diff options
Diffstat (limited to 'changes')
218 files changed, 841 insertions, 334 deletions
diff --git a/changes/10777_netunreach b/changes/10777_netunreach new file mode 100644 index 0000000000..899181423f --- /dev/null +++ b/changes/10777_netunreach @@ -0,0 +1,7 @@ + - Minor bugfixes: + + - Treat ENETUNREACH, EACCES, and EPERM at an exit node as a + NOROUTE error, not an INTERNAL error, since they can apparently + happen when trying to connect to the wrong sort of + netblocks. Fixes a part of bug 10777; bugfix on 0.1.0.1-rc. + diff --git a/changes/6783_big_hammer b/changes/6783_big_hammer new file mode 100644 index 0000000000..2ff3249b33 --- /dev/null +++ b/changes/6783_big_hammer @@ -0,0 +1,6 @@ + o Major features (deprecation): + - There's now a "DisableV2DirectoryInfo_" option that prevents us + from serving any directory requests for v2 directory information. + This is for us to test disabling the old deprecated V2 directory + format, so that we can see whether doing so has any effect on + network load. Part of a fix for bug 6783. diff --git a/changes/9854 b/changes/9854 new file mode 100644 index 0000000000..30105cb731 --- /dev/null +++ b/changes/9854 @@ -0,0 +1,3 @@ + o Documentation fixes: + - Clarify the usage and risks of ContactInfo. Resolves ticket 9854. + diff --git a/changes/bug10124 b/changes/bug10124 new file mode 100644 index 0000000000..95b0838839 --- /dev/null +++ b/changes/bug10124 @@ -0,0 +1,3 @@ + o Documentation: + - Replace remaining references to DirServer in man page and + log entries. Resolves ticket 10124. diff --git a/changes/bug1038-3 b/changes/bug1038-3 new file mode 100644 index 0000000000..5af4afa46f --- /dev/null +++ b/changes/bug1038-3 @@ -0,0 +1,6 @@ + o Minor bugfixes: + - Warn and drop the circuit if we receive an inbound 'relay early' + cell. Those used to be normal to receive on hidden service circuits + due to bug 1038, but the buggy Tor versions are long gone from + the network so we can afford to resume watching for them. Resolves + the rest of bug 1038; bugfix on 0.2.1.19. diff --git a/changes/bug10402 b/changes/bug10402 new file mode 100644 index 0000000000..eac00bdc6d --- /dev/null +++ b/changes/bug10402 @@ -0,0 +1,11 @@ + o Major bugfixes: + - Do not allow OpenSSL engines to replace the PRNG, even when + HardwareAccel is set. The only default builtin PRNG engine uses + the Intel RDRAND instruction to replace the entire PRNG, and + ignores all attempts to seed it with more entropy. That's + cryptographically stupid: the right response to a new alleged + entropy source is never to discard all previously used entropy + sources. Fixes bug 10402; works around behavior introduced in + OpenSSL 1.0.0. Diagnosis and investigation thanks to "coderman" + and "rl1987". + diff --git a/changes/bug10409 b/changes/bug10409 new file mode 100644 index 0000000000..5ef5ae29de --- /dev/null +++ b/changes/bug10409 @@ -0,0 +1,3 @@ + o Minor bugfixes: + - Avoid a crash bug when starting with a corrupted microdescriptor + cache file. Fix for bug 10406; bugfix on 0.2.2.6-alpha. diff --git a/changes/bug10423 b/changes/bug10423 new file mode 100644 index 0000000000..493b7b15e3 --- /dev/null +++ b/changes/bug10423 @@ -0,0 +1,4 @@ + o Minor bugfixes: + - If we fail to dump a previously cached microdescriptor to disk, avoid + freeing duplicate data later on. Fix for bug 10423; bugfix on + 0.2.4.13-alpha. Spotted by "bobnomnom". diff --git a/changes/bug10456 b/changes/bug10456 new file mode 100644 index 0000000000..fb3b92fcd8 --- /dev/null +++ b/changes/bug10456 @@ -0,0 +1,6 @@ + o Major bugfixes: + - Avoid launching spurious extra circuits when a stream is pending. + This fixes a bug where any circuit that _wasn't_ unusable for new + streams would be treated as if it were, causing extra circuits to + be launched. Fixes bug 10456; bugfix on 0.2.4.12-alpha. + diff --git a/changes/bug10465 b/changes/bug10465 new file mode 100644 index 0000000000..330f969416 --- /dev/null +++ b/changes/bug10465 @@ -0,0 +1,3 @@ + o Major bugfixes: + - Fix assertion failure when AutomapHostsOnResolve yields an IPv6 + address. Fixes bug 10465; bugfix on 0.2.4.7-alpha. diff --git a/changes/bug10470 b/changes/bug10470 new file mode 100644 index 0000000000..2b753436d9 --- /dev/null +++ b/changes/bug10470 @@ -0,0 +1,4 @@ + o Documentation fixes: + - Note that all but one DirPort entry must have the NoAdvertise flag + set. Fix for #10470. + diff --git a/changes/bug10485 b/changes/bug10485 new file mode 100644 index 0000000000..7e5fa530e8 --- /dev/null +++ b/changes/bug10485 @@ -0,0 +1,4 @@ + o Minor bugfixes: + - Move message about circuit handshake counts into the heartbeat + message where it belongs, instead of logging it once per hour + unconditionally. Fixes bug 10485; bugfix on 0.2.4.17-rc. diff --git a/changes/bug10777_internal_024 b/changes/bug10777_internal_024 new file mode 100644 index 0000000000..4544147f6e --- /dev/null +++ b/changes/bug10777_internal_024 @@ -0,0 +1,4 @@ + o Major bugfixes: + - Do not treat END_STREAM_REASON_INTERNAL as indicating a definite + circuit failure, since it could also indicate an ENETUNREACH + error. Fixes part of bug 10777; bugfix on 0.2.4.8-alpha. diff --git a/changes/bug10793 b/changes/bug10793 new file mode 100644 index 0000000000..24c4025dde --- /dev/null +++ b/changes/bug10793 @@ -0,0 +1,4 @@ + o Minor features (security): + - Always clear OpenSSL bignums before freeing them--even bignums + that don't contain secrets. Resolves ticket 10793. Patch by + Florent Daigniere. diff --git a/changes/bug10835 b/changes/bug10835 new file mode 100644 index 0000000000..9df7bdd279 --- /dev/null +++ b/changes/bug10835 @@ -0,0 +1,4 @@ + o Minor bugfixes (testing): + - Fix a segmentation fault in our benchmark code when running with + Fedora's OpenSSL package, or any other OpenSSL that provides + ECDH but not P224. Fixes bug 10835; bugfix on 0.2.4.8-alpha. diff --git a/changes/bug10870 b/changes/bug10870 new file mode 100644 index 0000000000..d8a00f4029 --- /dev/null +++ b/changes/bug10870 @@ -0,0 +1,6 @@ + o Code simplification and refactoring: + - Remove data structures which were introduced to implement the + CellStatistics option: they are now redundant with the addition + of timestamp to the regular packed_cell_t data structure, which + we did in 0.2.4.18-rc in order to resolve #9093. Fixes bug + 10870.
\ No newline at end of file diff --git a/changes/bug10904 b/changes/bug10904 new file mode 100644 index 0000000000..6f551ea412 --- /dev/null +++ b/changes/bug10904 @@ -0,0 +1,5 @@ + o Minor bugfixes (compilation): + - Build without warnings under clang 3.4. (We have some macros that + define static functions only some of which will get used later in + the module. Starting with clang 3.4, these give a warning unless the + unused attribute is set on them.) diff --git a/changes/bug10929 b/changes/bug10929 new file mode 100644 index 0000000000..acf3960471 --- /dev/null +++ b/changes/bug10929 @@ -0,0 +1,6 @@ + - Minor bugfixes: + - Fix build warnings about missing "a2x" comment when building the + manpages from scratch on OpenBSD; OpenBSD calls it "a2x.py". + Fixes bug 10929; bugfix on tor-0.2.2.9-alpha. Patch from + Dana Koch. + diff --git a/changes/bug11437 b/changes/bug11437 new file mode 100644 index 0000000000..f5117cae99 --- /dev/null +++ b/changes/bug11437 @@ -0,0 +1,3 @@ + o Minor bugfixes: + - Stop leaking memory when we successfully resolve a PTR record. + Fixes bug 11437; bugfix on 0.2.4.7-alpha. diff --git a/changes/bug11513 b/changes/bug11513 new file mode 100644 index 0000000000..820c02605f --- /dev/null +++ b/changes/bug11513 @@ -0,0 +1,12 @@ + o Major bugfixes: + - Generate the server's preference list for ciphersuites + automatically based on uniform criteria, and considering all + OpenSSL ciphersuites with acceptable strength and forward + secrecy. (The sort order is: prefer AES to 3DES; break ties by + preferring ECDHE to DHE; break ties by preferring GCM to CBC; + break ties by preferring SHA384 to SHA256 to SHA1; and finally, + break ties by preferring AES256 to AES128.) This resolves bugs + #11513, #11492, #11498, #11499. Bugs reported by 'cypherpunks'. + Bugfix on 0.2.4.8-alpha. + + diff --git a/changes/bug11553 b/changes/bug11553 new file mode 100644 index 0000000000..1540f4642f --- /dev/null +++ b/changes/bug11553 @@ -0,0 +1,5 @@ + o Minor features: + - When we run out of usable circuit IDs on a channel, log only one + warning for the whole channel, and include a description of + how many circuits there were on the channel. Fix for part of ticket + #11553. diff --git a/changes/bug12227 b/changes/bug12227 new file mode 100644 index 0000000000..d8b5d08a55 --- /dev/null +++ b/changes/bug12227 @@ -0,0 +1,5 @@ + o Minor bugfixes: + - Avoid an illegal read from stack when initializing the TLS + module using a version of OpenSSL without all of the ciphers + used by the v2 link handshake. Fixes bug 12227; bugfix on + 0.2.4.8-alpha. Found by "starlight". diff --git a/changes/bug12718 b/changes/bug12718 new file mode 100644 index 0000000000..0c5f708446 --- /dev/null +++ b/changes/bug12718 @@ -0,0 +1,5 @@ + o Minor bugfixes: + - Correct a confusing error message when trying to extend a circuit + via the control protocol but we don't know a descriptor or + microdescriptor for one of the specified relays. Fixes bug 12718; + bugfix on 0.2.3.1-alpha. diff --git a/changes/bug13151-client b/changes/bug13151-client new file mode 100644 index 0000000000..1218dfdfab --- /dev/null +++ b/changes/bug13151-client @@ -0,0 +1,13 @@ + o Major bugfixes: + - Clients now send the correct address for their chosen rendezvous + point when trying to access a hidden service. They used to send + the wrong address, which would still work some of the time because + they also sent the identity digest of the rendezvous point, and if + the hidden service happened to try connecting to the rendezvous + point from a relay that already had a connection open to it, + the relay would reuse that connection. Now connections to hidden + services should be more robust and faster. Also, this bug meant + that clients were leaking to the hidden service whether they were + on a little-endian (common) or big-endian (rare) system, which for + some users might have reduced their anonymity. Fixes bug 13151; + bugfix on 0.2.1.5-alpha. diff --git a/changes/bug1992 b/changes/bug1992 new file mode 100644 index 0000000000..6a751dc7e6 --- /dev/null +++ b/changes/bug1992 @@ -0,0 +1,11 @@ + o Minor bugfixes: + - Stop trying to resolve our hostname so often (e.g. every time we + think about doing a directory fetch). Now we reuse the cached + answer in some cases. Fixes bugs 1992 (bugfix on 0.2.0.20-rc) + and 2410 (bugfix on 0.1.2.2-alpha). + + o Minor features: + - Make bridge relays check once a minute for whether their IP + address has changed, rather than only every 15 minutes. Resolves + bugs 1913 and 1992. + diff --git a/changes/bug2286 b/changes/bug2286 new file mode 100644 index 0000000000..4f8dfbbf68 --- /dev/null +++ b/changes/bug2286 @@ -0,0 +1,5 @@ + o Major features (directory authority): + - Directory authorities now support a new consensus method (17) + where they cap the published bandwidth of servers for which + insufficient bandwidth measurements exist. Fixes part of bug + 2286. diff --git a/changes/bug5595 b/changes/bug5595 new file mode 100644 index 0000000000..31f4b84b03 --- /dev/null +++ b/changes/bug5595 @@ -0,0 +1,8 @@ + o Critical bugfixes: + - Distinguish downloading an authority certificate by identity digest from + downloading one by identity digest/signing key digest pair; formerly we + always request them only by identity digest and get the newest one even + when we wanted one with a different signing key. Then we would complain + about being given a certificate we already had, and never get the one we + really wanted. Now we use the "fp-sk/" resource as well as the "fp/" + resource to request the one we want. Fixes bug 5595. diff --git a/changes/bug6024 b/changes/bug6024 deleted file mode 100644 index 743e6ef1fe..0000000000 --- a/changes/bug6024 +++ /dev/null @@ -1,2 +0,0 @@ - o Documentation fixes: - - Clarify that hidden services are TCP only. Fixes bug 6024. diff --git a/changes/bug6026 b/changes/bug6026 new file mode 100644 index 0000000000..de5d6ead01 --- /dev/null +++ b/changes/bug6026 @@ -0,0 +1,4 @@ + o Minor bugfixes: + - Relays now treat a changed IPv6 ORPort as sufficient reason to + publish an updated descriptor. Fix for bug 6026; bugfix for + 0.2.4.1-alpha. diff --git a/changes/bug6043 b/changes/bug6043 deleted file mode 100644 index b88bafb788..0000000000 --- a/changes/bug6043 +++ /dev/null @@ -1,6 +0,0 @@ - o Packaging (RPM): - - Our default RPM spec files have been updated to work with mock - and rpmbuild on RHEL/Fedora. They have an updated set of - dependencies and conflicts, a fix for an ancient typo when creating - the "_tor" user, and better instructions. Thanks to Ondrej - Mikle for the patch series; fix for bug 6043. diff --git a/changes/bug6055 b/changes/bug6055 new file mode 100644 index 0000000000..00730073a8 --- /dev/null +++ b/changes/bug6055 @@ -0,0 +1,6 @@ + o Major enhancements: + - Re-enable TLS 1.1 and 1.2 when built with OpenSSL 1.0.1e or later. + (OpenSSL before 1.0.1 didn't have TLS 1.1 or 1.2. OpenSSL from 1.0.1 + through 1.0.1d had bugs that prevented renegotiation from working + with TLS 1.1 or 1.2, so we disabled them to solve bug 6033.) Fix for + issue #6055. diff --git a/changes/bug6174 b/changes/bug6174 new file mode 100644 index 0000000000..79d2930ec3 --- /dev/null +++ b/changes/bug6174 @@ -0,0 +1,6 @@ + o Major bugfixes: + - When we mark a circuit as unusable for new circuits, have it + continue to be unusable for new circuits even if MaxCircuitDirtiness + is increased too much at the wrong time, or the system clock jumped + backwards. Fix for bug 6174; bugfix on 0.0.2pre26. + diff --git a/changes/bug6206 b/changes/bug6206 new file mode 100644 index 0000000000..61a16d291a --- /dev/null +++ b/changes/bug6206 @@ -0,0 +1,6 @@ + o Minor bugfixes: + - Always check the return values of functions fcntl() and + setsockopt(). We don't believe these are ever actually failing in + practice, but better safe than sorry. Also, checking these return + values should please some analysis tools (like Coverity). Patch + from 'flupzor'. Fix for bug 8206; bugfix on all versions of Tor. diff --git a/changes/bug6218 b/changes/bug6218 deleted file mode 100644 index 5d5d108b00..0000000000 --- a/changes/bug6218 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes: - - Fix wrong TCP port range in parse_port_range(). Fixes bug 6218; - bugfix on 0.2.1.10-alpha. diff --git a/changes/bug6244_part_c b/changes/bug6244_part_c deleted file mode 100644 index dea6e7b69e..0000000000 --- a/changes/bug6244_part_c +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfixes (controller): - - Make wildcarded addresses (that is, ones beginning with *.) work when - provided via the controller's MapAddress command. Previously, they - were accepted, but we never actually noticed that they were wildcards. - Fix for bug 6244; bugfix on 0.2.3.9-alpha. - diff --git a/changes/bug6251 b/changes/bug6251 deleted file mode 100644 index c782a93e49..0000000000 --- a/changes/bug6251 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes: - - Downgrade "set buildtimeout to low value" messages to INFO - severity; they were never an actual problem, there was never - anything reasonable to do about them, and they tended to spam - logs from time to time. Fix for bug 6251; bugfix on - 0.2.2.2-alpha.
\ No newline at end of file diff --git a/changes/bug6252_again b/changes/bug6252_again deleted file mode 100644 index f7fd00cb38..0000000000 --- a/changes/bug6252_again +++ /dev/null @@ -1,11 +0,0 @@ - o Security fixes: - - Tear down the circuit if we get an unexpected SENDME cell. Clients - could use this trick to make their circuits receive cells faster - than our flow control would have allowed, or to gum up the network, - or possibly to do targeted memory denial-of-service attacks on - entry nodes. Fixes bug 6252. Bugfix on the 54th commit on Tor -- - from July 2002, before the release of Tor 0.0.0. We had committed - this patch previously, but we had to revert it because of bug 6271. - Now that 6271 is fixed, this appears to work. - - diff --git a/changes/bug6271 b/changes/bug6271 deleted file mode 100644 index 06b129f73f..0000000000 --- a/changes/bug6271 +++ /dev/null @@ -1,7 +0,0 @@ - o Major bugfixes - - - Fix a bug handling SENDME cells on nonexistent streams that - could result in bizarre window values. Report and patch - contributed pseudymously. Fixes part of bug 6271. This bug - was introduced before the first Tor release, in svn commit - r152. diff --git a/changes/bug6274 b/changes/bug6274 deleted file mode 100644 index ad1abcde54..0000000000 --- a/changes/bug6274 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes: - - Ignore ServerTransportPlugin lines when Tor is not configured as - a relay. Fixes bug 6274; bugfix on 0.2.3.6-alpha. diff --git a/changes/bug6274_2 b/changes/bug6274_2 deleted file mode 100644 index 89576f9328..0000000000 --- a/changes/bug6274_2 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Terminate active server managed proxies if Tor stops being a - relay. Addresses parts of bug 6274; bugfix on 0.2.3.6-alpha. diff --git a/changes/bug6296 b/changes/bug6296 deleted file mode 100644 index b452b1745d..0000000000 --- a/changes/bug6296 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes: - - - Instead of ENOBUFS on Windows, say WSAENOBUFS. Fixes - compilation on Windows. Fixes bug 6296; bugfix on 0.2.3.18-rc. diff --git a/changes/bug6304 b/changes/bug6304 new file mode 100644 index 0000000000..445560a8e1 --- /dev/null +++ b/changes/bug6304 @@ -0,0 +1,4 @@ + o Minor bugfixes: + - Behave correctly when the user disables LearnCircuitBuildTimeout + but doesn't tell us what they would like the timeout to be. Fixes + bug 6304; bugfix on 0.2.2.14-alpha. diff --git a/changes/bug6341 b/changes/bug6341 deleted file mode 100644 index 04e52c7cd3..0000000000 --- a/changes/bug6341 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes: - - Fix a possible crash bug when checking for deactivated circuits - in connection_or_flush_from_first_active_circuit(). Fixes bug - 6341; bugfix on 0.2.2.7-alpha. Bug report and fix received - pseudonymously. diff --git a/changes/bug6377 b/changes/bug6377 deleted file mode 100644 index a3a3672783..0000000000 --- a/changes/bug6377 +++ /dev/null @@ -1,4 +0,0 @@ - o Testing: - - Make it possible to set the TestingTorNetwork configuration - option using AlternateDirAuthority and AlternateBridgeAuthority - as an alternative to setting DirServer. diff --git a/changes/bug6379 b/changes/bug6379 deleted file mode 100644 index 1f2b6941cd..0000000000 --- a/changes/bug6379 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes: - - Fix build warnings from --enable-openbsd-malloc with gcc warnings - enabled. Fixes bug 6379. - - Fix 64-bit warnings from --enable-openbsd-malloc. Fixes bug 6379. - Bugfix on 0.2.0.20-rc. - diff --git a/changes/bug6387 b/changes/bug6387 deleted file mode 100644 index 73fc4f7cfe..0000000000 --- a/changes/bug6387 +++ /dev/null @@ -1,3 +0,0 @@ - o Documentation: - - Clarify the documentation for the Alternate*Authority options. - Fixes bug 6387. diff --git a/changes/bug6397 b/changes/bug6397 deleted file mode 100644 index 23d8359bd2..0000000000 --- a/changes/bug6397 +++ /dev/null @@ -1,4 +0,0 @@ - o Major bugfixes: - - When disabling guards for having too high a proportion of failed - circuits, make sure to look at each guard. Fix for bug 6397; bugfix - on 0.2.3.17-beta. diff --git a/changes/bug6404 b/changes/bug6404 deleted file mode 100644 index 948f00b92e..0000000000 --- a/changes/bug6404 +++ /dev/null @@ -1,16 +0,0 @@ - o Minor bugfixes: - - - Remove the maximum length of microdescriptor we are willing to - generate. Occasionally this is needed for routers - with complex policies or family declarations. Partial fix for - bug 6404; fix on 0.2.2.6-alpha. - - - Authorities no longer include any router in their - microdescriptor consensuses for which they couldn't generate or - agree on a microdescriptor. Partial fix for bug 6404; fix on - 0.2.2.6-alpha. - - - Move log message when unable to find a microdesc in a - routerstatus entry to parse time. Previously we'd spam this - warning every time we tried to figure out which microdescriptors - to download. Partial fix for bug 6404; fix on 0.2.3.18-rc. diff --git a/changes/bug6423 b/changes/bug6423 deleted file mode 100644 index 2ea4f1410d..0000000000 --- a/changes/bug6423 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Consider new, removed or changed IPv6 OR ports a non cosmetic - change. diff --git a/changes/bug6436 b/changes/bug6436 deleted file mode 100644 index 2c163df105..0000000000 --- a/changes/bug6436 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Provide a better error message about possible OSX Asciidoc failure - reasons. Fix for bug 6436. diff --git a/changes/bug6472 b/changes/bug6472 deleted file mode 100644 index dcd42ebe68..0000000000 --- a/changes/bug6472 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes: - - Avoid a pair of double-free and use-after-mark bugs that can - occur with certain timings in canceled and re-received DNS - requests. Fix for bug 6472; bugfix on 0.0.7rc1. diff --git a/changes/bug6475 b/changes/bug6475 deleted file mode 100644 index 67bab99622..0000000000 --- a/changes/bug6475 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes: - - Add internal circuit construction state to protect against - the noisy warn message "Unexpectedly high circuit_successes". - Also add some additional rate-limited notice messages to help - determine the root cause of the warn. Fixes bug 6475. - Bugfix against 0.2.3.17-beta. diff --git a/changes/bug6480 b/changes/bug6480 deleted file mode 100644 index 83ae00b251..0000000000 --- a/changes/bug6480 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes: - - Avoid read-from-freed-RAM bug and related double-free bug that - could occur when a DNS request fails while launching it. Fixes - bug 6480; bugfix on 0.2.0.1-alpha. - diff --git a/changes/bug6490 b/changes/bug6490 deleted file mode 100644 index c92daad8f4..0000000000 --- a/changes/bug6490 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - Warn when Tor is configured to use accounting in a way that will - link a hidden service to some other hidden service or public - address. Fix for bug 6490. diff --git a/changes/bug6500 b/changes/bug6500 deleted file mode 100644 index cac2054a3a..0000000000 --- a/changes/bug6500 +++ /dev/null @@ -1,2 +0,0 @@ - o Minor bugfixes: - - Fix some typos in the manpages. Patch from A. Costa. Fixes bug 6500. diff --git a/changes/bug6507 b/changes/bug6507 deleted file mode 100644 index 89940cbf7b..0000000000 --- a/changes/bug6507 +++ /dev/null @@ -1,15 +0,0 @@ - o Major bugfixes: - - Detect 'ORPort 0' as meaning, uniformly, that we're not running - as a server. Previously, some of our code would treat the - presence of any ORPort line as meaning that we should act like a - server, even though our new listener code would correctly not - open any ORPorts for ORPort 0. Similar bugs in other Port - options are also fixed. Fixes bug 6507; bugfix on 0.2.3.3-alpha. - - o Minor features: - - - Detect and reject attempts to specify both 'FooPort' and - 'FooPort 0' in the same configuration domain. (It's still okay - to have a FooPort in your configuration file,and use 'FooPort 0' - on the command line to disable it.) Fixes another case of - bug6507; bugfix on 0.2.3.3-alpha. diff --git a/changes/bug6514 b/changes/bug6514 deleted file mode 100644 index 84633bd279..0000000000 --- a/changes/bug6514 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - Add a (probably redundant) memory clear between iterations of - the router status voting loop, to prevent future coding errors - where data might leak between iterations of the loop. Resolves - ticket 6514. diff --git a/changes/bug6530 b/changes/bug6530 deleted file mode 100644 index 825bbb752a..0000000000 --- a/changes/bug6530 +++ /dev/null @@ -1,5 +0,0 @@ - o Major security fixes: - - Avoid a read of uninitializd RAM when reading a vote or consensus - document with an unrecognized flavor name. This could lead to a - remote crash bug. Fixes bug 6530; bugfix on 0.2.2.6-alpha. - diff --git a/changes/bug6572 b/changes/bug6572 new file mode 100644 index 0000000000..6508d1bcb5 --- /dev/null +++ b/changes/bug6572 @@ -0,0 +1,4 @@ + o Minor bugfixes (log messages) + - Use circuit creation time for network liveness evaluation. This + should eliminate warning log messages about liveness caused by + changes in timeout evaluation. Fixes bug 6572; bugfix on 0.2.4.8-alpha. diff --git a/changes/bug6673 b/changes/bug6673 new file mode 100644 index 0000000000..506b449892 --- /dev/null +++ b/changes/bug6673 @@ -0,0 +1,4 @@ + o Minor features (build): + - Detect and reject attempts to build Tor with threading support + when OpenSSL have been compiled with threading support disabled. + Fixes bug 6673. diff --git a/changes/bug6690 b/changes/bug6690 deleted file mode 100644 index 99d42976ed..0000000000 --- a/changes/bug6690 +++ /dev/null @@ -1,7 +0,0 @@ - o Major bugfixes (security): - - Do not crash when comparing an address with port value 0 to an - address policy. This bug could have been used to cause a remote - assertion failure by or against directory authorities, or to - allow some applications to crash clients. Fixes bug 6690; bugfix - on 0.2.1.10-alpha. - diff --git a/changes/bug6710 b/changes/bug6710 deleted file mode 100644 index 2c89346114..0000000000 --- a/changes/bug6710 +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfixes (security): - - Reject any attempt to extend to an internal address. Without - this fix, a router could be used to probe addresses on an - internal network to see whether they were accepting - connections. Fix for bug 6710; bugfix on 0.0.8pre1. - diff --git a/changes/bug6732 b/changes/bug6732 deleted file mode 100644 index 7a744e014a..0000000000 --- a/changes/bug6732 +++ /dev/null @@ -1,3 +0,0 @@ - o Documentation: - - Add missing documentation for consensus and microdesc files. Fix for - bug 6732. diff --git a/changes/bug6743 b/changes/bug6743 deleted file mode 100644 index 6ec78f853a..0000000000 --- a/changes/bug6743 +++ /dev/null @@ -1,9 +0,0 @@ - o Minor bugfixes: - - Allow one-hop directory fetching circuits the full "circuit build - timeout" period, rather than just half of it, before failing them - and marking the relay down. This fix should help reduce cases where - clients declare relays (or worse, bridges) unreachable because - the TLS handshake takes a few seconds to complete. Fixes bug 6743; - bugfix on 0.2.2.2-alpha, where we changed the timeout from a static - 30 seconds. - diff --git a/changes/bug6774 b/changes/bug6774 deleted file mode 100644 index 0c137fd678..0000000000 --- a/changes/bug6774 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes: - - Avoid crashing on a malformed state file where EntryGuardPathBias - precedes EntryGuard. Fix for bug 6774; bugfix on 0.2.3.17-beta. - diff --git a/changes/bug6801 b/changes/bug6801 deleted file mode 100644 index ef21acc98f..0000000000 --- a/changes/bug6801 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - Avoid segfault when starting up having run with an extremely old - version of Tor and parsing its state file. Fixes bug 6801; bugfix on - 0.2.2.23-alpha. - diff --git a/changes/bug6811 b/changes/bug6811 deleted file mode 100644 index 841ec1c54a..0000000000 --- a/changes/bug6811 +++ /dev/null @@ -1,5 +0,0 @@ - o Major security fixes: - - Fix an assertion failure in tor_timegm that could be triggered - by a badly formatted directory object. Bug found by fuzzing with - Radamsa. Fixes bug 6811; bugfix on 0.2.0.20-rc. - diff --git a/changes/bug6827 b/changes/bug6827 deleted file mode 100644 index bf71d2b97c..0000000000 --- a/changes/bug6827 +++ /dev/null @@ -1,9 +0,0 @@ - o Minor bugfixes: - - - Avoid undefined behaviour when parsing the list of supported - rendezvous/introduction protocols in a hidden service - descriptor. Previously, Tor would have confused (as-yet-unused) - protocol version numbers greater than 32 with lower ones on many - platforms. Fixes bug 6827; bugfix on 0.2.0.10-alpha; found by - George Kadianakis. - diff --git a/changes/bug6844 b/changes/bug6844 deleted file mode 100644 index 338e19d9a5..0000000000 --- a/changes/bug6844 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes: - - Correct file sizes when reading binary files on - Cygwin, to avoid a bug where Tor would fail to read its state file. - Fixes bug 6844; bugfix on 0.1.2.7-alpha. diff --git a/changes/bug6866 b/changes/bug6866 deleted file mode 100644 index 561676b765..0000000000 --- a/changes/bug6866 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes: - - Convert an assert in the pathbias code to a log message. Assert - appears to only be triggerable by Tor2Web mode. Fixes bug 6866; - bugfix on 0.2.3.17-beta. diff --git a/changes/bug7014 b/changes/bug7014 deleted file mode 100644 index 1d39103a50..0000000000 --- a/changes/bug7014 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - Fix two cases in src/or/transports.c where we were calling - fmt_addr() twice in a parameter list. Bug found by David - Fifield. Fixes bug 7014; bugfix on 0.2.3.9-alpha. - diff --git a/changes/bug7022 b/changes/bug7022 deleted file mode 100644 index 10ac354724..0000000000 --- a/changes/bug7022 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes: - - Fix memory leaks whenever we logged any message about the "path - bias" detection. Fixes bug 7022; bugfix on 0.2.3.21-rc. diff --git a/changes/bug7037 b/changes/bug7037 deleted file mode 100644 index fc3a1ad1c5..0000000000 --- a/changes/bug7037 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes: - - When relays refuse a "create" cell because their queue of pending - create cells is too big (typically because their cpu can't keep up - with the arrival rate), send back reason "resource limit" rather - than reason "internal", so network measurement scripts can get a - more accurate picture. Bugfix on 0.1.1.11-alpha; fixes bug 7037. diff --git a/changes/bug7054 b/changes/bug7054 new file mode 100644 index 0000000000..15680d72ce --- /dev/null +++ b/changes/bug7054 @@ -0,0 +1,4 @@ + o Minor bugfixes (man page): + - Say "KBytes" rather than "KB" in the man page (for various values + of K), to further reduce confusion about whether Tor counts in + units of memory or fractions of units of memory. Fixes bug 7054. diff --git a/changes/bug7065 b/changes/bug7065 new file mode 100644 index 0000000000..1ca6841021 --- /dev/null +++ b/changes/bug7065 @@ -0,0 +1,5 @@ + o Minor bugfix (log cleanups): + - Eliminate several instances where we use Nickname=ID to refer to + nodes in logs. Use Nickname (ID) instead. (Elsewhere, we still use + $ID=Nickname, which is also acceptable.) Fixes bug #7065. Bugfix + on 0.2.3.21-rc, 0.2.4.5-alpha, 0.2.4.8-alpha, and 0.2.4.10-alpha. diff --git a/changes/bug7139 b/changes/bug7139 deleted file mode 100644 index dfb7d32838..0000000000 --- a/changes/bug7139 +++ /dev/null @@ -1,9 +0,0 @@ - o Major bugfixes (security): - - - Disable TLS session tickets. OpenSSL's implementation were giving - our TLS session keys the lifetime of our TLS context objects, when - perfect forward secrecy would want us to discard anything that - could decrypt a link connection as soon as the link connection was - closed. Fixes bug 7139; bugfix on all versions of Tor linked - against OpenSSL 1.0.0 or later. Found by "nextgens". - diff --git a/changes/bug7143 b/changes/bug7143 new file mode 100644 index 0000000000..d26135ae65 --- /dev/null +++ b/changes/bug7143 @@ -0,0 +1,4 @@ + o Minor bugfixes (build): + - Add the old src/or/micro-revision.i filename to CLEANFILES. + On the off chance that somebody has one, it will go away as soon + as they run "make clean". Fix for bug 7143; bugfix on 0.2.4.1-alpha. diff --git a/changes/bug7164_diagnostic b/changes/bug7164_diagnostic new file mode 100644 index 0000000000..8bedfc4bd5 --- /dev/null +++ b/changes/bug7164_diagnostic @@ -0,0 +1,4 @@ + o Minor features (bug diagnostic): + - If we fail to free a microdescriptor because of bug #7164, log + the filename and line number from which we tried to free it. + This should help us finally fix #7164. diff --git a/changes/bug7190 b/changes/bug7190 deleted file mode 100644 index 1607f79442..0000000000 --- a/changes/bug7190 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes: - - Clients now consider the ClientRejectInternalAddresses config option - when using a microdescriptor consensus stanza to decide whether - an exit relay would allow exiting to an internal address. Fixes - bug 7190; bugfix on 0.2.3.1-alpha. - diff --git a/changes/bug7191 b/changes/bug7191 deleted file mode 100644 index a3bee6e5f7..0000000000 --- a/changes/bug7191 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes: - - Fix a denial of service attack by which any directory authority - could crash all the others, or by which a single v2 directory - authority could crash everybody downloading v2 directory - information. Fixes bug 7191; bugfix on 0.2.0.10-alpha. diff --git a/changes/bug7192 b/changes/bug7192 deleted file mode 100644 index 10cbc2469a..0000000000 --- a/changes/bug7192 +++ /dev/null @@ -1,10 +0,0 @@ - o Major bugfixes: - - When parsing exit policy summaries from microdescriptors, we had - previously been ignoring the last character in each one, so that - "accept 80,443,8080" would be treated by clients as indicating a - node that allows access to ports 80, 443, and 808. That would lead - to clients attempting connections that could never work, and - ignoring exit nodes that would support their connections. Now clients - parse these exit policy summaries correctly. Fixes bug 7192; - bugfix on 0.2.3.1-alpha. - diff --git a/changes/bug7280 b/changes/bug7280 new file mode 100644 index 0000000000..ef5d36a802 --- /dev/null +++ b/changes/bug7280 @@ -0,0 +1,4 @@ + o Minor bugfixes: + - Fix some bugs in tor-fw-helper-natpmp when trying to build and + run it on Windows. More bugs likely remain. Patch from Gisle Vanem. + Fixes bug 7280; bugfix on 0.2.3.1-alpha. diff --git a/changes/bug7302 b/changes/bug7302 new file mode 100644 index 0000000000..fec615ff90 --- /dev/null +++ b/changes/bug7302 @@ -0,0 +1,11 @@ + o Minor bugfixes: + - Don't log inappropriate heartbeat messages when hibernating: a + hibernating node is _expected_ to drop out of the consensus, + decide it isn't bootstrapped, and so forth. Fixes part of bug + 7302; bugfix on 0.2.3.1-alpha. + + - Don't complain about bootstrapping problems while hibernating. + These complaints reflect a general code problems, but not one + with any problematic effects. (No connections are actually + opened.) Fixes part of bug 7302; bugfix on 0.2.3.2-alpha. + diff --git a/changes/bug7350 b/changes/bug7350 new file mode 100644 index 0000000000..b0ee9d0919 --- /dev/null +++ b/changes/bug7350 @@ -0,0 +1,4 @@ + o Major bugfixes: + - Avoid an assertion when we discover that we'd like to write a cell + onto a closing connection: just discard the cell. Fixes another + case of bug 7350; bugfix on 0.2.4.4-alpha. diff --git a/changes/bug7352 b/changes/bug7352 deleted file mode 100644 index 74a878dbe0..0000000000 --- a/changes/bug7352 +++ /dev/null @@ -1,12 +0,0 @@ - o Major bugfixes: - - Tor tries to wipe potentially sensitive data after using it, so - that if some subsequent security failure exposes Tor's memory, - the damage will be limited. But we had a bug where the compiler - was eliminating these wipe operations when it decided that the - memory was no longer visible to a (correctly running) program, - hence defeating our attempt at defense in depth. We fix that - by using OpenSSL's OPENSSL_cleanse() operation, which a compiler - is unlikely to optimize away. Future versions of Tor may use - a less ridiculously heavy approach for this. Fixes bug 7352. - Reported in an article by Andrey Karpov. - diff --git a/changes/bug7464 b/changes/bug7464 deleted file mode 100644 index 9259cc74a3..0000000000 --- a/changes/bug7464 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes: - - Fix a harmless bug when opting against publishing a relay descriptor - because DisableNetwork is set. Fixes bug 7464; bugfix on - 0.2.3.9-alpha. diff --git a/changes/bug7582 b/changes/bug7582 new file mode 100644 index 0000000000..f3b0635765 --- /dev/null +++ b/changes/bug7582 @@ -0,0 +1,9 @@ + o Major bugfixes: + + - When an exit node tells us that it is rejecting because of its + exit policy a stream we expected it to accept (because of its exit + policy), do not mark the node as useless for exiting if our + expectation was only based on an exit policy summary. Instead, + mark the circuit as unsuitable for that particular address. Fixes + part of bug 7582; bugfix on 0.2.3.2-alpha. + diff --git a/changes/bug7707_diagnostic b/changes/bug7707_diagnostic new file mode 100644 index 0000000000..0c3138e785 --- /dev/null +++ b/changes/bug7707_diagnostic @@ -0,0 +1,5 @@ + o Minor features: + - Add another diagnostic to the heartbeat message: track and log + overhead that TLS is adding to the data we write. If this is + high, we are sending too little data to SSL_write at a time. + Diagnostic for bug 7707. diff --git a/changes/bug7768 b/changes/bug7768 new file mode 100644 index 0000000000..e3f9600afb --- /dev/null +++ b/changes/bug7768 @@ -0,0 +1,3 @@ + o Documentation fixes: + - Update tor-fw-helper.1.txt and tor-fw-helper.c to make option + names match. Fixes bug 7768. diff --git a/changes/bug7799 b/changes/bug7799 new file mode 100644 index 0000000000..ed4570129c --- /dev/null +++ b/changes/bug7799 @@ -0,0 +1,7 @@ + o Minor changes (log clarification) + - Add more detail to a log message about relaxed timeouts. Hopefully + this additional detail will allow us to diagnose the cause of bug 7799. + o Minor bugfixes + - Don't attempt to relax the timeout of already opened 1-hop circuits. + They might never timeout. This should eliminate some/all cases of + the relaxed timeout log message. diff --git a/changes/bug7801 b/changes/bug7801 new file mode 100644 index 0000000000..1d6d021f3f --- /dev/null +++ b/changes/bug7801 @@ -0,0 +1,13 @@ + o Minor bugfixes: + - When choosing which stream on a formerly stalled circuit to wake + first, make better use of the platform's weak RNG. Previously, we + had been using the % ("modulo") operator to try to generate a 1/N + chance of picking each stream, but this behaves badly with many + platforms' choice of weak RNG. Fix for bug 7801; bugfix on + 0.2.2.20-alpha. + - Use our own weak RNG when we need a weak RNG. Windows's rand() + and Irix's random() only return 15 bits; Solaris's random() + returns more bits but its RAND_MAX says it only returns 15, and + so on. Fixes another aspect of bug 7801; bugfix on + 0.2.2.20-alpha. + diff --git a/changes/bug7816.024 b/changes/bug7816.024 new file mode 100644 index 0000000000..b5d55f5d6d --- /dev/null +++ b/changes/bug7816.024 @@ -0,0 +1,8 @@ + o Minor bugfixes: + - Avoid leaking IPv6 policy content if we fail to format it into + a router descriptor. Spotted by Coverity. Fixes part of 7816; + bugfix on 0.2.4.7-alpha. + + - Avoid leaking memory if we fail to compute a consensus signature + or we generated a consensus we couldn't parse. Spotted by Coverity. + Fixes part of 7816; bugfix on 0.2.0.5-alpha. diff --git a/changes/bug7816_023 b/changes/bug7816_023 new file mode 100644 index 0000000000..a4530292cc --- /dev/null +++ b/changes/bug7816_023 @@ -0,0 +1,7 @@ + o Minor bugfixes (memory leak, controller): + - Fix a memory leak during safe-cookie controller authentication. + Spotted by Coverity. Fixes part of bug 7816; bugfix on 0.2.3.13-alpha. + + o Minor bugfixes (memory leak, HTTPS proxy support): + - Fix a memory leak when receiving headers from an HTTPS proxy. + Spotted by Coverity. Fixes part of bug 7816; bugfix on 0.2.1.1-alpha. diff --git a/changes/bug7816_023_small b/changes/bug7816_023_small new file mode 100644 index 0000000000..cd90f035f1 --- /dev/null +++ b/changes/bug7816_023_small @@ -0,0 +1,3 @@ + o Minor bugfixes: + - Fix various places where we leak file descriptors or memory on + error cases. Spotted by coverity. Fixes parts of bug 7816. diff --git a/changes/bug7889 b/changes/bug7889 deleted file mode 100644 index ce99a59ce5..0000000000 --- a/changes/bug7889 +++ /dev/null @@ -1,8 +0,0 @@ - o Major bugfixes: - - Reject bogus create and relay cells with 0 circuit ID or 0 stream - ID: these could be used to create unexpected streams and circuits - which would count as "present" to some parts of Tor but "absent" - to others, leading to zombie circuits and streams or to a - bandwidth DOS. Fixes bug 7889; bugfix on every released version of - Tor. Reported by "oftc_must_be_destroyed". - diff --git a/changes/bug7902 b/changes/bug7902 new file mode 100644 index 0000000000..051759dc0a --- /dev/null +++ b/changes/bug7902 @@ -0,0 +1,7 @@ + o Minor bugfixes: + - When we receive a RELAY_END cell with the reason DONE, or with no + reason, before receiving a RELAY_CONNECTED cell, report the SOCKS + status as "connection refused." Previously we reporting these + cases as success but then immediately closing the connection. + Fixes bug 7902; bugfix on 0.1.0.1-rc. Reported by "oftc_must_ + be_destroyed." diff --git a/changes/bug7947 b/changes/bug7947 new file mode 100644 index 0000000000..6200ba2d8a --- /dev/null +++ b/changes/bug7947 @@ -0,0 +1,4 @@ + o Minor bugfixes: + - Fix the handling of a TRUNCATE cell when it arrives while the circuit + extension is in progress. Fixes bug 7947; bugfix on 0.0.7.1. + diff --git a/changes/bug7950 b/changes/bug7950 new file mode 100644 index 0000000000..e62cca07a1 --- /dev/null +++ b/changes/bug7950 @@ -0,0 +1,4 @@ + o Minor bugfixes: + - When rejecting a configuration because we were unable to parse a + quoted string, log an actual error message. Fix for bug 7950; + bugfix on 0.2.0.16-alpha. diff --git a/changes/bug7982 b/changes/bug7982 new file mode 100644 index 0000000000..46aa53249c --- /dev/null +++ b/changes/bug7982 @@ -0,0 +1,3 @@ + o Minor bugfixes: + - Copy-paste description for PathBias params from man page into or.h + comment. Fixes bug 7982. diff --git a/changes/bug8002 b/changes/bug8002 new file mode 100644 index 0000000000..d6e2ff2492 --- /dev/null +++ b/changes/bug8002 @@ -0,0 +1,5 @@ + o Minor bugfixes: + - When autodetecting the number of CPUs, use the number of available + CPUs in preferernce to the number of configured CPUs. Inform the + user if this reduces the number of avialable CPUs. Fix for bug 8002. + Bugfix on 0.2.3.1-alpha. diff --git a/changes/bug8014 b/changes/bug8014 new file mode 100644 index 0000000000..c09a86098c --- /dev/null +++ b/changes/bug8014 @@ -0,0 +1,5 @@ + o Minor usability improvements (build): + - Clarify that when autconf is checking for nacl, it is checking + specifically for nacl with a fast curve25519 implementation. + Fixes bug 8014. + diff --git a/changes/bug8031 b/changes/bug8031 new file mode 100644 index 0000000000..17329ec5b5 --- /dev/null +++ b/changes/bug8031 @@ -0,0 +1,7 @@ + o Minor bugfixes: + - Use direct writes rather than stdio when building microdescriptor + caches, in an attempt to mitigate bug 8031, or at least make it + less common. + - Warn more aggressively when flushing microdescriptors to a + microdescriptor cache fails, in an attempt to mitegate bug 8031, + or at least make it more diagnosable. diff --git a/changes/bug8037 b/changes/bug8037 new file mode 100644 index 0000000000..989745fc39 --- /dev/null +++ b/changes/bug8037 @@ -0,0 +1,8 @@ + o Minor bugfixes: + - Correctly store microdescriptors and extrainfo descriptors with + an internal NUL byte. Fixes bug 8037; bugfix on 0.2.0.1-alpha. + Bug reported by "cypherpunks". + + o Minor features: + - Reject as invalid most directory objects containing a + NUL. Belt-and-suspender fix for bug 8037. diff --git a/changes/bug8059 b/changes/bug8059 new file mode 100644 index 0000000000..47273ed0ac --- /dev/null +++ b/changes/bug8059 @@ -0,0 +1,6 @@ + o Minor bugfixes (protocol conformance): + - Fix a misframing issue when reading the version numbers in a + VERSIONS cell. Previously we would recognize [00 01 00 02] as + 'version 1, version 2, and version 0x100', when it should have + only included versions 1 and 2. Fixes bug 8059; bugfix on + 0.2.0.10-alpha. Reported pseudonymously. diff --git a/changes/bug8062 b/changes/bug8062 new file mode 100644 index 0000000000..805e51ed41 --- /dev/null +++ b/changes/bug8062 @@ -0,0 +1,5 @@ + o Minor bugfixes: + - Increase the width of the field used to remember a connection's + link protocol version to two bytes. Harmless for now, since the + only currently recognized versions are one byte long. Reported + pseudynmously. Fixes bug 8062, bugfix on 0.2.0.10-alpha. diff --git a/changes/bug8065 b/changes/bug8065 new file mode 100644 index 0000000000..06dbae8cd7 --- /dev/null +++ b/changes/bug8065 @@ -0,0 +1,6 @@ + o Minor bugfixes: + - Downgrade an assertion in connection_ap_expire_beginning to + an LD_BUG message. The fix for bug 8024 should prevent this + message from displaying, but just in case a warn that we can + diagnose is better than more assert crashes. Fix for bug 8065; + bugfix on 0.2.4.8-alpha. diff --git a/changes/bug8093.part1 b/changes/bug8093.part1 new file mode 100644 index 0000000000..2450794dd7 --- /dev/null +++ b/changes/bug8093.part1 @@ -0,0 +1,3 @@ + o Minor features: + - Downgrade "unexpected SENDME" warnings to protocol-warn for 0.2.4, + for bug 8093. diff --git a/changes/bug8117 b/changes/bug8117 new file mode 100644 index 0000000000..910e8056f4 --- /dev/null +++ b/changes/bug8117 @@ -0,0 +1,13 @@ + o Major bugfixes: + + - Many SOCKS5 clients, when configured to offer a username/password, + offer both username/password authentication and "no authentication". + Tor had previously preferred no authentication, but this was + problematic when trying to make applications get proper stream + isolation with IsolateSOCKSAuth. Now, on any SOCKS port with + IsolateSOCKSAuth turned on (which is the default), Tor selects + username/password authentication if it's offered. If this confuses your + application, you can disable it on a per-SOCKSPort basis via + PreferSOCKSNoAuth. Fixes bug 8117; bugfix on 0.2.3.3-alpha. + + diff --git a/changes/bug8121 b/changes/bug8121 new file mode 100644 index 0000000000..60cba72848 --- /dev/null +++ b/changes/bug8121 @@ -0,0 +1,7 @@ + o Minor features: + - Clear the high bit on curve25519 public keys before passing them to + our backend, in case we ever wind up using a backend that doesn't do + so itself. If we used such a backend, and *didn't* clear the high bit, + we could wind up in a situation where users with such backends would + be distinguishable from users without. Fix for bug 8121; bugfix on + 0.2.4.8-alpha. diff --git a/changes/bug8151 b/changes/bug8151 new file mode 100644 index 0000000000..e20fa3c31a --- /dev/null +++ b/changes/bug8151 @@ -0,0 +1,5 @@ + o Minor features (directory authority): + - Include inside each vote a statement of the performance + thresholds that made the authority vote for its flags. Implements + ticket 8151. +
\ No newline at end of file diff --git a/changes/bug8158 b/changes/bug8158 new file mode 100644 index 0000000000..65b21c2a26 --- /dev/null +++ b/changes/bug8158 @@ -0,0 +1,3 @@ + o Minor bugfixes: + - Use less space when formatting identical microdescriptor lines in + directory votes. Fixes bug 8158; bugfix on 0.2.4.1-alpha. diff --git a/changes/bug8161 b/changes/bug8161 new file mode 100644 index 0000000000..ab7b9c0cad --- /dev/null +++ b/changes/bug8161 @@ -0,0 +1,6 @@ + o Minor changes: + - Lower path use bias thresholds to .80 for notice and .60 for warn. + Fixes bug #8161; bugfix on 0.2.4.10-alpa. + - Make the rate limiting flags for the path use bias log messages + independent from the original path bias flags. Fixes bug #8161; + bugfix on 0.2.4.10-alpha. diff --git a/changes/bug8180 b/changes/bug8180 new file mode 100644 index 0000000000..39e6ce7f9a --- /dev/null +++ b/changes/bug8180 @@ -0,0 +1,7 @@ + o Minor bugfixes (security usability): + - Elevate the severity of the warning message when setting + EntryNodes but disabling UseGuardNodes to an error. The outcome + of letting Tor procede with those options enabled (which causes + EntryNodes to get ignored) is sufficiently different from what + was expected that it's best to just refuse to proceed. Fixes bug + 8180; bugfix on 0.2.3.11-alpha. diff --git a/changes/bug8185_diagnostic b/changes/bug8185_diagnostic new file mode 100644 index 0000000000..b0f8884758 --- /dev/null +++ b/changes/bug8185_diagnostic @@ -0,0 +1,3 @@ + o Minor features: + - Improve debugging output to attempt to diagnose the underlying + cause of bug 8185. diff --git a/changes/bug8200 b/changes/bug8200 new file mode 100644 index 0000000000..65fc9dd03a --- /dev/null +++ b/changes/bug8200 @@ -0,0 +1,5 @@ + o Minor bugfix: + - Stop sending a stray "(null)" in some cases for the server status + "EXTERNAL_ADDRESS" controller event. Resolves bug 8200; bugfix + on 0.1.2.6-alpha. + diff --git a/changes/bug8203 b/changes/bug8203 new file mode 100644 index 0000000000..d26dc0fccf --- /dev/null +++ b/changes/bug8203 @@ -0,0 +1,4 @@ + o Minor bugfixes: + - Make the format and order of STREAM events for DNS lookups consistent + among the various ways to launch DNS lookups. Fix for bug 8203; + bugfix on 0.2.0.24-rc. Patch by "Desoxy." diff --git a/changes/bug8207 b/changes/bug8207 new file mode 100644 index 0000000000..0028d3380f --- /dev/null +++ b/changes/bug8207 @@ -0,0 +1,7 @@ + o Major bugfixes (hidden services): + - Allow hidden service authentication to succeed again. When we + refactored the hidden service introduction code back in 0.2.4.1-alpha, + we didn't update the code that checks whether authentication + information is present, causing all authentication checks to + return "false". Fix for bug 8207; bugfix on 0.2.4.1-alpha. Found by + Coverity; this is CID 718615. diff --git a/changes/bug8209 b/changes/bug8209 new file mode 100644 index 0000000000..c58923540b --- /dev/null +++ b/changes/bug8209 @@ -0,0 +1,6 @@ + o Minor bugfixes: + - When detecting the largest possible file descriptor (in order to close + all file descriptors when launching a new program), actually use + _SC_OPEN_MAX. The old code for doing this was very, very broken. + Fix for bug 8209; bugfix on 0.2.3.1-alpha. Found by Coverity; this + is CID 743383. diff --git a/changes/bug8210 b/changes/bug8210 new file mode 100644 index 0000000000..85d41b844a --- /dev/null +++ b/changes/bug8210 @@ -0,0 +1,6 @@ + o Minor bugfixes: + - Fix an impossible-to-trigger integer overflow when + estimating how long out onionskin queue would take. (This overflow + would require us to accept 4 million onionskins before processing + 100 of them.) Fixes bug 8210; bugfix on 0.2.4.10-alpha. + diff --git a/changes/bug8218 b/changes/bug8218 new file mode 100644 index 0000000000..ce8d53ba62 --- /dev/null +++ b/changes/bug8218 @@ -0,0 +1,6 @@ + o Major bugfixes: + - Stop marking every relay as having been down for one hour every + time we restart a directory authority. These artificial downtimes + were messing with our Stable and Guard flag calculations. Fixes + bug 8218 (introduced by the fix for 1035). Bugfix on 0.2.2.23-alpha. + diff --git a/changes/bug8231 b/changes/bug8231 new file mode 100644 index 0000000000..fd87a1daec --- /dev/null +++ b/changes/bug8231 @@ -0,0 +1,5 @@ + o Major bugfixes: + - When unable to find any working directory nodes to use as a + directory guard, give up rather than adding the same non-working + nodes to the list over and over. Fixes bug 8231; bugfix on + 0.2.4.8-alpha. diff --git a/changes/bug8235-diagnosing b/changes/bug8235-diagnosing new file mode 100644 index 0000000000..b760035cfc --- /dev/null +++ b/changes/bug8235-diagnosing @@ -0,0 +1,5 @@ + o Minor features (diagnostic) + - If the state file's path bias counts are invalid (presumably from a + buggy tor prior to 0.2.4.10-alpha), make them correct. + - Add additional checks and log messages to the scaling of Path Bias + counts, in case there still are remaining issues with scaling. diff --git a/changes/bug8253-fix b/changes/bug8253-fix new file mode 100644 index 0000000000..3d36d06c88 --- /dev/null +++ b/changes/bug8253-fix @@ -0,0 +1,6 @@ + o Minor bugfixes (log messages) + - Fix a scaling issue in the path bias accounting code that resulted in + "Bug:" log messages from either pathbias_scale_close_rates() or + pathbias_count_build_success(). This represents a bugfix on a previous + bugfix: The original fix attempted in 0.2.4.10-alpha was incomplete. + Fixes bug 8235; bugfix on 0.2.4.1-alpha. diff --git a/changes/bug8273 b/changes/bug8273 new file mode 100644 index 0000000000..257f57e7ab --- /dev/null +++ b/changes/bug8273 @@ -0,0 +1,3 @@ + o Critical bugfixes: + - When dirserv.c computes flags and thresholds, use measured bandwidths + in preference to advertised ones. diff --git a/changes/bug8290 b/changes/bug8290 new file mode 100644 index 0000000000..d1fce7d8b5 --- /dev/null +++ b/changes/bug8290 @@ -0,0 +1,9 @@ + o Removed files: + - The tor-tsocks.conf is no longer distributed or installed. We + recommend that tsocks users use torsocks instead. Resolves + ticket 8290. + + o Documentation fixes: + - The torify manpage no longer refers to tsocks; torify hasn't + supported tsocks since 0.2.3.14-alpha. + - The manpages no longer reference tsocks. diff --git a/changes/bug8408 b/changes/bug8408 new file mode 100644 index 0000000000..ae9cf172e1 --- /dev/null +++ b/changes/bug8408 @@ -0,0 +1,4 @@ + o Minor bugfixes: + - Allow TestingTorNetworks to override the 4096-byte minimum for the Fast + threshold. Otherwise they can't bootstrap until they've observed more + traffic. Fixes bug 8508; bugfix on 0.2.4.10-alpha. diff --git a/changes/bug8427 b/changes/bug8427 new file mode 100644 index 0000000000..22b003fc38 --- /dev/null +++ b/changes/bug8427 @@ -0,0 +1,5 @@ + o Minor bugfixes: + - If we encounter a write failure on a SOCKS connection before we + finish our SOCKS handshake, don't warn that we closed the + connection before we could send a SOCKS reply. Fixes bug 8427; + bugfix on 0.1.0.1-rc. diff --git a/changes/bug8435 b/changes/bug8435 new file mode 100644 index 0000000000..da7ca7c1f8 --- /dev/null +++ b/changes/bug8435 @@ -0,0 +1,4 @@ + o Major bugfixes: + - When dirserv.c computes flags and thresholds, ignore advertised + bandwidths if we have more than a threshold number of routers with + measured bandwidths. diff --git a/changes/bug8464 b/changes/bug8464 new file mode 100644 index 0000000000..74ff2e39ff --- /dev/null +++ b/changes/bug8464 @@ -0,0 +1,5 @@ + o Minor bugfixes: + - Correct our check for which versions of Tor support the EXTEND2 + cell. We had been willing to send it to Tor 0.2.4.7-alpha and + later, when support was really added in version 0.2.4.8-alpha. + Fixes bug 8464; bugfix on 0.2.4.8-alpha. diff --git a/changes/bug8475 b/changes/bug8475 new file mode 100644 index 0000000000..eb8debedba --- /dev/null +++ b/changes/bug8475 @@ -0,0 +1,4 @@ + o Major bugfixes: + - If configured via ClientDNSRejectInternalAddresses not to report + DNS queries which have resolved to internal addresses, apply that + rule to IPv6 as well. Fixes bug 8475; bugfix on 0.2.0.7-alpha. diff --git a/changes/bug8477-easypart b/changes/bug8477-easypart new file mode 100644 index 0000000000..0f8f1031c5 --- /dev/null +++ b/changes/bug8477-easypart @@ -0,0 +1,3 @@ + o Minor bugfixes: + - Log the purpose of a path-bias testing circuit correctly. + Improves a log message from bug 8477; bugfix on 0.2.4.8-alpha. diff --git a/changes/bug8587 b/changes/bug8587 new file mode 100644 index 0000000000..84d2f1ec0d --- /dev/null +++ b/changes/bug8587 @@ -0,0 +1,5 @@ + o Minor bugfixes (build): + - Build Tor correctly on 32-bit platforms where the compiler can build + but not run code using the "uint128_t" construction. Fixes bug 8587; + bugfix on 0.2.4.8-alpha. + diff --git a/changes/bug8596 b/changes/bug8596 new file mode 100644 index 0000000000..dd36bad855 --- /dev/null +++ b/changes/bug8596 @@ -0,0 +1,3 @@ + o Minor features: + - Add CACHED keyword to ADDRMAP events in the control protocol to indicate + whether a DNS result will be cached or not. diff --git a/changes/bug8598 b/changes/bug8598 new file mode 100644 index 0000000000..e31c8f3c74 --- /dev/null +++ b/changes/bug8598 @@ -0,0 +1,6 @@ + o Bugfixes: + - Fix compilation warning with some versions of clang that would prefer + the -Wswitch-enum compiler flag to warn about switch statements with + missing enum values, even if those switch statements have a default: + statement. Fixes bug 8598; bugfix on 0.2.4.10-alpha. + diff --git a/changes/bug8599 b/changes/bug8599 new file mode 100644 index 0000000000..204ef58c3f --- /dev/null +++ b/changes/bug8599 @@ -0,0 +1,4 @@ + o Minor bugfixes: + - Fix some logic errors when the user manually overrides the + PathsNeededToBuildCircuits option in torrc. Fixes bug 8599; bugfix + on 0.2.4.10-alpha. diff --git a/changes/bug8638 b/changes/bug8638 new file mode 100644 index 0000000000..3a790e567d --- /dev/null +++ b/changes/bug8638 @@ -0,0 +1,3 @@ + o Minor features + In our testsuite, create temporary directories with a bit more entropy + in their name to make name collissions less likely. Fixes bug 8638. diff --git a/changes/bug8639 b/changes/bug8639 new file mode 100644 index 0000000000..0db5c91429 --- /dev/null +++ b/changes/bug8639 @@ -0,0 +1,5 @@ + o Normal bugfixes: + - When launching a resolve request on behalf of an AF_UNIX control + socket, omit the address field of the new entry connection, used in + subsequent controller events, rather than letting tor_dup_addr() set + it to "<unknown address type>". Fixes bug 8639. diff --git a/changes/bug8711 b/changes/bug8711 new file mode 100644 index 0000000000..28a1daa454 --- /dev/null +++ b/changes/bug8711 @@ -0,0 +1,6 @@ + o Minor features (authority): + - Add a "ignoring-advertised-bws" boolean to our flag-thresholds + lines to describe whether we have enough measured bandwidths to + ignore advertised bandwidth claims. Closes ticket 8711. + + diff --git a/changes/bug8716 b/changes/bug8716 new file mode 100644 index 0000000000..74c74f82a6 --- /dev/null +++ b/changes/bug8716 @@ -0,0 +1,3 @@ + o Minor bugfixes (memory leak): + - Fix a memory leak that would occur whenever a configuration + option changed. Fixes bug #8718; bugfix on 0.2.3.3-alpha. diff --git a/changes/bug8719 b/changes/bug8719 new file mode 100644 index 0000000000..c05b79ddec --- /dev/null +++ b/changes/bug8719 @@ -0,0 +1,6 @@ + o Major bugfixes (memory leak): + - Avoid a memory leak where we would leak a consensus body when we find + that a consensus which we couldn't previously verify due to missing + certificates is now verifiable. Fixes bug 8719; bugfix on + 0.2.0.10-alpha. + diff --git a/changes/bug8822 b/changes/bug8822 new file mode 100644 index 0000000000..c6787afe06 --- /dev/null +++ b/changes/bug8822 @@ -0,0 +1,5 @@ + o Major bugfixes (windows): + - Prevent failures on Windows Vista and later when rebuilding the + microdescriptor cache. Diagnosed by Robert Ransom. Fixes bug 8822; + bugfix on 0.2.4.12-alpha. + diff --git a/changes/bug8833 b/changes/bug8833 new file mode 100644 index 0000000000..681a86191f --- /dev/null +++ b/changes/bug8833 @@ -0,0 +1,3 @@ + o Major bugfixes (directory authority): + - Fix a crash bug when building a consensus using an older consensus as + its basis. Fixes bug 8833. Bugfix on 0.2.4.12-alpha. diff --git a/changes/bug8845 b/changes/bug8845 new file mode 100644 index 0000000000..ace043ab9b --- /dev/null +++ b/changes/bug8845 @@ -0,0 +1,3 @@ + o Minor bugfixes (test): + - Fix an impossible buffer overrun in the AES unit tests. Fixes bug 8845; + bugfix on 0.2.0.7-alpha. Found by eugenis. diff --git a/changes/bug8846 b/changes/bug8846 new file mode 100644 index 0000000000..377cc3708a --- /dev/null +++ b/changes/bug8846 @@ -0,0 +1,4 @@ + o Minor bugfixes: + - Give a less useless error message when the user asks for an IPv4 + address on an IPv6-only port, or vice versa. Fixes bug 8846; bugfix + on 0.2.4.7-alpha. diff --git a/changes/bug8879 b/changes/bug8879 new file mode 100644 index 0000000000..0d2a70086c --- /dev/null +++ b/changes/bug8879 @@ -0,0 +1,5 @@ + o Major bugfixes: + - Follow the socks5 protocol when offering username/password + authentication. The fix for bug 8117 exposed this bug, and it + turns out real-world applications like Pidgin do care. Bugfix on + 0.2.3.2-alpha; fixes bug 8879. diff --git a/changes/bug8965 b/changes/bug8965 new file mode 100644 index 0000000000..b5af279632 --- /dev/null +++ b/changes/bug8965 @@ -0,0 +1,3 @@ + o Removed documentation: + - Remove some of the older contents of doc/ as obsolete; move others + to torspec.git. Fixes bug 8965. diff --git a/changes/bug9047 b/changes/bug9047 new file mode 100644 index 0000000000..497f0d3372 --- /dev/null +++ b/changes/bug9047 @@ -0,0 +1,6 @@ + o Minor bugfixes: + - If for some reason we fail to write a microdescriptor while + rebuilding the cache, do not let the annotations from that + microdescriptor linger in the cache file, and do not let the + microdescriptor stay recorded as present in its old location. + Fixes bug 9047; bugfix on 0.2.2.6-alpha. diff --git a/changes/bug9063 b/changes/bug9063 index af3b1a87f4..dcbecf6179 100644 --- a/changes/bug9063 +++ b/changes/bug9063 @@ -1,3 +1,3 @@ o Normal bugfixes: - Close any circuit that has more cells queued than the spec permits. - Fixes bug #9063; bugfix on 0.2.3.25. + Fixes bug #9063; bugfix on 0.2.4.12. diff --git a/changes/bug9122 b/changes/bug9122 new file mode 100644 index 0000000000..5009da6126 --- /dev/null +++ b/changes/bug9122 @@ -0,0 +1,4 @@ + o Major bugfixes: + - When receiving a new configuration file via the control port's + LOADCONF command, do not treat the defaults file as absent. + Fixes bug 9122; bugfix on 0.2.3.9-alpha. diff --git a/changes/bug9147 b/changes/bug9147 new file mode 100644 index 0000000000..e6064ea0e5 --- /dev/null +++ b/changes/bug9147 @@ -0,0 +1,4 @@ + o Minor features: + - Issue a warning when running with the bufferevents backend enabled. + It's still not stable, and people should know that they're likely + to hit unexpected problems. Closes ticket 9147. diff --git a/changes/bug9200 b/changes/bug9200 new file mode 100644 index 0000000000..7b64dd1744 --- /dev/null +++ b/changes/bug9200 @@ -0,0 +1,5 @@ + o Major bugfixes: + - Fix a bug in the voting algorithm that could yield incorrect results + when a non-naming authority declared too many flags. Fixes bug 9200; + bugfix on 0.2.0.3-alpha. + diff --git a/changes/bug9213_doc b/changes/bug9213_doc new file mode 100644 index 0000000000..2f959dd831 --- /dev/null +++ b/changes/bug9213_doc @@ -0,0 +1,5 @@ + o Documentation: + - Correctly document that we search for a system torrc file before + looking in ~/.torrc. Fixes documentation side of 9213; bugfix + on 0.2.3.18-rc. + diff --git a/changes/bug9229 b/changes/bug9229 new file mode 100644 index 0000000000..ad7fd22c28 --- /dev/null +++ b/changes/bug9229 @@ -0,0 +1,5 @@ + o Minor bugfixes: + - Avoid 60-second delays in the bootstrapping process when Tor + is launching for a second time while using bridges. Fixes bug 9229; + bugfix on 0.2.0.3-alpha. + diff --git a/changes/bug9254 b/changes/bug9254 new file mode 100644 index 0000000000..5179bdc523 --- /dev/null +++ b/changes/bug9254 @@ -0,0 +1,4 @@ + o Minor bugfixes: + - Fix a spurious compilation warning with some older versions of + GCC on FreeBSD. Fixes bug 9254; bugfix on 0.2.4.14-alpha. + diff --git a/changes/bug9288 b/changes/bug9288 new file mode 100644 index 0000000000..59bf414ea1 --- /dev/null +++ b/changes/bug9288 @@ -0,0 +1,4 @@ + o Minor bugfixes: + - Fix an invalid memory read that occured when a pluggable + transport proxy failed its configuration protocol. + Fixes bug 9288. diff --git a/changes/bug9295 b/changes/bug9295 new file mode 100644 index 0000000000..2c113616c3 --- /dev/null +++ b/changes/bug9295 @@ -0,0 +1,4 @@ + o Major bugfixes: + - Avoid a crash when using --hash-password. Fixes bug 9295; bugfix on + 0.2.4.15-rc. Found by stem integration tests. + diff --git a/changes/bug9309 b/changes/bug9309 new file mode 100644 index 0000000000..38c462bc0f --- /dev/null +++ b/changes/bug9309 @@ -0,0 +1,6 @@ + o Minor bugfixes: + - When evaluating whether to use a connection that we haven't + decided is canonical using a recent link protocol version, + decide that it's canonical only if it used address _does_ + match the desired address. Fixes bug 9309; bugfix on + 0.2.4.4-alpha. Reported by skruffy. diff --git a/changes/bug9337 b/changes/bug9337 new file mode 100644 index 0000000000..ce99bc8184 --- /dev/null +++ b/changes/bug9337 @@ -0,0 +1,4 @@ + o Major bugfixes (DNS): + - Avoid an assertion failure when processing DNS replies without the + answer types we expected. Fixes bug 9337; bugfix on 0.2.4.7-alpha. + diff --git a/changes/bug9354 b/changes/bug9354 new file mode 100644 index 0000000000..68fc81a595 --- /dev/null +++ b/changes/bug9354 @@ -0,0 +1,5 @@ + o Minor bugfixes: + - Make the default behavior of NumDirectoryGuards be to track + NumEntryGuards. Now a user who changes only NumEntryGuards will get + the behavior she expects. Fixes bug 9354; bugfix on 0.2.4.8-alpha. + diff --git a/changes/bug9366 b/changes/bug9366 new file mode 100644 index 0000000000..acc919e77f --- /dev/null +++ b/changes/bug9366 @@ -0,0 +1,4 @@ + o Minor features (usability): + - Warn and fail if a server is configured not to advertise any + ORPorts at all. (We need *something* to put in our descriptor, or + we just won't work.) diff --git a/changes/bug9393 b/changes/bug9393 new file mode 100644 index 0000000000..9aedd1260b --- /dev/null +++ b/changes/bug9393 @@ -0,0 +1,4 @@ + o Minor bugfixes: + - Give the correct URL in the warning message that we present + when the user is trying to run a Tor relay on an ancient version + of Windows. Fixes bug 9393. diff --git a/changes/bug9400 b/changes/bug9400 new file mode 100644 index 0000000000..974224068a --- /dev/null +++ b/changes/bug9400 @@ -0,0 +1,7 @@ + o Minor bugfixes: + + - Avoid double-closing the listener socket in our socketpair replacement + (used on Windows) in the case where the addresses on our opened + sockets don't match what we expected. Fixes bug 9400; bugfix on + every released Tor version. Found by Coverity. + diff --git a/changes/bug9543 b/changes/bug9543 new file mode 100644 index 0000000000..753947f6fd --- /dev/null +++ b/changes/bug9543 @@ -0,0 +1,4 @@ + o Minor bugfixes: + - Avoid overflows when the user sets MaxCircuitDirtiness to a + ridiculously high value, by imposing a (ridiculously high) 30-day + maximum on MaxCircuitDirtiness. diff --git a/changes/bug9596 b/changes/bug9596 new file mode 100644 index 0000000000..b3d138ecdc --- /dev/null +++ b/changes/bug9596 @@ -0,0 +1,4 @@ + o Minor bugfixes: + - Correctly log long IPv6 exit policy, instead of truncating them + or reporting an error. Fixes bug 9596; bugfix on 0.2.4.7-alpha. + diff --git a/changes/bug9602 b/changes/bug9602 new file mode 100644 index 0000000000..2dc13c4c02 --- /dev/null +++ b/changes/bug9602 @@ -0,0 +1,5 @@ + o Bugfixes + - Null out orconn->chan->conn when closing orconn in case orconn is freed + before channel_run_cleanup() gets to orconn->chan, and handle the null + conn edge case correctly in channel_tls_t methods. Fixes bug #9602; + bugfix on 0.2.4.4-alpha. diff --git a/changes/bug9644 b/changes/bug9644 new file mode 100644 index 0000000000..51c58a5fff --- /dev/null +++ b/changes/bug9644 @@ -0,0 +1,4 @@ + o Minor bugfixes: + - Fix a small memory leak on exit. (We weren't freeing directory + authority certificate download statuses.) Fixes bug 9644; bugfix + on 0.2.4.13-alpha. diff --git a/changes/bug9645a b/changes/bug9645a new file mode 100644 index 0000000000..2daba65a00 --- /dev/null +++ b/changes/bug9645a @@ -0,0 +1,5 @@ + o Minor bugfixes: + - If we are unable to save a microdescriptor to the journal, do not + drop it from memory and then reattempt downloading it. Fixes bug + 9645; bugfix on 0.2.2.6-alpha. + diff --git a/changes/bug9686_024 b/changes/bug9686_024 new file mode 100644 index 0000000000..8705379d32 --- /dev/null +++ b/changes/bug9686_024 @@ -0,0 +1,5 @@ + o Minor features (security): + - Decrease the lower limit of MaxMemInCellQueues to 256 MBytes (but leave + the default at 8GBytes), to better support Raspberry Pi users. Fixes + bug 9686; bugfix on 0.2.4.14-alpha. + diff --git a/changes/bug9700 b/changes/bug9700 new file mode 100644 index 0000000000..f59f54cb01 --- /dev/null +++ b/changes/bug9700 @@ -0,0 +1,3 @@ + o Minor bugfixes (compilation): + - Fix a compilation error when compiling with --disable-cuve25519. + Fixes bug 9700; bugfix on 0.2.4.17-rc. diff --git a/changes/bug9716 b/changes/bug9716 new file mode 100644 index 0000000000..5e39077173 --- /dev/null +++ b/changes/bug9716 @@ -0,0 +1,4 @@ + o Bugfixes (performance): + - Set the listen() backlog limit to the largest actually supported + on the system, not to the value in a header file. Fixes bug 9716; + bugfix on every released Tor. diff --git a/changes/bug9731 b/changes/bug9731 new file mode 100644 index 0000000000..828496af3f --- /dev/null +++ b/changes/bug9731 @@ -0,0 +1,3 @@ + o Major bugfixes: + - Do not apply connection_consider_empty_read/write_buckets to + cpuworker connections. diff --git a/changes/bug9776 b/changes/bug9776 new file mode 100644 index 0000000000..ea3a96abb3 --- /dev/null +++ b/changes/bug9776 @@ -0,0 +1,5 @@ + o Normal bugfixes: + - Always call circuit_n_chan_done(chan, 0) from channel_closed(), so we + can't leak pending circuits in some cases where + run_connection_housekeeping() calls connection_or_close_normally(). + Fixes bug #9776; bugfix on 0.2.4.17. diff --git a/changes/bug9780 b/changes/bug9780 new file mode 100644 index 0000000000..3cb51bd528 --- /dev/null +++ b/changes/bug9780 @@ -0,0 +1,8 @@ + o Minor bugfixes (performance, fingerprinting): + - Our default TLS ecdhe groups were backwards: we meant to be using + P224 for relays (for performance win) and P256 for bridges (since + it is more common in the wild). Instead we had it backwards. After + reconsideration, we decided that the default should be P256 on all + hosts, since its security is probably better, and since P224 is + reportedly used quite little in the wild. Found by "skruffy" on + IRC. Fix for bug 9780; bugfix on 0.2.4.8-alpha. diff --git a/changes/bug9880 b/changes/bug9880 new file mode 100644 index 0000000000..a7dda8f82f --- /dev/null +++ b/changes/bug9880 @@ -0,0 +1,8 @@ + o Minor bugfixes: + + - When closing a channel that has already been open, do not close + pending circuits that were waiting to connect to the same relay. + Fixes bug 9880; bugfix on 0.2.5.1-alpha. Thanks to skruffy for + finding this bug. (Bug was merged to 0.2.4 branch but not released + in any 0.2.4 version) + diff --git a/changes/bug9904 b/changes/bug9904 new file mode 100644 index 0000000000..eec4144cce --- /dev/null +++ b/changes/bug9904 @@ -0,0 +1,4 @@ + o Minor bugfixes: + - When examining list of network interfaces to find our address, do + not consider non-running or disabled network interfaces. Fixes bug + 9904; bugfix on 0.2.3.11-alpha. Patch from "hantwister". diff --git a/changes/bug9927 b/changes/bug9927 new file mode 100644 index 0000000000..e66280c3c4 --- /dev/null +++ b/changes/bug9927 @@ -0,0 +1,4 @@ + o Minor features: + - Generate bootstrapping status update events correctly for fetching + microdescriptors. Fixes bug 9927. + diff --git a/changes/bug9946 b/changes/bug9946 new file mode 100644 index 0000000000..5d1c888743 --- /dev/null +++ b/changes/bug9946 @@ -0,0 +1,11 @@ + o Minor bugfixes: + - If the guard we choose first doesn't answer, we would try the + second guard, but once we connected to the second guard we would + abandon it and retry the first one, slowing down bootstrapping. + The fix is to treat all our initially chosen guards as acceptable + to use. Fixes bug 9946; bugfix on 0.1.1.11-alpha. + + o Major bugfixes: + - Stop trying to fetch all our directory information from our first + guard. Discovered while fixing bug 9946; bugfix on 0.2.4.8-alpha. + diff --git a/changes/cov709056 b/changes/cov709056 deleted file mode 100644 index 64a75ad8a2..0000000000 --- a/changes/cov709056 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes: - - Check return value of fputs() when writing authority certificate - file. Fixes Coverity issue 709056; bugfix on 0.2.0.1-alpha. - diff --git a/changes/cov980650 b/changes/cov980650 new file mode 100644 index 0000000000..cbbada2e66 --- /dev/null +++ b/changes/cov980650 @@ -0,0 +1,4 @@ + o Minor bugfixes: + - Fix a copy-and-paste error when adding a missing A1 to a routerset + because of GeoIPExcludeUnknown. Fix for coverity CID 980650. + Bugfix on 0.2.4.10-alpha. diff --git a/changes/curve25519-donna32-bug b/changes/curve25519-donna32-bug new file mode 100644 index 0000000000..7fccab1b0c --- /dev/null +++ b/changes/curve25519-donna32-bug @@ -0,0 +1,12 @@ + o Major bugfixes: + + - Fix a bug in the bounds-checking in the 32-bit curve25519-donna + implementation that caused incorrect results on 32-bit + implementations when certain malformed inputs were used along with + a small class of private ntor keys. This bug does not currently + appear to allow an attacker to learn private keys or impersonate a + Tor server, but it could provide a means to distinguish 32-bit Tor + implementations from 64-bit Tor implementations. Fixes bug 12694; + bugfix on 0.2.4.8-alpha. Bug found by Robert Ransom; fix from + Adam Langley. + diff --git a/changes/cve-2012-2249 b/changes/cve-2012-2249 deleted file mode 100644 index 625bfa2f58..0000000000 --- a/changes/cve-2012-2249 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes (security): - - Discard extraneous renegotiation attempts once the V3 link - protocol has been initiated. Failure to do so left us open to - a remotely triggerable assertion failure. Fixes CVE-2012-2249; - bugfix on 0.2.3.6-alpha. Reported by "some guy from France". diff --git a/changes/dirserv-BUGGY-a b/changes/dirserv-BUGGY-a deleted file mode 100644 index 35b492a2d7..0000000000 --- a/changes/dirserv-BUGGY-a +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes: - - - Don't serve or accept v2 hidden service descriptors over a - relay's DirPort. It's never correct to do so, and disabling it - might make it more annoying to exploit any bugs that turn up in the - descriptor-parsing code. Fixes bug 7149. - diff --git a/changes/disable_pathbias_messages b/changes/disable_pathbias_messages deleted file mode 100644 index 3bc996347b..0000000000 --- a/changes/disable_pathbias_messages +++ /dev/null @@ -1,3 +0,0 @@ - o Disabeled features - - Downgrade path-bias warning messages to INFO. We'll try to get them - working better in 0.2.4. Fixes bug 6475; bugfix on 0.2.3.17-beta. diff --git a/changes/doc-heartbeat-loglevel b/changes/doc-heartbeat-loglevel new file mode 100644 index 0000000000..91f40ad260 --- /dev/null +++ b/changes/doc-heartbeat-loglevel @@ -0,0 +1,3 @@ + o Minor documentation fixes: + - Fix the documentation of HeartbeatPeriod to say that the heartbeat + message is logged at notice, not at info. diff --git a/changes/easy.ratelim b/changes/easy.ratelim new file mode 100644 index 0000000000..cadd1e4f5e --- /dev/null +++ b/changes/easy.ratelim @@ -0,0 +1,3 @@ + o Code simplification and refactoring: + - Add a wrapper function for the common "log a message with a rate-limit" + case. diff --git a/changes/feature4994 b/changes/feature4994 new file mode 100644 index 0000000000..4fa0e037b7 --- /dev/null +++ b/changes/feature4994 @@ -0,0 +1,7 @@ + o Minor features: + - Teach bridge-using clients to avoid 0.2.2 bridges when making + microdescriptor-related dir requests, and only fall back to normal + descriptors if none of their bridges can handle microdescriptors + (as opposed to the fix in ticket 4013, which caused them to fall + back to normal descriptors if *any* of their bridges preferred + them). Resolves ticket 4994. diff --git a/changes/feature9574 b/changes/feature9574 new file mode 100644 index 0000000000..723606e396 --- /dev/null +++ b/changes/feature9574 @@ -0,0 +1,7 @@ + o Major features: + - Relays now process the new "NTor" circuit-level handshake requests + with higher priority than the old "TAP" circuit-level handshake + requests. We still process some TAP requests to not totally starve + 0.2.3 clients when NTor becomes popular. A new consensus parameter + "NumNTorsPerTAP" lets us tune the balance later if we need to. + Implements ticket 9574. diff --git a/changes/feature9777 b/changes/feature9777 new file mode 100644 index 0000000000..312b5e034e --- /dev/null +++ b/changes/feature9777 @@ -0,0 +1,3 @@ + o Minor features: + - Avoid using circuit paths if no node in the path supports the ntor + circuit extension handshake. Implements ticket 9777. diff --git a/changes/ff28_ciphers b/changes/ff28_ciphers new file mode 100644 index 0000000000..05eb4e9bcc --- /dev/null +++ b/changes/ff28_ciphers @@ -0,0 +1,6 @@ + o Minor features (performance, compatibility): + - Update the list of TLS cipehrsuites that a client advertises + to match those advertised by Firefox 28. This enables selection of + (fast) GCM ciphersuites, disables some strange old ciphers, and + disables the ECDH (not to be confused with ECDHE) ciphersuites. + Resolves ticket 11438. diff --git a/changes/fix-geoipexclude-doc b/changes/fix-geoipexclude-doc new file mode 100644 index 0000000000..63b544ef29 --- /dev/null +++ b/changes/fix-geoipexclude-doc @@ -0,0 +1,4 @@ + o Documentation fixes: + - Fix the GeoIPExcludeUnknown documentation to refer to ExcludeExitNodes + rather than the currently nonexistent ExcludeEntryNodes. Spotted by + "hamahangi" on tor-talk. diff --git a/changes/geoip-dec2012 b/changes/geoip-dec2012 deleted file mode 100644 index 26431c2e8a..0000000000 --- a/changes/geoip-dec2012 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update to the December 5 2012 Maxmind GeoLite Country database. - diff --git a/changes/geoip-jan2013 b/changes/geoip-jan2013 deleted file mode 100644 index 45e5a150cc..0000000000 --- a/changes/geoip-jan2013 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update to the January 2 2013 Maxmind GeoLite Country database. - diff --git a/changes/geoip-nov2012 b/changes/geoip-nov2012 deleted file mode 100644 index 22e7bace58..0000000000 --- a/changes/geoip-nov2012 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update to the November 7 2012 Maxmind GeoLite Country database. - diff --git a/changes/geoip6-august2014 b/changes/geoip6-august2014 new file mode 100644 index 0000000000..7e7c9a975d --- /dev/null +++ b/changes/geoip6-august2014 @@ -0,0 +1,3 @@ + o Minor features: + - Update geoip6 to the August 7 2014 Maxmind GeoLite2 Country database. + diff --git a/changes/geoip6-february2014 b/changes/geoip6-february2014 new file mode 100644 index 0000000000..af30be00b1 --- /dev/null +++ b/changes/geoip6-february2014 @@ -0,0 +1,3 @@ + o Minor features: + - Update geoip6 to the February 7 2014 Maxmind GeoLite2 Country + database. diff --git a/changes/geoip6-july2014 b/changes/geoip6-july2014 new file mode 100644 index 0000000000..155788ef88 --- /dev/null +++ b/changes/geoip6-july2014 @@ -0,0 +1,2 @@ + o Minor features: + - Update geoip6 to the July 10 2014 Maxmind GeoLite2 Country database. diff --git a/changes/geoip6-june2014 b/changes/geoip6-june2014 new file mode 100644 index 0000000000..1a33e6fb45 --- /dev/null +++ b/changes/geoip6-june2014 @@ -0,0 +1,2 @@ + o Minor features: + - Update geoip and geoip6 to the June 4 2014 Maxmind GeoLite2 Country database. diff --git a/changes/integers_donna b/changes/integers_donna new file mode 100644 index 0000000000..e9c69e8e1c --- /dev/null +++ b/changes/integers_donna @@ -0,0 +1,3 @@ + o Minor bugfixes (portability) + - Tweak the curve25519-donna*.c implementations to tolerate systems + that lack stdint.h. Fixes bug 3894; bugfix on 0.2.4.8-alpha. diff --git a/changes/less_charbuf_usage b/changes/less_charbuf_usage new file mode 100644 index 0000000000..2ec42b544a --- /dev/null +++ b/changes/less_charbuf_usage @@ -0,0 +1,5 @@ + o Code simplification and refactoring: + - Avoid using character buffers when constructing most directory + objects: this approach was unweildy and error-prone. Instead, + build smartlists of strings, and concatenate them when done. + diff --git a/changes/link_negotiation_assert b/changes/link_negotiation_assert deleted file mode 100644 index 398a545573..0000000000 --- a/changes/link_negotiation_assert +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfixs (security): - - Fix a group of remotely triggerable assertion failures related to - incorrect link protocol negotiation. Found, diagnosed, and fixed - by "some guy from France." Fix for CVE-2012-2250; bugfix on - 0.2.3.6-alpha. - diff --git a/changes/log-noise b/changes/log-noise new file mode 100644 index 0000000000..bbbf0d2c0c --- /dev/null +++ b/changes/log-noise @@ -0,0 +1,11 @@ + o Minor bugfixes (log message reduction) + - Fix a path state issue that triggered a notice during relay startup. + Fixes bug #8320; bugfix on 0.2.4.10-alpha. + - Reduce occurrences of warns about circuit purpose in + connection_ap_expire_building(). Fixes bug #8477; bugfix on + 0.2.4.11-alpha. + - Fix a directory authority warn caused when we have a large amount + of badexit bandwidth. Fixes bug #8419; bugfix on 0.2.2.10-alpha. + - Reduce a path bias length check notice log to info. The notice + is triggered when creating controller circuits. Fixes bug #8196; + bugfix on 0.2.4.8-alpha. diff --git a/changes/no_client_timestamps_024 b/changes/no_client_timestamps_024 new file mode 100644 index 0000000000..41dea2f1a6 --- /dev/null +++ b/changes/no_client_timestamps_024 @@ -0,0 +1,14 @@ + o Minor features (security, timestamp avoidance, proposal 222): + - Clients no longer send timestamps in their NETINFO cells. These were + not used for anything, and they provided one small way for clients + to be distinguished from each other as they moved from network to + network or behind NAT. Implements part of proposal 222. + - Clients now round timestamps in INTRODUCE cells down to the nearest + 10 minutes. If a new Support022HiddenServices option is set to 0, + or if it's set to "auto" and the feature is disabled in the consensus, + the timestamp is sent as 0 instead. Implements part of proposal 222. + - Stop sending timestamps in AUTHENTICATE cells. This is not such + a big deal from a security point of view, but it achieves no actual + good purpose, and isn't needed. Implements part of proposal 222. + - Reduce down accuracy of timestamps in hidden service descriptors. + Implements part of proposal 222. diff --git a/changes/pathsel-BUGGY-a b/changes/pathsel-BUGGY-a deleted file mode 100644 index 2e642c7953..0000000000 --- a/changes/pathsel-BUGGY-a +++ /dev/null @@ -1,14 +0,0 @@ - o Security fixes: - - - Try to leak less information about what relays a client is - choosing to a side-channel attacker. Previously, a Tor client - would stop iterating through the list of available relays as - soon as it had chosen one, thus finishing a little earlier - when it picked a router earlier in the list. If an attacker - can recover this timing information (nontrivial but not - proven to be impossible), they could learn some coarse- - grained information about which relays a client was picking - (middle nodes in particular are likelier to be affected than - exits). The timing attack might be mitigated by other factors - (see bug #6537 for some discussion), but it's best not to - take chances. Fixes bug 6537; bugfix on 0.0.8rc1. diff --git a/changes/port_doc b/changes/port_doc deleted file mode 100644 index 0e8662f0ab..0000000000 --- a/changes/port_doc +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (usability): - - Try to make the warning when giving an obsolete SOCKSListenAddress - a littel more useful. diff --git a/changes/prop221 b/changes/prop221 new file mode 100644 index 0000000000..b2bf44bc37 --- /dev/null +++ b/changes/prop221 @@ -0,0 +1,6 @@ + o Minor features: + - Stop sending the CREATE_FAST cells by default; instead, use a + parameter in the consensus to decide whether to use + CREATE_FAST. This can improve security on connections where + Tor's circuit handshake is stronger than the available TLS + connection security levels. Implements proposal 221. diff --git a/changes/revert-geoip-may2012 b/changes/revert-geoip-may2012 deleted file mode 100644 index e420947a34..0000000000 --- a/changes/revert-geoip-may2012 +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfixes: - - Revert to the May 1 2012 Maxmind GeoLite Country database. In the - June 2012 database, Maxmind marked many Tor relays as country "A1", - which will cause risky behavior for clients that set EntryNodes - or ExitNodes. Addresses bug 6334; bugfix on 0.2.3.17-beta. - diff --git a/changes/signof_enum b/changes/signof_enum new file mode 100644 index 0000000000..ba4fb597d7 --- /dev/null +++ b/changes/signof_enum @@ -0,0 +1,7 @@ + o Code simplifications and refactoring: + - Use Ville Laurikari's implementation of AX_CHECK_SIGN() to determine + the signs of types during autoconf. This is better than our old + approach, which didn't work when cross-compiling. + - Detect the sign of enum values, rather than assuming that MSC is the + only compiler where enum types are all signed. Fix for bug 7727; + bugfix on 0.2.4.10-alpha. diff --git a/changes/smartlist_foreach b/changes/smartlist_foreach deleted file mode 100644 index 2fd3a1a85c..0000000000 --- a/changes/smartlist_foreach +++ /dev/null @@ -1,8 +0,0 @@ - o Code simplification and refactoring: - - Do not use SMARTLIST_FOREACH for any loop whose body exceeds - 10 lines. Doing so in the past has led to hard-to-debug code. - The new style is to use the SMARTLIST_FOREACH_{BEGIN,END} pair. - Issue 6400. - - Do not nest SMARTLIST_FOREACH blocks within one another. Any - nested block ought to be using SMARTLIST_FOREACH_{BEGIN,END}. - Issue 6400. diff --git a/changes/ticket11528 b/changes/ticket11528 new file mode 100644 index 0000000000..15daad9950 --- /dev/null +++ b/changes/ticket11528 @@ -0,0 +1,6 @@ + o Minor features: + - Servers now trust themselves to have a better view than clients of + which TLS ciphersuites to choose. (Thanks to #11513, the server + list is now well-considered, whereas the client list has been + chosen mainly for anti-fingerprinting purposes.) Resolves ticket + 11528. diff --git a/changes/ticket12688 b/changes/ticket12688 new file mode 100644 index 0000000000..88228e5506 --- /dev/null +++ b/changes/ticket12688 @@ -0,0 +1,6 @@ + Major features: + - Make the number of entry guards configurable via a new + NumEntryGuards consensus parameter, and the number of directory + guards configurable via a new NumDirectoryGuards consensus + parameter. Implements ticket 12688. + diff --git a/changes/ticket2267 b/changes/ticket2267 new file mode 100644 index 0000000000..b589b5721f --- /dev/null +++ b/changes/ticket2267 @@ -0,0 +1,8 @@ + o Minor features: + - Refactor resolve_my_address() so it returns the method by which we + decided our public IP address (explicitly configured, resolved from + explicit hostname, guessed from interfaces, learned by gethostname). + Now we can provide more helpful log messages when a relay guesses + its IP address incorrectly (e.g. due to unexpected lines in + /etc/hosts). Resolves ticket 2267. + diff --git a/changes/ticket5749 b/changes/ticket5749 deleted file mode 100644 index 0237241981..0000000000 --- a/changes/ticket5749 +++ /dev/null @@ -1,3 +0,0 @@ - o New directory authorities: - - Add Faravahar (run by Sina Rabbani) as the ninth v3 directory - authority. Closes ticket 5749. diff --git a/changes/ticket8240 b/changes/ticket8240 new file mode 100644 index 0000000000..91e6f8c14a --- /dev/null +++ b/changes/ticket8240 @@ -0,0 +1,4 @@ + o Major security fixes: + - Make the default guard lifetime controllable via a new + GuardLifetime torrc option and a GuardLifetime consensus + parameter. Start of a fix for bug 8240; bugfix on 0.1.1.11-alpha. diff --git a/changes/ticket8443 b/changes/ticket8443 new file mode 100644 index 0000000000..ca6fb2f471 --- /dev/null +++ b/changes/ticket8443 @@ -0,0 +1,4 @@ + o Minor features: + - Randomize the lifetime of our SSL link certificate, so censors can't + use the static value for filtering Tor flows. Resolves ticket 8443; + related to ticket 4014 which was included in 0.2.2.33. diff --git a/changes/ticket9658 b/changes/ticket9658 new file mode 100644 index 0000000000..a8db2efba8 --- /dev/null +++ b/changes/ticket9658 @@ -0,0 +1,4 @@ + o Minor features: + - Track how many "TAP" and "NTor" circuit handshake requests we get, + and how many we complete, and log it every hour to help relay + operators follow trends in network load. Addresses ticket 9658. diff --git a/changes/ticket9866 b/changes/ticket9866 new file mode 100644 index 0000000000..6cbb1110db --- /dev/null +++ b/changes/ticket9866 @@ -0,0 +1,3 @@ + o Documentation: + - Add anchors to the manpage so we can link to the documentation for + specific options. Resolves ticket 9866. diff --git a/changes/v3_intro_len b/changes/v3_intro_len new file mode 100644 index 0000000000..fbe39bce3b --- /dev/null +++ b/changes/v3_intro_len @@ -0,0 +1,8 @@ + o Major bugfixes: + + - Fix an uninitialized read that could (in some cases) lead to a remote + crash while parsing INTRODUCE 1 cells. (This is, so far as we know, + unrelated to the recent news.) Fixes bug XXX; bugfix on + 0.2.4.1-alpha. Anybody running a hidden service on the experimental + 0.2.4.x branch should upgrade. + diff --git a/changes/warn-unsigned-time_t b/changes/warn-unsigned-time_t new file mode 100644 index 0000000000..5f0c36d099 --- /dev/null +++ b/changes/warn-unsigned-time_t @@ -0,0 +1,5 @@ + o Build improvements: + - Warn if building on a platform with an unsigned time_t: there + are too many places where Tor currently assumes that time_t can + hold negative values. We'd like to fix them all, but probably + some will remain. |