Remove draft 030 release notes into the releasenotes file
This commit is contained in:
parent
37c966db04
commit
cab3aafcb3
577
Release-030-in
577
Release-030-in
|
@ -1,577 +0,0 @@
|
||||||
Changes in version 0.3.0.6 - 2017-04-2?
|
|
||||||
Tor 0.3.0.6 is the first stable release of the Tor 0.3.0 series.
|
|
||||||
|
|
||||||
XXXXX BLURB HERE.
|
|
||||||
|
|
||||||
Below are the changes since 0.2.9.10. For a list of only the changes
|
|
||||||
since 0.3.0.5-rc, see the ChangeLog file.
|
|
||||||
|
|
||||||
o Major features (directory authority, security):
|
|
||||||
- The default for AuthDirPinKeys is now 1: directory authorities
|
|
||||||
will reject relays where the RSA identity key matches a previously
|
|
||||||
seen value, but the Ed25519 key has changed. Closes ticket 18319.
|
|
||||||
|
|
||||||
o Major features (guard selection algorithm):
|
|
||||||
- Tor's guard selection algorithm has been redesigned from the
|
|
||||||
ground up, to better support unreliable networks and restrictive
|
|
||||||
sets of entry nodes, and to better resist guard-capture attacks by
|
|
||||||
hostile local networks. Implements proposal 271; closes
|
|
||||||
ticket 19877.
|
|
||||||
|
|
||||||
o Major features (next-generation hidden services):
|
|
||||||
- Relays can now handle v3 ESTABLISH_INTRO cells as specified by
|
|
||||||
prop224 aka "Next Generation Hidden Services". Service and clients
|
|
||||||
don't use this functionality yet. Closes ticket 19043. Based on
|
|
||||||
initial code by Alec Heifetz.
|
|
||||||
- Relays now support the HSDir version 3 protocol, so that they can
|
|
||||||
can store and serve v3 descriptors. This is part of the next-
|
|
||||||
generation onion service work detailled in proposal 224. Closes
|
|
||||||
ticket 17238.
|
|
||||||
|
|
||||||
o Major features (protocol, ed25519 identity keys):
|
|
||||||
- Clients now support including Ed25519 identity keys in the EXTEND2
|
|
||||||
cells they generate. By default, this is controlled by a consensus
|
|
||||||
parameter, currently disabled. You can turn this feature on for
|
|
||||||
testing by setting ExtendByEd25519ID in your configuration. This
|
|
||||||
might make your traffic appear different than the traffic
|
|
||||||
generated by other users, however. Implements part of ticket
|
|
||||||
15056; part of proposal 220.
|
|
||||||
- Relays now understand requests to extend to other relays by their
|
|
||||||
Ed25519 identity keys. When an Ed25519 identity key is included in
|
|
||||||
an EXTEND2 cell, the relay will only extend the circuit if the
|
|
||||||
other relay can prove ownership of that identity. Implements part
|
|
||||||
of ticket 15056; part of proposal 220.
|
|
||||||
- Relays now use Ed25519 to prove their Ed25519 identities and to
|
|
||||||
one another, and to clients. This algorithm is faster and more
|
|
||||||
secure than the RSA-based handshake we've been doing until now.
|
|
||||||
Implements the second big part of proposal 220; Closes
|
|
||||||
ticket 15055.
|
|
||||||
|
|
||||||
o Major features (security):
|
|
||||||
- Change the algorithm used to decide DNS TTLs on client and server
|
|
||||||
side, to better resist DNS-based correlation attacks like the
|
|
||||||
DefecTor attack of Greschbach, Pulls, Roberts, Winter, and
|
|
||||||
Feamster. Now relays only return one of two possible DNS TTL
|
|
||||||
values, and clients are willing to believe DNS TTL values up to 3
|
|
||||||
hours long. Closes ticket 19769.
|
|
||||||
|
|
||||||
o Major bugfixes (client, onion service, also in 0.2.9.9):
|
|
||||||
- Fix a client-side onion service reachability bug, where multiple
|
|
||||||
socks requests to an onion service (or a single slow request)
|
|
||||||
could cause us to mistakenly mark some of the service's
|
|
||||||
introduction points as failed, and we cache that failure so
|
|
||||||
eventually we run out and can't reach the service. Also resolves a
|
|
||||||
mysterious "Remote server sent bogus reason code 65021" log
|
|
||||||
warning. The bug was introduced in ticket 17218, where we tried to
|
|
||||||
remember the circuit end reason as a uint16_t, which mangled
|
|
||||||
negative values. Partially fixes bug 21056 and fixes bug 20307;
|
|
||||||
bugfix on 0.2.8.1-alpha.
|
|
||||||
|
|
||||||
o Major bugfixes (crash, directory connections):
|
|
||||||
- Fix a rare crash when sending a begin cell on a circuit whose
|
|
||||||
linked directory connection had already been closed. Fixes bug
|
|
||||||
21576; bugfix on 0.2.9.3-alpha. Reported by Alec Muffett.
|
|
||||||
|
|
||||||
o Major bugfixes (directory authority):
|
|
||||||
- During voting, when marking a relay as a probable sybil, do not
|
|
||||||
clear its BadExit flag: sybils can still be bad in other ways
|
|
||||||
too. (We still clear the other flags.) Fixes bug 21108; bugfix
|
|
||||||
on 0.2.0.13-alpha.
|
|
||||||
|
|
||||||
o Major bugfixes (DNS):
|
|
||||||
- Fix a bug that prevented exit nodes from caching DNS records for
|
|
||||||
more than 60 seconds. Fixes bug 19025; bugfix on 0.2.4.7-alpha.
|
|
||||||
|
|
||||||
o Major bugfixes (IPv6 Exits):
|
|
||||||
- Stop rejecting all IPv6 traffic on Exits whose exit policy rejects
|
|
||||||
any IPv6 addresses. Instead, only reject a port over IPv6 if the
|
|
||||||
exit policy rejects that port on more than an IPv6 /16 of
|
|
||||||
addresses. This bug was made worse by 17027 in 0.2.8.1-alpha,
|
|
||||||
which rejected a relay's own IPv6 address by default. Fixes bug
|
|
||||||
21357; bugfix on commit 004f3f4e53 in 0.2.4.7-alpha.
|
|
||||||
|
|
||||||
o Major bugfixes (parsing):
|
|
||||||
- Fix an integer underflow bug when comparing malformed Tor
|
|
||||||
versions. This bug could crash Tor when built with
|
|
||||||
--enable-expensive-hardening, or on Tor 0.2.9.1-alpha through Tor
|
|
||||||
0.2.9.8, which were built with -ftrapv by default. In other cases
|
|
||||||
it was harmless. Part of TROVE-2017-001. Fixes bug 21278; bugfix
|
|
||||||
on 0.0.8pre1. Found by OSS-Fuzz.
|
|
||||||
- When parsing a malformed content-length field from an HTTP
|
|
||||||
message, do not read off the end of the buffer. This bug was a
|
|
||||||
potential remote denial-of-service attack against Tor clients and
|
|
||||||
relays. A workaround was released in October 2016, to prevent this
|
|
||||||
bug from crashing Tor. This is a fix for the underlying issue,
|
|
||||||
which should no longer matter (if you applied the earlier patch).
|
|
||||||
Fixes bug 20894; bugfix on 0.2.0.16-alpha. Bug found by fuzzing
|
|
||||||
using AFL (http://lcamtuf.coredump.cx/afl/).
|
|
||||||
|
|
||||||
o Major bugfixes (scheduler):
|
|
||||||
- Actually compare circuit policies in ewma_cmp_cmux(). This bug
|
|
||||||
caused the channel scheduler to behave more or less randomly,
|
|
||||||
rather than preferring channels with higher-priority circuits.
|
|
||||||
Fixes bug 20459; bugfix on 0.2.6.2-alpha.
|
|
||||||
|
|
||||||
o Major bugfixes (security, also in 0.2.9.9):
|
|
||||||
- Downgrade the "-ftrapv" option from "always on" to "only on when
|
|
||||||
--enable-expensive-hardening is provided." This hardening option,
|
|
||||||
like others, can turn survivable bugs into crashes--and having it
|
|
||||||
on by default made a (relatively harmless) integer overflow bug
|
|
||||||
into a denial-of-service bug. Fixes bug 21278 (TROVE-2017-001);
|
|
||||||
bugfix on 0.2.9.1-alpha.
|
|
||||||
|
|
||||||
o Minor feature (client):
|
|
||||||
- Enable IPv6 traffic on the SocksPort by default. To disable this,
|
|
||||||
a user will have to specify "NoIPv6Traffic". Closes ticket 21269.
|
|
||||||
|
|
||||||
o Minor feature (fallback scripts):
|
|
||||||
- Add a check_existing mode to updateFallbackDirs.py, which checks
|
|
||||||
if fallbacks in the hard-coded list are working. Closes ticket
|
|
||||||
20174. Patch by haxxpop.
|
|
||||||
|
|
||||||
o Minor feature (protocol versioning):
|
|
||||||
- Add new protocol version for proposal 224. HSIntro now advertises
|
|
||||||
version "3-4" and HSDir version "1-2". Fixes ticket 20656.
|
|
||||||
|
|
||||||
o Minor features (ciphersuite selection):
|
|
||||||
- Allow relays to accept a wider range of ciphersuites, including
|
|
||||||
chacha20-poly1305 and AES-CCM. Closes the other part of 15426.
|
|
||||||
- Clients now advertise a list of ciphersuites closer to the ones
|
|
||||||
preferred by Firefox. Closes part of ticket 15426.
|
|
||||||
|
|
||||||
o Minor features (controller):
|
|
||||||
- Add "GETINFO sr/current" and "GETINFO sr/previous" keys, to expose
|
|
||||||
shared-random values to the controller. Closes ticket 19925.
|
|
||||||
- When HSFETCH arguments cannot be parsed, say "Invalid argument"
|
|
||||||
rather than "unrecognized." Closes ticket 20389; patch from
|
|
||||||
Ivan Markin.
|
|
||||||
|
|
||||||
o Minor features (controller, configuration):
|
|
||||||
- Each of the *Port options, such as SocksPort, ORPort, ControlPort,
|
|
||||||
and so on, now comes with a __*Port variant that will not be saved
|
|
||||||
to the torrc file by the controller's SAVECONF command. This
|
|
||||||
change allows TorBrowser to set up a single-use domain socket for
|
|
||||||
each time it launches Tor. Closes ticket 20956.
|
|
||||||
- The GETCONF command can now query options that may only be
|
|
||||||
meaningful in context-sensitive lists. This allows the controller
|
|
||||||
to query the mixed SocksPort/__SocksPort style options introduced
|
|
||||||
in feature 20956. Implements ticket 21300.
|
|
||||||
|
|
||||||
o Minor features (diagnostic, directory client):
|
|
||||||
- Warn when we find an unexpected inconsistency in directory
|
|
||||||
download status objects. Prevents some negative consequences of
|
|
||||||
bug 20593.
|
|
||||||
|
|
||||||
o Minor features (directory authorities):
|
|
||||||
- Directory authorities now reject descriptors that claim to be
|
|
||||||
malformed versions of Tor. Helps prevent exploitation of
|
|
||||||
bug 21278.
|
|
||||||
- Reject version numbers with components that exceed INT32_MAX.
|
|
||||||
Otherwise 32-bit and 64-bit platforms would behave inconsistently.
|
|
||||||
Fixes bug 21450; bugfix on 0.0.8pre1.
|
|
||||||
|
|
||||||
o Minor features (directory authority):
|
|
||||||
- Add a new authority-only AuthDirTestEd25519LinkKeys option (on by
|
|
||||||
default) to control whether authorities should try to probe relays
|
|
||||||
by their Ed25519 link keys. This option will go away in a few
|
|
||||||
releases--unless we encounter major trouble in our ed25519 link
|
|
||||||
protocol rollout, in which case it will serve as a safety option.
|
|
||||||
|
|
||||||
o Minor features (directory cache):
|
|
||||||
- Relays and bridges will now refuse to serve the consensus they
|
|
||||||
have if they know it is too old for a client to use. Closes
|
|
||||||
ticket 20511.
|
|
||||||
|
|
||||||
o Minor features (ed25519 link handshake):
|
|
||||||
- Advertise support for the ed25519 link handshake using the
|
|
||||||
subprotocol-versions mechanism, so that clients can tell which
|
|
||||||
relays can identity themselves by Ed25519 ID. Closes ticket 20552.
|
|
||||||
|
|
||||||
o Minor features (entry guards):
|
|
||||||
- Add UseEntryGuards to TEST_OPTIONS_DEFAULT_VALUES in order to not
|
|
||||||
break regression tests.
|
|
||||||
- Require UseEntryGuards when UseBridges is set, in order to make
|
|
||||||
sure bridges aren't bypassed. Resolves ticket 20502.
|
|
||||||
|
|
||||||
o Minor features (fallback directories):
|
|
||||||
- Allow 3 fallback relays per operator, which is safe now that we
|
|
||||||
are choosing 200 fallback relays. Closes ticket 20912.
|
|
||||||
- Annotate updateFallbackDirs.py with the bandwidth and consensus
|
|
||||||
weight for each candidate fallback. Closes ticket 20878.
|
|
||||||
- Display the relay fingerprint when downloading consensuses from
|
|
||||||
fallbacks. Closes ticket 20908.
|
|
||||||
- Exclude relays affected by bug 20499 from the fallback list.
|
|
||||||
Exclude relays from the fallback list if they are running versions
|
|
||||||
known to be affected by bug 20499, or if in our tests they deliver
|
|
||||||
a stale consensus (i.e. one that expired more than 24 hours ago).
|
|
||||||
Closes ticket 20539.
|
|
||||||
- Make it easier to change the output sort order of fallbacks.
|
|
||||||
Closes ticket 20822.
|
|
||||||
- Reduce the minimum fallback bandwidth to 1 MByte/s. Part of
|
|
||||||
ticket 18828.
|
|
||||||
- Require fallback directories to have the same address and port for
|
|
||||||
7 days (now that we have enough relays with this stability).
|
|
||||||
Relays whose OnionOO stability timer is reset on restart by bug
|
|
||||||
18050 should upgrade to Tor 0.2.8.7 or later, which has a fix for
|
|
||||||
this issue. Closes ticket 20880; maintains short-term fix
|
|
||||||
in 0.2.8.2-alpha.
|
|
||||||
- Require fallbacks to have flags for 90% of the time (weighted
|
|
||||||
decaying average), rather than 95%. This allows at least 73% of
|
|
||||||
clients to bootstrap in the first 5 seconds without contacting an
|
|
||||||
authority. Part of ticket 18828.
|
|
||||||
- Select 200 fallback directories for each release. Closes
|
|
||||||
ticket 20881.
|
|
||||||
|
|
||||||
o Minor features (fingerprinting resistence, authentication):
|
|
||||||
- Extend the length of RSA keys used for TLS link authentication to
|
|
||||||
2048 bits. (These weren't used for forward secrecy; for forward
|
|
||||||
secrecy, we used P256.) Closes ticket 13752.
|
|
||||||
|
|
||||||
o Minor features (geoip):
|
|
||||||
- Update geoip and geoip6 to the April 4 2017 Maxmind GeoLite2
|
|
||||||
Country database.
|
|
||||||
|
|
||||||
o Minor features (geoip, also in 0.2.9.9):
|
|
||||||
- Update geoip and geoip6 to the January 4 2017 Maxmind GeoLite2
|
|
||||||
Country database.
|
|
||||||
|
|
||||||
o Minor features (infrastructure):
|
|
||||||
- Implement smartlist_add_strdup() function. Replaces the use of
|
|
||||||
smartlist_add(sl, tor_strdup(str)). Closes ticket 20048.
|
|
||||||
|
|
||||||
o Minor features (linting):
|
|
||||||
- Enhance the changes file linter to warn on Tor versions that are
|
|
||||||
prefixed with "tor-". Closes ticket 21096.
|
|
||||||
|
|
||||||
o Minor features (logging):
|
|
||||||
- In several places, describe unset ed25519 keys as "<unset>",
|
|
||||||
rather than the scary "AAAAAAAA...AAA". Closes ticket 21037.
|
|
||||||
|
|
||||||
o Minor features (portability, compilation):
|
|
||||||
- Autoconf now checks to determine if OpenSSL structures are opaque,
|
|
||||||
instead of explicitly checking for OpenSSL version numbers. Part
|
|
||||||
of ticket 21359.
|
|
||||||
- Support building with recent LibreSSL code that uses opaque
|
|
||||||
structures. Closes ticket 21359.
|
|
||||||
|
|
||||||
o Minor features (relay):
|
|
||||||
- We now allow separation of exit and relay traffic to different
|
|
||||||
source IP addresses, using the OutboundBindAddressExit and
|
|
||||||
OutboundBindAddressOR options respectively. Closes ticket 17975.
|
|
||||||
Written by Michael Sonntag.
|
|
||||||
|
|
||||||
o Minor features (reliability, crash):
|
|
||||||
- Try better to detect problems in buffers where they might grow (or
|
|
||||||
think they have grown) over 2 GB in size. Diagnostic for
|
|
||||||
bug 21369.
|
|
||||||
|
|
||||||
o Minor features (testing):
|
|
||||||
- During 'make test-network-all', if tor logs any warnings, ask
|
|
||||||
chutney to output them. Requires a recent version of chutney with
|
|
||||||
the 21572 patch. Implements 21570.
|
|
||||||
|
|
||||||
o Minor bugfix (control protocol):
|
|
||||||
- The reply to a "GETINFO config/names" request via the control
|
|
||||||
protocol now spells the type "Dependent" correctly. This is a
|
|
||||||
breaking change in the control protocol. (The field seems to be
|
|
||||||
ignored by the most common known controllers.) Fixes bug 18146;
|
|
||||||
bugfix on 0.1.1.4-alpha.
|
|
||||||
- The GETINFO extra-info/digest/<digest> command was broken because
|
|
||||||
of a wrong base16 decode return value check, introduced when
|
|
||||||
refactoring that API. Fixes bug 22034; bugfix on 0.2.9.1-alpha.
|
|
||||||
|
|
||||||
o Minor bugfix (logging):
|
|
||||||
- Don't recommend the use of Tor2web in non-anonymous mode.
|
|
||||||
Recommending Tor2web is a bad idea because the client loses all
|
|
||||||
anonymity. Tor2web should only be used in specific cases by users
|
|
||||||
who *know* and understand the issues. Fixes bug 21294; bugfix
|
|
||||||
on 0.2.9.3-alpha.
|
|
||||||
|
|
||||||
o Minor bugfixes (bug resilience):
|
|
||||||
- Fix an unreachable size_t overflow in base64_decode(). Fixes bug
|
|
||||||
19222; bugfix on 0.2.0.9-alpha. Found by Guido Vranken; fixed by
|
|
||||||
Hans Jerry Illikainen.
|
|
||||||
|
|
||||||
o Minor bugfixes (build):
|
|
||||||
- Replace obsolete Autoconf macros with their modern equivalent and
|
|
||||||
prevent similar issues in the future. Fixes bug 20990; bugfix
|
|
||||||
on 0.1.0.1-rc.
|
|
||||||
|
|
||||||
o Minor bugfixes (certificate expiration time):
|
|
||||||
- Avoid using link certificates that don't become valid till some
|
|
||||||
time in the future. Fixes bug 21420; bugfix on 0.2.4.11-alpha
|
|
||||||
|
|
||||||
o Minor bugfixes (client):
|
|
||||||
- Always recover from failures in extend_info_from_node(), in an
|
|
||||||
attempt to prevent any recurrence of bug 21242. Fixes bug 21372;
|
|
||||||
bugfix on 0.2.3.1-alpha.
|
|
||||||
- When clients that use bridges start up with a cached consensus on
|
|
||||||
disk, they were ignoring it and downloading a new one. Now they
|
|
||||||
use the cached one. Fixes bug 20269; bugfix on 0.2.3.12-alpha.
|
|
||||||
|
|
||||||
o Minor bugfixes (code correctness):
|
|
||||||
- Repair a couple of (unreachable or harmless) cases of the risky
|
|
||||||
comparison-by-subtraction pattern that caused bug 21278.
|
|
||||||
|
|
||||||
o Minor bugfixes (config):
|
|
||||||
- Don't assert on startup when trying to get the options list and
|
|
||||||
LearnCircuitBuildTimeout is set to 0: we are currently parsing the
|
|
||||||
options so of course they aren't ready yet. Fixes bug 21062;
|
|
||||||
bugfix on 0.2.9.3-alpha.
|
|
||||||
|
|
||||||
o Minor bugfixes (configuration):
|
|
||||||
- Accept non-space whitespace characters after the severity level in
|
|
||||||
the `Log` option. Fixes bug 19965; bugfix on 0.2.1.1-alpha.
|
|
||||||
- Support "TByte" and "TBytes" units in options given in bytes.
|
|
||||||
"TB", "terabyte(s)", "TBit(s)" and "terabit(s)" were already
|
|
||||||
supported. Fixes bug 20622; bugfix on 0.2.0.14-alpha.
|
|
||||||
|
|
||||||
o Minor bugfixes (configure, autoconf):
|
|
||||||
- Rename the configure option --enable-expensive-hardening to
|
|
||||||
--enable-fragile-hardening. Expensive hardening makes the tor
|
|
||||||
daemon abort when some kinds of issues are detected. Thus, it
|
|
||||||
makes tor more at risk of remote crashes but safer against RCE or
|
|
||||||
heartbleed bug category. We now try to explain this issue in a
|
|
||||||
message from the configure script. Fixes bug 21290; bugfix
|
|
||||||
on 0.2.5.4-alpha.
|
|
||||||
|
|
||||||
o Minor bugfixes (consensus weight):
|
|
||||||
- Add new consensus method that initializes bw weights to 1 instead
|
|
||||||
of 0. This prevents a zero weight from making it all the way to
|
|
||||||
the end (happens in small testing networks) and causing an error.
|
|
||||||
Fixes bug 14881; bugfix on 0.2.2.17-alpha.
|
|
||||||
|
|
||||||
o Minor bugfixes (crash prevention):
|
|
||||||
- Fix an (currently untriggerable, but potentially dangerous) crash
|
|
||||||
bug when base32-encoding inputs whose sizes are not a multiple of
|
|
||||||
5. Fixes bug 21894; bugfix on 0.2.9.1-alpha.
|
|
||||||
|
|
||||||
o Minor bugfixes (dead code):
|
|
||||||
- Remove a redundant check for PidFile changes at runtime in
|
|
||||||
options_transition_allowed(): this check is already performed
|
|
||||||
regardless of whether the sandbox is active. Fixes bug 21123;
|
|
||||||
bugfix on 0.2.5.4-alpha.
|
|
||||||
|
|
||||||
o Minor bugfixes (descriptors):
|
|
||||||
- Correctly recognise downloaded full descriptors as valid, even
|
|
||||||
when using microdescriptors as circuits. This affects clients with
|
|
||||||
FetchUselessDescriptors set, and may affect directory authorities.
|
|
||||||
Fixes bug 20839; bugfix on 0.2.3.2-alpha.
|
|
||||||
|
|
||||||
o Minor bugfixes (directory mirrors):
|
|
||||||
- Allow relays to use directory mirrors without a DirPort: these
|
|
||||||
relays need to be contacted over their ORPorts using a begindir
|
|
||||||
connection. Fixes one case of bug 20711; bugfix on 0.2.8.2-alpha.
|
|
||||||
- Clarify the message logged when a remote relay is unexpectedly
|
|
||||||
missing an ORPort or DirPort: users were confusing this with a
|
|
||||||
local port. Fixes another case of bug 20711; bugfix
|
|
||||||
on 0.2.8.2-alpha.
|
|
||||||
|
|
||||||
o Minor bugfixes (directory system):
|
|
||||||
- Bridges and relays now use microdescriptors (like clients do)
|
|
||||||
rather than old-style router descriptors. Now bridges will blend
|
|
||||||
in with clients in terms of the circuits they build. Fixes bug
|
|
||||||
6769; bugfix on 0.2.3.2-alpha.
|
|
||||||
- Download all consensus flavors, descriptors, and authority
|
|
||||||
certificates when FetchUselessDescriptors is set, regardless of
|
|
||||||
whether tor is a directory cache or not. Fixes bug 20667; bugfix
|
|
||||||
on all recent tor versions.
|
|
||||||
|
|
||||||
o Minor bugfixes (documentation):
|
|
||||||
- Update the tor manual page to document every option that can not
|
|
||||||
be changed while tor is running. Fixes bug 21122.
|
|
||||||
|
|
||||||
o Minor bugfixes (ed25519 certificates):
|
|
||||||
- Correctly interpret ed25519 certificates that would expire some
|
|
||||||
time after 19 Jan 2038. Fixes bug 20027; bugfix on 0.2.7.2-alpha.
|
|
||||||
|
|
||||||
o Minor bugfixes (fallback directories):
|
|
||||||
- Avoid checking fallback candidates' DirPorts if they are down in
|
|
||||||
OnionOO. When a relay operator has multiple relays, this
|
|
||||||
prioritizes relays that are up over relays that are down. Fixes
|
|
||||||
bug 20926; bugfix on 0.2.8.3-alpha.
|
|
||||||
- Stop failing when OUTPUT_COMMENTS is True in updateFallbackDirs.py.
|
|
||||||
Fixes bug 20877; bugfix on 0.2.8.3-alpha.
|
|
||||||
- Stop failing when a relay has no uptime data in
|
|
||||||
updateFallbackDirs.py. Fixes bug 20945; bugfix on 0.2.8.1-alpha.
|
|
||||||
|
|
||||||
o Minor bugfixes (hidden service):
|
|
||||||
- Clean up the code for expiring intro points with no associated
|
|
||||||
circuits. It was causing, rarely, a service with some expiring
|
|
||||||
introduction points to not open enough additional introduction
|
|
||||||
points. Fixes part of bug 21302; bugfix on 0.2.7.2-alpha.
|
|
||||||
- Resolve two possible underflows which could lead to creating and
|
|
||||||
closing a lot of introduction point circuits in a non-stop loop.
|
|
||||||
Fixes bug 21302; bugfix on 0.2.7.2-alpha.
|
|
||||||
- Stop setting the torrc option HiddenServiceStatistics to "0" just
|
|
||||||
because we're not a bridge or relay. Instead, we preserve whatever
|
|
||||||
value the user set (or didn't set). Fixes bug 21150; bugfix
|
|
||||||
on 0.2.6.2-alpha.
|
|
||||||
|
|
||||||
o Minor bugfixes (hidden services):
|
|
||||||
- Make hidden services check for failed intro point connections,
|
|
||||||
even when they have exceeded their intro point creation limit.
|
|
||||||
Fixes bug 21596; bugfix on 0.2.7.2-alpha. Reported by Alec Muffett.
|
|
||||||
- Make hidden services with 8 to 10 introduction points check for
|
|
||||||
failed circuits immediately after startup. Previously, they would
|
|
||||||
wait for 5 minutes before performing their first checks. Fixes bug
|
|
||||||
21594; bugfix on 0.2.3.9-alpha. Reported by Alec Muffett.
|
|
||||||
- Stop ignoring misconfigured hidden services. Instead, refuse to
|
|
||||||
start tor until the misconfigurations have been corrected. Fixes
|
|
||||||
bug 20559; bugfix on multiple commits in 0.2.7.1-alpha
|
|
||||||
and earlier.
|
|
||||||
|
|
||||||
o Minor bugfixes (IPv6):
|
|
||||||
- Make IPv6-using clients try harder to find an IPv6 directory
|
|
||||||
server. Fixes bug 20999; bugfix on 0.2.8.2-alpha.
|
|
||||||
- When IPv6 addresses have not been downloaded yet (microdesc
|
|
||||||
consensus documents don't list relay IPv6 addresses), use hard-
|
|
||||||
coded addresses for authorities, fallbacks, and configured
|
|
||||||
bridges. Now IPv6-only clients can use microdescriptors. Fixes bug
|
|
||||||
20996; bugfix on b167e82 from 19608 in 0.2.8.5-alpha.
|
|
||||||
|
|
||||||
o Minor bugfixes (memory leak at exit):
|
|
||||||
- Fix a small harmless memory leak at exit of the previously unused
|
|
||||||
RSA->Ed identity cross-certificate. Fixes bug 17779; bugfix
|
|
||||||
on 0.2.7.2-alpha.
|
|
||||||
|
|
||||||
o Minor bugfixes (onion services):
|
|
||||||
- Allow the number of introduction points to be as low as 0, rather
|
|
||||||
than as low as 3. Fixes bug 21033; bugfix on 0.2.7.2-alpha.
|
|
||||||
|
|
||||||
o Minor bugfixes (portability):
|
|
||||||
- Use "OpenBSD" compiler macro instead of "OPENBSD" or "__OpenBSD__".
|
|
||||||
It is supported by OpenBSD itself, and also by most OpenBSD
|
|
||||||
variants (such as Bitrig). Fixes bug 20980; bugfix
|
|
||||||
on 0.1.2.1-alpha.
|
|
||||||
|
|
||||||
o Minor bugfixes (portability, also in 0.2.9.9):
|
|
||||||
- Avoid crashing when Tor is built using headers that contain
|
|
||||||
CLOCK_MONOTONIC_COARSE, but then tries to run on an older kernel
|
|
||||||
without CLOCK_MONOTONIC_COARSE. Fixes bug 21035; bugfix
|
|
||||||
on 0.2.9.1-alpha.
|
|
||||||
- Fix Libevent detection on platforms without Libevent 1 headers
|
|
||||||
installed. Fixes bug 21051; bugfix on 0.2.9.1-alpha.
|
|
||||||
|
|
||||||
o Minor bugfixes (relay):
|
|
||||||
- Avoid a double-marked-circuit warning that could happen when we
|
|
||||||
receive DESTROY cells under heavy load. Fixes bug 20059; bugfix
|
|
||||||
on 0.1.0.1-rc.
|
|
||||||
- Honor DataDirectoryGroupReadable when tor is a relay. Previously,
|
|
||||||
initializing the keys would reset the DataDirectory to 0700
|
|
||||||
instead of 0750 even if DataDirectoryGroupReadable was set to 1.
|
|
||||||
Fixes bug 19953; bugfix on 0.0.2pre16. Patch by "redfish".
|
|
||||||
|
|
||||||
o Minor bugfixes (testing):
|
|
||||||
- Fix Raspbian build issues related to missing socket errno in
|
|
||||||
test_util.c. Fixes bug 21116; bugfix on 0.2.8.2. Patch by "hein".
|
|
||||||
- Remove undefined behavior from the backtrace generator by removing
|
|
||||||
its signal handler. Fixes bug 21026; bugfix on 0.2.5.2-alpha.
|
|
||||||
- Use bash in src/test/test-network.sh. This ensures we reliably
|
|
||||||
call chutney's newer tools/test-network.sh when available. Fixes
|
|
||||||
bug 21562; bugfix on 0.2.9.1-alpha.
|
|
||||||
|
|
||||||
o Minor bugfixes (tor-resolve):
|
|
||||||
- The tor-resolve command line tool now rejects hostnames over 255
|
|
||||||
characters in length. Previously, it would silently truncate them,
|
|
||||||
which could lead to bugs. Fixes bug 21280; bugfix on 0.0.9pre5.
|
|
||||||
Patch by "junglefowl".
|
|
||||||
|
|
||||||
o Minor bugfixes (unit tests):
|
|
||||||
- Allow the unit tests to pass even when DNS lookups of bogus
|
|
||||||
addresses do not fail as expected. Fixes bug 20862 and 20863;
|
|
||||||
bugfix on unit tests introduced in 0.2.8.1-alpha
|
|
||||||
through 0.2.9.4-alpha.
|
|
||||||
|
|
||||||
o Minor bugfixes (util):
|
|
||||||
- When finishing writing a file to disk, if we were about to replace
|
|
||||||
the file with the temporary file created before and we fail to
|
|
||||||
replace it, remove the temporary file so it doesn't stay on disk.
|
|
||||||
Fixes bug 20646; bugfix on 0.2.0.7-alpha. Patch by fk.
|
|
||||||
|
|
||||||
o Minor bugfixes (Windows services):
|
|
||||||
- Be sure to initialize the monotonic time subsystem before using
|
|
||||||
it, even when running as an NT service. Fixes bug 21356; bugfix
|
|
||||||
on 0.2.9.1-alpha.
|
|
||||||
|
|
||||||
o Minor bugfixes (Windows):
|
|
||||||
- Check for getpagesize before using it to mmap files. This fixes
|
|
||||||
compilation in some MinGW environments. Fixes bug 20530; bugfix on
|
|
||||||
0.1.2.1-alpha. Reported by "ice".
|
|
||||||
|
|
||||||
o Code simplification and refactoring:
|
|
||||||
- Abolish all global guard context in entrynodes.c; replace with new
|
|
||||||
guard_selection_t structure as preparation for proposal 271.
|
|
||||||
Closes ticket 19858.
|
|
||||||
- Extract magic numbers in circuituse.c into defined variables.
|
|
||||||
- Introduce rend_service_is_ephemeral() that tells if given onion
|
|
||||||
service is ephemeral. Replace unclear NULL-checkings for service
|
|
||||||
directory with this function. Closes ticket 20526.
|
|
||||||
- Refactor circuit_is_available_for_use to remove unnecessary check.
|
|
||||||
- Refactor circuit_predict_and_launch_new for readability and
|
|
||||||
testability. Closes ticket 18873.
|
|
||||||
- Refactor code to manipulate global_origin_circuit_list into
|
|
||||||
separate functions. Closes ticket 20921.
|
|
||||||
- Refactor large if statement in purpose_needs_anonymity to use
|
|
||||||
switch statement instead. Closes part of ticket 20077.
|
|
||||||
- Refactor the hashing API to return negative values for errors, as
|
|
||||||
is done as throughout the codebase. Closes ticket 20717.
|
|
||||||
- Remove data structures that were used to index or_connection
|
|
||||||
objects by their RSA identity digests. These structures are fully
|
|
||||||
redundant with the similar structures used in the
|
|
||||||
channel abstraction.
|
|
||||||
- Remove duplicate code in the channel_write_*cell() functions.
|
|
||||||
Closes ticket 13827; patch from Pingl.
|
|
||||||
- Remove redundant behavior of is_sensitive_dir_purpose, refactor to
|
|
||||||
use only purpose_needs_anonymity. Closes part of ticket 20077.
|
|
||||||
- The code to generate and parse EXTEND and EXTEND2 cells has been
|
|
||||||
replaced with code automatically generated by the
|
|
||||||
"trunnel" utility.
|
|
||||||
|
|
||||||
o Documentation (formatting):
|
|
||||||
- Clean up formatting of tor.1 man page and HTML doc, where <pre>
|
|
||||||
blocks were incorrectly appearing. Closes ticket 20885.
|
|
||||||
|
|
||||||
o Documentation (man page):
|
|
||||||
- Clarify many options in tor.1 and add some min/max values for
|
|
||||||
HiddenService options. Closes ticket 21058.
|
|
||||||
|
|
||||||
o Documentation:
|
|
||||||
- Change '1' to 'weight_scale' in consensus bw weights calculation
|
|
||||||
comments, as that is reality. Closes ticket 20273. Patch
|
|
||||||
from pastly.
|
|
||||||
- Clarify that when ClientRejectInternalAddresses is enabled (which
|
|
||||||
is the default), multicast DNS hostnames for machines on the local
|
|
||||||
network (of the form *.local) are also rejected. Closes
|
|
||||||
ticket 17070.
|
|
||||||
- Correct the value for AuthDirGuardBWGuarantee in the manpage, from
|
|
||||||
250 KBytes to 2 MBytes. Fixes bug 20435; bugfix on 0.2.5.6-alpha.
|
|
||||||
- Include the "TBits" unit in Tor's man page. Fixes part of bug
|
|
||||||
20622; bugfix on 0.2.5.1-alpha.
|
|
||||||
- Small fixes to the fuzzing documentation. Closes ticket 21472.
|
|
||||||
- Stop the man page from incorrectly stating that HiddenServiceDir
|
|
||||||
must already exist. Fixes 20486.
|
|
||||||
- Update the description of the directory server options in the
|
|
||||||
manual page, to clarify that a relay no longer needs to set
|
|
||||||
DirPort in order to be a directory cache. Closes ticket 21720.
|
|
||||||
|
|
||||||
o Removed features:
|
|
||||||
- The AuthDirMaxServersPerAuthAddr option no longer exists: The same
|
|
||||||
limit for relays running on a single IP applies to authority IP
|
|
||||||
addresses as well as to non-authority IP addresses. Closes
|
|
||||||
ticket 20960.
|
|
||||||
- The UseDirectoryGuards torrc option no longer exists: all users
|
|
||||||
that use entry guards will also use directory guards. Related to
|
|
||||||
proposal 271; implements part of ticket 20831.
|
|
||||||
|
|
||||||
o Testing:
|
|
||||||
- Add tests for networkstatus_compute_bw_weights_v10.
|
|
||||||
- Add unit tests circuit_predict_and_launch_new.
|
|
||||||
- Extract dummy_origin_circuit_new so it can be used by other
|
|
||||||
test functions.
|
|
||||||
- New unit tests for tor_htonll(). Closes ticket 19563. Patch
|
|
||||||
from "overcaffeinated".
|
|
||||||
- Perform the coding style checks when running the tests and fail
|
|
||||||
when coding style violations are found. Closes ticket 5500.
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue