diff options
Diffstat (limited to 'changes')
106 files changed, 404 insertions, 84 deletions
diff --git a/changes/11150 b/changes/11150 new file mode 100644 index 0000000000..b4d40ed07c --- /dev/null +++ b/changes/11150 @@ -0,0 +1,6 @@ + o Removed features: + - Remove client-side support for connecting to Tor servers running + versions of Tor before 0.2.3.6-alpha. These servers didn't + support the v3 TLS handshake protocol, and are no longer allowed + on the Tor network. Implements the client side of ticket + 11150. Based on patches by Tom van der Woerdt. diff --git a/changes/17004 b/changes/17004 new file mode 100644 index 0000000000..1dc9a237d4 --- /dev/null +++ b/changes/17004 @@ -0,0 +1,3 @@ + o Testing: + - Unit tests for directory_handle_command_get. Closes ticket 17004. + Patch from Reinaldo de Souza Jr. diff --git a/changes/17075 b/changes/17075 new file mode 100644 index 0000000000..a91ac673e6 --- /dev/null +++ b/changes/17075 @@ -0,0 +1,3 @@ + o Testing: + - More unit tests for compat_libevent.c. Closes ticket 17075. + Patch from Ola Bini. diff --git a/changes/17078 b/changes/17078 new file mode 100644 index 0000000000..af02877898 --- /dev/null +++ b/changes/17078 @@ -0,0 +1,3 @@ + o Testing: + - More unit tests for procmon.c. Closes ticket 17078. + Patch from Ola Bini. diff --git a/changes/17082 b/changes/17082 new file mode 100644 index 0000000000..30ed01473e --- /dev/null +++ b/changes/17082 @@ -0,0 +1,3 @@ + o Testing: + - More unit tests for tortls.c. Closes ticket 17082. + Patch from Ola Bini. diff --git a/changes/17084 b/changes/17084 new file mode 100644 index 0000000000..361e26f264 --- /dev/null +++ b/changes/17084 @@ -0,0 +1,3 @@ + o Testing: + - More unit tests for util_format.c. Closes ticket 17084. + Patch from Ola Bini. diff --git a/changes/17573 b/changes/17573 new file mode 100644 index 0000000000..fe1fd1c027 --- /dev/null +++ b/changes/17573 @@ -0,0 +1,3 @@ + o Minor bigfixes (IPv6): + - Update the limits in max_dl_per_request for IPv6 address + length. Closes ticket 17573. diff --git a/changes/17826 b/changes/17826 new file mode 100644 index 0000000000..7d0a17afee --- /dev/null +++ b/changes/17826 @@ -0,0 +1,5 @@ + o Minor bugfixes (build): + - Mark all object files that include micro-revision.i as depending on + it, so as to make our build more reliable with parallel builds. + Fixes bug 17826; bugfix on 0.2.5.1-alpha. + diff --git a/changes/17926 b/changes/17926 new file mode 100644 index 0000000000..09bdbbeae7 --- /dev/null +++ b/changes/17926 @@ -0,0 +1,3 @@ + o Removed code: + - Remove code for OpenSSL dynamic locks; OpenSSL doesn't use them. + Closes ticket 17926. diff --git a/changes/17944 b/changes/17944 new file mode 100644 index 0000000000..0d8ed0a362 --- /dev/null +++ b/changes/17944 @@ -0,0 +1,3 @@ + o Minor features (portability): + - Use timingsafe_memcmp() where available. Closes ticket 17944; + patch from <logan@hackers.mu>. diff --git a/changes/7419 b/changes/7419 new file mode 100644 index 0000000000..b792e8f6a0 --- /dev/null +++ b/changes/7419 @@ -0,0 +1,7 @@ + o Minor enhancement (security): + - Use explicit_bzero when present + from <logan@hackers.mu>. + - Use memset_s when present + from <selven@hackers.mu> + + 625538405474972d627b26d7a250ea36 (: diff --git a/changes/bug15609 b/changes/bug15609 deleted file mode 100644 index efaccdeaae..0000000000 --- a/changes/bug15609 +++ /dev/null @@ -1,2 +0,0 @@ - o Documentation: - - Fix capitalization of SOCKS in sample torrc. Closes ticket 15609. diff --git a/changes/bug15638 b/changes/bug15638 new file mode 100644 index 0000000000..cf5d46983f --- /dev/null +++ b/changes/bug15638 @@ -0,0 +1,2 @@ + o Documentation: + - Document the minimum HeartbeatPeriod value. Closes ticket 15638. diff --git a/changes/bug16056 b/changes/bug16056 deleted file mode 100644 index e3311c0f93..0000000000 --- a/changes/bug16056 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (relay, IPv6): - - When displaying an IPv6 exit policy, include the mask bits correctly - even when the number is greater than 31. Fixes bug 16056; bugfix on - 0.2.4.7-alpha. Patch from "gturner".
\ No newline at end of file diff --git a/changes/bug16382 b/changes/bug16382 new file mode 100644 index 0000000000..8faee98ad8 --- /dev/null +++ b/changes/bug16382 @@ -0,0 +1,3 @@ + o Documentation: + - Explain actual minima for BandwidthRate. Closes ticket 16382. + diff --git a/changes/bug16563 b/changes/bug16563 new file mode 100644 index 0000000000..19e59b3821 --- /dev/null +++ b/changes/bug16563 @@ -0,0 +1,6 @@ + o Minor bugfixes (logging): + - In log messages that include a function name, use __FUNCTION__ instead + of __PRETTY_FUNCTION__. In GCC, these are synonymous, but with clang + __PRETTY_FUNCTION__ has extra information we don't need. + Fixes bug 16563; bugfix on 0.0.2pre8. Fix by Tom van der Woerdt. +
\ No newline at end of file diff --git a/changes/bug16651 b/changes/bug16651 new file mode 100644 index 0000000000..096daeaf70 --- /dev/null +++ b/changes/bug16651 @@ -0,0 +1,5 @@ + o Minor bugfixes (compilation): + + - Fix search for libevent libraries on OpenBSD (and similar systems + which install libevent 1 and libevent 2 in parallel). Resolves + ticket 16651. Patch from "rubiate". diff --git a/changes/bug16702 b/changes/bug16702 deleted file mode 100644 index 5de36cd351..0000000000 --- a/changes/bug16702 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (hidden service) - - The wrong list was used when looking up expired intro points in a rend - service object causing what we think could be reachability issues and - triggering a BUG log. Fixes 16702; bugfix on tor-0.2.7.2-alpha. diff --git a/changes/bug16794_ed b/changes/bug16794_ed new file mode 100644 index 0000000000..a43c401ed4 --- /dev/null +++ b/changes/bug16794_ed @@ -0,0 +1,3 @@ + o Testing: + - Always test both ed25519 backends, so that we can be sure that + our batch-open replacement code works. Part of ticket 16794. diff --git a/changes/bug17003 b/changes/bug17003 new file mode 100644 index 0000000000..8125f0e402 --- /dev/null +++ b/changes/bug17003 @@ -0,0 +1,3 @@ + o Testing: + - New tests for directory.c functions. Closes ticket 17003. Patch + from Ola Bini. diff --git a/changes/bug17026 b/changes/bug17026 new file mode 100644 index 0000000000..8b1ce3c61b --- /dev/null +++ b/changes/bug17026 @@ -0,0 +1,5 @@ + o Minor features: + - Set unused entires in a smartlist to NULL. This helped catch a + (harmless) bug, and shouldn't affect performance too much. + Implements ticket 17026. + diff --git a/changes/bug17027-reject-private-bind-port b/changes/bug17027-reject-private-bind-port new file mode 100644 index 0000000000..abc1431c9a --- /dev/null +++ b/changes/bug17027-reject-private-bind-port @@ -0,0 +1,7 @@ + o Minor bug fixes (security, exit policies): + - ExitPolicyRejectPrivate rejects more private addresses by default: + * the relay's outbound bind addresses (if configured), and + * the relay's configured port addresses (such as ORPort and DirPort). + Resolves ticket 17027. Patch by "teor". + Patch on 42b8fb5a1523 (11 Nov 2007), released in 0.2.0.11-alpha, + and on 0.2.7.3-rc. diff --git a/changes/bug17151 b/changes/bug17151 deleted file mode 100644 index 0993b90eac..0000000000 --- a/changes/bug17151 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes (portability): - - Use libexecinfo on FreeBSD, to enable backtrace support. Fixes part of - bug 17151; bugfix on 0.2.5.2-alpha. Patch from Marcin Cieślak. - - o Minor bugfixes (testing): - - Skip backtrace tests when backtrace support is not compiled in. Fixes - part of bug 17151; bugfix on 0.2.7.1-alpha. Patch from Marcin Cieślak. diff --git a/changes/bug17154 b/changes/bug17154 deleted file mode 100644 index 6ad7b74468..0000000000 --- a/changes/bug17154 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (testing): - - Fix breakage when running 'make check' with BSD make. Fixes bug - 17154; bugfix on 0.2.7.3-rc. Patch by Marcin Cieślak. diff --git a/changes/bug17173-socket-hack-rv b/changes/bug17173-socket-hack-rv deleted file mode 100644 index d5132114b4..0000000000 --- a/changes/bug17173-socket-hack-rv +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bug fixes (addresses, testing): - - Add unit tests for get_interface_address* failure cases. - Fixes bug 17173; bugfix on 0.2.7.3-rc. Patch by fk/teor. diff --git a/changes/bug17194 b/changes/bug17194 new file mode 100644 index 0000000000..26549b307f --- /dev/null +++ b/changes/bug17194 @@ -0,0 +1,7 @@ + o Minor feature: + - When logging to syslog, allow a tag to be added to the syslog + identity ("Tor"), i.e. the string prepended to every log message. + The tag can be configured by setting SyslogIdentityTag and defaults + to none. Setting it to "foo" will cause logs to be tagged as + "Tor-foo". + diff --git a/changes/bug17237_027 b/changes/bug17237_027 deleted file mode 100644 index e5978d0ec8..0000000000 --- a/changes/bug17237_027 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (compilation): - - Repair compilation with the most recent (unreleased, alpha) - vesions of OpenSSL 1.1. Fixes part of ticket 17237. diff --git a/changes/bug17251 b/changes/bug17251 deleted file mode 100644 index edd7739d2f..0000000000 --- a/changes/bug17251 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (compilation): - - Fix an integer overflow warning in test_crypto_slow.c. - Fixes bug 17251; bugfix on 0.2.7.2-alpha. diff --git a/changes/bug17354 b/changes/bug17354 deleted file mode 100644 index 53da007fbb..0000000000 --- a/changes/bug17354 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (sandbox): - - Add the "hidserv-stats" filename to our sandbox filter for the - HiddenServiceStatistics option to work properly. Fixes bug 17354; - bugfix on tor-0.2.6.2-alpha~54^2~1. Patch from David Goulet. diff --git a/changes/bug17364 b/changes/bug17364 deleted file mode 100644 index dd9ff12784..0000000000 --- a/changes/bug17364 +++ /dev/null @@ -1,3 +0,0 @@ - o Documentation: - - Note that HiddenServicePorts can take a unix domain socket. - Closes ticket 17364. diff --git a/changes/bug17398 b/changes/bug17398 deleted file mode 100644 index 66e27a6966..0000000000 --- a/changes/bug17398 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (memory leaks): - - Fix a memory leak in ed25519 batch signature checking. - Fixes bug 17398; bugfix on 0.2.6.1-alpha. diff --git a/changes/bug17401 b/changes/bug17401 deleted file mode 100644 index a22f79c431..0000000000 --- a/changes/bug17401 +++ /dev/null @@ -1,3 +0,0 @@ - o Major bugfixes (correctness): - - Fix a use-after-free bug in validate_intro_point_failure(). - Fixes bug 17401; bugfix on 0.2.7.3-rc. diff --git a/changes/bug17402 b/changes/bug17402 deleted file mode 100644 index 4760e00b04..0000000000 --- a/changes/bug17402 +++ /dev/null @@ -1,3 +0,0 @@ - o Major bugfixes (memory leak): - - Fix a memory leak in rend_cache_failure_entry_free(). - Fixes bug 17402; bugfix on 0.2.7.3-rc. diff --git a/changes/bug17403 b/changes/bug17403 deleted file mode 100644 index e83a4a247b..0000000000 --- a/changes/bug17403 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (memory leaks): - - Fix a memory leak when reading an expired signing key from disk. - Fixes bug 17403; bugfix on 0.2.7.2-rc. diff --git a/changes/bug17404 b/changes/bug17404 deleted file mode 100644 index d524f6662d..0000000000 --- a/changes/bug17404 +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfixes (security, correctness): - - Fix a programming error that could cause us to read 4 bytes before - the beginning of an openssl string. This could be used to provoke - a crash on systems with an unusual malloc implementation, or - systems with unsual hardening installed. Fixes bug 17404; bugfix - on 0.2.3.6-alpha. diff --git a/changes/bug17419 b/changes/bug17419 new file mode 100644 index 0000000000..8ad8edd37b --- /dev/null +++ b/changes/bug17419 @@ -0,0 +1,4 @@ + + o Minor bugfixes: + - When logging a malformed hostname received through socks4, scrub it + if SafeLogging says we should. Fixes bug 17419; bugfix on 0.1.1.16-rc. diff --git a/changes/bug17544 b/changes/bug17544 new file mode 100644 index 0000000000..4316d0709c --- /dev/null +++ b/changes/bug17544 @@ -0,0 +1,4 @@ + o Minor bugfix (SipHash-2-4 performance): + - Improve performance when hashing non-multiple of 8 sized buffers, + based on Andrew Moon's Public Domain SipHash-2-4 implementation. + Fixes bug 17544; bugfix on 0.2.5.3-alpha. diff --git a/changes/bug17549 b/changes/bug17549 new file mode 100644 index 0000000000..3650608141 --- /dev/null +++ b/changes/bug17549 @@ -0,0 +1,3 @@ + o Minor bugfixes (compilation): + - Repair compilation with the most recent (unreleased, alpha) + vesions of OpenSSL 1.1. Fixes bug 17549. diff --git a/changes/bug17551 b/changes/bug17551 deleted file mode 100644 index 27e467979e..0000000000 --- a/changes/bug17551 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (compilation): - - When checking for net/pfvar.h, include netinet/in.h if possible. - This fixes transparent proxy detection on OpenBSD. Fixes bug - 17551; bugfix on 0.1.2.1-alpha. Patch from "rubiate". diff --git a/changes/bug17562-DataDirectoryGroupReadable b/changes/bug17562-DataDirectoryGroupReadable new file mode 100644 index 0000000000..524e5ef28a --- /dev/null +++ b/changes/bug17562-DataDirectoryGroupReadable @@ -0,0 +1,3 @@ + o Minor bug fixes: + - Introduce DataDirectoryGroupReadable boolean. If set to 1, the + DataDirectory will be made readable by the default GID. diff --git a/changes/bug17562-allow-root-group-read b/changes/bug17562-allow-root-group-read new file mode 100644 index 0000000000..7a0903c662 --- /dev/null +++ b/changes/bug17562-allow-root-group-read @@ -0,0 +1,6 @@ + o Minor bug fixes: + - If any directory created by Tor is marked as group readable, the + filesystem group is allowed to be either the default GID or the root + user. Allowing root to read the DataDirectory prevents the need for + CAP_READ_SEARCH when using systemd's CapabilityBoundingSet, or + dac_read_search when using SELinux. diff --git a/changes/bug17562-defer-unix-socket-creation b/changes/bug17562-defer-unix-socket-creation new file mode 100644 index 0000000000..f1896c044a --- /dev/null +++ b/changes/bug17562-defer-unix-socket-creation @@ -0,0 +1,4 @@ + o Minor bug fixes: + - Defer creation of Unix sockets until after setuid. This avoids needing + CAP_CHOWN and CAP_FOWNER when using systemd's CapabilityBoundingSet, or + chown and fowner when using SELinux. diff --git a/changes/bug17572-fallback-by-digest b/changes/bug17572-fallback-by-digest new file mode 100644 index 0000000000..3fba123360 --- /dev/null +++ b/changes/bug17572-fallback-by-digest @@ -0,0 +1,5 @@ + o Minor bugfix (fallback directories): + - Mark fallbacks as "too busy" when they return a 503 response, + rather than just marking authorities. + Fixes bug 17572; bugfix on 5c51b3f1f0d4 released in 0.2.4.7-alpha. + Patch by "teor". diff --git a/changes/bug17589 b/changes/bug17589 new file mode 100644 index 0000000000..91103276df --- /dev/null +++ b/changes/bug17589 @@ -0,0 +1,7 @@ + o Code simplificiation and refactoring: + - When a direct directory request fails immediately on launch, + instead of relaunching that request from inside the code that + launches it, instead mark the connection for teardown. This + change simplifies Tor's callback and prevents the directory- + request launching code from invoking itself recursively. + Closes ticket 17589.
\ No newline at end of file diff --git a/changes/bug17632-no-ipv4-no-localhost b/changes/bug17632-no-ipv4-no-localhost new file mode 100644 index 0000000000..04622079d3 --- /dev/null +++ b/changes/bug17632-no-ipv4-no-localhost @@ -0,0 +1,7 @@ + o Minor bugfix (unit tests): + - Make unit tests pass on IPv6-only systems, and systems without + localhost addresses (like some FreeBSD jails). + Fixes bug #17632; bugfix on unit tests in 0.2.7.3-rc. + c464a367728d was a partial fix for this issue in #17255; + it was released in unit tests in 0.2.7.4-rc. + Patch by "teor". diff --git a/changes/bug17638-ipv6-ersatz-socketpair b/changes/bug17638-ipv6-ersatz-socketpair new file mode 100644 index 0000000000..6193065ff3 --- /dev/null +++ b/changes/bug17638-ipv6-ersatz-socketpair @@ -0,0 +1,5 @@ + o Minor bugfix (IPv6 compatibility, unit tests): + - Make tor_ersatz_socketpair work on IPv6-only systems. + Fixes bug #17638; bugfix on a very early tor version, + earlier than 22dba27d8dd5 (23 Nov 2004) / svn:r2943. + Patch by "teor". diff --git a/changes/bug17683 b/changes/bug17683 new file mode 100644 index 0000000000..e9d47513ab --- /dev/null +++ b/changes/bug17683 @@ -0,0 +1,3 @@ + o Minor bugfixes (TLS context): + - Assert when the TLS contexts fail to initialize. Fixes bug 17683; + bugfix on 0.0.6. diff --git a/changes/bug17686 b/changes/bug17686 new file mode 100644 index 0000000000..8fa16c794b --- /dev/null +++ b/changes/bug17686 @@ -0,0 +1,4 @@ + o Minor features: + - Adjust Tor's use of OpenSSL's RNG APIs so that they absolutely, + positively are not allowed to fail. Previously we depended on + internals about OpenSSL behavior. Closes ticket 17686. diff --git a/changes/bug17694_strongest b/changes/bug17694_strongest new file mode 100644 index 0000000000..0a8954a25e --- /dev/null +++ b/changes/bug17694_strongest @@ -0,0 +1,6 @@ + o Minor features (security): + - Never use the system entropy output directly for anything besides + seeding the PRNG. When we want to generate important keys, instead + of using system entropy directly, hash it with the PRNG stream. + This may help resist certain attacks based on broken OS entropy + implementations. Closes part of ticket 17694.
\ No newline at end of file diff --git a/changes/bug17722 b/changes/bug17722 deleted file mode 100644 index 1b18d4af2b..0000000000 --- a/changes/bug17722 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (code correctness) - - Fix undefined behavior in the tor_cert_checksig function. Fixes bug - 17722; bugfix on tor-0.2.7.2-alpha. diff --git a/changes/bug17724 b/changes/bug17724 new file mode 100644 index 0000000000..7ace99eece --- /dev/null +++ b/changes/bug17724 @@ -0,0 +1,4 @@ + o Minor bug fixes (unit tests, hidden services): + - Avoid relying on malloc internals in test_rend_cache_purge. + Closes ticket 17724. Bug fix on ade5005853c1 and 5e9f2384cf0f, + not in any released version of Tor. Patch by "teor". diff --git a/changes/bug17753 b/changes/bug17753 new file mode 100644 index 0000000000..7d227d856c --- /dev/null +++ b/changes/bug17753 @@ -0,0 +1,4 @@ + o Minor bugfixes (code correctness) + - Assert that allocated memory held by the reputation code is freed + according to its internal counters. Fixes bug 17753; bugfix on + tor-0.1.1.1-alpha. diff --git a/changes/bug17763 b/changes/bug17763 new file mode 100644 index 0000000000..d565d13a7d --- /dev/null +++ b/changes/bug17763 @@ -0,0 +1,5 @@ + o Minor bug fixes (exit policies): + - Consistently ignore multicast addresses when automatically + generating reject private exit policies. + Closes ticket 17763. Bug fix on 10a6390deb3c9, + not in any released version of Tor. Patch by "teor". diff --git a/changes/bug17772 b/changes/bug17772 deleted file mode 100644 index 54d457c601..0000000000 --- a/changes/bug17772 +++ /dev/null @@ -1,7 +0,0 @@ - o Major bugfixes (guard selection): - - Actually look at the Guard flag when selecting a new directory - guard. When we implemented the directory guard design, we - accidentally started treating all relays as if they have the Guard - flag during guard selection, leading to weaker anonymity and worse - performance. Fixes bug 17222; bugfix on 0.2.4.8-alpha. Discovered - by Mohsen Imani. diff --git a/changes/bug17776 b/changes/bug17776 new file mode 100644 index 0000000000..a949625baa --- /dev/null +++ b/changes/bug17776 @@ -0,0 +1,6 @@ + o Minor bugfixes (tests): + - Fix buffer over-reads in the directory tests. Fixes bug 17776; not in any + released version of Tor. + - Fix buffer over-reads in the rendcache tests. Fixes bug 17776; not in any + released version of Tor. + diff --git a/changes/bug17778 b/changes/bug17778 new file mode 100644 index 0000000000..9844969a3b --- /dev/null +++ b/changes/bug17778 @@ -0,0 +1,3 @@ + o Minor bugfixes (tests): + - Fix a memory leak in the ntor test. Fixes bug 17778; bugfix on + 0.2.4.8-alpha. diff --git a/changes/bug17781 b/changes/bug17781 deleted file mode 100644 index 01ed231b0a..0000000000 --- a/changes/bug17781 +++ /dev/null @@ -1,3 +0,0 @@ - o Compilation fixes: - - Fix a compilation warning with Clang 3.6: Do not check the - presence of an address which can never be NULL. Fixes bug 17781. diff --git a/changes/bug17791 b/changes/bug17791 new file mode 100644 index 0000000000..f191012cd4 --- /dev/null +++ b/changes/bug17791 @@ -0,0 +1,4 @@ + o Documentation: + - Fix a minor formatting typo in the manpage. Closes ticket + 17791. + diff --git a/changes/bug17804 b/changes/bug17804 new file mode 100644 index 0000000000..bd2a3cbdff --- /dev/null +++ b/changes/bug17804 @@ -0,0 +1,3 @@ + o Minor bugfixes (compilation): + - Replace usage of 'INLINE' with 'inline'. Fixes bug 17804; bugfix + on tor-0.0.2pre8. diff --git a/changes/bug17843 b/changes/bug17843 new file mode 100644 index 0000000000..6cb16a0b6a --- /dev/null +++ b/changes/bug17843 @@ -0,0 +1,3 @@ + o Minor bugfixes (logging): + - Remove needless quotes from a log message about unparseable addresses. + Fixes bug 17843; bugfix on 0.2.3.3-alpha. diff --git a/changes/bug17876 b/changes/bug17876 new file mode 100644 index 0000000000..1bd3dd7c1b --- /dev/null +++ b/changes/bug17876 @@ -0,0 +1,5 @@ + o Minor bugfixes: + - When closing an entry connection, generate a warning if we should + have sent an end cell for it but we haven't. Fixes bug 17876; + bugfix on 0.2.3.2-alpha. + diff --git a/changes/bug17887 b/changes/bug17887 new file mode 100644 index 0000000000..423c298bd5 --- /dev/null +++ b/changes/bug17887 @@ -0,0 +1,6 @@ + o Minor fixes (fallback directories): + - Allow cached or outdated Onionoo data to be used to choose + fallback directories, as long as it's less than a day old. + Modify last modified date checks in preparation for Onionoo change + #16907. Closes ticket #17887. Patch by "teor". Not in any released + version of tor. diff --git a/changes/bug17888 b/changes/bug17888 new file mode 100644 index 0000000000..04e40b1556 --- /dev/null +++ b/changes/bug17888 @@ -0,0 +1,6 @@ + o Minor fixes (fallback directories): + - When selecting exits as fallback directories, don't reduce + their weights. (Several operators report having exits with + spare capacity.) + Closes ticket #17888. Patch by "teor". Not in any released + version of tor. diff --git a/changes/bug17892 b/changes/bug17892 new file mode 100644 index 0000000000..73c26e9c94 --- /dev/null +++ b/changes/bug17892 @@ -0,0 +1,4 @@ + o Minor features (testing): + - Log more information when the backtrace tests fail. + Closes ticket 17892. Patch from "cypherpunks." + diff --git a/changes/bug17893 b/changes/bug17893 new file mode 100644 index 0000000000..06808c0017 --- /dev/null +++ b/changes/bug17893 @@ -0,0 +1,4 @@ + o Minor features (build): + - Since our build process now uses 'make distcheck', we no longer force + "make dist" to depend on "make check". Closes ticket 17893; + patch from "cypherpunks." diff --git a/changes/bug17923 b/changes/bug17923 index 48026a5c2f..ea39960711 100644 --- a/changes/bug17923 +++ b/changes/bug17923 @@ -1,4 +1,4 @@ o Minor bugfixes: - - Add an #endif to configure.ac so that we correctly detect + - Remove an #endif from configure.ac so that we correctly detect the presence of in6_addr.s6_addr32. Fixes bug 17923; bugfix on 0.2.0.13-alpha. diff --git a/changes/bug17924 b/changes/bug17924 new file mode 100644 index 0000000000..aa5cf58730 --- /dev/null +++ b/changes/bug17924 @@ -0,0 +1,4 @@ + o Minor bugfixes (makefile): + - Remove config.log only from make distclean, not from + make clean. Fixes bug 17924; bugfix on 0.2.4.1-alpha. + diff --git a/changes/bug18035 b/changes/bug18035 new file mode 100644 index 0000000000..31889f5723 --- /dev/null +++ b/changes/bug18035 @@ -0,0 +1,6 @@ + o Minor fixes (fallback directories): + - Work around an issue where OnionOO supplies the entire history, + rather than the requested 120 days. Activate debug logging by + default. Fix other minor calculation and compatibility issues. + Closes ticket #18035. Patch by "starlight", merge fixes by + "teor". Not in any released version of tor. diff --git a/changes/bug4483-multiple-consensus-downloads b/changes/bug4483-multiple-consensus-downloads new file mode 100644 index 0000000000..23d22a89c4 --- /dev/null +++ b/changes/bug4483-multiple-consensus-downloads @@ -0,0 +1,9 @@ + o Major features (consensus downloads): + - Schedule multiple in-progress consensus downloads during client + bootstrap. Use the first one that starts downloading, close the + rest. This reduces failures when authorities are slow or down. + With #15775, it reduces failures due to fallback churn. + Implements #4483 (reduce failures when authorities are down). + Patch by "teor". + Implements IPv4 portions of proposal #210 by "mikeperry" and + "teor". diff --git a/changes/bug6027 b/changes/bug6027 new file mode 100644 index 0000000000..5233876a49 --- /dev/null +++ b/changes/bug6027 @@ -0,0 +1,4 @@ + o Minor features: + - Allow users to configure directory authorities and fallback + directory servers with IPv6 addresses and ORPorts. Resolves + ticket 6027. diff --git a/changes/check-crypto-errors b/changes/check-crypto-errors new file mode 100644 index 0000000000..e41862ca13 --- /dev/null +++ b/changes/check-crypto-errors @@ -0,0 +1,5 @@ + o Minor bugfix (crypto): + - Check the return value of HMAC and assert on failure. + Fixes bug #17658; bugfix on commit in fdbb9cdf746b (11 Oct 2011) + in tor version 0.2.3.5-alpha-dev. + Patch by "teor". diff --git a/changes/cleanup_17587 b/changes/cleanup_17587 new file mode 100644 index 0000000000..05e00fd9e5 --- /dev/null +++ b/changes/cleanup_17587 @@ -0,0 +1,3 @@ + o Code simplifications and refactorings: + - Clean up a little duplicated code in crypto_expand_key_material_TAP. + Closes ticket 17587; patch from "pfrankw". diff --git a/changes/decouple_circuit_mark b/changes/decouple_circuit_mark new file mode 100644 index 0000000000..4b7ed778a2 --- /dev/null +++ b/changes/decouple_circuit_mark @@ -0,0 +1,6 @@ + o Code simplification and refactoring: + - Extract the more complicated parts of circuit_mark_for_close into + a new function run periodically before connections are freed. + This change removes more than half of the functions currently + in the "blob". + Closes ticket #17218. diff --git a/changes/decouple_conn_attach b/changes/decouple_conn_attach new file mode 100644 index 0000000000..6167b4e932 --- /dev/null +++ b/changes/decouple_conn_attach @@ -0,0 +1,6 @@ + o Code simplification and refactorings: + - Decouple the list of streams needing to be attached to circuits + from the overall connection list. This change makes it possible to + attach streams quickly while both simplifying Tor's callgraph and + avoiding O(N) scans of the entire connection list. Closes ticket + 17590. diff --git a/changes/doc17392 b/changes/doc17392 new file mode 100644 index 0000000000..3c93497b00 --- /dev/null +++ b/changes/doc17392 @@ -0,0 +1,4 @@ + o Documentation: + - Mention torspec URL in the manpage and point the reader to it + whenever we mention a document that belongs in torspce. + Fixes issue 17392. diff --git a/changes/feature12538 b/changes/feature12538 new file mode 100644 index 0000000000..4e7ea9f41d --- /dev/null +++ b/changes/feature12538 @@ -0,0 +1,6 @@ + o Minor features (directory system): + Previously only relays who explicitly opened a directory port (DirPort) + accepted directory requests from clients. Now all relays, with and without + a DirPort, who do not disable the DirCache option accept and serve + directory requests sent (tunnelled) through their ORPort. + Closes ticket 12538. diff --git a/changes/feature13696 b/changes/feature13696 new file mode 100644 index 0000000000..21c2188d12 --- /dev/null +++ b/changes/feature13696 @@ -0,0 +1,3 @@ + o Minor features (security, cryptography): + - Use modern system calls to generate strong entropy on platforms that + provide them. Closes ticket 13696. diff --git a/changes/feature14846 b/changes/feature14846 new file mode 100644 index 0000000000..4668761f22 --- /dev/null +++ b/changes/feature14846 @@ -0,0 +1,4 @@ + o Major features (controller): + - New "GETINFO hs/service/desc/id/" command to retrieve a hidden service + descriptor from a service's local hidden service descriptor cache. + Closes ticket 14846. diff --git a/changes/feature15775-fallback b/changes/feature15775-fallback new file mode 100644 index 0000000000..567d01cc72 --- /dev/null +++ b/changes/feature15775-fallback @@ -0,0 +1,19 @@ + o Major features (directory mirrors): + - Include an opt-in trial list of Default Fallback Directories in + add_default_fallback_dir_servers(). + "Tor has included a feature to fetch the initial consensus from nodes + other than the authorities for a while now. We just haven't shipped a + list of alternate locations for clients to go to yet. + Reasons why we might want to ship tor with a list of additional places + where clients can find the consensus is that it makes authority + reachability and BW less important. + We want them to have been around and using their current key, address, + and port for a while now (120 days), and have been running, a guard, + and a v2 directory mirror for most of that time." + We exclude BadExits and tor versions that aren't recommended. + We include an IPv6 address for each FallbackDir (#8374). + (Tor might not use IPv6 fallbacks until #6027 is merged.) + The unit test ensures that we successfully load all included + default fallback directories. + Closes ticket #15775. Patch by "teor". + OnionOO script by "weasel", "teor", "gsathya", and "karsten". diff --git a/changes/feature16774 b/changes/feature16774 new file mode 100644 index 0000000000..87ba488cc6 --- /dev/null +++ b/changes/feature16774 @@ -0,0 +1,3 @@ + o Minor enhancement: + - Adds FallbackDir entries to 'GETINFO config/defaults'. Closes ticket + #16774 and 17817. Patch by George Tankersley. diff --git a/changes/feature17076 b/changes/feature17076 new file mode 100644 index 0000000000..50ebc96327 --- /dev/null +++ b/changes/feature17076 @@ -0,0 +1,3 @@ + o Testing: + - New tests for options_validate. Closes ticket 17076. Patch from + Ola Bini. diff --git a/changes/feature17327 b/changes/feature17327 new file mode 100644 index 0000000000..2fab09990b --- /dev/null +++ b/changes/feature17327 @@ -0,0 +1,5 @@ + o Minor feature (IPv6): + - Add a flag ipv6=address:orport to the DirAuthority and FallbackDir torrc + options. Add hard-coded ipv6 addresses for directory authorities with + ipv6 lines in their descriptors. + Closes ticket 17327; patch from Nick Mathewson / "teor". diff --git a/changes/feature17576-UseDefaultFallbackDirs b/changes/feature17576-UseDefaultFallbackDirs new file mode 100644 index 0000000000..68843c4769 --- /dev/null +++ b/changes/feature17576-UseDefaultFallbackDirs @@ -0,0 +1,4 @@ + o Minor feature (fallback directories): + - Add UseDefaultFallbackDirs, which enables any hard-coded fallback + directory mirrors. Default is 1, set it to 0 to disable fallbacks. + Implements ticket 17576. Patch by "teor". diff --git a/changes/feature17608 b/changes/feature17608 new file mode 100644 index 0000000000..d56bb7d4a7 --- /dev/null +++ b/changes/feature17608 @@ -0,0 +1,4 @@ + o Minor feature (refactoring): + - Move logging of redundant policy entries in + policies_parse_exit_policy_internal into its own function. + Closes ticket 17608; patch from "juce". diff --git a/changes/feature17663 b/changes/feature17663 new file mode 100644 index 0000000000..baad9436fc --- /dev/null +++ b/changes/feature17663 @@ -0,0 +1,3 @@ + o Minor feature (crypto): + - Add SHA512 support to crypto.c. Closes ticket 17663; patch from + George Tankersley. diff --git a/changes/feature17796 b/changes/feature17796 new file mode 100644 index 0000000000..d96daed262 --- /dev/null +++ b/changes/feature17796 @@ -0,0 +1,6 @@ + o Minor features (crypto): + - When allocating a digest state object, allocate no more space than we + actually need. Previously, we were allocating as much space as the + state for the largest algorithm would need. This change saves up to + 672 bytes per circuit. Closes ticket 17796. + diff --git a/changes/feature17863 b/changes/feature17863 new file mode 100644 index 0000000000..86c4e2ce0c --- /dev/null +++ b/changes/feature17863 @@ -0,0 +1,6 @@ + o Minor feature (IPv6): + - Add address policy assume_action support for IPv6 addresses. + - Limit IPv6 mask bits to 128. + - Warn when comparing against an AF_UNSPEC address in a policy, + it's almost always a bug. + Closes ticket 17863; patch by "teor". diff --git a/changes/feature17864 b/changes/feature17864 new file mode 100644 index 0000000000..1cf156206b --- /dev/null +++ b/changes/feature17864 @@ -0,0 +1,5 @@ + o Minor feature (directory downloads): + - Wait for busy authorities and fallbacks to become non-busy when + bootstrapping. (A similar change was made in 6c443e987d for + directory servers chosen from the consensus.) + Closes ticket 17864; patch by "teor". diff --git a/changes/feature17950 b/changes/feature17950 new file mode 100644 index 0000000000..5ea83ecd8e --- /dev/null +++ b/changes/feature17950 @@ -0,0 +1,5 @@ + o Minor features: + - Add a family argument to get_interface_addresses_raw() and + subfunctions to make network interface address interogation more + efficient. Now Tor can specifically ask for IPv4, IPv6 or both + types of interfaces from the operating system. Resolves ticket 17950. diff --git a/changes/feature17951 b/changes/feature17951 new file mode 100644 index 0000000000..42ec32a0dd --- /dev/null +++ b/changes/feature17951 @@ -0,0 +1,6 @@ + o Minor features: + - When get_interface_address6_list(.,AF_UNSPEC,.) is called and fails + to enumerate interface addresses using the platform-specific API, + have it rely on the UDP socket fallback technique to try and find + out what IP addresses (both IPv4 and IPv6) our machine has. Resolves + ticket 17951. diff --git a/changes/feature17986 b/changes/feature17986 new file mode 100644 index 0000000000..ef82bd3503 --- /dev/null +++ b/changes/feature17986 @@ -0,0 +1,3 @@ + o Minor features: + - Use SecureMemoryWipe() function to securely clean memory on + Windows. Implements feature 17986. diff --git a/changes/feature8195 b/changes/feature8195 new file mode 100644 index 0000000000..cb81f2e1d0 --- /dev/null +++ b/changes/feature8195 @@ -0,0 +1,6 @@ + o Major features: + - When Tor is started as root on Linux and told to switch user ID, it + can now retain the capabilitity to bind to low ports. By default, + Tor will do this only when it's switching user ID and some low + ports have been configured. You can change this behavior with + the new option KeepBindCapabilities. Closes ticket 8195. diff --git a/changes/feature8961-replaycache-sha256 b/changes/feature8961-replaycache-sha256 new file mode 100644 index 0000000000..c5b5c857db --- /dev/null +++ b/changes/feature8961-replaycache-sha256 @@ -0,0 +1,4 @@ + o Minor enhancement (replaycache): + - The replay cache now uses SHA256 instead of SHA1. + Implements feature #8961. + Patch by "teor", issue reported by "rransom". diff --git a/changes/first-hop-no-private b/changes/first-hop-no-private new file mode 100644 index 0000000000..e8d0684061 --- /dev/null +++ b/changes/first-hop-no-private @@ -0,0 +1,8 @@ + o Minor bugfix (relays, hidden services): + - Refuse connection requests to private OR addresses unless + ExtendAllowPrivateAddresses is set. Previously, tor would + connect, then refuse to send any cells to a private address. + Fixes bugs 17674 and 8976; bugfix on b7c172c9ec76 (28 Aug 2012) + Original bug 6710, released in 0.2.3.21-rc and an 0.2.2 maint + release. + Patch by "teor". diff --git a/changes/geoip-december2015 b/changes/geoip-december2015 deleted file mode 100644 index 597bcc92f8..0000000000 --- a/changes/geoip-december2015 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - Update geoip and geoip6 to the December 1 2015 Maxmind GeoLite2 - Country database. - diff --git a/changes/geoip-october2015 b/changes/geoip-october2015 deleted file mode 100644 index f20febec5a..0000000000 --- a/changes/geoip-october2015 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update geoip and geoip6 to the October 9 2015 Maxmind GeoLite2 Country database. - diff --git a/changes/getinfo-private-exitpolicy b/changes/getinfo-private-exitpolicy new file mode 100644 index 0000000000..e8345167e9 --- /dev/null +++ b/changes/getinfo-private-exitpolicy @@ -0,0 +1,6 @@ + o Minor features (exit policies, controllers): + - Add controller getinfo exit-policy/reject-private/[default,relay] + for the reject rules added by ExitPolicyRejectPrivate. This makes + it easier for stem to display exit policies. + - Add unit tests for getinfo exit-policy/*. + Completes ticket #17183. Patch by "teor". diff --git a/changes/ifaddrs-tests-network-configs b/changes/ifaddrs-tests-network-configs deleted file mode 100644 index 6b5ed4d484..0000000000 --- a/changes/ifaddrs-tests-network-configs +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (testing): - - Make the get_ifaddrs_* unit tests more tolerant of different network - configurations. (Don't assume every test box has an IPv4 address, and - Don't assume every test box has a non-localhost address. - Fixes bug 17255; bugfix on 0.2.7.3-rc. Patch by "teor". diff --git a/changes/laplace-edge-cases b/changes/laplace-edge-cases new file mode 100644 index 0000000000..6c8c77b040 --- /dev/null +++ b/changes/laplace-edge-cases @@ -0,0 +1,8 @@ + o Code simplifications and unit tests: + - Handle edge cases in the laplace functions: avoid division by zero, + avoid taking the log of zero, and silence clang type conversion + warnings using round and trunc. Add unit tests for edge cases with + maximal values. + - Consistently check for overflow in round_*_to_next_multiple_of + functions, and add unit tests with additional and maximal values. + diff --git a/changes/log_heartbeat_test b/changes/log_heartbeat_test new file mode 100644 index 0000000000..7db97ed03c --- /dev/null +++ b/changes/log_heartbeat_test @@ -0,0 +1,6 @@ + o Minor bugfix (testing): + - The test for log_heartbeat was incorrectly failing in timezones + with non-integer offsets. Instead of comparing the end of the + time string against a constant, compare it to the output of + format_local_iso_time when given the correct input. + Fixes bug 18039. diff --git a/changes/rand-failure-modes b/changes/rand-failure-modes new file mode 100644 index 0000000000..cc6ef4744e --- /dev/null +++ b/changes/rand-failure-modes @@ -0,0 +1,5 @@ + o Minor features (unit tests, random number generation): + - Add unit tests that check for common RNG failure modes, such as + returning all zeroes, identical values, or incrementing values + (OpenSSL's rand_predictable feature). + Patch by "teor". diff --git a/changes/routerset-parse-IPv6-literals b/changes/routerset-parse-IPv6-literals new file mode 100644 index 0000000000..c80c82c229 --- /dev/null +++ b/changes/routerset-parse-IPv6-literals @@ -0,0 +1,5 @@ + o Minor bug fixes (routersets, IPv6): + - routerset_parse now accepts IPv6 literal addresses. + Fix for ticket 17060. Patch by "teor". + Patch on 3ce6e2fba290 (24 Jul 2008), and related commits, + released in 0.2.1.3-alpha. diff --git a/changes/sha-unit-tests b/changes/sha-unit-tests new file mode 100644 index 0000000000..457578d337 --- /dev/null +++ b/changes/sha-unit-tests @@ -0,0 +1,5 @@ + o Minor bugfixes (unit tests): + - Check the full results of SHA256 and SHA512 digests in the + unit tests. + Bugfix on a tor version before the refactoring in git commit + cea12251995d (23 Sep 2009). Patch by "teor". diff --git a/changes/test16831 b/changes/test16831 new file mode 100644 index 0000000000..7db2d14df5 --- /dev/null +++ b/changes/test16831 @@ -0,0 +1,3 @@ + o Testing: + - Cover dns_resolve_impl() in dns.c with unit tests. Implements a + portion of ticket 16831. diff --git a/changes/ticket15989 b/changes/ticket15989 new file mode 100644 index 0000000000..e90d0cf8a4 --- /dev/null +++ b/changes/ticket15989 @@ -0,0 +1,9 @@ + o Minor enhancement (accounting): + - Added two modes to AccountingRule in torrc for + limiting just input or just output. + Closes ticket 15989; patch from "unixninja92". + + o Minor bugfixe (accounting): + - The max bandwidth when using AccountRule sum + is now correctly logged. Fixes bug 18024; bugfix on 0.2.6.1-alpha. + Patch from "unixninja92". diff --git a/changes/warn-when-time-goes-backwards b/changes/warn-when-time-goes-backwards new file mode 100644 index 0000000000..d7e584d9ff --- /dev/null +++ b/changes/warn-when-time-goes-backwards @@ -0,0 +1,5 @@ + o Minor features (security, clock): + - Warn when the system clock is set back in time (when the + state file was last written in the future). Tor doesn't know + that consensuses have expired if the clock is in the past. + Patch by "teor". Implements ticket #17188. |