diff options
Diffstat (limited to 'changes')
194 files changed, 527 insertions, 458 deletions
diff --git a/changes/.dummy b/changes/.dummy new file mode 100644 index 0000000000..dd9738feb2 --- /dev/null +++ b/changes/.dummy @@ -0,0 +1,37 @@ +This file is here to keep git from removing the changes directory when +all the changes files have been merged. + + + + + + + + + + + + + + + + + + + + + + + + +"I'm Nobody! Who are you? + Are you--Nobody--too? + Then there's a pair of us! + Don’t tell! they'd advertise--you know! + + How dreary--to be--Somebody! + How public--like a Frog-- + To tell one's name--the livelong June-- + To an admiring Bog!" + -- Emily Dickinson + diff --git a/changes/13295 b/changes/13295 deleted file mode 100644 index 433432595f..0000000000 --- a/changes/13295 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - Disable sandbox name resolver cache when running tor-resolve: - tor-resolve doesn't use the sandbox code, and turning it on was - breaking attempts to do tor-resolve on a non-default server on - Linux. Fixes bug 13295; bugfix on 0.2.5.3-alpha. diff --git a/changes/19271 b/changes/19271 deleted file mode 100644 index dc06ead999..0000000000 --- a/changes/19271 +++ /dev/null @@ -1,2 +0,0 @@ - o Directory authority changes: - - Urras is no longer a directory authority. Closes ticket 19271. diff --git a/changes/19974 b/changes/19974 new file mode 100644 index 0000000000..5496143ddf --- /dev/null +++ b/changes/19974 @@ -0,0 +1,5 @@ + o Minor bugfixes (unit tests): + - Fix tolerances in unit tests for monotonic time comparisons between + nanoseconds and microseconds. Previously, we accepted a 10 us + difference only, which is not realistic on every platform's + clock_gettime(). Fixes bug 19974; bugfix on 0.2.9.1-alpha. diff --git a/changes/20460 b/changes/20460 new file mode 100644 index 0000000000..9fbb4a7986 --- /dev/null +++ b/changes/20460 @@ -0,0 +1,4 @@ + o Minor bugfixes (testing): + - Use ECDHE ciphers instead of ECDH in tortls tests. LibreSSL has + removed the ECDH ciphers which caused the tests to fail on + platforms which use it. Fixes bug 20460; bugfix on 0.2.8.1-alpha. diff --git a/changes/20492 b/changes/20492 new file mode 100644 index 0000000000..fdcd4d0b4b --- /dev/null +++ b/changes/20492 @@ -0,0 +1,4 @@ + o Minor bugfix (build): + - The current Git revision when building from a local repository is now + detected correctly when using git worktrees. Fixes bug 20492; bugfix on + 0.2.3.9-alpha. diff --git a/changes/21359 b/changes/21359 new file mode 100644 index 0000000000..cc9b377d52 --- /dev/null +++ b/changes/21359 @@ -0,0 +1,8 @@ + + o Minor features (portability, compilationc) + - Support building with recent LibreSSL code that uses opaque + structures. Closes ticket 21359. + - Autoconf now check to determine if OpenSSL + structures are opaque, instead of explicitly checking for + OpenSSL version numbers. + Part of ticket 21359. diff --git a/changes/bastet_v6 b/changes/bastet_v6 new file mode 100644 index 0000000000..ee4e2c8094 --- /dev/null +++ b/changes/bastet_v6 @@ -0,0 +1,4 @@ + o Minor features (directory authority): + - Add an IPv6 address for the "bastet" directory authority. + Closes ticket 24394. + diff --git a/changes/bifroest b/changes/bifroest deleted file mode 100644 index 41af658ed8..0000000000 --- a/changes/bifroest +++ /dev/null @@ -1,3 +0,0 @@ - o Directory authority changes (also in 0.2.8.7): - - The "Tonga" bridge authority has been retired; the new bridge - authority is "Bifroest". Closes tickets 19728 and 19690. diff --git a/changes/bufferevent_compilation b/changes/bufferevent_compilation deleted file mode 100644 index 3a328731fe..0000000000 --- a/changes/bufferevent_compilation +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes: - - Fix compilation when building with bufferevents enabled. (This - configuration is still not expected to work, however.) - Fixes bugs 12438, 12474, 11578; bugfixes on 0.2.5.1-alpha and - 0.2.5.3-alpha. Patches from Anthony G. Basile and Sathyanarayanan - Gunasekaran. diff --git a/changes/bug1038-3 b/changes/bug1038-3 deleted file mode 100644 index 5af4afa46f..0000000000 --- a/changes/bug1038-3 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes: - - Warn and drop the circuit if we receive an inbound 'relay early' - cell. Those used to be normal to receive on hidden service circuits - due to bug 1038, but the buggy Tor versions are long gone from - the network so we can afford to resume watching for them. Resolves - the rest of bug 1038; bugfix on 0.2.1.19. diff --git a/changes/bug11200-caching b/changes/bug11200-caching deleted file mode 100644 index e3fbaeca73..0000000000 --- a/changes/bug11200-caching +++ /dev/null @@ -1,7 +0,0 @@ - o Major bugfixes: - - When Tor starts with DisabledNetwork set, it would correctly - conclude that it shouldn't try making circuits, but it would - mistakenly cache this conclusion and continue believing it even - when DisableNetwork is set to 0. Fixes the bug introduced by the - fix for bug 11200; bugfix on 0.2.5.4-alpha. - diff --git a/changes/bug12160 b/changes/bug12160 deleted file mode 100644 index 2a7ace3410..0000000000 --- a/changes/bug12160 +++ /dev/null @@ -1,4 +0,0 @@ - o Bugfixes - - Correctly update the local mark on the controlling channel when changing - the address of an or_connection_t after the handshake. Fixes bug #12160; - bugfix on 0.2.4.4-alpha. diff --git a/changes/bug12602 b/changes/bug12602 deleted file mode 100644 index 29fa49ac45..0000000000 --- a/changes/bug12602 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (portability): - - Compile correctly with builds and forks of OpenSSL (such as - LibreSSL) that disable compression. Fixes bug 12602; bugfix on - 0.2.1.1-alpha. Patch from "dhill". - diff --git a/changes/bug12700 b/changes/bug12700 deleted file mode 100644 index 1d8caeb8bd..0000000000 --- a/changes/bug12700 +++ /dev/null @@ -1,10 +0,0 @@ - o Minor bugfixes: - - When logging information about an EXTEND2 or EXTENDED2 cell, log - their names correctly. Fixes part of bug 12700; bugfix on - 0.2.4.8-alpha. - - o Minor bugfixes: - - When logging information about a relay cell whose command we - don't recognize, log its command as an integer. Fixes part of - bug 12700; bugfix on 0.2.1.10-alpha. - diff --git a/changes/bug12718 b/changes/bug12718 deleted file mode 100644 index 0c5f708446..0000000000 --- a/changes/bug12718 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - Correct a confusing error message when trying to extend a circuit - via the control protocol but we don't know a descriptor or - microdescriptor for one of the specified relays. Fixes bug 12718; - bugfix on 0.2.3.1-alpha. diff --git a/changes/bug12730-systemd-verify-config b/changes/bug12730-systemd-verify-config deleted file mode 100644 index 221633c78e..0000000000 --- a/changes/bug12730-systemd-verify-config +++ /dev/null @@ -1,3 +0,0 @@ - o Distribution: - - Verify configuration file via ExecStartPre in the systemd unit file. - Patch from intrigeri; resolves ticket 12730. diff --git a/changes/bug12731-systemd-no-run-as-daemon b/changes/bug12731-systemd-no-run-as-daemon deleted file mode 100644 index f92e5aff00..0000000000 --- a/changes/bug12731-systemd-no-run-as-daemon +++ /dev/null @@ -1,9 +0,0 @@ - o Distribution: - - Explicitly disable RunAsDaemon in the systemd unit file. - Our current systemd unit uses "Type = simple", so systemd does - not expect tor to fork. If the user has "RunAsDaemon 1" in their - torrc, then things won't work as expected. This is e.g. the case - on Debian (and derivatives), since there we pass - "--defaults-torrc /usr/share/tor/tor-service-defaults-torrc" - (that contains "RunAsDaemon 1") by default. - Patch by intrigeri; resolves ticket 12731. diff --git a/changes/bug12830 b/changes/bug12830 deleted file mode 100644 index 835ebe2fa7..0000000000 --- a/changes/bug12830 +++ /dev/null @@ -1,4 +0,0 @@ - o Documentation: - - Adjust the URLs in the README to refer to the new locations of - several documents on the website. Patch from Matt Pagan. Fixes - bug 12830. diff --git a/changes/bug12848 b/changes/bug12848 deleted file mode 100644 index 7aa79c395e..0000000000 --- a/changes/bug12848 +++ /dev/null @@ -1,4 +0,0 @@ - o Major bugfixes (relay): - - Avoid queuing or sending destroy cells for circuit ID zero when - we fail to send a CREATE cell. Fixes bug 12848; bugfix on - 0.0.8pre1. Found and fixed by "cypherpunks". diff --git a/changes/bug12864 b/changes/bug12864 deleted file mode 100644 index 79e751f427..0000000000 --- a/changes/bug12864 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes: - - Restore the functionality of CookieAuthFileGroupReadable. Fixes bug - 12864; bugfix on 0.2.5.1-alpha. - - o Minor features: - - Add an ExtORPortCookieAuthFileGroupReadable option to make the - cookie file for the ExtORPort g+r by default. diff --git a/changes/bug12878 b/changes/bug12878 deleted file mode 100644 index a05fc446b9..0000000000 --- a/changes/bug12878 +++ /dev/null @@ -1,3 +0,0 @@ - o Documentation: - - Document 'reject6' and 'accept6' ExitPolicy entries. Resolves - ticket 12878. diff --git a/changes/bug12908 b/changes/bug12908 deleted file mode 100644 index bd6784cbd2..0000000000 --- a/changes/bug12908 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - Warn about attempts to run hidden services and relays in the - same process: that's probably not a good idea. Closes ticket - 12908. diff --git a/changes/bug12948 b/changes/bug12948 deleted file mode 100644 index 431c0a1019..0000000000 --- a/changes/bug12948 +++ /dev/null @@ -1,8 +0,0 @@ - o Major bugfixes: - - Resume expanding abbreviations for command-line options. The fix - for bug 4647 accidentally removed our hack from bug 586 that rewrote - HashedControlPassword to __HashedControlSessionPassword when it - appears on the commandline (which allowed the user to set her - own HashedControlPassword in the torrc file while the controller - generates a fresh session password for each run). Fixes bug 12948; - bugfix on 0.2.5.1-alpha. diff --git a/changes/bug12996 b/changes/bug12996 deleted file mode 100644 index 4b4fb0dceb..0000000000 --- a/changes/bug12996 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - Downgrade "Unexpected onionskin length after decryption" warning - to a protocol-warn, since there's nothing relay operators can do - about a client that sends them a malformed create cell. Resolves - bug 12996; bugfix on 0.0.6rc1. diff --git a/changes/bug12997 b/changes/bug12997 deleted file mode 100644 index fb6e7a8459..0000000000 --- a/changes/bug12997 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Log more specific warnings when we get an ESTABLISH_RENDEZVOUS cell - on a cannibalized or non-OR circuit. Resolves ticket 12997. diff --git a/changes/bug13071 b/changes/bug13071 deleted file mode 100644 index 8212b6c049..0000000000 --- a/changes/bug13071 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (relay): - - Escape all strings from the directory connection before logging them. - Fixes bug 13071; bugfix on 0.1.1.15. Patch from "teor". diff --git a/changes/bug13081 b/changes/bug13081 deleted file mode 100644 index 154f73fb0a..0000000000 --- a/changes/bug13081 +++ /dev/null @@ -1,3 +0,0 @@ - o Compilation fixes: - - Make the nmake make files work again. Fixes bug 13081. Bugfix on 0.2.5.1-alpha. Patch - from "NewEraCracker". diff --git a/changes/bug13085 b/changes/bug13085 deleted file mode 100644 index a46457c797..0000000000 --- a/changes/bug13085 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (controller): - - Actually send TRANSPORT_LAUNCHED and HS_DESC events to controllers. - Fixes bug 13085; bugfix on 0.2.5.1-alpha. Patch by "teor". diff --git a/changes/bug13096 b/changes/bug13096 deleted file mode 100644 index 521faaf143..0000000000 --- a/changes/bug13096 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (conformance): - - In routerlist_assert_ok(), don't take the address of a routerinfo's - cache_info member unless that routerinfo is non-NULL. Fixes bug - 13096; bugfix on 0.1.1.9-alpha. Patch by "teor". diff --git a/changes/bug13100 b/changes/bug13100 deleted file mode 100644 index bbe43e65a7..0000000000 --- a/changes/bug13100 +++ /dev/null @@ -1,3 +0,0 @@ - o Directory authority changes: - - Change IP address for gabelmoo (v3 directory authority). - diff --git a/changes/bug13124 b/changes/bug13124 deleted file mode 100644 index be7df70347..0000000000 --- a/changes/bug13124 +++ /dev/null @@ -1,8 +0,0 @@ - o Minor bugfixes: - - Reduce the log severity of the "Pluggable transport proxy does - not provide any needed transports and will not be launched." - message, since Tor Browser includes several ClientTransportPlugin - lines in its torrc-defaults file, leading every Tor Browser user - who looks at her logs to see these notices and wonder if they're - dangerous. Resolves bug 13124; bugfix on 0.2.5.3-alpha. - diff --git a/changes/bug13151-client b/changes/bug13151-client deleted file mode 100644 index 1218dfdfab..0000000000 --- a/changes/bug13151-client +++ /dev/null @@ -1,13 +0,0 @@ - o Major bugfixes: - - Clients now send the correct address for their chosen rendezvous - point when trying to access a hidden service. They used to send - the wrong address, which would still work some of the time because - they also sent the identity digest of the rendezvous point, and if - the hidden service happened to try connecting to the rendezvous - point from a relay that already had a connection open to it, - the relay would reuse that connection. Now connections to hidden - services should be more robust and faster. Also, this bug meant - that clients were leaking to the hidden service whether they were - on a little-endian (common) or big-endian (rare) system, which for - some users might have reduced their anonymity. Fixes bug 13151; - bugfix on 0.2.1.5-alpha. diff --git a/changes/bug13296 b/changes/bug13296 deleted file mode 100644 index d6fe038c30..0000000000 --- a/changes/bug13296 +++ /dev/null @@ -1,5 +0,0 @@ - o Directory authority changes: - - Remove turtles as a directory authority. - - Add longclaw as a new (v3) directory authority. This implements - ticket 13296. This keeps the directory authority count at 9. - diff --git a/changes/bug13325 b/changes/bug13325 deleted file mode 100644 index b1da4d0bd5..0000000000 --- a/changes/bug13325 +++ /dev/null @@ -1,4 +0,0 @@ - o Compilation fixes: - - Build and run correctly on systems like OpenBSD-current that - have patched OpenSSL to remove get_cipher_by_char and/or its - implementations. Fixes issue 13325. diff --git a/changes/bug13471 b/changes/bug13471 deleted file mode 100644 index c116a4aeeb..0000000000 --- a/changes/bug13471 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes (openssl bug workaround): - - Avoid crashing when using OpenSSL version 0.9.8zc, 1.0.0o, or - 1.0.1j, built with the 'no-ssl3' configuration option. Fixes - bug 13471. This is a workaround for an OpenSSL bug. - diff --git a/changes/bug13988 b/changes/bug13988 deleted file mode 100644 index e816335a3b..0000000000 --- a/changes/bug13988 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (statistics): - - Increase period over which bandwidth observations are aggregated - from 15 minutes to 4 hours. Fixes bug 13988; bugfix on 0.0.8pre1. diff --git a/changes/bug14013 b/changes/bug14013 deleted file mode 100644 index 640cf859f5..0000000000 --- a/changes/bug14013 +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfixes: - - When reading a hexadecimal, base-32, or base-64 encoded value - from a string, always overwrite the complete output buffer. This - prevents some bugs where we would look at (but fortunately, not - reveal) uninitialized memory on the stack. Fixes bug 14013; - bugfix on all versions of Tor. diff --git a/changes/bug14125 b/changes/bug14125 deleted file mode 100644 index fe6821a332..0000000000 --- a/changes/bug14125 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (dirauth): - - Enlarge the buffer to read bw-auth generated files to avoid an - issue when parsing the file in dirserv_read_measured_bandwidths(). - Bugfix on 0.2.2.1-alpha, fixes #14125. - diff --git a/changes/bug14129 b/changes/bug14129 deleted file mode 100644 index 6153cd84fd..0000000000 --- a/changes/bug14129 +++ /dev/null @@ -1,7 +0,0 @@ - o Major bugfixes (exit node stability): - - - Fix an assertion failure that could occur under high DNS load. Fixes - bug 14129; bugfix on Tor 0.0.7rc1. Found by "jowr"; diagnosed and fixed - by "cypherpunks". - - diff --git a/changes/bug14142-parse-virtual-addr b/changes/bug14142-parse-virtual-addr deleted file mode 100644 index f78b7c7d81..0000000000 --- a/changes/bug14142-parse-virtual-addr +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes (client): - - Check for a missing option value in parse_virtual_addr_network - before asserting on the NULL in tor_addr_parse_mask_ports. - This avoids crashing on torrc lines like - Vi[rtualAddrNetworkIPv[4|6]] when no value follows the option. - Bugfix on 0.2.3 (de4cc126cbb5 on 24 November 2012), fixes #14142. - Patch by "teor". diff --git a/changes/bug14195 b/changes/bug14195 deleted file mode 100644 index d2b82f31b0..0000000000 --- a/changes/bug14195 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (client): - - Fix a memory leak when using AutomapHostsOnResolve. - Fixes bug 14195; bugfix on 0.1.0.1-rc. diff --git a/changes/bug14220 b/changes/bug14220 deleted file mode 100644 index 51cfa502bc..0000000000 --- a/changes/bug14220 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (compilation): - - Build without warnings with the stock OpenSSL srtp.h header, - which has a duplicate declaration of SSL_get_selected_srtp_profile(). - Fixes bug 14220; this is OpenSSL's bug, not ours. diff --git a/changes/bug14261 b/changes/bug14261 deleted file mode 100644 index 1260ccba1e..0000000000 --- a/changes/bug14261 +++ /dev/null @@ -1,5 +0,0 @@ - O Minor bugfixes (directory authority): - - Allow directory authorities to fetch more data from one - another if they find themselves missing lots of votes. - Previously, they had been bumping against the 10 MB queued - data limit. Fixes bug 14261. Bugfix on 0.1.2.5-alpha. diff --git a/changes/bug15083 b/changes/bug15083 deleted file mode 100644 index 5cc79b5ba1..0000000000 --- a/changes/bug15083 +++ /dev/null @@ -1,10 +0,0 @@ - o Major bugfixes (relay, stability, possible security): - - Fix a bug that could lead to a relay crashing with an assertion - failure if a buffer of exactly the wrong layout was passed - to buf_pullup() at exactly the wrong time. Fixes bug 15083; - bugfix on 0.2.0.10-alpha. Patch from 'cypherpunks'. - - - Do not assert if the 'data' pointer on a buffer is advanced to the very - end of the buffer; log a BUG message instead. Only assert if it is - past that point. Fixes bug 15083; bugfix on 0.2.0.10-alpha. - diff --git a/changes/bug15088 b/changes/bug15088 deleted file mode 100644 index 95878bdb39..0000000000 --- a/changes/bug15088 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (Linux seccomp2 sandbox): - - Upon receiving sighup, do not crash during attempts to call - wait4. Fixes bug 15088; bugfix on 0.2.5.1-alpha. Patch from - "sanic". diff --git a/changes/bug15205 b/changes/bug15205 deleted file mode 100644 index 0cb9f3f4bc..0000000000 --- a/changes/bug15205 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes (crash, OSX, security): - - Fix a remote denial-of-service opportunity caused by a bug - in OSX's _strlcat_chk() function. Fixes bug 15205; bug first - appeared in OSX 10.9. - diff --git a/changes/bug15515 b/changes/bug15515 deleted file mode 100644 index dda7c2fcd8..0000000000 --- a/changes/bug15515 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (DoS-resistance): - - Make it harder for attackers to overwhelm hidden services with - introductions, by blocking multiple introduction requests on the - same circuit. Resolves ticket #15515. diff --git a/changes/bug15582 b/changes/bug15582 new file mode 100644 index 0000000000..5ea6431cf8 --- /dev/null +++ b/changes/bug15582 @@ -0,0 +1,4 @@ + o Minor bugfixes (compilation): + - Avoid compiler warnings in the unit tests for running tor_sscanf() + with wide string outputs. Fixes bug 15582; bugfix on 0.2.6.2-alpha. + diff --git a/changes/bug15600 b/changes/bug15600 deleted file mode 100644 index ee1d6cfe19..0000000000 --- a/changes/bug15600 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes (security, hidden service): - - Fix an issue that would allow a malicious client to trigger - an assertion failure and halt a hidden service. Fixes - bug 15600; bugfix on 0.2.1.6-alpha. Reported by "skruffy". - diff --git a/changes/bug15601 b/changes/bug15601 deleted file mode 100644 index 2cc880af7f..0000000000 --- a/changes/bug15601 +++ /dev/null @@ -1,4 +0,0 @@ - o Major bugfixes (security, hidden service): - - Fix a bug that could cause a client to crash with an assertion - failure when parsing a malformed hidden service descriptor. - Fixes bug 15601; bugfix on 0.2.1.5-alpha. Found by "DonnCha". diff --git a/changes/bug15823 b/changes/bug15823 deleted file mode 100644 index 987de5d9ac..0000000000 --- a/changes/bug15823 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (hidden service): - - Fix an out-of-bounds read when parsing invalid INTRODUCE2 cells - on a client authorized hidden service. Fixes bug 15823; bugfix - on 0.2.1.6-alpha. diff --git a/changes/bug16248 b/changes/bug16248 deleted file mode 100644 index 399b7093cd..0000000000 --- a/changes/bug16248 +++ /dev/null @@ -1,8 +0,0 @@ - o Major bugfixes (dns proxy mode, crash): - - Avoid crashing when running as a DNS proxy. Closes bug 16248; bugfix on - 0.2.0.1-alpha. Patch from 'cypherpunks'. - - o Minor features (bug-resistance): - - Make Tor survive errors involving connections without a corresponding - event object. Previously we'd fail with an assertion; now we produce a - log message. Related to bug 16248. diff --git a/changes/bug16360-failed-crypto-early-init b/changes/bug16360-failed-crypto-early-init deleted file mode 100644 index 21972bce52..0000000000 --- a/changes/bug16360-failed-crypto-early-init +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes (crypto error-handling): - - If crypto_early_init fails, a typo in a return value from tor_init - means that tor_main continues running, rather than returning - an error value. - Fixes bug 16360; bugfix on d3fb846d8c98 in 0.2.5.2-alpha, - introduced when implementing #4900. - Patch by "teor". diff --git a/changes/bug17404 b/changes/bug17404 deleted file mode 100644 index d524f6662d..0000000000 --- a/changes/bug17404 +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfixes (security, correctness): - - Fix a programming error that could cause us to read 4 bytes before - the beginning of an openssl string. This could be used to provoke - a crash on systems with an unusual malloc implementation, or - systems with unsual hardening installed. Fixes bug 17404; bugfix - on 0.2.3.6-alpha. diff --git a/changes/bug17772 b/changes/bug17772 deleted file mode 100644 index 54d457c601..0000000000 --- a/changes/bug17772 +++ /dev/null @@ -1,7 +0,0 @@ - o Major bugfixes (guard selection): - - Actually look at the Guard flag when selecting a new directory - guard. When we implemented the directory guard design, we - accidentally started treating all relays as if they have the Guard - flag during guard selection, leading to weaker anonymity and worse - performance. Fixes bug 17222; bugfix on 0.2.4.8-alpha. Discovered - by Mohsen Imani. diff --git a/changes/bug17781 b/changes/bug17781 deleted file mode 100644 index 01ed231b0a..0000000000 --- a/changes/bug17781 +++ /dev/null @@ -1,3 +0,0 @@ - o Compilation fixes: - - Fix a compilation warning with Clang 3.6: Do not check the - presence of an address which can never be NULL. Fixes bug 17781. diff --git a/changes/bug17906 b/changes/bug17906 deleted file mode 100644 index fff76d1c59..0000000000 --- a/changes/bug17906 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (authorities): - - Update the V3 identity key for dannenberg, it was changed on - 18 November 2015. - Closes task #17906. Patch by "teor". diff --git a/changes/bug18089 b/changes/bug18089 deleted file mode 100644 index c1fb342f77..0000000000 --- a/changes/bug18089 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor fixes (security): - - Make memwipe() do nothing when passed a NULL pointer - or zero size. Check size argument to memwipe() for underflow. - Closes bug #18089. Reported by "gk", patch by "teor". - Bugfix on 0.2.3.25 and 0.2.4.6-alpha (#7352), - commit 49dd5ef3 on 7 Nov 2012. diff --git a/changes/bug18100 b/changes/bug18100 new file mode 100644 index 0000000000..cd3ba2c977 --- /dev/null +++ b/changes/bug18100 @@ -0,0 +1,5 @@ + o Major bugfixes (linux TPROXY support): + - Fix a typo that had prevented TPROXY-based transparent proxying from + working under Linux. Fixes bug 18100; bugfix on 0.2.6.3-alpha. + Patch from "d4fq0fQAgoJ". + diff --git a/changes/bug18162 b/changes/bug18162 deleted file mode 100644 index 0844d6f62f..0000000000 --- a/changes/bug18162 +++ /dev/null @@ -1,7 +0,0 @@ - o Major bugfixes (security, pointers): - - - Avoid a difficult-to-trigger heap corruption attack when extending - a smartlist to contain over 16GB of pointers. Fixes bug #18162; - bugfix on Tor 0.1.1.11-alpha, which fixed a related bug - incompletely. Reported by Guido Vranken. - diff --git a/changes/bug18710 b/changes/bug18710 deleted file mode 100644 index 269395563d..0000000000 --- a/changes/bug18710 +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfixes (DNS proxy): - - Stop a crash that could occur when a client running with DNSPort - received a query with multiple address types, where the first - address type was not supported. Found and fixed by Scott Dial. - Fixes bug 18710; bugfix on 0.2.5.4-alpha. - diff --git a/changes/bug19025 b/changes/bug19025 new file mode 100644 index 0000000000..0f365f52ba --- /dev/null +++ b/changes/bug19025 @@ -0,0 +1,4 @@ + o Major bugfixes (DNS): + - Fix a bug that prevented exit nodes from caching DNS records for more + than 60 seconds. + Fixes bug 19025; bugfix on 0.2.4.7-alpha. diff --git a/changes/bug19869 b/changes/bug19869 new file mode 100644 index 0000000000..430048f161 --- /dev/null +++ b/changes/bug19869 @@ -0,0 +1,4 @@ + o Minor bugfixes (DNSPort): + - On DNSPort, stop logging a BUG warning on a failed hostname lookup. + Fixes bug 19869; bugfix on 0.2.9.1-alpha. + diff --git a/changes/bug19926_029_info b/changes/bug19926_029_info new file mode 100644 index 0000000000..93fd81b6cb --- /dev/null +++ b/changes/bug19926_029_info @@ -0,0 +1,3 @@ + o Minor bugfixes (logging): + - Downgrade a harmless log message about the pending_entry_connections + list from "warn" to "info". Mitigates bug 19926. diff --git a/changes/bug19960 b/changes/bug19960 new file mode 100644 index 0000000000..5d655859a6 --- /dev/null +++ b/changes/bug19960 @@ -0,0 +1,4 @@ + o Minor bugfixes (netbsd, unit tests): + - Stop expecting NetBSD unit tests to report success for ipfw; + on NetBSD, it's only pf that's supported. + Part of a fix for bug 19960; bugfix on 0.2.9.5-alpha. diff --git a/changes/bug19968 b/changes/bug19968 new file mode 100644 index 0000000000..b285706e70 --- /dev/null +++ b/changes/bug19968 @@ -0,0 +1,11 @@ + o Minor bugfixes (relay): + - Do not try to parallelize workers more than 16x without the + user explicitly configuring us to do so, even if we do detect more than + 16 CPU cores. Fixes bug 19968; bugfix on + 0.2.3.1-alpha. + + + o Minor bugfixes (testing): + - Avoid a unit test failure on systems with over 16 detectable + CPU cores. Fixes bug 19968; bugfix on + 0.2.3.1-alpha. diff --git a/changes/bug19969 b/changes/bug19969 new file mode 100644 index 0000000000..c760c6de03 --- /dev/null +++ b/changes/bug19969 @@ -0,0 +1,10 @@ + o Major bugfixes (client performance): + - Clients now respond to new application stream requests when + they arrive, rather than waiting up to one second before starting + to handle them. Fixes part of bug 19969; bugfix on 0.2.8.1-alpha. + + o Major bugfixes (clients on flaky network connections): + - When Tor leaves standby because of a new application request, open + circuits as needed to serve that request. Previously, we would + potentially wait a very long time. Fixes part of bug 19969; bugfix + on 0.2.8.1-alpha. diff --git a/changes/bug20059 b/changes/bug20059 new file mode 100644 index 0000000000..091fab06d1 --- /dev/null +++ b/changes/bug20059 @@ -0,0 +1,3 @@ + o Minor bugfixes (relay): + - Avoid a double-marked-circuit warning that can happen when we receive + DESTROY cells under heavy load. Fixes bug 20059; bugfix on 0.1.0.1-rc. diff --git a/changes/bug20085 b/changes/bug20085 new file mode 100644 index 0000000000..fd10e7eeeb --- /dev/null +++ b/changes/bug20085 @@ -0,0 +1,4 @@ + o Documentation: + - Correct the minimum bandwidth value in torrc.sample, and queue a + corresponding change for torrc.minimal. Closes ticket 20085. + diff --git a/changes/bug20235 b/changes/bug20235 new file mode 100644 index 0000000000..54026a8943 --- /dev/null +++ b/changes/bug20235 @@ -0,0 +1,4 @@ + o Minor features (compatibility): + - Work around a bug in the OSX 10.12 SDK that would prevent us + from successfully targetting earlier versions of OSX. + Resolves ticket 20235. diff --git a/changes/bug20247 b/changes/bug20247 new file mode 100644 index 0000000000..731cf0046f --- /dev/null +++ b/changes/bug20247 @@ -0,0 +1,4 @@ + o Minor bugfixes (linux seccomp2 sandbox): + - Avoid a sandbox failure when trying to re-bind to a socket and mark + it as IPv6-only. Fixes bug 20247; bugfix on 0.2.5.1-alpha. + diff --git a/changes/bug20306_029 b/changes/bug20306_029 new file mode 100644 index 0000000000..ada2676b2b --- /dev/null +++ b/changes/bug20306_029 @@ -0,0 +1,4 @@ + o Minor bugfixes (fascistfirewall): + - Avoid spurious warnings when ReachableAddresses or FascistFirewall + is set. Fixes bug 20306; bugfix on 0.2.8.2-alpha. + diff --git a/changes/bug20307 b/changes/bug20307 new file mode 100644 index 0000000000..9112c9c78d --- /dev/null +++ b/changes/bug20307 @@ -0,0 +1,7 @@ + o Minor bugfixes (circuit, hidden service) + - When closing a circuit, the reason for doing so was assigned from an int + value to a uint16_t which is quite a problem for negative values that are + our internal reasons (ex: END_CIRC_REASON_IP_NOW_REDUNDANT). On the HS + side, this was causing introduction points to be flagged as unusable + because the reason wasn't the right one due to the bad conversion. + Partially fixes bug 21056 and fixes bug 20307; Bugfix on 0.2.8.1-alpha. diff --git a/changes/bug20384 b/changes/bug20384 deleted file mode 100644 index 591015ad94..0000000000 --- a/changes/bug20384 +++ /dev/null @@ -1,10 +0,0 @@ - o Major features (security fixes): - - Prevent a class of security bugs caused by treating the contents - of a buffer chunk as if they were a NUL-terminated string. At - least one such bug seems to be present in all currently used - versions of Tor, and would allow an attacker to remotely crash - most Tor instances, especially those compiled with extra compiler - hardening. With this defense in place, such bugs can't crash Tor, - though we should still fix them as they occur. Closes ticket - 20384 (TROVE-2016-10-001). - diff --git a/changes/bug20401 b/changes/bug20401 new file mode 100644 index 0000000000..85ab3c7322 --- /dev/null +++ b/changes/bug20401 @@ -0,0 +1,4 @@ + o Minor bugfixes (relay): + - Avoid a small memory leak when informing worker threads about rotated + onion keys. Fixes bug 20401; bugfix on 0.2.6.3-alpha. + diff --git a/changes/bug20423 b/changes/bug20423 new file mode 100644 index 0000000000..32bdc3f081 --- /dev/null +++ b/changes/bug20423 @@ -0,0 +1,6 @@ + o Major bugfixes: + - For relays that don't know their own address, avoid attempting + a local hostname resolve for each descriptor we download. Also cut + down on the number of "Success: chose address 'x.x.x.x'" log lines. + Fixes bugs 20423 and 20610; bugfix on 0.2.8.1-alpha. + diff --git a/changes/bug20472 b/changes/bug20472 new file mode 100644 index 0000000000..4d90c39f5b --- /dev/null +++ b/changes/bug20472 @@ -0,0 +1,5 @@ + o Minor bugfixes (circuits): + - Remove a BUG warning in circuit_pick_extend_handshake. Instead, assume + all nodes support EXTEND2. Use ntor whenever a key is available. + Fixes bug 20472; bugfix on 0.2.9.3-alpha. + diff --git a/changes/bug20484 b/changes/bug20484 new file mode 100644 index 0000000000..9a0b95cb39 --- /dev/null +++ b/changes/bug20484 @@ -0,0 +1,5 @@ + o Minor bugfixes (single onion services): + - Start correctly when creating a single onion service in a + directory that did not previously exist. Fixes bug 20484; bugfix on + 0.2.9.3-alpha. + diff --git a/changes/bug20487 b/changes/bug20487 new file mode 100644 index 0000000000..4435f14a95 --- /dev/null +++ b/changes/bug20487 @@ -0,0 +1,4 @@ + o Documentation: + - Clarify that setting HiddenServiceNonAnonymousMode requires + you to also set "SOCKSPort 0". Fixes bug 20487; bugfix on + 0.2.9.3-alpha. diff --git a/changes/bug20509 b/changes/bug20509 new file mode 100644 index 0000000000..a39ca9f60b --- /dev/null +++ b/changes/bug20509 @@ -0,0 +1,5 @@ + o Minor features: + - Directory authorities now reject relays running versions + 0.2.9.1-alpha through 0.2.9.4-alpha, because those relays + suffer from bug 20499 and don't keep their consensus cache + up-to-date. Resolves ticket 20509. diff --git a/changes/bug20529 b/changes/bug20529 new file mode 100644 index 0000000000..276be5b2b6 --- /dev/null +++ b/changes/bug20529 @@ -0,0 +1,4 @@ + o Minor bugfixes (hidden services): + - When configuring hidden services, check every hidden service directory's + permissions. Previously, we only checked the last hidden service. + Fixes bug 20529; bugfix on 13942 commit 85bfad1 in 0.2.6.2-alpha. diff --git a/changes/bug20533 b/changes/bug20533 new file mode 100644 index 0000000000..7d1a456328 --- /dev/null +++ b/changes/bug20533 @@ -0,0 +1,7 @@ + o Minor bugfixes (consensus downloads): + - If a consensus expires while we are waiting for certificates to download, + stop waiting for certificates. + - If we stop waiting for certificates less than a minute after we started + downloading them, do not consider the certificate download failure a + separate failure. + Fixes bug 20533; bugfix on commit e0204f21 in 0.2.0.9-alpha. diff --git a/changes/bug20534 b/changes/bug20534 new file mode 100644 index 0000000000..49db433a01 --- /dev/null +++ b/changes/bug20534 @@ -0,0 +1,8 @@ + o Minor bugfixes (directory download scheduling): + - Remove the maximum delay on exponential-backoff scheduling. + Since we now allow an infinite number of failures (see ticket + 20536), we must now allow the time to grow longer on each failure. + Fixes part of bug 20534; bugfix on 0.2.9.1-alpha. + - Use initial delays and decrements in download scheduling closer to + those from 0.2.8. Fixes another part of bug 20534; bugfix on + 0.2.9.1-alpha. diff --git a/changes/bug20536 b/changes/bug20536 new file mode 100644 index 0000000000..9e0dd164bb --- /dev/null +++ b/changes/bug20536 @@ -0,0 +1,6 @@ + o Major bugfixes (download scheduling): + - When using an exponential backoff schedule, do not give up on + dowloading just because we have failed a bunch of times. Since + each delay is longer than the last, retrying indefinitely won't + hurt. Fixes bug 20536; bugfix on 0.2.9.1-alpha. + diff --git a/changes/bug20551 b/changes/bug20551 new file mode 100644 index 0000000000..b7ec4ca7cc --- /dev/null +++ b/changes/bug20551 @@ -0,0 +1,3 @@ + o Minor bugfixes (compilation): + - Fix implicit conversion warnings under OpenSSL 1.1. + Fixes bug 20551; bugfix on 0.2.1.1-alpha. diff --git a/changes/bug20553 b/changes/bug20553 new file mode 100644 index 0000000000..12a2780303 --- /dev/null +++ b/changes/bug20553 @@ -0,0 +1,3 @@ + o Minor bugfixes (memory leak): + - Work around a memory leak in OpenSSL 1.1 when encoding public keys. + Fixes bug 20553; bugfix on 0.0.2pre8. diff --git a/changes/bug20560 b/changes/bug20560 new file mode 100644 index 0000000000..43d605b296 --- /dev/null +++ b/changes/bug20560 @@ -0,0 +1,4 @@ + o Minor bugfixes (portability): + - Run correctly when built on Windows build environments that require + _vcsprintf(). Fixes bug 20560; bugfix on 0.2.2.11-alpha. + diff --git a/changes/bug20587 b/changes/bug20587 new file mode 100644 index 0000000000..341b001363 --- /dev/null +++ b/changes/bug20587 @@ -0,0 +1,5 @@ + o Minor bugfixes (download timing): + - When determining when to download a directory object, handle times + after 2038 if the operating system supports that. (Someday this will be + important!) Fixes bug 20587; bugfix on 0.2.8.1-alpha. + diff --git a/changes/bug20588 b/changes/bug20588 new file mode 100644 index 0000000000..832ef81336 --- /dev/null +++ b/changes/bug20588 @@ -0,0 +1,3 @@ + o Minor features (portability): + - Fix compilation with OpenSSL 1.1 and less commonly-used + CPU architectures. Closes ticket 20588. diff --git a/changes/bug20591 b/changes/bug20591 new file mode 100644 index 0000000000..deaa738f5e --- /dev/null +++ b/changes/bug20591 @@ -0,0 +1,3 @@ + o Minor bugfixes (relay bootstrap): + - Ensure relays don't make multiple connections during bootstrap. + Fixes bug 20591; bugfix on 0.2.8.1-alpha. diff --git a/changes/bug20593 b/changes/bug20593 new file mode 100644 index 0000000000..e9f54d317a --- /dev/null +++ b/changes/bug20593 @@ -0,0 +1,6 @@ + o Minor bugfixes (client directory scheduling): + - Treat "relay too busy to answer request" as a failed request and a + reason to back off on our retry frequency. This is safe now that + exponential backups retry indefinitely, and avoids a bug where we would + reset our download schedule erroneously. + Fixes bug 20593; bugfix on 0.2.9.1-alpha. diff --git a/changes/bug20597 b/changes/bug20597 new file mode 100644 index 0000000000..f199b63933 --- /dev/null +++ b/changes/bug20597 @@ -0,0 +1,5 @@ + o Minor bugfixes (test networks, exponential backoff): + - When using exponential backoff in test networks, use a lower exponent, + so the delays do not vary as much. This helps test networks bootstrap + consistently. Fixes bug 20597; bugfix on 20499; not in any released + version of tor. diff --git a/changes/bug20613 b/changes/bug20613 new file mode 100644 index 0000000000..19bb61f4e0 --- /dev/null +++ b/changes/bug20613 @@ -0,0 +1,6 @@ + o Minor bugfixes (single onion services, Tor2web): + - Stop logging long-term one-hop circuits deliberately created by single + onion services and Tor2web. These log messages are intended to diagnose + issue 8387, which relates to circuits hanging around forever for no + reason. + Fixes bug 20613; bugfix on 0.2.9.1-alpha. Reported by "pastly". diff --git a/changes/bug20634 b/changes/bug20634 new file mode 100644 index 0000000000..62fc9f4787 --- /dev/null +++ b/changes/bug20634 @@ -0,0 +1,3 @@ + o Minor bugfixes (unit tests): + - Stop spurious failures in the local interface address discovery unit + tests. Fixes bug 20634; bugfix on 0.2.8.1-alpha; patch by Neel Chauhan. diff --git a/changes/bug20638 b/changes/bug20638 new file mode 100644 index 0000000000..260d7d0a75 --- /dev/null +++ b/changes/bug20638 @@ -0,0 +1,5 @@ + o Minor bugfixes (hidden services): + - Stop ignoring hidden service key anonymity when first starting tor. + Instead, refuse to start tor if any hidden service key has been used in + a different hidden service anonymity mode. + Fixes bug 20638; bugfix on 17178 in 0.2.9.3-alpha; reported by ahf. diff --git a/changes/bug20710_025 b/changes/bug20710_025 new file mode 100644 index 0000000000..12bd07536c --- /dev/null +++ b/changes/bug20710_025 @@ -0,0 +1,4 @@ + o Minor bugfixes (memory leak, use-after-free, linux seccomp2 sandbox): + - Fix a memory leak and use-after-free error when removing entries + from the sandbox's getaddrinfo() cache. Fixes bug 20710; bugfix on + 0.2.5.5-alpha. Patch from "cypherpunks". diff --git a/changes/bug20715 b/changes/bug20715 new file mode 100644 index 0000000000..737a560cec --- /dev/null +++ b/changes/bug20715 @@ -0,0 +1,4 @@ + o Minor bugfixes (memory leak) + - When moving a signed descriptor object from a source to an existing + destination, free the allocated memory inside that destination object. + Bugfix on tor-0.2.8.3-alpha; Closes #20715. diff --git a/changes/bug20716 b/changes/bug20716 new file mode 100644 index 0000000000..37fd6feecf --- /dev/null +++ b/changes/bug20716 @@ -0,0 +1,3 @@ + o Minor bugfixes (client, memory leak): + - Fix a small memory leak when receiving AF_UNIX connections on + a SocksPort. Fixes bug 20716; bugfix on 0.2.6.3-alpha. diff --git a/changes/bug20810 b/changes/bug20810 new file mode 100644 index 0000000000..5420a73175 --- /dev/null +++ b/changes/bug20810 @@ -0,0 +1,4 @@ + o Minor bugfixes (relay) + - When computing old Tor protocol line version in protover, we were + looking at 0.2.7.5 twice instead of a specific case for 0.2.9.1-alpha. + Bugfix on tor-0.2.9.4-alpha. diff --git a/changes/bug20864 b/changes/bug20864 new file mode 100644 index 0000000000..7b8c70fad6 --- /dev/null +++ b/changes/bug20864 @@ -0,0 +1,4 @@ + o Minor bugfixes (unit tests, hidden services): + - Remove a double-free in the single onion service unit test. Stop + ignoring a return value. Make future changes less error-prone. + Fixes bug 20864; bugfix on 0.2.9.6-rc. diff --git a/changes/bug20875 b/changes/bug20875 new file mode 100644 index 0000000000..6bba2cbc12 --- /dev/null +++ b/changes/bug20875 @@ -0,0 +1,4 @@ + o Minor bugfixes (download scheduling) + - Resolve a "bug" warning when considering a download schedule whose + delay had approached INT_MAX. Fixes 20875; bugfix on 0.2.9.5-alpha. + diff --git a/changes/bug20935 b/changes/bug20935 new file mode 100644 index 0000000000..78068c7c06 --- /dev/null +++ b/changes/bug20935 @@ -0,0 +1,3 @@ + o Minor bugfixes (portability): + - Use the correct spelling of MAC_OS_X_VERSION_10_12 on configure.ac + Fixes bug 20935; bugfix on 0.2.9.6-rc. diff --git a/changes/bug21035 b/changes/bug21035 new file mode 100644 index 0000000000..bbf3340787 --- /dev/null +++ b/changes/bug21035 @@ -0,0 +1,6 @@ + o Minor bugfixes (portability): + - Avoid crashing when Tor is built using headers that contain + CLOCK_MONOTONIC_COARSE, but then tries to run on an older kernel + without CLOCK_MONOTONIC_COARSE. Fixes bug 21035; bugfix on + 0.2.9.1-alpha. + diff --git a/changes/bug21051 b/changes/bug21051 new file mode 100644 index 0000000000..8bb4f80c8e --- /dev/null +++ b/changes/bug21051 @@ -0,0 +1,3 @@ + o Minor bugfixes (compilation): + - Fix Libevent detection on platforms without Libevent 1 headers + installed. Fixes bug 21051; bugfix on 0.2.9.1-alpha. diff --git a/changes/bug21108_029 b/changes/bug21108_029 new file mode 100644 index 0000000000..3a3f004fc6 --- /dev/null +++ b/changes/bug21108_029 @@ -0,0 +1,6 @@ + o Major bugfixes (directory authority): + - During voting, when marking a node as a probable sybil, do not + clear its BadExit flag: sybils can still be bad in other ways + too. (We still clear the other flags.) Fixes bug 21108; bugfix + on 0.2.0.13-alpha. + diff --git a/changes/bug21278_extras b/changes/bug21278_extras new file mode 100644 index 0000000000..ffdf4a047b --- /dev/null +++ b/changes/bug21278_extras @@ -0,0 +1,3 @@ + o Minor bugfixes (code correctness): + - Repair a couple of (unreachable or harmless) cases of the risky + comparison-by-subtraction pattern that caused bug 21278. diff --git a/changes/bug21278_prevention b/changes/bug21278_prevention new file mode 100644 index 0000000000..e07f0a670c --- /dev/null +++ b/changes/bug21278_prevention @@ -0,0 +1,4 @@ + o Minor features (directory authority): + - Directory authorities now reject descriptors that claim to be + malformed versions of Tor. Helps prevent exploitation of bug 21278. + diff --git a/changes/bug21280 b/changes/bug21280 new file mode 100644 index 0000000000..e9f0bc174c --- /dev/null +++ b/changes/bug21280 @@ -0,0 +1,5 @@ + o Minor bugfixes (tor-resolve): + - The tor-resolve command line tool now rejects hostnames over 255 + characters in length. Previously, it would silently truncate + them, which could lead to bugs. Fixes bug 21280; bugfix on 0.0.9pre5. + Patch by "junglefowl". diff --git a/changes/bug21357 b/changes/bug21357 new file mode 100644 index 0000000000..a1cb43a78a --- /dev/null +++ b/changes/bug21357 @@ -0,0 +1,7 @@ + o Major bugfixes (IPv6 Exits): + - Stop rejecting all IPv6 traffic on Exits whose exit policy rejects IPv6 + addresses. Instead, only reject a port over IPv6 if the exit policy + rejects that port on more than an IPv6 /16 of addresses. This bug was + made worse by 17027 in 0.2.8.1-alpha, which rejects a relay's own IPv6 + address by default. + Fixes bug 21357; bugfix on commit 004f3f4e53 in 0.2.4.7-alpha. diff --git a/changes/bug21394 b/changes/bug21394 new file mode 100644 index 0000000000..e5452e20ba --- /dev/null +++ b/changes/bug21394 @@ -0,0 +1,9 @@ + o Major bugfixes (Exit nodes): + - Fix an issue causing high-bandwidth exit nodes to fail a majority + or all of their DNS requests, making them basically unsuitable for + regular usage in Tor circuits. The problem is related to + libevent's DNS handling, but we can work around it in Tor. Fixes + bugs 21394 and 18580; bugfix on 0.1.2.2-alpha which introduced + eventdns. Credit goes to Dhalgren for identifying and finding a + workaround to this bug and to gamambel, arthuredelstein and + arma in helping to track it down and analyze it. diff --git a/changes/bug21450 b/changes/bug21450 new file mode 100644 index 0000000000..a1cf89ab41 --- /dev/null +++ b/changes/bug21450 @@ -0,0 +1,4 @@ + o Minor bugfixes (voting consistency): + - Reject version numbers with components that exceed INT32_MAX. + Otherwise 32-bit and 64-bit platforms would behave inconsistently. + Fixes bug 21450; bugfix on 0.0.8pre1. diff --git a/changes/bug21507 b/changes/bug21507 new file mode 100644 index 0000000000..f83e291b63 --- /dev/null +++ b/changes/bug21507 @@ -0,0 +1,5 @@ + o Minor bugfixes (voting consistency): + - Reject version numbers with non-numeric prefixes (such as +, -, and + whitespace). Disallowing whitespace prevents differential version + parsing between POSIX-based and Windows platforms. + Fixes bug 21507 and part of 21508; bugfix on 0.0.8pre1. diff --git a/changes/bug21576 b/changes/bug21576 new file mode 100644 index 0000000000..68d8471192 --- /dev/null +++ b/changes/bug21576 @@ -0,0 +1,4 @@ + o Major bugfixes (crash, directory connections): + - Fix a rare crash when sending a begin cell on a circuit whose linked + directory connection has already been closed. Fixes bug 21576; + bugfix on Tor 0.2.9.3-alpha. Reported by alecmuffett. diff --git a/changes/bug21943 b/changes/bug21943 new file mode 100644 index 0000000000..dbe2c726d9 --- /dev/null +++ b/changes/bug21943 @@ -0,0 +1,6 @@ + o Minor bugfixes (Linux seccomp2 sandbox): + - The getpid() system call is now permitted under the Linux seccomp2 + sandbox, to avoid crashing with versions of OpenSSL (and other + libraries) that attempt to learn the process's PID by using the + syscall rather than the VDSO code. Fixes bug 21943; bugfix on + 0.2.5.1-alpha. diff --git a/changes/bug22034 b/changes/bug22034 new file mode 100644 index 0000000000..6d9e188740 --- /dev/null +++ b/changes/bug22034 @@ -0,0 +1,4 @@ + o Minor bugfixes (control port, regression): + - The GETINFO extra-info/digest/<digest> command was broken because of a + wrong base16 decode return value check. In was introduced in a refactor + of that API. Fixex bug #22034; bugfix on tor-0.2.9.1-alpha. diff --git a/changes/bug22245 b/changes/bug22245 new file mode 100644 index 0000000000..6ae18593ea --- /dev/null +++ b/changes/bug22245 @@ -0,0 +1,5 @@ + o Minor bugfixes (bandwidth accounting): + - Roll over monthly accounting at the configured hour and minute, + rather than always at 00:00. + Fixes bug 22245; bugfix on 0.0.9rc1. + Found by Andrey Karpov with PVS-Studio. diff --git a/changes/bug22349 b/changes/bug22349 new file mode 100644 index 0000000000..bb43404bfe --- /dev/null +++ b/changes/bug22349 @@ -0,0 +1,9 @@ + o Minor bugfixes (directory authority): + - When a directory authority rejects a descriptor or extrainfo with + a given digest, mark that digest as undownloadable, so that we + do not attempt to download it again over and over. We previously + tried to avoid downloading such descriptors by other means, but + we didn't notice if we accidentally downloaded one anyway. This + behavior became problematic in 0.2.7.2-alpha, when authorities + began pinning Ed25519 keys. Fixes ticket + 22349; bugfix on 0.2.1.19-alpha. diff --git a/changes/bug22370 b/changes/bug22370 new file mode 100644 index 0000000000..e0e87e3339 --- /dev/null +++ b/changes/bug22370 @@ -0,0 +1,4 @@ + o Minor bugfixes (memory handling): + - When directory authorities reject a router descriptor due to keypinning, + free the router descriptor rather than leaking the memory. + Fixes bug 22370; bugfix on 0.2.7.2-alpha. diff --git a/changes/bug22446 b/changes/bug22446 new file mode 100644 index 0000000000..eab65aac00 --- /dev/null +++ b/changes/bug22446 @@ -0,0 +1,4 @@ + o Minor features (code style, backport from 0.3.1.3-alpha): + - Add "Falls through" comments to our codebase, in order to silence + GCC 7's -Wimplicit-fallthrough warnings. Patch from Andreas + Stieger. Closes ticket 22446. diff --git a/changes/bug22460_case2 b/changes/bug22460_case2 new file mode 100644 index 0000000000..0a11759832 --- /dev/null +++ b/changes/bug22460_case2 @@ -0,0 +1,8 @@ + o Major bugfixes (relay, link handshake): + + - When performing the v3 link handshake on a TLS connection, report that + we have the x509 certificate that we actually used on that connection, + even if we have changed certificates since that connection was first + opened. Previously, we would claim to have used our most recent x509 + link certificate, which would sometimes make the link handshake fail. + Fixes one case of bug 22460; bugfix on 0.2.3.6-alpha. diff --git a/changes/bug22516 b/changes/bug22516 new file mode 100644 index 0000000000..f024a3c470 --- /dev/null +++ b/changes/bug22516 @@ -0,0 +1,5 @@ + o Minor bugfixes (linux seccomp2 sandbox): + - Permit the fchmod system call, to avoid crashing on startup when + starting with the seccomp2 sandbox and an unexpected set of permissions + on the data directory or its contents. Fixes bug 22516; bugfix on + 0.2.5.4-alpha. diff --git a/changes/bug22644 b/changes/bug22644 new file mode 100644 index 0000000000..9b8742edaf --- /dev/null +++ b/changes/bug22644 @@ -0,0 +1,5 @@ + o Minor bugfixes (controller): + - Do not crash when receiving a POSTDESCRIPTOR command with an + empty body. Fixes part of bug 22644; bugfix on 0.2.0.1-alpha. + - Do not crash when receiving a HSPOST command with an empty body. + Fixes part of bug 22644; bugfix on 0.2.7.1-alpha. diff --git a/changes/bug22797 b/changes/bug22797 new file mode 100644 index 0000000000..619baaa409 --- /dev/null +++ b/changes/bug22797 @@ -0,0 +1,4 @@ + o Minor bugfixes (file limits): + - When setting the maximum number of connections allowed by the OS, + always allow some extra file descriptors for other files. + Fixes bug 22797; bugfix on 0.2.0.10-alpha. diff --git a/changes/bug22801 b/changes/bug22801 new file mode 100644 index 0000000000..7edc79bc84 --- /dev/null +++ b/changes/bug22801 @@ -0,0 +1,5 @@ + o Minor bugfixes (compilation): + - When building with certain versions the mingw C header files, avoid + float-conversion warnings when calling the C functions isfinite(), + isnan(), and signbit(). Fixes bug 22801; bugfix on 0.2.8.1-alpha. + diff --git a/changes/bug22838_028 b/changes/bug22838_028 new file mode 100644 index 0000000000..1d0a4fbfd1 --- /dev/null +++ b/changes/bug22838_028 @@ -0,0 +1,5 @@ + o Minor bugfixes (compilation, mingw, backport from 0.3.1.1-alpha): + - Backport a fix for an "unused variable" warning that appeared + in some versions of mingw. Fixes bug 22838; bugfix on + 0.2.8.1-alpha. + diff --git a/changes/bug22915 b/changes/bug22915 new file mode 100644 index 0000000000..17a9c6018f --- /dev/null +++ b/changes/bug22915 @@ -0,0 +1,3 @@ + o Minor bugfixes (compilation warnings): + - Suppress -Wdouble-promotion warnings with clang 4.0. Fixes bug 22915; + bugfix on 0.2.8.1-alpha. diff --git a/changes/bug22916_027 b/changes/bug22916_027 new file mode 100644 index 0000000000..5cf99c7d15 --- /dev/null +++ b/changes/bug22916_027 @@ -0,0 +1,3 @@ + o Minor bugfixes (Compilation): + - Fix warnings when building with libscrypt and openssl scrypt support + on Clang. Fixes bug 22916; bugfix on 0.2.7.2-alpha. diff --git a/changes/bug23030_029 b/changes/bug23030_029 new file mode 100644 index 0000000000..89a1b507d7 --- /dev/null +++ b/changes/bug23030_029 @@ -0,0 +1,7 @@ + o Minor bugfixes (coverity builds): + - Avoid Coverity build warnings related to our BUG() macro. By + default, Coverity treats BUG() as the Linux kernel does: an + instant abort(). We need to override that so our BUG() macro + doesn't prevent Coverity from analyzing functions that use it. + Fixes bug 23030; bugfix on 0.2.9.1-alpha. + diff --git a/changes/bug23081 b/changes/bug23081 new file mode 100644 index 0000000000..76c4e30971 --- /dev/null +++ b/changes/bug23081 @@ -0,0 +1,8 @@ + o Minor bugfixes (Windows service): + - When running as a Windows service, set the ID of the main thread + correctly. Failure to do so made us fail to send log messages + to the controller in 0.2.1.16-rc, slowed down controller + event delivery in 0.2.7.3-rc and later, and crash with an assertion + failure in 0.3.1.1-alpha. Fixes bug 23081; bugfix on 0.2.1.6-alpha. + Patch and diagnosis from "Vort". + diff --git a/changes/bug23291 b/changes/bug23291 new file mode 100644 index 0000000000..a5b0efda0a --- /dev/null +++ b/changes/bug23291 @@ -0,0 +1,3 @@ + o Minor bugfixes (testing): + - Fix an undersized buffer in test-memwipe.c. Fixes bug 23291; bugfix on + 0.2.7.2-alpha. Found and patched by Ties Stuij. diff --git a/changes/bug23470 b/changes/bug23470 new file mode 100644 index 0000000000..33367b3a30 --- /dev/null +++ b/changes/bug23470 @@ -0,0 +1,6 @@ + o Minor bugfix (relay address resolution): + - Avoid unnecessary calls to directory_fetches_from_authorities() + on relays. This avoids spurious address resolutions and + descriptor rebuilds. This is a mitigation for 21789. The original + bug was introduced in commit 35bbf2e as part of prop210. + Fixes 23470 in 0.2.8.1-alpha. diff --git a/changes/bug23690 b/changes/bug23690 new file mode 100644 index 0000000000..36ff32e499 --- /dev/null +++ b/changes/bug23690 @@ -0,0 +1,5 @@ + o Major bugfixes (relay, crash, assertion failure): + - Fix a timing-based assertion failure that could occur when the + circuit out-of-memory handler freed a connection's output buffer. + Fixes bug 23690; bugfix on 0.2.6.1-alpha. + diff --git a/changes/bug23693 b/changes/bug23693 new file mode 100644 index 0000000000..796398be51 --- /dev/null +++ b/changes/bug23693 @@ -0,0 +1,6 @@ + o Minor bugfixes (relay, crash): + - Avoid a crash when transitioning from client mode to bridge mode. + Previously, we would launch the worker threads whenever our "public + server" mode changed, but not when our "server" mode changed. + Fixes bug 23693; bugfix on 0.2.6.3-alpha. + diff --git a/changes/bug23874 b/changes/bug23874 new file mode 100644 index 0000000000..bf6620553d --- /dev/null +++ b/changes/bug23874 @@ -0,0 +1,3 @@ + o Minor bugfixes (memory safety): + - Clear the address when node_get_prim_orport() returns early. + Fixes bug 23874; bugfix on 0.2.8.2-alpha. diff --git a/changes/bug23985 b/changes/bug23985 new file mode 100644 index 0000000000..9cb5937962 --- /dev/null +++ b/changes/bug23985 @@ -0,0 +1,9 @@ + o Minor bugfixes (bootstrapping): + - Fetch descriptors aggressively whenever we lack enough + to build circuits, regardless of how many descriptors we are missing. + Previously, we would delay launching the fetch when we had fewer than + 15 missing descriptors, even if some of those descriptors were + blocking circuits from building. Fixes bug 23985; bugfix on + 0.1.1.11-alpha. The effects of this bug became worse in 0.3.0.3-alpha, + when we began treating missing descriptors from our primary guards + as a reason to delay circuits. diff --git a/changes/bug24313 b/changes/bug24313 new file mode 100644 index 0000000000..b927ec3ba6 --- /dev/null +++ b/changes/bug24313 @@ -0,0 +1,5 @@ + o Major bugfixes (security, hidden service v2): + - Fix a use-after-free error that could crash v2 Tor hidden services + when it failed to open circuits while expiring introductions + points. Fixes bug 24313; bugfix on 0.2.7.2-alpha. This + issue is also tracked as TROVE-2017-013 and CVE-2017-8823. diff --git a/changes/bug24633 b/changes/bug24633 new file mode 100644 index 0000000000..028c7cc143 --- /dev/null +++ b/changes/bug24633 @@ -0,0 +1,5 @@ + o Minor bugfixes (portability, msvc): + - Fix a bug in the bit-counting parts of our timing-wheel code on + MSVC. (Note that MSVC is still not a supported build platform, + due to cyptographic timing channel risks.) Fixes bug 24633; + bugfix on 0.2.9.1-alpha. diff --git a/changes/bug24736 b/changes/bug24736 new file mode 100644 index 0000000000..632560932a --- /dev/null +++ b/changes/bug24736 @@ -0,0 +1,6 @@ + o Minor bugfixes (address selection): + - When the fascist_firewall_choose_address_ functions don't find a + reachable address, set the returned address to the null address and port. + This is a precautionary measure, because some callers do not check the + return value. + Fixes bug 24736; bugfix on 0.2.8.2-alpha. diff --git a/changes/bug8093 b/changes/bug8093 deleted file mode 100644 index f0fbc618c2..0000000000 --- a/changes/bug8093 +++ /dev/null @@ -1,3 +0,0 @@ - o Downgraded warnings: - - Downgrade the severity of the 'unexpected sendme cell from client' from - 'warn' to 'protocol warning'. Closes ticket 8093. diff --git a/changes/bug8185_025 b/changes/bug8185_025 new file mode 100644 index 0000000000..1bfc12b1e4 --- /dev/null +++ b/changes/bug8185_025 @@ -0,0 +1,6 @@ + o Minor bugfixes (logging, relay shutdown, annoyance): + - When a circuit is marked for close, do not attempt to package any cells + for channels on that circuit. Previously, we would detect this + condition lower in the call stack, when we noticed that the circuit had + no attached channel, and log an annoying message. Fixes bug 8185; + bugfix on 0.2.5.4-alpha. diff --git a/changes/bug8387 b/changes/bug8387 deleted file mode 100644 index 2ec0487bf8..0000000000 --- a/changes/bug8387 +++ /dev/null @@ -1,11 +0,0 @@ - o Major bugfixes (client): - - - Perform circuit cleanup operations even when circuit - construction operations are disabled (because the network is - disabled, or because there isn't enough directory information). - Previously, when we were not building predictive circuits, we - were not closing expired circuits either. - - Fixes bug 8387; bugfix on 0.1.1.11-alpha. This bug became visible - in 0.2.4.10-alpha when we became more strict about when we have - "enough directory information to build circuits". diff --git a/changes/curve25519-donna32-bug b/changes/curve25519-donna32-bug deleted file mode 100644 index 7fccab1b0c..0000000000 --- a/changes/curve25519-donna32-bug +++ /dev/null @@ -1,12 +0,0 @@ - o Major bugfixes: - - - Fix a bug in the bounds-checking in the 32-bit curve25519-donna - implementation that caused incorrect results on 32-bit - implementations when certain malformed inputs were used along with - a small class of private ntor keys. This bug does not currently - appear to allow an attacker to learn private keys or impersonate a - Tor server, but it could provide a means to distinguish 32-bit Tor - implementations from 64-bit Tor implementations. Fixes bug 12694; - bugfix on 0.2.4.8-alpha. Bug found by Robert Ransom; fix from - Adam Langley. - diff --git a/changes/disable_sslv3 b/changes/disable_sslv3 deleted file mode 100644 index bb4c2df7a2..0000000000 --- a/changes/disable_sslv3 +++ /dev/null @@ -1,4 +0,0 @@ - o Major security fixes: - - Disable support for SSLv3. All versions of OpenSSL in use with - Tor today support TLS 1.0 or later, so we can safely turn off - support for this old (and insecure) protocol. Fixes bug 13426. diff --git a/changes/further-12184-diagnostic b/changes/further-12184-diagnostic deleted file mode 100644 index 89e9f4612f..0000000000 --- a/changes/further-12184-diagnostic +++ /dev/null @@ -1,2 +0,0 @@ - o Minor features (diagnostic): - - Slightly enhance the diagnostic message for bug 12184. diff --git a/changes/geoip-april2015 b/changes/geoip-april2015 deleted file mode 100644 index 7db38ed797..0000000000 --- a/changes/geoip-april2015 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update geoip to the April 8 2015 Maxmind GeoLite2 Country database. - diff --git a/changes/geoip-april2016 b/changes/geoip-april2016 deleted file mode 100644 index 4cd03e556b..0000000000 --- a/changes/geoip-april2016 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - Update geoip and geoip6 to the April 5 2016 Maxmind GeoLite2 - Country database. - diff --git a/changes/geoip-august2014 b/changes/geoip-august2014 deleted file mode 100644 index 90d8ecb300..0000000000 --- a/changes/geoip-august2014 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update geoip to the August 7 2014 Maxmind GeoLite2 Country database. - diff --git a/changes/geoip-august2016 b/changes/geoip-august2016 deleted file mode 100644 index 370ab64cac..0000000000 --- a/changes/geoip-august2016 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - Update geoip and geoip6 to the August 2 2016 Maxmind GeoLite2 - Country database. - diff --git a/changes/geoip-december2015 b/changes/geoip-december2015 deleted file mode 100644 index 597bcc92f8..0000000000 --- a/changes/geoip-december2015 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - Update geoip and geoip6 to the December 1 2015 Maxmind GeoLite2 - Country database. - diff --git a/changes/geoip-february2016 b/changes/geoip-february2016 deleted file mode 100644 index 49a8041fad..0000000000 --- a/changes/geoip-february2016 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - Update geoip and geoip6 to the February 2 2016 Maxmind GeoLite2 - Country database. - diff --git a/changes/geoip-january2015 b/changes/geoip-january2015 deleted file mode 100644 index 67324f27f2..0000000000 --- a/changes/geoip-january2015 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update geoip to the January 7 2015 Maxmind GeoLite2 Country database. - diff --git a/changes/geoip-january2016 b/changes/geoip-january2016 deleted file mode 100644 index fe2d5c7dc7..0000000000 --- a/changes/geoip-january2016 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - Update geoip and geoip6 to the January 5 2016 Maxmind GeoLite2 - Country database. - diff --git a/changes/geoip-january2017 b/changes/geoip-january2017 index de1a4cbe2a..77bc9a5991 100644 --- a/changes/geoip-january2017 +++ b/changes/geoip-january2017 @@ -1,4 +1,4 @@ - o Minor features: + o Minor features (geoip): - Update geoip and geoip6 to the January 4 2017 Maxmind GeoLite2 Country database. diff --git a/changes/geoip-july2014 b/changes/geoip-july2014 deleted file mode 100644 index a0523ecac9..0000000000 --- a/changes/geoip-july2014 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update geoip to the July 10 2014 Maxmind GeoLite2 Country database. - diff --git a/changes/geoip-july2015 b/changes/geoip-july2015 deleted file mode 100644 index 381c2df231..0000000000 --- a/changes/geoip-july2015 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update geoip and geoip6 to the July 8 2015 Maxmind GeoLite2 Country database. - diff --git a/changes/geoip-july2016 b/changes/geoip-july2016 deleted file mode 100644 index d9963bd6a8..0000000000 --- a/changes/geoip-july2016 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - Update geoip and geoip6 to the July 6 2016 Maxmind GeoLite2 - Country database. - diff --git a/changes/geoip-jun2016 b/changes/geoip-jun2016 deleted file mode 100644 index 8d308f6f72..0000000000 --- a/changes/geoip-jun2016 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - Update geoip and geoip6 to the June 7 2016 Maxmind GeoLite2 - Country database. - diff --git a/changes/geoip-june2015 b/changes/geoip-june2015 deleted file mode 100644 index 9d6cd3658b..0000000000 --- a/changes/geoip-june2015 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update geoip to the June 3 2015 Maxmind GeoLite2 Country database. - diff --git a/changes/geoip-march2015 b/changes/geoip-march2015 deleted file mode 100644 index 565781280a..0000000000 --- a/changes/geoip-march2015 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update geoip to the March 3 2015 Maxmind GeoLite2 Country database. - diff --git a/changes/geoip-march2016 b/changes/geoip-march2016 deleted file mode 100644 index d7b1bd42f9..0000000000 --- a/changes/geoip-march2016 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - Update geoip and geoip6 to the March 3 2016 Maxmind GeoLite2 - Country database. - diff --git a/changes/geoip-may2016 b/changes/geoip-may2016 deleted file mode 100644 index 3fd42dce24..0000000000 --- a/changes/geoip-may2016 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - Update geoip and geoip6 to the May 4 2016 Maxmind GeoLite2 - Country database. - diff --git a/changes/geoip-november2014 b/changes/geoip-november2014 deleted file mode 100644 index 52cbeb3e41..0000000000 --- a/changes/geoip-november2014 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update geoip to the November 15 2014 Maxmind GeoLite2 Country database. - diff --git a/changes/geoip-november2016 b/changes/geoip-november2016 index 5190ed66f4..b3f9913bb1 100644 --- a/changes/geoip-november2016 +++ b/changes/geoip-november2016 @@ -1,4 +1,4 @@ - o Minor features: + o Minor features (ge0oip): - Update geoip and geoip6 to the November 3 2016 Maxmind GeoLite2 Country database. diff --git a/changes/geoip-october2015 b/changes/geoip-october2015 deleted file mode 100644 index f20febec5a..0000000000 --- a/changes/geoip-october2015 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update geoip and geoip6 to the October 9 2015 Maxmind GeoLite2 Country database. - diff --git a/changes/geoip-october2016 b/changes/geoip-october2016 deleted file mode 100644 index fff9a1eeb5..0000000000 --- a/changes/geoip-october2016 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - Update geoip and geoip6 to the October 4 2016 Maxmind GeoLite2 - Country database. - diff --git a/changes/geoip-september2015 b/changes/geoip-september2015 deleted file mode 100644 index a4f99efaa2..0000000000 --- a/changes/geoip-september2015 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update geoip and geoip6 to the September 3 2015 Maxmind GeoLite2 Country database. - diff --git a/changes/geoip-september2016 b/changes/geoip-september2016 deleted file mode 100644 index a14c7c699f..0000000000 --- a/changes/geoip-september2016 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - Update geoip and geoip6 to the September 6 2016 Maxmind GeoLite2 - Country database. - diff --git a/changes/geoip6-april2015 b/changes/geoip6-april2015 deleted file mode 100644 index 241c9119b6..0000000000 --- a/changes/geoip6-april2015 +++ /dev/null @@ -1,2 +0,0 @@ - o Minor features: - - Update geoip6 to the April 8 2015 Maxmind GeoLite2 Country database. diff --git a/changes/geoip6-august2014 b/changes/geoip6-august2014 deleted file mode 100644 index 7e7c9a975d..0000000000 --- a/changes/geoip6-august2014 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update geoip6 to the August 7 2014 Maxmind GeoLite2 Country database. - diff --git a/changes/geoip6-january2015 b/changes/geoip6-january2015 deleted file mode 100644 index b86fe2be57..0000000000 --- a/changes/geoip6-january2015 +++ /dev/null @@ -1,2 +0,0 @@ - o Minor features: - - Update geoip6 to the January 7 2015 Maxmind GeoLite2 Country database. diff --git a/changes/geoip6-july2014 b/changes/geoip6-july2014 deleted file mode 100644 index 155788ef88..0000000000 --- a/changes/geoip6-july2014 +++ /dev/null @@ -1,2 +0,0 @@ - o Minor features: - - Update geoip6 to the July 10 2014 Maxmind GeoLite2 Country database. diff --git a/changes/geoip6-june2015 b/changes/geoip6-june2015 deleted file mode 100644 index 527dbff53b..0000000000 --- a/changes/geoip6-june2015 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update geoip6 to the June 3 2015 Maxmind GeoLite2 Country database. - diff --git a/changes/geoip6-march2015 b/changes/geoip6-march2015 deleted file mode 100644 index 9a38c65e62..0000000000 --- a/changes/geoip6-march2015 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update geoip6 to the March 3 2015 Maxmind GeoLite2 Country database. - diff --git a/changes/geoip6-november2014 b/changes/geoip6-november2014 deleted file mode 100644 index e91fcc0d3b..0000000000 --- a/changes/geoip6-november2014 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update geoip6 to the November 15 2014 Maxmind GeoLite2 Country database. - diff --git a/changes/longclaw-ipv6 b/changes/longclaw-ipv6 new file mode 100644 index 0000000000..75899c9d07 --- /dev/null +++ b/changes/longclaw-ipv6 @@ -0,0 +1,6 @@ + o Minor features (directory authorities): + - Remove longclaw's IPv6 address, as it will soon change. + Authority IPv6 addresses were originally added in 0.2.8.1-alpha. + This leaves 3/8 directory authorities with IPv6 addresses, but there + are also 52 fallback directory mirrors with IPv6 addresses. + Resolves 19760. diff --git a/changes/more_module_docs b/changes/more_module_docs new file mode 100644 index 0000000000..0066ddfcf0 --- /dev/null +++ b/changes/more_module_docs @@ -0,0 +1,4 @@ + o Documentation: + - Module-level documentation for several more modules. Closes tickets + 19287 and + 19290. diff --git a/changes/prop275-minimal b/changes/prop275-minimal new file mode 100644 index 0000000000..83d42f850b --- /dev/null +++ b/changes/prop275-minimal @@ -0,0 +1,9 @@ + o Minor features (future-proofing): + + - Tor no longer refuses to download microdescriptors or descriptors if + they are listed as "published in the future". This change will + eventually allow us to stop listing meaningful "published" dates + in microdescriptor consensuses, and thereby allow us to reduce the + resources required to download consensus diffs by over 50%. + Implements part of ticket 21642; implements part of proposal 275. + diff --git a/changes/rsa_init_bug b/changes/rsa_init_bug deleted file mode 100644 index 6b5fb4f2f9..0000000000 --- a/changes/rsa_init_bug +++ /dev/null @@ -1,7 +0,0 @@ - o Major bugfixes (key management): - - If OpenSSL fails to generate an RSA key, do not retain a dangling pointer - to the previous (uninitialized) key value. The impact here should be - limited to a difficult-to-trigger crash, if OpenSSL is running an - engine that makes key generation failures possible, or if OpenSSL runs - out of memory. Fixes bug 19152; bugfix on 0.2.1.10-alpha. Found by - Yuan Jochen Kang, Suman Jana, and Baishakhi Ray. diff --git a/changes/test.h_msvc b/changes/test.h_msvc deleted file mode 100644 index 3afbc13aaa..0000000000 --- a/changes/test.h_msvc +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (compilation): - - Fix compilation of test.h with MSVC. Patch from Gisle Vanem; - bugfix on 0.2.5.5-alpha. diff --git a/changes/ticket12688 b/changes/ticket12688 deleted file mode 100644 index 88228e5506..0000000000 --- a/changes/ticket12688 +++ /dev/null @@ -1,6 +0,0 @@ - Major features: - - Make the number of entry guards configurable via a new - NumEntryGuards consensus parameter, and the number of directory - guards configurable via a new NumDirectoryGuards consensus - parameter. Implements ticket 12688. - diff --git a/changes/ticket12690 b/changes/ticket12690 deleted file mode 100644 index 5091883602..0000000000 --- a/changes/ticket12690 +++ /dev/null @@ -1,9 +0,0 @@ - o Minor features: - - Authorities now assign the Guard flag to the fastest 25% of the - network (it used to be the fastest 50%). Also raise the consensus - weight that guarantees the Guard flag from 250 to 2000. For the - current network, this results in about 1100 guards, down from 2500. - This step paves the way for moving the number of entry guards - down to 1 (proposal 236) while still providing reasonable expected - performance for most users. Implements ticket 12690. - diff --git a/changes/ticket13036 b/changes/ticket13036 deleted file mode 100644 index 1b4784358a..0000000000 --- a/changes/ticket13036 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - Fix a large number of false positive warnings from the clang - analyzer static analysis tool. This should make real warnings - easier for clang analyzer to find. Patch from "teor". Closes - ticket 13036. diff --git a/changes/ticket14128 b/changes/ticket14128 deleted file mode 100644 index 38b25fa7dc..0000000000 --- a/changes/ticket14128 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features (controller): - - New "GETINFO bw-event-cache" to get information about recent bandwidth - events. Closes ticket 14128. Useful for controllers to get recent - bandwidth history after the fix for 13988. - diff --git a/changes/ticket14487 b/changes/ticket14487 deleted file mode 100644 index 577337ff24..0000000000 --- a/changes/ticket14487 +++ /dev/null @@ -1,3 +0,0 @@ - o Directory authority IP change: - - The directory authority Faravahar has a new IP address. Closes - ticket 14487. diff --git a/changes/ticket19769 b/changes/ticket19769 new file mode 100644 index 0000000000..9fc05c3e9e --- /dev/null +++ b/changes/ticket19769 @@ -0,0 +1,7 @@ + o Major features (security): + - Change the algorithm used to decide DNS TTLs on client and server side, + to better resist DNS-based correlation attacks like the DefecTor attack + of Greschbach, Pulls, Roberts, Winter, and Feamster). Now + relays only return one of two possible DNS TTL values, and clients + are willing to believe DNS TTL values up to 3 hours long. + Closes ticket 19769. diff --git a/changes/ticket20170-v3 b/changes/ticket20170-v3 new file mode 100644 index 0000000000..d634e72053 --- /dev/null +++ b/changes/ticket20170-v3 @@ -0,0 +1,5 @@ + o Minor features (fallback directory list): + - Replace the 81 remaining fallbacks of the 100 originally introduced + in Tor 0.2.8.3-alpha in March 2016, with a list of 177 fallbacks + (123 new, 54 existing, 27 removed) generated in December 2016. + Resolves ticket 20170. diff --git a/changes/ticket21564 b/changes/ticket21564 new file mode 100644 index 0000000000..7e01f41f8f --- /dev/null +++ b/changes/ticket21564 @@ -0,0 +1,6 @@ + o Minor features (fallback directory list): + - Replace the 177 fallbacks originally introduced in Tor 0.2.9.8 in + December 2016 (of which ~126 were still functional), with a list of + 151 fallbacks (32 new, 119 existing, 58 removed) generated in + May 2017. + Resolves ticket 21564. diff --git a/changes/ticket21953 b/changes/ticket21953 new file mode 100644 index 0000000000..7cc84f506d --- /dev/null +++ b/changes/ticket21953 @@ -0,0 +1,6 @@ + o Minor features: + - Enable a couple of pieces of Windows hardening: one + (HeapEnableTerminationOnCorruption) that has been on-by-default since + Windows 8, and unavailable before Windows 7, and one + (PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION) which we believe doesn't + affect us, but shouldn't do any harm. Closes ticket 21953. diff --git a/changes/ticket22895 b/changes/ticket22895 new file mode 100644 index 0000000000..a3f7b86019 --- /dev/null +++ b/changes/ticket22895 @@ -0,0 +1,3 @@ + o Minor bugfixes (compilation): + - Fix unused variable warnings in donna's Curve25519 SSE2 code. + Fixes bug 22895; bugfix on 0.2.7.2-alpha. diff --git a/changes/ticket24681 b/changes/ticket24681 new file mode 100644 index 0000000000..cc0a42b2e0 --- /dev/null +++ b/changes/ticket24681 @@ -0,0 +1,6 @@ + o Minor features (fallback directory mirrors): + - Make the default DirAuthorityFallbackRate 0.1, so that clients on the + public tor network prefer to bootstrap off fallback directory mirrors. + This is a follow-up to 24679, which removed weights from the default + fallbacks. + Implements ticket 24681. diff --git a/changes/trove-2017-001 b/changes/trove-2017-001 new file mode 100644 index 0000000000..5187e6d5f1 --- /dev/null +++ b/changes/trove-2017-001 @@ -0,0 +1,8 @@ + o Major bugfixes (security): + - Downgrade the "-ftrapv" option from "always on" to "only on when + --enable-expensive-hardening is provided." This hardening option, like + others, can turn survivable bugs into crashes--and having it on by + default made a (relatively harmless) integer overflow bug into a + denial-of-service bug. Fixes bug 21278 (TROVE-2017-001); bugfix on + 0.2.9.1-alpha. + diff --git a/changes/trove-2017-008 b/changes/trove-2017-008 new file mode 100644 index 0000000000..4b9c5b0a12 --- /dev/null +++ b/changes/trove-2017-008 @@ -0,0 +1,5 @@ + o Major bugfixes (security, hidden services, loggging): + - Fix a bug where we could log uninitialized stack when a certain + hidden service error occurred while SafeLogging was disabled. + Fixes bug #23490; bugfix on 0.2.7.2-alpha. + This is also tracked as TROVE-2017-008 and CVE-2017-0380. diff --git a/changes/trove-2017-010 b/changes/trove-2017-010 new file mode 100644 index 0000000000..d5bf9333da --- /dev/null +++ b/changes/trove-2017-010 @@ -0,0 +1,6 @@ + o Major bugfixes (security): + - Fix a denial-of-service issue where an attacker could crash + a directory authority using a malformed router descriptor. + Fixes bug 24245; bugfix on 0.2.9.4-alpha. Also tracked + as TROVE-2017-010 and CVE-2017-8820. + |