This is an automated email from the git hooks/post-receive script.
dgoulet pushed a change to branch release-0.4.5 in repository tor.
from 98c9f25a61 Merge branch 'maint-0.4.5' into release-0.4.5 new f9acdd0630 Update geoip files to match ipfire location db, 2022/08/11. new 65ffb97c2f fallbackdir: Update list generated on August 11, 2022 new 6a566bd776 Merge branch 'maint-0.4.5' into release-0.4.5 new 3bebe3b3dd release: ChangeLog and ReleaseNotes for 0.4.5.13 new fb0e2c785d release: ChangeLog/ReleaseNotes fixes new 56152a1048 version: Bump version to 0.4.5.13 new 3cb21f5e8d Merge branch 'maint-0.4.5' into release-0.4.5
The 7 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference.
Summary of changes: ChangeLog | 67 + ReleaseNotes | 67 + changes/bug40472 | 6 - changes/bug40515 | 6 - changes/bug40645 | 5 - changes/clone3-sandbox | 3 - changes/ticket40579 | 3 - changes/ticket40581 | 4 - changes/ticket40601 | 4 - changes/ticket40604 | 5 - changes/ticket40623 | 4 - changes/ticket40649 | 4 - configure.ac | 4 +- contrib/win32build/tor-mingw.nsi.in | 2 +- src/app/config/fallback_dirs.inc | 987 +- src/config/geoip | 55637 +++++++++++++++++++++++----------- src/config/geoip6 | 18884 ++++++------ src/win32/orconfig.h | 2 +- 18 files changed, 47479 insertions(+), 28215 deletions(-) delete mode 100644 changes/bug40472 delete mode 100644 changes/bug40515 delete mode 100644 changes/bug40645 delete mode 100644 changes/clone3-sandbox delete mode 100644 changes/ticket40579 delete mode 100644 changes/ticket40581 delete mode 100644 changes/ticket40601 delete mode 100644 changes/ticket40604 delete mode 100644 changes/ticket40623 delete mode 100644 changes/ticket40649
This is an automated email from the git hooks/post-receive script.
dgoulet pushed a commit to branch release-0.4.5 in repository tor.
commit 6a566bd77604f9eb3660b8bead01b998c6957633 Merge: 98c9f25a61 65ffb97c2f Author: David Goulet dgoulet@torproject.org AuthorDate: Thu Aug 11 09:44:46 2022 -0400
Merge branch 'maint-0.4.5' into release-0.4.5
changes/fallbackdirs-2022-08-11 | 2 + changes/geoip-2022-08-11 | 3 + src/app/config/fallback_dirs.inc | 987 +- src/config/geoip | 55637 +++++++++++++++++++++++++------------ src/config/geoip6 | 18884 ++++++------- 5 files changed, 47346 insertions(+), 28167 deletions(-)
This is an automated email from the git hooks/post-receive script.
dgoulet pushed a commit to branch release-0.4.5 in repository tor.
commit 3bebe3b3ddc1d39cd3028697fbed8a378f2d986b Author: Tor CI Release no-email@torproject.org AuthorDate: Thu Aug 11 13:40:32 2022 +0000
release: ChangeLog and ReleaseNotes for 0.4.5.13 --- ChangeLog | 64 +++++++++++++++++++++++++++++++++++++++++ ReleaseNotes | 64 +++++++++++++++++++++++++++++++++++++++++ changes/bug40472 | 6 ---- changes/bug40515 | 6 ---- changes/bug40645 | 5 ---- changes/clone3-sandbox | 3 -- changes/fallbackdirs-2022-08-11 | 2 -- changes/geoip-2022-08-11 | 3 -- changes/ticket40579 | 3 -- changes/ticket40581 | 4 --- changes/ticket40601 | 4 --- changes/ticket40604 | 5 ---- changes/ticket40623 | 4 --- changes/ticket40649 | 4 --- 14 files changed, 128 insertions(+), 49 deletions(-)
diff --git a/ChangeLog b/ChangeLog index c157e2669a..258fbc03df 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,67 @@ +INSERT SUMMARY BLURP + +Changes in version 0.4.5.13 - 2022-08-11 + o Major bugfixes (relay): + - Remove OR connections btrack subsystem entries when the + connections closes normally. Before this, we would only close it + on error and thus leaking memory for each normal OR connections. + Fixes bug 40604; bugfix on 0.4.0.1-alpha. + - Stop sending TRUNCATED cell and instead close the circuits which + sends a DESTROY cell so every relay in the circuit path can stop + queuing cells. Fixes bug 40623; bugfix on 0.1.0.2-rc. + + o Minor features (fallbackdir): + - Regenerate fallback directories generated on August 11, 2022. + + o Minor features (geoip data): + - Update the geoip files to match the IPFire Location Database, as + retrieved on 2022/08/11. + + o Minor features (linux seccomp2 sandbox): + - Permit the clone3 syscall, which is apparently used in glibc-2.34 + and later. Closes ticket 40590. + + o Minor bugfixes (controller, path bias): + - When a circuit's path is specified, in full or in part, from the + controller API, do not count that circuit towards our path-bias + calculations. (Doing so was incorrect, since we cannot tell + whether the controller is selecting relays randomly.) Resolves a + "Bug" warning. Fixes bug 40515; bugfix on 0.2.4.10-alpha. + + o Minor bugfixes (defense in depth): + - Change a test in the netflow padding code to make it more + _obviously_ safe against remotely triggered crashes. (It was safe + against these before, but not obviously so.) Fixes bug 40645; + bugfix on 0.3.1.1-alpha. + + o Minor bugfixes (linux seccomp2 sandbox): + - Allow the rseq system call in the sandbox. This solves a crash + issue with glibc 2.35 on Linux. Patch from pmu-ipf. Fixes bug + 40601; bugfix on 0.3.5.11. + + o Minor bugfixes (metrics port, onion service): + - Fix the metrics with a port label to be unique. Before this, all + ports of an onion service would be on the same line which violates + the Prometheus rules of unique labels. Fixes bug 40581; bugfix + on 0.4.5.1-alpha. + + o Minor bugfixes (onion service, client): + - Fix a fatal assert due to a guard subsystem recursion triggered by + the onion service client. Fixes bug 40579; bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (performance, DoS): + - Fix one case of a not-especially viable denial-of-service attack + found by OSS-Fuzz in our consensus-diff parsing code. This attack + causes a lot small of memory allocations and then immediately + frees them: this is only slow when running with all the sanitizers + enabled. Fixes one case of bug 40472; bugfix on 0.3.1.1-alpha. + + o Minor bugfixes (relay): + - Do not propagate either forward or backward a DESTROY remote + reason when closing a circuit so to avoid a possible side channel. + Fixes bug 40649; bugfix on 0.1.2.4-alpha. + + Changes in version 0.4.5.12 - 2022-02-04 This version contains mostly minor bugfixes for which you can find the details below. The previous release (0.4.5.11) was suppose to update the diff --git a/ReleaseNotes b/ReleaseNotes index e6b292f900..cf7cbf4357 100644 --- a/ReleaseNotes +++ b/ReleaseNotes @@ -2,6 +2,70 @@ This document summarizes new features and bugfixes in each stable release of Tor. If you want to see more detailed descriptions of the changes in each development snapshot, see the ChangeLog file.
+INSERT SUMMARY BLURP + +Changes in version 0.4.5.13 - 2022-08-11 + o Major bugfixes (relay): + - Remove OR connections btrack subsystem entries when the + connections closes normally. Before this, we would only close it + on error and thus leaking memory for each normal OR connections. + Fixes bug 40604; bugfix on 0.4.0.1-alpha. + - Stop sending TRUNCATED cell and instead close the circuits which + sends a DESTROY cell so every relay in the circuit path can stop + queuing cells. Fixes bug 40623; bugfix on 0.1.0.2-rc. + + o Minor features (fallbackdir): + - Regenerate fallback directories generated on August 11, 2022. + + o Minor features (geoip data): + - Update the geoip files to match the IPFire Location Database, as + retrieved on 2022/08/11. + + o Minor features (linux seccomp2 sandbox): + - Permit the clone3 syscall, which is apparently used in glibc-2.34 + and later. Closes ticket 40590. + + o Minor bugfixes (controller, path bias): + - When a circuit's path is specified, in full or in part, from the + controller API, do not count that circuit towards our path-bias + calculations. (Doing so was incorrect, since we cannot tell + whether the controller is selecting relays randomly.) Resolves a + "Bug" warning. Fixes bug 40515; bugfix on 0.2.4.10-alpha. + + o Minor bugfixes (defense in depth): + - Change a test in the netflow padding code to make it more + _obviously_ safe against remotely triggered crashes. (It was safe + against these before, but not obviously so.) Fixes bug 40645; + bugfix on 0.3.1.1-alpha. + + o Minor bugfixes (linux seccomp2 sandbox): + - Allow the rseq system call in the sandbox. This solves a crash + issue with glibc 2.35 on Linux. Patch from pmu-ipf. Fixes bug + 40601; bugfix on 0.3.5.11. + + o Minor bugfixes (metrics port, onion service): + - Fix the metrics with a port label to be unique. Before this, all + ports of an onion service would be on the same line which violates + the Prometheus rules of unique labels. Fixes bug 40581; bugfix + on 0.4.5.1-alpha. + + o Minor bugfixes (onion service, client): + - Fix a fatal assert due to a guard subsystem recursion triggered by + the onion service client. Fixes bug 40579; bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (performance, DoS): + - Fix one case of a not-especially viable denial-of-service attack + found by OSS-Fuzz in our consensus-diff parsing code. This attack + causes a lot small of memory allocations and then immediately + frees them: this is only slow when running with all the sanitizers + enabled. Fixes one case of bug 40472; bugfix on 0.3.1.1-alpha. + + o Minor bugfixes (relay): + - Do not propagate either forward or backward a DESTROY remote + reason when closing a circuit so to avoid a possible side channel. + Fixes bug 40649; bugfix on 0.1.2.4-alpha. + + Changes in version 0.4.5.12 - 2022-02-04 This version contains mostly minor bugfixes for which you can find the details below. The previous release (0.4.5.11) was suppose to update the diff --git a/changes/bug40472 b/changes/bug40472 deleted file mode 100644 index d87c1dc2cc..0000000000 --- a/changes/bug40472 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (performance, DoS): - - Fix one case of a not-especially viable denial-of-service attack found - by OSS-Fuzz in our consensus-diff parsing code. This attack causes a - lot small of memory allocations and then immediately frees them: this - is only slow when running with all the sanitizers enabled. Fixes one - case of bug 40472; bugfix on 0.3.1.1-alpha. diff --git a/changes/bug40515 b/changes/bug40515 deleted file mode 100644 index d315e28411..0000000000 --- a/changes/bug40515 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (controller, path bias): - - When a circuit's path is specified, in full or in part, from the - controller API, do not count that circuit towards our path-bias - calculations. (Doing so was incorrect, since we cannot tell whether - the controller is selecting relays randomly.) Resolves a "Bug" - warning. Fixes bug 40515; bugfix on 0.2.4.10-alpha. diff --git a/changes/bug40645 b/changes/bug40645 deleted file mode 100644 index 044d5b67d2..0000000000 --- a/changes/bug40645 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (defense in depth): - - Change a test in the netflow padding code to make it more - _obviously_ safe against remotely triggered crashes. - (It was safe against these before, but not obviously so.) - Fixes bug 40645; bugfix on 0.3.1.1-alpha. diff --git a/changes/clone3-sandbox b/changes/clone3-sandbox deleted file mode 100644 index dac8fe72da..0000000000 --- a/changes/clone3-sandbox +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (linux seccomp2 sandbox): - - Permit the clone3 syscall, which is apparently used in glibc-2.34 and - later. Closes ticket 40590. diff --git a/changes/fallbackdirs-2022-08-11 b/changes/fallbackdirs-2022-08-11 deleted file mode 100644 index 21200700ad..0000000000 --- a/changes/fallbackdirs-2022-08-11 +++ /dev/null @@ -1,2 +0,0 @@ - o Minor features (fallbackdir): - - Regenerate fallback directories generated on August 11, 2022. diff --git a/changes/geoip-2022-08-11 b/changes/geoip-2022-08-11 deleted file mode 100644 index aad2392f1f..0000000000 --- a/changes/geoip-2022-08-11 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (geoip data): - - Update the geoip files to match the IPFire Location Database, - as retrieved on 2022/08/11. diff --git a/changes/ticket40579 b/changes/ticket40579 deleted file mode 100644 index e2558c1102..0000000000 --- a/changes/ticket40579 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (onion service, client): - - Fix a fatal assert due to a guard subsystem recursion triggered by the - onion service client. Fixes bug 40579; bugfix on 0.3.5.1-alpha. diff --git a/changes/ticket40581 b/changes/ticket40581 deleted file mode 100644 index 315215d8ed..0000000000 --- a/changes/ticket40581 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (metrics port, onion service): - - Fix the metrics with a port label to be unique. Before this, all ports of - an onion service would be on the same line which violates the Prometheus - rules of unique labels. Fixes bug 40581; bugfix on 0.4.5.1-alpha. diff --git a/changes/ticket40601 b/changes/ticket40601 deleted file mode 100644 index 529e3badfe..0000000000 --- a/changes/ticket40601 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (linux seccomp2 sandbox): - - Allow the rseq system call in the sandbox. This solves a crash issue with - glibc 2.35 on Linux. Patch from pmu-ipf. Fixes bug 40601; bugfix on - 0.3.5.11. diff --git a/changes/ticket40604 b/changes/ticket40604 deleted file mode 100644 index ec24a46e66..0000000000 --- a/changes/ticket40604 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes (relay): - - Remove OR connections btrack subsystem entries when the connections - closes normally. Before this, we would only close it on error and thus - leaking memory for each normal OR connections. Fixes bug 40604; bugfix - on 0.4.0.1-alpha. diff --git a/changes/ticket40623 b/changes/ticket40623 deleted file mode 100644 index d2a0e7eaad..0000000000 --- a/changes/ticket40623 +++ /dev/null @@ -1,4 +0,0 @@ - o Major bugfixes (relay): - - Stop sending TRUNCATED cell and instead close the circuits which sends a - DESTROY cell so every relay in the circuit path can stop queuing cells. - Fixes bug 40623; bugfix on 0.1.0.2-rc. diff --git a/changes/ticket40649 b/changes/ticket40649 deleted file mode 100644 index 28df58f106..0000000000 --- a/changes/ticket40649 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (relay): - - Do not propagate either forward or backward a DESTROY remote reason when - closing a circuit so to avoid a possible side channel. Fixes bug 40649; - bugfix on 0.1.2.4-alpha.
This is an automated email from the git hooks/post-receive script.
dgoulet pushed a commit to branch release-0.4.5 in repository tor.
commit fb0e2c785dc71019e73f161c88a56b1ab9a25af5 Author: David Goulet dgoulet@torproject.org AuthorDate: Thu Aug 11 10:13:35 2022 -0400
release: ChangeLog/ReleaseNotes fixes
Signed-off-by: David Goulet dgoulet@torproject.org --- ChangeLog | 35 +++++++++++++++++++---------------- ReleaseNotes | 35 +++++++++++++++++++---------------- 2 files changed, 38 insertions(+), 32 deletions(-)
diff --git a/ChangeLog b/ChangeLog index 258fbc03df..c6ab563bcf 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,14 +1,17 @@ -INSERT SUMMARY BLURP - Changes in version 0.4.5.13 - 2022-08-11 + This version contains two major fixes aimed at reducing memory pressure on + relays and possible side-channel. The rest of the fixes were backported for + stability or safety purposes. We strongly recommend to upgrade your relay to + this version or, ideally, to the latest stable of the 0.4.7.x series. + o Major bugfixes (relay): - - Remove OR connections btrack subsystem entries when the - connections closes normally. Before this, we would only close it - on error and thus leaking memory for each normal OR connections. - Fixes bug 40604; bugfix on 0.4.0.1-alpha. - - Stop sending TRUNCATED cell and instead close the circuits which - sends a DESTROY cell so every relay in the circuit path can stop - queuing cells. Fixes bug 40623; bugfix on 0.1.0.2-rc. + - Remove OR connections btrack subsystem entries when the connections + close normally. Before this, we would only remove the entry on error and + thus leaking memory for each normal OR connections. Fixes bug 40604; + bugfix on 0.4.0.1-alpha. + - Stop sending TRUNCATED cell and instead close the circuit from which we + received a DESTROY cell. This makes every relay in the circuit path to + stop queuing cells. Fixes bug 40623; bugfix on 0.1.0.2-rc.
o Minor features (fallbackdir): - Regenerate fallback directories generated on August 11, 2022. @@ -40,10 +43,10 @@ Changes in version 0.4.5.13 - 2022-08-11 40601; bugfix on 0.3.5.11.
o Minor bugfixes (metrics port, onion service): - - Fix the metrics with a port label to be unique. Before this, all - ports of an onion service would be on the same line which violates - the Prometheus rules of unique labels. Fixes bug 40581; bugfix - on 0.4.5.1-alpha. + - The MetricsPort line for an onion service with multiple ports are now + unique that is one line per port. Before this, all ports of an onion + service would be on the same line which violates the Prometheus rules of + unique labels. Fixes bug 40581; bugfix on 0.4.5.1-alpha.
o Minor bugfixes (onion service, client): - Fix a fatal assert due to a guard subsystem recursion triggered by @@ -57,9 +60,9 @@ Changes in version 0.4.5.13 - 2022-08-11 enabled. Fixes one case of bug 40472; bugfix on 0.3.1.1-alpha.
o Minor bugfixes (relay): - - Do not propagate either forward or backward a DESTROY remote - reason when closing a circuit so to avoid a possible side channel. - Fixes bug 40649; bugfix on 0.1.2.4-alpha. + - Do not propagate either forward or backward a DESTROY remote reason when + closing a circuit in order to avoid a possible side channel. Fixes bug + 40649; bugfix on 0.1.2.4-alpha.
Changes in version 0.4.5.12 - 2022-02-04 diff --git a/ReleaseNotes b/ReleaseNotes index cf7cbf4357..d3cee9341c 100644 --- a/ReleaseNotes +++ b/ReleaseNotes @@ -2,17 +2,20 @@ This document summarizes new features and bugfixes in each stable release of Tor. If you want to see more detailed descriptions of the changes in each development snapshot, see the ChangeLog file.
-INSERT SUMMARY BLURP - Changes in version 0.4.5.13 - 2022-08-11 + This version contains two major fixes aimed at reducing memory pressure on + relays and possible side-channel. The rest of the fixes were backported for + stability or safety purposes. We strongly recommend to upgrade your relay to + this version or, ideally, to the latest stable of the 0.4.7.x series. + o Major bugfixes (relay): - - Remove OR connections btrack subsystem entries when the - connections closes normally. Before this, we would only close it - on error and thus leaking memory for each normal OR connections. - Fixes bug 40604; bugfix on 0.4.0.1-alpha. - - Stop sending TRUNCATED cell and instead close the circuits which - sends a DESTROY cell so every relay in the circuit path can stop - queuing cells. Fixes bug 40623; bugfix on 0.1.0.2-rc. + - Remove OR connections btrack subsystem entries when the connections + close normally. Before this, we would only remove the entry on error and + thus leaking memory for each normal OR connections. Fixes bug 40604; + bugfix on 0.4.0.1-alpha. + - Stop sending TRUNCATED cell and instead close the circuit from which we + received a DESTROY cell. This makes every relay in the circuit path to + stop queuing cells. Fixes bug 40623; bugfix on 0.1.0.2-rc.
o Minor features (fallbackdir): - Regenerate fallback directories generated on August 11, 2022. @@ -44,10 +47,10 @@ Changes in version 0.4.5.13 - 2022-08-11 40601; bugfix on 0.3.5.11.
o Minor bugfixes (metrics port, onion service): - - Fix the metrics with a port label to be unique. Before this, all - ports of an onion service would be on the same line which violates - the Prometheus rules of unique labels. Fixes bug 40581; bugfix - on 0.4.5.1-alpha. + - The MetricsPort line for an onion service with multiple ports are now + unique that is one line per port. Before this, all ports of an onion + service would be on the same line which violates the Prometheus rules of + unique labels. Fixes bug 40581; bugfix on 0.4.5.1-alpha.
o Minor bugfixes (onion service, client): - Fix a fatal assert due to a guard subsystem recursion triggered by @@ -61,9 +64,9 @@ Changes in version 0.4.5.13 - 2022-08-11 enabled. Fixes one case of bug 40472; bugfix on 0.3.1.1-alpha.
o Minor bugfixes (relay): - - Do not propagate either forward or backward a DESTROY remote - reason when closing a circuit so to avoid a possible side channel. - Fixes bug 40649; bugfix on 0.1.2.4-alpha. + - Do not propagate either forward or backward a DESTROY remote reason when + closing a circuit in order to avoid a possible side channel. Fixes bug + 40649; bugfix on 0.1.2.4-alpha.
Changes in version 0.4.5.12 - 2022-02-04
This is an automated email from the git hooks/post-receive script.
dgoulet pushed a commit to branch release-0.4.5 in repository tor.
commit 3cb21f5e8de3fdd8fa7f331e7b9e93e594fdab95 Merge: fb0e2c785d 56152a1048 Author: David Goulet dgoulet@torproject.org AuthorDate: Thu Aug 11 10:17:35 2022 -0400
Merge branch 'maint-0.4.5' into release-0.4.5
configure.ac | 4 ++-- contrib/win32build/tor-mingw.nsi.in | 2 +- src/win32/orconfig.h | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-)
tor-commits@lists.torproject.org
-
gitolite role