diff options
Diffstat (limited to 'changes')
| -rw-r--r-- | changes/29241_diagnostic | 4 | ||||
| -rw-r--r-- | changes/bug28525 | 7 | ||||
| -rw-r--r-- | changes/bug29241 | 6 | ||||
| -rw-r--r-- | changes/bug30040 | 9 | ||||
| -rw-r--r-- | changes/bug30041 | 5 | ||||
| -rw-r--r-- | changes/bug30148 | 4 | ||||
| -rw-r--r-- | changes/bug30189 | 4 | ||||
| -rw-r--r-- | changes/bug30190 | 3 | ||||
| -rw-r--r-- | changes/bug30475 | 4 | ||||
| -rw-r--r-- | changes/bug30561 | 6 | ||||
| -rw-r--r-- | changes/bug30713 | 5 | ||||
| -rw-r--r-- | changes/bug30744 | 3 | ||||
| -rw-r--r-- | changes/bug30781 | 4 | ||||
| -rw-r--r-- | changes/bug31343 | 9 | ||||
| -rw-r--r-- | changes/chutney_ci | 3 | ||||
| -rw-r--r-- | changes/cid1444119 | 3 | ||||
| -rw-r--r-- | changes/geoip-2019-05-13 | 4 | ||||
| -rw-r--r-- | changes/geoip-2019-06-10 | 4 | ||||
| -rw-r--r-- | changes/ticket28795 | 5 | ||||
| -rw-r--r-- | changes/ticket29702 | 4 | ||||
| -rw-r--r-- | changes/ticket30213 | 3 | ||||
| -rw-r--r-- | changes/ticket30234 | 2 | ||||
| -rw-r--r-- | changes/ticket30591 | 3 | ||||
| -rw-r--r-- | changes/ticket30694 | 3 | ||||
| -rw-r--r-- | changes/ticket31374 | 4 |
25 files changed, 111 insertions, 0 deletions
diff --git a/changes/29241_diagnostic b/changes/29241_diagnostic new file mode 100644 index 0000000000..1e38654957 --- /dev/null +++ b/changes/29241_diagnostic @@ -0,0 +1,4 @@ + o Minor features (NSS, diagnostic): + - Try to log an error from NSS (if there is any) and a more useful + description of our situation if we are using NSS and a call to + SSL_ExportKeyingMaterial() fails. Diagnostic for ticket 29241. diff --git a/changes/bug28525 b/changes/bug28525 new file mode 100644 index 0000000000..988ffb2192 --- /dev/null +++ b/changes/bug28525 @@ -0,0 +1,7 @@ + o Minor features (address selection): + - Make Tor aware of the RFC 6598 (Carrier Grade NAT) IP range, which is the + subnet 100.64.0.0/10. This is deployed by many ISPs as an alternative to + RFC 1918 that does not break existing internal networks. This patch fixes + security issues caused by RFC 6518 by blocking control ports on these + addresses and warns users if client ports or ExtORPorts are listening on + a RFC 6598 address. Closes ticket 28525. Patch by Neel Chauhan. diff --git a/changes/bug29241 b/changes/bug29241 new file mode 100644 index 0000000000..7f25e154d1 --- /dev/null +++ b/changes/bug29241 @@ -0,0 +1,6 @@ + o Major bugfixes (NSS, relay): + - When running with NSS, disable TLS 1.2 ciphersuites that use SHA384 + for their PRF. Due to an NSS bug, the TLS key exporters for these + ciphersuites don't work -- which caused relays to fail to handshake + with one another when these ciphersuites were enabled. + Fixes bug 29241; bugfix on 0.3.5.1-alpha. diff --git a/changes/bug30040 b/changes/bug30040 new file mode 100644 index 0000000000..7d80528a10 --- /dev/null +++ b/changes/bug30040 @@ -0,0 +1,9 @@ + o Minor bugfixes (security): + - Fix a potential double free bug when reading huge bandwidth files. The + issue is not exploitable in the current Tor network because the + vulnerable code is only reached when directory authorities read bandwidth + files, but bandwidth files come from a trusted source (usually the + authorities themselves). Furthermore, the issue is only exploitable in + rare (non-POSIX) 32-bit architectures which are not used by any of the + current authorities. Fixes bug 30040; bugfix on 0.3.5.1-alpha. Bug found + and fixed by Tobias Stoeckmann. diff --git a/changes/bug30041 b/changes/bug30041 new file mode 100644 index 0000000000..801c8f67ac --- /dev/null +++ b/changes/bug30041 @@ -0,0 +1,5 @@ + o Minor bugfixes (hardening): + - Verify in more places that we are not about to create a buffer + with more than INT_MAX bytes, to avoid possible OOB access in the event + of bugs. Fixes bug 30041; bugfix on 0.2.0.16. Found and fixed by + Tobias Stoeckmann. diff --git a/changes/bug30148 b/changes/bug30148 new file mode 100644 index 0000000000..7d0257e3fe --- /dev/null +++ b/changes/bug30148 @@ -0,0 +1,4 @@ + o Minor bugfixes (memory leak): + - Avoid a minor memory leak that could occur on relays when + creating a keys directory failed. Fixes bug 30148; bugfix on + 0.3.3.1-alpha. diff --git a/changes/bug30189 b/changes/bug30189 new file mode 100644 index 0000000000..f8c932a5f9 --- /dev/null +++ b/changes/bug30189 @@ -0,0 +1,4 @@ + o Minor bugfixes (compilation, unusual configuration): + - Avoid failures when building with ALL_BUGS_ARE_FAILED due to + missing declarations of abort(), and prevent other such failures + in the future. Fixes bug 30189; bugfix on 0.3.4.1-alpha. diff --git a/changes/bug30190 b/changes/bug30190 new file mode 100644 index 0000000000..e2352c3b9c --- /dev/null +++ b/changes/bug30190 @@ -0,0 +1,3 @@ + o Minor bugfixes (lib): + do not log a warning for OpenSSL versions that should be compatible + Fixes bug 30190; bugfix on 0.2.4.2-alpha diff --git a/changes/bug30475 b/changes/bug30475 new file mode 100644 index 0000000000..839597b885 --- /dev/null +++ b/changes/bug30475 @@ -0,0 +1,4 @@ + o Minor bugfixes (): + - Avoid a GCC 9.1.1 warning (and possible crash depending on libc + implemenation) when failing to load a hidden service client authorization + file. Fixes bug 30475; bugfix on 0.3.5.1-alpha. diff --git a/changes/bug30561 b/changes/bug30561 new file mode 100644 index 0000000000..afb3f02c62 --- /dev/null +++ b/changes/bug30561 @@ -0,0 +1,6 @@ + o Minor bugfixes (portability): + - Avoid crashing in our tor_vasprintf() implementation on systems that + define neither vasprintf() nor _vscprintf(). (This bug has been here + long enough that we question whether people are running Tor on such + systems, but we're applying the fix out of caution.) Fixes bug 30561; + bugfix on 0.2.8.2-alpha. Found and fixed by Tobias Stoeckmann. diff --git a/changes/bug30713 b/changes/bug30713 new file mode 100644 index 0000000000..e00b98da65 --- /dev/null +++ b/changes/bug30713 @@ -0,0 +1,5 @@ + o Minor bugfixes (testing): + - Skip test_rebind when the TOR_SKIP_TEST_REBIND environmental variable is + set. Fixes bug 30713; bugfix on 0.3.5.1-alpha. + - Skip test_rebind on macOS in Travis, because it is unreliable on + macOS on Travis. Fixes bug 30713; bugfix on 0.3.5.1-alpha. diff --git a/changes/bug30744 b/changes/bug30744 new file mode 100644 index 0000000000..9f07d4855f --- /dev/null +++ b/changes/bug30744 @@ -0,0 +1,3 @@ + o Minor bugfixes (continuous integration): + - Allow the test-stem job to fail in Travis, because it sometimes hangs. + Fixes bug 30744; bugfix on 0.3.5.4-alpha. diff --git a/changes/bug30781 b/changes/bug30781 new file mode 100644 index 0000000000..7c7adf470e --- /dev/null +++ b/changes/bug30781 @@ -0,0 +1,4 @@ + o Minor bugfixes (directory authorities): + - Stop crashing after parsing an unknown descriptor purpose annotation. + We think this bug can only be triggered by modifying a local file. + Fixes bug 30781; bugfix on 0.2.0.8-alpha. diff --git a/changes/bug31343 b/changes/bug31343 new file mode 100644 index 0000000000..17a8057ead --- /dev/null +++ b/changes/bug31343 @@ -0,0 +1,9 @@ + o Minor bugfixes (compilation): + - Avoid using labs() on time_t, which can cause compilation warnings + on 64-bit Windows builds. Fixes bug 31343; bugfix on 0.2.4.4-alpha. + + o Minor bugfixes (clock skew detection): + - Don't believe clock skew results from NETINFO cells that appear to + arrive before the VERSIONS cells they are responding to were sent. + Previously, we would accept them up to 3 minutes "in the past". + Fixes bug 31343; bugfix on 0.2.4.4-alpha. diff --git a/changes/chutney_ci b/changes/chutney_ci new file mode 100644 index 0000000000..b17d587329 --- /dev/null +++ b/changes/chutney_ci @@ -0,0 +1,3 @@ + o Minor features (continuous integration): + - Our Travis configuration now uses Chutney to run some network + integration tests automatically. Closes ticket 29280. diff --git a/changes/cid1444119 b/changes/cid1444119 new file mode 100644 index 0000000000..bb6854e66f --- /dev/null +++ b/changes/cid1444119 @@ -0,0 +1,3 @@ + o Minor bugfixes (C correctness): + - Fix an unlikely memory leak in consensus_diff_apply(). Fixes bug 29824; + bugfix on 0.3.1.1-alpha. This is Coverity warning CID 1444119. diff --git a/changes/geoip-2019-05-13 b/changes/geoip-2019-05-13 new file mode 100644 index 0000000000..0a2fa18971 --- /dev/null +++ b/changes/geoip-2019-05-13 @@ -0,0 +1,4 @@ + o Minor features (geoip): + - Update geoip and geoip6 to the May 13 2019 Maxmind GeoLite2 + Country database. Closes ticket 30522. + diff --git a/changes/geoip-2019-06-10 b/changes/geoip-2019-06-10 new file mode 100644 index 0000000000..2d1e065649 --- /dev/null +++ b/changes/geoip-2019-06-10 @@ -0,0 +1,4 @@ + o Minor features (geoip): + - Update geoip and geoip6 to the June 10 2019 Maxmind GeoLite2 + Country database. Closes ticket 30852. + diff --git a/changes/ticket28795 b/changes/ticket28795 new file mode 100644 index 0000000000..6ae72562bf --- /dev/null +++ b/changes/ticket28795 @@ -0,0 +1,5 @@ + o Minor features (fallback directory list): + - Replace the 157 fallbacks originally introduced in Tor 0.3.5.6-rc + in December 2018 (of which ~122 were still functional), with a + list of 148 fallbacks (70 new, 78 existing, 79 removed) generated + in June 2019. Closes ticket 28795. diff --git a/changes/ticket29702 b/changes/ticket29702 new file mode 100644 index 0000000000..e1cc1f867b --- /dev/null +++ b/changes/ticket29702 @@ -0,0 +1,4 @@ + o Testing: + - Specify torrc paths (with empty files) when launching tor in + integration tests; refrain from reading user and system torrcs. + Resolves issue 29702. diff --git a/changes/ticket30213 b/changes/ticket30213 new file mode 100644 index 0000000000..acb7614807 --- /dev/null +++ b/changes/ticket30213 @@ -0,0 +1,3 @@ + o Minor features (continuous integration): + - Remove sudo configuration lines from .travis.yml as they are no longer + needed with current Travis build environment. Resolves issue 30213. diff --git a/changes/ticket30234 b/changes/ticket30234 new file mode 100644 index 0000000000..5a0076bad2 --- /dev/null +++ b/changes/ticket30234 @@ -0,0 +1,2 @@ + o Testing (continuous integration): + - In Travis, show stem's tor log after failure. Closes ticket 30234. diff --git a/changes/ticket30591 b/changes/ticket30591 new file mode 100644 index 0000000000..f97c024009 --- /dev/null +++ b/changes/ticket30591 @@ -0,0 +1,3 @@ + o Testing (continuous integration): + - In Travis, make stem log a controller trace to the console. And tail + stem's tor log after failure. Closes ticket 30591. diff --git a/changes/ticket30694 b/changes/ticket30694 new file mode 100644 index 0000000000..70dbf6481a --- /dev/null +++ b/changes/ticket30694 @@ -0,0 +1,3 @@ + o Testing (continuous integration): + - In Travis, only run the stem tests that use a tor binary. + Closes ticket 30694. diff --git a/changes/ticket31374 b/changes/ticket31374 new file mode 100644 index 0000000000..e8eef9cd49 --- /dev/null +++ b/changes/ticket31374 @@ -0,0 +1,4 @@ + o Minor bugfixes (compilation warning): + - Fix a compilation warning on Windows about casting a function + pointer for GetTickCount64(). Fixes bug 31374; bugfix on + 0.2.9.1-alpha. |