commit 0982d0136996179e1c4bcf26d2890e12301f6aad Author: Nick Mathewson nickm@torproject.org Date: Wed Jun 5 09:24:18 2019 -0400
Start a changelog for 0.4.1.2-alpha --- ChangeLog | 115 ++++++++++++++++++++++++++++++++++++++++++++++++++++ changes/bug29034 | 5 --- changes/bug29670 | 4 -- changes/bug29875 | 11 ----- changes/bug30286 | 4 -- changes/bug30316 | 4 -- changes/bug30561 | 6 --- changes/bug30614 | 4 -- changes/bug30629 | 6 --- changes/bug30646 | 4 -- changes/ticket26846 | 6 --- changes/ticket28878 | 11 ----- changes/ticket29617 | 4 -- changes/ticket29702 | 4 -- changes/ticket30150 | 4 -- changes/ticket30519 | 4 -- changes/ticket30539 | 4 -- changes/ticket30580 | 4 -- changes/ticket30628 | 5 --- 19 files changed, 115 insertions(+), 94 deletions(-)
diff --git a/ChangeLog b/ChangeLog index 86f39bfd7..f3eac65d5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,118 @@ +Changes in version 0.4.1.2-alpha - 2019-06-05 + Tor 0.4.1.2-alpha resolves numerous bugs--some of them from the previous + alpha, and some much older. It also contains minor testing improvements, + and an improvement to the security of our authenticated sendme + implementation. + + o Major bugfixes (bridges): + - Consider our directory information to have changed when our list of + bridges changes. Previously, Tor would not re-compute the status of its + directory information when bridges changed, and therefore would not + realize that it was no longer able to build circuits. Fixes part of bug + 29875. + - Do not count previously configured working bridges towards our total of + working bridges. Previously, when Tor's list of bridges changed, it + would think that the old bridges were still usable, and delay fetching + router descriptors for the new ones. Fixes part of bug 29875; bugfix + on 0.3.0.1-alpha. + + o Major bugfixes (Flow Control, SENDME): + - The decrement of the stream-level package window was done in a log_debug() + statement meaning that if the debug logs were not enabled, the decrement + would never happen and thus the window would be out of sync with the other + end point. Fixes bug 30628; bugfix on 0.4.1.1-alpha. + + o Major bugfixes (Onion service reachability): + - Properly clean up the introduction point map and associated state when + circuits change purpose from onion service circuits to pathbias, + measurement, or other circuit types. This should fix some instances of + introduction point failure. Fixes bug 29034; bugfix on 0.3.2.1-alpha. + + o Minor features (authenticated SENDME): + - Ensure that there is enough randomness on every circuit + to prevent an attacker from successfully predicting what SENDME cells + they will need to send: at a random interval, if we have not send + randomness already, leave some extra space at the end of a cell that + we can fill with random bytes. Closes ticket 26846. + + o Minor features (continuous integration): + - When running coverage builds on Travis, we now set TOR_TEST_RNG_SEED, + to avoid RNG-based coverage differences. + Part of ticket 28878. + + o Minor features (maintenance): + - Add a new "make autostyle" target that developers can use to + apply all automatic Tor style and consistency conversions to the + codebase. Closes ticket 30539. + + o Minor features (testing): + - The circuitpadding tests now use a reproducible RNG implementation, + so that if a test fails, we can learn why. Part of ticket 28878. + - Tor's tests now support an environment variable, TOR_TEST_RNG_SEED, + to set the RNG seed for tests that use a reproducible RNG. + Part of ticket 28878. + - When running tests in coverage mode, take additional care to make + our coverage deterministic, so that we can accurately track changes in + code coverage. Closes ticket 30519. + + o Minor bugfixes (configuration, proxies): + - Fix a bug that prevented us from supporting SOCKS5 proxies that want + authentication along with configured (but unused!) + ClientTransportPlugins. Fixes bug 29670; bugfix on 0.2.6.1-alpha. + + o Minor bugfixes (controller): + - POSTDESCRIPTOR requests should work again. Previously, they were + broken if a "purpose=" flag was specified. Fixes bug 30580; + bugfix on 0.4.1.1-alpha. + - Repair the HSFETCH command so that it works again. Previously, it + expected a body when it shouldn't have. Fixes bug 30646; bugfix on + 0.4.1.1-alpha. + + o Minor bugfixes (developer tooling): + - Fix pre-push hook to refrain from rejecting fixup and squash commits + when pushing to non-upstream git remote. Fixes bug 30286; bugfix on + 0.4.0.1-alpha. + + o Minor bugfixes (directory authority): + - Move the "bandwidth-file-headers" line in directory authority votes + so that it conforms to dir-spec.txt. Fixes bug 30316; bugfix on + 0.3.5.1-alpha. + + o Minor bugfixes (NetBSD): + - Fix usage of minherit() on NetBSD and other platforms that define + MAP_INHERIT_{ZERO,NONE} instead of INHERIT_{ZERO,NONE}. Fixes bug + 30614; bugfix on 0.4.0.2-alpha. Patch from Taylor Campbell. + + o Minor bugfixes (out-of-memory handler): + - When purging the DNS cache because of an out-of-memory condition, + try purging just the older entries at first. Previously, we would + purge the whole thing. Fixes bug 29617; bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (portability): + - Avoid crashing in our tor_vasprintf() implementation on systems that + define neither vasprintf() nor _vscprintf(). (This bug has been here + long enough that we question whether people are running Tor on such + systems, but we're applying the fix out of caution.) Fixes bug 30561; + bugfix on 0.2.8.2-alpha. Found and fixed by Tobias Stoeckmann. + + o Minor bugfixes (shutdown, libevent, memory safety): + - Avoid use-after-free bugs when shutting down, by making sure that we + shut down libevent only after shutting down all of its users. We + believe these are harmless in practice, since they only occur on the + shutdown path, and do not involve any attacker-controlled data. Fixes + bug 30629; bugfix on 0.4.1.1-alpha. + + o Minor bugfixes (static analysis): + - Fix several spurious Coverity warnings about the unit tests, to lower our + chances of missing any real warnings in the future. Fixes bug 30150; + bugfix on 0.3.5.1-alpha and various other Tor versions. + + o Testing: + - Specify torrc paths (with empty files) when launching tor in + integration tests; refrain from reading user and system torrcs. + Resolves issue 29702. + + Changes in version 0.4.1.1-alpha - 2019-05-22 This is the first alpha in the 0.4.1.x series. It introduces lightweight circuit padding to make some onion-service circuits harder diff --git a/changes/bug29034 b/changes/bug29034 deleted file mode 100644 index 816b61500..000000000 --- a/changes/bug29034 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes (Onion service reachability): - - Properly clean up the introduction point map and associated state when - circuits change purpose from onion service circuits to pathbias, - measurement, or other circuit types. This should fix some instances of - introduction point failure. Fixes bug 29034; bugfix on 0.3.2.1-alpha. diff --git a/changes/bug29670 b/changes/bug29670 deleted file mode 100644 index 288bbbf62..000000000 --- a/changes/bug29670 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (configuration, proxies): - - Fix a bug that prevented us from supporting SOCKS5 proxies that want - authentication along with configured (but unused!) - ClientTransportPlugins. Fixes bug 29670; bugfix on 0.2.6.1-alpha. diff --git a/changes/bug29875 b/changes/bug29875 deleted file mode 100644 index 58a1c871c..000000000 --- a/changes/bug29875 +++ /dev/null @@ -1,11 +0,0 @@ - o Major bugfixes (bridges): - - Do not count previously configured working bridges towards our total of - working bridges. Previously, when Tor's list of bridges changed, it - would think that the old bridges were still usable, and delay fetching - router descriptors for the new ones. Fixes part of bug 29875; bugfix - on 0.3.0.1-alpha. - - Consider our directory information to have changed when our list of - bridges changes. Previously, Tor would not re-compute the status of its - directory information when bridges changed, and therefore would not - realize that it was no longer able to build circuits. Fixes part of bug - 29875. diff --git a/changes/bug30286 b/changes/bug30286 deleted file mode 100644 index f2fc67a48..000000000 --- a/changes/bug30286 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (developer tooling): - - Fix pre-push hook to refrain from rejecting fixup and squash commits - when pushing to non-upstream git remote. Fixes bug 30286; bugfix on - 0.4.0.1-alpha. diff --git a/changes/bug30316 b/changes/bug30316 deleted file mode 100644 index 3e396318a..000000000 --- a/changes/bug30316 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (directory authority): - - Move the "bandwidth-file-headers" line in directory authority votes - so that it conforms to dir-spec.txt. Fixes bug 30316; bugfix on - 0.3.5.1-alpha. diff --git a/changes/bug30561 b/changes/bug30561 deleted file mode 100644 index afb3f02c6..000000000 --- a/changes/bug30561 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (portability): - - Avoid crashing in our tor_vasprintf() implementation on systems that - define neither vasprintf() nor _vscprintf(). (This bug has been here - long enough that we question whether people are running Tor on such - systems, but we're applying the fix out of caution.) Fixes bug 30561; - bugfix on 0.2.8.2-alpha. Found and fixed by Tobias Stoeckmann. diff --git a/changes/bug30614 b/changes/bug30614 deleted file mode 100644 index 9f904bd11..000000000 --- a/changes/bug30614 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (NetBSD): - - Fix usage of minherit() on NetBSD and other platforms that define - MAP_INHERIT_{ZERO,NONE} instead of INHERIT_{ZERO,NONE}. Fixes bug - 30614; bugfix on 0.4.0.2-alpha. Patch from Taylor Campbell. diff --git a/changes/bug30629 b/changes/bug30629 deleted file mode 100644 index 59fa96ee6..000000000 --- a/changes/bug30629 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (shutdown, libevent, memory safety): - - Avoid use-after-free bugs when shutting down, by making sure that we - shut down libevent only after shutting down all of its users. We - believe these are harmless in practice, since they only occur on the - shutdown path, and do not involve any attacker-controlled data. Fixes - bug 30629; bugfix on 0.4.1.1-alpha. diff --git a/changes/bug30646 b/changes/bug30646 deleted file mode 100644 index e95a54e3e..000000000 --- a/changes/bug30646 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (controller): - - Repair the HSFETCH command so that it works again. Previously, it - expected a body when it shouldn't have. Fixes bug 30646; bugfix on - 0.4.1.1-alpha. diff --git a/changes/ticket26846 b/changes/ticket26846 deleted file mode 100644 index a18e23179..000000000 --- a/changes/ticket26846 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor features (authenticated SENDME): - - Ensure that there is enough randomness on every circuit - to prevent an attacker from successfully predicting what SENDME cells - they will need to send: at a random interval, if we have not send - randomness already, leave some extra space at the end of a cell that - we can fill with random bytes. Closes ticket 26846. diff --git a/changes/ticket28878 b/changes/ticket28878 deleted file mode 100644 index 73ca47c72..000000000 --- a/changes/ticket28878 +++ /dev/null @@ -1,11 +0,0 @@ - o Minor features (testing): - - The circuitpadding tests now use a reproducible RNG implementation, - so that if a test fails, we can learn why. Part of ticket 28878. - - Tor's tests now support an environment variable, TOR_TEST_RNG_SEED, - to set the RNG seed for tests that use a reproducible RNG. - Part of ticket 28878. - - o Minor features (continuous integration): - - When running coverage builds on Travis, we now set TOR_TEST_RNG_SEED, - to avoid RNG-based coverage differences. - Part of ticket 28878. diff --git a/changes/ticket29617 b/changes/ticket29617 deleted file mode 100644 index 4d50ea962..000000000 --- a/changes/ticket29617 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (out-of-memory handler): - - When purging the DNS cache because of an out-of-memory condition, - try purging just the older entries at first. Previously, we would - purge the whole thing. Fixes bug 29617; bugfix on 0.3.5.1-alpha. diff --git a/changes/ticket29702 b/changes/ticket29702 deleted file mode 100644 index e1cc1f867..000000000 --- a/changes/ticket29702 +++ /dev/null @@ -1,4 +0,0 @@ - o Testing: - - Specify torrc paths (with empty files) when launching tor in - integration tests; refrain from reading user and system torrcs. - Resolves issue 29702. diff --git a/changes/ticket30150 b/changes/ticket30150 deleted file mode 100644 index 70808fa5d..000000000 --- a/changes/ticket30150 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (static analysis): - - Fix several spurious Coverity warnings about the unit tests, to lower our - chances of missing any real warnings in the future. Fixes bug 30150; - bugfix on 0.3.5.1-alpha and various other Tor versions. diff --git a/changes/ticket30519 b/changes/ticket30519 deleted file mode 100644 index efb25b929..000000000 --- a/changes/ticket30519 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (testing): - - When running tests in coverage mode, take additional care to make - our coverage deterministic, so that we can accurately track changes in - code coverage. Closes ticket 30519. diff --git a/changes/ticket30539 b/changes/ticket30539 deleted file mode 100644 index 8d105eacb..000000000 --- a/changes/ticket30539 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (maintenance): - - Add a new "make autostyle" target that developers can use to - apply all automatic Tor style and consistency conversions to the - codebase. Closes ticket 30539. diff --git a/changes/ticket30580 b/changes/ticket30580 deleted file mode 100644 index 9ff1a33e4..000000000 --- a/changes/ticket30580 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (controller): - - POSTDESCRIPTOR requests should work again. Previously, they were - broken if a "purpose=" flag was specified. Fixes bug 30580; - bugfix on 0.4.1.1-alpha. diff --git a/changes/ticket30628 b/changes/ticket30628 deleted file mode 100644 index 7128c5acf..000000000 --- a/changes/ticket30628 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes (Flow Control, SENDME): - - The decrement of the stream-level package window was done in a log_debug() - statement meaning that if the debug logs were not enabled, the decrement - would never happen and thus the window would be out of sync with the other - end point. Fixes bug 30628; bugfix on 0.4.1.1-alpha.