nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-27 22:03:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'bug30649_040' into bug30649_maint_041

Browse Source
This commit is contained in:
George Kadianakis 2019-09-02 11:58:01 +03:00 committed by teor
parent 61082c059c
commit 73890a86ef
No known key found for this signature in database
GPG Key ID: 10FEAA0E7075672A
740 changed files with 30113 additions and 13406 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.gitignore vendored
View File

@ -168,6 +168,8 @@ uptime-*.json
/src/lib/libtor-crypt-ops-testing.a
/src/lib/libtor-ctime.a
/src/lib/libtor-ctime-testing.a
/src/lib/libtor-dispatch.a
/src/lib/libtor-dispatch-testing.a
/src/lib/libtor-encoding.a
/src/lib/libtor-encoding-testing.a
/src/lib/libtor-evloop.a
@ -200,6 +202,8 @@ uptime-*.json
/src/lib/libtor-osinfo-testing.a
/src/lib/libtor-process.a
/src/lib/libtor-process-testing.a
/src/lib/libtor-pubsub.a
/src/lib/libtor-pubsub-testing.a
/src/lib/libtor-sandbox.a
/src/lib/libtor-sandbox-testing.a
/src/lib/libtor-string.a

36
.travis.yml
View File

@ -42,15 +42,18 @@ matrix:
## include creates builds with gcc, linux
include:
## We include a single coverage build with the best options for coverage
- env: COVERAGE_OPTIONS="--enable-coverage" HARDENING_OPTIONS=""
- env: COVERAGE_OPTIONS="--enable-coverage" HARDENING_OPTIONS="" TOR_TEST_RNG_SEED="636f766572616765"
## We only want to check these build option combinations once
## (they shouldn't vary by compiler or OS)
## We run rust and coverage with hardening off, which seems like enough
# - env: HARDENING_OPTIONS=""
## We check asciidoc with distcheck, to make sure we remove doc products
- env: DISTCHECK="yes" ASCIIDOC_OPTIONS=""
- env: DISTCHECK="yes" ASCIIDOC_OPTIONS="" SKIP_MAKE_CHECK="yes"
# We also try running a hardened clang build with chutney on Linux.
- env: CHUTNEY="yes" SKIP_MAKE_CHECK="yes" CHUTNEY_ALLOW_FAILURES="2"
compiler: clang
# We clone our stem repo and run `make test-stem`
- env: TEST_STEM="yes"
- env: TEST_STEM="yes" SKIP_MAKE_CHECK="yes"
## Check rust online with distcheck, to make sure we remove rust products
- env: DISTCHECK="yes" RUST_OPTIONS="--enable-rust --enable-cargo-online-mode"
## Check disable module dirauth with and without rust
@ -72,7 +75,7 @@ matrix:
## https://docs.travis-ci.com/user/customizing-the-build#matching-jobs-with-allow_failures
allow_failures:
## test-stem sometimes hangs on Travis
- env: TEST_STEM="yes"
- env: TEST_STEM="yes" SKIP_MAKE_CHECK="yes"
exclude:
## gcc on OSX is less useful, because the default compiler is clang.
@ -88,7 +91,7 @@ matrix:
- compiler: gcc
os: linux
## TOR_RUST_DEPENDENCIES is spelt RUST_DEPENDENCIES in 0.3.2
env: RUST_OPTIONS="--enable-rust" TOR_RUST_DEPENDENCIES=true HARDENING_OPTIONS=""
env: RUST_OPTIONS="--enable-rust" TOR_RUST_DEPENDENCIES=true
## (Linux only) Use the latest Linux image (Ubuntu Trusty)
dist: trusty
@ -175,6 +178,9 @@ install:
- if [[ "$RUST_OPTIONS" != "" ]]; then source $HOME/.cargo/env; fi
## If we're testing rust builds in offline-mode, then set up our vendored dependencies
- if [[ "$TOR_RUST_DEPENDENCIES" == "true" ]]; then export TOR_RUST_DEPENDENCIES=$PWD/src/ext/rust/crates; fi
## If we're running chutney, install it.
- if [[ "$CHUTNEY" != "" ]]; then git clone --depth 1 https://github.com/torproject/chutney.git ; export CHUTNEY_PATH="$(pwd)/chutney"; fi
## If we're running stem, install it.
- if [[ "$TEST_STEM" != "" ]]; then git clone --depth 1 https://github.com/torproject/stem.git ; export STEM_SOURCE_DIR=`pwd`/stem; fi
##
## Finally, list installed package versions
@ -189,7 +195,9 @@ install:
- if [[ "$RUST_OPTIONS" != "" ]]; then cargo --version; fi
## Get python version
- python --version
## run stem tests if they are enabled.
## If we're running chutney, show the chutney commit
- if [[ "$CHUTNEY" != "" ]]; then pushd "$CHUTNEY_PATH"; git log -1 ; popd ; fi
## If we're running stem, show the stem version and commit
- if [[ "$TEST_STEM" != "" ]]; then pushd stem; python -c "from stem import stem; print(stem.__version__);"; git log -1; popd; fi
script:
@ -200,10 +208,12 @@ script:
- echo "Configure flags are $CONFIGURE_FLAGS"
- ./configure $CONFIGURE_FLAGS
## We run `make check` because that's what https://jenkins.torproject.org does.
- if [[ "$DISTCHECK" == "" && "$TEST_STEM" == "" ]]; then make check; fi
## Diagnostic for bug 29437: kill stem if it hangs for 15 minutes
- if [[ "$TEST_STEM" != "" ]]; then make src/app/tor; timelimit -p -t 540 -s USR1 -T 30 -S ABRT python3 "$STEM_SOURCE_DIR"/run_tests.py --tor src/app/tor --integ --log notice --target RUN_ALL; fi
- if [[ "$DISTCHECK" != "" && "$TEST_STEM" == "" ]]; then make distcheck DISTCHECK_CONFIGURE_FLAGS="$CONFIGURE_FLAGS"; fi
- if [[ "$SKIP_MAKE_CHECK" == "" ]]; then make check; fi
- if [[ "$DISTCHECK" != "" ]]; then make distcheck DISTCHECK_CONFIGURE_FLAGS="$CONFIGURE_FLAGS"; fi
- if [[ "$CHUTNEY" != "" ]]; then make test-network-all; fi
## Diagnostic for bug 29437: kill stem if it hangs for 9.5 minutes
## Travis will kill the job after 10 minutes with no output
- if [[ "$TEST_STEM" != "" ]]; then make src/app/tor; timelimit -p -t 540 -s USR1 -T 30 -S ABRT python3 "$STEM_SOURCE_DIR"/run_tests.py --tor src/app/tor --integ --test control.controller --test control.base_controller --test process --log TRACE --log-file stem.log; fi
## If this build was one that produced coverage, upload it.
- if [[ "$COVERAGE_OPTIONS" != "" ]]; then coveralls -b . --exclude src/test --exclude src/trunnel --gcov-options '\-p' || echo "Coverage failed"; fi
@ -212,11 +222,13 @@ after_failure:
## But the log is too long for travis' rendered view, so tail it.
- tail -1000 config.log || echo "tail failed"
## `make check` will leave a log file with more details of test failures.
- if [[ "$DISTCHECK" == "" ]]; then cat test-suite.log || echo "cat failed"; fi
- if [[ "$SKIP_MAKE_CHECK" == "" ]]; then cat test-suite.log || echo "cat failed"; fi
## `make distcheck` puts it somewhere different.
- if [[ "$DISTCHECK" != "" ]]; then make show-distdir-testlog || echo "make failed"; fi
- if [[ "$DISTCHECK" != "" ]]; then make show-distdir-core || echo "make failed"; fi
- if [[ "$TEST_STEM" != "" ]]; then cat "$STEM_SOURCE_DIR"/test/data/tor_log || echo "cat failed"; fi
- if [[ "$CHUTNEY" != "" ]]; then ls test_network_log || echo "ls failed"; cat test_network_log/* || echo "cat failed"; fi
- if [[ "$TEST_STEM" != "" ]]; then tail -1000 "$STEM_SOURCE_DIR"/test/data/tor_log || echo "tail failed"; fi
- if [[ "$TEST_STEM" != "" ]]; then grep -v "SocketClosed" stem.log | tail -1000 || echo "grep | tail failed"; fi
before_cache:
## Delete all gcov files.

1083
ChangeLog
View File

File diff suppressed because it is too large Load Diff

50
Makefile.am
View File

@ -41,6 +41,8 @@ TOR_UTIL_LIBS = \
src/lib/libtor-geoip.a \
src/lib/libtor-process.a \
src/lib/libtor-buf.a \
src/lib/libtor-pubsub.a \
src/lib/libtor-dispatch.a \
src/lib/libtor-time.a \
src/lib/libtor-fs.a \
src/lib/libtor-encoding.a \
@ -72,6 +74,8 @@ TOR_UTIL_TESTING_LIBS = \
src/lib/libtor-geoip-testing.a \
src/lib/libtor-process-testing.a \
src/lib/libtor-buf-testing.a \
src/lib/libtor-pubsub-testing.a \
src/lib/libtor-dispatch-testing.a \
src/lib/libtor-time-testing.a \
src/lib/libtor-fs-testing.a \
src/lib/libtor-encoding-testing.a \
@ -161,7 +165,12 @@ EXTRA_DIST+= \
README \
ReleaseNotes \
scripts/maint/checkIncludes.py \
scripts/maint/checkSpace.pl
scripts/maint/checkSpace.pl \
scripts/maint/practracker/exceptions.txt \
scripts/maint/practracker/metrics.py \
scripts/maint/practracker/practracker.py \
scripts/maint/practracker/problem.py \
scripts/maint/practracker/util.py
## This tells etags how to find mockable function definitions.
AM_ETAGSFLAGS=--regex='{c}/MOCK_IMPL([^,]+,\W*\([a-zA-Z0-9_]+\)\W*,/\1/s'
@ -328,11 +337,8 @@ coverage-html-full: all
lcov --remove "$(HTML_COVER_DIR)/lcov.tmp" --rc lcov_branch_coverage=1 'test/*' 'ext/tinytest*' '/usr/*' --output-file "$(HTML_COVER_DIR)/lcov.info"
genhtml --branch-coverage -o "$(HTML_COVER_DIR)" "$(HTML_COVER_DIR)/lcov.info"
# Avoid strlcpy.c, strlcat.c, aes.c, OpenBSD_malloc_Linux.c, sha256.c,
# tinytest*.[ch]
check-spaces:
if USE_PERL
$(PERL) $(top_srcdir)/scripts/maint/checkSpace.pl -C \
# For scripts: avoid src/ext and src/trunnel.
OWNED_TOR_C_FILES=\
$(top_srcdir)/src/lib/*/*.[ch] \
$(top_srcdir)/src/core/*/*.[ch] \
$(top_srcdir)/src/feature/*/*.[ch] \
@ -340,6 +346,11 @@ if USE_PERL
$(top_srcdir)/src/test/*.[ch] \
$(top_srcdir)/src/test/*/*.[ch] \
$(top_srcdir)/src/tools/*.[ch]
check-spaces:
if USE_PERL
$(PERL) $(top_srcdir)/scripts/maint/checkSpace.pl -C \
$(OWNED_TOR_C_FILES)
endif
check-includes:
@ -347,6 +358,14 @@ if USEPYTHON
$(PYTHON) $(top_srcdir)/scripts/maint/checkIncludes.py
endif
check-best-practices:
if USEPYTHON
$(PYTHON) $(top_srcdir)/scripts/maint/practracker/practracker.py $(top_srcdir)
endif
practracker-regen:
$(PYTHON) $(top_srcdir)/scripts/maint/practracker/practracker.py --regen $(top_srcdir)
check-docs: all
$(PERL) $(top_builddir)/scripts/maint/checkOptionDocs.pl
@ -442,6 +461,25 @@ version:
(cd "$(top_srcdir)" && git rev-parse --short=16 HEAD); \
fi
.PHONY: autostyle-ifdefs
autostyle-ifdefs:
$(PYTHON) scripts/maint/annotate_ifdef_directives $(OWNED_TOR_C_FILES)
.PHONY: autostyle-ifdefs
autostyle-operators:
$(PERL) scripts/coccinelle/test-operator-cleanup $(OWNED_TOR_C_FILES)
.PHONY: rectify-includes
rectify-includes:
$(PYTHON) scripts/maint/rectify_include_paths.py
.PHONY: update-copyright
update-copyright:
$(PERL) scripts/maint/updateCopyright.pl $(OWNED_TOR_C_FILES)
.PHONY: autostyle
autostyle: update-versions rustfmt autostyle-ifdefs rectify-includes
mostlyclean-local:
rm -f $(top_builddir)/src/*/*.gc{da,no} $(top_builddir)/src/*/*/*.gc{da,no}
rm -rf $(HTML_COVER_DIR)

785
ReleaseNotes
View File

@ -2,6 +2,791 @@ This document summarizes new features and bugfixes in each stable
release of Tor. If you want to see more detailed descriptions of the
changes in each development snapshot, see the ChangeLog file.
Changes in version 0.4.0.5 - 2019-05-02
This is the first stable release in the 0.4.0.x series. It contains
improvements for power management and bootstrap reporting, as well as
preliminary backend support for circuit padding to prevent some kinds
of traffic analysis. It also continues our work in refactoring Tor for
long-term maintainability.
Per our support policy, we will support the 0.4.0.x series for nine
months, or until three months after the release of a stable 0.4.1.x:
whichever is longer. If you need longer-term support, please stick
with 0.3.5.x, which will we plan to support until Feb 2022.
Below are the changes since 0.3.5.7. For a complete list of changes
since 0.4.0.4-rc, see the ChangeLog file.
o Major features (battery management, client, dormant mode):
- When Tor is running as a client, and it is unused for a long time,
it can now enter a "dormant" state. When Tor is dormant, it avoids
network and CPU activity until it is reawoken either by a user
request or by a controller command. For more information, see the
configuration options starting with "Dormant". Implements tickets
2149 and 28335.
- The client's memory of whether it is "dormant", and how long it
has spent idle, persists across invocations. Implements
ticket 28624.
- There is a DormantOnFirstStartup option that integrators can use
if they expect that in many cases, Tor will be installed but
not used.
o Major features (bootstrap reporting):
- When reporting bootstrap progress, report the first connection
uniformly, regardless of whether it's a connection for building
application circuits. This allows finer-grained reporting of early
progress than previously possible, with the improvements of ticket
27169. Closes tickets 27167 and 27103. Addresses ticket 27308.
- When reporting bootstrap progress, treat connecting to a proxy or
pluggable transport as separate from having successfully used that
proxy or pluggable transport to connect to a relay. Closes tickets
27100 and 28884.
o Major features (circuit padding):
- Implement preliminary support for the circuit padding portion of
Proposal 254. The implementation supports Adaptive Padding (aka
WTF-PAD) state machines for use between experimental clients and
relays. Support is also provided for APE-style state machines that
use probability distributions instead of histograms to specify
inter-packet delay. At the moment, Tor does not provide any
padding state machines that are used in normal operation: for now,
this feature exists solely for experimentation. Closes
ticket 28142.
o Major features (refactoring):
- Tor now uses an explicit list of its own subsystems when
initializing and shutting down. Previously, these systems were
managed implicitly in various places throughout the codebase.
(There may still be some subsystems using the old system.) Closes
ticket 28330.
o Major bugfixes (cell scheduler, KIST, security):
- Make KIST consider the outbuf length when computing what it can
put in the outbuf. Previously, KIST acted as though the outbuf
were empty, which could lead to the outbuf becoming too full. It
is possible that an attacker could exploit this bug to cause a Tor
client or relay to run out of memory and crash. Fixes bug 29168;
bugfix on 0.3.2.1-alpha. This issue is also being tracked as
TROVE-2019-001 and CVE-2019-8955.
o Major bugfixes (networking):
- Gracefully handle empty username/password fields in SOCKS5
username/password auth message and allow SOCKS5 handshake to
continue. Previously, we had rejected these handshakes, breaking
certain applications. Fixes bug 29175; bugfix on 0.3.5.1-alpha.
o Major bugfixes (NSS, relay):
- When running with NSS, disable TLS 1.2 ciphersuites that use
SHA384 for their PRF. Due to an NSS bug, the TLS key exporters for
these ciphersuites don't work -- which caused relays to fail to
handshake with one another when these ciphersuites were enabled.
Fixes bug 29241; bugfix on 0.3.5.1-alpha.
o Major bugfixes (windows, startup):
- When reading a consensus file from disk, detect whether it was
written in text mode, and re-read it in text mode if so. Always
write consensus files in binary mode so that we can map them into
memory later. Previously, we had written in text mode, which
confused us when we tried to map the file on windows. Fixes bug
28614; bugfix on 0.4.0.1-alpha.
o Minor features (address selection):
- Treat the subnet 100.64.0.0/10 as public for some purposes;
private for others. This subnet is the RFC 6598 (Carrier Grade
NAT) IP range, and is deployed by many ISPs as an alternative to
RFC 1918 that does not break existing internal networks. Tor now
blocks SOCKS and control ports on these addresses and warns users
if client ports or ExtORPorts are listening on a RFC 6598 address.
Closes ticket 28525. Patch by Neel Chauhan.
o Minor features (bandwidth authority):
- Make bandwidth authorities ignore relays that are reported in the
bandwidth file with the flag "vote=0". This change allows us to
report unmeasured relays for diagnostic reasons without including
their bandwidth in the bandwidth authorities' vote. Closes
ticket 29806.
- When a directory authority is using a bandwidth file to obtain the
bandwidth values that will be included in the next vote, serve
this bandwidth file at /tor/status-vote/next/bandwidth. Closes
ticket 21377.
o Minor features (bootstrap reporting):
- When reporting bootstrap progress, stop distinguishing between
situations where only internal paths are available and situations
where external paths are available. Previously, Tor would often
erroneously report that it had only internal paths. Closes
ticket 27402.
o Minor features (compilation):
- Compile correctly when OpenSSL is built with engine support
disabled, or with deprecated APIs disabled. Closes ticket 29026.
Patches from "Mangix".
o Minor features (continuous integration):
- On Travis Rust builds, cleanup Rust registry and refrain from
caching the "target/" directory to speed up builds. Resolves
issue 29962.
- Log Python version during each Travis CI job. Resolves
issue 28551.
- In Travis, tell timelimit to use stem's backtrace signals, and
launch python directly from timelimit, so python receives the
signals from timelimit, rather than make. Closes ticket 30117.
o Minor features (controller):
- Add a DROPOWNERSHIP command to undo the effects of TAKEOWNERSHIP.
Implements ticket 28843.
o Minor features (developer tooling):
- Check that bugfix versions in changes files look like Tor versions
from the versions spec. Warn when bugfixes claim to be on a future
release. Closes ticket 27761.
- Provide a git pre-commit hook that disallows committing if we have
any failures in our code and changelog formatting checks. It is
now available in scripts/maint/pre-commit.git-hook. Implements
feature 28976.
- Provide a git hook script to prevent "fixup!" and "squash!"
commits from ending up in the master branch, as scripts/main/pre-
push.git-hook. Closes ticket 27993.
o Minor features (diagnostic):
- Add more diagnostic log messages in an attempt to solve the issue
of NUL bytes appearing in a microdescriptor cache. Related to
ticket 28223.
o Minor features (directory authority):
- When a directory authority is using a bandwidth file to obtain
bandwidth values, include the digest of that file in the vote.
Closes ticket 26698.
- Directory authorities support a new consensus algorithm, under
which the family lines in microdescriptors are encoded in a
canonical form. This change makes family lines more compressible
in transit, and on the client. Closes ticket 28266; implements
proposal 298.
o Minor features (directory authority, relay):
- Authorities now vote on a "StaleDesc" flag to indicate that a
relay's descriptor is so old that the relay should upload again
soon. Relays treat this flag as a signal to upload a new
descriptor. This flag will eventually let us remove the
'published' date from routerstatus entries, and make our consensus
diffs much smaller. Closes ticket 26770; implements proposal 293.
o Minor features (dormant mode):
- Add a DormantCanceledByStartup option to tell Tor that it should
treat a startup event as cancelling any previous dormant state.
Integrators should use this option with caution: it should only be
used if Tor is being started because of something that the user
did, and not if Tor is being automatically started in the
background. Closes ticket 29357.
o Minor features (fallback directory mirrors):
- Update the fallback whitelist based on operator opt-ins and opt-
outs. Closes ticket 24805, patch by Phoul.
o Minor features (FreeBSD):
- On FreeBSD-based systems, warn relay operators if the
"net.inet.ip.random_id" sysctl (IP ID randomization) is disabled.
Closes ticket 28518.
o Minor features (geoip):
- Update geoip and geoip6 to the April 2 2019 Maxmind GeoLite2
Country database. Closes ticket 29992.
o Minor features (HTTP standards compliance):
- Stop sending the header "Content-type: application/octet-stream"
along with transparently compressed documents: this confused
browsers. Closes ticket 28100.
o Minor features (IPv6):
- We add an option ClientAutoIPv6ORPort, to make clients randomly
prefer a node's IPv4 or IPv6 ORPort. The random preference is set
every time a node is loaded from a new consensus or bridge config.
We expect that this option will enable clients to bootstrap more
quickly without having to determine whether they support IPv4,
IPv6, or both. Closes ticket 27490. Patch by Neel Chauhan.
- When using addrs_in_same_network_family(), avoid choosing circuit
paths that pass through the same IPv6 subnet more than once.
Previously, we only checked IPv4 subnets. Closes ticket 24393.
Patch by Neel Chauhan.
o Minor features (log messages):
- Improve log message in v3 onion services that could print out
negative revision counters. Closes ticket 27707. Patch
by "ffmancera".
o Minor features (memory usage):
- Save memory by storing microdescriptor family lists with a more
compact representation. Closes ticket 27359.
- Tor clients now use mmap() to read consensus files from disk, so
that they no longer need keep the full text of a consensus in
memory when parsing it or applying a diff. Closes ticket 27244.
o Minor features (NSS, diagnostic):
- Try to log an error from NSS (if there is any) and a more useful
description of our situation if we are using NSS and a call to
SSL_ExportKeyingMaterial() fails. Diagnostic for ticket 29241.
o Minor features (parsing):
- Directory authorities now validate that router descriptors and
ExtraInfo documents are in a valid subset of UTF-8, and reject
them if they are not. Closes ticket 27367.
o Minor features (performance):
- Cache the results of summarize_protocol_flags(), so that we don't
have to parse the same protocol-versions string over and over.
This should save us a huge number of malloc calls on startup, and
may reduce memory fragmentation with some allocators. Closes
ticket 27225.
- Remove a needless memset() call from get_token_arguments, thereby
speeding up the tokenization of directory objects by about 20%.
Closes ticket 28852.
- Replace parse_short_policy() with a faster implementation, to
improve microdescriptor parsing time. Closes ticket 28853.
- Speed up directory parsing a little by avoiding use of the non-
inlined strcmp_len() function. Closes ticket 28856.
- Speed up microdescriptor parsing by about 30%, to help improve
startup time. Closes ticket 28839.
o Minor features (pluggable transports):
- Add support for emitting STATUS updates to Tor's control port from
a pluggable transport process. Closes ticket 28846.
- Add support for logging to Tor's logging subsystem from a
pluggable transport process. Closes ticket 28180.
o Minor features (process management):
- Add a new process API for handling child processes. This new API
allows Tor to have bi-directional communication with child
processes on both Unix and Windows. Closes ticket 28179.
- Use the subsystem manager to initialize and shut down the process
module. Closes ticket 28847.
o Minor features (relay):
- When listing relay families, list them in canonical form including
the relay's own identity, and try to give a more useful set of
warnings. Part of ticket 28266 and proposal 298.
o Minor features (required protocols):
- Before exiting because of a missing required protocol, Tor will
now check the publication time of the consensus, and not exit
unless the consensus is newer than the Tor program's own release
date. Previously, Tor would not check the consensus publication
time, and so might exit because of a missing protocol that might
no longer be required in a current consensus. Implements proposal
297; closes ticket 27735.
o Minor features (testing):
- Treat all unexpected ERR and BUG messages as test failures. Closes
ticket 28668.
- Allow a HeartbeatPeriod of less than 30 minutes in testing Tor
networks. Closes ticket 28840. Patch by Rob Jansen.
- Use the approx_time() function when setting the "Expires" header
in directory replies, to make them more testable. Needed for
ticket 30001.
o Minor bugfixes (security):
- Fix a potential double free bug when reading huge bandwidth files.
The issue is not exploitable in the current Tor network because
the vulnerable code is only reached when directory authorities
read bandwidth files, but bandwidth files come from a trusted
source (usually the authorities themselves). Furthermore, the
issue is only exploitable in rare (non-POSIX) 32-bit architectures,
which are not used by any of the current authorities. Fixes bug
30040; bugfix on 0.3.5.1-alpha. Bug found and fixed by
Tobias Stoeckmann.
- Verify in more places that we are not about to create a buffer
with more than INT_MAX bytes, to avoid possible OOB access in the
event of bugs. Fixes bug 30041; bugfix on 0.2.0.16. Found and
fixed by Tobias Stoeckmann.
o Minor bugfix (continuous integration):
- Reset coverage state on disk after Travis CI has finished. This
should prevent future coverage merge errors from causing the test
suite for the "process" subsystem to fail. The process subsystem
was introduced in 0.4.0.1-alpha. Fixes bug 29036; bugfix
on 0.2.9.15.
- Terminate test-stem if it takes more than 9.5 minutes to run.
(Travis terminates the job after 10 minutes of no output.)
Diagnostic for 29437. Fixes bug 30011; bugfix on 0.3.5.4-alpha.
o Minor bugfixes (build, compatibility, rust):
- Update Cargo.lock file to match the version made by the latest
version of Rust, so that "make distcheck" will pass again. Fixes
bug 29244; bugfix on 0.3.3.4-alpha.
o Minor bugfixes (C correctness):
- Fix an unlikely memory leak in consensus_diff_apply(). Fixes bug
29824; bugfix on 0.3.1.1-alpha. This is Coverity warning
CID 1444119.
o Minor bugfixes (client, clock skew):
- Bootstrap successfully even when Tor's clock is behind the clocks
on the authorities. Fixes bug 28591; bugfix on 0.2.0.9-alpha.
- Select guards even if the consensus has expired, as long as the
consensus is still reasonably live. Fixes bug 24661; bugfix
on 0.3.0.1-alpha.
o Minor bugfixes (compilation):
- Fix compilation warnings in test_circuitpadding.c. Fixes bug
29169; bugfix on 0.4.0.1-alpha.
- Silence a compiler warning in test-memwipe.c on OpenBSD. Fixes bug
29145; bugfix on 0.2.9.3-alpha. Patch from Kris Katterjohn.
- Compile correctly on OpenBSD; previously, we were missing some
headers required in order to detect it properly. Fixes bug 28938;
bugfix on 0.3.5.1-alpha. Patch from Kris Katterjohn.
o Minor bugfixes (directory clients):
- Mark outdated dirservers when Tor only has a reasonably live
consensus. Fixes bug 28569; bugfix on 0.3.2.5-alpha.
o Minor bugfixes (directory mirrors):
- Even when a directory mirror's clock is behind the clocks on the
authorities, we now allow the mirror to serve "future"
consensuses. Fixes bug 28654; bugfix on 0.3.0.1-alpha.
o Minor bugfixes (DNS):
- Gracefully handle an empty or absent resolve.conf file by falling
back to using "localhost" as a DNS server (and hoping it works).
Previously, we would just stop running as an exit. Fixes bug
21900; bugfix on 0.2.1.10-alpha.
o Minor bugfixes (documentation):
- Describe the contents of the v3 onion service client authorization
files correctly: They hold public keys, not private keys. Fixes
bug 28979; bugfix on 0.3.5.1-alpha. Spotted by "Felixix".
o Minor bugfixes (guards):
- In count_acceptable_nodes(), the minimum number is now one bridge
or guard node, and two non-guard nodes for a circuit. Previously,
we had added up the sum of all nodes with a descriptor, but that
could cause us to build failing circuits when we had either too
many bridges or not enough guard nodes. Fixes bug 25885; bugfix on
0.3.6.1-alpha. Patch by Neel Chauhan.
o Minor bugfixes (IPv6):
- Fix tor_ersatz_socketpair on IPv6-only systems. Previously, the
IPv6 socket was bound using an address family of AF_INET instead
of AF_INET6. Fixes bug 28995; bugfix on 0.3.5.1-alpha. Patch from
Kris Katterjohn.
o Minor bugfixes (linux seccomp sandbox):
- Fix startup crash when experimental sandbox support is enabled.
Fixes bug 29150; bugfix on 0.4.0.1-alpha. Patch by Peter Gerber.
o Minor bugfixes (logging):
- Correct a misleading error message when IPv4Only or IPv6Only is
used but the resolved address can not be interpreted as an address
of the specified IP version. Fixes bug 13221; bugfix on
0.2.3.9-alpha. Patch from Kris Katterjohn.
- Log the correct port number for listening sockets when "auto" is
used to let Tor pick the port number. Previously, port 0 was
logged instead of the actual port number. Fixes bug 29144; bugfix
on 0.3.5.1-alpha. Patch from Kris Katterjohn.
- Stop logging a BUG() warning when Tor is waiting for exit
descriptors. Fixes bug 28656; bugfix on 0.3.5.1-alpha.
- Avoid logging that we are relaxing a circuit timeout when that
timeout is fixed. Fixes bug 28698; bugfix on 0.2.4.7-alpha.
- Log more information at "warning" level when unable to read a
private key; log more information at "info" level when unable to
read a public key. We had warnings here before, but they were lost
during our NSS work. Fixes bug 29042; bugfix on 0.3.5.1-alpha.
- Rework rep_hist_log_link_protocol_counts() to iterate through all
link protocol versions when logging incoming/outgoing connection
counts. Tor no longer skips version 5, and we won't have to
remember to update this function when new link protocol version is
developed. Fixes bug 28920; bugfix on 0.2.6.10.
o Minor bugfixes (memory management):
- Refactor the shared random state's memory management so that it
actually takes ownership of the shared random value pointers.
Fixes bug 29706; bugfix on 0.2.9.1-alpha.
- Stop leaking parts of the shared random state in the shared-random
unit tests. Fixes bug 29599; bugfix on 0.2.9.1-alpha.
o Minor bugfixes (misc):
- The amount of total available physical memory is now determined
using the sysctl identifier HW_PHYSMEM (rather than HW_USERMEM)
when it is defined and a 64-bit variant is not available. Fixes
bug 28981; bugfix on 0.2.5.4-alpha. Patch from Kris Katterjohn.
o Minor bugfixes (networking):
- Introduce additional checks into tor_addr_parse() to reject
certain incorrect inputs that previously were not detected. Fixes
bug 23082; bugfix on 0.2.0.10-alpha.
o Minor bugfixes (onion service v3, client):
- Stop logging a "BUG()" warning and stacktrace when we find a SOCKS
connection waiting for a descriptor that we actually have in the
cache. It turns out that this can actually happen, though it is
rare. Now, tor will recover and retry the descriptor. Fixes bug
28669; bugfix on 0.3.2.4-alpha.
o Minor bugfixes (onion services):
- Avoid crashing if ClientOnionAuthDir (incorrectly) contains more
than one private key for a hidden service. Fixes bug 29040; bugfix
on 0.3.5.1-alpha.
- In hs_cache_store_as_client() log an HSDesc we failed to parse at
"debug" level. Tor used to log it as a warning, which caused very
long log lines to appear for some users. Fixes bug 29135; bugfix
on 0.3.2.1-alpha.
- Stop logging "Tried to establish rendezvous on non-OR circuit..."
as a warning. Instead, log it as a protocol warning, because there
is nothing that relay operators can do to fix it. Fixes bug 29029;
bugfix on 0.2.5.7-rc.
o Minor bugfixes (periodic events):
- Refrain from calling routerlist_remove_old_routers() from
check_descriptor_callback(). Instead, create a new hourly periodic
event. Fixes bug 27929; bugfix on 0.2.8.1-alpha.
o Minor bugfixes (pluggable transports):
- Make sure that data is continously read from standard output and
standard error pipes of a pluggable transport child-process, to
avoid deadlocking when a pipe's buffer is full. Fixes bug 26360;
bugfix on 0.2.3.6-alpha.
o Minor bugfixes (rust):
- Abort on panic in all build profiles, instead of potentially
unwinding into C code. Fixes bug 27199; bugfix on 0.3.3.1-alpha.
o Minor bugfixes (scheduler):
- When re-adding channels to the pending list, check the correct
channel's sched_heap_idx. This issue has had no effect in mainline
Tor, but could have led to bugs down the road in improved versions
of our circuit scheduling code. Fixes bug 29508; bugfix
on 0.3.2.10.
o Minor bugfixes (shellcheck):
- Look for scripts in their correct locations during "make
shellcheck". Previously we had looked in the wrong place during
out-of-tree builds. Fixes bug 30263; bugfix on 0.4.0.1-alpha.
o Minor bugfixes (single onion services):
- Allow connections to single onion services to remain idle without
being disconnected. Previously, relays acting as rendezvous points
for single onion services were mistakenly closing idle rendezvous
circuits after 60 seconds, thinking that they were unused
directory-fetching circuits that had served their purpose. Fixes
bug 29665; bugfix on 0.2.1.26.
o Minor bugfixes (stats):
- When ExtraInfoStatistics is 0, stop including PaddingStatistics in
relay and bridge extra-info documents. Fixes bug 29017; bugfix
on 0.3.1.1-alpha.
o Minor bugfixes (testing):
- Backport the 0.3.4 src/test/test-network.sh to 0.2.9. We need a
recent test-network.sh to use new chutney features in CI. Fixes
bug 29703; bugfix on 0.2.9.1-alpha.
- Fix a test failure on Windows caused by an unexpected "BUG"
warning in our tests for tor_gmtime_r(-1). Fixes bug 29922; bugfix
on 0.2.9.3-alpha.
- Downgrade some LOG_ERR messages in the address/* tests to
warnings. The LOG_ERR messages were occurring when we had no
configured network. We were failing the unit tests, because we
backported 28668 to 0.3.5.8, but did not backport 29530. Fixes bug
29530; bugfix on 0.3.5.8.
- Fix our gcov wrapper script to look for object files at the
correct locations. Fixes bug 29435; bugfix on 0.3.5.1-alpha.
- Decrease the false positive rate of stochastic probability
distribution tests. Fixes bug 29693; bugfix on 0.4.0.1-alpha.
- Fix intermittent failures on an adaptive padding test. Fixes one
case of bug 29122; bugfix on 0.4.0.1-alpha.
- Disable an unstable circuit-padding test that was failing
intermittently because of an ill-defined small histogram. Such
histograms will be allowed again after 29298 is implemented. Fixes
a second case of bug 29122; bugfix on 0.4.0.1-alpha.
- Detect and suppress "bug" warnings from the util/time test on
Windows. Fixes bug 29161; bugfix on 0.2.9.3-alpha.
- Do not log an error-level message if we fail to find an IPv6
network interface from the unit tests. Fixes bug 29160; bugfix
on 0.2.7.3-rc.
- Instead of relying on hs_free_all() to clean up all onion service
objects in test_build_descriptors(), we now deallocate them one by
one. This lets Coverity know that we are not leaking memory there
and fixes CID 1442277. Fixes bug 28989; bugfix on 0.3.5.1-alpha.
- Check the time in the "Expires" header using approx_time(). Fixes
bug 30001; bugfix on 0.4.0.4-rc.
o Minor bugfixes (TLS protocol):
- When classifying a client's selection of TLS ciphers, if the
client ciphers are not yet available, do not cache the result.
Previously, we had cached the unavailability of the cipher list
and never looked again, which in turn led us to assume that the
client only supported the ancient V1 link protocol. This, in turn,
was causing Stem integration tests to stall in some cases. Fixes
bug 30021; bugfix on 0.2.4.8-alpha.
o Minor bugfixes (UI):
- Lower log level of unlink() errors during bootstrap. Fixes bug
29930; bugfix on 0.4.0.1-alpha.
o Minor bugfixes (usability):
- Stop saying "Your Guard ..." in pathbias_measure_{use,close}_rate().
Some users took this phrasing to mean that the mentioned guard was
under their control or responsibility, which it is not. Fixes bug
28895; bugfix on Tor 0.3.0.1-alpha.
o Minor bugfixes (Windows, CI):
- Skip the Appveyor 32-bit Windows Server 2016 job, and 64-bit
Windows Server 2012 R2 job. The remaining 2 jobs still provide
coverage of 64/32-bit, and Windows Server 2016/2012 R2. Also set
fast_finish, so failed jobs terminate the build immediately. Fixes
bug 29601; bugfix on 0.3.5.4-alpha.
o Code simplification and refactoring:
- Introduce a connection_dir_buf_add() helper function that detects
whether compression is in use, and adds a string accordingly.
Resolves issue 28816.
- Refactor handle_get_next_bandwidth() to use
connection_dir_buf_add(). Implements ticket 29897.
- Reimplement NETINFO cell parsing and generation to rely on
trunnel-generated wire format handling code. Closes ticket 27325.
- Remove unnecessary unsafe code from the Rust macro "cstr!". Closes
ticket 28077.
- Rework SOCKS wire format handling to rely on trunnel-generated
parsing/generation code. Resolves ticket 27620.
- Split out bootstrap progress reporting from control.c into a
separate file. Part of ticket 27402.
- The .may_include files that we use to describe our directory-by-
directory dependency structure now describe a noncircular
dependency graph over the directories that they cover. Our
checkIncludes.py tool now enforces this noncircularity. Closes
ticket 28362.
o Documentation:
- Clarify that Tor performs stream isolation among *Port listeners
by default. Resolves issue 29121.
- In the manpage entry describing MapAddress torrc setting, use
example IP addresses from ranges specified for use in documentation
by RFC 5737. Resolves issue 28623.
- Mention that you cannot add a new onion service if Tor is already
running with Sandbox enabled. Closes ticket 28560.
- Improve ControlPort documentation. Mention that it accepts
address:port pairs, and can be used multiple times. Closes
ticket 28805.
- Document the exact output of "tor --version". Closes ticket 28889.
o Removed features:
- Remove the old check-tor script. Resolves issue 29072.
- Stop responding to the 'GETINFO status/version/num-concurring' and
'GETINFO status/version/num-versioning' control port commands, as
those were deprecated back in 0.2.0.30. Also stop listing them in
output of 'GETINFO info/names'. Resolves ticket 28757.
- The scripts used to generate and maintain the list of fallback
directories have been extracted into a new "fallback-scripts"
repository. Closes ticket 27914.
o Testing:
- Run shellcheck for scripts in the in scripts/ directory. Closes
ticket 28058.
- Add unit tests for tokenize_string() and get_next_token()
functions. Resolves ticket 27625.
o Code simplification and refactoring (onion service v3):
- Consolidate the authorized client descriptor cookie computation
code from client and service into one function. Closes
ticket 27549.
o Code simplification and refactoring (shell scripts):
- Cleanup scan-build.sh to silence shellcheck warnings. Closes
ticket 28007.
- Fix issues that shellcheck found in chutney-git-bisect.sh.
Resolves ticket 28006.
- Fix issues that shellcheck found in updateRustDependencies.sh.
Resolves ticket 28012.
- Fix shellcheck warnings in cov-diff script. Resolves issue 28009.
- Fix shellcheck warnings in run_calltool.sh. Resolves ticket 28011.
- Fix shellcheck warnings in run_trunnel.sh. Resolves issue 28010.
- Fix shellcheck warnings in scripts/test/coverage. Resolves
issue 28008.
Changes in version 0.3.5.8 - 2019-02-21
Tor 0.3.5.8 backports several fixes from later releases, including fixes
for an annoying SOCKS-parsing bug that affected users in earlier 0.3.5.x
releases.
It also includes a fix for a medium-severity security bug affecting Tor
0.3.2.1-alpha and later. All Tor instances running an affected release
should upgrade to 0.3.3.12, 0.3.4.11, 0.3.5.8, or 0.4.0.2-alpha.
o Major bugfixes (cell scheduler, KIST, security):
- Make KIST consider the outbuf length when computing what it can
put in the outbuf. Previously, KIST acted as though the outbuf
were empty, which could lead to the outbuf becoming too full. It
is possible that an attacker could exploit this bug to cause a Tor
client or relay to run out of memory and crash. Fixes bug 29168;
bugfix on 0.3.2.1-alpha. This issue is also being tracked as
TROVE-2019-001 and CVE-2019-8955.
o Major bugfixes (networking, backport from 0.4.0.2-alpha):
- Gracefully handle empty username/password fields in SOCKS5
username/password auth messsage and allow SOCKS5 handshake to
continue. Previously, we had rejected these handshakes, breaking
certain applications. Fixes bug 29175; bugfix on 0.3.5.1-alpha.
o Minor features (compilation, backport from 0.4.0.2-alpha):
- Compile correctly when OpenSSL is built with engine support
disabled, or with deprecated APIs disabled. Closes ticket 29026.
Patches from "Mangix".
o Minor features (geoip):
- Update geoip and geoip6 to the February 5 2019 Maxmind GeoLite2
Country database. Closes ticket 29478.
o Minor features (testing, backport from 0.4.0.2-alpha):
- Treat all unexpected ERR and BUG messages as test failures. Closes
ticket 28668.
o Minor bugfixes (onion service v3, client, backport from 0.4.0.1-alpha):
- Stop logging a "BUG()" warning and stacktrace when we find a SOCKS
connection waiting for a descriptor that we actually have in the
cache. It turns out that this can actually happen, though it is
rare. Now, tor will recover and retry the descriptor. Fixes bug
28669; bugfix on 0.3.2.4-alpha.
o Minor bugfixes (IPv6, backport from 0.4.0.1-alpha):
- Fix tor_ersatz_socketpair on IPv6-only systems. Previously, the
IPv6 socket was bound using an address family of AF_INET instead
of AF_INET6. Fixes bug 28995; bugfix on 0.3.5.1-alpha. Patch from
Kris Katterjohn.
o Minor bugfixes (build, compatibility, rust, backport from 0.4.0.2-alpha):
- Update Cargo.lock file to match the version made by the latest
version of Rust, so that "make distcheck" will pass again. Fixes
bug 29244; bugfix on 0.3.3.4-alpha.
o Minor bugfixes (client, clock skew, backport from 0.4.0.1-alpha):
- Select guards even if the consensus has expired, as long as the
consensus is still reasonably live. Fixes bug 24661; bugfix
on 0.3.0.1-alpha.
o Minor bugfixes (compilation, backport from 0.4.0.1-alpha):
- Compile correctly on OpenBSD; previously, we were missing some
headers required in order to detect it properly. Fixes bug 28938;
bugfix on 0.3.5.1-alpha. Patch from Kris Katterjohn.
o Minor bugfixes (documentation, backport from 0.4.0.2-alpha):
- Describe the contents of the v3 onion service client authorization
files correctly: They hold public keys, not private keys. Fixes
bug 28979; bugfix on 0.3.5.1-alpha. Spotted by "Felixix".
o Minor bugfixes (logging, backport from 0.4.0.1-alpha):
- Rework rep_hist_log_link_protocol_counts() to iterate through all
link protocol versions when logging incoming/outgoing connection
counts. Tor no longer skips version 5, and we won't have to
remember to update this function when new link protocol version is
developed. Fixes bug 28920; bugfix on 0.2.6.10.
o Minor bugfixes (logging, backport from 0.4.0.2-alpha):
- Log more information at "warning" level when unable to read a
private key; log more information at "info" level when unable to
read a public key. We had warnings here before, but they were lost
during our NSS work. Fixes bug 29042; bugfix on 0.3.5.1-alpha.
o Minor bugfixes (misc, backport from 0.4.0.2-alpha):
- The amount of total available physical memory is now determined
using the sysctl identifier HW_PHYSMEM (rather than HW_USERMEM)
when it is defined and a 64-bit variant is not available. Fixes
bug 28981; bugfix on 0.2.5.4-alpha. Patch from Kris Katterjohn.
o Minor bugfixes (onion services, backport from 0.4.0.2-alpha):
- Avoid crashing if ClientOnionAuthDir (incorrectly) contains more
than one private key for a hidden service. Fixes bug 29040; bugfix
on 0.3.5.1-alpha.
- In hs_cache_store_as_client() log an HSDesc we failed to parse at
"debug" level. Tor used to log it as a warning, which caused very
long log lines to appear for some users. Fixes bug 29135; bugfix
on 0.3.2.1-alpha.
- Stop logging "Tried to establish rendezvous on non-OR circuit..."
as a warning. Instead, log it as a protocol warning, because there
is nothing that relay operators can do to fix it. Fixes bug 29029;
bugfix on 0.2.5.7-rc.
o Minor bugfixes (tests, directory clients, backport from 0.4.0.1-alpha):
- Mark outdated dirservers when Tor only has a reasonably live
consensus. Fixes bug 28569; bugfix on 0.3.2.5-alpha.
o Minor bugfixes (tests, backport from 0.4.0.2-alpha):
- Detect and suppress "bug" warnings from the util/time test on
Windows. Fixes bug 29161; bugfix on 0.2.9.3-alpha.
- Do not log an error-level message if we fail to find an IPv6
network interface from the unit tests. Fixes bug 29160; bugfix
on 0.2.7.3-rc.
o Minor bugfixes (usability, backport from 0.4.0.1-alpha):
- Stop saying "Your Guard ..." in pathbias_measure_{use,close}_rate().
Some users took this phrasing to mean that the mentioned guard was
under their control or responsibility, which it is not. Fixes bug
28895; bugfix on Tor 0.3.0.1-alpha.
Changes in version 0.3.4.11 - 2019-02-21
Tor 0.3.4.11 is the third stable release in its series. It includes
a fix for a medium-severity security bug affecting Tor 0.3.2.1-alpha and
later. All Tor instances running an affected release should upgrade to
0.3.3.12, 0.3.4.11, 0.3.5.8, or 0.4.0.2-alpha.
o Major bugfixes (cell scheduler, KIST, security):
- Make KIST consider the outbuf length when computing what it can
put in the outbuf. Previously, KIST acted as though the outbuf
were empty, which could lead to the outbuf becoming too full. It
is possible that an attacker could exploit this bug to cause a Tor
client or relay to run out of memory and crash. Fixes bug 29168;
bugfix on 0.3.2.1-alpha. This issue is also being tracked as
TROVE-2019-001 and CVE-2019-8955.
o Minor features (geoip):
- Update geoip and geoip6 to the February 5 2019 Maxmind GeoLite2
Country database. Closes ticket 29478.
o Minor bugfixes (build, compatibility, rust, backport from 0.4.0.2-alpha):
- Update Cargo.lock file to match the version made by the latest
version of Rust, so that "make distcheck" will pass again. Fixes
bug 29244; bugfix on 0.3.3.4-alpha.
o Minor bugfixes (onion services, backport from 0.4.0.2-alpha):
- Stop logging "Tried to establish rendezvous on non-OR circuit..."
as a warning. Instead, log it as a protocol warning, because there
is nothing that relay operators can do to fix it. Fixes bug 29029;
bugfix on 0.2.5.7-rc.
Changes in version 0.3.3.12 - 2019-02-21
Tor 0.3.3.12 fixes a medium-severity security bug affecting Tor
0.3.2.1-alpha and later. All Tor instances running an affected release
should upgrade to 0.3.3.12, 0.3.4.11, 0.3.5.8, or 0.4.0.2-alpha.
This release marks the end of support for the Tor 0.3.3.x series. We
recommend that users switch to either the Tor 0.3.4 series (supported
until at least 10 June 2019), or the Tor 0.3.5 series, which will
receive long-term support until at least 1 Feb 2022.
o Major bugfixes (cell scheduler, KIST, security):
- Make KIST consider the outbuf length when computing what it can
put in the outbuf. Previously, KIST acted as though the outbuf
were empty, which could lead to the outbuf becoming too full. It
is possible that an attacker could exploit this bug to cause a Tor
client or relay to run out of memory and crash. Fixes bug 29168;
bugfix on 0.3.2.1-alpha. This issue is also being tracked as
TROVE-2019-001 and CVE-2019-8955.
o Minor features (geoip):
- Update geoip and geoip6 to the February 5 2019 Maxmind GeoLite2
Country database. Closes ticket 29478.
o Minor bugfixes (build, compatibility, rust, backport from 0.4.0.2-alpha):
- Update Cargo.lock file to match the version made by the latest
version of Rust, so that "make distcheck" will pass again. Fixes
bug 29244; bugfix on 0.3.3.4-alpha.
o Minor bugfixes (onion services, backport from 0.4.0.2-alpha):
- Stop logging "Tried to establish rendezvous on non-OR circuit..."
as a warning. Instead, log it as a protocol warning, because there
is nothing that relay operators can do to fix it. Fixes bug 29029;
bugfix on 0.2.5.7-rc.
Changes in version 0.3.3.11 - 2019-01-07
Tor 0.3.3.11 backports numerous fixes from later versions of Tor.
numerous fixes, including an important fix for anyone using OpenSSL

5
autogen.sh
View File

@ -1,9 +1,9 @@
#!/bin/sh
if [ -x "`which autoreconf 2>/dev/null`" ] ; then
if command -v autoreconf; then
opt="-i -f -W all,error"
for i in $@; do
for i in "$@"; do
case "$i" in
-v)
opt="${opt} -v"
@ -11,6 +11,7 @@ if [ -x "`which autoreconf 2>/dev/null`" ] ; then
esac
done
# shellcheck disable=SC2086
exec autoreconf $opt
fi

4
changes/29241_diagnostic
View File

@ -1,4 +0,0 @@
o Minor features (NSS, diagnostic):
- Try to log an error from NSS (if there is any) and a more useful
description of our situation if we are using NSS and a call to
SSL_ExportKeyingMaterial() fails. Diagnostic for ticket 29241.

5
changes/bug13221
View File

@ -1,5 +0,0 @@
o Minor bugfixes (logging):
- Correct a misleading error message when IPv4Only or IPv6Only
is used but the resolved address can not be interpreted as an
address of the specified IP version. Fixes bug 13221; bugfix
on 0.2.3.9-alpha. Patch from Kris Katterjohn.

3
changes/bug22619 Normal file
View File

@ -0,0 +1,3 @@
o Minor bugfixes (circuit isolation):
- Fix a logic error that prevented the SessionGroup sub-option from
being accepted. Fixes bug 22619; bugfix on 0.2.7.2-alpha.

5
changes/bug23507 Normal file
View File

@ -0,0 +1,5 @@
o Minor bugfixes (v3 single onion services):
- Make v3 single onion services fall back to a 3-hop intro, when there
all intro points are unreachable via a 1-hop path. Previously, v3
single onion services failed when all intro nodes were unreachable
via a 1-hop path. Fixes bug 23507; bugfix on 0.3.2.1-alpha.

6
changes/bug23818_v2 Normal file
View File

@ -0,0 +1,6 @@
o Minor bugfixes (v2 single onion services):
- Always retry v2 single onion service intro and rend circuits with a
3-hop path. Previously, v2 single onion services used a 3-hop path
when rend circuits were retried after a remote or delayed failure,
but a 1-hop path for immediate retries. Fixes bug 23818;
bugfix on 0.2.9.3-alpha.

6
changes/bug23818_v3 Normal file
View File

@ -0,0 +1,6 @@
o Minor bugfixes (v3 single onion services):
- Always retry v3 single onion service intro and rend circuits with a
3-hop path. Previously, v3 single onion services used a 3-hop path
when rend circuits were retried after a remote or delayed failure,
but a 1-hop path for immediate retries. Fixes bug 23818;
bugfix on 0.3.2.1-alpha.

3
changes/bug27199
View File

@ -1,3 +0,0 @@
o Minor bugfixes (rust):
- Abort on panic in all build profiles, instead of potentially unwinding
into C code. Fixes bug 27199; bugfix on 0.3.3.1-alpha.

7
changes/bug28525
View File

@ -1,7 +0,0 @@
o Minor features (address selection):
- Make Tor aware of the RFC 6598 (Carrier Grade NAT) IP range, which is the
subnet 100.64.0.0/10. This is deployed by many ISPs as an alternative to
RFC 1918 that does not break existing internal networks. This patch fixes
security issues caused by RFC 6518 by blocking control ports on these
addresses and warns users if client ports or ExtORPorts are listening on
a RFC 6598 address. Closes ticket 28525. Patch by Neel Chauhan.

6
changes/bug28614_better_logging
View File

@ -1,6 +0,0 @@
o Minor bugfixes (logging):
- On Windows, when errors cause us to reload a consensus from disk, tell
the user that we are retrying at log level "notice". Previously we only
logged this information at "info", which was confusing because the
errors themselves were logged at "warning". Improves previous fix for
28614. Fixes bug 30004; bugfix on 0.4.0.2-alpha.

3
changes/bug28656
View File

@ -1,3 +0,0 @@
o Minor bugfixes (logging):
- Stop logging a BUG() warning when tor is waiting for exit descriptors.
Fixes bug 28656; bugfix on 0.3.5.1-alpha.

3
changes/bug28698
View File

@ -1,3 +0,0 @@
o Minor bugfix (logging):
- Avoid logging about relaxing circuits when their time is fixed.
Fixes bug 28698; bugfix on 0.2.4.7-alpha

4
changes/bug28925
View File

@ -1,4 +0,0 @@
o Minor bugfixes (bootstrap reporting):
- During bootstrap reporting, correctly distinguish pluggable
transports from plain proxies. Fixes bug 28925; bugfix on
0.4.0.1-alpha.

4
changes/bug28979
View File

@ -1,4 +0,0 @@
o Minor bugfixes (documentation):
- Describe the contents of the v3 onion service client authorization
files correctly: They hold public keys, not private keys. Fixes bug
28979; bugfix on 0.3.5.1-alpha. Spotted by "Felixix".

5
changes/bug28981
View File

@ -1,5 +0,0 @@
o Minor bugfixes (misc):
- The amount of total available physical memory is now determined
using the sysctl identifier HW_PHYSMEM (rather than HW_USERMEM)
when it is defined and a 64-bit variant is not available. Fixes
bug 28981; bugfix on 0.2.5.4-alpha. Patch from Kris Katterjohn.

4
changes/bug29017
View File

@ -1,4 +0,0 @@
o Minor bugfixes (stats):
- When ExtraInfoStatistics is 0, stop including PaddingStatistics in
relay and bridge extra-info documents. Fixes bug 29017;
bugfix on 0.3.1.1-alpha.

5
changes/bug29029
View File

@ -1,5 +0,0 @@
o Minor bugfixes (logging, onion services):
- Stop logging "Tried to establish rendezvous on non-OR circuit..." as
a warning. Instead, log it as a protocol warning, because there is
nothing that relay operators can do to fix it. Fixes bug 29029;
bugfix on 0.2.5.7-rc.

5
changes/bug29034 Normal file
View File

@ -0,0 +1,5 @@
o Major bugfixes (Onion service reachability):
- Properly clean up the introduction point map when circuits change purpose
from onion service circuits to pathbias, measurement, or other circuit types.
This should fix some service-side instances of introduction point failure.
Fixes bug 29034; bugfix on 0.3.2.1-alpha.

5
changes/bug29036
View File

@ -1,5 +0,0 @@
o Minor bugfix (continuous integration):
- Reset coverage state on disk after Travis CI has finished. This is being
done to prevent future gcda file merge errors which causes the test suite
for the process subsystem to fail. The process subsystem was introduced
in 0.4.0.1-alpha. Fixes bug 29036; bugfix on 0.2.9.15.

4
changes/bug29040
View File

@ -1,4 +0,0 @@
o Minor bugfixes (onion services):
- Avoid crashing if ClientOnionAuthDir (incorrectly) contains
more than one private key for a hidden service. Fixes bug 29040;
bugfix on 0.3.5.1-alpha.

5
changes/bug29042
View File

@ -1,5 +0,0 @@
o Minor bugfixes (logging):
- Log more information at "warning" level when unable to read a private
key; log more information ad "info" level when unable to read a public
key. We had warnings here before, but they were lost during our
NSS work. Fixes bug 29042; bugfix on 0.3.5.1-alpha.

3
changes/bug29122
View File

@ -1,3 +0,0 @@
o Minor bugfixes (unit tests):
- Fix intermittent failures on an adaptive padding unittest. Fixes bug
29122; bugfix on 0.4.0.1-alpha

5
changes/bug29135
View File

@ -1,5 +0,0 @@
o Minor bugfixes (onion services, logging):
- In hs_cache_store_as_client() log an HSDesc we failed to parse at Debug
loglevel. Tor used to log it at Warning loglevel, which caused
very long log lines to appear for some users. Fixes bug 29135; bugfix on
0.3.2.1-alpha.

5
changes/bug29144
View File

@ -1,5 +0,0 @@
o Minor bugfixes (logging):
- Log the correct port number for listening sockets when "auto" is
used to let Tor pick the port number. Previously, port 0 was
logged instead of the actual port number. Fixes bug 29144;
bugfix on 0.3.5.1-alpha. Patch from Kris Katterjohn.

3
changes/bug29145
View File

@ -1,3 +0,0 @@
o Minor bugfixes (compilation, testing):
- Silence a compiler warning in test-memwipe.c on OpenBSD. Fixes
bug 29145; bugfix on 0.2.9.3-alpha. Patch from Kris Katterjohn.

3
changes/bug29150
View File

@ -1,3 +0,0 @@
o Minor bugfixes (linux seccomp sandbox):
- Fix startup crash when experimental sandbox support is enabled.
Fixes bug 29150; bugfix on 0.4.0.1-alpha. Patch by Peter Gerber.

3
changes/bug29161
View File

@ -1,3 +0,0 @@
o Minor bugfixes (tests):
- Detect and suppress "bug" warnings from the util/time test on Windows.
Fixes bug 29161; bugfix on 0.2.9.3-alpha.

3
changes/bug29169
View File

@ -1,3 +0,0 @@
o Minor bugfixes (compilation):
- Fix compilation warnings in test_circuitpadding.c. Fixes bug 29169;
bugfix on 0.4.0.1-alpha.

4
changes/bug29175_035
View File

@ -1,4 +0,0 @@
o Major bugfixes (networking):
- Gracefully handle empty username/password fields in SOCKS5
username/password auth messsage and allow SOCKS5 handshake to
continue. Fixes bug 29175; bugfix on 0.3.5.1-alpha.

4
changes/bug29204
View File

@ -1,4 +0,0 @@
o Minor bugfixes (circuitpadding):
- Inspect circuit-level cell queue before sending padding, to avoid
sending padding while too much data is queued. Fixes bug 29204;
bugfix on 0.4.0.1-alpha.

6
changes/bug29241
View File

@ -1,6 +0,0 @@
o Major bugfixes (NSS, relay):
- When running with NSS, disable TLS 1.2 ciphersuites that use SHA384
for their PRF. Due to an NSS bug, the TLS key exporters for these
ciphersuites don't work -- which caused relays to fail to handshake
with one another when these ciphersuites were enabled.
Fixes bug 29241; bugfix on 0.3.5.1-alpha.

4
changes/bug29244
View File

@ -1,4 +0,0 @@
o Minor bugfixes (build, compatibility):
- Update Cargo.lock file to match the version made by the latest
version of Rust, so that "make distcheck" will pass again.
Fixes bug 29244; bugfix on 0.3.3.4-alpha.

5
changes/bug29298
View File

@ -1,5 +0,0 @@
o Minor bugfixes (testing, circuit padding):
- Disabled unstable circuit padding unittest that was causing intermittent
test failures because of ill-defined small histogram. Such histograms
will be allowed again after 29298 is implemented. Fixes second case of
bug 29122; bugfix on 0.4.0.1-alpha.

3
changes/bug29500
View File

@ -1,3 +0,0 @@
o Minor bugfixes (circuitpadding testing):
- Minor tweaks to avoid very rare test failures related to timers and
monotime. Fixes bug 29500; bugfix on 0.4.0.1-alpha

3
changes/bug29508
View File

@ -1,3 +0,0 @@
o Minor bugfixes (scheduler):
- When readding channels to the pending list, check the correct channel's
sched_heap_idx. Fixes bug 29508; bugfix on 0.3.2.10

5
changes/bug29527
View File

@ -1,5 +0,0 @@
o Minor features (circuit padding):
- Stop warning about undefined behavior in the probability distribution
tests. Float division by zero may technically be undefined behaviour in
C, but it's well-defined in IEEE 754. Partial backport of 29298.
Closes ticket 29527; bugfix on 0.4.0.1-alpha.

5
changes/bug29530_035
View File

@ -1,5 +0,0 @@
o Minor bugfixes (testing):
- Downgrade some LOG_ERR messages in the address/* tests to warnings.
The LOG_ERR messages were occurring when we had no configured network.
We were failing the unit tests, because we backported 28668 to 0.3.5.8,
but did not backport 29530. Fixes bug 29530; bugfix on 0.3.5.8.

4
changes/bug29562
View File

@ -1,4 +0,0 @@
o Minor bugfixes (pluggable transports):
- Fix an assertion failure crash bug when a pluggable transport process is
terminated during the bootstrap phase. Fixes bug 29562; bugfix on
0.4.0.1-alpha.

3
changes/bug29599
View File

@ -1,3 +0,0 @@
o Minor bugfixes (memory management, testing):
- Stop leaking parts of the shared random state in the shared-random unit
tests. Fixes bug 29599; bugfix on 0.2.9.1-alpha.

6
changes/bug29601
View File

@ -1,6 +0,0 @@
o Minor bugfixes (Windows, CI):
- Skip the Appveyor 32-bit Windows Server 2016 job, and 64-bit Windows
Server 2012 R2 job. The remaining 2 jobs still provide coverage of
64/32-bit, and Windows Server 2016/2012 R2. Also set fast_finish, so
failed jobs terminate the build immediately.
Fixes bug 29601; bugfix on 0.3.5.4-alpha.

7
changes/bug29665
View File

@ -1,7 +0,0 @@
o Minor bugfixes (single onion services):
- Allow connections to single onion services to remain idle without
being disconnected. Relays acting as rendezvous points for
single onion services were mistakenly closing idle established
rendezvous circuits after 60 seconds, thinking that they are unused
directory-fetching circuits that had served their purpose. Fixes
bug 29665; bugfix on 0.2.1.26.

3
changes/bug29693
View File

@ -1,3 +0,0 @@
o Minor bugfixes (unit tests):
- Decrease the false positive rate of stochastic probability distribution
tests. Fixes bug 29693; bugfix on 0.4.0.1-alpha.

4
changes/bug29703
View File

@ -1,4 +0,0 @@
o Minor bugfixes (testing):
- Backport the 0.3.4 src/test/test-network.sh to 0.2.9.
We need a recent test-network.sh to use new chutney features in CI.
Fixes bug 29703; bugfix on 0.2.9.1-alpha.

4
changes/bug29706_minimal
View File

@ -1,4 +0,0 @@
o Minor bugfixes (memory management, testing):
- Stop leaking parts of the shared random state in the shared-random unit
tests. The previous fix in 29599 was incomplete.
Fixes bug 29706; bugfix on 0.2.9.1-alpha.

4
changes/bug29706_refactor
View File

@ -1,4 +0,0 @@
o Minor bugfixes (memory management):
- Refactor the shared random state's memory management so that it actually
takes ownership of the shared random value pointers.
Fixes bug 29706; bugfix on 0.2.9.1-alpha.

4
changes/bug29874
View File

@ -1,4 +0,0 @@
o Minor bugfixes (pluggable transports):
- Restore old behaviour when it comes to discovering the path of a given
Pluggable Transport exe-file. Fixes bug 29874; bugfix on 0.4.0.1-alpha.

4
changes/bug29922
View File

@ -1,4 +0,0 @@
o Minor bugfixes (testing, windows):
- Fix a test failure caused by an unexpected bug warning in
our test for tor_gmtime_r(-1). Fixes bug 29922;
bugfix on 0.2.9.3-alpha.

4
changes/bug29930
View File

@ -1,4 +0,0 @@
o Minor bugfixes (UI):
- Lower log level of unlink() errors during bootstrap. Fixes bug 29930;
bugfix on 0.4.0.1-alpha.

3
changes/bug29959-040
View File

@ -1,3 +0,0 @@
o Minor bugfixes (directory authorities):
- Actually include the bandwidth-file-digest line in directory authority
votes. Fixes bug 29959; bugfix on 0.4.0.2-alpha.

7
changes/bug30001
View File

@ -1,7 +0,0 @@
o Minor features (testing):
- Use the approx_time() function when setting the "Expires" header
in directory replies, to make them more testable. Needed for
ticket 30001.
o Minor bug fixes (testing):
- Check the time in the "Expires" header with approx_time().
Fixes bug 30001; bugfix on 0.4.0.4-rc.

4
changes/bug30011
View File

@ -1,4 +0,0 @@
o Minor bugfixes (CI):
- Terminate test-stem if it takes more than 9.5 minutes to run.
(Travis terminates the job after 10 minutes of no output.)
Diagnostic for 29437. Fixes bug 30011; bugfix on 0.3.5.4-alpha.

8
changes/bug30021
View File

@ -1,8 +0,0 @@
o Minor bugfixes (TLS protocol, integration tests):
- When classifying a client's selection of TLS ciphers, if the client
ciphers are not yet available, do not cache the result. Previously,
we had cached the unavailability of the cipher list and never looked
again, which in turn led us to assume that the client only supported
the ancient V1 link protocol. This, in turn, was causing Stem
integration tests to stall in some cases.
Fixes bug 30021; bugfix on 0.2.4.8-alpha.

9
changes/bug30040
View File

@ -1,9 +0,0 @@
o Minor bugfixes (security):
- Fix a potential double free bug when reading huge bandwidth files. The
issue is not exploitable in the current Tor network because the
vulnerable code is only reached when directory authorities read bandwidth
files, but bandwidth files come from a trusted source (usually the
authorities themselves). Furthermore, the issue is only exploitable in
rare (non-POSIX) 32-bit architectures which are not used by any of the
current authorities. Fixes bug 30040; bugfix on 0.3.5.1-alpha. Bug found
and fixed by Tobias Stoeckmann.

5
changes/bug30041
View File

@ -1,5 +0,0 @@
o Minor bugfixes (hardening):
- Verify in more places that we are not about to create a buffer
with more than INT_MAX bytes, to avoid possible OOB access in the event
of bugs. Fixes bug 30041; bugfix on 0.2.0.16. Found and fixed by
Tobias Stoeckmann.

4
changes/bug30189
View File

@ -1,4 +0,0 @@
o Minor bugfixes (compilation, unusual configuration):
- Avoid failures when building with ALL_BUGS_ARE_FAILED due to
missing declarations of abort(), and prevent other such failures
in the future. Fixes bug 30189; bugfix on 0.3.4.1-alpha.

3
changes/bug30263
View File

@ -1,3 +0,0 @@
o Minor bugfixes (shellcheck):
- Stop looking for scripts in the build directory during
"make shellcheck". Fixes bug 30263; bugfix on 0.4.0.1-alpha.

4
changes/bug30316
View File

@ -1,4 +0,0 @@
o Minor bugfixes (directory authority):
- Move the "bandwidth-file-headers" line in directory authority votes
so that it conforms to dir-spec.txt. Fixes bug 30316; bugfix on
0.3.5.1-alpha.

3
changes/bug30452
View File

@ -1,3 +0,0 @@
o Minor features (compile-time modules):
- Add a --list-modules command to print a list of which compile-time
modules are enabled. Closes ticket 30452.

4
changes/bug30475
View File

@ -1,4 +0,0 @@
o Minor bugfixes ():
- Avoid a GCC 9.1.1 warning (and possible crash depending on libc
implemenation) when failing to load a hidden service client authorization
file. Fixes bug 30475; bugfix on 0.3.5.1-alpha.

4
changes/bug30781 Normal file
View File

@ -0,0 +1,4 @@
o Minor bugfixes (directory authorities):
- Stop crashing after parsing an unknown descriptor purpose annotation.
We think this bug can only be triggered by modifying a local file.
Fixes bug 30781; bugfix on 0.2.0.8-alpha.

4
changes/bug30894 Normal file
View File

@ -0,0 +1,4 @@
o Minor bugfixes (memory leaks):
- Fix a trivial memory leak when parsing an invalid value
from a download schedule in the configuration. Fixes bug
30894; bugfix on 0.3.4.1-alpha.

4
changes/bug30942 Normal file
View File

@ -0,0 +1,4 @@
o Minor bugfixes (circuit padding):
- Ignore non-padding cells on padding circuits. This addresses various
warning messages from subsystems that were not expecting padding
circuits. Fixes bug 30942; bugfix on 0.4.1.1-alpha.

4
changes/bug30956 Normal file
View File

@ -0,0 +1,4 @@
o Minor bugfixes (pluggable transports):
- Always publish bridge pluggable transport information in the extra info
descriptor, even if ExtraInfoStatistics is 0. This information is
needed by BridgeDB. Fixes bug 30956; bugfix on 0.4.1.1-alpha.

4
changes/bug31003 Normal file
View File

@ -0,0 +1,4 @@
o Minor bugfixes (crash on exit):
- Avoid a set of possible code paths that could use try to use freed memory
in routerlist_free() while Tor was exiting. Fixes bug 31003; bugfix on
0.1.2.2-alpha.

4
changes/bug31024 Normal file
View File

@ -0,0 +1,4 @@
o Minor bugfixes (circuitpadding):
- Add two NULL checks in unreachable places to silence Coverity (CID 144729
and 1447291) and better future proof ourselves. Fixes bug 31024; bugfix
on 0.4.1.1-alpha.

3
changes/bug31027 Normal file
View File

@ -0,0 +1,3 @@
o Code simplification and refactoring:
- Remove some dead code from circpad_machine_remove_token() to fix some
Coverity warnings (CID 1447298). Fixes bug 31027; bugfix on 0.4.1.1-alpha.

4
changes/bug31080_041 Normal file
View File

@ -0,0 +1,4 @@
o Minor bugfixes (logging):
- Fix a conflict between the flag used for messaging-domain
log messages, and the LD_NO_MOCK testing flag. Fixes bug 31080;
bugfix on 0.4.1.1-alpha.

9
changes/bug31343 Normal file
View File

@ -0,0 +1,9 @@
o Minor bugfixes (compilation):
- Avoid using labs() on time_t, which can cause compilation warnings
on 64-bit Windows builds. Fixes bug 31343; bugfix on 0.2.4.4-alpha.
o Minor bugfixes (clock skew detection):
- Don't believe clock skew results from NETINFO cells that appear to
arrive before the VERSIONS cells they are responding to were sent.
Previously, we would accept them up to 3 minutes "in the past".
Fixes bug 31343; bugfix on 0.2.4.4-alpha.

11
changes/bug31356_and_logs Normal file
View File

@ -0,0 +1,11 @@
o Minor bugfixes (circuit padding negotiation):
- Bump circuit padding protover to explicitly signify that the hs setup
machine support is finalized in 0.4.1.x-stable. This also means that
0.4.1.x-alpha clients will not negotiate padding with 0.4.1.x-stable
relays, and 0.4.1.x-stable clients will not negotiate padding with
0.4.1.x-alpha relays (or 0.4.0.x relays). Fixes bug 31356;
bugfix on 0.4.1.1-alpha.
o Minor features (circuit padding logging):
- Demote noisy client-side warn log to a protocol warning. Add additional
log messages and circuit id fields to help with fixing bug 30992 and any
other future issues.

3
changes/bug31463 Normal file
View File

@ -0,0 +1,3 @@
o Minor bugfixes (rust):
- Correctly exclude a redundant rust build job in Travis. Fixes bug 31463;
bugfix on 0.3.5.4-alpha.

3
changes/chutney_ci Normal file
View File

@ -0,0 +1,3 @@
o Minor features (continuous integration):
- Our Travis configuration now uses Chutney to run some network
integration tests automatically. Closes ticket 29280.

3
changes/cid1444119
View File

@ -1,3 +0,0 @@
o Minor bugfixes (C correctness):
- Fix an unlikely memory leak in consensus_diff_apply(). Fixes bug 29824;
bugfix on 0.3.1.1-alpha. This is Coverity warning CID 1444119.

4
changes/diagnostic_28223_redux
View File

@ -1,4 +0,0 @@
o Minor features (diagnostic):
- Add more diagnostic log messages in an attempt to solve
the issue of NUL bytes appearing in a microdescriptor cache.
Related to ticket 28223.

3
changes/doc28623
View File

@ -1,3 +0,0 @@
o Documentation:
- In manpage entry describing MapAddress torrc setting, use example
IP addresses from ranges specified by RFC 5737. Resolves issue 28623.

3
changes/doc29121
View File

@ -1,3 +0,0 @@
o Documentation:
- Clarify that Tor performs stream isolation between *Port listeners by
default. Resolves issue 29121.

3
changes/doc30630 Normal file
View File

@ -0,0 +1,3 @@
o Documentation:
- Mention URLs for Travis/Appveyor/Jenkins in ReleasingTor.md. Closes
ticket 30630.

4
changes/feature28976
View File

@ -1,4 +0,0 @@
o Minor features (developer tooling):
- Provide a git pre-commit hook that disallows commiting if we have any
failures in our code and changelog formatting checks. It is now available
in scripts/maint/pre-commit.git-hook. Implements feature 28976.

4
changes/geoip-2019-02-05
View File

@ -1,4 +0,0 @@
o Minor features (geoip):
- Update geoip and geoip6 to the February 5 2019 Maxmind GeoLite2
Country database. Closes ticket 29478.

4
changes/geoip-2019-03-04
View File

@ -1,4 +0,0 @@
o Minor features (geoip):
- Update geoip and geoip6 to the March 4 2019 Maxmind GeoLite2
Country database. Closes ticket 29666.

4
changes/geoip-2019-04-02
View File

@ -1,4 +0,0 @@
o Minor features (geoip):
- Update geoip and geoip6 to the April 2 2019 Maxmind GeoLite2
Country database. Closes ticket 29992.

4
changes/geoip-2019-05-13
View File

@ -1,4 +0,0 @@
o Minor features (geoip):
- Update geoip and geoip6 to the May 13 2019 Maxmind GeoLite2
Country database. Closes ticket 30522.

4
changes/ticket21377
View File

@ -1,4 +0,0 @@
o Minor features (dircache):
- When a directory authority is using a bandwidth file to obtain the
bandwidth values that will be included in the next vote, serve this
bandwidth file at /tor/status-vote/next/bandwidth. Closes ticket 21377.

4
changes/ticket26698
View File

@ -1,4 +0,0 @@
o Minor features (directory authority):
- When a directory authority is using a bandwidth file to obtain the
bandwidth values, include the digest of the file in the vote.
Closes ticket 26698.

4
changes/ticket27761
View File

@ -1,4 +0,0 @@
o Minor features (changelogs):
- Check that bugfix versions in changes files look like Tor versions
from the versions spec. Warn when bugfixes claim to be on a future
release. Closes ticket 27761.

8
changes/ticket28614
View File

@ -1,8 +0,0 @@
o Major bugfixes (windows, startup):
- When writing a consensus file to disk, always write in
"binary" mode so that we can safely map it into memory later.
Fixes part of bug 28614; bugfix on 0.4.0.1-alpha.
- When reading a consensus file from disk, detect whether it
was written in text mode, and re-read it in text mode if so.
Fixes part of bug 28614; bugfix on 0.4.0.1-alpha.

3
changes/ticket28668
View File

@ -1,3 +0,0 @@
o Minor features (testing):
- Treat all unexpected ERR and BUG messages as test failures.
Closes ticket 28668.

4
changes/ticket28816
View File

@ -1,4 +0,0 @@
o Code simplification and refactoring:
- Introduce a connection_dir_buf_add() helper function that checks for
compress_state of dir_connection_t and automatically writes a string to
directory connection with or without compression. Resolves issue 28816.

4
changes/ticket29026
View File

@ -1,4 +0,0 @@
o Minor features (compilation):
- Compile correctly when OpenSSL is built with engine support
disabled, or with deprecated APIs disabled. Closes ticket
29026. Patches from "Mangix".

2
changes/ticket29072
View File

@ -1,2 +0,0 @@
o Removed features:
- Remove check-tor script from repository. Resolves issue 29072.

4
changes/ticket29160
View File

@ -1,4 +0,0 @@
o Minor bugfixes (tests):
- Do not log an error-level message if we fail to find an IPv6
network interface from the unit tests. Fixes bug 29160; bugfix on
0.2.7.3-rc.

5
changes/ticket29168
View File

@ -1,5 +0,0 @@
o Major bugfixes (cell scheduler, KIST):
- Make KIST to always take into account the outbuf length when computing
what we can actually put in the outbuf. This could lead to the outbuf
being filled up and thus a possible memory DoS vector. TROVE-2019-001.
Fixes bug 29168; bugfix on 0.3.2.1-alpha.

7
changes/ticket29357
View File

@ -1,7 +0,0 @@
o Minor features (dormant mode):
- Add a DormantCanceledByStartup option to tell Tor that it should
treat a startup event as cancelling any previous dormant state.
Integrators should use this option with caution: it should
only be used if Tor is being started because of something that the
user did, and not if Tor is being automatically started in the
background. Closes ticket 29357.

3
changes/ticket29435
View File

@ -1,3 +0,0 @@
o Minor bugfixes (testing):
- Fix our gcov wrapper script to look for object files at the
correct locations. Fixes bug 29435; bugfix on 0.3.5.1-alpha.

4
changes/ticket29631
View File

@ -1,4 +0,0 @@
o Minor bugfixes (Rust, protover):
- The Rust implementation of protover was missing the "Padding" value in
the translate function from C to Rust. Fixes bug 29631; bugfix on
0.4.0.1-alpha.

4
changes/ticket29702
View File

@ -1,4 +0,0 @@
o Testing:
- Specify torrc paths (with empty files) when launching tor in
integration tests; refrain from reading user and system torrcs.
Resolves issue 29702.

Some files were not shown because too many files have changed in this diff Show More