From f96dc77b06413c96bc5cd5400a33f513db280979 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Thu, 14 Sep 2017 13:13:18 -0400 Subject: [PATCH] start assembling changelog for 0.2.9.12 --- ChangeLog | 123 ++++++++++++++++++++++++++++++++++++ changes/bug15582 | 4 -- changes/bug18100 | 5 -- changes/bug19025 | 4 -- changes/bug20059 | 3 - changes/bug20247 | 4 -- changes/bug21507 | 5 -- changes/bug21576 | 4 -- changes/bug22245 | 5 -- changes/bug22446 | 4 -- changes/bug22516 | 5 -- changes/bug22636 | 8 --- changes/bug22644 | 5 -- changes/bug22737 | 12 ---- changes/bug22789 | 7 -- changes/bug22797 | 4 -- changes/bug22801 | 5 -- changes/bug22838_028 | 5 -- changes/bug22915 | 3 - changes/bug22916_027 | 3 - changes/bug23030_029 | 7 -- changes/geoip-august2017 | 4 -- changes/geoip-july2017 | 4 -- changes/geoip-june2017 | 4 -- changes/geoip-september2017 | 4 -- changes/ticket19769 | 7 -- 26 files changed, 123 insertions(+), 125 deletions(-) delete mode 100644 changes/bug15582 delete mode 100644 changes/bug18100 delete mode 100644 changes/bug19025 delete mode 100644 changes/bug20059 delete mode 100644 changes/bug20247 delete mode 100644 changes/bug21507 delete mode 100644 changes/bug21576 delete mode 100644 changes/bug22245 delete mode 100644 changes/bug22446 delete mode 100644 changes/bug22516 delete mode 100644 changes/bug22636 delete mode 100644 changes/bug22644 delete mode 100644 changes/bug22737 delete mode 100644 changes/bug22789 delete mode 100644 changes/bug22797 delete mode 100644 changes/bug22801 delete mode 100644 changes/bug22838_028 delete mode 100644 changes/bug22915 delete mode 100644 changes/bug22916_027 delete mode 100644 changes/bug23030_029 delete mode 100644 changes/geoip-august2017 delete mode 100644 changes/geoip-july2017 delete mode 100644 changes/geoip-june2017 delete mode 100644 changes/geoip-september2017 delete mode 100644 changes/ticket19769 diff --git a/ChangeLog b/ChangeLog index 37e7dedca..448e4d612 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,126 @@ +Changes in version 0.2.9.12 - 2017-09-18 + BLURB + + o Major features (security, backport from 0.3.0.2-alpha): + - Change the algorithm used to decide DNS TTLs on client and server + side, to better resist DNS-based correlation attacks like the + DefecTor attack of Greschbach, Pulls, Roberts, Winter, and + Feamster. Now relays only return one of two possible DNS TTL + values, and clients are willing to believe DNS TTL values up to 3 + hours long. Closes ticket 19769. + + o Major bugfixes (crash, directory connections, backport from 0.3.0.5-rc): + - Fix a rare crash when sending a begin cell on a circuit whose + linked directory connection had already been closed. Fixes bug + 21576; bugfix on 0.2.9.3-alpha. Reported by Alec Muffett. + + o Major bugfixes (DNS, backport from 0.3.0.2-alpha): + - Fix a bug that prevented exit nodes from caching DNS records for + more than 60 seconds. Fixes bug 19025; bugfix on 0.2.4.7-alpha. + + o Major bugfixes (linux TPROXY support, backport from 0.3.1.1-alpha): + - Fix a typo that had prevented TPROXY-based transparent proxying + from working under Linux. Fixes bug 18100; bugfix on 0.2.6.3-alpha. + Patch from "d4fq0fQAgoJ". + + o Major bugfixes (openbsd, denial-of-service, backport from 0.3.1.5-alpha): + - Avoid an assertion failure bug affecting our implementation of + inet_pton(AF_INET6) on certain OpenBSD systems whose strtol() + handling of "0xfoo" differs from what we had expected. Fixes bug + 22789; bugfix on 0.2.3.8-alpha. Also tracked as TROVE-2017-007. + + o Minor features (code style, backport from 0.3.1.3-alpha): + - Add "Falls through" comments to our codebase, in order to silence + GCC 7's -Wimplicit-fallthrough warnings. Patch from Andreas + Stieger. Closes ticket 22446. + + o Minor features (geoip): + - Update geoip and geoip6 to the September 6 2017 Maxmind GeoLite2 + Country database. + + o Minor bugfixes (bandwidth accounting, backport from 0.3.1.1-alpha): + - Roll over monthly accounting at the configured hour and minute, + rather than always at 00:00. Fixes bug 22245; bugfix on 0.0.9rc1. + Found by Andrey Karpov with PVS-Studio. + + o Minor bugfixes (compilation, backport from 0.3.1.5-alpha): + - Suppress -Wdouble-promotion warnings with clang 4.0. Fixes bug 22915; + bugfix on 0.2.8.1-alpha. + - Fix warnings when building with libscrypt and openssl scrypt support + on Clang. Fixes bug 22916; bugfix on 0.2.7.2-alpha. + - When building with certain versions the mingw C header files, avoid + float-conversion warnings when calling the C functions isfinite(), + isnan(), and signbit(). Fixes bug 22801; bugfix on 0.2.8.1-alpha. + + o Minor bugfixes (compilation, backport from 0.3.1.7): + - Avoid compiler warnings in the unit tests for running tor_sscanf() + with wide string outputs. Fixes bug 15582; bugfix on 0.2.6.2-alpha. + + o Minor bugfixes (compilation, mingw, backport from 0.3.1.1-alpha): + - Backport a fix for an "unused variable" warning that appeared + in some versions of mingw. Fixes bug 22838; bugfix on + 0.2.8.1-alpha. + + o Minor bugfixes (controller, backport from 0.3.1.7): + - Do not crash when receiving a HSPOST command with an empty body. + Fixes part of bug 22644; bugfix on 0.2.7.1-alpha. + - Do not crash when receiving a POSTDESCRIPTOR command with an + empty body. Fixes part of bug 22644; bugfix on 0.2.0.1-alpha. + + o Minor bugfixes (coverity build support, backport from 0.3.1.5-alpha): + - Avoid Coverity build warnings related to our BUG() macro. By + default, Coverity treats BUG() as the Linux kernel does: an + instant abort(). We need to override that so our BUG() macro + doesn't prevent Coverity from analyzing functions that use it. + Fixes bug 23030; bugfix on 0.2.9.1-alpha. + + o Minor bugfixes (defensive programming, undefined behavior, backport from 0.3.1.4-alpha): + - Fix a memset() off the end of an array when packing cells. This + bug should be harmless in practice, since the corrupted bytes are + still in the same structure, and are always padding bytes, + ignored, or immediately overwritten, depending on compiler + behavior. Nevertheless, because the memset()'s purpose is to make + sure that any other cell-handling bugs can't expose bytes to the + network, we need to fix it. Fixes bug 22737; bugfix on + 0.2.4.11-alpha. Fixes CID 1401591. + + o Minor bugfixes (file limits, osx, backport from 0.3.1.5-alpha): + - When setting the maximum number of connections allowed by the OS, + always allow some extra file descriptors for other files. Fixes + bug 22797; bugfix on 0.2.0.10-alpha. + + o Minor bugfixes (linux seccomp2 sandbox, backport from 0.3.1.5-alpha): + - Avoid a sandbox failure when trying to re-bind to a socket and + mark it as IPv6-only. Fixes bug 20247; bugfix on 0.2.5.1-alpha. + + o Minor bugfixes (linux seccomp2 sandbox, backport from 0.3.1.4-alpha): + - Permit the fchmod system call, to avoid crashing on startup when + starting with the seccomp2 sandbox and an unexpected set of + permissions on the data directory or its contents. Fixes bug + 22516; bugfix on 0.2.5.4-alpha. + + o Minor bugfixes (relay, backport from 0.3.0.5-rc): + - Avoid a double-marked-circuit warning that could happen when we + receive DESTROY cells under heavy load. Fixes bug 20059; bugfix + on 0.1.0.1-rc. + + o Minor bugfixes (voting consistency, backport from 0.3.1.1-alpha): + - Reject version numbers with non-numeric prefixes (such as +, -, or + whitespace). Disallowing whitespace prevents differential version + parsing between POSIX-based and Windows platforms. Fixes bug 21507 + and part of 21508; bugfix on 0.0.8pre1. + + o Build features: + - Tor's repository now includes a Travis Continuous Integration (CI) + configuration file (.travis.yml). This is meant to help new + developers and contributors who fork Tor to a Github repository be + better able to test their changes, and understand what we expect + to pass. To use this new build feature, you must fork Tor to your + Github account, then go into the "Integrations" menu in the + repository settings for your fork and enable Travis, then push + your changes. Closes ticket 22636. + + Changes in version 0.2.9.11 - 2017-06-08 Tor 0.2.9.11 backports a fix for a bug that would allow an attacker to remotely crash a hidden service with an assertion failure. Anyone diff --git a/changes/bug15582 b/changes/bug15582 deleted file mode 100644 index 5ea6431cf..000000000 --- a/changes/bug15582 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (compilation): - - Avoid compiler warnings in the unit tests for running tor_sscanf() - with wide string outputs. Fixes bug 15582; bugfix on 0.2.6.2-alpha. - diff --git a/changes/bug18100 b/changes/bug18100 deleted file mode 100644 index cd3ba2c97..000000000 --- a/changes/bug18100 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes (linux TPROXY support): - - Fix a typo that had prevented TPROXY-based transparent proxying from - working under Linux. Fixes bug 18100; bugfix on 0.2.6.3-alpha. - Patch from "d4fq0fQAgoJ". - diff --git a/changes/bug19025 b/changes/bug19025 deleted file mode 100644 index 0f365f52b..000000000 --- a/changes/bug19025 +++ /dev/null @@ -1,4 +0,0 @@ - o Major bugfixes (DNS): - - Fix a bug that prevented exit nodes from caching DNS records for more - than 60 seconds. - Fixes bug 19025; bugfix on 0.2.4.7-alpha. diff --git a/changes/bug20059 b/changes/bug20059 deleted file mode 100644 index 091fab06d..000000000 --- a/changes/bug20059 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (relay): - - Avoid a double-marked-circuit warning that can happen when we receive - DESTROY cells under heavy load. Fixes bug 20059; bugfix on 0.1.0.1-rc. diff --git a/changes/bug20247 b/changes/bug20247 deleted file mode 100644 index 731cf0046..000000000 --- a/changes/bug20247 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (linux seccomp2 sandbox): - - Avoid a sandbox failure when trying to re-bind to a socket and mark - it as IPv6-only. Fixes bug 20247; bugfix on 0.2.5.1-alpha. - diff --git a/changes/bug21507 b/changes/bug21507 deleted file mode 100644 index f83e291b6..000000000 --- a/changes/bug21507 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (voting consistency): - - Reject version numbers with non-numeric prefixes (such as +, -, and - whitespace). Disallowing whitespace prevents differential version - parsing between POSIX-based and Windows platforms. - Fixes bug 21507 and part of 21508; bugfix on 0.0.8pre1. diff --git a/changes/bug21576 b/changes/bug21576 deleted file mode 100644 index 68d847119..000000000 --- a/changes/bug21576 +++ /dev/null @@ -1,4 +0,0 @@ - o Major bugfixes (crash, directory connections): - - Fix a rare crash when sending a begin cell on a circuit whose linked - directory connection has already been closed. Fixes bug 21576; - bugfix on Tor 0.2.9.3-alpha. Reported by alecmuffett. diff --git a/changes/bug22245 b/changes/bug22245 deleted file mode 100644 index 6ae18593e..000000000 --- a/changes/bug22245 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (bandwidth accounting): - - Roll over monthly accounting at the configured hour and minute, - rather than always at 00:00. - Fixes bug 22245; bugfix on 0.0.9rc1. - Found by Andrey Karpov with PVS-Studio. diff --git a/changes/bug22446 b/changes/bug22446 deleted file mode 100644 index eab65aac0..000000000 --- a/changes/bug22446 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (code style, backport from 0.3.1.3-alpha): - - Add "Falls through" comments to our codebase, in order to silence - GCC 7's -Wimplicit-fallthrough warnings. Patch from Andreas - Stieger. Closes ticket 22446. diff --git a/changes/bug22516 b/changes/bug22516 deleted file mode 100644 index f024a3c47..000000000 --- a/changes/bug22516 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (linux seccomp2 sandbox): - - Permit the fchmod system call, to avoid crashing on startup when - starting with the seccomp2 sandbox and an unexpected set of permissions - on the data directory or its contents. Fixes bug 22516; bugfix on - 0.2.5.4-alpha. diff --git a/changes/bug22636 b/changes/bug22636 deleted file mode 100644 index 770cac72e..000000000 --- a/changes/bug22636 +++ /dev/null @@ -1,8 +0,0 @@ - o Build features: - - Tor's repository now includes a Travis Continuous Integration (CI) - configuration file (.travis.yml). This is meant to help new developers and - contributors who fork Tor to a Github repository be better able to test - their changes, and understand what we expect to pass. To use this new build - feature, you must fork Tor to your Github account, then go into the - "Integrations" menu in the repository settings for your fork and enable - Travis, then push your changes. diff --git a/changes/bug22644 b/changes/bug22644 deleted file mode 100644 index 9b8742eda..000000000 --- a/changes/bug22644 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (controller): - - Do not crash when receiving a POSTDESCRIPTOR command with an - empty body. Fixes part of bug 22644; bugfix on 0.2.0.1-alpha. - - Do not crash when receiving a HSPOST command with an empty body. - Fixes part of bug 22644; bugfix on 0.2.7.1-alpha. diff --git a/changes/bug22737 b/changes/bug22737 deleted file mode 100644 index f0de8e6c4..000000000 --- a/changes/bug22737 +++ /dev/null @@ -1,12 +0,0 @@ - o Minor bugfixes (defensive programming, undefined behavior): - - - Fix a memset() off the end of an array when packing cells. This - bug should be harmless in practice, since the corrupted bytes - are still in the same structure, and are always padding bytes, - ignored, or immediately overwritten, depending on compiler - behavior. Nevertheless, because the memset()'s purpose is to - make sure that any other cell-handling bugs can't expose bytes - to the network, we need to fix it. Fixes bug 22737; bugfix on - 0.2.4.11-alpha. Fixes CID 1401591. - - diff --git a/changes/bug22789 b/changes/bug22789 deleted file mode 100644 index a65359284..000000000 --- a/changes/bug22789 +++ /dev/null @@ -1,7 +0,0 @@ - o Major bugfixes (openbsd, denial-of-service): - - Avoid an assertion failure bug affecting our implementation of - inet_pton(AF_INET6) on certain OpenBSD systems whose strtol() - handling of "0xfoo" differs from what we had expected. - Fixes bug 22789; bugfix on 0.2.3.8-alpha. Also tracked as - TROVE-2017-007. - diff --git a/changes/bug22797 b/changes/bug22797 deleted file mode 100644 index 619baaa40..000000000 --- a/changes/bug22797 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (file limits): - - When setting the maximum number of connections allowed by the OS, - always allow some extra file descriptors for other files. - Fixes bug 22797; bugfix on 0.2.0.10-alpha. diff --git a/changes/bug22801 b/changes/bug22801 deleted file mode 100644 index 7edc79bc8..000000000 --- a/changes/bug22801 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (compilation): - - When building with certain versions the mingw C header files, avoid - float-conversion warnings when calling the C functions isfinite(), - isnan(), and signbit(). Fixes bug 22801; bugfix on 0.2.8.1-alpha. - diff --git a/changes/bug22838_028 b/changes/bug22838_028 deleted file mode 100644 index 1d0a4fbfd..000000000 --- a/changes/bug22838_028 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (compilation, mingw, backport from 0.3.1.1-alpha): - - Backport a fix for an "unused variable" warning that appeared - in some versions of mingw. Fixes bug 22838; bugfix on - 0.2.8.1-alpha. - diff --git a/changes/bug22915 b/changes/bug22915 deleted file mode 100644 index 17a9c6018..000000000 --- a/changes/bug22915 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (compilation warnings): - - Suppress -Wdouble-promotion warnings with clang 4.0. Fixes bug 22915; - bugfix on 0.2.8.1-alpha. diff --git a/changes/bug22916_027 b/changes/bug22916_027 deleted file mode 100644 index 5cf99c7d1..000000000 --- a/changes/bug22916_027 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (Compilation): - - Fix warnings when building with libscrypt and openssl scrypt support - on Clang. Fixes bug 22916; bugfix on 0.2.7.2-alpha. diff --git a/changes/bug23030_029 b/changes/bug23030_029 deleted file mode 100644 index 89a1b507d..000000000 --- a/changes/bug23030_029 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes (coverity builds): - - Avoid Coverity build warnings related to our BUG() macro. By - default, Coverity treats BUG() as the Linux kernel does: an - instant abort(). We need to override that so our BUG() macro - doesn't prevent Coverity from analyzing functions that use it. - Fixes bug 23030; bugfix on 0.2.9.1-alpha. - diff --git a/changes/geoip-august2017 b/changes/geoip-august2017 deleted file mode 100644 index 2dab18a63..000000000 --- a/changes/geoip-august2017 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - Update geoip and geoip6 to the August 3 2017 Maxmind GeoLite2 - Country database. - diff --git a/changes/geoip-july2017 b/changes/geoip-july2017 deleted file mode 100644 index ed10369f1..000000000 --- a/changes/geoip-july2017 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - Update geoip and geoip6 to the July 4 2017 Maxmind GeoLite2 - Country database. - diff --git a/changes/geoip-june2017 b/changes/geoip-june2017 deleted file mode 100644 index 2ea7bf105..000000000 --- a/changes/geoip-june2017 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - Update geoip and geoip6 to the June 8 2017 Maxmind GeoLite2 - Country database. - diff --git a/changes/geoip-september2017 b/changes/geoip-september2017 deleted file mode 100644 index be01ff952..000000000 --- a/changes/geoip-september2017 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - Update geoip and geoip6 to the September 6 2017 Maxmind GeoLite2 - Country database. - diff --git a/changes/ticket19769 b/changes/ticket19769 deleted file mode 100644 index 9fc05c3e9..000000000 --- a/changes/ticket19769 +++ /dev/null @@ -1,7 +0,0 @@ - o Major features (security): - - Change the algorithm used to decide DNS TTLs on client and server side, - to better resist DNS-based correlation attacks like the DefecTor attack - of Greschbach, Pulls, Roberts, Winter, and Feamster). Now - relays only return one of two possible DNS TTL values, and clients - are willing to believe DNS TTL values up to 3 hours long. - Closes ticket 19769.