summaryrefslogtreecommitdiff
path: root/changes
diff options
context:
space:
mode:
Diffstat (limited to 'changes')
-rw-r--r--changes/10777_netunreach7
-rw-r--r--changes/6783_big_hammer6
-rw-r--r--changes/98543
-rw-r--r--changes/bug101243
-rw-r--r--changes/bug1038-36
-rw-r--r--changes/bug1040211
-rw-r--r--changes/bug104093
-rw-r--r--changes/bug104234
-rw-r--r--changes/bug104566
-rw-r--r--changes/bug104653
-rw-r--r--changes/bug104704
-rw-r--r--changes/bug104854
-rw-r--r--changes/bug10777_internal_0244
-rw-r--r--changes/bug107934
-rw-r--r--changes/bug108354
-rw-r--r--changes/bug108706
-rw-r--r--changes/bug109045
-rw-r--r--changes/bug109296
-rw-r--r--changes/bug114373
-rw-r--r--changes/bug1151312
-rw-r--r--changes/bug115535
-rw-r--r--changes/bug122275
-rw-r--r--changes/bug127185
-rw-r--r--changes/bug13151-client13
-rw-r--r--changes/bug199211
-rw-r--r--changes/bug22865
-rw-r--r--changes/bug55958
-rw-r--r--changes/bug60242
-rw-r--r--changes/bug60264
-rw-r--r--changes/bug60436
-rw-r--r--changes/bug60556
-rw-r--r--changes/bug61746
-rw-r--r--changes/bug62066
-rw-r--r--changes/bug62183
-rw-r--r--changes/bug6244_part_c6
-rw-r--r--changes/bug62516
-rw-r--r--changes/bug6252_again11
-rw-r--r--changes/bug62717
-rw-r--r--changes/bug62743
-rw-r--r--changes/bug6274_23
-rw-r--r--changes/bug62964
-rw-r--r--changes/bug63044
-rw-r--r--changes/bug63415
-rw-r--r--changes/bug63774
-rw-r--r--changes/bug63796
-rw-r--r--changes/bug63873
-rw-r--r--changes/bug63974
-rw-r--r--changes/bug640416
-rw-r--r--changes/bug64233
-rw-r--r--changes/bug64363
-rw-r--r--changes/bug64724
-rw-r--r--changes/bug64756
-rw-r--r--changes/bug64805
-rw-r--r--changes/bug64904
-rw-r--r--changes/bug65002
-rw-r--r--changes/bug650715
-rw-r--r--changes/bug65145
-rw-r--r--changes/bug65305
-rw-r--r--changes/bug65724
-rw-r--r--changes/bug66734
-rw-r--r--changes/bug66907
-rw-r--r--changes/bug67106
-rw-r--r--changes/bug67323
-rw-r--r--changes/bug67439
-rw-r--r--changes/bug67744
-rw-r--r--changes/bug68015
-rw-r--r--changes/bug68115
-rw-r--r--changes/bug68279
-rw-r--r--changes/bug68444
-rw-r--r--changes/bug68664
-rw-r--r--changes/bug70145
-rw-r--r--changes/bug70223
-rw-r--r--changes/bug70376
-rw-r--r--changes/bug70544
-rw-r--r--changes/bug70655
-rw-r--r--changes/bug71399
-rw-r--r--changes/bug71434
-rw-r--r--changes/bug7164_diagnostic4
-rw-r--r--changes/bug71906
-rw-r--r--changes/bug71915
-rw-r--r--changes/bug719210
-rw-r--r--changes/bug72804
-rw-r--r--changes/bug730211
-rw-r--r--changes/bug73504
-rw-r--r--changes/bug735212
-rw-r--r--changes/bug74644
-rw-r--r--changes/bug75829
-rw-r--r--changes/bug7707_diagnostic5
-rw-r--r--changes/bug77683
-rw-r--r--changes/bug77997
-rw-r--r--changes/bug780113
-rw-r--r--changes/bug7816.0248
-rw-r--r--changes/bug7816_0237
-rw-r--r--changes/bug7816_023_small3
-rw-r--r--changes/bug78898
-rw-r--r--changes/bug79027
-rw-r--r--changes/bug79474
-rw-r--r--changes/bug79504
-rw-r--r--changes/bug79823
-rw-r--r--changes/bug80025
-rw-r--r--changes/bug80145
-rw-r--r--changes/bug80317
-rw-r--r--changes/bug80378
-rw-r--r--changes/bug80596
-rw-r--r--changes/bug80625
-rw-r--r--changes/bug80656
-rw-r--r--changes/bug8093.part13
-rw-r--r--changes/bug811713
-rw-r--r--changes/bug81217
-rw-r--r--changes/bug81515
-rw-r--r--changes/bug81583
-rw-r--r--changes/bug81616
-rw-r--r--changes/bug81807
-rw-r--r--changes/bug8185_diagnostic3
-rw-r--r--changes/bug82005
-rw-r--r--changes/bug82034
-rw-r--r--changes/bug82077
-rw-r--r--changes/bug82096
-rw-r--r--changes/bug82106
-rw-r--r--changes/bug82186
-rw-r--r--changes/bug82315
-rw-r--r--changes/bug8235-diagnosing5
-rw-r--r--changes/bug8253-fix6
-rw-r--r--changes/bug82733
-rw-r--r--changes/bug82909
-rw-r--r--changes/bug84084
-rw-r--r--changes/bug84275
-rw-r--r--changes/bug84354
-rw-r--r--changes/bug84645
-rw-r--r--changes/bug84754
-rw-r--r--changes/bug8477-easypart3
-rw-r--r--changes/bug85875
-rw-r--r--changes/bug85963
-rw-r--r--changes/bug85986
-rw-r--r--changes/bug85994
-rw-r--r--changes/bug86383
-rw-r--r--changes/bug86395
-rw-r--r--changes/bug87116
-rw-r--r--changes/bug87163
-rw-r--r--changes/bug87196
-rw-r--r--changes/bug88225
-rw-r--r--changes/bug88333
-rw-r--r--changes/bug88453
-rw-r--r--changes/bug88464
-rw-r--r--changes/bug88795
-rw-r--r--changes/bug89653
-rw-r--r--changes/bug90476
-rw-r--r--changes/bug90632
-rw-r--r--changes/bug91224
-rw-r--r--changes/bug91474
-rw-r--r--changes/bug92005
-rw-r--r--changes/bug9213_doc5
-rw-r--r--changes/bug92295
-rw-r--r--changes/bug92544
-rw-r--r--changes/bug92884
-rw-r--r--changes/bug92954
-rw-r--r--changes/bug93096
-rw-r--r--changes/bug93374
-rw-r--r--changes/bug93545
-rw-r--r--changes/bug93664
-rw-r--r--changes/bug93934
-rw-r--r--changes/bug94007
-rw-r--r--changes/bug95434
-rw-r--r--changes/bug95964
-rw-r--r--changes/bug96025
-rw-r--r--changes/bug96444
-rw-r--r--changes/bug9645a5
-rw-r--r--changes/bug9686_0245
-rw-r--r--changes/bug97003
-rw-r--r--changes/bug97164
-rw-r--r--changes/bug97313
-rw-r--r--changes/bug97765
-rw-r--r--changes/bug97808
-rw-r--r--changes/bug98808
-rw-r--r--changes/bug99044
-rw-r--r--changes/bug99274
-rw-r--r--changes/bug994611
-rw-r--r--changes/cov7090564
-rw-r--r--changes/cov9806504
-rw-r--r--changes/curve25519-donna32-bug12
-rw-r--r--changes/cve-2012-22495
-rw-r--r--changes/dirserv-BUGGY-a7
-rw-r--r--changes/disable_pathbias_messages3
-rw-r--r--changes/doc-heartbeat-loglevel3
-rw-r--r--changes/easy.ratelim3
-rw-r--r--changes/feature49947
-rw-r--r--changes/feature95747
-rw-r--r--changes/feature97773
-rw-r--r--changes/ff28_ciphers6
-rw-r--r--changes/fix-geoipexclude-doc4
-rw-r--r--changes/geoip-dec20123
-rw-r--r--changes/geoip-jan20133
-rw-r--r--changes/geoip-nov20123
-rw-r--r--changes/geoip6-august20143
-rw-r--r--changes/geoip6-february20143
-rw-r--r--changes/geoip6-july20142
-rw-r--r--changes/geoip6-june20142
-rw-r--r--changes/integers_donna3
-rw-r--r--changes/less_charbuf_usage5
-rw-r--r--changes/link_negotiation_assert6
-rw-r--r--changes/log-noise11
-rw-r--r--changes/no_client_timestamps_02414
-rw-r--r--changes/pathsel-BUGGY-a14
-rw-r--r--changes/port_doc3
-rw-r--r--changes/prop2216
-rw-r--r--changes/revert-geoip-may20126
-rw-r--r--changes/signof_enum7
-rw-r--r--changes/smartlist_foreach8
-rw-r--r--changes/ticket115286
-rw-r--r--changes/ticket126886
-rw-r--r--changes/ticket22678
-rw-r--r--changes/ticket57493
-rw-r--r--changes/ticket82404
-rw-r--r--changes/ticket84434
-rw-r--r--changes/ticket96584
-rw-r--r--changes/ticket98663
-rw-r--r--changes/v3_intro_len8
-rw-r--r--changes/warn-unsigned-time_t5
218 files changed, 841 insertions, 334 deletions
diff --git a/changes/10777_netunreach b/changes/10777_netunreach
new file mode 100644
index 0000000000..899181423f
--- /dev/null
+++ b/changes/10777_netunreach
@@ -0,0 +1,7 @@
+ - Minor bugfixes:
+
+ - Treat ENETUNREACH, EACCES, and EPERM at an exit node as a
+ NOROUTE error, not an INTERNAL error, since they can apparently
+ happen when trying to connect to the wrong sort of
+ netblocks. Fixes a part of bug 10777; bugfix on 0.1.0.1-rc.
+
diff --git a/changes/6783_big_hammer b/changes/6783_big_hammer
new file mode 100644
index 0000000000..2ff3249b33
--- /dev/null
+++ b/changes/6783_big_hammer
@@ -0,0 +1,6 @@
+ o Major features (deprecation):
+ - There's now a "DisableV2DirectoryInfo_" option that prevents us
+ from serving any directory requests for v2 directory information.
+ This is for us to test disabling the old deprecated V2 directory
+ format, so that we can see whether doing so has any effect on
+ network load. Part of a fix for bug 6783.
diff --git a/changes/9854 b/changes/9854
new file mode 100644
index 0000000000..30105cb731
--- /dev/null
+++ b/changes/9854
@@ -0,0 +1,3 @@
+ o Documentation fixes:
+ - Clarify the usage and risks of ContactInfo. Resolves ticket 9854.
+
diff --git a/changes/bug10124 b/changes/bug10124
new file mode 100644
index 0000000000..95b0838839
--- /dev/null
+++ b/changes/bug10124
@@ -0,0 +1,3 @@
+ o Documentation:
+ - Replace remaining references to DirServer in man page and
+ log entries. Resolves ticket 10124.
diff --git a/changes/bug1038-3 b/changes/bug1038-3
new file mode 100644
index 0000000000..5af4afa46f
--- /dev/null
+++ b/changes/bug1038-3
@@ -0,0 +1,6 @@
+ o Minor bugfixes:
+ - Warn and drop the circuit if we receive an inbound 'relay early'
+ cell. Those used to be normal to receive on hidden service circuits
+ due to bug 1038, but the buggy Tor versions are long gone from
+ the network so we can afford to resume watching for them. Resolves
+ the rest of bug 1038; bugfix on 0.2.1.19.
diff --git a/changes/bug10402 b/changes/bug10402
new file mode 100644
index 0000000000..eac00bdc6d
--- /dev/null
+++ b/changes/bug10402
@@ -0,0 +1,11 @@
+ o Major bugfixes:
+ - Do not allow OpenSSL engines to replace the PRNG, even when
+ HardwareAccel is set. The only default builtin PRNG engine uses
+ the Intel RDRAND instruction to replace the entire PRNG, and
+ ignores all attempts to seed it with more entropy. That's
+ cryptographically stupid: the right response to a new alleged
+ entropy source is never to discard all previously used entropy
+ sources. Fixes bug 10402; works around behavior introduced in
+ OpenSSL 1.0.0. Diagnosis and investigation thanks to "coderman"
+ and "rl1987".
+
diff --git a/changes/bug10409 b/changes/bug10409
new file mode 100644
index 0000000000..5ef5ae29de
--- /dev/null
+++ b/changes/bug10409
@@ -0,0 +1,3 @@
+ o Minor bugfixes:
+ - Avoid a crash bug when starting with a corrupted microdescriptor
+ cache file. Fix for bug 10406; bugfix on 0.2.2.6-alpha.
diff --git a/changes/bug10423 b/changes/bug10423
new file mode 100644
index 0000000000..493b7b15e3
--- /dev/null
+++ b/changes/bug10423
@@ -0,0 +1,4 @@
+ o Minor bugfixes:
+ - If we fail to dump a previously cached microdescriptor to disk, avoid
+ freeing duplicate data later on. Fix for bug 10423; bugfix on
+ 0.2.4.13-alpha. Spotted by "bobnomnom".
diff --git a/changes/bug10456 b/changes/bug10456
new file mode 100644
index 0000000000..fb3b92fcd8
--- /dev/null
+++ b/changes/bug10456
@@ -0,0 +1,6 @@
+ o Major bugfixes:
+ - Avoid launching spurious extra circuits when a stream is pending.
+ This fixes a bug where any circuit that _wasn't_ unusable for new
+ streams would be treated as if it were, causing extra circuits to
+ be launched. Fixes bug 10456; bugfix on 0.2.4.12-alpha.
+
diff --git a/changes/bug10465 b/changes/bug10465
new file mode 100644
index 0000000000..330f969416
--- /dev/null
+++ b/changes/bug10465
@@ -0,0 +1,3 @@
+ o Major bugfixes:
+ - Fix assertion failure when AutomapHostsOnResolve yields an IPv6
+ address. Fixes bug 10465; bugfix on 0.2.4.7-alpha.
diff --git a/changes/bug10470 b/changes/bug10470
new file mode 100644
index 0000000000..2b753436d9
--- /dev/null
+++ b/changes/bug10470
@@ -0,0 +1,4 @@
+ o Documentation fixes:
+ - Note that all but one DirPort entry must have the NoAdvertise flag
+ set. Fix for #10470.
+
diff --git a/changes/bug10485 b/changes/bug10485
new file mode 100644
index 0000000000..7e5fa530e8
--- /dev/null
+++ b/changes/bug10485
@@ -0,0 +1,4 @@
+ o Minor bugfixes:
+ - Move message about circuit handshake counts into the heartbeat
+ message where it belongs, instead of logging it once per hour
+ unconditionally. Fixes bug 10485; bugfix on 0.2.4.17-rc.
diff --git a/changes/bug10777_internal_024 b/changes/bug10777_internal_024
new file mode 100644
index 0000000000..4544147f6e
--- /dev/null
+++ b/changes/bug10777_internal_024
@@ -0,0 +1,4 @@
+ o Major bugfixes:
+ - Do not treat END_STREAM_REASON_INTERNAL as indicating a definite
+ circuit failure, since it could also indicate an ENETUNREACH
+ error. Fixes part of bug 10777; bugfix on 0.2.4.8-alpha.
diff --git a/changes/bug10793 b/changes/bug10793
new file mode 100644
index 0000000000..24c4025dde
--- /dev/null
+++ b/changes/bug10793
@@ -0,0 +1,4 @@
+ o Minor features (security):
+ - Always clear OpenSSL bignums before freeing them--even bignums
+ that don't contain secrets. Resolves ticket 10793. Patch by
+ Florent Daigniere.
diff --git a/changes/bug10835 b/changes/bug10835
new file mode 100644
index 0000000000..9df7bdd279
--- /dev/null
+++ b/changes/bug10835
@@ -0,0 +1,4 @@
+ o Minor bugfixes (testing):
+ - Fix a segmentation fault in our benchmark code when running with
+ Fedora's OpenSSL package, or any other OpenSSL that provides
+ ECDH but not P224. Fixes bug 10835; bugfix on 0.2.4.8-alpha.
diff --git a/changes/bug10870 b/changes/bug10870
new file mode 100644
index 0000000000..d8a00f4029
--- /dev/null
+++ b/changes/bug10870
@@ -0,0 +1,6 @@
+ o Code simplification and refactoring:
+ - Remove data structures which were introduced to implement the
+ CellStatistics option: they are now redundant with the addition
+ of timestamp to the regular packed_cell_t data structure, which
+ we did in 0.2.4.18-rc in order to resolve #9093. Fixes bug
+ 10870. \ No newline at end of file
diff --git a/changes/bug10904 b/changes/bug10904
new file mode 100644
index 0000000000..6f551ea412
--- /dev/null
+++ b/changes/bug10904
@@ -0,0 +1,5 @@
+ o Minor bugfixes (compilation):
+ - Build without warnings under clang 3.4. (We have some macros that
+ define static functions only some of which will get used later in
+ the module. Starting with clang 3.4, these give a warning unless the
+ unused attribute is set on them.)
diff --git a/changes/bug10929 b/changes/bug10929
new file mode 100644
index 0000000000..acf3960471
--- /dev/null
+++ b/changes/bug10929
@@ -0,0 +1,6 @@
+ - Minor bugfixes:
+ - Fix build warnings about missing "a2x" comment when building the
+ manpages from scratch on OpenBSD; OpenBSD calls it "a2x.py".
+ Fixes bug 10929; bugfix on tor-0.2.2.9-alpha. Patch from
+ Dana Koch.
+
diff --git a/changes/bug11437 b/changes/bug11437
new file mode 100644
index 0000000000..f5117cae99
--- /dev/null
+++ b/changes/bug11437
@@ -0,0 +1,3 @@
+ o Minor bugfixes:
+ - Stop leaking memory when we successfully resolve a PTR record.
+ Fixes bug 11437; bugfix on 0.2.4.7-alpha.
diff --git a/changes/bug11513 b/changes/bug11513
new file mode 100644
index 0000000000..820c02605f
--- /dev/null
+++ b/changes/bug11513
@@ -0,0 +1,12 @@
+ o Major bugfixes:
+ - Generate the server's preference list for ciphersuites
+ automatically based on uniform criteria, and considering all
+ OpenSSL ciphersuites with acceptable strength and forward
+ secrecy. (The sort order is: prefer AES to 3DES; break ties by
+ preferring ECDHE to DHE; break ties by preferring GCM to CBC;
+ break ties by preferring SHA384 to SHA256 to SHA1; and finally,
+ break ties by preferring AES256 to AES128.) This resolves bugs
+ #11513, #11492, #11498, #11499. Bugs reported by 'cypherpunks'.
+ Bugfix on 0.2.4.8-alpha.
+
+
diff --git a/changes/bug11553 b/changes/bug11553
new file mode 100644
index 0000000000..1540f4642f
--- /dev/null
+++ b/changes/bug11553
@@ -0,0 +1,5 @@
+ o Minor features:
+ - When we run out of usable circuit IDs on a channel, log only one
+ warning for the whole channel, and include a description of
+ how many circuits there were on the channel. Fix for part of ticket
+ #11553.
diff --git a/changes/bug12227 b/changes/bug12227
new file mode 100644
index 0000000000..d8b5d08a55
--- /dev/null
+++ b/changes/bug12227
@@ -0,0 +1,5 @@
+ o Minor bugfixes:
+ - Avoid an illegal read from stack when initializing the TLS
+ module using a version of OpenSSL without all of the ciphers
+ used by the v2 link handshake. Fixes bug 12227; bugfix on
+ 0.2.4.8-alpha. Found by "starlight".
diff --git a/changes/bug12718 b/changes/bug12718
new file mode 100644
index 0000000000..0c5f708446
--- /dev/null
+++ b/changes/bug12718
@@ -0,0 +1,5 @@
+ o Minor bugfixes:
+ - Correct a confusing error message when trying to extend a circuit
+ via the control protocol but we don't know a descriptor or
+ microdescriptor for one of the specified relays. Fixes bug 12718;
+ bugfix on 0.2.3.1-alpha.
diff --git a/changes/bug13151-client b/changes/bug13151-client
new file mode 100644
index 0000000000..1218dfdfab
--- /dev/null
+++ b/changes/bug13151-client
@@ -0,0 +1,13 @@
+ o Major bugfixes:
+ - Clients now send the correct address for their chosen rendezvous
+ point when trying to access a hidden service. They used to send
+ the wrong address, which would still work some of the time because
+ they also sent the identity digest of the rendezvous point, and if
+ the hidden service happened to try connecting to the rendezvous
+ point from a relay that already had a connection open to it,
+ the relay would reuse that connection. Now connections to hidden
+ services should be more robust and faster. Also, this bug meant
+ that clients were leaking to the hidden service whether they were
+ on a little-endian (common) or big-endian (rare) system, which for
+ some users might have reduced their anonymity. Fixes bug 13151;
+ bugfix on 0.2.1.5-alpha.
diff --git a/changes/bug1992 b/changes/bug1992
new file mode 100644
index 0000000000..6a751dc7e6
--- /dev/null
+++ b/changes/bug1992
@@ -0,0 +1,11 @@
+ o Minor bugfixes:
+ - Stop trying to resolve our hostname so often (e.g. every time we
+ think about doing a directory fetch). Now we reuse the cached
+ answer in some cases. Fixes bugs 1992 (bugfix on 0.2.0.20-rc)
+ and 2410 (bugfix on 0.1.2.2-alpha).
+
+ o Minor features:
+ - Make bridge relays check once a minute for whether their IP
+ address has changed, rather than only every 15 minutes. Resolves
+ bugs 1913 and 1992.
+
diff --git a/changes/bug2286 b/changes/bug2286
new file mode 100644
index 0000000000..4f8dfbbf68
--- /dev/null
+++ b/changes/bug2286
@@ -0,0 +1,5 @@
+ o Major features (directory authority):
+ - Directory authorities now support a new consensus method (17)
+ where they cap the published bandwidth of servers for which
+ insufficient bandwidth measurements exist. Fixes part of bug
+ 2286.
diff --git a/changes/bug5595 b/changes/bug5595
new file mode 100644
index 0000000000..31f4b84b03
--- /dev/null
+++ b/changes/bug5595
@@ -0,0 +1,8 @@
+ o Critical bugfixes:
+ - Distinguish downloading an authority certificate by identity digest from
+ downloading one by identity digest/signing key digest pair; formerly we
+ always request them only by identity digest and get the newest one even
+ when we wanted one with a different signing key. Then we would complain
+ about being given a certificate we already had, and never get the one we
+ really wanted. Now we use the "fp-sk/" resource as well as the "fp/"
+ resource to request the one we want. Fixes bug 5595.
diff --git a/changes/bug6024 b/changes/bug6024
deleted file mode 100644
index 743e6ef1fe..0000000000
--- a/changes/bug6024
+++ /dev/null
@@ -1,2 +0,0 @@
- o Documentation fixes:
- - Clarify that hidden services are TCP only. Fixes bug 6024.
diff --git a/changes/bug6026 b/changes/bug6026
new file mode 100644
index 0000000000..de5d6ead01
--- /dev/null
+++ b/changes/bug6026
@@ -0,0 +1,4 @@
+ o Minor bugfixes:
+ - Relays now treat a changed IPv6 ORPort as sufficient reason to
+ publish an updated descriptor. Fix for bug 6026; bugfix for
+ 0.2.4.1-alpha.
diff --git a/changes/bug6043 b/changes/bug6043
deleted file mode 100644
index b88bafb788..0000000000
--- a/changes/bug6043
+++ /dev/null
@@ -1,6 +0,0 @@
- o Packaging (RPM):
- - Our default RPM spec files have been updated to work with mock
- and rpmbuild on RHEL/Fedora. They have an updated set of
- dependencies and conflicts, a fix for an ancient typo when creating
- the "_tor" user, and better instructions. Thanks to Ondrej
- Mikle for the patch series; fix for bug 6043.
diff --git a/changes/bug6055 b/changes/bug6055
new file mode 100644
index 0000000000..00730073a8
--- /dev/null
+++ b/changes/bug6055
@@ -0,0 +1,6 @@
+ o Major enhancements:
+ - Re-enable TLS 1.1 and 1.2 when built with OpenSSL 1.0.1e or later.
+ (OpenSSL before 1.0.1 didn't have TLS 1.1 or 1.2. OpenSSL from 1.0.1
+ through 1.0.1d had bugs that prevented renegotiation from working
+ with TLS 1.1 or 1.2, so we disabled them to solve bug 6033.) Fix for
+ issue #6055.
diff --git a/changes/bug6174 b/changes/bug6174
new file mode 100644
index 0000000000..79d2930ec3
--- /dev/null
+++ b/changes/bug6174
@@ -0,0 +1,6 @@
+ o Major bugfixes:
+ - When we mark a circuit as unusable for new circuits, have it
+ continue to be unusable for new circuits even if MaxCircuitDirtiness
+ is increased too much at the wrong time, or the system clock jumped
+ backwards. Fix for bug 6174; bugfix on 0.0.2pre26.
+
diff --git a/changes/bug6206 b/changes/bug6206
new file mode 100644
index 0000000000..61a16d291a
--- /dev/null
+++ b/changes/bug6206
@@ -0,0 +1,6 @@
+ o Minor bugfixes:
+ - Always check the return values of functions fcntl() and
+ setsockopt(). We don't believe these are ever actually failing in
+ practice, but better safe than sorry. Also, checking these return
+ values should please some analysis tools (like Coverity). Patch
+ from 'flupzor'. Fix for bug 8206; bugfix on all versions of Tor.
diff --git a/changes/bug6218 b/changes/bug6218
deleted file mode 100644
index 5d5d108b00..0000000000
--- a/changes/bug6218
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor bugfixes:
- - Fix wrong TCP port range in parse_port_range(). Fixes bug 6218;
- bugfix on 0.2.1.10-alpha.
diff --git a/changes/bug6244_part_c b/changes/bug6244_part_c
deleted file mode 100644
index dea6e7b69e..0000000000
--- a/changes/bug6244_part_c
+++ /dev/null
@@ -1,6 +0,0 @@
- o Major bugfixes (controller):
- - Make wildcarded addresses (that is, ones beginning with *.) work when
- provided via the controller's MapAddress command. Previously, they
- were accepted, but we never actually noticed that they were wildcards.
- Fix for bug 6244; bugfix on 0.2.3.9-alpha.
-
diff --git a/changes/bug6251 b/changes/bug6251
deleted file mode 100644
index c782a93e49..0000000000
--- a/changes/bug6251
+++ /dev/null
@@ -1,6 +0,0 @@
- o Minor bugfixes:
- - Downgrade "set buildtimeout to low value" messages to INFO
- severity; they were never an actual problem, there was never
- anything reasonable to do about them, and they tended to spam
- logs from time to time. Fix for bug 6251; bugfix on
- 0.2.2.2-alpha. \ No newline at end of file
diff --git a/changes/bug6252_again b/changes/bug6252_again
deleted file mode 100644
index f7fd00cb38..0000000000
--- a/changes/bug6252_again
+++ /dev/null
@@ -1,11 +0,0 @@
- o Security fixes:
- - Tear down the circuit if we get an unexpected SENDME cell. Clients
- could use this trick to make their circuits receive cells faster
- than our flow control would have allowed, or to gum up the network,
- or possibly to do targeted memory denial-of-service attacks on
- entry nodes. Fixes bug 6252. Bugfix on the 54th commit on Tor --
- from July 2002, before the release of Tor 0.0.0. We had committed
- this patch previously, but we had to revert it because of bug 6271.
- Now that 6271 is fixed, this appears to work.
-
-
diff --git a/changes/bug6271 b/changes/bug6271
deleted file mode 100644
index 06b129f73f..0000000000
--- a/changes/bug6271
+++ /dev/null
@@ -1,7 +0,0 @@
- o Major bugfixes
-
- - Fix a bug handling SENDME cells on nonexistent streams that
- could result in bizarre window values. Report and patch
- contributed pseudymously. Fixes part of bug 6271. This bug
- was introduced before the first Tor release, in svn commit
- r152.
diff --git a/changes/bug6274 b/changes/bug6274
deleted file mode 100644
index ad1abcde54..0000000000
--- a/changes/bug6274
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor bugfixes:
- - Ignore ServerTransportPlugin lines when Tor is not configured as
- a relay. Fixes bug 6274; bugfix on 0.2.3.6-alpha.
diff --git a/changes/bug6274_2 b/changes/bug6274_2
deleted file mode 100644
index 89576f9328..0000000000
--- a/changes/bug6274_2
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor features:
- - Terminate active server managed proxies if Tor stops being a
- relay. Addresses parts of bug 6274; bugfix on 0.2.3.6-alpha.
diff --git a/changes/bug6296 b/changes/bug6296
deleted file mode 100644
index b452b1745d..0000000000
--- a/changes/bug6296
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfixes:
-
- - Instead of ENOBUFS on Windows, say WSAENOBUFS. Fixes
- compilation on Windows. Fixes bug 6296; bugfix on 0.2.3.18-rc.
diff --git a/changes/bug6304 b/changes/bug6304
new file mode 100644
index 0000000000..445560a8e1
--- /dev/null
+++ b/changes/bug6304
@@ -0,0 +1,4 @@
+ o Minor bugfixes:
+ - Behave correctly when the user disables LearnCircuitBuildTimeout
+ but doesn't tell us what they would like the timeout to be. Fixes
+ bug 6304; bugfix on 0.2.2.14-alpha.
diff --git a/changes/bug6341 b/changes/bug6341
deleted file mode 100644
index 04e52c7cd3..0000000000
--- a/changes/bug6341
+++ /dev/null
@@ -1,5 +0,0 @@
- o Major bugfixes:
- - Fix a possible crash bug when checking for deactivated circuits
- in connection_or_flush_from_first_active_circuit(). Fixes bug
- 6341; bugfix on 0.2.2.7-alpha. Bug report and fix received
- pseudonymously.
diff --git a/changes/bug6377 b/changes/bug6377
deleted file mode 100644
index a3a3672783..0000000000
--- a/changes/bug6377
+++ /dev/null
@@ -1,4 +0,0 @@
- o Testing:
- - Make it possible to set the TestingTorNetwork configuration
- option using AlternateDirAuthority and AlternateBridgeAuthority
- as an alternative to setting DirServer.
diff --git a/changes/bug6379 b/changes/bug6379
deleted file mode 100644
index 1f2b6941cd..0000000000
--- a/changes/bug6379
+++ /dev/null
@@ -1,6 +0,0 @@
- o Minor bugfixes:
- - Fix build warnings from --enable-openbsd-malloc with gcc warnings
- enabled. Fixes bug 6379.
- - Fix 64-bit warnings from --enable-openbsd-malloc. Fixes bug 6379.
- Bugfix on 0.2.0.20-rc.
-
diff --git a/changes/bug6387 b/changes/bug6387
deleted file mode 100644
index 73fc4f7cfe..0000000000
--- a/changes/bug6387
+++ /dev/null
@@ -1,3 +0,0 @@
- o Documentation:
- - Clarify the documentation for the Alternate*Authority options.
- Fixes bug 6387.
diff --git a/changes/bug6397 b/changes/bug6397
deleted file mode 100644
index 23d8359bd2..0000000000
--- a/changes/bug6397
+++ /dev/null
@@ -1,4 +0,0 @@
- o Major bugfixes:
- - When disabling guards for having too high a proportion of failed
- circuits, make sure to look at each guard. Fix for bug 6397; bugfix
- on 0.2.3.17-beta.
diff --git a/changes/bug6404 b/changes/bug6404
deleted file mode 100644
index 948f00b92e..0000000000
--- a/changes/bug6404
+++ /dev/null
@@ -1,16 +0,0 @@
- o Minor bugfixes:
-
- - Remove the maximum length of microdescriptor we are willing to
- generate. Occasionally this is needed for routers
- with complex policies or family declarations. Partial fix for
- bug 6404; fix on 0.2.2.6-alpha.
-
- - Authorities no longer include any router in their
- microdescriptor consensuses for which they couldn't generate or
- agree on a microdescriptor. Partial fix for bug 6404; fix on
- 0.2.2.6-alpha.
-
- - Move log message when unable to find a microdesc in a
- routerstatus entry to parse time. Previously we'd spam this
- warning every time we tried to figure out which microdescriptors
- to download. Partial fix for bug 6404; fix on 0.2.3.18-rc.
diff --git a/changes/bug6423 b/changes/bug6423
deleted file mode 100644
index 2ea4f1410d..0000000000
--- a/changes/bug6423
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor features:
- - Consider new, removed or changed IPv6 OR ports a non cosmetic
- change.
diff --git a/changes/bug6436 b/changes/bug6436
deleted file mode 100644
index 2c163df105..0000000000
--- a/changes/bug6436
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor features:
- - Provide a better error message about possible OSX Asciidoc failure
- reasons. Fix for bug 6436.
diff --git a/changes/bug6472 b/changes/bug6472
deleted file mode 100644
index dcd42ebe68..0000000000
--- a/changes/bug6472
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfixes:
- - Avoid a pair of double-free and use-after-mark bugs that can
- occur with certain timings in canceled and re-received DNS
- requests. Fix for bug 6472; bugfix on 0.0.7rc1.
diff --git a/changes/bug6475 b/changes/bug6475
deleted file mode 100644
index 67bab99622..0000000000
--- a/changes/bug6475
+++ /dev/null
@@ -1,6 +0,0 @@
- o Minor bugfixes:
- - Add internal circuit construction state to protect against
- the noisy warn message "Unexpectedly high circuit_successes".
- Also add some additional rate-limited notice messages to help
- determine the root cause of the warn. Fixes bug 6475.
- Bugfix against 0.2.3.17-beta.
diff --git a/changes/bug6480 b/changes/bug6480
deleted file mode 100644
index 83ae00b251..0000000000
--- a/changes/bug6480
+++ /dev/null
@@ -1,5 +0,0 @@
- o Major bugfixes:
- - Avoid read-from-freed-RAM bug and related double-free bug that
- could occur when a DNS request fails while launching it. Fixes
- bug 6480; bugfix on 0.2.0.1-alpha.
-
diff --git a/changes/bug6490 b/changes/bug6490
deleted file mode 100644
index c92daad8f4..0000000000
--- a/changes/bug6490
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor features:
- - Warn when Tor is configured to use accounting in a way that will
- link a hidden service to some other hidden service or public
- address. Fix for bug 6490.
diff --git a/changes/bug6500 b/changes/bug6500
deleted file mode 100644
index cac2054a3a..0000000000
--- a/changes/bug6500
+++ /dev/null
@@ -1,2 +0,0 @@
- o Minor bugfixes:
- - Fix some typos in the manpages. Patch from A. Costa. Fixes bug 6500.
diff --git a/changes/bug6507 b/changes/bug6507
deleted file mode 100644
index 89940cbf7b..0000000000
--- a/changes/bug6507
+++ /dev/null
@@ -1,15 +0,0 @@
- o Major bugfixes:
- - Detect 'ORPort 0' as meaning, uniformly, that we're not running
- as a server. Previously, some of our code would treat the
- presence of any ORPort line as meaning that we should act like a
- server, even though our new listener code would correctly not
- open any ORPorts for ORPort 0. Similar bugs in other Port
- options are also fixed. Fixes bug 6507; bugfix on 0.2.3.3-alpha.
-
- o Minor features:
-
- - Detect and reject attempts to specify both 'FooPort' and
- 'FooPort 0' in the same configuration domain. (It's still okay
- to have a FooPort in your configuration file,and use 'FooPort 0'
- on the command line to disable it.) Fixes another case of
- bug6507; bugfix on 0.2.3.3-alpha.
diff --git a/changes/bug6514 b/changes/bug6514
deleted file mode 100644
index 84633bd279..0000000000
--- a/changes/bug6514
+++ /dev/null
@@ -1,5 +0,0 @@
- o Minor bugfixes:
- - Add a (probably redundant) memory clear between iterations of
- the router status voting loop, to prevent future coding errors
- where data might leak between iterations of the loop. Resolves
- ticket 6514.
diff --git a/changes/bug6530 b/changes/bug6530
deleted file mode 100644
index 825bbb752a..0000000000
--- a/changes/bug6530
+++ /dev/null
@@ -1,5 +0,0 @@
- o Major security fixes:
- - Avoid a read of uninitializd RAM when reading a vote or consensus
- document with an unrecognized flavor name. This could lead to a
- remote crash bug. Fixes bug 6530; bugfix on 0.2.2.6-alpha.
-
diff --git a/changes/bug6572 b/changes/bug6572
new file mode 100644
index 0000000000..6508d1bcb5
--- /dev/null
+++ b/changes/bug6572
@@ -0,0 +1,4 @@
+ o Minor bugfixes (log messages)
+ - Use circuit creation time for network liveness evaluation. This
+ should eliminate warning log messages about liveness caused by
+ changes in timeout evaluation. Fixes bug 6572; bugfix on 0.2.4.8-alpha.
diff --git a/changes/bug6673 b/changes/bug6673
new file mode 100644
index 0000000000..506b449892
--- /dev/null
+++ b/changes/bug6673
@@ -0,0 +1,4 @@
+ o Minor features (build):
+ - Detect and reject attempts to build Tor with threading support
+ when OpenSSL have been compiled with threading support disabled.
+ Fixes bug 6673.
diff --git a/changes/bug6690 b/changes/bug6690
deleted file mode 100644
index 99d42976ed..0000000000
--- a/changes/bug6690
+++ /dev/null
@@ -1,7 +0,0 @@
- o Major bugfixes (security):
- - Do not crash when comparing an address with port value 0 to an
- address policy. This bug could have been used to cause a remote
- assertion failure by or against directory authorities, or to
- allow some applications to crash clients. Fixes bug 6690; bugfix
- on 0.2.1.10-alpha.
-
diff --git a/changes/bug6710 b/changes/bug6710
deleted file mode 100644
index 2c89346114..0000000000
--- a/changes/bug6710
+++ /dev/null
@@ -1,6 +0,0 @@
- o Major bugfixes (security):
- - Reject any attempt to extend to an internal address. Without
- this fix, a router could be used to probe addresses on an
- internal network to see whether they were accepting
- connections. Fix for bug 6710; bugfix on 0.0.8pre1.
-
diff --git a/changes/bug6732 b/changes/bug6732
deleted file mode 100644
index 7a744e014a..0000000000
--- a/changes/bug6732
+++ /dev/null
@@ -1,3 +0,0 @@
- o Documentation:
- - Add missing documentation for consensus and microdesc files. Fix for
- bug 6732.
diff --git a/changes/bug6743 b/changes/bug6743
deleted file mode 100644
index 6ec78f853a..0000000000
--- a/changes/bug6743
+++ /dev/null
@@ -1,9 +0,0 @@
- o Minor bugfixes:
- - Allow one-hop directory fetching circuits the full "circuit build
- timeout" period, rather than just half of it, before failing them
- and marking the relay down. This fix should help reduce cases where
- clients declare relays (or worse, bridges) unreachable because
- the TLS handshake takes a few seconds to complete. Fixes bug 6743;
- bugfix on 0.2.2.2-alpha, where we changed the timeout from a static
- 30 seconds.
-
diff --git a/changes/bug6774 b/changes/bug6774
deleted file mode 100644
index 0c137fd678..0000000000
--- a/changes/bug6774
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfixes:
- - Avoid crashing on a malformed state file where EntryGuardPathBias
- precedes EntryGuard. Fix for bug 6774; bugfix on 0.2.3.17-beta.
-
diff --git a/changes/bug6801 b/changes/bug6801
deleted file mode 100644
index ef21acc98f..0000000000
--- a/changes/bug6801
+++ /dev/null
@@ -1,5 +0,0 @@
- o Minor bugfixes:
- - Avoid segfault when starting up having run with an extremely old
- version of Tor and parsing its state file. Fixes bug 6801; bugfix on
- 0.2.2.23-alpha.
-
diff --git a/changes/bug6811 b/changes/bug6811
deleted file mode 100644
index 841ec1c54a..0000000000
--- a/changes/bug6811
+++ /dev/null
@@ -1,5 +0,0 @@
- o Major security fixes:
- - Fix an assertion failure in tor_timegm that could be triggered
- by a badly formatted directory object. Bug found by fuzzing with
- Radamsa. Fixes bug 6811; bugfix on 0.2.0.20-rc.
-
diff --git a/changes/bug6827 b/changes/bug6827
deleted file mode 100644
index bf71d2b97c..0000000000
--- a/changes/bug6827
+++ /dev/null
@@ -1,9 +0,0 @@
- o Minor bugfixes:
-
- - Avoid undefined behaviour when parsing the list of supported
- rendezvous/introduction protocols in a hidden service
- descriptor. Previously, Tor would have confused (as-yet-unused)
- protocol version numbers greater than 32 with lower ones on many
- platforms. Fixes bug 6827; bugfix on 0.2.0.10-alpha; found by
- George Kadianakis.
-
diff --git a/changes/bug6844 b/changes/bug6844
deleted file mode 100644
index 338e19d9a5..0000000000
--- a/changes/bug6844
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfixes:
- - Correct file sizes when reading binary files on
- Cygwin, to avoid a bug where Tor would fail to read its state file.
- Fixes bug 6844; bugfix on 0.1.2.7-alpha.
diff --git a/changes/bug6866 b/changes/bug6866
deleted file mode 100644
index 561676b765..0000000000
--- a/changes/bug6866
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfixes:
- - Convert an assert in the pathbias code to a log message. Assert
- appears to only be triggerable by Tor2Web mode. Fixes bug 6866;
- bugfix on 0.2.3.17-beta.
diff --git a/changes/bug7014 b/changes/bug7014
deleted file mode 100644
index 1d39103a50..0000000000
--- a/changes/bug7014
+++ /dev/null
@@ -1,5 +0,0 @@
- o Minor bugfixes:
- - Fix two cases in src/or/transports.c where we were calling
- fmt_addr() twice in a parameter list. Bug found by David
- Fifield. Fixes bug 7014; bugfix on 0.2.3.9-alpha.
-
diff --git a/changes/bug7022 b/changes/bug7022
deleted file mode 100644
index 10ac354724..0000000000
--- a/changes/bug7022
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor bugfixes:
- - Fix memory leaks whenever we logged any message about the "path
- bias" detection. Fixes bug 7022; bugfix on 0.2.3.21-rc.
diff --git a/changes/bug7037 b/changes/bug7037
deleted file mode 100644
index fc3a1ad1c5..0000000000
--- a/changes/bug7037
+++ /dev/null
@@ -1,6 +0,0 @@
- o Minor bugfixes:
- - When relays refuse a "create" cell because their queue of pending
- create cells is too big (typically because their cpu can't keep up
- with the arrival rate), send back reason "resource limit" rather
- than reason "internal", so network measurement scripts can get a
- more accurate picture. Bugfix on 0.1.1.11-alpha; fixes bug 7037.
diff --git a/changes/bug7054 b/changes/bug7054
new file mode 100644
index 0000000000..15680d72ce
--- /dev/null
+++ b/changes/bug7054
@@ -0,0 +1,4 @@
+ o Minor bugfixes (man page):
+ - Say "KBytes" rather than "KB" in the man page (for various values
+ of K), to further reduce confusion about whether Tor counts in
+ units of memory or fractions of units of memory. Fixes bug 7054.
diff --git a/changes/bug7065 b/changes/bug7065
new file mode 100644
index 0000000000..1ca6841021
--- /dev/null
+++ b/changes/bug7065
@@ -0,0 +1,5 @@
+ o Minor bugfix (log cleanups):
+ - Eliminate several instances where we use Nickname=ID to refer to
+ nodes in logs. Use Nickname (ID) instead. (Elsewhere, we still use
+ $ID=Nickname, which is also acceptable.) Fixes bug #7065. Bugfix
+ on 0.2.3.21-rc, 0.2.4.5-alpha, 0.2.4.8-alpha, and 0.2.4.10-alpha.
diff --git a/changes/bug7139 b/changes/bug7139
deleted file mode 100644
index dfb7d32838..0000000000
--- a/changes/bug7139
+++ /dev/null
@@ -1,9 +0,0 @@
- o Major bugfixes (security):
-
- - Disable TLS session tickets. OpenSSL's implementation were giving
- our TLS session keys the lifetime of our TLS context objects, when
- perfect forward secrecy would want us to discard anything that
- could decrypt a link connection as soon as the link connection was
- closed. Fixes bug 7139; bugfix on all versions of Tor linked
- against OpenSSL 1.0.0 or later. Found by "nextgens".
-
diff --git a/changes/bug7143 b/changes/bug7143
new file mode 100644
index 0000000000..d26135ae65
--- /dev/null
+++ b/changes/bug7143
@@ -0,0 +1,4 @@
+ o Minor bugfixes (build):
+ - Add the old src/or/micro-revision.i filename to CLEANFILES.
+ On the off chance that somebody has one, it will go away as soon
+ as they run "make clean". Fix for bug 7143; bugfix on 0.2.4.1-alpha.
diff --git a/changes/bug7164_diagnostic b/changes/bug7164_diagnostic
new file mode 100644
index 0000000000..8bedfc4bd5
--- /dev/null
+++ b/changes/bug7164_diagnostic
@@ -0,0 +1,4 @@
+ o Minor features (bug diagnostic):
+ - If we fail to free a microdescriptor because of bug #7164, log
+ the filename and line number from which we tried to free it.
+ This should help us finally fix #7164.
diff --git a/changes/bug7190 b/changes/bug7190
deleted file mode 100644
index 1607f79442..0000000000
--- a/changes/bug7190
+++ /dev/null
@@ -1,6 +0,0 @@
- o Minor bugfixes:
- - Clients now consider the ClientRejectInternalAddresses config option
- when using a microdescriptor consensus stanza to decide whether
- an exit relay would allow exiting to an internal address. Fixes
- bug 7190; bugfix on 0.2.3.1-alpha.
-
diff --git a/changes/bug7191 b/changes/bug7191
deleted file mode 100644
index a3bee6e5f7..0000000000
--- a/changes/bug7191
+++ /dev/null
@@ -1,5 +0,0 @@
- o Major bugfixes:
- - Fix a denial of service attack by which any directory authority
- could crash all the others, or by which a single v2 directory
- authority could crash everybody downloading v2 directory
- information. Fixes bug 7191; bugfix on 0.2.0.10-alpha.
diff --git a/changes/bug7192 b/changes/bug7192
deleted file mode 100644
index 10cbc2469a..0000000000
--- a/changes/bug7192
+++ /dev/null
@@ -1,10 +0,0 @@
- o Major bugfixes:
- - When parsing exit policy summaries from microdescriptors, we had
- previously been ignoring the last character in each one, so that
- "accept 80,443,8080" would be treated by clients as indicating a
- node that allows access to ports 80, 443, and 808. That would lead
- to clients attempting connections that could never work, and
- ignoring exit nodes that would support their connections. Now clients
- parse these exit policy summaries correctly. Fixes bug 7192;
- bugfix on 0.2.3.1-alpha.
-
diff --git a/changes/bug7280 b/changes/bug7280
new file mode 100644
index 0000000000..ef5d36a802
--- /dev/null
+++ b/changes/bug7280
@@ -0,0 +1,4 @@
+ o Minor bugfixes:
+ - Fix some bugs in tor-fw-helper-natpmp when trying to build and
+ run it on Windows. More bugs likely remain. Patch from Gisle Vanem.
+ Fixes bug 7280; bugfix on 0.2.3.1-alpha.
diff --git a/changes/bug7302 b/changes/bug7302
new file mode 100644
index 0000000000..fec615ff90
--- /dev/null
+++ b/changes/bug7302
@@ -0,0 +1,11 @@
+ o Minor bugfixes:
+ - Don't log inappropriate heartbeat messages when hibernating: a
+ hibernating node is _expected_ to drop out of the consensus,
+ decide it isn't bootstrapped, and so forth. Fixes part of bug
+ 7302; bugfix on 0.2.3.1-alpha.
+
+ - Don't complain about bootstrapping problems while hibernating.
+ These complaints reflect a general code problems, but not one
+ with any problematic effects. (No connections are actually
+ opened.) Fixes part of bug 7302; bugfix on 0.2.3.2-alpha.
+
diff --git a/changes/bug7350 b/changes/bug7350
new file mode 100644
index 0000000000..b0ee9d0919
--- /dev/null
+++ b/changes/bug7350
@@ -0,0 +1,4 @@
+ o Major bugfixes:
+ - Avoid an assertion when we discover that we'd like to write a cell
+ onto a closing connection: just discard the cell. Fixes another
+ case of bug 7350; bugfix on 0.2.4.4-alpha.
diff --git a/changes/bug7352 b/changes/bug7352
deleted file mode 100644
index 74a878dbe0..0000000000
--- a/changes/bug7352
+++ /dev/null
@@ -1,12 +0,0 @@
- o Major bugfixes:
- - Tor tries to wipe potentially sensitive data after using it, so
- that if some subsequent security failure exposes Tor's memory,
- the damage will be limited. But we had a bug where the compiler
- was eliminating these wipe operations when it decided that the
- memory was no longer visible to a (correctly running) program,
- hence defeating our attempt at defense in depth. We fix that
- by using OpenSSL's OPENSSL_cleanse() operation, which a compiler
- is unlikely to optimize away. Future versions of Tor may use
- a less ridiculously heavy approach for this. Fixes bug 7352.
- Reported in an article by Andrey Karpov.
-
diff --git a/changes/bug7464 b/changes/bug7464
deleted file mode 100644
index 9259cc74a3..0000000000
--- a/changes/bug7464
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfixes:
- - Fix a harmless bug when opting against publishing a relay descriptor
- because DisableNetwork is set. Fixes bug 7464; bugfix on
- 0.2.3.9-alpha.
diff --git a/changes/bug7582 b/changes/bug7582
new file mode 100644
index 0000000000..f3b0635765
--- /dev/null
+++ b/changes/bug7582
@@ -0,0 +1,9 @@
+ o Major bugfixes:
+
+ - When an exit node tells us that it is rejecting because of its
+ exit policy a stream we expected it to accept (because of its exit
+ policy), do not mark the node as useless for exiting if our
+ expectation was only based on an exit policy summary. Instead,
+ mark the circuit as unsuitable for that particular address. Fixes
+ part of bug 7582; bugfix on 0.2.3.2-alpha.
+
diff --git a/changes/bug7707_diagnostic b/changes/bug7707_diagnostic
new file mode 100644
index 0000000000..0c3138e785
--- /dev/null
+++ b/changes/bug7707_diagnostic
@@ -0,0 +1,5 @@
+ o Minor features:
+ - Add another diagnostic to the heartbeat message: track and log
+ overhead that TLS is adding to the data we write. If this is
+ high, we are sending too little data to SSL_write at a time.
+ Diagnostic for bug 7707.
diff --git a/changes/bug7768 b/changes/bug7768
new file mode 100644
index 0000000000..e3f9600afb
--- /dev/null
+++ b/changes/bug7768
@@ -0,0 +1,3 @@
+ o Documentation fixes:
+ - Update tor-fw-helper.1.txt and tor-fw-helper.c to make option
+ names match. Fixes bug 7768.
diff --git a/changes/bug7799 b/changes/bug7799
new file mode 100644
index 0000000000..ed4570129c
--- /dev/null
+++ b/changes/bug7799
@@ -0,0 +1,7 @@
+ o Minor changes (log clarification)
+ - Add more detail to a log message about relaxed timeouts. Hopefully
+ this additional detail will allow us to diagnose the cause of bug 7799.
+ o Minor bugfixes
+ - Don't attempt to relax the timeout of already opened 1-hop circuits.
+ They might never timeout. This should eliminate some/all cases of
+ the relaxed timeout log message.
diff --git a/changes/bug7801 b/changes/bug7801
new file mode 100644
index 0000000000..1d6d021f3f
--- /dev/null
+++ b/changes/bug7801
@@ -0,0 +1,13 @@
+ o Minor bugfixes:
+ - When choosing which stream on a formerly stalled circuit to wake
+ first, make better use of the platform's weak RNG. Previously, we
+ had been using the % ("modulo") operator to try to generate a 1/N
+ chance of picking each stream, but this behaves badly with many
+ platforms' choice of weak RNG. Fix for bug 7801; bugfix on
+ 0.2.2.20-alpha.
+ - Use our own weak RNG when we need a weak RNG. Windows's rand()
+ and Irix's random() only return 15 bits; Solaris's random()
+ returns more bits but its RAND_MAX says it only returns 15, and
+ so on. Fixes another aspect of bug 7801; bugfix on
+ 0.2.2.20-alpha.
+
diff --git a/changes/bug7816.024 b/changes/bug7816.024
new file mode 100644
index 0000000000..b5d55f5d6d
--- /dev/null
+++ b/changes/bug7816.024
@@ -0,0 +1,8 @@
+ o Minor bugfixes:
+ - Avoid leaking IPv6 policy content if we fail to format it into
+ a router descriptor. Spotted by Coverity. Fixes part of 7816;
+ bugfix on 0.2.4.7-alpha.
+
+ - Avoid leaking memory if we fail to compute a consensus signature
+ or we generated a consensus we couldn't parse. Spotted by Coverity.
+ Fixes part of 7816; bugfix on 0.2.0.5-alpha.
diff --git a/changes/bug7816_023 b/changes/bug7816_023
new file mode 100644
index 0000000000..a4530292cc
--- /dev/null
+++ b/changes/bug7816_023
@@ -0,0 +1,7 @@
+ o Minor bugfixes (memory leak, controller):
+ - Fix a memory leak during safe-cookie controller authentication.
+ Spotted by Coverity. Fixes part of bug 7816; bugfix on 0.2.3.13-alpha.
+
+ o Minor bugfixes (memory leak, HTTPS proxy support):
+ - Fix a memory leak when receiving headers from an HTTPS proxy.
+ Spotted by Coverity. Fixes part of bug 7816; bugfix on 0.2.1.1-alpha.
diff --git a/changes/bug7816_023_small b/changes/bug7816_023_small
new file mode 100644
index 0000000000..cd90f035f1
--- /dev/null
+++ b/changes/bug7816_023_small
@@ -0,0 +1,3 @@
+ o Minor bugfixes:
+ - Fix various places where we leak file descriptors or memory on
+ error cases. Spotted by coverity. Fixes parts of bug 7816.
diff --git a/changes/bug7889 b/changes/bug7889
deleted file mode 100644
index ce99a59ce5..0000000000
--- a/changes/bug7889
+++ /dev/null
@@ -1,8 +0,0 @@
- o Major bugfixes:
- - Reject bogus create and relay cells with 0 circuit ID or 0 stream
- ID: these could be used to create unexpected streams and circuits
- which would count as "present" to some parts of Tor but "absent"
- to others, leading to zombie circuits and streams or to a
- bandwidth DOS. Fixes bug 7889; bugfix on every released version of
- Tor. Reported by "oftc_must_be_destroyed".
-
diff --git a/changes/bug7902 b/changes/bug7902
new file mode 100644
index 0000000000..051759dc0a
--- /dev/null
+++ b/changes/bug7902
@@ -0,0 +1,7 @@
+ o Minor bugfixes:
+ - When we receive a RELAY_END cell with the reason DONE, or with no
+ reason, before receiving a RELAY_CONNECTED cell, report the SOCKS
+ status as "connection refused." Previously we reporting these
+ cases as success but then immediately closing the connection.
+ Fixes bug 7902; bugfix on 0.1.0.1-rc. Reported by "oftc_must_
+ be_destroyed."
diff --git a/changes/bug7947 b/changes/bug7947
new file mode 100644
index 0000000000..6200ba2d8a
--- /dev/null
+++ b/changes/bug7947
@@ -0,0 +1,4 @@
+ o Minor bugfixes:
+ - Fix the handling of a TRUNCATE cell when it arrives while the circuit
+ extension is in progress. Fixes bug 7947; bugfix on 0.0.7.1.
+
diff --git a/changes/bug7950 b/changes/bug7950
new file mode 100644
index 0000000000..e62cca07a1
--- /dev/null
+++ b/changes/bug7950
@@ -0,0 +1,4 @@
+ o Minor bugfixes:
+ - When rejecting a configuration because we were unable to parse a
+ quoted string, log an actual error message. Fix for bug 7950;
+ bugfix on 0.2.0.16-alpha.
diff --git a/changes/bug7982 b/changes/bug7982
new file mode 100644
index 0000000000..46aa53249c
--- /dev/null
+++ b/changes/bug7982
@@ -0,0 +1,3 @@
+ o Minor bugfixes:
+ - Copy-paste description for PathBias params from man page into or.h
+ comment. Fixes bug 7982.
diff --git a/changes/bug8002 b/changes/bug8002
new file mode 100644
index 0000000000..d6e2ff2492
--- /dev/null
+++ b/changes/bug8002
@@ -0,0 +1,5 @@
+ o Minor bugfixes:
+ - When autodetecting the number of CPUs, use the number of available
+ CPUs in preferernce to the number of configured CPUs. Inform the
+ user if this reduces the number of avialable CPUs. Fix for bug 8002.
+ Bugfix on 0.2.3.1-alpha.
diff --git a/changes/bug8014 b/changes/bug8014
new file mode 100644
index 0000000000..c09a86098c
--- /dev/null
+++ b/changes/bug8014
@@ -0,0 +1,5 @@
+ o Minor usability improvements (build):
+ - Clarify that when autconf is checking for nacl, it is checking
+ specifically for nacl with a fast curve25519 implementation.
+ Fixes bug 8014.
+
diff --git a/changes/bug8031 b/changes/bug8031
new file mode 100644
index 0000000000..17329ec5b5
--- /dev/null
+++ b/changes/bug8031
@@ -0,0 +1,7 @@
+ o Minor bugfixes:
+ - Use direct writes rather than stdio when building microdescriptor
+ caches, in an attempt to mitigate bug 8031, or at least make it
+ less common.
+ - Warn more aggressively when flushing microdescriptors to a
+ microdescriptor cache fails, in an attempt to mitegate bug 8031,
+ or at least make it more diagnosable.
diff --git a/changes/bug8037 b/changes/bug8037
new file mode 100644
index 0000000000..989745fc39
--- /dev/null
+++ b/changes/bug8037
@@ -0,0 +1,8 @@
+ o Minor bugfixes:
+ - Correctly store microdescriptors and extrainfo descriptors with
+ an internal NUL byte. Fixes bug 8037; bugfix on 0.2.0.1-alpha.
+ Bug reported by "cypherpunks".
+
+ o Minor features:
+ - Reject as invalid most directory objects containing a
+ NUL. Belt-and-suspender fix for bug 8037.
diff --git a/changes/bug8059 b/changes/bug8059
new file mode 100644
index 0000000000..47273ed0ac
--- /dev/null
+++ b/changes/bug8059
@@ -0,0 +1,6 @@
+ o Minor bugfixes (protocol conformance):
+ - Fix a misframing issue when reading the version numbers in a
+ VERSIONS cell. Previously we would recognize [00 01 00 02] as
+ 'version 1, version 2, and version 0x100', when it should have
+ only included versions 1 and 2. Fixes bug 8059; bugfix on
+ 0.2.0.10-alpha. Reported pseudonymously.
diff --git a/changes/bug8062 b/changes/bug8062
new file mode 100644
index 0000000000..805e51ed41
--- /dev/null
+++ b/changes/bug8062
@@ -0,0 +1,5 @@
+ o Minor bugfixes:
+ - Increase the width of the field used to remember a connection's
+ link protocol version to two bytes. Harmless for now, since the
+ only currently recognized versions are one byte long. Reported
+ pseudynmously. Fixes bug 8062, bugfix on 0.2.0.10-alpha.
diff --git a/changes/bug8065 b/changes/bug8065
new file mode 100644
index 0000000000..06dbae8cd7
--- /dev/null
+++ b/changes/bug8065
@@ -0,0 +1,6 @@
+ o Minor bugfixes:
+ - Downgrade an assertion in connection_ap_expire_beginning to
+ an LD_BUG message. The fix for bug 8024 should prevent this
+ message from displaying, but just in case a warn that we can
+ diagnose is better than more assert crashes. Fix for bug 8065;
+ bugfix on 0.2.4.8-alpha.
diff --git a/changes/bug8093.part1 b/changes/bug8093.part1
new file mode 100644
index 0000000000..2450794dd7
--- /dev/null
+++ b/changes/bug8093.part1
@@ -0,0 +1,3 @@
+ o Minor features:
+ - Downgrade "unexpected SENDME" warnings to protocol-warn for 0.2.4,
+ for bug 8093.
diff --git a/changes/bug8117 b/changes/bug8117
new file mode 100644
index 0000000000..910e8056f4
--- /dev/null
+++ b/changes/bug8117
@@ -0,0 +1,13 @@
+ o Major bugfixes:
+
+ - Many SOCKS5 clients, when configured to offer a username/password,
+ offer both username/password authentication and "no authentication".
+ Tor had previously preferred no authentication, but this was
+ problematic when trying to make applications get proper stream
+ isolation with IsolateSOCKSAuth. Now, on any SOCKS port with
+ IsolateSOCKSAuth turned on (which is the default), Tor selects
+ username/password authentication if it's offered. If this confuses your
+ application, you can disable it on a per-SOCKSPort basis via
+ PreferSOCKSNoAuth. Fixes bug 8117; bugfix on 0.2.3.3-alpha.
+
+
diff --git a/changes/bug8121 b/changes/bug8121
new file mode 100644
index 0000000000..60cba72848
--- /dev/null
+++ b/changes/bug8121
@@ -0,0 +1,7 @@
+ o Minor features:
+ - Clear the high bit on curve25519 public keys before passing them to
+ our backend, in case we ever wind up using a backend that doesn't do
+ so itself. If we used such a backend, and *didn't* clear the high bit,
+ we could wind up in a situation where users with such backends would
+ be distinguishable from users without. Fix for bug 8121; bugfix on
+ 0.2.4.8-alpha.
diff --git a/changes/bug8151 b/changes/bug8151
new file mode 100644
index 0000000000..e20fa3c31a
--- /dev/null
+++ b/changes/bug8151
@@ -0,0 +1,5 @@
+ o Minor features (directory authority):
+ - Include inside each vote a statement of the performance
+ thresholds that made the authority vote for its flags. Implements
+ ticket 8151.
+ \ No newline at end of file
diff --git a/changes/bug8158 b/changes/bug8158
new file mode 100644
index 0000000000..65b21c2a26
--- /dev/null
+++ b/changes/bug8158
@@ -0,0 +1,3 @@
+ o Minor bugfixes:
+ - Use less space when formatting identical microdescriptor lines in
+ directory votes. Fixes bug 8158; bugfix on 0.2.4.1-alpha.
diff --git a/changes/bug8161 b/changes/bug8161
new file mode 100644
index 0000000000..ab7b9c0cad
--- /dev/null
+++ b/changes/bug8161
@@ -0,0 +1,6 @@
+ o Minor changes:
+ - Lower path use bias thresholds to .80 for notice and .60 for warn.
+ Fixes bug #8161; bugfix on 0.2.4.10-alpa.
+ - Make the rate limiting flags for the path use bias log messages
+ independent from the original path bias flags. Fixes bug #8161;
+ bugfix on 0.2.4.10-alpha.
diff --git a/changes/bug8180 b/changes/bug8180
new file mode 100644
index 0000000000..39e6ce7f9a
--- /dev/null
+++ b/changes/bug8180
@@ -0,0 +1,7 @@
+ o Minor bugfixes (security usability):
+ - Elevate the severity of the warning message when setting
+ EntryNodes but disabling UseGuardNodes to an error. The outcome
+ of letting Tor procede with those options enabled (which causes
+ EntryNodes to get ignored) is sufficiently different from what
+ was expected that it's best to just refuse to proceed. Fixes bug
+ 8180; bugfix on 0.2.3.11-alpha.
diff --git a/changes/bug8185_diagnostic b/changes/bug8185_diagnostic
new file mode 100644
index 0000000000..b0f8884758
--- /dev/null
+++ b/changes/bug8185_diagnostic
@@ -0,0 +1,3 @@
+ o Minor features:
+ - Improve debugging output to attempt to diagnose the underlying
+ cause of bug 8185.
diff --git a/changes/bug8200 b/changes/bug8200
new file mode 100644
index 0000000000..65fc9dd03a
--- /dev/null
+++ b/changes/bug8200
@@ -0,0 +1,5 @@
+ o Minor bugfix:
+ - Stop sending a stray "(null)" in some cases for the server status
+ "EXTERNAL_ADDRESS" controller event. Resolves bug 8200; bugfix
+ on 0.1.2.6-alpha.
+
diff --git a/changes/bug8203 b/changes/bug8203
new file mode 100644
index 0000000000..d26dc0fccf
--- /dev/null
+++ b/changes/bug8203
@@ -0,0 +1,4 @@
+ o Minor bugfixes:
+ - Make the format and order of STREAM events for DNS lookups consistent
+ among the various ways to launch DNS lookups. Fix for bug 8203;
+ bugfix on 0.2.0.24-rc. Patch by "Desoxy."
diff --git a/changes/bug8207 b/changes/bug8207
new file mode 100644
index 0000000000..0028d3380f
--- /dev/null
+++ b/changes/bug8207
@@ -0,0 +1,7 @@
+ o Major bugfixes (hidden services):
+ - Allow hidden service authentication to succeed again. When we
+ refactored the hidden service introduction code back in 0.2.4.1-alpha,
+ we didn't update the code that checks whether authentication
+ information is present, causing all authentication checks to
+ return "false". Fix for bug 8207; bugfix on 0.2.4.1-alpha. Found by
+ Coverity; this is CID 718615.
diff --git a/changes/bug8209 b/changes/bug8209
new file mode 100644
index 0000000000..c58923540b
--- /dev/null
+++ b/changes/bug8209
@@ -0,0 +1,6 @@
+ o Minor bugfixes:
+ - When detecting the largest possible file descriptor (in order to close
+ all file descriptors when launching a new program), actually use
+ _SC_OPEN_MAX. The old code for doing this was very, very broken.
+ Fix for bug 8209; bugfix on 0.2.3.1-alpha. Found by Coverity; this
+ is CID 743383.
diff --git a/changes/bug8210 b/changes/bug8210
new file mode 100644
index 0000000000..85d41b844a
--- /dev/null
+++ b/changes/bug8210
@@ -0,0 +1,6 @@
+ o Minor bugfixes:
+ - Fix an impossible-to-trigger integer overflow when
+ estimating how long out onionskin queue would take. (This overflow
+ would require us to accept 4 million onionskins before processing
+ 100 of them.) Fixes bug 8210; bugfix on 0.2.4.10-alpha.
+
diff --git a/changes/bug8218 b/changes/bug8218
new file mode 100644
index 0000000000..ce8d53ba62
--- /dev/null
+++ b/changes/bug8218
@@ -0,0 +1,6 @@
+ o Major bugfixes:
+ - Stop marking every relay as having been down for one hour every
+ time we restart a directory authority. These artificial downtimes
+ were messing with our Stable and Guard flag calculations. Fixes
+ bug 8218 (introduced by the fix for 1035). Bugfix on 0.2.2.23-alpha.
+
diff --git a/changes/bug8231 b/changes/bug8231
new file mode 100644
index 0000000000..fd87a1daec
--- /dev/null
+++ b/changes/bug8231
@@ -0,0 +1,5 @@
+ o Major bugfixes:
+ - When unable to find any working directory nodes to use as a
+ directory guard, give up rather than adding the same non-working
+ nodes to the list over and over. Fixes bug 8231; bugfix on
+ 0.2.4.8-alpha.
diff --git a/changes/bug8235-diagnosing b/changes/bug8235-diagnosing
new file mode 100644
index 0000000000..b760035cfc
--- /dev/null
+++ b/changes/bug8235-diagnosing
@@ -0,0 +1,5 @@
+ o Minor features (diagnostic)
+ - If the state file's path bias counts are invalid (presumably from a
+ buggy tor prior to 0.2.4.10-alpha), make them correct.
+ - Add additional checks and log messages to the scaling of Path Bias
+ counts, in case there still are remaining issues with scaling.
diff --git a/changes/bug8253-fix b/changes/bug8253-fix
new file mode 100644
index 0000000000..3d36d06c88
--- /dev/null
+++ b/changes/bug8253-fix
@@ -0,0 +1,6 @@
+ o Minor bugfixes (log messages)
+ - Fix a scaling issue in the path bias accounting code that resulted in
+ "Bug:" log messages from either pathbias_scale_close_rates() or
+ pathbias_count_build_success(). This represents a bugfix on a previous
+ bugfix: The original fix attempted in 0.2.4.10-alpha was incomplete.
+ Fixes bug 8235; bugfix on 0.2.4.1-alpha.
diff --git a/changes/bug8273 b/changes/bug8273
new file mode 100644
index 0000000000..257f57e7ab
--- /dev/null
+++ b/changes/bug8273
@@ -0,0 +1,3 @@
+ o Critical bugfixes:
+ - When dirserv.c computes flags and thresholds, use measured bandwidths
+ in preference to advertised ones.
diff --git a/changes/bug8290 b/changes/bug8290
new file mode 100644
index 0000000000..d1fce7d8b5
--- /dev/null
+++ b/changes/bug8290
@@ -0,0 +1,9 @@
+ o Removed files:
+ - The tor-tsocks.conf is no longer distributed or installed. We
+ recommend that tsocks users use torsocks instead. Resolves
+ ticket 8290.
+
+ o Documentation fixes:
+ - The torify manpage no longer refers to tsocks; torify hasn't
+ supported tsocks since 0.2.3.14-alpha.
+ - The manpages no longer reference tsocks.
diff --git a/changes/bug8408 b/changes/bug8408
new file mode 100644
index 0000000000..ae9cf172e1
--- /dev/null
+++ b/changes/bug8408
@@ -0,0 +1,4 @@
+ o Minor bugfixes:
+ - Allow TestingTorNetworks to override the 4096-byte minimum for the Fast
+ threshold. Otherwise they can't bootstrap until they've observed more
+ traffic. Fixes bug 8508; bugfix on 0.2.4.10-alpha.
diff --git a/changes/bug8427 b/changes/bug8427
new file mode 100644
index 0000000000..22b003fc38
--- /dev/null
+++ b/changes/bug8427
@@ -0,0 +1,5 @@
+ o Minor bugfixes:
+ - If we encounter a write failure on a SOCKS connection before we
+ finish our SOCKS handshake, don't warn that we closed the
+ connection before we could send a SOCKS reply. Fixes bug 8427;
+ bugfix on 0.1.0.1-rc.
diff --git a/changes/bug8435 b/changes/bug8435
new file mode 100644
index 0000000000..da7ca7c1f8
--- /dev/null
+++ b/changes/bug8435
@@ -0,0 +1,4 @@
+ o Major bugfixes:
+ - When dirserv.c computes flags and thresholds, ignore advertised
+ bandwidths if we have more than a threshold number of routers with
+ measured bandwidths.
diff --git a/changes/bug8464 b/changes/bug8464
new file mode 100644
index 0000000000..74ff2e39ff
--- /dev/null
+++ b/changes/bug8464
@@ -0,0 +1,5 @@
+ o Minor bugfixes:
+ - Correct our check for which versions of Tor support the EXTEND2
+ cell. We had been willing to send it to Tor 0.2.4.7-alpha and
+ later, when support was really added in version 0.2.4.8-alpha.
+ Fixes bug 8464; bugfix on 0.2.4.8-alpha.
diff --git a/changes/bug8475 b/changes/bug8475
new file mode 100644
index 0000000000..eb8debedba
--- /dev/null
+++ b/changes/bug8475
@@ -0,0 +1,4 @@
+ o Major bugfixes:
+ - If configured via ClientDNSRejectInternalAddresses not to report
+ DNS queries which have resolved to internal addresses, apply that
+ rule to IPv6 as well. Fixes bug 8475; bugfix on 0.2.0.7-alpha.
diff --git a/changes/bug8477-easypart b/changes/bug8477-easypart
new file mode 100644
index 0000000000..0f8f1031c5
--- /dev/null
+++ b/changes/bug8477-easypart
@@ -0,0 +1,3 @@
+ o Minor bugfixes:
+ - Log the purpose of a path-bias testing circuit correctly.
+ Improves a log message from bug 8477; bugfix on 0.2.4.8-alpha.
diff --git a/changes/bug8587 b/changes/bug8587
new file mode 100644
index 0000000000..84d2f1ec0d
--- /dev/null
+++ b/changes/bug8587
@@ -0,0 +1,5 @@
+ o Minor bugfixes (build):
+ - Build Tor correctly on 32-bit platforms where the compiler can build
+ but not run code using the "uint128_t" construction. Fixes bug 8587;
+ bugfix on 0.2.4.8-alpha.
+
diff --git a/changes/bug8596 b/changes/bug8596
new file mode 100644
index 0000000000..dd36bad855
--- /dev/null
+++ b/changes/bug8596
@@ -0,0 +1,3 @@
+ o Minor features:
+ - Add CACHED keyword to ADDRMAP events in the control protocol to indicate
+ whether a DNS result will be cached or not.
diff --git a/changes/bug8598 b/changes/bug8598
new file mode 100644
index 0000000000..e31c8f3c74
--- /dev/null
+++ b/changes/bug8598
@@ -0,0 +1,6 @@
+ o Bugfixes:
+ - Fix compilation warning with some versions of clang that would prefer
+ the -Wswitch-enum compiler flag to warn about switch statements with
+ missing enum values, even if those switch statements have a default:
+ statement. Fixes bug 8598; bugfix on 0.2.4.10-alpha.
+
diff --git a/changes/bug8599 b/changes/bug8599
new file mode 100644
index 0000000000..204ef58c3f
--- /dev/null
+++ b/changes/bug8599
@@ -0,0 +1,4 @@
+ o Minor bugfixes:
+ - Fix some logic errors when the user manually overrides the
+ PathsNeededToBuildCircuits option in torrc. Fixes bug 8599; bugfix
+ on 0.2.4.10-alpha.
diff --git a/changes/bug8638 b/changes/bug8638
new file mode 100644
index 0000000000..3a790e567d
--- /dev/null
+++ b/changes/bug8638
@@ -0,0 +1,3 @@
+ o Minor features
+ In our testsuite, create temporary directories with a bit more entropy
+ in their name to make name collissions less likely. Fixes bug 8638.
diff --git a/changes/bug8639 b/changes/bug8639
new file mode 100644
index 0000000000..0db5c91429
--- /dev/null
+++ b/changes/bug8639
@@ -0,0 +1,5 @@
+ o Normal bugfixes:
+ - When launching a resolve request on behalf of an AF_UNIX control
+ socket, omit the address field of the new entry connection, used in
+ subsequent controller events, rather than letting tor_dup_addr() set
+ it to "<unknown address type>". Fixes bug 8639.
diff --git a/changes/bug8711 b/changes/bug8711
new file mode 100644
index 0000000000..28a1daa454
--- /dev/null
+++ b/changes/bug8711
@@ -0,0 +1,6 @@
+ o Minor features (authority):
+ - Add a "ignoring-advertised-bws" boolean to our flag-thresholds
+ lines to describe whether we have enough measured bandwidths to
+ ignore advertised bandwidth claims. Closes ticket 8711.
+
+
diff --git a/changes/bug8716 b/changes/bug8716
new file mode 100644
index 0000000000..74c74f82a6
--- /dev/null
+++ b/changes/bug8716
@@ -0,0 +1,3 @@
+ o Minor bugfixes (memory leak):
+ - Fix a memory leak that would occur whenever a configuration
+ option changed. Fixes bug #8718; bugfix on 0.2.3.3-alpha.
diff --git a/changes/bug8719 b/changes/bug8719
new file mode 100644
index 0000000000..c05b79ddec
--- /dev/null
+++ b/changes/bug8719
@@ -0,0 +1,6 @@
+ o Major bugfixes (memory leak):
+ - Avoid a memory leak where we would leak a consensus body when we find
+ that a consensus which we couldn't previously verify due to missing
+ certificates is now verifiable. Fixes bug 8719; bugfix on
+ 0.2.0.10-alpha.
+
diff --git a/changes/bug8822 b/changes/bug8822
new file mode 100644
index 0000000000..c6787afe06
--- /dev/null
+++ b/changes/bug8822
@@ -0,0 +1,5 @@
+ o Major bugfixes (windows):
+ - Prevent failures on Windows Vista and later when rebuilding the
+ microdescriptor cache. Diagnosed by Robert Ransom. Fixes bug 8822;
+ bugfix on 0.2.4.12-alpha.
+
diff --git a/changes/bug8833 b/changes/bug8833
new file mode 100644
index 0000000000..681a86191f
--- /dev/null
+++ b/changes/bug8833
@@ -0,0 +1,3 @@
+ o Major bugfixes (directory authority):
+ - Fix a crash bug when building a consensus using an older consensus as
+ its basis. Fixes bug 8833. Bugfix on 0.2.4.12-alpha.
diff --git a/changes/bug8845 b/changes/bug8845
new file mode 100644
index 0000000000..ace043ab9b
--- /dev/null
+++ b/changes/bug8845
@@ -0,0 +1,3 @@
+ o Minor bugfixes (test):
+ - Fix an impossible buffer overrun in the AES unit tests. Fixes bug 8845;
+ bugfix on 0.2.0.7-alpha. Found by eugenis.
diff --git a/changes/bug8846 b/changes/bug8846
new file mode 100644
index 0000000000..377cc3708a
--- /dev/null
+++ b/changes/bug8846
@@ -0,0 +1,4 @@
+ o Minor bugfixes:
+ - Give a less useless error message when the user asks for an IPv4
+ address on an IPv6-only port, or vice versa. Fixes bug 8846; bugfix
+ on 0.2.4.7-alpha.
diff --git a/changes/bug8879 b/changes/bug8879
new file mode 100644
index 0000000000..0d2a70086c
--- /dev/null
+++ b/changes/bug8879
@@ -0,0 +1,5 @@
+ o Major bugfixes:
+ - Follow the socks5 protocol when offering username/password
+ authentication. The fix for bug 8117 exposed this bug, and it
+ turns out real-world applications like Pidgin do care. Bugfix on
+ 0.2.3.2-alpha; fixes bug 8879.
diff --git a/changes/bug8965 b/changes/bug8965
new file mode 100644
index 0000000000..b5af279632
--- /dev/null
+++ b/changes/bug8965
@@ -0,0 +1,3 @@
+ o Removed documentation:
+ - Remove some of the older contents of doc/ as obsolete; move others
+ to torspec.git. Fixes bug 8965.
diff --git a/changes/bug9047 b/changes/bug9047
new file mode 100644
index 0000000000..497f0d3372
--- /dev/null
+++ b/changes/bug9047
@@ -0,0 +1,6 @@
+ o Minor bugfixes:
+ - If for some reason we fail to write a microdescriptor while
+ rebuilding the cache, do not let the annotations from that
+ microdescriptor linger in the cache file, and do not let the
+ microdescriptor stay recorded as present in its old location.
+ Fixes bug 9047; bugfix on 0.2.2.6-alpha.
diff --git a/changes/bug9063 b/changes/bug9063
index af3b1a87f4..dcbecf6179 100644
--- a/changes/bug9063
+++ b/changes/bug9063
@@ -1,3 +1,3 @@
o Normal bugfixes:
- Close any circuit that has more cells queued than the spec permits.
- Fixes bug #9063; bugfix on 0.2.3.25.
+ Fixes bug #9063; bugfix on 0.2.4.12.
diff --git a/changes/bug9122 b/changes/bug9122
new file mode 100644
index 0000000000..5009da6126
--- /dev/null
+++ b/changes/bug9122
@@ -0,0 +1,4 @@
+ o Major bugfixes:
+ - When receiving a new configuration file via the control port's
+ LOADCONF command, do not treat the defaults file as absent.
+ Fixes bug 9122; bugfix on 0.2.3.9-alpha.
diff --git a/changes/bug9147 b/changes/bug9147
new file mode 100644
index 0000000000..e6064ea0e5
--- /dev/null
+++ b/changes/bug9147
@@ -0,0 +1,4 @@
+ o Minor features:
+ - Issue a warning when running with the bufferevents backend enabled.
+ It's still not stable, and people should know that they're likely
+ to hit unexpected problems. Closes ticket 9147.
diff --git a/changes/bug9200 b/changes/bug9200
new file mode 100644
index 0000000000..7b64dd1744
--- /dev/null
+++ b/changes/bug9200
@@ -0,0 +1,5 @@
+ o Major bugfixes:
+ - Fix a bug in the voting algorithm that could yield incorrect results
+ when a non-naming authority declared too many flags. Fixes bug 9200;
+ bugfix on 0.2.0.3-alpha.
+
diff --git a/changes/bug9213_doc b/changes/bug9213_doc
new file mode 100644
index 0000000000..2f959dd831
--- /dev/null
+++ b/changes/bug9213_doc
@@ -0,0 +1,5 @@
+ o Documentation:
+ - Correctly document that we search for a system torrc file before
+ looking in ~/.torrc. Fixes documentation side of 9213; bugfix
+ on 0.2.3.18-rc.
+
diff --git a/changes/bug9229 b/changes/bug9229
new file mode 100644
index 0000000000..ad7fd22c28
--- /dev/null
+++ b/changes/bug9229
@@ -0,0 +1,5 @@
+ o Minor bugfixes:
+ - Avoid 60-second delays in the bootstrapping process when Tor
+ is launching for a second time while using bridges. Fixes bug 9229;
+ bugfix on 0.2.0.3-alpha.
+
diff --git a/changes/bug9254 b/changes/bug9254
new file mode 100644
index 0000000000..5179bdc523
--- /dev/null
+++ b/changes/bug9254
@@ -0,0 +1,4 @@
+ o Minor bugfixes:
+ - Fix a spurious compilation warning with some older versions of
+ GCC on FreeBSD. Fixes bug 9254; bugfix on 0.2.4.14-alpha.
+
diff --git a/changes/bug9288 b/changes/bug9288
new file mode 100644
index 0000000000..59bf414ea1
--- /dev/null
+++ b/changes/bug9288
@@ -0,0 +1,4 @@
+ o Minor bugfixes:
+ - Fix an invalid memory read that occured when a pluggable
+ transport proxy failed its configuration protocol.
+ Fixes bug 9288.
diff --git a/changes/bug9295 b/changes/bug9295
new file mode 100644
index 0000000000..2c113616c3
--- /dev/null
+++ b/changes/bug9295
@@ -0,0 +1,4 @@
+ o Major bugfixes:
+ - Avoid a crash when using --hash-password. Fixes bug 9295; bugfix on
+ 0.2.4.15-rc. Found by stem integration tests.
+
diff --git a/changes/bug9309 b/changes/bug9309
new file mode 100644
index 0000000000..38c462bc0f
--- /dev/null
+++ b/changes/bug9309
@@ -0,0 +1,6 @@
+ o Minor bugfixes:
+ - When evaluating whether to use a connection that we haven't
+ decided is canonical using a recent link protocol version,
+ decide that it's canonical only if it used address _does_
+ match the desired address. Fixes bug 9309; bugfix on
+ 0.2.4.4-alpha. Reported by skruffy.
diff --git a/changes/bug9337 b/changes/bug9337
new file mode 100644
index 0000000000..ce99bc8184
--- /dev/null
+++ b/changes/bug9337
@@ -0,0 +1,4 @@
+ o Major bugfixes (DNS):
+ - Avoid an assertion failure when processing DNS replies without the
+ answer types we expected. Fixes bug 9337; bugfix on 0.2.4.7-alpha.
+
diff --git a/changes/bug9354 b/changes/bug9354
new file mode 100644
index 0000000000..68fc81a595
--- /dev/null
+++ b/changes/bug9354
@@ -0,0 +1,5 @@
+ o Minor bugfixes:
+ - Make the default behavior of NumDirectoryGuards be to track
+ NumEntryGuards. Now a user who changes only NumEntryGuards will get
+ the behavior she expects. Fixes bug 9354; bugfix on 0.2.4.8-alpha.
+
diff --git a/changes/bug9366 b/changes/bug9366
new file mode 100644
index 0000000000..acc919e77f
--- /dev/null
+++ b/changes/bug9366
@@ -0,0 +1,4 @@
+ o Minor features (usability):
+ - Warn and fail if a server is configured not to advertise any
+ ORPorts at all. (We need *something* to put in our descriptor, or
+ we just won't work.)
diff --git a/changes/bug9393 b/changes/bug9393
new file mode 100644
index 0000000000..9aedd1260b
--- /dev/null
+++ b/changes/bug9393
@@ -0,0 +1,4 @@
+ o Minor bugfixes:
+ - Give the correct URL in the warning message that we present
+ when the user is trying to run a Tor relay on an ancient version
+ of Windows. Fixes bug 9393.
diff --git a/changes/bug9400 b/changes/bug9400
new file mode 100644
index 0000000000..974224068a
--- /dev/null
+++ b/changes/bug9400
@@ -0,0 +1,7 @@
+ o Minor bugfixes:
+
+ - Avoid double-closing the listener socket in our socketpair replacement
+ (used on Windows) in the case where the addresses on our opened
+ sockets don't match what we expected. Fixes bug 9400; bugfix on
+ every released Tor version. Found by Coverity.
+
diff --git a/changes/bug9543 b/changes/bug9543
new file mode 100644
index 0000000000..753947f6fd
--- /dev/null
+++ b/changes/bug9543
@@ -0,0 +1,4 @@
+ o Minor bugfixes:
+ - Avoid overflows when the user sets MaxCircuitDirtiness to a
+ ridiculously high value, by imposing a (ridiculously high) 30-day
+ maximum on MaxCircuitDirtiness.
diff --git a/changes/bug9596 b/changes/bug9596
new file mode 100644
index 0000000000..b3d138ecdc
--- /dev/null
+++ b/changes/bug9596
@@ -0,0 +1,4 @@
+ o Minor bugfixes:
+ - Correctly log long IPv6 exit policy, instead of truncating them
+ or reporting an error. Fixes bug 9596; bugfix on 0.2.4.7-alpha.
+
diff --git a/changes/bug9602 b/changes/bug9602
new file mode 100644
index 0000000000..2dc13c4c02
--- /dev/null
+++ b/changes/bug9602
@@ -0,0 +1,5 @@
+ o Bugfixes
+ - Null out orconn->chan->conn when closing orconn in case orconn is freed
+ before channel_run_cleanup() gets to orconn->chan, and handle the null
+ conn edge case correctly in channel_tls_t methods. Fixes bug #9602;
+ bugfix on 0.2.4.4-alpha.
diff --git a/changes/bug9644 b/changes/bug9644
new file mode 100644
index 0000000000..51c58a5fff
--- /dev/null
+++ b/changes/bug9644
@@ -0,0 +1,4 @@
+ o Minor bugfixes:
+ - Fix a small memory leak on exit. (We weren't freeing directory
+ authority certificate download statuses.) Fixes bug 9644; bugfix
+ on 0.2.4.13-alpha.
diff --git a/changes/bug9645a b/changes/bug9645a
new file mode 100644
index 0000000000..2daba65a00
--- /dev/null
+++ b/changes/bug9645a
@@ -0,0 +1,5 @@
+ o Minor bugfixes:
+ - If we are unable to save a microdescriptor to the journal, do not
+ drop it from memory and then reattempt downloading it. Fixes bug
+ 9645; bugfix on 0.2.2.6-alpha.
+
diff --git a/changes/bug9686_024 b/changes/bug9686_024
new file mode 100644
index 0000000000..8705379d32
--- /dev/null
+++ b/changes/bug9686_024
@@ -0,0 +1,5 @@
+ o Minor features (security):
+ - Decrease the lower limit of MaxMemInCellQueues to 256 MBytes (but leave
+ the default at 8GBytes), to better support Raspberry Pi users. Fixes
+ bug 9686; bugfix on 0.2.4.14-alpha.
+
diff --git a/changes/bug9700 b/changes/bug9700
new file mode 100644
index 0000000000..f59f54cb01
--- /dev/null
+++ b/changes/bug9700
@@ -0,0 +1,3 @@
+ o Minor bugfixes (compilation):
+ - Fix a compilation error when compiling with --disable-cuve25519.
+ Fixes bug 9700; bugfix on 0.2.4.17-rc.
diff --git a/changes/bug9716 b/changes/bug9716
new file mode 100644
index 0000000000..5e39077173
--- /dev/null
+++ b/changes/bug9716
@@ -0,0 +1,4 @@
+ o Bugfixes (performance):
+ - Set the listen() backlog limit to the largest actually supported
+ on the system, not to the value in a header file. Fixes bug 9716;
+ bugfix on every released Tor.
diff --git a/changes/bug9731 b/changes/bug9731
new file mode 100644
index 0000000000..828496af3f
--- /dev/null
+++ b/changes/bug9731
@@ -0,0 +1,3 @@
+ o Major bugfixes:
+ - Do not apply connection_consider_empty_read/write_buckets to
+ cpuworker connections.
diff --git a/changes/bug9776 b/changes/bug9776
new file mode 100644
index 0000000000..ea3a96abb3
--- /dev/null
+++ b/changes/bug9776
@@ -0,0 +1,5 @@
+ o Normal bugfixes:
+ - Always call circuit_n_chan_done(chan, 0) from channel_closed(), so we
+ can't leak pending circuits in some cases where
+ run_connection_housekeeping() calls connection_or_close_normally().
+ Fixes bug #9776; bugfix on 0.2.4.17.
diff --git a/changes/bug9780 b/changes/bug9780
new file mode 100644
index 0000000000..3cb51bd528
--- /dev/null
+++ b/changes/bug9780
@@ -0,0 +1,8 @@
+ o Minor bugfixes (performance, fingerprinting):
+ - Our default TLS ecdhe groups were backwards: we meant to be using
+ P224 for relays (for performance win) and P256 for bridges (since
+ it is more common in the wild). Instead we had it backwards. After
+ reconsideration, we decided that the default should be P256 on all
+ hosts, since its security is probably better, and since P224 is
+ reportedly used quite little in the wild. Found by "skruffy" on
+ IRC. Fix for bug 9780; bugfix on 0.2.4.8-alpha.
diff --git a/changes/bug9880 b/changes/bug9880
new file mode 100644
index 0000000000..a7dda8f82f
--- /dev/null
+++ b/changes/bug9880
@@ -0,0 +1,8 @@
+ o Minor bugfixes:
+
+ - When closing a channel that has already been open, do not close
+ pending circuits that were waiting to connect to the same relay.
+ Fixes bug 9880; bugfix on 0.2.5.1-alpha. Thanks to skruffy for
+ finding this bug. (Bug was merged to 0.2.4 branch but not released
+ in any 0.2.4 version)
+
diff --git a/changes/bug9904 b/changes/bug9904
new file mode 100644
index 0000000000..eec4144cce
--- /dev/null
+++ b/changes/bug9904
@@ -0,0 +1,4 @@
+ o Minor bugfixes:
+ - When examining list of network interfaces to find our address, do
+ not consider non-running or disabled network interfaces. Fixes bug
+ 9904; bugfix on 0.2.3.11-alpha. Patch from "hantwister".
diff --git a/changes/bug9927 b/changes/bug9927
new file mode 100644
index 0000000000..e66280c3c4
--- /dev/null
+++ b/changes/bug9927
@@ -0,0 +1,4 @@
+ o Minor features:
+ - Generate bootstrapping status update events correctly for fetching
+ microdescriptors. Fixes bug 9927.
+
diff --git a/changes/bug9946 b/changes/bug9946
new file mode 100644
index 0000000000..5d1c888743
--- /dev/null
+++ b/changes/bug9946
@@ -0,0 +1,11 @@
+ o Minor bugfixes:
+ - If the guard we choose first doesn't answer, we would try the
+ second guard, but once we connected to the second guard we would
+ abandon it and retry the first one, slowing down bootstrapping.
+ The fix is to treat all our initially chosen guards as acceptable
+ to use. Fixes bug 9946; bugfix on 0.1.1.11-alpha.
+
+ o Major bugfixes:
+ - Stop trying to fetch all our directory information from our first
+ guard. Discovered while fixing bug 9946; bugfix on 0.2.4.8-alpha.
+
diff --git a/changes/cov709056 b/changes/cov709056
deleted file mode 100644
index 64a75ad8a2..0000000000
--- a/changes/cov709056
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfixes:
- - Check return value of fputs() when writing authority certificate
- file. Fixes Coverity issue 709056; bugfix on 0.2.0.1-alpha.
-
diff --git a/changes/cov980650 b/changes/cov980650
new file mode 100644
index 0000000000..cbbada2e66
--- /dev/null
+++ b/changes/cov980650
@@ -0,0 +1,4 @@
+ o Minor bugfixes:
+ - Fix a copy-and-paste error when adding a missing A1 to a routerset
+ because of GeoIPExcludeUnknown. Fix for coverity CID 980650.
+ Bugfix on 0.2.4.10-alpha.
diff --git a/changes/curve25519-donna32-bug b/changes/curve25519-donna32-bug
new file mode 100644
index 0000000000..7fccab1b0c
--- /dev/null
+++ b/changes/curve25519-donna32-bug
@@ -0,0 +1,12 @@
+ o Major bugfixes:
+
+ - Fix a bug in the bounds-checking in the 32-bit curve25519-donna
+ implementation that caused incorrect results on 32-bit
+ implementations when certain malformed inputs were used along with
+ a small class of private ntor keys. This bug does not currently
+ appear to allow an attacker to learn private keys or impersonate a
+ Tor server, but it could provide a means to distinguish 32-bit Tor
+ implementations from 64-bit Tor implementations. Fixes bug 12694;
+ bugfix on 0.2.4.8-alpha. Bug found by Robert Ransom; fix from
+ Adam Langley.
+
diff --git a/changes/cve-2012-2249 b/changes/cve-2012-2249
deleted file mode 100644
index 625bfa2f58..0000000000
--- a/changes/cve-2012-2249
+++ /dev/null
@@ -1,5 +0,0 @@
- o Major bugfixes (security):
- - Discard extraneous renegotiation attempts once the V3 link
- protocol has been initiated. Failure to do so left us open to
- a remotely triggerable assertion failure. Fixes CVE-2012-2249;
- bugfix on 0.2.3.6-alpha. Reported by "some guy from France".
diff --git a/changes/dirserv-BUGGY-a b/changes/dirserv-BUGGY-a
deleted file mode 100644
index 35b492a2d7..0000000000
--- a/changes/dirserv-BUGGY-a
+++ /dev/null
@@ -1,7 +0,0 @@
- o Minor bugfixes:
-
- - Don't serve or accept v2 hidden service descriptors over a
- relay's DirPort. It's never correct to do so, and disabling it
- might make it more annoying to exploit any bugs that turn up in the
- descriptor-parsing code. Fixes bug 7149.
-
diff --git a/changes/disable_pathbias_messages b/changes/disable_pathbias_messages
deleted file mode 100644
index 3bc996347b..0000000000
--- a/changes/disable_pathbias_messages
+++ /dev/null
@@ -1,3 +0,0 @@
- o Disabeled features
- - Downgrade path-bias warning messages to INFO. We'll try to get them
- working better in 0.2.4. Fixes bug 6475; bugfix on 0.2.3.17-beta.
diff --git a/changes/doc-heartbeat-loglevel b/changes/doc-heartbeat-loglevel
new file mode 100644
index 0000000000..91f40ad260
--- /dev/null
+++ b/changes/doc-heartbeat-loglevel
@@ -0,0 +1,3 @@
+ o Minor documentation fixes:
+ - Fix the documentation of HeartbeatPeriod to say that the heartbeat
+ message is logged at notice, not at info.
diff --git a/changes/easy.ratelim b/changes/easy.ratelim
new file mode 100644
index 0000000000..cadd1e4f5e
--- /dev/null
+++ b/changes/easy.ratelim
@@ -0,0 +1,3 @@
+ o Code simplification and refactoring:
+ - Add a wrapper function for the common "log a message with a rate-limit"
+ case.
diff --git a/changes/feature4994 b/changes/feature4994
new file mode 100644
index 0000000000..4fa0e037b7
--- /dev/null
+++ b/changes/feature4994
@@ -0,0 +1,7 @@
+ o Minor features:
+ - Teach bridge-using clients to avoid 0.2.2 bridges when making
+ microdescriptor-related dir requests, and only fall back to normal
+ descriptors if none of their bridges can handle microdescriptors
+ (as opposed to the fix in ticket 4013, which caused them to fall
+ back to normal descriptors if *any* of their bridges preferred
+ them). Resolves ticket 4994.
diff --git a/changes/feature9574 b/changes/feature9574
new file mode 100644
index 0000000000..723606e396
--- /dev/null
+++ b/changes/feature9574
@@ -0,0 +1,7 @@
+ o Major features:
+ - Relays now process the new "NTor" circuit-level handshake requests
+ with higher priority than the old "TAP" circuit-level handshake
+ requests. We still process some TAP requests to not totally starve
+ 0.2.3 clients when NTor becomes popular. A new consensus parameter
+ "NumNTorsPerTAP" lets us tune the balance later if we need to.
+ Implements ticket 9574.
diff --git a/changes/feature9777 b/changes/feature9777
new file mode 100644
index 0000000000..312b5e034e
--- /dev/null
+++ b/changes/feature9777
@@ -0,0 +1,3 @@
+ o Minor features:
+ - Avoid using circuit paths if no node in the path supports the ntor
+ circuit extension handshake. Implements ticket 9777.
diff --git a/changes/ff28_ciphers b/changes/ff28_ciphers
new file mode 100644
index 0000000000..05eb4e9bcc
--- /dev/null
+++ b/changes/ff28_ciphers
@@ -0,0 +1,6 @@
+ o Minor features (performance, compatibility):
+ - Update the list of TLS cipehrsuites that a client advertises
+ to match those advertised by Firefox 28. This enables selection of
+ (fast) GCM ciphersuites, disables some strange old ciphers, and
+ disables the ECDH (not to be confused with ECDHE) ciphersuites.
+ Resolves ticket 11438.
diff --git a/changes/fix-geoipexclude-doc b/changes/fix-geoipexclude-doc
new file mode 100644
index 0000000000..63b544ef29
--- /dev/null
+++ b/changes/fix-geoipexclude-doc
@@ -0,0 +1,4 @@
+ o Documentation fixes:
+ - Fix the GeoIPExcludeUnknown documentation to refer to ExcludeExitNodes
+ rather than the currently nonexistent ExcludeEntryNodes. Spotted by
+ "hamahangi" on tor-talk.
diff --git a/changes/geoip-dec2012 b/changes/geoip-dec2012
deleted file mode 100644
index 26431c2e8a..0000000000
--- a/changes/geoip-dec2012
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor features:
- - Update to the December 5 2012 Maxmind GeoLite Country database.
-
diff --git a/changes/geoip-jan2013 b/changes/geoip-jan2013
deleted file mode 100644
index 45e5a150cc..0000000000
--- a/changes/geoip-jan2013
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor features:
- - Update to the January 2 2013 Maxmind GeoLite Country database.
-
diff --git a/changes/geoip-nov2012 b/changes/geoip-nov2012
deleted file mode 100644
index 22e7bace58..0000000000
--- a/changes/geoip-nov2012
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor features:
- - Update to the November 7 2012 Maxmind GeoLite Country database.
-
diff --git a/changes/geoip6-august2014 b/changes/geoip6-august2014
new file mode 100644
index 0000000000..7e7c9a975d
--- /dev/null
+++ b/changes/geoip6-august2014
@@ -0,0 +1,3 @@
+ o Minor features:
+ - Update geoip6 to the August 7 2014 Maxmind GeoLite2 Country database.
+
diff --git a/changes/geoip6-february2014 b/changes/geoip6-february2014
new file mode 100644
index 0000000000..af30be00b1
--- /dev/null
+++ b/changes/geoip6-february2014
@@ -0,0 +1,3 @@
+ o Minor features:
+ - Update geoip6 to the February 7 2014 Maxmind GeoLite2 Country
+ database.
diff --git a/changes/geoip6-july2014 b/changes/geoip6-july2014
new file mode 100644
index 0000000000..155788ef88
--- /dev/null
+++ b/changes/geoip6-july2014
@@ -0,0 +1,2 @@
+ o Minor features:
+ - Update geoip6 to the July 10 2014 Maxmind GeoLite2 Country database.
diff --git a/changes/geoip6-june2014 b/changes/geoip6-june2014
new file mode 100644
index 0000000000..1a33e6fb45
--- /dev/null
+++ b/changes/geoip6-june2014
@@ -0,0 +1,2 @@
+ o Minor features:
+ - Update geoip and geoip6 to the June 4 2014 Maxmind GeoLite2 Country database.
diff --git a/changes/integers_donna b/changes/integers_donna
new file mode 100644
index 0000000000..e9c69e8e1c
--- /dev/null
+++ b/changes/integers_donna
@@ -0,0 +1,3 @@
+ o Minor bugfixes (portability)
+ - Tweak the curve25519-donna*.c implementations to tolerate systems
+ that lack stdint.h. Fixes bug 3894; bugfix on 0.2.4.8-alpha.
diff --git a/changes/less_charbuf_usage b/changes/less_charbuf_usage
new file mode 100644
index 0000000000..2ec42b544a
--- /dev/null
+++ b/changes/less_charbuf_usage
@@ -0,0 +1,5 @@
+ o Code simplification and refactoring:
+ - Avoid using character buffers when constructing most directory
+ objects: this approach was unweildy and error-prone. Instead,
+ build smartlists of strings, and concatenate them when done.
+
diff --git a/changes/link_negotiation_assert b/changes/link_negotiation_assert
deleted file mode 100644
index 398a545573..0000000000
--- a/changes/link_negotiation_assert
+++ /dev/null
@@ -1,6 +0,0 @@
- o Major bugfixs (security):
- - Fix a group of remotely triggerable assertion failures related to
- incorrect link protocol negotiation. Found, diagnosed, and fixed
- by "some guy from France." Fix for CVE-2012-2250; bugfix on
- 0.2.3.6-alpha.
-
diff --git a/changes/log-noise b/changes/log-noise
new file mode 100644
index 0000000000..bbbf0d2c0c
--- /dev/null
+++ b/changes/log-noise
@@ -0,0 +1,11 @@
+ o Minor bugfixes (log message reduction)
+ - Fix a path state issue that triggered a notice during relay startup.
+ Fixes bug #8320; bugfix on 0.2.4.10-alpha.
+ - Reduce occurrences of warns about circuit purpose in
+ connection_ap_expire_building(). Fixes bug #8477; bugfix on
+ 0.2.4.11-alpha.
+ - Fix a directory authority warn caused when we have a large amount
+ of badexit bandwidth. Fixes bug #8419; bugfix on 0.2.2.10-alpha.
+ - Reduce a path bias length check notice log to info. The notice
+ is triggered when creating controller circuits. Fixes bug #8196;
+ bugfix on 0.2.4.8-alpha.
diff --git a/changes/no_client_timestamps_024 b/changes/no_client_timestamps_024
new file mode 100644
index 0000000000..41dea2f1a6
--- /dev/null
+++ b/changes/no_client_timestamps_024
@@ -0,0 +1,14 @@
+ o Minor features (security, timestamp avoidance, proposal 222):
+ - Clients no longer send timestamps in their NETINFO cells. These were
+ not used for anything, and they provided one small way for clients
+ to be distinguished from each other as they moved from network to
+ network or behind NAT. Implements part of proposal 222.
+ - Clients now round timestamps in INTRODUCE cells down to the nearest
+ 10 minutes. If a new Support022HiddenServices option is set to 0,
+ or if it's set to "auto" and the feature is disabled in the consensus,
+ the timestamp is sent as 0 instead. Implements part of proposal 222.
+ - Stop sending timestamps in AUTHENTICATE cells. This is not such
+ a big deal from a security point of view, but it achieves no actual
+ good purpose, and isn't needed. Implements part of proposal 222.
+ - Reduce down accuracy of timestamps in hidden service descriptors.
+ Implements part of proposal 222.
diff --git a/changes/pathsel-BUGGY-a b/changes/pathsel-BUGGY-a
deleted file mode 100644
index 2e642c7953..0000000000
--- a/changes/pathsel-BUGGY-a
+++ /dev/null
@@ -1,14 +0,0 @@
- o Security fixes:
-
- - Try to leak less information about what relays a client is
- choosing to a side-channel attacker. Previously, a Tor client
- would stop iterating through the list of available relays as
- soon as it had chosen one, thus finishing a little earlier
- when it picked a router earlier in the list. If an attacker
- can recover this timing information (nontrivial but not
- proven to be impossible), they could learn some coarse-
- grained information about which relays a client was picking
- (middle nodes in particular are likelier to be affected than
- exits). The timing attack might be mitigated by other factors
- (see bug #6537 for some discussion), but it's best not to
- take chances. Fixes bug 6537; bugfix on 0.0.8rc1.
diff --git a/changes/port_doc b/changes/port_doc
deleted file mode 100644
index 0e8662f0ab..0000000000
--- a/changes/port_doc
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor features (usability):
- - Try to make the warning when giving an obsolete SOCKSListenAddress
- a littel more useful.
diff --git a/changes/prop221 b/changes/prop221
new file mode 100644
index 0000000000..b2bf44bc37
--- /dev/null
+++ b/changes/prop221
@@ -0,0 +1,6 @@
+ o Minor features:
+ - Stop sending the CREATE_FAST cells by default; instead, use a
+ parameter in the consensus to decide whether to use
+ CREATE_FAST. This can improve security on connections where
+ Tor's circuit handshake is stronger than the available TLS
+ connection security levels. Implements proposal 221.
diff --git a/changes/revert-geoip-may2012 b/changes/revert-geoip-may2012
deleted file mode 100644
index e420947a34..0000000000
--- a/changes/revert-geoip-may2012
+++ /dev/null
@@ -1,6 +0,0 @@
- o Major bugfixes:
- - Revert to the May 1 2012 Maxmind GeoLite Country database. In the
- June 2012 database, Maxmind marked many Tor relays as country "A1",
- which will cause risky behavior for clients that set EntryNodes
- or ExitNodes. Addresses bug 6334; bugfix on 0.2.3.17-beta.
-
diff --git a/changes/signof_enum b/changes/signof_enum
new file mode 100644
index 0000000000..ba4fb597d7
--- /dev/null
+++ b/changes/signof_enum
@@ -0,0 +1,7 @@
+ o Code simplifications and refactoring:
+ - Use Ville Laurikari's implementation of AX_CHECK_SIGN() to determine
+ the signs of types during autoconf. This is better than our old
+ approach, which didn't work when cross-compiling.
+ - Detect the sign of enum values, rather than assuming that MSC is the
+ only compiler where enum types are all signed. Fix for bug 7727;
+ bugfix on 0.2.4.10-alpha.
diff --git a/changes/smartlist_foreach b/changes/smartlist_foreach
deleted file mode 100644
index 2fd3a1a85c..0000000000
--- a/changes/smartlist_foreach
+++ /dev/null
@@ -1,8 +0,0 @@
- o Code simplification and refactoring:
- - Do not use SMARTLIST_FOREACH for any loop whose body exceeds
- 10 lines. Doing so in the past has led to hard-to-debug code.
- The new style is to use the SMARTLIST_FOREACH_{BEGIN,END} pair.
- Issue 6400.
- - Do not nest SMARTLIST_FOREACH blocks within one another. Any
- nested block ought to be using SMARTLIST_FOREACH_{BEGIN,END}.
- Issue 6400.
diff --git a/changes/ticket11528 b/changes/ticket11528
new file mode 100644
index 0000000000..15daad9950
--- /dev/null
+++ b/changes/ticket11528
@@ -0,0 +1,6 @@
+ o Minor features:
+ - Servers now trust themselves to have a better view than clients of
+ which TLS ciphersuites to choose. (Thanks to #11513, the server
+ list is now well-considered, whereas the client list has been
+ chosen mainly for anti-fingerprinting purposes.) Resolves ticket
+ 11528.
diff --git a/changes/ticket12688 b/changes/ticket12688
new file mode 100644
index 0000000000..88228e5506
--- /dev/null
+++ b/changes/ticket12688
@@ -0,0 +1,6 @@
+ Major features:
+ - Make the number of entry guards configurable via a new
+ NumEntryGuards consensus parameter, and the number of directory
+ guards configurable via a new NumDirectoryGuards consensus
+ parameter. Implements ticket 12688.
+
diff --git a/changes/ticket2267 b/changes/ticket2267
new file mode 100644
index 0000000000..b589b5721f
--- /dev/null
+++ b/changes/ticket2267
@@ -0,0 +1,8 @@
+ o Minor features:
+ - Refactor resolve_my_address() so it returns the method by which we
+ decided our public IP address (explicitly configured, resolved from
+ explicit hostname, guessed from interfaces, learned by gethostname).
+ Now we can provide more helpful log messages when a relay guesses
+ its IP address incorrectly (e.g. due to unexpected lines in
+ /etc/hosts). Resolves ticket 2267.
+
diff --git a/changes/ticket5749 b/changes/ticket5749
deleted file mode 100644
index 0237241981..0000000000
--- a/changes/ticket5749
+++ /dev/null
@@ -1,3 +0,0 @@
- o New directory authorities:
- - Add Faravahar (run by Sina Rabbani) as the ninth v3 directory
- authority. Closes ticket 5749.
diff --git a/changes/ticket8240 b/changes/ticket8240
new file mode 100644
index 0000000000..91e6f8c14a
--- /dev/null
+++ b/changes/ticket8240
@@ -0,0 +1,4 @@
+ o Major security fixes:
+ - Make the default guard lifetime controllable via a new
+ GuardLifetime torrc option and a GuardLifetime consensus
+ parameter. Start of a fix for bug 8240; bugfix on 0.1.1.11-alpha.
diff --git a/changes/ticket8443 b/changes/ticket8443
new file mode 100644
index 0000000000..ca6fb2f471
--- /dev/null
+++ b/changes/ticket8443
@@ -0,0 +1,4 @@
+ o Minor features:
+ - Randomize the lifetime of our SSL link certificate, so censors can't
+ use the static value for filtering Tor flows. Resolves ticket 8443;
+ related to ticket 4014 which was included in 0.2.2.33.
diff --git a/changes/ticket9658 b/changes/ticket9658
new file mode 100644
index 0000000000..a8db2efba8
--- /dev/null
+++ b/changes/ticket9658
@@ -0,0 +1,4 @@
+ o Minor features:
+ - Track how many "TAP" and "NTor" circuit handshake requests we get,
+ and how many we complete, and log it every hour to help relay
+ operators follow trends in network load. Addresses ticket 9658.
diff --git a/changes/ticket9866 b/changes/ticket9866
new file mode 100644
index 0000000000..6cbb1110db
--- /dev/null
+++ b/changes/ticket9866
@@ -0,0 +1,3 @@
+ o Documentation:
+ - Add anchors to the manpage so we can link to the documentation for
+ specific options. Resolves ticket 9866.
diff --git a/changes/v3_intro_len b/changes/v3_intro_len
new file mode 100644
index 0000000000..fbe39bce3b
--- /dev/null
+++ b/changes/v3_intro_len
@@ -0,0 +1,8 @@
+ o Major bugfixes:
+
+ - Fix an uninitialized read that could (in some cases) lead to a remote
+ crash while parsing INTRODUCE 1 cells. (This is, so far as we know,
+ unrelated to the recent news.) Fixes bug XXX; bugfix on
+ 0.2.4.1-alpha. Anybody running a hidden service on the experimental
+ 0.2.4.x branch should upgrade.
+
diff --git a/changes/warn-unsigned-time_t b/changes/warn-unsigned-time_t
new file mode 100644
index 0000000000..5f0c36d099
--- /dev/null
+++ b/changes/warn-unsigned-time_t
@@ -0,0 +1,5 @@
+ o Build improvements:
+ - Warn if building on a platform with an unsigned time_t: there
+ are too many places where Tor currently assumes that time_t can
+ hold negative values. We'd like to fix them all, but probably
+ some will remain.