security):
- - When waiting for a client to renegotiate, don't allow it to add
- any bytes to the input buffer. This fixes a DoS issue. Fix for
- bugs 6007 and 5934; bugfix on 0.2.0.20-rc.
-
diff --git a/changes/bug6024 b/changes/bug6024
new file mode 100644
index 0000000000..743e6ef1fe
--- /dev/null
+++ b/changes/bug6024
@@ -0,0 +1,2 @@
+ o Documentation fixes:
+ - Clarify that hidden services are TCP only. Fixes bug 6024.
diff --git a/changes/bug6033 b/changes/bug6033
deleted file mode 100644
index 56cffd68b7..0000000000
--- a/changes/bug6033
+++ /dev/null
@@ -1,6 +0,0 @@
- o Major bugfixes:
- - Work around a bug in OpenSSL that broke renegotiation with
- TLS 1.1 and TLS 1.2. Without this workaround, all attempts
- to speak the v2 Tor network protocol when both sides were
- using OpenSSL 1.0.1 would fail. Fix for bug 6033, which is
- not a bug in Tor.
diff --git a/changes/bug6043 b/changes/bug6043
new file mode 100644
index 0000000000..b88bafb788
--- /dev/null
+++ b/changes/bug6043
@@ -0,0 +1,6 @@
+ o Packaging (RPM):
+ - Our default RPM spec files have been updated to work with mock
+ and rpmbuild on RHEL/Fedora. They have an updated set of
+ dependencies and conflicts, a fix for an ancient typo when creating
+ the "_tor" user, and better instructions. Thanks to Ondrej
+ Mikle for the patch series; fix for bug 6043.
diff --git a/changes/bug6094 b/changes/bug6094
deleted file mode 100644
index 835d127dad..0000000000
--- a/changes/bug6094
+++ /dev/null
@@ -1,8 +0,0 @@
- o Major bugfixes:
-
- - Send a CRLF at the end of each STATUS_* control-port event. A
- change introduced in 0.2.3.16-alpha caused Tor to emit the CRLF
- in the middle of a STATUS_* event; among other things, this
- caused Vidalia to freeze. Fixes bug 6094; bugfix on
- 0.2.3.16-alpha.
-
diff --git a/changes/bug6218 b/changes/bug6218
new file mode 100644
index 0000000000..5d5d108b00
--- /dev/null
+++ b/changes/bug6218
@@ -0,0 +1,3 @@
+ o Minor bugfixes:
+ - Fix wrong TCP port range in parse_port_range(). Fixes bug 6218;
+ bugfix on 0.2.1.10-alpha.
diff --git a/changes/bug6244_part_c b/changes/bug6244_part_c
new file mode 100644
index 0000000000..dea6e7b69e
--- /dev/null
+++ b/changes/bug6244_part_c
@@ -0,0 +1,6 @@
+ o Major bugfixes (controller):
+ - Make wildcarded addresses (that is, ones beginning with *.) work when
+ provided via the controller's MapAddress command. Previously, they
+ were accepted, but we never actually noticed that they were wildcards.
+ Fix for bug 6244; bugfix on 0.2.3.9-alpha.
+
diff --git a/changes/bug6251 b/changes/bug6251
new file mode 100644
index 0000000000..c782a93e49
--- /dev/null
+++ b/changes/bug6251
@@ -0,0 +1,6 @@
+ o Minor bugfixes:
+ - Downgrade "set buildtimeout to low value" messages to INFO
+ severity; they were never an actual problem, there was never
+ anything reasonable to do about them, and they tended to spam
+ logs from time to time. Fix for bug 6251; bugfix on
+ 0.2.2.2-alpha. \ No newline at end of file
diff --git a/changes/bug6252_again b/changes/bug6252_again
new file mode 100644
index 0000000000..f7fd00cb38
--- /dev/null
+++ b/changes/bug6252_again
@@ -0,0 +1,11 @@
+ o Security fixes:
+ - Tear down the circuit if we get an unexpected SENDME cell. Clients
+ could use this trick to make their circuits receive cells faster
+ than our flow control would have allowed, or to gum up the network,
+ or possibly to do targeted memory denial-of-service attacks on
+ entry nodes. Fixes bug 6252. Bugfix on the 54th commit on Tor --
+ from July 2002, before the release of Tor 0.0.0. We had committed
+ this patch previously, but we had to revert it because of bug 6271.
+ Now that 6271 is fixed, this appears to work.
+
+
diff --git a/changes/bug6271 b/changes/bug6271
new file mode 100644
index 0000000000..06b129f73f
--- /dev/null
+++ b/changes/bug6271
@@ -0,0 +1,7 @@
+ o Major bugfixes
+
+ - Fix a bug handling SENDME cells on nonexistent streams that
+ could result in bizarre window values. Report and patch
+ contributed pseudymously. Fixes part of bug 6271. This bug
+ was introduced before the first Tor release, in svn commit
+ r152.
diff --git a/changes/bug6274 b/changes/bug6274
new file mode 100644
index 0000000000..ad1abcde54
--- /dev/null
+++ b/changes/bug6274
@@ -0,0 +1,3 @@
+ o Minor bugfixes:
+ - Ignore ServerTransportPlugin lines when Tor is not configured as
+ a relay. Fixes bug 6274; bugfix on 0.2.3.6-alpha.
diff --git a/changes/bug6274_2 b/changes/bug6274_2
new file mode 100644
index 0000000000..89576f9328
--- /dev/null
+++ b/changes/bug6274_2
@@ -0,0 +1,3 @@
+ o Minor features:
+ - Terminate active server managed proxies if Tor stops being a
+ relay. Addresses parts of bug 6274; bugfix on 0.2.3.6-alpha.
diff --git a/changes/bug6296 b/changes/bug6296
new file mode 100644
index 0000000000..b452b1745d
--- /dev/null
+++ b/changes/bug6296
@@ -0,0 +1,4 @@
+ o Minor bugfixes:
+
+ - Instead of ENOBUFS on Windows, say WSAENOBUFS. Fixes
+ compilation on Windows. Fixes bug 6296; bugfix on 0.2.3.18-rc.
diff --git a/changes/bug6341 b/changes/bug6341
new file mode 100644
index 0000000000..04e52c7cd3
--- /dev/null
+++ b/changes/bug6341
@@ -0,0 +1,5 @@
+ o Major bugfixes:
+ - Fix a possible crash bug when checking for deactivated circuits
+ in connection_or_flush_from_first_active_circuit(). Fixes bug
+ 6341; bugfix on 0.2.2.7-alpha. Bug report and fix received
+ pseudonymously.
diff --git a/changes/bug6377 b/changes/bug6377
new file mode 100644
index 0000000000..a3a3672783
--- /dev/null
+++ b/changes/bug6377
@@ -0,0 +1,4 @@
+ o Testing:
+ - Make it possible to set the TestingTorNetwork configuration
+ option using AlternateDirAuthority and AlternateBridgeAuthority
+ as an alternative to setting DirServer.
diff --git a/changes/bug6379 b/changes/bug6379
new file mode 100644
index 0000000000..1f2b6941cd
--- /dev/null
+++ b/changes/bug6379
@@ -0,0 +1,6 @@
+ o Minor bugfixes:
+ - Fix build warnings from --enable-openbsd-malloc with gcc warnings
+ enabled. Fixes bug 6379.
+ - Fix 64-bit warnings from --enable-openbsd-malloc. Fixes bug 6379.
+ Bugfix on 0.2.0.20-rc.
+
diff --git a/changes/bug6387 b/changes/bug6387
new file mode 100644
index 0000000000..73fc4f7cfe
--- /dev/null
+++ b/changes/bug6387
@@ -0,0 +1,3 @@
+ o Documentation:
+ - Clarify the documentation for the Alternate*Authority options.
+ Fixes bug 6387.
diff --git a/changes/bug6397 b/changes/bug6397
new file mode 100644
index 0000000000..23d8359bd2
--- /dev/null
+++ b/changes/bug6397
@@ -0,0 +1,4 @@
+ o Major bugfixes:
+ - When disabling guards for having too high a proportion of failed
+ circuits, make sure to look at each guard. Fix for bug 6397; bugfix
+ on 0.2.3.17-beta.
diff --git a/changes/bug6404 b/changes/bug6404
new file mode 100644
index 0000000000..948f00b92e
--- /dev/null
+++ b/changes/bug6404
@@ -0,0 +1,16 @@
+ o Minor bugfixes:
+
+ - Remove the maximum length of microdescriptor we are willing to
+ generate. Occasionally this is needed for routers
+ with complex policies or family declarations. Partial fix for
+ bug 6404; fix on 0.2.2.6-alpha.
+
+ - Authorities no longer include any router in their
+ microdescriptor consensuses for which they couldn't generate or
+ agree on a microdescriptor. Partial fix for bug 6404; fix on
+ 0.2.2.6-alpha.
+
+ - Move log message when unable to find a microdesc in a
+ routerstatus entry to parse time. Previously we'd spam this
+ warning every time we tried to figure out which microdescriptors
+ to download. Partial fix for bug 6404; fix on 0.2.3.18-rc.
diff --git a/changes/bug6423 b/changes/bug6423
new file mode 100644
index 0000000000..2ea4f1410d
--- /dev/null
+++ b/changes/bug6423
@@ -0,0 +1,3 @@
+ o Minor features:
+ - Consider new, removed or changed IPv6 OR ports a non cosmetic
+ change.
diff --git a/changes/bug6436 b/changes/bug6436
new file mode 100644
index 0000000000..2c163df105
--- /dev/null
+++ b/changes/bug6436
@@ -0,0 +1,3 @@
+ o Minor features:
+ - Provide a better error message about possible OSX Asciidoc failure
+ reasons. Fix for bug 6436.
diff --git a/changes/bug6472 b/changes/bug6472
new file mode 100644
index 0000000000..dcd42ebe68
--- /dev/null
+++ b/changes/bug6472
@@ -0,0 +1,4 @@
+ o Minor bugfixes:
+ - Avoid a pair of double-free and use-after-mark bugs that can
+ occur with certain timings in canceled and re-received DNS
+ requests. Fix for bug 6472; bugfix on 0.0.7rc1.
diff --git a/changes/bug6475 b/changes/bug6475
new file mode 100644
index 0000000000..67bab99622
--- /dev/null
+++ b/changes/bug6475
@@ -0,0 +1,6 @@
+ o Minor bugfixes:
+ - Add internal circuit construction state to protect against
+ the noisy warn message "Unexpectedly high circuit_successes".
+ Also add some additional rate-limited notice messages to help
+ determine the root cause of the warn. Fixes bug 6475.
+ Bugfix against 0.2.3.17-beta.
diff --git a/changes/bug6480 b/changes/bug6480
new file mode 100644
index 0000000000..83ae00b251
--- /dev/null
+++ b/changes/bug6480
@@ -0,0 +1,5 @@
+ o Major bugfixes:
+ - Avoid read-from-freed-RAM bug and related double-free bug that
+ could occur when a DNS request fails while launching it. Fixes
+ bug 6480; bugfix on 0.2.0.1-alpha.
+
diff --git a/changes/bug6490 b/changes/bug6490
new file mode 100644
index 0000000000..c92daad8f4
--- /dev/null
+++ b/changes/bug6490
@@ -0,0 +1,4 @@
+ o Minor features:
+ - Warn when Tor is configured to use accounting in a way that will
+ link a hidden service to some other hidden service or public
+ address. Fix for bug 6490.
diff --git a/changes/bug6500 b/changes/bug6500
new file mode 100644
index 0000000000..cac2054a3a
--- /dev/null
+++ b/changes/bug6500
@@ -0,0 +1,2 @@
+ o Minor bugfixes:
+ - Fix some typos in the manpages. Patch from A. Costa. Fixes bug 6500.
diff --git a/changes/bug6507 b/changes/bug6507
new file mode 100644
index 0000000000..89940cbf7b
--- /dev/null
+++ b/changes/bug6507
@@ -0,0 +1,15 @@
+ o Major bugfixes:
+ - Detect 'ORPort 0' as meaning, uniformly, that we're not running
+ as a server. Previously, some of our code would treat the
+ presence of any ORPort line as meaning that we should act like a
+ server, even though our new listener code would correctly not
+ open any ORPorts for ORPort 0. Similar bugs in other Port
+ options are also fixed. Fixes bug 6507; bugfix on 0.2.3.3-alpha.
+
+ o Minor features:
+
+ - Detect and reject attempts to specify both 'FooPort' and
+ 'FooPort 0' in the same configuration domain. (It's still okay
+ to have a FooPort in your configuration file,and use 'FooPort 0'
+ on the command line to disable it.) Fixes another case of
+ bug6507; bugfix on 0.2.3.3-alpha.
diff --git a/changes/bug6514 b/changes/bug6514
new file mode 100644
index 0000000000..84633bd279
--- /dev/null
+++ b/changes/bug6514
@@ -0,0 +1,5 @@
+ o Minor bugfixes:
+ - Add a (probably redundant) memory clear between iterations of
+ the router status voting loop, to prevent future coding errors
+ where data might leak between iterations of the loop. Resolves
+ ticket 6514.
diff --git a/changes/bug6710 b/changes/bug6710
new file mode 100644
index 0000000000..2c89346114
--- /dev/null
+++ b/changes/bug6710
@@ -0,0 +1,6 @@
+ o Major bugfixes (security):
+ - Reject any attempt to extend to an internal address. Without
+ this fix, a router could be used to probe addresses on an
+ internal network to see whether they were accepting
+ connections. Fix for bug 6710; bugfix on 0.0.8pre1.
+
diff --git a/changes/bug6732 b/changes/bug6732
new file mode 100644
index 0000000000..7a744e014a
--- /dev/null
+++ b/changes/bug6732
@@ -0,0 +1,3 @@
+ o Documentation:
+ - Add missing documentation for consensus and microdesc files. Fix for
+ bug 6732.
diff --git a/changes/bug6743 b/changes/bug6743
new file mode 100644
index 0000000000..6ec78f853a
--- /dev/null
+++ b/changes/bug6743
@@ -0,0 +1,9 @@
+ o Minor bugfixes:
+ - Allow one-hop directory fetching circuits the full "circuit build
+ timeout" period, rather than just half of it, before failing them
+ and marking the relay down. This fix should help reduce cases where
+ clients declare relays (or worse, bridges) unreachable because
+ the TLS handshake takes a few seconds to complete. Fixes bug 6743;
+ bugfix on 0.2.2.2-alpha, where we changed the timeout from a static
+ 30 seconds.
+
diff --git a/changes/bug6774 b/changes/bug6774
new file mode 100644
index 0000000000..0c137fd678
--- /dev/null
+++ b/changes/bug6774
@@ -0,0 +1,4 @@
+ o Minor bugfixes:
+ - Avoid crashing on a malformed state file where EntryGuardPathBias
+ precedes EntryGuard. Fix for bug 6774; bugfix on 0.2.3.17-beta.
+
diff --git a/changes/bug6801 b/changes/bug6801
new file mode 100644
index 0000000000..ef21acc98f
--- /dev/null
+++ b/changes/bug6801
@@ -0,0 +1,5 @@
+ o Minor bugfixes:
+ - Avoid segfault when starting up having run with an extremely old
+ version of Tor and parsing its state file. Fixes bug 6801; bugfix on
+ 0.2.2.23-alpha.
+
diff --git a/changes/bug6827 b/changes/bug6827
new file mode 100644
index 0000000000..bf71d2b97c
--- /dev/null
+++ b/changes/bug6827
@@ -0,0 +1,9 @@
+ o Minor bugfixes:
+
+ - Avoid undefined behaviour when parsing the list of supported
+ rendezvous/introduction protocols in a hidden service
+ descriptor. Previously, Tor would have confused (as-yet-unused)
+ protocol version numbers greater than 32 with lower ones on many
+ platforms. Fixes bug 6827; bugfix on 0.2.0.10-alpha; found by
+ George Kadianakis.
+
diff --git a/changes/bug6844 b/changes/bug6844
new file mode 100644
index 0000000000..338e19d9a5
--- /dev/null
+++ b/changes/bug6844
@@ -0,0 +1,4 @@
+ o Minor bugfixes:
+ - Correct file sizes when reading binary files on
+ Cygwin, to avoid a bug where Tor would fail to read its state file.
+ Fixes bug 6844; bugfix on 0.1.2.7-alpha.
diff --git a/changes/bug6866 b/changes/bug6866
new file mode 100644
index 0000000000..561676b765
--- /dev/null
+++ b/changes/bug6866
@@ -0,0 +1,4 @@
+ o Minor bugfixes:
+ - Convert an assert in the pathbias code to a log message. Assert
+ appears to only be triggerable by Tor2Web mode. Fixes bug 6866;
+ bugfix on 0.2.3.17-beta.
diff --git a/changes/bug7014 b/changes/bug7014
new file mode 100644
index 0000000000..1d39103a50
--- /dev/null
+++ b/changes/bug7014
@@ -0,0 +1,5 @@
+ o Minor bugfixes:
+ - Fix two cases in src/or/transports.c where we were calling
+ fmt_addr() twice in a parameter list. Bug found by David
+ Fifield. Fixes bug 7014; bugfix on 0.2.3.9-alpha.
+
diff --git a/changes/bug7022 b/changes/bug7022
new file mode 100644
index 0000000000..10ac354724
--- /dev/null
+++ b/changes/bug7022
@@ -0,0 +1,3 @@
+ o Minor bugfixes:
+ - Fix memory leaks whenever we logged any message about the "path
+ bias" detection. Fixes bug 7022; bugfix on 0.2.3.21-rc.
diff --git a/changes/bug7037 b/changes/bug7037
new file mode 100644
index 0000000000..fc3a1ad1c5
--- /dev/null
+++ b/changes/bug7037
@@ -0,0 +1,6 @@
+ o Minor bugfixes:
+ - When relays refuse a "create" cell because their queue of pending
+ create cells is too big (typically because their cpu can't keep up
+ with the arrival rate), send back reason "resource limit" rather
+ than reason "internal", so network measurement scripts can get a
+ more accurate picture. Bugfix on 0.1.1.11-alpha; fixes bug 7037.
diff --git a/changes/bug7190 b/changes/bug7190
new file mode 100644
index 0000000000..1607f79442
--- /dev/null
+++ b/changes/bug7190
@@ -0,0 +1,6 @@
+ o Minor bugfixes:
+ - Clients now consider the ClientRejectInternalAddresses config option
+ when using a microdescriptor consensus stanza to decide whether
+ an exit relay would allow exiting to an internal address. Fixes
+ bug 7190; bugfix on 0.2.3.1-alpha.
+
diff --git a/changes/bug7192 b/changes/bug7192
new file mode 100644
index 0000000000..10cbc2469a
--- /dev/null
+++ b/changes/bug7192
@@ -0,0 +1,10 @@
+ o Major bugfixes:
+ - When parsing exit policy summaries from microdescriptors, we had
+ previously been ignoring the last character in each one, so that
+ "accept 80,443,8080" would be treated by clients as indicating a
+ node that allows access to ports 80, 443, and 808. That would lead
+ to clients attempting connections that could never work, and
+ ignoring exit nodes that would support their connections. Now clients
+ parse these exit policy summaries correctly. Fixes bug 7192;
+ bugfix on 0.2.3.1-alpha.
+
diff --git a/changes/bug7352 b/changes/bug7352
new file mode 100644
index 0000000000..74a878dbe0
--- /dev/null
+++ b/changes/bug7352
@@ -0,0 +1,12 @@
+ o Major bugfixes:
+ - Tor tries to wipe potentially sensitive data after using it, so
+ that if some subsequent security failure exposes Tor's memory,
+ the damage will be limited. But we had a bug where the compiler
+ was eliminating these wipe operations when it decided that the
+ memory was no longer visible to a (correctly running) program,
+ hence defeating our attempt at defense in depth. We fix that
+ by using OpenSSL's OPENSSL_cleanse() operation, which a compiler
+ is unlikely to optimize away. Future versions of Tor may use
+ a less ridiculously heavy approach for this. Fixes bug 7352.
+ Reported in an article by Andrey Karpov.
+
diff --git a/changes/bug7464 b/changes/bug7464
new file mode 100644
index 0000000000..9259cc74a3
--- /dev/null
+++ b/changes/bug7464
@@ -0,0 +1,4 @@
+ o Minor bugfixes:
+ - Fix a harmless bug when opting against publishing a relay descriptor
+ because DisableNetwork is set. Fixes bug 7464; bugfix on
+ 0.2.3.9-alpha.
diff --git a/changes/bug7889 b/changes/bug7889
new file mode 100644
index 0000000000..ce99a59ce5
--- /dev/null
+++ b/changes/bug7889
@@ -0,0 +1,8 @@
+ o Major bugfixes:
+ - Reject bogus create and relay cells with 0 circuit ID or 0 stream
+ ID: these could be used to create unexpected streams and circuits
+ which would count as "present" to some parts of Tor but "absent"
+ to others, leading to zombie circuits and streams or to a
+ bandwidth DOS. Fixes bug 7889; bugfix on every released version of
+ Tor. Reported by "oftc_must_be_destroyed".
+
diff --git a/changes/bug8208 b/changes/bug8208
new file mode 100644
index 0000000000..c85db90b52
--- /dev/null
+++ b/changes/bug8208
@@ -0,0 +1,4 @@
+ o Minor bugfixes:
+ - Avoid a crash if we fail to generate an extrinfo descriptor.
+ Fixes bug 8208; bugfix on 0.2.3.16-alpha. Found by Coverity;
+ this is CID 718634.
diff --git a/changes/bug8377 b/changes/bug8377
new file mode 100644
index 0000000000..c9ad151bc9
--- /dev/null
+++ b/changes/bug8377
@@ -0,0 +1,3 @@
+ o Minor bugfixes:
+ - Correctly recognize that [::1] is a loopback address. Fixes bug #8377;
+ bugfix on 0.2.1.3-alpha.
diff --git a/changes/bug8844 b/changes/bug8844
new file mode 100644
index 0000000000..320e5f2845
--- /dev/null
+++ b/changes/bug8844
@@ -0,0 +1,6 @@
+ o Major bugfixes:
+ - Prevent the get_freelists() function from running off the end of
+ the list of freelists if it somehow gets an unrecognized
+ allocation. Fixes bug 8844; bugfix on 0.2.0.16-alpha. Reported by
+ eugenis.
+
diff --git a/changes/check-fetched-rend-desc-service-id b/changes/check-fetched-rend-desc-service-id
deleted file mode 100644
index 2f37c30216..0000000000
--- a/changes/check-fetched-rend-desc-service-id
+++ /dev/null
@@ -1,7 +0,0 @@
- o Security fixes:
- - When fetching a hidden service descriptor, check that it is for
- the hidden service we were trying to connect to, in order to
- stop a directory from pre-seeding a client with a descriptor for
- a hidden service that they didn't want. Bugfix on 0.0.6.
-
-
diff --git a/changes/check-public-key-exponents b/changes/check-public-key-exponents
deleted file mode 100644
index a8d00673be..0000000000
--- a/changes/check-public-key-exponents
+++ /dev/null
@@ -1,5 +0,0 @@
- o Minor bugfixes:
- - Require that introduction point keys and onion keys have public
- exponent 65537. Bugfix on 0.2.0.10-alpha.
-
-
diff --git a/changes/cid_428 b/changes/cid_428
deleted file mode 100644
index cb0fc8c2b2..0000000000
--- a/changes/cid_428
+++ /dev/null
@@ -1,5 +0,0 @@
- o Minor bugfixes:
- - Always NUL-terminate the sun_path field of a sockaddr_un before
- passing it to the kernel. (Not a security issue: kernels are
- smart enough to reject bad sockaddr_uns.) Found by Coverity; CID
- # 428. Bugfix on Tor 0.2.0.3-alpha.
diff --git a/changes/cid_450 b/changes/cid_450
deleted file mode 100644
index 2045fca239..0000000000
--- a/changes/cid_450
+++ /dev/null
@@ -1,5 +0,0 @@
- o Minor bugfixes:
- - Don't stack-allocate the list of supplementary GIDs when we're
- about to log them. Stack-allocating NGROUPS_MAX gid_t elements
- could take up to 256K, which is way too much stack. Found by
- Coverity; CID #450. Bugfix on 0.2.1.7-alpha.
diff --git a/changes/clang_30_options b/changes/clang_30_options
deleted file mode 100644
index e8e34c8e3e..0000000000
--- a/changes/clang_30_options
+++ /dev/null
@@ -1,5 +0,0 @@
- o Code simplifications and refactoring:
- - During configure, detect when we're building with clang version 3.0 or
- lower and disable the -Wnormalized=id and -Woverride-init CFLAGS.
- clang doesn't support them yet.
-
diff --git a/changes/cov479 b/changes/cov479
deleted file mode 100644
index afbaffc63b..0000000000
--- a/changes/cov479
+++ /dev/null
@@ -1,5 +0,0 @@
- o Minor bugfixes:
- - Fix internal bug-checking logic that was supposed to catch
- failures in digest generation so that it will fail more robustly
- if we ask for a nonexistent algorithm. Found by Coverity Scan.
- Bugfix on 0.2.2.1-alpha; fixes Coverity CID 479.
diff --git a/changes/cov484 b/changes/cov484
deleted file mode 100644
index 33adbda18c..0000000000
--- a/changes/cov484
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfixes:
- - Report any failure in init_keys() calls done because our IP address
- has changed. Spotted by Coverity Scan. Bugfix on 0.1.1.4-alpha;
- fixes CID 484.
diff --git a/changes/cov709056 b/changes/cov709056
new file mode 100644
index 0000000000..64a75ad8a2
--- /dev/null
+++ b/changes/cov709056
@@ -0,0 +1,4 @@
+ o Minor bugfixes:
+ - Check return value of fputs() when writing authority certificate
+ file. Fixes Coverity issue 709056; bugfix on 0.2.0.1-alpha.
+
diff --git a/changes/coverity_maint b/changes/coverity_maint
deleted file mode 100644
index e7be90a485..0000000000
--- a/changes/coverity_maint
+++ /dev/null
@@ -1,9 +0,0 @@
- o Code simplifications and refactoring:
- - Remove some dead code as indicated by coverity.
- - Remove a few dead assignments during router parsing. Found by coverity.
- o Minor bugfixes:
- - Add some forgotten return value checks during unit tests. Found
- by coverity.
- - Don't use 1-bit wide signed bit fields. Found by coverity.
- - Fix a rare memory leak during stats writing. Found by coverity.
-
diff --git a/changes/cve-2012-2249 b/changes/cve-2012-2249
new file mode 100644
index 0000000000..625bfa2f58
--- /dev/null
+++ b/changes/cve-2012-2249
@@ -0,0 +1,5 @@
+ o Major bugfixes (security):
+ - Discard extraneous renegotiation attempts once the V3 link
+ protocol has been initiated. Failure to do so left us open to
+ a remotely triggerable assertion failure. Fixes CVE-2012-2249;
+ bugfix on 0.2.3.6-alpha. Reported by "some guy from France".
diff --git a/changes/dirreq-stats-default b/changes/dirreq-stats-default
deleted file mode 100644
index df7ac11425..0000000000
--- a/changes/dirreq-stats-default
+++ /dev/null
@@ -1,5 +0,0 @@
- o Minor features:
- - Turn on directory request statistics by default and include them in
- extra-info descriptors. Don't break if we have no GeoIP database.
- Backported from 0.2.3.1-alpha; implements ticket 3951.
-
diff --git a/changes/dirserv-BUGGY-a b/changes/dirserv-BUGGY-a
new file mode 100644
index 0000000000..35b492a2d7
--- /dev/null
+++ b/changes/dirserv-BUGGY-a
@@ -0,0 +1,7 @@
+ o Minor bugfixes:
+
+ - Don't serve or accept v2 hidden service descriptors over a
+ relay's DirPort. It's never correct to do so, and disabling it
+ might make it more annoying to exploit any bugs that turn up in the
+ descriptor-parsing code. Fixes bug 7149.
+
diff --git a/changes/dirvote_null_deref b/changes/dirvote_null_deref
deleted file mode 100644
index 65dc519f52..0000000000
--- a/changes/dirvote_null_deref
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfixes:
- - Fix a potential null-pointer dereference while computing a consensus.
- Bugfix on tor-0.2.0.3-alpha, found with the help of clang's analyzer.
-
diff --git a/changes/disable_pathbias_messages b/changes/disable_pathbias_messages
new file mode 100644
index 0000000000..3bc996347b
--- /dev/null
+++ b/changes/disable_pathbias_messages
@@ -0,0 +1,3 @@
+ o Disabeled features
+ - Downgrade path-bias warning messages to INFO. We'll try to get them
+ working better in 0.2.4. Fixes bug 6475; bugfix on 0.2.3.17-beta.
diff --git a/changes/exit-policy-default-is-not-a-prefix b/changes/exit-policy-default-is-not-a-prefix
deleted file mode 100644
index 6eb1e8df99..0000000000
--- a/changes/exit-policy-default-is-not-a-prefix
+++ /dev/null
@@ -1,5 +0,0 @@
- o Minor bugfixes:
- - Remove a trailing asterisk from "exit-policy/default" in the
- output of the control port command "GETINFO info/names". Bugfix
- on 0.1.2.5-alpha.
-
diff --git a/changes/feature3049 b/changes/feature3049
deleted file mode 100644
index 7960a1f475..0000000000
--- a/changes/feature3049
+++ /dev/null
@@ -1,6 +0,0 @@
- o Major features:
- - Add an __OwningControllerProcess configuration option and a
- TAKEOWNERSHIP control-port command, so that a Tor controller can
- ensure that when it exits, Tor will shut down. Implements
- feature 3049.
-
diff --git a/changes/feature3076 b/changes/feature3076
deleted file mode 100644
index a3dcec8741..0000000000
--- a/changes/feature3076
+++ /dev/null
@@ -1,14 +0,0 @@
- o Minor features
- - The options SocksPort, ControlPort, and so on now all accept an
- optional value "auto" that opens a socket on an OS-selected port.
- o Minor features (controller)
- - GETINFO net/listeners/(type) now returns a list of the addresses
- and ports that are bound for listeners for a given connection
- type. This is useful for if the user has selected SocksPort
- "auto", and you need to know which port got chosen.
- - There is a ControlPortWriteToFile option that tells Tor to write
- its actual control port or ports to a chosen file. If the option
- ControlPortFileGroupReadable is set, the file is created as
- group-readable.
-
-
diff --git a/changes/feature4484 b/changes/feature4484
deleted file mode 100644
index 78154e9649..0000000000
--- a/changes/feature4484
+++ /dev/null
@@ -1,8 +0,0 @@
- o Minor features:
- - Add two new config options for directory authorities:
- AuthDirFastGuarantee sets a bandwidth threshold for guaranteeing the
- Fast flag, and AuthDirGuardBWGuarantee sets a bandwidth threshold
- that is always sufficient to satisfy the bandwidth requirement for
- the Guard flag. Now it will be easier for researchers to simulate
- Tor networks with different values. Resolves ticket 4484.
-
diff --git a/changes/fix-connection_printf_to_buf b/changes/fix-connection_printf_to_buf
deleted file mode 100644
index e191eac8a5..0000000000
--- a/changes/fix-connection_printf_to_buf
+++ /dev/null
@@ -1,15 +0,0 @@
- * Code simplifications and refactoring:
-
- - Make connection_printf_to_buf's behaviour sane. Its callers
- expect it to emit a CRLF iff the format string ends with CRLF;
- it actually emits a CRLF iff (a) the format string ends with
- CRLF or (b) the resulting string is over 1023 characters long or
- (c) the format string does not end with CRLF ''and'' the
- resulting string is 1021 characters long or longer. Bugfix on
- 0.1.1.9-alpha; fixes part of bug 3407.
-
- - Make send_control_event_impl's behaviour sane. Its callers
- expect it to always emit a CRLF at the end of the string; it
- might emit extra control characters as well. Bugfix on
- 0.1.1.9-alpha; fixes another part of bug 3407.
-
diff --git a/changes/fmt_addr b/changes/fmt_addr
deleted file mode 100644
index b88c9e1bf4..0000000000
--- a/changes/fmt_addr
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfixes:
- - When unable to format an address as a string, report its value
- as "???" rather than reusing the last formatted address. Bugfix
- on 0.2.1.5-alpha.
diff --git a/changes/geoip-april2012 b/changes/geoip-april2012
deleted file mode 100644
index 66720c6d69..0000000000
--- a/changes/geoip-april2012
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor features:
- - Update to the April 3 2012 Maxmind GeoLite Country database.
-
diff --git a/changes/geoip-august2011 b/changes/geoip-august2011
deleted file mode 100644
index 6de8b0f29c..0000000000
--- a/changes/geoip-august2011
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor features:
- - Update to the August 2 2011 Maxmind GeoLite Country database.
-
diff --git a/changes/geoip-december2011 b/changes/geoip-december2011
deleted file mode 100644
index 82a708de62..0000000000
--- a/changes/geoip-december2011
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor features:
- - Update to the December 6 2011 Maxmind GeoLite Country database.
-
diff --git a/changes/geoip-february2012 b/changes/geoip-february2012
deleted file mode 100644
index 0711654021..0000000000
--- a/changes/geoip-february2012
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor features:
- - Update to the February 7 2012 Maxmind GeoLite Country database.
-
diff --git a/changes/geoip-january2012 b/changes/geoip-january2012
deleted file mode 100644
index 2f4180e578..0000000000
--- a/changes/geoip-january2012
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor features:
- - Update to the January 3 2012 Maxmind GeoLite Country database.
-
diff --git a/changes/geoip-july2011 b/changes/geoip-july2011
deleted file mode 100644
index 7a9f119be0..0000000000
--- a/changes/geoip-july2011
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor features:
- - Update to the July 1 2011 Maxmind GeoLite Country database.
-
diff --git a/changes/geoip-june2011 b/changes/geoip-june2011
deleted file mode 100644
index 8cf011b723..0000000000
--- a/changes/geoip-june2011
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor features:
- - Update to the June 1 2011 Maxmind GeoLite Country database.
-
diff --git a/changes/geoip-june2012 b/changes/geoip-june2012
deleted file mode 100644
index f73bf35529..0000000000
--- a/changes/geoip-june2012
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor features:
- - Update to the June 6 2012 Maxmind GeoLite Country database.
-
diff --git a/changes/geoip-march2012 b/changes/geoip-march2012
deleted file mode 100644
index 0f66d8fae2..0000000000
--- a/changes/geoip-march2012
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor features:
- - Update to the March 6 2012 Maxmind GeoLite Country database.
-
diff --git a/changes/geoip-may2011 b/changes/geoip-may2011
deleted file mode 100644
index c908f24b45..0000000000
--- a/changes/geoip-may2011
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor features:
- - Update to the May 1 2011 Maxmind GeoLite Country database.
-
diff --git a/changes/geoip-may2012 b/changes/geoip-may2012
deleted file mode 100644
index 1575eced87..0000000000
--- a/changes/geoip-may2012
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor features:
- - Update to the May 1 2012 Maxmind GeoLite Country database.
-
diff --git a/changes/geoip-november2011 b/changes/geoip-november2011
deleted file mode 100644
index 3aa8dc05c2..0000000000
--- a/changes/geoip-november2011
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor features:
- - Update to the November 1 2011 Maxmind GeoLite Country database.
-
diff --git a/changes/geoip-october2011 b/changes/geoip-october2011
deleted file mode 100644
index d5b6910edb..0000000000
--- a/changes/geoip-october2011
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor features:
- - Update to the October 4 2011 Maxmind GeoLite Country database.
-
diff --git a/changes/geoip-september2011 b/changes/geoip-september2011
deleted file mode 100644
index c41314b1f0..0000000000
--- a/changes/geoip-september2011
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor features:
- - Update to the September 6 2011 Maxmind GeoLite Country database.
-
diff --git a/changes/ides-becomes-turtles b/changes/ides-becomes-turtles
deleted file mode 100644
index 09d964fe9b..0000000000
--- a/changes/ides-becomes-turtles
+++ /dev/null
@@ -1,4 +0,0 @@
- o Directory authority changes:
- - Change IP address for ides (v3 directory authority), and rename it to
- turtles.
-
diff --git a/changes/issue-2011-10-19L b/changes/issue-2011-10-19L
deleted file mode 100644
index b879c9d401..0000000000
--- a/changes/issue-2011-10-19L
+++ /dev/null
@@ -1,28 +0,0 @@
- o Security fixes:
-
- - Don't send TLS certificate chains on outgoing OR connections
- from clients and bridges. Previously, each client or bridge
- would use a single cert chain for all outgoing OR connections
- for up to 24 hours, which allowed any relay connected to by a
- client or bridge to determine which entry guards it is using.
- This is a potential user-tracing bug for *all* users; everyone
- who uses Tor's client or hidden service functionality should
- upgrade. Fixes CVE-2011-2768. Bugfix on FIXME; found by
- frosty_un.
-
- - Don't use any OR connection on which we have received a
- CREATE_FAST cell to satisfy an EXTEND request. Previously, we
- would not consider whether a connection appears to be from a
- client or bridge when deciding whether to use that connection to
- satisfy an EXTEND request. Mitigates CVE-2011-2768, by
- preventing an attacker from determining whether an unpatched
- client is connected to a patched relay. Bugfix on FIXME; found
- by frosty_un.
-
- - Don't assign the Guard flag to relays running a version of Tor
- which would use an OR connection on which it has received a
- CREATE_FAST cell to satisfy an EXTEND request. Mitigates
- CVE-2011-2768, by ensuring that clients will not connect
- directly to any relay which an attacker could probe for an
- unpatched client's connections.
-
diff --git a/changes/issue-2011-10-23G b/changes/issue-2011-10-23G
deleted file mode 100644
index 45f86754f0..0000000000
--- a/changes/issue-2011-10-23G
+++ /dev/null
@@ -1,9 +0,0 @@
- o Security fixes:
-
- - Reject CREATE and CREATE_FAST cells on outgoing OR connections
- from a bridge to a relay. Previously, we would accept them and
- handle them normally, thereby allowing a malicious relay to
- easily distinguish bridges which connect to it from clients.
- Fixes CVE-2011-2769. Bugfix on 0.2.0.3-alpha, when bridges were
- implemented; found by frosty_un.
-
diff --git a/changes/link_negotiation_assert b/changes/link_negotiation_assert
new file mode 100644
index 0000000000..398a545573
--- /dev/null
+++ b/changes/link_negotiation_assert
@@ -0,0 +1,6 @@
+ o Major bugfixs (security):
+ - Fix a group of remotely triggerable assertion failures related to
+ incorrect link protocol negotiation. Found, diagnosed, and fixed
+ by "some guy from France." Fix for CVE-2012-2250; bugfix on
+ 0.2.3.6-alpha.
+
diff --git a/changes/maatuska-ip b/changes/maatuska-ip
deleted file mode 100644
index a00b43f866..0000000000
--- a/changes/maatuska-ip
+++ /dev/null
@@ -1,3 +0,0 @@
- o Directory authority changes:
- - Change IP address for maatuska (v3 directory authority).
-
diff --git a/changes/md_cache_replace b/changes/md_cache_replace
deleted file mode 100644
index 88e029c00a..0000000000
--- a/changes/md_cache_replace
+++ /dev/null
@@ -1,6 +0,0 @@
- o Minor bugfixes
- - Avoid a bug that would keep us from replacing a microdescriptor
- cache on Windows. (We would try to replace the file while still
- holding it open. That's fine on Unix, but Windows doesn't let us
- do that.) Bugfix on 0.2.2.6-alpha; bug found by wanoskarnet.
-
diff --git a/changes/mdesc_null_deref b/changes/mdesc_null_deref
deleted file mode 100644
index 30f0280536..0000000000
--- a/changes/mdesc_null_deref
+++ /dev/null
@@ -1,5 +0,0 @@
- o Minor bugfixes:
- - Avoid a possible null-pointer dereference when rebuilding the mdesc
- cache without actually having any descriptors to cache. Bugfix on
- 0.2.2.6-alpha. Issue discovered using clang's static analyzer.
-
diff --git a/changes/memleak_rendcache b/changes/memleak_rendcache
deleted file mode 100644
index 93b1f6141b..0000000000
--- a/changes/memleak_rendcache
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfixes:
- - Fix a memory leak when receiving a descriptor for a hidden
- service we didn't ask for. Found by Coverity; CID#30. Bugfix on
- 0.2.2.26-beta.
diff --git a/changes/msvc_lround b/changes/msvc_lround
deleted file mode 100644
index e4aea95351..0000000000
--- a/changes/msvc_lround
+++ /dev/null
@@ -1,4 +0,0 @@
- o Build fixes:
- - Provide a substitute implementation of lround() for MSVC, which
- apparently lacks it. Patch from Gisle Vanem.
-
diff --git a/changes/port_doc b/changes/port_doc
new file mode 100644
index 0000000000..0e8662f0ab
--- /dev/null
+++ b/changes/port_doc
@@ -0,0 +1,3 @@
+ o Minor features (usability):
+ - Try to make the warning when giving an obsolete SOCKSListenAddress
+ a littel more useful.
diff --git a/changes/replay-firstpart b/changes/replay-firstpart
deleted file mode 100644
index f4a7767fb1..0000000000
--- a/changes/replay-firstpart
+++ /dev/null
@@ -1,13 +0,0 @@
- o Minor features (security):
-
- - Check for replays of the public-key encrypted portion of an
- INTRODUCE1 cell, in addition to the current check for replays of
- the g^x value. This prevents a possible class of active attacks
- by an attacker who controls both an introduction point and a
- rendezvous point, and who uses the malleability of AES-CTR to
- alter the encrypted g^x portion of the INTRODUCE1 cell. We
- think that these attacks is infeasible (requiring the attacker
- to send on the order of zettabytes of altered cells in a short
- interval), but we'd rather block them off in case there are any
- classes of this attack that we missed. Reported by dvorak.
-
diff --git a/changes/routerlist_ins_replace b/changes/routerlist_ins_replace
deleted file mode 100644
index 7b442a2f5d..0000000000
--- a/changes/routerlist_ins_replace
+++ /dev/null
@@ -1,5 +0,0 @@
- o Minor bugfixes:
- - If we hit the error case where routerlist_insert() replaces an
- existing (old) server descriptor, make sure to remove that
- server descriptor from the old_routers list. Fix related to bug
- 1776. Bugfix on 0.2.2.18-alpha.
diff --git a/changes/safecookie b/changes/safecookie
deleted file mode 100644
index fd7d7af2b0..0000000000
--- a/changes/safecookie
+++ /dev/null
@@ -1,9 +0,0 @@
- o Security Features:
- - Provide controllers with a safer way to implement the cookie
- authentication mechanism. With the old method, if another locally
- running program could convince a controller that it was the Tor
- process, then that program could trick the contoller into
- telling it the contents of an arbitrary 32-byte file. The new
- "SAFECOOKIE" authentication method uses a challenge-response
- approach to prevent this. Fixes bug 5185, implements proposal 193.
-
diff --git a/changes/smartlist_foreach b/changes/smartlist_foreach
new file mode 100644
index 0000000000..2fd3a1a85c
--- /dev/null
+++ b/changes/smartlist_foreach
@@ -0,0 +1,8 @@
+ o Code simplification and refactoring:
+ - Do not use SMARTLIST_FOREACH for any loop whose body exceeds
+ 10 lines. Doing so in the past has led to hard-to-debug code.
+ The new style is to use the SMARTLIST_FOREACH_{BEGIN,END} pair.
+ Issue 6400.
+ - Do not nest SMARTLIST_FOREACH blocks within one another. Any
+ nested block ought to be using SMARTLIST_FOREACH_{BEGIN,END}.
+ Issue 6400.
diff --git a/changes/ticket-4063 b/changes/ticket-4063
deleted file mode 100644
index 6a985b8c25..0000000000
--- a/changes/ticket-4063
+++ /dev/null
@@ -1,6 +0,0 @@
- o Minor bugfixes (usability):
- - Downgrade log messages about circuit timeout calibration from
- "notice" to "info": they don't require or suggest any human
- intervention. Patch from Tom Lowenthal. Fixes bug 4063;
- bugfix on 0.2.2.14-alpha.
-
diff --git a/changes/ticket5749 b/changes/ticket5749
new file mode 100644
index 0000000000..0237241981
--- /dev/null
+++ b/changes/ticket5749
@@ -0,0 +1,3 @@
+ o New directory authorities:
+ - Add Faravahar (run by Sina Rabbani) as the ninth v3 directory
+ authority. Closes ticket 5749.
diff --git a/changes/timersub_bug b/changes/timersub_bug
deleted file mode 100644
index 9183862677..0000000000
--- a/changes/timersub_bug
+++ /dev/null
@@ -1,7 +0,0 @@
- o Major bugfixes:
- - Provide correct replacements for the timeradd() and timersub() functions
- for platforms that lack them (for example, windows). The timersub()
- function is used when expiring circuits, timeradd() is currently unused.
- Patch written by Vektor, who also reported the bug. Thanks! Bugfix
- on 0.2.2.24-alpha/0.2.3.1-alpha, fixes bug 4778.
-
diff --git a/changes/typo-fix-ohkah8Ah b/changes/typo-fix-ohkah8Ah
deleted file mode 100644
index 9b4e5c08cc..0000000000
--- a/changes/typo-fix-ohkah8Ah
+++ /dev/null
@@ -1,9 +0,0 @@
- * Minor bugfixes:
-
- - Clarify a log message specifying the characters permitted in
- HiddenServiceAuthorizeClient client names. Previously, the log
- message said that "[A-Za-z0-9+-_]" were permitted; that could
- have given the impression that every ASCII character between "+"
- and "_" was permitted. Now we say "[A-Za-z0-9+_-]". Bugfix on
- 0.2.1.5-alpha.
-
diff --git a/changes/win-bundle-path b/changes/win-bundle-path
deleted file mode 100644
index 32ff514ef2..0000000000
--- a/changes/win-bundle-path
+++ /dev/null
@@ -1,4 +0,0 @@
- o Packaging changes:
- - Remove absolute path from makensis.exe command to build Tor expert bundle
- in order to make it easier to automate package builds
-
diff --git a/changes/windows_8 b/changes/windows_8
deleted file mode 100644
index 405e4fa158..0000000000
--- a/changes/windows_8
+++ /dev/null
@@ -1,5 +0,0 @@
- o Minor bugfixes:
- - The next version of Windows will be called Windows 8, and it has a major
- version of 6, minor version of 2. Correctly identify that version instead
- of calling it "Very recent version". Fixes bug 4153; reported by funkstar.
-