sarah
/
tor
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Sort and collate the ReleaseNotes sections again.

This commit is contained in:
Nick Mathewson 2014-10-19 14:21:43 -04:00
parent 6a58a380f9
commit 42336f32f0
1 changed files with 119 additions and 134 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

253
ReleaseNotes
View File

@ -3,13 +3,26 @@ of Tor. If you want to see more detailed descriptions of the changes in
each development snapshot, see the ChangeLog file.
Changes in version 0.2.5.9 - 2014-10-2x
o Deprecated versions:
- Tor 0.2.2.x has reached end-of-life; it has received no patches or
attention for some while. Directory authorities no longer accept
descriptors from relays running any version of Tor prior to Tor
0.2.3.16-alpha. Resolves ticket 11149.
o Major features (client security):
- The ntor handshake is now on-by-default, no matter what the
directory authorities recommend. Implements ticket 8561.
o Major features (other security):
- Disable support for SSLv3. All versions of OpenSSL in use with Tor
today support TLS 1.0 or later, so we can safely turn off support
for this old (and insecure) protocol. Fixes bug 13426.
- Warn about attempts to run hidden services and relays in the same
process: that's probably not a good idea. Closes ticket 12908.
- Make the "tor-gencert" tool used by directory authority operators
create 2048-bit signing keys by default (rather than 1024-bit, since
1024-bit is uncomfortably small these days). Addresses ticket 10324.
o Major features (relay security, DoS-resistance):
- When deciding whether we have run out of memory and we need to
close circuits, also consider memory allocated in buffers for
@ -34,19 +47,13 @@ Changes in version 0.2.5.9 - 2014-10-2x
the default was always 8 GB. You can still override the default by
setting MaxMemInQueues yourself. Resolves ticket 11396.
o Major features (client security):
- The ntor handshake is now on-by-default, no matter what the
directory authorities recommend. Implements ticket 8561.
o Major features (other security):
- Disable support for SSLv3. All versions of OpenSSL in use with Tor
today support TLS 1.0 or later, so we can safely turn off support
for this old (and insecure) protocol. Fixes bug 13426.
- Warn about attempts to run hidden services and relays in the same
process: that's probably not a good idea. Closes ticket 12908.
- Make the "tor-gencert" tool used by directory authority operators
create 2048-bit signing keys by default (rather than 1024-bit, since
1024-bit is uncomfortably small these days). Addresses ticket 10324.
o Major features (bridges and pluggable transports):
- Add support for passing arguments to managed pluggable transport
proxies. Implements ticket 3594.
- Bridges now track GeoIP information and the number of their users
even when pluggable transports are in use, and report usage
statistics in their extra-info descriptors. Resolves tickets 4773
and 5040.
o Major features (bridges):
- Don't launch pluggable transport proxies if we don't have any
@ -59,6 +66,14 @@ Changes in version 0.2.5.9 - 2014-10-2x
to e.g. include at least one Stable bridge in its answers. Fixes
bug 9859.
o Major features (controller):
- Extend ORCONN controller event to include an "ID" parameter,
and add four new controller event types CONN_BW, CIRC_BW,
CELL_STATS, and TB_EMPTY that show connection and circuit usage.
The new events are emitted in private Tor networks only, with the
goal of being able to better track performance and load during
full-network simulations. Implements proposal 218 and ticket 7359.
o Major features (relay performance):
- Speed up server-side lookups of rendezvous and introduction point
circuits by using hashtables instead of linear searches. These
@ -82,13 +97,12 @@ Changes in version 0.2.5.9 - 2014-10-2x
platforms. This work has been done by Cristian-Matei Toader for
Google Summer of Code. Resolves tickets 11351 and 11465.
o Major features (controller):
- Extend ORCONN controller event to include an "ID" parameter,
and add four new controller event types CONN_BW, CIRC_BW,
CELL_STATS, and TB_EMPTY that show connection and circuit usage.
The new events are emitted in private Tor networks only, with the
goal of being able to better track performance and load during
full-network simulations. Implements proposal 218 and ticket 7359.
o Major features (testing networks):
- Make testing Tor networks bootstrap better: lower directory fetch
retry schedules and maximum interval without directory requests,
and raise maximum download tries. Implements ticket 6752.
- Add make target 'test-network' to run tests on a Chutney network.
Implements ticket 8530.
o Major features (other):
- On some platforms (currently: recent OSX versions, glibc-based
@ -98,21 +112,6 @@ Changes in version 0.2.5.9 - 2014-10-2x
are dumped to stderr (if possible) and to any logs that are
reporting errors. Implements ticket 9299.
o Major features (bridges and pluggable transports):
- Add support for passing arguments to managed pluggable transport
proxies. Implements ticket 3594.
- Bridges now track GeoIP information and the number of their users
even when pluggable transports are in use, and report usage
statistics in their extra-info descriptors. Resolves tickets 4773
and 5040.
o Major features (testing networks):
- Make testing Tor networks bootstrap better: lower directory fetch
retry schedules and maximum interval without directory requests,
and raise maximum download tries. Implements ticket 6752.
- Add make target 'test-network' to run tests on a Chutney network.
Implements ticket 8530.
o Major bugfixes (security, directory authorities):
- Directory authorities now include a digest of each relay's
identity key as a part of its microdescriptor.
@ -139,6 +138,12 @@ Changes in version 0.2.5.9 - 2014-10-2x
became more strict about when we have "enough directory information
to build circuits".
o Major bugfixes (client, pluggable transports):
- When managing pluggable transports, use OS notification facilities
to learn if they have crashed, and don't attempt to kill any
process that has already exited. Fixes bug 8746; bugfix
on 0.2.3.6-alpha.
o Major bugfixes (relay denial of service):
- Instead of writing destroy cells directly to outgoing connection
buffers, queue them and intersperse them with other outgoing cells.
@ -147,12 +152,6 @@ Changes in version 0.2.5.9 - 2014-10-2x
delivered. Reported by "oftc_must_be_destroyed". Fixes bug 7912;
bugfix on 0.2.0.1-alpha.
o Major bugfixes (client, pluggable transports):
- When managing pluggable transports, use OS notification facilities
to learn if they have crashed, and don't attempt to kill any
process that has already exited. Fixes bug 8746; bugfix
on 0.2.3.6-alpha.
o Major bugfixes (relay):
- Avoid queuing or sending destroy cells for circuit ID zero when we
fail to send a CREATE cell. Fixes bug 12848; bugfix on 0.0.8pre1.
@ -236,6 +235,12 @@ Changes in version 0.2.5.9 - 2014-10-2x
configure rather than at build time. Fixes issue 6506. Patch from
Arlo Breault.
o Minor features (client):
- Add a new option, PredictedPortsRelevanceTime, to control how long
after having received a request to connect to a given port Tor
will try to keep circuits ready in anticipation of future requests
for that port. Patch from "unixninja92"; implements ticket 9176.
o Minor features (config options and command line):
- Add an --allow-missing-torrc commandline option that tells Tor to
run even if the configuration file specified by -f is not available.
@ -277,6 +282,9 @@ Changes in version 0.2.5.9 - 2014-10-2x
guards. Not recommended for ordinary use, since replacing guards
too frequently makes several attacks easier. Resolves ticket 9934;
patch from "ra".
- Implement the TRANSPORT_LAUNCHED control port event that
notifies controllers about new launched pluggable
transports. Resolves ticket 5609.
o Minor features (diagnostic):
- When logging a warning because of bug 7164, additionally check the
@ -300,11 +308,24 @@ Changes in version 0.2.5.9 - 2014-10-2x
warnings. We now include more information, to figure out why we
might be cleaning a microdescriptor for being too old if it's
still referenced by a live node_t object.
- Log current accounting state (bytes sent and received + remaining
time for the current accounting period) in the relay's heartbeat
message. Implements ticket 5526; patch from Peter Retzlaff.
o Minor features (geoip):
- Update geoip and geoip6 to the August 7 2014 Maxmind GeoLite2
Country database.
o Minor features (interface):
- Generate a warning if any ports are listed in the SocksPolicy,
DirPolicy, AuthDirReject, AuthDirInvalid, AuthDirBadDir, or
AuthDirBadExit options. (These options only support address
ranges.) Fixes part of ticket 11108.
o Minor features (kernel API usage):
- Use the SOCK_NONBLOCK socket type, if supported, to open nonblocking
sockets in a single system call. Implements ticket 5129.
o Minor features (log messages):
- When ServerTransportPlugin is set on a bridge, Tor can write more
useful statistics about bridge use in its extrainfo descriptors,
@ -326,6 +347,13 @@ Changes in version 0.2.5.9 - 2014-10-2x
- Warn less verbosely when receiving a malformed
ESTABLISH_RENDEZVOUS cell. Fixes ticket 11279.
o Minor features (performance):
- If we're using the pure-C 32-bit curve25519_donna implementation
of curve25519, build it with the -fomit-frame-pointer option to
make it go faster on register-starved hosts. This improves our
handshake performance by about 6% on i386 hosts without nacl.
Closes ticket 8109.
o Minor features (relay):
- If a circuit timed out for at least 3 minutes, check if we have a
new external IP address, and publish a new descriptor with the new
@ -350,79 +378,6 @@ Changes in version 0.2.5.9 - 2014-10-2x
pf.conf(5) manual page for information on configuring pf to use
divert-to rules. Closes ticket 10896; patch from Dana Koch.
o Minor features (client):
- Add a new option, PredictedPortsRelevanceTime, to control how long
after having received a request to connect to a given port Tor
will try to keep circuits ready in anticipation of future requests
for that port. Patch from "unixninja92"; implements ticket 9176.
o Minor features (interface):
- Generate a warning if any ports are listed in the SocksPolicy,
DirPolicy, AuthDirReject, AuthDirInvalid, AuthDirBadDir, or
AuthDirBadExit options. (These options only support address
ranges.) Fixes part of ticket 11108.
o Minor features (kernel API usage):
- Use the SOCK_NONBLOCK socket type, if supported, to open nonblocking
sockets in a single system call. Implements ticket 5129.
o Minor features (diagnostic):
- Log current accounting state (bytes sent and received + remaining
time for the current accounting period) in the relay's heartbeat
message. Implements ticket 5526; patch from Peter Retzlaff.
o Minor features (controller):
- Implement the TRANSPORT_LAUNCHED control port event that
notifies controllers about new launched pluggable
transports. Resolves ticket 5609.
o Minor features (performance):
- If we're using the pure-C 32-bit curve25519_donna implementation
of curve25519, build it with the -fomit-frame-pointer option to
make it go faster on register-starved hosts. This improves our
handshake performance by about 6% on i386 hosts without nacl.
Closes ticket 8109.
o Minor bugfixes (tools):
- Disable the sandbox name resolver cache when running tor-resolve:
tor-resolve doesn't use the sandbox code, and turning it on was
breaking attempts to do tor-resolve on a non-default server on
Linux. Fixes bug 13295; bugfix on 0.2.5.3-alpha.
o Minor bugfixes (compilation):
- Compile correctly with builds and forks of OpenSSL (such as
LibreSSL) that disable compression. Fixes bug 12602; bugfix on
0.2.1.1-alpha. Patch from "dhill".
o Minor bugfixes (Directory server):
- No longer accept malformed http headers when parsing urls from
headers. Now we reply with Bad Request ("400"). Fixes bug 2767;
bugfix on 0.0.6pre1.
o Minor bugfixes (misc code correctness):
- In munge_extrainfo_into_routerinfo(), check the return value of
memchr(). This would have been a serious issue if we ever passed
it a non-extrainfo. Fixes bug 8791; bugfix on 0.2.0.6-alpha. Patch
from Arlo Breault.
- On the chance that somebody manages to build Tor on a
platform where time_t is unsigned, correct the way that
microdesc_add_to_cache() handles negative time arguments.
Fixes bug 8042; bugfix on 0.2.3.1-alpha.
o Minor bugfixes (interface):
- Reject relative control socket paths and emit a warning. Previously,
single-component control socket paths would be rejected, but Tor
would not log why it could not validate the config. Fixes bug 9258;
bugfix on 0.2.3.16-alpha.
o Minor bugfixes (Directory server):
- When sending a compressed set of descriptors or microdescriptors,
make sure to finalize the zlib stream. Previously, we would write
all the compressed data, but if the last descriptor we wanted to
send was missing or too old, we would not mark the stream as
finished. This caused problems for decompression tools. Fixes bug
11648; bugfix on 0.1.1.23.
o Minor bugfixes (bridge client):
- Stop accepting bridge lines containing hostnames. Doing so would
cause clients to perform DNS requests on the hostnames, which was
@ -439,10 +394,15 @@ Changes in version 0.2.5.9 - 2014-10-2x
but ScrambleSuit will soon become the first one.) Fixes bug 9162;
bugfix on 0.2.0.3-alpha. Based on a patch from "rl1987".
o Minor bugfixes (compilation):
- Restore the ability to compile Tor with V2_HANDSHAKE_SERVER
turned off (that is, without support for v2 link handshakes). Fixes
bug 4677; bugfix on 0.2.3.2-alpha. Patch from "piet".
o Minor bugfixes (build, auxiliary programs):
- Stop preprocessing the "torify" script with autoconf, since
it no longer refers to LOCALSTATEDIR. Fixes bug 5505; patch
from Guilhem.
- The tor-fw-helper program now follows the standard convention and
exits with status code "0" on success. Fixes bug 9030; bugfix on
0.2.3.1-alpha. Patch by Arlo Breault.
- Corrected ./configure advice for what openssl dev package you should
install on Debian. Fixes bug 9207; bugfix on 0.2.0.1-alpha.
o Minor bugfixes (client):
- Avoid "Tried to open a socket with DisableNetwork set" warnings
@ -521,6 +481,12 @@ Changes in version 0.2.5.9 - 2014-10-2x
9573; bugfix on 0.0.9pre5.
o Minor bugfixes (compilation):
- Compile correctly with builds and forks of OpenSSL (such as
LibreSSL) that disable compression. Fixes bug 12602; bugfix on
0.2.1.1-alpha. Patch from "dhill".
- Restore the ability to compile Tor with V2_HANDSHAKE_SERVER
turned off (that is, without support for v2 link handshakes). Fixes
bug 4677; bugfix on 0.2.3.2-alpha. Patch from "piet".
- In routerlist_assert_ok(), don't take the address of a
routerinfo's cache_info member unless that routerinfo is non-NULL.
Fixes bug 13096; bugfix on 0.1.1.9-alpha. Patch by "teor".
@ -542,6 +508,9 @@ Changes in version 0.2.5.9 - 2014-10-2x
bugfix on 0.2.3.13-alpha. Found by "cypherpunks".
- Fix compilation with dmalloc. Fixes bug 11605; bugfix
on 0.2.4.10-alpha.
- Build and run correctly on systems like OpenBSD-current that have
patched OpenSSL to remove get_cipher_by_char and/or its
implementations. Fixes issue 13325.
o Minor bugfixes (controller and command-line):
- If changing a config option via "setconf" fails in a recoverable
@ -550,10 +519,27 @@ Changes in version 0.2.5.9 - 2014-10-2x
write out that file if we successfully switch to the new config
option. Fixes bug 5605; bugfix on 0.2.2.26-beta. Patch from "Ryman".
o Minor bugfixes (Directory server):
- No longer accept malformed http headers when parsing urls from
headers. Now we reply with Bad Request ("400"). Fixes bug 2767;
bugfix on 0.0.6pre1.
- When sending a compressed set of descriptors or microdescriptors,
make sure to finalize the zlib stream. Previously, we would write
all the compressed data, but if the last descriptor we wanted to
send was missing or too old, we would not mark the stream as
finished. This caused problems for decompression tools. Fixes bug
11648; bugfix on 0.1.1.23.
o Minor bugfixes (hidden service):
- Only retry attempts to connect to a chosen rendezvous point 8
times, not 30. Fixes bug 4241; bugfix on 0.1.0.1-rc.
o Minor bugfixes (interface):
- Reject relative control socket paths and emit a warning. Previously,
single-component control socket paths would be rejected, but Tor
would not log why it could not validate the config. Fixes bug 9258;
bugfix on 0.2.3.16-alpha.
o Minor bugfixes (log messages):
- Fix a bug where clients using bridges would report themselves
as 50% bootstrapped even without a live consensus document.
@ -591,6 +577,14 @@ Changes in version 0.2.5.9 - 2014-10-2x
from 'warn' to 'protocol warning'. Closes ticket 8093.
o Minor bugfixes (misc code correctness):
- In munge_extrainfo_into_routerinfo(), check the return value of
memchr(). This would have been a serious issue if we ever passed
it a non-extrainfo. Fixes bug 8791; bugfix on 0.2.0.6-alpha. Patch
from Arlo Breault.
- On the chance that somebody manages to build Tor on a
platform where time_t is unsigned, correct the way that
microdesc_add_to_cache() handles negative time arguments.
Fixes bug 8042; bugfix on 0.2.3.1-alpha.
- Fix various instances of undefined behavior in channeltls.c,
tor_memmem(), and eventdns.c that would cause us to construct
pointers to memory outside an allocated object. (These invalid
@ -698,6 +692,12 @@ Changes in version 0.2.5.9 - 2014-10-2x
by forgetting to free things in the unit test code. Fixes bug
11618, bugfixes on many versions of Tor.
o Minor bugfixes (tools):
- Disable the sandbox name resolver cache when running tor-resolve:
tor-resolve doesn't use the sandbox code, and turning it on was
breaking attempts to do tor-resolve on a non-default server on
Linux. Fixes bug 13295; bugfix on 0.2.5.3-alpha.
o Minor bugfixes (tor-fw-helper):
- Give a correct log message when tor-fw-helper fails to launch.
(Previously, we would say something like "tor-fw-helper sent us a
@ -712,16 +712,6 @@ Changes in version 0.2.5.9 - 2014-10-2x
own keys when generating a v3 networkstatus vote. These leaks
should never have affected anyone in practice.
o Minor bugfixes (build, auxiliary programs):
- Stop preprocessing the "torify" script with autoconf, since
it no longer refers to LOCALSTATEDIR. Fixes bug 5505; patch
from Guilhem.
- The tor-fw-helper program now follows the standard convention and
exits with status code "0" on success. Fixes bug 9030; bugfix on
0.2.3.1-alpha. Patch by Arlo Breault.
- Corrected ./configure advice for what openssl dev package you should
install on Debian. Fixes bug 9207; bugfix on 0.2.0.1-alpha.
o Code simplification and refactoring:
- Remove some old fallback code designed to keep Tor clients working
in a network with only two working relays. Elsewhere in the code we
@ -760,11 +750,6 @@ Changes in version 0.2.5.9 - 2014-10-2x
- Get rid of router->address, since in all cases it was just the
string representation of router->addr. Resolves ticket 5528.
o Minor bugfixes (compilation):
- Build and run correctly on systems like OpenBSD-current that have
patched OpenSSL to remove get_cipher_by_char and/or its
implementations. Fixes issue 13325.
o Documentation:
- Adjust the URLs in the README to refer to the new locations of
several documents on the website. Fixes bug 12830. Patch from