diff options
Diffstat (limited to 'changes')
-rw-r--r-- | changes/bug12485 | 4 | ||||
-rw-r--r-- | changes/bug12585 | 9 | ||||
-rw-r--r-- | changes/bug13111-generate-keys-on-empty-file | 23 | ||||
-rw-r--r-- | changes/bug13397 | 4 | ||||
-rw-r--r-- | changes/bug13401 | 7 | ||||
-rw-r--r-- | changes/bug13805 | 3 | ||||
-rw-r--r-- | changes/bug13806 | 8 | ||||
-rw-r--r-- | changes/bug14001-clang-warning | 6 | ||||
-rw-r--r-- | changes/bug14067-TestingDirAuthVoteHSDir | 6 | ||||
-rw-r--r-- | changes/bug14090 | 4 | ||||
-rw-r--r-- | changes/bug14129 | 7 | ||||
-rw-r--r-- | changes/bug14141 | 11 | ||||
-rw-r--r-- | changes/bug14142-parse-virtual-addr | 7 | ||||
-rw-r--r-- | changes/bug14149 | 4 | ||||
-rw-r--r-- | changes/bug14195 | 3 | ||||
-rw-r--r-- | changes/bug14207 | 3 | ||||
-rw-r--r-- | changes/bug14215 | 5 | ||||
-rw-r--r-- | changes/bug14219 | 6 | ||||
-rw-r--r-- | changes/bug14220 | 4 | ||||
-rw-r--r-- | changes/bug14261 | 5 | ||||
-rw-r--r-- | changes/bug8546 | 6 | ||||
-rw-r--r-- | changes/remove-bad-fp | 4 | ||||
-rw-r--r-- | changes/ticket13037 | 4 |
23 files changed, 143 insertions, 0 deletions
diff --git a/changes/bug12485 b/changes/bug12485 new file mode 100644 index 0000000000..53ce33ef7b --- /dev/null +++ b/changes/bug12485 @@ -0,0 +1,4 @@ + o Minor features (Guard nodes): + - Reduce the time delay before saving guard status to disk from 10 + minute to 30 seconds (or from one hour to 10 minutes if + AvoidDiskWrites is set). Closes ticket 12485. diff --git a/changes/bug12585 b/changes/bug12585 new file mode 100644 index 0000000000..495a2f0d71 --- /dev/null +++ b/changes/bug12585 @@ -0,0 +1,9 @@ + o Major features (security) + - Implementation of SocksSocket option - SocksSocket implements a SOCKS + proxy reachable by Unix Domain Socket. This allows client applications to + communicate with Tor without having the ability to create AF_INET or + AF_INET6 family sockets. If an application has permission to create a socket + with AF_UNIX, it may directly communicate with Tor as if it were an other + SOCKS proxy. This should allow high risk applications to be entirely prevented + from connecting directly with TCP/IP, they will be able to only connect to the + internet through AF_UNIX and only through Tor. Closes ticket 12585. diff --git a/changes/bug13111-generate-keys-on-empty-file b/changes/bug13111-generate-keys-on-empty-file new file mode 100644 index 0000000000..20c10c7443 --- /dev/null +++ b/changes/bug13111-generate-keys-on-empty-file @@ -0,0 +1,23 @@ + o Minor bugfixes (file handling): + - Stop failing when key files are zero-length. Instead, generate new + keys, and overwrite the empty key files. + Fixes bug 13111. Patch by "teor". + - Stop generating a fresh .old RSA key file when the .old file is missing. + - Avoid overwriting .old key files with empty key files. + - Stop crashing when a NULL filename is passed to file_status(). + Fixed as part of bug 13111. Patches by "teor". + + o Minor enhancements (file handling): + - Skip loading zero-length extra info store, router store, stats, state, + and key files. + - Return FN_ERROR when a zero-length filename is passed to file_status(). + Fixed as part of bug 13111. Patches by "teor". + + o Minor enhancements (testing): + - Test that tor does not fail when key files are zero-length. + Check that tor generates new keys, and overwrites the empty key files. + - Test that tor generates new keys when keys are missing (existing + behaviour). + - Test that tor does not overwrite key files that already contain data + (existing behaviour). + Tests bug 13111. Patch by "teor". diff --git a/changes/bug13397 b/changes/bug13397 new file mode 100644 index 0000000000..502092801f --- /dev/null +++ b/changes/bug13397 @@ -0,0 +1,4 @@ + o Minor bugfixes: + - Avoid crashing when trying to reload a torrc specified as a relative + path with RunAsDaemon turned on. Fixes bug 13397; bugfix on + 0.2.3.11-alpha. diff --git a/changes/bug13401 b/changes/bug13401 new file mode 100644 index 0000000000..e2834a09d3 --- /dev/null +++ b/changes/bug13401 @@ -0,0 +1,7 @@ + o Minor features (testing networks): + - Drop the minimum RendPostPeriod on a testing network to 5 seconds, + and the default to 2 minutes. Closes ticket 13401. Patch by "nickm". + - Drop the MIN_REND_INITIAL_POST_DELAY on a testing network to 5 seconds, + but keep the default at 30 seconds. This reduces HS bootstrap time to + around 25 seconds. Change src/test/test-network.sh default time to match. + Closes ticket 13401. Patch by "teor". diff --git a/changes/bug13805 b/changes/bug13805 new file mode 100644 index 0000000000..321cd58958 --- /dev/null +++ b/changes/bug13805 @@ -0,0 +1,3 @@ + o Minor features (systemd): + - Various improvements and modernizations in systemd hardening support. + Closes ticket 13805. Patch from Craig Andrews. diff --git a/changes/bug13806 b/changes/bug13806 new file mode 100644 index 0000000000..0a6b268c02 --- /dev/null +++ b/changes/bug13806 @@ -0,0 +1,8 @@ + o Minor features (DOS resistance): + - Count the total number of bytes used storing hidden service descriptors + against the value of MaxMemInQueues. If we're low on memory, and more + than 20% of our memory is used holding hidden service descriptors, free + them until no more than 10% of our memory holds hidden service + descriptors. Free the least recently fetched descriptors first. + Resolves ticket 13806. + diff --git a/changes/bug14001-clang-warning b/changes/bug14001-clang-warning new file mode 100644 index 0000000000..b932af6ab7 --- /dev/null +++ b/changes/bug14001-clang-warning @@ -0,0 +1,6 @@ + o Minor bugfixes: + - The address of an array in the middle of a structure will + always be non-NULL. clang recognises this and complains. + Disable the tautologous and redundant check to silence + this warning. + Fixes bug 14001. diff --git a/changes/bug14067-TestingDirAuthVoteHSDir b/changes/bug14067-TestingDirAuthVoteHSDir new file mode 100644 index 0000000000..52d2bee5e6 --- /dev/null +++ b/changes/bug14067-TestingDirAuthVoteHSDir @@ -0,0 +1,6 @@ + o Minor features (authorities, testing): + - Create TestingDirAuthVoteHSDir like TestingDirAuthVoteExit/Guard. + Ensures that authorities vote the HSDir flag for the listed + relays regardless of uptime or ORPort connectivity. + Respects the value of VoteOnHidServDirectoriesV2. + Partial fix for bug 14067. Patch by "teor". diff --git a/changes/bug14090 b/changes/bug14090 new file mode 100644 index 0000000000..d6a6df4860 --- /dev/null +++ b/changes/bug14090 @@ -0,0 +1,4 @@ + o Minor bugfixes: + - Avoid undefined behavior when sampling huge values from the + Laplace distribution. This made unittests fail on Raspberry Pi. + Bug found by Device. Fixes bug 14090; bugfix on 0.2.6.2-alpha. diff --git a/changes/bug14129 b/changes/bug14129 new file mode 100644 index 0000000000..6153cd84fd --- /dev/null +++ b/changes/bug14129 @@ -0,0 +1,7 @@ + o Major bugfixes (exit node stability): + + - Fix an assertion failure that could occur under high DNS load. Fixes + bug 14129; bugfix on Tor 0.0.7rc1. Found by "jowr"; diagnosed and fixed + by "cypherpunks". + + diff --git a/changes/bug14141 b/changes/bug14141 new file mode 100644 index 0000000000..75cdcd5f3a --- /dev/null +++ b/changes/bug14141 @@ -0,0 +1,11 @@ + o Minor bugfixes (systemd support): + - Fix detection and operation of systemd watchdog. Fixes part of + bug 14141; bugfix on 0.2.6.2-alpha. Patch from Tomasz Torcz. + + - Run correctly under systemd with the RunAsDaemon option set. + Fixes part of bug 14141; bugfix on 0.2.5.7-rc. Patch from Tomasz + Torcz. + + o Minor featurs (systemd support): + - Inform the systemd supervisor about more changes in the Tor process + status. Implements part of ticket 14141. Patch from Tomasz Torcz.
\ No newline at end of file diff --git a/changes/bug14142-parse-virtual-addr b/changes/bug14142-parse-virtual-addr new file mode 100644 index 0000000000..f78b7c7d81 --- /dev/null +++ b/changes/bug14142-parse-virtual-addr @@ -0,0 +1,7 @@ + o Minor bugfixes (client): + - Check for a missing option value in parse_virtual_addr_network + before asserting on the NULL in tor_addr_parse_mask_ports. + This avoids crashing on torrc lines like + Vi[rtualAddrNetworkIPv[4|6]] when no value follows the option. + Bugfix on 0.2.3 (de4cc126cbb5 on 24 November 2012), fixes #14142. + Patch by "teor". diff --git a/changes/bug14149 b/changes/bug14149 new file mode 100644 index 0000000000..d655a14354 --- /dev/null +++ b/changes/bug14149 @@ -0,0 +1,4 @@ + o Minor features (hidden service parameters): + - Make hidden service Sybil attacks harder by changing the minimum + time required to become an HSDir from 25 hours up to 96 hours. + Addresses ticket #14149.
\ No newline at end of file diff --git a/changes/bug14195 b/changes/bug14195 new file mode 100644 index 0000000000..d2b82f31b0 --- /dev/null +++ b/changes/bug14195 @@ -0,0 +1,3 @@ + o Minor bugfixes (client): + - Fix a memory leak when using AutomapHostsOnResolve. + Fixes bug 14195; bugfix on 0.1.0.1-rc. diff --git a/changes/bug14207 b/changes/bug14207 new file mode 100644 index 0000000000..987bb25acb --- /dev/null +++ b/changes/bug14207 @@ -0,0 +1,3 @@ + o Minor bugfixes (controller): + - Add a code for the END_CIRC_REASON_IP_NOW_REDUNDANT circuit close + reason. Fixes bug 12407; bugfix on 0.2.6.2-alpha. diff --git a/changes/bug14215 b/changes/bug14215 new file mode 100644 index 0000000000..70bcdaaefc --- /dev/null +++ b/changes/bug14215 @@ -0,0 +1,5 @@ + o Minor bugfixes (tests): + - Make the checkdir/perms test complete successfully even if the + global umask is not 022. Fixes bug 14215; bugfix on 0.2.6.2-alpha. + + diff --git a/changes/bug14219 b/changes/bug14219 new file mode 100644 index 0000000000..9d845db94e --- /dev/null +++ b/changes/bug14219 @@ -0,0 +1,6 @@ + o Minor bugfixes (hidden services): + + - When fetching a hidden service descriptor for a down service that we + recently up, do not keep refetching until we try the same replica twice + in a row. Fixes bug 14219; bugfix on 0.2.0.10-alpha. + diff --git a/changes/bug14220 b/changes/bug14220 new file mode 100644 index 0000000000..51cfa502bc --- /dev/null +++ b/changes/bug14220 @@ -0,0 +1,4 @@ + o Minor bugfixes (compilation): + - Build without warnings with the stock OpenSSL srtp.h header, + which has a duplicate declaration of SSL_get_selected_srtp_profile(). + Fixes bug 14220; this is OpenSSL's bug, not ours. diff --git a/changes/bug14261 b/changes/bug14261 new file mode 100644 index 0000000000..1260ccba1e --- /dev/null +++ b/changes/bug14261 @@ -0,0 +1,5 @@ + O Minor bugfixes (directory authority): + - Allow directory authorities to fetch more data from one + another if they find themselves missing lots of votes. + Previously, they had been bumping against the 10 MB queued + data limit. Fixes bug 14261. Bugfix on 0.1.2.5-alpha. diff --git a/changes/bug8546 b/changes/bug8546 new file mode 100644 index 0000000000..dc6a52a026 --- /dev/null +++ b/changes/bug8546 @@ -0,0 +1,6 @@ + o Code simplification and refactoring: + - Move fields related to isolating and configuring client ports + into a shared structure. Previously, they were duplicated across + port_cfg_t, listener_connection_t, and edge_connection_t. + Failure to copy one of them correctly had been the cause of at + least one bug in the past.
\ No newline at end of file diff --git a/changes/remove-bad-fp b/changes/remove-bad-fp new file mode 100644 index 0000000000..a07e3ba00c --- /dev/null +++ b/changes/remove-bad-fp @@ -0,0 +1,4 @@ + + o Removed features: + - Remove a test for a long-defunct broken directory server. + diff --git a/changes/ticket13037 b/changes/ticket13037 new file mode 100644 index 0000000000..24c4100454 --- /dev/null +++ b/changes/ticket13037 @@ -0,0 +1,4 @@ + o Minor features (build): + - New --disable-system-torrc compile-time option to prevent Tor from + looking for a system-wide torrc or torrc-defaults tile. Resolves + ticket 13037. |