Merge branch 'maint-0.4.2' into bug40076_042

This commit is contained in:
Nick Mathewson 2020-07-30 14:27:29 -04:00
commit c2d5ec5e43
1184 changed files with 76095 additions and 24333 deletions

16
.gitignore vendored
View File

@ -158,14 +158,20 @@ uptime-*.json
# /src/lib
/src/lib/libcurve25519_donna.a
/src/lib/libtor-buf.a
/src/lib/libtor-buf-testing.a
/src/lib/libtor-compress.a
/src/lib/libtor-compress-testing.a
/src/lib/libtor-confmgt.a
/src/lib/libtor-confmgt-testing.a
/src/lib/libtor-container.a
/src/lib/libtor-container-testing.a
/src/lib/libtor-crypt-ops.a
/src/lib/libtor-crypt-ops-testing.a
/src/lib/libtor-ctime.a
/src/lib/libtor-ctime-testing.a
/src/lib/libtor-dispatch.a
/src/lib/libtor-dispatch-testing.a
/src/lib/libtor-encoding.a
/src/lib/libtor-encoding-testing.a
/src/lib/libtor-evloop.a
@ -198,6 +204,8 @@ uptime-*.json
/src/lib/libtor-osinfo-testing.a
/src/lib/libtor-process.a
/src/lib/libtor-process-testing.a
/src/lib/libtor-pubsub.a
/src/lib/libtor-pubsub-testing.a
/src/lib/libtor-sandbox.a
/src/lib/libtor-sandbox-testing.a
/src/lib/libtor-string.a
@ -213,6 +221,8 @@ uptime-*.json
/src/lib/libtor-tls.a
/src/lib/libtor-tls-testing.a
/src/lib/libtor-trace.a
/src/lib/libtor-version.a
/src/lib/libtor-version-testing.a
/src/lib/libtor-wallclock.a
/src/lib/libtor-wallclock-testing.a
@ -240,20 +250,22 @@ uptime-*.json
/src/test/test
/src/test/test-slow
/src/test/test-bt-cl
/src/test/test-child
/src/test/test-process
/src/test/test-memwipe
/src/test/test-ntor-cl
/src/test/test-hs-ntor-cl
/src/test/test-rng
/src/test/test-switch-id
/src/test/test-timers
/src/test/test_workqueue
/src/test/test.exe
/src/test/test-slow.exe
/src/test/test-bt-cl.exe
/src/test/test-child.exe
/src/test/test-process.exe
/src/test/test-ntor-cl.exe
/src/test/test-hs-ntor-cl.exe
/src/test/test-memwipe.exe
/src/test/test-rng.exe
/src/test/test-switch-id.exe
/src/test/test-timers.exe
/src/test/test_workqueue.exe

View File

@ -29,6 +29,8 @@ env:
- HARDENING_OPTIONS="--enable-expensive-hardening"
## We turn off asciidoc by default, because it's slow
- ASCIIDOC_OPTIONS="--disable-asciidoc"
## Our default rust version is the minimum supported version
- RUST_VERSION="1.31.0"
## Turn off tor's sandbox in chutney, until we fix sandbox errors that are
## triggered by Ubuntu Xenial and Bionic. See #32722.
- CHUTNEY_TOR_SANDBOX="0"
@ -70,7 +72,7 @@ matrix:
- env: NSS_OPTIONS="--enable-nss" C_DIALECT_OPTIONS="-std=gnu99"
## We include a single coverage build with the best options for coverage
- env: COVERAGE_OPTIONS="--enable-coverage" HARDENING_OPTIONS=""
- env: COVERAGE_OPTIONS="--enable-coverage" HARDENING_OPTIONS="" TOR_TEST_RNG_SEED="636f766572616765"
## We clone our stem repo and run `make test-stem`
- env: TEST_STEM="yes" SKIP_MAKE_CHECK="yes"
@ -79,7 +81,7 @@ matrix:
## concurrent macOS jobs. We're not actively developing Rust, so it is
## the lowest priority.
## We run rust on macOS, because we have seen macOS rust failures before
#- env: RUST_OPTIONS="--enable-rust --enable-cargo-online-mode"
#- env: RUST_VERSION="nightly" RUST_OPTIONS="--enable-rust --enable-cargo-online-mode"
# compiler: clang
# os: osx
@ -96,7 +98,7 @@ matrix:
## Since this job is disabled, there's not much point having an exception
## for it
#- env: RUST_OPTIONS="--enable-rust --enable-cargo-online-mode"
#- env: RUST_VERSION="nightly" RUST_OPTIONS="--enable-rust --enable-cargo-online-mode"
# compiler: clang
# os: osx
@ -125,6 +127,7 @@ addons:
- libscrypt-dev
- libseccomp-dev
- libzstd-dev
- shellcheck
## Conditional build dependencies
## Always installed, so we don't need sudo
- asciidoc
@ -153,6 +156,7 @@ addons:
- pkg-config
## Optional build dependencies
- ccache
- shellcheck
## Conditional build dependencies
## Always installed, because manual brew installs are hard to get right
- asciidoc
@ -183,8 +187,8 @@ install:
- if [[ "$ASCIIDOC_OPTIONS" == "" ]] && [[ "$TRAVIS_OS_NAME" == "osx" ]]; then export XML_CATALOG_FILES="/usr/local/etc/xml/catalog"; fi
## If we're using Rust, download rustup
- if [[ "$RUST_OPTIONS" != "" ]]; then curl -Ssf -o rustup.sh https://sh.rustup.rs; fi
## Install the nightly channels of rustc and cargo and setup our toolchain environment
- if [[ "$RUST_OPTIONS" != "" ]]; then sh rustup.sh -y --default-toolchain nightly; fi
## Install the stable channels of rustc and cargo and setup our toolchain environment
- if [[ "$RUST_OPTIONS" != "" ]]; then sh rustup.sh -y --default-toolchain $RUST_VERSION; fi
- if [[ "$RUST_OPTIONS" != "" ]]; then source $HOME/.cargo/env; fi
## If we're testing rust builds in offline-mode, then set up our vendored dependencies
- if [[ "$TOR_RUST_DEPENDENCIES" == "true" ]]; then export TOR_RUST_DEPENDENCIES=$PWD/src/ext/rust/crates; fi
@ -209,6 +213,10 @@ install:
- if [[ "$CHUTNEY" != "" ]]; then pushd "$CHUTNEY_PATH"; git log -1 ; popd ; fi
## If we're running stem, show the stem version and commit
- if [[ "$TEST_STEM" != "" ]]; then pushd stem; python -c "from stem import stem; print(stem.__version__);"; git log -1; popd; fi
## We don't want Tor tests to depend on default configuration file at
## ~/.torrc. So we put some random bytes in there, to make sure we get build
## failures in case Tor is reading it during CI jobs.
- dd ibs=1 count=1024 if=/dev/urandom > ~/.torrc
script:
# Skip test_rebind on macOS

2731
ChangeLog

File diff suppressed because it is too large Load Diff

View File

@ -9,7 +9,8 @@
there may be other license terms that you should be aware of.
===============================================================================
Tor is distributed under this license:
Tor is distributed under the "3-clause BSD" license, a commonly used
software license that means Tor is both free software and open source:
Copyright (c) 2001-2004, Roger Dingledine
Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson

View File

@ -31,9 +31,7 @@ TESTING_TOR_BINARY=$(top_builddir)/src/app/tor$(EXEEXT)
endif
if USE_RUST
## this MUST be $(), otherwise am__DEPENDENCIES will not track it
rust_ldadd=$(top_builddir)/$(TOR_RUST_LIB_PATH) \
$(TOR_RUST_EXTRA_LIBS)
rust_ldadd=$(top_builddir)/$(TOR_RUST_LIB_PATH)
else
rust_ldadd=
endif
@ -42,6 +40,10 @@ endif
TOR_UTIL_LIBS = \
src/lib/libtor-geoip.a \
src/lib/libtor-process.a \
src/lib/libtor-buf.a \
src/lib/libtor-confmgt.a \
src/lib/libtor-pubsub.a \
src/lib/libtor-dispatch.a \
src/lib/libtor-time.a \
src/lib/libtor-fs.a \
src/lib/libtor-encoding.a \
@ -62,6 +64,7 @@ TOR_UTIL_LIBS = \
src/lib/libtor-malloc.a \
src/lib/libtor-wallclock.a \
src/lib/libtor-err.a \
src/lib/libtor-version.a \
src/lib/libtor-intmath.a \
src/lib/libtor-ctime.a
@ -71,6 +74,10 @@ if UNITTESTS_ENABLED
TOR_UTIL_TESTING_LIBS = \
src/lib/libtor-geoip-testing.a \
src/lib/libtor-process-testing.a \
src/lib/libtor-buf-testing.a \
src/lib/libtor-confmgt-testing.a \
src/lib/libtor-pubsub-testing.a \
src/lib/libtor-dispatch-testing.a \
src/lib/libtor-time-testing.a \
src/lib/libtor-fs-testing.a \
src/lib/libtor-encoding-testing.a \
@ -91,6 +98,7 @@ TOR_UTIL_TESTING_LIBS = \
src/lib/libtor-malloc-testing.a \
src/lib/libtor-wallclock-testing.a \
src/lib/libtor-err-testing.a \
src/lib/libtor-version-testing.a \
src/lib/libtor-intmath.a \
src/lib/libtor-ctime-testing.a
endif
@ -159,7 +167,28 @@ EXTRA_DIST+= \
README \
ReleaseNotes \
scripts/maint/checkIncludes.py \
scripts/maint/checkSpace.pl
scripts/maint/checkSpace.pl \
scripts/maint/checkShellScripts.sh \
scripts/maint/practracker/README \
scripts/maint/practracker/exceptions.txt \
scripts/maint/practracker/includes.py \
scripts/maint/practracker/metrics.py \
scripts/maint/practracker/practracker.py \
scripts/maint/practracker/practracker_tests.py \
scripts/maint/practracker/problem.py \
scripts/maint/practracker/testdata/.may_include \
scripts/maint/practracker/testdata/a.c \
scripts/maint/practracker/testdata/b.c \
scripts/maint/practracker/testdata/ex0-expected.txt \
scripts/maint/practracker/testdata/ex0.txt \
scripts/maint/practracker/testdata/ex1-expected.txt \
scripts/maint/practracker/testdata/ex1.txt \
scripts/maint/practracker/testdata/ex1-overbroad-expected.txt \
scripts/maint/practracker/testdata/ex.txt \
scripts/maint/practracker/testdata/header.h \
scripts/maint/practracker/testdata/not_c_file \
scripts/maint/practracker/test_practracker.sh \
scripts/maint/practracker/util.py
## This tells etags how to find mockable function definitions.
AM_ETAGSFLAGS=--regex='{c}/MOCK_IMPL([^,]+,\W*\([a-zA-Z0-9_]+\)\W*,/\1/s'
@ -177,7 +206,7 @@ TEST_CFLAGS=
TEST_CPPFLAGS=-DTOR_UNIT_TESTS @TOR_MODULES_ALL_ENABLED@
TEST_NETWORK_FLAGS=--hs-multi-client 1
endif
TEST_NETWORK_WARNING_FLAGS=--quiet --only-warnings
TEST_NETWORK_SHOW_WARNINGS_FOR_LAST_RUN_FLAGS=--quiet --only-warnings
if LIBFUZZER_ENABLED
TEST_CFLAGS += -fsanitize-coverage=trace-pc-guard,trace-cmp,trace-div
@ -213,7 +242,10 @@ doxygen:
test: all
$(top_builddir)/src/test/test
check-local: check-spaces check-changes check-includes
shellcheck:
$(top_srcdir)/scripts/maint/checkShellScripts.sh
check-local: check-spaces check-changes check-includes shellcheck
need-chutney-path:
@if test ! -d "$$CHUTNEY_PATH"; then \
@ -233,12 +265,15 @@ test-network: need-chutney-path $(TESTING_TOR_BINARY) src/tools/tor-gencert
$(top_srcdir)/src/test/test-network.sh $(TEST_NETWORK_FLAGS)
# Run all available tests using automake's test-driver
# only run IPv6 tests if we can ping6 ::1 (localhost)
# only run IPv6 tests if we can ping ::1 (localhost)
# some IPv6 tests will fail without an IPv6 DNS server (see #16971 and #17011)
# only run mixed tests if we have a tor-stable binary
# Try the syntax for BSD ping6, Linux ping6, and Linux ping -6,
# because they're incompatible
# - only run IPv6 tests if we can ping6 or ping -6 ::1 (localhost)
# we try the syntax for BSD ping6, Linux ping6, and Linux ping -6,
# because they're incompatible
# - some IPv6 tests may fail without an IPv6 DNS server
# (see #16971 and #17011)
# - only run mixed tests if we have a tor-stable binary
# - show tor warnings on the console after each network run
# (otherwise, warnings go to the logs, and people don't see them unless
# there is a network failure)
test-network-all: need-chutney-path test-driver $(TESTING_TOR_BINARY) src/tools/tor-gencert
mkdir -p $(TEST_NETWORK_ALL_LOG_DIR)
rm -f $(TEST_NETWORK_ALL_LOG_DIR)/*.log $(TEST_NETWORK_ALL_LOG_DIR)/*.trs
@ -262,7 +297,7 @@ test-network-all: need-chutney-path test-driver $(TESTING_TOR_BINARY) src/tools/
done; \
for f in $$flavors; do \
$(SHELL) $(top_srcdir)/test-driver --test-name $$f --log-file $(TEST_NETWORK_ALL_LOG_DIR)/$$f.log --trs-file $(TEST_NETWORK_ALL_LOG_DIR)/$$f.trs $(TEST_NETWORK_ALL_DRIVER_FLAGS) $(top_srcdir)/src/test/test-network.sh --flavor $$f $(TEST_NETWORK_FLAGS); \
$(top_srcdir)/src/test/test-network.sh $(TEST_NETWORK_WARNING_FLAGS); \
$(top_srcdir)/src/test/test-network.sh $(TEST_NETWORK_SHOW_WARNINGS_FOR_LAST_RUN_FLAGS); \
done; \
echo "Log and result files are available in $(TEST_NETWORK_ALL_LOG_DIR)."; \
! grep -q FAIL $(TEST_NETWORK_ALL_LOG_DIR)/*.trs
@ -317,11 +352,8 @@ coverage-html-full: all
lcov --remove "$(HTML_COVER_DIR)/lcov.tmp" --rc lcov_branch_coverage=1 'test/*' 'ext/tinytest*' '/usr/*' --output-file "$(HTML_COVER_DIR)/lcov.info"
genhtml --branch-coverage -o "$(HTML_COVER_DIR)" "$(HTML_COVER_DIR)/lcov.info"
# Avoid strlcpy.c, strlcat.c, aes.c, OpenBSD_malloc_Linux.c, sha256.c,
# tinytest*.[ch]
check-spaces:
if USE_PERL
$(PERL) $(top_srcdir)/scripts/maint/checkSpace.pl -C \
# For scripts: avoid src/ext and src/trunnel.
OWNED_TOR_C_FILES=\
$(top_srcdir)/src/lib/*/*.[ch] \
$(top_srcdir)/src/core/*/*.[ch] \
$(top_srcdir)/src/feature/*/*.[ch] \
@ -329,13 +361,26 @@ if USE_PERL
$(top_srcdir)/src/test/*.[ch] \
$(top_srcdir)/src/test/*/*.[ch] \
$(top_srcdir)/src/tools/*.[ch]
check-spaces:
if USE_PERL
$(PERL) $(top_srcdir)/scripts/maint/checkSpace.pl -C \
$(OWNED_TOR_C_FILES)
endif
check-includes:
if USEPYTHON
$(PYTHON) $(top_srcdir)/scripts/maint/checkIncludes.py
$(PYTHON) $(top_srcdir)/scripts/maint/practracker/includes.py $(top_srcdir)
endif
check-best-practices:
if USEPYTHON
@$(PYTHON) $(top_srcdir)/scripts/maint/practracker/practracker.py $(top_srcdir) $(TOR_PRACTRACKER_OPTIONS)
endif
practracker-regen:
$(PYTHON) $(top_srcdir)/scripts/maint/practracker/practracker.py --regen $(top_srcdir)
check-docs: all
$(PERL) $(top_builddir)/scripts/maint/checkOptionDocs.pl
@ -412,13 +457,13 @@ endif
check-changes:
if USEPYTHON
@if test -d "$(top_srcdir)/changes"; then \
$(PYTHON) $(top_srcdir)/scripts/maint/lintChanges.py $(top_srcdir)/changes; \
PACKAGE_VERSION=$(PACKAGE_VERSION) $(PYTHON) $(top_srcdir)/scripts/maint/lintChanges.py $(top_srcdir)/changes; \
fi
endif
.PHONY: update-versions
update-versions:
$(PERL) $(top_builddir)/scripts/maint/updateVersions.pl
abs_top_srcdir="$(abs_top_srcdir)" $(PYTHON) $(top_srcdir)/scripts/maint/update_versions.py
.PHONY: callgraph
callgraph:
@ -431,6 +476,25 @@ version:
(cd "$(top_srcdir)" && git rev-parse --short=16 HEAD); \
fi
.PHONY: autostyle-ifdefs
autostyle-ifdefs:
$(PYTHON) scripts/maint/annotate_ifdef_directives.py $(OWNED_TOR_C_FILES)
.PHONY: autostyle-ifdefs
autostyle-operators:
$(PERL) scripts/coccinelle/test-operator-cleanup $(OWNED_TOR_C_FILES)
.PHONY: rectify-includes
rectify-includes:
$(PYTHON) scripts/maint/rectify_include_paths.py
.PHONY: update-copyright
update-copyright:
$(PERL) scripts/maint/updateCopyright.pl $(OWNED_TOR_C_FILES)
.PHONY: autostyle
autostyle: update-versions rustfmt autostyle-ifdefs rectify-includes
mostlyclean-local:
rm -f $(top_builddir)/src/*/*.gc{da,no} $(top_builddir)/src/*/*/*.gc{da,no}
rm -rf $(HTML_COVER_DIR)

File diff suppressed because it is too large Load Diff

View File

@ -1,9 +1,9 @@
#!/bin/sh
if [ -x "`which autoreconf 2>/dev/null`" ] ; then
if command -v autoreconf; then
opt="-i -f -W all,error"
for i in $@; do
for i in "$@"; do
case "$i" in
-v)
opt="${opt} -v"
@ -11,6 +11,7 @@ if [ -x "`which autoreconf 2>/dev/null`" ] ; then
esac
done
# shellcheck disable=SC2086
exec autoreconf $opt
fi

View File

@ -1,4 +0,0 @@
o Minor features (NSS, diagnostic):
- Try to log an error from NSS (if there is any) and a more useful
description of our situation if we are using NSS and a call to
SSL_ExportKeyingMaterial() fails. Diagnostic for ticket 29241.

View File

@ -1,3 +0,0 @@
o Minor bugfixes (logging):
- Change log level of message "Hash of session info was not as expected"
to LOG_PROTOCOL_WARN. Fixes bug 12399; bugfix on 0.1.1.10-alpha.

View File

@ -1,5 +0,0 @@
o Minor bugfixes (logging):
- Correct a misleading error message when IPv4Only or IPv6Only
is used but the resolved address can not be interpreted as an
address of the specified IP version. Fixes bug 13221; bugfix
on 0.2.3.9-alpha. Patch from Kris Katterjohn.

View File

@ -1,3 +0,0 @@
o Minor bugfixes (circuit isolation):
- Fix a logic error that prevented the SessionGroup sub-option from
being accepted. Fixes bug 22619; bugfix on 0.2.7.2-alpha.

View File

@ -1,5 +0,0 @@
o Minor bugfixes (v3 single onion services):
- Make v3 single onion services fall back to a 3-hop intro, when there
all intro points are unreachable via a 1-hop path. Previously, v3
single onion services failed when all intro nodes were unreachable
via a 1-hop path. Fixes bug 23507; bugfix on 0.3.2.1-alpha.

View File

@ -1,6 +0,0 @@
o Minor bugfixes (v2 single onion services):
- Always retry v2 single onion service intro and rend circuits with a
3-hop path. Previously, v2 single onion services used a 3-hop path
when rend circuits were retried after a remote or delayed failure,
but a 1-hop path for immediate retries. Fixes bug 23818;
bugfix on 0.2.9.3-alpha.

View File

@ -1,6 +0,0 @@
o Minor bugfixes (v3 single onion services):
- Always retry v3 single onion service intro and rend circuits with a
3-hop path. Previously, v3 single onion services used a 3-hop path
when rend circuits were retried after a remote or delayed failure,
but a 1-hop path for immediate retries. Fixes bug 23818;
bugfix on 0.3.2.1-alpha.

View File

@ -1,3 +0,0 @@
o Minor bugfixes (client, guard selection):
- When Tor's consensus has expired, but is still reasonably live, use it
to select guards. Fixes bug 24661; bugfix on 0.3.0.1-alpha.

View File

@ -1,3 +0,0 @@
o Minor bugfixes (protover, rust):
- Reject extra commas in version string. Fixes bug 27197; bugfix on
0.3.3.3-alpha.

View File

@ -1,3 +0,0 @@
o Minor bugfixes (rust):
- Abort on panic in all build profiles, instead of potentially unwinding
into C code. Fixes bug 27199; bugfix on 0.3.3.1-alpha.

View File

@ -1,4 +0,0 @@
o Minor bugfixes (rust):
- Return a string that can be safely freed by C code, not one created by
the rust allocator, in protover_all_supported(). Fixes bug 27740; bugfix
on 0.3.3.1-alpha.

View File

@ -1,5 +0,0 @@
o Minor bugfixes (rust, directory authority):
- Fix an API mismatch in the rust implementation of
protover_compute_vote(). This bug could have caused crashes on any
directory authorities running Tor with Rust (which we do not yet
recommend). Fixes bug 27741; bugfix on 0.3.3.6.

View File

@ -1,6 +0,0 @@
o Minor bugfixes (connection, relay):
- Avoid a wrong BUG() stacktrace in case a closing connection is being held
open because the write side is rate limited but not the read side. Now,
the connection read side is simply shutdown instead of kept open until tor
is able to flush the connection and then fully close it. Fixes bug 27750;
bugfix on 0.3.4.1-alpha.

View File

@ -1,4 +0,0 @@
o Minor bugfixes (directory authority):
- Log additional info when we get a relay that shares an ed25519
ID with a different relay, instead making a BUG() warning.
Fixes bug 27800; bugfix on 0.3.2.1-alpha.

View File

@ -1,3 +0,0 @@
o Minor bugfixes (rust):
- Fix a potential null dereference in protover_all_supported().
Add a test for it. Fixes bug 27804; bugfix on 0.3.3.1-alpha.

View File

@ -1,7 +0,0 @@
o Minor bugfixes (onion services):
- On an intro point for a version 3 onion service, we do not close
an introduction circuit on an NACK. This lets the client decide
whether to reuse the circuit or discard it. Previously, we closed
intro circuits on NACKs. Fixes bug 27841; bugfix on 0.3.2.1-alpha.
Patch by Neel Chaunan

View File

@ -1,6 +0,0 @@
o Minor bugfixes (tests):
- Treat backtrace test failures as expected on BSD-derived systems
(NetBSD, OpenBSD, and macOS/Darwin) until we solve bug 17808.
(FreeBSD failures have been treated as expected since 18204 in 0.2.8.)
Fixes bug 27948; bugfix on 0.2.5.2-alpha.

View File

@ -1,4 +0,0 @@
o Minor bugfixes (compilation, opensolaris):
- Add a missing include to compat_pthreads.c, to fix compilation
on OpenSolaris and its descendants. Fixes bug 27963; bugfix
on 0.3.5.1-alpha.

View File

@ -1,3 +0,0 @@
o Minor bugfixes (testing):
- Avoid hangs and race conditions in test_rebind.py.
Fixes bug 27968; bugfix on 0.3.5.1-alpha.

View File

@ -1,13 +0,0 @@
o Minor bugfixes (Windows):
- Correctly identify Windows 8.1, Windows 10, and Windows Server 2008
and later from their NT versions.
Fixes bug 28096; bugfix on 0.2.2.34; reported by Keifer Bly.
- On recent Windows versions, the GetVersionEx() function may report
an earlier Windows version than the running OS. To avoid user
confusion, add "[or later]" to Tor's version string on affected
versions of Windows.
Fixes bug 28096; bugfix on 0.2.2.34; reported by Keifer Bly.
- Remove Windows versions that were never supported by the
GetVersionEx() function. Stop duplicating the latest Windows
version in get_uname().
Fixes bug 28096; bugfix on 0.2.2.34; reported by Keifer Bly.

View File

@ -1,3 +0,0 @@
o Minor bugfixes (portability):
- Make the OPE code (which is used for v3 onion services) run correctly
on big-endian platforms. Fixes bug 28115; bugfix on 0.3.5.1-alpha.

View File

@ -1,7 +0,0 @@
o Minor bugfixes (onion services):
- Unless we have explicitly set HiddenServiceVersion, detect the onion
service version and then look for invalid options. Previously, we
did the reverse, but that broke existing configs which were pointed
to a v2 hidden service and had options like HiddenServiceAuthorizeClient
set Fixes bug 28127; bugfix on 0.3.5.1-alpha. Patch by Neel Chauhan.

View File

@ -1,4 +0,0 @@
o Minor bugfixes (Linux seccomp2 sandbox):
- Permit the "shutdown()" system call, which is apparently
used by OpenSSL under some circumstances. Fixes bug 28183;
bugfix on 0.2.5.1-alpha.

View File

@ -1,4 +0,0 @@
o Minor bugfixes (C correctness):
- Avoid undefined behavior in an end-of-string check when parsing the
BEGIN line in a directory object. Fixes bug 28202; bugfix on
0.2.0.3-alpha.

View File

@ -1,6 +0,0 @@
o Major bugfixes (OpenSSL, portability):
- Fix our usage of named groups when running as a TLS 1.3 client in
OpenSSL 1.1.1. Previously, we only initialized EC groups when running
as a server, which caused clients to fail to negotiate TLS 1.3 with
relays. Fixes bug 28245; bugfix on 0.2.9.15 when TLS 1.3 support was
added.

View File

@ -1,4 +0,0 @@
o Minor bugfixes (configuration):
- Resume refusing to start with relative file paths and RunAsDaemon
set (regression from the fix for bug 22731). Fixes bug 28298;
bugfix on 0.3.3.1-alpha.

View File

@ -1,3 +0,0 @@
o Minor bugfixes (compilation):
- Fix a pair of missing headers on OpenBSD. Fixes bug 28303;
bugfix on 0.3.5.1-alpha. Patch from Kris Katterjohn.

View File

@ -1,5 +0,0 @@
o Major bugfixes (embedding, main loop):
- When DisableNetwork becomes set, actually disable periodic events that
are already enabled. (Previously, we would refrain from enabling new
ones, but we would leave the old ones turned on.)
Fixes bug 28348; bugfix on 0.3.4.1-alpha.

View File

@ -1,4 +0,0 @@
o Minor bugfixes (continuous integration, Windows):
- Stop using an external OpenSSL install, and stop installing MSYS2
packages, when building using mingw on Appveyor Windows CI.
Fixes bug 28399; bugfix on 0.3.4.1-alpha.

View File

@ -1,4 +0,0 @@
o Minor bugfixes (compilation):
- Initialize a variable in aes_new_cipher(), since some compilers
cannot tell that we always initialize it before use. Fixes bug 28413;
bugfix on 0.2.9.3-alpha.

View File

@ -1,3 +0,0 @@
o Minor bugfixes (memory leaks):
- Fix a harmless memory leak in libtorrunner.a. Fixes bug 28419;
bugfix on 0.3.3.1-alpha. Patch from Martin Kepplinger.

View File

@ -1,3 +0,0 @@
o Minor bugfixes (documentation):
- Make Doxygen work again after the 0.3.5 source tree moves.
Fixes bug 28435; bugfix on 0.3.5.1-alpha.

View File

@ -1,4 +0,0 @@
o Minor bugfixes (logging):
- Stop talking about the Named flag in log messages. Clients have
ignored the Named flag since 0.3.2. Fixes bug 28441;
bugfix on 0.3.2.1-alpha.

View File

@ -1,4 +0,0 @@
o Minor bugfixes (continuous integration, Windows):
- Manually configure the zstd compiler options, when building using
mingw on Appveyor Windows CI. The MSYS2 mingw zstd package does not
come with a pkg-config file. Fixes bug 28454; bugfix on 0.3.4.1-alpha.

View File

@ -1,3 +0,0 @@
o Minor bugfixes (compilation):
- Add missing dependency on libgdi32.dll for tor-print-ed-signing-cert.exe
on Windows. Fixes bug 28485; bugfix on 0.3.5.1-alpha.

View File

@ -1,4 +0,0 @@
o Minor bugfixes (restart-in-process, boostrap):
- Add missing resets of bootstrap tracking state when shutting
down (regression caused by ticket 27169). Fixes bug 28524;
bugfix on 0.3.5.1-alpha.

View File

@ -1,7 +0,0 @@
o Minor features (address selection):
- Make Tor aware of the RFC 6598 (Carrier Grade NAT) IP range, which is the
subnet 100.64.0.0/10. This is deployed by many ISPs as an alternative to
RFC 1918 that does not break existing internal networks. This patch fixes
security issues caused by RFC 6518 by blocking control ports on these
addresses and warns users if client ports or ExtORPorts are listening on
a RFC 6598 address. Closes ticket 28525. Patch by Neel Chauhan.

View File

@ -1,3 +0,0 @@
o Minor bugfixes (unit tests, guard selection):
- Stop leaking memory in an entry guard unit test. Fixes bug 28554;
bugfix on 0.3.0.1-alpha.

View File

@ -1,5 +0,0 @@
o Minor bugfixes (testing):
- Use a separate DataDirectory for the test_rebind script.
Previously, this script would run using the default DataDirectory,
and sometimes fail. Fixes bug 28562; bugfix on 0.3.5.1-alpha.
Patch from Taylor R Campbell.

View File

@ -1,4 +0,0 @@
o Minor bugfixes (testing):
- Stop running stem's unit tests as part of "make test-stem". But continue
to run stem's unit and online tests during "make test-stem-full".
Fixes bug 28568; bugfix on 0.2.6.3-alpha.

View File

@ -1,3 +0,0 @@
o Minor bugfixes (unit tests, directory clients):
- Mark outdated dirservers when Tor only has a reasonably live consensus.
Fixes bug 28569; bugfix on 0.3.2.5-alpha.

View File

@ -1,4 +0,0 @@
o Minor bugfixes (windows services):
- Make Tor start correctly as an NT service again: previously it
was broken by refactoring. Fixes bug 28612; bugfix on 0.3.5.3-alpha.

View File

@ -1,6 +0,0 @@
o Minor bugfixes (hidden service v3):
- When deleting an ephemeral onion service (DEL_ONION), do not close any
rendezvous circuits in order to let the existing client connections
finish by themselves or closed by the application. The HS v2 is doing
that already so now we have the same behavior for all versions. Fixes
bug 28619; bugfix on 0.3.3.1-alpha.

View File

@ -1,3 +0,0 @@
o Minor bugfixes (logging):
- Stop logging a BUG() warning when tor is waiting for exit descriptors.
Fixes bug 28656; bugfix on 0.3.5.1-alpha.

View File

@ -1,3 +0,0 @@
o Minor bugfix (logging):
- Avoid logging about relaxing circuits when their time is fixed.
Fixes bug 28698; bugfix on 0.2.4.7-alpha

View File

@ -1,5 +0,0 @@
o Minor bugfixes (usability):
- Stop saying "Your Guard ..." in pathbias_measure_{use,close}_rate()
as that confusingly suggests that mentioned guard node is under control
and responsibility of end user, which it is not. Fixes bug 28895;
bugfix on Tor 0.3.0.1-alpha.

View File

@ -1,6 +0,0 @@
o Minor bugfixes (logging):
- Rework rep_hist_log_link_protocol_counts() to iterate through all link
protocol versions when logging incoming/outgoing connection counts. Tor
no longer skips version 5 and we don't have to remember to update this
function when new link protocol version is developed. Fixes bug 28920;
bugfix on 0.2.6.10.

View File

@ -1,4 +0,0 @@
o Minor bugfixes (compilation):
- Fix missing headers required for proper detection of
OpenBSD. Fixes bug 28938; bugfix on 0.3.5.1-alpha.
Patch from Kris Katterjohn.

View File

@ -1,3 +0,0 @@
o Minor bugfixes (compilation):
- Fix compilation for Android by adding a missing header to
freespace.c. Fixes bug 28974; bugfix on 0.3.5.1-alpha.

View File

@ -1,4 +0,0 @@
o Minor bugfixes (documentation):
- Describe the contents of the v3 onion service client authorization
files correctly: They hold public keys, not private keys. Fixes bug
28979; bugfix on 0.3.5.1-alpha. Spotted by "Felixix".

View File

@ -1,5 +0,0 @@
o Minor bugfixes (misc):
- The amount of total available physical memory is now determined
using the sysctl identifier HW_PHYSMEM (rather than HW_USERMEM)
when it is defined and a 64-bit variant is not available. Fixes
bug 28981; bugfix on 0.2.5.4-alpha. Patch from Kris Katterjohn.

View File

@ -1,5 +0,0 @@
o Minor bugfix (IPv6):
Fix tor_ersatz_socketpair on IPv6-only systems. Previously,
the IPv6 socket was bound using an address family of AF_INET
instead of AF_INET6. Fixes bug 28995; bugfix on 0.3.5.1-alpha.
Patch from Kris Katterjohn.

View File

@ -1,4 +0,0 @@
o Minor bugfixes (stats):
- When ExtraInfoStatistics is 0, stop including PaddingStatistics in
relay and bridge extra-info documents. Fixes bug 29017;
bugfix on 0.3.1.1-alpha.

View File

@ -1,5 +0,0 @@
o Minor bugfixes (logging, onion services):
- Stop logging "Tried to establish rendezvous on non-OR circuit..." as
a warning. Instead, log it as a protocol warning, because there is
nothing that relay operators can do to fix it. Fixes bug 29029;
bugfix on 0.2.5.7-rc.

View File

@ -1,5 +0,0 @@
o Major bugfixes (Onion service reachability):
- Properly clean up the introduction point map when circuits change purpose
from onion service circuits to pathbias, measurement, or other circuit types.
This should fix some service-side instances of introduction point failure.
Fixes bug 29034; bugfix on 0.3.2.1-alpha.

View File

@ -1,5 +0,0 @@
o Minor bugfix (continuous integration):
- Reset coverage state on disk after Travis CI has finished. This is being
done to prevent future gcda file merge errors which causes the test suite
for the process subsystem to fail. The process subsystem was introduced
in 0.4.0.1-alpha. Fixes bug 29036; bugfix on 0.2.9.15.

View File

@ -1,4 +0,0 @@
o Minor bugfixes (onion services):
- Avoid crashing if ClientOnionAuthDir (incorrectly) contains
more than one private key for a hidden service. Fixes bug 29040;
bugfix on 0.3.5.1-alpha.

View File

@ -1,5 +0,0 @@
o Minor bugfixes (logging):
- Log more information at "warning" level when unable to read a private
key; log more information ad "info" level when unable to read a public
key. We had warnings here before, but they were lost during our
NSS work. Fixes bug 29042; bugfix on 0.3.5.1-alpha.

View File

@ -1,5 +0,0 @@
o Minor bugfixes (onion services, logging):
- In hs_cache_store_as_client() log an HSDesc we failed to parse at Debug
loglevel. Tor used to log it at Warning loglevel, which caused
very long log lines to appear for some users. Fixes bug 29135; bugfix on
0.3.2.1-alpha.

View File

@ -1,5 +0,0 @@
o Minor bugfixes (logging):
- Log the correct port number for listening sockets when "auto" is
used to let Tor pick the port number. Previously, port 0 was
logged instead of the actual port number. Fixes bug 29144;
bugfix on 0.3.5.1-alpha. Patch from Kris Katterjohn.

View File

@ -1,3 +0,0 @@
o Minor bugfixes (compilation, testing):
- Silence a compiler warning in test-memwipe.c on OpenBSD. Fixes
bug 29145; bugfix on 0.2.9.3-alpha. Patch from Kris Katterjohn.

View File

@ -1,3 +0,0 @@
o Minor bugfixes (tests):
- Detect and suppress "bug" warnings from the util/time test on Windows.
Fixes bug 29161; bugfix on 0.2.9.3-alpha.

View File

@ -1,4 +0,0 @@
o Major bugfixes (networking):
- Gracefully handle empty username/password fields in SOCKS5
username/password auth messsage and allow SOCKS5 handshake to
continue. Fixes bug 29175; bugfix on 0.3.5.1-alpha.

View File

@ -1,6 +0,0 @@
o Major bugfixes (NSS, relay):
- When running with NSS, disable TLS 1.2 ciphersuites that use SHA384
for their PRF. Due to an NSS bug, the TLS key exporters for these
ciphersuites don't work -- which caused relays to fail to handshake
with one another when these ciphersuites were enabled.
Fixes bug 29241; bugfix on 0.3.5.1-alpha.

View File

@ -1,4 +0,0 @@
o Minor bugfixes (build, compatibility):
- Update Cargo.lock file to match the version made by the latest
version of Rust, so that "make distcheck" will pass again.
Fixes bug 29244; bugfix on 0.3.3.4-alpha.

View File

@ -1,5 +0,0 @@
o Minor bugfixes (testing):
- Downgrade some LOG_ERR messages in the address/* tests to warnings.
The LOG_ERR messages were occurring when we had no configured network.
We were failing the unit tests, because we backported 28668 to 0.3.5.8,
but did not backport 29530. Fixes bug 29530; bugfix on 0.3.5.8.

View File

@ -1,3 +0,0 @@
o Minor bugfixes (memory management, testing):
- Stop leaking parts of the shared random state in the shared-random unit
tests. Fixes bug 29599; bugfix on 0.2.9.1-alpha.

View File

@ -1,6 +0,0 @@
o Minor bugfixes (Windows, CI):
- Skip the Appveyor 32-bit Windows Server 2016 job, and 64-bit Windows
Server 2012 R2 job. The remaining 2 jobs still provide coverage of
64/32-bit, and Windows Server 2016/2012 R2. Also set fast_finish, so
failed jobs terminate the build immediately.
Fixes bug 29601; bugfix on 0.3.5.4-alpha.

View File

@ -1,7 +0,0 @@
o Minor bugfixes (single onion services):
- Allow connections to single onion services to remain idle without
being disconnected. Relays acting as rendezvous points for
single onion services were mistakenly closing idle established
rendezvous circuits after 60 seconds, thinking that they are unused
directory-fetching circuits that had served their purpose. Fixes
bug 29665; bugfix on 0.2.1.26.

View File

@ -1,4 +0,0 @@
o Minor bugfixes (configuration, proxies):
- Fix a bug that prevented us from supporting SOCKS5 proxies that want
authentication along with configued (but unused!)
ClientTransportPlugins. Fixes bug 29670; bugfix on 0.2.6.1-alpha.

View File

@ -1,4 +0,0 @@
o Minor bugfixes (testing):
- Backport the 0.3.4 src/test/test-network.sh to 0.2.9.
We need a recent test-network.sh to use new chutney features in CI.
Fixes bug 29703; bugfix on 0.2.9.1-alpha.

View File

@ -1,4 +0,0 @@
o Minor bugfixes (memory management, testing):
- Stop leaking parts of the shared random state in the shared-random unit
tests. The previous fix in 29599 was incomplete.
Fixes bug 29706; bugfix on 0.2.9.1-alpha.

View File

@ -1,11 +0,0 @@
o Major bugfixes (bridges):
- Do not count previously configured working bridges towards our total of
working bridges. Previously, when Tor's list of bridges changed, it
would think that the old bridges were still usable, and delay fetching
router descriptors for the new ones. Fixes part of bug 29875; bugfix
on 0.3.0.1-alpha.
- Consider our directory information to have changed when our list of
bridges changes. Previously, Tor would not re-compute the status of its
directory information when bridges changed, and therefore would not
realize that it was no longer able to build circuits. Fixes part of bug
29875.

View File

@ -1,4 +0,0 @@
o Minor bugfixes (testing, windows):
- Fix a test failure caused by an unexpected bug warning in
our test for tor_gmtime_r(-1). Fixes bug 29922;
bugfix on 0.2.9.3-alpha.

View File

@ -1,4 +0,0 @@
o Minor bugfixes (CI):
- Terminate test-stem if it takes more than 9.5 minutes to run.
(Travis terminates the job after 10 minutes of no output.)
Diagnostic for 29437. Fixes bug 30011; bugfix on 0.3.5.4-alpha.

View File

@ -1,8 +0,0 @@
o Minor bugfixes (TLS protocol, integration tests):
- When classifying a client's selection of TLS ciphers, if the client
ciphers are not yet available, do not cache the result. Previously,
we had cached the unavailability of the cipher list and never looked
again, which in turn led us to assume that the client only supported
the ancient V1 link protocol. This, in turn, was causing Stem
integration tests to stall in some cases.
Fixes bug 30021; bugfix on 0.2.4.8-alpha.

View File

@ -1,9 +0,0 @@
o Minor bugfixes (security):
- Fix a potential double free bug when reading huge bandwidth files. The
issue is not exploitable in the current Tor network because the
vulnerable code is only reached when directory authorities read bandwidth
files, but bandwidth files come from a trusted source (usually the
authorities themselves). Furthermore, the issue is only exploitable in
rare (non-POSIX) 32-bit architectures which are not used by any of the
current authorities. Fixes bug 30040; bugfix on 0.3.5.1-alpha. Bug found
and fixed by Tobias Stoeckmann.

View File

@ -1,5 +0,0 @@
o Minor bugfixes (hardening):
- Verify in more places that we are not about to create a buffer
with more than INT_MAX bytes, to avoid possible OOB access in the event
of bugs. Fixes bug 30041; bugfix on 0.2.0.16. Found and fixed by
Tobias Stoeckmann.

View File

@ -1,4 +0,0 @@
o Minor bugfixes (memory leak):
- Avoid a minor memory leak that could occur on relays when
creating a keys directory failed. Fixes bug 30148; bugfix on
0.3.3.1-alpha.

View File

@ -1,4 +0,0 @@
o Minor bugfixes (compilation, unusual configuration):
- Avoid failures when building with ALL_BUGS_ARE_FAILED due to
missing declarations of abort(), and prevent other such failures
in the future. Fixes bug 30189; bugfix on 0.3.4.1-alpha.

View File

@ -1,3 +0,0 @@
o Minor bugfixes (lib):
do not log a warning for OpenSSL versions that should be compatible
Fixes bug 30190; bugfix on 0.2.4.2-alpha

View File

@ -1,4 +0,0 @@
o Minor bugfixes (directory authority):
- Move the "bandwidth-file-headers" line in directory authority votes
so that it conforms to dir-spec.txt. Fixes bug 30316; bugfix on
0.3.5.1-alpha.

View File

@ -1,3 +0,0 @@
o Minor features (compile-time modules):
- Add a --list-modules command to print a list of which compile-time
modules are enabled. Closes ticket 30452.

View File

@ -1,4 +0,0 @@
o Minor bugfixes ():
- Avoid a GCC 9.1.1 warning (and possible crash depending on libc
implemenation) when failing to load a hidden service client authorization
file. Fixes bug 30475; bugfix on 0.3.5.1-alpha.

View File

@ -1,6 +0,0 @@
o Minor bugfixes (portability):
- Avoid crashing in our tor_vasprintf() implementation on systems that
define neither vasprintf() nor _vscprintf(). (This bug has been here
long enough that we question whether people are running Tor on such
systems, but we're applying the fix out of caution.) Fixes bug 30561;
bugfix on 0.2.8.2-alpha. Found and fixed by Tobias Stoeckmann.

View File

@ -1,5 +0,0 @@
o Minor bugfixes (testing):
- Skip test_rebind when the TOR_SKIP_TEST_REBIND environmental variable is
set. Fixes bug 30713; bugfix on 0.3.5.1-alpha.
- Skip test_rebind on macOS in Travis, because it is unreliable on
macOS on Travis. Fixes bug 30713; bugfix on 0.3.5.1-alpha.

View File

@ -1,3 +0,0 @@
o Minor bugfixes (continuous integration):
- Allow the test-stem job to fail in Travis, because it sometimes hangs.
Fixes bug 30744; bugfix on 0.3.5.4-alpha.

View File

@ -1,4 +0,0 @@
o Minor bugfixes (directory authorities):
- Stop crashing after parsing an unknown descriptor purpose annotation.
We think this bug can only be triggered by modifying a local file.
Fixes bug 30781; bugfix on 0.2.0.8-alpha.

View File

@ -1,4 +0,0 @@
o Minor bugfixes (memory leaks):
- Fix a trivial memory leak when parsing an invalid value
from a download schedule in the configuration. Fixes bug
30894; bugfix on 0.3.4.1-alpha.

View File

@ -1,4 +0,0 @@
o Minor bugfixes (relay):
- Avoid crashing when starting with a corrupt keys directory where
the old ntor key and the new ntor key are identical. Fixes bug 30916;
bugfix on 0.2.4.8-alpha.

View File

@ -1,4 +0,0 @@
o Minor bugfixes (crash on exit):
- Avoid a set of possible code paths that could use try to use freed memory
in routerlist_free() while Tor was exiting. Fixes bug 31003; bugfix on
0.1.2.2-alpha.

View File

@ -1,4 +0,0 @@
o Minor bugfixes (logging, protocol violations):
- Do not log a nonfatal assertion failure when receiving a VERSIONS
cell on a connection using the obsolete v1 link protocol. Log a
protocol_warn instead. Fixes bug 31107; bugfix on 0.2.4.4-alpha.

3
changes/bug31335 Normal file
View File

@ -0,0 +1,3 @@
o Minor bugfixes (code quality):
- Fix "make check-includes" so it runs correctly on out-of-tree builds.
Fixes bug 31335; bugfix on 0.3.5.1-alpha.

Some files were not shown because too many files have changed in this diff Show More