aboutsummaryrefslogtreecommitdiff
path: root/changes
diff options
context:
space:
mode:
Diffstat (limited to 'changes')
-rw-r--r--changes/29241_diagnostic4
-rw-r--r--changes/bug285257
-rw-r--r--changes/bug292416
-rw-r--r--changes/bug300409
-rw-r--r--changes/bug300415
-rw-r--r--changes/bug301484
-rw-r--r--changes/bug301894
-rw-r--r--changes/bug301903
-rw-r--r--changes/bug303164
-rw-r--r--changes/bug304523
-rw-r--r--changes/bug305616
-rw-r--r--changes/bug307135
-rw-r--r--changes/bug307443
-rw-r--r--changes/bug307814
-rw-r--r--changes/bug313439
-rw-r--r--changes/chutney_ci3
-rw-r--r--changes/cid14441193
-rw-r--r--changes/geoip-2019-06-104
-rw-r--r--changes/ticket287955
-rw-r--r--changes/ticket296174
-rw-r--r--changes/ticket297024
-rw-r--r--changes/ticket302133
-rw-r--r--changes/ticket302342
-rw-r--r--changes/ticket3045410
-rw-r--r--changes/ticket305913
-rw-r--r--changes/ticket306943
-rw-r--r--changes/ticket313744
27 files changed, 124 insertions, 0 deletions
diff --git a/changes/29241_diagnostic b/changes/29241_diagnostic
new file mode 100644
index 0000000000..1e38654957
--- /dev/null
+++ b/changes/29241_diagnostic
@@ -0,0 +1,4 @@
+ o Minor features (NSS, diagnostic):
+ - Try to log an error from NSS (if there is any) and a more useful
+ description of our situation if we are using NSS and a call to
+ SSL_ExportKeyingMaterial() fails. Diagnostic for ticket 29241.
diff --git a/changes/bug28525 b/changes/bug28525
new file mode 100644
index 0000000000..988ffb2192
--- /dev/null
+++ b/changes/bug28525
@@ -0,0 +1,7 @@
+ o Minor features (address selection):
+ - Make Tor aware of the RFC 6598 (Carrier Grade NAT) IP range, which is the
+ subnet 100.64.0.0/10. This is deployed by many ISPs as an alternative to
+ RFC 1918 that does not break existing internal networks. This patch fixes
+ security issues caused by RFC 6518 by blocking control ports on these
+ addresses and warns users if client ports or ExtORPorts are listening on
+ a RFC 6598 address. Closes ticket 28525. Patch by Neel Chauhan.
diff --git a/changes/bug29241 b/changes/bug29241
new file mode 100644
index 0000000000..7f25e154d1
--- /dev/null
+++ b/changes/bug29241
@@ -0,0 +1,6 @@
+ o Major bugfixes (NSS, relay):
+ - When running with NSS, disable TLS 1.2 ciphersuites that use SHA384
+ for their PRF. Due to an NSS bug, the TLS key exporters for these
+ ciphersuites don't work -- which caused relays to fail to handshake
+ with one another when these ciphersuites were enabled.
+ Fixes bug 29241; bugfix on 0.3.5.1-alpha.
diff --git a/changes/bug30040 b/changes/bug30040
new file mode 100644
index 0000000000..7d80528a10
--- /dev/null
+++ b/changes/bug30040
@@ -0,0 +1,9 @@
+ o Minor bugfixes (security):
+ - Fix a potential double free bug when reading huge bandwidth files. The
+ issue is not exploitable in the current Tor network because the
+ vulnerable code is only reached when directory authorities read bandwidth
+ files, but bandwidth files come from a trusted source (usually the
+ authorities themselves). Furthermore, the issue is only exploitable in
+ rare (non-POSIX) 32-bit architectures which are not used by any of the
+ current authorities. Fixes bug 30040; bugfix on 0.3.5.1-alpha. Bug found
+ and fixed by Tobias Stoeckmann.
diff --git a/changes/bug30041 b/changes/bug30041
new file mode 100644
index 0000000000..801c8f67ac
--- /dev/null
+++ b/changes/bug30041
@@ -0,0 +1,5 @@
+ o Minor bugfixes (hardening):
+ - Verify in more places that we are not about to create a buffer
+ with more than INT_MAX bytes, to avoid possible OOB access in the event
+ of bugs. Fixes bug 30041; bugfix on 0.2.0.16. Found and fixed by
+ Tobias Stoeckmann.
diff --git a/changes/bug30148 b/changes/bug30148
new file mode 100644
index 0000000000..7d0257e3fe
--- /dev/null
+++ b/changes/bug30148
@@ -0,0 +1,4 @@
+ o Minor bugfixes (memory leak):
+ - Avoid a minor memory leak that could occur on relays when
+ creating a keys directory failed. Fixes bug 30148; bugfix on
+ 0.3.3.1-alpha.
diff --git a/changes/bug30189 b/changes/bug30189
new file mode 100644
index 0000000000..f8c932a5f9
--- /dev/null
+++ b/changes/bug30189
@@ -0,0 +1,4 @@
+ o Minor bugfixes (compilation, unusual configuration):
+ - Avoid failures when building with ALL_BUGS_ARE_FAILED due to
+ missing declarations of abort(), and prevent other such failures
+ in the future. Fixes bug 30189; bugfix on 0.3.4.1-alpha.
diff --git a/changes/bug30190 b/changes/bug30190
new file mode 100644
index 0000000000..e2352c3b9c
--- /dev/null
+++ b/changes/bug30190
@@ -0,0 +1,3 @@
+ o Minor bugfixes (lib):
+ do not log a warning for OpenSSL versions that should be compatible
+ Fixes bug 30190; bugfix on 0.2.4.2-alpha
diff --git a/changes/bug30316 b/changes/bug30316
new file mode 100644
index 0000000000..3e396318ad
--- /dev/null
+++ b/changes/bug30316
@@ -0,0 +1,4 @@
+ o Minor bugfixes (directory authority):
+ - Move the "bandwidth-file-headers" line in directory authority votes
+ so that it conforms to dir-spec.txt. Fixes bug 30316; bugfix on
+ 0.3.5.1-alpha.
diff --git a/changes/bug30452 b/changes/bug30452
new file mode 100644
index 0000000000..2bb401d87d
--- /dev/null
+++ b/changes/bug30452
@@ -0,0 +1,3 @@
+ o Minor features (compile-time modules):
+ - Add a --list-modules command to print a list of which compile-time
+ modules are enabled. Closes ticket 30452.
diff --git a/changes/bug30561 b/changes/bug30561
new file mode 100644
index 0000000000..afb3f02c62
--- /dev/null
+++ b/changes/bug30561
@@ -0,0 +1,6 @@
+ o Minor bugfixes (portability):
+ - Avoid crashing in our tor_vasprintf() implementation on systems that
+ define neither vasprintf() nor _vscprintf(). (This bug has been here
+ long enough that we question whether people are running Tor on such
+ systems, but we're applying the fix out of caution.) Fixes bug 30561;
+ bugfix on 0.2.8.2-alpha. Found and fixed by Tobias Stoeckmann.
diff --git a/changes/bug30713 b/changes/bug30713
new file mode 100644
index 0000000000..e00b98da65
--- /dev/null
+++ b/changes/bug30713
@@ -0,0 +1,5 @@
+ o Minor bugfixes (testing):
+ - Skip test_rebind when the TOR_SKIP_TEST_REBIND environmental variable is
+ set. Fixes bug 30713; bugfix on 0.3.5.1-alpha.
+ - Skip test_rebind on macOS in Travis, because it is unreliable on
+ macOS on Travis. Fixes bug 30713; bugfix on 0.3.5.1-alpha.
diff --git a/changes/bug30744 b/changes/bug30744
new file mode 100644
index 0000000000..9f07d4855f
--- /dev/null
+++ b/changes/bug30744
@@ -0,0 +1,3 @@
+ o Minor bugfixes (continuous integration):
+ - Allow the test-stem job to fail in Travis, because it sometimes hangs.
+ Fixes bug 30744; bugfix on 0.3.5.4-alpha.
diff --git a/changes/bug30781 b/changes/bug30781
new file mode 100644
index 0000000000..7c7adf470e
--- /dev/null
+++ b/changes/bug30781
@@ -0,0 +1,4 @@
+ o Minor bugfixes (directory authorities):
+ - Stop crashing after parsing an unknown descriptor purpose annotation.
+ We think this bug can only be triggered by modifying a local file.
+ Fixes bug 30781; bugfix on 0.2.0.8-alpha.
diff --git a/changes/bug31343 b/changes/bug31343
new file mode 100644
index 0000000000..17a8057ead
--- /dev/null
+++ b/changes/bug31343
@@ -0,0 +1,9 @@
+ o Minor bugfixes (compilation):
+ - Avoid using labs() on time_t, which can cause compilation warnings
+ on 64-bit Windows builds. Fixes bug 31343; bugfix on 0.2.4.4-alpha.
+
+ o Minor bugfixes (clock skew detection):
+ - Don't believe clock skew results from NETINFO cells that appear to
+ arrive before the VERSIONS cells they are responding to were sent.
+ Previously, we would accept them up to 3 minutes "in the past".
+ Fixes bug 31343; bugfix on 0.2.4.4-alpha.
diff --git a/changes/chutney_ci b/changes/chutney_ci
new file mode 100644
index 0000000000..b17d587329
--- /dev/null
+++ b/changes/chutney_ci
@@ -0,0 +1,3 @@
+ o Minor features (continuous integration):
+ - Our Travis configuration now uses Chutney to run some network
+ integration tests automatically. Closes ticket 29280.
diff --git a/changes/cid1444119 b/changes/cid1444119
new file mode 100644
index 0000000000..bb6854e66f
--- /dev/null
+++ b/changes/cid1444119
@@ -0,0 +1,3 @@
+ o Minor bugfixes (C correctness):
+ - Fix an unlikely memory leak in consensus_diff_apply(). Fixes bug 29824;
+ bugfix on 0.3.1.1-alpha. This is Coverity warning CID 1444119.
diff --git a/changes/geoip-2019-06-10 b/changes/geoip-2019-06-10
new file mode 100644
index 0000000000..2d1e065649
--- /dev/null
+++ b/changes/geoip-2019-06-10
@@ -0,0 +1,4 @@
+ o Minor features (geoip):
+ - Update geoip and geoip6 to the June 10 2019 Maxmind GeoLite2
+ Country database. Closes ticket 30852.
+
diff --git a/changes/ticket28795 b/changes/ticket28795
new file mode 100644
index 0000000000..6ae72562bf
--- /dev/null
+++ b/changes/ticket28795
@@ -0,0 +1,5 @@
+ o Minor features (fallback directory list):
+ - Replace the 157 fallbacks originally introduced in Tor 0.3.5.6-rc
+ in December 2018 (of which ~122 were still functional), with a
+ list of 148 fallbacks (70 new, 78 existing, 79 removed) generated
+ in June 2019. Closes ticket 28795.
diff --git a/changes/ticket29617 b/changes/ticket29617
new file mode 100644
index 0000000000..4d50ea9627
--- /dev/null
+++ b/changes/ticket29617
@@ -0,0 +1,4 @@
+ o Minor bugfixes (out-of-memory handler):
+ - When purging the DNS cache because of an out-of-memory condition,
+ try purging just the older entries at first. Previously, we would
+ purge the whole thing. Fixes bug 29617; bugfix on 0.3.5.1-alpha.
diff --git a/changes/ticket29702 b/changes/ticket29702
new file mode 100644
index 0000000000..e1cc1f867b
--- /dev/null
+++ b/changes/ticket29702
@@ -0,0 +1,4 @@
+ o Testing:
+ - Specify torrc paths (with empty files) when launching tor in
+ integration tests; refrain from reading user and system torrcs.
+ Resolves issue 29702.
diff --git a/changes/ticket30213 b/changes/ticket30213
new file mode 100644
index 0000000000..acb7614807
--- /dev/null
+++ b/changes/ticket30213
@@ -0,0 +1,3 @@
+ o Minor features (continuous integration):
+ - Remove sudo configuration lines from .travis.yml as they are no longer
+ needed with current Travis build environment. Resolves issue 30213.
diff --git a/changes/ticket30234 b/changes/ticket30234
new file mode 100644
index 0000000000..5a0076bad2
--- /dev/null
+++ b/changes/ticket30234
@@ -0,0 +1,2 @@
+ o Testing (continuous integration):
+ - In Travis, show stem's tor log after failure. Closes ticket 30234.
diff --git a/changes/ticket30454 b/changes/ticket30454
new file mode 100644
index 0000000000..77c45d0feb
--- /dev/null
+++ b/changes/ticket30454
@@ -0,0 +1,10 @@
+ o Major bugfixes (hidden service v3):
+ - An intro point could try to send an INTRODUCE_ACK with a status code
+ that it wasn't able to encode leading to a hard assert() of the relay.
+ Fortunately, that specific code path can not be reached thus this issue
+ can't be triggered. We've consolidated the ABI values into trunnel now.
+ Fixes bug 30454; bugfix on 0.3.0.1-alpha.
+ - HSv3 client will now be able to properly handle unknown status code from
+ a INTRODUCE_ACK cell (nack) even if they do not know it. The NACK
+ behavior will stay the same. This will allow us to extend status code if
+ we want in the future without breaking the normal client behavior.
diff --git a/changes/ticket30591 b/changes/ticket30591
new file mode 100644
index 0000000000..f97c024009
--- /dev/null
+++ b/changes/ticket30591
@@ -0,0 +1,3 @@
+ o Testing (continuous integration):
+ - In Travis, make stem log a controller trace to the console. And tail
+ stem's tor log after failure. Closes ticket 30591.
diff --git a/changes/ticket30694 b/changes/ticket30694
new file mode 100644
index 0000000000..70dbf6481a
--- /dev/null
+++ b/changes/ticket30694
@@ -0,0 +1,3 @@
+ o Testing (continuous integration):
+ - In Travis, only run the stem tests that use a tor binary.
+ Closes ticket 30694.
diff --git a/changes/ticket31374 b/changes/ticket31374
new file mode 100644
index 0000000000..e8eef9cd49
--- /dev/null
+++ b/changes/ticket31374
@@ -0,0 +1,4 @@
+ o Minor bugfixes (compilation warning):
+ - Fix a compilation warning on Windows about casting a function
+ pointer for GetTickCount64(). Fixes bug 31374; bugfix on
+ 0.2.9.1-alpha.
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion