diff options
Diffstat (limited to 'changes')
105 files changed, 473 insertions, 137 deletions
diff --git a/changes/abandon-rend-circs-on-newnym b/changes/abandon-rend-circs-on-newnym new file mode 100644 index 000000000..67cb2dce2 --- /dev/null +++ b/changes/abandon-rend-circs-on-newnym @@ -0,0 +1,8 @@ + o Security fixes: + - Don't attach new streams to old rendezvous circuits after SIGNAL + NEWNYM. Previously, we would keep using an existing rendezvous + circuit if it remained open (i.e. if it were kept open by a + long-lived stream or if a new stream were attached to it before + Tor could notice that it was old and no longer in use and close + it). Bugfix on 0.1.1.15-rc; fixes bug 3375. + diff --git a/changes/automake_required b/changes/automake_required deleted file mode 100644 index bb5035518..000000000 --- a/changes/automake_required +++ /dev/null @@ -1,6 +0,0 @@ - o Build changes - - Our build system requires automake 1.6 or later to create the - Makefile.in files. Previously, you could have used 1.4. - This only affects developers and people building Tor from git; - people who build Tor from the source distribution without changing - the Makefile.am files should be fine. diff --git a/changes/autoreconf b/changes/autoreconf deleted file mode 100644 index c08cc7a37..000000000 --- a/changes/autoreconf +++ /dev/null @@ -1,5 +0,0 @@ - o Minor build changes: - - Use autoreconf to launch autoconf, automake, etc from autogen.sh. - This is more robust against some of the failure modes associated - with running the autotools chain on its own. - diff --git a/changes/bufferevent-support b/changes/bufferevent-support deleted file mode 100644 index e39c36f13..000000000 --- a/changes/bufferevent-support +++ /dev/null @@ -1,12 +0,0 @@ - o Major features - - Tor can now optionally build with the "bufferevents" buffered IO - backend provided by Libevent, when building with Libevent 2.0.7-rc - or later. To use this feature, make sure you have the latest possible - version of Libevent, and run autoconf with the --enable-bufferevents - flag. Using this feature will make our networking code more flexible, - lets us stack layers on each other, and let us use more efficient - zero-copy transports where available. - - As an experimental feature, when using the "bufferevents" buffered - IO backend, Tor can try to use Windows's IOCP networking API. This - is off by default. To turn it on, add "DisableIOCP 0" to your torrc. - diff --git a/changes/bug1297a b/changes/bug1297a new file mode 100644 index 000000000..140b94e3b --- /dev/null +++ b/changes/bug1297a @@ -0,0 +1,16 @@ + o Major bugfixes: + - Apply circuit timeouts to opened hidden-service-related circuits + based on the correct start time. Previously, we would apply the + circuit build timeout based on time since the circuit's + creation; it was supposed to be applied based on time since the + circuit entered its current state. Bugfix on 0.0.6; fixes part + of bug 1297. + - Use the same circuit timeout for client-side introduction + circuits as for other four-hop circuits. Previously, + client-side introduction circuits were closed after the same + timeout as single-hop directory-fetch circuits; this was + appropriate with the static circuit build timeout in 0.2.1.x and + earlier, but caused many hidden service access attempts to fail + with the adaptive CBT introduced in 0.2.2.2-alpha. Bugfix on + 0.2.2.2-alpha; fixes another part of bug 1297. + diff --git a/changes/bug1345 b/changes/bug1345 new file mode 100644 index 000000000..0c9375a35 --- /dev/null +++ b/changes/bug1345 @@ -0,0 +1,13 @@ + o Minor bugfixes: + - On SIGHUP, do not clear out all TrackHostExits mappings, client DNS + cache entries, and virtual address mappings: that's what NEWNYM is + for. Bugfix on Tor 0.1.0.1-rc; fixes bug 1345. + - When TrackHostExits is changed from a controller, remove any + mappings for hosts that should no longer have their exits tracked. + Bugfix on Tor 0.1.0.1-rc. + - When VirtualAddrNetwork option is changed from a controller, + remove any mappings for hosts that were automapped to + that network. Bugfix on 0.1.1.19-rc. + - When one of the AutomapHosts* options is changed from a + controller, remove any mappings for hosts that should no longer be + automapped. Bugfix on 0.2.0.1-alpha. diff --git a/changes/bug1352 b/changes/bug1352 new file mode 100644 index 000000000..bde019240 --- /dev/null +++ b/changes/bug1352 @@ -0,0 +1,4 @@ + o Minor features + - Rate-limit a warning about failures to download v2 networkstatus + documents. Resolves part of bug 1352. + diff --git a/changes/bug1810 b/changes/bug1810 new file mode 100644 index 000000000..11e561f7c --- /dev/null +++ b/changes/bug1810 @@ -0,0 +1,6 @@ + o Major bugfixes: + - Don't decide to make a new descriptor when receiving a HUP signal. + This bug has caused a lot of relays to disappear from the consensus + periodically. Fixes the most common case of triggering bug 1810; + bugfix on 0.2.2.7-alpha. + diff --git a/changes/bug1982 b/changes/bug1982 deleted file mode 100644 index 30ce2df7c..000000000 --- a/changes/bug1982 +++ /dev/null @@ -1,5 +0,0 @@ - o Major features: - - Allow EntryNodes to include country codes like {de} or IP addresses - or network masks. Previously we had disallowed these options - because we didn't have an efficient way to keep the list up to - date. Resolves bug 1982. diff --git a/changes/bug2081_followup b/changes/bug2081_followup deleted file mode 100644 index a53227c38..000000000 --- a/changes/bug2081_followup +++ /dev/null @@ -1,9 +0,0 @@ - o Minor features (authorities) - - Directory authorities now reject relays running any versions of - Tor between 0.2.1.3-alpha and 0.2.1.18 inclusive; they have - known bugs that keep RELAY_EARLY cells from working on rendezvous - circuits. Followup to fix for bug 2081. - - Directory authorities now reject relays running any version of Tor - older than 0.2.0.26-rc. That is the earliest version that fetches - current directory information correctly. Fix for bug 2156. - diff --git a/changes/bug2097-more b/changes/bug2097-more deleted file mode 100644 index 52351cc01..000000000 --- a/changes/bug2097-more +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes: - - Fix a logic error in directory_fetches_from_authorities that - would cause all _non_-exits refusing single-hop-like circuits to - fetch from authorities, when we wanted to have _exits_ fetch - from authorities. Fix by boboper; fixes more of 2097; bugfix on - 0.2.2.16-alpha. diff --git a/changes/bug2146.1 b/changes/bug2146.1 deleted file mode 100644 index 5b91c59a6..000000000 --- a/changes/bug2146.1 +++ /dev/null @@ -1,4 +0,0 @@ - - Major bugfixes: - o Fix a bug that could break accounting on 64-bit systems with large - time_t values, making them hibernate for impossibly long intervals. - Bugfix on 0.0.9pre6; fix for bug 2146; fix by boboper. diff --git a/changes/bug2210 b/changes/bug2210 deleted file mode 100644 index fe1c049fc..000000000 --- a/changes/bug2210 +++ /dev/null @@ -1,5 +0,0 @@ - o ?? bugfixes: - - Fix a bug that would cause newer streams on a given circuit to - get preference when reading bytes from the network. Fixes bug - 2210. Fix by Mashael AlSabah. This bug was introduced before - the first Tor release, in svn revision r152. diff --git a/changes/bug2235 b/changes/bug2235 deleted file mode 100644 index 0c3bafa44..000000000 --- a/changes/bug2235 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes - - Avoid crashes when AccountingMax is set on clients. Fixes bug 2235; - Bugfix on 0.2.2.18-alpha. Diagnosed by boboper. diff --git a/changes/bug2355 b/changes/bug2355 new file mode 100644 index 000000000..ee0ae4b96 --- /dev/null +++ b/changes/bug2355 @@ -0,0 +1,8 @@ + o Major features: + - If "UseBridges 1" is set and no bridges are configured, Tor will + now refuse to build any circuits until some bridges are set. + If "UseBridges auto" is set, Tor will use bridges if they are + configured and we are not running as a server, but otherwise + will make circuits as usual. The new default is "auto". Patch + by anonym. + diff --git a/changes/bug2355_revert b/changes/bug2355_revert new file mode 100644 index 000000000..2ded40ad8 --- /dev/null +++ b/changes/bug2355_revert @@ -0,0 +1,7 @@ + o Minor bugfixes: + - Revert the UseBridges option to its behavior before 0.2.2.28-beta. + When we changed the default behavior to "use bridges if any are + listed in the torrc", we broke a number of users who had bridges + in their torrc files but who didn't actually want to use them. + Partial resolution for bug 3354. + diff --git a/changes/bug2503 b/changes/bug2503 new file mode 100644 index 000000000..50b8bf50c --- /dev/null +++ b/changes/bug2503 @@ -0,0 +1,4 @@ + o Minor features: + - When an HTTPS proxy reports "403 Forbidden", we now explain + what it means rather than calling it an unexpected status code. + Closes bug 2503. Patch from "mikey". diff --git a/changes/bug2574 b/changes/bug2574 new file mode 100644 index 000000000..5cf2daebf --- /dev/null +++ b/changes/bug2574 @@ -0,0 +1,3 @@ + o Minor features: + - Allow nameservers with IPv6 address. Fixes bug 2574. + diff --git a/changes/bug2732-simple b/changes/bug2732-simple new file mode 100644 index 000000000..367836152 --- /dev/null +++ b/changes/bug2732-simple @@ -0,0 +1,7 @@ + o Minor bugfixes + - Do not reject hidden service descriptors simply because we don't + think we have not been assigned the HSDir flag. Clients and + hidden services can have a more up-to-date view of the network + consensus, and if they think that the directory authorities + list us a HSDir, we might actually be one. Related to bug 2732; + bugfix on 0.2.0.10-alpha. diff --git a/changes/bug2748 b/changes/bug2748 new file mode 100644 index 000000000..b522560a9 --- /dev/null +++ b/changes/bug2748 @@ -0,0 +1,10 @@ + o Minor bugfixes + - Remove dead code from rend_cache_lookup_v2_desc_as_dir. Fixes + part of bug 2748; bugfix on 0.2.0.10-alpha. + - Log malformed requests for rendezvous descriptors as protocol + warnings, not warnings. Also, use a more informative log + message in case someone sees it at log level warning without + prior info-level messages. Fixes the other part of bug 2748; + bugfix on 0.2.0.10-alpha. + + diff --git a/changes/bug2752 b/changes/bug2752 new file mode 100644 index 000000000..b872d3374 --- /dev/null +++ b/changes/bug2752 @@ -0,0 +1,5 @@ + o Minor features: + - Tor used to limit HttpProxyAuthenticator values to 48 characters. + Changed the limit to 512 characters by removing base64 newlines. + Fixes bug 2752. Fix by Michael Yakubovich. + diff --git a/changes/bug2792_checkdir b/changes/bug2792_checkdir new file mode 100644 index 000000000..10de1deb2 --- /dev/null +++ b/changes/bug2792_checkdir @@ -0,0 +1,8 @@ + o Minor features: + - Tor now refuses to create a ControlSocket in a directory that is + world-readable (or group-readable if ControlSocketsGroupWritable + is 0). This is necessary because some operating systems do not + check the permissions on an AF_UNIX socket when programs try to + connect to it. Checking permissions on the directory holding + the socket, however, seems to work everywhere. + diff --git a/changes/bug2798 b/changes/bug2798 new file mode 100644 index 000000000..8fd2243b0 --- /dev/null +++ b/changes/bug2798 @@ -0,0 +1,10 @@ + o Major bugfixes: + - When configuring a large set of nodes in EntryNodes (as with + 'EntryNodes {cc}' or 'EntryNodes 1.1.1.1/16'), choose only a + random subset to be guards, and choose them in random + order. Bugfix on 0.2.3.1-alpha; fixes bug 2798. + + o Minor features: + - When configuring a large set of nodes in EntryNodes, and there are + enough of them listed as Guard so that we don't need to consider + the non-guard entries, prefer the ones listed with the Guard flag. diff --git a/changes/bug2850 b/changes/bug2850 new file mode 100644 index 000000000..77ccbfa25 --- /dev/null +++ b/changes/bug2850 @@ -0,0 +1,5 @@ + - Minor features + o Set SO_REUSEADDR on all sockets, not just listeners. This should + help busy exit nodes avoid running out of useable ports just because + all the ports have been used in the near past. Resolves issue 2850. + diff --git a/changes/bug2972 b/changes/bug2972 new file mode 100644 index 000000000..26afcca42 --- /dev/null +++ b/changes/bug2972 @@ -0,0 +1,5 @@ + o Minor features: + - Allow ControlSockets to be group-writable when the + ControlSocksGroupWritable configuration option is turned on. Patch + by Jérémy Bobbio; implements ticket 2972. + diff --git a/changes/bug3019 b/changes/bug3019 new file mode 100644 index 000000000..4df709fb3 --- /dev/null +++ b/changes/bug3019 @@ -0,0 +1,4 @@ + o Minor bugfixes: + - Do not reset the bridge descriptor download status every time we + re-parse our configuration or get a configuration change. Fixes + bug 3019; bugfix on Tor 0.2.0.3-alpha. diff --git a/changes/bug3022 b/changes/bug3022 new file mode 100644 index 000000000..9472e6d19 --- /dev/null +++ b/changes/bug3022 @@ -0,0 +1,6 @@ + o Removed features + - Caches no longer download and serve v2 networkstatus documents + unless FetchV2Networkstatus flag is set: these documents haven't + haven't been used by clients or relays since 0.2.0.x. Resolves + bug 3022. + diff --git a/changes/bug3026 b/changes/bug3026 new file mode 100644 index 000000000..c0c0a3860 --- /dev/null +++ b/changes/bug3026 @@ -0,0 +1,4 @@ + o Minor bugfixes (directory authority) + - Do not upload our own vote or signature set to ourself. It would + tell us nothing new. Also, as of Tor 0.2.2.24-alpha, we started + to warn about receiving duplicate votes. Resolves bug 3026. diff --git a/changes/bug3045 b/changes/bug3045 new file mode 100644 index 000000000..1cbcabaff --- /dev/null +++ b/changes/bug3045 @@ -0,0 +1,6 @@ + o Minor features: + - Revise most log messages that refer to nodes by nickname to + instead use the "$key=nickname at address" format. This should be + more useful, especially since nicknames are less and less likely + to be unique. Fixes bug 3045. + diff --git a/changes/bug3113 b/changes/bug3113 new file mode 100644 index 000000000..7c3b5ce37 --- /dev/null +++ b/changes/bug3113 @@ -0,0 +1,4 @@ + o Minor bugfixes: + - Do not free all general-purposes regular descriptors just + because microdescriptor use is enabled. Fixes bug 3113; + bugfix on 0.2.3.1-alpha. diff --git a/changes/bug3118 b/changes/bug3118 new file mode 100644 index 000000000..c70298173 --- /dev/null +++ b/changes/bug3118 @@ -0,0 +1,4 @@ + o Minor bugfixes: + - Correctly link libevent_openssl when --enable-static-libevent + is passed to configure. Fixes bug 3118; bugfix on 0.2.3.1-alpha. + diff --git a/changes/bug3122_memcmp b/changes/bug3122_memcmp new file mode 100644 index 000000000..a04947674 --- /dev/null +++ b/changes/bug3122_memcmp @@ -0,0 +1,7 @@ + o Security fixes + - Replace all potentially sensitive memory comparison operations + with versions whose runtime does not depend on the data being + compared. This will help resist a class of attacks where an + adversary can use variations in timing information to learn + sensitive data. Fix for one case of bug 3122. (Safe memcmp + implementation by Robert Ransom based partially on code by DJB.) diff --git a/changes/bug3135 b/changes/bug3135 new file mode 100644 index 000000000..d76112348 --- /dev/null +++ b/changes/bug3135 @@ -0,0 +1,6 @@ + o Minor bugfixes + - Do not crash when our configuration file becomes unreadable + (usually due to a permissions change) between when we start + up and when a controller calls SAVECONF. Fixes bug 3135; + bugfix on 0.0.9pre6. + diff --git a/changes/bug3153 b/changes/bug3153 new file mode 100644 index 000000000..8754b3df3 --- /dev/null +++ b/changes/bug3153 @@ -0,0 +1,5 @@ + o Minor features: + - Check for and recover from inconsistency in the microdescriptor + cache. This will make it harder for us to accidentally free a + microdescriptor without removing it from the appropriate data + structures. Fixes issue 3135; issue noted by wanoskarnet. diff --git a/changes/bug3175 b/changes/bug3175 new file mode 100644 index 000000000..3360fbce0 --- /dev/null +++ b/changes/bug3175 @@ -0,0 +1,7 @@ + o Minor bugfixes: + - Resolve an untriggerable issue in smartlist_string_num_isin(), + where if the function had ever in the future been used to check + for the presence of a too-large number, it would have given an + incorrect result. (Fortunately, we only used it for 16-bit + values.) Fixes bug 3175; bugfix on Tor 0.1.0.1-rc. + diff --git a/changes/bug3183 b/changes/bug3183 new file mode 100644 index 000000000..b1e594b8d --- /dev/null +++ b/changes/bug3183 @@ -0,0 +1,5 @@ + o Minor bugfixes: + - Bridges should not complain that they are unlisted in the consensus: + that's more or less the point of being a bridge. Bugfix on + 0.2.3.1-alpha; fixes bug 3183. + diff --git a/changes/bug3198 b/changes/bug3198 new file mode 100644 index 000000000..29c16852e --- /dev/null +++ b/changes/bug3198 @@ -0,0 +1,4 @@ + o Major bugfixes: + - When we configure a new bridge via the controller, don't wait up + to ten seconds before trying to fetch its descriptor. Bugfix on + 0.2.0.3-alpha; fixes bug 3198 (suggested by 2355). diff --git a/changes/bug3200 b/changes/bug3200 new file mode 100644 index 000000000..a80d51633 --- /dev/null +++ b/changes/bug3200 @@ -0,0 +1,6 @@ + o Minor bugfixes: + - When a client starts or stops using bridges, never use a circuit + that was built before the configuration change. This behavior could + put at risk a user who uses bridges to ensure that her traffic + only goes to the chosen addresses. Bugfix on 0.2.0.3-alpha; fixes + bug 3200. diff --git a/changes/bug3207 b/changes/bug3207 new file mode 100644 index 000000000..65a7dac1a --- /dev/null +++ b/changes/bug3207 @@ -0,0 +1,4 @@ + o Minor bugfixes: + - Require that onion keys have exponent 65537 in microdescriptors too. + Fixes part of bug 3207; bugfix on 0.2.2.25-alpha + diff --git a/changes/bug3208 b/changes/bug3208 new file mode 100644 index 000000000..fd737ba69 --- /dev/null +++ b/changes/bug3208 @@ -0,0 +1,6 @@ + o Removed options: + - Remove undocumented option "-F" from tor-resolve: it hasn't done + anything since 0.2.1.16-rc. + + o Minor bugfixes: + - Fix warnings from GCC 4.6's "-Wunused-but-set-variable" option. diff --git a/changes/bug3213 b/changes/bug3213 new file mode 100644 index 000000000..ab7de2d62 --- /dev/null +++ b/changes/bug3213 @@ -0,0 +1,4 @@ + o Major bugfixes: + - Fix a crash bug when changing bridges in a running Tor process. + Fixes bug 3213; bugfix on 0.2.2.26-beta. + diff --git a/changes/bug3216 b/changes/bug3216 new file mode 100644 index 000000000..599b5e162 --- /dev/null +++ b/changes/bug3216 @@ -0,0 +1,4 @@ + o Major bugfixes: + - Don't try to build descriptors if "ORPort auto" is set and we + don't know our actual ORPort yet. Fix for bug 3216; bugfix on + 0.2.2.26-beta. diff --git a/changes/bug3228 b/changes/bug3228 new file mode 100644 index 000000000..4aca810d3 --- /dev/null +++ b/changes/bug3228 @@ -0,0 +1,3 @@ + o Major bugfixes: + - Resolve a crash that occured when setting BridgeRelay to 1 with + accounting enabled. Fixes bug 3228; bugfix on 0.2.2.18-alpha. diff --git a/changes/bug3252 b/changes/bug3252 new file mode 100644 index 000000000..f85f633fb --- /dev/null +++ b/changes/bug3252 @@ -0,0 +1,4 @@ + o Minor features: + - Relays now log the reason for publishing a new relay descriptor, + so we have a better chance of hunting down the root cause of bug + 1810. Resolves ticket 3252. diff --git a/changes/bug3263 b/changes/bug3263 new file mode 100644 index 000000000..43202c276 --- /dev/null +++ b/changes/bug3263 @@ -0,0 +1,4 @@ + o Minor bugfixes: + - Don't publish a new relay descriptor when we reload our onion key, + unless the onion key has actually changed. Fixes bug 3263 and + resolves another cause of bug 1810. Bugfix on 0.1.1.11-alpha. diff --git a/changes/bug3264 b/changes/bug3264 new file mode 100644 index 000000000..dcd0a842f --- /dev/null +++ b/changes/bug3264 @@ -0,0 +1,4 @@ + o Minor features: + - Log SSL state transitions at log level DEBUG, log domain + HANDSHAKE. This can be useful for debugging censorship events. + Implements ticket 3264. diff --git a/changes/bug3270 b/changes/bug3270 new file mode 100644 index 000000000..b37bb983c --- /dev/null +++ b/changes/bug3270 @@ -0,0 +1,4 @@ + o Minor bugfixes + - Use a wide type to hold sockets when built for 64-bit Windows builds. + Fixes bug 3270. + diff --git a/changes/bug3289 b/changes/bug3289 new file mode 100644 index 000000000..c469796d6 --- /dev/null +++ b/changes/bug3289 @@ -0,0 +1,5 @@ + o Minor bugfixes: + - Warn when the user configures two HiddenServiceDir lines that point + to the same directory. Bugfix on 0.0.6 (the version introducing + HiddenServiceDir); fixes bug 3289. + diff --git a/changes/bug3306 b/changes/bug3306 new file mode 100644 index 000000000..f868a24af --- /dev/null +++ b/changes/bug3306 @@ -0,0 +1,9 @@ + o Minor bugfixes: + - Make our crypto_rand_int() function check the value of its input + correctly. Previously, it accepted values up to UINT_MAX, but + could return a negative number if given a value above INT_MAX+1. + Found by George Kadianakis. Fixes bug 3306; bugfix on 0.2.2pre14. + + - Avoid a segfault when reading a malformed circuit build state + with more than INT_MAX entries. Found by wanoskarnet. Bugfix on + 0.2.2.4-alpha. diff --git a/changes/bug3309 b/changes/bug3309 new file mode 100644 index 000000000..104056d8e --- /dev/null +++ b/changes/bug3309 @@ -0,0 +1,13 @@ + o Minor bugfixes: + - Clear the table recording the time of the last request for each + hidden service descriptor from each HS directory on SIGNAL + NEWNYM. Previously, we would clear our HS descriptor cache on + SIGNAL NEWNYM, but if we had previously retrieved a descriptor + (or tried to) from every directory responsible for it, we would + refuse to fetch it again for up to 15 minutes. Bugfix on + 0.2.2.25-alpha; fixes bug 3309. + + o Minor features: + - Log (at info level) when purging pieces of hidden-service-client + state on SIGNAL NEWNYM. + diff --git a/changes/bug3318 b/changes/bug3318 new file mode 100644 index 000000000..8a3c27825 --- /dev/null +++ b/changes/bug3318 @@ -0,0 +1,7 @@ + o Minor bugfixes: + - Fix a log message that said "bits" while displaying a value in + bytes. Found by wanoskarnet. Fixes bug 3318; bugfix on + 0.2.0.1-alpha. + - When checking for 1024-bit keys, check for 1024 bits, not 128 + bytes. This allows Tor to correctly discard keys of length + 1017 through 1023. Bugfix on 0.0.9pre5. diff --git a/changes/bug3321 b/changes/bug3321 new file mode 100644 index 000000000..3605efce2 --- /dev/null +++ b/changes/bug3321 @@ -0,0 +1,7 @@ + o Minor bugfixes: + - In bug 2511 we fixed a case where you could use an unconfigured + bridge if you had configured it as a bridge the last time you ran + Tor. Now fix another edge case: if you had configured it as a bridge + but then switched to a different bridge via the controller, you + would still be willing to use the old one. Bugfix on 0.2.0.1-alpha; + fixes bug 3321. diff --git a/changes/bug3332 b/changes/bug3332 new file mode 100644 index 000000000..28ccbf41d --- /dev/null +++ b/changes/bug3332 @@ -0,0 +1,9 @@ + o Minor bugfixes: + - Assert that hidden-service-related operations are not performed + using single-hop circuits. Previously, Tor would assert that + client-side streams are not attached to single-hop circuits, but + not that other sensitive operations on the client and service + side are not performed using single-hop circuits. Fixes bug + 3332; bugfix on 0.0.6. + + diff --git a/changes/bug3349 b/changes/bug3349 new file mode 100644 index 000000000..fe5836ae1 --- /dev/null +++ b/changes/bug3349 @@ -0,0 +1,9 @@ + o Minor bugfixes: + - Report a SIGNAL event to controllers when acting on a delayed + SIGNAL NEWNYM command. Previously, we would report a SIGNAL + event to the controller if we acted on a SIGNAL NEWNYM command + immediately, and otherwise not report a SIGNAL event for the + command at all. Bugfix on 0.2.3.1-alpha; fixes bug 3349. + + + diff --git a/changes/bug3361 b/changes/bug3361 new file mode 100644 index 000000000..06bd954a0 --- /dev/null +++ b/changes/bug3361 @@ -0,0 +1,4 @@ + o Major bugfixes: + - Fix a crash bug that could occur when setting a consensus in a + non-used flavor without having a current consensus set. Fixes bug + 3361; bugfix on 0.2.3.1-alpha. diff --git a/changes/bug3367 b/changes/bug3367 new file mode 100644 index 000000000..8a697782b --- /dev/null +++ b/changes/bug3367 @@ -0,0 +1,4 @@ + o Minor bugfixes + - Fix a crash when handling the SIGNAL controller command or + reporting ERR-level status events with bufferevents enabled. Found + by Robert Ransom. Fixes bug 3367; bugfix on 0.2.3.1-alpha. diff --git a/changes/bug3369 b/changes/bug3369 new file mode 100644 index 000000000..9c0d0e699 --- /dev/null +++ b/changes/bug3369 @@ -0,0 +1,4 @@ + o Minor bugfixes: + - When asked about a DNS record type we don't support via a + client DNSPort, reply with NOTIMPL rather than an empty + reply. Patch by intrigeri. Fixes bug 3369; bugfix on 2.0.1-alpha. diff --git a/changes/bug3389 b/changes/bug3389 new file mode 100644 index 000000000..2442f4f97 --- /dev/null +++ b/changes/bug3389 @@ -0,0 +1,4 @@ + o Major bugfixes: + - Always ship the tor-fw-helper manpage in our release tarballs. Bugfix + on 0.2.3.1-alpha; fixes bug 3389. Reported by Stephen Walker. + diff --git a/changes/bug3393 b/changes/bug3393 new file mode 100644 index 000000000..677bcb7be --- /dev/null +++ b/changes/bug3393 @@ -0,0 +1,5 @@ + o Minor bugfixes: + - Fix a bug when using ControlSocketsGroupWritable with User. The + directory's group would be checked against the current group, not + the configured group. Patch by Jérémy Bobbio. Fixes bug3393; bugfix + on Tor 0.2.2.26-beta.
\ No newline at end of file diff --git a/changes/bug3403 b/changes/bug3403 new file mode 100644 index 000000000..7d051d9f4 --- /dev/null +++ b/changes/bug3403 @@ -0,0 +1,3 @@ + o Minor bugfixes: + - Fix a class of double-mark-for-close bugs when bufferevents + are enabled. Fixes bug 3403; bugfix on 0.2.3.1-alpha. diff --git a/changes/bug3427 b/changes/bug3427 new file mode 100644 index 000000000..267d4d422 --- /dev/null +++ b/changes/bug3427 @@ -0,0 +1,4 @@ + * Minor bugfixes: + - Make 'tor --digests' list hashes of all Tor source files. + Bugfix on 0.2.2.4-alpha; fixes bug 3427. + diff --git a/changes/bug3434 b/changes/bug3434 new file mode 100644 index 000000000..24ee51872 --- /dev/null +++ b/changes/bug3434 @@ -0,0 +1,2 @@ + o Minor bugfixes: + - Update tor-fw-helper to support libnatpmp-20110618; fixes 3434. diff --git a/changes/bug3465-022 b/changes/bug3465-022 new file mode 100644 index 000000000..2d226162a --- /dev/null +++ b/changes/bug3465-022 @@ -0,0 +1,6 @@ + o Minor bugfixes: + + - Add BUILDTIMEOUT_SET to the list returned by the 'GETINFO + events/names' control-port command. Bugfix on 0.2.2.9-alpha; + fixes part of bug 3465. + diff --git a/changes/bug3465-023 b/changes/bug3465-023 new file mode 100644 index 000000000..9fa089bda --- /dev/null +++ b/changes/bug3465-023 @@ -0,0 +1,6 @@ + o Minor bugfixes: + + - Add SIGNAL to the list returned by the 'GETINFO events/names' + control-port command. Bugfix on 0.2.3.1-alpha; fixes part of + bug 3465. + diff --git a/changes/bug3536 b/changes/bug3536 new file mode 100644 index 000000000..d3cec131b --- /dev/null +++ b/changes/bug3536 @@ -0,0 +1,5 @@ + o Minor bugfixes: + - Send a SUCCEEDED stream event to the controller when a reverse + resolve succeeded. Fixes bug 3536; bugfix on 0.0.8pre1. Issue + discovered by katmagic. + diff --git a/changes/bug507.event b/changes/bug507.event deleted file mode 100644 index 68ef4b143..000000000 --- a/changes/bug507.event +++ /dev/null @@ -1,4 +0,0 @@ - o Code simplifications - - We no longer need link tor-gencert, tor-resolve, or tor-checkkey - against libevent; they don't use them, and our code was already - refactored not to force them to use them. diff --git a/changes/bytecount b/changes/bytecount deleted file mode 100644 index 50c4d6b35..000000000 --- a/changes/bytecount +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes - - Fix a off-by-one error in calculating some controller command argument - lengths. Fortunately, this is harmless, the controller code does - redundant NUL termination too. Found by boboper. Bugfix on - 0.1.1.1-alpha. diff --git a/changes/check-fetched-rend-desc-service-id b/changes/check-fetched-rend-desc-service-id new file mode 100644 index 000000000..2f37c3021 --- /dev/null +++ b/changes/check-fetched-rend-desc-service-id @@ -0,0 +1,7 @@ + o Security fixes: + - When fetching a hidden service descriptor, check that it is for + the hidden service we were trying to connect to, in order to + stop a directory from pre-seeding a client with a descriptor for + a hidden service that they didn't want. Bugfix on 0.0.6. + + diff --git a/changes/check-public-key-exponents b/changes/check-public-key-exponents new file mode 100644 index 000000000..a8d00673b --- /dev/null +++ b/changes/check-public-key-exponents @@ -0,0 +1,5 @@ + o Minor bugfixes: + - Require that introduction point keys and onion keys have public + exponent 65537. Bugfix on 0.2.0.10-alpha. + + diff --git a/changes/cid_428 b/changes/cid_428 new file mode 100644 index 000000000..cb0fc8c2b --- /dev/null +++ b/changes/cid_428 @@ -0,0 +1,5 @@ + o Minor bugfixes: + - Always NUL-terminate the sun_path field of a sockaddr_un before + passing it to the kernel. (Not a security issue: kernels are + smart enough to reject bad sockaddr_uns.) Found by Coverity; CID + # 428. Bugfix on Tor 0.2.0.3-alpha. diff --git a/changes/cid_450 b/changes/cid_450 new file mode 100644 index 000000000..2045fca23 --- /dev/null +++ b/changes/cid_450 @@ -0,0 +1,5 @@ + o Minor bugfixes: + - Don't stack-allocate the list of supplementary GIDs when we're + about to log them. Stack-allocating NGROUPS_MAX gid_t elements + could take up to 256K, which is way too much stack. Found by + Coverity; CID #450. Bugfix on 0.2.1.7-alpha. diff --git a/changes/cov217_scanf b/changes/cov217_scanf new file mode 100644 index 000000000..368bca825 --- /dev/null +++ b/changes/cov217_scanf @@ -0,0 +1,5 @@ + o Code simplification and refactoring: + - Use tor_sscanf in place of scanf in more places through the + code. This makes us a little more locale-independent, and + should help shut up code-analysis tools that can't tell + a safe sscanf string from a dangerous one. diff --git a/changes/coverity_maint b/changes/coverity_maint new file mode 100644 index 000000000..e7be90a48 --- /dev/null +++ b/changes/coverity_maint @@ -0,0 +1,9 @@ + o Code simplifications and refactoring: + - Remove some dead code as indicated by coverity. + - Remove a few dead assignments during router parsing. Found by coverity. + o Minor bugfixes: + - Add some forgotten return value checks during unit tests. Found + by coverity. + - Don't use 1-bit wide signed bit fields. Found by coverity. + - Fix a rare memory leak during stats writing. Found by coverity. + diff --git a/changes/coverity_master b/changes/coverity_master new file mode 100644 index 000000000..eca003d20 --- /dev/null +++ b/changes/coverity_master @@ -0,0 +1,8 @@ + o Minor bugfixes: + - Prevent using negative indices during unit test runs when read_all() + fails. Spotted by coverity. Bugfix on 0.2.3.1-alpha. + - Fix a rare memory leak when checking the nodelist without it being + present. Found by coverity. Bugfix on 0.2.3.1-alpha. + o Code simplifications and refactoring: + - Remove a dead variable in the heartbeat log code. Spotted by coverity. + diff --git a/changes/cpudetect b/changes/cpudetect deleted file mode 100644 index eeaa492f5..000000000 --- a/changes/cpudetect +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features - - If you set the NumCPUs option to 0, Tor will try to detect how many - CPUs you have. This is the new default behavior. diff --git a/changes/dirvote_null_deref b/changes/dirvote_null_deref new file mode 100644 index 000000000..65dc519f5 --- /dev/null +++ b/changes/dirvote_null_deref @@ -0,0 +1,4 @@ + o Minor bugfixes: + - Fix a potential null-pointer dereference while computing a consensus. + Bugfix on tor-0.2.0.3-alpha, found with the help of clang's analyzer. + diff --git a/changes/enhancement1668 b/changes/enhancement1668 deleted file mode 100644 index 0d9f88fa0..000000000 --- a/changes/enhancement1668 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - Make logging resolution configurable and change default from 1 - millisecond to 1 second. Implements enhancement 1668. - diff --git a/changes/enhancement1819 b/changes/enhancement1819 deleted file mode 100644 index 9a3f2af2b..000000000 --- a/changes/enhancement1819 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - Relays that set "ConnDirectionStatistics 1" write statistics on the - birectional use of connections to disk every 24 hours. - diff --git a/changes/enhancement1883 b/changes/enhancement1883 deleted file mode 100644 index fe6bc1ab7..000000000 --- a/changes/enhancement1883 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - Add GeoIP file digest to extra-info descriptor. Implements - enhancement 1883. - diff --git a/changes/eventdns_routerinfo_key b/changes/eventdns_routerinfo_key deleted file mode 100644 index 46dcb52db..000000000 --- a/changes/eventdns_routerinfo_key +++ /dev/null @@ -1,4 +0,0 @@ - o Minor feature removals - - Removed old code to work around versions of Tor so old that they - used multiple forked processes to handle DNS requests. Such - versions of Tor are no longer in use as servers. diff --git a/changes/exit-policy-default-is-not-a-prefix b/changes/exit-policy-default-is-not-a-prefix new file mode 100644 index 000000000..6eb1e8df9 --- /dev/null +++ b/changes/exit-policy-default-is-not-a-prefix @@ -0,0 +1,5 @@ + o Minor bugfixes: + - Remove a trailing asterisk from "exit-policy/default" in the + output of the control port command "GETINFO info/names". Bugfix + on 0.1.2.5-alpha. + diff --git a/changes/feature1955 b/changes/feature1955 deleted file mode 100644 index 169b7fd8a..000000000 --- a/changes/feature1955 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (controller) - - Add a new SIGNAL event to the controller interface so that - controllers can be notified when Tor handles a signal. Resolves - issue 1955. Patch by John Brooks. diff --git a/changes/feature2841 b/changes/feature2841 new file mode 100644 index 000000000..c5da06153 --- /dev/null +++ b/changes/feature2841 @@ -0,0 +1,6 @@ + o Major features: + - Tor clients using bridges can now be configured to use a + separate 'transport' proxy for each bridge. This helps to resist + censorship by allowing bridges to use protocol obfuscation + plugins. It implements part of proposal 180. + diff --git a/changes/feature3049 b/changes/feature3049 new file mode 100644 index 000000000..7960a1f47 --- /dev/null +++ b/changes/feature3049 @@ -0,0 +1,6 @@ + o Major features: + - Add an __OwningControllerProcess configuration option and a + TAKEOWNERSHIP control-port command, so that a Tor controller can + ensure that when it exits, Tor will shut down. Implements + feature 3049. + diff --git a/changes/feature3076 b/changes/feature3076 new file mode 100644 index 000000000..a3dcec874 --- /dev/null +++ b/changes/feature3076 @@ -0,0 +1,14 @@ + o Minor features + - The options SocksPort, ControlPort, and so on now all accept an + optional value "auto" that opens a socket on an OS-selected port. + o Minor features (controller) + - GETINFO net/listeners/(type) now returns a list of the addresses + and ports that are bound for listeners for a given connection + type. This is useful for if the user has selected SocksPort + "auto", and you need to know which port got chosen. + - There is a ControlPortWriteToFile option that tells Tor to write + its actual control port or ports to a chosen file. If the option + ControlPortFileGroupReadable is set, the file is created as + group-readable. + + diff --git a/changes/feature3116 b/changes/feature3116 new file mode 100644 index 000000000..386790c29 --- /dev/null +++ b/changes/feature3116 @@ -0,0 +1,5 @@ + o Major features: + - While we're trying to bootstrap, record how many TLS connections + fail in each state, and report which states saw the most failures + in response to any bootstrap failures. This feature may speed up + diagnosis of censorship events. diff --git a/changes/feature3439 b/changes/feature3439 new file mode 100644 index 000000000..ee8c6f2ce --- /dev/null +++ b/changes/feature3439 @@ -0,0 +1,3 @@ + o Minor features: + - Add port 6523 (Gobby) to LongLivedPorts. Patch by intrigeri; + implements ticket 3439. diff --git a/changes/fix-connection_printf_to_buf b/changes/fix-connection_printf_to_buf new file mode 100644 index 000000000..e191eac8a --- /dev/null +++ b/changes/fix-connection_printf_to_buf @@ -0,0 +1,15 @@ + * Code simplifications and refactoring: + + - Make connection_printf_to_buf's behaviour sane. Its callers + expect it to emit a CRLF iff the format string ends with CRLF; + it actually emits a CRLF iff (a) the format string ends with + CRLF or (b) the resulting string is over 1023 characters long or + (c) the format string does not end with CRLF ''and'' the + resulting string is 1021 characters long or longer. Bugfix on + 0.1.1.9-alpha; fixes part of bug 3407. + + - Make send_control_event_impl's behaviour sane. Its callers + expect it to always emit a CRLF at the end of the string; it + might emit extra control characters as well. Bugfix on + 0.1.1.9-alpha; fixes another part of bug 3407. + diff --git a/changes/fix2195-fix b/changes/fix2195-fix deleted file mode 100644 index 9f03c2465..000000000 --- a/changes/fix2195-fix +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes: - - Do not dereference NULL if a bridge fails to build its - extra-info descriptor. Previously, we would have dereferenced - NULL. Found by an anonymous commenter on Trac. Bugfix on - 0.2.2.19-alpha. - diff --git a/changes/geoip-dec2010 b/changes/geoip-dec2010 deleted file mode 100644 index d6247cee6..000000000 --- a/changes/geoip-dec2010 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update to the December 1 2010 Maxmind GeoLite Country database. - diff --git a/changes/geoip-july2011 b/changes/geoip-july2011 new file mode 100644 index 000000000..7a9f119be --- /dev/null +++ b/changes/geoip-july2011 @@ -0,0 +1,3 @@ + o Minor features: + - Update to the July 1 2011 Maxmind GeoLite Country database. + diff --git a/changes/geoip-june2011 b/changes/geoip-june2011 new file mode 100644 index 000000000..8cf011b72 --- /dev/null +++ b/changes/geoip-june2011 @@ -0,0 +1,3 @@ + o Minor features: + - Update to the June 1 2011 Maxmind GeoLite Country database. + diff --git a/changes/geoip-may2011 b/changes/geoip-may2011 new file mode 100644 index 000000000..c908f24b4 --- /dev/null +++ b/changes/geoip-may2011 @@ -0,0 +1,3 @@ + o Minor features: + - Update to the May 1 2011 Maxmind GeoLite Country database. + diff --git a/changes/md_cache_replace b/changes/md_cache_replace new file mode 100644 index 000000000..88e029c00 --- /dev/null +++ b/changes/md_cache_replace @@ -0,0 +1,6 @@ + o Minor bugfixes + - Avoid a bug that would keep us from replacing a microdescriptor + cache on Windows. (We would try to replace the file while still + holding it open. That's fine on Unix, but Windows doesn't let us + do that.) Bugfix on 0.2.2.6-alpha; bug found by wanoskarnet. + diff --git a/changes/mdesc_null_deref b/changes/mdesc_null_deref new file mode 100644 index 000000000..30f028053 --- /dev/null +++ b/changes/mdesc_null_deref @@ -0,0 +1,5 @@ + o Minor bugfixes: + - Avoid a possible null-pointer dereference when rebuilding the mdesc + cache without actually having any descriptors to cache. Bugfix on + 0.2.2.6-alpha. Issue discovered using clang's static analyzer. + diff --git a/changes/memleak_rendcache b/changes/memleak_rendcache new file mode 100644 index 000000000..93b1f6141 --- /dev/null +++ b/changes/memleak_rendcache @@ -0,0 +1,4 @@ + o Minor bugfixes: + - Fix a memory leak when receiving a descriptor for a hidden + service we didn't ask for. Found by Coverity; CID#30. Bugfix on + 0.2.2.26-beta. diff --git a/changes/microdesc_dl b/changes/microdesc_dl deleted file mode 100644 index aca634c13..000000000 --- a/changes/microdesc_dl +++ /dev/null @@ -1,4 +0,0 @@ - o Major features: - - Caches now download and cache all the consensus flavors that - they know about. This allows them to assess which microdescriptors - they need to fetch. diff --git a/changes/microdesc_use b/changes/microdesc_use new file mode 100644 index 000000000..89faf7c5f --- /dev/null +++ b/changes/microdesc_use @@ -0,0 +1,10 @@ + o Major features + - Clients can now use microdescriptors instead of regular descriptors + to build circuits. Microdescriptors are authority-generated and + -authenticated summaries of regular descriptors' contents, designed + to change very rarely. This feature is designed to save bandwidth, + especially for clients on slow internet connections. It's off + by default for now, since nearly no caches support it, but it will + be on-by-default for clients in a future version. You can use the + UseMicrodescriptors option to turn it on. + diff --git a/changes/mingw-openssl098m b/changes/mingw-openssl098m deleted file mode 100644 index b4199760b..000000000 --- a/changes/mingw-openssl098m +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features - - Build correctly on mingw with more recent version of OpenSSL 0.9.8. - Patch from mingw-san. diff --git a/changes/nodelist b/changes/nodelist deleted file mode 100644 index 033a6c10f..000000000 --- a/changes/nodelist +++ /dev/null @@ -1,10 +0,0 @@ - o Code refactorings - - Unified our node-listing and selecting logic. We had at least - two major ways to look at the question of "which Tor servers do - we know about": our list of router descriptors, and the current - consensus. We're adding a third in microdescriptors. Having - so many systems without an abstraction layer over them was - hurting the codebase. Now, we have a new "node_t" abstraction - that presents a consistent interface to a client's view of - a Tor node, and holds (nearly) all of the mutable state - formerly in routerinfo_t and routerstatus_t. diff --git a/changes/prefer_tt_assert b/changes/prefer_tt_assert new file mode 100644 index 000000000..4fdb6367f --- /dev/null +++ b/changes/prefer_tt_assert @@ -0,0 +1,4 @@ + o Code simplifications and refactoring (tests): + - Use tt_assert, not tor_assert, for checking for test failures. + This makes the unit tests more able to go on in the event that + one of them fails. diff --git a/changes/remove-website b/changes/remove-website deleted file mode 100644 index ecbfbf9bc..000000000 --- a/changes/remove-website +++ /dev/null @@ -1,5 +0,0 @@ - o Removed files: - - Stop shipping the old doc/website/ directory in the tarball. We - changed the website format in late 2010, and what we shipped in - 0.2.1.26 really wasn't that useful anyway. - diff --git a/changes/split_about_to_close b/changes/split_about_to_close new file mode 100644 index 000000000..2f5a67940 --- /dev/null +++ b/changes/split_about_to_close @@ -0,0 +1,3 @@ + o Code simplification and refactoring: + - Split connection_about_to_close into separate functions for each + connection type. diff --git a/changes/task2196 b/changes/task2196 deleted file mode 100644 index e629fccac..000000000 --- a/changes/task2196 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features: - - Report only the top 10 ports in exit-port stats in order not to - exceed the maximum extra-info descriptor length of 50 KB. Implements - task 2196. - diff --git a/changes/tor-fw-helper b/changes/tor-fw-helper deleted file mode 100644 index f87d828b8..000000000 --- a/changes/tor-fw-helper +++ /dev/null @@ -1,14 +0,0 @@ - o Major features: - - Tor now has the ability to wrangle NAT devices like a good network cowbot - with the tor-fw-helper tool. The tor-fw-helper tool supports Apple's - NAT-PMP protocol and the UPnP standard for TCP port mapping. This - optional tool may be enabled at compile time by configuring with - '--enable-upnp' or '--enable-natpmp' or with both. This tool may be - called by hand or by Tor. By configuring the PortForwarding option, Tor - will launch the helper on a regular basis to ensure that the NAT mapping - is regularly updated. Additionally, a user may also specify an - alternative helper by using the PortForwardingHelper option. The helper - may be specified by name or with the full path to the helper. The default - helper is named 'tor-fw-helper' and any alternative helper must take the - tor-fw-helper-spec.txt into account. - |