October 2020 - tor-commits - lists.torproject.org

[tor/master] Minor edits to changelog headers
by nickm＠torproject.org 30 Oct '20

30 Oct '20

commit e6d3836d968bde705c4e6d28464b815a6f7f585c Author: Nick Mathewson <nickm(a)torproject.org> Date: Fri Oct 30 10:58:57 2020 -0400 Minor edits to changelog headers --- ChangeLog | 464 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 464 insertions(+) diff --git a/ChangeLog b/ChangeLog index 0420bd715c..b75aeb299b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,467 @@ +Changes in version 0.4.5.1-alpha - 2020-10-30 + Tor 0.4.5.1-alpha is the first alpha release in the 0.4.5.x series. + It improves support for IPv6, address discovery and self-testing, code + metrics and tracing. + + Here are the changes since 0.4.4.5. + + o Major features (IPv6, relay): + - The torrc option Address now supports IPv6. By doing so, we've also + unified the interface to find our address to support IPv4, IPv6 and + hostname. Closes ticket 33233. + + o Major features (relay, IPv6): + - Relays now automatically bind on IPv6 for their ORPort unless specified + otherwise with the IPv4Only flag. Closes ticket 33246. + + o Major features (tracing): + - Add a tracing library with USDT and LTTng-UST support. Few tracepoints + were added in the circuit subsystem. More will come incrementally. This + feature is compiled out by default. It needs to be enabled at configure + time. See documentation in doc/HACKING/Tracing.md. Closes ticket 32910. + + o Major features (IPv6, relay): + - Launch IPv4 and IPv6 ORPort self-test circuits on relays and bridges. + Closes ticket 33222. + + o Major features (metrics): + - Introduce a new MetricsPort which exposes, through an HTTP GET /metrics, a + series of metrics that tor collects at runtime. At the moment, the only + supported output format is Prometheus data model. Closes ticket 40063; + + o Major features (relay self-testing, IPv6): + - Relays now track their IPv6 ORPort separately from the reachability of + their IPv4 ORPort. They will not publish a descriptor unless _both_ + ports appear to be externally reachable. Closes ticket 34067. + + o Major features (relay, IPv6): + - When a relay with IPv6 support opens a connection to another + relay, and the extend cell lists both IPv4 and IPv6 addresses, the + first relay now picks randomly which address to use. Closes + ticket 33220. + + o Major bugfix (TLS, buffer): + - When attempting to read N bytes on a TLS connection, really try to read + those N bytes. Before that, Tor would stop reading after the first TLS + record which can be smaller than N bytes even though more data was waiting + on the TLS connection socket. The remaining data would have been read at + the next mainloop event. Fixes bug 40006; bugfix on 0.1.0.5-rc. + + o Minor features (address discovery): + - If no Address statements are found, relays now prioritize guessing their + address by looking at the local interface instead of the local hostname. + If the interface address can't be found, the local hostname is used. + Closes ticket 33238. + + o Minor features (configuration): + - Allow the using wildcards (* and ?) with the %include option on + configuration files. Closes ticket 25140. Patch by Daniel Pinto. + - Allows configuration options EntryNodes, ExcludeNodes, + ExcludeExitNodes, ExitNodes, MiddleNodes, HSLayer2Nodes and + HSLayer3Nodes to be specified multiple times. Closes ticket + 28361. Patch by Daniel Pinto. + + o Minor features (control port): + - Add a DROPTIMEOUTS control port command to drop circuit build timeout + history and reset the timeout. Closes ticket 40002. + + o Minor features (directory authorities): + - Create new consensus method that removes the unecessary = padding + from ntor-onion-key. Closes ticket 7869. Patch by Daniel Pinto. + + o Minor features (relay): + - If a relay is unable to discover its address, attempt to learn it from the + NETINFO cell. Closes ticket 40022. + + o Minor features (relay, address discovery): + - If Address is not found in torrc, attempt to learn our address with the + configured ORPort address if any. Closes ticket 33236. + + o Minor features (admin tools): + - Add new --format argument to -key-expiration option to allow + specifying the time format of expiration date. Adds Unix + timestamp format support. Patch by Daniel Pinto. Closes + ticket 30045. + + o Minor features (authorities): + - Authorities now list a different set of protocols as required and + recommended. These lists are chosen so that only truly recommended + and/or required protocols are included, and so that clients using 0.2.9 + or later will continue to work (even though they are not supported), + whereas only relays running 0.3.5 or later will meet the requirements. + Closes ticket 40162. + + o Minor features (bootstrap reporting): + - When reporting bootstrapping status on a relay, do not consider + connections that have never been the target of an origin circuit. + Previously, all connection failures were treated as potential + bootstrapping failures, including those that had been opened because of + client requests. Closes ticket 25061. + + o Minor features (build): + - If the configure script has given any warnings, remind the user about + them at the end of the script. Related to 40138. + - When running the configure script, try to detect version mismatches + between the openssl headers and libraries, and suggest that the + user should try "--with-openssl-dir". Closes 40138. + + o Minor features (compilation): + - When building Tor, first link all object files into a single + static library. This may help with embedding Tor in other + programs. Note that most Tor functions do not constitute a + part of a stable or supported API: Only those functions in + tor_api.h should be used if embedding Tor. Closes ticket + 40127. + + o Minor features (control port): + - When a stream enters the AP_CONN_STATE_CONTROLLER_WAIT status, + send a control port event CONTROLLER_WAIT. Closes ticket 32190. + Patch by Neel Chauhan. + + o Minor features (control port, relay): + - Introduce "GETINFO address/v4" and "GETINFO address/v6" in the control + port to fetch the Tor host's respective IPv4 or IPv6 address. We keep + "GETINFO address" for backwords-compatibility which retains the current + behavior. Closes ticket 40039. Patch by Neel Chauhan. + + o Minor features (control port, rephist): + - Introduce GETINFO "stats/ntor/{assigned/requested}" and + "stats/tap/{assigned/requested}" to get the NTorand TAP + circuit onion handshake rephist values respectively. + Closes ticket 28279. Patch by Neel Chauhan. + + o Minor features (controller, IPv6): + - Tor relays now try to report to the controller when they are launching + an IPv6 self-test. Closes ticket 34068. + + o Minor features (directory authorities): + - Directory authorities now reject descriptors from relays running + Tor versions from the 0.4.1 series, but still allow the 0.3.5 + series. Resolves ticket 34357. Patch by Neel Chauhan. + + o Minor features (directory authorities, IPv6): + - Make authorities add their IPv6 ORPort (if any) to the trusted dir + servers list. Authorities currently add themselves to the trusted dir + servers list, but they only add their IPv4 address and ports to the list. + Closes ticket 32822. + + o Minor features (directory authority): + - Make it possible to specify multiple ConsensusParams torrc lines. + Now directory authority operators can for example put the main + ConsensusParams config in one torrc file and then add to it from + a different torrc file. Closes ticket 40164. + - The AssumeReachable option no longer stops directory authorities + from checking whether other relays are running. A new + AuthDirTestReachability option can be used to disable these checks. + Closes ticket 34445. + - When looking for possible sybil attacks, also consider IPv6 addresses. + Two routers are considered to have "the same" address by this metric + if they are in the same /64 network. Patch from Maurice Pibouin. Closes + ticket 7193. + + o Minor features (ed25519, relay): + - Save a relay's base64-encoded ed25519 identity key to the data + directory in a file named fingerprint-ed25519. Closes ticket 30642. + Patch by Neel Chauhan. + + o Minor features (heartbeat): + - Include the total number of inbound and outbound IPv4 and IPv6 + connections in the heartbeat message . Closes ticket 29113. + + o Minor features (IPv6, ExcludeNodes): + - Make routerset_contains_router() capable of handling IPv6 + addresses. This makes ExcludeNodes capable of excluding an + IPv6 adddress. Previously, ExcludeNodes ignored IPv6 + addresses. Closes ticket 34065. Patch by Neel Chauhan. + + o Minor features (IPv6, relay): + - Allow relays to send IPv6-only extend cells. Closes ticket 33222. + - Declare support for the Relay=3 subprotocol version. Closes ticket 33226. + - When launching IPv6 ORPort self-test circuits, make sure that the + second-last hop can initiate an IPv6 extend. Closes ticket 33222. + + o Minor features (logging): + - Adds the running glibc version to the log. Also adds the + running and compiled glibc version to the library list + returned when using the flag --library-versions. Patch + from Daniel Pinto. Closes ticket 40047; bugfix on + 0.4.5.0-alpha-dev. + - Consider 301 as an error like a 404 when processing the response to a + request for a group of server descriptors or an extrainfo documents. + Closes ticket 40053. + - Print directory fetch information a single line. Closes ticket 40159. + - Provide more complete descriptions of our connections when logging + about them. Closes ticket 40041. + - When describing a relay in th elogs, we now include its ed25519 identity. + Closes ticket 22668. + + o Minor features (onion services): + - When writing an onion service hostname file, first read it to make + sure it contains what we want before attempting to write it. Now + onion services can set their existing onion service directories to + read-only and Tor will still work. Resolves ticket 40062. Patch by + Neel Chauhan. + + o Minor features (pluggable transports): + - Added option OutboundBindAddressPT to torrc. This option allows users to + specify which IPv4 and IPv6 address they want pluggable transports to use + for outgoing IP packets. Tor does not have a way to enforce that the pluggable + transport honors this option so each pluggable transport will have to + implement support for this feature. Closes ticket 5304. + + o Minor features (protocol simplification): + - Tor no longer allows subprotocol versions larger than 63. Previously + versions up to UINT32_MAX were allowed, which significantly complicated + our code. + Implements proposal 318; closes ticket 40133. + + o Minor features (relay address tracking): + - We store relay addresses for OR connections in a more logical way. + Previously we would sometimes overwrite the actual address of a + connection with a "canonical address", and then store the "real + address" elsewhere to remember it. We now track the "canonical address" + elsewhere for the cases where we need it, and leave the connection's + address alone. Closes ticket 33898. + + o Minor features (relay): + - Log immediately when launching a relay self-check. Previously + we would try to log before launching checks, or approximately + when we intended to launch checks, but this tended to be + error-prone. Closes ticket 34137. + + o Minor features (relay, IPv6): + - Add an AssumeReachableIPv6 option to disable self-checking IPv6 + reachability. Closes part of ticket 33224. + - Add new "assume-reachable" and "assume-reachable-ipv6" parameters + to be used in an emergency to tell relays that they should publish + even if they cannot complete their ORPort self-checks. + Closes ticket 34064 and part of 33224. + + o Minor features (specification update): + - Several fields in microdescriptors, router descriptors, and consensus + documents that were formerly optional are now required. Implements + proposal 315; closes ticket 40132. + + o Minor features (state): + - When loading the state file, remove entries from the statefile that + have been obsolete for a long time. Ordinarily Tor preserves + unrecognized entries in order to keep forward-compatibility, but + these statefile entries have not actually been used in any release + since before the 0.3.5.x. Closes ticket 40137. + + o Minor features (statistics, ipv6): + - Relays now publish IPv6-specific counts of single-direction + versus bidirectional relay connections. + Closes ticket 33264. + - Relays now publish their IPv6 read and write statistics over time, + if statistics are enabled. + Closes ticket 33263. + + o Minor features (subprotocol versions): + - Use the new limitations on subprotocol versions due to proposal + 318 to simplify our implementation. Part of ticket 40133. + + o Minor features (testing configuration): + - The TestingTorNetwork no longer implicitly sets AssumeReachable to 1. + This change will allow us to test relays' self-testing mechanisms, + and eventually to test authorities' relay-testing functionality. + Closes ticket 34446. + + o Minor features (testing): + - Added unit tests for channel_matches_target_addr_for_extend(). + Closes Ticket 33919. Patch by MrSquanchee. + + o Minor bugfixes (logging): + - Remove a debug logging statement that uselessly spam the logs. Fixes bug + 40135; bugfix on 0.3.5.0-alpha. + + o Minor bugfixes (circuit padding): + - When circpad_send_padding_cell_for_callback is called, + `is_padding_timer_scheduled` flag was not reset. Now it is set to 0 at + the top of that function. Fixes bug 32671; bugfix on 0.4.0.1-alpha. + - Add a per-circuit padding machine instance counter, so we can + differentiate between shutdown requests for old machines on a circuit; + Fixes bug 30992; bugfix on 0.4.1.1-alpha. + - Add the abilility to keep circuit padding machines if they match a set + of circuit state or purposes. This allows us to have machines that start + up under some conditions but don't shut down under others. We now + use this mask to avoid starting up introduction circuit padding + again after the machines have already completed. Fixes bug 32040; + bugfix on 0.4.1.1-alpha. + + o Minor bugfixes (compatibility): + - Strip '\r' characters when reading text files on Unix platforms. + This should resolve an issue where a relay operator migrates a relay from + Windows to Unix, but does not change the line ending of Tor's various state + files to match the platform, the CRLF line endings from Windows ends up leaking + into other files such as the extra-info document. Fixes bug 33781; bugfix on + 0.0.9pre5. + + o Minor bugfixes (compilation): + - Fix compiler warnings that would occur when building with + "--enable-all-bugs-are-fatal" and "--disable-module-relay" + at the same time. Fixes bug 40129; bugfix on 0.4.4.1-alpha. + - Resolve a compilation warning that could occur in test_connection.c. + Fixes bug 40113; bugfix on 0.2.9.3-alpha. + + o Minor bugfixes (configuration): + - Fix bug where %including a pattern ending with */ would include files + and folders (instead of folders only) in versions of glibc < 2.19. + Fixes bug 40141; bugfix on 0.4.5.0-alpha-dev. Patch by Daniel Pinto. + + o Minor bugfixes (logging): + - When logging a rate-limited message about how many messages have been + suppressed in the last N seconds, give an accurate value for N, rounded + up to the nearest minute. Previously we would report the size of the + rate-limiting interval, regardless of when the messages started to + occur. Fixes bug 19431; bugfix on 0.2.2.16-alpha. + + o Minor bugfixes (protover): + - Consistently reject extra commas, instead of only rejecting leading commas. + Fixes bug 27194; bugfix on 0.2.9.4-alpha. + + o Minor bugfixes (relay configuration, crash): + - Avoid a fatal assert() when failing to create a listener connection for an + address that was in use. Fixes bug 40073; bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (rust, protocol versions): + - Declare support for the onion service introduction point denial of + service extensions, when building tor with Rust. + Fixes bug 34248; bugfix on 0.4.2.1-alpha. + - Make Rust protocol version support checks consistent with the + undocumented error behaviour of the corresponding C code. + Fixes bug 34251; bugfix on 0.3.3.5-rc. + + o Minor bugfixes (security): + - When completing a channel, relays now check more thoroughly to make + sure that it matches any pending circuits before attaching those + circuits. Previously, address correctness and Ed25519 identities were not + checked in this case, but only when extending circuits on an existing + channel. Fixes bug 40080; bugfix on 0.2.7.2-alpha. + + o Minor bugfixes (self-testing): + - When receiving an incoming circuit, only accept it as evidence that we + are reachable if the declared address of its channel is the same + address we think that we have. Otherwise, it could be evidence that + we're reachable on some other address. Fixes bug 20165; bugfix on + 0.1.0.1-rc. + + o Minor bugfixes (SOCKS, onion services): + - Make sure we send the SOCKS request address in relay begin cells when a + stream is attached with the purpose CIRCUIT_PURPOSE_CONTROLLER. Fixes bug + 33124; bugfix on 0.0.5. Patch by Neel Chauhan. + + o Minor bugfixes (spec conformance): + - Use the correct key type when generating signing->link + certificates. Fixes bug 40124; bugfix on 0.2.7.2-alpha. + + o Minor bugfixes (string handling): + - In summarize_protover_flags(), treat empty strings the same as NULL. + This prevents protocols_known from being set. Previously, we treated + empty strings as normal strings, which led to protocols_known being + set. Fixes bug 34232; bugfix on 0.3.3.2-alpha. Patch by Neel Chauhan. + + o Minor bugfixes (v2 onion services): + - For HSFETCH commands on v2 onion services addresses, check the length of + bytes decoded, not the base32 length. This takes the behavior introduced + in commit a517daa56f5848d25ba79617a1a7b82ed2b0a7c0 into consideration. + Fixes bug 34400; bugfix on 0.4.1.1-alpha. Patch by Neel Chauhan. + + o Code simplification and refactoring (autoconf): + - Remove autoconf checks for unused funcs and headers. Closes ticket + 31699; Patch by @bduszel + + o Code simplification and refactoring (maintainer scripts): + - Disable by default the pre-commit hook. Use the environment variable + TOR_EXTRA_PRE_COMMIT_CHECKS in order to run it. Furthermore, stop running + practracker in the pre-commit hook and make check-local. Closes ticket + 40019. + + o Code simplification and refactoring (relay address): + - Most of IPv4 representation was using "uint32_t". It has now been moved to + use the internal "tor_addr_t" interface instead. This is so we can + properly integrate IPv6 along IPv4 with common interfaces. Closes ticket + 40043. + + o Code simplification and refactoring: + - Add and use a set of functions to perform downcasts on constant + connection and channel pointers. Closes ticket 40046. + - Refactor our code that logs a descriptions of connections, channels, + and the peers on them, to use a single call path. This change + enables us to refactor the data types that they use, and eliminate + many confusing users of those types. Closes ticket 40041. + - Refactor some common node selection code into a single function. + Closes ticket 34200. + - Remove the now-redundant 'outbuf_flushlen' field from our connection + type. It was previously used for an older version of our rate-limiting + logic. Closes ticket 33097. + - Rename "fascist_firewall_*" identifiers to "reachable_addr_*" instead, + for consistency with other code. Closes ticket 18106. + - Rename functions about "advertised" ports which are not in fact + guaranteed to return the ports have been advertised. Closes + ticket 40055. + - Split implementation of several command line options from + options_init_from_torrc into smaller isolated functions. + Patch by Daniel Pinto. Closes ticket 40102. + - When an extend cell is missing an IPv4 or IPv6 address, fill in the address + from the extend info. This is similar to what was done in ticket 33633 for + ed25519 keys. Closes ticket 33816. Patch by Neel Chauhan. + + o Deprecated features: + - The "non-builtin" argument to the "--dump-config" command is now + deprecated. When it works, it behaves the same as "short", which + you should use instead. Closes ticket 33398. + + o Documentation (manpages): + - Move them from doc/ to doc/man/. Closes ticket 40044. + + o Documentation (manual page): + - Describe the status of the "Sandbox" option more accurately. It is no + longer "experimental", but it _is_ dependent on kernel and libc + versions. Closes ticket 23378. + + o Documentation (tracing): + - Document in depth the circuit subsystem trace events in the new + doc/tracing/EventsCircuit.md. Closes ticket 40036. + + o Documentation: + - Replace URLs from our old bugtracker so that they refer to the + new bugtracker and wiki. Closes ticket 40101. + + o Removed features (network parameters): + - The "optimistic data" feature is now always on; there is no longer an + option to disable it from the torrc file or from the consensus + directory. + Closes part of 40139. + - The "usecreatefast" network parameter is now removed; there is no + longer an option for authorities to turn it off. Closes part of 40139. + + o Removed features: + - We no longer ship or build a "tor.service" file for use with systemd. + No distribution included this script unmodified, and we don't have the + expertise ourselves to maintain this in a way that all the various + systemd-based distributions can use. Closes ticket 30797. + - We no longer ship support for the Android logging API. Modern + versions of Android can use the syslog API instead. + Closes ticket 32181. + + o Testing (CI): + - Build tracing configure option into our CI. Closes ticket 40038. + + o Testing (onion service v2): + - Fix a rendezvous cache unit test that was triggering an underflow on the + global rend cache allocation. Fixes bug 40125; bugfix on + 0.2.8.1-alpha. + - Fix another rendezvous cache unit test that was triggering an underflow on the + global rend cache allocation. Fixes bug 40126; bugfix on + 0.2.8.1-alpha. + + o Testing: + - Add unit tests for bandwidth statistics manipulation functions. + Closes ticket 33812. Patch by MrSquanchee. + + + Changes in version 0.4.4.5 - 2020-09-15 Tor 0.4.4.5 is the first stable release in the 0.4.4.x series. This series improves our guard selection algorithms, adds v3 onion balance

1 0

[tor/master] Run format_changelog
by nickm＠torproject.org 30 Oct '20

30 Oct '20

commit 4c165aca04f7dce3721ac02732f1d161a86575c6 Author: Nick Mathewson <nickm(a)torproject.org> Date: Fri Oct 30 10:59:14 2020 -0400 Run format_changelog --- ChangeLog | 544 +++++++++++++++++++++++++++++++------------------------------- 1 file changed, 272 insertions(+), 272 deletions(-) diff --git a/ChangeLog b/ChangeLog index b75aeb299b..9d268948c6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,168 +1,161 @@ Changes in version 0.4.5.1-alpha - 2020-10-30 - Tor 0.4.5.1-alpha is the first alpha release in the 0.4.5.x series. - It improves support for IPv6, address discovery and self-testing, code + Tor 0.4.5.1-alpha is the first alpha release in the 0.4.5.x series. It + improves support for IPv6, address discovery and self-testing, code metrics and tracing. Here are the changes since 0.4.4.5. - o Major features (IPv6, relay): - - The torrc option Address now supports IPv6. By doing so, we've also - unified the interface to find our address to support IPv4, IPv6 and - hostname. Closes ticket 33233. - - o Major features (relay, IPv6): - - Relays now automatically bind on IPv6 for their ORPort unless specified - otherwise with the IPv4Only flag. Closes ticket 33246. - - o Major features (tracing): - - Add a tracing library with USDT and LTTng-UST support. Few tracepoints - were added in the circuit subsystem. More will come incrementally. This - feature is compiled out by default. It needs to be enabled at configure - time. See documentation in doc/HACKING/Tracing.md. Closes ticket 32910. + - The "optimistic data" feature is now always on; there is no longer + an option to disable it from the torrc file or from the consensus + directory. Closes part of 40139. - The "usecreatefast" network + parameter is now removed; there is no longer an option for authorities + to turn it off. Closes part of 40139. o Major features (IPv6, relay): - - Launch IPv4 and IPv6 ORPort self-test circuits on relays and bridges. - Closes ticket 33222. + - The torrc option Address now supports IPv6. By doing so, we've + also unified the interface to find our address to support IPv4, + IPv6 and hostname. Closes ticket 33233. + - Launch IPv4 and IPv6 ORPort self-test circuits on relays and + bridges. Closes ticket 33222. o Major features (metrics): - - Introduce a new MetricsPort which exposes, through an HTTP GET /metrics, a - series of metrics that tor collects at runtime. At the moment, the only - supported output format is Prometheus data model. Closes ticket 40063; + - Introduce a new MetricsPort which exposes, through an HTTP GET + /metrics, a series of metrics that tor collects at runtime. At the + moment, the only supported output format is Prometheus data model. + Closes ticket 40063; o Major features (relay self-testing, IPv6): - - Relays now track their IPv6 ORPort separately from the reachability of - their IPv4 ORPort. They will not publish a descriptor unless _both_ - ports appear to be externally reachable. Closes ticket 34067. + - Relays now track their IPv6 ORPort separately from the reachability + of their IPv4 ORPort. They will not publish a descriptor unless + _both_ ports appear to be externally reachable. Closes + ticket 34067. o Major features (relay, IPv6): + - Relays now automatically bind on IPv6 for their ORPort unless + specified otherwise with the IPv4Only flag. Closes ticket 33246. - When a relay with IPv6 support opens a connection to another relay, and the extend cell lists both IPv4 and IPv6 addresses, the - first relay now picks randomly which address to use. Closes + first relay now picks randomly which address to use. Closes ticket 33220. + o Major features (tracing): + - Add a tracing library with USDT and LTTng-UST support. Few + tracepoints were added in the circuit subsystem. More will come + incrementally. This feature is compiled out by default. It needs + to be enabled at configure time. See documentation in + doc/HACKING/Tracing.md. Closes ticket 32910. + o Major bugfix (TLS, buffer): - - When attempting to read N bytes on a TLS connection, really try to read - those N bytes. Before that, Tor would stop reading after the first TLS - record which can be smaller than N bytes even though more data was waiting - on the TLS connection socket. The remaining data would have been read at - the next mainloop event. Fixes bug 40006; bugfix on 0.1.0.5-rc. + - When attempting to read N bytes on a TLS connection, really try to + read those N bytes. Before that, Tor would stop reading after the + first TLS record which can be smaller than N bytes even though + more data was waiting on the TLS connection socket. The remaining + data would have been read at the next mainloop event. Fixes bug + 40006; bugfix on 0.1.0.5-rc. o Minor features (address discovery): - - If no Address statements are found, relays now prioritize guessing their - address by looking at the local interface instead of the local hostname. - If the interface address can't be found, the local hostname is used. - Closes ticket 33238. - - o Minor features (configuration): - - Allow the using wildcards (* and ?) with the %include option on - configuration files. Closes ticket 25140. Patch by Daniel Pinto. - - Allows configuration options EntryNodes, ExcludeNodes, - ExcludeExitNodes, ExitNodes, MiddleNodes, HSLayer2Nodes and - HSLayer3Nodes to be specified multiple times. Closes ticket - 28361. Patch by Daniel Pinto. - - o Minor features (control port): - - Add a DROPTIMEOUTS control port command to drop circuit build timeout - history and reset the timeout. Closes ticket 40002. - - o Minor features (directory authorities): - - Create new consensus method that removes the unecessary = padding - from ntor-onion-key. Closes ticket 7869. Patch by Daniel Pinto. - - o Minor features (relay): - - If a relay is unable to discover its address, attempt to learn it from the - NETINFO cell. Closes ticket 40022. - - o Minor features (relay, address discovery): - - If Address is not found in torrc, attempt to learn our address with the - configured ORPort address if any. Closes ticket 33236. + - If no Address statements are found, relays now prioritize guessing + their address by looking at the local interface instead of the + local hostname. If the interface address can't be found, the local + hostname is used. Closes ticket 33238. o Minor features (admin tools): - Add new --format argument to -key-expiration option to allow - specifying the time format of expiration date. Adds Unix - timestamp format support. Patch by Daniel Pinto. Closes - ticket 30045. + specifying the time format of expiration date. Adds Unix timestamp + format support. Patch by Daniel Pinto. Closes ticket 30045. o Minor features (authorities): - Authorities now list a different set of protocols as required and - recommended. These lists are chosen so that only truly recommended - and/or required protocols are included, and so that clients using 0.2.9 - or later will continue to work (even though they are not supported), - whereas only relays running 0.3.5 or later will meet the requirements. - Closes ticket 40162. + recommended. These lists are chosen so that only truly recommended + and/or required protocols are included, and so that clients using + 0.2.9 or later will continue to work (even though they are not + supported), whereas only relays running 0.3.5 or later will meet + the requirements. Closes ticket 40162. o Minor features (bootstrap reporting): - When reporting bootstrapping status on a relay, do not consider connections that have never been the target of an origin circuit. Previously, all connection failures were treated as potential - bootstrapping failures, including those that had been opened because of - client requests. Closes ticket 25061. + bootstrapping failures, including those that had been opened + because of client requests. Closes ticket 25061. o Minor features (build): - - If the configure script has given any warnings, remind the user about - them at the end of the script. Related to 40138. - - When running the configure script, try to detect version mismatches - between the openssl headers and libraries, and suggest that the - user should try "--with-openssl-dir". Closes 40138. + - If the configure script has given any warnings, remind the user + about them at the end of the script. Related to 40138. + - When running the configure script, try to detect version + mismatches between the openssl headers and libraries, and suggest + that the user should try "--with-openssl-dir". Closes 40138. o Minor features (compilation): - When building Tor, first link all object files into a single static library. This may help with embedding Tor in other - programs. Note that most Tor functions do not constitute a - part of a stable or supported API: Only those functions in - tor_api.h should be used if embedding Tor. Closes ticket - 40127. + programs. Note that most Tor functions do not constitute a part of + a stable or supported API: Only those functions in tor_api.h + should be used if embedding Tor. Closes ticket 40127. + + o Minor features (configuration): + - Allow the using wildcards (* and ?) with the %include option on + configuration files. Closes ticket 25140. Patch by Daniel Pinto. + - Allows configuration options EntryNodes, ExcludeNodes, + ExcludeExitNodes, ExitNodes, MiddleNodes, HSLayer2Nodes and + HSLayer3Nodes to be specified multiple times. Closes ticket 28361. + Patch by Daniel Pinto. o Minor features (control port): + - Add a DROPTIMEOUTS control port command to drop circuit build + timeout history and reset the timeout. Closes ticket 40002. - When a stream enters the AP_CONN_STATE_CONTROLLER_WAIT status, send a control port event CONTROLLER_WAIT. Closes ticket 32190. Patch by Neel Chauhan. o Minor features (control port, relay): - - Introduce "GETINFO address/v4" and "GETINFO address/v6" in the control - port to fetch the Tor host's respective IPv4 or IPv6 address. We keep - "GETINFO address" for backwords-compatibility which retains the current - behavior. Closes ticket 40039. Patch by Neel Chauhan. + - Introduce "GETINFO address/v4" and "GETINFO address/v6" in the + control port to fetch the Tor host's respective IPv4 or IPv6 + address. We keep "GETINFO address" for backwords-compatibility + which retains the current behavior. Closes ticket 40039. Patch by + Neel Chauhan. o Minor features (control port, rephist): - Introduce GETINFO "stats/ntor/{assigned/requested}" and - "stats/tap/{assigned/requested}" to get the NTorand TAP - circuit onion handshake rephist values respectively. - Closes ticket 28279. Patch by Neel Chauhan. + "stats/tap/{assigned/requested}" to get the NTorand TAP circuit + onion handshake rephist values respectively. Closes ticket 28279. + Patch by Neel Chauhan. o Minor features (controller, IPv6): - - Tor relays now try to report to the controller when they are launching - an IPv6 self-test. Closes ticket 34068. + - Tor relays now try to report to the controller when they are + launching an IPv6 self-test. Closes ticket 34068. o Minor features (directory authorities): + - Create new consensus method that removes the unecessary = padding + from ntor-onion-key. Closes ticket 7869. Patch by Daniel Pinto. - Directory authorities now reject descriptors from relays running Tor versions from the 0.4.1 series, but still allow the 0.3.5 series. Resolves ticket 34357. Patch by Neel Chauhan. o Minor features (directory authorities, IPv6): - Make authorities add their IPv6 ORPort (if any) to the trusted dir - servers list. Authorities currently add themselves to the trusted dir - servers list, but they only add their IPv4 address and ports to the list. - Closes ticket 32822. + servers list. Authorities currently add themselves to the trusted + dir servers list, but they only add their IPv4 address and ports + to the list. Closes ticket 32822. o Minor features (directory authority): - Make it possible to specify multiple ConsensusParams torrc lines. Now directory authority operators can for example put the main - ConsensusParams config in one torrc file and then add to it from - a different torrc file. Closes ticket 40164. + ConsensusParams config in one torrc file and then add to it from a + different torrc file. Closes ticket 40164. - The AssumeReachable option no longer stops directory authorities from checking whether other relays are running. A new - AuthDirTestReachability option can be used to disable these checks. - Closes ticket 34445. - - When looking for possible sybil attacks, also consider IPv6 addresses. - Two routers are considered to have "the same" address by this metric - if they are in the same /64 network. Patch from Maurice Pibouin. Closes - ticket 7193. + AuthDirTestReachability option can be used to disable these + checks. Closes ticket 34445. + - When looking for possible sybil attacks, also consider IPv6 + addresses. Two routers are considered to have "the same" address + by this metric if they are in the same /64 network. Patch from + Maurice Pibouin. Closes ticket 7193. o Minor features (ed25519, relay): - Save a relay's base64-encoded ed25519 identity key to the data - directory in a file named fingerprint-ed25519. Closes ticket 30642. - Patch by Neel Chauhan. + directory in a file named fingerprint-ed25519. Closes ticket + 30642. Patch by Neel Chauhan. o Minor features (heartbeat): - Include the total number of inbound and outbound IPv4 and IPv6 @@ -170,30 +163,31 @@ Changes in version 0.4.5.1-alpha - 2020-10-30 o Minor features (IPv6, ExcludeNodes): - Make routerset_contains_router() capable of handling IPv6 - addresses. This makes ExcludeNodes capable of excluding an - IPv6 adddress. Previously, ExcludeNodes ignored IPv6 - addresses. Closes ticket 34065. Patch by Neel Chauhan. + addresses. This makes ExcludeNodes capable of excluding an IPv6 + adddress. Previously, ExcludeNodes ignored IPv6 addresses. Closes + ticket 34065. Patch by Neel Chauhan. o Minor features (IPv6, relay): - Allow relays to send IPv6-only extend cells. Closes ticket 33222. - - Declare support for the Relay=3 subprotocol version. Closes ticket 33226. + - Declare support for the Relay=3 subprotocol version. Closes + ticket 33226. - When launching IPv6 ORPort self-test circuits, make sure that the second-last hop can initiate an IPv6 extend. Closes ticket 33222. o Minor features (logging): - - Adds the running glibc version to the log. Also adds the - running and compiled glibc version to the library list - returned when using the flag --library-versions. Patch - from Daniel Pinto. Closes ticket 40047; bugfix on - 0.4.5.0-alpha-dev. - - Consider 301 as an error like a 404 when processing the response to a - request for a group of server descriptors or an extrainfo documents. - Closes ticket 40053. - - Print directory fetch information a single line. Closes ticket 40159. + - Adds the running glibc version to the log. Also adds the running + and compiled glibc version to the library list returned when using + the flag --library-versions. Patch from Daniel Pinto. Closes + ticket 40047; bugfix on 0.4.5.0-alpha-dev. + - Consider 301 as an error like a 404 when processing the response + to a request for a group of server descriptors or an extrainfo + documents. Closes ticket 40053. + - Print directory fetch information a single line. Closes + ticket 40159. - Provide more complete descriptions of our connections when logging about them. Closes ticket 40041. - - When describing a relay in th elogs, we now include its ed25519 identity. - Closes ticket 22668. + - When describing a relay in th elogs, we now include its ed25519 + identity. Closes ticket 22668. o Minor features (onion services): - When writing an onion service hostname file, first read it to make @@ -203,263 +197,269 @@ Changes in version 0.4.5.1-alpha - 2020-10-30 Neel Chauhan. o Minor features (pluggable transports): - - Added option OutboundBindAddressPT to torrc. This option allows users to - specify which IPv4 and IPv6 address they want pluggable transports to use - for outgoing IP packets. Tor does not have a way to enforce that the pluggable - transport honors this option so each pluggable transport will have to - implement support for this feature. Closes ticket 5304. + - Added option OutboundBindAddressPT to torrc. This option allows + users to specify which IPv4 and IPv6 address they want pluggable + transports to use for outgoing IP packets. Tor does not have a way + to enforce that the pluggable transport honors this option so each + pluggable transport will have to implement support for this + feature. Closes ticket 5304. o Minor features (protocol simplification): - - Tor no longer allows subprotocol versions larger than 63. Previously - versions up to UINT32_MAX were allowed, which significantly complicated - our code. - Implements proposal 318; closes ticket 40133. + - Tor no longer allows subprotocol versions larger than 63. + Previously versions up to UINT32_MAX were allowed, which + significantly complicated our code. Implements proposal 318; + closes ticket 40133. o Minor features (relay address tracking): - We store relay addresses for OR connections in a more logical way. Previously we would sometimes overwrite the actual address of a connection with a "canonical address", and then store the "real - address" elsewhere to remember it. We now track the "canonical address" - elsewhere for the cases where we need it, and leave the connection's - address alone. Closes ticket 33898. + address" elsewhere to remember it. We now track the "canonical + address" elsewhere for the cases where we need it, and leave the + connection's address alone. Closes ticket 33898. o Minor features (relay): - - Log immediately when launching a relay self-check. Previously - we would try to log before launching checks, or approximately - when we intended to launch checks, but this tended to be - error-prone. Closes ticket 34137. + - If a relay is unable to discover its address, attempt to learn it + from the NETINFO cell. Closes ticket 40022. + - Log immediately when launching a relay self-check. Previously we + would try to log before launching checks, or approximately when we + intended to launch checks, but this tended to be error-prone. + Closes ticket 34137. + + o Minor features (relay, address discovery): + - If Address is not found in torrc, attempt to learn our address + with the configured ORPort address if any. Closes ticket 33236. o Minor features (relay, IPv6): - Add an AssumeReachableIPv6 option to disable self-checking IPv6 reachability. Closes part of ticket 33224. - Add new "assume-reachable" and "assume-reachable-ipv6" parameters to be used in an emergency to tell relays that they should publish - even if they cannot complete their ORPort self-checks. - Closes ticket 34064 and part of 33224. + even if they cannot complete their ORPort self-checks. Closes + ticket 34064 and part of 33224. o Minor features (specification update): - - Several fields in microdescriptors, router descriptors, and consensus - documents that were formerly optional are now required. Implements - proposal 315; closes ticket 40132. + - Several fields in microdescriptors, router descriptors, and + consensus documents that were formerly optional are now required. + Implements proposal 315; closes ticket 40132. o Minor features (state): - - When loading the state file, remove entries from the statefile that - have been obsolete for a long time. Ordinarily Tor preserves + - When loading the state file, remove entries from the statefile + that have been obsolete for a long time. Ordinarily Tor preserves unrecognized entries in order to keep forward-compatibility, but these statefile entries have not actually been used in any release since before the 0.3.5.x. Closes ticket 40137. o Minor features (statistics, ipv6): - - Relays now publish IPv6-specific counts of single-direction - versus bidirectional relay connections. - Closes ticket 33264. + - Relays now publish IPv6-specific counts of single-direction versus + bidirectional relay connections. Closes ticket 33264. - Relays now publish their IPv6 read and write statistics over time, - if statistics are enabled. - Closes ticket 33263. + if statistics are enabled. Closes ticket 33263. o Minor features (subprotocol versions): - Use the new limitations on subprotocol versions due to proposal - 318 to simplify our implementation. Part of ticket 40133. + 318 to simplify our implementation. Part of ticket 40133. o Minor features (testing configuration): - - The TestingTorNetwork no longer implicitly sets AssumeReachable to 1. - This change will allow us to test relays' self-testing mechanisms, - and eventually to test authorities' relay-testing functionality. - Closes ticket 34446. + - The TestingTorNetwork no longer implicitly sets AssumeReachable to + 1. This change will allow us to test relays' self-testing + mechanisms, and eventually to test authorities' relay-testing + functionality. Closes ticket 34446. o Minor features (testing): - Added unit tests for channel_matches_target_addr_for_extend(). Closes Ticket 33919. Patch by MrSquanchee. - o Minor bugfixes (logging): - - Remove a debug logging statement that uselessly spam the logs. Fixes bug - 40135; bugfix on 0.3.5.0-alpha. + o Minor bugfixes (security): + - When completing a channel, relays now check more thoroughly to + make sure that it matches any pending circuits before attaching + those circuits. Previously, address correctness and Ed25519 + identities were not checked in this case, but only when extending + circuits on an existing channel. Fixes bug 40080; bugfix + on 0.2.7.2-alpha. o Minor bugfixes (circuit padding): - When circpad_send_padding_cell_for_callback is called, - `is_padding_timer_scheduled` flag was not reset. Now it is set to 0 at - the top of that function. Fixes bug 32671; bugfix on 0.4.0.1-alpha. + `is_padding_timer_scheduled` flag was not reset. Now it is set to + 0 at the top of that function. Fixes bug 32671; bugfix + on 0.4.0.1-alpha. - Add a per-circuit padding machine instance counter, so we can - differentiate between shutdown requests for old machines on a circuit; - Fixes bug 30992; bugfix on 0.4.1.1-alpha. - - Add the abilility to keep circuit padding machines if they match a set - of circuit state or purposes. This allows us to have machines that start - up under some conditions but don't shut down under others. We now - use this mask to avoid starting up introduction circuit padding - again after the machines have already completed. Fixes bug 32040; - bugfix on 0.4.1.1-alpha. + differentiate between shutdown requests for old machines on a + circuit; Fixes bug 30992; bugfix on 0.4.1.1-alpha. + - Add the abilility to keep circuit padding machines if they match a + set of circuit state or purposes. This allows us to have machines + that start up under some conditions but don't shut down under + others. We now use this mask to avoid starting up introduction + circuit padding again after the machines have already completed. + Fixes bug 32040; bugfix on 0.4.1.1-alpha. o Minor bugfixes (compatibility): - Strip '\r' characters when reading text files on Unix platforms. - This should resolve an issue where a relay operator migrates a relay from - Windows to Unix, but does not change the line ending of Tor's various state - files to match the platform, the CRLF line endings from Windows ends up leaking - into other files such as the extra-info document. Fixes bug 33781; bugfix on - 0.0.9pre5. + This should resolve an issue where a relay operator migrates a + relay from Windows to Unix, but does not change the line ending of + Tor's various state files to match the platform, the CRLF line + endings from Windows ends up leaking into other files such as the + extra-info document. Fixes bug 33781; bugfix on 0.0.9pre5. o Minor bugfixes (compilation): - Fix compiler warnings that would occur when building with - "--enable-all-bugs-are-fatal" and "--disable-module-relay" - at the same time. Fixes bug 40129; bugfix on 0.4.4.1-alpha. - - Resolve a compilation warning that could occur in test_connection.c. - Fixes bug 40113; bugfix on 0.2.9.3-alpha. + "--enable-all-bugs-are-fatal" and "--disable-module-relay" at the + same time. Fixes bug 40129; bugfix on 0.4.4.1-alpha. + - Resolve a compilation warning that could occur in + test_connection.c. Fixes bug 40113; bugfix on 0.2.9.3-alpha. o Minor bugfixes (configuration): - - Fix bug where %including a pattern ending with */ would include files - and folders (instead of folders only) in versions of glibc < 2.19. - Fixes bug 40141; bugfix on 0.4.5.0-alpha-dev. Patch by Daniel Pinto. + - Fix bug where %including a pattern ending with */ would include + files and folders (instead of folders only) in versions of glibc < + 2.19. Fixes bug 40141; bugfix on 0.4.5.0-alpha-dev. Patch by + Daniel Pinto. o Minor bugfixes (logging): - - When logging a rate-limited message about how many messages have been - suppressed in the last N seconds, give an accurate value for N, rounded - up to the nearest minute. Previously we would report the size of the - rate-limiting interval, regardless of when the messages started to - occur. Fixes bug 19431; bugfix on 0.2.2.16-alpha. + - Remove a debug logging statement that uselessly spam the logs. + Fixes bug 40135; bugfix on 0.3.5.0-alpha. + - When logging a rate-limited message about how many messages have + been suppressed in the last N seconds, give an accurate value for + N, rounded up to the nearest minute. Previously we would report + the size of the rate-limiting interval, regardless of when the + messages started to occur. Fixes bug 19431; bugfix + on 0.2.2.16-alpha. o Minor bugfixes (protover): - - Consistently reject extra commas, instead of only rejecting leading commas. - Fixes bug 27194; bugfix on 0.2.9.4-alpha. + - Consistently reject extra commas, instead of only rejecting + leading commas. Fixes bug 27194; bugfix on 0.2.9.4-alpha. o Minor bugfixes (relay configuration, crash): - - Avoid a fatal assert() when failing to create a listener connection for an - address that was in use. Fixes bug 40073; bugfix on 0.3.5.1-alpha. + - Avoid a fatal assert() when failing to create a listener + connection for an address that was in use. Fixes bug 40073; bugfix + on 0.3.5.1-alpha. o Minor bugfixes (rust, protocol versions): - Declare support for the onion service introduction point denial of - service extensions, when building tor with Rust. - Fixes bug 34248; bugfix on 0.4.2.1-alpha. + service extensions, when building tor with Rust. Fixes bug 34248; + bugfix on 0.4.2.1-alpha. - Make Rust protocol version support checks consistent with the - undocumented error behaviour of the corresponding C code. - Fixes bug 34251; bugfix on 0.3.3.5-rc. - - o Minor bugfixes (security): - - When completing a channel, relays now check more thoroughly to make - sure that it matches any pending circuits before attaching those - circuits. Previously, address correctness and Ed25519 identities were not - checked in this case, but only when extending circuits on an existing - channel. Fixes bug 40080; bugfix on 0.2.7.2-alpha. + undocumented error behaviour of the corresponding C code. Fixes + bug 34251; bugfix on 0.3.3.5-rc. o Minor bugfixes (self-testing): - - When receiving an incoming circuit, only accept it as evidence that we - are reachable if the declared address of its channel is the same - address we think that we have. Otherwise, it could be evidence that - we're reachable on some other address. Fixes bug 20165; bugfix on - 0.1.0.1-rc. + - When receiving an incoming circuit, only accept it as evidence + that we are reachable if the declared address of its channel is + the same address we think that we have. Otherwise, it could be + evidence that we're reachable on some other address. Fixes bug + 20165; bugfix on 0.1.0.1-rc. o Minor bugfixes (SOCKS, onion services): - - Make sure we send the SOCKS request address in relay begin cells when a - stream is attached with the purpose CIRCUIT_PURPOSE_CONTROLLER. Fixes bug - 33124; bugfix on 0.0.5. Patch by Neel Chauhan. + - Make sure we send the SOCKS request address in relay begin cells + when a stream is attached with the purpose + CIRCUIT_PURPOSE_CONTROLLER. Fixes bug 33124; bugfix on 0.0.5. + Patch by Neel Chauhan. o Minor bugfixes (spec conformance): - Use the correct key type when generating signing->link - certificates. Fixes bug 40124; bugfix on 0.2.7.2-alpha. + certificates. Fixes bug 40124; bugfix on 0.2.7.2-alpha. o Minor bugfixes (string handling): - - In summarize_protover_flags(), treat empty strings the same as NULL. - This prevents protocols_known from being set. Previously, we treated - empty strings as normal strings, which led to protocols_known being - set. Fixes bug 34232; bugfix on 0.3.3.2-alpha. Patch by Neel Chauhan. + - In summarize_protover_flags(), treat empty strings the same as + NULL. This prevents protocols_known from being set. Previously, we + treated empty strings as normal strings, which led to + protocols_known being set. Fixes bug 34232; bugfix on + 0.3.3.2-alpha. Patch by Neel Chauhan. o Minor bugfixes (v2 onion services): - - For HSFETCH commands on v2 onion services addresses, check the length of - bytes decoded, not the base32 length. This takes the behavior introduced - in commit a517daa56f5848d25ba79617a1a7b82ed2b0a7c0 into consideration. - Fixes bug 34400; bugfix on 0.4.1.1-alpha. Patch by Neel Chauhan. - - o Code simplification and refactoring (autoconf): - - Remove autoconf checks for unused funcs and headers. Closes ticket - 31699; Patch by @bduszel - - o Code simplification and refactoring (maintainer scripts): - - Disable by default the pre-commit hook. Use the environment variable - TOR_EXTRA_PRE_COMMIT_CHECKS in order to run it. Furthermore, stop running - practracker in the pre-commit hook and make check-local. Closes ticket - 40019. - - o Code simplification and refactoring (relay address): - - Most of IPv4 representation was using "uint32_t". It has now been moved to - use the internal "tor_addr_t" interface instead. This is so we can - properly integrate IPv6 along IPv4 with common interfaces. Closes ticket - 40043. + - For HSFETCH commands on v2 onion services addresses, check the + length of bytes decoded, not the base32 length. This takes the + behavior introduced in commit + a517daa56f5848d25ba79617a1a7b82ed2b0a7c0 into consideration. Fixes + bug 34400; bugfix on 0.4.1.1-alpha. Patch by Neel Chauhan. o Code simplification and refactoring: - Add and use a set of functions to perform downcasts on constant connection and channel pointers. Closes ticket 40046. - - Refactor our code that logs a descriptions of connections, channels, - and the peers on them, to use a single call path. This change - enables us to refactor the data types that they use, and eliminate - many confusing users of those types. Closes ticket 40041. + - Refactor our code that logs a descriptions of connections, + channels, and the peers on them, to use a single call path. This + change enables us to refactor the data types that they use, and + eliminate many confusing users of those types. Closes ticket 40041. - Refactor some common node selection code into a single function. Closes ticket 34200. - - Remove the now-redundant 'outbuf_flushlen' field from our connection - type. It was previously used for an older version of our rate-limiting - logic. Closes ticket 33097. - - Rename "fascist_firewall_*" identifiers to "reachable_addr_*" instead, - for consistency with other code. Closes ticket 18106. + - Remove the now-redundant 'outbuf_flushlen' field from our + connection type. It was previously used for an older version of + our rate-limiting logic. Closes ticket 33097. + - Rename "fascist_firewall_*" identifiers to "reachable_addr_*" + instead, for consistency with other code. Closes ticket 18106. - Rename functions about "advertised" ports which are not in fact guaranteed to return the ports have been advertised. Closes ticket 40055. - Split implementation of several command line options from - options_init_from_torrc into smaller isolated functions. - Patch by Daniel Pinto. Closes ticket 40102. - - When an extend cell is missing an IPv4 or IPv6 address, fill in the address - from the extend info. This is similar to what was done in ticket 33633 for - ed25519 keys. Closes ticket 33816. Patch by Neel Chauhan. + options_init_from_torrc into smaller isolated functions. Patch by + Daniel Pinto. Closes ticket 40102. + - When an extend cell is missing an IPv4 or IPv6 address, fill in + the address from the extend info. This is similar to what was done + in ticket 33633 for ed25519 keys. Closes ticket 33816. Patch by + Neel Chauhan. o Deprecated features: - The "non-builtin" argument to the "--dump-config" command is now - deprecated. When it works, it behaves the same as "short", which + deprecated. When it works, it behaves the same as "short", which you should use instead. Closes ticket 33398. + o Documentation: + - Replace URLs from our old bugtracker so that they refer to the new + bugtracker and wiki. Closes ticket 40101. + + o Removed features: + - We no longer ship or build a "tor.service" file for use with + systemd. No distribution included this script unmodified, and we + don't have the expertise ourselves to maintain this in a way that + all the various systemd-based distributions can use. Closes + ticket 30797. + - We no longer ship support for the Android logging API. Modern + versions of Android can use the syslog API instead. Closes + ticket 32181. + + o Testing: + - Add unit tests for bandwidth statistics manipulation functions. + Closes ticket 33812. Patch by MrSquanchee. + + o Code simplification and refactoring (autoconf): + - Remove autoconf checks for unused funcs and headers. Closes ticket + 31699; Patch by @bduszel + + o Code simplification and refactoring (maintainer scripts): + - Disable by default the pre-commit hook. Use the environment + variable TOR_EXTRA_PRE_COMMIT_CHECKS in order to run it. + Furthermore, stop running practracker in the pre-commit hook and + make check-local. Closes ticket 40019. + + o Code simplification and refactoring (relay address): + - Most of IPv4 representation was using "uint32_t". It has now been + moved to use the internal "tor_addr_t" interface instead. This is + so we can properly integrate IPv6 along IPv4 with common + interfaces. Closes ticket 40043. + o Documentation (manpages): - Move them from doc/ to doc/man/. Closes ticket 40044. o Documentation (manual page): - - Describe the status of the "Sandbox" option more accurately. It is no - longer "experimental", but it _is_ dependent on kernel and libc + - Describe the status of the "Sandbox" option more accurately. It is + no longer "experimental", but it _is_ dependent on kernel and libc versions. Closes ticket 23378. o Documentation (tracing): - Document in depth the circuit subsystem trace events in the new doc/tracing/EventsCircuit.md. Closes ticket 40036. - o Documentation: - - Replace URLs from our old bugtracker so that they refer to the - new bugtracker and wiki. Closes ticket 40101. - o Removed features (network parameters): - - The "optimistic data" feature is now always on; there is no longer an - option to disable it from the torrc file or from the consensus - directory. - Closes part of 40139. - - The "usecreatefast" network parameter is now removed; there is no - longer an option for authorities to turn it off. Closes part of 40139. - - o Removed features: - - We no longer ship or build a "tor.service" file for use with systemd. - No distribution included this script unmodified, and we don't have the - expertise ourselves to maintain this in a way that all the various - systemd-based distributions can use. Closes ticket 30797. - - We no longer ship support for the Android logging API. Modern - versions of Android can use the syslog API instead. - Closes ticket 32181. o Testing (CI): - Build tracing configure option into our CI. Closes ticket 40038. o Testing (onion service v2): - - Fix a rendezvous cache unit test that was triggering an underflow on the - global rend cache allocation. Fixes bug 40125; bugfix on - 0.2.8.1-alpha. - - Fix another rendezvous cache unit test that was triggering an underflow on the - global rend cache allocation. Fixes bug 40126; bugfix on - 0.2.8.1-alpha. - - o Testing: - - Add unit tests for bandwidth statistics manipulation functions. - Closes ticket 33812. Patch by MrSquanchee. - + - Fix a rendezvous cache unit test that was triggering an underflow + on the global rend cache allocation. Fixes bug 40125; bugfix + on 0.2.8.1-alpha. + - Fix another rendezvous cache unit test that was triggering an + underflow on the global rend cache allocation. Fixes bug 40126; + bugfix on 0.2.8.1-alpha. Changes in version 0.4.4.5 - 2020-09-15

1 0

[Git][tpo/applications/fenix][tor-browser-82.1.1-10.0-1] 3 commits: fixup! Bug 40028: Integrate Tor Controller into HomeFragment
by Matthew Finkel 30 Oct '20

30 Oct '20

Matthew Finkel pushed to branch tor-browser-82.1.1-10.0-1 at The Tor Project / Applications / fenix Commits: 5c08ba43 by Matthew Finkel at 2020-10-27T23:12:50+00:00 fixup! Bug 40028: Integrate Tor Controller into HomeFragment Bug 40100: Resolve startup crashes in debug build - - - - - 636f214a by Matthew Finkel at 2020-10-29T19:53:19+00:00 fixup! Bug 40028: Define bootstrapping events and Quick Start Bug 40100: Resolve startup crashes in debug build - - - - - b3df7adb by Matthew Finkel at 2020-10-30T14:57:49+00:00 Merge branch 'bug_40100_00' into tor-browser-82.1.1-10.0-1 - - - - - 2 changed files: - app/src/main/java/org/mozilla/fenix/FenixApplication.kt - app/src/main/java/org/mozilla/fenix/tor/bootstrap/TorQuickStart.kt Changes: ===================================== app/src/main/java/org/mozilla/fenix/FenixApplication.kt ===================================== @@ -160,8 +160,10 @@ open class FenixApplication : LocaleAwareApplication(), Provider { runBlocking { megazordSetup.await(); } } - // Give TAS the base Context - Prefs.setContext(applicationContext) + GlobalScope.launch(Dispatchers.IO) { + // Give TAS the base Context + Prefs.setContext(applicationContext) + } } setupLeakCanary() ===================================== app/src/main/java/org/mozilla/fenix/tor/bootstrap/TorQuickStart.kt ===================================== @@ -6,20 +6,24 @@ package org.mozilla.fenix.tor.bootstrap import android.content.Context import android.content.SharedPreferences +import android.os.StrictMode import androidx.annotation.VisibleForTesting import mozilla.components.support.ktx.android.content.PreferencesHolder import mozilla.components.support.ktx.android.content.booleanPreference +import org.mozilla.fenix.ext.resetPoliciesAfter class TorQuickStart(context: Context) : PreferencesHolder { - override val preferences: SharedPreferences = context.getSharedPreferences( - PREF_NAME_TOR_BOOTSTRAP_KEY, - Context.MODE_PRIVATE - ) + override val preferences: SharedPreferences = StrictMode.allowThreadDiskReads().resetPoliciesAfter { + context.getSharedPreferences( + PREF_NAME_TOR_BOOTSTRAP_KEY, + Context.MODE_PRIVATE + ) + } private var torQuickStart by booleanPreference(TOR_QUICK_START, default = false) - fun quickStartTor() = torQuickStart + fun quickStartTor() = StrictMode.allowThreadDiskReads().resetPoliciesAfter { torQuickStart } fun enableQuickStartTor() { torQuickStart = true View it on GitLab: https://gitlab.torproject.org/tpo/applications/fenix/-/compare/35e959772b2e… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/fenix/-/compare/35e959772b2e… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/fenix][tor-browser-82.1.1-10.0-1] 2 commits: Bug 40098 - Add EOY home screen
by Matthew Finkel 30 Oct '20

30 Oct '20

Matthew Finkel pushed to branch tor-browser-82.1.1-10.0-1 at The Tor Project / Applications / fenix Commits: 879a452f by Matthew Finkel at 2020-10-30T03:15:39+00:00 Bug 40098 - Add EOY home screen - - - - - 35e95977 by Matthew Finkel at 2020-10-30T14:52:50+00:00 Merge commit '879a452f8af6a61cef73a8b4fd362ae8f70dafd0' into tor-browser-82.1.1-10.0-1 - - - - - 10 changed files: - LICENSE - app/src/main/java/org/mozilla/fenix/home/HomeFragment.kt - app/src/main/java/org/mozilla/fenix/theme/ThemeManager.kt - + app/src/main/res/drawable/ic_illo.png - + app/src/main/res/drawable/ic_tape.png - + app/src/main/res/font/terminal_grotesque.otf - + app/src/main/res/font/white_on_black.ttf - app/src/main/res/layout/fragment_home.xml - app/src/main/res/values/styles.xml - app/src/main/res/values/torbrowser_strings.xml Changes: ===================================== LICENSE ===================================== @@ -371,3 +371,120 @@ Exhibit B - "Incompatible With Secondary Licenses" Notice This Source Code Form is "Incompatible With Secondary Licenses", as defined by the Mozilla Public License, v. 2.0. + +=============================================================================== + +"White On Black" font embedded in chrome/skin/aboutTorFonts.css is licensed under: + +Non Exclusive License Agreement + +Object: Imagex font called « White on Black » +Owner: Daniel Hochard + +1. Allowed uses +The user may use this font on any surface such as logo, paper, web sites, +textile, Online medias, except TV, cinéma and advertising campaign. +2. Number of users : 5 +All users must belong to the same company or household purchasing the font. +3. Modifications +The user can modify this font itself without written consent of the owner. +4. This font belongs to Daniel Hochard. The user may not sell it as a font (in a +font bank or a commercial fonts web site, for example). +The fee for this font was paid on paypal the 29 september 2020 + +=============================================================================== + +"Terminal Grotesque Open" font embedded in chrome/skin/aboutTorFonts.css is licensed +under the SIL Open Font License, Version 1.1. +This license is copied below, and is also available with a FAQ at: +http://scripts.sil.org/OFL + +=============================================================================== + +SIL OPEN FONT LICENSE + +Version 1.1 - 26 February 2007 + +PREAMBLE + +The goals of the Open Font License (OFL) are to stimulate worldwide +development of collaborative font projects, to support the font creation +efforts of academic and linguistic communities, and to provide a free and +open framework in which fonts may be shared and improved in partnership +with others. + +The OFL allows the licensed fonts to be used, studied, modified and +redistributed freely as long as they are not sold by themselves. The +fonts, including any derivative works, can be bundled, embedded, +redistributed and/or sold with any software provided that any reserved +names are not used by derivative works. The fonts and derivatives, +however, cannot be released under any other type of license. The +requirement for fonts to remain under this license does not apply +to any document created using the fonts or their derivatives. +DEFINITIONS + +"Font Software" refers to the set of files released by the Copyright +Holder(s) under this license and clearly marked as such. This may +include source files, build scripts and documentation. + +"Reserved Font Name" refers to any names specified as such after the +copyright statement(s). + +"Original Version" refers to the collection of Font Software components as +distributed by the Copyright Holder(s). + +"Modified Version" refers to any derivative made by adding to, deleting, +or substituting — in part or in whole — any of the components of the +Original Version, by changing formats or by porting the Font Software to a +new environment. + +"Author" refers to any designer, engineer, programmer, technical +writer or other person who contributed to the Font Software. +PERMISSION & CONDITIONS + +Permission is hereby granted, free of charge, to any person obtaining +a copy of the Font Software, to use, study, copy, merge, embed, modify, +redistribute, and sell modified and unmodified copies of the Font +Software, subject to the following conditions: + +1) Neither the Font Software nor any of its individual components, +in Original or Modified Versions, may be sold by itself. + +2) Original or Modified Versions of the Font Software may be bundled, +redistributed and/or sold with any software, provided that each copy +contains the above copyright notice and this license. These can be +included either as stand-alone text files, human-readable headers or +in the appropriate machine-readable metadata fields within text or +binary files as long as those fields can be easily viewed by the user. + +3) No Modified Version of the Font Software may use the Reserved Font +Name(s) unless explicit written permission is granted by the corresponding +Copyright Holder. This restriction only applies to the primary font name as +presented to the users. + +4) The name(s) of the Copyright Holder(s) or the Author(s) of the Font +Software shall not be used to promote, endorse or advertise any +Modified Version, except to acknowledge the contribution(s) of the +Copyright Holder(s) and the Author(s) or with their explicit written +permission. + +5) The Font Software, modified or unmodified, in part or in whole, +must be distributed entirely under this license, and must not be +distributed under any other license. The requirement for fonts to +remain under this license does not apply to any document created +using the Font Software. +TERMINATION + +This license becomes null and void if any of the above conditions are +not met. +DISCLAIMER + +THE FONT SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT +OF COPYRIGHT, PATENT, TRADEMARK, OR OTHER RIGHT. IN NO EVENT SHALL THE +COPYRIGHT HOLDER BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, +INCLUDING ANY GENERAL, SPECIAL, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL +DAMAGES, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING +FROM, OUT OF THE USE OR INABILITY TO USE THE FONT SOFTWARE OR FROM +OTHER DEALINGS IN THE FONT SOFTWARE. ===================================== app/src/main/java/org/mozilla/fenix/home/HomeFragment.kt ===================================== @@ -74,6 +74,7 @@ import mozilla.components.feature.top.sites.TopSitesFeature import mozilla.components.lib.state.ext.consumeFrom import mozilla.components.support.base.feature.ViewBoundFeatureWrapper import mozilla.components.support.ktx.android.content.res.resolveAttribute +import mozilla.components.support.locale.LocaleManager import org.mozilla.fenix.BrowserDirection import org.mozilla.fenix.BuildConfig import org.mozilla.fenix.FeatureFlags @@ -105,6 +106,7 @@ import org.mozilla.fenix.home.sessioncontrol.viewholders.CollectionViewHolder import org.mozilla.fenix.home.sessioncontrol.viewholders.topsites.DefaultTopSitesView import org.mozilla.fenix.onboarding.FenixOnboarding import org.mozilla.fenix.settings.SupportUtils +import org.mozilla.fenix.settings.advanced.getSelectedLocale import org.mozilla.fenix.settings.deletebrowsingdata.deleteAndQuit import org.mozilla.fenix.tor.bootstrap.TorQuickStart import org.mozilla.fenix.theme.ThemeManager @@ -270,6 +272,20 @@ class HomeFragment : Fragment() { adjustHomeFragmentView(currentMode.getCurrentMode(), view) showSessionControlView(view) + view.donate_now_button.setOnClickListener { + val country = LocaleManager.getSelectedLocale(requireContext()).country + var locale = LocaleManager.getSelectedLocale(requireContext()).language + if (country != "") { + locale = "${locale}-${country}" + } + val localeUrl = "https://www.torproject.org/donate/donate-usetor-mobile-${locale}" + activity.openToBrowserAndLoad( + searchTermOrURL = localeUrl, + newTab = true, + from = BrowserDirection.FromHome + ) + } + return view } @@ -401,6 +417,14 @@ class HomeFragment : Fragment() { toolbarLayoutHeight - SESSION_CONTROL_VIEW_PADDING ) } + view.donate_now_button?.apply { + (layoutParams as ViewGroup.MarginLayoutParams).setMargins( + 0, + 0, + 0, + toolbarLayoutHeight - SESSION_CONTROL_VIEW_PADDING + ) + } } } else { view.sessionControlRecyclerView?.apply { @@ -411,6 +435,38 @@ class HomeFragment : Fragment() { height - SESSION_CONTROL_VIEW_PADDING ) } + view.donate_now_button?.apply { + (layoutParams as ViewGroup.MarginLayoutParams).setMargins( + 0, + 0, + 0, + height - SESSION_CONTROL_VIEW_PADDING + ) + } + } + } + + // Hide the EOY image during Onboarding, too. + view?.illo_image?.apply { + visibility = if (onboarding.userHasBeenOnboarded()) { + View.VISIBLE + } else { + View.GONE + } + } + // Hide the EOY donate button during Onboarding, too. + view?.donate_now_button?.apply { + visibility = if (onboarding.userHasBeenOnboarded()) { + View.VISIBLE + } else { + View.GONE + } + } + view?.resistsurveillance?.apply { + visibility = if (onboarding.userHasBeenOnboarded()) { + View.VISIBLE + } else { + View.GONE } } // Hide the onion pattern during Onboarding, too. ===================================== app/src/main/java/org/mozilla/fenix/theme/ThemeManager.kt ===================================== @@ -32,7 +32,7 @@ abstract class ThemeManager { @get:StyleRes val currentThemeResource get() = when (currentTheme) { BrowsingMode.Normal -> R.style.NormalTheme - BrowsingMode.Private -> R.style.PrivateTheme + BrowsingMode.Private -> R.style.PrivateEOYTheme } /** ===================================== app/src/main/res/drawable/ic_illo.png ===================================== Binary files /dev/null and b/app/src/main/res/drawable/ic_illo.png differ ===================================== app/src/main/res/drawable/ic_tape.png ===================================== Binary files /dev/null and b/app/src/main/res/drawable/ic_tape.png differ ===================================== app/src/main/res/font/terminal_grotesque.otf ===================================== Binary files /dev/null and b/app/src/main/res/font/terminal_grotesque.otf differ ===================================== app/src/main/res/font/white_on_black.ttf ===================================== Binary files /dev/null and b/app/src/main/res/font/white_on_black.ttf differ ===================================== app/src/main/res/layout/fragment_home.xml ===================================== @@ -53,6 +53,7 @@ android:clickable="false" android:contentDescription="@string/app_name" android:focusable="false" + android:visibility="gone" android:importantForAccessibility="no" app:srcCompat="@mipmap/ic_launcher" app:layout_collapseMode="parallax" @@ -69,6 +70,7 @@ android:height="60dp" android:clickable="false" android:focusable="false" + android:visibility="gone" android:importantForAccessibility="no" android:lines="2" android:text="@string/app_name" @@ -83,19 +85,79 @@ android:id="@+id/exploreprivately" android:layout_width="wrap_content" android:layout_height="wrap_content" - android:layout_gravity="center|center_vertical" - android:gravity="center_horizontal" + android:layout_gravity="center_vertical" + android:layout_marginStart="30dp" + android:layout_marginEnd="30dp" android:clickable="false" android:ellipsize="end" android:focusable="false" android:importantForAccessibility="no" - android:text="@string/tor_explore_privately" - android:fontFamily="Roboto-Medium" - android:textColor="#DEFFFFFF" + android:text="@string/tor_useamask_usetor" + android:fontFamily="@font/white_on_black" + android:textColor="#FFFFFFFF" android:textSize="40sp" + android:paddingTop="20dp" android:lineSpacingMultiplier="1.1" app:layout_scrollFlags="scroll" /> + <LinearLayout + android:layout_width="match_parent" + android:layout_height="wrap_content"> + + <LinearLayout + android:layout_width="match_parent" + android:layout_height="wrap_content" + android:layout_weight="1" + android:orientation="vertical"> + + <TextView + android:id="@+id/resistsurveillance" + android:layout_width="wrap_content" + android:layout_height="wrap_content" + android:layout_marginStart="40dp" + android:layout_gravity="center_vertical" + android:clickable="false" + android:focusable="false" + android:gravity="start" + android:fontFamily="@font/terminal_grotesque" + android:importantForAccessibility="no" + android:lineSpacingMultiplier="1.1" + android:text="@string/tor_resistsurveillance" + android:textColor="#FFFFFFFF" + android:textSize="25sp" + android:visibility="visible" + app:layout_scrollFlags="scroll" /> + + <Button + android:id="@+id/donate_now_button" + android:layout_width="wrap_content" + android:layout_height="wrap_content" + android:layout_marginStart="30dp" + android:background="@drawable/ic_tape" + android:gravity="center|start" + android:fontFamily="@font/terminal_grotesque" + android:paddingStart="15dp" + android:paddingEnd="20dp" + android:text="@string/tor_onboarding_donate_button" + android:textColor="#FF000000" + android:textSize="25sp" + android:textAllCaps="false" + android:textStyle="bold" + android:visibility="visible" + tools:ignore="ButtonStyleXmlDetector" /> + </LinearLayout> + + <ImageView + android:id="@+id/illo_image" + android:layout_width="match_parent" + android:layout_height="wrap_content" + android:layout_weight="1" + app:srcCompat="@drawable/ic_illo" + tools:ignore="ContentDescription" + app:layout_scrollFlags="scroll" /> + + </LinearLayout> + </com.google.android.material.appbar.AppBarLayout> <androidx.recyclerview.widget.RecyclerView ===================================== app/src/main/res/values/styles.xml ===================================== @@ -269,6 +269,10 @@ <style name="PrivateTheme" parent="PrivateThemeBase" /> + <style name="PrivateEOYTheme" parent="PrivateThemeBase" > + <item name="homeBackground">@android:color/black</item> + </style> +  <style name="WindowAnimationTransition"> <item name="android:windowEnterAnimation">@anim/fade_in</item> ===================================== app/src/main/res/values/torbrowser_strings.xml ===================================== @@ -72,4 +72,7 @@  <string name="tor_spoof_english">Request English versions of web pages for enhanced privacy</string> + + <string name="tor_useamask_usetor">Use a mask. Use Tor.</string> + <string name="tor_resistsurveillance">Resist the surveillance pandemic.</string> </resources> View it on GitLab: https://gitlab.torproject.org/tpo/applications/fenix/-/compare/b30df1e9dab9… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/fenix/-/compare/b30df1e9dab9… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[tor/master] Merge branch 'bug40080_035'
by nickm＠torproject.org 30 Oct '20

30 Oct '20

commit 148b5b03a365eae7d8e527d337f9df91d6350f9b Merge: 54e6109499 afb6ff1739 Author: Nick Mathewson <nickm(a)torproject.org> Date: Fri Oct 30 10:51:20 2020 -0400 Merge branch 'bug40080_035' changes/bug40080 | 6 ++++++ src/core/or/channel.c | 2 +- src/core/or/channel.h | 3 +++ src/core/or/circuitbuild.c | 24 ++++++++++++++++++++---- 4 files changed, 30 insertions(+), 5 deletions(-) diff --cc src/core/or/channel.h index 206d0fdc97,4c0c9aeb4c..a1517aee37 --- a/src/core/or/channel.h +++ b/src/core/or/channel.h @@@ -735,6 -741,11 +735,9 @@@ int channel_is_outgoing(channel_t *chan void channel_mark_client(channel_t *chan); void channel_clear_client(channel_t *chan); int channel_matches_extend_info(channel_t *chan, extend_info_t *extend_info); + int channel_remote_identity_matches(const channel_t *chan, + const char *rsa_id_digest, + const ed25519_public_key_t *ed_id); -int channel_matches_target_addr_for_extend(channel_t *chan, - const tor_addr_t *target); unsigned int channel_num_circuits(channel_t *chan); MOCK_DECL(void,channel_set_circid_type,(channel_t *chan, crypto_pk_t *identity_rcvd,

1 0

[tor/master] Validate ed25519 keys and canonicity from circuit_n_conn_done()
by nickm＠torproject.org 30 Oct '20

30 Oct '20

commit afb6ff17390cb13780c6e813ad0535048dbd9d3c Author: Nick Mathewson <nickm(a)torproject.org> Date: Thu Aug 6 11:47:01 2020 -0400 Validate ed25519 keys and canonicity from circuit_n_conn_done() Fixes bug 40080. Bugfix on 0.2.7.2-alpha. --- changes/bug40080 | 6 ++++++ src/core/or/channel.c | 2 +- src/core/or/channel.h | 3 +++ src/core/or/circuitbuild.c | 24 ++++++++++++++++++++---- 4 files changed, 30 insertions(+), 5 deletions(-) diff --git a/changes/bug40080 b/changes/bug40080 new file mode 100644 index 0000000000..8162466354 --- /dev/null +++ b/changes/bug40080 @@ -0,0 +1,6 @@ + o Minor bugfixes (security): + - When completing a channel, relays now check more thoroughly to make + sure that it matches any pending circuits before attaching those + circuits. Previously, address correctness and Ed25519 identities were not + checked in this case, but only when extending circuits on an existing + channel. Fixes bug 40080; bugfix on 0.2.7.2-alpha. diff --git a/src/core/or/channel.c b/src/core/or/channel.c index 3886906875..3bef6218ef 100644 --- a/src/core/or/channel.c +++ b/src/core/or/channel.c @@ -663,7 +663,7 @@ channel_find_by_global_id(uint64_t global_identifier) /** Return true iff <b>chan</b> matches <b>rsa_id_digest</b> and <b>ed_id</b>. * as its identity keys. If either is NULL, do not check for a match. */ -static int +int channel_remote_identity_matches(const channel_t *chan, const char *rsa_id_digest, const ed25519_public_key_t *ed_id) diff --git a/src/core/or/channel.h b/src/core/or/channel.h index 97aa000337..4c0c9aeb4c 100644 --- a/src/core/or/channel.h +++ b/src/core/or/channel.h @@ -741,6 +741,9 @@ int channel_is_outgoing(channel_t *chan); void channel_mark_client(channel_t *chan); void channel_clear_client(channel_t *chan); int channel_matches_extend_info(channel_t *chan, extend_info_t *extend_info); +int channel_remote_identity_matches(const channel_t *chan, + const char *rsa_id_digest, + const ed25519_public_key_t *ed_id); int channel_matches_target_addr_for_extend(channel_t *chan, const tor_addr_t *target); unsigned int channel_num_circuits(channel_t *chan); diff --git a/src/core/or/circuitbuild.c b/src/core/or/circuitbuild.c index f3a5791d6c..67b47b38f1 100644 --- a/src/core/or/circuitbuild.c +++ b/src/core/or/circuitbuild.c @@ -623,21 +623,37 @@ circuit_n_chan_done(channel_t *chan, int status, int close_origin_circuits) circ->state != CIRCUIT_STATE_CHAN_WAIT) continue; - if (tor_digest_is_zero(circ->n_hop->identity_digest)) { + const char *rsa_ident = NULL; + const ed25519_public_key_t *ed_ident = NULL; + if (! tor_digest_is_zero(circ->n_hop->identity_digest)) { + rsa_ident = circ->n_hop->identity_digest; + } + if (! ed25519_public_key_is_zero(&circ->n_hop->ed_identity)) { + ed_ident = &circ->n_hop->ed_identity; + } + + if (rsa_ident == NULL && ed_ident == NULL) { /* Look at addr/port. This is an unkeyed connection. */ if (!channel_matches_extend_info(chan, circ->n_hop)) continue; } else { - /* We expected a key. See if it's the right one. */ - if (tor_memneq(chan->identity_digest, - circ->n_hop->identity_digest, DIGEST_LEN)) + /* We expected a key or keys. See if they matched. */ + if (!channel_remote_identity_matches(chan, rsa_ident, ed_ident)) continue; + + /* If the channel is canonical, great. If not, it needs to match + * the requested address exactly. */ + if (! chan->is_canonical && + ! channel_matches_extend_info(chan, circ->n_hop)) { + continue; + } } if (!status) { /* chan failed; close circ */ log_info(LD_CIRC,"Channel failed; closing circ."); circuit_mark_for_close(circ, END_CIRC_REASON_CHANNEL_CLOSED); continue; } + if (close_origin_circuits && CIRCUIT_IS_ORIGIN(circ)) { log_info(LD_CIRC,"Channel deprecated for origin circs; closing circ."); circuit_mark_for_close(circ, END_CIRC_REASON_CHANNEL_CLOSED);

1 0

[translation/support-portal] https://gitweb.torproject.org/translation.git/commit/?h=support-portal
by translation＠torproject.org 30 Oct '20

30 Oct '20

commit c6496b24a887b32fcead977d9910e155a8650c72 Author: Translation commit bot <translation(a)torproject.org> Date: Fri Oct 30 13:18:16 2020 +0000 https://gitweb.torproject.org/translation.git/commit/?h=support-portal --- contents+ko.po | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/contents+ko.po b/contents+ko.po index e98d5fc2da..ac48ec3bf4 100644 --- a/contents+ko.po +++ b/contents+ko.po @@ -8,6 +8,7 @@ # Emma Peel, 2020 # edfcf61188be1fdc09edea36af6d8e18_dc16ee2, 2020 # 김진서 <7020kjs(a)naver.com>, 2020 +# 장민준 <mizizang(a)gmail.com>, 2020 # msgid "" msgstr "" @@ -15,7 +16,7 @@ msgstr "" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2020-04-15 19:40+CET\n" "PO-Revision-Date: 2018-10-02 22:41+0000\n" -"Last-Translator: 김진서 <7020kjs(a)naver.com>, 2020\n" +"Last-Translator: 장민준 <mizizang(a)gmail.com>, 2020\n" "Language-Team: Korean (https://www.transifex.com/otf/teams/1519/ko/)\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" @@ -9897,7 +9898,7 @@ msgstr "배너 닫기" #: lego/templates/banner.html:11 templates/banner.html:11 msgid "Tracking, surveillance, and censorship are widespread online." -msgstr "" +msgstr "추적, 감시, 검열은 온라인상에서 널리 퍼져 있습니다." #: lego/templates/banner.html:20 templates/banner.html:20 msgid "TAKE BACK THE INTERNET WITH TOR"

1 0

[translation/tpo-web] https://gitweb.torproject.org/translation.git/commit/?h=tpo-web
by translation＠torproject.org 30 Oct '20

30 Oct '20

commit 7026b5bd178cd3ca6cf640d912e58174715f0c74 Author: Translation commit bot <translation(a)torproject.org> Date: Fri Oct 30 13:18:06 2020 +0000 https://gitweb.torproject.org/translation.git/commit/?h=tpo-web --- contents+ko.po | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/contents+ko.po b/contents+ko.po index 75e1b7cd5b..6841420bfe 100644 --- a/contents+ko.po +++ b/contents+ko.po @@ -10,6 +10,7 @@ # edfcf61188be1fdc09edea36af6d8e18_dc16ee2, 2020 # AlexKoala, 2020 # 김진서 <7020kjs(a)naver.com>, 2020 +# 장민준 <mizizang(a)gmail.com>, 2020 # msgid "" msgstr "" @@ -17,7 +18,7 @@ msgstr "" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2020-02-24 13:39+CET\n" "PO-Revision-Date: 2019-03-09 10:41+0000\n" -"Last-Translator: 김진서 <7020kjs(a)naver.com>, 2020\n" +"Last-Translator: 장민준 <mizizang(a)gmail.com>, 2020\n" "Language-Team: Korean (https://www.transifex.com/otf/teams/1519/ko/)\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" @@ -223,6 +224,9 @@ msgid "" "add more. Want to help us translate? [See " "here](https://community.torproject.org/localization/)" msgstr "" +"우리는 모든 사람들이 자신의 언어로 Tor 브라우저를 즐길 수 있기를 바랍니다. Tor Browser는 현재 32개 언어로 제공되며, " +"추가 작업을 진행하고 있습니다. 번역을 도와주고 싶으시다고요? [여기를 " +"보세요](https://community.torproject.org/localization/)" #: https//www.torproject.org/download/tor/ #: (content/download/tor/contents+en.lrpage.title) @@ -631,7 +635,7 @@ msgstr "배너 닫기" #: lego/templates/banner.html:11 templates/banner.html:11 msgid "Tracking, surveillance, and censorship are widespread online." -msgstr "" +msgstr "추적, 감시, 검열은 온라인상에서 널리 퍼져 있습니다." #: lego/templates/banner.html:20 templates/banner.html:20 msgid "TAKE BACK THE INTERNET WITH TOR"

1 0

[translation/torbutton-torbuttonproperties] https://gitweb.torproject.org/translation.git/commit/?h=torbutton-torbuttonproperties
by translation＠torproject.org 30 Oct '20

30 Oct '20

commit a408b22065bfbe44fac520a4f696c53340b1d62e Author: Translation commit bot <translation(a)torproject.org> Date: Fri Oct 30 13:17:37 2020 +0000 https://gitweb.torproject.org/translation.git/commit/?h=torbutton-torbutton… --- ko/torbutton.properties | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/ko/torbutton.properties b/ko/torbutton.properties index 51ceec0a0a..5e2fe82710 100644 --- a/ko/torbutton.properties +++ b/ko/torbutton.properties @@ -8,8 +8,8 @@ torbutton.circuit_display.unknown_country = 미확인 국가 torbutton.circuit_display.guard = Guard torbutton.circuit_display.guard_note = 당신의 [Guard] 노드 변경할 수도 있고 변경할 수도 없습니다. torbutton.circuit_display.learn_more = 더 알아보기 -torbutton.circuit_display.click_to_copy = Click to Copy -torbutton.circuit_display.copied = Copied! +torbutton.circuit_display.click_to_copy = 클릭하여 복사하기 +torbutton.circuit_display.copied = 복사됨! torbutton.content_sizer.margin_tooltip = Tor 브라우저는 이 여백을 추가하여 창의 너비와 높이를 일반화 시켜 온라인에서 사용자를 추적하는 기능을 약화 시킵니다. torbutton.panel.tooltip.disabled = Tor를 활성화하려면 클릭 torbutton.panel.tooltip.enabled = Tor를 비활성화하려면 클릭 @@ -60,32 +60,32 @@ updateDownloadingPanelUILabel=업데이트 %S 다운로드 중 # .Onion Page Info prompt. Strings are kept here for ease of translation. pageInfo_OnionEncryptionWithBitsAndProtocol=연결은 암호화했습니다 (Onion 서비스, %1$S, %2$S 비트 키들, %3$S) pageInfo_OnionEncryption=연결은 암호화했습니다 (Onion 서비스) -pageInfo_OnionName=Onion Name: +pageInfo_OnionName=Onion 이름: # Onion services strings. Strings are kept here for ease of translation. onionServices.learnMore=더 알아보기 onionServices.errorPage.browser=브라우저 onionServices.errorPage.network=네트워크 -onionServices.errorPage.onionSite=Onionsite +onionServices.errorPage.onionSite=Onion 사이트 # LOCALIZATION NOTE: In the longDescription strings, %S will be replaced with # an error code, e.g., 0xF3. # Tor SOCKS error 0xF0: -onionServices.descNotFound.pageTitle=Problem Loading Onionsite -onionServices.descNotFound.header=Onionsite Not Found +onionServices.descNotFound.pageTitle=Onion 사이트 로딩 문제 +onionServices.descNotFound.header=Onion 사이트를 찾을 수 없음 onionServices.descNotFound=The most likely cause is that the onionsite is offline. Contact the onionsite administrator. onionServices.descNotFound.longDescription=Details: %S — The requested onion service descriptor can't be found on the hashring and therefore the service is not reachable by the client. # Tor SOCKS error 0xF1: -onionServices.descInvalid.pageTitle=Problem Loading Onionsite +onionServices.descInvalid.pageTitle=Onion 사이트 로딩 문제 onionServices.descInvalid.header=Onionsite Cannot Be Reached onionServices.descInvalid=The onionsite is unreachable due an internal error. onionServices.descInvalid.longDescription=Details: %S — The requested onion service descriptor can't be parsed or signature validation failed. # Tor SOCKS error 0xF2: -onionServices.introFailed.pageTitle=Problem Loading Onionsite +onionServices.introFailed.pageTitle=Onion 사이트 로딩 문제 onionServices.introFailed.header=Onionsite Has Disconnected onionServices.introFailed=The most likely cause is that the onionsite is offline. Contact the onionsite administrator. onionServices.introFailed.longDescription=Details: %S — Introduction failed, which means that the descriptor was found but the service is no longer connected to the introduction point. It is likely that the service has changed its descriptor or that it is not running. # Tor SOCKS error 0xF3: -onionServices.rendezvousFailed.pageTitle=Problem Loading Onionsite +onionServices.rendezvousFailed.pageTitle=Onion 사이트 로딩 문제 onionServices.rendezvousFailed.header=Unable to Connect to Onionsite onionServices.rendezvousFailed=The onionsite is busy or the Tor network is overloaded. Try again later. onionServices.rendezvousFailed.longDescription=Details: %S — The client failed to rendezvous with the service, which means that the client was unable to finalize the connection. @@ -100,12 +100,12 @@ onionServices.clientAuthIncorrect.header=Onionsite Authentication Failed onionServices.clientAuthIncorrect=The provided key is incorrect or has been revoked. Contact the onionsite administrator. onionServices.clientAuthIncorrect.longDescription=Details: %S — The client was able to download the requested onion service descriptor but was unable to decrypt its content using the provided client authorization information. This may mean that access has been revoked. # Tor SOCKS error 0xF6: -onionServices.badAddress.pageTitle=Problem Loading Onionsite +onionServices.badAddress.pageTitle=Onion 사이트 로딩 문제 onionServices.badAddress.header=Invalid Onionsite Address onionServices.badAddress=The provided onionsite address is invalid. Please check that you entered it correctly. onionServices.badAddress.longDescription=Details: %S — The provided .onion address is invalid. This error is returned due to one of the following reasons: the address checksum doesn't match, the ed25519 public key is invalid, or the encoding is invalid. # Tor SOCKS error 0xF7: -onionServices.introTimedOut.pageTitle=Problem Loading Onionsite +onionServices.introTimedOut.pageTitle=Onion 사이트 로딩 문제 onionServices.introTimedOut.header=Onionsite Circuit Creation Timed Out onionServices.introTimedOut=Failed to connect to the onionsite, possibly due to a poor network connection. onionServices.introTimedOut.longDescription=Details: %S — The connection to the requested onion service timed out while trying to build the rendezvous circuit. @@ -122,7 +122,7 @@ onionServices.authPreferences.overview=Some onion services require that you iden onionServices.authPreferences.savedKeys=Saved Keys… onionServices.authPreferences.dialogTitle=Onion Service Keys onionServices.authPreferences.dialogIntro=Keys for the following onionsites are stored on your computer -onionServices.authPreferences.onionSite=Onionsite +onionServices.authPreferences.onionSite=Onion 사이트 onionServices.authPreferences.onionKey=키 onionServices.authPreferences.remove=제거하기 onionServices.authPreferences.removeAll=Remove All

1 0

[translation/tbmanual-contentspot] https://gitweb.torproject.org/translation.git/commit/?h=tbmanual-contentspot
by translation＠torproject.org 30 Oct '20

30 Oct '20

commit 7d18c4728ad0818a58f52c60c79c358dfeb73da8 Author: Translation commit bot <translation(a)torproject.org> Date: Fri Oct 30 13:17:09 2020 +0000 https://gitweb.torproject.org/translation.git/commit/?h=tbmanual-contentspot --- contents+ko.po | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/contents+ko.po b/contents+ko.po index 2cae6b26c8..682cd3215b 100644 --- a/contents+ko.po +++ b/contents+ko.po @@ -7,6 +7,7 @@ # Philipp Sauter <qt123(a)pm.me>, 2020 # edfcf61188be1fdc09edea36af6d8e18_dc16ee2, 2020 # 김진서 <7020kjs(a)naver.com>, 2020 +# 장민준 <mizizang(a)gmail.com>, 2020 # msgid "" msgstr "" @@ -14,7 +15,7 @@ msgstr "" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2020-04-12 08:00+CET\n" "PO-Revision-Date: 2018-11-14 12:31+0000\n" -"Last-Translator: 김진서 <7020kjs(a)naver.com>, 2020\n" +"Last-Translator: 장민준 <mizizang(a)gmail.com>, 2020\n" "Language-Team: Korean (https://www.transifex.com/otf/teams/1519/ko/)\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" @@ -2850,7 +2851,7 @@ msgstr "배너 닫기" #: lego/templates/banner.html:11 templates/banner.html:11 msgid "Tracking, surveillance, and censorship are widespread online." -msgstr "" +msgstr "추적, 감시, 검열은 온라인상에서 널리 퍼져 있습니다." #: lego/templates/banner.html:20 templates/banner.html:20 msgid "TAKE BACK THE INTERNET WITH TOR"

1 0