commit 594cc1de309ab115a09413e0599105d51f6f6c78 Author: Nick Mathewson nickm@torproject.org Date: Wed Apr 10 11:41:49 2019 -0400
Start a changelog for 0.4.0.4-rc --- ChangeLog | 138 ++++++++++++++++++++++++++++++++++++++++ changes/29241_diagnostic | 4 -- changes/bug28614_better_logging | 6 -- changes/bug28925 | 4 -- changes/bug29036 | 5 -- changes/bug29241 | 6 -- changes/bug29500 | 3 - changes/bug29527 | 5 -- changes/bug29703 | 4 -- changes/bug29874 | 4 -- changes/bug29922 | 4 -- changes/bug29959-040 | 3 - changes/bug30011 | 4 -- changes/bug30021 | 8 --- changes/bug30040 | 9 --- changes/bug30041 | 5 -- changes/cid1444119 | 3 - changes/doc29121 | 3 - changes/geoip-2019-04-02 | 4 -- changes/ticket21377 | 4 -- changes/ticket28816 | 4 -- changes/ticket29357 | 7 -- changes/ticket29806 | 7 -- changes/ticket29897 | 3 - changes/ticket29962 | 3 - 25 files changed, 138 insertions(+), 112 deletions(-)
diff --git a/ChangeLog b/ChangeLog index 4727eb5e9..0313c4c66 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,141 @@ +Changes in version 0.4.0.4-rc - 2019-04-11 + Tor 0.4.0.4-rc is the first release candidate in its series; it fixes + several bugs from earlier versions, including some that had affected + stability. + + o Major bugfixes (NSS, relay): + - When running with NSS, disable TLS 1.2 ciphersuites that use SHA384 + for their PRF. Due to an NSS bug, the TLS key exporters for these + ciphersuites don't work -- which caused relays to fail to handshake + with one another when these ciphersuites were enabled. + Fixes bug 29241; bugfix on 0.3.5.1-alpha. + + o Minor features (bandwidth authority): + - Make bandwidth authorities to ignore relays that are reported in the + bandwidth file with the key-value "vote=0". + This change allows to report the relays that were not measured due + some failure and diagnose the reasons without the bandwidth being included in the + bandwidth authorities vote. + Closes ticket 29806. + + o Minor features (circuit padding): + - Stop warning about undefined behavior in the probability distribution + tests. Float division by zero may technically be undefined behaviour in + C, but it's well-defined in IEEE 754. Partial backport of 29298. + Closes ticket 29527; bugfix on 0.4.0.1-alpha. + + o Minor features (continuous integration): + - On Travis Rust builds, cleanup Rust registry and refrain from caching + target/ directory to speed up builds. Resolves issue 29962. + + o Minor features (dircache): + - When a directory authority is using a bandwidth file to obtain the + bandwidth values that will be included in the next vote, serve this + bandwidth file at /tor/status-vote/next/bandwidth. Closes ticket 21377. + + o Minor features (dormant mode): + - Add a DormantCanceledByStartup option to tell Tor that it should + treat a startup event as cancelling any previous dormant state. + Integrators should use this option with caution: it should + only be used if Tor is being started because of something that the + user did, and not if Tor is being automatically started in the + background. Closes ticket 29357. + + o Minor features (geoip): + - Update geoip and geoip6 to the April 2 2019 Maxmind GeoLite2 + Country database. Closes ticket 29992. + + o Minor features (NSS, diagnostic): + - Try to log an error from NSS (if there is any) and a more useful + description of our situation if we are using NSS and a call to + SSL_ExportKeyingMaterial() fails. Diagnostic for ticket 29241. + + o Minor bugfix (continuous integration): + - Reset coverage state on disk after Travis CI has finished. This is being + done to prevent future gcda file merge errors which causes the test suite + for the process subsystem to fail. The process subsystem was introduced + in 0.4.0.1-alpha. Fixes bug 29036; bugfix on 0.2.9.15. + + o Minor bugfixes (bootstrap reporting): + - During bootstrap reporting, correctly distinguish pluggable + transports from plain proxies. Fixes bug 28925; bugfix on + 0.4.0.1-alpha. + + o Minor bugfixes (C correctness): + - Fix an unlikely memory leak in consensus_diff_apply(). Fixes bug 29824; + bugfix on 0.3.1.1-alpha. This is Coverity warning CID 1444119. + + o Minor bugfixes (CI): + - Terminate test-stem if it takes more than 9.5 minutes to run. + (Travis terminates the job after 10 minutes of no output.) + Diagnostic for 29437. Fixes bug 30011; bugfix on 0.3.5.4-alpha. + + o Minor bugfixes (circuitpadding testing): + - Minor tweaks to avoid very rare test failures related to timers and + monotime. Fixes bug 29500; bugfix on 0.4.0.1-alpha + + o Minor bugfixes (directory authorities): + - Actually include the bandwidth-file-digest line in directory authority + votes. Fixes bug 29959; bugfix on 0.4.0.2-alpha. + + o Minor bugfixes (hardening): + - Verify in more places that we are not about to create a buffer + with more than INT_MAX bytes, to avoid possible OOB access in the event + of bugs. Fixes bug 30041; bugfix on 0.2.0.16. Found and fixed by + Tobias Stoeckmann. + + o Minor bugfixes (logging): + - On Windows, when errors cause us to reload a consensus from disk, tell + the user that we are retrying at log level "notice". Previously we only + logged this information at "info", which was confusing because the + errors themselves were logged at "warning". Improves previous fix for + 28614. Fixes bug 30004; bugfix on 0.4.0.2-alpha. + + o Minor bugfixes (pluggable transports): + - Restore old behaviour when it comes to discovering the path of a given + Pluggable Transport exe-file. Fixes bug 29874; bugfix on 0.4.0.1-alpha. + + o Minor bugfixes (security): + - Fix a potential double free bug when reading huge bandwidth files. The + issue is not exploitable in the current Tor network because the + vulnerable code is only reached when directory authorities read bandwidth + files, but bandwidth files come from a trusted source (usually the + authorities themselves). Furthermore, the issue is only exploitable in + rare (non-POSIX) 32-bit architectures which are not used by any of the + current authorities. Fixes bug 30040; bugfix on 0.3.5.1-alpha. Bug found + and fixed by Tobias Stoeckmann. + + o Minor bugfixes (testing): + - Backport the 0.3.4 src/test/test-network.sh to 0.2.9. + We need a recent test-network.sh to use new chutney features in CI. + Fixes bug 29703; bugfix on 0.2.9.1-alpha. + + o Minor bugfixes (testing, windows): + - Fix a test failure caused by an unexpected bug warning in + our test for tor_gmtime_r(-1). Fixes bug 29922; + bugfix on 0.2.9.3-alpha. + + o Minor bugfixes (TLS protocol, integration tests): + - When classifying a client's selection of TLS ciphers, if the client + ciphers are not yet available, do not cache the result. Previously, + we had cached the unavailability of the cipher list and never looked + again, which in turn led us to assume that the client only supported + the ancient V1 link protocol. This, in turn, was causing Stem + integration tests to stall in some cases. + Fixes bug 30021; bugfix on 0.2.4.8-alpha. + + o Code simplification and refactoring: + - Introduce a connection_dir_buf_add() helper function that checks for + compress_state of dir_connection_t and automatically writes a string to + directory connection with or without compression. Resolves issue 28816. + - Refactor handle_get_next_bandwidth() to use connection_dir_buf_add(). + Implements ticket 29897. + + o Documentation: + - Clarify that Tor performs stream isolation between *Port listeners by + default. Resolves issue 29121. + + Changes in version 0.4.0.3-alpha - 2019-03-22 Tor 0.4.0.3-alpha is the third in its series; it fixes several small bugs from earlier versions. diff --git a/changes/29241_diagnostic b/changes/29241_diagnostic deleted file mode 100644 index 1e3865495..000000000 --- a/changes/29241_diagnostic +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (NSS, diagnostic): - - Try to log an error from NSS (if there is any) and a more useful - description of our situation if we are using NSS and a call to - SSL_ExportKeyingMaterial() fails. Diagnostic for ticket 29241. diff --git a/changes/bug28614_better_logging b/changes/bug28614_better_logging deleted file mode 100644 index 26d19c3c1..000000000 --- a/changes/bug28614_better_logging +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (logging): - - On Windows, when errors cause us to reload a consensus from disk, tell - the user that we are retrying at log level "notice". Previously we only - logged this information at "info", which was confusing because the - errors themselves were logged at "warning". Improves previous fix for - 28614. Fixes bug 30004; bugfix on 0.4.0.2-alpha. diff --git a/changes/bug28925 b/changes/bug28925 deleted file mode 100644 index a86744388..000000000 --- a/changes/bug28925 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (bootstrap reporting): - - During bootstrap reporting, correctly distinguish pluggable - transports from plain proxies. Fixes bug 28925; bugfix on - 0.4.0.1-alpha. diff --git a/changes/bug29036 b/changes/bug29036 deleted file mode 100644 index 8b96c5c8f..000000000 --- a/changes/bug29036 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfix (continuous integration): - - Reset coverage state on disk after Travis CI has finished. This is being - done to prevent future gcda file merge errors which causes the test suite - for the process subsystem to fail. The process subsystem was introduced - in 0.4.0.1-alpha. Fixes bug 29036; bugfix on 0.2.9.15. diff --git a/changes/bug29241 b/changes/bug29241 deleted file mode 100644 index 7f25e154d..000000000 --- a/changes/bug29241 +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfixes (NSS, relay): - - When running with NSS, disable TLS 1.2 ciphersuites that use SHA384 - for their PRF. Due to an NSS bug, the TLS key exporters for these - ciphersuites don't work -- which caused relays to fail to handshake - with one another when these ciphersuites were enabled. - Fixes bug 29241; bugfix on 0.3.5.1-alpha. diff --git a/changes/bug29500 b/changes/bug29500 deleted file mode 100644 index 16550935b..000000000 --- a/changes/bug29500 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (circuitpadding testing): - - Minor tweaks to avoid very rare test failures related to timers and - monotime. Fixes bug 29500; bugfix on 0.4.0.1-alpha diff --git a/changes/bug29527 b/changes/bug29527 deleted file mode 100644 index 6f36a9e1a..000000000 --- a/changes/bug29527 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features (circuit padding): - - Stop warning about undefined behavior in the probability distribution - tests. Float division by zero may technically be undefined behaviour in - C, but it's well-defined in IEEE 754. Partial backport of 29298. - Closes ticket 29527; bugfix on 0.4.0.1-alpha. diff --git a/changes/bug29703 b/changes/bug29703 deleted file mode 100644 index 0e17ee45e..000000000 --- a/changes/bug29703 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (testing): - - Backport the 0.3.4 src/test/test-network.sh to 0.2.9. - We need a recent test-network.sh to use new chutney features in CI. - Fixes bug 29703; bugfix on 0.2.9.1-alpha. diff --git a/changes/bug29874 b/changes/bug29874 deleted file mode 100644 index 8534753b5..000000000 --- a/changes/bug29874 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (pluggable transports): - - Restore old behaviour when it comes to discovering the path of a given - Pluggable Transport exe-file. Fixes bug 29874; bugfix on 0.4.0.1-alpha. - diff --git a/changes/bug29922 b/changes/bug29922 deleted file mode 100644 index dacb95109..000000000 --- a/changes/bug29922 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (testing, windows): - - Fix a test failure caused by an unexpected bug warning in - our test for tor_gmtime_r(-1). Fixes bug 29922; - bugfix on 0.2.9.3-alpha. diff --git a/changes/bug29959-040 b/changes/bug29959-040 deleted file mode 100644 index 3740e0169..000000000 --- a/changes/bug29959-040 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (directory authorities): - - Actually include the bandwidth-file-digest line in directory authority - votes. Fixes bug 29959; bugfix on 0.4.0.2-alpha. diff --git a/changes/bug30011 b/changes/bug30011 deleted file mode 100644 index 4c9069e29..000000000 --- a/changes/bug30011 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (CI): - - Terminate test-stem if it takes more than 9.5 minutes to run. - (Travis terminates the job after 10 minutes of no output.) - Diagnostic for 29437. Fixes bug 30011; bugfix on 0.3.5.4-alpha. diff --git a/changes/bug30021 b/changes/bug30021 deleted file mode 100644 index 2a887f3cf..000000000 --- a/changes/bug30021 +++ /dev/null @@ -1,8 +0,0 @@ - o Minor bugfixes (TLS protocol, integration tests): - - When classifying a client's selection of TLS ciphers, if the client - ciphers are not yet available, do not cache the result. Previously, - we had cached the unavailability of the cipher list and never looked - again, which in turn led us to assume that the client only supported - the ancient V1 link protocol. This, in turn, was causing Stem - integration tests to stall in some cases. - Fixes bug 30021; bugfix on 0.2.4.8-alpha. diff --git a/changes/bug30040 b/changes/bug30040 deleted file mode 100644 index 7d80528a1..000000000 --- a/changes/bug30040 +++ /dev/null @@ -1,9 +0,0 @@ - o Minor bugfixes (security): - - Fix a potential double free bug when reading huge bandwidth files. The - issue is not exploitable in the current Tor network because the - vulnerable code is only reached when directory authorities read bandwidth - files, but bandwidth files come from a trusted source (usually the - authorities themselves). Furthermore, the issue is only exploitable in - rare (non-POSIX) 32-bit architectures which are not used by any of the - current authorities. Fixes bug 30040; bugfix on 0.3.5.1-alpha. Bug found - and fixed by Tobias Stoeckmann. diff --git a/changes/bug30041 b/changes/bug30041 deleted file mode 100644 index 801c8f67a..000000000 --- a/changes/bug30041 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (hardening): - - Verify in more places that we are not about to create a buffer - with more than INT_MAX bytes, to avoid possible OOB access in the event - of bugs. Fixes bug 30041; bugfix on 0.2.0.16. Found and fixed by - Tobias Stoeckmann. diff --git a/changes/cid1444119 b/changes/cid1444119 deleted file mode 100644 index bb6854e66..000000000 --- a/changes/cid1444119 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (C correctness): - - Fix an unlikely memory leak in consensus_diff_apply(). Fixes bug 29824; - bugfix on 0.3.1.1-alpha. This is Coverity warning CID 1444119. diff --git a/changes/doc29121 b/changes/doc29121 deleted file mode 100644 index dd31cc9c7..000000000 --- a/changes/doc29121 +++ /dev/null @@ -1,3 +0,0 @@ - o Documentation: - - Clarify that Tor performs stream isolation between *Port listeners by - default. Resolves issue 29121. diff --git a/changes/geoip-2019-04-02 b/changes/geoip-2019-04-02 deleted file mode 100644 index 7302d939f..000000000 --- a/changes/geoip-2019-04-02 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (geoip): - - Update geoip and geoip6 to the April 2 2019 Maxmind GeoLite2 - Country database. Closes ticket 29992. - diff --git a/changes/ticket21377 b/changes/ticket21377 deleted file mode 100644 index 2bf5149a0..000000000 --- a/changes/ticket21377 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (dircache): - - When a directory authority is using a bandwidth file to obtain the - bandwidth values that will be included in the next vote, serve this - bandwidth file at /tor/status-vote/next/bandwidth. Closes ticket 21377. \ No newline at end of file diff --git a/changes/ticket28816 b/changes/ticket28816 deleted file mode 100644 index 02878ccfd..000000000 --- a/changes/ticket28816 +++ /dev/null @@ -1,4 +0,0 @@ - o Code simplification and refactoring: - - Introduce a connection_dir_buf_add() helper function that checks for - compress_state of dir_connection_t and automatically writes a string to - directory connection with or without compression. Resolves issue 28816. diff --git a/changes/ticket29357 b/changes/ticket29357 deleted file mode 100644 index 3aab930cd..000000000 --- a/changes/ticket29357 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor features (dormant mode): - - Add a DormantCanceledByStartup option to tell Tor that it should - treat a startup event as cancelling any previous dormant state. - Integrators should use this option with caution: it should - only be used if Tor is being started because of something that the - user did, and not if Tor is being automatically started in the - background. Closes ticket 29357. diff --git a/changes/ticket29806 b/changes/ticket29806 deleted file mode 100644 index 6afefd4c0..000000000 --- a/changes/ticket29806 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor features (bandwidth authority): - - Make bandwidth authorities to ignore relays that are reported in the - bandwidth file with the key-value "vote=0". - This change allows to report the relays that were not measured due - some failure and diagnose the reasons without the bandwidth being included in the - bandwidth authorities vote. - Closes ticket 29806. diff --git a/changes/ticket29897 b/changes/ticket29897 deleted file mode 100644 index 232a79fbc..000000000 --- a/changes/ticket29897 +++ /dev/null @@ -1,3 +0,0 @@ - o Code simplification and refactoring: - - Refactor handle_get_next_bandwidth() to use connection_dir_buf_add(). - Implements ticket 29897. diff --git a/changes/ticket29962 b/changes/ticket29962 deleted file mode 100644 index e36cc0cf9..000000000 --- a/changes/ticket29962 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (continuous integration): - - On Travis Rust builds, cleanup Rust registry and refrain from caching - target/ directory to speed up builds. Resolves issue 29962.