More changelog/releasenotes work for 0.3.0.6
This commit is contained in:
parent
cab3aafcb3
commit
43a0ae395d
|
@ -1,5 +1,5 @@
|
||||||
Changes in version 0.3.0.6 - 2017-04-2?
|
Changes in version 0.3.0.6 - 2017-04-2?
|
||||||
Tor 0.3.0.6 is the first stable release of the Tor 0.2.9 series.
|
Tor 0.3.0.6 is the first stable release of the Tor 0.3.0 series.
|
||||||
|
|
||||||
XXXXX BLURB HERE.
|
XXXXX BLURB HERE.
|
||||||
|
|
||||||
|
|
578
ReleaseNotes
578
ReleaseNotes
|
@ -2,6 +2,584 @@ This document summarizes new features and bugfixes in each stable release
|
||||||
of Tor. If you want to see more detailed descriptions of the changes in
|
of Tor. If you want to see more detailed descriptions of the changes in
|
||||||
each development snapshot, see the ChangeLog file.
|
each development snapshot, see the ChangeLog file.
|
||||||
|
|
||||||
|
|
||||||
|
Changes in version 0.3.0.6 - 2017-04-2?
|
||||||
|
Tor 0.3.0.6 is the first stable release of the Tor 0.3.0 series.
|
||||||
|
|
||||||
|
XXXXX BLURB HERE.
|
||||||
|
|
||||||
|
Below are the changes since 0.2.9.10. For a list of only the changes
|
||||||
|
since 0.3.0.5-rc, see the ChangeLog file.
|
||||||
|
|
||||||
|
o Major features (directory authority, security):
|
||||||
|
- The default for AuthDirPinKeys is now 1: directory authorities
|
||||||
|
will reject relays where the RSA identity key matches a previously
|
||||||
|
seen value, but the Ed25519 key has changed. Closes ticket 18319.
|
||||||
|
|
||||||
|
o Major features (guard selection algorithm):
|
||||||
|
- Tor's guard selection algorithm has been redesigned from the
|
||||||
|
ground up, to better support unreliable networks and restrictive
|
||||||
|
sets of entry nodes, and to better resist guard-capture attacks by
|
||||||
|
hostile local networks. Implements proposal 271; closes
|
||||||
|
ticket 19877.
|
||||||
|
|
||||||
|
o Major features (next-generation hidden services):
|
||||||
|
- Relays can now handle v3 ESTABLISH_INTRO cells as specified by
|
||||||
|
prop224 aka "Next Generation Hidden Services". Service and clients
|
||||||
|
don't use this functionality yet. Closes ticket 19043. Based on
|
||||||
|
initial code by Alec Heifetz.
|
||||||
|
- Relays now support the HSDir version 3 protocol, so that they can
|
||||||
|
can store and serve v3 descriptors. This is part of the next-
|
||||||
|
generation onion service work detailled in proposal 224. Closes
|
||||||
|
ticket 17238.
|
||||||
|
|
||||||
|
o Major features (protocol, ed25519 identity keys):
|
||||||
|
- Clients now support including Ed25519 identity keys in the EXTEND2
|
||||||
|
cells they generate. By default, this is controlled by a consensus
|
||||||
|
parameter, currently disabled. You can turn this feature on for
|
||||||
|
testing by setting ExtendByEd25519ID in your configuration. This
|
||||||
|
might make your traffic appear different than the traffic
|
||||||
|
generated by other users, however. Implements part of ticket
|
||||||
|
15056; part of proposal 220.
|
||||||
|
- Relays now understand requests to extend to other relays by their
|
||||||
|
Ed25519 identity keys. When an Ed25519 identity key is included in
|
||||||
|
an EXTEND2 cell, the relay will only extend the circuit if the
|
||||||
|
other relay can prove ownership of that identity. Implements part
|
||||||
|
of ticket 15056; part of proposal 220.
|
||||||
|
- Relays now use Ed25519 to prove their Ed25519 identities and to
|
||||||
|
one another, and to clients. This algorithm is faster and more
|
||||||
|
secure than the RSA-based handshake we've been doing until now.
|
||||||
|
Implements the second big part of proposal 220; Closes
|
||||||
|
ticket 15055.
|
||||||
|
|
||||||
|
o Major features (security):
|
||||||
|
- Change the algorithm used to decide DNS TTLs on client and server
|
||||||
|
side, to better resist DNS-based correlation attacks like the
|
||||||
|
DefecTor attack of Greschbach, Pulls, Roberts, Winter, and
|
||||||
|
Feamster. Now relays only return one of two possible DNS TTL
|
||||||
|
values, and clients are willing to believe DNS TTL values up to 3
|
||||||
|
hours long. Closes ticket 19769.
|
||||||
|
|
||||||
|
o Major bugfixes (client, onion service, also in 0.2.9.9):
|
||||||
|
- Fix a client-side onion service reachability bug, where multiple
|
||||||
|
socks requests to an onion service (or a single slow request)
|
||||||
|
could cause us to mistakenly mark some of the service's
|
||||||
|
introduction points as failed, and we cache that failure so
|
||||||
|
eventually we run out and can't reach the service. Also resolves a
|
||||||
|
mysterious "Remote server sent bogus reason code 65021" log
|
||||||
|
warning. The bug was introduced in ticket 17218, where we tried to
|
||||||
|
remember the circuit end reason as a uint16_t, which mangled
|
||||||
|
negative values. Partially fixes bug 21056 and fixes bug 20307;
|
||||||
|
bugfix on 0.2.8.1-alpha.
|
||||||
|
|
||||||
|
o Major bugfixes (crash, directory connections):
|
||||||
|
- Fix a rare crash when sending a begin cell on a circuit whose
|
||||||
|
linked directory connection had already been closed. Fixes bug
|
||||||
|
21576; bugfix on 0.2.9.3-alpha. Reported by Alec Muffett.
|
||||||
|
|
||||||
|
o Major bugfixes (directory authority):
|
||||||
|
- During voting, when marking a relay as a probable sybil, do not
|
||||||
|
clear its BadExit flag: sybils can still be bad in other ways
|
||||||
|
too. (We still clear the other flags.) Fixes bug 21108; bugfix
|
||||||
|
on 0.2.0.13-alpha.
|
||||||
|
|
||||||
|
o Major bugfixes (DNS):
|
||||||
|
- Fix a bug that prevented exit nodes from caching DNS records for
|
||||||
|
more than 60 seconds. Fixes bug 19025; bugfix on 0.2.4.7-alpha.
|
||||||
|
|
||||||
|
o Major bugfixes (IPv6 Exits):
|
||||||
|
- Stop rejecting all IPv6 traffic on Exits whose exit policy rejects
|
||||||
|
any IPv6 addresses. Instead, only reject a port over IPv6 if the
|
||||||
|
exit policy rejects that port on more than an IPv6 /16 of
|
||||||
|
addresses. This bug was made worse by 17027 in 0.2.8.1-alpha,
|
||||||
|
which rejected a relay's own IPv6 address by default. Fixes bug
|
||||||
|
21357; bugfix on commit 004f3f4e53 in 0.2.4.7-alpha.
|
||||||
|
|
||||||
|
o Major bugfixes (parsing):
|
||||||
|
- Fix an integer underflow bug when comparing malformed Tor
|
||||||
|
versions. This bug could crash Tor when built with
|
||||||
|
--enable-expensive-hardening, or on Tor 0.2.9.1-alpha through Tor
|
||||||
|
0.2.9.8, which were built with -ftrapv by default. In other cases
|
||||||
|
it was harmless. Part of TROVE-2017-001. Fixes bug 21278; bugfix
|
||||||
|
on 0.0.8pre1. Found by OSS-Fuzz.
|
||||||
|
- When parsing a malformed content-length field from an HTTP
|
||||||
|
message, do not read off the end of the buffer. This bug was a
|
||||||
|
potential remote denial-of-service attack against Tor clients and
|
||||||
|
relays. A workaround was released in October 2016, to prevent this
|
||||||
|
bug from crashing Tor. This is a fix for the underlying issue,
|
||||||
|
which should no longer matter (if you applied the earlier patch).
|
||||||
|
Fixes bug 20894; bugfix on 0.2.0.16-alpha. Bug found by fuzzing
|
||||||
|
using AFL (http://lcamtuf.coredump.cx/afl/).
|
||||||
|
|
||||||
|
o Major bugfixes (scheduler):
|
||||||
|
- Actually compare circuit policies in ewma_cmp_cmux(). This bug
|
||||||
|
caused the channel scheduler to behave more or less randomly,
|
||||||
|
rather than preferring channels with higher-priority circuits.
|
||||||
|
Fixes bug 20459; bugfix on 0.2.6.2-alpha.
|
||||||
|
|
||||||
|
o Major bugfixes (security, also in 0.2.9.9):
|
||||||
|
- Downgrade the "-ftrapv" option from "always on" to "only on when
|
||||||
|
--enable-expensive-hardening is provided." This hardening option,
|
||||||
|
like others, can turn survivable bugs into crashes--and having it
|
||||||
|
on by default made a (relatively harmless) integer overflow bug
|
||||||
|
into a denial-of-service bug. Fixes bug 21278 (TROVE-2017-001);
|
||||||
|
bugfix on 0.2.9.1-alpha.
|
||||||
|
|
||||||
|
o Minor feature (client):
|
||||||
|
- Enable IPv6 traffic on the SocksPort by default. To disable this,
|
||||||
|
a user will have to specify "NoIPv6Traffic". Closes ticket 21269.
|
||||||
|
|
||||||
|
o Minor feature (fallback scripts):
|
||||||
|
- Add a check_existing mode to updateFallbackDirs.py, which checks
|
||||||
|
if fallbacks in the hard-coded list are working. Closes ticket
|
||||||
|
20174. Patch by haxxpop.
|
||||||
|
|
||||||
|
o Minor feature (protocol versioning):
|
||||||
|
- Add new protocol version for proposal 224. HSIntro now advertises
|
||||||
|
version "3-4" and HSDir version "1-2". Fixes ticket 20656.
|
||||||
|
|
||||||
|
o Minor features (ciphersuite selection):
|
||||||
|
- Allow relays to accept a wider range of ciphersuites, including
|
||||||
|
chacha20-poly1305 and AES-CCM. Closes the other part of 15426.
|
||||||
|
- Clients now advertise a list of ciphersuites closer to the ones
|
||||||
|
preferred by Firefox. Closes part of ticket 15426.
|
||||||
|
|
||||||
|
o Minor features (controller):
|
||||||
|
- Add "GETINFO sr/current" and "GETINFO sr/previous" keys, to expose
|
||||||
|
shared-random values to the controller. Closes ticket 19925.
|
||||||
|
- When HSFETCH arguments cannot be parsed, say "Invalid argument"
|
||||||
|
rather than "unrecognized." Closes ticket 20389; patch from
|
||||||
|
Ivan Markin.
|
||||||
|
|
||||||
|
o Minor features (controller, configuration):
|
||||||
|
- Each of the *Port options, such as SocksPort, ORPort, ControlPort,
|
||||||
|
and so on, now comes with a __*Port variant that will not be saved
|
||||||
|
to the torrc file by the controller's SAVECONF command. This
|
||||||
|
change allows TorBrowser to set up a single-use domain socket for
|
||||||
|
each time it launches Tor. Closes ticket 20956.
|
||||||
|
- The GETCONF command can now query options that may only be
|
||||||
|
meaningful in context-sensitive lists. This allows the controller
|
||||||
|
to query the mixed SocksPort/__SocksPort style options introduced
|
||||||
|
in feature 20956. Implements ticket 21300.
|
||||||
|
|
||||||
|
o Minor features (diagnostic, directory client):
|
||||||
|
- Warn when we find an unexpected inconsistency in directory
|
||||||
|
download status objects. Prevents some negative consequences of
|
||||||
|
bug 20593.
|
||||||
|
|
||||||
|
o Minor features (directory authorities):
|
||||||
|
- Directory authorities now reject descriptors that claim to be
|
||||||
|
malformed versions of Tor. Helps prevent exploitation of
|
||||||
|
bug 21278.
|
||||||
|
- Reject version numbers with components that exceed INT32_MAX.
|
||||||
|
Otherwise 32-bit and 64-bit platforms would behave inconsistently.
|
||||||
|
Fixes bug 21450; bugfix on 0.0.8pre1.
|
||||||
|
|
||||||
|
o Minor features (directory authority):
|
||||||
|
- Add a new authority-only AuthDirTestEd25519LinkKeys option (on by
|
||||||
|
default) to control whether authorities should try to probe relays
|
||||||
|
by their Ed25519 link keys. This option will go away in a few
|
||||||
|
releases--unless we encounter major trouble in our ed25519 link
|
||||||
|
protocol rollout, in which case it will serve as a safety option.
|
||||||
|
|
||||||
|
o Minor features (directory cache):
|
||||||
|
- Relays and bridges will now refuse to serve the consensus they
|
||||||
|
have if they know it is too old for a client to use. Closes
|
||||||
|
ticket 20511.
|
||||||
|
|
||||||
|
o Minor features (ed25519 link handshake):
|
||||||
|
- Advertise support for the ed25519 link handshake using the
|
||||||
|
subprotocol-versions mechanism, so that clients can tell which
|
||||||
|
relays can identity themselves by Ed25519 ID. Closes ticket 20552.
|
||||||
|
|
||||||
|
o Minor features (entry guards):
|
||||||
|
- Add UseEntryGuards to TEST_OPTIONS_DEFAULT_VALUES in order to not
|
||||||
|
break regression tests.
|
||||||
|
- Require UseEntryGuards when UseBridges is set, in order to make
|
||||||
|
sure bridges aren't bypassed. Resolves ticket 20502.
|
||||||
|
|
||||||
|
o Minor features (fallback directories):
|
||||||
|
- Allow 3 fallback relays per operator, which is safe now that we
|
||||||
|
are choosing 200 fallback relays. Closes ticket 20912.
|
||||||
|
- Annotate updateFallbackDirs.py with the bandwidth and consensus
|
||||||
|
weight for each candidate fallback. Closes ticket 20878.
|
||||||
|
- Display the relay fingerprint when downloading consensuses from
|
||||||
|
fallbacks. Closes ticket 20908.
|
||||||
|
- Exclude relays affected by bug 20499 from the fallback list.
|
||||||
|
Exclude relays from the fallback list if they are running versions
|
||||||
|
known to be affected by bug 20499, or if in our tests they deliver
|
||||||
|
a stale consensus (i.e. one that expired more than 24 hours ago).
|
||||||
|
Closes ticket 20539.
|
||||||
|
- Make it easier to change the output sort order of fallbacks.
|
||||||
|
Closes ticket 20822.
|
||||||
|
- Reduce the minimum fallback bandwidth to 1 MByte/s. Part of
|
||||||
|
ticket 18828.
|
||||||
|
- Require fallback directories to have the same address and port for
|
||||||
|
7 days (now that we have enough relays with this stability).
|
||||||
|
Relays whose OnionOO stability timer is reset on restart by bug
|
||||||
|
18050 should upgrade to Tor 0.2.8.7 or later, which has a fix for
|
||||||
|
this issue. Closes ticket 20880; maintains short-term fix
|
||||||
|
in 0.2.8.2-alpha.
|
||||||
|
- Require fallbacks to have flags for 90% of the time (weighted
|
||||||
|
decaying average), rather than 95%. This allows at least 73% of
|
||||||
|
clients to bootstrap in the first 5 seconds without contacting an
|
||||||
|
authority. Part of ticket 18828.
|
||||||
|
- Select 200 fallback directories for each release. Closes
|
||||||
|
ticket 20881.
|
||||||
|
|
||||||
|
o Minor features (fingerprinting resistence, authentication):
|
||||||
|
- Extend the length of RSA keys used for TLS link authentication to
|
||||||
|
2048 bits. (These weren't used for forward secrecy; for forward
|
||||||
|
secrecy, we used P256.) Closes ticket 13752.
|
||||||
|
|
||||||
|
o Minor features (geoip):
|
||||||
|
- Update geoip and geoip6 to the April 4 2017 Maxmind GeoLite2
|
||||||
|
Country database.
|
||||||
|
|
||||||
|
o Minor features (geoip, also in 0.2.9.9):
|
||||||
|
- Update geoip and geoip6 to the January 4 2017 Maxmind GeoLite2
|
||||||
|
Country database.
|
||||||
|
|
||||||
|
o Minor features (infrastructure):
|
||||||
|
- Implement smartlist_add_strdup() function. Replaces the use of
|
||||||
|
smartlist_add(sl, tor_strdup(str)). Closes ticket 20048.
|
||||||
|
|
||||||
|
o Minor features (linting):
|
||||||
|
- Enhance the changes file linter to warn on Tor versions that are
|
||||||
|
prefixed with "tor-". Closes ticket 21096.
|
||||||
|
|
||||||
|
o Minor features (logging):
|
||||||
|
- In several places, describe unset ed25519 keys as "<unset>",
|
||||||
|
rather than the scary "AAAAAAAA...AAA". Closes ticket 21037.
|
||||||
|
|
||||||
|
o Minor features (portability, compilation):
|
||||||
|
- Autoconf now checks to determine if OpenSSL structures are opaque,
|
||||||
|
instead of explicitly checking for OpenSSL version numbers. Part
|
||||||
|
of ticket 21359.
|
||||||
|
- Support building with recent LibreSSL code that uses opaque
|
||||||
|
structures. Closes ticket 21359.
|
||||||
|
|
||||||
|
o Minor features (relay):
|
||||||
|
- We now allow separation of exit and relay traffic to different
|
||||||
|
source IP addresses, using the OutboundBindAddressExit and
|
||||||
|
OutboundBindAddressOR options respectively. Closes ticket 17975.
|
||||||
|
Written by Michael Sonntag.
|
||||||
|
|
||||||
|
o Minor features (reliability, crash):
|
||||||
|
- Try better to detect problems in buffers where they might grow (or
|
||||||
|
think they have grown) over 2 GB in size. Diagnostic for
|
||||||
|
bug 21369.
|
||||||
|
|
||||||
|
o Minor features (testing):
|
||||||
|
- During 'make test-network-all', if tor logs any warnings, ask
|
||||||
|
chutney to output them. Requires a recent version of chutney with
|
||||||
|
the 21572 patch. Implements 21570.
|
||||||
|
|
||||||
|
o Minor bugfix (control protocol):
|
||||||
|
- The reply to a "GETINFO config/names" request via the control
|
||||||
|
protocol now spells the type "Dependent" correctly. This is a
|
||||||
|
breaking change in the control protocol. (The field seems to be
|
||||||
|
ignored by the most common known controllers.) Fixes bug 18146;
|
||||||
|
bugfix on 0.1.1.4-alpha.
|
||||||
|
- The GETINFO extra-info/digest/<digest> command was broken because
|
||||||
|
of a wrong base16 decode return value check, introduced when
|
||||||
|
refactoring that API. Fixes bug 22034; bugfix on 0.2.9.1-alpha.
|
||||||
|
|
||||||
|
o Minor bugfix (logging):
|
||||||
|
- Don't recommend the use of Tor2web in non-anonymous mode.
|
||||||
|
Recommending Tor2web is a bad idea because the client loses all
|
||||||
|
anonymity. Tor2web should only be used in specific cases by users
|
||||||
|
who *know* and understand the issues. Fixes bug 21294; bugfix
|
||||||
|
on 0.2.9.3-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (bug resilience):
|
||||||
|
- Fix an unreachable size_t overflow in base64_decode(). Fixes bug
|
||||||
|
19222; bugfix on 0.2.0.9-alpha. Found by Guido Vranken; fixed by
|
||||||
|
Hans Jerry Illikainen.
|
||||||
|
|
||||||
|
o Minor bugfixes (build):
|
||||||
|
- Replace obsolete Autoconf macros with their modern equivalent and
|
||||||
|
prevent similar issues in the future. Fixes bug 20990; bugfix
|
||||||
|
on 0.1.0.1-rc.
|
||||||
|
|
||||||
|
o Minor bugfixes (certificate expiration time):
|
||||||
|
- Avoid using link certificates that don't become valid till some
|
||||||
|
time in the future. Fixes bug 21420; bugfix on 0.2.4.11-alpha
|
||||||
|
|
||||||
|
o Minor bugfixes (client):
|
||||||
|
- Always recover from failures in extend_info_from_node(), in an
|
||||||
|
attempt to prevent any recurrence of bug 21242. Fixes bug 21372;
|
||||||
|
bugfix on 0.2.3.1-alpha.
|
||||||
|
- When clients that use bridges start up with a cached consensus on
|
||||||
|
disk, they were ignoring it and downloading a new one. Now they
|
||||||
|
use the cached one. Fixes bug 20269; bugfix on 0.2.3.12-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (code correctness):
|
||||||
|
- Repair a couple of (unreachable or harmless) cases of the risky
|
||||||
|
comparison-by-subtraction pattern that caused bug 21278.
|
||||||
|
|
||||||
|
o Minor bugfixes (config):
|
||||||
|
- Don't assert on startup when trying to get the options list and
|
||||||
|
LearnCircuitBuildTimeout is set to 0: we are currently parsing the
|
||||||
|
options so of course they aren't ready yet. Fixes bug 21062;
|
||||||
|
bugfix on 0.2.9.3-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (configuration):
|
||||||
|
- Accept non-space whitespace characters after the severity level in
|
||||||
|
the `Log` option. Fixes bug 19965; bugfix on 0.2.1.1-alpha.
|
||||||
|
- Support "TByte" and "TBytes" units in options given in bytes.
|
||||||
|
"TB", "terabyte(s)", "TBit(s)" and "terabit(s)" were already
|
||||||
|
supported. Fixes bug 20622; bugfix on 0.2.0.14-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (configure, autoconf):
|
||||||
|
- Rename the configure option --enable-expensive-hardening to
|
||||||
|
--enable-fragile-hardening. Expensive hardening makes the tor
|
||||||
|
daemon abort when some kinds of issues are detected. Thus, it
|
||||||
|
makes tor more at risk of remote crashes but safer against RCE or
|
||||||
|
heartbleed bug category. We now try to explain this issue in a
|
||||||
|
message from the configure script. Fixes bug 21290; bugfix
|
||||||
|
on 0.2.5.4-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (consensus weight):
|
||||||
|
- Add new consensus method that initializes bw weights to 1 instead
|
||||||
|
of 0. This prevents a zero weight from making it all the way to
|
||||||
|
the end (happens in small testing networks) and causing an error.
|
||||||
|
Fixes bug 14881; bugfix on 0.2.2.17-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (crash prevention):
|
||||||
|
- Fix an (currently untriggerable, but potentially dangerous) crash
|
||||||
|
bug when base32-encoding inputs whose sizes are not a multiple of
|
||||||
|
5. Fixes bug 21894; bugfix on 0.2.9.1-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (dead code):
|
||||||
|
- Remove a redundant check for PidFile changes at runtime in
|
||||||
|
options_transition_allowed(): this check is already performed
|
||||||
|
regardless of whether the sandbox is active. Fixes bug 21123;
|
||||||
|
bugfix on 0.2.5.4-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (descriptors):
|
||||||
|
- Correctly recognise downloaded full descriptors as valid, even
|
||||||
|
when using microdescriptors as circuits. This affects clients with
|
||||||
|
FetchUselessDescriptors set, and may affect directory authorities.
|
||||||
|
Fixes bug 20839; bugfix on 0.2.3.2-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (directory mirrors):
|
||||||
|
- Allow relays to use directory mirrors without a DirPort: these
|
||||||
|
relays need to be contacted over their ORPorts using a begindir
|
||||||
|
connection. Fixes one case of bug 20711; bugfix on 0.2.8.2-alpha.
|
||||||
|
- Clarify the message logged when a remote relay is unexpectedly
|
||||||
|
missing an ORPort or DirPort: users were confusing this with a
|
||||||
|
local port. Fixes another case of bug 20711; bugfix
|
||||||
|
on 0.2.8.2-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (directory system):
|
||||||
|
- Bridges and relays now use microdescriptors (like clients do)
|
||||||
|
rather than old-style router descriptors. Now bridges will blend
|
||||||
|
in with clients in terms of the circuits they build. Fixes bug
|
||||||
|
6769; bugfix on 0.2.3.2-alpha.
|
||||||
|
- Download all consensus flavors, descriptors, and authority
|
||||||
|
certificates when FetchUselessDescriptors is set, regardless of
|
||||||
|
whether tor is a directory cache or not. Fixes bug 20667; bugfix
|
||||||
|
on all recent tor versions.
|
||||||
|
|
||||||
|
o Minor bugfixes (documentation):
|
||||||
|
- Update the tor manual page to document every option that can not
|
||||||
|
be changed while tor is running. Fixes bug 21122.
|
||||||
|
|
||||||
|
o Minor bugfixes (ed25519 certificates):
|
||||||
|
- Correctly interpret ed25519 certificates that would expire some
|
||||||
|
time after 19 Jan 2038. Fixes bug 20027; bugfix on 0.2.7.2-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (fallback directories):
|
||||||
|
- Avoid checking fallback candidates' DirPorts if they are down in
|
||||||
|
OnionOO. When a relay operator has multiple relays, this
|
||||||
|
prioritizes relays that are up over relays that are down. Fixes
|
||||||
|
bug 20926; bugfix on 0.2.8.3-alpha.
|
||||||
|
- Stop failing when OUTPUT_COMMENTS is True in updateFallbackDirs.py.
|
||||||
|
Fixes bug 20877; bugfix on 0.2.8.3-alpha.
|
||||||
|
- Stop failing when a relay has no uptime data in
|
||||||
|
updateFallbackDirs.py. Fixes bug 20945; bugfix on 0.2.8.1-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (hidden service):
|
||||||
|
- Clean up the code for expiring intro points with no associated
|
||||||
|
circuits. It was causing, rarely, a service with some expiring
|
||||||
|
introduction points to not open enough additional introduction
|
||||||
|
points. Fixes part of bug 21302; bugfix on 0.2.7.2-alpha.
|
||||||
|
- Resolve two possible underflows which could lead to creating and
|
||||||
|
closing a lot of introduction point circuits in a non-stop loop.
|
||||||
|
Fixes bug 21302; bugfix on 0.2.7.2-alpha.
|
||||||
|
- Stop setting the torrc option HiddenServiceStatistics to "0" just
|
||||||
|
because we're not a bridge or relay. Instead, we preserve whatever
|
||||||
|
value the user set (or didn't set). Fixes bug 21150; bugfix
|
||||||
|
on 0.2.6.2-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (hidden services):
|
||||||
|
- Make hidden services check for failed intro point connections,
|
||||||
|
even when they have exceeded their intro point creation limit.
|
||||||
|
Fixes bug 21596; bugfix on 0.2.7.2-alpha. Reported by Alec Muffett.
|
||||||
|
- Make hidden services with 8 to 10 introduction points check for
|
||||||
|
failed circuits immediately after startup. Previously, they would
|
||||||
|
wait for 5 minutes before performing their first checks. Fixes bug
|
||||||
|
21594; bugfix on 0.2.3.9-alpha. Reported by Alec Muffett.
|
||||||
|
- Stop ignoring misconfigured hidden services. Instead, refuse to
|
||||||
|
start tor until the misconfigurations have been corrected. Fixes
|
||||||
|
bug 20559; bugfix on multiple commits in 0.2.7.1-alpha
|
||||||
|
and earlier.
|
||||||
|
|
||||||
|
o Minor bugfixes (IPv6):
|
||||||
|
- Make IPv6-using clients try harder to find an IPv6 directory
|
||||||
|
server. Fixes bug 20999; bugfix on 0.2.8.2-alpha.
|
||||||
|
- When IPv6 addresses have not been downloaded yet (microdesc
|
||||||
|
consensus documents don't list relay IPv6 addresses), use hard-
|
||||||
|
coded addresses for authorities, fallbacks, and configured
|
||||||
|
bridges. Now IPv6-only clients can use microdescriptors. Fixes bug
|
||||||
|
20996; bugfix on b167e82 from 19608 in 0.2.8.5-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (memory leak at exit):
|
||||||
|
- Fix a small harmless memory leak at exit of the previously unused
|
||||||
|
RSA->Ed identity cross-certificate. Fixes bug 17779; bugfix
|
||||||
|
on 0.2.7.2-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (onion services):
|
||||||
|
- Allow the number of introduction points to be as low as 0, rather
|
||||||
|
than as low as 3. Fixes bug 21033; bugfix on 0.2.7.2-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (portability):
|
||||||
|
- Use "OpenBSD" compiler macro instead of "OPENBSD" or "__OpenBSD__".
|
||||||
|
It is supported by OpenBSD itself, and also by most OpenBSD
|
||||||
|
variants (such as Bitrig). Fixes bug 20980; bugfix
|
||||||
|
on 0.1.2.1-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (portability, also in 0.2.9.9):
|
||||||
|
- Avoid crashing when Tor is built using headers that contain
|
||||||
|
CLOCK_MONOTONIC_COARSE, but then tries to run on an older kernel
|
||||||
|
without CLOCK_MONOTONIC_COARSE. Fixes bug 21035; bugfix
|
||||||
|
on 0.2.9.1-alpha.
|
||||||
|
- Fix Libevent detection on platforms without Libevent 1 headers
|
||||||
|
installed. Fixes bug 21051; bugfix on 0.2.9.1-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (relay):
|
||||||
|
- Avoid a double-marked-circuit warning that could happen when we
|
||||||
|
receive DESTROY cells under heavy load. Fixes bug 20059; bugfix
|
||||||
|
on 0.1.0.1-rc.
|
||||||
|
- Honor DataDirectoryGroupReadable when tor is a relay. Previously,
|
||||||
|
initializing the keys would reset the DataDirectory to 0700
|
||||||
|
instead of 0750 even if DataDirectoryGroupReadable was set to 1.
|
||||||
|
Fixes bug 19953; bugfix on 0.0.2pre16. Patch by "redfish".
|
||||||
|
|
||||||
|
o Minor bugfixes (testing):
|
||||||
|
- Fix Raspbian build issues related to missing socket errno in
|
||||||
|
test_util.c. Fixes bug 21116; bugfix on 0.2.8.2. Patch by "hein".
|
||||||
|
- Remove undefined behavior from the backtrace generator by removing
|
||||||
|
its signal handler. Fixes bug 21026; bugfix on 0.2.5.2-alpha.
|
||||||
|
- Use bash in src/test/test-network.sh. This ensures we reliably
|
||||||
|
call chutney's newer tools/test-network.sh when available. Fixes
|
||||||
|
bug 21562; bugfix on 0.2.9.1-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (tor-resolve):
|
||||||
|
- The tor-resolve command line tool now rejects hostnames over 255
|
||||||
|
characters in length. Previously, it would silently truncate them,
|
||||||
|
which could lead to bugs. Fixes bug 21280; bugfix on 0.0.9pre5.
|
||||||
|
Patch by "junglefowl".
|
||||||
|
|
||||||
|
o Minor bugfixes (unit tests):
|
||||||
|
- Allow the unit tests to pass even when DNS lookups of bogus
|
||||||
|
addresses do not fail as expected. Fixes bug 20862 and 20863;
|
||||||
|
bugfix on unit tests introduced in 0.2.8.1-alpha
|
||||||
|
through 0.2.9.4-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (util):
|
||||||
|
- When finishing writing a file to disk, if we were about to replace
|
||||||
|
the file with the temporary file created before and we fail to
|
||||||
|
replace it, remove the temporary file so it doesn't stay on disk.
|
||||||
|
Fixes bug 20646; bugfix on 0.2.0.7-alpha. Patch by fk.
|
||||||
|
|
||||||
|
o Minor bugfixes (Windows services):
|
||||||
|
- Be sure to initialize the monotonic time subsystem before using
|
||||||
|
it, even when running as an NT service. Fixes bug 21356; bugfix
|
||||||
|
on 0.2.9.1-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (Windows):
|
||||||
|
- Check for getpagesize before using it to mmap files. This fixes
|
||||||
|
compilation in some MinGW environments. Fixes bug 20530; bugfix on
|
||||||
|
0.1.2.1-alpha. Reported by "ice".
|
||||||
|
|
||||||
|
o Code simplification and refactoring:
|
||||||
|
- Abolish all global guard context in entrynodes.c; replace with new
|
||||||
|
guard_selection_t structure as preparation for proposal 271.
|
||||||
|
Closes ticket 19858.
|
||||||
|
- Extract magic numbers in circuituse.c into defined variables.
|
||||||
|
- Introduce rend_service_is_ephemeral() that tells if given onion
|
||||||
|
service is ephemeral. Replace unclear NULL-checkings for service
|
||||||
|
directory with this function. Closes ticket 20526.
|
||||||
|
- Refactor circuit_is_available_for_use to remove unnecessary check.
|
||||||
|
- Refactor circuit_predict_and_launch_new for readability and
|
||||||
|
testability. Closes ticket 18873.
|
||||||
|
- Refactor code to manipulate global_origin_circuit_list into
|
||||||
|
separate functions. Closes ticket 20921.
|
||||||
|
- Refactor large if statement in purpose_needs_anonymity to use
|
||||||
|
switch statement instead. Closes part of ticket 20077.
|
||||||
|
- Refactor the hashing API to return negative values for errors, as
|
||||||
|
is done as throughout the codebase. Closes ticket 20717.
|
||||||
|
- Remove data structures that were used to index or_connection
|
||||||
|
objects by their RSA identity digests. These structures are fully
|
||||||
|
redundant with the similar structures used in the
|
||||||
|
channel abstraction.
|
||||||
|
- Remove duplicate code in the channel_write_*cell() functions.
|
||||||
|
Closes ticket 13827; patch from Pingl.
|
||||||
|
- Remove redundant behavior of is_sensitive_dir_purpose, refactor to
|
||||||
|
use only purpose_needs_anonymity. Closes part of ticket 20077.
|
||||||
|
- The code to generate and parse EXTEND and EXTEND2 cells has been
|
||||||
|
replaced with code automatically generated by the
|
||||||
|
"trunnel" utility.
|
||||||
|
|
||||||
|
o Documentation (formatting):
|
||||||
|
- Clean up formatting of tor.1 man page and HTML doc, where <pre>
|
||||||
|
blocks were incorrectly appearing. Closes ticket 20885.
|
||||||
|
|
||||||
|
o Documentation (man page):
|
||||||
|
- Clarify many options in tor.1 and add some min/max values for
|
||||||
|
HiddenService options. Closes ticket 21058.
|
||||||
|
|
||||||
|
o Documentation:
|
||||||
|
- Change '1' to 'weight_scale' in consensus bw weights calculation
|
||||||
|
comments, as that is reality. Closes ticket 20273. Patch
|
||||||
|
from pastly.
|
||||||
|
- Clarify that when ClientRejectInternalAddresses is enabled (which
|
||||||
|
is the default), multicast DNS hostnames for machines on the local
|
||||||
|
network (of the form *.local) are also rejected. Closes
|
||||||
|
ticket 17070.
|
||||||
|
- Correct the value for AuthDirGuardBWGuarantee in the manpage, from
|
||||||
|
250 KBytes to 2 MBytes. Fixes bug 20435; bugfix on 0.2.5.6-alpha.
|
||||||
|
- Include the "TBits" unit in Tor's man page. Fixes part of bug
|
||||||
|
20622; bugfix on 0.2.5.1-alpha.
|
||||||
|
- Small fixes to the fuzzing documentation. Closes ticket 21472.
|
||||||
|
- Stop the man page from incorrectly stating that HiddenServiceDir
|
||||||
|
must already exist. Fixes 20486.
|
||||||
|
- Update the description of the directory server options in the
|
||||||
|
manual page, to clarify that a relay no longer needs to set
|
||||||
|
DirPort in order to be a directory cache. Closes ticket 21720.
|
||||||
|
|
||||||
|
o Removed features:
|
||||||
|
- The AuthDirMaxServersPerAuthAddr option no longer exists: The same
|
||||||
|
limit for relays running on a single IP applies to authority IP
|
||||||
|
addresses as well as to non-authority IP addresses. Closes
|
||||||
|
ticket 20960.
|
||||||
|
- The UseDirectoryGuards torrc option no longer exists: all users
|
||||||
|
that use entry guards will also use directory guards. Related to
|
||||||
|
proposal 271; implements part of ticket 20831.
|
||||||
|
|
||||||
|
o Testing:
|
||||||
|
- Add tests for networkstatus_compute_bw_weights_v10.
|
||||||
|
- Add unit tests circuit_predict_and_launch_new.
|
||||||
|
- Extract dummy_origin_circuit_new so it can be used by other
|
||||||
|
test functions.
|
||||||
|
- New unit tests for tor_htonll(). Closes ticket 19563. Patch
|
||||||
|
from "overcaffeinated".
|
||||||
|
- Perform the coding style checks when running the tests and fail
|
||||||
|
when coding style violations are found. Closes ticket 5500.
|
||||||
|
|
||||||
|
|
||||||
Changes in version 0.2.9.10 - 2017-03-01
|
Changes in version 0.2.9.10 - 2017-03-01
|
||||||
Tor 0.2.9.10 backports a security fix from later Tor release. It also
|
Tor 0.2.9.10 backports a security fix from later Tor release. It also
|
||||||
includes fixes for some major issues affecting directory authorities,
|
includes fixes for some major issues affecting directory authorities,
|
||||||
|
|
Loading…
Reference in New Issue