diff options
Diffstat (limited to 'changes')
104 files changed, 231 insertions, 293 deletions
diff --git a/changes/bug16082 b/changes/bug16082 new file mode 100644 index 0000000000..0f2f04fb35 --- /dev/null +++ b/changes/bug16082 @@ -0,0 +1,4 @@ + o Documentation: + - Correctly note that bandwidth accounting values are stored in the + state file, and the bw_accounting file is now obsolete. Closes + ticket 16082. diff --git a/changes/bug17857 b/changes/bug17857 new file mode 100644 index 0000000000..6c88638231 --- /dev/null +++ b/changes/bug17857 @@ -0,0 +1,6 @@ + o Minor features (defensive programming): + - Create a pair of consensus parameters nf_pad_tor2web and + nf_pad_single_onion that allow us to disable netflow padding in the + consensus for non-anonymous connections, in case the overhead is high. + Closes #17857. + diff --git a/changes/bug18100 b/changes/bug18100 deleted file mode 100644 index cd3ba2c977..0000000000 --- a/changes/bug18100 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes (linux TPROXY support): - - Fix a typo that had prevented TPROXY-based transparent proxying from - working under Linux. Fixes bug 18100; bugfix on 0.2.6.3-alpha. - Patch from "d4fq0fQAgoJ". - diff --git a/changes/bug19418 b/changes/bug19418 new file mode 100644 index 0000000000..fb5f6ad5df --- /dev/null +++ b/changes/bug19418 @@ -0,0 +1,7 @@ + o Minor bugfixes (robustness, error handling): + - Improve our handling of the cases where OpenSSL encounters a + memory error while encoding keys and certificates. We haven't + observed these happening in the wild, but if they do happen, + we now detect and respond better. Fixes bug 19418; bugfix + on all versions of Tor. Reported by Guido Vranken. + diff --git a/changes/bug20059 b/changes/bug20059 deleted file mode 100644 index 091fab06d1..0000000000 --- a/changes/bug20059 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (relay): - - Avoid a double-marked-circuit warning that can happen when we receive - DESTROY cells under heavy load. Fixes bug 20059; bugfix on 0.1.0.1-rc. diff --git a/changes/bug20270 b/changes/bug20270 deleted file mode 100644 index d538a358dc..0000000000 --- a/changes/bug20270 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (directory authority): - - When rejecting a router descriptor because the relay is running an - obsolete version of Tor without ntor support, warn about the obsolete - tor version, not the missing ntor key. Fixes bug 20270; - bugfix on 0.2.9.3-alpha. - diff --git a/changes/bug20509 b/changes/bug20509 deleted file mode 100644 index a39ca9f60b..0000000000 --- a/changes/bug20509 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features: - - Directory authorities now reject relays running versions - 0.2.9.1-alpha through 0.2.9.4-alpha, because those relays - suffer from bug 20499 and don't keep their consensus cache - up-to-date. Resolves ticket 20509. diff --git a/changes/bug20711 b/changes/bug20711 deleted file mode 100644 index 0bc0d94fb1..0000000000 --- a/changes/bug20711 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes (directory mirrors): - - Allow relays to use directory mirrors without a DirPort: these relays - need to be contacted over their ORPorts using a begindir connection. - Fixes bug 20711; bugfix on 0.2.8.2-alpha. - - Clarify the message logged when a remote relay is unexpectedly missing - an ORPort or DirPort: users were confusing this with a local port. - Fixes bug 20711; bugfix on 0.2.8.2-alpha. diff --git a/changes/bug20894 b/changes/bug20894 deleted file mode 100644 index 2dbf9b9aa9..0000000000 --- a/changes/bug20894 +++ /dev/null @@ -1,9 +0,0 @@ - o Major bugfixes (HTTP, parsing): - - When parsing a malformed content-length field from an HTTP message, - do not read off the end of the buffer. This bug was a potential - remote denial-of-service attack against Tor clients and relays. - A workaround was released in October 2016, which prevents this - bug from crashing Tor. This is a fix for the underlying issue, - which should no longer matter (if you applied the earlier patch). - Fixes bug 20894; bugfix on 0.2.0.16-alpha. Bug found by fuzzing - using AFL (http://lcamtuf.coredump.cx/afl/). diff --git a/changes/bug21007_case2 b/changes/bug21007_case2 deleted file mode 100644 index 43344449ec..0000000000 --- a/changes/bug21007_case2 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (guards): - - Don't warn about a missing guard state on timeout-measurement - circuits: they aren't supposed to be using guards. Fixes an - instance of bug 21007; bugfix on 0.3.0.1-alpha. diff --git a/changes/bug21027 b/changes/bug21027 deleted file mode 100644 index d20df876fa..0000000000 --- a/changes/bug21027 +++ /dev/null @@ -1,8 +0,0 @@ - o Major bugfixes (bridges): - - - When the same bridge is configured multiple times at different - address:port combinations (but with the same identity), treat - those bridge instances as separate guards. This allows clients to - configure the same bridge with multiple pluggable transports, once - again. Fixes bug 21027; bugfix on 0.3.0.1-alpha. - diff --git a/changes/bug21116 b/changes/bug21116 deleted file mode 100644 index 2304ab0fd6..0000000000 --- a/changes/bug21116 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (test): - - Fix Raspbian build missing socket errno in test util. Fixes bug 21116.; - bugfix on tor-0.2.8.2. Patch by "hein". diff --git a/changes/bug21278_extras b/changes/bug21278_extras deleted file mode 100644 index ffdf4a047b..0000000000 --- a/changes/bug21278_extras +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (code correctness): - - Repair a couple of (unreachable or harmless) cases of the risky - comparison-by-subtraction pattern that caused bug 21278. diff --git a/changes/bug21278_prevention b/changes/bug21278_prevention deleted file mode 100644 index e07f0a670c..0000000000 --- a/changes/bug21278_prevention +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (directory authority): - - Directory authorities now reject descriptors that claim to be - malformed versions of Tor. Helps prevent exploitation of bug 21278. - diff --git a/changes/bug21369_check b/changes/bug21369_check deleted file mode 100644 index 2cd808c9b6..0000000000 --- a/changes/bug21369_check +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (reliability, crash): - - Try better to detect problems in buffers where they might grow (or - think they have grown) over 2 GB in size. Diagnostic for bug 21369. diff --git a/changes/bug21415 b/changes/bug21415 deleted file mode 100644 index f0aa72f81f..0000000000 --- a/changes/bug21415 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfix (entry guards): - - Silence a BUG() warning when attempting to use a guard whose descriptor - we don't know and make this scenario more unlikely to happen. Fixes bug - 21415; bugfix on 0.3.0.1-alpha. diff --git a/changes/bug21420 b/changes/bug21420 deleted file mode 100644 index 014404466a..0000000000 --- a/changes/bug21420 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (certificate expiration time): - - Avoid using link certificates that don't become valid till - some time in the future. Fixes bug 21420; bugfix on 0.2.4.11-alpha diff --git a/changes/bug21447 b/changes/bug21447 deleted file mode 100644 index c025b92313..0000000000 --- a/changes/bug21447 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (testing): - - Rename "make fuzz" to "make test-fuzz-corpora", since it doesn't - actually fuzz anything. Fixes bug 21447; bugfix on 0.3.0.3-alpha. - diff --git a/changes/bug21450 b/changes/bug21450 deleted file mode 100644 index a1cf89ab41..0000000000 --- a/changes/bug21450 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (voting consistency): - - Reject version numbers with components that exceed INT32_MAX. - Otherwise 32-bit and 64-bit platforms would behave inconsistently. - Fixes bug 21450; bugfix on 0.0.8pre1. diff --git a/changes/bug21471 b/changes/bug21471 deleted file mode 100644 index 684035b19c..0000000000 --- a/changes/bug21471 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes (hidden service directory v3): - - When a descriptor lookup was done and it was not found in the directory - cache, it would crash on a NULL pointer instead of returning the 404 - code back to the client like it was suppose to. Fixes bug 21471.; - bugfixes on tor-0.3.0.1-alpha. diff --git a/changes/bug21472 b/changes/bug21472 deleted file mode 100644 index f31ec9157e..0000000000 --- a/changes/bug21472 +++ /dev/null @@ -1,3 +0,0 @@ - o Documentation: - - Small fixes to the fuzzing documentation. Closes ticket - 21472. diff --git a/changes/bug21492 b/changes/bug21492 deleted file mode 100644 index 2ed7947771..0000000000 --- a/changes/bug21492 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (correctness): - - Remove a redundant check for the UseEntryGuards option from the - options_transition_affects_guards() function. Fixes bug 21492; - bugfix on 0.3.0.1-alpha. - diff --git a/changes/bug21507 b/changes/bug21507 deleted file mode 100644 index f83e291b63..0000000000 --- a/changes/bug21507 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (voting consistency): - - Reject version numbers with non-numeric prefixes (such as +, -, and - whitespace). Disallowing whitespace prevents differential version - parsing between POSIX-based and Windows platforms. - Fixes bug 21507 and part of 21508; bugfix on 0.0.8pre1. diff --git a/changes/bug21553 b/changes/bug21553 deleted file mode 100644 index 6ffa3e29a2..0000000000 --- a/changes/bug21553 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes (hidden service): - - When encoding a legacy ESTABLISH_INTRO cell, we were using the sizeof() - on a pointer instead of real size of the destination buffer leading to - an overflow passing an enormous value to the signing digest function. - Fortunately, that value was only used to make sure the destination - buffer length was big enough for the key size and in this case it was. - Fixes bug 21553; bugfix on tor-0.3.0.1-alpha. diff --git a/changes/bug21562 b/changes/bug21562 deleted file mode 100644 index 48396a00e7..0000000000 --- a/changes/bug21562 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (testing): - - Use bash in src/test/test-network.sh. This ensures we reliably call - chutney's newer tools/test-network.sh when available. - Fixes bug 21562; bugfix on tor-0.2.9.1-alpha. diff --git a/changes/bug21576 b/changes/bug21576 deleted file mode 100644 index 68d8471192..0000000000 --- a/changes/bug21576 +++ /dev/null @@ -1,4 +0,0 @@ - o Major bugfixes (crash, directory connections): - - Fix a rare crash when sending a begin cell on a circuit whose linked - directory connection has already been closed. Fixes bug 21576; - bugfix on Tor 0.2.9.3-alpha. Reported by alecmuffett. diff --git a/changes/bug21581 b/changes/bug21581 deleted file mode 100644 index 1077719856..0000000000 --- a/changes/bug21581 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (testing): - - Restore support for test-network.sh on BSD and other systems without - bash. (But use bash if it's available.) This is a workaround until we - remove bash-specific code in 19699. - Fixes bug 21581; bugfix on 21562, not in any released version of tor. diff --git a/changes/bug21594 b/changes/bug21594 deleted file mode 100644 index e624d1226d..0000000000 --- a/changes/bug21594 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (hidden services): - - Make hidden services with 8 to 10 introduction points check for failed - circuits immediately after startup. Previously, they would wait for 5 - minutes before performing their first checks. Fixes bug 21594; bugfix on - commit 190aac0eab9 in Tor 0.2.3.9-alpha. Reported by alecmuffett. diff --git a/changes/bug21596 b/changes/bug21596 deleted file mode 100644 index ec0a46bb81..0000000000 --- a/changes/bug21596 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (hidden services): - - Make hidden services check for failed intro point connections, even when - they have exceeded their intro point creation limit. Fixes bug 21596; - bugfix on commit d67bf8b2f23 in Tor 0.2.7.2-alpha. Reported by - alecmuffett. diff --git a/changes/bug21682 b/changes/bug21682 deleted file mode 100644 index ab7126e4d6..0000000000 --- a/changes/bug21682 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (memory leaks): - - Fix a memory leak when using GETCONF on a port option. - Fixes bug 21682; bugfix on 0.3.0.3-alpha. diff --git a/changes/bug21720 b/changes/bug21720 deleted file mode 100644 index 6d2fbcf711..0000000000 --- a/changes/bug21720 +++ /dev/null @@ -1,5 +0,0 @@ - o Documentation: - - Update the description of the directory server options in the manual - page, to clarify that DirPort is no longer necessary to be a directory - cache. Closes ticket 21720. - diff --git a/changes/bug21771 b/changes/bug21771 deleted file mode 100644 index f814c75c0b..0000000000 --- a/changes/bug21771 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (guard selection): - - Fix a guard selection bug where Tor would refuse to bootstrap in some - cases if the user swapped a bridge for another bridge in their - configuration file. - Fixes bug 21771; bugfix on 0.3.0.1-alpha. Reported by "torvlnt33r". diff --git a/changes/bug21799 b/changes/bug21799 deleted file mode 100644 index ee2e904a35..0000000000 --- a/changes/bug21799 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (tests): - - Run the entry_guard_parse_from_state_full test with the time set - to a specific date. (The guard state that this test was parsing - contained guards that had expired since the test was first - written.) Fixes bug 21799; bugfix on 0.3.0.1-alpha. - diff --git a/changes/bug21825 b/changes/bug21825 deleted file mode 100644 index 8f14b32f84..0000000000 --- a/changes/bug21825 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfix (compilation): - - Functions in hs_service.c was only compiled for unit test making the - created object (.o) contain no symbols in src/or/libor.a resulting in a - compilation warning from clang. We now expose those functions for the - unit tests. This will be changed in 0.3.2 release. Fixes bug 21825.; - bugfix on tor-0.3.0.1-alpha. diff --git a/changes/bug21894_029 b/changes/bug21894_029 deleted file mode 100644 index e3a84fa721..0000000000 --- a/changes/bug21894_029 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (crash prevention): - - Fix an (currently untriggerable, but potentially dangerous) crash - bug when base32-encoding inputs whose sizes are not a multiple of - 5. Fixes bug 21894; bugfix on 0.2.9.1-alpha. - diff --git a/changes/bug21943 b/changes/bug21943 deleted file mode 100644 index dbe2c726d9..0000000000 --- a/changes/bug21943 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (Linux seccomp2 sandbox): - - The getpid() system call is now permitted under the Linux seccomp2 - sandbox, to avoid crashing with versions of OpenSSL (and other - libraries) that attempt to learn the process's PID by using the - syscall rather than the VDSO code. Fixes bug 21943; bugfix on - 0.2.5.1-alpha. diff --git a/changes/bug21969 b/changes/bug21969 deleted file mode 100644 index 9b116fc4cc..0000000000 --- a/changes/bug21969 +++ /dev/null @@ -1,3 +0,0 @@ - o Major bugfixes (entry guards): - - Don't block bootstrapping when a primary bridge is offline and we can't - get its descriptor. Fixes bug 21969; bugfix on 0.3.0.3-alpha. diff --git a/changes/bug22034 b/changes/bug22034 deleted file mode 100644 index 6d9e188740..0000000000 --- a/changes/bug22034 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (control port, regression): - - The GETINFO extra-info/digest/<digest> command was broken because of a - wrong base16 decode return value check. In was introduced in a refactor - of that API. Fixex bug #22034; bugfix on tor-0.2.9.1-alpha. diff --git a/changes/bug22159 b/changes/bug22159 new file mode 100644 index 0000000000..c319c7e322 --- /dev/null +++ b/changes/bug22159 @@ -0,0 +1,7 @@ + o Minor bugfixes (hidden service): + - A service is allowed to open a maximum number of circuits for a specific + period of time. That value was lower than it should be (8 vs 12) in the + normal case of 3 introduction points. Fixes bug 22159.; bugfix on + tor-0.3.0.5-rc. + - Rate limit the log if we ever go above the maximum number of allowed + intro circuits. Fixes bug 22159.; bugfix on tor-0.3.1.1-alpha. diff --git a/changes/bug22212 b/changes/bug22212 new file mode 100644 index 0000000000..f92d6701d3 --- /dev/null +++ b/changes/bug22212 @@ -0,0 +1,5 @@ + o Minor bugfixes (netflow padding logging): + - Demote a warn that was caused by libevent delays to info if + the padding is less than 4.5 seconds late, or notice if it is more + (4.5 seconds is the amount of time that a netflow record might + be emitted after, if we chose the maximum timeout). Fixes bug #22212. diff --git a/changes/bug22245 b/changes/bug22245 deleted file mode 100644 index 6ae18593ea..0000000000 --- a/changes/bug22245 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (bandwidth accounting): - - Roll over monthly accounting at the configured hour and minute, - rather than always at 00:00. - Fixes bug 22245; bugfix on 0.0.9rc1. - Found by Andrey Karpov with PVS-Studio. diff --git a/changes/bug22246 b/changes/bug22246 deleted file mode 100644 index dbdf31a433..0000000000 --- a/changes/bug22246 +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfixes (hidden service directory, security): - - Fix an assertion failure in the hidden service directory code, which - could be used by an attacker to remotely cause a Tor relay process to - exit. Relays running earlier versions of Tor 0.3.0.x should upgrade. - This security issue is tracked as tracked as - TROVE-2017-002. Fixes bug 22246; bugfix on 0.3.0.1-alpha. diff --git a/changes/bug22252 b/changes/bug22252 deleted file mode 100644 index 42b9d8e095..0000000000 --- a/changes/bug22252 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (configuration): - - Do not crash when starting with LearnCircuitBuildTimeout 0. - Fixes bug 22252; bugfix on 0.2.9.3-alpha. diff --git a/changes/bug22286 b/changes/bug22286 new file mode 100644 index 0000000000..f72e8fe2c7 --- /dev/null +++ b/changes/bug22286 @@ -0,0 +1,3 @@ + o Minor features (tests): + - Add a couple more tests for compression backend initialization. + Closes ticket 22286. diff --git a/changes/bug22347 b/changes/bug22347 new file mode 100644 index 0000000000..f294ba0a2d --- /dev/null +++ b/changes/bug22347 @@ -0,0 +1,2 @@ + o Documentation: + - Add a manpage description for the key-pinning-journal file. diff --git a/changes/bug22356 b/changes/bug22356 new file mode 100644 index 0000000000..0082b542be --- /dev/null +++ b/changes/bug22356 @@ -0,0 +1,5 @@ + o Minor bugfixes (logging, relay): + - Downgrade "assigned_to_cpuworker failed" message to INFO-level + severity. In every case that can reach it, either a better warning + has already been logged, or no warning is warranted. Fixes bug 22356; + bugfix on 0.2.6.3-alpha. diff --git a/changes/bug22370 b/changes/bug22370 deleted file mode 100644 index e0e87e3339..0000000000 --- a/changes/bug22370 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (memory handling): - - When directory authorities reject a router descriptor due to keypinning, - free the router descriptor rather than leaking the memory. - Fixes bug 22370; bugfix on 0.2.7.2-alpha. diff --git a/changes/bug22447 b/changes/bug22447 deleted file mode 100644 index f5649d633c..0000000000 --- a/changes/bug22447 +++ /dev/null @@ -1,3 +0,0 @@ - o Major bugfixes (hidden service v3): - - HSDir failed to validate the encrypted size of a v3 descriptor and thus - rejecting it. Fixes bug 22447; bugfix on tor-0.3.0.1-alpha. diff --git a/changes/bug22460_case1 b/changes/bug22460_case1 deleted file mode 100644 index cfe78ad791..0000000000 --- a/changes/bug22460_case1 +++ /dev/null @@ -1,16 +0,0 @@ - o Major bugfixes (relays, key management): - - Regenerate link and authentication certificates whenever the key that - signs them changes; also, regenerate link certificates whenever the - signed key changes. Previously, these processes were only weakly - coupled, and we relays could (for minutes to hours) wind up with an - inconsistent set of keys and certificates, which other relays - would not accept. Fixes two cases of bug 22460; bugfix on - 0.3.0.1-alpha. - - When sending an Ed25519 signing->link certificate in a CERTS cell, - send the certificate that matches the x509 certificate that we used - on the TLS connection. Previously, there was a race condition if - the TLS context rotated after we began the TLS handshake but - before we sent the CERTS cell. Fixes a case of bug 22460; bugfix - on 0.3.0.1-alpha. - - diff --git a/changes/bug22460_case2 b/changes/bug22460_case2 deleted file mode 100644 index 0a11759832..0000000000 --- a/changes/bug22460_case2 +++ /dev/null @@ -1,8 +0,0 @@ - o Major bugfixes (relay, link handshake): - - - When performing the v3 link handshake on a TLS connection, report that - we have the x509 certificate that we actually used on that connection, - even if we have changed certificates since that connection was first - opened. Previously, we would claim to have used our most recent x509 - link certificate, which would sometimes make the link handshake fail. - Fixes one case of bug 22460; bugfix on 0.2.3.6-alpha. diff --git a/changes/bug22466_regenerate b/changes/bug22466_regenerate deleted file mode 100644 index 8dbda89c8f..0000000000 --- a/changes/bug22466_regenerate +++ /dev/null @@ -1,8 +0,0 @@ - o Minor bugfixes (link handshake): - - Lower the lifetime of the RSA->Ed25519 cross-certificate to - six months, and regenerate it when it is within one month of expiring. - Previously, we had generated this certificate at startup with - a ten-year lifetime, but that could lead to weird behavior when - Tor was started with a grossly inaccurate clock. Mitigates - bug 22466; mitigation on 0.3.0.1-alpha. - diff --git a/changes/bug22490 b/changes/bug22490 deleted file mode 100644 index 244dd50b36..0000000000 --- a/changes/bug22490 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (correctness): - - Avoid undefined behavior when parsing IPv6 entries from the geoip6 - file. Fixes bug 22490; bugfix on 0.2.4.6-alpha. diff --git a/changes/bug22502_part1 b/changes/bug22502_part1 new file mode 100644 index 0000000000..bd95b7c7c4 --- /dev/null +++ b/changes/bug22502_part1 @@ -0,0 +1,12 @@ + o Major bugfixes (compression, zstd): + - Correctly detect a full buffer when decompessing a large + zstd-compressed input. Fixes bug 22628; bugfix on 0.3.1.1-alpha. + + o Minor bugfixes (compression): + - When compressing or decompressing a buffer, check for a failure to + create a compression object. Fixes bug 22626; bugfix on + 0.3.1.1-alpha. + + - When decompressing a buffer, check for extra data after the end of + the compressed data. Fixes bug 22629; bugfix on 0.3.1.1-alpha. + diff --git a/changes/bug22520 b/changes/bug22520 new file mode 100644 index 0000000000..cc14f7214c --- /dev/null +++ b/changes/bug22520 @@ -0,0 +1,5 @@ + o Minor bugfixes (error reporting, windows): + - When formatting Windows error messages, use the English format + to avoid codepage issues. Fixes bug 22520; bugfix on + 0.1.2.8-alpha. Patch from "Vort". + diff --git a/changes/bug22669 b/changes/bug22669 new file mode 100644 index 0000000000..804a39e781 --- /dev/null +++ b/changes/bug22669 @@ -0,0 +1,4 @@ + o Minor bugfixes (compression): + - When serving directory votes compressed with zlib, + do not claim to have compressed them with zstd. Fixes bug 22669; + bugfix on 0.3.1.1-alpha. diff --git a/changes/bug22670 b/changes/bug22670 new file mode 100644 index 0000000000..47403277d2 --- /dev/null +++ b/changes/bug22670 @@ -0,0 +1,4 @@ + o Minor bugfixes (logging, compression): + - When decompressing, do not warn if we fail to decompress using a + compression method that we merely guessed. Fixes part of + bug 22670; bugfix on 0.1.1.14-alpha. diff --git a/changes/bug22670_02 b/changes/bug22670_02 new file mode 100644 index 0000000000..3e7a428faf --- /dev/null +++ b/changes/bug22670_02 @@ -0,0 +1,4 @@ + o Minor bugfixes (logging, compression): + - When decompressing, treat mismatch between content-encoding and + actual compression type as a protocol warning. Fixes part of bug + 22670; bugfix on 0.1.1.9-alpha. diff --git a/changes/bug22670_03 b/changes/bug22670_03 new file mode 100644 index 0000000000..8a7aa49bcd --- /dev/null +++ b/changes/bug22670_03 @@ -0,0 +1,6 @@ + o Minor bugfixes (compression): + - When decompressing an object received over an anonymous directory + connection, if we have already successfully decompressed it using an + acceptable compression method, do not reject it for looking like an + unacceptable compression method. Fixes part of bug 22670; bugfix on + 0.3.1.1-alpha. diff --git a/changes/bug22672 b/changes/bug22672 new file mode 100644 index 0000000000..ec6681149d --- /dev/null +++ b/changes/bug22672 @@ -0,0 +1,5 @@ + o Minor features (compression, defensive programming): + - Detect and break out of infinite loops in our compression code. + We don't think that any such loops exist now, but it's best to be + safe. Closes ticket 22672. + diff --git a/changes/bug22702 b/changes/bug22702 new file mode 100644 index 0000000000..a2044c70bf --- /dev/null +++ b/changes/bug22702 @@ -0,0 +1,5 @@ + o Major bugfixes (directory protocol): + - Ensure that we sent "304 Not modified" as HTTP status code when a + client is attempting to fetch a consensus or consensus diff that + matches the latest consensus we have available. Fixes bug 22702; + bugfix on 0.3.1.1-alpha. diff --git a/changes/bug22719 b/changes/bug22719 new file mode 100644 index 0000000000..bfcda0a4e1 --- /dev/null +++ b/changes/bug22719 @@ -0,0 +1,7 @@ + o Minor bugfixes (compression): + - When spooling compressed data to an output buffer, don't try to + spool more data when there is no more data to spool and we are + not trying to flush the input. Previously, we would sometimes + launch compression requests with nothing to do, which interferes + with our 22672 checks. Fixes bug 22719; bugfix on 0.2.0.16-alpha. + diff --git a/changes/bug22720 b/changes/bug22720 new file mode 100644 index 0000000000..4893b577f0 --- /dev/null +++ b/changes/bug22720 @@ -0,0 +1,9 @@ + o Minor bugfixes (process behavior): + - When exiting because of an error, always exit with a nonzero + exit status. Previously, we would fail to report an error in + our exit status in cases related to lockfile contention, + __OwningControllerProcess failure, and Ed25519 key + initialization. Fixes bug 22720; bugfix on versions + 0.2.1.6-alpha, 0.2.2.28-beta, and 0.2.7.2-alpha + respectively. Reported by "f55jwk4f"; patch from "huyvq". + diff --git a/changes/bug22751 b/changes/bug22751 new file mode 100644 index 0000000000..714525c8af --- /dev/null +++ b/changes/bug22751 @@ -0,0 +1,5 @@ + o Major bugfixes (compression): + - Fix crash in LZMA module, when the Sandbox is enabled, where + liblzma would allocate more than 16 MB of memory. We solve this + by bumping the mprotect() limit in the Sandbox module from 16 MB + to 20 MB. Fixes bug 22751; bugfix on 0.3.1.1-alpha. diff --git a/changes/bug22752_simple b/changes/bug22752_simple new file mode 100644 index 0000000000..7e60357052 --- /dev/null +++ b/changes/bug22752_simple @@ -0,0 +1,6 @@ + o Major bugfixes (windows, directory cache): + - On windows, do not try to delete cached consensus documents and + diffs, until they unmapped from memory. Allow the diff storage + directory to grow larger in order to handle files that might + need to stay around longer. Fixes bug 22752; bugfix on + 0.3.1.1-alpha. diff --git a/changes/bug22830 b/changes/bug22830 new file mode 100644 index 0000000000..123b725aff --- /dev/null +++ b/changes/bug22830 @@ -0,0 +1,5 @@ + o Minor bugfixes: + - Fix a problem with Rust toolchains not being found when building + without --enable-cargo-online-mode, due to setting the $HOME + environment variable instead of $CARGO_HOME. Fixes bug 22830; + fix by Chelsea Komlo. Bugfix on 0.3.1.1-alpha. diff --git a/changes/bug22838_028 b/changes/bug22838_028 deleted file mode 100644 index 1d0a4fbfd1..0000000000 --- a/changes/bug22838_028 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (compilation, mingw, backport from 0.3.1.1-alpha): - - Backport a fix for an "unused variable" warning that appeared - in some versions of mingw. Fixes bug 22838; bugfix on - 0.2.8.1-alpha. - diff --git a/changes/bug22883-config b/changes/bug22883-config new file mode 100644 index 0000000000..d60594d9ae --- /dev/null +++ b/changes/bug22883-config @@ -0,0 +1,7 @@ + o Minor features (directory cache, consensus diff): + - Add a new MaxConsensusAgeForDiffs option to allow directory cache + operators with low-resource environments to adjust the number of + consensuses they'll store and generate diffs from. Most cache operators + should leave it unchanged. Helps to work around bug 22883. + + diff --git a/changes/bug22883-priority b/changes/bug22883-priority new file mode 100644 index 0000000000..4b3531c30b --- /dev/null +++ b/changes/bug22883-priority @@ -0,0 +1,8 @@ + o Major bugfixes (relay, performance): + + - Perform circuit handshake operations at a higher priority than we use + for consensus diff creation and compression. This should prevent + circuits from starving when a relay or bridge receive a new consensus, + especially on lower-powered machines. Fixes bug 22883; bugfix on + 0.3.1.1-alpha. + diff --git a/changes/bug22892 b/changes/bug22892 new file mode 100644 index 0000000000..9a70cb0576 --- /dev/null +++ b/changes/bug22892 @@ -0,0 +1,4 @@ + o Minor bugfixes (compilation): + - Compile correctly when both openssl 1.1.0 and libscrypt are detected. + Previously this would cause an error. Fixes bug 22892; bugfix on + 0.3.1.1-alpha. diff --git a/changes/bug22927 b/changes/bug22927 new file mode 100644 index 0000000000..6e68e6ff08 --- /dev/null +++ b/changes/bug22927 @@ -0,0 +1,6 @@ + o Minor bugfixes (compatibility, zstd): + - Write zstd epilogues correctly when the epilogue requires reallocation + of the output buffer, even with zstd 1.3.0. (Previously, + we worked on 1.2.0 and failed with 1.3.0). Fixes bug 22927; bugfix on + 0.3.1.1-alpha. + diff --git a/changes/bug23053 b/changes/bug23053 new file mode 100644 index 0000000000..082e239409 --- /dev/null +++ b/changes/bug23053 @@ -0,0 +1,5 @@ + o Minor bugfixes (memory leak): + - Fix a small memory leak when validating a configuration that + uses two or more AF_UNIX sockets for the same port type. + Fixes bug 23053; bugfix on 0.2.6.3-alpha. This is CID + 1415725. diff --git a/changes/bug23071 b/changes/bug23071 new file mode 100644 index 0000000000..4756dd6252 --- /dev/null +++ b/changes/bug23071 @@ -0,0 +1,5 @@ + o Minor bugfixes (tests): + - Port the hs_ntor handshake test to work correctly with recent + versions of the pysha3 module. Fixes bug 23071; bugfix on + 0.3.1.1-alpha. + diff --git a/changes/bug23077 b/changes/bug23077 new file mode 100644 index 0000000000..5ed1c56742 --- /dev/null +++ b/changes/bug23077 @@ -0,0 +1,4 @@ + o Minor bugfixes (unit tests): + - Fix a channelpadding unit test failure on extremely slow systems + by using mocked time instead of actual time. Fixes bug 23077; bugfix on + 0.3.1.1-alpha. diff --git a/changes/bug23105-diagnostic b/changes/bug23105-diagnostic new file mode 100644 index 0000000000..8ba4931e36 --- /dev/null +++ b/changes/bug23105-diagnostic @@ -0,0 +1,4 @@ + o Minor features (diagnostic): + - Add a stack trace to the bug warnings that can be logged when + trying to send an outgoing relay cell with n_chan == 0. + Diagnostic attempt for bug 23105. diff --git a/changes/bug23139 b/changes/bug23139 new file mode 100644 index 0000000000..ed63ce85e2 --- /dev/null +++ b/changes/bug23139 @@ -0,0 +1,3 @@ + o Minor bugfixes (directory cache): + - Fix a memory leak in the code that recovers space in the consensus + directory cache. Fixes bug 23139; bugfix on 0.3.1.1-alpha. diff --git a/changes/bug23155 b/changes/bug23155 new file mode 100644 index 0000000000..4c24ab136c --- /dev/null +++ b/changes/bug23155 @@ -0,0 +1,4 @@ + o Minor bugfixes (stability): + - Avoid crashing on double-free when unable to load or process + an included file. Fixes bug 23155; bugfix on 0.3.1.1-alpha. + Found with the clang static analyzer. diff --git a/changes/bug23233 b/changes/bug23233 new file mode 100644 index 0000000000..689a99a2a8 --- /dev/null +++ b/changes/bug23233 @@ -0,0 +1,4 @@ + o Minor bugfixes (hidden service): + - Fix a BUG alert during HSv3 descriptor decoding that could trigger with a + specially crafted descriptor. Fixes bug #23233; bugfix on 0.3.0.1-alpha. + Bug found by "haxxpop". diff --git a/changes/bug23275 b/changes/bug23275 new file mode 100644 index 0000000000..d6c3c47743 --- /dev/null +++ b/changes/bug23275 @@ -0,0 +1,5 @@ + o Minor bugfixes (relay): + - When a relay is not running as a directory cache, it will no longer + generate compressed consensuses and consensus diff information. + Previously, this was a waste of disk and CPU. Fixes bug 23275; + bugfix on 0.3.1.1-alpha. diff --git a/changes/bug23533 b/changes/bug23533 new file mode 100644 index 0000000000..b5bfdc0ce2 --- /dev/null +++ b/changes/bug23533 @@ -0,0 +1,4 @@ + o Minor bugfixes (relay): + - Inform the geoip and rephist modules about all requests, even + on relays that are only fetching microdescriptors. Fixes a bug related + to 21585; bugfix on 0.3.0.1-alpha. diff --git a/changes/bug23551 b/changes/bug23551 new file mode 100644 index 0000000000..2f918bfa3a --- /dev/null +++ b/changes/bug23551 @@ -0,0 +1,3 @@ + o Minor bugfixes (compression): + - Handle a pathological case when decompressing Zstandard data when the + output buffer size is zero. Fixes bug 23551; bugfix on 0.3.1.1-alpha. diff --git a/changes/bug23568 b/changes/bug23568 new file mode 100644 index 0000000000..cac4655687 --- /dev/null +++ b/changes/bug23568 @@ -0,0 +1,4 @@ + o Minor bugfixes (compilation): + - Fix a compilation warning when building with zstd support + on 32-bit platforms. Fixes bug 23568; bugfix on 0.3.1.1-alpha. + Found and fixed by Andreas Stieger. diff --git a/changes/bug23608 b/changes/bug23608 new file mode 100644 index 0000000000..16cf88aa3d --- /dev/null +++ b/changes/bug23608 @@ -0,0 +1,4 @@ + o Minor bugfixes (unit tests): + - Fix additional channelpadding unit test failures by using mocked time + instead of actual time for all tests. Fixes bug 23608; + bugfix on 0.3.1.1-alpha. diff --git a/changes/bug23908 b/changes/bug23908 new file mode 100644 index 0000000000..f641b66bb9 --- /dev/null +++ b/changes/bug23908 @@ -0,0 +1,3 @@ + o Minor bugfixes (directory authority, backport from 0.3.2.1-alpha): + - Remove the length limit on HTTP status lines that authorities can send + in their replies. Fixes bug 23499; bugfix on 0.3.1.6-rc. diff --git a/changes/bug24262 b/changes/bug24262 new file mode 100644 index 0000000000..eee69512e4 --- /dev/null +++ b/changes/bug24262 @@ -0,0 +1,3 @@ + o Minor bugfixes (hidden service): + - Fix the consensus parameter "hsdir-interval" to "hsdir_interval" so it + matches the dir-spec.txt. Fixes bug 24262; bugfix on 0.3.1.1-alpha. diff --git a/changes/diagnose_22752 b/changes/diagnose_22752 new file mode 100644 index 0000000000..b5bda05ec0 --- /dev/null +++ b/changes/diagnose_22752 @@ -0,0 +1,4 @@ + o Minor features (bug mitigation, diagnostics, logging): + - Avoid an assertion failure, and log a better error message, + when unable to remove a file from the consensus cache on + Windows. Attempts to mitigate and diagnose bug 22752. diff --git a/changes/feature21570 b/changes/feature21570 deleted file mode 100644 index 40555eefa9..0000000000 --- a/changes/feature21570 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features (testing): - - During 'make test-network-all', if tor logs any warnings, ask chutney - to output them. Requires a recent version of chutney with the 21572 - patch. - Implements 21570. diff --git a/changes/geoip-april2017 b/changes/geoip-april2017 deleted file mode 100644 index b489eaf016..0000000000 --- a/changes/geoip-april2017 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - Update geoip and geoip6 to the April 4 2017 Maxmind GeoLite2 - Country database. - diff --git a/changes/geoip-february2017 b/changes/geoip-february2017 deleted file mode 100644 index ec54b6122a..0000000000 --- a/changes/geoip-february2017 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - Update geoip and geoip6 to the February 8 2017 Maxmind GeoLite2 - Country database. - diff --git a/changes/geoip-march2017 b/changes/geoip-march2017 deleted file mode 100644 index 6dc92baa2f..0000000000 --- a/changes/geoip-march2017 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - Update geoip and geoip6 to the March 7 2017 Maxmind GeoLite2 - Country database. - diff --git a/changes/geoip-may2017 b/changes/geoip-may2017 deleted file mode 100644 index 4e504d7a0a..0000000000 --- a/changes/geoip-may2017 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2 - Country database. - diff --git a/changes/more-files b/changes/more-files new file mode 100644 index 0000000000..861d6a3143 --- /dev/null +++ b/changes/more-files @@ -0,0 +1,4 @@ + o Documentation: + - Document more of the files in the Tor data directory, including + cached-extrainfo, secret_onion_key{,_ntor}.old, hidserv-stats, + approved-routers, sr-random, and diff-cache. diff --git a/changes/more-threads b/changes/more-threads new file mode 100644 index 0000000000..eae88b70fd --- /dev/null +++ b/changes/more-threads @@ -0,0 +1,3 @@ + o Minor features (relay, performance): + - Always start relays with at least two worker threads, to prevent + priority inversion on slow tasks. Part of the fix for bug 22883. diff --git a/changes/multi-priority b/changes/multi-priority new file mode 100644 index 0000000000..6f19314b53 --- /dev/null +++ b/changes/multi-priority @@ -0,0 +1,5 @@ + o Minor features (relay, thread pool): + - Allow background work to be queued with different priorities, so + that a big pile of slow low-priority jobs will not starve out + higher priority jobs. This lays the groundwork for a fix for bug + 22883. diff --git a/changes/new_requirement_pkgconfig b/changes/new_requirement_pkgconfig new file mode 100644 index 0000000000..503ff58c9e --- /dev/null +++ b/changes/new_requirement_pkgconfig @@ -0,0 +1,5 @@ + o New dependencies: + - To build with zstd and lzma support, Tor now requires the + pkg-config tool at build time. (This requirement was new in + 0.3.1.1-alpha, but was not noted at the time. Noting it here to + close ticket 22623.) diff --git a/changes/prop275-minimal b/changes/prop275-minimal deleted file mode 100644 index 83d42f850b..0000000000 --- a/changes/prop275-minimal +++ /dev/null @@ -1,9 +0,0 @@ - o Minor features (future-proofing): - - - Tor no longer refuses to download microdescriptors or descriptors if - they are listed as "published in the future". This change will - eventually allow us to stop listing meaningful "published" dates - in microdescriptor consensuses, and thereby allow us to reduce the - resources required to download consensus diffs by over 50%. - Implements part of ticket 21642; implements part of proposal 275. - diff --git a/changes/task-22207 b/changes/task-22207 new file mode 100644 index 0000000000..63544834bf --- /dev/null +++ b/changes/task-22207 @@ -0,0 +1,4 @@ + o Minor features: + - Add "fingerprint" line to networkstatus-bridges produced by + bridge authorities. Implements #22207. + diff --git a/changes/ticket20656 b/changes/ticket20656 deleted file mode 100644 index 28192e8978..0000000000 --- a/changes/ticket20656 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor feature (protover): - - Add new protocol version for proposal 224. HSIntro now advertises - version "3-4" and HSDir version "1-2". Fixes ticket 20656. diff --git a/changes/ticket21564 b/changes/ticket21564 deleted file mode 100644 index 7e01f41f8f..0000000000 --- a/changes/ticket21564 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor features (fallback directory list): - - Replace the 177 fallbacks originally introduced in Tor 0.2.9.8 in - December 2016 (of which ~126 were still functional), with a list of - 151 fallbacks (32 new, 119 existing, 58 removed) generated in - May 2017. - Resolves ticket 21564. diff --git a/changes/ticket21953 b/changes/ticket21953 deleted file mode 100644 index 7cc84f506d..0000000000 --- a/changes/ticket21953 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor features: - - Enable a couple of pieces of Windows hardening: one - (HeapEnableTerminationOnCorruption) that has been on-by-default since - Windows 8, and unavailable before Windows 7, and one - (PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION) which we believe doesn't - affect us, but shouldn't do any harm. Closes ticket 21953. diff --git a/changes/ticket22348 b/changes/ticket22348 new file mode 100644 index 0000000000..49ae94cdf3 --- /dev/null +++ b/changes/ticket22348 @@ -0,0 +1,5 @@ + o Minor features (directory authority): + - Improve the message that authorities report to relays when + the RSA/Ed25519 key pair they present conflicts with a previously + pinned key. Closes ticket 22348. + diff --git a/changes/ticket22870 b/changes/ticket22870 new file mode 100644 index 0000000000..07cc8a1d04 --- /dev/null +++ b/changes/ticket22870 @@ -0,0 +1,5 @@ + o Minor bugfixes (consensus diff): + - test_consdiff_base64cmp would fail on OS X because while OS X + follows the standard of (less than zero/zero/greater than zero), + it doesn't follow the convention of (-1/0/+1). Make the test + comply with the standard. Fixes bug 22870; bugfix on 0.3.1.1-alpha. diff --git a/changes/trove-2017-001.2 b/changes/trove-2017-001.2 deleted file mode 100644 index 3ef073cf9f..0000000000 --- a/changes/trove-2017-001.2 +++ /dev/null @@ -1,8 +0,0 @@ - o Major bugfixes (parsing): - - Fix an integer underflow bug when comparing malformed Tor versions. - This bug is harmless, except when Tor has been built with - --enable-expensive-hardening, which would turn it into a crash; - or on Tor 0.2.9.1-alpha through Tor 0.2.9.8, which were built with - -ftrapv by default. - Part of TROVE-2017-001. Fixes bug 21278; bugfix on - 0.0.8pre1. Found by OSS-Fuzz. diff --git a/changes/trove-2017-004 b/changes/trove-2017-004 deleted file mode 100644 index af1567f220..0000000000 --- a/changes/trove-2017-004 +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfixes (hidden service, relay, security): - - Fix an assertion failure when a hidden service handles a - malformed BEGIN cell. This bug resulted in the service crashing - triggered by a tor_assert(). Fixes bug 22493, tracked as - TROVE-2017-004 and as CVE-2017-0375; bugfix on 0.3.0.1-alpha. - Found by armadev. diff --git a/changes/trove-2017-005 b/changes/trove-2017-005 deleted file mode 100644 index cebb013f86..0000000000 --- a/changes/trove-2017-005 +++ /dev/null @@ -1,7 +0,0 @@ - o Major bugfixes (hidden service, relay, security): - - Fix an assertion failure caused by receiving a BEGIN_DIR cell on - a hidden service rendezvous circuit. Fixes bug 22494, tracked as - TROVE-2017-005 and CVE-2017-0376; bugfix on 0.2.2.1-alpha. Found - by armadev. - - |