diff options
Diffstat (limited to 'changes')
103 files changed, 0 insertions, 538 deletions
diff --git a/changes/bastet_v6 b/changes/bastet_v6 deleted file mode 100644 index ee4e2c8094..0000000000 --- a/changes/bastet_v6 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (directory authority): - - Add an IPv6 address for the "bastet" directory authority. - Closes ticket 24394. - diff --git a/changes/bug15582 b/changes/bug15582 deleted file mode 100644 index 5ea6431cf8..0000000000 --- a/changes/bug15582 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (compilation): - - Avoid compiler warnings in the unit tests for running tor_sscanf() - with wide string outputs. Fixes bug 15582; bugfix on 0.2.6.2-alpha. - diff --git a/changes/bug18100 b/changes/bug18100 deleted file mode 100644 index cd3ba2c977..0000000000 --- a/changes/bug18100 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes (linux TPROXY support): - - Fix a typo that had prevented TPROXY-based transparent proxying from - working under Linux. Fixes bug 18100; bugfix on 0.2.6.3-alpha. - Patch from "d4fq0fQAgoJ". - diff --git a/changes/bug18329-minimal b/changes/bug18329-minimal deleted file mode 100644 index 804c4e8dd1..0000000000 --- a/changes/bug18329-minimal +++ /dev/null @@ -1,6 +0,0 @@ - o Minor features (bridge): - - Bridges now include notice in their descriptors that they are bridges, - and notice of their distribution status, based on their publication - settings. Implements ticket 18329. For more fine-grained control of - how a bridge is distributed, upgrade to 0.3.2.x or later. - diff --git a/changes/bug20059 b/changes/bug20059 deleted file mode 100644 index 091fab06d1..0000000000 --- a/changes/bug20059 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (relay): - - Avoid a double-marked-circuit warning that can happen when we receive - DESTROY cells under heavy load. Fixes bug 20059; bugfix on 0.1.0.1-rc. diff --git a/changes/bug20247 b/changes/bug20247 deleted file mode 100644 index 731cf0046f..0000000000 --- a/changes/bug20247 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (linux seccomp2 sandbox): - - Avoid a sandbox failure when trying to re-bind to a socket and mark - it as IPv6-only. Fixes bug 20247; bugfix on 0.2.5.1-alpha. - diff --git a/changes/bug20270 b/changes/bug20270 deleted file mode 100644 index d538a358dc..0000000000 --- a/changes/bug20270 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (directory authority): - - When rejecting a router descriptor because the relay is running an - obsolete version of Tor without ntor support, warn about the obsolete - tor version, not the missing ntor key. Fixes bug 20270; - bugfix on 0.2.9.3-alpha. - diff --git a/changes/bug20509 b/changes/bug20509 deleted file mode 100644 index a39ca9f60b..0000000000 --- a/changes/bug20509 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features: - - Directory authorities now reject relays running versions - 0.2.9.1-alpha through 0.2.9.4-alpha, because those relays - suffer from bug 20499 and don't keep their consensus cache - up-to-date. Resolves ticket 20509. diff --git a/changes/bug20711 b/changes/bug20711 deleted file mode 100644 index 0bc0d94fb1..0000000000 --- a/changes/bug20711 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes (directory mirrors): - - Allow relays to use directory mirrors without a DirPort: these relays - need to be contacted over their ORPorts using a begindir connection. - Fixes bug 20711; bugfix on 0.2.8.2-alpha. - - Clarify the message logged when a remote relay is unexpectedly missing - an ORPort or DirPort: users were confusing this with a local port. - Fixes bug 20711; bugfix on 0.2.8.2-alpha. diff --git a/changes/bug20894 b/changes/bug20894 deleted file mode 100644 index 2dbf9b9aa9..0000000000 --- a/changes/bug20894 +++ /dev/null @@ -1,9 +0,0 @@ - o Major bugfixes (HTTP, parsing): - - When parsing a malformed content-length field from an HTTP message, - do not read off the end of the buffer. This bug was a potential - remote denial-of-service attack against Tor clients and relays. - A workaround was released in October 2016, which prevents this - bug from crashing Tor. This is a fix for the underlying issue, - which should no longer matter (if you applied the earlier patch). - Fixes bug 20894; bugfix on 0.2.0.16-alpha. Bug found by fuzzing - using AFL (http://lcamtuf.coredump.cx/afl/). diff --git a/changes/bug21007_case2 b/changes/bug21007_case2 deleted file mode 100644 index 43344449ec..0000000000 --- a/changes/bug21007_case2 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (guards): - - Don't warn about a missing guard state on timeout-measurement - circuits: they aren't supposed to be using guards. Fixes an - instance of bug 21007; bugfix on 0.3.0.1-alpha. diff --git a/changes/bug21027 b/changes/bug21027 deleted file mode 100644 index d20df876fa..0000000000 --- a/changes/bug21027 +++ /dev/null @@ -1,8 +0,0 @@ - o Major bugfixes (bridges): - - - When the same bridge is configured multiple times at different - address:port combinations (but with the same identity), treat - those bridge instances as separate guards. This allows clients to - configure the same bridge with multiple pluggable transports, once - again. Fixes bug 21027; bugfix on 0.3.0.1-alpha. - diff --git a/changes/bug21116 b/changes/bug21116 deleted file mode 100644 index 2304ab0fd6..0000000000 --- a/changes/bug21116 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (test): - - Fix Raspbian build missing socket errno in test util. Fixes bug 21116.; - bugfix on tor-0.2.8.2. Patch by "hein". diff --git a/changes/bug21278_extras b/changes/bug21278_extras deleted file mode 100644 index ffdf4a047b..0000000000 --- a/changes/bug21278_extras +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (code correctness): - - Repair a couple of (unreachable or harmless) cases of the risky - comparison-by-subtraction pattern that caused bug 21278. diff --git a/changes/bug21278_prevention b/changes/bug21278_prevention deleted file mode 100644 index e07f0a670c..0000000000 --- a/changes/bug21278_prevention +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (directory authority): - - Directory authorities now reject descriptors that claim to be - malformed versions of Tor. Helps prevent exploitation of bug 21278. - diff --git a/changes/bug21369_check b/changes/bug21369_check deleted file mode 100644 index 2cd808c9b6..0000000000 --- a/changes/bug21369_check +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (reliability, crash): - - Try better to detect problems in buffers where they might grow (or - think they have grown) over 2 GB in size. Diagnostic for bug 21369. diff --git a/changes/bug21394 b/changes/bug21394 deleted file mode 100644 index e5452e20ba..0000000000 --- a/changes/bug21394 +++ /dev/null @@ -1,9 +0,0 @@ - o Major bugfixes (Exit nodes): - - Fix an issue causing high-bandwidth exit nodes to fail a majority - or all of their DNS requests, making them basically unsuitable for - regular usage in Tor circuits. The problem is related to - libevent's DNS handling, but we can work around it in Tor. Fixes - bugs 21394 and 18580; bugfix on 0.1.2.2-alpha which introduced - eventdns. Credit goes to Dhalgren for identifying and finding a - workaround to this bug and to gamambel, arthuredelstein and - arma in helping to track it down and analyze it. diff --git a/changes/bug21415 b/changes/bug21415 deleted file mode 100644 index f0aa72f81f..0000000000 --- a/changes/bug21415 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfix (entry guards): - - Silence a BUG() warning when attempting to use a guard whose descriptor - we don't know and make this scenario more unlikely to happen. Fixes bug - 21415; bugfix on 0.3.0.1-alpha. diff --git a/changes/bug21420 b/changes/bug21420 deleted file mode 100644 index 014404466a..0000000000 --- a/changes/bug21420 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (certificate expiration time): - - Avoid using link certificates that don't become valid till - some time in the future. Fixes bug 21420; bugfix on 0.2.4.11-alpha diff --git a/changes/bug21447 b/changes/bug21447 deleted file mode 100644 index c025b92313..0000000000 --- a/changes/bug21447 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (testing): - - Rename "make fuzz" to "make test-fuzz-corpora", since it doesn't - actually fuzz anything. Fixes bug 21447; bugfix on 0.3.0.3-alpha. - diff --git a/changes/bug21450 b/changes/bug21450 deleted file mode 100644 index a1cf89ab41..0000000000 --- a/changes/bug21450 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (voting consistency): - - Reject version numbers with components that exceed INT32_MAX. - Otherwise 32-bit and 64-bit platforms would behave inconsistently. - Fixes bug 21450; bugfix on 0.0.8pre1. diff --git a/changes/bug21471 b/changes/bug21471 deleted file mode 100644 index 684035b19c..0000000000 --- a/changes/bug21471 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes (hidden service directory v3): - - When a descriptor lookup was done and it was not found in the directory - cache, it would crash on a NULL pointer instead of returning the 404 - code back to the client like it was suppose to. Fixes bug 21471.; - bugfixes on tor-0.3.0.1-alpha. diff --git a/changes/bug21472 b/changes/bug21472 deleted file mode 100644 index f31ec9157e..0000000000 --- a/changes/bug21472 +++ /dev/null @@ -1,3 +0,0 @@ - o Documentation: - - Small fixes to the fuzzing documentation. Closes ticket - 21472. diff --git a/changes/bug21492 b/changes/bug21492 deleted file mode 100644 index 2ed7947771..0000000000 --- a/changes/bug21492 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (correctness): - - Remove a redundant check for the UseEntryGuards option from the - options_transition_affects_guards() function. Fixes bug 21492; - bugfix on 0.3.0.1-alpha. - diff --git a/changes/bug21507 b/changes/bug21507 deleted file mode 100644 index f83e291b63..0000000000 --- a/changes/bug21507 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (voting consistency): - - Reject version numbers with non-numeric prefixes (such as +, -, and - whitespace). Disallowing whitespace prevents differential version - parsing between POSIX-based and Windows platforms. - Fixes bug 21507 and part of 21508; bugfix on 0.0.8pre1. diff --git a/changes/bug21553 b/changes/bug21553 deleted file mode 100644 index 6ffa3e29a2..0000000000 --- a/changes/bug21553 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes (hidden service): - - When encoding a legacy ESTABLISH_INTRO cell, we were using the sizeof() - on a pointer instead of real size of the destination buffer leading to - an overflow passing an enormous value to the signing digest function. - Fortunately, that value was only used to make sure the destination - buffer length was big enough for the key size and in this case it was. - Fixes bug 21553; bugfix on tor-0.3.0.1-alpha. diff --git a/changes/bug21562 b/changes/bug21562 deleted file mode 100644 index 48396a00e7..0000000000 --- a/changes/bug21562 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (testing): - - Use bash in src/test/test-network.sh. This ensures we reliably call - chutney's newer tools/test-network.sh when available. - Fixes bug 21562; bugfix on tor-0.2.9.1-alpha. diff --git a/changes/bug21576 b/changes/bug21576 deleted file mode 100644 index 68d8471192..0000000000 --- a/changes/bug21576 +++ /dev/null @@ -1,4 +0,0 @@ - o Major bugfixes (crash, directory connections): - - Fix a rare crash when sending a begin cell on a circuit whose linked - directory connection has already been closed. Fixes bug 21576; - bugfix on Tor 0.2.9.3-alpha. Reported by alecmuffett. diff --git a/changes/bug21581 b/changes/bug21581 deleted file mode 100644 index 1077719856..0000000000 --- a/changes/bug21581 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (testing): - - Restore support for test-network.sh on BSD and other systems without - bash. (But use bash if it's available.) This is a workaround until we - remove bash-specific code in 19699. - Fixes bug 21581; bugfix on 21562, not in any released version of tor. diff --git a/changes/bug21594 b/changes/bug21594 deleted file mode 100644 index e624d1226d..0000000000 --- a/changes/bug21594 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (hidden services): - - Make hidden services with 8 to 10 introduction points check for failed - circuits immediately after startup. Previously, they would wait for 5 - minutes before performing their first checks. Fixes bug 21594; bugfix on - commit 190aac0eab9 in Tor 0.2.3.9-alpha. Reported by alecmuffett. diff --git a/changes/bug21596 b/changes/bug21596 deleted file mode 100644 index ec0a46bb81..0000000000 --- a/changes/bug21596 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (hidden services): - - Make hidden services check for failed intro point connections, even when - they have exceeded their intro point creation limit. Fixes bug 21596; - bugfix on commit d67bf8b2f23 in Tor 0.2.7.2-alpha. Reported by - alecmuffett. diff --git a/changes/bug21682 b/changes/bug21682 deleted file mode 100644 index ab7126e4d6..0000000000 --- a/changes/bug21682 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (memory leaks): - - Fix a memory leak when using GETCONF on a port option. - Fixes bug 21682; bugfix on 0.3.0.3-alpha. diff --git a/changes/bug21720 b/changes/bug21720 deleted file mode 100644 index 6d2fbcf711..0000000000 --- a/changes/bug21720 +++ /dev/null @@ -1,5 +0,0 @@ - o Documentation: - - Update the description of the directory server options in the manual - page, to clarify that DirPort is no longer necessary to be a directory - cache. Closes ticket 21720. - diff --git a/changes/bug21771 b/changes/bug21771 deleted file mode 100644 index f814c75c0b..0000000000 --- a/changes/bug21771 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (guard selection): - - Fix a guard selection bug where Tor would refuse to bootstrap in some - cases if the user swapped a bridge for another bridge in their - configuration file. - Fixes bug 21771; bugfix on 0.3.0.1-alpha. Reported by "torvlnt33r". diff --git a/changes/bug21799 b/changes/bug21799 deleted file mode 100644 index ee2e904a35..0000000000 --- a/changes/bug21799 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (tests): - - Run the entry_guard_parse_from_state_full test with the time set - to a specific date. (The guard state that this test was parsing - contained guards that had expired since the test was first - written.) Fixes bug 21799; bugfix on 0.3.0.1-alpha. - diff --git a/changes/bug21825 b/changes/bug21825 deleted file mode 100644 index 8f14b32f84..0000000000 --- a/changes/bug21825 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfix (compilation): - - Functions in hs_service.c was only compiled for unit test making the - created object (.o) contain no symbols in src/or/libor.a resulting in a - compilation warning from clang. We now expose those functions for the - unit tests. This will be changed in 0.3.2 release. Fixes bug 21825.; - bugfix on tor-0.3.0.1-alpha. diff --git a/changes/bug21894_029 b/changes/bug21894_029 deleted file mode 100644 index e3a84fa721..0000000000 --- a/changes/bug21894_029 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (crash prevention): - - Fix an (currently untriggerable, but potentially dangerous) crash - bug when base32-encoding inputs whose sizes are not a multiple of - 5. Fixes bug 21894; bugfix on 0.2.9.1-alpha. - diff --git a/changes/bug21943 b/changes/bug21943 deleted file mode 100644 index dbe2c726d9..0000000000 --- a/changes/bug21943 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (Linux seccomp2 sandbox): - - The getpid() system call is now permitted under the Linux seccomp2 - sandbox, to avoid crashing with versions of OpenSSL (and other - libraries) that attempt to learn the process's PID by using the - syscall rather than the VDSO code. Fixes bug 21943; bugfix on - 0.2.5.1-alpha. diff --git a/changes/bug21969 b/changes/bug21969 deleted file mode 100644 index 9b116fc4cc..0000000000 --- a/changes/bug21969 +++ /dev/null @@ -1,3 +0,0 @@ - o Major bugfixes (entry guards): - - Don't block bootstrapping when a primary bridge is offline and we can't - get its descriptor. Fixes bug 21969; bugfix on 0.3.0.3-alpha. diff --git a/changes/bug22034 b/changes/bug22034 deleted file mode 100644 index 6d9e188740..0000000000 --- a/changes/bug22034 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (control port, regression): - - The GETINFO extra-info/digest/<digest> command was broken because of a - wrong base16 decode return value check. In was introduced in a refactor - of that API. Fixex bug #22034; bugfix on tor-0.2.9.1-alpha. diff --git a/changes/bug22245 b/changes/bug22245 deleted file mode 100644 index 6ae18593ea..0000000000 --- a/changes/bug22245 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (bandwidth accounting): - - Roll over monthly accounting at the configured hour and minute, - rather than always at 00:00. - Fixes bug 22245; bugfix on 0.0.9rc1. - Found by Andrey Karpov with PVS-Studio. diff --git a/changes/bug22246 b/changes/bug22246 deleted file mode 100644 index dbdf31a433..0000000000 --- a/changes/bug22246 +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfixes (hidden service directory, security): - - Fix an assertion failure in the hidden service directory code, which - could be used by an attacker to remotely cause a Tor relay process to - exit. Relays running earlier versions of Tor 0.3.0.x should upgrade. - This security issue is tracked as tracked as - TROVE-2017-002. Fixes bug 22246; bugfix on 0.3.0.1-alpha. diff --git a/changes/bug22252 b/changes/bug22252 deleted file mode 100644 index 42b9d8e095..0000000000 --- a/changes/bug22252 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (configuration): - - Do not crash when starting with LearnCircuitBuildTimeout 0. - Fixes bug 22252; bugfix on 0.2.9.3-alpha. diff --git a/changes/bug22349 b/changes/bug22349 deleted file mode 100644 index bb43404bfe..0000000000 --- a/changes/bug22349 +++ /dev/null @@ -1,9 +0,0 @@ - o Minor bugfixes (directory authority): - - When a directory authority rejects a descriptor or extrainfo with - a given digest, mark that digest as undownloadable, so that we - do not attempt to download it again over and over. We previously - tried to avoid downloading such descriptors by other means, but - we didn't notice if we accidentally downloaded one anyway. This - behavior became problematic in 0.2.7.2-alpha, when authorities - began pinning Ed25519 keys. Fixes ticket - 22349; bugfix on 0.2.1.19-alpha. diff --git a/changes/bug22370 b/changes/bug22370 deleted file mode 100644 index e0e87e3339..0000000000 --- a/changes/bug22370 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (memory handling): - - When directory authorities reject a router descriptor due to keypinning, - free the router descriptor rather than leaking the memory. - Fixes bug 22370; bugfix on 0.2.7.2-alpha. diff --git a/changes/bug22400_01 b/changes/bug22400_01 deleted file mode 100644 index 454c5f746f..0000000000 --- a/changes/bug22400_01 +++ /dev/null @@ -1,4 +0,0 @@ - o Major bugfixes (entry guards): - - When starting with an old consensus, do not add new entry guards - unless the consensus is "reasonably live" (under 1 day old). Fixes - one root cause of bug 22400; bugfix on 0.3.0.1-alpha. diff --git a/changes/bug22446 b/changes/bug22446 deleted file mode 100644 index eab65aac00..0000000000 --- a/changes/bug22446 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (code style, backport from 0.3.1.3-alpha): - - Add "Falls through" comments to our codebase, in order to silence - GCC 7's -Wimplicit-fallthrough warnings. Patch from Andreas - Stieger. Closes ticket 22446. diff --git a/changes/bug22447 b/changes/bug22447 deleted file mode 100644 index f5649d633c..0000000000 --- a/changes/bug22447 +++ /dev/null @@ -1,3 +0,0 @@ - o Major bugfixes (hidden service v3): - - HSDir failed to validate the encrypted size of a v3 descriptor and thus - rejecting it. Fixes bug 22447; bugfix on tor-0.3.0.1-alpha. diff --git a/changes/bug22460_case1 b/changes/bug22460_case1 deleted file mode 100644 index cfe78ad791..0000000000 --- a/changes/bug22460_case1 +++ /dev/null @@ -1,16 +0,0 @@ - o Major bugfixes (relays, key management): - - Regenerate link and authentication certificates whenever the key that - signs them changes; also, regenerate link certificates whenever the - signed key changes. Previously, these processes were only weakly - coupled, and we relays could (for minutes to hours) wind up with an - inconsistent set of keys and certificates, which other relays - would not accept. Fixes two cases of bug 22460; bugfix on - 0.3.0.1-alpha. - - When sending an Ed25519 signing->link certificate in a CERTS cell, - send the certificate that matches the x509 certificate that we used - on the TLS connection. Previously, there was a race condition if - the TLS context rotated after we began the TLS handshake but - before we sent the CERTS cell. Fixes a case of bug 22460; bugfix - on 0.3.0.1-alpha. - - diff --git a/changes/bug22460_case2 b/changes/bug22460_case2 deleted file mode 100644 index 0a11759832..0000000000 --- a/changes/bug22460_case2 +++ /dev/null @@ -1,8 +0,0 @@ - o Major bugfixes (relay, link handshake): - - - When performing the v3 link handshake on a TLS connection, report that - we have the x509 certificate that we actually used on that connection, - even if we have changed certificates since that connection was first - opened. Previously, we would claim to have used our most recent x509 - link certificate, which would sometimes make the link handshake fail. - Fixes one case of bug 22460; bugfix on 0.2.3.6-alpha. diff --git a/changes/bug22466_regenerate b/changes/bug22466_regenerate deleted file mode 100644 index 8dbda89c8f..0000000000 --- a/changes/bug22466_regenerate +++ /dev/null @@ -1,8 +0,0 @@ - o Minor bugfixes (link handshake): - - Lower the lifetime of the RSA->Ed25519 cross-certificate to - six months, and regenerate it when it is within one month of expiring. - Previously, we had generated this certificate at startup with - a ten-year lifetime, but that could lead to weird behavior when - Tor was started with a grossly inaccurate clock. Mitigates - bug 22466; mitigation on 0.3.0.1-alpha. - diff --git a/changes/bug22490 b/changes/bug22490 deleted file mode 100644 index 244dd50b36..0000000000 --- a/changes/bug22490 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (correctness): - - Avoid undefined behavior when parsing IPv6 entries from the geoip6 - file. Fixes bug 22490; bugfix on 0.2.4.6-alpha. diff --git a/changes/bug22516 b/changes/bug22516 deleted file mode 100644 index f024a3c470..0000000000 --- a/changes/bug22516 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (linux seccomp2 sandbox): - - Permit the fchmod system call, to avoid crashing on startup when - starting with the seccomp2 sandbox and an unexpected set of permissions - on the data directory or its contents. Fixes bug 22516; bugfix on - 0.2.5.4-alpha. diff --git a/changes/bug22636 b/changes/bug22636 deleted file mode 100644 index 770cac72e9..0000000000 --- a/changes/bug22636 +++ /dev/null @@ -1,8 +0,0 @@ - o Build features: - - Tor's repository now includes a Travis Continuous Integration (CI) - configuration file (.travis.yml). This is meant to help new developers and - contributors who fork Tor to a Github repository be better able to test - their changes, and understand what we expect to pass. To use this new build - feature, you must fork Tor to your Github account, then go into the - "Integrations" menu in the repository settings for your fork and enable - Travis, then push your changes. diff --git a/changes/bug22644 b/changes/bug22644 deleted file mode 100644 index 9b8742edaf..0000000000 --- a/changes/bug22644 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (controller): - - Do not crash when receiving a POSTDESCRIPTOR command with an - empty body. Fixes part of bug 22644; bugfix on 0.2.0.1-alpha. - - Do not crash when receiving a HSPOST command with an empty body. - Fixes part of bug 22644; bugfix on 0.2.7.1-alpha. diff --git a/changes/bug22737 b/changes/bug22737 deleted file mode 100644 index f0de8e6c41..0000000000 --- a/changes/bug22737 +++ /dev/null @@ -1,12 +0,0 @@ - o Minor bugfixes (defensive programming, undefined behavior): - - - Fix a memset() off the end of an array when packing cells. This - bug should be harmless in practice, since the corrupted bytes - are still in the same structure, and are always padding bytes, - ignored, or immediately overwritten, depending on compiler - behavior. Nevertheless, because the memset()'s purpose is to - make sure that any other cell-handling bugs can't expose bytes - to the network, we need to fix it. Fixes bug 22737; bugfix on - 0.2.4.11-alpha. Fixes CID 1401591. - - diff --git a/changes/bug22753 b/changes/bug22753 deleted file mode 100644 index 32a6dfa56c..0000000000 --- a/changes/bug22753 +++ /dev/null @@ -1,7 +0,0 @@ - o Major bugfixes (path selection, security): - - When choosing which guard to use for a circuit, avoid the - exit's family along with the exit itself. Previously, the new - guard selection logic avoided the exit, but did not consider - its family. Fixes bug 22753; bugfix on 0.3.0.1-alpha. Tracked - as TROVE-2016-006 and CVE-2017-0377. - diff --git a/changes/bug22789 b/changes/bug22789 deleted file mode 100644 index a653592848..0000000000 --- a/changes/bug22789 +++ /dev/null @@ -1,7 +0,0 @@ - o Major bugfixes (openbsd, denial-of-service): - - Avoid an assertion failure bug affecting our implementation of - inet_pton(AF_INET6) on certain OpenBSD systems whose strtol() - handling of "0xfoo" differs from what we had expected. - Fixes bug 22789; bugfix on 0.2.3.8-alpha. Also tracked as - TROVE-2017-007. - diff --git a/changes/bug22797 b/changes/bug22797 deleted file mode 100644 index 619baaa409..0000000000 --- a/changes/bug22797 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (file limits): - - When setting the maximum number of connections allowed by the OS, - always allow some extra file descriptors for other files. - Fixes bug 22797; bugfix on 0.2.0.10-alpha. diff --git a/changes/bug22801 b/changes/bug22801 deleted file mode 100644 index 7edc79bc84..0000000000 --- a/changes/bug22801 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (compilation): - - When building with certain versions the mingw C header files, avoid - float-conversion warnings when calling the C functions isfinite(), - isnan(), and signbit(). Fixes bug 22801; bugfix on 0.2.8.1-alpha. - diff --git a/changes/bug22803 b/changes/bug22803 deleted file mode 100644 index 80b4b9f589..0000000000 --- a/changes/bug22803 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (unit tests): - - Fix a memory leak in the link-handshake/certs_ok_ed25519 test. - Fixes bug 22803; bugfix on 0.3.0.1-alpha. diff --git a/changes/bug22838_028 b/changes/bug22838_028 deleted file mode 100644 index 1d0a4fbfd1..0000000000 --- a/changes/bug22838_028 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (compilation, mingw, backport from 0.3.1.1-alpha): - - Backport a fix for an "unused variable" warning that appeared - in some versions of mingw. Fixes bug 22838; bugfix on - 0.2.8.1-alpha. - diff --git a/changes/bug22915 b/changes/bug22915 deleted file mode 100644 index 17a9c6018f..0000000000 --- a/changes/bug22915 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (compilation warnings): - - Suppress -Wdouble-promotion warnings with clang 4.0. Fixes bug 22915; - bugfix on 0.2.8.1-alpha. diff --git a/changes/bug22916_027 b/changes/bug22916_027 deleted file mode 100644 index 5cf99c7d15..0000000000 --- a/changes/bug22916_027 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (Compilation): - - Fix warnings when building with libscrypt and openssl scrypt support - on Clang. Fixes bug 22916; bugfix on 0.2.7.2-alpha. diff --git a/changes/bug23030_029 b/changes/bug23030_029 deleted file mode 100644 index 89a1b507d7..0000000000 --- a/changes/bug23030_029 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes (coverity builds): - - Avoid Coverity build warnings related to our BUG() macro. By - default, Coverity treats BUG() as the Linux kernel does: an - instant abort(). We need to override that so our BUG() macro - doesn't prevent Coverity from analyzing functions that use it. - Fixes bug 23030; bugfix on 0.2.9.1-alpha. - diff --git a/changes/bug23078 b/changes/bug23078 deleted file mode 100644 index 67624007cf..0000000000 --- a/changes/bug23078 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes (logging, relay): - - Remove a log_warn() that has been forgotten when an introduction point - successfully established a hidden service prop224 circuit with a client. - - Three other log_warn() for an introduction point have been changed to - protocol warning because they can be failure from the network and are - not relevant to the operator. Fixes bug 23078; bugfix on - tor-0.3.0.1-alpha and tor-0.3.0.2-alpha. diff --git a/changes/bug23081 b/changes/bug23081 deleted file mode 100644 index 76c4e30971..0000000000 --- a/changes/bug23081 +++ /dev/null @@ -1,8 +0,0 @@ - o Minor bugfixes (Windows service): - - When running as a Windows service, set the ID of the main thread - correctly. Failure to do so made us fail to send log messages - to the controller in 0.2.1.16-rc, slowed down controller - event delivery in 0.2.7.3-rc and later, and crash with an assertion - failure in 0.3.1.1-alpha. Fixes bug 23081; bugfix on 0.2.1.6-alpha. - Patch and diagnosis from "Vort". - diff --git a/changes/bug23291 b/changes/bug23291 deleted file mode 100644 index a5b0efda0a..0000000000 --- a/changes/bug23291 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (testing): - - Fix an undersized buffer in test-memwipe.c. Fixes bug 23291; bugfix on - 0.2.7.2-alpha. Found and patched by Ties Stuij. diff --git a/changes/bug23470 b/changes/bug23470 deleted file mode 100644 index 33367b3a30..0000000000 --- a/changes/bug23470 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfix (relay address resolution): - - Avoid unnecessary calls to directory_fetches_from_authorities() - on relays. This avoids spurious address resolutions and - descriptor rebuilds. This is a mitigation for 21789. The original - bug was introduced in commit 35bbf2e as part of prop210. - Fixes 23470 in 0.2.8.1-alpha. diff --git a/changes/bug23610 b/changes/bug23610 deleted file mode 100644 index f2dc8bd1a6..0000000000 --- a/changes/bug23610 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (hidden service, relay): - - Avoid a possible double close of a circuit by the intro point on error - of sending the INTRO_ESTABLISHED cell. Fixes ticket 23610; bugfix on - 0.3.0.1-alpha. diff --git a/changes/bug23690 b/changes/bug23690 deleted file mode 100644 index 36ff32e499..0000000000 --- a/changes/bug23690 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes (relay, crash, assertion failure): - - Fix a timing-based assertion failure that could occur when the - circuit out-of-memory handler freed a connection's output buffer. - Fixes bug 23690; bugfix on 0.2.6.1-alpha. - diff --git a/changes/bug23693 b/changes/bug23693 deleted file mode 100644 index 796398be51..0000000000 --- a/changes/bug23693 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (relay, crash): - - Avoid a crash when transitioning from client mode to bridge mode. - Previously, we would launch the worker threads whenever our "public - server" mode changed, but not when our "server" mode changed. - Fixes bug 23693; bugfix on 0.2.6.3-alpha. - diff --git a/changes/bug23874 b/changes/bug23874 deleted file mode 100644 index bf6620553d..0000000000 --- a/changes/bug23874 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (memory safety): - - Clear the address when node_get_prim_orport() returns early. - Fixes bug 23874; bugfix on 0.2.8.2-alpha. diff --git a/changes/bug24313 b/changes/bug24313 deleted file mode 100644 index b927ec3ba6..0000000000 --- a/changes/bug24313 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes (security, hidden service v2): - - Fix a use-after-free error that could crash v2 Tor hidden services - when it failed to open circuits while expiring introductions - points. Fixes bug 24313; bugfix on 0.2.7.2-alpha. This - issue is also tracked as TROVE-2017-013 and CVE-2017-8823. diff --git a/changes/bug8185_025 b/changes/bug8185_025 deleted file mode 100644 index 1bfc12b1e4..0000000000 --- a/changes/bug8185_025 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (logging, relay shutdown, annoyance): - - When a circuit is marked for close, do not attempt to package any cells - for channels on that circuit. Previously, we would detect this - condition lower in the call stack, when we noticed that the circuit had - no attached channel, and log an annoying message. Fixes bug 8185; - bugfix on 0.2.5.4-alpha. diff --git a/changes/feature21570 b/changes/feature21570 deleted file mode 100644 index 40555eefa9..0000000000 --- a/changes/feature21570 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features (testing): - - During 'make test-network-all', if tor logs any warnings, ask chutney - to output them. Requires a recent version of chutney with the 21572 - patch. - Implements 21570. diff --git a/changes/geoip-2017-11-06 b/changes/geoip-2017-11-06 deleted file mode 100644 index f034be9006..0000000000 --- a/changes/geoip-2017-11-06 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (geoip): - - Update geoip and geoip6 to the November 6 2017 Maxmind GeoLite2 - Country database. - diff --git a/changes/geoip-april2017 b/changes/geoip-april2017 deleted file mode 100644 index b489eaf016..0000000000 --- a/changes/geoip-april2017 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - Update geoip and geoip6 to the April 4 2017 Maxmind GeoLite2 - Country database. - diff --git a/changes/geoip-august2017 b/changes/geoip-august2017 deleted file mode 100644 index 2dab18a63f..0000000000 --- a/changes/geoip-august2017 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - Update geoip and geoip6 to the August 3 2017 Maxmind GeoLite2 - Country database. - diff --git a/changes/geoip-february2017 b/changes/geoip-february2017 deleted file mode 100644 index ec54b6122a..0000000000 --- a/changes/geoip-february2017 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - Update geoip and geoip6 to the February 8 2017 Maxmind GeoLite2 - Country database. - diff --git a/changes/geoip-july2017 b/changes/geoip-july2017 deleted file mode 100644 index ed10369f1b..0000000000 --- a/changes/geoip-july2017 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - Update geoip and geoip6 to the July 4 2017 Maxmind GeoLite2 - Country database. - diff --git a/changes/geoip-june2017 b/changes/geoip-june2017 deleted file mode 100644 index 2ea7bf105e..0000000000 --- a/changes/geoip-june2017 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - Update geoip and geoip6 to the June 8 2017 Maxmind GeoLite2 - Country database. - diff --git a/changes/geoip-march2017 b/changes/geoip-march2017 deleted file mode 100644 index 6dc92baa2f..0000000000 --- a/changes/geoip-march2017 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - Update geoip and geoip6 to the March 7 2017 Maxmind GeoLite2 - Country database. - diff --git a/changes/geoip-may2017 b/changes/geoip-may2017 deleted file mode 100644 index 4e504d7a0a..0000000000 --- a/changes/geoip-may2017 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2 - Country database. - diff --git a/changes/geoip-october2017 b/changes/geoip-october2017 deleted file mode 100644 index 11f623e85f..0000000000 --- a/changes/geoip-october2017 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (geoip): - - Update geoip and geoip6 to the October 4 2017 Maxmind GeoLite2 - Country database. - diff --git a/changes/geoip-september2017 b/changes/geoip-september2017 deleted file mode 100644 index be01ff9521..0000000000 --- a/changes/geoip-september2017 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - Update geoip and geoip6 to the September 6 2017 Maxmind GeoLite2 - Country database. - diff --git a/changes/longclaw-ipv6 b/changes/longclaw-ipv6 deleted file mode 100644 index 75899c9d07..0000000000 --- a/changes/longclaw-ipv6 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor features (directory authorities): - - Remove longclaw's IPv6 address, as it will soon change. - Authority IPv6 addresses were originally added in 0.2.8.1-alpha. - This leaves 3/8 directory authorities with IPv6 addresses, but there - are also 52 fallback directory mirrors with IPv6 addresses. - Resolves 19760. diff --git a/changes/longclaw_23592 b/changes/longclaw_23592 deleted file mode 100644 index 91e2da8972..0000000000 --- a/changes/longclaw_23592 +++ /dev/null @@ -1,3 +0,0 @@ - o Directory authority changes: - - The directory authority "Longclaw" has changed its IP address. - Closes ticket 23592. diff --git a/changes/prop275-minimal b/changes/prop275-minimal deleted file mode 100644 index 83d42f850b..0000000000 --- a/changes/prop275-minimal +++ /dev/null @@ -1,9 +0,0 @@ - o Minor features (future-proofing): - - - Tor no longer refuses to download microdescriptors or descriptors if - they are listed as "published in the future". This change will - eventually allow us to stop listing meaningful "published" dates - in microdescriptor consensuses, and thereby allow us to reduce the - resources required to download consensus diffs by over 50%. - Implements part of ticket 21642; implements part of proposal 275. - diff --git a/changes/ticket20656 b/changes/ticket20656 deleted file mode 100644 index 28192e8978..0000000000 --- a/changes/ticket20656 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor feature (protover): - - Add new protocol version for proposal 224. HSIntro now advertises - version "3-4" and HSDir version "1-2". Fixes ticket 20656. diff --git a/changes/ticket21564 b/changes/ticket21564 deleted file mode 100644 index 7e01f41f8f..0000000000 --- a/changes/ticket21564 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor features (fallback directory list): - - Replace the 177 fallbacks originally introduced in Tor 0.2.9.8 in - December 2016 (of which ~126 were still functional), with a list of - 151 fallbacks (32 new, 119 existing, 58 removed) generated in - May 2017. - Resolves ticket 21564. diff --git a/changes/ticket21953 b/changes/ticket21953 deleted file mode 100644 index 7cc84f506d..0000000000 --- a/changes/ticket21953 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor features: - - Enable a couple of pieces of Windows hardening: one - (HeapEnableTerminationOnCorruption) that has been on-by-default since - Windows 8, and unavailable before Windows 7, and one - (PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION) which we believe doesn't - affect us, but shouldn't do any harm. Closes ticket 21953. diff --git a/changes/ticket22895 b/changes/ticket22895 deleted file mode 100644 index a3f7b86019..0000000000 --- a/changes/ticket22895 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (compilation): - - Fix unused variable warnings in donna's Curve25519 SSE2 code. - Fixes bug 22895; bugfix on 0.2.7.2-alpha. diff --git a/changes/ticket23910 b/changes/ticket23910 deleted file mode 100644 index eb38fcf32f..0000000000 --- a/changes/ticket23910 +++ /dev/null @@ -1,3 +0,0 @@ - o Directory authority changes: - - Add bastet as a ninth directory authority to the default list. Closes - ticket 23910. diff --git a/changes/trove-2017-001.2 b/changes/trove-2017-001.2 deleted file mode 100644 index 3ef073cf9f..0000000000 --- a/changes/trove-2017-001.2 +++ /dev/null @@ -1,8 +0,0 @@ - o Major bugfixes (parsing): - - Fix an integer underflow bug when comparing malformed Tor versions. - This bug is harmless, except when Tor has been built with - --enable-expensive-hardening, which would turn it into a crash; - or on Tor 0.2.9.1-alpha through Tor 0.2.9.8, which were built with - -ftrapv by default. - Part of TROVE-2017-001. Fixes bug 21278; bugfix on - 0.0.8pre1. Found by OSS-Fuzz. diff --git a/changes/trove-2017-004 b/changes/trove-2017-004 deleted file mode 100644 index af1567f220..0000000000 --- a/changes/trove-2017-004 +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfixes (hidden service, relay, security): - - Fix an assertion failure when a hidden service handles a - malformed BEGIN cell. This bug resulted in the service crashing - triggered by a tor_assert(). Fixes bug 22493, tracked as - TROVE-2017-004 and as CVE-2017-0375; bugfix on 0.3.0.1-alpha. - Found by armadev. diff --git a/changes/trove-2017-005 b/changes/trove-2017-005 deleted file mode 100644 index cebb013f86..0000000000 --- a/changes/trove-2017-005 +++ /dev/null @@ -1,7 +0,0 @@ - o Major bugfixes (hidden service, relay, security): - - Fix an assertion failure caused by receiving a BEGIN_DIR cell on - a hidden service rendezvous circuit. Fixes bug 22494, tracked as - TROVE-2017-005 and CVE-2017-0376; bugfix on 0.2.2.1-alpha. Found - by armadev. - - diff --git a/changes/trove-2017-008 b/changes/trove-2017-008 deleted file mode 100644 index 4b9c5b0a12..0000000000 --- a/changes/trove-2017-008 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes (security, hidden services, loggging): - - Fix a bug where we could log uninitialized stack when a certain - hidden service error occurred while SafeLogging was disabled. - Fixes bug #23490; bugfix on 0.2.7.2-alpha. - This is also tracked as TROVE-2017-008 and CVE-2017-0380. diff --git a/changes/trove-2017-009 b/changes/trove-2017-009 deleted file mode 100644 index 166a5faec6..0000000000 --- a/changes/trove-2017-009 +++ /dev/null @@ -1,10 +0,0 @@ - o Major bugfixes (security): - - When checking for replays in the INTRODUCE1 cell data for a (legacy) - hiddden service, correctly detect replays in the RSA-encrypted part of - the cell. We were previously checking for replays on the entire cell, - but those can be circumvented due to the malleability of Tor's legacy - hybrid encryption. This fix helps prevent a traffic confirmation - attack. Fixes bug 24244; bugfix on 0.2.4.1-alpha. This issue is also - tracked as TROVE-2017-009 and CVE-2017-8819. - - diff --git a/changes/trove-2017-010 b/changes/trove-2017-010 deleted file mode 100644 index d5bf9333da..0000000000 --- a/changes/trove-2017-010 +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfixes (security): - - Fix a denial-of-service issue where an attacker could crash - a directory authority using a malformed router descriptor. - Fixes bug 24245; bugfix on 0.2.9.4-alpha. Also tracked - as TROVE-2017-010 and CVE-2017-8820. - diff --git a/changes/trove-2017-011 b/changes/trove-2017-011 deleted file mode 100644 index 82d20d9e78..0000000000 --- a/changes/trove-2017-011 +++ /dev/null @@ -1,8 +0,0 @@ - o Major bugfixes (security): - - Fix a denial of service bug where an attacker could use a malformed - directory object to cause a Tor instance to pause while OpenSSL would - try to read a passphrase from the terminal. (If the terminal was not - available, tor would continue running.) Fixes bug 24246; bugfix on - every version of Tor. Also tracked as TROVE-2017-011 and - CVE-2017-8821. Found by OSS-Fuzz as testcase 6360145429790720. - diff --git a/changes/trove-2017-012-part1 b/changes/trove-2017-012-part1 deleted file mode 100644 index 9fccc2cf65..0000000000 --- a/changes/trove-2017-012-part1 +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfixes (security, relay): - - When running as a relay, make sure that we never build a path through - ourselves, even in the case where we have somehow lost the version of - our descriptor appearing in the consensus. Fixes part of bug 21534; - bugfix on 0.2.0.1-alpha. This issue is also tracked as TROVE-2017-012 - and CVE-2017-8822. diff --git a/changes/trove-2017-012-part2 b/changes/trove-2017-012-part2 deleted file mode 100644 index ed994c5b02..0000000000 --- a/changes/trove-2017-012-part2 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes (security, relay): - - When running as a relay, make sure that we never ever choose ourselves - as a guard. Previously, this was possible. Fixes part of bug 21534; - bugfix on 0.3.0.1-alpha. This issue is also tracked as TROVE-2017-012 - and CVE-2017-8822. |