diff options
Diffstat (limited to 'changes')
215 files changed, 322 insertions, 924 deletions
diff --git a/changes/abandon-rend-circs-on-newnym b/changes/abandon-rend-circs-on-newnym deleted file mode 100644 index 67cb2dce2f..0000000000 --- a/changes/abandon-rend-circs-on-newnym +++ /dev/null @@ -1,8 +0,0 @@ - o Security fixes: - - Don't attach new streams to old rendezvous circuits after SIGNAL - NEWNYM. Previously, we would keep using an existing rendezvous - circuit if it remained open (i.e. if it were kept open by a - long-lived stream or if a new stream were attached to it before - Tor could notice that it was old and no longer in use and close - it). Bugfix on 0.1.1.15-rc; fixes bug 3375. - diff --git a/changes/bridgepassword b/changes/bridgepassword deleted file mode 100644 index 5f0e250ff6..0000000000 --- a/changes/bridgepassword +++ /dev/null @@ -1,11 +0,0 @@ - o Security fixes: - - When using the debuging BridgePassword field, a bridge authority - now compares alleged passwords by hashing them, then comparing - the result to a digest of the expected authenticator. This avoids - a potential side-channel attack in the previous code, which - had foolishly used strcmp(). Fortunately, the BridgePassword field - *is not in use*, but if it had been, the timing - behavior of strcmp() might have allowed an adversary to guess the - BridgePassword value, and enumerate the bridges. Bugfix on - 0.2.0.14-alpha. Fixes bug 5543. - diff --git a/changes/buffer_bug b/changes/buffer_bug deleted file mode 100644 index 634f609533..0000000000 --- a/changes/buffer_bug +++ /dev/null @@ -1,7 +0,0 @@ - - o Major bugfixes: - - Fix a heap overflow bug that could occur when trying to pull - data into the first chunk of a buffer, when that chunk had - already had some data drained from it. Fixes CVE-2011-2778; - bugfix on 0.2.0.16-alpha. Reported by "Vektor". - diff --git a/changes/bug1240 b/changes/bug1240 deleted file mode 100644 index 657066491c..0000000000 --- a/changes/bug1240 +++ /dev/null @@ -1,8 +0,0 @@ - o Minor bugfixes: - - When running with an older Linux kernel that erroneously responds - to strange nmap behavior by having accept() return successfully - with a zero-length socket, just close the connection. Previously, - we would try harder to learn the remote address: but there was no - such remote address to learn, and our method for trying to learn - it was incorrect. Fixes bugs #1240, #4745, and #4747. Bugfix on - 0.1.0.3-rc. Reported and diagnosed by "r1eo". diff --git a/changes/bug1297a b/changes/bug1297a deleted file mode 100644 index 140b94e3b0..0000000000 --- a/changes/bug1297a +++ /dev/null @@ -1,16 +0,0 @@ - o Major bugfixes: - - Apply circuit timeouts to opened hidden-service-related circuits - based on the correct start time. Previously, we would apply the - circuit build timeout based on time since the circuit's - creation; it was supposed to be applied based on time since the - circuit entered its current state. Bugfix on 0.0.6; fixes part - of bug 1297. - - Use the same circuit timeout for client-side introduction - circuits as for other four-hop circuits. Previously, - client-side introduction circuits were closed after the same - timeout as single-hop directory-fetch circuits; this was - appropriate with the static circuit build timeout in 0.2.1.x and - earlier, but caused many hidden service access attempts to fail - with the adaptive CBT introduced in 0.2.2.2-alpha. Bugfix on - 0.2.2.2-alpha; fixes another part of bug 1297. - diff --git a/changes/bug1345 b/changes/bug1345 deleted file mode 100644 index 0c9375a35d..0000000000 --- a/changes/bug1345 +++ /dev/null @@ -1,13 +0,0 @@ - o Minor bugfixes: - - On SIGHUP, do not clear out all TrackHostExits mappings, client DNS - cache entries, and virtual address mappings: that's what NEWNYM is - for. Bugfix on Tor 0.1.0.1-rc; fixes bug 1345. - - When TrackHostExits is changed from a controller, remove any - mappings for hosts that should no longer have their exits tracked. - Bugfix on Tor 0.1.0.1-rc. - - When VirtualAddrNetwork option is changed from a controller, - remove any mappings for hosts that were automapped to - that network. Bugfix on 0.1.1.19-rc. - - When one of the AutomapHosts* options is changed from a - controller, remove any mappings for hosts that should no longer be - automapped. Bugfix on 0.2.0.1-alpha. diff --git a/changes/bug1352 b/changes/bug1352 deleted file mode 100644 index bde0192401..0000000000 --- a/changes/bug1352 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features - - Rate-limit a warning about failures to download v2 networkstatus - documents. Resolves part of bug 1352. - diff --git a/changes/bug1810 b/changes/bug1810 deleted file mode 100644 index 11e561f7cf..0000000000 --- a/changes/bug1810 +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfixes: - - Don't decide to make a new descriptor when receiving a HUP signal. - This bug has caused a lot of relays to disappear from the consensus - periodically. Fixes the most common case of triggering bug 1810; - bugfix on 0.2.2.7-alpha. - diff --git a/changes/bug2355 b/changes/bug2355 deleted file mode 100644 index ee0ae4b96a..0000000000 --- a/changes/bug2355 +++ /dev/null @@ -1,8 +0,0 @@ - o Major features: - - If "UseBridges 1" is set and no bridges are configured, Tor will - now refuse to build any circuits until some bridges are set. - If "UseBridges auto" is set, Tor will use bridges if they are - configured and we are not running as a server, but otherwise - will make circuits as usual. The new default is "auto". Patch - by anonym. - diff --git a/changes/bug2355_revert b/changes/bug2355_revert deleted file mode 100644 index 2ded40ad8e..0000000000 --- a/changes/bug2355_revert +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes: - - Revert the UseBridges option to its behavior before 0.2.2.28-beta. - When we changed the default behavior to "use bridges if any are - listed in the torrc", we broke a number of users who had bridges - in their torrc files but who didn't actually want to use them. - Partial resolution for bug 3354. - diff --git a/changes/bug2442 b/changes/bug2442 deleted file mode 100644 index cbcc22bb80..0000000000 --- a/changes/bug2442 +++ /dev/null @@ -1,8 +0,0 @@ - * Minor bugfixes: - - - Demote the 'replay detected' log message emitted when a hidden - service receives the same Diffie-Hellman public key in two - different INTRODUCE2 cells to info level. A normal Tor client - can cause that log message during its normal operation. Bugfix - on 0.2.1.6-alpha; fixes part of bug 2442. - diff --git a/changes/bug2442b b/changes/bug2442b deleted file mode 100644 index 02e1636e91..0000000000 --- a/changes/bug2442b +++ /dev/null @@ -1,8 +0,0 @@ - * Minor bugfixes: - - - Demote the 'INTRODUCE2 cell is too {old,new}' log message to - info level. There is nothing that a hidden service's operator - can do to fix its clients' clocks. Bugfix on 0.2.1.6-alpha; - fixes part of bug 2442. - - diff --git a/changes/bug2503 b/changes/bug2503 deleted file mode 100644 index 50b8bf50c2..0000000000 --- a/changes/bug2503 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - When an HTTPS proxy reports "403 Forbidden", we now explain - what it means rather than calling it an unexpected status code. - Closes bug 2503. Patch from "mikey". diff --git a/changes/bug2574 b/changes/bug2574 deleted file mode 100644 index 5cf2daebfa..0000000000 --- a/changes/bug2574 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Allow nameservers with IPv6 address. Fixes bug 2574. - diff --git a/changes/bug2649a b/changes/bug2649a deleted file mode 100644 index 4ee31ebdb6..0000000000 --- a/changes/bug2649a +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features: - - Add a VoteOnHidServDirectoriesV2 configuration option to allow - directory authorities to abstain from voting on assignment of - the HSDir consensus flag. Related to bug 2649. - diff --git a/changes/bug2649b b/changes/bug2649b deleted file mode 100644 index 1ff14e5569..0000000000 --- a/changes/bug2649b +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - Change the default required uptime for a relay to be accepted as - a HSDir from 24 hours to 25 hours. Bugfix on 0.2.0.10-alpha; - fixes bug 2649. - diff --git a/changes/bug2732-simple b/changes/bug2732-simple deleted file mode 100644 index 367836152d..0000000000 --- a/changes/bug2732-simple +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes - - Do not reject hidden service descriptors simply because we don't - think we have not been assigned the HSDir flag. Clients and - hidden services can have a more up-to-date view of the network - consensus, and if they think that the directory authorities - list us a HSDir, we might actually be one. Related to bug 2732; - bugfix on 0.2.0.10-alpha. diff --git a/changes/bug2748 b/changes/bug2748 deleted file mode 100644 index b522560a92..0000000000 --- a/changes/bug2748 +++ /dev/null @@ -1,10 +0,0 @@ - o Minor bugfixes - - Remove dead code from rend_cache_lookup_v2_desc_as_dir. Fixes - part of bug 2748; bugfix on 0.2.0.10-alpha. - - Log malformed requests for rendezvous descriptors as protocol - warnings, not warnings. Also, use a more informative log - message in case someone sees it at log level warning without - prior info-level messages. Fixes the other part of bug 2748; - bugfix on 0.2.0.10-alpha. - - diff --git a/changes/bug2752 b/changes/bug2752 deleted file mode 100644 index b872d3374a..0000000000 --- a/changes/bug2752 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features: - - Tor used to limit HttpProxyAuthenticator values to 48 characters. - Changed the limit to 512 characters by removing base64 newlines. - Fixes bug 2752. Fix by Michael Yakubovich. - diff --git a/changes/bug2792_checkdir b/changes/bug2792_checkdir deleted file mode 100644 index 10de1deb2d..0000000000 --- a/changes/bug2792_checkdir +++ /dev/null @@ -1,8 +0,0 @@ - o Minor features: - - Tor now refuses to create a ControlSocket in a directory that is - world-readable (or group-readable if ControlSocketsGroupWritable - is 0). This is necessary because some operating systems do not - check the permissions on an AF_UNIX socket when programs try to - connect to it. Checking permissions on the directory holding - the socket, however, seems to work everywhere. - diff --git a/changes/bug2850 b/changes/bug2850 deleted file mode 100644 index 77ccbfa25d..0000000000 --- a/changes/bug2850 +++ /dev/null @@ -1,5 +0,0 @@ - - Minor features - o Set SO_REUSEADDR on all sockets, not just listeners. This should - help busy exit nodes avoid running out of useable ports just because - all the ports have been used in the near past. Resolves issue 2850. - diff --git a/changes/bug2972 b/changes/bug2972 deleted file mode 100644 index 26afcca421..0000000000 --- a/changes/bug2972 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features: - - Allow ControlSockets to be group-writable when the - ControlSocksGroupWritable configuration option is turned on. Patch - by Jérémy Bobbio; implements ticket 2972. - diff --git a/changes/bug3019 b/changes/bug3019 deleted file mode 100644 index 4df709fb3b..0000000000 --- a/changes/bug3019 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes: - - Do not reset the bridge descriptor download status every time we - re-parse our configuration or get a configuration change. Fixes - bug 3019; bugfix on Tor 0.2.0.3-alpha. diff --git a/changes/bug3022 b/changes/bug3022 deleted file mode 100644 index 9472e6d196..0000000000 --- a/changes/bug3022 +++ /dev/null @@ -1,6 +0,0 @@ - o Removed features - - Caches no longer download and serve v2 networkstatus documents - unless FetchV2Networkstatus flag is set: these documents haven't - haven't been used by clients or relays since 0.2.0.x. Resolves - bug 3022. - diff --git a/changes/bug3026 b/changes/bug3026 deleted file mode 100644 index c0c0a3860a..0000000000 --- a/changes/bug3026 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (directory authority) - - Do not upload our own vote or signature set to ourself. It would - tell us nothing new. Also, as of Tor 0.2.2.24-alpha, we started - to warn about receiving duplicate votes. Resolves bug 3026. diff --git a/changes/bug3045 b/changes/bug3045 deleted file mode 100644 index 1cbcabaff6..0000000000 --- a/changes/bug3045 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor features: - - Revise most log messages that refer to nodes by nickname to - instead use the "$key=nickname at address" format. This should be - more useful, especially since nicknames are less and less likely - to be unique. Fixes bug 3045. - diff --git a/changes/bug3122_memcmp b/changes/bug3122_memcmp deleted file mode 100644 index a049476743..0000000000 --- a/changes/bug3122_memcmp +++ /dev/null @@ -1,7 +0,0 @@ - o Security fixes - - Replace all potentially sensitive memory comparison operations - with versions whose runtime does not depend on the data being - compared. This will help resist a class of attacks where an - adversary can use variations in timing information to learn - sensitive data. Fix for one case of bug 3122. (Safe memcmp - implementation by Robert Ransom based partially on code by DJB.) diff --git a/changes/bug3135 b/changes/bug3135 deleted file mode 100644 index d761123480..0000000000 --- a/changes/bug3135 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes - - Do not crash when our configuration file becomes unreadable - (usually due to a permissions change) between when we start - up and when a controller calls SAVECONF. Fixes bug 3135; - bugfix on 0.0.9pre6. - diff --git a/changes/bug3175 b/changes/bug3175 deleted file mode 100644 index 3360fbce00..0000000000 --- a/changes/bug3175 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes: - - Resolve an untriggerable issue in smartlist_string_num_isin(), - where if the function had ever in the future been used to check - for the presence of a too-large number, it would have given an - incorrect result. (Fortunately, we only used it for 16-bit - values.) Fixes bug 3175; bugfix on Tor 0.1.0.1-rc. - diff --git a/changes/bug3198 b/changes/bug3198 deleted file mode 100644 index 29c16852e1..0000000000 --- a/changes/bug3198 +++ /dev/null @@ -1,4 +0,0 @@ - o Major bugfixes: - - When we configure a new bridge via the controller, don't wait up - to ten seconds before trying to fetch its descriptor. Bugfix on - 0.2.0.3-alpha; fixes bug 3198 (suggested by 2355). diff --git a/changes/bug3200 b/changes/bug3200 deleted file mode 100644 index a80d51633e..0000000000 --- a/changes/bug3200 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes: - - When a client starts or stops using bridges, never use a circuit - that was built before the configuration change. This behavior could - put at risk a user who uses bridges to ensure that her traffic - only goes to the chosen addresses. Bugfix on 0.2.0.3-alpha; fixes - bug 3200. diff --git a/changes/bug3207 b/changes/bug3207 deleted file mode 100644 index 65a7dac1ab..0000000000 --- a/changes/bug3207 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes: - - Require that onion keys have exponent 65537 in microdescriptors too. - Fixes part of bug 3207; bugfix on 0.2.2.25-alpha - diff --git a/changes/bug3208 b/changes/bug3208 deleted file mode 100644 index fd737ba695..0000000000 --- a/changes/bug3208 +++ /dev/null @@ -1,6 +0,0 @@ - o Removed options: - - Remove undocumented option "-F" from tor-resolve: it hasn't done - anything since 0.2.1.16-rc. - - o Minor bugfixes: - - Fix warnings from GCC 4.6's "-Wunused-but-set-variable" option. diff --git a/changes/bug3213 b/changes/bug3213 deleted file mode 100644 index ab7de2d629..0000000000 --- a/changes/bug3213 +++ /dev/null @@ -1,4 +0,0 @@ - o Major bugfixes: - - Fix a crash bug when changing bridges in a running Tor process. - Fixes bug 3213; bugfix on 0.2.2.26-beta. - diff --git a/changes/bug3216 b/changes/bug3216 deleted file mode 100644 index 599b5e162f..0000000000 --- a/changes/bug3216 +++ /dev/null @@ -1,4 +0,0 @@ - o Major bugfixes: - - Don't try to build descriptors if "ORPort auto" is set and we - don't know our actual ORPort yet. Fix for bug 3216; bugfix on - 0.2.2.26-beta. diff --git a/changes/bug3228 b/changes/bug3228 deleted file mode 100644 index 4aca810d3c..0000000000 --- a/changes/bug3228 +++ /dev/null @@ -1,3 +0,0 @@ - o Major bugfixes: - - Resolve a crash that occured when setting BridgeRelay to 1 with - accounting enabled. Fixes bug 3228; bugfix on 0.2.2.18-alpha. diff --git a/changes/bug3252 b/changes/bug3252 deleted file mode 100644 index f85f633fbd..0000000000 --- a/changes/bug3252 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - Relays now log the reason for publishing a new relay descriptor, - so we have a better chance of hunting down the root cause of bug - 1810. Resolves ticket 3252. diff --git a/changes/bug3270 b/changes/bug3270 deleted file mode 100644 index b37bb983cc..0000000000 --- a/changes/bug3270 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes - - Use a wide type to hold sockets when built for 64-bit Windows builds. - Fixes bug 3270. - diff --git a/changes/bug3289 b/changes/bug3289 deleted file mode 100644 index c469796d6e..0000000000 --- a/changes/bug3289 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - Warn when the user configures two HiddenServiceDir lines that point - to the same directory. Bugfix on 0.0.6 (the version introducing - HiddenServiceDir); fixes bug 3289. - diff --git a/changes/bug3306 b/changes/bug3306 deleted file mode 100644 index f868a24af0..0000000000 --- a/changes/bug3306 +++ /dev/null @@ -1,9 +0,0 @@ - o Minor bugfixes: - - Make our crypto_rand_int() function check the value of its input - correctly. Previously, it accepted values up to UINT_MAX, but - could return a negative number if given a value above INT_MAX+1. - Found by George Kadianakis. Fixes bug 3306; bugfix on 0.2.2pre14. - - - Avoid a segfault when reading a malformed circuit build state - with more than INT_MAX entries. Found by wanoskarnet. Bugfix on - 0.2.2.4-alpha. diff --git a/changes/bug3309 b/changes/bug3309 deleted file mode 100644 index 104056d8e3..0000000000 --- a/changes/bug3309 +++ /dev/null @@ -1,13 +0,0 @@ - o Minor bugfixes: - - Clear the table recording the time of the last request for each - hidden service descriptor from each HS directory on SIGNAL - NEWNYM. Previously, we would clear our HS descriptor cache on - SIGNAL NEWNYM, but if we had previously retrieved a descriptor - (or tried to) from every directory responsible for it, we would - refuse to fetch it again for up to 15 minutes. Bugfix on - 0.2.2.25-alpha; fixes bug 3309. - - o Minor features: - - Log (at info level) when purging pieces of hidden-service-client - state on SIGNAL NEWNYM. - diff --git a/changes/bug3318 b/changes/bug3318 deleted file mode 100644 index 8a3c27825f..0000000000 --- a/changes/bug3318 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes: - - Fix a log message that said "bits" while displaying a value in - bytes. Found by wanoskarnet. Fixes bug 3318; bugfix on - 0.2.0.1-alpha. - - When checking for 1024-bit keys, check for 1024 bits, not 128 - bytes. This allows Tor to correctly discard keys of length - 1017 through 1023. Bugfix on 0.0.9pre5. diff --git a/changes/bug3321 b/changes/bug3321 deleted file mode 100644 index 3605efce2d..0000000000 --- a/changes/bug3321 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes: - - In bug 2511 we fixed a case where you could use an unconfigured - bridge if you had configured it as a bridge the last time you ran - Tor. Now fix another edge case: if you had configured it as a bridge - but then switched to a different bridge via the controller, you - would still be willing to use the old one. Bugfix on 0.2.0.1-alpha; - fixes bug 3321. diff --git a/changes/bug3369 b/changes/bug3369 deleted file mode 100644 index 9c0d0e699a..0000000000 --- a/changes/bug3369 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes: - - When asked about a DNS record type we don't support via a - client DNSPort, reply with NOTIMPL rather than an empty - reply. Patch by intrigeri. Fixes bug 3369; bugfix on 2.0.1-alpha. diff --git a/changes/bug3393 b/changes/bug3393 deleted file mode 100644 index 677bcb7be2..0000000000 --- a/changes/bug3393 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - Fix a bug when using ControlSocketsGroupWritable with User. The - directory's group would be checked against the current group, not - the configured group. Patch by Jérémy Bobbio. Fixes bug3393; bugfix - on Tor 0.2.2.26-beta.
\ No newline at end of file diff --git a/changes/bug3465-022 b/changes/bug3465-022 deleted file mode 100644 index 2d226162aa..0000000000 --- a/changes/bug3465-022 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes: - - - Add BUILDTIMEOUT_SET to the list returned by the 'GETINFO - events/names' control-port command. Bugfix on 0.2.2.9-alpha; - fixes part of bug 3465. - diff --git a/changes/bug3536 b/changes/bug3536 deleted file mode 100644 index d3cec131ba..0000000000 --- a/changes/bug3536 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - Send a SUCCEEDED stream event to the controller when a reverse - resolve succeeded. Fixes bug 3536; bugfix on 0.0.8pre1. Issue - discovered by katmagic. - diff --git a/changes/bug3577 b/changes/bug3577 deleted file mode 100644 index 6335272752..0000000000 --- a/changes/bug3577 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes: - - Allow GETINFO fingerprint to return a fingerprint even when - we have not yet built a router descriptor. Fixes bug 3577; - bugfix on 0.2.0.1-alpha. diff --git a/changes/bug3607 b/changes/bug3607 deleted file mode 100644 index 5ece21934b..0000000000 --- a/changes/bug3607 +++ /dev/null @@ -1,15 +0,0 @@ - o Minor bugfixes: - - - Write several files in text mode, on OSes that distinguish text - mode from binary mode (namely, Windows). These files are: - buffer-stats, dirreq-stats, and entry-stats on relays that collect - those statistics; client_keys and hostname files for hidden - services that use authentication; and (in the tor-gencert utility) - newly generated identity and signing keys. Previously, we - wouldn't specify text mode or binary mode, leading to an assertion - failure. Fixes bug 3607. Bugfix on 0.2.1.1-alpha (when the - DirRecordUsageByCountry option which would have triggered the - assertion failure was added), although this assertion failure - would have occurred in tor-gencert on Windows in 0.2.0.1-alpha. - - diff --git a/changes/bug3643 b/changes/bug3643 deleted file mode 100644 index 86bd920cac..0000000000 --- a/changes/bug3643 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes: - - Selectively disable deprecation warnings on OS X because Lion started - deprecating the shipped copy of openssl. Fixes bug 3643. - diff --git a/changes/bug3732 b/changes/bug3732 deleted file mode 100644 index 7a71d1aef3..0000000000 --- a/changes/bug3732 +++ /dev/null @@ -1,7 +0,0 @@ - o Major bugfixes: - - - Remove an extra pair of quotation marks around the error - message in control-port STATUS_GENERAL BUG events. Bugfix on - 0.1.2.6-alpha; fixes bug 3732. - - diff --git a/changes/bug3747 b/changes/bug3747 deleted file mode 100644 index 052dab1bd0..0000000000 --- a/changes/bug3747 +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfixes: - - Write control ports to disk only after switching UID and - creating the data directory. This way, we don't fail when - starting up with a nonexistant DataDirectory and a - ControlPortWriteToFile setting based on that directory. Fixes - bug 3747; bugfix on Tor 0.2.2.26-beta.
\ No newline at end of file diff --git a/changes/bug3894 b/changes/bug3894 deleted file mode 100644 index 4c2220aba8..0000000000 --- a/changes/bug3894 +++ /dev/null @@ -1,4 +0,0 @@ - o Build fixes: - - Clean up some code issues that prevented Tor from building on older - BSDs. Fixes bug 3894; reported by grarpamp. - diff --git a/changes/bug3898a b/changes/bug3898a deleted file mode 100644 index d40445e340..0000000000 --- a/changes/bug3898a +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes: - - Correct the man page to explain that HashedControlPassword and - CookieAuthentication can both be set, in which case either method - is sufficient to authenticate to Tor. Bugfix on 0.2.0.7-alpha, - when we decided to allow these config options to both be set. Issue - raised by bug 3898. diff --git a/changes/bug3909 b/changes/bug3909 deleted file mode 100644 index 0b4b292030..0000000000 --- a/changes/bug3909 +++ /dev/null @@ -1,3 +0,0 @@ - o Build fixes: - - Search for a platform-specific version of "ar" when cross-compiling. - Should fix builds on iOS. Found by Marco Bonetti. diff --git a/changes/bug3923 b/changes/bug3923 deleted file mode 100644 index 9c0e138826..0000000000 --- a/changes/bug3923 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfies: - - Avoid an assertion failure when reloading a configuration with - TrackExitHosts changes. Found and fixed by 'laruldan'. Fixes - bug 3923; bugfix on 0.2.2.25-alpha. - diff --git a/changes/bug3963 b/changes/bug3963 deleted file mode 100644 index 2fc44a095c..0000000000 --- a/changes/bug3963 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - When configuring, starting, or stopping an NT service, stop - immediately after the service configuration attempt has succeeded - or failed. Fixes bug3963; bugfix on 0.2.0.7-alpha. - diff --git a/changes/bug4012_022 b/changes/bug4012_022 deleted file mode 100644 index f101db5535..0000000000 --- a/changes/bug4012_022 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (documentation): - - Document the GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays - directory authority option (introduced in Tor 0.2.2.34). diff --git a/changes/bug4014 b/changes/bug4014 deleted file mode 100644 index 9c20c6c337..0000000000 --- a/changes/bug4014 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Adjust the expiration time on our SSL session certificates to - better match SSL certs seen in the wild. Resolves ticket 4014. diff --git a/changes/bug4059 b/changes/bug4059 deleted file mode 100644 index 82a4b1a10c..0000000000 --- a/changes/bug4059 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - Change an integer overflow check in the OpenBSD_Malloc code so - that GCC is less likely to eliminate it as impossible. Patch - from Mansour Moufid. Fixes bug 4059. - diff --git a/changes/bug4115 b/changes/bug4115 deleted file mode 100644 index 626791a806..0000000000 --- a/changes/bug4115 +++ /dev/null @@ -1,7 +0,0 @@ - o Security fixes: - - Bridge relays now do their directory fetches inside Tor TLS - connections, like all the other clients do, rather than connecting - directly to the DirPort like public relays do. Removes another - avenue for enumerating bridges. Fixes part of bug 4115; bugfix - on 0.2.0.35. - diff --git a/changes/bug4124 b/changes/bug4124 deleted file mode 100644 index abe93ccdd8..0000000000 --- a/changes/bug4124 +++ /dev/null @@ -1,6 +0,0 @@ - o Security fixes: - - Bridges relays now build circuits for themselves in a more similar - way to how clients build them. Removes another avenue for - enumerating bridges. Fixes bug 4124; bugfix on 0.2.0.3-alpha, - when bridges were introduced. - diff --git a/changes/bug4201 b/changes/bug4201 deleted file mode 100644 index 6f7d715af2..0000000000 --- a/changes/bug4201 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - Bridges now skip DNS self-tests, to act a little more stealthily. - Fixes bug 4201; bugfix on 0.2.0.3-alpha, which first introduced - bridges. Patch by "warms0x". - diff --git a/changes/bug4212 b/changes/bug4212 deleted file mode 100644 index 6222a59978..0000000000 --- a/changes/bug4212 +++ /dev/null @@ -1,13 +0,0 @@ - o Major bugfixes: - - - Don't launch a useless circuit after failing to use one of a - hidden service's introduction points. Previously, we would - launch a new introduction circuit, but not set the hidden - service which that circuit was intended to connect to, so it - would never actually be used. A different piece of code would - then create a new introduction circuit correctly, so this bug - was harmless until it caused an assertion in the client-side - part of the #3825 fix to fail. Bug reported by katmagic and - found by Sebastian Hahn. Bugfix on 0.2.1.13-alpha; fixes bug - 4212. - diff --git a/changes/bug4230 b/changes/bug4230 deleted file mode 100644 index c1ba5847fc..0000000000 --- a/changes/bug4230 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - Resolve an integer overflow bug in smartlist_ensure_capacity. - Fixes bug 4230; bugfix on Tor 0.1.0.1-rc. Based on a patch by - Mansour Moufid. - diff --git a/changes/bug4251 b/changes/bug4251 deleted file mode 100644 index 303c9e6364..0000000000 --- a/changes/bug4251 +++ /dev/null @@ -1,8 +0,0 @@ - o Minor bugfixes: - - - When a hidden service turns an extra service-side introduction - circuit into a general-purpose circuit, free the rend_data and - intro_key fields first, so they won't be leaked if the circuit - is cannibalized for use as another service-side introduction - circuit. Bugfix on 0.2.1.7-alpha; fixes bug 4251. - diff --git a/changes/bug4259 b/changes/bug4259 deleted file mode 100644 index bfccd3aee8..0000000000 --- a/changes/bug4259 +++ /dev/null @@ -1,4 +0,0 @@ - o Major bugfixes: - - Fix a crash bug when changing node restrictions while a DNS lookup - is in-progress. Fixes bug 4259; bugfix on 0.2.2.25-alpha. Bugfix - by "Tey'". diff --git a/changes/bug4299 b/changes/bug4299 deleted file mode 100644 index c43d81460a..0000000000 --- a/changes/bug4299 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfix: - - Do not process cells on a marked-for-close connection. We previously - avoided this by not calling read handlers on marked connections, but - that's not adequate for the case when cells are very small. Fixes - bug 4299; bugfix on 0.2.0.20-rc which first made small cells possible. diff --git a/changes/bug4309 b/changes/bug4309 deleted file mode 100644 index f4f910e7ff..0000000000 --- a/changes/bug4309 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - Remove a confusing dollar sign from the example fingerprint in the - man page, and also make example fingerprint a valid one. Fixes bug - 4309; bugfix on 0.2.1.3-alpha. - diff --git a/changes/bug4331 b/changes/bug4331 deleted file mode 100644 index 011238a962..0000000000 --- a/changes/bug4331 +++ /dev/null @@ -1,4 +0,0 @@ - o Trivial fixes: - - Fixed a typo in a hibernation-related log message. Fixes bug 4331; - bugfix on 0.2.2.23-alpha; found by "tmpname0901". - diff --git a/changes/bug4340 b/changes/bug4340 deleted file mode 100644 index 08098b1cd5..0000000000 --- a/changes/bug4340 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes: - - Don't crash when we're running as a relay and don't have a geoip - file. Bugfix on tor-0.2.2.34; fixes bug 4340. This backports a fix - we've had in master already. - diff --git a/changes/bug4349 b/changes/bug4349 deleted file mode 100644 index 633916bdfd..0000000000 --- a/changes/bug4349 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes: - - When sending a NETINFO cell, include the original address - received for the other side, not its canonical address. Found - by "troll_un"; fixes bug 4349; bugfix on 0.2.0.10-alpha. diff --git a/changes/bug4353 b/changes/bug4353 deleted file mode 100644 index 5e80c902c8..0000000000 --- a/changes/bug4353 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes: - - When running as client without a geoip database, do not print a - misleading (and plain wrong) log message that we're collecting - dirreq statistics - we're not collecting statistics as clients. - Also don't create a useless (because empty) stats file in the - stats/ directory. Fixes bug 4353, bugfix on 0.2.2.34. - diff --git a/changes/bug4383 b/changes/bug4383 deleted file mode 100644 index e618b8c8fb..0000000000 --- a/changes/bug4383 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - Fix a memleak in launch_direct_bridge_descriptor_fetch() that - occured when a client tried to fetch a descriptor for a bridge - in ExcludeNodes. Fixes #4383; bugfix on 0.2.2.25-alpha. - diff --git a/changes/bug4410 b/changes/bug4410 deleted file mode 100644 index f42893adf4..0000000000 --- a/changes/bug4410 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes: - - Correctly sanity-check that we don't underflow on a memory allocation - for introduction point decryption. Bug discovered by Dan Rosenberg. - Fixes bug 4410; bugfix on 0.2.1.5-alpha. - diff --git a/changes/bug4424 b/changes/bug4424 deleted file mode 100644 index 443625dca6..0000000000 --- a/changes/bug4424 +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfixes - - - Don't leak memory when we check whether a hidden service - descriptor has any usable introduction points left. Fixes bug - 4424. Bugfix on 0.2.2.25-alpha. - diff --git a/changes/bug4426 b/changes/bug4426 deleted file mode 100644 index 1322243d09..0000000000 --- a/changes/bug4426 +++ /dev/null @@ -1,8 +0,0 @@ - o Minor features: - - - When Tor ignores a hidden service specified in its - configuration, include the hidden service's directory in the - warning message. Previously, we would only tell the user that - some hidden service was ignored. Bugfix on 0.0.6; fixes bug - 4426. - diff --git a/changes/bug4437 b/changes/bug4437 deleted file mode 100644 index 985c670b15..0000000000 --- a/changes/bug4437 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - Don't warn about unused log_mutex in log.c when building with - --disable-threads using a recent GCC. Fixes bug 4437; bugfix on - 0.1.0.6-rc which introduced --disable-threads. - diff --git a/changes/bug4457 b/changes/bug4457 deleted file mode 100644 index fe7c95ff80..0000000000 --- a/changes/bug4457 +++ /dev/null @@ -1,9 +0,0 @@ - o Minor bugfixes: - - Initialize Libevent with the EVENT_BASE_FLAG_NOLOCK flag enabled, so - that it doesn't attempt to allocate a socketpair. This could cause - some problems on windows systems with overzealous firewalls. Fix for - bug 4457; workaround for Libevent versions 2.0.1-alpha through - 2.0.15-stable. - - - Detect failure to initialize Libevent. Better detection for bug 4457. - diff --git a/changes/bug4518 b/changes/bug4518 deleted file mode 100644 index 8dcb93bf72..0000000000 --- a/changes/bug4518 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (performance): - - Avoid frequent calls to the fairly expensive cull_wedged_cpuworkers - function. This was eating up hideously large amounts of time on some - busy servers. Fixes bug 4518. diff --git a/changes/bug4521 b/changes/bug4521 deleted file mode 100644 index 9b0bae9b00..0000000000 --- a/changes/bug4521 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes: - - Backport fixes for a pair of compilation warnings on Windows. - Fixes bug 4521; bugfix on 0.2.2.28-beta and on 0.2.2.29-beta. diff --git a/changes/bug4529 b/changes/bug4529 deleted file mode 100644 index 89d10b2f6b..0000000000 --- a/changes/bug4529 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bufixes: - - If we had ever tried to call tor_addr_to_str on an address of - unknown type, we would have done a strdup on an uninitialized - buffer. Now we won't. Fixes bug 4529; bugfix on 0.2.1.3-alpha. - Reported by "troll_un". diff --git a/changes/bug4530 b/changes/bug4530 deleted file mode 100644 index 7cd4726e57..0000000000 --- a/changes/bug4530 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes: - - - Correctly detect and handle transient lookup failures from - tor_addr_lookup. Fixes bug 4530; bugfix on 0.2.1.5-alpha. - Reported by "troll_un". - diff --git a/changes/bug4531 b/changes/bug4531 deleted file mode 100644 index 6209f9a058..0000000000 --- a/changes/bug4531 +++ /dev/null @@ -1,4 +0,0 @@ - o Major bugfixes: - - Fix null-pointer access that could occur if TLS allocation failed. - Fixes bug 4531; bugfix on 0.2.0.20-rc. Found by "troll_un". - diff --git a/changes/bug4533_part2 b/changes/bug4533_part2 deleted file mode 100644 index 7e0f7c313e..0000000000 --- a/changes/bug4533_part2 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes: - - Fix the SOCKET_OK test that we use to tell when socket - creation fails so that it works on Win64. Fixes part of bug - 4533; bugfix on 0.2.2.29-beta. Bug found by wanoskarnet. - diff --git a/changes/bug4535 b/changes/bug4535 deleted file mode 100644 index 57ced29d0b..0000000000 --- a/changes/bug4535 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes: - - Use tor_socket_t type for listener argument to accept(). Fixes bug - 4535; bugfix on 0.2.2.28-beta. Found by "troll_un". diff --git a/changes/bug4786 b/changes/bug4786 deleted file mode 100644 index 7c1c60f632..0000000000 --- a/changes/bug4786 +++ /dev/null @@ -1,9 +0,0 @@ - - Feature removal: - - When sending or relaying a RELAY_EARLY cell, we used to convert - it to a RELAY cell if the connection was using the v1 link - protocol. This was a workaround for older versions of Tor, which - didn't handle RELAY_EARLY cells properly. Now that all supported - versions can handle RELAY_EARLY cells, and now that we're - enforcing the "no RELAY_EXTEND commands except in RELAY_EARLY - cells" rule, we're removing this workaround. Addresses bug 4786. - diff --git a/changes/bug4788 b/changes/bug4788 deleted file mode 100644 index d65c0015a0..0000000000 --- a/changes/bug4788 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor features (directory server): - - Directory servers now reject versions of Tor older than 0.2.1.30, - and Tor versions between 0.2.2.1-alpha and 0.2.2.20-alpha - (inclusive). These versions accounted for only a small fraction of - the Tor network, and have numerous known security issues. Resolves - issue #4788. diff --git a/changes/bug4803 b/changes/bug4803 deleted file mode 100644 index cd25266c75..0000000000 --- a/changes/bug4803 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes: - - Correctly spell "connect" in a log message when creating a controlsocket - fails. Fixes bug 4803; bugfix on 0.2.2.26-beta/0.2.3.2-alpha. - diff --git a/changes/bug4822 b/changes/bug4822 deleted file mode 100644 index 73f43f0452..0000000000 --- a/changes/bug4822 +++ /dev/null @@ -1,13 +0,0 @@ - o Major security workaround: - - When building or running with any version of OpenSSL earlier - than 0.9.8s or 1.0.0f, disable SSLv3 support. These versions had - a bug (CVE-2011-4576) in which their block cipher padding - included uninitialized data, potentially leaking sensitive - information to any peer with whom they made a SSLv3 - connection. Tor does not use SSL v3 by default, but a hostile - client or server could force an SSLv3 connection in order to - gain information that they shouldn't have been able to get. The - best solution here is to upgrade to OpenSSL 0.9.8s or 1.0.0f (or - later). But when building or running with a non-upgraded - OpenSSL, we should instead make sure that the bug can't happen - by disabling SSLv3 entirely. diff --git a/changes/bug4856 b/changes/bug4856 deleted file mode 100644 index fa284a09f5..0000000000 --- a/changes/bug4856 +++ /dev/null @@ -1,3 +0,0 @@ - o Trivial bugfixes - - Fix a typo in a log message in rend_service_rendezvous_has_opened(). - Fixes bug 4856; bugfix on Tor 0.0.6. diff --git a/changes/bug5005 b/changes/bug5005 deleted file mode 100644 index 04d8dfe6a5..0000000000 --- a/changes/bug5005 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes: - - Update "ClientOnly" man page entry to explain that there isn't - really any point to messing with it. Resolves ticket 5005. diff --git a/changes/bug5065 b/changes/bug5065 deleted file mode 100644 index d195313623..0000000000 --- a/changes/bug5065 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes: - - Fix build if path to sed, openssl or sha1sum contains spaces. - This is pretty common on Windows. Fixes bug 5065; bugfix on - 0.2.2.1-alpha. - diff --git a/changes/bug5067 b/changes/bug5067 deleted file mode 100644 index d94b921ce9..0000000000 --- a/changes/bug5067 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (usability): - - Downgrade the "We're missing a certificate" message from notice - to info: people kept mistaking it for a real problem, whereas it - is only a problem when we are failing to bootstrap. Fixes bug - 5067; bugfix on 0.2.10-alpha. diff --git a/changes/bug5090 b/changes/bug5090 deleted file mode 100644 index d47858cb11..0000000000 --- a/changes/bug5090 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes: - - Detect and reject certain misformed escape sequences in configuration - values. Previously, these values would cause us to crash if received - in a torrc file or over an (authenticated) control port. Bug found by - Esteban Manchado Velázquez. Patch by Alexander Schrijver. Fix for - bug 5090; bugfix on 0.2.0.16-alpha. - diff --git a/changes/bug5259 b/changes/bug5259 deleted file mode 100644 index bdada586e9..0000000000 --- a/changes/bug5259 +++ /dev/null @@ -1,3 +0,0 @@ - o Documentation fixes: - - Clarify the behavior of MaxCircuitDirtiness with hidden service - circuits. Fix for issue 5259. diff --git a/changes/bug5283 b/changes/bug5283 deleted file mode 100644 index f0325cf26c..0000000000 --- a/changes/bug5283 +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfixes: - - Fix an edge case where if we fetch or publish a hidden service - descriptor, we might build a 4-hop circuit and then use that circuit - for exiting afterwards -- even if the new last hop doesn't obey our - ExitNodes config option. Fixes bug 5283; bugfix on 0.2.0.10-alpha. - diff --git a/changes/bug5340 b/changes/bug5340 deleted file mode 100644 index 708988af08..0000000000 --- a/changes/bug5340 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes: - - Fix a compile warning when using the --enable-openbsd-malloc configure - option. Fixes bug 5340; bugfix on 0.2.0.20-rc. diff --git a/changes/bug5342 b/changes/bug5342 deleted file mode 100644 index b2ae4515a9..0000000000 --- a/changes/bug5342 +++ /dev/null @@ -1,3 +0,0 @@ - o Security fixes: - - Never use a bridge as an exit, even if it claims to be one. Found by - wanoskarnet. Fixes bug 5342. Bugfix on ????. diff --git a/changes/bug5343 b/changes/bug5343 deleted file mode 100644 index e4e14897f6..0000000000 --- a/changes/bug5343 +++ /dev/null @@ -1,7 +0,0 @@ - o Security fixes: - - Only build circuits if we have a sufficient threshold of the total - descriptors marked in the consensus with the "Exit" flag. This - mitigates an attack proposed by wanoskarnet, in which all of a - client's bridges collude to restrict the exit nodes that the - client knows about. Fixes bug 5343. - diff --git a/changes/bug5346 b/changes/bug5346 deleted file mode 100644 index 3d21f90144..0000000000 --- a/changes/bug5346 +++ /dev/null @@ -1,8 +0,0 @@ - o Minor bugfixes: - - Correct parsing of certain date types in parse_http_time(). - Without this patch, If-Modified-Since would behave - incorrectly. Fix for bug 5346; bugfix on 0.2.0.2-alpha. Patch from - Esteban Manchado Velázques. - - Reject out-of-range times like 23:59:61. Fix for bug 5346; - bugfix on 0.0.8pre3. - diff --git a/changes/bug5593 b/changes/bug5593 deleted file mode 100644 index 358e8de60d..0000000000 --- a/changes/bug5593 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes: - - When sending an HTTP/1.1 proxy request, include a Host header. - Fixes bug 5593; bugfix on 0.2.2.1-alpha. diff --git a/changes/bug5644 b/changes/bug5644 deleted file mode 100644 index a390eba996..0000000000 --- a/changes/bug5644 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes - - Prevent a client-side assertion failure when receiving an - INTRODUCE2 cell by an exit relay, in a general purpose - circuit. Fixes bug 5644; bugfix on tor-0.2.1.6-alpha - diff --git a/changes/bug5647 b/changes/bug5647 deleted file mode 100644 index 92f41c8559..0000000000 --- a/changes/bug5647 +++ /dev/null @@ -1,4 +0,0 @@ - o Major bugfixes: - - Avoid logging uninitialized data when unable to decode a hidden - service descriptor cookie. Fixes bug 5647; bugfix on 0.2.1.5-alpha. - diff --git a/changes/bug5650 b/changes/bug5650 new file mode 100644 index 0000000000..401e317074 --- /dev/null +++ b/changes/bug5650 @@ -0,0 +1,5 @@ + o Major bugfixes: + - Avoid a bug where our response to TLS renegotation under certain + network conditions could lead to a busy-loop, with 100% CPU + consumption. Fixes bug 5650; bugfix on 0.2.0.16-alpha. + diff --git a/changes/bug5760 b/changes/bug5760 deleted file mode 100644 index a26407b588..0000000000 --- a/changes/bug5760 +++ /dev/null @@ -1,3 +0,0 @@ - o Major bugfixes: - - End AUTHCHALLENGE error response messages with a CRLF. Fixes bug 5760; - bugfix on 0.2.3.16-alpha, and backported to maint-0.2.2 diff --git a/changes/bug5786_range b/changes/bug5786_range deleted file mode 100644 index 40ac4d2467..0000000000 --- a/changes/bug5786_range +++ /dev/null @@ -1,8 +0,0 @@ - o Minor bugfixes: - - Make our number-parsing functions always treat too-large values - as an error, even when those values exceed the width of the - underlying type. Previously, if the caller provided these - functions with minima or maxima set to the extreme values of the - underlying integer type, these functions would return those - values on overflow rather than treating overflow as an error. - Fix for part of bug 5786; bugfix on Tor 0.0.9.
\ No newline at end of file diff --git a/changes/bug5796 b/changes/bug5796 deleted file mode 100644 index b92659f74a..0000000000 --- a/changes/bug5796 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (controller): - - Fix a NULL-pointer derefernce on a badly formed - SETCIRCUITPURPOSE command. Found by mikeyc. Fixes bug 5796; - bugfix on 0.2.2.9-alpha. diff --git a/changes/bug5969_022 b/changes/bug5969_022 deleted file mode 100644 index 57c8744267..0000000000 --- a/changes/bug5969_022 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes - - Fix a build warning with Clang 3.1 related to our use of vasprint. - Fix for bug 5969. Bugfix on 0.2.2.11-alpha. - - o Compilation improvements: - - Tell GCC and Clang to check for any errors in format strings passed - to the tor_v*(print|scan)f functions. diff --git a/changes/bug6007 b/changes/bug6007 deleted file mode 100644 index 4e815754aa..0000000000 --- a/changes/bug6007 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes (security): - - When waiting for a client to renegotiate, don't allow it to add - any bytes to the input buffer. This fixes a DoS issue. Fix for - bugs 6007 and 5934; bugfix on 0.2.0.20-rc. - diff --git a/changes/bug6024 b/changes/bug6024 new file mode 100644 index 0000000000..743e6ef1fe --- /dev/null +++ b/changes/bug6024 @@ -0,0 +1,2 @@ + o Documentation fixes: + - Clarify that hidden services are TCP only. Fixes bug 6024. diff --git a/changes/bug6033 b/changes/bug6033 deleted file mode 100644 index 56cffd68b7..0000000000 --- a/changes/bug6033 +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfixes: - - Work around a bug in OpenSSL that broke renegotiation with - TLS 1.1 and TLS 1.2. Without this workaround, all attempts - to speak the v2 Tor network protocol when both sides were - using OpenSSL 1.0.1 would fail. Fix for bug 6033, which is - not a bug in Tor. diff --git a/changes/bug6043 b/changes/bug6043 new file mode 100644 index 0000000000..b88bafb788 --- /dev/null +++ b/changes/bug6043 @@ -0,0 +1,6 @@ + o Packaging (RPM): + - Our default RPM spec files have been updated to work with mock + and rpmbuild on RHEL/Fedora. They have an updated set of + dependencies and conflicts, a fix for an ancient typo when creating + the "_tor" user, and better instructions. Thanks to Ondrej + Mikle for the patch series; fix for bug 6043. diff --git a/changes/bug6094 b/changes/bug6094 deleted file mode 100644 index 835d127dad..0000000000 --- a/changes/bug6094 +++ /dev/null @@ -1,8 +0,0 @@ - o Major bugfixes: - - - Send a CRLF at the end of each STATUS_* control-port event. A - change introduced in 0.2.3.16-alpha caused Tor to emit the CRLF - in the middle of a STATUS_* event; among other things, this - caused Vidalia to freeze. Fixes bug 6094; bugfix on - 0.2.3.16-alpha. - diff --git a/changes/bug6218 b/changes/bug6218 new file mode 100644 index 0000000000..5d5d108b00 --- /dev/null +++ b/changes/bug6218 @@ -0,0 +1,3 @@ + o Minor bugfixes: + - Fix wrong TCP port range in parse_port_range(). Fixes bug 6218; + bugfix on 0.2.1.10-alpha. diff --git a/changes/bug6244_part_c b/changes/bug6244_part_c new file mode 100644 index 0000000000..dea6e7b69e --- /dev/null +++ b/changes/bug6244_part_c @@ -0,0 +1,6 @@ + o Major bugfixes (controller): + - Make wildcarded addresses (that is, ones beginning with *.) work when + provided via the controller's MapAddress command. Previously, they + were accepted, but we never actually noticed that they were wildcards. + Fix for bug 6244; bugfix on 0.2.3.9-alpha. + diff --git a/changes/bug6251 b/changes/bug6251 new file mode 100644 index 0000000000..c782a93e49 --- /dev/null +++ b/changes/bug6251 @@ -0,0 +1,6 @@ + o Minor bugfixes: + - Downgrade "set buildtimeout to low value" messages to INFO + severity; they were never an actual problem, there was never + anything reasonable to do about them, and they tended to spam + logs from time to time. Fix for bug 6251; bugfix on + 0.2.2.2-alpha.
\ No newline at end of file diff --git a/changes/bug6252_again b/changes/bug6252_again new file mode 100644 index 0000000000..f7fd00cb38 --- /dev/null +++ b/changes/bug6252_again @@ -0,0 +1,11 @@ + o Security fixes: + - Tear down the circuit if we get an unexpected SENDME cell. Clients + could use this trick to make their circuits receive cells faster + than our flow control would have allowed, or to gum up the network, + or possibly to do targeted memory denial-of-service attacks on + entry nodes. Fixes bug 6252. Bugfix on the 54th commit on Tor -- + from July 2002, before the release of Tor 0.0.0. We had committed + this patch previously, but we had to revert it because of bug 6271. + Now that 6271 is fixed, this appears to work. + + diff --git a/changes/bug6271 b/changes/bug6271 new file mode 100644 index 0000000000..06b129f73f --- /dev/null +++ b/changes/bug6271 @@ -0,0 +1,7 @@ + o Major bugfixes + + - Fix a bug handling SENDME cells on nonexistent streams that + could result in bizarre window values. Report and patch + contributed pseudymously. Fixes part of bug 6271. This bug + was introduced before the first Tor release, in svn commit + r152. diff --git a/changes/bug6274 b/changes/bug6274 new file mode 100644 index 0000000000..ad1abcde54 --- /dev/null +++ b/changes/bug6274 @@ -0,0 +1,3 @@ + o Minor bugfixes: + - Ignore ServerTransportPlugin lines when Tor is not configured as + a relay. Fixes bug 6274; bugfix on 0.2.3.6-alpha. diff --git a/changes/bug6274_2 b/changes/bug6274_2 new file mode 100644 index 0000000000..89576f9328 --- /dev/null +++ b/changes/bug6274_2 @@ -0,0 +1,3 @@ + o Minor features: + - Terminate active server managed proxies if Tor stops being a + relay. Addresses parts of bug 6274; bugfix on 0.2.3.6-alpha. diff --git a/changes/bug6296 b/changes/bug6296 new file mode 100644 index 0000000000..b452b1745d --- /dev/null +++ b/changes/bug6296 @@ -0,0 +1,4 @@ + o Minor bugfixes: + + - Instead of ENOBUFS on Windows, say WSAENOBUFS. Fixes + compilation on Windows. Fixes bug 6296; bugfix on 0.2.3.18-rc. diff --git a/changes/bug6341 b/changes/bug6341 new file mode 100644 index 0000000000..04e52c7cd3 --- /dev/null +++ b/changes/bug6341 @@ -0,0 +1,5 @@ + o Major bugfixes: + - Fix a possible crash bug when checking for deactivated circuits + in connection_or_flush_from_first_active_circuit(). Fixes bug + 6341; bugfix on 0.2.2.7-alpha. Bug report and fix received + pseudonymously. diff --git a/changes/bug6377 b/changes/bug6377 new file mode 100644 index 0000000000..a3a3672783 --- /dev/null +++ b/changes/bug6377 @@ -0,0 +1,4 @@ + o Testing: + - Make it possible to set the TestingTorNetwork configuration + option using AlternateDirAuthority and AlternateBridgeAuthority + as an alternative to setting DirServer. diff --git a/changes/bug6379 b/changes/bug6379 new file mode 100644 index 0000000000..1f2b6941cd --- /dev/null +++ b/changes/bug6379 @@ -0,0 +1,6 @@ + o Minor bugfixes: + - Fix build warnings from --enable-openbsd-malloc with gcc warnings + enabled. Fixes bug 6379. + - Fix 64-bit warnings from --enable-openbsd-malloc. Fixes bug 6379. + Bugfix on 0.2.0.20-rc. + diff --git a/changes/bug6387 b/changes/bug6387 new file mode 100644 index 0000000000..73fc4f7cfe --- /dev/null +++ b/changes/bug6387 @@ -0,0 +1,3 @@ + o Documentation: + - Clarify the documentation for the Alternate*Authority options. + Fixes bug 6387. diff --git a/changes/bug6397 b/changes/bug6397 new file mode 100644 index 0000000000..23d8359bd2 --- /dev/null +++ b/changes/bug6397 @@ -0,0 +1,4 @@ + o Major bugfixes: + - When disabling guards for having too high a proportion of failed + circuits, make sure to look at each guard. Fix for bug 6397; bugfix + on 0.2.3.17-beta. diff --git a/changes/bug6404 b/changes/bug6404 new file mode 100644 index 0000000000..948f00b92e --- /dev/null +++ b/changes/bug6404 @@ -0,0 +1,16 @@ + o Minor bugfixes: + + - Remove the maximum length of microdescriptor we are willing to + generate. Occasionally this is needed for routers + with complex policies or family declarations. Partial fix for + bug 6404; fix on 0.2.2.6-alpha. + + - Authorities no longer include any router in their + microdescriptor consensuses for which they couldn't generate or + agree on a microdescriptor. Partial fix for bug 6404; fix on + 0.2.2.6-alpha. + + - Move log message when unable to find a microdesc in a + routerstatus entry to parse time. Previously we'd spam this + warning every time we tried to figure out which microdescriptors + to download. Partial fix for bug 6404; fix on 0.2.3.18-rc. diff --git a/changes/bug6423 b/changes/bug6423 new file mode 100644 index 0000000000..2ea4f1410d --- /dev/null +++ b/changes/bug6423 @@ -0,0 +1,3 @@ + o Minor features: + - Consider new, removed or changed IPv6 OR ports a non cosmetic + change. diff --git a/changes/bug6436 b/changes/bug6436 new file mode 100644 index 0000000000..2c163df105 --- /dev/null +++ b/changes/bug6436 @@ -0,0 +1,3 @@ + o Minor features: + - Provide a better error message about possible OSX Asciidoc failure + reasons. Fix for bug 6436. diff --git a/changes/bug6472 b/changes/bug6472 new file mode 100644 index 0000000000..dcd42ebe68 --- /dev/null +++ b/changes/bug6472 @@ -0,0 +1,4 @@ + o Minor bugfixes: + - Avoid a pair of double-free and use-after-mark bugs that can + occur with certain timings in canceled and re-received DNS + requests. Fix for bug 6472; bugfix on 0.0.7rc1. diff --git a/changes/bug6475 b/changes/bug6475 new file mode 100644 index 0000000000..67bab99622 --- /dev/null +++ b/changes/bug6475 @@ -0,0 +1,6 @@ + o Minor bugfixes: + - Add internal circuit construction state to protect against + the noisy warn message "Unexpectedly high circuit_successes". + Also add some additional rate-limited notice messages to help + determine the root cause of the warn. Fixes bug 6475. + Bugfix against 0.2.3.17-beta. diff --git a/changes/bug6480 b/changes/bug6480 new file mode 100644 index 0000000000..83ae00b251 --- /dev/null +++ b/changes/bug6480 @@ -0,0 +1,5 @@ + o Major bugfixes: + - Avoid read-from-freed-RAM bug and related double-free bug that + could occur when a DNS request fails while launching it. Fixes + bug 6480; bugfix on 0.2.0.1-alpha. + diff --git a/changes/bug6490 b/changes/bug6490 new file mode 100644 index 0000000000..c92daad8f4 --- /dev/null +++ b/changes/bug6490 @@ -0,0 +1,4 @@ + o Minor features: + - Warn when Tor is configured to use accounting in a way that will + link a hidden service to some other hidden service or public + address. Fix for bug 6490. diff --git a/changes/bug6500 b/changes/bug6500 new file mode 100644 index 0000000000..cac2054a3a --- /dev/null +++ b/changes/bug6500 @@ -0,0 +1,2 @@ + o Minor bugfixes: + - Fix some typos in the manpages. Patch from A. Costa. Fixes bug 6500. diff --git a/changes/bug6507 b/changes/bug6507 new file mode 100644 index 0000000000..89940cbf7b --- /dev/null +++ b/changes/bug6507 @@ -0,0 +1,15 @@ + o Major bugfixes: + - Detect 'ORPort 0' as meaning, uniformly, that we're not running + as a server. Previously, some of our code would treat the + presence of any ORPort line as meaning that we should act like a + server, even though our new listener code would correctly not + open any ORPorts for ORPort 0. Similar bugs in other Port + options are also fixed. Fixes bug 6507; bugfix on 0.2.3.3-alpha. + + o Minor features: + + - Detect and reject attempts to specify both 'FooPort' and + 'FooPort 0' in the same configuration domain. (It's still okay + to have a FooPort in your configuration file,and use 'FooPort 0' + on the command line to disable it.) Fixes another case of + bug6507; bugfix on 0.2.3.3-alpha. diff --git a/changes/bug6514 b/changes/bug6514 new file mode 100644 index 0000000000..84633bd279 --- /dev/null +++ b/changes/bug6514 @@ -0,0 +1,5 @@ + o Minor bugfixes: + - Add a (probably redundant) memory clear between iterations of + the router status voting loop, to prevent future coding errors + where data might leak between iterations of the loop. Resolves + ticket 6514. diff --git a/changes/bug6710 b/changes/bug6710 new file mode 100644 index 0000000000..2c89346114 --- /dev/null +++ b/changes/bug6710 @@ -0,0 +1,6 @@ + o Major bugfixes (security): + - Reject any attempt to extend to an internal address. Without + this fix, a router could be used to probe addresses on an + internal network to see whether they were accepting + connections. Fix for bug 6710; bugfix on 0.0.8pre1. + diff --git a/changes/bug6732 b/changes/bug6732 new file mode 100644 index 0000000000..7a744e014a --- /dev/null +++ b/changes/bug6732 @@ -0,0 +1,3 @@ + o Documentation: + - Add missing documentation for consensus and microdesc files. Fix for + bug 6732. diff --git a/changes/bug6743 b/changes/bug6743 new file mode 100644 index 0000000000..6ec78f853a --- /dev/null +++ b/changes/bug6743 @@ -0,0 +1,9 @@ + o Minor bugfixes: + - Allow one-hop directory fetching circuits the full "circuit build + timeout" period, rather than just half of it, before failing them + and marking the relay down. This fix should help reduce cases where + clients declare relays (or worse, bridges) unreachable because + the TLS handshake takes a few seconds to complete. Fixes bug 6743; + bugfix on 0.2.2.2-alpha, where we changed the timeout from a static + 30 seconds. + diff --git a/changes/bug6774 b/changes/bug6774 new file mode 100644 index 0000000000..0c137fd678 --- /dev/null +++ b/changes/bug6774 @@ -0,0 +1,4 @@ + o Minor bugfixes: + - Avoid crashing on a malformed state file where EntryGuardPathBias + precedes EntryGuard. Fix for bug 6774; bugfix on 0.2.3.17-beta. + diff --git a/changes/bug6801 b/changes/bug6801 new file mode 100644 index 0000000000..ef21acc98f --- /dev/null +++ b/changes/bug6801 @@ -0,0 +1,5 @@ + o Minor bugfixes: + - Avoid segfault when starting up having run with an extremely old + version of Tor and parsing its state file. Fixes bug 6801; bugfix on + 0.2.2.23-alpha. + diff --git a/changes/bug6827 b/changes/bug6827 new file mode 100644 index 0000000000..bf71d2b97c --- /dev/null +++ b/changes/bug6827 @@ -0,0 +1,9 @@ + o Minor bugfixes: + + - Avoid undefined behaviour when parsing the list of supported + rendezvous/introduction protocols in a hidden service + descriptor. Previously, Tor would have confused (as-yet-unused) + protocol version numbers greater than 32 with lower ones on many + platforms. Fixes bug 6827; bugfix on 0.2.0.10-alpha; found by + George Kadianakis. + diff --git a/changes/bug6844 b/changes/bug6844 new file mode 100644 index 0000000000..338e19d9a5 --- /dev/null +++ b/changes/bug6844 @@ -0,0 +1,4 @@ + o Minor bugfixes: + - Correct file sizes when reading binary files on + Cygwin, to avoid a bug where Tor would fail to read its state file. + Fixes bug 6844; bugfix on 0.1.2.7-alpha. diff --git a/changes/bug6866 b/changes/bug6866 new file mode 100644 index 0000000000..561676b765 --- /dev/null +++ b/changes/bug6866 @@ -0,0 +1,4 @@ + o Minor bugfixes: + - Convert an assert in the pathbias code to a log message. Assert + appears to only be triggerable by Tor2Web mode. Fixes bug 6866; + bugfix on 0.2.3.17-beta. diff --git a/changes/bug7014 b/changes/bug7014 new file mode 100644 index 0000000000..1d39103a50 --- /dev/null +++ b/changes/bug7014 @@ -0,0 +1,5 @@ + o Minor bugfixes: + - Fix two cases in src/or/transports.c where we were calling + fmt_addr() twice in a parameter list. Bug found by David + Fifield. Fixes bug 7014; bugfix on 0.2.3.9-alpha. + diff --git a/changes/bug7022 b/changes/bug7022 new file mode 100644 index 0000000000..10ac354724 --- /dev/null +++ b/changes/bug7022 @@ -0,0 +1,3 @@ + o Minor bugfixes: + - Fix memory leaks whenever we logged any message about the "path + bias" detection. Fixes bug 7022; bugfix on 0.2.3.21-rc. diff --git a/changes/bug7037 b/changes/bug7037 new file mode 100644 index 0000000000..fc3a1ad1c5 --- /dev/null +++ b/changes/bug7037 @@ -0,0 +1,6 @@ + o Minor bugfixes: + - When relays refuse a "create" cell because their queue of pending + create cells is too big (typically because their cpu can't keep up + with the arrival rate), send back reason "resource limit" rather + than reason "internal", so network measurement scripts can get a + more accurate picture. Bugfix on 0.1.1.11-alpha; fixes bug 7037. diff --git a/changes/bug7190 b/changes/bug7190 new file mode 100644 index 0000000000..1607f79442 --- /dev/null +++ b/changes/bug7190 @@ -0,0 +1,6 @@ + o Minor bugfixes: + - Clients now consider the ClientRejectInternalAddresses config option + when using a microdescriptor consensus stanza to decide whether + an exit relay would allow exiting to an internal address. Fixes + bug 7190; bugfix on 0.2.3.1-alpha. + diff --git a/changes/bug7192 b/changes/bug7192 new file mode 100644 index 0000000000..10cbc2469a --- /dev/null +++ b/changes/bug7192 @@ -0,0 +1,10 @@ + o Major bugfixes: + - When parsing exit policy summaries from microdescriptors, we had + previously been ignoring the last character in each one, so that + "accept 80,443,8080" would be treated by clients as indicating a + node that allows access to ports 80, 443, and 808. That would lead + to clients attempting connections that could never work, and + ignoring exit nodes that would support their connections. Now clients + parse these exit policy summaries correctly. Fixes bug 7192; + bugfix on 0.2.3.1-alpha. + diff --git a/changes/bug7352 b/changes/bug7352 new file mode 100644 index 0000000000..74a878dbe0 --- /dev/null +++ b/changes/bug7352 @@ -0,0 +1,12 @@ + o Major bugfixes: + - Tor tries to wipe potentially sensitive data after using it, so + that if some subsequent security failure exposes Tor's memory, + the damage will be limited. But we had a bug where the compiler + was eliminating these wipe operations when it decided that the + memory was no longer visible to a (correctly running) program, + hence defeating our attempt at defense in depth. We fix that + by using OpenSSL's OPENSSL_cleanse() operation, which a compiler + is unlikely to optimize away. Future versions of Tor may use + a less ridiculously heavy approach for this. Fixes bug 7352. + Reported in an article by Andrey Karpov. + diff --git a/changes/bug7464 b/changes/bug7464 new file mode 100644 index 0000000000..9259cc74a3 --- /dev/null +++ b/changes/bug7464 @@ -0,0 +1,4 @@ + o Minor bugfixes: + - Fix a harmless bug when opting against publishing a relay descriptor + because DisableNetwork is set. Fixes bug 7464; bugfix on + 0.2.3.9-alpha. diff --git a/changes/bug7889 b/changes/bug7889 new file mode 100644 index 0000000000..ce99a59ce5 --- /dev/null +++ b/changes/bug7889 @@ -0,0 +1,8 @@ + o Major bugfixes: + - Reject bogus create and relay cells with 0 circuit ID or 0 stream + ID: these could be used to create unexpected streams and circuits + which would count as "present" to some parts of Tor but "absent" + to others, leading to zombie circuits and streams or to a + bandwidth DOS. Fixes bug 7889; bugfix on every released version of + Tor. Reported by "oftc_must_be_destroyed". + diff --git a/changes/bug8208 b/changes/bug8208 new file mode 100644 index 0000000000..c85db90b52 --- /dev/null +++ b/changes/bug8208 @@ -0,0 +1,4 @@ + o Minor bugfixes: + - Avoid a crash if we fail to generate an extrinfo descriptor. + Fixes bug 8208; bugfix on 0.2.3.16-alpha. Found by Coverity; + this is CID 718634. diff --git a/changes/bug8377 b/changes/bug8377 new file mode 100644 index 0000000000..c9ad151bc9 --- /dev/null +++ b/changes/bug8377 @@ -0,0 +1,3 @@ + o Minor bugfixes: + - Correctly recognize that [::1] is a loopback address. Fixes bug #8377; + bugfix on 0.2.1.3-alpha. diff --git a/changes/bug8844 b/changes/bug8844 new file mode 100644 index 0000000000..320e5f2845 --- /dev/null +++ b/changes/bug8844 @@ -0,0 +1,6 @@ + o Major bugfixes: + - Prevent the get_freelists() function from running off the end of + the list of freelists if it somehow gets an unrecognized + allocation. Fixes bug 8844; bugfix on 0.2.0.16-alpha. Reported by + eugenis. + diff --git a/changes/bug9002 b/changes/bug9002 new file mode 100644 index 0000000000..c41ace394a --- /dev/null +++ b/changes/bug9002 @@ -0,0 +1,4 @@ + o Major bugfixes: + - Limit hidden service descriptors to at most ten introduction + points, to slow one kind of guard enumeration. Fixes bug 9002; + bugfix on 0.1.1.11-alpha. diff --git a/changes/bug9017 b/changes/bug9017 new file mode 100644 index 0000000000..359c526b00 --- /dev/null +++ b/changes/bug9017 @@ -0,0 +1,6 @@ + o Major bugfixes: + - Avoid an assertion failure on OpenBSD (and perhaps other BSDs) + when an exit connection with optimistic data succeeds immediately + rather than returning EINPROGRESS. Fixes bug 9017; bugfix on + 0.2.3.1-alpha. + diff --git a/changes/bug9063 b/changes/bug9063 new file mode 100644 index 0000000000..af3b1a87f4 --- /dev/null +++ b/changes/bug9063 @@ -0,0 +1,3 @@ + o Normal bugfixes: + - Close any circuit that has more cells queued than the spec permits. + Fixes bug #9063; bugfix on 0.2.3.25. diff --git a/changes/bug9063_redux b/changes/bug9063_redux new file mode 100644 index 0000000000..e6fae72efc --- /dev/null +++ b/changes/bug9063_redux @@ -0,0 +1,15 @@ + o Major bugfixes: + - When we have too much memory queued in circuits (according to a new + MaxMemInCellQueues option), close the circuits consuming the most + memory. This prevents us from running out of memory as a relay if + circuits fill up faster than they can be drained. Fixes + bug 9063; bugfix on the 54th commit of Tor. This bug is a further + fix beyond bug 6252, whose fix was merged into 0.2.3.21-rc. + + Also fixes an earlier approach taken in 0.2.4.13-alpha, where we + tried to solve this issue simply by imposing an upper limit on the + number of queued cells for a single circuit. That approach proved to + be problematic, since there are ways to provoke clients to send a + number of cells in excess of any such reasonable limit. + Fixes bug 9072; bugfix on 0.2.4.13-alpha. + diff --git a/changes/bug9072 b/changes/bug9072 new file mode 100644 index 0000000000..e594a38335 --- /dev/null +++ b/changes/bug9072 @@ -0,0 +1,3 @@ + o Critical bugfixes: + - Disable middle relay queue overfill detection code due to possible + guard discovery attack, pending further analysis. Fixes bug #9072. diff --git a/changes/check-fetched-rend-desc-service-id b/changes/check-fetched-rend-desc-service-id deleted file mode 100644 index 2f37c30216..0000000000 --- a/changes/check-fetched-rend-desc-service-id +++ /dev/null @@ -1,7 +0,0 @@ - o Security fixes: - - When fetching a hidden service descriptor, check that it is for - the hidden service we were trying to connect to, in order to - stop a directory from pre-seeding a client with a descriptor for - a hidden service that they didn't want. Bugfix on 0.0.6. - - diff --git a/changes/check-public-key-exponents b/changes/check-public-key-exponents deleted file mode 100644 index a8d00673be..0000000000 --- a/changes/check-public-key-exponents +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - Require that introduction point keys and onion keys have public - exponent 65537. Bugfix on 0.2.0.10-alpha. - - diff --git a/changes/cid_428 b/changes/cid_428 deleted file mode 100644 index cb0fc8c2b2..0000000000 --- a/changes/cid_428 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - Always NUL-terminate the sun_path field of a sockaddr_un before - passing it to the kernel. (Not a security issue: kernels are - smart enough to reject bad sockaddr_uns.) Found by Coverity; CID - # 428. Bugfix on Tor 0.2.0.3-alpha. diff --git a/changes/cid_450 b/changes/cid_450 deleted file mode 100644 index 2045fca239..0000000000 --- a/changes/cid_450 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - Don't stack-allocate the list of supplementary GIDs when we're - about to log them. Stack-allocating NGROUPS_MAX gid_t elements - could take up to 256K, which is way too much stack. Found by - Coverity; CID #450. Bugfix on 0.2.1.7-alpha. diff --git a/changes/clang_30_options b/changes/clang_30_options deleted file mode 100644 index e8e34c8e3e..0000000000 --- a/changes/clang_30_options +++ /dev/null @@ -1,5 +0,0 @@ - o Code simplifications and refactoring: - - During configure, detect when we're building with clang version 3.0 or - lower and disable the -Wnormalized=id and -Woverride-init CFLAGS. - clang doesn't support them yet. - diff --git a/changes/cov479 b/changes/cov479 deleted file mode 100644 index afbaffc63b..0000000000 --- a/changes/cov479 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - Fix internal bug-checking logic that was supposed to catch - failures in digest generation so that it will fail more robustly - if we ask for a nonexistent algorithm. Found by Coverity Scan. - Bugfix on 0.2.2.1-alpha; fixes Coverity CID 479. diff --git a/changes/cov484 b/changes/cov484 deleted file mode 100644 index 33adbda18c..0000000000 --- a/changes/cov484 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes: - - Report any failure in init_keys() calls done because our IP address - has changed. Spotted by Coverity Scan. Bugfix on 0.1.1.4-alpha; - fixes CID 484. diff --git a/changes/cov709056 b/changes/cov709056 new file mode 100644 index 0000000000..64a75ad8a2 --- /dev/null +++ b/changes/cov709056 @@ -0,0 +1,4 @@ + o Minor bugfixes: + - Check return value of fputs() when writing authority certificate + file. Fixes Coverity issue 709056; bugfix on 0.2.0.1-alpha. + diff --git a/changes/coverity_maint b/changes/coverity_maint deleted file mode 100644 index e7be90a485..0000000000 --- a/changes/coverity_maint +++ /dev/null @@ -1,9 +0,0 @@ - o Code simplifications and refactoring: - - Remove some dead code as indicated by coverity. - - Remove a few dead assignments during router parsing. Found by coverity. - o Minor bugfixes: - - Add some forgotten return value checks during unit tests. Found - by coverity. - - Don't use 1-bit wide signed bit fields. Found by coverity. - - Fix a rare memory leak during stats writing. Found by coverity. - diff --git a/changes/cve-2012-2249 b/changes/cve-2012-2249 new file mode 100644 index 0000000000..625bfa2f58 --- /dev/null +++ b/changes/cve-2012-2249 @@ -0,0 +1,5 @@ + o Major bugfixes (security): + - Discard extraneous renegotiation attempts once the V3 link + protocol has been initiated. Failure to do so left us open to + a remotely triggerable assertion failure. Fixes CVE-2012-2249; + bugfix on 0.2.3.6-alpha. Reported by "some guy from France". diff --git a/changes/dirreq-stats-default b/changes/dirreq-stats-default deleted file mode 100644 index df7ac11425..0000000000 --- a/changes/dirreq-stats-default +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features: - - Turn on directory request statistics by default and include them in - extra-info descriptors. Don't break if we have no GeoIP database. - Backported from 0.2.3.1-alpha; implements ticket 3951. - diff --git a/changes/dirserv-BUGGY-a b/changes/dirserv-BUGGY-a new file mode 100644 index 0000000000..35b492a2d7 --- /dev/null +++ b/changes/dirserv-BUGGY-a @@ -0,0 +1,7 @@ + o Minor bugfixes: + + - Don't serve or accept v2 hidden service descriptors over a + relay's DirPort. It's never correct to do so, and disabling it + might make it more annoying to exploit any bugs that turn up in the + descriptor-parsing code. Fixes bug 7149. + diff --git a/changes/dirvote_null_deref b/changes/dirvote_null_deref deleted file mode 100644 index 65dc519f52..0000000000 --- a/changes/dirvote_null_deref +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes: - - Fix a potential null-pointer dereference while computing a consensus. - Bugfix on tor-0.2.0.3-alpha, found with the help of clang's analyzer. - diff --git a/changes/disable_pathbias_messages b/changes/disable_pathbias_messages new file mode 100644 index 0000000000..3bc996347b --- /dev/null +++ b/changes/disable_pathbias_messages @@ -0,0 +1,3 @@ + o Disabeled features + - Downgrade path-bias warning messages to INFO. We'll try to get them + working better in 0.2.4. Fixes bug 6475; bugfix on 0.2.3.17-beta. diff --git a/changes/exit-policy-default-is-not-a-prefix b/changes/exit-policy-default-is-not-a-prefix deleted file mode 100644 index 6eb1e8df99..0000000000 --- a/changes/exit-policy-default-is-not-a-prefix +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - Remove a trailing asterisk from "exit-policy/default" in the - output of the control port command "GETINFO info/names". Bugfix - on 0.1.2.5-alpha. - diff --git a/changes/feature3049 b/changes/feature3049 deleted file mode 100644 index 7960a1f475..0000000000 --- a/changes/feature3049 +++ /dev/null @@ -1,6 +0,0 @@ - o Major features: - - Add an __OwningControllerProcess configuration option and a - TAKEOWNERSHIP control-port command, so that a Tor controller can - ensure that when it exits, Tor will shut down. Implements - feature 3049. - diff --git a/changes/feature3076 b/changes/feature3076 deleted file mode 100644 index a3dcec8741..0000000000 --- a/changes/feature3076 +++ /dev/null @@ -1,14 +0,0 @@ - o Minor features - - The options SocksPort, ControlPort, and so on now all accept an - optional value "auto" that opens a socket on an OS-selected port. - o Minor features (controller) - - GETINFO net/listeners/(type) now returns a list of the addresses - and ports that are bound for listeners for a given connection - type. This is useful for if the user has selected SocksPort - "auto", and you need to know which port got chosen. - - There is a ControlPortWriteToFile option that tells Tor to write - its actual control port or ports to a chosen file. If the option - ControlPortFileGroupReadable is set, the file is created as - group-readable. - - diff --git a/changes/feature4484 b/changes/feature4484 deleted file mode 100644 index 78154e9649..0000000000 --- a/changes/feature4484 +++ /dev/null @@ -1,8 +0,0 @@ - o Minor features: - - Add two new config options for directory authorities: - AuthDirFastGuarantee sets a bandwidth threshold for guaranteeing the - Fast flag, and AuthDirGuardBWGuarantee sets a bandwidth threshold - that is always sufficient to satisfy the bandwidth requirement for - the Guard flag. Now it will be easier for researchers to simulate - Tor networks with different values. Resolves ticket 4484. - diff --git a/changes/fix-connection_printf_to_buf b/changes/fix-connection_printf_to_buf deleted file mode 100644 index e191eac8a5..0000000000 --- a/changes/fix-connection_printf_to_buf +++ /dev/null @@ -1,15 +0,0 @@ - * Code simplifications and refactoring: - - - Make connection_printf_to_buf's behaviour sane. Its callers - expect it to emit a CRLF iff the format string ends with CRLF; - it actually emits a CRLF iff (a) the format string ends with - CRLF or (b) the resulting string is over 1023 characters long or - (c) the format string does not end with CRLF ''and'' the - resulting string is 1021 characters long or longer. Bugfix on - 0.1.1.9-alpha; fixes part of bug 3407. - - - Make send_control_event_impl's behaviour sane. Its callers - expect it to always emit a CRLF at the end of the string; it - might emit extra control characters as well. Bugfix on - 0.1.1.9-alpha; fixes another part of bug 3407. - diff --git a/changes/fmt_addr b/changes/fmt_addr deleted file mode 100644 index b88c9e1bf4..0000000000 --- a/changes/fmt_addr +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes: - - When unable to format an address as a string, report its value - as "???" rather than reusing the last formatted address. Bugfix - on 0.2.1.5-alpha. diff --git a/changes/geoip-april2012 b/changes/geoip-april2012 deleted file mode 100644 index 66720c6d69..0000000000 --- a/changes/geoip-april2012 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update to the April 3 2012 Maxmind GeoLite Country database. - diff --git a/changes/geoip-august2011 b/changes/geoip-august2011 deleted file mode 100644 index 6de8b0f29c..0000000000 --- a/changes/geoip-august2011 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update to the August 2 2011 Maxmind GeoLite Country database. - diff --git a/changes/geoip-december2011 b/changes/geoip-december2011 deleted file mode 100644 index 82a708de62..0000000000 --- a/changes/geoip-december2011 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update to the December 6 2011 Maxmind GeoLite Country database. - diff --git a/changes/geoip-february2012 b/changes/geoip-february2012 deleted file mode 100644 index 0711654021..0000000000 --- a/changes/geoip-february2012 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update to the February 7 2012 Maxmind GeoLite Country database. - diff --git a/changes/geoip-january2012 b/changes/geoip-january2012 deleted file mode 100644 index 2f4180e578..0000000000 --- a/changes/geoip-january2012 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update to the January 3 2012 Maxmind GeoLite Country database. - diff --git a/changes/geoip-july2011 b/changes/geoip-july2011 deleted file mode 100644 index 7a9f119be0..0000000000 --- a/changes/geoip-july2011 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update to the July 1 2011 Maxmind GeoLite Country database. - diff --git a/changes/geoip-june2011 b/changes/geoip-june2011 deleted file mode 100644 index 8cf011b723..0000000000 --- a/changes/geoip-june2011 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update to the June 1 2011 Maxmind GeoLite Country database. - diff --git a/changes/geoip-june2012 b/changes/geoip-june2012 deleted file mode 100644 index f73bf35529..0000000000 --- a/changes/geoip-june2012 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update to the June 6 2012 Maxmind GeoLite Country database. - diff --git a/changes/geoip-march2012 b/changes/geoip-march2012 deleted file mode 100644 index 0f66d8fae2..0000000000 --- a/changes/geoip-march2012 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update to the March 6 2012 Maxmind GeoLite Country database. - diff --git a/changes/geoip-may2011 b/changes/geoip-may2011 deleted file mode 100644 index c908f24b45..0000000000 --- a/changes/geoip-may2011 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update to the May 1 2011 Maxmind GeoLite Country database. - diff --git a/changes/geoip-may2012 b/changes/geoip-may2012 deleted file mode 100644 index 1575eced87..0000000000 --- a/changes/geoip-may2012 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update to the May 1 2012 Maxmind GeoLite Country database. - diff --git a/changes/geoip-november2011 b/changes/geoip-november2011 deleted file mode 100644 index 3aa8dc05c2..0000000000 --- a/changes/geoip-november2011 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update to the November 1 2011 Maxmind GeoLite Country database. - diff --git a/changes/geoip-october2011 b/changes/geoip-october2011 deleted file mode 100644 index d5b6910edb..0000000000 --- a/changes/geoip-october2011 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update to the October 4 2011 Maxmind GeoLite Country database. - diff --git a/changes/geoip-september2011 b/changes/geoip-september2011 deleted file mode 100644 index c41314b1f0..0000000000 --- a/changes/geoip-september2011 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update to the September 6 2011 Maxmind GeoLite Country database. - diff --git a/changes/ides-becomes-turtles b/changes/ides-becomes-turtles deleted file mode 100644 index 09d964fe9b..0000000000 --- a/changes/ides-becomes-turtles +++ /dev/null @@ -1,4 +0,0 @@ - o Directory authority changes: - - Change IP address for ides (v3 directory authority), and rename it to - turtles. - diff --git a/changes/issue-2011-10-19L b/changes/issue-2011-10-19L deleted file mode 100644 index b879c9d401..0000000000 --- a/changes/issue-2011-10-19L +++ /dev/null @@ -1,28 +0,0 @@ - o Security fixes: - - - Don't send TLS certificate chains on outgoing OR connections - from clients and bridges. Previously, each client or bridge - would use a single cert chain for all outgoing OR connections - for up to 24 hours, which allowed any relay connected to by a - client or bridge to determine which entry guards it is using. - This is a potential user-tracing bug for *all* users; everyone - who uses Tor's client or hidden service functionality should - upgrade. Fixes CVE-2011-2768. Bugfix on FIXME; found by - frosty_un. - - - Don't use any OR connection on which we have received a - CREATE_FAST cell to satisfy an EXTEND request. Previously, we - would not consider whether a connection appears to be from a - client or bridge when deciding whether to use that connection to - satisfy an EXTEND request. Mitigates CVE-2011-2768, by - preventing an attacker from determining whether an unpatched - client is connected to a patched relay. Bugfix on FIXME; found - by frosty_un. - - - Don't assign the Guard flag to relays running a version of Tor - which would use an OR connection on which it has received a - CREATE_FAST cell to satisfy an EXTEND request. Mitigates - CVE-2011-2768, by ensuring that clients will not connect - directly to any relay which an attacker could probe for an - unpatched client's connections. - diff --git a/changes/issue-2011-10-23G b/changes/issue-2011-10-23G deleted file mode 100644 index 45f86754f0..0000000000 --- a/changes/issue-2011-10-23G +++ /dev/null @@ -1,9 +0,0 @@ - o Security fixes: - - - Reject CREATE and CREATE_FAST cells on outgoing OR connections - from a bridge to a relay. Previously, we would accept them and - handle them normally, thereby allowing a malicious relay to - easily distinguish bridges which connect to it from clients. - Fixes CVE-2011-2769. Bugfix on 0.2.0.3-alpha, when bridges were - implemented; found by frosty_un. - diff --git a/changes/link_negotiation_assert b/changes/link_negotiation_assert new file mode 100644 index 0000000000..398a545573 --- /dev/null +++ b/changes/link_negotiation_assert @@ -0,0 +1,6 @@ + o Major bugfixs (security): + - Fix a group of remotely triggerable assertion failures related to + incorrect link protocol negotiation. Found, diagnosed, and fixed + by "some guy from France." Fix for CVE-2012-2250; bugfix on + 0.2.3.6-alpha. + diff --git a/changes/maatuska-ip b/changes/maatuska-ip deleted file mode 100644 index a00b43f866..0000000000 --- a/changes/maatuska-ip +++ /dev/null @@ -1,3 +0,0 @@ - o Directory authority changes: - - Change IP address for maatuska (v3 directory authority). - diff --git a/changes/md_cache_replace b/changes/md_cache_replace deleted file mode 100644 index 88e029c00a..0000000000 --- a/changes/md_cache_replace +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes - - Avoid a bug that would keep us from replacing a microdescriptor - cache on Windows. (We would try to replace the file while still - holding it open. That's fine on Unix, but Windows doesn't let us - do that.) Bugfix on 0.2.2.6-alpha; bug found by wanoskarnet. - diff --git a/changes/mdesc_null_deref b/changes/mdesc_null_deref deleted file mode 100644 index 30f0280536..0000000000 --- a/changes/mdesc_null_deref +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - Avoid a possible null-pointer dereference when rebuilding the mdesc - cache without actually having any descriptors to cache. Bugfix on - 0.2.2.6-alpha. Issue discovered using clang's static analyzer. - diff --git a/changes/memleak_rendcache b/changes/memleak_rendcache deleted file mode 100644 index 93b1f6141b..0000000000 --- a/changes/memleak_rendcache +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes: - - Fix a memory leak when receiving a descriptor for a hidden - service we didn't ask for. Found by Coverity; CID#30. Bugfix on - 0.2.2.26-beta. diff --git a/changes/msvc_lround b/changes/msvc_lround deleted file mode 100644 index e4aea95351..0000000000 --- a/changes/msvc_lround +++ /dev/null @@ -1,4 +0,0 @@ - o Build fixes: - - Provide a substitute implementation of lround() for MSVC, which - apparently lacks it. Patch from Gisle Vanem. - diff --git a/changes/port_doc b/changes/port_doc new file mode 100644 index 0000000000..0e8662f0ab --- /dev/null +++ b/changes/port_doc @@ -0,0 +1,3 @@ + o Minor features (usability): + - Try to make the warning when giving an obsolete SOCKSListenAddress + a littel more useful. diff --git a/changes/replay-firstpart b/changes/replay-firstpart deleted file mode 100644 index f4a7767fb1..0000000000 --- a/changes/replay-firstpart +++ /dev/null @@ -1,13 +0,0 @@ - o Minor features (security): - - - Check for replays of the public-key encrypted portion of an - INTRODUCE1 cell, in addition to the current check for replays of - the g^x value. This prevents a possible class of active attacks - by an attacker who controls both an introduction point and a - rendezvous point, and who uses the malleability of AES-CTR to - alter the encrypted g^x portion of the INTRODUCE1 cell. We - think that these attacks is infeasible (requiring the attacker - to send on the order of zettabytes of altered cells in a short - interval), but we'd rather block them off in case there are any - classes of this attack that we missed. Reported by dvorak. - diff --git a/changes/routerlist_ins_replace b/changes/routerlist_ins_replace deleted file mode 100644 index 7b442a2f5d..0000000000 --- a/changes/routerlist_ins_replace +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - If we hit the error case where routerlist_insert() replaces an - existing (old) server descriptor, make sure to remove that - server descriptor from the old_routers list. Fix related to bug - 1776. Bugfix on 0.2.2.18-alpha. diff --git a/changes/safecookie b/changes/safecookie deleted file mode 100644 index fd7d7af2b0..0000000000 --- a/changes/safecookie +++ /dev/null @@ -1,9 +0,0 @@ - o Security Features: - - Provide controllers with a safer way to implement the cookie - authentication mechanism. With the old method, if another locally - running program could convince a controller that it was the Tor - process, then that program could trick the contoller into - telling it the contents of an arbitrary 32-byte file. The new - "SAFECOOKIE" authentication method uses a challenge-response - approach to prevent this. Fixes bug 5185, implements proposal 193. - diff --git a/changes/smartlist_foreach b/changes/smartlist_foreach new file mode 100644 index 0000000000..2fd3a1a85c --- /dev/null +++ b/changes/smartlist_foreach @@ -0,0 +1,8 @@ + o Code simplification and refactoring: + - Do not use SMARTLIST_FOREACH for any loop whose body exceeds + 10 lines. Doing so in the past has led to hard-to-debug code. + The new style is to use the SMARTLIST_FOREACH_{BEGIN,END} pair. + Issue 6400. + - Do not nest SMARTLIST_FOREACH blocks within one another. Any + nested block ought to be using SMARTLIST_FOREACH_{BEGIN,END}. + Issue 6400. diff --git a/changes/ticket-4063 b/changes/ticket-4063 deleted file mode 100644 index 6a985b8c25..0000000000 --- a/changes/ticket-4063 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (usability): - - Downgrade log messages about circuit timeout calibration from - "notice" to "info": they don't require or suggest any human - intervention. Patch from Tom Lowenthal. Fixes bug 4063; - bugfix on 0.2.2.14-alpha. - diff --git a/changes/ticket5749 b/changes/ticket5749 new file mode 100644 index 0000000000..0237241981 --- /dev/null +++ b/changes/ticket5749 @@ -0,0 +1,3 @@ + o New directory authorities: + - Add Faravahar (run by Sina Rabbani) as the ninth v3 directory + authority. Closes ticket 5749. diff --git a/changes/timersub_bug b/changes/timersub_bug deleted file mode 100644 index 9183862677..0000000000 --- a/changes/timersub_bug +++ /dev/null @@ -1,7 +0,0 @@ - o Major bugfixes: - - Provide correct replacements for the timeradd() and timersub() functions - for platforms that lack them (for example, windows). The timersub() - function is used when expiring circuits, timeradd() is currently unused. - Patch written by Vektor, who also reported the bug. Thanks! Bugfix - on 0.2.2.24-alpha/0.2.3.1-alpha, fixes bug 4778. - diff --git a/changes/typo-fix-ohkah8Ah b/changes/typo-fix-ohkah8Ah deleted file mode 100644 index 9b4e5c08cc..0000000000 --- a/changes/typo-fix-ohkah8Ah +++ /dev/null @@ -1,9 +0,0 @@ - * Minor bugfixes: - - - Clarify a log message specifying the characters permitted in - HiddenServiceAuthorizeClient client names. Previously, the log - message said that "[A-Za-z0-9+-_]" were permitted; that could - have given the impression that every ASCII character between "+" - and "_" was permitted. Now we say "[A-Za-z0-9+_-]". Bugfix on - 0.2.1.5-alpha. - diff --git a/changes/win-bundle-path b/changes/win-bundle-path deleted file mode 100644 index 32ff514ef2..0000000000 --- a/changes/win-bundle-path +++ /dev/null @@ -1,4 +0,0 @@ - o Packaging changes: - - Remove absolute path from makensis.exe command to build Tor expert bundle - in order to make it easier to automate package builds - diff --git a/changes/windows_8 b/changes/windows_8 deleted file mode 100644 index 405e4fa158..0000000000 --- a/changes/windows_8 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - The next version of Windows will be called Windows 8, and it has a major - version of 6, minor version of 2. Correctly identify that version instead - of calling it "Very recent version". Fixes bug 4153; reported by funkstar. - |