commit ce64ab2f096a57d8f44dd3269731209b9527387d
Author: Nick Mathewson <nickm(a)torproject.org>
Date: Thu Jun 29 15:54:36 2017 -0400
Sort changes into changelog file for 0.3.1.4-alpha
---
ChangeLog | 121 ++++++++++++++++++++++++++++++++++++++
changes/bug16082 | 4 --
changes/bug22212 | 6 --
changes/bug22347 | 3 -
changes/bug22356 | 5 --
changes/bug22400_01 | 4 --
changes/bug22502_part1 | 12 ----
changes/bug22516 | 5 --
changes/bug22669 | 4 --
changes/bug22670 | 4 --
changes/bug22670_02 | 4 --
changes/bug22670_03 | 6 --
changes/bug22672 | 5 --
changes/bug22702 | 5 --
changes/bug22719 | 7 ---
changes/bug22720 | 9 ---
changes/bug22737 | 12 ----
changes/bug22751 | 5 --
changes/diagnose_22752 | 4 --
changes/geoip-june2017 | 4 --
changes/more-files | 4 --
changes/new_requirement_pkgconfig | 5 --
22 files changed, 121 insertions(+), 117 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index b1f64c9..d67c8dd 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,124 @@
+Changes in version 0.3.1.4-alpha - 2017-06-29:
+ blurb goes here.
+
+ o Major bugfixes (compression):
+ - Fix crash in LZMA module, when the Sandbox is enabled, where
+ liblzma would allocate more than 16 MB of memory. We solve this
+ by bumping the mprotect() limit in the Sandbox module from 16 MB
+ to 20 MB. Fixes bug 22751; bugfix on 0.3.1.1-alpha.
+
+ o Major bugfixes (compression, zstd):
+ - Correctly detect a full buffer when decompessing a large
+ zstd-compressed input. Fixes bug 22628; bugfix on 0.3.1.1-alpha.
+
+ o Major bugfixes (directory protocol):
+ - Ensure that we sent "304 Not modified" as HTTP status code when a
+ client is attempting to fetch a consensus or consensus diff that
+ matches the latest consensus we have available. Fixes bug 22702;
+ bugfix on 0.3.1.1-alpha.
+
+ o Major bugfixes (entry guards):
+ - When starting with an old consensus, do not add new entry guards
+ unless the consensus is "reasonably live" (under 1 day old). Fixes
+ one root cause of bug 22400; bugfix on 0.3.0.1-alpha.
+
+ o Minor features (bug mitigation, diagnostics, logging):
+ - Avoid an assertion failure, and log a better error message,
+ when unable to remove a file from the consensus cache on
+ Windows. Attempts to mitigate and diagnose bug 22752.
+
+ o Minor features (compression, defensive programming):
+ - Detect and break out of infinite loops in our compression code.
+ We don't think that any such loops exist now, but it's best to be
+ safe. Closes ticket 22672.
+
+ o Minor features (geoip):
+ - Update geoip and geoip6 to the June 8 2017 Maxmind GeoLite2
+ Country database.
+
+ o Minor bugfixes (compression):
+ - When compressing or decompressing a buffer, check for a failure to
+ create a compression object. Fixes bug 22626; bugfix on
+ 0.3.1.1-alpha.
+ - When decompressing a buffer, check for extra data after the end of
+ the compressed data. Fixes bug 22629; bugfix on 0.3.1.1-alpha.
+ - When decompressing an object received over an anonymous directory
+ connection, if we have already successfully decompressed it using an
+ acceptable compression method, do not reject it for looking like an
+ unacceptable compression method. Fixes part of bug 22670; bugfix on
+ 0.3.1.1-alpha.
+ - When serving directory votes compressed with zlib,
+ do not claim to have compressed them with zstd. Fixes bug 22669;
+ bugfix on 0.3.1.1-alpha.
+ - When spooling compressed data to an output buffer, don't try to
+ spool more data when there is no more data to spool and we are
+ not trying to flush the input. Previously, we would sometimes
+ launch compression requests with nothing to do, which interferes
+ with our 22672 checks. Fixes bug 22719; bugfix on 0.2.0.16-alpha.
+
+ o Minor bugfixes (defensive programming, undefined behavior):
+ - Fix a memset() off the end of an array when packing cells. This
+ bug should be harmless in practice, since the corrupted bytes
+ are still in the same structure, and are always padding bytes,
+ ignored, or immediately overwritten, depending on compiler
+ behavior. Nevertheless, because the memset()'s purpose is to
+ make sure that any other cell-handling bugs can't expose bytes
+ to the network, we need to fix it. Fixes bug 22737; bugfix on
+ 0.2.4.11-alpha. Fixes CID 1401591.
+
+ o Minor bugfixes (linux seccomp2 sandbox):
+ - Permit the fchmod system call, to avoid crashing on startup when
+ starting with the seccomp2 sandbox and an unexpected set of permissions
+ on the data directory or its contents. Fixes bug 22516; bugfix on
+ 0.2.5.4-alpha.
+
+ o Minor bugfixes (logging, compression):
+ - When decompressing, do not warn if we fail to decompress using a
+ compression method that we merely guessed. Fixes part of
+ bug 22670; bugfix on 0.1.1.14-alpha.
+ - When decompressing, treat mismatch between content-encoding and
+ actual compression type as a protocol warning. Fixes part of bug
+ 22670; bugfix on 0.1.1.9-alpha.
+
+ o Minor bugfixes (logging, relay):
+ - Downgrade "assigned_to_cpuworker failed" message to INFO-level
+ severity. In every case that can reach it, either a better warning
+ has already been logged, or no warning is warranted. Fixes bug 22356;
+ bugfix on 0.2.6.3-alpha.
+
+ o Minor bugfixes (netflow padding logging):
+ - Demote a warn that was caused by libevent delays to info if
+ the padding is less than 4.5 seconds late, or notice if it is more
+ (4.5 seconds is the amount of time that a netflow record might
+ be emitted after, if we chose the maximum timeout). Fixes bug 22212;
+ bugfix on 0.3.1.1-alpha.
+
+ o Minor bugfixes (process behavior):
+ - When exiting because of an error, always exit with a nonzero
+ exit status. Previously, we would fail to report an error in
+ our exit status in cases related to lockfile contention,
+ __OwningControllerProcess failure, and Ed25519 key
+ initialization. Fixes bug 22720; bugfix on versions
+ 0.2.1.6-alpha, 0.2.2.28-beta, and 0.2.7.2-alpha
+ respectively. Reported by "f55jwk4f"; patch from "huyvq".
+
+ o Documentation:
+ - Add a manpage description for the key-pinning-journal file.
+ Closes ticket 22347.
+ - Correctly note that bandwidth accounting values are stored in the
+ state file, and the bw_accounting file is now obsolete. Closes
+ ticket 16082.
+ - Document more of the files in the Tor data directory, including
+ cached-extrainfo, secret_onion_key{,_ntor}.old, hidserv-stats,
+ approved-routers, sr-random, and diff-cache.
+
+ o New dependencies:
+ - To build with zstd and lzma support, Tor now requires the
+ pkg-config tool at build time. (This requirement was new in
+ 0.3.1.1-alpha, but was not noted at the time. Noting it here to
+ close ticket 22623.)
+
+
Changes in version 0.3.1.3-alpha - 2017-06-08
Tor 0.3.1.3-alpha fixes a pair of bugs that would allow an attacker to
remotely crash a hidden service with an assertion failure. Anyone
diff --git a/changes/bug16082 b/changes/bug16082
deleted file mode 100644
index 0f2f04f..0000000
--- a/changes/bug16082
+++ /dev/null
@@ -1,4 +0,0 @@
- o Documentation:
- - Correctly note that bandwidth accounting values are stored in the
- state file, and the bw_accounting file is now obsolete. Closes
- ticket 16082.
diff --git a/changes/bug22212 b/changes/bug22212
deleted file mode 100644
index dc1604a..0000000
--- a/changes/bug22212
+++ /dev/null
@@ -1,6 +0,0 @@
- o Minor bugfixes (netflow padding logging):
- - Demote a warn that was caused by libevent delays to info if
- the padding is less than 4.5 seconds late, or notice if it is more
- (4.5 seconds is the amount of time that a netflow record might
- be emitted after, if we chose the maximum timeout). Fixes bug 22212;
- bugfix on 0.3.1.1-alpha.
diff --git a/changes/bug22347 b/changes/bug22347
deleted file mode 100644
index f98c19f..0000000
--- a/changes/bug22347
+++ /dev/null
@@ -1,3 +0,0 @@
- o Documentation:
- - Add a manpage description for the key-pinning-journal file.
- Closes ticket 22347.
diff --git a/changes/bug22356 b/changes/bug22356
deleted file mode 100644
index 0082b54..0000000
--- a/changes/bug22356
+++ /dev/null
@@ -1,5 +0,0 @@
- o Minor bugfixes (logging, relay):
- - Downgrade "assigned_to_cpuworker failed" message to INFO-level
- severity. In every case that can reach it, either a better warning
- has already been logged, or no warning is warranted. Fixes bug 22356;
- bugfix on 0.2.6.3-alpha.
diff --git a/changes/bug22400_01 b/changes/bug22400_01
deleted file mode 100644
index 454c5f7..0000000
--- a/changes/bug22400_01
+++ /dev/null
@@ -1,4 +0,0 @@
- o Major bugfixes (entry guards):
- - When starting with an old consensus, do not add new entry guards
- unless the consensus is "reasonably live" (under 1 day old). Fixes
- one root cause of bug 22400; bugfix on 0.3.0.1-alpha.
diff --git a/changes/bug22502_part1 b/changes/bug22502_part1
deleted file mode 100644
index bd95b7c..0000000
--- a/changes/bug22502_part1
+++ /dev/null
@@ -1,12 +0,0 @@
- o Major bugfixes (compression, zstd):
- - Correctly detect a full buffer when decompessing a large
- zstd-compressed input. Fixes bug 22628; bugfix on 0.3.1.1-alpha.
-
- o Minor bugfixes (compression):
- - When compressing or decompressing a buffer, check for a failure to
- create a compression object. Fixes bug 22626; bugfix on
- 0.3.1.1-alpha.
-
- - When decompressing a buffer, check for extra data after the end of
- the compressed data. Fixes bug 22629; bugfix on 0.3.1.1-alpha.
-
diff --git a/changes/bug22516 b/changes/bug22516
deleted file mode 100644
index f024a3c..0000000
--- a/changes/bug22516
+++ /dev/null
@@ -1,5 +0,0 @@
- o Minor bugfixes (linux seccomp2 sandbox):
- - Permit the fchmod system call, to avoid crashing on startup when
- starting with the seccomp2 sandbox and an unexpected set of permissions
- on the data directory or its contents. Fixes bug 22516; bugfix on
- 0.2.5.4-alpha.
diff --git a/changes/bug22669 b/changes/bug22669
deleted file mode 100644
index 804a39e..0000000
--- a/changes/bug22669
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfixes (compression):
- - When serving directory votes compressed with zlib,
- do not claim to have compressed them with zstd. Fixes bug 22669;
- bugfix on 0.3.1.1-alpha.
diff --git a/changes/bug22670 b/changes/bug22670
deleted file mode 100644
index 4740327..0000000
--- a/changes/bug22670
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfixes (logging, compression):
- - When decompressing, do not warn if we fail to decompress using a
- compression method that we merely guessed. Fixes part of
- bug 22670; bugfix on 0.1.1.14-alpha.
diff --git a/changes/bug22670_02 b/changes/bug22670_02
deleted file mode 100644
index 3e7a428..0000000
--- a/changes/bug22670_02
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfixes (logging, compression):
- - When decompressing, treat mismatch between content-encoding and
- actual compression type as a protocol warning. Fixes part of bug
- 22670; bugfix on 0.1.1.9-alpha.
diff --git a/changes/bug22670_03 b/changes/bug22670_03
deleted file mode 100644
index 8a7aa49..0000000
--- a/changes/bug22670_03
+++ /dev/null
@@ -1,6 +0,0 @@
- o Minor bugfixes (compression):
- - When decompressing an object received over an anonymous directory
- connection, if we have already successfully decompressed it using an
- acceptable compression method, do not reject it for looking like an
- unacceptable compression method. Fixes part of bug 22670; bugfix on
- 0.3.1.1-alpha.
diff --git a/changes/bug22672 b/changes/bug22672
deleted file mode 100644
index ec66811..0000000
--- a/changes/bug22672
+++ /dev/null
@@ -1,5 +0,0 @@
- o Minor features (compression, defensive programming):
- - Detect and break out of infinite loops in our compression code.
- We don't think that any such loops exist now, but it's best to be
- safe. Closes ticket 22672.
-
diff --git a/changes/bug22702 b/changes/bug22702
deleted file mode 100644
index a2044c7..0000000
--- a/changes/bug22702
+++ /dev/null
@@ -1,5 +0,0 @@
- o Major bugfixes (directory protocol):
- - Ensure that we sent "304 Not modified" as HTTP status code when a
- client is attempting to fetch a consensus or consensus diff that
- matches the latest consensus we have available. Fixes bug 22702;
- bugfix on 0.3.1.1-alpha.
diff --git a/changes/bug22719 b/changes/bug22719
deleted file mode 100644
index bfcda0a..0000000
--- a/changes/bug22719
+++ /dev/null
@@ -1,7 +0,0 @@
- o Minor bugfixes (compression):
- - When spooling compressed data to an output buffer, don't try to
- spool more data when there is no more data to spool and we are
- not trying to flush the input. Previously, we would sometimes
- launch compression requests with nothing to do, which interferes
- with our 22672 checks. Fixes bug 22719; bugfix on 0.2.0.16-alpha.
-
diff --git a/changes/bug22720 b/changes/bug22720
deleted file mode 100644
index 4893b57..0000000
--- a/changes/bug22720
+++ /dev/null
@@ -1,9 +0,0 @@
- o Minor bugfixes (process behavior):
- - When exiting because of an error, always exit with a nonzero
- exit status. Previously, we would fail to report an error in
- our exit status in cases related to lockfile contention,
- __OwningControllerProcess failure, and Ed25519 key
- initialization. Fixes bug 22720; bugfix on versions
- 0.2.1.6-alpha, 0.2.2.28-beta, and 0.2.7.2-alpha
- respectively. Reported by "f55jwk4f"; patch from "huyvq".
-
diff --git a/changes/bug22737 b/changes/bug22737
deleted file mode 100644
index f0de8e6..0000000
--- a/changes/bug22737
+++ /dev/null
@@ -1,12 +0,0 @@
- o Minor bugfixes (defensive programming, undefined behavior):
-
- - Fix a memset() off the end of an array when packing cells. This
- bug should be harmless in practice, since the corrupted bytes
- are still in the same structure, and are always padding bytes,
- ignored, or immediately overwritten, depending on compiler
- behavior. Nevertheless, because the memset()'s purpose is to
- make sure that any other cell-handling bugs can't expose bytes
- to the network, we need to fix it. Fixes bug 22737; bugfix on
- 0.2.4.11-alpha. Fixes CID 1401591.
-
-
diff --git a/changes/bug22751 b/changes/bug22751
deleted file mode 100644
index 714525c..0000000
--- a/changes/bug22751
+++ /dev/null
@@ -1,5 +0,0 @@
- o Major bugfixes (compression):
- - Fix crash in LZMA module, when the Sandbox is enabled, where
- liblzma would allocate more than 16 MB of memory. We solve this
- by bumping the mprotect() limit in the Sandbox module from 16 MB
- to 20 MB. Fixes bug 22751; bugfix on 0.3.1.1-alpha.
diff --git a/changes/diagnose_22752 b/changes/diagnose_22752
deleted file mode 100644
index b5bda05..0000000
--- a/changes/diagnose_22752
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor features (bug mitigation, diagnostics, logging):
- - Avoid an assertion failure, and log a better error message,
- when unable to remove a file from the consensus cache on
- Windows. Attempts to mitigate and diagnose bug 22752.
diff --git a/changes/geoip-june2017 b/changes/geoip-june2017
deleted file mode 100644
index 1001e8e..0000000
--- a/changes/geoip-june2017
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor features (geoip):
- - Update geoip and geoip6 to the June 8 2017 Maxmind GeoLite2
- Country database.
-
diff --git a/changes/more-files b/changes/more-files
deleted file mode 100644
index 861d6a3..0000000
--- a/changes/more-files
+++ /dev/null
@@ -1,4 +0,0 @@
- o Documentation:
- - Document more of the files in the Tor data directory, including
- cached-extrainfo, secret_onion_key{,_ntor}.old, hidserv-stats,
- approved-routers, sr-random, and diff-cache.
diff --git a/changes/new_requirement_pkgconfig b/changes/new_requirement_pkgconfig
deleted file mode 100644
index 503ff58..0000000
--- a/changes/new_requirement_pkgconfig
+++ /dev/null
@@ -1,5 +0,0 @@
- o New dependencies:
- - To build with zstd and lzma support, Tor now requires the
- pkg-config tool at build time. (This requirement was new in
- 0.3.1.1-alpha, but was not noted at the time. Noting it here to
- close ticket 22623.)