diff options
Diffstat (limited to 'changes')
103 files changed, 606 insertions, 20 deletions
diff --git a/changes/bug1240 b/changes/bug1240 new file mode 100644 index 0000000000..657066491c --- /dev/null +++ b/changes/bug1240 @@ -0,0 +1,8 @@ + o Minor bugfixes: + - When running with an older Linux kernel that erroneously responds + to strange nmap behavior by having accept() return successfully + with a zero-length socket, just close the connection. Previously, + we would try harder to learn the remote address: but there was no + such remote address to learn, and our method for trying to learn + it was incorrect. Fixes bugs #1240, #4745, and #4747. Bugfix on + 0.1.0.3-rc. Reported and diagnosed by "r1eo". diff --git a/changes/bug1297a b/changes/bug1297a new file mode 100644 index 0000000000..140b94e3b0 --- /dev/null +++ b/changes/bug1297a @@ -0,0 +1,16 @@ + o Major bugfixes: + - Apply circuit timeouts to opened hidden-service-related circuits + based on the correct start time. Previously, we would apply the + circuit build timeout based on time since the circuit's + creation; it was supposed to be applied based on time since the + circuit entered its current state. Bugfix on 0.0.6; fixes part + of bug 1297. + - Use the same circuit timeout for client-side introduction + circuits as for other four-hop circuits. Previously, + client-side introduction circuits were closed after the same + timeout as single-hop directory-fetch circuits; this was + appropriate with the static circuit build timeout in 0.2.1.x and + earlier, but caused many hidden service access attempts to fail + with the adaptive CBT introduced in 0.2.2.2-alpha. Bugfix on + 0.2.2.2-alpha; fixes another part of bug 1297. + diff --git a/changes/bug1345 b/changes/bug1345 new file mode 100644 index 0000000000..0c9375a35d --- /dev/null +++ b/changes/bug1345 @@ -0,0 +1,13 @@ + o Minor bugfixes: + - On SIGHUP, do not clear out all TrackHostExits mappings, client DNS + cache entries, and virtual address mappings: that's what NEWNYM is + for. Bugfix on Tor 0.1.0.1-rc; fixes bug 1345. + - When TrackHostExits is changed from a controller, remove any + mappings for hosts that should no longer have their exits tracked. + Bugfix on Tor 0.1.0.1-rc. + - When VirtualAddrNetwork option is changed from a controller, + remove any mappings for hosts that were automapped to + that network. Bugfix on 0.1.1.19-rc. + - When one of the AutomapHosts* options is changed from a + controller, remove any mappings for hosts that should no longer be + automapped. Bugfix on 0.2.0.1-alpha. diff --git a/changes/bug1352 b/changes/bug1352 new file mode 100644 index 0000000000..bde0192401 --- /dev/null +++ b/changes/bug1352 @@ -0,0 +1,4 @@ + o Minor features + - Rate-limit a warning about failures to download v2 networkstatus + documents. Resolves part of bug 1352. + diff --git a/changes/bug1526 b/changes/bug1526 deleted file mode 100644 index bae7104451..0000000000 --- a/changes/bug1526 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes: - - Build correctly on OSX with zlib 1.2.4 and higher with all warnings - enabled.
\ No newline at end of file diff --git a/changes/bug1810 b/changes/bug1810 new file mode 100644 index 0000000000..11e561f7cf --- /dev/null +++ b/changes/bug1810 @@ -0,0 +1,6 @@ + o Major bugfixes: + - Don't decide to make a new descriptor when receiving a HUP signal. + This bug has caused a lot of relays to disappear from the consensus + periodically. Fixes the most common case of triggering bug 1810; + bugfix on 0.2.2.7-alpha. + diff --git a/changes/bug2235 b/changes/bug2235 deleted file mode 100644 index 0c3bafa44f..0000000000 --- a/changes/bug2235 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes - - Avoid crashes when AccountingMax is set on clients. Fixes bug 2235; - Bugfix on 0.2.2.18-alpha. Diagnosed by boboper. diff --git a/changes/bug2355 b/changes/bug2355 new file mode 100644 index 0000000000..ee0ae4b96a --- /dev/null +++ b/changes/bug2355 @@ -0,0 +1,8 @@ + o Major features: + - If "UseBridges 1" is set and no bridges are configured, Tor will + now refuse to build any circuits until some bridges are set. + If "UseBridges auto" is set, Tor will use bridges if they are + configured and we are not running as a server, but otherwise + will make circuits as usual. The new default is "auto". Patch + by anonym. + diff --git a/changes/bug2355_revert b/changes/bug2355_revert new file mode 100644 index 0000000000..2ded40ad8e --- /dev/null +++ b/changes/bug2355_revert @@ -0,0 +1,7 @@ + o Minor bugfixes: + - Revert the UseBridges option to its behavior before 0.2.2.28-beta. + When we changed the default behavior to "use bridges if any are + listed in the torrc", we broke a number of users who had bridges + in their torrc files but who didn't actually want to use them. + Partial resolution for bug 3354. + diff --git a/changes/bug2433 b/changes/bug2433 deleted file mode 100644 index 8e47c4f024..0000000000 --- a/changes/bug2433 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes: - - Don't assert when changing from bridge to relay or vice versa with a controller. - The assert happened because we didn't properly initialize our keys in this case. - Bugfix on 0.2.2.18, fixes bug 2433. Issue first discovered by bastik. - diff --git a/changes/bug2442 b/changes/bug2442 new file mode 100644 index 0000000000..cbcc22bb80 --- /dev/null +++ b/changes/bug2442 @@ -0,0 +1,8 @@ + * Minor bugfixes: + + - Demote the 'replay detected' log message emitted when a hidden + service receives the same Diffie-Hellman public key in two + different INTRODUCE2 cells to info level. A normal Tor client + can cause that log message during its normal operation. Bugfix + on 0.2.1.6-alpha; fixes part of bug 2442. + diff --git a/changes/bug2442b b/changes/bug2442b new file mode 100644 index 0000000000..02e1636e91 --- /dev/null +++ b/changes/bug2442b @@ -0,0 +1,8 @@ + * Minor bugfixes: + + - Demote the 'INTRODUCE2 cell is too {old,new}' log message to + info level. There is nothing that a hidden service's operator + can do to fix its clients' clocks. Bugfix on 0.2.1.6-alpha; + fixes part of bug 2442. + + diff --git a/changes/bug2503 b/changes/bug2503 new file mode 100644 index 0000000000..50b8bf50c2 --- /dev/null +++ b/changes/bug2503 @@ -0,0 +1,4 @@ + o Minor features: + - When an HTTPS proxy reports "403 Forbidden", we now explain + what it means rather than calling it an unexpected status code. + Closes bug 2503. Patch from "mikey". diff --git a/changes/bug2572 b/changes/bug2572 deleted file mode 100644 index a5cca284a1..0000000000 --- a/changes/bug2572 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - Don't crash a bridge authority on SIGHUP if it can't force itself - into its routerlist. Fixes bug 2572. - - diff --git a/changes/bug2649a b/changes/bug2649a new file mode 100644 index 0000000000..4ee31ebdb6 --- /dev/null +++ b/changes/bug2649a @@ -0,0 +1,5 @@ + o Minor features: + - Add a VoteOnHidServDirectoriesV2 configuration option to allow + directory authorities to abstain from voting on assignment of + the HSDir consensus flag. Related to bug 2649. + diff --git a/changes/bug2649b b/changes/bug2649b new file mode 100644 index 0000000000..1ff14e5569 --- /dev/null +++ b/changes/bug2649b @@ -0,0 +1,5 @@ + o Minor bugfixes: + - Change the default required uptime for a relay to be accepted as + a HSDir from 24 hours to 25 hours. Bugfix on 0.2.0.10-alpha; + fixes bug 2649. + diff --git a/changes/bug2732-simple b/changes/bug2732-simple new file mode 100644 index 0000000000..367836152d --- /dev/null +++ b/changes/bug2732-simple @@ -0,0 +1,7 @@ + o Minor bugfixes + - Do not reject hidden service descriptors simply because we don't + think we have not been assigned the HSDir flag. Clients and + hidden services can have a more up-to-date view of the network + consensus, and if they think that the directory authorities + list us a HSDir, we might actually be one. Related to bug 2732; + bugfix on 0.2.0.10-alpha. diff --git a/changes/bug2748 b/changes/bug2748 new file mode 100644 index 0000000000..b522560a92 --- /dev/null +++ b/changes/bug2748 @@ -0,0 +1,10 @@ + o Minor bugfixes + - Remove dead code from rend_cache_lookup_v2_desc_as_dir. Fixes + part of bug 2748; bugfix on 0.2.0.10-alpha. + - Log malformed requests for rendezvous descriptors as protocol + warnings, not warnings. Also, use a more informative log + message in case someone sees it at log level warning without + prior info-level messages. Fixes the other part of bug 2748; + bugfix on 0.2.0.10-alpha. + + diff --git a/changes/bug2752 b/changes/bug2752 new file mode 100644 index 0000000000..b872d3374a --- /dev/null +++ b/changes/bug2752 @@ -0,0 +1,5 @@ + o Minor features: + - Tor used to limit HttpProxyAuthenticator values to 48 characters. + Changed the limit to 512 characters by removing base64 newlines. + Fixes bug 2752. Fix by Michael Yakubovich. + diff --git a/changes/bug2792_checkdir b/changes/bug2792_checkdir new file mode 100644 index 0000000000..10de1deb2d --- /dev/null +++ b/changes/bug2792_checkdir @@ -0,0 +1,8 @@ + o Minor features: + - Tor now refuses to create a ControlSocket in a directory that is + world-readable (or group-readable if ControlSocketsGroupWritable + is 0). This is necessary because some operating systems do not + check the permissions on an AF_UNIX socket when programs try to + connect to it. Checking permissions on the directory holding + the socket, however, seems to work everywhere. + diff --git a/changes/bug2850 b/changes/bug2850 new file mode 100644 index 0000000000..77ccbfa25d --- /dev/null +++ b/changes/bug2850 @@ -0,0 +1,5 @@ + - Minor features + o Set SO_REUSEADDR on all sockets, not just listeners. This should + help busy exit nodes avoid running out of useable ports just because + all the ports have been used in the near past. Resolves issue 2850. + diff --git a/changes/bug2972 b/changes/bug2972 new file mode 100644 index 0000000000..26afcca421 --- /dev/null +++ b/changes/bug2972 @@ -0,0 +1,5 @@ + o Minor features: + - Allow ControlSockets to be group-writable when the + ControlSocksGroupWritable configuration option is turned on. Patch + by Jérémy Bobbio; implements ticket 2972. + diff --git a/changes/bug3019 b/changes/bug3019 new file mode 100644 index 0000000000..4df709fb3b --- /dev/null +++ b/changes/bug3019 @@ -0,0 +1,4 @@ + o Minor bugfixes: + - Do not reset the bridge descriptor download status every time we + re-parse our configuration or get a configuration change. Fixes + bug 3019; bugfix on Tor 0.2.0.3-alpha. diff --git a/changes/bug3022 b/changes/bug3022 new file mode 100644 index 0000000000..9472e6d196 --- /dev/null +++ b/changes/bug3022 @@ -0,0 +1,6 @@ + o Removed features + - Caches no longer download and serve v2 networkstatus documents + unless FetchV2Networkstatus flag is set: these documents haven't + haven't been used by clients or relays since 0.2.0.x. Resolves + bug 3022. + diff --git a/changes/bug3026 b/changes/bug3026 new file mode 100644 index 0000000000..c0c0a3860a --- /dev/null +++ b/changes/bug3026 @@ -0,0 +1,4 @@ + o Minor bugfixes (directory authority) + - Do not upload our own vote or signature set to ourself. It would + tell us nothing new. Also, as of Tor 0.2.2.24-alpha, we started + to warn about receiving duplicate votes. Resolves bug 3026. diff --git a/changes/bug3045 b/changes/bug3045 new file mode 100644 index 0000000000..1cbcabaff6 --- /dev/null +++ b/changes/bug3045 @@ -0,0 +1,6 @@ + o Minor features: + - Revise most log messages that refer to nodes by nickname to + instead use the "$key=nickname at address" format. This should be + more useful, especially since nicknames are less and less likely + to be unique. Fixes bug 3045. + diff --git a/changes/bug3175 b/changes/bug3175 new file mode 100644 index 0000000000..3360fbce00 --- /dev/null +++ b/changes/bug3175 @@ -0,0 +1,7 @@ + o Minor bugfixes: + - Resolve an untriggerable issue in smartlist_string_num_isin(), + where if the function had ever in the future been used to check + for the presence of a too-large number, it would have given an + incorrect result. (Fortunately, we only used it for 16-bit + values.) Fixes bug 3175; bugfix on Tor 0.1.0.1-rc. + diff --git a/changes/bug3198 b/changes/bug3198 new file mode 100644 index 0000000000..29c16852e1 --- /dev/null +++ b/changes/bug3198 @@ -0,0 +1,4 @@ + o Major bugfixes: + - When we configure a new bridge via the controller, don't wait up + to ten seconds before trying to fetch its descriptor. Bugfix on + 0.2.0.3-alpha; fixes bug 3198 (suggested by 2355). diff --git a/changes/bug3200 b/changes/bug3200 new file mode 100644 index 0000000000..a80d51633e --- /dev/null +++ b/changes/bug3200 @@ -0,0 +1,6 @@ + o Minor bugfixes: + - When a client starts or stops using bridges, never use a circuit + that was built before the configuration change. This behavior could + put at risk a user who uses bridges to ensure that her traffic + only goes to the chosen addresses. Bugfix on 0.2.0.3-alpha; fixes + bug 3200. diff --git a/changes/bug3207 b/changes/bug3207 new file mode 100644 index 0000000000..65a7dac1ab --- /dev/null +++ b/changes/bug3207 @@ -0,0 +1,4 @@ + o Minor bugfixes: + - Require that onion keys have exponent 65537 in microdescriptors too. + Fixes part of bug 3207; bugfix on 0.2.2.25-alpha + diff --git a/changes/bug3208 b/changes/bug3208 index 731c96e20a..fd737ba695 100644 --- a/changes/bug3208 +++ b/changes/bug3208 @@ -2,3 +2,5 @@ - Remove undocumented option "-F" from tor-resolve: it hasn't done anything since 0.2.1.16-rc. + o Minor bugfixes: + - Fix warnings from GCC 4.6's "-Wunused-but-set-variable" option. diff --git a/changes/bug3208b b/changes/bug3208b deleted file mode 100644 index 5e0489b223..0000000000 --- a/changes/bug3208b +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes: - - Fix warnings from GCC 4.6's "-Wunused-but-set-variable" option. - Fixes bug 3208. - diff --git a/changes/bug3213 b/changes/bug3213 new file mode 100644 index 0000000000..ab7de2d629 --- /dev/null +++ b/changes/bug3213 @@ -0,0 +1,4 @@ + o Major bugfixes: + - Fix a crash bug when changing bridges in a running Tor process. + Fixes bug 3213; bugfix on 0.2.2.26-beta. + diff --git a/changes/bug3216 b/changes/bug3216 new file mode 100644 index 0000000000..599b5e162f --- /dev/null +++ b/changes/bug3216 @@ -0,0 +1,4 @@ + o Major bugfixes: + - Don't try to build descriptors if "ORPort auto" is set and we + don't know our actual ORPort yet. Fix for bug 3216; bugfix on + 0.2.2.26-beta. diff --git a/changes/bug3252 b/changes/bug3252 new file mode 100644 index 0000000000..f85f633fbd --- /dev/null +++ b/changes/bug3252 @@ -0,0 +1,4 @@ + o Minor features: + - Relays now log the reason for publishing a new relay descriptor, + so we have a better chance of hunting down the root cause of bug + 1810. Resolves ticket 3252. diff --git a/changes/bug3270 b/changes/bug3270 new file mode 100644 index 0000000000..b37bb983cc --- /dev/null +++ b/changes/bug3270 @@ -0,0 +1,4 @@ + o Minor bugfixes + - Use a wide type to hold sockets when built for 64-bit Windows builds. + Fixes bug 3270. + diff --git a/changes/bug3289 b/changes/bug3289 new file mode 100644 index 0000000000..c469796d6e --- /dev/null +++ b/changes/bug3289 @@ -0,0 +1,5 @@ + o Minor bugfixes: + - Warn when the user configures two HiddenServiceDir lines that point + to the same directory. Bugfix on 0.0.6 (the version introducing + HiddenServiceDir); fixes bug 3289. + diff --git a/changes/bug3306 b/changes/bug3306 new file mode 100644 index 0000000000..f868a24af0 --- /dev/null +++ b/changes/bug3306 @@ -0,0 +1,9 @@ + o Minor bugfixes: + - Make our crypto_rand_int() function check the value of its input + correctly. Previously, it accepted values up to UINT_MAX, but + could return a negative number if given a value above INT_MAX+1. + Found by George Kadianakis. Fixes bug 3306; bugfix on 0.2.2pre14. + + - Avoid a segfault when reading a malformed circuit build state + with more than INT_MAX entries. Found by wanoskarnet. Bugfix on + 0.2.2.4-alpha. diff --git a/changes/bug3309 b/changes/bug3309 new file mode 100644 index 0000000000..104056d8e3 --- /dev/null +++ b/changes/bug3309 @@ -0,0 +1,13 @@ + o Minor bugfixes: + - Clear the table recording the time of the last request for each + hidden service descriptor from each HS directory on SIGNAL + NEWNYM. Previously, we would clear our HS descriptor cache on + SIGNAL NEWNYM, but if we had previously retrieved a descriptor + (or tried to) from every directory responsible for it, we would + refuse to fetch it again for up to 15 minutes. Bugfix on + 0.2.2.25-alpha; fixes bug 3309. + + o Minor features: + - Log (at info level) when purging pieces of hidden-service-client + state on SIGNAL NEWNYM. + diff --git a/changes/bug3318 b/changes/bug3318 new file mode 100644 index 0000000000..8a3c27825f --- /dev/null +++ b/changes/bug3318 @@ -0,0 +1,7 @@ + o Minor bugfixes: + - Fix a log message that said "bits" while displaying a value in + bytes. Found by wanoskarnet. Fixes bug 3318; bugfix on + 0.2.0.1-alpha. + - When checking for 1024-bit keys, check for 1024 bits, not 128 + bytes. This allows Tor to correctly discard keys of length + 1017 through 1023. Bugfix on 0.0.9pre5. diff --git a/changes/bug3321 b/changes/bug3321 new file mode 100644 index 0000000000..3605efce2d --- /dev/null +++ b/changes/bug3321 @@ -0,0 +1,7 @@ + o Minor bugfixes: + - In bug 2511 we fixed a case where you could use an unconfigured + bridge if you had configured it as a bridge the last time you ran + Tor. Now fix another edge case: if you had configured it as a bridge + but then switched to a different bridge via the controller, you + would still be willing to use the old one. Bugfix on 0.2.0.1-alpha; + fixes bug 3321. diff --git a/changes/bug3369 b/changes/bug3369 new file mode 100644 index 0000000000..9c0d0e699a --- /dev/null +++ b/changes/bug3369 @@ -0,0 +1,4 @@ + o Minor bugfixes: + - When asked about a DNS record type we don't support via a + client DNSPort, reply with NOTIMPL rather than an empty + reply. Patch by intrigeri. Fixes bug 3369; bugfix on 2.0.1-alpha. diff --git a/changes/bug3393 b/changes/bug3393 new file mode 100644 index 0000000000..677bcb7be2 --- /dev/null +++ b/changes/bug3393 @@ -0,0 +1,5 @@ + o Minor bugfixes: + - Fix a bug when using ControlSocketsGroupWritable with User. The + directory's group would be checked against the current group, not + the configured group. Patch by Jérémy Bobbio. Fixes bug3393; bugfix + on Tor 0.2.2.26-beta.
\ No newline at end of file diff --git a/changes/bug3465-022 b/changes/bug3465-022 new file mode 100644 index 0000000000..2d226162aa --- /dev/null +++ b/changes/bug3465-022 @@ -0,0 +1,6 @@ + o Minor bugfixes: + + - Add BUILDTIMEOUT_SET to the list returned by the 'GETINFO + events/names' control-port command. Bugfix on 0.2.2.9-alpha; + fixes part of bug 3465. + diff --git a/changes/bug3536 b/changes/bug3536 new file mode 100644 index 0000000000..d3cec131ba --- /dev/null +++ b/changes/bug3536 @@ -0,0 +1,5 @@ + o Minor bugfixes: + - Send a SUCCEEDED stream event to the controller when a reverse + resolve succeeded. Fixes bug 3536; bugfix on 0.0.8pre1. Issue + discovered by katmagic. + diff --git a/changes/bug3577 b/changes/bug3577 new file mode 100644 index 0000000000..6335272752 --- /dev/null +++ b/changes/bug3577 @@ -0,0 +1,4 @@ + o Minor bugfixes: + - Allow GETINFO fingerprint to return a fingerprint even when + we have not yet built a router descriptor. Fixes bug 3577; + bugfix on 0.2.0.1-alpha. diff --git a/changes/bug3607 b/changes/bug3607 new file mode 100644 index 0000000000..5ece21934b --- /dev/null +++ b/changes/bug3607 @@ -0,0 +1,15 @@ + o Minor bugfixes: + + - Write several files in text mode, on OSes that distinguish text + mode from binary mode (namely, Windows). These files are: + buffer-stats, dirreq-stats, and entry-stats on relays that collect + those statistics; client_keys and hostname files for hidden + services that use authentication; and (in the tor-gencert utility) + newly generated identity and signing keys. Previously, we + wouldn't specify text mode or binary mode, leading to an assertion + failure. Fixes bug 3607. Bugfix on 0.2.1.1-alpha (when the + DirRecordUsageByCountry option which would have triggered the + assertion failure was added), although this assertion failure + would have occurred in tor-gencert on Windows in 0.2.0.1-alpha. + + diff --git a/changes/bug3643 b/changes/bug3643 new file mode 100644 index 0000000000..86bd920cac --- /dev/null +++ b/changes/bug3643 @@ -0,0 +1,4 @@ + o Minor bugfixes: + - Selectively disable deprecation warnings on OS X because Lion started + deprecating the shipped copy of openssl. Fixes bug 3643. + diff --git a/changes/bug3732 b/changes/bug3732 new file mode 100644 index 0000000000..7a71d1aef3 --- /dev/null +++ b/changes/bug3732 @@ -0,0 +1,7 @@ + o Major bugfixes: + + - Remove an extra pair of quotation marks around the error + message in control-port STATUS_GENERAL BUG events. Bugfix on + 0.1.2.6-alpha; fixes bug 3732. + + diff --git a/changes/bug3747 b/changes/bug3747 new file mode 100644 index 0000000000..052dab1bd0 --- /dev/null +++ b/changes/bug3747 @@ -0,0 +1,6 @@ + o Major bugfixes: + - Write control ports to disk only after switching UID and + creating the data directory. This way, we don't fail when + starting up with a nonexistant DataDirectory and a + ControlPortWriteToFile setting based on that directory. Fixes + bug 3747; bugfix on Tor 0.2.2.26-beta.
\ No newline at end of file diff --git a/changes/bug3894 b/changes/bug3894 new file mode 100644 index 0000000000..4c2220aba8 --- /dev/null +++ b/changes/bug3894 @@ -0,0 +1,4 @@ + o Build fixes: + - Clean up some code issues that prevented Tor from building on older + BSDs. Fixes bug 3894; reported by grarpamp. + diff --git a/changes/bug3898a b/changes/bug3898a new file mode 100644 index 0000000000..d40445e340 --- /dev/null +++ b/changes/bug3898a @@ -0,0 +1,6 @@ + o Minor bugfixes: + - Correct the man page to explain that HashedControlPassword and + CookieAuthentication can both be set, in which case either method + is sufficient to authenticate to Tor. Bugfix on 0.2.0.7-alpha, + when we decided to allow these config options to both be set. Issue + raised by bug 3898. diff --git a/changes/bug3909 b/changes/bug3909 new file mode 100644 index 0000000000..0b4b292030 --- /dev/null +++ b/changes/bug3909 @@ -0,0 +1,3 @@ + o Build fixes: + - Search for a platform-specific version of "ar" when cross-compiling. + Should fix builds on iOS. Found by Marco Bonetti. diff --git a/changes/bug3923 b/changes/bug3923 new file mode 100644 index 0000000000..9c0e138826 --- /dev/null +++ b/changes/bug3923 @@ -0,0 +1,5 @@ + o Major bugfies: + - Avoid an assertion failure when reloading a configuration with + TrackExitHosts changes. Found and fixed by 'laruldan'. Fixes + bug 3923; bugfix on 0.2.2.25-alpha. + diff --git a/changes/bug3963 b/changes/bug3963 new file mode 100644 index 0000000000..2fc44a095c --- /dev/null +++ b/changes/bug3963 @@ -0,0 +1,5 @@ + o Minor bugfixes: + - When configuring, starting, or stopping an NT service, stop + immediately after the service configuration attempt has succeeded + or failed. Fixes bug3963; bugfix on 0.2.0.7-alpha. + diff --git a/changes/bug4059 b/changes/bug4059 new file mode 100644 index 0000000000..82a4b1a10c --- /dev/null +++ b/changes/bug4059 @@ -0,0 +1,5 @@ + o Minor bugfixes: + - Change an integer overflow check in the OpenBSD_Malloc code so + that GCC is less likely to eliminate it as impossible. Patch + from Mansour Moufid. Fixes bug 4059. + diff --git a/changes/bug4115 b/changes/bug4115 new file mode 100644 index 0000000000..626791a806 --- /dev/null +++ b/changes/bug4115 @@ -0,0 +1,7 @@ + o Security fixes: + - Bridge relays now do their directory fetches inside Tor TLS + connections, like all the other clients do, rather than connecting + directly to the DirPort like public relays do. Removes another + avenue for enumerating bridges. Fixes part of bug 4115; bugfix + on 0.2.0.35. + diff --git a/changes/bug4124 b/changes/bug4124 new file mode 100644 index 0000000000..abe93ccdd8 --- /dev/null +++ b/changes/bug4124 @@ -0,0 +1,6 @@ + o Security fixes: + - Bridges relays now build circuits for themselves in a more similar + way to how clients build them. Removes another avenue for + enumerating bridges. Fixes bug 4124; bugfix on 0.2.0.3-alpha, + when bridges were introduced. + diff --git a/changes/bug4201 b/changes/bug4201 new file mode 100644 index 0000000000..6f7d715af2 --- /dev/null +++ b/changes/bug4201 @@ -0,0 +1,5 @@ + o Minor bugfixes: + - Bridges now skip DNS self-tests, to act a little more stealthily. + Fixes bug 4201; bugfix on 0.2.0.3-alpha, which first introduced + bridges. Patch by "warms0x". + diff --git a/changes/bug4212 b/changes/bug4212 new file mode 100644 index 0000000000..6222a59978 --- /dev/null +++ b/changes/bug4212 @@ -0,0 +1,13 @@ + o Major bugfixes: + + - Don't launch a useless circuit after failing to use one of a + hidden service's introduction points. Previously, we would + launch a new introduction circuit, but not set the hidden + service which that circuit was intended to connect to, so it + would never actually be used. A different piece of code would + then create a new introduction circuit correctly, so this bug + was harmless until it caused an assertion in the client-side + part of the #3825 fix to fail. Bug reported by katmagic and + found by Sebastian Hahn. Bugfix on 0.2.1.13-alpha; fixes bug + 4212. + diff --git a/changes/bug4230 b/changes/bug4230 new file mode 100644 index 0000000000..c1ba5847fc --- /dev/null +++ b/changes/bug4230 @@ -0,0 +1,5 @@ + o Minor bugfixes: + - Resolve an integer overflow bug in smartlist_ensure_capacity. + Fixes bug 4230; bugfix on Tor 0.1.0.1-rc. Based on a patch by + Mansour Moufid. + diff --git a/changes/bug4251 b/changes/bug4251 new file mode 100644 index 0000000000..303c9e6364 --- /dev/null +++ b/changes/bug4251 @@ -0,0 +1,8 @@ + o Minor bugfixes: + + - When a hidden service turns an extra service-side introduction + circuit into a general-purpose circuit, free the rend_data and + intro_key fields first, so they won't be leaked if the circuit + is cannibalized for use as another service-side introduction + circuit. Bugfix on 0.2.1.7-alpha; fixes bug 4251. + diff --git a/changes/bug4259 b/changes/bug4259 new file mode 100644 index 0000000000..bfccd3aee8 --- /dev/null +++ b/changes/bug4259 @@ -0,0 +1,4 @@ + o Major bugfixes: + - Fix a crash bug when changing node restrictions while a DNS lookup + is in-progress. Fixes bug 4259; bugfix on 0.2.2.25-alpha. Bugfix + by "Tey'". diff --git a/changes/bug4299 b/changes/bug4299 new file mode 100644 index 0000000000..c43d81460a --- /dev/null +++ b/changes/bug4299 @@ -0,0 +1,5 @@ + o Major bugfix: + - Do not process cells on a marked-for-close connection. We previously + avoided this by not calling read handlers on marked connections, but + that's not adequate for the case when cells are very small. Fixes + bug 4299; bugfix on 0.2.0.20-rc which first made small cells possible. diff --git a/changes/bug4309 b/changes/bug4309 new file mode 100644 index 0000000000..f4f910e7ff --- /dev/null +++ b/changes/bug4309 @@ -0,0 +1,5 @@ + o Minor bugfixes: + - Remove a confusing dollar sign from the example fingerprint in the + man page, and also make example fingerprint a valid one. Fixes bug + 4309; bugfix on 0.2.1.3-alpha. + diff --git a/changes/bug4331 b/changes/bug4331 new file mode 100644 index 0000000000..011238a962 --- /dev/null +++ b/changes/bug4331 @@ -0,0 +1,4 @@ + o Trivial fixes: + - Fixed a typo in a hibernation-related log message. Fixes bug 4331; + bugfix on 0.2.2.23-alpha; found by "tmpname0901". + diff --git a/changes/bug4340 b/changes/bug4340 new file mode 100644 index 0000000000..08098b1cd5 --- /dev/null +++ b/changes/bug4340 @@ -0,0 +1,5 @@ + o Major bugfixes: + - Don't crash when we're running as a relay and don't have a geoip + file. Bugfix on tor-0.2.2.34; fixes bug 4340. This backports a fix + we've had in master already. + diff --git a/changes/bug4349 b/changes/bug4349 new file mode 100644 index 0000000000..633916bdfd --- /dev/null +++ b/changes/bug4349 @@ -0,0 +1,4 @@ + o Minor bugfixes: + - When sending a NETINFO cell, include the original address + received for the other side, not its canonical address. Found + by "troll_un"; fixes bug 4349; bugfix on 0.2.0.10-alpha. diff --git a/changes/bug4353 b/changes/bug4353 new file mode 100644 index 0000000000..5e80c902c8 --- /dev/null +++ b/changes/bug4353 @@ -0,0 +1,7 @@ + o Minor bugfixes: + - When running as client without a geoip database, do not print a + misleading (and plain wrong) log message that we're collecting + dirreq statistics - we're not collecting statistics as clients. + Also don't create a useless (because empty) stats file in the + stats/ directory. Fixes bug 4353, bugfix on 0.2.2.34. + diff --git a/changes/bug4383 b/changes/bug4383 new file mode 100644 index 0000000000..e618b8c8fb --- /dev/null +++ b/changes/bug4383 @@ -0,0 +1,5 @@ + o Minor bugfixes: + - Fix a memleak in launch_direct_bridge_descriptor_fetch() that + occured when a client tried to fetch a descriptor for a bridge + in ExcludeNodes. Fixes #4383; bugfix on 0.2.2.25-alpha. + diff --git a/changes/bug4424 b/changes/bug4424 new file mode 100644 index 0000000000..443625dca6 --- /dev/null +++ b/changes/bug4424 @@ -0,0 +1,6 @@ + o Major bugfixes + + - Don't leak memory when we check whether a hidden service + descriptor has any usable introduction points left. Fixes bug + 4424. Bugfix on 0.2.2.25-alpha. + diff --git a/changes/bug4426 b/changes/bug4426 new file mode 100644 index 0000000000..1322243d09 --- /dev/null +++ b/changes/bug4426 @@ -0,0 +1,8 @@ + o Minor features: + + - When Tor ignores a hidden service specified in its + configuration, include the hidden service's directory in the + warning message. Previously, we would only tell the user that + some hidden service was ignored. Bugfix on 0.0.6; fixes bug + 4426. + diff --git a/changes/bug4437 b/changes/bug4437 new file mode 100644 index 0000000000..985c670b15 --- /dev/null +++ b/changes/bug4437 @@ -0,0 +1,5 @@ + o Minor bugfixes: + - Don't warn about unused log_mutex in log.c when building with + --disable-threads using a recent GCC. Fixes bug 4437; bugfix on + 0.1.0.6-rc which introduced --disable-threads. + diff --git a/changes/bug4457 b/changes/bug4457 new file mode 100644 index 0000000000..fe7c95ff80 --- /dev/null +++ b/changes/bug4457 @@ -0,0 +1,9 @@ + o Minor bugfixes: + - Initialize Libevent with the EVENT_BASE_FLAG_NOLOCK flag enabled, so + that it doesn't attempt to allocate a socketpair. This could cause + some problems on windows systems with overzealous firewalls. Fix for + bug 4457; workaround for Libevent versions 2.0.1-alpha through + 2.0.15-stable. + + - Detect failure to initialize Libevent. Better detection for bug 4457. + diff --git a/changes/bug4518 b/changes/bug4518 new file mode 100644 index 0000000000..8dcb93bf72 --- /dev/null +++ b/changes/bug4518 @@ -0,0 +1,4 @@ + o Minor bugfixes (performance): + - Avoid frequent calls to the fairly expensive cull_wedged_cpuworkers + function. This was eating up hideously large amounts of time on some + busy servers. Fixes bug 4518. diff --git a/changes/bug4521 b/changes/bug4521 new file mode 100644 index 0000000000..9b0bae9b00 --- /dev/null +++ b/changes/bug4521 @@ -0,0 +1,3 @@ + o Minor bugfixes: + - Backport fixes for a pair of compilation warnings on Windows. + Fixes bug 4521; bugfix on 0.2.2.28-beta and on 0.2.2.29-beta. diff --git a/changes/bug4529 b/changes/bug4529 new file mode 100644 index 0000000000..89d10b2f6b --- /dev/null +++ b/changes/bug4529 @@ -0,0 +1,5 @@ + o Minor bufixes: + - If we had ever tried to call tor_addr_to_str on an address of + unknown type, we would have done a strdup on an uninitialized + buffer. Now we won't. Fixes bug 4529; bugfix on 0.2.1.3-alpha. + Reported by "troll_un". diff --git a/changes/bug4530 b/changes/bug4530 new file mode 100644 index 0000000000..7cd4726e57 --- /dev/null +++ b/changes/bug4530 @@ -0,0 +1,6 @@ + o Minor bugfixes: + + - Correctly detect and handle transient lookup failures from + tor_addr_lookup. Fixes bug 4530; bugfix on 0.2.1.5-alpha. + Reported by "troll_un". + diff --git a/changes/bug4531 b/changes/bug4531 new file mode 100644 index 0000000000..6209f9a058 --- /dev/null +++ b/changes/bug4531 @@ -0,0 +1,4 @@ + o Major bugfixes: + - Fix null-pointer access that could occur if TLS allocation failed. + Fixes bug 4531; bugfix on 0.2.0.20-rc. Found by "troll_un". + diff --git a/changes/bug4535 b/changes/bug4535 new file mode 100644 index 0000000000..57ced29d0b --- /dev/null +++ b/changes/bug4535 @@ -0,0 +1,3 @@ + o Minor bugfixes: + - Use tor_socket_t type for listener argument to accept(). Fixes bug + 4535; bugfix on 0.2.2.28-beta. Found by "troll_un". diff --git a/changes/clang_30_options b/changes/clang_30_options new file mode 100644 index 0000000000..e8e34c8e3e --- /dev/null +++ b/changes/clang_30_options @@ -0,0 +1,5 @@ + o Code simplifications and refactoring: + - During configure, detect when we're building with clang version 3.0 or + lower and disable the -Wnormalized=id and -Woverride-init CFLAGS. + clang doesn't support them yet. + diff --git a/changes/cov479 b/changes/cov479 new file mode 100644 index 0000000000..afbaffc63b --- /dev/null +++ b/changes/cov479 @@ -0,0 +1,5 @@ + o Minor bugfixes: + - Fix internal bug-checking logic that was supposed to catch + failures in digest generation so that it will fail more robustly + if we ask for a nonexistent algorithm. Found by Coverity Scan. + Bugfix on 0.2.2.1-alpha; fixes Coverity CID 479. diff --git a/changes/cov484 b/changes/cov484 new file mode 100644 index 0000000000..33adbda18c --- /dev/null +++ b/changes/cov484 @@ -0,0 +1,4 @@ + o Minor bugfixes: + - Report any failure in init_keys() calls done because our IP address + has changed. Spotted by Coverity Scan. Bugfix on 0.1.1.4-alpha; + fixes CID 484. diff --git a/changes/coverity_maint b/changes/coverity_maint new file mode 100644 index 0000000000..e7be90a485 --- /dev/null +++ b/changes/coverity_maint @@ -0,0 +1,9 @@ + o Code simplifications and refactoring: + - Remove some dead code as indicated by coverity. + - Remove a few dead assignments during router parsing. Found by coverity. + o Minor bugfixes: + - Add some forgotten return value checks during unit tests. Found + by coverity. + - Don't use 1-bit wide signed bit fields. Found by coverity. + - Fix a rare memory leak during stats writing. Found by coverity. + diff --git a/changes/dirreq-stats-default b/changes/dirreq-stats-default new file mode 100644 index 0000000000..df7ac11425 --- /dev/null +++ b/changes/dirreq-stats-default @@ -0,0 +1,5 @@ + o Minor features: + - Turn on directory request statistics by default and include them in + extra-info descriptors. Don't break if we have no GeoIP database. + Backported from 0.2.3.1-alpha; implements ticket 3951. + diff --git a/changes/dirvote_null_deref b/changes/dirvote_null_deref new file mode 100644 index 0000000000..65dc519f52 --- /dev/null +++ b/changes/dirvote_null_deref @@ -0,0 +1,4 @@ + o Minor bugfixes: + - Fix a potential null-pointer dereference while computing a consensus. + Bugfix on tor-0.2.0.3-alpha, found with the help of clang's analyzer. + diff --git a/changes/exit-policy-default-is-not-a-prefix b/changes/exit-policy-default-is-not-a-prefix new file mode 100644 index 0000000000..6eb1e8df99 --- /dev/null +++ b/changes/exit-policy-default-is-not-a-prefix @@ -0,0 +1,5 @@ + o Minor bugfixes: + - Remove a trailing asterisk from "exit-policy/default" in the + output of the control port command "GETINFO info/names". Bugfix + on 0.1.2.5-alpha. + diff --git a/changes/feature3049 b/changes/feature3049 new file mode 100644 index 0000000000..7960a1f475 --- /dev/null +++ b/changes/feature3049 @@ -0,0 +1,6 @@ + o Major features: + - Add an __OwningControllerProcess configuration option and a + TAKEOWNERSHIP control-port command, so that a Tor controller can + ensure that when it exits, Tor will shut down. Implements + feature 3049. + diff --git a/changes/feature3076 b/changes/feature3076 new file mode 100644 index 0000000000..a3dcec8741 --- /dev/null +++ b/changes/feature3076 @@ -0,0 +1,14 @@ + o Minor features + - The options SocksPort, ControlPort, and so on now all accept an + optional value "auto" that opens a socket on an OS-selected port. + o Minor features (controller) + - GETINFO net/listeners/(type) now returns a list of the addresses + and ports that are bound for listeners for a given connection + type. This is useful for if the user has selected SocksPort + "auto", and you need to know which port got chosen. + - There is a ControlPortWriteToFile option that tells Tor to write + its actual control port or ports to a chosen file. If the option + ControlPortFileGroupReadable is set, the file is created as + group-readable. + + diff --git a/changes/feature4484 b/changes/feature4484 new file mode 100644 index 0000000000..78154e9649 --- /dev/null +++ b/changes/feature4484 @@ -0,0 +1,8 @@ + o Minor features: + - Add two new config options for directory authorities: + AuthDirFastGuarantee sets a bandwidth threshold for guaranteeing the + Fast flag, and AuthDirGuardBWGuarantee sets a bandwidth threshold + that is always sufficient to satisfy the bandwidth requirement for + the Guard flag. Now it will be easier for researchers to simulate + Tor networks with different values. Resolves ticket 4484. + diff --git a/changes/fix-connection_printf_to_buf b/changes/fix-connection_printf_to_buf new file mode 100644 index 0000000000..e191eac8a5 --- /dev/null +++ b/changes/fix-connection_printf_to_buf @@ -0,0 +1,15 @@ + * Code simplifications and refactoring: + + - Make connection_printf_to_buf's behaviour sane. Its callers + expect it to emit a CRLF iff the format string ends with CRLF; + it actually emits a CRLF iff (a) the format string ends with + CRLF or (b) the resulting string is over 1023 characters long or + (c) the format string does not end with CRLF ''and'' the + resulting string is 1021 characters long or longer. Bugfix on + 0.1.1.9-alpha; fixes part of bug 3407. + + - Make send_control_event_impl's behaviour sane. Its callers + expect it to always emit a CRLF at the end of the string; it + might emit extra control characters as well. Bugfix on + 0.1.1.9-alpha; fixes another part of bug 3407. + diff --git a/changes/fmt_addr b/changes/fmt_addr new file mode 100644 index 0000000000..b88c9e1bf4 --- /dev/null +++ b/changes/fmt_addr @@ -0,0 +1,4 @@ + o Minor bugfixes: + - When unable to format an address as a string, report its value + as "???" rather than reusing the last formatted address. Bugfix + on 0.2.1.5-alpha. diff --git a/changes/issue-2011-10-19L b/changes/issue-2011-10-19L index 1fefd7267e..b879c9d401 100644 --- a/changes/issue-2011-10-19L +++ b/changes/issue-2011-10-19L @@ -19,3 +19,10 @@ client is connected to a patched relay. Bugfix on FIXME; found by frosty_un. + - Don't assign the Guard flag to relays running a version of Tor + which would use an OR connection on which it has received a + CREATE_FAST cell to satisfy an EXTEND request. Mitigates + CVE-2011-2768, by ensuring that clients will not connect + directly to any relay which an attacker could probe for an + unpatched client's connections. + diff --git a/changes/md_cache_replace b/changes/md_cache_replace new file mode 100644 index 0000000000..88e029c00a --- /dev/null +++ b/changes/md_cache_replace @@ -0,0 +1,6 @@ + o Minor bugfixes + - Avoid a bug that would keep us from replacing a microdescriptor + cache on Windows. (We would try to replace the file while still + holding it open. That's fine on Unix, but Windows doesn't let us + do that.) Bugfix on 0.2.2.6-alpha; bug found by wanoskarnet. + diff --git a/changes/mdesc_null_deref b/changes/mdesc_null_deref new file mode 100644 index 0000000000..30f0280536 --- /dev/null +++ b/changes/mdesc_null_deref @@ -0,0 +1,5 @@ + o Minor bugfixes: + - Avoid a possible null-pointer dereference when rebuilding the mdesc + cache without actually having any descriptors to cache. Bugfix on + 0.2.2.6-alpha. Issue discovered using clang's static analyzer. + diff --git a/changes/memleak_rendcache b/changes/memleak_rendcache new file mode 100644 index 0000000000..93b1f6141b --- /dev/null +++ b/changes/memleak_rendcache @@ -0,0 +1,4 @@ + o Minor bugfixes: + - Fix a memory leak when receiving a descriptor for a hidden + service we didn't ask for. Found by Coverity; CID#30. Bugfix on + 0.2.2.26-beta. diff --git a/changes/msvc_lround b/changes/msvc_lround new file mode 100644 index 0000000000..e4aea95351 --- /dev/null +++ b/changes/msvc_lround @@ -0,0 +1,4 @@ + o Build fixes: + - Provide a substitute implementation of lround() for MSVC, which + apparently lacks it. Patch from Gisle Vanem. + diff --git a/changes/replay-firstpart b/changes/replay-firstpart new file mode 100644 index 0000000000..f4a7767fb1 --- /dev/null +++ b/changes/replay-firstpart @@ -0,0 +1,13 @@ + o Minor features (security): + + - Check for replays of the public-key encrypted portion of an + INTRODUCE1 cell, in addition to the current check for replays of + the g^x value. This prevents a possible class of active attacks + by an attacker who controls both an introduction point and a + rendezvous point, and who uses the malleability of AES-CTR to + alter the encrypted g^x portion of the INTRODUCE1 cell. We + think that these attacks is infeasible (requiring the attacker + to send on the order of zettabytes of altered cells in a short + interval), but we'd rather block them off in case there are any + classes of this attack that we missed. Reported by dvorak. + diff --git a/changes/ticket-4063 b/changes/ticket-4063 new file mode 100644 index 0000000000..6a985b8c25 --- /dev/null +++ b/changes/ticket-4063 @@ -0,0 +1,6 @@ + o Minor bugfixes (usability): + - Downgrade log messages about circuit timeout calibration from + "notice" to "info": they don't require or suggest any human + intervention. Patch from Tom Lowenthal. Fixes bug 4063; + bugfix on 0.2.2.14-alpha. + diff --git a/changes/timersub_bug b/changes/timersub_bug new file mode 100644 index 0000000000..9183862677 --- /dev/null +++ b/changes/timersub_bug @@ -0,0 +1,7 @@ + o Major bugfixes: + - Provide correct replacements for the timeradd() and timersub() functions + for platforms that lack them (for example, windows). The timersub() + function is used when expiring circuits, timeradd() is currently unused. + Patch written by Vektor, who also reported the bug. Thanks! Bugfix + on 0.2.2.24-alpha/0.2.3.1-alpha, fixes bug 4778. + diff --git a/changes/typo-fix-ohkah8Ah b/changes/typo-fix-ohkah8Ah new file mode 100644 index 0000000000..9b4e5c08cc --- /dev/null +++ b/changes/typo-fix-ohkah8Ah @@ -0,0 +1,9 @@ + * Minor bugfixes: + + - Clarify a log message specifying the characters permitted in + HiddenServiceAuthorizeClient client names. Previously, the log + message said that "[A-Za-z0-9+-_]" were permitted; that could + have given the impression that every ASCII character between "+" + and "_" was permitted. Now we say "[A-Za-z0-9+_-]". Bugfix on + 0.2.1.5-alpha. + diff --git a/changes/win-bundle-path b/changes/win-bundle-path new file mode 100644 index 0000000000..32ff514ef2 --- /dev/null +++ b/changes/win-bundle-path @@ -0,0 +1,4 @@ + o Packaging changes: + - Remove absolute path from makensis.exe command to build Tor expert bundle + in order to make it easier to automate package builds + diff --git a/changes/windows_8 b/changes/windows_8 new file mode 100644 index 0000000000..405e4fa158 --- /dev/null +++ b/changes/windows_8 @@ -0,0 +1,5 @@ + o Minor bugfixes: + - The next version of Windows will be called Windows 8, and it has a major + version of 6, minor version of 2. Correctly identify that version instead + of calling it "Very recent version". Fixes bug 4153; reported by funkstar. + |