diff options
Diffstat (limited to 'changes')
193 files changed, 238 insertions, 851 deletions
diff --git a/changes/abandon-rend-circs-on-newnym b/changes/abandon-rend-circs-on-newnym deleted file mode 100644 index 67cb2dce2f..0000000000 --- a/changes/abandon-rend-circs-on-newnym +++ /dev/null @@ -1,8 +0,0 @@ - o Security fixes: - - Don't attach new streams to old rendezvous circuits after SIGNAL - NEWNYM. Previously, we would keep using an existing rendezvous - circuit if it remained open (i.e. if it were kept open by a - long-lived stream or if a new stream were attached to it before - Tor could notice that it was old and no longer in use and close - it). Bugfix on 0.1.1.15-rc; fixes bug 3375. - diff --git a/changes/bridgepassword b/changes/bridgepassword deleted file mode 100644 index 5f0e250ff6..0000000000 --- a/changes/bridgepassword +++ /dev/null @@ -1,11 +0,0 @@ - o Security fixes: - - When using the debuging BridgePassword field, a bridge authority - now compares alleged passwords by hashing them, then comparing - the result to a digest of the expected authenticator. This avoids - a potential side-channel attack in the previous code, which - had foolishly used strcmp(). Fortunately, the BridgePassword field - *is not in use*, but if it had been, the timing - behavior of strcmp() might have allowed an adversary to guess the - BridgePassword value, and enumerate the bridges. Bugfix on - 0.2.0.14-alpha. Fixes bug 5543. - diff --git a/changes/buffer_bug b/changes/buffer_bug deleted file mode 100644 index 634f609533..0000000000 --- a/changes/buffer_bug +++ /dev/null @@ -1,7 +0,0 @@ - - o Major bugfixes: - - Fix a heap overflow bug that could occur when trying to pull - data into the first chunk of a buffer, when that chunk had - already had some data drained from it. Fixes CVE-2011-2778; - bugfix on 0.2.0.16-alpha. Reported by "Vektor". - diff --git a/changes/bug1240 b/changes/bug1240 deleted file mode 100644 index 657066491c..0000000000 --- a/changes/bug1240 +++ /dev/null @@ -1,8 +0,0 @@ - o Minor bugfixes: - - When running with an older Linux kernel that erroneously responds - to strange nmap behavior by having accept() return successfully - with a zero-length socket, just close the connection. Previously, - we would try harder to learn the remote address: but there was no - such remote address to learn, and our method for trying to learn - it was incorrect. Fixes bugs #1240, #4745, and #4747. Bugfix on - 0.1.0.3-rc. Reported and diagnosed by "r1eo". diff --git a/changes/bug1297a b/changes/bug1297a deleted file mode 100644 index 140b94e3b0..0000000000 --- a/changes/bug1297a +++ /dev/null @@ -1,16 +0,0 @@ - o Major bugfixes: - - Apply circuit timeouts to opened hidden-service-related circuits - based on the correct start time. Previously, we would apply the - circuit build timeout based on time since the circuit's - creation; it was supposed to be applied based on time since the - circuit entered its current state. Bugfix on 0.0.6; fixes part - of bug 1297. - - Use the same circuit timeout for client-side introduction - circuits as for other four-hop circuits. Previously, - client-side introduction circuits were closed after the same - timeout as single-hop directory-fetch circuits; this was - appropriate with the static circuit build timeout in 0.2.1.x and - earlier, but caused many hidden service access attempts to fail - with the adaptive CBT introduced in 0.2.2.2-alpha. Bugfix on - 0.2.2.2-alpha; fixes another part of bug 1297. - diff --git a/changes/bug1345 b/changes/bug1345 deleted file mode 100644 index 0c9375a35d..0000000000 --- a/changes/bug1345 +++ /dev/null @@ -1,13 +0,0 @@ - o Minor bugfixes: - - On SIGHUP, do not clear out all TrackHostExits mappings, client DNS - cache entries, and virtual address mappings: that's what NEWNYM is - for. Bugfix on Tor 0.1.0.1-rc; fixes bug 1345. - - When TrackHostExits is changed from a controller, remove any - mappings for hosts that should no longer have their exits tracked. - Bugfix on Tor 0.1.0.1-rc. - - When VirtualAddrNetwork option is changed from a controller, - remove any mappings for hosts that were automapped to - that network. Bugfix on 0.1.1.19-rc. - - When one of the AutomapHosts* options is changed from a - controller, remove any mappings for hosts that should no longer be - automapped. Bugfix on 0.2.0.1-alpha. diff --git a/changes/bug1352 b/changes/bug1352 deleted file mode 100644 index bde0192401..0000000000 --- a/changes/bug1352 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features - - Rate-limit a warning about failures to download v2 networkstatus - documents. Resolves part of bug 1352. - diff --git a/changes/bug1810 b/changes/bug1810 deleted file mode 100644 index 11e561f7cf..0000000000 --- a/changes/bug1810 +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfixes: - - Don't decide to make a new descriptor when receiving a HUP signal. - This bug has caused a lot of relays to disappear from the consensus - periodically. Fixes the most common case of triggering bug 1810; - bugfix on 0.2.2.7-alpha. - diff --git a/changes/bug1938 b/changes/bug1938 new file mode 100644 index 0000000000..13d2a37776 --- /dev/null +++ b/changes/bug1938 @@ -0,0 +1,4 @@ + o Minor bugfixes: + - When fetching a bridge descriptor from a bridge authority, + always do so anonymously, whether we have been able to open + circuits or not. Partial fix for bug 1938; bugfix on 2.0.7-alpha. diff --git a/changes/bug2297-related b/changes/bug2297-related new file mode 100644 index 0000000000..3d9af110f3 --- /dev/null +++ b/changes/bug2297-related @@ -0,0 +1,6 @@ + o Minor bugfixes: + - Exit nodes don't need to fetch certificates for authorities that + they don't recognize; only directory authorities, bridges, and + caches need to do that. Fix related to bug 2297; bugfix on + 0.2.2.11-alpha. + diff --git a/changes/bug2355 b/changes/bug2355 deleted file mode 100644 index ee0ae4b96a..0000000000 --- a/changes/bug2355 +++ /dev/null @@ -1,8 +0,0 @@ - o Major features: - - If "UseBridges 1" is set and no bridges are configured, Tor will - now refuse to build any circuits until some bridges are set. - If "UseBridges auto" is set, Tor will use bridges if they are - configured and we are not running as a server, but otherwise - will make circuits as usual. The new default is "auto". Patch - by anonym. - diff --git a/changes/bug2355_revert b/changes/bug2355_revert deleted file mode 100644 index 2ded40ad8e..0000000000 --- a/changes/bug2355_revert +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes: - - Revert the UseBridges option to its behavior before 0.2.2.28-beta. - When we changed the default behavior to "use bridges if any are - listed in the torrc", we broke a number of users who had bridges - in their torrc files but who didn't actually want to use them. - Partial resolution for bug 3354. - diff --git a/changes/bug2442 b/changes/bug2442 deleted file mode 100644 index cbcc22bb80..0000000000 --- a/changes/bug2442 +++ /dev/null @@ -1,8 +0,0 @@ - * Minor bugfixes: - - - Demote the 'replay detected' log message emitted when a hidden - service receives the same Diffie-Hellman public key in two - different INTRODUCE2 cells to info level. A normal Tor client - can cause that log message during its normal operation. Bugfix - on 0.2.1.6-alpha; fixes part of bug 2442. - diff --git a/changes/bug2442b b/changes/bug2442b deleted file mode 100644 index 02e1636e91..0000000000 --- a/changes/bug2442b +++ /dev/null @@ -1,8 +0,0 @@ - * Minor bugfixes: - - - Demote the 'INTRODUCE2 cell is too {old,new}' log message to - info level. There is nothing that a hidden service's operator - can do to fix its clients' clocks. Bugfix on 0.2.1.6-alpha; - fixes part of bug 2442. - - diff --git a/changes/bug2503 b/changes/bug2503 deleted file mode 100644 index 50b8bf50c2..0000000000 --- a/changes/bug2503 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - When an HTTPS proxy reports "403 Forbidden", we now explain - what it means rather than calling it an unexpected status code. - Closes bug 2503. Patch from "mikey". diff --git a/changes/bug2574 b/changes/bug2574 deleted file mode 100644 index 5cf2daebfa..0000000000 --- a/changes/bug2574 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Allow nameservers with IPv6 address. Fixes bug 2574. - diff --git a/changes/bug2649a b/changes/bug2649a deleted file mode 100644 index 4ee31ebdb6..0000000000 --- a/changes/bug2649a +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features: - - Add a VoteOnHidServDirectoriesV2 configuration option to allow - directory authorities to abstain from voting on assignment of - the HSDir consensus flag. Related to bug 2649. - diff --git a/changes/bug2649b b/changes/bug2649b deleted file mode 100644 index 1ff14e5569..0000000000 --- a/changes/bug2649b +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - Change the default required uptime for a relay to be accepted as - a HSDir from 24 hours to 25 hours. Bugfix on 0.2.0.10-alpha; - fixes bug 2649. - diff --git a/changes/bug2732-simple b/changes/bug2732-simple deleted file mode 100644 index 367836152d..0000000000 --- a/changes/bug2732-simple +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes - - Do not reject hidden service descriptors simply because we don't - think we have not been assigned the HSDir flag. Clients and - hidden services can have a more up-to-date view of the network - consensus, and if they think that the directory authorities - list us a HSDir, we might actually be one. Related to bug 2732; - bugfix on 0.2.0.10-alpha. diff --git a/changes/bug2748 b/changes/bug2748 deleted file mode 100644 index b522560a92..0000000000 --- a/changes/bug2748 +++ /dev/null @@ -1,10 +0,0 @@ - o Minor bugfixes - - Remove dead code from rend_cache_lookup_v2_desc_as_dir. Fixes - part of bug 2748; bugfix on 0.2.0.10-alpha. - - Log malformed requests for rendezvous descriptors as protocol - warnings, not warnings. Also, use a more informative log - message in case someone sees it at log level warning without - prior info-level messages. Fixes the other part of bug 2748; - bugfix on 0.2.0.10-alpha. - - diff --git a/changes/bug2752 b/changes/bug2752 deleted file mode 100644 index b872d3374a..0000000000 --- a/changes/bug2752 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features: - - Tor used to limit HttpProxyAuthenticator values to 48 characters. - Changed the limit to 512 characters by removing base64 newlines. - Fixes bug 2752. Fix by Michael Yakubovich. - diff --git a/changes/bug2792_checkdir b/changes/bug2792_checkdir deleted file mode 100644 index 10de1deb2d..0000000000 --- a/changes/bug2792_checkdir +++ /dev/null @@ -1,8 +0,0 @@ - o Minor features: - - Tor now refuses to create a ControlSocket in a directory that is - world-readable (or group-readable if ControlSocketsGroupWritable - is 0). This is necessary because some operating systems do not - check the permissions on an AF_UNIX socket when programs try to - connect to it. Checking permissions on the directory holding - the socket, however, seems to work everywhere. - diff --git a/changes/bug2822.1 b/changes/bug2822.1 new file mode 100644 index 0000000000..9c4016d059 --- /dev/null +++ b/changes/bug2822.1 @@ -0,0 +1,5 @@ + o Minor features: + + - Rate-limit log messages when asked to connect anonymously to a private + address. When these hit, they tended to hit fast and often. Partial + fix for bug 2822. diff --git a/changes/bug2822.2 b/changes/bug2822.2 new file mode 100644 index 0000000000..373741ca75 --- /dev/null +++ b/changes/bug2822.2 @@ -0,0 +1,6 @@ + o Minor features: + + - Don't bother trying to connect to addresses that we are sure will + resolve to 127.0.0.1: Getting 127.0.0.1 in a reply makes us think + we have been lied to, even when the address the client tried to + connect to was "localhost." Partial fix for bug 2822. diff --git a/changes/bug2850 b/changes/bug2850 deleted file mode 100644 index 77ccbfa25d..0000000000 --- a/changes/bug2850 +++ /dev/null @@ -1,5 +0,0 @@ - - Minor features - o Set SO_REUSEADDR on all sockets, not just listeners. This should - help busy exit nodes avoid running out of useable ports just because - all the ports have been used in the near past. Resolves issue 2850. - diff --git a/changes/bug2954_more b/changes/bug2954_more new file mode 100644 index 0000000000..68fdf138ee --- /dev/null +++ b/changes/bug2954_more @@ -0,0 +1,4 @@ + o Minor bugfixes: + - If we fail to write a microdescriptor to disk, do not continue + replacing the old microdescriptor file. Fix for bug 2954; bugfix + on 0.2.2.6-alpha. diff --git a/changes/bug2972 b/changes/bug2972 deleted file mode 100644 index 26afcca421..0000000000 --- a/changes/bug2972 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features: - - Allow ControlSockets to be group-writable when the - ControlSocksGroupWritable configuration option is turned on. Patch - by Jérémy Bobbio; implements ticket 2972. - diff --git a/changes/bug2988 b/changes/bug2988 new file mode 100644 index 0000000000..aa141e8c97 --- /dev/null +++ b/changes/bug2988 @@ -0,0 +1,10 @@ + o Minor features: + - The advertised platform of a router now includes only its + operating system's name (e.g., "Linux", "Darwin", "Windows 7"), + and not its service pack level (for Windows), or its CPU + architecture (for Unix). This is part of ticket 2988. + - Do not include the (git-XYZ) tag in published server descriptor + platform lines. This is part of ticket 2988. + - Allow packagers to insert an extra string in server descriptor + platform lines by setting the preprocessor variable TOR_BUILD_TAG. + This is part of ticket 2988. diff --git a/changes/bug3019 b/changes/bug3019 deleted file mode 100644 index 4df709fb3b..0000000000 --- a/changes/bug3019 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes: - - Do not reset the bridge descriptor download status every time we - re-parse our configuration or get a configuration change. Fixes - bug 3019; bugfix on Tor 0.2.0.3-alpha. diff --git a/changes/bug3022 b/changes/bug3022 deleted file mode 100644 index 9472e6d196..0000000000 --- a/changes/bug3022 +++ /dev/null @@ -1,6 +0,0 @@ - o Removed features - - Caches no longer download and serve v2 networkstatus documents - unless FetchV2Networkstatus flag is set: these documents haven't - haven't been used by clients or relays since 0.2.0.x. Resolves - bug 3022. - diff --git a/changes/bug3026 b/changes/bug3026 deleted file mode 100644 index c0c0a3860a..0000000000 --- a/changes/bug3026 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (directory authority) - - Do not upload our own vote or signature set to ourself. It would - tell us nothing new. Also, as of Tor 0.2.2.24-alpha, we started - to warn about receiving duplicate votes. Resolves bug 3026. diff --git a/changes/bug3045 b/changes/bug3045 deleted file mode 100644 index 1cbcabaff6..0000000000 --- a/changes/bug3045 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor features: - - Revise most log messages that refer to nodes by nickname to - instead use the "$key=nickname at address" format. This should be - more useful, especially since nicknames are less and less likely - to be unique. Fixes bug 3045. - diff --git a/changes/bug3122_memcmp b/changes/bug3122_memcmp deleted file mode 100644 index a049476743..0000000000 --- a/changes/bug3122_memcmp +++ /dev/null @@ -1,7 +0,0 @@ - o Security fixes - - Replace all potentially sensitive memory comparison operations - with versions whose runtime does not depend on the data being - compared. This will help resist a class of attacks where an - adversary can use variations in timing information to learn - sensitive data. Fix for one case of bug 3122. (Safe memcmp - implementation by Robert Ransom based partially on code by DJB.) diff --git a/changes/bug3135 b/changes/bug3135 deleted file mode 100644 index d761123480..0000000000 --- a/changes/bug3135 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes - - Do not crash when our configuration file becomes unreadable - (usually due to a permissions change) between when we start - up and when a controller calls SAVECONF. Fixes bug 3135; - bugfix on 0.0.9pre6. - diff --git a/changes/bug3175 b/changes/bug3175 deleted file mode 100644 index 3360fbce00..0000000000 --- a/changes/bug3175 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes: - - Resolve an untriggerable issue in smartlist_string_num_isin(), - where if the function had ever in the future been used to check - for the presence of a too-large number, it would have given an - incorrect result. (Fortunately, we only used it for 16-bit - values.) Fixes bug 3175; bugfix on Tor 0.1.0.1-rc. - diff --git a/changes/bug3196 b/changes/bug3196 new file mode 100644 index 0000000000..9321022675 --- /dev/null +++ b/changes/bug3196 @@ -0,0 +1,7 @@ + o Minor features: + - Raise the threshold of server descriptors needed (75%) and exit + server descriptors needed (50%) before we will declare ourselves + bootstrapped. This will make clients declare completion a little + later, but makes the initially constructed circuits less weird + and less in conflict with directory connections. Fixes ticket + #3196. diff --git a/changes/bug3198 b/changes/bug3198 deleted file mode 100644 index 29c16852e1..0000000000 --- a/changes/bug3198 +++ /dev/null @@ -1,4 +0,0 @@ - o Major bugfixes: - - When we configure a new bridge via the controller, don't wait up - to ten seconds before trying to fetch its descriptor. Bugfix on - 0.2.0.3-alpha; fixes bug 3198 (suggested by 2355). diff --git a/changes/bug3200 b/changes/bug3200 deleted file mode 100644 index a80d51633e..0000000000 --- a/changes/bug3200 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes: - - When a client starts or stops using bridges, never use a circuit - that was built before the configuration change. This behavior could - put at risk a user who uses bridges to ensure that her traffic - only goes to the chosen addresses. Bugfix on 0.2.0.3-alpha; fixes - bug 3200. diff --git a/changes/bug3207 b/changes/bug3207 deleted file mode 100644 index 65a7dac1ab..0000000000 --- a/changes/bug3207 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes: - - Require that onion keys have exponent 65537 in microdescriptors too. - Fixes part of bug 3207; bugfix on 0.2.2.25-alpha - diff --git a/changes/bug3208 b/changes/bug3208 deleted file mode 100644 index fd737ba695..0000000000 --- a/changes/bug3208 +++ /dev/null @@ -1,6 +0,0 @@ - o Removed options: - - Remove undocumented option "-F" from tor-resolve: it hasn't done - anything since 0.2.1.16-rc. - - o Minor bugfixes: - - Fix warnings from GCC 4.6's "-Wunused-but-set-variable" option. diff --git a/changes/bug3213 b/changes/bug3213 deleted file mode 100644 index ab7de2d629..0000000000 --- a/changes/bug3213 +++ /dev/null @@ -1,4 +0,0 @@ - o Major bugfixes: - - Fix a crash bug when changing bridges in a running Tor process. - Fixes bug 3213; bugfix on 0.2.2.26-beta. - diff --git a/changes/bug3216 b/changes/bug3216 deleted file mode 100644 index 599b5e162f..0000000000 --- a/changes/bug3216 +++ /dev/null @@ -1,4 +0,0 @@ - o Major bugfixes: - - Don't try to build descriptors if "ORPort auto" is set and we - don't know our actual ORPort yet. Fix for bug 3216; bugfix on - 0.2.2.26-beta. diff --git a/changes/bug3228 b/changes/bug3228 deleted file mode 100644 index 4aca810d3c..0000000000 --- a/changes/bug3228 +++ /dev/null @@ -1,3 +0,0 @@ - o Major bugfixes: - - Resolve a crash that occured when setting BridgeRelay to 1 with - accounting enabled. Fixes bug 3228; bugfix on 0.2.2.18-alpha. diff --git a/changes/bug3252 b/changes/bug3252 deleted file mode 100644 index f85f633fbd..0000000000 --- a/changes/bug3252 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - Relays now log the reason for publishing a new relay descriptor, - so we have a better chance of hunting down the root cause of bug - 1810. Resolves ticket 3252. diff --git a/changes/bug3270 b/changes/bug3270 deleted file mode 100644 index b37bb983cc..0000000000 --- a/changes/bug3270 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes - - Use a wide type to hold sockets when built for 64-bit Windows builds. - Fixes bug 3270. - diff --git a/changes/bug3289 b/changes/bug3289 deleted file mode 100644 index c469796d6e..0000000000 --- a/changes/bug3289 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - Warn when the user configures two HiddenServiceDir lines that point - to the same directory. Bugfix on 0.0.6 (the version introducing - HiddenServiceDir); fixes bug 3289. - diff --git a/changes/bug3296 b/changes/bug3296 new file mode 100644 index 0000000000..31c9eacb60 --- /dev/null +++ b/changes/bug3296 @@ -0,0 +1,5 @@ + o Major bugfixes: + - If we are unable to find any exit that supports our predicted + ports, stop calling them predicted, so that we don't loop and + build hopeless circuits indefinitely. Fix for bug 3296; bugfix + on 0.0.9pre6, which introduced predicted ports. diff --git a/changes/bug3306 b/changes/bug3306 deleted file mode 100644 index f868a24af0..0000000000 --- a/changes/bug3306 +++ /dev/null @@ -1,9 +0,0 @@ - o Minor bugfixes: - - Make our crypto_rand_int() function check the value of its input - correctly. Previously, it accepted values up to UINT_MAX, but - could return a negative number if given a value above INT_MAX+1. - Found by George Kadianakis. Fixes bug 3306; bugfix on 0.2.2pre14. - - - Avoid a segfault when reading a malformed circuit build state - with more than INT_MAX entries. Found by wanoskarnet. Bugfix on - 0.2.2.4-alpha. diff --git a/changes/bug3309 b/changes/bug3309 deleted file mode 100644 index 104056d8e3..0000000000 --- a/changes/bug3309 +++ /dev/null @@ -1,13 +0,0 @@ - o Minor bugfixes: - - Clear the table recording the time of the last request for each - hidden service descriptor from each HS directory on SIGNAL - NEWNYM. Previously, we would clear our HS descriptor cache on - SIGNAL NEWNYM, but if we had previously retrieved a descriptor - (or tried to) from every directory responsible for it, we would - refuse to fetch it again for up to 15 minutes. Bugfix on - 0.2.2.25-alpha; fixes bug 3309. - - o Minor features: - - Log (at info level) when purging pieces of hidden-service-client - state on SIGNAL NEWNYM. - diff --git a/changes/bug3318 b/changes/bug3318 deleted file mode 100644 index 8a3c27825f..0000000000 --- a/changes/bug3318 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes: - - Fix a log message that said "bits" while displaying a value in - bytes. Found by wanoskarnet. Fixes bug 3318; bugfix on - 0.2.0.1-alpha. - - When checking for 1024-bit keys, check for 1024 bits, not 128 - bytes. This allows Tor to correctly discard keys of length - 1017 through 1023. Bugfix on 0.0.9pre5. diff --git a/changes/bug3321 b/changes/bug3321 deleted file mode 100644 index 3605efce2d..0000000000 --- a/changes/bug3321 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes: - - In bug 2511 we fixed a case where you could use an unconfigured - bridge if you had configured it as a bridge the last time you ran - Tor. Now fix another edge case: if you had configured it as a bridge - but then switched to a different bridge via the controller, you - would still be willing to use the old one. Bugfix on 0.2.0.1-alpha; - fixes bug 3321. diff --git a/changes/bug3369 b/changes/bug3369 deleted file mode 100644 index 9c0d0e699a..0000000000 --- a/changes/bug3369 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes: - - When asked about a DNS record type we don't support via a - client DNSPort, reply with NOTIMPL rather than an empty - reply. Patch by intrigeri. Fixes bug 3369; bugfix on 2.0.1-alpha. diff --git a/changes/bug3393 b/changes/bug3393 deleted file mode 100644 index 677bcb7be2..0000000000 --- a/changes/bug3393 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - Fix a bug when using ControlSocketsGroupWritable with User. The - directory's group would be checked against the current group, not - the configured group. Patch by Jérémy Bobbio. Fixes bug3393; bugfix - on Tor 0.2.2.26-beta.
\ No newline at end of file diff --git a/changes/bug3465-022 b/changes/bug3465-022 deleted file mode 100644 index 2d226162aa..0000000000 --- a/changes/bug3465-022 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes: - - - Add BUILDTIMEOUT_SET to the list returned by the 'GETINFO - events/names' control-port command. Bugfix on 0.2.2.9-alpha; - fixes part of bug 3465. - diff --git a/changes/bug3536 b/changes/bug3536 deleted file mode 100644 index d3cec131ba..0000000000 --- a/changes/bug3536 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - Send a SUCCEEDED stream event to the controller when a reverse - resolve succeeded. Fixes bug 3536; bugfix on 0.0.8pre1. Issue - discovered by katmagic. - diff --git a/changes/bug3577 b/changes/bug3577 deleted file mode 100644 index 6335272752..0000000000 --- a/changes/bug3577 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes: - - Allow GETINFO fingerprint to return a fingerprint even when - we have not yet built a router descriptor. Fixes bug 3577; - bugfix on 0.2.0.1-alpha. diff --git a/changes/bug3607 b/changes/bug3607 deleted file mode 100644 index 5ece21934b..0000000000 --- a/changes/bug3607 +++ /dev/null @@ -1,15 +0,0 @@ - o Minor bugfixes: - - - Write several files in text mode, on OSes that distinguish text - mode from binary mode (namely, Windows). These files are: - buffer-stats, dirreq-stats, and entry-stats on relays that collect - those statistics; client_keys and hostname files for hidden - services that use authentication; and (in the tor-gencert utility) - newly generated identity and signing keys. Previously, we - wouldn't specify text mode or binary mode, leading to an assertion - failure. Fixes bug 3607. Bugfix on 0.2.1.1-alpha (when the - DirRecordUsageByCountry option which would have triggered the - assertion failure was added), although this assertion failure - would have occurred in tor-gencert on Windows in 0.2.0.1-alpha. - - diff --git a/changes/bug3643 b/changes/bug3643 deleted file mode 100644 index 86bd920cac..0000000000 --- a/changes/bug3643 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes: - - Selectively disable deprecation warnings on OS X because Lion started - deprecating the shipped copy of openssl. Fixes bug 3643. - diff --git a/changes/bug3732 b/changes/bug3732 deleted file mode 100644 index 7a71d1aef3..0000000000 --- a/changes/bug3732 +++ /dev/null @@ -1,7 +0,0 @@ - o Major bugfixes: - - - Remove an extra pair of quotation marks around the error - message in control-port STATUS_GENERAL BUG events. Bugfix on - 0.1.2.6-alpha; fixes bug 3732. - - diff --git a/changes/bug3747 b/changes/bug3747 deleted file mode 100644 index 052dab1bd0..0000000000 --- a/changes/bug3747 +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfixes: - - Write control ports to disk only after switching UID and - creating the data directory. This way, we don't fail when - starting up with a nonexistant DataDirectory and a - ControlPortWriteToFile setting based on that directory. Fixes - bug 3747; bugfix on Tor 0.2.2.26-beta.
\ No newline at end of file diff --git a/changes/bug3894_fmt_doubles b/changes/bug3894_fmt_doubles new file mode 100644 index 0000000000..0cd0aa28d1 --- /dev/null +++ b/changes/bug3894_fmt_doubles @@ -0,0 +1,4 @@ + o Minor bugfixes: + - Format more doubles with %f, not %lf. Patch from grarpamp to make + Tor build correctly on older BSDs again. Fixes bug 3894; bugfix on + Tor 0.2.0.8-alpha. diff --git a/changes/bug3894 b/changes/bug3894_more index 4c2220aba8..4c2220aba8 100644 --- a/changes/bug3894 +++ b/changes/bug3894_more diff --git a/changes/bug3898a b/changes/bug3898a deleted file mode 100644 index d40445e340..0000000000 --- a/changes/bug3898a +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes: - - Correct the man page to explain that HashedControlPassword and - CookieAuthentication can both be set, in which case either method - is sufficient to authenticate to Tor. Bugfix on 0.2.0.7-alpha, - when we decided to allow these config options to both be set. Issue - raised by bug 3898. diff --git a/changes/bug3909 b/changes/bug3909 deleted file mode 100644 index 0b4b292030..0000000000 --- a/changes/bug3909 +++ /dev/null @@ -1,3 +0,0 @@ - o Build fixes: - - Search for a platform-specific version of "ar" when cross-compiling. - Should fix builds on iOS. Found by Marco Bonetti. diff --git a/changes/bug3923 b/changes/bug3923 deleted file mode 100644 index 9c0e138826..0000000000 --- a/changes/bug3923 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfies: - - Avoid an assertion failure when reloading a configuration with - TrackExitHosts changes. Found and fixed by 'laruldan'. Fixes - bug 3923; bugfix on 0.2.2.25-alpha. - diff --git a/changes/bug3963 b/changes/bug3963 deleted file mode 100644 index 2fc44a095c..0000000000 --- a/changes/bug3963 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - When configuring, starting, or stopping an NT service, stop - immediately after the service configuration attempt has succeeded - or failed. Fixes bug3963; bugfix on 0.2.0.7-alpha. - diff --git a/changes/bug3964 b/changes/bug3964 new file mode 100644 index 0000000000..34cad50af7 --- /dev/null +++ b/changes/bug3964 @@ -0,0 +1,4 @@ + o Documentation fixes: + - Improve the manual's documentation for the NT Service command-line + options. Addresses bug 3964. + diff --git a/changes/bug4012_022 b/changes/bug4012_022 deleted file mode 100644 index f101db5535..0000000000 --- a/changes/bug4012_022 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (documentation): - - Document the GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays - directory authority option (introduced in Tor 0.2.2.34). diff --git a/changes/bug4014 b/changes/bug4014 deleted file mode 100644 index 9c20c6c337..0000000000 --- a/changes/bug4014 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Adjust the expiration time on our SSL session certificates to - better match SSL certs seen in the wild. Resolves ticket 4014. diff --git a/changes/bug4059 b/changes/bug4059 deleted file mode 100644 index 82a4b1a10c..0000000000 --- a/changes/bug4059 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - Change an integer overflow check in the OpenBSD_Malloc code so - that GCC is less likely to eliminate it as impossible. Patch - from Mansour Moufid. Fixes bug 4059. - diff --git a/changes/bug4108 b/changes/bug4108 new file mode 100644 index 0000000000..6ef451a989 --- /dev/null +++ b/changes/bug4108 @@ -0,0 +1,4 @@ + o Minor bugfixes: + - Avoid a "double-reply" warning when replying to a SOCKS request + with a parse error. Patch from Fabian Keil. Fix for bug 4108; + bugfix on 0.2.3.4-alpha. diff --git a/changes/bug4115 b/changes/bug4115 deleted file mode 100644 index 626791a806..0000000000 --- a/changes/bug4115 +++ /dev/null @@ -1,7 +0,0 @@ - o Security fixes: - - Bridge relays now do their directory fetches inside Tor TLS - connections, like all the other clients do, rather than connecting - directly to the DirPort like public relays do. Removes another - avenue for enumerating bridges. Fixes part of bug 4115; bugfix - on 0.2.0.35. - diff --git a/changes/bug4124 b/changes/bug4124 deleted file mode 100644 index abe93ccdd8..0000000000 --- a/changes/bug4124 +++ /dev/null @@ -1,6 +0,0 @@ - o Security fixes: - - Bridges relays now build circuits for themselves in a more similar - way to how clients build them. Removes another avenue for - enumerating bridges. Fixes bug 4124; bugfix on 0.2.0.3-alpha, - when bridges were introduced. - diff --git a/changes/bug4201 b/changes/bug4201 deleted file mode 100644 index 6f7d715af2..0000000000 --- a/changes/bug4201 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - Bridges now skip DNS self-tests, to act a little more stealthily. - Fixes bug 4201; bugfix on 0.2.0.3-alpha, which first introduced - bridges. Patch by "warms0x". - diff --git a/changes/bug4212 b/changes/bug4212 deleted file mode 100644 index 6222a59978..0000000000 --- a/changes/bug4212 +++ /dev/null @@ -1,13 +0,0 @@ - o Major bugfixes: - - - Don't launch a useless circuit after failing to use one of a - hidden service's introduction points. Previously, we would - launch a new introduction circuit, but not set the hidden - service which that circuit was intended to connect to, so it - would never actually be used. A different piece of code would - then create a new introduction circuit correctly, so this bug - was harmless until it caused an assertion in the client-side - part of the #3825 fix to fail. Bug reported by katmagic and - found by Sebastian Hahn. Bugfix on 0.2.1.13-alpha; fixes bug - 4212. - diff --git a/changes/bug4230 b/changes/bug4230 deleted file mode 100644 index c1ba5847fc..0000000000 --- a/changes/bug4230 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - Resolve an integer overflow bug in smartlist_ensure_capacity. - Fixes bug 4230; bugfix on Tor 0.1.0.1-rc. Based on a patch by - Mansour Moufid. - diff --git a/changes/bug4251 b/changes/bug4251 deleted file mode 100644 index 303c9e6364..0000000000 --- a/changes/bug4251 +++ /dev/null @@ -1,8 +0,0 @@ - o Minor bugfixes: - - - When a hidden service turns an extra service-side introduction - circuit into a general-purpose circuit, free the rend_data and - intro_key fields first, so they won't be leaked if the circuit - is cannibalized for use as another service-side introduction - circuit. Bugfix on 0.2.1.7-alpha; fixes bug 4251. - diff --git a/changes/bug4259 b/changes/bug4259 deleted file mode 100644 index bfccd3aee8..0000000000 --- a/changes/bug4259 +++ /dev/null @@ -1,4 +0,0 @@ - o Major bugfixes: - - Fix a crash bug when changing node restrictions while a DNS lookup - is in-progress. Fixes bug 4259; bugfix on 0.2.2.25-alpha. Bugfix - by "Tey'". diff --git a/changes/bug4299 b/changes/bug4299 deleted file mode 100644 index c43d81460a..0000000000 --- a/changes/bug4299 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfix: - - Do not process cells on a marked-for-close connection. We previously - avoided this by not calling read handlers on marked connections, but - that's not adequate for the case when cells are very small. Fixes - bug 4299; bugfix on 0.2.0.20-rc which first made small cells possible. diff --git a/changes/bug4309 b/changes/bug4309 deleted file mode 100644 index f4f910e7ff..0000000000 --- a/changes/bug4309 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - Remove a confusing dollar sign from the example fingerprint in the - man page, and also make example fingerprint a valid one. Fixes bug - 4309; bugfix on 0.2.1.3-alpha. - diff --git a/changes/bug4331 b/changes/bug4331 deleted file mode 100644 index 011238a962..0000000000 --- a/changes/bug4331 +++ /dev/null @@ -1,4 +0,0 @@ - o Trivial fixes: - - Fixed a typo in a hibernation-related log message. Fixes bug 4331; - bugfix on 0.2.2.23-alpha; found by "tmpname0901". - diff --git a/changes/bug4340 b/changes/bug4340 deleted file mode 100644 index 08098b1cd5..0000000000 --- a/changes/bug4340 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes: - - Don't crash when we're running as a relay and don't have a geoip - file. Bugfix on tor-0.2.2.34; fixes bug 4340. This backports a fix - we've had in master already. - diff --git a/changes/bug4349 b/changes/bug4349 deleted file mode 100644 index 633916bdfd..0000000000 --- a/changes/bug4349 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes: - - When sending a NETINFO cell, include the original address - received for the other side, not its canonical address. Found - by "troll_un"; fixes bug 4349; bugfix on 0.2.0.10-alpha. diff --git a/changes/bug4353 b/changes/bug4353 deleted file mode 100644 index 5e80c902c8..0000000000 --- a/changes/bug4353 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes: - - When running as client without a geoip database, do not print a - misleading (and plain wrong) log message that we're collecting - dirreq statistics - we're not collecting statistics as clients. - Also don't create a useless (because empty) stats file in the - stats/ directory. Fixes bug 4353, bugfix on 0.2.2.34. - diff --git a/changes/bug4369 b/changes/bug4369 new file mode 100644 index 0000000000..c444102b5c --- /dev/null +++ b/changes/bug4369 @@ -0,0 +1,3 @@ + o Minor features: + - Close any connection that sends unrecognized junk before the + handshake. Solves an issue noted in bug 4369. diff --git a/changes/bug4383 b/changes/bug4383 deleted file mode 100644 index e618b8c8fb..0000000000 --- a/changes/bug4383 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - Fix a memleak in launch_direct_bridge_descriptor_fetch() that - occured when a client tried to fetch a descriptor for a bridge - in ExcludeNodes. Fixes #4383; bugfix on 0.2.2.25-alpha. - diff --git a/changes/bug4410 b/changes/bug4410 deleted file mode 100644 index f42893adf4..0000000000 --- a/changes/bug4410 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes: - - Correctly sanity-check that we don't underflow on a memory allocation - for introduction point decryption. Bug discovered by Dan Rosenberg. - Fixes bug 4410; bugfix on 0.2.1.5-alpha. - diff --git a/changes/bug4424 b/changes/bug4424 deleted file mode 100644 index 443625dca6..0000000000 --- a/changes/bug4424 +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfixes - - - Don't leak memory when we check whether a hidden service - descriptor has any usable introduction points left. Fixes bug - 4424. Bugfix on 0.2.2.25-alpha. - diff --git a/changes/bug4426 b/changes/bug4426 deleted file mode 100644 index 1322243d09..0000000000 --- a/changes/bug4426 +++ /dev/null @@ -1,8 +0,0 @@ - o Minor features: - - - When Tor ignores a hidden service specified in its - configuration, include the hidden service's directory in the - warning message. Previously, we would only tell the user that - some hidden service was ignored. Bugfix on 0.0.6; fixes bug - 4426. - diff --git a/changes/bug4437 b/changes/bug4437 deleted file mode 100644 index 985c670b15..0000000000 --- a/changes/bug4437 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - Don't warn about unused log_mutex in log.c when building with - --disable-threads using a recent GCC. Fixes bug 4437; bugfix on - 0.1.0.6-rc which introduced --disable-threads. - diff --git a/changes/bug4457 b/changes/bug4457 deleted file mode 100644 index fe7c95ff80..0000000000 --- a/changes/bug4457 +++ /dev/null @@ -1,9 +0,0 @@ - o Minor bugfixes: - - Initialize Libevent with the EVENT_BASE_FLAG_NOLOCK flag enabled, so - that it doesn't attempt to allocate a socketpair. This could cause - some problems on windows systems with overzealous firewalls. Fix for - bug 4457; workaround for Libevent versions 2.0.1-alpha through - 2.0.15-stable. - - - Detect failure to initialize Libevent. Better detection for bug 4457. - diff --git a/changes/bug4518 b/changes/bug4518 deleted file mode 100644 index 8dcb93bf72..0000000000 --- a/changes/bug4518 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (performance): - - Avoid frequent calls to the fairly expensive cull_wedged_cpuworkers - function. This was eating up hideously large amounts of time on some - busy servers. Fixes bug 4518. diff --git a/changes/bug4521 b/changes/bug4521 deleted file mode 100644 index 9b0bae9b00..0000000000 --- a/changes/bug4521 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes: - - Backport fixes for a pair of compilation warnings on Windows. - Fixes bug 4521; bugfix on 0.2.2.28-beta and on 0.2.2.29-beta. diff --git a/changes/bug4529 b/changes/bug4529 deleted file mode 100644 index 89d10b2f6b..0000000000 --- a/changes/bug4529 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bufixes: - - If we had ever tried to call tor_addr_to_str on an address of - unknown type, we would have done a strdup on an uninitialized - buffer. Now we won't. Fixes bug 4529; bugfix on 0.2.1.3-alpha. - Reported by "troll_un". diff --git a/changes/bug4530 b/changes/bug4530 deleted file mode 100644 index 7cd4726e57..0000000000 --- a/changes/bug4530 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes: - - - Correctly detect and handle transient lookup failures from - tor_addr_lookup. Fixes bug 4530; bugfix on 0.2.1.5-alpha. - Reported by "troll_un". - diff --git a/changes/bug4531 b/changes/bug4531 deleted file mode 100644 index 6209f9a058..0000000000 --- a/changes/bug4531 +++ /dev/null @@ -1,4 +0,0 @@ - o Major bugfixes: - - Fix null-pointer access that could occur if TLS allocation failed. - Fixes bug 4531; bugfix on 0.2.0.20-rc. Found by "troll_un". - diff --git a/changes/bug4533_part2 b/changes/bug4533_part2 deleted file mode 100644 index 7e0f7c313e..0000000000 --- a/changes/bug4533_part2 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes: - - Fix the SOCKET_OK test that we use to tell when socket - creation fails so that it works on Win64. Fixes part of bug - 4533; bugfix on 0.2.2.29-beta. Bug found by wanoskarnet. - diff --git a/changes/bug4535 b/changes/bug4535 deleted file mode 100644 index 57ced29d0b..0000000000 --- a/changes/bug4535 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes: - - Use tor_socket_t type for listener argument to accept(). Fixes bug - 4535; bugfix on 0.2.2.28-beta. Found by "troll_un". diff --git a/changes/bug4591 b/changes/bug4591 new file mode 100644 index 0000000000..59b25a5252 --- /dev/null +++ b/changes/bug4591 @@ -0,0 +1,6 @@ + o Minor bugfixes: + - If the client fails to set a reasonable set of ciphersuites + during its v2 handshake renegotiation, allow the renegotiation + to continue nevertheless (i.e., send all the required + certificates). Fix for bug 4591; bugfix on 0.2.0.20-rc. + diff --git a/changes/bug4657 b/changes/bug4657 new file mode 100644 index 0000000000..4d9dd7d0a3 --- /dev/null +++ b/changes/bug4657 @@ -0,0 +1,4 @@ + o Minor bugfixes: + - If the configuration tries to set MyFamily on a bridge, refuse to + do so, and warn about the security implications. Fix for bug 4657; + bugfix on 0.2.0.3-alpha. diff --git a/changes/bug4710 b/changes/bug4710 new file mode 100644 index 0000000000..7f94b4d20d --- /dev/null +++ b/changes/bug4710 @@ -0,0 +1,5 @@ + o Minor bugfixes: + - Exit nodes now correcly report EADDRINUSE and EADDRNOTAVAIL as + resource exhaustion, so that clients can adjust their load to + try other exits. Fix for bug 4710; bugfix on 0.1.0.1-rc, which + started using END_STREAM_REASON_RESOURCELIMIT. diff --git a/changes/bug4786 b/changes/bug4786 deleted file mode 100644 index 7c1c60f632..0000000000 --- a/changes/bug4786 +++ /dev/null @@ -1,9 +0,0 @@ - - Feature removal: - - When sending or relaying a RELAY_EARLY cell, we used to convert - it to a RELAY cell if the connection was using the v1 link - protocol. This was a workaround for older versions of Tor, which - didn't handle RELAY_EARLY cells properly. Now that all supported - versions can handle RELAY_EARLY cells, and now that we're - enforcing the "no RELAY_EXTEND commands except in RELAY_EARLY - cells" rule, we're removing this workaround. Addresses bug 4786. - diff --git a/changes/bug4788 b/changes/bug4788 deleted file mode 100644 index d65c0015a0..0000000000 --- a/changes/bug4788 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor features (directory server): - - Directory servers now reject versions of Tor older than 0.2.1.30, - and Tor versions between 0.2.2.1-alpha and 0.2.2.20-alpha - (inclusive). These versions accounted for only a small fraction of - the Tor network, and have numerous known security issues. Resolves - issue #4788. diff --git a/changes/bug4803 b/changes/bug4803 deleted file mode 100644 index cd25266c75..0000000000 --- a/changes/bug4803 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes: - - Correctly spell "connect" in a log message when creating a controlsocket - fails. Fixes bug 4803; bugfix on 0.2.2.26-beta/0.2.3.2-alpha. - diff --git a/changes/bug4822 b/changes/bug4822 deleted file mode 100644 index 73f43f0452..0000000000 --- a/changes/bug4822 +++ /dev/null @@ -1,13 +0,0 @@ - o Major security workaround: - - When building or running with any version of OpenSSL earlier - than 0.9.8s or 1.0.0f, disable SSLv3 support. These versions had - a bug (CVE-2011-4576) in which their block cipher padding - included uninitialized data, potentially leaking sensitive - information to any peer with whom they made a SSLv3 - connection. Tor does not use SSL v3 by default, but a hostile - client or server could force an SSLv3 connection in order to - gain information that they shouldn't have been able to get. The - best solution here is to upgrade to OpenSSL 0.9.8s or 1.0.0f (or - later). But when building or running with a non-upgraded - OpenSSL, we should instead make sure that the bug can't happen - by disabling SSLv3 entirely. diff --git a/changes/bug4856 b/changes/bug4856 deleted file mode 100644 index fa284a09f5..0000000000 --- a/changes/bug4856 +++ /dev/null @@ -1,3 +0,0 @@ - o Trivial bugfixes - - Fix a typo in a log message in rend_service_rendezvous_has_opened(). - Fixes bug 4856; bugfix on Tor 0.0.6. diff --git a/changes/bug4865 b/changes/bug4865 new file mode 100644 index 0000000000..e165c41f71 --- /dev/null +++ b/changes/bug4865 @@ -0,0 +1,4 @@ + o Major bugfixes: + - Pass correct OR address to managed proxies, even when + ORListenAddress is used. Fixes bug #4865; bugfix on + 0.2.3.9-alpha. diff --git a/changes/bug4873 b/changes/bug4873 new file mode 100644 index 0000000000..6c999ccfcb --- /dev/null +++ b/changes/bug4873 @@ -0,0 +1,3 @@ + o Minor bugfixes: + - Turn an assertion (that the number of handshakes received as a + server is not < 1) into a warning. Bug 4873. diff --git a/changes/bug5005 b/changes/bug5005 deleted file mode 100644 index 04d8dfe6a5..0000000000 --- a/changes/bug5005 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes: - - Update "ClientOnly" man page entry to explain that there isn't - really any point to messing with it. Resolves ticket 5005. diff --git a/changes/bug5065 b/changes/bug5065 deleted file mode 100644 index d195313623..0000000000 --- a/changes/bug5065 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes: - - Fix build if path to sed, openssl or sha1sum contains spaces. - This is pretty common on Windows. Fixes bug 5065; bugfix on - 0.2.2.1-alpha. - diff --git a/changes/bug5067 b/changes/bug5067 deleted file mode 100644 index d94b921ce9..0000000000 --- a/changes/bug5067 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (usability): - - Downgrade the "We're missing a certificate" message from notice - to info: people kept mistaking it for a real problem, whereas it - is only a problem when we are failing to bootstrap. Fixes bug - 5067; bugfix on 0.2.10-alpha. diff --git a/changes/bug5070 b/changes/bug5070 new file mode 100644 index 0000000000..0b8d00ad27 --- /dev/null +++ b/changes/bug5070 @@ -0,0 +1,3 @@ + o Minor features: + - Improve log messages about managed transports. Resolves ticket + 5070. diff --git a/changes/bug5089 b/changes/bug5089 new file mode 100644 index 0000000000..2062885af7 --- /dev/null +++ b/changes/bug5089 @@ -0,0 +1,5 @@ + o Minor bugfixes: + - Correctly handle checking the permissions on the parent + directory of a control socket in the root directory. Bug found + by Esteban Manchado Velázquez. Fix for bug 5089; bugfix on Tor + 0.2.2.26-beta. diff --git a/changes/bug5090 b/changes/bug5090 deleted file mode 100644 index d47858cb11..0000000000 --- a/changes/bug5090 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes: - - Detect and reject certain misformed escape sequences in configuration - values. Previously, these values would cause us to crash if received - in a torrc file or over an (authenticated) control port. Bug found by - Esteban Manchado Velázquez. Patch by Alexander Schrijver. Fix for - bug 5090; bugfix on 0.2.0.16-alpha. - diff --git a/changes/bug5091 b/changes/bug5091 new file mode 100644 index 0000000000..b9778d7b1e --- /dev/null +++ b/changes/bug5091 @@ -0,0 +1,4 @@ + o Minor bugfixes: + - Make our replacement implementation of strtok_r compatible with + the standard behavior of strtok_r. Patch by nils. Fixes bug + 5091; bugfix on 0.2.2.1-alpha. diff --git a/changes/bug5095 b/changes/bug5095 new file mode 100644 index 0000000000..81801eca45 --- /dev/null +++ b/changes/bug5095 @@ -0,0 +1,4 @@ + o Minor bugfixes: + - When we receive a SIGHUP and the controller-use __ReloadTorrcOnSIGHUP + option is set to 0, perform other actions that SIGHUP usually causes + (like reopening the logs). Fixes bug 5095; bugfix on 0.2.1.9-alpha. diff --git a/changes/bug5139 b/changes/bug5139 new file mode 100644 index 0000000000..5cebc76820 --- /dev/null +++ b/changes/bug5139 @@ -0,0 +1,6 @@ + o Minor features (bridges): + - Tag a bridge's descriptor as "never to be sent + unencrypted". This shouldn't matter, since bridges don't open + non-anonymous connections to the bridge authority and don't + allow unencrypted directory connections from clients, but we + might as well make sure. Closes bug 5139. diff --git a/changes/bug5283 b/changes/bug5283 new file mode 100644 index 0000000000..f0325cf26c --- /dev/null +++ b/changes/bug5283 @@ -0,0 +1,6 @@ + o Major bugfixes: + - Fix an edge case where if we fetch or publish a hidden service + descriptor, we might build a 4-hop circuit and then use that circuit + for exiting afterwards -- even if the new last hop doesn't obey our + ExitNodes config option. Fixes bug 5283; bugfix on 0.2.0.10-alpha. + diff --git a/changes/bug5340 b/changes/bug5340 deleted file mode 100644 index 708988af08..0000000000 --- a/changes/bug5340 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes: - - Fix a compile warning when using the --enable-openbsd-malloc configure - option. Fixes bug 5340; bugfix on 0.2.0.20-rc. diff --git a/changes/bug5342 b/changes/bug5342 deleted file mode 100644 index b2ae4515a9..0000000000 --- a/changes/bug5342 +++ /dev/null @@ -1,3 +0,0 @@ - o Security fixes: - - Never use a bridge as an exit, even if it claims to be one. Found by - wanoskarnet. Fixes bug 5342. Bugfix on ????. diff --git a/changes/bug5343 b/changes/bug5343 deleted file mode 100644 index e4e14897f6..0000000000 --- a/changes/bug5343 +++ /dev/null @@ -1,7 +0,0 @@ - o Security fixes: - - Only build circuits if we have a sufficient threshold of the total - descriptors marked in the consensus with the "Exit" flag. This - mitigates an attack proposed by wanoskarnet, in which all of a - client's bridges collude to restrict the exit nodes that the - client knows about. Fixes bug 5343. - diff --git a/changes/bug5355 b/changes/bug5355 new file mode 100644 index 0000000000..f850fe1f1d --- /dev/null +++ b/changes/bug5355 @@ -0,0 +1,4 @@ + o Major bugfixes: + - Fix a compilation issue on GNU Hurd, which doesn't have PATH_MAX. Fixes + bug 5355; bugfix on 0.2.3.11-alpha. + diff --git a/changes/bug5374 b/changes/bug5374 new file mode 100644 index 0000000000..926a074903 --- /dev/null +++ b/changes/bug5374 @@ -0,0 +1,7 @@ + o Minor bugfixes: + + - Don't check for whether the address we're using for outbound + connections has changed until after the outbound connection has + completed. On Windows, getsockname() doesn't succeed until the + connection is finished. Fix for bug 5374; bugfix on + 0.1.1.14-alpha. diff --git a/changes/bug5380 b/changes/bug5380 new file mode 100644 index 0000000000..4bb17bc940 --- /dev/null +++ b/changes/bug5380 @@ -0,0 +1,5 @@ + o Minor bugfixes: + - Check our entry guards for having been picked too long ago when + we get a new consensus. (Previously, we only did this check at + startup, which could lead to us holding a guard indefinitely, + and give weird results.) Fixes bug 5380; bugfix on 0.2.1.14-rc. diff --git a/changes/bug5437 b/changes/bug5437 new file mode 100644 index 0000000000..3f9e96dcfe --- /dev/null +++ b/changes/bug5437 @@ -0,0 +1,3 @@ + o Documentation fixes: + - Clarify SessionGroup documentation slightly; resolves bug 5437. + diff --git a/changes/bug5541 b/changes/bug5541 new file mode 100644 index 0000000000..3cf0692e9f --- /dev/null +++ b/changes/bug5541 @@ -0,0 +1,8 @@ + o Minor bugfixes: + - Prevent a null-pointer dereference when receiving a data cell + for a nonexistent stream when the circuit in question has an + empty deliver window. We don't believe this is triggerable, + since we don't currently allow deliver windows to become empty, + but the logic is tricky enough that it's better to make the code + robust. Fixes bug 5541; bugfix on 0.0.2pre14. + diff --git a/changes/bug5593 b/changes/bug5593 deleted file mode 100644 index 358e8de60d..0000000000 --- a/changes/bug5593 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes: - - When sending an HTTP/1.1 proxy request, include a Host header. - Fixes bug 5593; bugfix on 0.2.2.1-alpha. diff --git a/changes/bug5597 b/changes/bug5597 new file mode 100644 index 0000000000..90a80a6685 --- /dev/null +++ b/changes/bug5597 @@ -0,0 +1,4 @@ + o Documentation: + - Document the changes to the ORPort and DirPort options, and the + fact that {OR/Dir}ListenAddress is now unnecessary (and + therefore deprecated). diff --git a/changes/bug5604 b/changes/bug5604 new file mode 100644 index 0000000000..4c72f3c859 --- /dev/null +++ b/changes/bug5604 @@ -0,0 +1,4 @@ + o Minor bugfixes: + - Don't try to open non-control listeners when DisableNetwork is set. + Previousy, we'd open all listeners, then immediately close them. + Fixes bug 5604; bugfix on 0.2.3.9-alpha. diff --git a/changes/bug5622 b/changes/bug5622 new file mode 100644 index 0000000000..82b8e76bba --- /dev/null +++ b/changes/bug5622 @@ -0,0 +1,4 @@ + o Removed files: + - Remove the torrc.bridge file: we don't use it for anything, and + it had become badly desynchronized from torrc.sample. Resolves + bug 5622.
\ No newline at end of file diff --git a/changes/bug5644 b/changes/bug5644 deleted file mode 100644 index a390eba996..0000000000 --- a/changes/bug5644 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes - - Prevent a client-side assertion failure when receiving an - INTRODUCE2 cell by an exit relay, in a general purpose - circuit. Fixes bug 5644; bugfix on tor-0.2.1.6-alpha - diff --git a/changes/bug5645 b/changes/bug5645 new file mode 100644 index 0000000000..0abd3b1a21 --- /dev/null +++ b/changes/bug5645 @@ -0,0 +1,5 @@ + o Code refactoring: + - Defensively refactor rend_mid_rendezvous() so that protocol + violations and length checks happen in the beginning. Fixes bug + 5645. + diff --git a/changes/bug5647 b/changes/bug5647 deleted file mode 100644 index 92f41c8559..0000000000 --- a/changes/bug5647 +++ /dev/null @@ -1,4 +0,0 @@ - o Major bugfixes: - - Avoid logging uninitialized data when unable to decode a hidden - service descriptor cookie. Fixes bug 5647; bugfix on 0.2.1.5-alpha. - diff --git a/changes/bug5723 b/changes/bug5723 new file mode 100644 index 0000000000..7f0dcb8293 --- /dev/null +++ b/changes/bug5723 @@ -0,0 +1,4 @@ + o Minor bugfixes: + - Format IPv4 addresses correctly in ADDRMAP events. (Previously, + we had reversed them when the answer was cached.) Fixes bug + 5723; bugfix on 0.2.3.1-alpha. diff --git a/changes/bug5762 b/changes/bug5762 new file mode 100644 index 0000000000..a91f4dfedf --- /dev/null +++ b/changes/bug5762 @@ -0,0 +1,4 @@ + o Minor bugfixes: + - Work correctly on Linux systems with accept4 support advertised in + their headers, but without accept4 support in the kernel. Fix + by murb. Fixes bug 5762; bugfix on 0.2.3.1-alpha. diff --git a/changes/bug5786_nocrash b/changes/bug5786_nocrash new file mode 100644 index 0000000000..ec6c5d817f --- /dev/null +++ b/changes/bug5786_nocrash @@ -0,0 +1,7 @@ + o Major bugfixes (directory authorties): + - When computing weight parameters, behave more robustly in the + presence of a bad bwweightscale value. Previously, the + authorities would crash if they agreed on a sufficiently browken + weight_scale value: now, they use a reasonable default and carry + on. Partial fix for 5786; bugfix on 0.2.2.17-alpha. + diff --git a/changes/bug5786_nodups b/changes/bug5786_nodups new file mode 100644 index 0000000000..795b668a89 --- /dev/null +++ b/changes/bug5786_nodups @@ -0,0 +1,7 @@ + o Major bugfixes (directory authority): + - Check more thoroughly to prevent a rogue authority from + double-voting on any consensus directory parameter. Previously, + authorities would crash in this case if the total number of votes + for any parameter exceeded the number of active voters, but would + let it pass otherwise. Partial fix for bug 5786; bugfix on + 0.2.2.2-alpha. diff --git a/changes/bug5828 b/changes/bug5828 new file mode 100644 index 0000000000..3a1734d01b --- /dev/null +++ b/changes/bug5828 @@ -0,0 +1,3 @@ + o Minor bugfixes (performance): + - Avoid O(n^2) performance characteristics when parsing a large + extrainfo cache. Fixes bug 5828; bugfix on 0.2.0.1-alpha. diff --git a/changes/bug5858 b/changes/bug5858 new file mode 100644 index 0000000000..aa1e8bba1d --- /dev/null +++ b/changes/bug5858 @@ -0,0 +1,4 @@ + o Minor bugfixes: + - Remove bogus definition of "_WIN32" from src/win32/orconfig.h, to + unbreak the MSVC build. Fies bug 5858; bugfix on 0.2.3.12-alpha. + diff --git a/changes/bug5859 b/changes/bug5859 new file mode 100644 index 0000000000..1720175a7e --- /dev/null +++ b/changes/bug5859 @@ -0,0 +1,3 @@ + o Minor bugfixes: + - Resolve numerous small warnings and build issues with MSVC. Resolves + bug 5859. diff --git a/changes/bug5861 b/changes/bug5861 new file mode 100644 index 0000000000..74a1dfb95f --- /dev/null +++ b/changes/bug5861 @@ -0,0 +1,4 @@ + o Minor bugfixes: + - Set _WIN32_WINNT to 0x0501 consistently throughout the code, so + that IPv6 stuff will compile on MSVC, and compilation issues + will be easier to track down. Fix for bug 5861. diff --git a/changes/bug5891 b/changes/bug5891 new file mode 100644 index 0000000000..1539df3811 --- /dev/null +++ b/changes/bug5891 @@ -0,0 +1,5 @@ + o Minor bugfixes: + - Fix a bug where a bridge authority crashes if it has seen no + directory requests when it's time to write statistics to disk. + Fixes bug 5891. Also fixes bug 5508 in a better way. + diff --git a/changes/bug5910 b/changes/bug5910 new file mode 100644 index 0000000000..712ed55c04 --- /dev/null +++ b/changes/bug5910 @@ -0,0 +1,4 @@ + o Minor bugfixes: + - Don't abort the managed proxy protocol if the managed proxy + sends us an unrecognized line; ignore it instead. Fixes bug + 5910; bugfix on 0.2.3.9-alpha. diff --git a/changes/bug5916 b/changes/bug5916 new file mode 100644 index 0000000000..b099c26ef1 --- /dev/null +++ b/changes/bug5916 @@ -0,0 +1,6 @@ + o Minor bugfixes: + - Fix a memory leak when trying to launch a DNS request when the + network is disabled or the nameservers are unconfigurable. Fix + for bug 5916; bugfix on Tor 0.1.2.1-alpha (for the + unconfigurable nameserver case) and on 0.2.3.9-alpha (for the + DisableNetwork case). diff --git a/changes/bug5954 b/changes/bug5954 new file mode 100644 index 0000000000..28c5a9cca8 --- /dev/null +++ b/changes/bug5954 @@ -0,0 +1,5 @@ + o Minor features (controller): + - Expose our view of whether we have gone dormant to the + controller, via a new "GETINFO dormant" value. Due to bug 4718, + torbutton needs this to avoid excessive version checking. Fixes + bug 5954. diff --git a/changes/bug5969 b/changes/bug5969 new file mode 100644 index 0000000000..477d3ddc1a --- /dev/null +++ b/changes/bug5969 @@ -0,0 +1,4 @@ + o Minor bugfixes: + - Fix a compile warning in crypto.c when compiling with clang 3.1. + Fixes bug 5969, bugfix on 0.2.3.9-alpha. + diff --git a/changes/bug5969_022 b/changes/bug5969_022 new file mode 100644 index 0000000000..57c8744267 --- /dev/null +++ b/changes/bug5969_022 @@ -0,0 +1,7 @@ + o Minor bugfixes + - Fix a build warning with Clang 3.1 related to our use of vasprint. + Fix for bug 5969. Bugfix on 0.2.2.11-alpha. + + o Compilation improvements: + - Tell GCC and Clang to check for any errors in format strings passed + to the tor_v*(print|scan)f functions. diff --git a/changes/bug6007 b/changes/bug6007 new file mode 100644 index 0000000000..4e815754aa --- /dev/null +++ b/changes/bug6007 @@ -0,0 +1,5 @@ + o Major bugfixes (security): + - When waiting for a client to renegotiate, don't allow it to add + any bytes to the input buffer. This fixes a DoS issue. Fix for + bugs 6007 and 5934; bugfix on 0.2.0.20-rc. + diff --git a/changes/bug6033 b/changes/bug6033 new file mode 100644 index 0000000000..56cffd68b7 --- /dev/null +++ b/changes/bug6033 @@ -0,0 +1,6 @@ + o Major bugfixes: + - Work around a bug in OpenSSL that broke renegotiation with + TLS 1.1 and TLS 1.2. Without this workaround, all attempts + to speak the v2 Tor network protocol when both sides were + using OpenSSL 1.0.1 would fail. Fix for bug 6033, which is + not a bug in Tor. diff --git a/changes/check-fetched-rend-desc-service-id b/changes/check-fetched-rend-desc-service-id deleted file mode 100644 index 2f37c30216..0000000000 --- a/changes/check-fetched-rend-desc-service-id +++ /dev/null @@ -1,7 +0,0 @@ - o Security fixes: - - When fetching a hidden service descriptor, check that it is for - the hidden service we were trying to connect to, in order to - stop a directory from pre-seeding a client with a descriptor for - a hidden service that they didn't want. Bugfix on 0.0.6. - - diff --git a/changes/check-public-key-exponents b/changes/check-public-key-exponents deleted file mode 100644 index a8d00673be..0000000000 --- a/changes/check-public-key-exponents +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - Require that introduction point keys and onion keys have public - exponent 65537. Bugfix on 0.2.0.10-alpha. - - diff --git a/changes/cid_428 b/changes/cid_428 deleted file mode 100644 index cb0fc8c2b2..0000000000 --- a/changes/cid_428 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - Always NUL-terminate the sun_path field of a sockaddr_un before - passing it to the kernel. (Not a security issue: kernels are - smart enough to reject bad sockaddr_uns.) Found by Coverity; CID - # 428. Bugfix on Tor 0.2.0.3-alpha. diff --git a/changes/cid_450 b/changes/cid_450 deleted file mode 100644 index 2045fca239..0000000000 --- a/changes/cid_450 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - Don't stack-allocate the list of supplementary GIDs when we're - about to log them. Stack-allocating NGROUPS_MAX gid_t elements - could take up to 256K, which is way too much stack. Found by - Coverity; CID #450. Bugfix on 0.2.1.7-alpha. diff --git a/changes/clang_30_options b/changes/clang_30_options deleted file mode 100644 index e8e34c8e3e..0000000000 --- a/changes/clang_30_options +++ /dev/null @@ -1,5 +0,0 @@ - o Code simplifications and refactoring: - - During configure, detect when we're building with clang version 3.0 or - lower and disable the -Wnormalized=id and -Woverride-init CFLAGS. - clang doesn't support them yet. - diff --git a/changes/close_file_handle b/changes/close_file_handle new file mode 100644 index 0000000000..128ef81987 --- /dev/null +++ b/changes/close_file_handle @@ -0,0 +1,4 @@ + o Minor bugfixes: + - Don't hold a windows file handle open for every file mapping; + the file mapping handle is sufficient. Fix for bug 5951; bugfix on + 0.1.2.1-alpha. diff --git a/changes/cov479 b/changes/cov479 deleted file mode 100644 index afbaffc63b..0000000000 --- a/changes/cov479 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - Fix internal bug-checking logic that was supposed to catch - failures in digest generation so that it will fail more robustly - if we ask for a nonexistent algorithm. Found by Coverity Scan. - Bugfix on 0.2.2.1-alpha; fixes Coverity CID 479. diff --git a/changes/cov484 b/changes/cov484 deleted file mode 100644 index 33adbda18c..0000000000 --- a/changes/cov484 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes: - - Report any failure in init_keys() calls done because our IP address - has changed. Spotted by Coverity Scan. Bugfix on 0.1.1.4-alpha; - fixes CID 484. diff --git a/changes/coverity_maint b/changes/coverity_maint deleted file mode 100644 index e7be90a485..0000000000 --- a/changes/coverity_maint +++ /dev/null @@ -1,9 +0,0 @@ - o Code simplifications and refactoring: - - Remove some dead code as indicated by coverity. - - Remove a few dead assignments during router parsing. Found by coverity. - o Minor bugfixes: - - Add some forgotten return value checks during unit tests. Found - by coverity. - - Don't use 1-bit wide signed bit fields. Found by coverity. - - Fix a rare memory leak during stats writing. Found by coverity. - diff --git a/changes/dirreq-stats-default b/changes/dirreq-stats-default deleted file mode 100644 index df7ac11425..0000000000 --- a/changes/dirreq-stats-default +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features: - - Turn on directory request statistics by default and include them in - extra-info descriptors. Don't break if we have no GeoIP database. - Backported from 0.2.3.1-alpha; implements ticket 3951. - diff --git a/changes/dirvote_null_deref b/changes/dirvote_null_deref deleted file mode 100644 index 65dc519f52..0000000000 --- a/changes/dirvote_null_deref +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes: - - Fix a potential null-pointer dereference while computing a consensus. - Bugfix on tor-0.2.0.3-alpha, found with the help of clang's analyzer. - diff --git a/changes/exit-policy-default-is-not-a-prefix b/changes/exit-policy-default-is-not-a-prefix deleted file mode 100644 index 6eb1e8df99..0000000000 --- a/changes/exit-policy-default-is-not-a-prefix +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - Remove a trailing asterisk from "exit-policy/default" in the - output of the control port command "GETINFO info/names". Bugfix - on 0.1.2.5-alpha. - diff --git a/changes/feature3049 b/changes/feature3049 deleted file mode 100644 index 7960a1f475..0000000000 --- a/changes/feature3049 +++ /dev/null @@ -1,6 +0,0 @@ - o Major features: - - Add an __OwningControllerProcess configuration option and a - TAKEOWNERSHIP control-port command, so that a Tor controller can - ensure that when it exits, Tor will shut down. Implements - feature 3049. - diff --git a/changes/feature3076 b/changes/feature3076 deleted file mode 100644 index a3dcec8741..0000000000 --- a/changes/feature3076 +++ /dev/null @@ -1,14 +0,0 @@ - o Minor features - - The options SocksPort, ControlPort, and so on now all accept an - optional value "auto" that opens a socket on an OS-selected port. - o Minor features (controller) - - GETINFO net/listeners/(type) now returns a list of the addresses - and ports that are bound for listeners for a given connection - type. This is useful for if the user has selected SocksPort - "auto", and you need to know which port got chosen. - - There is a ControlPortWriteToFile option that tells Tor to write - its actual control port or ports to a chosen file. If the option - ControlPortFileGroupReadable is set, the file is created as - group-readable. - - diff --git a/changes/feature4484 b/changes/feature4484 deleted file mode 100644 index 78154e9649..0000000000 --- a/changes/feature4484 +++ /dev/null @@ -1,8 +0,0 @@ - o Minor features: - - Add two new config options for directory authorities: - AuthDirFastGuarantee sets a bandwidth threshold for guaranteeing the - Fast flag, and AuthDirGuardBWGuarantee sets a bandwidth threshold - that is always sufficient to satisfy the bandwidth requirement for - the Guard flag. Now it will be easier for researchers to simulate - Tor networks with different values. Resolves ticket 4484. - diff --git a/changes/fix-connection_printf_to_buf b/changes/fix-connection_printf_to_buf deleted file mode 100644 index e191eac8a5..0000000000 --- a/changes/fix-connection_printf_to_buf +++ /dev/null @@ -1,15 +0,0 @@ - * Code simplifications and refactoring: - - - Make connection_printf_to_buf's behaviour sane. Its callers - expect it to emit a CRLF iff the format string ends with CRLF; - it actually emits a CRLF iff (a) the format string ends with - CRLF or (b) the resulting string is over 1023 characters long or - (c) the format string does not end with CRLF ''and'' the - resulting string is 1021 characters long or longer. Bugfix on - 0.1.1.9-alpha; fixes part of bug 3407. - - - Make send_control_event_impl's behaviour sane. Its callers - expect it to always emit a CRLF at the end of the string; it - might emit extra control characters as well. Bugfix on - 0.1.1.9-alpha; fixes another part of bug 3407. - diff --git a/changes/fmt_addr b/changes/fmt_addr deleted file mode 100644 index b88c9e1bf4..0000000000 --- a/changes/fmt_addr +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes: - - When unable to format an address as a string, report its value - as "???" rather than reusing the last formatted address. Bugfix - on 0.2.1.5-alpha. diff --git a/changes/geoip-april2012 b/changes/geoip-april2012 deleted file mode 100644 index 66720c6d69..0000000000 --- a/changes/geoip-april2012 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update to the April 3 2012 Maxmind GeoLite Country database. - diff --git a/changes/geoip-august2011 b/changes/geoip-august2011 deleted file mode 100644 index 6de8b0f29c..0000000000 --- a/changes/geoip-august2011 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update to the August 2 2011 Maxmind GeoLite Country database. - diff --git a/changes/geoip-december2011 b/changes/geoip-december2011 deleted file mode 100644 index 82a708de62..0000000000 --- a/changes/geoip-december2011 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update to the December 6 2011 Maxmind GeoLite Country database. - diff --git a/changes/geoip-february2012 b/changes/geoip-february2012 deleted file mode 100644 index 0711654021..0000000000 --- a/changes/geoip-february2012 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update to the February 7 2012 Maxmind GeoLite Country database. - diff --git a/changes/geoip-january2012 b/changes/geoip-january2012 deleted file mode 100644 index 2f4180e578..0000000000 --- a/changes/geoip-january2012 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update to the January 3 2012 Maxmind GeoLite Country database. - diff --git a/changes/geoip-july2011 b/changes/geoip-july2011 deleted file mode 100644 index 7a9f119be0..0000000000 --- a/changes/geoip-july2011 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update to the July 1 2011 Maxmind GeoLite Country database. - diff --git a/changes/geoip-june2011 b/changes/geoip-june2011 deleted file mode 100644 index 8cf011b723..0000000000 --- a/changes/geoip-june2011 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update to the June 1 2011 Maxmind GeoLite Country database. - diff --git a/changes/geoip-march2012 b/changes/geoip-march2012 deleted file mode 100644 index 0f66d8fae2..0000000000 --- a/changes/geoip-march2012 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update to the March 6 2012 Maxmind GeoLite Country database. - diff --git a/changes/geoip-may2011 b/changes/geoip-may2011 deleted file mode 100644 index c908f24b45..0000000000 --- a/changes/geoip-may2011 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update to the May 1 2011 Maxmind GeoLite Country database. - diff --git a/changes/geoip-november2011 b/changes/geoip-november2011 deleted file mode 100644 index 3aa8dc05c2..0000000000 --- a/changes/geoip-november2011 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update to the November 1 2011 Maxmind GeoLite Country database. - diff --git a/changes/geoip-october2011 b/changes/geoip-october2011 deleted file mode 100644 index d5b6910edb..0000000000 --- a/changes/geoip-october2011 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update to the October 4 2011 Maxmind GeoLite Country database. - diff --git a/changes/geoip-september2011 b/changes/geoip-september2011 deleted file mode 100644 index c41314b1f0..0000000000 --- a/changes/geoip-september2011 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update to the September 6 2011 Maxmind GeoLite Country database. - diff --git a/changes/ides-becomes-turtles b/changes/ides-becomes-turtles deleted file mode 100644 index 09d964fe9b..0000000000 --- a/changes/ides-becomes-turtles +++ /dev/null @@ -1,4 +0,0 @@ - o Directory authority changes: - - Change IP address for ides (v3 directory authority), and rename it to - turtles. - diff --git a/changes/issue-2011-10-19L b/changes/issue-2011-10-19L deleted file mode 100644 index b879c9d401..0000000000 --- a/changes/issue-2011-10-19L +++ /dev/null @@ -1,28 +0,0 @@ - o Security fixes: - - - Don't send TLS certificate chains on outgoing OR connections - from clients and bridges. Previously, each client or bridge - would use a single cert chain for all outgoing OR connections - for up to 24 hours, which allowed any relay connected to by a - client or bridge to determine which entry guards it is using. - This is a potential user-tracing bug for *all* users; everyone - who uses Tor's client or hidden service functionality should - upgrade. Fixes CVE-2011-2768. Bugfix on FIXME; found by - frosty_un. - - - Don't use any OR connection on which we have received a - CREATE_FAST cell to satisfy an EXTEND request. Previously, we - would not consider whether a connection appears to be from a - client or bridge when deciding whether to use that connection to - satisfy an EXTEND request. Mitigates CVE-2011-2768, by - preventing an attacker from determining whether an unpatched - client is connected to a patched relay. Bugfix on FIXME; found - by frosty_un. - - - Don't assign the Guard flag to relays running a version of Tor - which would use an OR connection on which it has received a - CREATE_FAST cell to satisfy an EXTEND request. Mitigates - CVE-2011-2768, by ensuring that clients will not connect - directly to any relay which an attacker could probe for an - unpatched client's connections. - diff --git a/changes/issue-2011-10-23G b/changes/issue-2011-10-23G deleted file mode 100644 index 45f86754f0..0000000000 --- a/changes/issue-2011-10-23G +++ /dev/null @@ -1,9 +0,0 @@ - o Security fixes: - - - Reject CREATE and CREATE_FAST cells on outgoing OR connections - from a bridge to a relay. Previously, we would accept them and - handle them normally, thereby allowing a malicious relay to - easily distinguish bridges which connect to it from clients. - Fixes CVE-2011-2769. Bugfix on 0.2.0.3-alpha, when bridges were - implemented; found by frosty_un. - diff --git a/changes/maatuska-ip b/changes/maatuska-ip deleted file mode 100644 index a00b43f866..0000000000 --- a/changes/maatuska-ip +++ /dev/null @@ -1,3 +0,0 @@ - o Directory authority changes: - - Change IP address for maatuska (v3 directory authority). - diff --git a/changes/md_cache_replace b/changes/md_cache_replace deleted file mode 100644 index 88e029c00a..0000000000 --- a/changes/md_cache_replace +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes - - Avoid a bug that would keep us from replacing a microdescriptor - cache on Windows. (We would try to replace the file while still - holding it open. That's fine on Unix, but Windows doesn't let us - do that.) Bugfix on 0.2.2.6-alpha; bug found by wanoskarnet. - diff --git a/changes/mdesc_null_deref b/changes/mdesc_null_deref deleted file mode 100644 index 30f0280536..0000000000 --- a/changes/mdesc_null_deref +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - Avoid a possible null-pointer dereference when rebuilding the mdesc - cache without actually having any descriptors to cache. Bugfix on - 0.2.2.6-alpha. Issue discovered using clang's static analyzer. - diff --git a/changes/memleak_rendcache b/changes/memleak_rendcache deleted file mode 100644 index 93b1f6141b..0000000000 --- a/changes/memleak_rendcache +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes: - - Fix a memory leak when receiving a descriptor for a hidden - service we didn't ask for. Found by Coverity; CID#30. Bugfix on - 0.2.2.26-beta. diff --git a/changes/msvc_lround b/changes/msvc_lround deleted file mode 100644 index e4aea95351..0000000000 --- a/changes/msvc_lround +++ /dev/null @@ -1,4 +0,0 @@ - o Build fixes: - - Provide a substitute implementation of lround() for MSVC, which - apparently lacks it. Patch from Gisle Vanem. - diff --git a/changes/replay-firstpart b/changes/replay-firstpart deleted file mode 100644 index f4a7767fb1..0000000000 --- a/changes/replay-firstpart +++ /dev/null @@ -1,13 +0,0 @@ - o Minor features (security): - - - Check for replays of the public-key encrypted portion of an - INTRODUCE1 cell, in addition to the current check for replays of - the g^x value. This prevents a possible class of active attacks - by an attacker who controls both an introduction point and a - rendezvous point, and who uses the malleability of AES-CTR to - alter the encrypted g^x portion of the INTRODUCE1 cell. We - think that these attacks is infeasible (requiring the attacker - to send on the order of zettabytes of altered cells in a short - interval), but we'd rather block them off in case there are any - classes of this attack that we missed. Reported by dvorak. - diff --git a/changes/safecookie b/changes/safecookie deleted file mode 100644 index fd7d7af2b0..0000000000 --- a/changes/safecookie +++ /dev/null @@ -1,9 +0,0 @@ - o Security Features: - - Provide controllers with a safer way to implement the cookie - authentication mechanism. With the old method, if another locally - running program could convince a controller that it was the Tor - process, then that program could trick the contoller into - telling it the contents of an arbitrary 32-byte file. The new - "SAFECOOKIE" authentication method uses a challenge-response - approach to prevent this. Fixes bug 5185, implements proposal 193. - diff --git a/changes/ticket-4063 b/changes/ticket-4063 deleted file mode 100644 index 6a985b8c25..0000000000 --- a/changes/ticket-4063 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (usability): - - Downgrade log messages about circuit timeout calibration from - "notice" to "info": they don't require or suggest any human - intervention. Patch from Tom Lowenthal. Fixes bug 4063; - bugfix on 0.2.2.14-alpha. - diff --git a/changes/timersub_bug b/changes/timersub_bug deleted file mode 100644 index 9183862677..0000000000 --- a/changes/timersub_bug +++ /dev/null @@ -1,7 +0,0 @@ - o Major bugfixes: - - Provide correct replacements for the timeradd() and timersub() functions - for platforms that lack them (for example, windows). The timersub() - function is used when expiring circuits, timeradd() is currently unused. - Patch written by Vektor, who also reported the bug. Thanks! Bugfix - on 0.2.2.24-alpha/0.2.3.1-alpha, fixes bug 4778. - diff --git a/changes/typo-fix-ohkah8Ah b/changes/typo-fix-ohkah8Ah deleted file mode 100644 index 9b4e5c08cc..0000000000 --- a/changes/typo-fix-ohkah8Ah +++ /dev/null @@ -1,9 +0,0 @@ - * Minor bugfixes: - - - Clarify a log message specifying the characters permitted in - HiddenServiceAuthorizeClient client names. Previously, the log - message said that "[A-Za-z0-9+-_]" were permitted; that could - have given the impression that every ASCII character between "+" - and "_" was permitted. Now we say "[A-Za-z0-9+_-]". Bugfix on - 0.2.1.5-alpha. - diff --git a/changes/win-bundle-path b/changes/win-bundle-path deleted file mode 100644 index 32ff514ef2..0000000000 --- a/changes/win-bundle-path +++ /dev/null @@ -1,4 +0,0 @@ - o Packaging changes: - - Remove absolute path from makensis.exe command to build Tor expert bundle - in order to make it easier to automate package builds - diff --git a/changes/windows_8 b/changes/windows_8 deleted file mode 100644 index 405e4fa158..0000000000 --- a/changes/windows_8 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - The next version of Windows will be called Windows 8, and it has a major - version of 6, minor version of 2. Correctly identify that version instead - of calling it "Very recent version". Fixes bug 4153; reported by funkstar. - |