diff options
Diffstat (limited to 'changes')
111 files changed, 225 insertions, 329 deletions
diff --git a/changes/15554 b/changes/15554 new file mode 100644 index 0000000000..c7ae7e5579 --- /dev/null +++ b/changes/15554 @@ -0,0 +1,4 @@ + o Minor features (testing): + - Add a unit test to verify that we can parse a hardcoded v2 + hidden service descriptor. Closes ticket 15554. + diff --git a/changes/19974 b/changes/19974 deleted file mode 100644 index 5496143ddf..0000000000 --- a/changes/19974 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (unit tests): - - Fix tolerances in unit tests for monotonic time comparisons between - nanoseconds and microseconds. Previously, we accepted a 10 us - difference only, which is not realistic on every platform's - clock_gettime(). Fixes bug 19974; bugfix on 0.2.9.1-alpha. diff --git a/changes/20460 b/changes/20460 deleted file mode 100644 index 9fbb4a7986..0000000000 --- a/changes/20460 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (testing): - - Use ECDHE ciphers instead of ECDH in tortls tests. LibreSSL has - removed the ECDH ciphers which caused the tests to fail on - platforms which use it. Fixes bug 20460; bugfix on 0.2.8.1-alpha. diff --git a/changes/20492 b/changes/20492 deleted file mode 100644 index fdcd4d0b4b..0000000000 --- a/changes/20492 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfix (build): - - The current Git revision when building from a local repository is now - detected correctly when using git worktrees. Fixes bug 20492; bugfix on - 0.2.3.9-alpha. diff --git a/changes/21359 b/changes/21359 deleted file mode 100644 index cc9b377d52..0000000000 --- a/changes/21359 +++ /dev/null @@ -1,8 +0,0 @@ - - o Minor features (portability, compilationc) - - Support building with recent LibreSSL code that uses opaque - structures. Closes ticket 21359. - - Autoconf now check to determine if OpenSSL - structures are opaque, instead of explicitly checking for - OpenSSL version numbers. - Part of ticket 21359. diff --git a/changes/bug16082 b/changes/bug16082 new file mode 100644 index 0000000000..0f2f04fb35 --- /dev/null +++ b/changes/bug16082 @@ -0,0 +1,4 @@ + o Documentation: + - Correctly note that bandwidth accounting values are stored in the + state file, and the bw_accounting file is now obsolete. Closes + ticket 16082. diff --git a/changes/bug1667 b/changes/bug1667 new file mode 100644 index 0000000000..368f9e35b2 --- /dev/null +++ b/changes/bug1667 @@ -0,0 +1,4 @@ + o Minor features (control port): + - If the control port is used as the HTTP proxy, responds with + a meaningful "This is the Tor control port" message, and log + the event. Closes ticket 1667. Patch from Ravi Chandra Padmala. diff --git a/changes/bug19648 b/changes/bug19648 new file mode 100644 index 0000000000..e8c2a6a094 --- /dev/null +++ b/changes/bug19648 @@ -0,0 +1,5 @@ + o Minor bugfixes (logging): + - When logging the number of descriptors we intend to download per + directory request, do not log a number higher than then the + number of descriptors we're fetching in total. Fixes bug 19648; + bugfix on 0.1.1.8-alpha. diff --git a/changes/bug19869 b/changes/bug19869 deleted file mode 100644 index 430048f161..0000000000 --- a/changes/bug19869 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (DNSPort): - - On DNSPort, stop logging a BUG warning on a failed hostname lookup. - Fixes bug 19869; bugfix on 0.2.9.1-alpha. - diff --git a/changes/bug19926_029_info b/changes/bug19926_029_info deleted file mode 100644 index 93fd81b6cb..0000000000 --- a/changes/bug19926_029_info +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (logging): - - Downgrade a harmless log message about the pending_entry_connections - list from "warn" to "info". Mitigates bug 19926. diff --git a/changes/bug19960 b/changes/bug19960 deleted file mode 100644 index 5d655859a6..0000000000 --- a/changes/bug19960 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (netbsd, unit tests): - - Stop expecting NetBSD unit tests to report success for ipfw; - on NetBSD, it's only pf that's supported. - Part of a fix for bug 19960; bugfix on 0.2.9.5-alpha. diff --git a/changes/bug19968 b/changes/bug19968 deleted file mode 100644 index b285706e70..0000000000 --- a/changes/bug19968 +++ /dev/null @@ -1,11 +0,0 @@ - o Minor bugfixes (relay): - - Do not try to parallelize workers more than 16x without the - user explicitly configuring us to do so, even if we do detect more than - 16 CPU cores. Fixes bug 19968; bugfix on - 0.2.3.1-alpha. - - - o Minor bugfixes (testing): - - Avoid a unit test failure on systems with over 16 detectable - CPU cores. Fixes bug 19968; bugfix on - 0.2.3.1-alpha. diff --git a/changes/bug19969 b/changes/bug19969 deleted file mode 100644 index c760c6de03..0000000000 --- a/changes/bug19969 +++ /dev/null @@ -1,10 +0,0 @@ - o Major bugfixes (client performance): - - Clients now respond to new application stream requests when - they arrive, rather than waiting up to one second before starting - to handle them. Fixes part of bug 19969; bugfix on 0.2.8.1-alpha. - - o Major bugfixes (clients on flaky network connections): - - When Tor leaves standby because of a new application request, open - circuits as needed to serve that request. Previously, we would - potentially wait a very long time. Fixes part of bug 19969; bugfix - on 0.2.8.1-alpha. diff --git a/changes/bug20085 b/changes/bug20085 deleted file mode 100644 index fd10e7eeeb..0000000000 --- a/changes/bug20085 +++ /dev/null @@ -1,4 +0,0 @@ - o Documentation: - - Correct the minimum bandwidth value in torrc.sample, and queue a - corresponding change for torrc.minimal. Closes ticket 20085. - diff --git a/changes/bug20235 b/changes/bug20235 deleted file mode 100644 index 54026a8943..0000000000 --- a/changes/bug20235 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (compatibility): - - Work around a bug in the OSX 10.12 SDK that would prevent us - from successfully targetting earlier versions of OSX. - Resolves ticket 20235. diff --git a/changes/bug20306_029 b/changes/bug20306_029 deleted file mode 100644 index ada2676b2b..0000000000 --- a/changes/bug20306_029 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (fascistfirewall): - - Avoid spurious warnings when ReachableAddresses or FascistFirewall - is set. Fixes bug 20306; bugfix on 0.2.8.2-alpha. - diff --git a/changes/bug20307 b/changes/bug20307 deleted file mode 100644 index 9112c9c78d..0000000000 --- a/changes/bug20307 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes (circuit, hidden service) - - When closing a circuit, the reason for doing so was assigned from an int - value to a uint16_t which is quite a problem for negative values that are - our internal reasons (ex: END_CIRC_REASON_IP_NOW_REDUNDANT). On the HS - side, this was causing introduction points to be flagged as unusable - because the reason wasn't the right one due to the bad conversion. - Partially fixes bug 21056 and fixes bug 20307; Bugfix on 0.2.8.1-alpha. diff --git a/changes/bug20401 b/changes/bug20401 deleted file mode 100644 index 85ab3c7322..0000000000 --- a/changes/bug20401 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (relay): - - Avoid a small memory leak when informing worker threads about rotated - onion keys. Fixes bug 20401; bugfix on 0.2.6.3-alpha. - diff --git a/changes/bug20423 b/changes/bug20423 deleted file mode 100644 index 32bdc3f081..0000000000 --- a/changes/bug20423 +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfixes: - - For relays that don't know their own address, avoid attempting - a local hostname resolve for each descriptor we download. Also cut - down on the number of "Success: chose address 'x.x.x.x'" log lines. - Fixes bugs 20423 and 20610; bugfix on 0.2.8.1-alpha. - diff --git a/changes/bug20472 b/changes/bug20472 deleted file mode 100644 index 4d90c39f5b..0000000000 --- a/changes/bug20472 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (circuits): - - Remove a BUG warning in circuit_pick_extend_handshake. Instead, assume - all nodes support EXTEND2. Use ntor whenever a key is available. - Fixes bug 20472; bugfix on 0.2.9.3-alpha. - diff --git a/changes/bug20484 b/changes/bug20484 deleted file mode 100644 index 9a0b95cb39..0000000000 --- a/changes/bug20484 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (single onion services): - - Start correctly when creating a single onion service in a - directory that did not previously exist. Fixes bug 20484; bugfix on - 0.2.9.3-alpha. - diff --git a/changes/bug20487 b/changes/bug20487 deleted file mode 100644 index 4435f14a95..0000000000 --- a/changes/bug20487 +++ /dev/null @@ -1,4 +0,0 @@ - o Documentation: - - Clarify that setting HiddenServiceNonAnonymousMode requires - you to also set "SOCKSPort 0". Fixes bug 20487; bugfix on - 0.2.9.3-alpha. diff --git a/changes/bug20509 b/changes/bug20509 deleted file mode 100644 index a39ca9f60b..0000000000 --- a/changes/bug20509 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features: - - Directory authorities now reject relays running versions - 0.2.9.1-alpha through 0.2.9.4-alpha, because those relays - suffer from bug 20499 and don't keep their consensus cache - up-to-date. Resolves ticket 20509. diff --git a/changes/bug20529 b/changes/bug20529 deleted file mode 100644 index 276be5b2b6..0000000000 --- a/changes/bug20529 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (hidden services): - - When configuring hidden services, check every hidden service directory's - permissions. Previously, we only checked the last hidden service. - Fixes bug 20529; bugfix on 13942 commit 85bfad1 in 0.2.6.2-alpha. diff --git a/changes/bug20533 b/changes/bug20533 deleted file mode 100644 index 7d1a456328..0000000000 --- a/changes/bug20533 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes (consensus downloads): - - If a consensus expires while we are waiting for certificates to download, - stop waiting for certificates. - - If we stop waiting for certificates less than a minute after we started - downloading them, do not consider the certificate download failure a - separate failure. - Fixes bug 20533; bugfix on commit e0204f21 in 0.2.0.9-alpha. diff --git a/changes/bug20534 b/changes/bug20534 deleted file mode 100644 index 49db433a01..0000000000 --- a/changes/bug20534 +++ /dev/null @@ -1,8 +0,0 @@ - o Minor bugfixes (directory download scheduling): - - Remove the maximum delay on exponential-backoff scheduling. - Since we now allow an infinite number of failures (see ticket - 20536), we must now allow the time to grow longer on each failure. - Fixes part of bug 20534; bugfix on 0.2.9.1-alpha. - - Use initial delays and decrements in download scheduling closer to - those from 0.2.8. Fixes another part of bug 20534; bugfix on - 0.2.9.1-alpha. diff --git a/changes/bug20536 b/changes/bug20536 deleted file mode 100644 index 9e0dd164bb..0000000000 --- a/changes/bug20536 +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfixes (download scheduling): - - When using an exponential backoff schedule, do not give up on - dowloading just because we have failed a bunch of times. Since - each delay is longer than the last, retrying indefinitely won't - hurt. Fixes bug 20536; bugfix on 0.2.9.1-alpha. - diff --git a/changes/bug20551 b/changes/bug20551 deleted file mode 100644 index b7ec4ca7cc..0000000000 --- a/changes/bug20551 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (compilation): - - Fix implicit conversion warnings under OpenSSL 1.1. - Fixes bug 20551; bugfix on 0.2.1.1-alpha. diff --git a/changes/bug20553 b/changes/bug20553 deleted file mode 100644 index 12a2780303..0000000000 --- a/changes/bug20553 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (memory leak): - - Work around a memory leak in OpenSSL 1.1 when encoding public keys. - Fixes bug 20553; bugfix on 0.0.2pre8. diff --git a/changes/bug20560 b/changes/bug20560 deleted file mode 100644 index 43d605b296..0000000000 --- a/changes/bug20560 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (portability): - - Run correctly when built on Windows build environments that require - _vcsprintf(). Fixes bug 20560; bugfix on 0.2.2.11-alpha. - diff --git a/changes/bug20587 b/changes/bug20587 deleted file mode 100644 index 341b001363..0000000000 --- a/changes/bug20587 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (download timing): - - When determining when to download a directory object, handle times - after 2038 if the operating system supports that. (Someday this will be - important!) Fixes bug 20587; bugfix on 0.2.8.1-alpha. - diff --git a/changes/bug20588 b/changes/bug20588 deleted file mode 100644 index 832ef81336..0000000000 --- a/changes/bug20588 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (portability): - - Fix compilation with OpenSSL 1.1 and less commonly-used - CPU architectures. Closes ticket 20588. diff --git a/changes/bug20591 b/changes/bug20591 deleted file mode 100644 index deaa738f5e..0000000000 --- a/changes/bug20591 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (relay bootstrap): - - Ensure relays don't make multiple connections during bootstrap. - Fixes bug 20591; bugfix on 0.2.8.1-alpha. diff --git a/changes/bug20593 b/changes/bug20593 deleted file mode 100644 index e9f54d317a..0000000000 --- a/changes/bug20593 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (client directory scheduling): - - Treat "relay too busy to answer request" as a failed request and a - reason to back off on our retry frequency. This is safe now that - exponential backups retry indefinitely, and avoids a bug where we would - reset our download schedule erroneously. - Fixes bug 20593; bugfix on 0.2.9.1-alpha. diff --git a/changes/bug20597 b/changes/bug20597 deleted file mode 100644 index f199b63933..0000000000 --- a/changes/bug20597 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (test networks, exponential backoff): - - When using exponential backoff in test networks, use a lower exponent, - so the delays do not vary as much. This helps test networks bootstrap - consistently. Fixes bug 20597; bugfix on 20499; not in any released - version of tor. diff --git a/changes/bug20613 b/changes/bug20613 deleted file mode 100644 index 19bb61f4e0..0000000000 --- a/changes/bug20613 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (single onion services, Tor2web): - - Stop logging long-term one-hop circuits deliberately created by single - onion services and Tor2web. These log messages are intended to diagnose - issue 8387, which relates to circuits hanging around forever for no - reason. - Fixes bug 20613; bugfix on 0.2.9.1-alpha. Reported by "pastly". diff --git a/changes/bug20634 b/changes/bug20634 deleted file mode 100644 index 62fc9f4787..0000000000 --- a/changes/bug20634 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (unit tests): - - Stop spurious failures in the local interface address discovery unit - tests. Fixes bug 20634; bugfix on 0.2.8.1-alpha; patch by Neel Chauhan. diff --git a/changes/bug20638 b/changes/bug20638 deleted file mode 100644 index 260d7d0a75..0000000000 --- a/changes/bug20638 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (hidden services): - - Stop ignoring hidden service key anonymity when first starting tor. - Instead, refuse to start tor if any hidden service key has been used in - a different hidden service anonymity mode. - Fixes bug 20638; bugfix on 17178 in 0.2.9.3-alpha; reported by ahf. diff --git a/changes/bug20710_025 b/changes/bug20710_025 deleted file mode 100644 index 12bd07536c..0000000000 --- a/changes/bug20710_025 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (memory leak, use-after-free, linux seccomp2 sandbox): - - Fix a memory leak and use-after-free error when removing entries - from the sandbox's getaddrinfo() cache. Fixes bug 20710; bugfix on - 0.2.5.5-alpha. Patch from "cypherpunks". diff --git a/changes/bug20715 b/changes/bug20715 deleted file mode 100644 index 737a560cec..0000000000 --- a/changes/bug20715 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (memory leak) - - When moving a signed descriptor object from a source to an existing - destination, free the allocated memory inside that destination object. - Bugfix on tor-0.2.8.3-alpha; Closes #20715. diff --git a/changes/bug20716 b/changes/bug20716 deleted file mode 100644 index 37fd6feecf..0000000000 --- a/changes/bug20716 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (client, memory leak): - - Fix a small memory leak when receiving AF_UNIX connections on - a SocksPort. Fixes bug 20716; bugfix on 0.2.6.3-alpha. diff --git a/changes/bug20810 b/changes/bug20810 deleted file mode 100644 index 5420a73175..0000000000 --- a/changes/bug20810 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (relay) - - When computing old Tor protocol line version in protover, we were - looking at 0.2.7.5 twice instead of a specific case for 0.2.9.1-alpha. - Bugfix on tor-0.2.9.4-alpha. diff --git a/changes/bug20864 b/changes/bug20864 deleted file mode 100644 index 7b8c70fad6..0000000000 --- a/changes/bug20864 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (unit tests, hidden services): - - Remove a double-free in the single onion service unit test. Stop - ignoring a return value. Make future changes less error-prone. - Fixes bug 20864; bugfix on 0.2.9.6-rc. diff --git a/changes/bug20875 b/changes/bug20875 deleted file mode 100644 index 6bba2cbc12..0000000000 --- a/changes/bug20875 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (download scheduling) - - Resolve a "bug" warning when considering a download schedule whose - delay had approached INT_MAX. Fixes 20875; bugfix on 0.2.9.5-alpha. - diff --git a/changes/bug20935 b/changes/bug20935 deleted file mode 100644 index 78068c7c06..0000000000 --- a/changes/bug20935 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (portability): - - Use the correct spelling of MAC_OS_X_VERSION_10_12 on configure.ac - Fixes bug 20935; bugfix on 0.2.9.6-rc. diff --git a/changes/bug21018 b/changes/bug21018 deleted file mode 100644 index 49a8b47a25..0000000000 --- a/changes/bug21018 +++ /dev/null @@ -1,11 +0,0 @@ - o Major bugfixes (parsing, security): - - - Fix a bug in parsing that could cause clients to read a single - byte past the end of an allocated region. This bug could be - used to cause hardened clients (built with - --enable-expensive-hardening) to crash if they tried to visit - a hostile hidden service. Non-hardened clients are only - affected depending on the details of their platform's memory - allocator. Fixes bug 21018; bugfix on 0.2.0.8-alpha. Found by - using libFuzzer. Also tracked as TROVE-2016-12-002 and as - CVE-2016-1254. diff --git a/changes/bug21035 b/changes/bug21035 deleted file mode 100644 index bbf3340787..0000000000 --- a/changes/bug21035 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (portability): - - Avoid crashing when Tor is built using headers that contain - CLOCK_MONOTONIC_COARSE, but then tries to run on an older kernel - without CLOCK_MONOTONIC_COARSE. Fixes bug 21035; bugfix on - 0.2.9.1-alpha. - diff --git a/changes/bug21051 b/changes/bug21051 deleted file mode 100644 index 8bb4f80c8e..0000000000 --- a/changes/bug21051 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (compilation): - - Fix Libevent detection on platforms without Libevent 1 headers - installed. Fixes bug 21051; bugfix on 0.2.9.1-alpha. diff --git a/changes/bug21108_029 b/changes/bug21108_029 deleted file mode 100644 index 3a3f004fc6..0000000000 --- a/changes/bug21108_029 +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfixes (directory authority): - - During voting, when marking a node as a probable sybil, do not - clear its BadExit flag: sybils can still be bad in other ways - too. (We still clear the other flags.) Fixes bug 21108; bugfix - on 0.2.0.13-alpha. - diff --git a/changes/bug21278_extras b/changes/bug21278_extras deleted file mode 100644 index ffdf4a047b..0000000000 --- a/changes/bug21278_extras +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (code correctness): - - Repair a couple of (unreachable or harmless) cases of the risky - comparison-by-subtraction pattern that caused bug 21278. diff --git a/changes/bug21278_prevention b/changes/bug21278_prevention deleted file mode 100644 index e07f0a670c..0000000000 --- a/changes/bug21278_prevention +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (directory authority): - - Directory authorities now reject descriptors that claim to be - malformed versions of Tor. Helps prevent exploitation of bug 21278. - diff --git a/changes/bug21280 b/changes/bug21280 deleted file mode 100644 index e9f0bc174c..0000000000 --- a/changes/bug21280 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (tor-resolve): - - The tor-resolve command line tool now rejects hostnames over 255 - characters in length. Previously, it would silently truncate - them, which could lead to bugs. Fixes bug 21280; bugfix on 0.0.9pre5. - Patch by "junglefowl". diff --git a/changes/bug21357 b/changes/bug21357 deleted file mode 100644 index a1cb43a78a..0000000000 --- a/changes/bug21357 +++ /dev/null @@ -1,7 +0,0 @@ - o Major bugfixes (IPv6 Exits): - - Stop rejecting all IPv6 traffic on Exits whose exit policy rejects IPv6 - addresses. Instead, only reject a port over IPv6 if the exit policy - rejects that port on more than an IPv6 /16 of addresses. This bug was - made worse by 17027 in 0.2.8.1-alpha, which rejects a relay's own IPv6 - address by default. - Fixes bug 21357; bugfix on commit 004f3f4e53 in 0.2.4.7-alpha. diff --git a/changes/bug21450 b/changes/bug21450 deleted file mode 100644 index a1cf89ab41..0000000000 --- a/changes/bug21450 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (voting consistency): - - Reject version numbers with components that exceed INT32_MAX. - Otherwise 32-bit and 64-bit platforms would behave inconsistently. - Fixes bug 21450; bugfix on 0.0.8pre1. diff --git a/changes/bug21943 b/changes/bug21943 deleted file mode 100644 index dbe2c726d9..0000000000 --- a/changes/bug21943 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (Linux seccomp2 sandbox): - - The getpid() system call is now permitted under the Linux seccomp2 - sandbox, to avoid crashing with versions of OpenSSL (and other - libraries) that attempt to learn the process's PID by using the - syscall rather than the VDSO code. Fixes bug 21943; bugfix on - 0.2.5.1-alpha. diff --git a/changes/bug22006 b/changes/bug22006 new file mode 100644 index 0000000000..912bdd87bd --- /dev/null +++ b/changes/bug22006 @@ -0,0 +1,4 @@ + o Minor features (ed25519): + - Add validation function that checks for torsion components in ed25119 + public keys. Currently unused but will be used by prop224 client-side + code. Addresses ticket #22006. Math help by Ian Goldberg. diff --git a/changes/bug22034 b/changes/bug22034 deleted file mode 100644 index 6d9e188740..0000000000 --- a/changes/bug22034 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (control port, regression): - - The GETINFO extra-info/digest/<digest> command was broken because of a - wrong base16 decode return value check. In was introduced in a refactor - of that API. Fixex bug #22034; bugfix on tor-0.2.9.1-alpha. diff --git a/changes/bug22212 b/changes/bug22212 new file mode 100644 index 0000000000..f92d6701d3 --- /dev/null +++ b/changes/bug22212 @@ -0,0 +1,5 @@ + o Minor bugfixes (netflow padding logging): + - Demote a warn that was caused by libevent delays to info if + the padding is less than 4.5 seconds late, or notice if it is more + (4.5 seconds is the amount of time that a netflow record might + be emitted after, if we chose the maximum timeout). Fixes bug #22212. diff --git a/changes/bug22347 b/changes/bug22347 new file mode 100644 index 0000000000..f294ba0a2d --- /dev/null +++ b/changes/bug22347 @@ -0,0 +1,2 @@ + o Documentation: + - Add a manpage description for the key-pinning-journal file. diff --git a/changes/bug22356 b/changes/bug22356 new file mode 100644 index 0000000000..0082b542be --- /dev/null +++ b/changes/bug22356 @@ -0,0 +1,5 @@ + o Minor bugfixes (logging, relay): + - Downgrade "assigned_to_cpuworker failed" message to INFO-level + severity. In every case that can reach it, either a better warning + has already been logged, or no warning is warranted. Fixes bug 22356; + bugfix on 0.2.6.3-alpha. diff --git a/changes/bug22370 b/changes/bug22370 deleted file mode 100644 index e0e87e3339..0000000000 --- a/changes/bug22370 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (memory handling): - - When directory authorities reject a router descriptor due to keypinning, - free the router descriptor rather than leaking the memory. - Fixes bug 22370; bugfix on 0.2.7.2-alpha. diff --git a/changes/bug22400_01 b/changes/bug22400_01 new file mode 100644 index 0000000000..454c5f746f --- /dev/null +++ b/changes/bug22400_01 @@ -0,0 +1,4 @@ + o Major bugfixes (entry guards): + - When starting with an old consensus, do not add new entry guards + unless the consensus is "reasonably live" (under 1 day old). Fixes + one root cause of bug 22400; bugfix on 0.3.0.1-alpha. diff --git a/changes/bug22410 b/changes/bug22410 new file mode 100644 index 0000000000..678a26dce6 --- /dev/null +++ b/changes/bug22410 @@ -0,0 +1,4 @@ + o Minor bugfixes (portability): + - Check at configure time whether uint8_t is unsigned char. Lots + of existing code already assumes this, and there could be strict + aliasing issues if they aren't the same type. Fixes #22410. diff --git a/changes/bug22461 b/changes/bug22461 new file mode 100644 index 0000000000..5454682810 --- /dev/null +++ b/changes/bug22461 @@ -0,0 +1,7 @@ + o Minor bugfixes (client, usability): + - Refrain from needlessly rejecting SOCKS5-with-hostnames and SOCKS4a + requests that contain IP address strings, even when SafeSocks in + enabled, as this prevents user from connecting to known IP addresses + without relying on DNS for resolving. SafeSocks still rejects SOCKS + connections that connect to IP addresses when those addresses are _not_ + encoded as hostnames. Fixes bug 22461, bugfix on Tor 0.2.6.2-alpha. diff --git a/changes/bug22502_part1 b/changes/bug22502_part1 new file mode 100644 index 0000000000..bd95b7c7c4 --- /dev/null +++ b/changes/bug22502_part1 @@ -0,0 +1,12 @@ + o Major bugfixes (compression, zstd): + - Correctly detect a full buffer when decompessing a large + zstd-compressed input. Fixes bug 22628; bugfix on 0.3.1.1-alpha. + + o Minor bugfixes (compression): + - When compressing or decompressing a buffer, check for a failure to + create a compression object. Fixes bug 22626; bugfix on + 0.3.1.1-alpha. + + - When decompressing a buffer, check for extra data after the end of + the compressed data. Fixes bug 22629; bugfix on 0.3.1.1-alpha. + diff --git a/changes/bug22516 b/changes/bug22516 new file mode 100644 index 0000000000..f024a3c470 --- /dev/null +++ b/changes/bug22516 @@ -0,0 +1,5 @@ + o Minor bugfixes (linux seccomp2 sandbox): + - Permit the fchmod system call, to avoid crashing on startup when + starting with the seccomp2 sandbox and an unexpected set of permissions + on the data directory or its contents. Fixes bug 22516; bugfix on + 0.2.5.4-alpha. diff --git a/changes/bug22669 b/changes/bug22669 new file mode 100644 index 0000000000..804a39e781 --- /dev/null +++ b/changes/bug22669 @@ -0,0 +1,4 @@ + o Minor bugfixes (compression): + - When serving directory votes compressed with zlib, + do not claim to have compressed them with zstd. Fixes bug 22669; + bugfix on 0.3.1.1-alpha. diff --git a/changes/bug22670 b/changes/bug22670 new file mode 100644 index 0000000000..47403277d2 --- /dev/null +++ b/changes/bug22670 @@ -0,0 +1,4 @@ + o Minor bugfixes (logging, compression): + - When decompressing, do not warn if we fail to decompress using a + compression method that we merely guessed. Fixes part of + bug 22670; bugfix on 0.1.1.14-alpha. diff --git a/changes/bug22670_02 b/changes/bug22670_02 new file mode 100644 index 0000000000..3e7a428faf --- /dev/null +++ b/changes/bug22670_02 @@ -0,0 +1,4 @@ + o Minor bugfixes (logging, compression): + - When decompressing, treat mismatch between content-encoding and + actual compression type as a protocol warning. Fixes part of bug + 22670; bugfix on 0.1.1.9-alpha. diff --git a/changes/bug22670_03 b/changes/bug22670_03 new file mode 100644 index 0000000000..8a7aa49bcd --- /dev/null +++ b/changes/bug22670_03 @@ -0,0 +1,6 @@ + o Minor bugfixes (compression): + - When decompressing an object received over an anonymous directory + connection, if we have already successfully decompressed it using an + acceptable compression method, do not reject it for looking like an + unacceptable compression method. Fixes part of bug 22670; bugfix on + 0.3.1.1-alpha. diff --git a/changes/bug22672 b/changes/bug22672 new file mode 100644 index 0000000000..ec6681149d --- /dev/null +++ b/changes/bug22672 @@ -0,0 +1,5 @@ + o Minor features (compression, defensive programming): + - Detect and break out of infinite loops in our compression code. + We don't think that any such loops exist now, but it's best to be + safe. Closes ticket 22672. + diff --git a/changes/bug22702 b/changes/bug22702 new file mode 100644 index 0000000000..a2044c70bf --- /dev/null +++ b/changes/bug22702 @@ -0,0 +1,5 @@ + o Major bugfixes (directory protocol): + - Ensure that we sent "304 Not modified" as HTTP status code when a + client is attempting to fetch a consensus or consensus diff that + matches the latest consensus we have available. Fixes bug 22702; + bugfix on 0.3.1.1-alpha. diff --git a/changes/bug22719 b/changes/bug22719 new file mode 100644 index 0000000000..bfcda0a4e1 --- /dev/null +++ b/changes/bug22719 @@ -0,0 +1,7 @@ + o Minor bugfixes (compression): + - When spooling compressed data to an output buffer, don't try to + spool more data when there is no more data to spool and we are + not trying to flush the input. Previously, we would sometimes + launch compression requests with nothing to do, which interferes + with our 22672 checks. Fixes bug 22719; bugfix on 0.2.0.16-alpha. + diff --git a/changes/bug22720 b/changes/bug22720 new file mode 100644 index 0000000000..4893b577f0 --- /dev/null +++ b/changes/bug22720 @@ -0,0 +1,9 @@ + o Minor bugfixes (process behavior): + - When exiting because of an error, always exit with a nonzero + exit status. Previously, we would fail to report an error in + our exit status in cases related to lockfile contention, + __OwningControllerProcess failure, and Ed25519 key + initialization. Fixes bug 22720; bugfix on versions + 0.2.1.6-alpha, 0.2.2.28-beta, and 0.2.7.2-alpha + respectively. Reported by "f55jwk4f"; patch from "huyvq". + diff --git a/changes/bug22737 b/changes/bug22737 new file mode 100644 index 0000000000..f0de8e6c41 --- /dev/null +++ b/changes/bug22737 @@ -0,0 +1,12 @@ + o Minor bugfixes (defensive programming, undefined behavior): + + - Fix a memset() off the end of an array when packing cells. This + bug should be harmless in practice, since the corrupted bytes + are still in the same structure, and are always padding bytes, + ignored, or immediately overwritten, depending on compiler + behavior. Nevertheless, because the memset()'s purpose is to + make sure that any other cell-handling bugs can't expose bytes + to the network, we need to fix it. Fixes bug 22737; bugfix on + 0.2.4.11-alpha. Fixes CID 1401591. + + diff --git a/changes/bug22746 b/changes/bug22746 new file mode 100644 index 0000000000..b036460c30 --- /dev/null +++ b/changes/bug22746 @@ -0,0 +1,4 @@ + o Minor bugfixes (crypto): + - Properly detect and refuse to blind bad ed25519 keys. The key blinding + code is currently unused, so this bug does not affect tor clients or + services on the network. Fixes bug 22746; bugfix on 0.2.6.1-alpha. diff --git a/changes/bug22750 b/changes/bug22750 new file mode 100644 index 0000000000..426cae6f1e --- /dev/null +++ b/changes/bug22750 @@ -0,0 +1,5 @@ + o Minor bugfixes (linux seccomp2 sandbox, logging): + - Fix some messages on unexpected errors from the seccomp2 + library. Fixes bug 22750; bugfix on 0.2.5.1-alpha. Patch + from "cypherpunks". + diff --git a/changes/bug22751 b/changes/bug22751 new file mode 100644 index 0000000000..714525c8af --- /dev/null +++ b/changes/bug22751 @@ -0,0 +1,5 @@ + o Major bugfixes (compression): + - Fix crash in LZMA module, when the Sandbox is enabled, where + liblzma would allocate more than 16 MB of memory. We solve this + by bumping the mprotect() limit in the Sandbox module from 16 MB + to 20 MB. Fixes bug 22751; bugfix on 0.3.1.1-alpha. diff --git a/changes/bug22753 b/changes/bug22753 new file mode 100644 index 0000000000..32a6dfa56c --- /dev/null +++ b/changes/bug22753 @@ -0,0 +1,7 @@ + o Major bugfixes (path selection, security): + - When choosing which guard to use for a circuit, avoid the + exit's family along with the exit itself. Previously, the new + guard selection logic avoided the exit, but did not consider + its family. Fixes bug 22753; bugfix on 0.3.0.1-alpha. Tracked + as TROVE-2016-006 and CVE-2017-0377. + diff --git a/changes/bug22789 b/changes/bug22789 new file mode 100644 index 0000000000..a653592848 --- /dev/null +++ b/changes/bug22789 @@ -0,0 +1,7 @@ + o Major bugfixes (openbsd, denial-of-service): + - Avoid an assertion failure bug affecting our implementation of + inet_pton(AF_INET6) on certain OpenBSD systems whose strtol() + handling of "0xfoo" differs from what we had expected. + Fixes bug 22789; bugfix on 0.2.3.8-alpha. Also tracked as + TROVE-2017-007. + diff --git a/changes/bug22797 b/changes/bug22797 new file mode 100644 index 0000000000..619baaa409 --- /dev/null +++ b/changes/bug22797 @@ -0,0 +1,4 @@ + o Minor bugfixes (file limits): + - When setting the maximum number of connections allowed by the OS, + always allow some extra file descriptors for other files. + Fixes bug 22797; bugfix on 0.2.0.10-alpha. diff --git a/changes/bug22801 b/changes/bug22801 new file mode 100644 index 0000000000..7edc79bc84 --- /dev/null +++ b/changes/bug22801 @@ -0,0 +1,5 @@ + o Minor bugfixes (compilation): + - When building with certain versions the mingw C header files, avoid + float-conversion warnings when calling the C functions isfinite(), + isnan(), and signbit(). Fixes bug 22801; bugfix on 0.2.8.1-alpha. + diff --git a/changes/bug3056 b/changes/bug3056 new file mode 100644 index 0000000000..62bec20d51 --- /dev/null +++ b/changes/bug3056 @@ -0,0 +1,3 @@ + o Minor features (exit relay, DNS): + - Improve the clarity and safety of the log message from evdns when + receiving an apparent spoofed DNS reply. Closes ticket 3056. diff --git a/changes/bug4019 b/changes/bug4019 new file mode 100644 index 0000000000..fef736ff66 --- /dev/null +++ b/changes/bug4019 @@ -0,0 +1,4 @@ + o Minor bugfixes (logging): + - Remove duplicate log messages regarding opening non-local SocksPorts + upon parsing config and opening listeners at startup. Fixes bug 4019; + bugfix on tor-0.2.3.3-alpha. diff --git a/changes/bug5847 b/changes/bug5847 new file mode 100644 index 0000000000..782fc7b721 --- /dev/null +++ b/changes/bug5847 @@ -0,0 +1,5 @@ + o Minor features (control port): + - Provide better error message for GETINFO desc/(id|name) when + microdescriptors are in use and router descriptors are not fetched. + Closes ticket 5847. Patch by Kevin Butler. + diff --git a/changes/bug7890 b/changes/bug7890 new file mode 100644 index 0000000000..1daec58ae2 --- /dev/null +++ b/changes/bug7890 @@ -0,0 +1,4 @@ + o Minor bugfixes (logging): + - Use a more comprehensible log message when telling the user they've + excluded every running exit node. Fixes bug 7890; bugfix on + 0.2.2.25-alpha. diff --git a/changes/diagnose_22752 b/changes/diagnose_22752 new file mode 100644 index 0000000000..b5bda05ec0 --- /dev/null +++ b/changes/diagnose_22752 @@ -0,0 +1,4 @@ + o Minor features (bug mitigation, diagnostics, logging): + - Avoid an assertion failure, and log a better error message, + when unable to remove a file from the consensus cache on + Windows. Attempts to mitigate and diagnose bug 22752. diff --git a/changes/geoip-april2017 b/changes/geoip-april2017 deleted file mode 100644 index b489eaf016..0000000000 --- a/changes/geoip-april2017 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - Update geoip and geoip6 to the April 4 2017 Maxmind GeoLite2 - Country database. - diff --git a/changes/geoip-december2016 b/changes/geoip-december2016 deleted file mode 100644 index 60754ea21d..0000000000 --- a/changes/geoip-december2016 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - Update geoip and geoip6 to the December 7 2016 Maxmind GeoLite2 - Country database. - diff --git a/changes/geoip-february2017 b/changes/geoip-february2017 deleted file mode 100644 index ec54b6122a..0000000000 --- a/changes/geoip-february2017 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - Update geoip and geoip6 to the February 8 2017 Maxmind GeoLite2 - Country database. - diff --git a/changes/geoip-january2017 b/changes/geoip-january2017 deleted file mode 100644 index 77bc9a5991..0000000000 --- a/changes/geoip-january2017 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (geoip): - - Update geoip and geoip6 to the January 4 2017 Maxmind GeoLite2 - Country database. - diff --git a/changes/geoip-june2017 b/changes/geoip-june2017 new file mode 100644 index 0000000000..2ea7bf105e --- /dev/null +++ b/changes/geoip-june2017 @@ -0,0 +1,4 @@ + o Minor features: + - Update geoip and geoip6 to the June 8 2017 Maxmind GeoLite2 + Country database. + diff --git a/changes/geoip-march2017 b/changes/geoip-march2017 deleted file mode 100644 index 6dc92baa2f..0000000000 --- a/changes/geoip-march2017 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - Update geoip and geoip6 to the March 7 2017 Maxmind GeoLite2 - Country database. - diff --git a/changes/geoip-may2017 b/changes/geoip-may2017 deleted file mode 100644 index 4e504d7a0a..0000000000 --- a/changes/geoip-may2017 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2 - Country database. - diff --git a/changes/geoip-november2016 b/changes/geoip-november2016 deleted file mode 100644 index b3f9913bb1..0000000000 --- a/changes/geoip-november2016 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (ge0oip): - - Update geoip and geoip6 to the November 3 2016 Maxmind GeoLite2 - Country database. - diff --git a/changes/more-files b/changes/more-files new file mode 100644 index 0000000000..861d6a3143 --- /dev/null +++ b/changes/more-files @@ -0,0 +1,4 @@ + o Documentation: + - Document more of the files in the Tor data directory, including + cached-extrainfo, secret_onion_key{,_ntor}.old, hidserv-stats, + approved-routers, sr-random, and diff-cache. diff --git a/changes/more_module_docs b/changes/more_module_docs deleted file mode 100644 index 0066ddfcf0..0000000000 --- a/changes/more_module_docs +++ /dev/null @@ -1,4 +0,0 @@ - o Documentation: - - Module-level documentation for several more modules. Closes tickets - 19287 and - 19290. diff --git a/changes/new_requirement_pkgconfig b/changes/new_requirement_pkgconfig new file mode 100644 index 0000000000..503ff58c9e --- /dev/null +++ b/changes/new_requirement_pkgconfig @@ -0,0 +1,5 @@ + o New dependencies: + - To build with zstd and lzma support, Tor now requires the + pkg-config tool at build time. (This requirement was new in + 0.3.1.1-alpha, but was not noted at the time. Noting it here to + close ticket 22623.) diff --git a/changes/prop275-minimal b/changes/prop275-minimal deleted file mode 100644 index 83d42f850b..0000000000 --- a/changes/prop275-minimal +++ /dev/null @@ -1,9 +0,0 @@ - o Minor features (future-proofing): - - - Tor no longer refuses to download microdescriptors or descriptors if - they are listed as "published in the future". This change will - eventually allow us to stop listing meaningful "published" dates - in microdescriptor consensuses, and thereby allow us to reduce the - resources required to download consensus diffs by over 50%. - Implements part of ticket 21642; implements part of proposal 275. - diff --git a/changes/task-22207 b/changes/task-22207 new file mode 100644 index 0000000000..63544834bf --- /dev/null +++ b/changes/task-22207 @@ -0,0 +1,4 @@ + o Minor features: + - Add "fingerprint" line to networkstatus-bridges produced by + bridge authorities. Implements #22207. + diff --git a/changes/ticket20170-v3 b/changes/ticket20170-v3 deleted file mode 100644 index d634e72053..0000000000 --- a/changes/ticket20170-v3 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features (fallback directory list): - - Replace the 81 remaining fallbacks of the 100 originally introduced - in Tor 0.2.8.3-alpha in March 2016, with a list of 177 fallbacks - (123 new, 54 existing, 27 removed) generated in December 2016. - Resolves ticket 20170. diff --git a/changes/ticket20488 b/changes/ticket20488 new file mode 100644 index 0000000000..ad1b874372 --- /dev/null +++ b/changes/ticket20488 @@ -0,0 +1,5 @@ + o Minor features (logging, UI): + - Improve the warning message for specifying a relay by nickname. + The previous message implied that nickname registration was still + part of the Tor network design, which it isn't. Closes ticket 20488. + diff --git a/changes/ticket20575 b/changes/ticket20575 new file mode 100644 index 0000000000..bfbf03f6b6 --- /dev/null +++ b/changes/ticket20575 @@ -0,0 +1,4 @@ + o Deprecation (config): + - Deprecate HTTPProxy/HTTPProxyAuthenticator config options. It only + applies to direct unencrypted HTTP connections to your directory server, + which your Tor probably isn't using. Fixes bug 20575. diff --git a/changes/ticket21564 b/changes/ticket21564 deleted file mode 100644 index 7e01f41f8f..0000000000 --- a/changes/ticket21564 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor features (fallback directory list): - - Replace the 177 fallbacks originally introduced in Tor 0.2.9.8 in - December 2016 (of which ~126 were still functional), with a list of - 151 fallbacks (32 new, 119 existing, 58 removed) generated in - May 2017. - Resolves ticket 21564. diff --git a/changes/ticket22311 b/changes/ticket22311 new file mode 100644 index 0000000000..0bfd465f83 --- /dev/null +++ b/changes/ticket22311 @@ -0,0 +1,3 @@ + o Code simplification and refactoring: + - Remove several now-obsolete functions for asking about old variants + directory authority status. Closes ticket 22311; patch from "huyvq". diff --git a/changes/ticket22608 b/changes/ticket22608 new file mode 100644 index 0000000000..5aa9db27f1 --- /dev/null +++ b/changes/ticket22608 @@ -0,0 +1,6 @@ + o Code simplification and refactoring: + - Extract the code for handling newly-open channels into a separate + function from the general code to handle channel state transitions. + This change simplifies our callgraph, reducing the size of the largest + strongly connected component by roughly a factor of two. + Closes ticket 22608 diff --git a/changes/ticket22684 b/changes/ticket22684 new file mode 100644 index 0000000000..f1d9d21abb --- /dev/null +++ b/changes/ticket22684 @@ -0,0 +1,5 @@ + o Minor features (control): + - Add GETINFO desc/download-enabled and md/download-enabled, to + inform the controller whether try to download router descriptors + and microdescriptors respectively. Closes ticket 22684. + diff --git a/changes/ticket22750 b/changes/ticket22750 new file mode 100644 index 0000000000..6bc1fb2639 --- /dev/null +++ b/changes/ticket22750 @@ -0,0 +1,3 @@ + o Minor bugfixes (logging, sandbox): + - Use the correct system call in sandbox error messages. Fixes bug + 22750; bugfix on 0.2.5.1-alpha. diff --git a/changes/ticket22804 b/changes/ticket22804 new file mode 100644 index 0000000000..a5d71c5120 --- /dev/null +++ b/changes/ticket22804 @@ -0,0 +1,4 @@ + o Code simplification and refactoring: + + - Split the enormous circuit_send_next_onion_skin() function into + multiple subfunctions. Closes ticket 22804. diff --git a/changes/trove-2017-001 b/changes/trove-2017-001 deleted file mode 100644 index 5187e6d5f1..0000000000 --- a/changes/trove-2017-001 +++ /dev/null @@ -1,8 +0,0 @@ - o Major bugfixes (security): - - Downgrade the "-ftrapv" option from "always on" to "only on when - --enable-expensive-hardening is provided." This hardening option, like - others, can turn survivable bugs into crashes--and having it on by - default made a (relatively harmless) integer overflow bug into a - denial-of-service bug. Fixes bug 21278 (TROVE-2017-001); bugfix on - 0.2.9.1-alpha. - diff --git a/changes/trove-2017-001.2 b/changes/trove-2017-001.2 deleted file mode 100644 index 3ef073cf9f..0000000000 --- a/changes/trove-2017-001.2 +++ /dev/null @@ -1,8 +0,0 @@ - o Major bugfixes (parsing): - - Fix an integer underflow bug when comparing malformed Tor versions. - This bug is harmless, except when Tor has been built with - --enable-expensive-hardening, which would turn it into a crash; - or on Tor 0.2.9.1-alpha through Tor 0.2.9.8, which were built with - -ftrapv by default. - Part of TROVE-2017-001. Fixes bug 21278; bugfix on - 0.0.8pre1. Found by OSS-Fuzz. |