sarah
/
tor
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Re-order and condense some ReleaseNotes items

This commit is contained in:
Nick Mathewson 2015-11-05 09:39:44 -05:00
parent 6292a3fcf4
commit 99d39e937e
1 changed files with 100 additions and 143 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

243
ReleaseNotes
View File

@ -6,6 +6,24 @@ each development snapshot, see the ChangeLog file.
Changes in version 0.2.7.5- 2015-11-??
XXXX WRITE A BLURB XXXX
o New system requirements:
- Tor no longer includes workarounds to support Libevent versions
before 1.3e. Libevent 2.0 or later is recommended. Closes
ticket 15248.
- Tor no longer supports copies of OpenSSL that are missing support
for Elliptic Curve Cryptography. (We began using ECC when
available in 0.2.4.8-alpha, for more safe and efficient key
negotiation.) In particular, support for at least one of P256 or
P224 is now required, with manual configuration needed if only
P224 is available. Resolves ticket 16140.
- Tor no longer supports versions of OpenSSL before 1.0. (If you are
on an operating system that has not upgraded to OpenSSL 1.0 or
later, and you compile Tor from source, you will need to install a
more recent OpenSSL to link Tor against.) These versions of
OpenSSL are still supported by the OpenSSL, but the numerous
cryptographic improvements in later OpenSSL releases makes them a
clear choice. Resolves ticket 16034.
o Major features (controller):
- Add the ADD_ONION and DEL_ONION commands that allow the creation
and management of hidden services via the controller. Closes
@ -36,24 +54,43 @@ Changes in version 0.2.7.5- 2015-11-??
vary freely. Implements part of ticket 12498.
- Microdescriptors now include Ed25519 identity keys. Implements
part of ticket 12498.
- Add a --newpass option to allow changing or removing the
passphrase of an encrypted key with tor --keygen. Implements part
of ticket 16769.
- Add a new OfflineMasterKey option to tell Tor never to try loading
or generating a secret Ed25519 identity key. You can use this in
combination with tor --keygen to manage offline and/or encrypted
Ed25519 keys. Implements ticket 16944.
- On receiving a HUP signal, check to see whether the Ed25519
signing key has changed, and reload it if so. Closes ticket 16790.
- Significant usability improvements for Ed25519 key management. Log
messages are better, and the code can recover from far more
failure conditions. Thanks to "s7r" for reporting and diagnosing
so many of these!
o Major features (Ed25519 keys, keypinning):
- The key-pinning option on directory authorities is now advisory-
only by default. In a future version, or when the AuthDirPinKeys
option is set, pins are enforced again. Disabling key-pinning
seemed like a good idea so that we can survive the fallout of any
usability problems associated with Ed25519 keys. Closes
ticket 17135.
o Major features (Ed25519 performance):
o Major features (ECC performance):
- Improve the runtime speed of Ed25519 signature verification by
using Ed25519-donna's batch verification support. Implements
ticket 16533.
- Improve the speed of Ed25519 operations and Curve25519 keypair
generation when built targeting 32 bit x86 platforms with SSE2
available. Implements ticket 16535.
- Improve the runtime speed of Ed25519 operations by using the
public-domain Ed25519-donna by Andrew M. ("floodyberry").
Implements ticket 16467.
- Improve the runtime speed of the ntor handshake by using an
optimized curve25519 basepoint scalarmult implementation from the
public-domain Ed25519-donna by Andrew M. ("floodyberry"), based on
ideas by Adam Langley. Implements ticket 9663.
o Major features (Hidden services):
- Hidden services, if using the EntryNodes option, are required to
use more than one EntryNode, in order to avoid a guard discovery
attack. (This would only affect people who had configured hidden
services and manually specified the EntryNodes option with a
single entry-node. The impact was that it would be easy to
remotely identify the guard node used by such a hidden service.
See ticket for more information.) Fixes ticket 14917.
- Add the torrc option HiddenServiceNumIntroductionPoints, to
specify a fixed number of introduction points. Its maximum value
is 10 and default is 3. Using this option can increase a hidden
@ -72,44 +109,6 @@ Changes in version 0.2.7.5- 2015-11-??
of this change, microdescriptors will no longer need to include
RSA identity keys. Implements proposal 228; closes ticket 12499.
o Major features (performance testing):
- The test-network.sh script now supports performance testing.
Requires corresponding chutney performance testing changes. Patch
by "teor". Closes ticket 14175.
o Major features (performance):
- Improve the runtime speed of Ed25519 operations by using the
public-domain Ed25519-donna by Andrew M. ("floodyberry").
Implements ticket 16467.
- Improve the runtime speed of the ntor handshake by using an
optimized curve25519 basepoint scalarmult implementation from the
public-domain Ed25519-donna by Andrew M. ("floodyberry"), based on
ideas by Adam Langley. Implements ticket 9663.
o Major features (relay, Ed25519):
- Add a --newpass option to allow changing or removing the
passphrase of an encrypted key with tor --keygen. Implements part
of ticket 16769.
- Add a new OfflineMasterKey option to tell Tor never to try loading
or generating a secret Ed25519 identity key. You can use this in
combination with tor --keygen to manage offline and/or encrypted
Ed25519 keys. Implements ticket 16944.
- On receiving a HUP signal, check to see whether the Ed25519
signing key has changed, and reload it if so. Closes ticket 16790.
- Significant usability improvements for Ed25519 key management. Log
messages are better, and the code can recover from far more
failure conditions. Thanks to "s7r" for reporting and diagnosing
so many of these!
o Major features (security, hidden services):
- Hidden services, if using the EntryNodes option, are required to
use more than one EntryNode, in order to avoid a guard discovery
attack. (This would only affect people who had configured hidden
services and manually specified the EntryNodes option with a
single entry-node. The impact was that it would be easy to
remotely identify the guard node used by such a hidden service.
See ticket for more information.) Fixes ticket 14917.
o Major bugfixes (client-side privacy, also in 0.2.6.9):
- Properly separate out each SOCKSPort when applying stream
isolation. The error occurred because each port's session group
@ -168,7 +167,7 @@ Changes in version 0.2.7.5- 2015-11-??
service while a NEWNYM is in progress. Fixes bug 16013; bugfix
on 0.1.0.1-rc.
o Minor features (client):
o Minor features (client, SOCKS):
- Add GroupWritable and WorldWritable options to unix-socket based
SocksPort and ControlPort options. These options apply to a single
socket, and override {Control,Socks}SocketsGroupWritable. Closes
@ -206,6 +205,9 @@ Changes in version 0.2.7.5- 2015-11-??
o Minor features (compilation):
- Give a warning as early as possible when trying to build with an
unsupported OpenSSL version. Closes ticket 16901.
- Use C99 variadic macros when the compiler is not GCC. This avoids
failing compilations on MSVC, and fixes a log-file-based race
condition in our old workarounds. Original patch from Gisle Vanem.
o Minor features (control protocol):
- Support network-liveness GETINFO key and NETWORK_LIVENESS event in
@ -242,18 +244,9 @@ Changes in version 0.2.7.5- 2015-11-??
introductions, by blocking multiple introduction requests on the
same circuit. Resolves ticket 15515.
o Minor features (geoIP):
o Minor features (geoip):
- Update geoip and geoip6 to the October 9 2015 Maxmind GeoLite2
Country database.
- Update geoip and geoip6 to the September 3 2015 Maxmind GeoLite2
Country database.
- Update geoip to the April 8 2015 Maxmind GeoLite2 Country database.
- Update geoip6 to the April 8 2015 Maxmind GeoLite2
Country database.
o Minor features (geoip, also in 0.2.6.10):
- Update geoip to the June 3 2015 Maxmind GeoLite2 Country database.
- Update geoip6 to the June 3 2015 Maxmind GeoLite2 Country database.
o Minor features (hidden services):
- Add the new options "HiddenServiceMaxStreams" and
@ -274,8 +267,6 @@ Changes in version 0.2.7.5- 2015-11-??
track only of the fraction of traffic used by hidden services, and
the total number of hidden services in existence.) Closes
ticket 15254.
o Minor features (HS popularity countermeasure):
- To avoid leaking HS popularity, don't cycle the introduction point
when we've handled a fixed number of INTRODUCE2 cells but instead
cycle it when a random number of introductions is reached, thus
@ -299,34 +290,6 @@ Changes in version 0.2.7.5- 2015-11-??
can be used by implementations to detect this new behavior.
Resolves ticket 15435.
o Minor features (portability):
- Use C99 variadic macros when the compiler is not GCC. This avoids
failing compilations on MSVC, and fixes a log-file-based race
condition in our old workarounds. Original patch from Gisle Vanem.
o Minor features (testing):
- Add a test to verify that the compiler does not eliminate our
memwipe() implementation. Closes ticket 15377.
- Add make rule `check-changes` to verify the format of changes
files. Closes ticket 15180.
- Add unit tests for control_event_is_interesting(). Add a compile-
time check that the number of events doesn't exceed the capacity
of control_event_t.event_mask. Closes ticket 15431, checks for
bugs similar to 13085. Patch by "teor".
- Command-line argument tests moved to Stem. Resolves ticket 14806.
- Integrate the ntor, backtrace, and zero-length keys tests into the
automake test suite. Closes ticket 15344.
- Remove assertions during builds to determine Tor's test coverage.
We don't want to trigger these even in assertions, so including
them artificially makes our branch coverage look worse than it is.
This patch provides the new test-stem-full and coverage-html-full
configure options. Implements ticket 15400.
o Minor features (testing, authorities, documentation):
- New TestingDirAuthVote{Exit,Guard,HSDir}IsStrict flags to
explicitly manage consensus flags in testing networks. Patch by
"robgjansen", modified by "teor". Implements part of ticket 14882.
o Minor bugfixes (torrc exit policies):
- In each instance above, usage advice is provided to avoid the
message. Resolves ticket 16069. Patch by "teor". Fixes part of bug
@ -351,6 +314,10 @@ Changes in version 0.2.7.5- 2015-11-??
on 0.2.3.3-alpha.
- When complaining about bad arguments to "--dump-config", use
stderr, not stdout.
- Print usage information for --dump-config when it is used without
an argument. Also, fix the error message to use different wording
and add newline at the end. Fixes bug 15541; bugfix
on 0.2.5.1-alpha.
o Minor bugfixes (compilation):
- Fix compilation of sandbox.c with musl-libc. Fixes bug 17347;
@ -397,19 +364,6 @@ Changes in version 0.2.7.5- 2015-11-??
its own PRNG. Fixes bug 16360; bugfix on 0.2.5.2-alpha, introduced
when implementing ticket 4900. Patch by "teor".
o Minor bugfixes (documentation):
- Advise users on how to configure separate IPv4 and IPv6 exit
policies in the manpage and sample torrcs. Related to ticket 16069.
- Fix an error in the manual page and comments for
TestingDirAuthVoteHSDir[IsStrict], which suggested that a HSDir
required "ORPort connectivity". While this is true, it is in no
way unique to the HSDir flag. Of all the flags, only HSDirs need a
DirPort configured in order for the authorities to assign that
particular flag. Patch by "teor". Fixed as part of 14882; bugfix
on 0.2.6.3-alpha.
- Fix the usage message of tor-resolve(1) so that it no longer lists
the removed -F option. Fixes bug 16913; bugfix on 0.2.2.28-beta.
o Minor bugfixes (hidden service):
- Fix an out-of-bounds read when parsing invalid INTRODUCE2 cells on
a client authorized hidden service. Fixes bug 15823; bugfix
@ -417,17 +371,14 @@ Changes in version 0.2.7.5- 2015-11-??
- Remove an extraneous newline character from the end of hidden
service descriptors. Fixes bug 15296; bugfix on 0.2.0.10-alpha.
o Minor bugfixes (interface):
- Print usage information for --dump-config when it is used without
an argument. Also, fix the error message to use different wording
and add newline at the end. Fixes bug 15541; bugfix
on 0.2.5.1-alpha.
o Minor bugfixes (Linux seccomp2 sandbox):
- Use the sandbox in tor_open_cloexec whether or not O_CLOEXEC is
defined. Patch by "teor". Fixes bug 16515; bugfix on 0.2.3.1-alpha.
- Allow bridge authorities to run correctly under the seccomp2
sandbox. Fixes bug 16964; bugfix on 0.2.5.1-alpha.
- Add the "hidserv-stats" filename to our sandbox filter for the
HiddenServiceStatistics option to work properly. Fixes bug 17354;
bugfix on tor-0.2.6.2-alpha. Patch from David Goulet.
o Minor bugfixes (Linux seccomp2 sandbox, also in 0.2.6.10):
- Allow pipe() and pipe2() syscalls in the seccomp2 sandbox: we need
@ -443,7 +394,7 @@ Changes in version 0.2.7.5- 2015-11-??
syscalls. Fixes bug 16244; bugfix on 0.2.6.1-alpha. Patch by
Peter Palfrader.
o Minor bugfixes (logs):
o Minor bugfixes (logging):
- When building Tor under Clang, do not include an extra set of
parentheses in log messages that include function names. Fixes bug
15269; bugfix on every released version of Tor when compiled with
@ -481,11 +432,6 @@ Changes in version 0.2.7.5- 2015-11-??
predictable scheduling behavior. Fixes bug 16644; bugfix
on 0.2.6.3-alpha.
o Minor bugfixes (sandbox):
- Add the "hidserv-stats" filename to our sandbox filter for the
HiddenServiceStatistics option to work properly. Fixes bug 17354;
bugfix on tor-0.2.6.2-alpha. Patch from David Goulet.
o Minor bugfixes (security, exit policies):
- ExitPolicyRejectPrivate now also rejects the relay's published
IPv6 address (if any), and any publicly routable IPv4 or IPv6
@ -513,16 +459,6 @@ Changes in version 0.2.7.5- 2015-11-??
not. Fixes bug 15771; bugfix on 0.2.6.1-alpha. Patch by "teor",
issue discovered by CJ Ess.
o Minor bugfixes (testing):
- Check for matching value in server response in ntor_ref.py. Fixes
bug 15591; bugfix on 0.2.4.8-alpha. Reported and fixed
by "joelanders".
- Set the severity correctly when testing
get_interface_addresses_ifaddrs() and
get_interface_addresses_win32(), so that the tests fail gracefully
instead of triggering an assertion. Fixes bug 15759; bugfix on
0.2.6.3-alpha. Reported by Nicolas Derive.
o Minor bugfixes (tests, also in 0.2.6.9):
- Fix a crash in the unit tests when built with MSVC2013. Fixes bug
16030; bugfix on 0.2.6.2-alpha. Patch from "NewEraCracker".
@ -594,11 +530,17 @@ Changes in version 0.2.7.5- 2015-11-??
- Standardize on the term "server descriptor" in the manual page.
Previously, we had used "router descriptor", "server descriptor",
and "relay descriptor" interchangeably. Part of ticket 14987.
o New system requirements:
- Tor no longer includes workarounds to support Libevent versions
before 1.3e. Libevent 2.0 or later is recommended. Closes
ticket 15248.
- Advise users on how to configure separate IPv4 and IPv6 exit
policies in the manpage and sample torrcs. Related to ticket 16069.
- Fix an error in the manual page and comments for
TestingDirAuthVoteHSDir[IsStrict], which suggested that a HSDir
required "ORPort connectivity". While this is true, it is in no
way unique to the HSDir flag. Of all the flags, only HSDirs need a
DirPort configured in order for the authorities to assign that
particular flag. Patch by "teor". Fixed as part of 14882; bugfix
on 0.2.6.3-alpha.
- Fix the usage message of tor-resolve(1) so that it no longer lists
the removed -F option. Fixes bug 16913; bugfix on 0.2.2.28-beta.
o Removed code:
- Remove `USE_OPENSSL_BASE64` and the corresponding fallback code
@ -636,21 +578,11 @@ Changes in version 0.2.7.5- 2015-11-??
that didn't know about microdescriptors.
- Tor no longer contains workarounds for stat files generated by
super-old versions of Tor that didn't choose guards sensibly.
- Tor no longer supports copies of OpenSSL that are missing support
for Elliptic Curve Cryptography. (We began using ECC when
available in 0.2.4.8-alpha, for more safe and efficient key
negotiation.) In particular, support for at least one of P256 or
P224 is now required, with manual configuration needed if only
P224 is available. Resolves ticket 16140.
- Tor no longer supports versions of OpenSSL before 1.0. (If you are
on an operating system that has not upgraded to OpenSSL 1.0 or
later, and you compile Tor from source, you will need to install a
more recent OpenSSL to link Tor against.) These versions of
OpenSSL are still supported by the OpenSSL, but the numerous
cryptographic improvements in later OpenSSL releases makes them a
clear choice. Resolves ticket 16034.
o Testing:
- The test-network.sh script now supports performance testing.
Requires corresponding chutney performance testing changes. Patch
by "teor". Closes ticket 14175.
- Add a new set of callgraph analysis scripts that use clang to
produce a list of which Tor functions are reachable from which
other Tor functions. We're planning to use these to help simplify
@ -693,8 +625,33 @@ Changes in version 0.2.7.5- 2015-11-??
(if any) using the 'tor-cov' coverage binary.
- When running test-network or test-stem, check for the absence of
stem/chutney before doing any build operations.
- Add a test to verify that the compiler does not eliminate our
memwipe() implementation. Closes ticket 15377.
- Add make rule `check-changes` to verify the format of changes
files. Closes ticket 15180.
- Add unit tests for control_event_is_interesting(). Add a compile-
time check that the number of events doesn't exceed the capacity
of control_event_t.event_mask. Closes ticket 15431, checks for
bugs similar to 13085. Patch by "teor".
- Command-line argument tests moved to Stem. Resolves ticket 14806.
- Integrate the ntor, backtrace, and zero-length keys tests into the
automake test suite. Closes ticket 15344.
- Remove assertions during builds to determine Tor's test coverage.
We don't want to trigger these even in assertions, so including
them artificially makes our branch coverage look worse than it is.
This patch provides the new test-stem-full and coverage-html-full
configure options. Implements ticket 15400.
- New TestingDirAuthVote{Exit,Guard,HSDir}IsStrict flags to
explicitly manage consensus flags in testing networks. Patch by
"robgjansen", modified by "teor". Implements part of ticket 14882.
- Check for matching value in server response in ntor_ref.py. Fixes
bug 15591; bugfix on 0.2.4.8-alpha. Reported and fixed
by "joelanders".
- Set the severity correctly when testing
get_interface_addresses_ifaddrs() and
get_interface_addresses_win32(), so that the tests fail gracefully
instead of triggering an assertion. Fixes bug 15759; bugfix on
0.2.6.3-alpha. Reported by Nicolas Derive.
Changes in version 0.2.6.10 - 2015-07-12