commit ce64ab2f096a57d8f44dd3269731209b9527387d Author: Nick Mathewson nickm@torproject.org Date: Thu Jun 29 15:54:36 2017 -0400
Sort changes into changelog file for 0.3.1.4-alpha --- ChangeLog | 121 ++++++++++++++++++++++++++++++++++++++ changes/bug16082 | 4 -- changes/bug22212 | 6 -- changes/bug22347 | 3 - changes/bug22356 | 5 -- changes/bug22400_01 | 4 -- changes/bug22502_part1 | 12 ---- changes/bug22516 | 5 -- changes/bug22669 | 4 -- changes/bug22670 | 4 -- changes/bug22670_02 | 4 -- changes/bug22670_03 | 6 -- changes/bug22672 | 5 -- changes/bug22702 | 5 -- changes/bug22719 | 7 --- changes/bug22720 | 9 --- changes/bug22737 | 12 ---- changes/bug22751 | 5 -- changes/diagnose_22752 | 4 -- changes/geoip-june2017 | 4 -- changes/more-files | 4 -- changes/new_requirement_pkgconfig | 5 -- 22 files changed, 121 insertions(+), 117 deletions(-)
diff --git a/ChangeLog b/ChangeLog index b1f64c9..d67c8dd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,124 @@ +Changes in version 0.3.1.4-alpha - 2017-06-29: + blurb goes here. + + o Major bugfixes (compression): + - Fix crash in LZMA module, when the Sandbox is enabled, where + liblzma would allocate more than 16 MB of memory. We solve this + by bumping the mprotect() limit in the Sandbox module from 16 MB + to 20 MB. Fixes bug 22751; bugfix on 0.3.1.1-alpha. + + o Major bugfixes (compression, zstd): + - Correctly detect a full buffer when decompessing a large + zstd-compressed input. Fixes bug 22628; bugfix on 0.3.1.1-alpha. + + o Major bugfixes (directory protocol): + - Ensure that we sent "304 Not modified" as HTTP status code when a + client is attempting to fetch a consensus or consensus diff that + matches the latest consensus we have available. Fixes bug 22702; + bugfix on 0.3.1.1-alpha. + + o Major bugfixes (entry guards): + - When starting with an old consensus, do not add new entry guards + unless the consensus is "reasonably live" (under 1 day old). Fixes + one root cause of bug 22400; bugfix on 0.3.0.1-alpha. + + o Minor features (bug mitigation, diagnostics, logging): + - Avoid an assertion failure, and log a better error message, + when unable to remove a file from the consensus cache on + Windows. Attempts to mitigate and diagnose bug 22752. + + o Minor features (compression, defensive programming): + - Detect and break out of infinite loops in our compression code. + We don't think that any such loops exist now, but it's best to be + safe. Closes ticket 22672. + + o Minor features (geoip): + - Update geoip and geoip6 to the June 8 2017 Maxmind GeoLite2 + Country database. + + o Minor bugfixes (compression): + - When compressing or decompressing a buffer, check for a failure to + create a compression object. Fixes bug 22626; bugfix on + 0.3.1.1-alpha. + - When decompressing a buffer, check for extra data after the end of + the compressed data. Fixes bug 22629; bugfix on 0.3.1.1-alpha. + - When decompressing an object received over an anonymous directory + connection, if we have already successfully decompressed it using an + acceptable compression method, do not reject it for looking like an + unacceptable compression method. Fixes part of bug 22670; bugfix on + 0.3.1.1-alpha. + - When serving directory votes compressed with zlib, + do not claim to have compressed them with zstd. Fixes bug 22669; + bugfix on 0.3.1.1-alpha. + - When spooling compressed data to an output buffer, don't try to + spool more data when there is no more data to spool and we are + not trying to flush the input. Previously, we would sometimes + launch compression requests with nothing to do, which interferes + with our 22672 checks. Fixes bug 22719; bugfix on 0.2.0.16-alpha. + + o Minor bugfixes (defensive programming, undefined behavior): + - Fix a memset() off the end of an array when packing cells. This + bug should be harmless in practice, since the corrupted bytes + are still in the same structure, and are always padding bytes, + ignored, or immediately overwritten, depending on compiler + behavior. Nevertheless, because the memset()'s purpose is to + make sure that any other cell-handling bugs can't expose bytes + to the network, we need to fix it. Fixes bug 22737; bugfix on + 0.2.4.11-alpha. Fixes CID 1401591. + + o Minor bugfixes (linux seccomp2 sandbox): + - Permit the fchmod system call, to avoid crashing on startup when + starting with the seccomp2 sandbox and an unexpected set of permissions + on the data directory or its contents. Fixes bug 22516; bugfix on + 0.2.5.4-alpha. + + o Minor bugfixes (logging, compression): + - When decompressing, do not warn if we fail to decompress using a + compression method that we merely guessed. Fixes part of + bug 22670; bugfix on 0.1.1.14-alpha. + - When decompressing, treat mismatch between content-encoding and + actual compression type as a protocol warning. Fixes part of bug + 22670; bugfix on 0.1.1.9-alpha. + + o Minor bugfixes (logging, relay): + - Downgrade "assigned_to_cpuworker failed" message to INFO-level + severity. In every case that can reach it, either a better warning + has already been logged, or no warning is warranted. Fixes bug 22356; + bugfix on 0.2.6.3-alpha. + + o Minor bugfixes (netflow padding logging): + - Demote a warn that was caused by libevent delays to info if + the padding is less than 4.5 seconds late, or notice if it is more + (4.5 seconds is the amount of time that a netflow record might + be emitted after, if we chose the maximum timeout). Fixes bug 22212; + bugfix on 0.3.1.1-alpha. + + o Minor bugfixes (process behavior): + - When exiting because of an error, always exit with a nonzero + exit status. Previously, we would fail to report an error in + our exit status in cases related to lockfile contention, + __OwningControllerProcess failure, and Ed25519 key + initialization. Fixes bug 22720; bugfix on versions + 0.2.1.6-alpha, 0.2.2.28-beta, and 0.2.7.2-alpha + respectively. Reported by "f55jwk4f"; patch from "huyvq". + + o Documentation: + - Add a manpage description for the key-pinning-journal file. + Closes ticket 22347. + - Correctly note that bandwidth accounting values are stored in the + state file, and the bw_accounting file is now obsolete. Closes + ticket 16082. + - Document more of the files in the Tor data directory, including + cached-extrainfo, secret_onion_key{,_ntor}.old, hidserv-stats, + approved-routers, sr-random, and diff-cache. + + o New dependencies: + - To build with zstd and lzma support, Tor now requires the + pkg-config tool at build time. (This requirement was new in + 0.3.1.1-alpha, but was not noted at the time. Noting it here to + close ticket 22623.) + + Changes in version 0.3.1.3-alpha - 2017-06-08 Tor 0.3.1.3-alpha fixes a pair of bugs that would allow an attacker to remotely crash a hidden service with an assertion failure. Anyone diff --git a/changes/bug16082 b/changes/bug16082 deleted file mode 100644 index 0f2f04f..0000000 --- a/changes/bug16082 +++ /dev/null @@ -1,4 +0,0 @@ - o Documentation: - - Correctly note that bandwidth accounting values are stored in the - state file, and the bw_accounting file is now obsolete. Closes - ticket 16082. diff --git a/changes/bug22212 b/changes/bug22212 deleted file mode 100644 index dc1604a..0000000 --- a/changes/bug22212 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (netflow padding logging): - - Demote a warn that was caused by libevent delays to info if - the padding is less than 4.5 seconds late, or notice if it is more - (4.5 seconds is the amount of time that a netflow record might - be emitted after, if we chose the maximum timeout). Fixes bug 22212; - bugfix on 0.3.1.1-alpha. diff --git a/changes/bug22347 b/changes/bug22347 deleted file mode 100644 index f98c19f..0000000 --- a/changes/bug22347 +++ /dev/null @@ -1,3 +0,0 @@ - o Documentation: - - Add a manpage description for the key-pinning-journal file. - Closes ticket 22347. diff --git a/changes/bug22356 b/changes/bug22356 deleted file mode 100644 index 0082b54..0000000 --- a/changes/bug22356 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (logging, relay): - - Downgrade "assigned_to_cpuworker failed" message to INFO-level - severity. In every case that can reach it, either a better warning - has already been logged, or no warning is warranted. Fixes bug 22356; - bugfix on 0.2.6.3-alpha. diff --git a/changes/bug22400_01 b/changes/bug22400_01 deleted file mode 100644 index 454c5f7..0000000 --- a/changes/bug22400_01 +++ /dev/null @@ -1,4 +0,0 @@ - o Major bugfixes (entry guards): - - When starting with an old consensus, do not add new entry guards - unless the consensus is "reasonably live" (under 1 day old). Fixes - one root cause of bug 22400; bugfix on 0.3.0.1-alpha. diff --git a/changes/bug22502_part1 b/changes/bug22502_part1 deleted file mode 100644 index bd95b7c..0000000 --- a/changes/bug22502_part1 +++ /dev/null @@ -1,12 +0,0 @@ - o Major bugfixes (compression, zstd): - - Correctly detect a full buffer when decompessing a large - zstd-compressed input. Fixes bug 22628; bugfix on 0.3.1.1-alpha. - - o Minor bugfixes (compression): - - When compressing or decompressing a buffer, check for a failure to - create a compression object. Fixes bug 22626; bugfix on - 0.3.1.1-alpha. - - - When decompressing a buffer, check for extra data after the end of - the compressed data. Fixes bug 22629; bugfix on 0.3.1.1-alpha. - diff --git a/changes/bug22516 b/changes/bug22516 deleted file mode 100644 index f024a3c..0000000 --- a/changes/bug22516 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (linux seccomp2 sandbox): - - Permit the fchmod system call, to avoid crashing on startup when - starting with the seccomp2 sandbox and an unexpected set of permissions - on the data directory or its contents. Fixes bug 22516; bugfix on - 0.2.5.4-alpha. diff --git a/changes/bug22669 b/changes/bug22669 deleted file mode 100644 index 804a39e..0000000 --- a/changes/bug22669 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (compression): - - When serving directory votes compressed with zlib, - do not claim to have compressed them with zstd. Fixes bug 22669; - bugfix on 0.3.1.1-alpha. diff --git a/changes/bug22670 b/changes/bug22670 deleted file mode 100644 index 4740327..0000000 --- a/changes/bug22670 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (logging, compression): - - When decompressing, do not warn if we fail to decompress using a - compression method that we merely guessed. Fixes part of - bug 22670; bugfix on 0.1.1.14-alpha. diff --git a/changes/bug22670_02 b/changes/bug22670_02 deleted file mode 100644 index 3e7a428..0000000 --- a/changes/bug22670_02 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (logging, compression): - - When decompressing, treat mismatch between content-encoding and - actual compression type as a protocol warning. Fixes part of bug - 22670; bugfix on 0.1.1.9-alpha. diff --git a/changes/bug22670_03 b/changes/bug22670_03 deleted file mode 100644 index 8a7aa49..0000000 --- a/changes/bug22670_03 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (compression): - - When decompressing an object received over an anonymous directory - connection, if we have already successfully decompressed it using an - acceptable compression method, do not reject it for looking like an - unacceptable compression method. Fixes part of bug 22670; bugfix on - 0.3.1.1-alpha. diff --git a/changes/bug22672 b/changes/bug22672 deleted file mode 100644 index ec66811..0000000 --- a/changes/bug22672 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features (compression, defensive programming): - - Detect and break out of infinite loops in our compression code. - We don't think that any such loops exist now, but it's best to be - safe. Closes ticket 22672. - diff --git a/changes/bug22702 b/changes/bug22702 deleted file mode 100644 index a2044c7..0000000 --- a/changes/bug22702 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes (directory protocol): - - Ensure that we sent "304 Not modified" as HTTP status code when a - client is attempting to fetch a consensus or consensus diff that - matches the latest consensus we have available. Fixes bug 22702; - bugfix on 0.3.1.1-alpha. diff --git a/changes/bug22719 b/changes/bug22719 deleted file mode 100644 index bfcda0a..0000000 --- a/changes/bug22719 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes (compression): - - When spooling compressed data to an output buffer, don't try to - spool more data when there is no more data to spool and we are - not trying to flush the input. Previously, we would sometimes - launch compression requests with nothing to do, which interferes - with our 22672 checks. Fixes bug 22719; bugfix on 0.2.0.16-alpha. - diff --git a/changes/bug22720 b/changes/bug22720 deleted file mode 100644 index 4893b57..0000000 --- a/changes/bug22720 +++ /dev/null @@ -1,9 +0,0 @@ - o Minor bugfixes (process behavior): - - When exiting because of an error, always exit with a nonzero - exit status. Previously, we would fail to report an error in - our exit status in cases related to lockfile contention, - __OwningControllerProcess failure, and Ed25519 key - initialization. Fixes bug 22720; bugfix on versions - 0.2.1.6-alpha, 0.2.2.28-beta, and 0.2.7.2-alpha - respectively. Reported by "f55jwk4f"; patch from "huyvq". - diff --git a/changes/bug22737 b/changes/bug22737 deleted file mode 100644 index f0de8e6..0000000 --- a/changes/bug22737 +++ /dev/null @@ -1,12 +0,0 @@ - o Minor bugfixes (defensive programming, undefined behavior): - - - Fix a memset() off the end of an array when packing cells. This - bug should be harmless in practice, since the corrupted bytes - are still in the same structure, and are always padding bytes, - ignored, or immediately overwritten, depending on compiler - behavior. Nevertheless, because the memset()'s purpose is to - make sure that any other cell-handling bugs can't expose bytes - to the network, we need to fix it. Fixes bug 22737; bugfix on - 0.2.4.11-alpha. Fixes CID 1401591. - - diff --git a/changes/bug22751 b/changes/bug22751 deleted file mode 100644 index 714525c..0000000 --- a/changes/bug22751 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes (compression): - - Fix crash in LZMA module, when the Sandbox is enabled, where - liblzma would allocate more than 16 MB of memory. We solve this - by bumping the mprotect() limit in the Sandbox module from 16 MB - to 20 MB. Fixes bug 22751; bugfix on 0.3.1.1-alpha. diff --git a/changes/diagnose_22752 b/changes/diagnose_22752 deleted file mode 100644 index b5bda05..0000000 --- a/changes/diagnose_22752 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (bug mitigation, diagnostics, logging): - - Avoid an assertion failure, and log a better error message, - when unable to remove a file from the consensus cache on - Windows. Attempts to mitigate and diagnose bug 22752. diff --git a/changes/geoip-june2017 b/changes/geoip-june2017 deleted file mode 100644 index 1001e8e..0000000 --- a/changes/geoip-june2017 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (geoip): - - Update geoip and geoip6 to the June 8 2017 Maxmind GeoLite2 - Country database. - diff --git a/changes/more-files b/changes/more-files deleted file mode 100644 index 861d6a3..0000000 --- a/changes/more-files +++ /dev/null @@ -1,4 +0,0 @@ - o Documentation: - - Document more of the files in the Tor data directory, including - cached-extrainfo, secret_onion_key{,_ntor}.old, hidserv-stats, - approved-routers, sr-random, and diff-cache. diff --git a/changes/new_requirement_pkgconfig b/changes/new_requirement_pkgconfig deleted file mode 100644 index 503ff58..0000000 --- a/changes/new_requirement_pkgconfig +++ /dev/null @@ -1,5 +0,0 @@ - o New dependencies: - - To build with zstd and lzma support, Tor now requires the - pkg-config tool at build time. (This requirement was new in - 0.3.1.1-alpha, but was not noted at the time. Noting it here to - close ticket 22623.)