Commit c2d5ec5e authored by Nick Mathewson's avatar Nick Mathewson 🥄
Browse files

Merge branch 'maint-0.4.2' into bug40076_042

parents c4742b89 cdb0e6c2
......@@ -158,14 +158,20 @@ uptime-*.json
# /src/lib
/src/lib/libcurve25519_donna.a
/src/lib/libtor-buf.a
/src/lib/libtor-buf-testing.a
/src/lib/libtor-compress.a
/src/lib/libtor-compress-testing.a
/src/lib/libtor-confmgt.a
/src/lib/libtor-confmgt-testing.a
/src/lib/libtor-container.a
/src/lib/libtor-container-testing.a
/src/lib/libtor-crypt-ops.a
/src/lib/libtor-crypt-ops-testing.a
/src/lib/libtor-ctime.a
/src/lib/libtor-ctime-testing.a
/src/lib/libtor-dispatch.a
/src/lib/libtor-dispatch-testing.a
/src/lib/libtor-encoding.a
/src/lib/libtor-encoding-testing.a
/src/lib/libtor-evloop.a
......@@ -198,6 +204,8 @@ uptime-*.json
/src/lib/libtor-osinfo-testing.a
/src/lib/libtor-process.a
/src/lib/libtor-process-testing.a
/src/lib/libtor-pubsub.a
/src/lib/libtor-pubsub-testing.a
/src/lib/libtor-sandbox.a
/src/lib/libtor-sandbox-testing.a
/src/lib/libtor-string.a
......@@ -213,6 +221,8 @@ uptime-*.json
/src/lib/libtor-tls.a
/src/lib/libtor-tls-testing.a
/src/lib/libtor-trace.a
/src/lib/libtor-version.a
/src/lib/libtor-version-testing.a
/src/lib/libtor-wallclock.a
/src/lib/libtor-wallclock-testing.a
......@@ -240,20 +250,22 @@ uptime-*.json
/src/test/test
/src/test/test-slow
/src/test/test-bt-cl
/src/test/test-child
/src/test/test-process
/src/test/test-memwipe
/src/test/test-ntor-cl
/src/test/test-hs-ntor-cl
/src/test/test-rng
/src/test/test-switch-id
/src/test/test-timers
/src/test/test_workqueue
/src/test/test.exe
/src/test/test-slow.exe
/src/test/test-bt-cl.exe
/src/test/test-child.exe
/src/test/test-process.exe
/src/test/test-ntor-cl.exe
/src/test/test-hs-ntor-cl.exe
/src/test/test-memwipe.exe
/src/test/test-rng.exe
/src/test/test-switch-id.exe
/src/test/test-timers.exe
/src/test/test_workqueue.exe
......
......@@ -29,6 +29,8 @@ env:
- HARDENING_OPTIONS="--enable-expensive-hardening"
## We turn off asciidoc by default, because it's slow
- ASCIIDOC_OPTIONS="--disable-asciidoc"
## Our default rust version is the minimum supported version
- RUST_VERSION="1.31.0"
## Turn off tor's sandbox in chutney, until we fix sandbox errors that are
## triggered by Ubuntu Xenial and Bionic. See #32722.
- CHUTNEY_TOR_SANDBOX="0"
......@@ -70,7 +72,7 @@ matrix:
- env: NSS_OPTIONS="--enable-nss" C_DIALECT_OPTIONS="-std=gnu99"
## We include a single coverage build with the best options for coverage
- env: COVERAGE_OPTIONS="--enable-coverage" HARDENING_OPTIONS=""
- env: COVERAGE_OPTIONS="--enable-coverage" HARDENING_OPTIONS="" TOR_TEST_RNG_SEED="636f766572616765"
## We clone our stem repo and run `make test-stem`
- env: TEST_STEM="yes" SKIP_MAKE_CHECK="yes"
......@@ -79,7 +81,7 @@ matrix:
## concurrent macOS jobs. We're not actively developing Rust, so it is
## the lowest priority.
## We run rust on macOS, because we have seen macOS rust failures before
#- env: RUST_OPTIONS="--enable-rust --enable-cargo-online-mode"
#- env: RUST_VERSION="nightly" RUST_OPTIONS="--enable-rust --enable-cargo-online-mode"
# compiler: clang
# os: osx
......@@ -96,7 +98,7 @@ matrix:
## Since this job is disabled, there's not much point having an exception
## for it
#- env: RUST_OPTIONS="--enable-rust --enable-cargo-online-mode"
#- env: RUST_VERSION="nightly" RUST_OPTIONS="--enable-rust --enable-cargo-online-mode"
# compiler: clang
# os: osx
......@@ -125,6 +127,7 @@ addons:
- libscrypt-dev
- libseccomp-dev
- libzstd-dev
- shellcheck
## Conditional build dependencies
## Always installed, so we don't need sudo
- asciidoc
......@@ -153,6 +156,7 @@ addons:
- pkg-config
## Optional build dependencies
- ccache
- shellcheck
## Conditional build dependencies
## Always installed, because manual brew installs are hard to get right
- asciidoc
......@@ -183,8 +187,8 @@ install:
- if [[ "$ASCIIDOC_OPTIONS" == "" ]] && [[ "$TRAVIS_OS_NAME" == "osx" ]]; then export XML_CATALOG_FILES="/usr/local/etc/xml/catalog"; fi
## If we're using Rust, download rustup
- if [[ "$RUST_OPTIONS" != "" ]]; then curl -Ssf -o rustup.sh https://sh.rustup.rs; fi
## Install the nightly channels of rustc and cargo and setup our toolchain environment
- if [[ "$RUST_OPTIONS" != "" ]]; then sh rustup.sh -y --default-toolchain nightly; fi
## Install the stable channels of rustc and cargo and setup our toolchain environment
- if [[ "$RUST_OPTIONS" != "" ]]; then sh rustup.sh -y --default-toolchain $RUST_VERSION; fi
- if [[ "$RUST_OPTIONS" != "" ]]; then source $HOME/.cargo/env; fi
## If we're testing rust builds in offline-mode, then set up our vendored dependencies
- if [[ "$TOR_RUST_DEPENDENCIES" == "true" ]]; then export TOR_RUST_DEPENDENCIES=$PWD/src/ext/rust/crates; fi
......@@ -209,6 +213,10 @@ install:
- if [[ "$CHUTNEY" != "" ]]; then pushd "$CHUTNEY_PATH"; git log -1 ; popd ; fi
## If we're running stem, show the stem version and commit
- if [[ "$TEST_STEM" != "" ]]; then pushd stem; python -c "from stem import stem; print(stem.__version__);"; git log -1; popd; fi
## We don't want Tor tests to depend on default configuration file at
## ~/.torrc. So we put some random bytes in there, to make sure we get build
## failures in case Tor is reading it during CI jobs.
- dd ibs=1 count=1024 if=/dev/urandom > ~/.torrc
script:
# Skip test_rebind on macOS
......
Changes in version 0.4.2.2-alpha - 2019-10-07
This release fixes several bugs from the previous alpha release, and
from earlier versions. It also includes a change in authorities, so
that they begin to reject the currently unsupported release series.
o Major features (directory authorities):
- Directory authorities now reject relays running all currently
deprecated release series. The currently supported release series
are: 0.2.9, 0.3.5, 0.4.0, 0.4.1, and 0.4.2. Closes ticket 31549.
o Major bugfixes (embedded Tor):
- Avoid a possible crash when restarting Tor in embedded mode and
enabling a different set of publish/subscribe messages. Fixes bug
31898; bugfix on 0.4.1.1-alpha.
o Major bugfixes (torrc parsing):
- Stop ignoring torrc options after an %include directive, when the
included directory ends with a file that does not contain any
config options (but does contain comments or whitespace). Fixes
bug 31408; bugfix on 0.3.1.1-alpha.
o Minor features (auto-formatting scripts):
- When annotating C macros, never generate a line that our check-
spaces script would reject. Closes ticket 31759.
- When annotating C macros, try to remove cases of double-negation.
Closes ticket 31779.
o Minor features (continuous integration):
- When building on Appveyor and Travis, pass the "-k" flag to make,
so that we are informed of all compilation failures, not just the
first one or two. Closes ticket 31372.
o Minor features (geoip):
- Update geoip and geoip6 to the October 1 2019 Maxmind GeoLite2
Country database. Closes ticket 31931.
o Minor features (maintenance scripts):
- Add a Coccinelle script to detect bugs caused by incrementing or
decrementing a variable inside a call to log_debug(). Since
log_debug() is a macro whose arguments are conditionally
evaluated, it is usually an error to do this. One such bug was
30628, in which SENDME cells were miscounted by a decrement
operator inside a log_debug() call. Closes ticket 30743.
o Minor features (onion services v3):
- Assist users who try to setup v2 client authorization in v3 onion
services by pointing them to the right documentation. Closes
ticket 28966.
o Minor bugfixes (Appveyor continuous integration):
- Avoid spurious errors when Appveyor CI fails before the install
step. Fixes bug 31884; bugfix on 0.3.4.2-alpha.
o Minor bugfixes (best practices tracker):
- When listing overbroad exceptions, do not also list problems, and
do not list insufficiently broad exceptions. Fixes bug 31338;
bugfix on 0.4.2.1-alpha.
o Minor bugfixes (controller protocol):
- Fix the MAPADDRESS controller command to accept one or more
arguments. Previously, it required two or more arguments, and
ignored the first. Fixes bug 31772; bugfix on 0.4.1.1-alpha.
o Minor bugfixes (logging):
- Add a missing check for HAVE_PTHREAD_H, because the backtrace code
uses mutexes. Fixes bug 31614; bugfix on 0.2.5.2-alpha.
- Disable backtrace signal handlers when shutting down tor. Fixes
bug 31614; bugfix on 0.2.5.2-alpha.
- Rate-limit our the logging message about the obsolete .exit
notation. Previously, there was no limit on this warning, which
could potentially be triggered many times by a hostile website.
Fixes bug 31466; bugfix on 0.2.2.1-alpha.
- When initialising log domain masks, only set known log domains.
Fixes bug 31854; bugfix on 0.2.1.1-alpha.
o Minor bugfixes (logging, protocol violations):
- Do not log a nonfatal assertion failure when receiving a VERSIONS
cell on a connection using the obsolete v1 link protocol. Log a
protocol_warn instead. Fixes bug 31107; bugfix on 0.2.4.4-alpha.
o Minor bugfixes (modules):
- Explain what the optional Directory Authority module is, and what
happens when it is disabled. Fixes bug 31825; bugfix
on 0.3.4.1-alpha.
o Minor bugfixes (multithreading):
- Avoid some undefined behaviour when freeing mutexes. Fixes bug
31736; bugfix on 0.0.7.
o Minor bugfixes (relay):
- Avoid crashing when starting with a corrupt keys directory where
the old ntor key and the new ntor key are identical. Fixes bug
30916; bugfix on 0.2.4.8-alpha.
o Minor bugfixes (tests, SunOS):
- Avoid a map_anon_nofork test failure due to a signed/unsigned
integer comparison. Fixes bug 31897; bugfix on 0.4.1.1-alpha.
o Code simplification and refactoring:
- Refactor connection_control_process_inbuf() to reduce the size of
a practracker exception. Closes ticket 31840.
- Refactor the microdescs_parse_from_string() function into smaller
pieces, for better comprehensibility. Closes ticket 31675.
- Use SEVERITY_MASK_IDX() to find the LOG_* mask indexes in the unit
tests and fuzzers, rather than using hard-coded values. Closes
ticket 31334.
- Interface for function `decrypt_desc_layer` cleaned up. Closes
ticket 31589.
o Documentation:
- Document the signal-safe logging behaviour in the tor man page.
Also add some comments to the relevant functions. Closes
ticket 31839.
- Explain why we can't destroy the backtrace buffer mutex. Explain
why we don't need to destroy the log mutex. Closes ticket 31736.
- The Tor source code repository now includes a (somewhat dated)
description of Tor's modular architecture, in doc/HACKING/design.
This is based on the old "tor-guts.git" repository, which we are
adopting and superseding. Closes ticket 31849.
Changes in version 0.4.1.6 - 2019-09-19
This release backports several bugfixes to improve stability and
correctness. Anyone experiencing build problems or crashes with 0.4.1.5,
or experiencing reliability issues with single onion services, should
upgrade.
o Major bugfixes (crash, Linux, Android, backport from 0.4.2.1-alpha):
- Tolerate systems (including some Android installations) where
madvise and MADV_DONTDUMP are available at build-time, but not at
run time. Previously, these systems would notice a failed syscall
and abort. Fixes bug 31570; bugfix on 0.4.1.1-alpha.
- Tolerate systems (including some Linux installations) where
madvise and/or MADV_DONTFORK are available at build-time, but not
at run time. Previously, these systems would notice a failed
syscall and abort. Fixes bug 31696; bugfix on 0.4.1.1-alpha.
o Minor features (stem tests, backport from 0.4.2.1-alpha):
- Change "make test-stem" so it only runs the stem tests that use
tor. This change makes test-stem faster and more reliable. Closes
ticket 31554.
o Minor bugfixes (build system, backport form 0.4.2.1-alpha):
- Do not include the deprecated <sys/sysctl.h> on Linux or Windows
systems. Fixes bug 31673; bugfix on 0.2.5.4-alpha.
o Minor bugfixes (compilation, backport from 0.4.2.1-alpha):
- Add more stub functions to fix compilation on Android with link-
time optimization when --disable-module-dirauth is used.
Previously, these compilation settings would make the compiler
look for functions that didn't exist. Fixes bug 31552; bugfix
on 0.4.1.1-alpha.
- Suppress spurious float-conversion warnings from GCC when calling
floating-point classifier functions on FreeBSD. Fixes part of bug
31687; bugfix on 0.3.1.5-alpha.
o Minor bugfixes (controller protocol):
- Fix the MAPADDRESS controller command to accept one or more
arguments. Previously, it required two or more arguments, and ignored
the first. Fixes bug 31772; bugfix on 0.4.1.1-alpha.
o Minor bugfixes (guards, backport from 0.4.2.1-alpha):
- When tor is missing descriptors for some primary entry guards,
make the log message less alarming. It's normal for descriptors to
expire, as long as tor fetches new ones soon after. Fixes bug
31657; bugfix on 0.3.3.1-alpha.
o Minor bugfixes (logging, backport from 0.4.2.1-alpha):
- Change log level of message "Hash of session info was not as
expected" to LOG_PROTOCOL_WARN. Fixes bug 12399; bugfix
on 0.1.1.10-alpha.
o Minor bugfixes (rust, backport from 0.4.2.1-alpha):
- Correctly exclude a redundant rust build job in Travis. Fixes bug
31463; bugfix on 0.3.5.4-alpha.
o Minor bugfixes (v2 single onion services, backport from 0.4.2.1-alpha):
- Always retry v2 single onion service intro and rend circuits with
a 3-hop path. Previously, v2 single onion services used a 3-hop
path when rendezvous circuits were retried after a remote or
delayed failure, but a 1-hop path for immediate retries. Fixes bug
23818; bugfix on 0.2.9.3-alpha.
o Minor bugfixes (v3 single onion services, backport from 0.4.2.1-alpha):
- Always retry v3 single onion service intro and rend circuits with
a 3-hop path. Previously, v3 single onion services used a 3-hop
path when rend circuits were retried after a remote or delayed
failure, but a 1-hop path for immediate retries. Fixes bug 23818;
bugfix on 0.3.2.1-alpha.
- Make v3 single onion services fall back to a 3-hop intro, when all
intro points are unreachable via a 1-hop path. Previously, v3
single onion services failed when all intro nodes were unreachable
via a 1-hop path. Fixes bug 23507; bugfix on 0.3.2.1-alpha.
o Documentation (backport from 0.4.2.1-alpha):
- Use RFC 2397 data URL scheme to embed an image into tor-exit-
notice.html so that operators no longer have to host it
themselves. Closes ticket 31089.
Changes in version 0.4.2.1-alpha - 2019-09-17
This is the first alpha release in the 0.4.2.x series. It adds new
defenses for denial-of-service attacks against onion services. It also
includes numerous kinds of bugfixes and refactoring to help improve
Tor's stability and ease of development.
o Major features (onion service v3, denial of service):
- Add onion service introduction denial of service defenses. Intro
points can now rate-limit client introduction requests, using
parameters that can be sent by the service within the
ESTABLISH_INTRO cell. If the cell extension for this is not used,
the intro point will honor the consensus parameters. Closes
ticket 30924.
o Major bugfixes (circuit build, guard):
- When considering upgrading circuits from "waiting for guard" to
"open", always ignore circuits that are marked for close.
Previously we could end up in the situation where a subsystem is
notified of a circuit opening, but the circuit is still marked for
close, leading to undesirable behavior. Fixes bug 30871; bugfix
on 0.3.0.1-alpha.
o Major bugfixes (crash, Linux, Android):
- Tolerate systems (including some Android installations) where
madvise and MADV_DONTDUMP are available at build-time, but not at
run time. Previously, these systems would notice a failed syscall
and abort. Fixes bug 31570; bugfix on 0.4.1.1-alpha.
- Tolerate systems (including some Linux installations) where
madvise and/or MADV_DONTFORK are available at build-time, but not
at run time. Previously, these systems would notice a failed
syscall and abort. Fixes bug 31696; bugfix on 0.4.1.1-alpha.
o Minor features (best practices tracker):
- Our best-practices tracker now integrates with our include-checker
tool to keep track of how many layering violations we have not yet
fixed. We hope to reduce this number over time to improve Tor's
modularity. Closes ticket 31176.
- Add a TOR_PRACTRACKER_OPTIONS variable for passing arguments to
practracker from the environment. We may want this for continuous
integration. Closes ticket 31309.
- Give a warning rather than an error when a practracker exception
is violated by a small amount, add a --list-overbroad option to
practracker that lists exceptions that are stricter than they need
to be, and provide an environment variable for disabling
practracker. Closes ticket 30752.
- Our best-practices tracker now looks at headers as well as C
files. Closes ticket 31175.
o Minor features (build system):
- Add --disable-manpage and --disable-html-manual options to
configure script. This will enable shortening build times by not
building documentation. Resolves issue 19381.
o Minor features (compilation):
- Log a more useful error message when we are compiling and one of
the compile-time hardening options we have selected can be linked
but not executed. Closes ticket 27530.
o Minor features (configuration):
- The configuration code has been extended to allow splitting
configuration data across multiple objects. Previously, all
configuration data needed to be kept in a single object, which
tended to become bloated. Closes ticket 31240.
o Minor features (continuous integration):
- When running CI builds on Travis, put some random data in
~/.torrc, to make sure no tests are reading the Tor configuration
file from its default location. Resolves issue 30102.
o Minor features (debugging):
- Log a nonfatal assertion failure if we encounter a configuration
line whose command is "CLEAR" but which has a nonempty value. This
should be impossible, according to the rules of our configuration
line parsing. Closes ticket 31529.
o Minor features (git hooks):
- Our pre-commit git hook now checks for a special file before
running practracker, so that practracker only runs on branches
that are based on master. Since the pre-push hook calls the pre-
commit hook, practracker will also only run before pushes of
branches based on master. Closes ticket 30979.
o Minor features (git scripts):
- Add a "--" command-line argument, to separate git-push-all.sh
script arguments from arguments that are passed through to git
push. Closes ticket 31314.
- Add a -r <remote-name> argument to git-push-all.sh, so the script
can push test branches to a personal remote. Closes ticket 31314.
- Add a -t <test-branch-prefix> argument to git-merge-forward.sh and
git-push-all.sh, which makes these scripts create, merge forward,
and push test branches. Closes ticket 31314.
- Add a -u argument to git-merge-forward.sh, so that the script can
re-use existing test branches after a merge failure and fix.
Closes ticket 31314.
- Add a TOR_GIT_PUSH env var, which sets the default git push
command and arguments for git-push-all.sh. Closes ticket 31314.
- Add a TOR_PUSH_DELAY variable to git-push-all.sh, which makes the
script push master and maint branches with a delay between each
branch. These delays trigger the CI jobs in a set order, which
should show the most likely failures first. Also make pushes
atomic by default, and make the script pass any command-line
arguments to git push. Closes ticket 29879.
- Call the shellcheck script from the pre-commit hook. Closes
ticket 30967.
- Skip pushing test branches that are the same as a remote
maint/release/master branch in git-push-all.sh by default. Add a
-s argument, so git-push-all.sh can push all test branches. Closes
ticket 31314.
o Minor features (IPv6, logging):
- Log IPv6 addresses as well as IPv4 addresses when describing
routerinfos, routerstatuses, and nodes. Closes ticket 21003.
o Minor features (onion service v3):
- Do not allow single hop clients to fetch or post an HS descriptor
from an HSDir. Closes ticket 24964.
o Minor features (onion service):
- Disallow single-hop clients at the introduction point. We've
removed Tor2web support a while back and single-hop rendezvous
attempts are blocked at the relays. This change should remove load
off the network from spammy clients. Close ticket 24963.
o Minor features (stem tests):
- Change "make test-stem" so it only runs the stem tests that use
tor. This change makes test-stem faster and more reliable. Closes
ticket 31554.
o Minor features (testing):
- Add a script to invoke "tor --dump-config" and "tor
--verify-config" with various configuration options, and see
whether tor's resulting configuration or error messages are what
we expect. Use it for integration testing of our +Option and
/Option flags. Closes ticket 31637.
- Improve test coverage for our existing configuration parsing and
management API. Closes ticket 30893.
- Add integration tests to make sure that practracker gives the
outputs we expect. Closes ticket 31477.
- The practracker self-tests are now run as part of the Tor test
suite. Closes ticket 31304.
o Minor features (token bucket):
- Implement a generic token bucket that uses a single counter, for
use in anti-DoS onion service work. Closes ticket 30687.
o Minor bugfixes (best practices tracker):
- Fix a few issues in the best-practices script, including tests,
tab tolerance, error reporting, and directory-exclusion logic.
Fixes bug 29746; bugfix on 0.4.1.1-alpha.
- When running check-best-practices, only consider files in the src
subdirectory. Previously we had recursively considered all
subdirectories, which made us get confused by the temporary
directories made by "make distcheck". Fixes bug 31578; bugfix
on 0.4.1.1-alpha.
o Minor bugfixes (build system):
- Do not include the deprecated <sys/sysctl.h> on Linux or Windows
systems. Fixes bug 31673; bugfix on 0.2.5.4-alpha.
o Minor bugfixes (chutney, makefiles, documentation):
- "make test-network-all" now shows the warnings from each test-
network.sh run on the console, so developers see new warnings
early. We've also improved the documentation for this feature, and
renamed a Makefile variable so the code is self-documenting. Fixes
bug 30455; bugfix on 0.3.0.4-rc.
o Minor bugfixes (compilation):
- Add more stub functions to fix compilation on Android with link-
time optimization when --disable-module-dirauth is used.
Previously, these compilation settings would make the compiler
look for functions that didn't exist. Fixes bug 31552; bugfix
on 0.4.1.1-alpha.
- Suppress spurious float-conversion warnings from GCC when calling
floating-point classifier functions on FreeBSD. Fixes part of bug
31687; bugfix on 0.3.1.5-alpha.
o Minor bugfixes (configuration):
- Invalid floating-point values in the configuration file are now
treated as errors in the configuration. Previously, they were
ignored and treated as zero. Fixes bug 31475; bugfix on 0.0.1.
o Minor bugfixes (coverity):
- Add an assertion when parsing a BEGIN cell so that coverity can be
sure that we are not about to dereference a NULL address. Fixes
bug 31026; bugfix on 0.2.4.7-alpha. This is CID 1447296.
- In our siphash implementation, when building for coverity, use
memcpy in place of a switch statement, so that coverity can tell
we are not accessing out-of-bounds memory. Fixes bug 31025; bugfix
on 0.2.8.1-alpha. This is tracked as CID 1447293 and 1447295.
- Fix several coverity warnings from our unit tests. Fixes bug
31030; bugfix on 0.2.4.1-alpha, 0.3.2.1-alpha, and 0.4.0.1-alpha.
o Minor bugfixes (developer tooling):
- Only log git script changes in the post-merge script when the
merge was to the master branch. Fixes bug 31040; bugfix
on 0.4.1.1-alpha.
o Minor bugfixes (directory authorities):
- Return a distinct status when formatting annotations fails. Fixes
bug 30780; bugfix on 0.2.0.8-alpha.
o Minor bugfixes (error handling):
- On abort, try harder to flush the output buffers of log messages.
On some platforms (macOS), log messages could be discarded when
the process terminates. Fixes bug 31571; bugfix on 0.3.5.1-alpha.
- Report the tor version whenever an assertion fails. Previously, we
only reported the Tor version on some crashes, and some non-fatal
assertions. Fixes bug 31571; bugfix on 0.3.5.1-alpha.
- When tor aborts due to an error, close log file descriptors before
aborting. Closing the logs makes some OSes flush log file buffers,
rather than deleting buffered log lines. Fixes bug 31594; bugfix
on 0.2.5.2-alpha.
o Minor bugfixes (FreeBSD, PF-based proxy, IPv6):
- When extracting an IPv6 address from a PF-based proxy, verify that
we are actually configured to receive an IPv6 address, and log an
internal error if not. Fixes part of bug 31687; bugfix
on 0.2.3.4-alpha.
o Minor bugfixes (git hooks):
- Remove a duplicate call to practracker from the pre-push hook. The
pre-push hook already calls the pre-commit hook, which calls
practracker. Fixes bug 31462; bugfix on 0.4.1.1-alpha.
o Minor bugfixes (git scripts):
- Stop hard-coding the bash path in the git scripts. Some OSes don't
have bash in /usr/bin, others have an ancient bash at this path.
Fixes bug 30840; bugfix on 0.4.0.1-alpha.
- Stop hard-coding the tor master branch name and worktree path in
the git scripts. Fixes bug 30841; bugfix on 0.4.0.1-alpha.
- Allow git-push-all.sh to be run from any directory. Previously,
the script only worked if run from an upstream worktree directory.
Closes ticket 31678.
o Minor bugfixes (guards):
- When tor is missing descriptors for some primary entry guards,
make the log message less alarming. It's normal for descriptors to
expire, as long as tor fetches new ones soon after. Fixes bug
31657; bugfix on 0.3.3.1-alpha.
o Minor bugfixes (ipv6):
- Check for private IPv6 addresses alongside their IPv4 equivalents
when authorities check descriptors. Previously, we only checked
for private IPv4 addresses. Fixes bug 31088; bugfix on
0.2.3.21-rc. Patch by Neel Chauhan.
- When parsing microdescriptors, we should check the IPv6 exit
policy alongside IPv4. Previously, we checked both exit policies
for only router info structures, while microdescriptors were
IPv4-only. Fixes bug 27284; bugfix on 0.2.3.1-alpha. Patch by
Neel Chauhan.
o Minor bugfixes (logging):
- Change log level of message "Hash of session info was not as
expected" to LOG_PROTOCOL_WARN. Fixes bug 12399; bugfix
on 0.1.1.10-alpha.
- Fix a code issue that would have broken our parsing of log domains
as soon as we had 33 of them. Fortunately, we still only have 29.
Fixes bug 31451; bugfix on 0.4.1.4-rc.
o Minor bugfixes (memory management):
- Stop leaking a small amount of memory in nt_service_install(), in
unreachable code. Fixes bug 30799; bugfix on 0.2.0.7-alpha. Patch
by Xiaoyin Liu.
o Minor bugfixes (networking, IP addresses):
- When parsing addresses via Tor's internal DNS lookup API, reject
IPv4 addresses in square brackets, and accept IPv6 addresses in
square brackets. This change completes the work started in 23082,
making address parsing consistent between tor's internal DNS
lookup and address parsing APIs. Fixes bug 30721; bugfix
on 0.2.1.5-alpha.
- When parsing addresses via Tor's internal address:port parsing and
DNS lookup APIs, require IPv6 addresses with ports to have square
brackets. But allow IPv6 addresses without ports, whether or not
they have square brackets. Fixes bug 30721; bugfix
on 0.2.1.5-alpha.
o Minor bugfixes (onion service v3):
- When purging the client descriptor cache, close any introduction
point circuits associated with purged cache entries. This avoids
picking those circuits later when connecting to the same
introduction points. Fixes bug 30921; bugfix on 0.3.2.1-alpha.
o Minor bugfixes (onion services):
- In the hs_ident_circuit_t data structure, remove the unused field
circuit_type and the respective argument in hs_ident_circuit_new().
This field was set by clients (for introduction) and services (for
introduction and rendezvous) but was never used afterwards. Fixes
bug 31490; bugfix on 0.3.2.1-alpha. Patch by Neel Chauhan.
o Minor bugfixes (operator tools):
- Make tor-print-ed-signing-cert(1) print certificate expiration
date in RFC 1123 and UNIX timestamp formats, to make output
machine readable. Fixes bug 31012; bugfix on 0.3.5.1-alpha.
o Minor bugfixes (rust):
- Correctly exclude a redundant rust build job in Travis. Fixes bug
31463; bugfix on 0.3.5.4-alpha.
- Raise the minimum rustc version to 1.31.0, as checked by configure
and CI. Fixes bug 31442; bugfix on 0.3.5.4-alpha.
o Minor bugfixes (sendme, code structure):
- Rename the trunnel SENDME file definition from sendme.trunnel to
sendme_cell.trunnel to avoid having twice sendme.{c|h} in the
repository. Fixes bug 30769; bugfix on 0.4.1.1-alpha.
o Minor bugfixes (statistics):
- Stop removing the ed25519 signature if the extra info file is too
big. If the signature data was removed, but the keyword was kept,
this could result in an unparseable extra info file. Fixes bug
30958; bugfix on 0.2.7.2-alpha.
o Minor bugfixes (subsystems):
- Make the subsystem init order match the subsystem module
dependencies. Call windows process security APIs as early as
possible. Initialize logging before network and time, so that
network and time can use logging. Fixes bug 31615; bugfix
on 0.4.0.1-alpha.
o Minor bugfixes (testing):
- Teach the util/socketpair_ersatz test to work correctly when we
have no network stack configured. Fixes bug 30804; bugfix
on 0.2.5.1-alpha.
o Minor bugfixes (v2 single onion services):
- Always retry v2 single onion service intro and rend circuits with
a 3-hop path. Previously, v2 single onion services used a 3-hop
path when rendezvous circuits were retried after a remote or
delayed failure, but a 1-hop path for immediate retries. Fixes bug
23818; bugfix on 0.2.9.3-alpha.
o Minor bugfixes (v3 single onion services):
- Always retry v3 single onion service intro and rend circuits with
a 3-hop path. Previously, v3 single onion services used a 3-hop
path when rend circuits were retried after a remote or delayed
failure, but a 1-hop path for immediate retries. Fixes bug 23818;
</