diff options
Diffstat (limited to 'changes')
41 files changed, 221 insertions, 0 deletions
diff --git a/changes/21359 b/changes/21359 new file mode 100644 index 0000000000..cc9b377d52 --- /dev/null +++ b/changes/21359 @@ -0,0 +1,8 @@ + + o Minor features (portability, compilationc) + - Support building with recent LibreSSL code that uses opaque + structures. Closes ticket 21359. + - Autoconf now check to determine if OpenSSL + structures are opaque, instead of explicitly checking for + OpenSSL version numbers. + Part of ticket 21359. diff --git a/changes/bug18100 b/changes/bug18100 new file mode 100644 index 0000000000..cd3ba2c977 --- /dev/null +++ b/changes/bug18100 @@ -0,0 +1,5 @@ + o Major bugfixes (linux TPROXY support): + - Fix a typo that had prevented TPROXY-based transparent proxying from + working under Linux. Fixes bug 18100; bugfix on 0.2.6.3-alpha. + Patch from "d4fq0fQAgoJ". + diff --git a/changes/bug20059 b/changes/bug20059 new file mode 100644 index 0000000000..091fab06d1 --- /dev/null +++ b/changes/bug20059 @@ -0,0 +1,3 @@ + o Minor bugfixes (relay): + - Avoid a double-marked-circuit warning that can happen when we receive + DESTROY cells under heavy load. Fixes bug 20059; bugfix on 0.1.0.1-rc. diff --git a/changes/bug20247 b/changes/bug20247 new file mode 100644 index 0000000000..731cf0046f --- /dev/null +++ b/changes/bug20247 @@ -0,0 +1,4 @@ + o Minor bugfixes (linux seccomp2 sandbox): + - Avoid a sandbox failure when trying to re-bind to a socket and mark + it as IPv6-only. Fixes bug 20247; bugfix on 0.2.5.1-alpha. + diff --git a/changes/bug20307 b/changes/bug20307 new file mode 100644 index 0000000000..9112c9c78d --- /dev/null +++ b/changes/bug20307 @@ -0,0 +1,7 @@ + o Minor bugfixes (circuit, hidden service) + - When closing a circuit, the reason for doing so was assigned from an int + value to a uint16_t which is quite a problem for negative values that are + our internal reasons (ex: END_CIRC_REASON_IP_NOW_REDUNDANT). On the HS + side, this was causing introduction points to be flagged as unusable + because the reason wasn't the right one due to the bad conversion. + Partially fixes bug 21056 and fixes bug 20307; Bugfix on 0.2.8.1-alpha. diff --git a/changes/bug20509 b/changes/bug20509 new file mode 100644 index 0000000000..a39ca9f60b --- /dev/null +++ b/changes/bug20509 @@ -0,0 +1,5 @@ + o Minor features: + - Directory authorities now reject relays running versions + 0.2.9.1-alpha through 0.2.9.4-alpha, because those relays + suffer from bug 20499 and don't keep their consensus cache + up-to-date. Resolves ticket 20509. diff --git a/changes/bug21108_029 b/changes/bug21108_029 new file mode 100644 index 0000000000..3a3f004fc6 --- /dev/null +++ b/changes/bug21108_029 @@ -0,0 +1,6 @@ + o Major bugfixes (directory authority): + - During voting, when marking a node as a probable sybil, do not + clear its BadExit flag: sybils can still be bad in other ways + too. (We still clear the other flags.) Fixes bug 21108; bugfix + on 0.2.0.13-alpha. + diff --git a/changes/bug21278_extras b/changes/bug21278_extras new file mode 100644 index 0000000000..ffdf4a047b --- /dev/null +++ b/changes/bug21278_extras @@ -0,0 +1,3 @@ + o Minor bugfixes (code correctness): + - Repair a couple of (unreachable or harmless) cases of the risky + comparison-by-subtraction pattern that caused bug 21278. diff --git a/changes/bug21278_prevention b/changes/bug21278_prevention new file mode 100644 index 0000000000..e07f0a670c --- /dev/null +++ b/changes/bug21278_prevention @@ -0,0 +1,4 @@ + o Minor features (directory authority): + - Directory authorities now reject descriptors that claim to be + malformed versions of Tor. Helps prevent exploitation of bug 21278. + diff --git a/changes/bug21280 b/changes/bug21280 new file mode 100644 index 0000000000..e9f0bc174c --- /dev/null +++ b/changes/bug21280 @@ -0,0 +1,5 @@ + o Minor bugfixes (tor-resolve): + - The tor-resolve command line tool now rejects hostnames over 255 + characters in length. Previously, it would silently truncate + them, which could lead to bugs. Fixes bug 21280; bugfix on 0.0.9pre5. + Patch by "junglefowl". diff --git a/changes/bug21357 b/changes/bug21357 new file mode 100644 index 0000000000..a1cb43a78a --- /dev/null +++ b/changes/bug21357 @@ -0,0 +1,7 @@ + o Major bugfixes (IPv6 Exits): + - Stop rejecting all IPv6 traffic on Exits whose exit policy rejects IPv6 + addresses. Instead, only reject a port over IPv6 if the exit policy + rejects that port on more than an IPv6 /16 of addresses. This bug was + made worse by 17027 in 0.2.8.1-alpha, which rejects a relay's own IPv6 + address by default. + Fixes bug 21357; bugfix on commit 004f3f4e53 in 0.2.4.7-alpha. diff --git a/changes/bug21450 b/changes/bug21450 new file mode 100644 index 0000000000..a1cf89ab41 --- /dev/null +++ b/changes/bug21450 @@ -0,0 +1,4 @@ + o Minor bugfixes (voting consistency): + - Reject version numbers with components that exceed INT32_MAX. + Otherwise 32-bit and 64-bit platforms would behave inconsistently. + Fixes bug 21450; bugfix on 0.0.8pre1. diff --git a/changes/bug21507 b/changes/bug21507 new file mode 100644 index 0000000000..f83e291b63 --- /dev/null +++ b/changes/bug21507 @@ -0,0 +1,5 @@ + o Minor bugfixes (voting consistency): + - Reject version numbers with non-numeric prefixes (such as +, -, and + whitespace). Disallowing whitespace prevents differential version + parsing between POSIX-based and Windows platforms. + Fixes bug 21507 and part of 21508; bugfix on 0.0.8pre1. diff --git a/changes/bug21576 b/changes/bug21576 new file mode 100644 index 0000000000..68d8471192 --- /dev/null +++ b/changes/bug21576 @@ -0,0 +1,4 @@ + o Major bugfixes (crash, directory connections): + - Fix a rare crash when sending a begin cell on a circuit whose linked + directory connection has already been closed. Fixes bug 21576; + bugfix on Tor 0.2.9.3-alpha. Reported by alecmuffett. diff --git a/changes/bug21943 b/changes/bug21943 new file mode 100644 index 0000000000..dbe2c726d9 --- /dev/null +++ b/changes/bug21943 @@ -0,0 +1,6 @@ + o Minor bugfixes (Linux seccomp2 sandbox): + - The getpid() system call is now permitted under the Linux seccomp2 + sandbox, to avoid crashing with versions of OpenSSL (and other + libraries) that attempt to learn the process's PID by using the + syscall rather than the VDSO code. Fixes bug 21943; bugfix on + 0.2.5.1-alpha. diff --git a/changes/bug22034 b/changes/bug22034 new file mode 100644 index 0000000000..6d9e188740 --- /dev/null +++ b/changes/bug22034 @@ -0,0 +1,4 @@ + o Minor bugfixes (control port, regression): + - The GETINFO extra-info/digest/<digest> command was broken because of a + wrong base16 decode return value check. In was introduced in a refactor + of that API. Fixex bug #22034; bugfix on tor-0.2.9.1-alpha. diff --git a/changes/bug22245 b/changes/bug22245 new file mode 100644 index 0000000000..6ae18593ea --- /dev/null +++ b/changes/bug22245 @@ -0,0 +1,5 @@ + o Minor bugfixes (bandwidth accounting): + - Roll over monthly accounting at the configured hour and minute, + rather than always at 00:00. + Fixes bug 22245; bugfix on 0.0.9rc1. + Found by Andrey Karpov with PVS-Studio. diff --git a/changes/bug22370 b/changes/bug22370 new file mode 100644 index 0000000000..e0e87e3339 --- /dev/null +++ b/changes/bug22370 @@ -0,0 +1,4 @@ + o Minor bugfixes (memory handling): + - When directory authorities reject a router descriptor due to keypinning, + free the router descriptor rather than leaking the memory. + Fixes bug 22370; bugfix on 0.2.7.2-alpha. diff --git a/changes/bug22460_case2 b/changes/bug22460_case2 new file mode 100644 index 0000000000..0a11759832 --- /dev/null +++ b/changes/bug22460_case2 @@ -0,0 +1,8 @@ + o Major bugfixes (relay, link handshake): + + - When performing the v3 link handshake on a TLS connection, report that + we have the x509 certificate that we actually used on that connection, + even if we have changed certificates since that connection was first + opened. Previously, we would claim to have used our most recent x509 + link certificate, which would sometimes make the link handshake fail. + Fixes one case of bug 22460; bugfix on 0.2.3.6-alpha. diff --git a/changes/bug22490 b/changes/bug22490 new file mode 100644 index 0000000000..244dd50b36 --- /dev/null +++ b/changes/bug22490 @@ -0,0 +1,3 @@ + o Minor bugfixes (correctness): + - Avoid undefined behavior when parsing IPv6 entries from the geoip6 + file. Fixes bug 22490; bugfix on 0.2.4.6-alpha. diff --git a/changes/bug22516 b/changes/bug22516 new file mode 100644 index 0000000000..f024a3c470 --- /dev/null +++ b/changes/bug22516 @@ -0,0 +1,5 @@ + o Minor bugfixes (linux seccomp2 sandbox): + - Permit the fchmod system call, to avoid crashing on startup when + starting with the seccomp2 sandbox and an unexpected set of permissions + on the data directory or its contents. Fixes bug 22516; bugfix on + 0.2.5.4-alpha. diff --git a/changes/bug22636 b/changes/bug22636 new file mode 100644 index 0000000000..770cac72e9 --- /dev/null +++ b/changes/bug22636 @@ -0,0 +1,8 @@ + o Build features: + - Tor's repository now includes a Travis Continuous Integration (CI) + configuration file (.travis.yml). This is meant to help new developers and + contributors who fork Tor to a Github repository be better able to test + their changes, and understand what we expect to pass. To use this new build + feature, you must fork Tor to your Github account, then go into the + "Integrations" menu in the repository settings for your fork and enable + Travis, then push your changes. diff --git a/changes/bug22737 b/changes/bug22737 new file mode 100644 index 0000000000..f0de8e6c41 --- /dev/null +++ b/changes/bug22737 @@ -0,0 +1,12 @@ + o Minor bugfixes (defensive programming, undefined behavior): + + - Fix a memset() off the end of an array when packing cells. This + bug should be harmless in practice, since the corrupted bytes + are still in the same structure, and are always padding bytes, + ignored, or immediately overwritten, depending on compiler + behavior. Nevertheless, because the memset()'s purpose is to + make sure that any other cell-handling bugs can't expose bytes + to the network, we need to fix it. Fixes bug 22737; bugfix on + 0.2.4.11-alpha. Fixes CID 1401591. + + diff --git a/changes/bug22789 b/changes/bug22789 new file mode 100644 index 0000000000..a653592848 --- /dev/null +++ b/changes/bug22789 @@ -0,0 +1,7 @@ + o Major bugfixes (openbsd, denial-of-service): + - Avoid an assertion failure bug affecting our implementation of + inet_pton(AF_INET6) on certain OpenBSD systems whose strtol() + handling of "0xfoo" differs from what we had expected. + Fixes bug 22789; bugfix on 0.2.3.8-alpha. Also tracked as + TROVE-2017-007. + diff --git a/changes/bug22801 b/changes/bug22801 new file mode 100644 index 0000000000..7edc79bc84 --- /dev/null +++ b/changes/bug22801 @@ -0,0 +1,5 @@ + o Minor bugfixes (compilation): + - When building with certain versions the mingw C header files, avoid + float-conversion warnings when calling the C functions isfinite(), + isnan(), and signbit(). Fixes bug 22801; bugfix on 0.2.8.1-alpha. + diff --git a/changes/bug22838_028 b/changes/bug22838_028 new file mode 100644 index 0000000000..1d0a4fbfd1 --- /dev/null +++ b/changes/bug22838_028 @@ -0,0 +1,5 @@ + o Minor bugfixes (compilation, mingw, backport from 0.3.1.1-alpha): + - Backport a fix for an "unused variable" warning that appeared + in some versions of mingw. Fixes bug 22838; bugfix on + 0.2.8.1-alpha. + diff --git a/changes/bug22915 b/changes/bug22915 new file mode 100644 index 0000000000..17a9c6018f --- /dev/null +++ b/changes/bug22915 @@ -0,0 +1,3 @@ + o Minor bugfixes (compilation warnings): + - Suppress -Wdouble-promotion warnings with clang 4.0. Fixes bug 22915; + bugfix on 0.2.8.1-alpha. diff --git a/changes/bug22916_027 b/changes/bug22916_027 new file mode 100644 index 0000000000..5cf99c7d15 --- /dev/null +++ b/changes/bug22916_027 @@ -0,0 +1,3 @@ + o Minor bugfixes (Compilation): + - Fix warnings when building with libscrypt and openssl scrypt support + on Clang. Fixes bug 22916; bugfix on 0.2.7.2-alpha. diff --git a/changes/bug23030_029 b/changes/bug23030_029 new file mode 100644 index 0000000000..89a1b507d7 --- /dev/null +++ b/changes/bug23030_029 @@ -0,0 +1,7 @@ + o Minor bugfixes (coverity builds): + - Avoid Coverity build warnings related to our BUG() macro. By + default, Coverity treats BUG() as the Linux kernel does: an + instant abort(). We need to override that so our BUG() macro + doesn't prevent Coverity from analyzing functions that use it. + Fixes bug 23030; bugfix on 0.2.9.1-alpha. + diff --git a/changes/geoip-april2017 b/changes/geoip-april2017 new file mode 100644 index 0000000000..b489eaf016 --- /dev/null +++ b/changes/geoip-april2017 @@ -0,0 +1,4 @@ + o Minor features: + - Update geoip and geoip6 to the April 4 2017 Maxmind GeoLite2 + Country database. + diff --git a/changes/geoip-february2017 b/changes/geoip-february2017 new file mode 100644 index 0000000000..ec54b6122a --- /dev/null +++ b/changes/geoip-february2017 @@ -0,0 +1,4 @@ + o Minor features: + - Update geoip and geoip6 to the February 8 2017 Maxmind GeoLite2 + Country database. + diff --git a/changes/geoip-january2017 b/changes/geoip-january2017 new file mode 100644 index 0000000000..77bc9a5991 --- /dev/null +++ b/changes/geoip-january2017 @@ -0,0 +1,4 @@ + o Minor features (geoip): + - Update geoip and geoip6 to the January 4 2017 Maxmind GeoLite2 + Country database. + diff --git a/changes/geoip-july2017 b/changes/geoip-july2017 new file mode 100644 index 0000000000..ed10369f1b --- /dev/null +++ b/changes/geoip-july2017 @@ -0,0 +1,4 @@ + o Minor features: + - Update geoip and geoip6 to the July 4 2017 Maxmind GeoLite2 + Country database. + diff --git a/changes/geoip-june2017 b/changes/geoip-june2017 new file mode 100644 index 0000000000..2ea7bf105e --- /dev/null +++ b/changes/geoip-june2017 @@ -0,0 +1,4 @@ + o Minor features: + - Update geoip and geoip6 to the June 8 2017 Maxmind GeoLite2 + Country database. + diff --git a/changes/geoip-march2017 b/changes/geoip-march2017 new file mode 100644 index 0000000000..6dc92baa2f --- /dev/null +++ b/changes/geoip-march2017 @@ -0,0 +1,4 @@ + o Minor features: + - Update geoip and geoip6 to the March 7 2017 Maxmind GeoLite2 + Country database. + diff --git a/changes/geoip-may2017 b/changes/geoip-may2017 new file mode 100644 index 0000000000..4e504d7a0a --- /dev/null +++ b/changes/geoip-may2017 @@ -0,0 +1,4 @@ + o Minor features: + - Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2 + Country database. + diff --git a/changes/prop275-minimal b/changes/prop275-minimal new file mode 100644 index 0000000000..83d42f850b --- /dev/null +++ b/changes/prop275-minimal @@ -0,0 +1,9 @@ + o Minor features (future-proofing): + + - Tor no longer refuses to download microdescriptors or descriptors if + they are listed as "published in the future". This change will + eventually allow us to stop listing meaningful "published" dates + in microdescriptor consensuses, and thereby allow us to reduce the + resources required to download consensus diffs by over 50%. + Implements part of ticket 21642; implements part of proposal 275. + diff --git a/changes/ticket21564 b/changes/ticket21564 new file mode 100644 index 0000000000..7e01f41f8f --- /dev/null +++ b/changes/ticket21564 @@ -0,0 +1,6 @@ + o Minor features (fallback directory list): + - Replace the 177 fallbacks originally introduced in Tor 0.2.9.8 in + December 2016 (of which ~126 were still functional), with a list of + 151 fallbacks (32 new, 119 existing, 58 removed) generated in + May 2017. + Resolves ticket 21564. diff --git a/changes/trove-2017-001 b/changes/trove-2017-001 new file mode 100644 index 0000000000..5187e6d5f1 --- /dev/null +++ b/changes/trove-2017-001 @@ -0,0 +1,8 @@ + o Major bugfixes (security): + - Downgrade the "-ftrapv" option from "always on" to "only on when + --enable-expensive-hardening is provided." This hardening option, like + others, can turn survivable bugs into crashes--and having it on by + default made a (relatively harmless) integer overflow bug into a + denial-of-service bug. Fixes bug 21278 (TROVE-2017-001); bugfix on + 0.2.9.1-alpha. + diff --git a/changes/trove-2017-001.2 b/changes/trove-2017-001.2 new file mode 100644 index 0000000000..3ef073cf9f --- /dev/null +++ b/changes/trove-2017-001.2 @@ -0,0 +1,8 @@ + o Major bugfixes (parsing): + - Fix an integer underflow bug when comparing malformed Tor versions. + This bug is harmless, except when Tor has been built with + --enable-expensive-hardening, which would turn it into a crash; + or on Tor 0.2.9.1-alpha through Tor 0.2.9.8, which were built with + -ftrapv by default. + Part of TROVE-2017-001. Fixes bug 21278; bugfix on + 0.0.8pre1. Found by OSS-Fuzz. diff --git a/changes/trove-2017-005 b/changes/trove-2017-005 new file mode 100644 index 0000000000..cebb013f86 --- /dev/null +++ b/changes/trove-2017-005 @@ -0,0 +1,7 @@ + o Major bugfixes (hidden service, relay, security): + - Fix an assertion failure caused by receiving a BEGIN_DIR cell on + a hidden service rendezvous circuit. Fixes bug 22494, tracked as + TROVE-2017-005 and CVE-2017-0376; bugfix on 0.2.2.1-alpha. Found + by armadev. + + |