diff options
Diffstat (limited to 'changes')
46 files changed, 109 insertions, 105 deletions
diff --git a/changes/bug17170 b/changes/bug17170 new file mode 100644 index 0000000000..24a9b94fcf --- /dev/null +++ b/changes/bug17170 @@ -0,0 +1,3 @@ + o Documentation: + - Note that bandwidth-limiting options don't affect TCP headers or DNS. + Closes ticket 17170. diff --git a/changes/bug19699 b/changes/bug19699 new file mode 100644 index 0000000000..8bfe66210e --- /dev/null +++ b/changes/bug19699 @@ -0,0 +1,5 @@ + o Minor bugfixes (testing): + - Make test-network.sh always call chutney's test-network.sh. + Previously, this only worked on systems which had bash installed, due to + some bash-specific code in the script. + Fixes bug 19699; follow-up to 21581. diff --git a/changes/bug20711 b/changes/bug20711 deleted file mode 100644 index 0bc0d94fb1..0000000000 --- a/changes/bug20711 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes (directory mirrors): - - Allow relays to use directory mirrors without a DirPort: these relays - need to be contacted over their ORPorts using a begindir connection. - Fixes bug 20711; bugfix on 0.2.8.2-alpha. - - Clarify the message logged when a remote relay is unexpectedly missing - an ORPort or DirPort: users were confusing this with a local port. - Fixes bug 20711; bugfix on 0.2.8.2-alpha. diff --git a/changes/bug20894 b/changes/bug20894 deleted file mode 100644 index 2dbf9b9aa9..0000000000 --- a/changes/bug20894 +++ /dev/null @@ -1,9 +0,0 @@ - o Major bugfixes (HTTP, parsing): - - When parsing a malformed content-length field from an HTTP message, - do not read off the end of the buffer. This bug was a potential - remote denial-of-service attack against Tor clients and relays. - A workaround was released in October 2016, which prevents this - bug from crashing Tor. This is a fix for the underlying issue, - which should no longer matter (if you applied the earlier patch). - Fixes bug 20894; bugfix on 0.2.0.16-alpha. Bug found by fuzzing - using AFL (http://lcamtuf.coredump.cx/afl/). diff --git a/changes/bug21007_case2 b/changes/bug21007_case2 deleted file mode 100644 index 43344449ec..0000000000 --- a/changes/bug21007_case2 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (guards): - - Don't warn about a missing guard state on timeout-measurement - circuits: they aren't supposed to be using guards. Fixes an - instance of bug 21007; bugfix on 0.3.0.1-alpha. diff --git a/changes/bug21027 b/changes/bug21027 deleted file mode 100644 index d20df876fa..0000000000 --- a/changes/bug21027 +++ /dev/null @@ -1,8 +0,0 @@ - o Major bugfixes (bridges): - - - When the same bridge is configured multiple times at different - address:port combinations (but with the same identity), treat - those bridge instances as separate guards. This allows clients to - configure the same bridge with multiple pluggable transports, once - again. Fixes bug 21027; bugfix on 0.3.0.1-alpha. - diff --git a/changes/bug21116 b/changes/bug21116 deleted file mode 100644 index 2304ab0fd6..0000000000 --- a/changes/bug21116 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (test): - - Fix Raspbian build missing socket errno in test util. Fixes bug 21116.; - bugfix on tor-0.2.8.2. Patch by "hein". diff --git a/changes/bug21278_extras b/changes/bug21278_extras deleted file mode 100644 index ffdf4a047b..0000000000 --- a/changes/bug21278_extras +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (code correctness): - - Repair a couple of (unreachable or harmless) cases of the risky - comparison-by-subtraction pattern that caused bug 21278. diff --git a/changes/bug21278_prevention b/changes/bug21278_prevention deleted file mode 100644 index e07f0a670c..0000000000 --- a/changes/bug21278_prevention +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (directory authority): - - Directory authorities now reject descriptors that claim to be - malformed versions of Tor. Helps prevent exploitation of bug 21278. - diff --git a/changes/bug21329 b/changes/bug21329 new file mode 100644 index 0000000000..60b936393e --- /dev/null +++ b/changes/bug21329 @@ -0,0 +1,3 @@ + o Minor bugfixes (controller): + - GETINFO onions/current and onions/detached no longer 551 on empty lists + Fixes bug 21329 diff --git a/changes/bug21369_check b/changes/bug21369_check deleted file mode 100644 index 2cd808c9b6..0000000000 --- a/changes/bug21369_check +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (reliability, crash): - - Try better to detect problems in buffers where they might grow (or - think they have grown) over 2 GB in size. Diagnostic for bug 21369. diff --git a/changes/bug21407 b/changes/bug21407 new file mode 100644 index 0000000000..8d0d917439 --- /dev/null +++ b/changes/bug21407 @@ -0,0 +1,4 @@ + o Minor features (defaults, security): + - The default value for UseCreateFast is now 0: clients which haven't yet + received a consensus document will nonetheless use a proper handshake + to talk to their directory servers (when they can). Closes ticket 21407. diff --git a/changes/bug21415 b/changes/bug21415 deleted file mode 100644 index f0aa72f81f..0000000000 --- a/changes/bug21415 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfix (entry guards): - - Silence a BUG() warning when attempting to use a guard whose descriptor - we don't know and make this scenario more unlikely to happen. Fixes bug - 21415; bugfix on 0.3.0.1-alpha. diff --git a/changes/bug21420 b/changes/bug21420 deleted file mode 100644 index 014404466a..0000000000 --- a/changes/bug21420 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (certificate expiration time): - - Avoid using link certificates that don't become valid till - some time in the future. Fixes bug 21420; bugfix on 0.2.4.11-alpha diff --git a/changes/bug21439 b/changes/bug21439 new file mode 100644 index 0000000000..3acc53bfb7 --- /dev/null +++ b/changes/bug21439 @@ -0,0 +1,7 @@ + o Minor features (testing): + - Add a "--disable-memory-sentinels" feature to help with fuzzing. + When Tor is compiled with this option, we disable a number of + redundant memory-safety failsafes that are intended to stop + bugs from becoming security issues. This makes it easier to hunt + for bugs that would be security issues without the failsafes + turned on. Closes ticket 21439. diff --git a/changes/bug21447 b/changes/bug21447 deleted file mode 100644 index c025b92313..0000000000 --- a/changes/bug21447 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (testing): - - Rename "make fuzz" to "make test-fuzz-corpora", since it doesn't - actually fuzz anything. Fixes bug 21447; bugfix on 0.3.0.3-alpha. - diff --git a/changes/bug21450 b/changes/bug21450 deleted file mode 100644 index a1cf89ab41..0000000000 --- a/changes/bug21450 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (voting consistency): - - Reject version numbers with components that exceed INT32_MAX. - Otherwise 32-bit and 64-bit platforms would behave inconsistently. - Fixes bug 21450; bugfix on 0.0.8pre1. diff --git a/changes/bug21471 b/changes/bug21471 deleted file mode 100644 index 684035b19c..0000000000 --- a/changes/bug21471 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes (hidden service directory v3): - - When a descriptor lookup was done and it was not found in the directory - cache, it would crash on a NULL pointer instead of returning the 404 - code back to the client like it was suppose to. Fixes bug 21471.; - bugfixes on tor-0.3.0.1-alpha. diff --git a/changes/bug21472 b/changes/bug21472 deleted file mode 100644 index f31ec9157e..0000000000 --- a/changes/bug21472 +++ /dev/null @@ -1,3 +0,0 @@ - o Documentation: - - Small fixes to the fuzzing documentation. Closes ticket - 21472. diff --git a/changes/bug21492 b/changes/bug21492 deleted file mode 100644 index 2ed7947771..0000000000 --- a/changes/bug21492 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (correctness): - - Remove a redundant check for the UseEntryGuards option from the - options_transition_affects_guards() function. Fixes bug 21492; - bugfix on 0.3.0.1-alpha. - diff --git a/changes/bug21496 b/changes/bug21496 new file mode 100644 index 0000000000..24ac85a769 --- /dev/null +++ b/changes/bug21496 @@ -0,0 +1,4 @@ + o Minor features (safety): + - Add an explict check to extrainfo_parse_entry_from_string() for NULL + inputs. We don't believe this can actually happen, but it may help + silence a warning from the Clang analyzer. Closes ticket 21496. diff --git a/changes/bug21507 b/changes/bug21507 new file mode 100644 index 0000000000..f83e291b63 --- /dev/null +++ b/changes/bug21507 @@ -0,0 +1,5 @@ + o Minor bugfixes (voting consistency): + - Reject version numbers with non-numeric prefixes (such as +, -, and + whitespace). Disallowing whitespace prevents differential version + parsing between POSIX-based and Windows platforms. + Fixes bug 21507 and part of 21508; bugfix on 0.0.8pre1. diff --git a/changes/bug21510 b/changes/bug21510 new file mode 100644 index 0000000000..31c3e1ada9 --- /dev/null +++ b/changes/bug21510 @@ -0,0 +1,4 @@ + o Minor bugfixes (unit tests): + - Make display of captured unit test log messages consistent. + Fixes bug 21510; bugfix on 0.2.9.3-alpha. + diff --git a/changes/bug21540 b/changes/bug21540 new file mode 100644 index 0000000000..0cf684b7f2 --- /dev/null +++ b/changes/bug21540 @@ -0,0 +1,4 @@ + o Minor bugfixes (windows, relay): + - Resolve "Failure from drain_fd: No error" warnings on Windows + relays. Fixes bug 21540; bugfix on 0.2.6.3-alpha. + diff --git a/changes/bug21553 b/changes/bug21553 deleted file mode 100644 index 6ffa3e29a2..0000000000 --- a/changes/bug21553 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes (hidden service): - - When encoding a legacy ESTABLISH_INTRO cell, we were using the sizeof() - on a pointer instead of real size of the destination buffer leading to - an overflow passing an enormous value to the signing digest function. - Fortunately, that value was only used to make sure the destination - buffer length was big enough for the key size and in this case it was. - Fixes bug 21553; bugfix on tor-0.3.0.1-alpha. diff --git a/changes/bug21562 b/changes/bug21562 deleted file mode 100644 index 48396a00e7..0000000000 --- a/changes/bug21562 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (testing): - - Use bash in src/test/test-network.sh. This ensures we reliably call - chutney's newer tools/test-network.sh when available. - Fixes bug 21562; bugfix on tor-0.2.9.1-alpha. diff --git a/changes/bug21581 b/changes/bug21581 deleted file mode 100644 index 1077719856..0000000000 --- a/changes/bug21581 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (testing): - - Restore support for test-network.sh on BSD and other systems without - bash. (But use bash if it's available.) This is a workaround until we - remove bash-specific code in 19699. - Fixes bug 21581; bugfix on 21562, not in any released version of tor. diff --git a/changes/bug21586 b/changes/bug21586 new file mode 100644 index 0000000000..200d55a8e8 --- /dev/null +++ b/changes/bug21586 @@ -0,0 +1,4 @@ + o Minor bugfix (directory authority): + - Prevent the shared randomness subsystem from asserting when initialized + by a bridge authority with an incomplete configuration file. Fixes bug + #21856; bugfix on 0.2.9.8. diff --git a/changes/bug21596 b/changes/bug21596 new file mode 100644 index 0000000000..ec0a46bb81 --- /dev/null +++ b/changes/bug21596 @@ -0,0 +1,5 @@ + o Minor bugfixes (hidden services): + - Make hidden services check for failed intro point connections, even when + they have exceeded their intro point creation limit. Fixes bug 21596; + bugfix on commit d67bf8b2f23 in Tor 0.2.7.2-alpha. Reported by + alecmuffett. diff --git a/changes/bug21599 b/changes/bug21599 new file mode 100644 index 0000000000..fe0f21a740 --- /dev/null +++ b/changes/bug21599 @@ -0,0 +1,4 @@ + o Minor bugfixes (hidden services): + - Simplify hidden service descriptor creation by using an existing flag + to check if an introduction point is established. + Fixes bug 21599; bugfix on 0.2.7.2-alpha. diff --git a/changes/bug21641 b/changes/bug21641 new file mode 100644 index 0000000000..96fdf5fe22 --- /dev/null +++ b/changes/bug21641 @@ -0,0 +1,5 @@ + o Minor feature (defaults, directory): + - Onion key rotation and expiry intervals are now defined as a network + consensus parameter as per proposal #274. The default lifetime of an + onion key is bumped from 7 to 28 days. Old onion keys will expire after 7 + days by default. Fixes bug #21641. diff --git a/changes/bug21654 b/changes/bug21654 new file mode 100644 index 0000000000..fd1c650710 --- /dev/null +++ b/changes/bug21654 @@ -0,0 +1,4 @@ + o Code simplifications and refactoring + - Use unbuffered I/O for utility functions around the process_handle_t + type. This fixes unit test failures reported on OpenBSD and FreeBSD. + Fixes bug 21654. diff --git a/changes/bug21703 b/changes/bug21703 new file mode 100644 index 0000000000..3034fc5e4b --- /dev/null +++ b/changes/bug21703 @@ -0,0 +1,4 @@ + o Minor features (controller): + - Warn the first time that a controller requests data in the + long-deprecated 'GETINFO network-status' format. Closes ticket 21703. + diff --git a/changes/bug21788 b/changes/bug21788 new file mode 100644 index 0000000000..48deec2bb7 --- /dev/null +++ b/changes/bug21788 @@ -0,0 +1,3 @@ + o Minor bugfixes: + - Fix a small memory leak at exit from the backtrace handler code. + Fixes bug 21788; bugfix on 0.2.5.2-alpha. Patch from Daniel Pinto. diff --git a/changes/consdiff_21643 b/changes/consdiff_21643 new file mode 100644 index 0000000000..38d465673b --- /dev/null +++ b/changes/consdiff_21643 @@ -0,0 +1,5 @@ + o Major features (internals): + - Add an ed diff/patch backend, optimized for consensus documents. + This backend will be the basis of our consensus diff implementation. + Most of the work here was done + by Daniel MartÃ. Closes ticket 21643. diff --git a/changes/data_dir_default_doc b/changes/data_dir_default_doc new file mode 100644 index 0000000000..6b49bb2a65 --- /dev/null +++ b/changes/data_dir_default_doc @@ -0,0 +1,3 @@ + o Documentation: + - Correct the documentation about the default DataDirectory value. + Closes ticket 21151. diff --git a/changes/faster-keccak b/changes/faster-keccak new file mode 100644 index 0000000000..45fc1526a8 --- /dev/null +++ b/changes/faster-keccak @@ -0,0 +1,4 @@ + o Minor features (performance): + - The minimal keccak implementation we include now accesses memory + more efficiently, especially on little-endian systems. + Closes ticket 21737. diff --git a/changes/feature21570 b/changes/feature21570 deleted file mode 100644 index 40555eefa9..0000000000 --- a/changes/feature21570 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features (testing): - - During 'make test-network-all', if tor logs any warnings, ask chutney - to output them. Requires a recent version of chutney with the 21572 - patch. - Implements 21570. diff --git a/changes/feature21598 b/changes/feature21598 new file mode 100644 index 0000000000..317ace4bcf --- /dev/null +++ b/changes/feature21598 @@ -0,0 +1,4 @@ + o Minor feature (hidden services): + - Log a message when a hidden service descriptor has fewer introduction + points than specified in HiddenServiceNumIntroductionPoints. + Closes ticket 21598. diff --git a/changes/feature21622 b/changes/feature21622 new file mode 100644 index 0000000000..163b90b724 --- /dev/null +++ b/changes/feature21622 @@ -0,0 +1,8 @@ + o Minor feature (hidden services): + - Log a message when a hidden service reaches its introduction point + circuit limit, and when that limit is reset. + Follow up to ticket 21594, closes ticket 21622. + - Add more information to the message logged when a hidden service + descriptor has fewer introduction points than specified in + HiddenServiceNumIntroductionPoints. + Follow up to tickets 21598 and 21599, closes ticket 21622. diff --git a/changes/geoip-february2017 b/changes/geoip-february2017 deleted file mode 100644 index ec54b6122a..0000000000 --- a/changes/geoip-february2017 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - Update geoip and geoip6 to the February 8 2017 Maxmind GeoLite2 - Country database. - diff --git a/changes/storagedir b/changes/storagedir new file mode 100644 index 0000000000..afaaab397f --- /dev/null +++ b/changes/storagedir @@ -0,0 +1,5 @@ + o Minor features (infrastructure, seccomp2 sandbox): + - We now have a document storage backend compatible with the Linux + seccomp2 sandbox. The long-term plan is to use this backend for + consensus documents and for storing unparseable directory + material. Closes ticket 21645. diff --git a/changes/test21470 b/changes/test21470 new file mode 100644 index 0000000000..8bb78dffc9 --- /dev/null +++ b/changes/test21470 @@ -0,0 +1,5 @@ + o Minor enhancements (unit tests): + - Improve version parsing tests: add tests for typical version components, + add tests for invalid versions, including numeric range and non-numeric + prefixes. + Unit tests 21278, 21450, and 21507. Partially implements 21470. diff --git a/changes/ticket20656 b/changes/ticket20656 deleted file mode 100644 index 28192e8978..0000000000 --- a/changes/ticket20656 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor feature (protover): - - Add new protocol version for proposal 224. HSIntro now advertises - version "3-4" and HSDir version "1-2". Fixes ticket 20656. diff --git a/changes/ticket21729 b/changes/ticket21729 new file mode 100644 index 0000000000..51d117311b --- /dev/null +++ b/changes/ticket21729 @@ -0,0 +1,7 @@ + o Minor features (logging): + - Log files are no longer created world-readable by default. + (Previously, most distributors would store the logs in a + non-world-readable location to prevent inappropriate access. This + change is an extra precaution.) Closes ticket 21729; patch from + toralf. + diff --git a/changes/trove-2017-001.2 b/changes/trove-2017-001.2 deleted file mode 100644 index 3ef073cf9f..0000000000 --- a/changes/trove-2017-001.2 +++ /dev/null @@ -1,8 +0,0 @@ - o Major bugfixes (parsing): - - Fix an integer underflow bug when comparing malformed Tor versions. - This bug is harmless, except when Tor has been built with - --enable-expensive-hardening, which would turn it into a crash; - or on Tor 0.2.9.1-alpha through Tor 0.2.9.8, which were built with - -ftrapv by default. - Part of TROVE-2017-001. Fixes bug 21278; bugfix on - 0.0.8pre1. Found by OSS-Fuzz. |