commit 0982d0136996179e1c4bcf26d2890e12301f6aad
parent ae490189f8fc5291152ce9a49b5b8a5b0e1ddf1a
Author: Nick Mathewson <nickm@torproject.org>
Date: Wed, 5 Jun 2019 09:24:18 -0400
Start a changelog for 0.4.1.2-alpha
Diffstat:
19 files changed, 115 insertions(+), 94 deletions(-)
diff --git a/ChangeLog b/ChangeLog
@@ -1,3 +1,118 @@
+Changes in version 0.4.1.2-alpha - 2019-06-05
+ Tor 0.4.1.2-alpha resolves numerous bugs--some of them from the previous
+ alpha, and some much older. It also contains minor testing improvements,
+ and an improvement to the security of our authenticated sendme
+ implementation.
+
+ o Major bugfixes (bridges):
+ - Consider our directory information to have changed when our list of
+ bridges changes. Previously, Tor would not re-compute the status of its
+ directory information when bridges changed, and therefore would not
+ realize that it was no longer able to build circuits. Fixes part of bug
+ 29875.
+ - Do not count previously configured working bridges towards our total of
+ working bridges. Previously, when Tor's list of bridges changed, it
+ would think that the old bridges were still usable, and delay fetching
+ router descriptors for the new ones. Fixes part of bug 29875; bugfix
+ on 0.3.0.1-alpha.
+
+ o Major bugfixes (Flow Control, SENDME):
+ - The decrement of the stream-level package window was done in a log_debug()
+ statement meaning that if the debug logs were not enabled, the decrement
+ would never happen and thus the window would be out of sync with the other
+ end point. Fixes bug 30628; bugfix on 0.4.1.1-alpha.
+
+ o Major bugfixes (Onion service reachability):
+ - Properly clean up the introduction point map and associated state when
+ circuits change purpose from onion service circuits to pathbias,
+ measurement, or other circuit types. This should fix some instances of
+ introduction point failure. Fixes bug 29034; bugfix on 0.3.2.1-alpha.
+
+ o Minor features (authenticated SENDME):
+ - Ensure that there is enough randomness on every circuit
+ to prevent an attacker from successfully predicting what SENDME cells
+ they will need to send: at a random interval, if we have not send
+ randomness already, leave some extra space at the end of a cell that
+ we can fill with random bytes. Closes ticket 26846.
+
+ o Minor features (continuous integration):
+ - When running coverage builds on Travis, we now set TOR_TEST_RNG_SEED,
+ to avoid RNG-based coverage differences.
+ Part of ticket 28878.
+
+ o Minor features (maintenance):
+ - Add a new "make autostyle" target that developers can use to
+ apply all automatic Tor style and consistency conversions to the
+ codebase. Closes ticket 30539.
+
+ o Minor features (testing):
+ - The circuitpadding tests now use a reproducible RNG implementation,
+ so that if a test fails, we can learn why. Part of ticket 28878.
+ - Tor's tests now support an environment variable, TOR_TEST_RNG_SEED,
+ to set the RNG seed for tests that use a reproducible RNG.
+ Part of ticket 28878.
+ - When running tests in coverage mode, take additional care to make
+ our coverage deterministic, so that we can accurately track changes in
+ code coverage. Closes ticket 30519.
+
+ o Minor bugfixes (configuration, proxies):
+ - Fix a bug that prevented us from supporting SOCKS5 proxies that want
+ authentication along with configured (but unused!)
+ ClientTransportPlugins. Fixes bug 29670; bugfix on 0.2.6.1-alpha.
+
+ o Minor bugfixes (controller):
+ - POSTDESCRIPTOR requests should work again. Previously, they were
+ broken if a "purpose=" flag was specified. Fixes bug 30580;
+ bugfix on 0.4.1.1-alpha.
+ - Repair the HSFETCH command so that it works again. Previously, it
+ expected a body when it shouldn't have. Fixes bug 30646; bugfix on
+ 0.4.1.1-alpha.
+
+ o Minor bugfixes (developer tooling):
+ - Fix pre-push hook to refrain from rejecting fixup and squash commits
+ when pushing to non-upstream git remote. Fixes bug 30286; bugfix on
+ 0.4.0.1-alpha.
+
+ o Minor bugfixes (directory authority):
+ - Move the "bandwidth-file-headers" line in directory authority votes
+ so that it conforms to dir-spec.txt. Fixes bug 30316; bugfix on
+ 0.3.5.1-alpha.
+
+ o Minor bugfixes (NetBSD):
+ - Fix usage of minherit() on NetBSD and other platforms that define
+ MAP_INHERIT_{ZERO,NONE} instead of INHERIT_{ZERO,NONE}. Fixes bug
+ 30614; bugfix on 0.4.0.2-alpha. Patch from Taylor Campbell.
+
+ o Minor bugfixes (out-of-memory handler):
+ - When purging the DNS cache because of an out-of-memory condition,
+ try purging just the older entries at first. Previously, we would
+ purge the whole thing. Fixes bug 29617; bugfix on 0.3.5.1-alpha.
+
+ o Minor bugfixes (portability):
+ - Avoid crashing in our tor_vasprintf() implementation on systems that
+ define neither vasprintf() nor _vscprintf(). (This bug has been here
+ long enough that we question whether people are running Tor on such
+ systems, but we're applying the fix out of caution.) Fixes bug 30561;
+ bugfix on 0.2.8.2-alpha. Found and fixed by Tobias Stoeckmann.
+
+ o Minor bugfixes (shutdown, libevent, memory safety):
+ - Avoid use-after-free bugs when shutting down, by making sure that we
+ shut down libevent only after shutting down all of its users. We
+ believe these are harmless in practice, since they only occur on the
+ shutdown path, and do not involve any attacker-controlled data. Fixes
+ bug 30629; bugfix on 0.4.1.1-alpha.
+
+ o Minor bugfixes (static analysis):
+ - Fix several spurious Coverity warnings about the unit tests, to lower our
+ chances of missing any real warnings in the future. Fixes bug 30150;
+ bugfix on 0.3.5.1-alpha and various other Tor versions.
+
+ o Testing:
+ - Specify torrc paths (with empty files) when launching tor in
+ integration tests; refrain from reading user and system torrcs.
+ Resolves issue 29702.
+
+
Changes in version 0.4.1.1-alpha - 2019-05-22
This is the first alpha in the 0.4.1.x series. It introduces
lightweight circuit padding to make some onion-service circuits harder
diff --git a/changes/bug29034 b/changes/bug29034
@@ -1,5 +0,0 @@
- o Major bugfixes (Onion service reachability):
- - Properly clean up the introduction point map and associated state when
- circuits change purpose from onion service circuits to pathbias,
- measurement, or other circuit types. This should fix some instances of
- introduction point failure. Fixes bug 29034; bugfix on 0.3.2.1-alpha.
diff --git a/changes/bug29670 b/changes/bug29670
@@ -1,4 +0,0 @@
- o Minor bugfixes (configuration, proxies):
- - Fix a bug that prevented us from supporting SOCKS5 proxies that want
- authentication along with configured (but unused!)
- ClientTransportPlugins. Fixes bug 29670; bugfix on 0.2.6.1-alpha.
diff --git a/changes/bug29875 b/changes/bug29875
@@ -1,11 +0,0 @@
- o Major bugfixes (bridges):
- - Do not count previously configured working bridges towards our total of
- working bridges. Previously, when Tor's list of bridges changed, it
- would think that the old bridges were still usable, and delay fetching
- router descriptors for the new ones. Fixes part of bug 29875; bugfix
- on 0.3.0.1-alpha.
- - Consider our directory information to have changed when our list of
- bridges changes. Previously, Tor would not re-compute the status of its
- directory information when bridges changed, and therefore would not
- realize that it was no longer able to build circuits. Fixes part of bug
- 29875.
diff --git a/changes/bug30286 b/changes/bug30286
@@ -1,4 +0,0 @@
- o Minor bugfixes (developer tooling):
- - Fix pre-push hook to refrain from rejecting fixup and squash commits
- when pushing to non-upstream git remote. Fixes bug 30286; bugfix on
- 0.4.0.1-alpha.
diff --git a/changes/bug30316 b/changes/bug30316
@@ -1,4 +0,0 @@
- o Minor bugfixes (directory authority):
- - Move the "bandwidth-file-headers" line in directory authority votes
- so that it conforms to dir-spec.txt. Fixes bug 30316; bugfix on
- 0.3.5.1-alpha.
diff --git a/changes/bug30561 b/changes/bug30561
@@ -1,6 +0,0 @@
- o Minor bugfixes (portability):
- - Avoid crashing in our tor_vasprintf() implementation on systems that
- define neither vasprintf() nor _vscprintf(). (This bug has been here
- long enough that we question whether people are running Tor on such
- systems, but we're applying the fix out of caution.) Fixes bug 30561;
- bugfix on 0.2.8.2-alpha. Found and fixed by Tobias Stoeckmann.
diff --git a/changes/bug30614 b/changes/bug30614
@@ -1,4 +0,0 @@
- o Minor bugfixes (NetBSD):
- - Fix usage of minherit() on NetBSD and other platforms that define
- MAP_INHERIT_{ZERO,NONE} instead of INHERIT_{ZERO,NONE}. Fixes bug
- 30614; bugfix on 0.4.0.2-alpha. Patch from Taylor Campbell.
diff --git a/changes/bug30629 b/changes/bug30629
@@ -1,6 +0,0 @@
- o Minor bugfixes (shutdown, libevent, memory safety):
- - Avoid use-after-free bugs when shutting down, by making sure that we
- shut down libevent only after shutting down all of its users. We
- believe these are harmless in practice, since they only occur on the
- shutdown path, and do not involve any attacker-controlled data. Fixes
- bug 30629; bugfix on 0.4.1.1-alpha.
diff --git a/changes/bug30646 b/changes/bug30646
@@ -1,4 +0,0 @@
- o Minor bugfixes (controller):
- - Repair the HSFETCH command so that it works again. Previously, it
- expected a body when it shouldn't have. Fixes bug 30646; bugfix on
- 0.4.1.1-alpha.
diff --git a/changes/ticket26846 b/changes/ticket26846
@@ -1,6 +0,0 @@
- o Minor features (authenticated SENDME):
- - Ensure that there is enough randomness on every circuit
- to prevent an attacker from successfully predicting what SENDME cells
- they will need to send: at a random interval, if we have not send
- randomness already, leave some extra space at the end of a cell that
- we can fill with random bytes. Closes ticket 26846.
diff --git a/changes/ticket28878 b/changes/ticket28878
@@ -1,11 +0,0 @@
- o Minor features (testing):
- - The circuitpadding tests now use a reproducible RNG implementation,
- so that if a test fails, we can learn why. Part of ticket 28878.
- - Tor's tests now support an environment variable, TOR_TEST_RNG_SEED,
- to set the RNG seed for tests that use a reproducible RNG.
- Part of ticket 28878.
-
- o Minor features (continuous integration):
- - When running coverage builds on Travis, we now set TOR_TEST_RNG_SEED,
- to avoid RNG-based coverage differences.
- Part of ticket 28878.
diff --git a/changes/ticket29617 b/changes/ticket29617
@@ -1,4 +0,0 @@
- o Minor bugfixes (out-of-memory handler):
- - When purging the DNS cache because of an out-of-memory condition,
- try purging just the older entries at first. Previously, we would
- purge the whole thing. Fixes bug 29617; bugfix on 0.3.5.1-alpha.
diff --git a/changes/ticket29702 b/changes/ticket29702
@@ -1,4 +0,0 @@
- o Testing:
- - Specify torrc paths (with empty files) when launching tor in
- integration tests; refrain from reading user and system torrcs.
- Resolves issue 29702.
diff --git a/changes/ticket30150 b/changes/ticket30150
@@ -1,4 +0,0 @@
- o Minor bugfixes (static analysis):
- - Fix several spurious Coverity warnings about the unit tests, to lower our
- chances of missing any real warnings in the future. Fixes bug 30150;
- bugfix on 0.3.5.1-alpha and various other Tor versions.
diff --git a/changes/ticket30519 b/changes/ticket30519
@@ -1,4 +0,0 @@
- o Minor features (testing):
- - When running tests in coverage mode, take additional care to make
- our coverage deterministic, so that we can accurately track changes in
- code coverage. Closes ticket 30519.
diff --git a/changes/ticket30539 b/changes/ticket30539
@@ -1,4 +0,0 @@
- o Minor features (maintenance):
- - Add a new "make autostyle" target that developers can use to
- apply all automatic Tor style and consistency conversions to the
- codebase. Closes ticket 30539.
diff --git a/changes/ticket30580 b/changes/ticket30580
@@ -1,4 +0,0 @@
- o Minor bugfixes (controller):
- - POSTDESCRIPTOR requests should work again. Previously, they were
- broken if a "purpose=" flag was specified. Fixes bug 30580;
- bugfix on 0.4.1.1-alpha.
diff --git a/changes/ticket30628 b/changes/ticket30628
@@ -1,5 +0,0 @@
- o Major bugfixes (Flow Control, SENDME):
- - The decrement of the stream-level package window was done in a log_debug()
- statement meaning that if the debug logs were not enabled, the decrement
- would never happen and thus the window would be out of sync with the other
- end point. Fixes bug 30628; bugfix on 0.4.1.1-alpha.
