diff options
Diffstat (limited to 'changes')
144 files changed, 459 insertions, 333 deletions
diff --git a/changes/6783_big_hammer b/changes/6783_big_hammer new file mode 100644 index 000000000..2ff3249b3 --- /dev/null +++ b/changes/6783_big_hammer @@ -0,0 +1,6 @@ + o Major features (deprecation): + - There's now a "DisableV2DirectoryInfo_" option that prevents us + from serving any directory requests for v2 directory information. + This is for us to test disabling the old deprecated V2 directory + format, so that we can see whether doing so has any effect on + network load. Part of a fix for bug 6783. diff --git a/changes/bug1992 b/changes/bug1992 new file mode 100644 index 000000000..6a751dc7e --- /dev/null +++ b/changes/bug1992 @@ -0,0 +1,11 @@ + o Minor bugfixes: + - Stop trying to resolve our hostname so often (e.g. every time we + think about doing a directory fetch). Now we reuse the cached + answer in some cases. Fixes bugs 1992 (bugfix on 0.2.0.20-rc) + and 2410 (bugfix on 0.1.2.2-alpha). + + o Minor features: + - Make bridge relays check once a minute for whether their IP + address has changed, rather than only every 15 minutes. Resolves + bugs 1913 and 1992. + diff --git a/changes/bug2286 b/changes/bug2286 new file mode 100644 index 000000000..4f8dfbbf6 --- /dev/null +++ b/changes/bug2286 @@ -0,0 +1,5 @@ + o Major features (directory authority): + - Directory authorities now support a new consensus method (17) + where they cap the published bandwidth of servers for which + insufficient bandwidth measurements exist. Fixes part of bug + 2286. diff --git a/changes/bug5595 b/changes/bug5595 new file mode 100644 index 000000000..31f4b84b0 --- /dev/null +++ b/changes/bug5595 @@ -0,0 +1,8 @@ + o Critical bugfixes: + - Distinguish downloading an authority certificate by identity digest from + downloading one by identity digest/signing key digest pair; formerly we + always request them only by identity digest and get the newest one even + when we wanted one with a different signing key. Then we would complain + about being given a certificate we already had, and never get the one we + really wanted. Now we use the "fp-sk/" resource as well as the "fp/" + resource to request the one we want. Fixes bug 5595. diff --git a/changes/bug6024 b/changes/bug6024 deleted file mode 100644 index 743e6ef1f..000000000 --- a/changes/bug6024 +++ /dev/null @@ -1,2 +0,0 @@ - o Documentation fixes: - - Clarify that hidden services are TCP only. Fixes bug 6024. diff --git a/changes/bug6026 b/changes/bug6026 new file mode 100644 index 000000000..de5d6ead0 --- /dev/null +++ b/changes/bug6026 @@ -0,0 +1,4 @@ + o Minor bugfixes: + - Relays now treat a changed IPv6 ORPort as sufficient reason to + publish an updated descriptor. Fix for bug 6026; bugfix for + 0.2.4.1-alpha. diff --git a/changes/bug6043 b/changes/bug6043 deleted file mode 100644 index b88bafb78..000000000 --- a/changes/bug6043 +++ /dev/null @@ -1,6 +0,0 @@ - o Packaging (RPM): - - Our default RPM spec files have been updated to work with mock - and rpmbuild on RHEL/Fedora. They have an updated set of - dependencies and conflicts, a fix for an ancient typo when creating - the "_tor" user, and better instructions. Thanks to Ondrej - Mikle for the patch series; fix for bug 6043. diff --git a/changes/bug6174 b/changes/bug6174 new file mode 100644 index 000000000..79d2930ec --- /dev/null +++ b/changes/bug6174 @@ -0,0 +1,6 @@ + o Major bugfixes: + - When we mark a circuit as unusable for new circuits, have it + continue to be unusable for new circuits even if MaxCircuitDirtiness + is increased too much at the wrong time, or the system clock jumped + backwards. Fix for bug 6174; bugfix on 0.0.2pre26. + diff --git a/changes/bug6206 b/changes/bug6206 new file mode 100644 index 000000000..61a16d291 --- /dev/null +++ b/changes/bug6206 @@ -0,0 +1,6 @@ + o Minor bugfixes: + - Always check the return values of functions fcntl() and + setsockopt(). We don't believe these are ever actually failing in + practice, but better safe than sorry. Also, checking these return + values should please some analysis tools (like Coverity). Patch + from 'flupzor'. Fix for bug 8206; bugfix on all versions of Tor. diff --git a/changes/bug6218 b/changes/bug6218 deleted file mode 100644 index 5d5d108b0..000000000 --- a/changes/bug6218 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes: - - Fix wrong TCP port range in parse_port_range(). Fixes bug 6218; - bugfix on 0.2.1.10-alpha. diff --git a/changes/bug6244_part_c b/changes/bug6244_part_c deleted file mode 100644 index dea6e7b69..000000000 --- a/changes/bug6244_part_c +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfixes (controller): - - Make wildcarded addresses (that is, ones beginning with *.) work when - provided via the controller's MapAddress command. Previously, they - were accepted, but we never actually noticed that they were wildcards. - Fix for bug 6244; bugfix on 0.2.3.9-alpha. - diff --git a/changes/bug6251 b/changes/bug6251 deleted file mode 100644 index c782a93e4..000000000 --- a/changes/bug6251 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes: - - Downgrade "set buildtimeout to low value" messages to INFO - severity; they were never an actual problem, there was never - anything reasonable to do about them, and they tended to spam - logs from time to time. Fix for bug 6251; bugfix on - 0.2.2.2-alpha.
\ No newline at end of file diff --git a/changes/bug6252_again b/changes/bug6252_again deleted file mode 100644 index f7fd00cb3..000000000 --- a/changes/bug6252_again +++ /dev/null @@ -1,11 +0,0 @@ - o Security fixes: - - Tear down the circuit if we get an unexpected SENDME cell. Clients - could use this trick to make their circuits receive cells faster - than our flow control would have allowed, or to gum up the network, - or possibly to do targeted memory denial-of-service attacks on - entry nodes. Fixes bug 6252. Bugfix on the 54th commit on Tor -- - from July 2002, before the release of Tor 0.0.0. We had committed - this patch previously, but we had to revert it because of bug 6271. - Now that 6271 is fixed, this appears to work. - - diff --git a/changes/bug6271 b/changes/bug6271 deleted file mode 100644 index 06b129f73..000000000 --- a/changes/bug6271 +++ /dev/null @@ -1,7 +0,0 @@ - o Major bugfixes - - - Fix a bug handling SENDME cells on nonexistent streams that - could result in bizarre window values. Report and patch - contributed pseudymously. Fixes part of bug 6271. This bug - was introduced before the first Tor release, in svn commit - r152. diff --git a/changes/bug6274 b/changes/bug6274 deleted file mode 100644 index ad1abcde5..000000000 --- a/changes/bug6274 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes: - - Ignore ServerTransportPlugin lines when Tor is not configured as - a relay. Fixes bug 6274; bugfix on 0.2.3.6-alpha. diff --git a/changes/bug6274_2 b/changes/bug6274_2 deleted file mode 100644 index 89576f932..000000000 --- a/changes/bug6274_2 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Terminate active server managed proxies if Tor stops being a - relay. Addresses parts of bug 6274; bugfix on 0.2.3.6-alpha. diff --git a/changes/bug6296 b/changes/bug6296 deleted file mode 100644 index b452b1745..000000000 --- a/changes/bug6296 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes: - - - Instead of ENOBUFS on Windows, say WSAENOBUFS. Fixes - compilation on Windows. Fixes bug 6296; bugfix on 0.2.3.18-rc. diff --git a/changes/bug6304 b/changes/bug6304 new file mode 100644 index 000000000..445560a8e --- /dev/null +++ b/changes/bug6304 @@ -0,0 +1,4 @@ + o Minor bugfixes: + - Behave correctly when the user disables LearnCircuitBuildTimeout + but doesn't tell us what they would like the timeout to be. Fixes + bug 6304; bugfix on 0.2.2.14-alpha. diff --git a/changes/bug6341 b/changes/bug6341 deleted file mode 100644 index 04e52c7cd..000000000 --- a/changes/bug6341 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes: - - Fix a possible crash bug when checking for deactivated circuits - in connection_or_flush_from_first_active_circuit(). Fixes bug - 6341; bugfix on 0.2.2.7-alpha. Bug report and fix received - pseudonymously. diff --git a/changes/bug6377 b/changes/bug6377 deleted file mode 100644 index a3a367278..000000000 --- a/changes/bug6377 +++ /dev/null @@ -1,4 +0,0 @@ - o Testing: - - Make it possible to set the TestingTorNetwork configuration - option using AlternateDirAuthority and AlternateBridgeAuthority - as an alternative to setting DirServer. diff --git a/changes/bug6379 b/changes/bug6379 deleted file mode 100644 index 1f2b6941c..000000000 --- a/changes/bug6379 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes: - - Fix build warnings from --enable-openbsd-malloc with gcc warnings - enabled. Fixes bug 6379. - - Fix 64-bit warnings from --enable-openbsd-malloc. Fixes bug 6379. - Bugfix on 0.2.0.20-rc. - diff --git a/changes/bug6387 b/changes/bug6387 deleted file mode 100644 index 73fc4f7cf..000000000 --- a/changes/bug6387 +++ /dev/null @@ -1,3 +0,0 @@ - o Documentation: - - Clarify the documentation for the Alternate*Authority options. - Fixes bug 6387. diff --git a/changes/bug6397 b/changes/bug6397 deleted file mode 100644 index 23d8359bd..000000000 --- a/changes/bug6397 +++ /dev/null @@ -1,4 +0,0 @@ - o Major bugfixes: - - When disabling guards for having too high a proportion of failed - circuits, make sure to look at each guard. Fix for bug 6397; bugfix - on 0.2.3.17-beta. diff --git a/changes/bug6404 b/changes/bug6404 deleted file mode 100644 index 948f00b92..000000000 --- a/changes/bug6404 +++ /dev/null @@ -1,16 +0,0 @@ - o Minor bugfixes: - - - Remove the maximum length of microdescriptor we are willing to - generate. Occasionally this is needed for routers - with complex policies or family declarations. Partial fix for - bug 6404; fix on 0.2.2.6-alpha. - - - Authorities no longer include any router in their - microdescriptor consensuses for which they couldn't generate or - agree on a microdescriptor. Partial fix for bug 6404; fix on - 0.2.2.6-alpha. - - - Move log message when unable to find a microdesc in a - routerstatus entry to parse time. Previously we'd spam this - warning every time we tried to figure out which microdescriptors - to download. Partial fix for bug 6404; fix on 0.2.3.18-rc. diff --git a/changes/bug6423 b/changes/bug6423 deleted file mode 100644 index 2ea4f1410..000000000 --- a/changes/bug6423 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Consider new, removed or changed IPv6 OR ports a non cosmetic - change. diff --git a/changes/bug6436 b/changes/bug6436 deleted file mode 100644 index 2c163df10..000000000 --- a/changes/bug6436 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Provide a better error message about possible OSX Asciidoc failure - reasons. Fix for bug 6436. diff --git a/changes/bug6472 b/changes/bug6472 deleted file mode 100644 index dcd42ebe6..000000000 --- a/changes/bug6472 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes: - - Avoid a pair of double-free and use-after-mark bugs that can - occur with certain timings in canceled and re-received DNS - requests. Fix for bug 6472; bugfix on 0.0.7rc1. diff --git a/changes/bug6475 b/changes/bug6475 deleted file mode 100644 index 67bab9962..000000000 --- a/changes/bug6475 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes: - - Add internal circuit construction state to protect against - the noisy warn message "Unexpectedly high circuit_successes". - Also add some additional rate-limited notice messages to help - determine the root cause of the warn. Fixes bug 6475. - Bugfix against 0.2.3.17-beta. diff --git a/changes/bug6480 b/changes/bug6480 deleted file mode 100644 index 83ae00b25..000000000 --- a/changes/bug6480 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes: - - Avoid read-from-freed-RAM bug and related double-free bug that - could occur when a DNS request fails while launching it. Fixes - bug 6480; bugfix on 0.2.0.1-alpha. - diff --git a/changes/bug6490 b/changes/bug6490 deleted file mode 100644 index c92daad8f..000000000 --- a/changes/bug6490 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - Warn when Tor is configured to use accounting in a way that will - link a hidden service to some other hidden service or public - address. Fix for bug 6490. diff --git a/changes/bug6500 b/changes/bug6500 deleted file mode 100644 index cac2054a3..000000000 --- a/changes/bug6500 +++ /dev/null @@ -1,2 +0,0 @@ - o Minor bugfixes: - - Fix some typos in the manpages. Patch from A. Costa. Fixes bug 6500. diff --git a/changes/bug6507 b/changes/bug6507 deleted file mode 100644 index 89940cbf7..000000000 --- a/changes/bug6507 +++ /dev/null @@ -1,15 +0,0 @@ - o Major bugfixes: - - Detect 'ORPort 0' as meaning, uniformly, that we're not running - as a server. Previously, some of our code would treat the - presence of any ORPort line as meaning that we should act like a - server, even though our new listener code would correctly not - open any ORPorts for ORPort 0. Similar bugs in other Port - options are also fixed. Fixes bug 6507; bugfix on 0.2.3.3-alpha. - - o Minor features: - - - Detect and reject attempts to specify both 'FooPort' and - 'FooPort 0' in the same configuration domain. (It's still okay - to have a FooPort in your configuration file,and use 'FooPort 0' - on the command line to disable it.) Fixes another case of - bug6507; bugfix on 0.2.3.3-alpha. diff --git a/changes/bug6514 b/changes/bug6514 deleted file mode 100644 index 84633bd27..000000000 --- a/changes/bug6514 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - Add a (probably redundant) memory clear between iterations of - the router status voting loop, to prevent future coding errors - where data might leak between iterations of the loop. Resolves - ticket 6514. diff --git a/changes/bug6530 b/changes/bug6530 deleted file mode 100644 index 825bbb752..000000000 --- a/changes/bug6530 +++ /dev/null @@ -1,5 +0,0 @@ - o Major security fixes: - - Avoid a read of uninitializd RAM when reading a vote or consensus - document with an unrecognized flavor name. This could lead to a - remote crash bug. Fixes bug 6530; bugfix on 0.2.2.6-alpha. - diff --git a/changes/bug6572 b/changes/bug6572 new file mode 100644 index 000000000..6508d1bcb --- /dev/null +++ b/changes/bug6572 @@ -0,0 +1,4 @@ + o Minor bugfixes (log messages) + - Use circuit creation time for network liveness evaluation. This + should eliminate warning log messages about liveness caused by + changes in timeout evaluation. Fixes bug 6572; bugfix on 0.2.4.8-alpha. diff --git a/changes/bug6673 b/changes/bug6673 new file mode 100644 index 000000000..506b44989 --- /dev/null +++ b/changes/bug6673 @@ -0,0 +1,4 @@ + o Minor features (build): + - Detect and reject attempts to build Tor with threading support + when OpenSSL have been compiled with threading support disabled. + Fixes bug 6673. diff --git a/changes/bug6690 b/changes/bug6690 deleted file mode 100644 index 99d42976e..000000000 --- a/changes/bug6690 +++ /dev/null @@ -1,7 +0,0 @@ - o Major bugfixes (security): - - Do not crash when comparing an address with port value 0 to an - address policy. This bug could have been used to cause a remote - assertion failure by or against directory authorities, or to - allow some applications to crash clients. Fixes bug 6690; bugfix - on 0.2.1.10-alpha. - diff --git a/changes/bug6710 b/changes/bug6710 deleted file mode 100644 index 2c8934611..000000000 --- a/changes/bug6710 +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfixes (security): - - Reject any attempt to extend to an internal address. Without - this fix, a router could be used to probe addresses on an - internal network to see whether they were accepting - connections. Fix for bug 6710; bugfix on 0.0.8pre1. - diff --git a/changes/bug6732 b/changes/bug6732 deleted file mode 100644 index 7a744e014..000000000 --- a/changes/bug6732 +++ /dev/null @@ -1,3 +0,0 @@ - o Documentation: - - Add missing documentation for consensus and microdesc files. Fix for - bug 6732. diff --git a/changes/bug6743 b/changes/bug6743 deleted file mode 100644 index 6ec78f853..000000000 --- a/changes/bug6743 +++ /dev/null @@ -1,9 +0,0 @@ - o Minor bugfixes: - - Allow one-hop directory fetching circuits the full "circuit build - timeout" period, rather than just half of it, before failing them - and marking the relay down. This fix should help reduce cases where - clients declare relays (or worse, bridges) unreachable because - the TLS handshake takes a few seconds to complete. Fixes bug 6743; - bugfix on 0.2.2.2-alpha, where we changed the timeout from a static - 30 seconds. - diff --git a/changes/bug6774 b/changes/bug6774 deleted file mode 100644 index 0c137fd67..000000000 --- a/changes/bug6774 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes: - - Avoid crashing on a malformed state file where EntryGuardPathBias - precedes EntryGuard. Fix for bug 6774; bugfix on 0.2.3.17-beta. - diff --git a/changes/bug6801 b/changes/bug6801 deleted file mode 100644 index ef21acc98..000000000 --- a/changes/bug6801 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - Avoid segfault when starting up having run with an extremely old - version of Tor and parsing its state file. Fixes bug 6801; bugfix on - 0.2.2.23-alpha. - diff --git a/changes/bug6811 b/changes/bug6811 deleted file mode 100644 index 841ec1c54..000000000 --- a/changes/bug6811 +++ /dev/null @@ -1,5 +0,0 @@ - o Major security fixes: - - Fix an assertion failure in tor_timegm that could be triggered - by a badly formatted directory object. Bug found by fuzzing with - Radamsa. Fixes bug 6811; bugfix on 0.2.0.20-rc. - diff --git a/changes/bug6827 b/changes/bug6827 deleted file mode 100644 index bf71d2b97..000000000 --- a/changes/bug6827 +++ /dev/null @@ -1,9 +0,0 @@ - o Minor bugfixes: - - - Avoid undefined behaviour when parsing the list of supported - rendezvous/introduction protocols in a hidden service - descriptor. Previously, Tor would have confused (as-yet-unused) - protocol version numbers greater than 32 with lower ones on many - platforms. Fixes bug 6827; bugfix on 0.2.0.10-alpha; found by - George Kadianakis. - diff --git a/changes/bug6844 b/changes/bug6844 deleted file mode 100644 index 338e19d9a..000000000 --- a/changes/bug6844 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes: - - Correct file sizes when reading binary files on - Cygwin, to avoid a bug where Tor would fail to read its state file. - Fixes bug 6844; bugfix on 0.1.2.7-alpha. diff --git a/changes/bug6866 b/changes/bug6866 deleted file mode 100644 index 561676b76..000000000 --- a/changes/bug6866 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes: - - Convert an assert in the pathbias code to a log message. Assert - appears to only be triggerable by Tor2Web mode. Fixes bug 6866; - bugfix on 0.2.3.17-beta. diff --git a/changes/bug7014 b/changes/bug7014 deleted file mode 100644 index 1d39103a5..000000000 --- a/changes/bug7014 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - Fix two cases in src/or/transports.c where we were calling - fmt_addr() twice in a parameter list. Bug found by David - Fifield. Fixes bug 7014; bugfix on 0.2.3.9-alpha. - diff --git a/changes/bug7022 b/changes/bug7022 deleted file mode 100644 index 10ac35472..000000000 --- a/changes/bug7022 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes: - - Fix memory leaks whenever we logged any message about the "path - bias" detection. Fixes bug 7022; bugfix on 0.2.3.21-rc. diff --git a/changes/bug7037 b/changes/bug7037 deleted file mode 100644 index fc3a1ad1c..000000000 --- a/changes/bug7037 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes: - - When relays refuse a "create" cell because their queue of pending - create cells is too big (typically because their cpu can't keep up - with the arrival rate), send back reason "resource limit" rather - than reason "internal", so network measurement scripts can get a - more accurate picture. Bugfix on 0.1.1.11-alpha; fixes bug 7037. diff --git a/changes/bug7054 b/changes/bug7054 new file mode 100644 index 000000000..15680d72c --- /dev/null +++ b/changes/bug7054 @@ -0,0 +1,4 @@ + o Minor bugfixes (man page): + - Say "KBytes" rather than "KB" in the man page (for various values + of K), to further reduce confusion about whether Tor counts in + units of memory or fractions of units of memory. Fixes bug 7054. diff --git a/changes/bug7065 b/changes/bug7065 new file mode 100644 index 000000000..1ca684102 --- /dev/null +++ b/changes/bug7065 @@ -0,0 +1,5 @@ + o Minor bugfix (log cleanups): + - Eliminate several instances where we use Nickname=ID to refer to + nodes in logs. Use Nickname (ID) instead. (Elsewhere, we still use + $ID=Nickname, which is also acceptable.) Fixes bug #7065. Bugfix + on 0.2.3.21-rc, 0.2.4.5-alpha, 0.2.4.8-alpha, and 0.2.4.10-alpha. diff --git a/changes/bug7139 b/changes/bug7139 deleted file mode 100644 index dfb7d3283..000000000 --- a/changes/bug7139 +++ /dev/null @@ -1,9 +0,0 @@ - o Major bugfixes (security): - - - Disable TLS session tickets. OpenSSL's implementation were giving - our TLS session keys the lifetime of our TLS context objects, when - perfect forward secrecy would want us to discard anything that - could decrypt a link connection as soon as the link connection was - closed. Fixes bug 7139; bugfix on all versions of Tor linked - against OpenSSL 1.0.0 or later. Found by "nextgens". - diff --git a/changes/bug7143 b/changes/bug7143 new file mode 100644 index 000000000..d26135ae6 --- /dev/null +++ b/changes/bug7143 @@ -0,0 +1,4 @@ + o Minor bugfixes (build): + - Add the old src/or/micro-revision.i filename to CLEANFILES. + On the off chance that somebody has one, it will go away as soon + as they run "make clean". Fix for bug 7143; bugfix on 0.2.4.1-alpha. diff --git a/changes/bug7164_diagnostic b/changes/bug7164_diagnostic new file mode 100644 index 000000000..8bedfc4bd --- /dev/null +++ b/changes/bug7164_diagnostic @@ -0,0 +1,4 @@ + o Minor features (bug diagnostic): + - If we fail to free a microdescriptor because of bug #7164, log + the filename and line number from which we tried to free it. + This should help us finally fix #7164. diff --git a/changes/bug7190 b/changes/bug7190 deleted file mode 100644 index 1607f7944..000000000 --- a/changes/bug7190 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes: - - Clients now consider the ClientRejectInternalAddresses config option - when using a microdescriptor consensus stanza to decide whether - an exit relay would allow exiting to an internal address. Fixes - bug 7190; bugfix on 0.2.3.1-alpha. - diff --git a/changes/bug7191 b/changes/bug7191 deleted file mode 100644 index a3bee6e5f..000000000 --- a/changes/bug7191 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes: - - Fix a denial of service attack by which any directory authority - could crash all the others, or by which a single v2 directory - authority could crash everybody downloading v2 directory - information. Fixes bug 7191; bugfix on 0.2.0.10-alpha. diff --git a/changes/bug7192 b/changes/bug7192 deleted file mode 100644 index 10cbc2469..000000000 --- a/changes/bug7192 +++ /dev/null @@ -1,10 +0,0 @@ - o Major bugfixes: - - When parsing exit policy summaries from microdescriptors, we had - previously been ignoring the last character in each one, so that - "accept 80,443,8080" would be treated by clients as indicating a - node that allows access to ports 80, 443, and 808. That would lead - to clients attempting connections that could never work, and - ignoring exit nodes that would support their connections. Now clients - parse these exit policy summaries correctly. Fixes bug 7192; - bugfix on 0.2.3.1-alpha. - diff --git a/changes/bug7280 b/changes/bug7280 new file mode 100644 index 000000000..ef5d36a80 --- /dev/null +++ b/changes/bug7280 @@ -0,0 +1,4 @@ + o Minor bugfixes: + - Fix some bugs in tor-fw-helper-natpmp when trying to build and + run it on Windows. More bugs likely remain. Patch from Gisle Vanem. + Fixes bug 7280; bugfix on 0.2.3.1-alpha. diff --git a/changes/bug7302 b/changes/bug7302 new file mode 100644 index 000000000..fec615ff9 --- /dev/null +++ b/changes/bug7302 @@ -0,0 +1,11 @@ + o Minor bugfixes: + - Don't log inappropriate heartbeat messages when hibernating: a + hibernating node is _expected_ to drop out of the consensus, + decide it isn't bootstrapped, and so forth. Fixes part of bug + 7302; bugfix on 0.2.3.1-alpha. + + - Don't complain about bootstrapping problems while hibernating. + These complaints reflect a general code problems, but not one + with any problematic effects. (No connections are actually + opened.) Fixes part of bug 7302; bugfix on 0.2.3.2-alpha. + diff --git a/changes/bug7350 b/changes/bug7350 new file mode 100644 index 000000000..b0ee9d091 --- /dev/null +++ b/changes/bug7350 @@ -0,0 +1,4 @@ + o Major bugfixes: + - Avoid an assertion when we discover that we'd like to write a cell + onto a closing connection: just discard the cell. Fixes another + case of bug 7350; bugfix on 0.2.4.4-alpha. diff --git a/changes/bug7352 b/changes/bug7352 deleted file mode 100644 index 74a878dbe..000000000 --- a/changes/bug7352 +++ /dev/null @@ -1,12 +0,0 @@ - o Major bugfixes: - - Tor tries to wipe potentially sensitive data after using it, so - that if some subsequent security failure exposes Tor's memory, - the damage will be limited. But we had a bug where the compiler - was eliminating these wipe operations when it decided that the - memory was no longer visible to a (correctly running) program, - hence defeating our attempt at defense in depth. We fix that - by using OpenSSL's OPENSSL_cleanse() operation, which a compiler - is unlikely to optimize away. Future versions of Tor may use - a less ridiculously heavy approach for this. Fixes bug 7352. - Reported in an article by Andrey Karpov. - diff --git a/changes/bug7464 b/changes/bug7464 deleted file mode 100644 index 9259cc74a..000000000 --- a/changes/bug7464 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes: - - Fix a harmless bug when opting against publishing a relay descriptor - because DisableNetwork is set. Fixes bug 7464; bugfix on - 0.2.3.9-alpha. diff --git a/changes/bug7582 b/changes/bug7582 new file mode 100644 index 000000000..f3b063576 --- /dev/null +++ b/changes/bug7582 @@ -0,0 +1,9 @@ + o Major bugfixes: + + - When an exit node tells us that it is rejecting because of its + exit policy a stream we expected it to accept (because of its exit + policy), do not mark the node as useless for exiting if our + expectation was only based on an exit policy summary. Instead, + mark the circuit as unsuitable for that particular address. Fixes + part of bug 7582; bugfix on 0.2.3.2-alpha. + diff --git a/changes/bug7707_diagnostic b/changes/bug7707_diagnostic new file mode 100644 index 000000000..0c3138e78 --- /dev/null +++ b/changes/bug7707_diagnostic @@ -0,0 +1,5 @@ + o Minor features: + - Add another diagnostic to the heartbeat message: track and log + overhead that TLS is adding to the data we write. If this is + high, we are sending too little data to SSL_write at a time. + Diagnostic for bug 7707. diff --git a/changes/bug7768 b/changes/bug7768 new file mode 100644 index 000000000..e3f9600af --- /dev/null +++ b/changes/bug7768 @@ -0,0 +1,3 @@ + o Documentation fixes: + - Update tor-fw-helper.1.txt and tor-fw-helper.c to make option + names match. Fixes bug 7768. diff --git a/changes/bug7799 b/changes/bug7799 new file mode 100644 index 000000000..ed4570129 --- /dev/null +++ b/changes/bug7799 @@ -0,0 +1,7 @@ + o Minor changes (log clarification) + - Add more detail to a log message about relaxed timeouts. Hopefully + this additional detail will allow us to diagnose the cause of bug 7799. + o Minor bugfixes + - Don't attempt to relax the timeout of already opened 1-hop circuits. + They might never timeout. This should eliminate some/all cases of + the relaxed timeout log message. diff --git a/changes/bug7801 b/changes/bug7801 new file mode 100644 index 000000000..1d6d021f3 --- /dev/null +++ b/changes/bug7801 @@ -0,0 +1,13 @@ + o Minor bugfixes: + - When choosing which stream on a formerly stalled circuit to wake + first, make better use of the platform's weak RNG. Previously, we + had been using the % ("modulo") operator to try to generate a 1/N + chance of picking each stream, but this behaves badly with many + platforms' choice of weak RNG. Fix for bug 7801; bugfix on + 0.2.2.20-alpha. + - Use our own weak RNG when we need a weak RNG. Windows's rand() + and Irix's random() only return 15 bits; Solaris's random() + returns more bits but its RAND_MAX says it only returns 15, and + so on. Fixes another aspect of bug 7801; bugfix on + 0.2.2.20-alpha. + diff --git a/changes/bug7816.024 b/changes/bug7816.024 new file mode 100644 index 000000000..b5d55f5d6 --- /dev/null +++ b/changes/bug7816.024 @@ -0,0 +1,8 @@ + o Minor bugfixes: + - Avoid leaking IPv6 policy content if we fail to format it into + a router descriptor. Spotted by Coverity. Fixes part of 7816; + bugfix on 0.2.4.7-alpha. + + - Avoid leaking memory if we fail to compute a consensus signature + or we generated a consensus we couldn't parse. Spotted by Coverity. + Fixes part of 7816; bugfix on 0.2.0.5-alpha. diff --git a/changes/bug7816_023 b/changes/bug7816_023 new file mode 100644 index 000000000..a4530292c --- /dev/null +++ b/changes/bug7816_023 @@ -0,0 +1,7 @@ + o Minor bugfixes (memory leak, controller): + - Fix a memory leak during safe-cookie controller authentication. + Spotted by Coverity. Fixes part of bug 7816; bugfix on 0.2.3.13-alpha. + + o Minor bugfixes (memory leak, HTTPS proxy support): + - Fix a memory leak when receiving headers from an HTTPS proxy. + Spotted by Coverity. Fixes part of bug 7816; bugfix on 0.2.1.1-alpha. diff --git a/changes/bug7816_023_small b/changes/bug7816_023_small new file mode 100644 index 000000000..cd90f035f --- /dev/null +++ b/changes/bug7816_023_small @@ -0,0 +1,3 @@ + o Minor bugfixes: + - Fix various places where we leak file descriptors or memory on + error cases. Spotted by coverity. Fixes parts of bug 7816. diff --git a/changes/bug7889 b/changes/bug7889 deleted file mode 100644 index ce99a59ce..000000000 --- a/changes/bug7889 +++ /dev/null @@ -1,8 +0,0 @@ - o Major bugfixes: - - Reject bogus create and relay cells with 0 circuit ID or 0 stream - ID: these could be used to create unexpected streams and circuits - which would count as "present" to some parts of Tor but "absent" - to others, leading to zombie circuits and streams or to a - bandwidth DOS. Fixes bug 7889; bugfix on every released version of - Tor. Reported by "oftc_must_be_destroyed". - diff --git a/changes/bug7902 b/changes/bug7902 new file mode 100644 index 000000000..051759dc0 --- /dev/null +++ b/changes/bug7902 @@ -0,0 +1,7 @@ + o Minor bugfixes: + - When we receive a RELAY_END cell with the reason DONE, or with no + reason, before receiving a RELAY_CONNECTED cell, report the SOCKS + status as "connection refused." Previously we reporting these + cases as success but then immediately closing the connection. + Fixes bug 7902; bugfix on 0.1.0.1-rc. Reported by "oftc_must_ + be_destroyed." diff --git a/changes/bug7947 b/changes/bug7947 new file mode 100644 index 000000000..6200ba2d8 --- /dev/null +++ b/changes/bug7947 @@ -0,0 +1,4 @@ + o Minor bugfixes: + - Fix the handling of a TRUNCATE cell when it arrives while the circuit + extension is in progress. Fixes bug 7947; bugfix on 0.0.7.1. + diff --git a/changes/bug7950 b/changes/bug7950 new file mode 100644 index 000000000..e62cca07a --- /dev/null +++ b/changes/bug7950 @@ -0,0 +1,4 @@ + o Minor bugfixes: + - When rejecting a configuration because we were unable to parse a + quoted string, log an actual error message. Fix for bug 7950; + bugfix on 0.2.0.16-alpha. diff --git a/changes/bug7982 b/changes/bug7982 new file mode 100644 index 000000000..46aa53249 --- /dev/null +++ b/changes/bug7982 @@ -0,0 +1,3 @@ + o Minor bugfixes: + - Copy-paste description for PathBias params from man page into or.h + comment. Fixes bug 7982. diff --git a/changes/bug8002 b/changes/bug8002 new file mode 100644 index 000000000..d6e2ff249 --- /dev/null +++ b/changes/bug8002 @@ -0,0 +1,5 @@ + o Minor bugfixes: + - When autodetecting the number of CPUs, use the number of available + CPUs in preferernce to the number of configured CPUs. Inform the + user if this reduces the number of avialable CPUs. Fix for bug 8002. + Bugfix on 0.2.3.1-alpha. diff --git a/changes/bug8014 b/changes/bug8014 new file mode 100644 index 000000000..c09a86098 --- /dev/null +++ b/changes/bug8014 @@ -0,0 +1,5 @@ + o Minor usability improvements (build): + - Clarify that when autconf is checking for nacl, it is checking + specifically for nacl with a fast curve25519 implementation. + Fixes bug 8014. + diff --git a/changes/bug8031 b/changes/bug8031 new file mode 100644 index 000000000..17329ec5b --- /dev/null +++ b/changes/bug8031 @@ -0,0 +1,7 @@ + o Minor bugfixes: + - Use direct writes rather than stdio when building microdescriptor + caches, in an attempt to mitigate bug 8031, or at least make it + less common. + - Warn more aggressively when flushing microdescriptors to a + microdescriptor cache fails, in an attempt to mitegate bug 8031, + or at least make it more diagnosable. diff --git a/changes/bug8037 b/changes/bug8037 new file mode 100644 index 000000000..989745fc3 --- /dev/null +++ b/changes/bug8037 @@ -0,0 +1,8 @@ + o Minor bugfixes: + - Correctly store microdescriptors and extrainfo descriptors with + an internal NUL byte. Fixes bug 8037; bugfix on 0.2.0.1-alpha. + Bug reported by "cypherpunks". + + o Minor features: + - Reject as invalid most directory objects containing a + NUL. Belt-and-suspender fix for bug 8037. diff --git a/changes/bug8059 b/changes/bug8059 new file mode 100644 index 000000000..47273ed0a --- /dev/null +++ b/changes/bug8059 @@ -0,0 +1,6 @@ + o Minor bugfixes (protocol conformance): + - Fix a misframing issue when reading the version numbers in a + VERSIONS cell. Previously we would recognize [00 01 00 02] as + 'version 1, version 2, and version 0x100', when it should have + only included versions 1 and 2. Fixes bug 8059; bugfix on + 0.2.0.10-alpha. Reported pseudonymously. diff --git a/changes/bug8062 b/changes/bug8062 new file mode 100644 index 000000000..805e51ed4 --- /dev/null +++ b/changes/bug8062 @@ -0,0 +1,5 @@ + o Minor bugfixes: + - Increase the width of the field used to remember a connection's + link protocol version to two bytes. Harmless for now, since the + only currently recognized versions are one byte long. Reported + pseudynmously. Fixes bug 8062, bugfix on 0.2.0.10-alpha. diff --git a/changes/bug8065 b/changes/bug8065 new file mode 100644 index 000000000..06dbae8cd --- /dev/null +++ b/changes/bug8065 @@ -0,0 +1,6 @@ + o Minor bugfixes: + - Downgrade an assertion in connection_ap_expire_beginning to + an LD_BUG message. The fix for bug 8024 should prevent this + message from displaying, but just in case a warn that we can + diagnose is better than more assert crashes. Fix for bug 8065; + bugfix on 0.2.4.8-alpha. diff --git a/changes/bug8093.part1 b/changes/bug8093.part1 new file mode 100644 index 000000000..2450794dd --- /dev/null +++ b/changes/bug8093.part1 @@ -0,0 +1,3 @@ + o Minor features: + - Downgrade "unexpected SENDME" warnings to protocol-warn for 0.2.4, + for bug 8093. diff --git a/changes/bug8117 b/changes/bug8117 new file mode 100644 index 000000000..910e8056f --- /dev/null +++ b/changes/bug8117 @@ -0,0 +1,13 @@ + o Major bugfixes: + + - Many SOCKS5 clients, when configured to offer a username/password, + offer both username/password authentication and "no authentication". + Tor had previously preferred no authentication, but this was + problematic when trying to make applications get proper stream + isolation with IsolateSOCKSAuth. Now, on any SOCKS port with + IsolateSOCKSAuth turned on (which is the default), Tor selects + username/password authentication if it's offered. If this confuses your + application, you can disable it on a per-SOCKSPort basis via + PreferSOCKSNoAuth. Fixes bug 8117; bugfix on 0.2.3.3-alpha. + + diff --git a/changes/bug8121 b/changes/bug8121 new file mode 100644 index 000000000..60cba7284 --- /dev/null +++ b/changes/bug8121 @@ -0,0 +1,7 @@ + o Minor features: + - Clear the high bit on curve25519 public keys before passing them to + our backend, in case we ever wind up using a backend that doesn't do + so itself. If we used such a backend, and *didn't* clear the high bit, + we could wind up in a situation where users with such backends would + be distinguishable from users without. Fix for bug 8121; bugfix on + 0.2.4.8-alpha. diff --git a/changes/bug8151 b/changes/bug8151 new file mode 100644 index 000000000..e20fa3c31 --- /dev/null +++ b/changes/bug8151 @@ -0,0 +1,5 @@ + o Minor features (directory authority): + - Include inside each vote a statement of the performance + thresholds that made the authority vote for its flags. Implements + ticket 8151. +
\ No newline at end of file diff --git a/changes/bug8158 b/changes/bug8158 new file mode 100644 index 000000000..65b21c2a2 --- /dev/null +++ b/changes/bug8158 @@ -0,0 +1,3 @@ + o Minor bugfixes: + - Use less space when formatting identical microdescriptor lines in + directory votes. Fixes bug 8158; bugfix on 0.2.4.1-alpha. diff --git a/changes/bug8161 b/changes/bug8161 new file mode 100644 index 000000000..ab7b9c0ca --- /dev/null +++ b/changes/bug8161 @@ -0,0 +1,6 @@ + o Minor changes: + - Lower path use bias thresholds to .80 for notice and .60 for warn. + Fixes bug #8161; bugfix on 0.2.4.10-alpa. + - Make the rate limiting flags for the path use bias log messages + independent from the original path bias flags. Fixes bug #8161; + bugfix on 0.2.4.10-alpha. diff --git a/changes/bug8180 b/changes/bug8180 new file mode 100644 index 000000000..39e6ce7f9 --- /dev/null +++ b/changes/bug8180 @@ -0,0 +1,7 @@ + o Minor bugfixes (security usability): + - Elevate the severity of the warning message when setting + EntryNodes but disabling UseGuardNodes to an error. The outcome + of letting Tor procede with those options enabled (which causes + EntryNodes to get ignored) is sufficiently different from what + was expected that it's best to just refuse to proceed. Fixes bug + 8180; bugfix on 0.2.3.11-alpha. diff --git a/changes/bug8185_diagnostic b/changes/bug8185_diagnostic new file mode 100644 index 000000000..b0f888475 --- /dev/null +++ b/changes/bug8185_diagnostic @@ -0,0 +1,3 @@ + o Minor features: + - Improve debugging output to attempt to diagnose the underlying + cause of bug 8185. diff --git a/changes/bug8200 b/changes/bug8200 new file mode 100644 index 000000000..65fc9dd03 --- /dev/null +++ b/changes/bug8200 @@ -0,0 +1,5 @@ + o Minor bugfix: + - Stop sending a stray "(null)" in some cases for the server status + "EXTERNAL_ADDRESS" controller event. Resolves bug 8200; bugfix + on 0.1.2.6-alpha. + diff --git a/changes/bug8203 b/changes/bug8203 new file mode 100644 index 000000000..d26dc0fcc --- /dev/null +++ b/changes/bug8203 @@ -0,0 +1,4 @@ + o Minor bugfixes: + - Make the format and order of STREAM events for DNS lookups consistent + among the various ways to launch DNS lookups. Fix for bug 8203; + bugfix on 0.2.0.24-rc. Patch by "Desoxy." diff --git a/changes/bug8207 b/changes/bug8207 new file mode 100644 index 000000000..0028d3380 --- /dev/null +++ b/changes/bug8207 @@ -0,0 +1,7 @@ + o Major bugfixes (hidden services): + - Allow hidden service authentication to succeed again. When we + refactored the hidden service introduction code back in 0.2.4.1-alpha, + we didn't update the code that checks whether authentication + information is present, causing all authentication checks to + return "false". Fix for bug 8207; bugfix on 0.2.4.1-alpha. Found by + Coverity; this is CID 718615. diff --git a/changes/bug8209 b/changes/bug8209 new file mode 100644 index 000000000..c58923540 --- /dev/null +++ b/changes/bug8209 @@ -0,0 +1,6 @@ + o Minor bugfixes: + - When detecting the largest possible file descriptor (in order to close + all file descriptors when launching a new program), actually use + _SC_OPEN_MAX. The old code for doing this was very, very broken. + Fix for bug 8209; bugfix on 0.2.3.1-alpha. Found by Coverity; this + is CID 743383. diff --git a/changes/bug8210 b/changes/bug8210 new file mode 100644 index 000000000..85d41b844 --- /dev/null +++ b/changes/bug8210 @@ -0,0 +1,6 @@ + o Minor bugfixes: + - Fix an impossible-to-trigger integer overflow when + estimating how long out onionskin queue would take. (This overflow + would require us to accept 4 million onionskins before processing + 100 of them.) Fixes bug 8210; bugfix on 0.2.4.10-alpha. + diff --git a/changes/bug8218 b/changes/bug8218 new file mode 100644 index 000000000..ce8d53ba6 --- /dev/null +++ b/changes/bug8218 @@ -0,0 +1,6 @@ + o Major bugfixes: + - Stop marking every relay as having been down for one hour every + time we restart a directory authority. These artificial downtimes + were messing with our Stable and Guard flag calculations. Fixes + bug 8218 (introduced by the fix for 1035). Bugfix on 0.2.2.23-alpha. + diff --git a/changes/bug8231 b/changes/bug8231 new file mode 100644 index 000000000..fd87a1dae --- /dev/null +++ b/changes/bug8231 @@ -0,0 +1,5 @@ + o Major bugfixes: + - When unable to find any working directory nodes to use as a + directory guard, give up rather than adding the same non-working + nodes to the list over and over. Fixes bug 8231; bugfix on + 0.2.4.8-alpha. diff --git a/changes/bug8235-diagnosing b/changes/bug8235-diagnosing new file mode 100644 index 000000000..b760035cf --- /dev/null +++ b/changes/bug8235-diagnosing @@ -0,0 +1,5 @@ + o Minor features (diagnostic) + - If the state file's path bias counts are invalid (presumably from a + buggy tor prior to 0.2.4.10-alpha), make them correct. + - Add additional checks and log messages to the scaling of Path Bias + counts, in case there still are remaining issues with scaling. diff --git a/changes/bug8253-fix b/changes/bug8253-fix new file mode 100644 index 000000000..3d36d06c8 --- /dev/null +++ b/changes/bug8253-fix @@ -0,0 +1,6 @@ + o Minor bugfixes (log messages) + - Fix a scaling issue in the path bias accounting code that resulted in + "Bug:" log messages from either pathbias_scale_close_rates() or + pathbias_count_build_success(). This represents a bugfix on a previous + bugfix: The original fix attempted in 0.2.4.10-alpha was incomplete. + Fixes bug 8235; bugfix on 0.2.4.1-alpha. diff --git a/changes/bug8273 b/changes/bug8273 new file mode 100644 index 000000000..257f57e7a --- /dev/null +++ b/changes/bug8273 @@ -0,0 +1,3 @@ + o Critical bugfixes: + - When dirserv.c computes flags and thresholds, use measured bandwidths + in preference to advertised ones. diff --git a/changes/bug8290 b/changes/bug8290 new file mode 100644 index 000000000..d1fce7d8b --- /dev/null +++ b/changes/bug8290 @@ -0,0 +1,9 @@ + o Removed files: + - The tor-tsocks.conf is no longer distributed or installed. We + recommend that tsocks users use torsocks instead. Resolves + ticket 8290. + + o Documentation fixes: + - The torify manpage no longer refers to tsocks; torify hasn't + supported tsocks since 0.2.3.14-alpha. + - The manpages no longer reference tsocks. diff --git a/changes/bug8408 b/changes/bug8408 new file mode 100644 index 000000000..ae9cf172e --- /dev/null +++ b/changes/bug8408 @@ -0,0 +1,4 @@ + o Minor bugfixes: + - Allow TestingTorNetworks to override the 4096-byte minimum for the Fast + threshold. Otherwise they can't bootstrap until they've observed more + traffic. Fixes bug 8508; bugfix on 0.2.4.10-alpha. diff --git a/changes/bug8427 b/changes/bug8427 new file mode 100644 index 000000000..22b003fc3 --- /dev/null +++ b/changes/bug8427 @@ -0,0 +1,5 @@ + o Minor bugfixes: + - If we encounter a write failure on a SOCKS connection before we + finish our SOCKS handshake, don't warn that we closed the + connection before we could send a SOCKS reply. Fixes bug 8427; + bugfix on 0.1.0.1-rc. diff --git a/changes/bug8435 b/changes/bug8435 new file mode 100644 index 000000000..da7ca7c1f --- /dev/null +++ b/changes/bug8435 @@ -0,0 +1,4 @@ + o Major bugfixes: + - When dirserv.c computes flags and thresholds, ignore advertised + bandwidths if we have more than a threshold number of routers with + measured bandwidths. diff --git a/changes/bug8464 b/changes/bug8464 new file mode 100644 index 000000000..74ff2e39f --- /dev/null +++ b/changes/bug8464 @@ -0,0 +1,5 @@ + o Minor bugfixes: + - Correct our check for which versions of Tor support the EXTEND2 + cell. We had been willing to send it to Tor 0.2.4.7-alpha and + later, when support was really added in version 0.2.4.8-alpha. + Fixes bug 8464; bugfix on 0.2.4.8-alpha. diff --git a/changes/bug8475 b/changes/bug8475 new file mode 100644 index 000000000..eb8debedb --- /dev/null +++ b/changes/bug8475 @@ -0,0 +1,4 @@ + o Major bugfixes: + - If configured via ClientDNSRejectInternalAddresses not to report + DNS queries which have resolved to internal addresses, apply that + rule to IPv6 as well. Fixes bug 8475; bugfix on 0.2.0.7-alpha. diff --git a/changes/bug8477-easypart b/changes/bug8477-easypart new file mode 100644 index 000000000..0f8f1031c --- /dev/null +++ b/changes/bug8477-easypart @@ -0,0 +1,3 @@ + o Minor bugfixes: + - Log the purpose of a path-bias testing circuit correctly. + Improves a log message from bug 8477; bugfix on 0.2.4.8-alpha. diff --git a/changes/bug8587 b/changes/bug8587 new file mode 100644 index 000000000..84d2f1ec0 --- /dev/null +++ b/changes/bug8587 @@ -0,0 +1,5 @@ + o Minor bugfixes (build): + - Build Tor correctly on 32-bit platforms where the compiler can build + but not run code using the "uint128_t" construction. Fixes bug 8587; + bugfix on 0.2.4.8-alpha. + diff --git a/changes/bug8596 b/changes/bug8596 new file mode 100644 index 000000000..dd36bad85 --- /dev/null +++ b/changes/bug8596 @@ -0,0 +1,3 @@ + o Minor features: + - Add CACHED keyword to ADDRMAP events in the control protocol to indicate + whether a DNS result will be cached or not. diff --git a/changes/bug8598 b/changes/bug8598 new file mode 100644 index 000000000..e31c8f3c7 --- /dev/null +++ b/changes/bug8598 @@ -0,0 +1,6 @@ + o Bugfixes: + - Fix compilation warning with some versions of clang that would prefer + the -Wswitch-enum compiler flag to warn about switch statements with + missing enum values, even if those switch statements have a default: + statement. Fixes bug 8598; bugfix on 0.2.4.10-alpha. + diff --git a/changes/bug8599 b/changes/bug8599 new file mode 100644 index 000000000..204ef58c3 --- /dev/null +++ b/changes/bug8599 @@ -0,0 +1,4 @@ + o Minor bugfixes: + - Fix some logic errors when the user manually overrides the + PathsNeededToBuildCircuits option in torrc. Fixes bug 8599; bugfix + on 0.2.4.10-alpha. diff --git a/changes/bug8638 b/changes/bug8638 new file mode 100644 index 000000000..3a790e567 --- /dev/null +++ b/changes/bug8638 @@ -0,0 +1,3 @@ + o Minor features + In our testsuite, create temporary directories with a bit more entropy + in their name to make name collissions less likely. Fixes bug 8638. diff --git a/changes/bug8711 b/changes/bug8711 new file mode 100644 index 000000000..28a1daa45 --- /dev/null +++ b/changes/bug8711 @@ -0,0 +1,6 @@ + o Minor features (authority): + - Add a "ignoring-advertised-bws" boolean to our flag-thresholds + lines to describe whether we have enough measured bandwidths to + ignore advertised bandwidth claims. Closes ticket 8711. + + diff --git a/changes/bug8716 b/changes/bug8716 new file mode 100644 index 000000000..74c74f82a --- /dev/null +++ b/changes/bug8716 @@ -0,0 +1,3 @@ + o Minor bugfixes (memory leak): + - Fix a memory leak that would occur whenever a configuration + option changed. Fixes bug #8718; bugfix on 0.2.3.3-alpha. diff --git a/changes/bug8719 b/changes/bug8719 new file mode 100644 index 000000000..c05b79dde --- /dev/null +++ b/changes/bug8719 @@ -0,0 +1,6 @@ + o Major bugfixes (memory leak): + - Avoid a memory leak where we would leak a consensus body when we find + that a consensus which we couldn't previously verify due to missing + certificates is now verifiable. Fixes bug 8719; bugfix on + 0.2.0.10-alpha. + diff --git a/changes/bug8833 b/changes/bug8833 new file mode 100644 index 000000000..681a86191 --- /dev/null +++ b/changes/bug8833 @@ -0,0 +1,3 @@ + o Major bugfixes (directory authority): + - Fix a crash bug when building a consensus using an older consensus as + its basis. Fixes bug 8833. Bugfix on 0.2.4.12-alpha. diff --git a/changes/bug8845 b/changes/bug8845 new file mode 100644 index 000000000..ace043ab9 --- /dev/null +++ b/changes/bug8845 @@ -0,0 +1,3 @@ + o Minor bugfixes (test): + - Fix an impossible buffer overrun in the AES unit tests. Fixes bug 8845; + bugfix on 0.2.0.7-alpha. Found by eugenis. diff --git a/changes/bug8846 b/changes/bug8846 new file mode 100644 index 000000000..377cc3708 --- /dev/null +++ b/changes/bug8846 @@ -0,0 +1,4 @@ + o Minor bugfixes: + - Give a less useless error message when the user asks for an IPv4 + address on an IPv6-only port, or vice versa. Fixes bug 8846; bugfix + on 0.2.4.7-alpha. diff --git a/changes/bug8879 b/changes/bug8879 new file mode 100644 index 000000000..0d2a70086 --- /dev/null +++ b/changes/bug8879 @@ -0,0 +1,5 @@ + o Major bugfixes: + - Follow the socks5 protocol when offering username/password + authentication. The fix for bug 8117 exposed this bug, and it + turns out real-world applications like Pidgin do care. Bugfix on + 0.2.3.2-alpha; fixes bug 8879. diff --git a/changes/cov709056 b/changes/cov709056 deleted file mode 100644 index 64a75ad8a..000000000 --- a/changes/cov709056 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes: - - Check return value of fputs() when writing authority certificate - file. Fixes Coverity issue 709056; bugfix on 0.2.0.1-alpha. - diff --git a/changes/cov980650 b/changes/cov980650 new file mode 100644 index 000000000..cbbada2e6 --- /dev/null +++ b/changes/cov980650 @@ -0,0 +1,4 @@ + o Minor bugfixes: + - Fix a copy-and-paste error when adding a missing A1 to a routerset + because of GeoIPExcludeUnknown. Fix for coverity CID 980650. + Bugfix on 0.2.4.10-alpha. diff --git a/changes/cve-2012-2249 b/changes/cve-2012-2249 deleted file mode 100644 index 625bfa2f5..000000000 --- a/changes/cve-2012-2249 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes (security): - - Discard extraneous renegotiation attempts once the V3 link - protocol has been initiated. Failure to do so left us open to - a remotely triggerable assertion failure. Fixes CVE-2012-2249; - bugfix on 0.2.3.6-alpha. Reported by "some guy from France". diff --git a/changes/dirserv-BUGGY-a b/changes/dirserv-BUGGY-a deleted file mode 100644 index 35b492a2d..000000000 --- a/changes/dirserv-BUGGY-a +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes: - - - Don't serve or accept v2 hidden service descriptors over a - relay's DirPort. It's never correct to do so, and disabling it - might make it more annoying to exploit any bugs that turn up in the - descriptor-parsing code. Fixes bug 7149. - diff --git a/changes/disable_pathbias_messages b/changes/disable_pathbias_messages deleted file mode 100644 index 3bc996347..000000000 --- a/changes/disable_pathbias_messages +++ /dev/null @@ -1,3 +0,0 @@ - o Disabeled features - - Downgrade path-bias warning messages to INFO. We'll try to get them - working better in 0.2.4. Fixes bug 6475; bugfix on 0.2.3.17-beta. diff --git a/changes/easy.ratelim b/changes/easy.ratelim new file mode 100644 index 000000000..cadd1e4f5 --- /dev/null +++ b/changes/easy.ratelim @@ -0,0 +1,3 @@ + o Code simplification and refactoring: + - Add a wrapper function for the common "log a message with a rate-limit" + case. diff --git a/changes/feature4994 b/changes/feature4994 new file mode 100644 index 000000000..4fa0e037b --- /dev/null +++ b/changes/feature4994 @@ -0,0 +1,7 @@ + o Minor features: + - Teach bridge-using clients to avoid 0.2.2 bridges when making + microdescriptor-related dir requests, and only fall back to normal + descriptors if none of their bridges can handle microdescriptors + (as opposed to the fix in ticket 4013, which caused them to fall + back to normal descriptors if *any* of their bridges preferred + them). Resolves ticket 4994. diff --git a/changes/fix-geoipexclude-doc b/changes/fix-geoipexclude-doc new file mode 100644 index 000000000..63b544ef2 --- /dev/null +++ b/changes/fix-geoipexclude-doc @@ -0,0 +1,4 @@ + o Documentation fixes: + - Fix the GeoIPExcludeUnknown documentation to refer to ExcludeExitNodes + rather than the currently nonexistent ExcludeEntryNodes. Spotted by + "hamahangi" on tor-talk. diff --git a/changes/geoip-dec2012 b/changes/geoip-dec2012 deleted file mode 100644 index 26431c2e8..000000000 --- a/changes/geoip-dec2012 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update to the December 5 2012 Maxmind GeoLite Country database. - diff --git a/changes/geoip-jan2013 b/changes/geoip-jan2013 deleted file mode 100644 index 45e5a150c..000000000 --- a/changes/geoip-jan2013 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update to the January 2 2013 Maxmind GeoLite Country database. - diff --git a/changes/geoip-nov2012 b/changes/geoip-nov2012 deleted file mode 100644 index 22e7bace5..000000000 --- a/changes/geoip-nov2012 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update to the November 7 2012 Maxmind GeoLite Country database. - diff --git a/changes/integers_donna b/changes/integers_donna new file mode 100644 index 000000000..e9c69e8e1 --- /dev/null +++ b/changes/integers_donna @@ -0,0 +1,3 @@ + o Minor bugfixes (portability) + - Tweak the curve25519-donna*.c implementations to tolerate systems + that lack stdint.h. Fixes bug 3894; bugfix on 0.2.4.8-alpha. diff --git a/changes/less_charbuf_usage b/changes/less_charbuf_usage new file mode 100644 index 000000000..2ec42b544 --- /dev/null +++ b/changes/less_charbuf_usage @@ -0,0 +1,5 @@ + o Code simplification and refactoring: + - Avoid using character buffers when constructing most directory + objects: this approach was unweildy and error-prone. Instead, + build smartlists of strings, and concatenate them when done. + diff --git a/changes/link_negotiation_assert b/changes/link_negotiation_assert deleted file mode 100644 index 398a54557..000000000 --- a/changes/link_negotiation_assert +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfixs (security): - - Fix a group of remotely triggerable assertion failures related to - incorrect link protocol negotiation. Found, diagnosed, and fixed - by "some guy from France." Fix for CVE-2012-2250; bugfix on - 0.2.3.6-alpha. - diff --git a/changes/log-noise b/changes/log-noise new file mode 100644 index 000000000..bbbf0d2c0 --- /dev/null +++ b/changes/log-noise @@ -0,0 +1,11 @@ + o Minor bugfixes (log message reduction) + - Fix a path state issue that triggered a notice during relay startup. + Fixes bug #8320; bugfix on 0.2.4.10-alpha. + - Reduce occurrences of warns about circuit purpose in + connection_ap_expire_building(). Fixes bug #8477; bugfix on + 0.2.4.11-alpha. + - Fix a directory authority warn caused when we have a large amount + of badexit bandwidth. Fixes bug #8419; bugfix on 0.2.2.10-alpha. + - Reduce a path bias length check notice log to info. The notice + is triggered when creating controller circuits. Fixes bug #8196; + bugfix on 0.2.4.8-alpha. diff --git a/changes/pathsel-BUGGY-a b/changes/pathsel-BUGGY-a deleted file mode 100644 index 2e642c795..000000000 --- a/changes/pathsel-BUGGY-a +++ /dev/null @@ -1,14 +0,0 @@ - o Security fixes: - - - Try to leak less information about what relays a client is - choosing to a side-channel attacker. Previously, a Tor client - would stop iterating through the list of available relays as - soon as it had chosen one, thus finishing a little earlier - when it picked a router earlier in the list. If an attacker - can recover this timing information (nontrivial but not - proven to be impossible), they could learn some coarse- - grained information about which relays a client was picking - (middle nodes in particular are likelier to be affected than - exits). The timing attack might be mitigated by other factors - (see bug #6537 for some discussion), but it's best not to - take chances. Fixes bug 6537; bugfix on 0.0.8rc1. diff --git a/changes/port_doc b/changes/port_doc deleted file mode 100644 index 0e8662f0a..000000000 --- a/changes/port_doc +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (usability): - - Try to make the warning when giving an obsolete SOCKSListenAddress - a littel more useful. diff --git a/changes/revert-geoip-may2012 b/changes/revert-geoip-may2012 deleted file mode 100644 index e420947a3..000000000 --- a/changes/revert-geoip-may2012 +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfixes: - - Revert to the May 1 2012 Maxmind GeoLite Country database. In the - June 2012 database, Maxmind marked many Tor relays as country "A1", - which will cause risky behavior for clients that set EntryNodes - or ExitNodes. Addresses bug 6334; bugfix on 0.2.3.17-beta. - diff --git a/changes/signof_enum b/changes/signof_enum new file mode 100644 index 000000000..ba4fb597d --- /dev/null +++ b/changes/signof_enum @@ -0,0 +1,7 @@ + o Code simplifications and refactoring: + - Use Ville Laurikari's implementation of AX_CHECK_SIGN() to determine + the signs of types during autoconf. This is better than our old + approach, which didn't work when cross-compiling. + - Detect the sign of enum values, rather than assuming that MSC is the + only compiler where enum types are all signed. Fix for bug 7727; + bugfix on 0.2.4.10-alpha. diff --git a/changes/smartlist_foreach b/changes/smartlist_foreach deleted file mode 100644 index 2fd3a1a85..000000000 --- a/changes/smartlist_foreach +++ /dev/null @@ -1,8 +0,0 @@ - o Code simplification and refactoring: - - Do not use SMARTLIST_FOREACH for any loop whose body exceeds - 10 lines. Doing so in the past has led to hard-to-debug code. - The new style is to use the SMARTLIST_FOREACH_{BEGIN,END} pair. - Issue 6400. - - Do not nest SMARTLIST_FOREACH blocks within one another. Any - nested block ought to be using SMARTLIST_FOREACH_{BEGIN,END}. - Issue 6400. diff --git a/changes/ticket2267 b/changes/ticket2267 new file mode 100644 index 000000000..b589b5721 --- /dev/null +++ b/changes/ticket2267 @@ -0,0 +1,8 @@ + o Minor features: + - Refactor resolve_my_address() so it returns the method by which we + decided our public IP address (explicitly configured, resolved from + explicit hostname, guessed from interfaces, learned by gethostname). + Now we can provide more helpful log messages when a relay guesses + its IP address incorrectly (e.g. due to unexpected lines in + /etc/hosts). Resolves ticket 2267. + diff --git a/changes/ticket5749 b/changes/ticket5749 deleted file mode 100644 index 023724198..000000000 --- a/changes/ticket5749 +++ /dev/null @@ -1,3 +0,0 @@ - o New directory authorities: - - Add Faravahar (run by Sina Rabbani) as the ninth v3 directory - authority. Closes ticket 5749. diff --git a/changes/ticket8240 b/changes/ticket8240 new file mode 100644 index 000000000..91e6f8c14 --- /dev/null +++ b/changes/ticket8240 @@ -0,0 +1,4 @@ + o Major security fixes: + - Make the default guard lifetime controllable via a new + GuardLifetime torrc option and a GuardLifetime consensus + parameter. Start of a fix for bug 8240; bugfix on 0.1.1.11-alpha. diff --git a/changes/ticket8443 b/changes/ticket8443 new file mode 100644 index 000000000..ca6fb2f47 --- /dev/null +++ b/changes/ticket8443 @@ -0,0 +1,4 @@ + o Minor features: + - Randomize the lifetime of our SSL link certificate, so censors can't + use the static value for filtering Tor flows. Resolves ticket 8443; + related to ticket 4014 which was included in 0.2.2.33. diff --git a/changes/warn-unsigned-time_t b/changes/warn-unsigned-time_t new file mode 100644 index 000000000..5f0c36d09 --- /dev/null +++ b/changes/warn-unsigned-time_t @@ -0,0 +1,5 @@ + o Build improvements: + - Warn if building on a platform with an unsigned time_t: there + are too many places where Tor currently assumes that time_t can + hold negative values. We'd like to fix them all, but probably + some will remain. |