commit 42336f32f0bd164f7e47de4a7bed4d09391b768b Author: Nick Mathewson nickm@torproject.org Date: Sun Oct 19 14:21:43 2014 -0400
Sort and collate the ReleaseNotes sections again. --- ReleaseNotes | 253 +++++++++++++++++++++++++++------------------------------- 1 file changed, 119 insertions(+), 134 deletions(-)
diff --git a/ReleaseNotes b/ReleaseNotes index 13c01b3..f26d40a 100644 --- a/ReleaseNotes +++ b/ReleaseNotes @@ -3,13 +3,26 @@ of Tor. If you want to see more detailed descriptions of the changes in each development snapshot, see the ChangeLog file.
Changes in version 0.2.5.9 - 2014-10-2x - o Deprecated versions: - Tor 0.2.2.x has reached end-of-life; it has received no patches or attention for some while. Directory authorities no longer accept descriptors from relays running any version of Tor prior to Tor 0.2.3.16-alpha. Resolves ticket 11149.
+ o Major features (client security): + - The ntor handshake is now on-by-default, no matter what the + directory authorities recommend. Implements ticket 8561. + + o Major features (other security): + - Disable support for SSLv3. All versions of OpenSSL in use with Tor + today support TLS 1.0 or later, so we can safely turn off support + for this old (and insecure) protocol. Fixes bug 13426. + - Warn about attempts to run hidden services and relays in the same + process: that's probably not a good idea. Closes ticket 12908. + - Make the "tor-gencert" tool used by directory authority operators + create 2048-bit signing keys by default (rather than 1024-bit, since + 1024-bit is uncomfortably small these days). Addresses ticket 10324. + o Major features (relay security, DoS-resistance): - When deciding whether we have run out of memory and we need to close circuits, also consider memory allocated in buffers for @@ -34,19 +47,13 @@ Changes in version 0.2.5.9 - 2014-10-2x the default was always 8 GB. You can still override the default by setting MaxMemInQueues yourself. Resolves ticket 11396.
- o Major features (client security): - - The ntor handshake is now on-by-default, no matter what the - directory authorities recommend. Implements ticket 8561. - - o Major features (other security): - - Disable support for SSLv3. All versions of OpenSSL in use with Tor - today support TLS 1.0 or later, so we can safely turn off support - for this old (and insecure) protocol. Fixes bug 13426. - - Warn about attempts to run hidden services and relays in the same - process: that's probably not a good idea. Closes ticket 12908. - - Make the "tor-gencert" tool used by directory authority operators - create 2048-bit signing keys by default (rather than 1024-bit, since - 1024-bit is uncomfortably small these days). Addresses ticket 10324. + o Major features (bridges and pluggable transports): + - Add support for passing arguments to managed pluggable transport + proxies. Implements ticket 3594. + - Bridges now track GeoIP information and the number of their users + even when pluggable transports are in use, and report usage + statistics in their extra-info descriptors. Resolves tickets 4773 + and 5040.
o Major features (bridges): - Don't launch pluggable transport proxies if we don't have any @@ -59,6 +66,14 @@ Changes in version 0.2.5.9 - 2014-10-2x to e.g. include at least one Stable bridge in its answers. Fixes bug 9859.
+ o Major features (controller): + - Extend ORCONN controller event to include an "ID" parameter, + and add four new controller event types CONN_BW, CIRC_BW, + CELL_STATS, and TB_EMPTY that show connection and circuit usage. + The new events are emitted in private Tor networks only, with the + goal of being able to better track performance and load during + full-network simulations. Implements proposal 218 and ticket 7359. + o Major features (relay performance): - Speed up server-side lookups of rendezvous and introduction point circuits by using hashtables instead of linear searches. These @@ -82,13 +97,12 @@ Changes in version 0.2.5.9 - 2014-10-2x platforms. This work has been done by Cristian-Matei Toader for Google Summer of Code. Resolves tickets 11351 and 11465.
- o Major features (controller): - - Extend ORCONN controller event to include an "ID" parameter, - and add four new controller event types CONN_BW, CIRC_BW, - CELL_STATS, and TB_EMPTY that show connection and circuit usage. - The new events are emitted in private Tor networks only, with the - goal of being able to better track performance and load during - full-network simulations. Implements proposal 218 and ticket 7359. + o Major features (testing networks): + - Make testing Tor networks bootstrap better: lower directory fetch + retry schedules and maximum interval without directory requests, + and raise maximum download tries. Implements ticket 6752. + - Add make target 'test-network' to run tests on a Chutney network. + Implements ticket 8530.
o Major features (other): - On some platforms (currently: recent OSX versions, glibc-based @@ -98,21 +112,6 @@ Changes in version 0.2.5.9 - 2014-10-2x are dumped to stderr (if possible) and to any logs that are reporting errors. Implements ticket 9299.
- o Major features (bridges and pluggable transports): - - Add support for passing arguments to managed pluggable transport - proxies. Implements ticket 3594. - - Bridges now track GeoIP information and the number of their users - even when pluggable transports are in use, and report usage - statistics in their extra-info descriptors. Resolves tickets 4773 - and 5040. - - o Major features (testing networks): - - Make testing Tor networks bootstrap better: lower directory fetch - retry schedules and maximum interval without directory requests, - and raise maximum download tries. Implements ticket 6752. - - Add make target 'test-network' to run tests on a Chutney network. - Implements ticket 8530. - o Major bugfixes (security, directory authorities): - Directory authorities now include a digest of each relay's identity key as a part of its microdescriptor. @@ -139,6 +138,12 @@ Changes in version 0.2.5.9 - 2014-10-2x became more strict about when we have "enough directory information to build circuits".
+ o Major bugfixes (client, pluggable transports): + - When managing pluggable transports, use OS notification facilities + to learn if they have crashed, and don't attempt to kill any + process that has already exited. Fixes bug 8746; bugfix + on 0.2.3.6-alpha. + o Major bugfixes (relay denial of service): - Instead of writing destroy cells directly to outgoing connection buffers, queue them and intersperse them with other outgoing cells. @@ -147,12 +152,6 @@ Changes in version 0.2.5.9 - 2014-10-2x delivered. Reported by "oftc_must_be_destroyed". Fixes bug 7912; bugfix on 0.2.0.1-alpha.
- o Major bugfixes (client, pluggable transports): - - When managing pluggable transports, use OS notification facilities - to learn if they have crashed, and don't attempt to kill any - process that has already exited. Fixes bug 8746; bugfix - on 0.2.3.6-alpha. - o Major bugfixes (relay): - Avoid queuing or sending destroy cells for circuit ID zero when we fail to send a CREATE cell. Fixes bug 12848; bugfix on 0.0.8pre1. @@ -236,6 +235,12 @@ Changes in version 0.2.5.9 - 2014-10-2x configure rather than at build time. Fixes issue 6506. Patch from Arlo Breault.
+ o Minor features (client): + - Add a new option, PredictedPortsRelevanceTime, to control how long + after having received a request to connect to a given port Tor + will try to keep circuits ready in anticipation of future requests + for that port. Patch from "unixninja92"; implements ticket 9176. + o Minor features (config options and command line): - Add an --allow-missing-torrc commandline option that tells Tor to run even if the configuration file specified by -f is not available. @@ -277,6 +282,9 @@ Changes in version 0.2.5.9 - 2014-10-2x guards. Not recommended for ordinary use, since replacing guards too frequently makes several attacks easier. Resolves ticket 9934; patch from "ra". + - Implement the TRANSPORT_LAUNCHED control port event that + notifies controllers about new launched pluggable + transports. Resolves ticket 5609.
o Minor features (diagnostic): - When logging a warning because of bug 7164, additionally check the @@ -300,11 +308,24 @@ Changes in version 0.2.5.9 - 2014-10-2x warnings. We now include more information, to figure out why we might be cleaning a microdescriptor for being too old if it's still referenced by a live node_t object. + - Log current accounting state (bytes sent and received + remaining + time for the current accounting period) in the relay's heartbeat + message. Implements ticket 5526; patch from Peter Retzlaff.
o Minor features (geoip): - Update geoip and geoip6 to the August 7 2014 Maxmind GeoLite2 Country database.
+ o Minor features (interface): + - Generate a warning if any ports are listed in the SocksPolicy, + DirPolicy, AuthDirReject, AuthDirInvalid, AuthDirBadDir, or + AuthDirBadExit options. (These options only support address + ranges.) Fixes part of ticket 11108. + + o Minor features (kernel API usage): + - Use the SOCK_NONBLOCK socket type, if supported, to open nonblocking + sockets in a single system call. Implements ticket 5129. + o Minor features (log messages): - When ServerTransportPlugin is set on a bridge, Tor can write more useful statistics about bridge use in its extrainfo descriptors, @@ -326,6 +347,13 @@ Changes in version 0.2.5.9 - 2014-10-2x - Warn less verbosely when receiving a malformed ESTABLISH_RENDEZVOUS cell. Fixes ticket 11279.
+ o Minor features (performance): + - If we're using the pure-C 32-bit curve25519_donna implementation + of curve25519, build it with the -fomit-frame-pointer option to + make it go faster on register-starved hosts. This improves our + handshake performance by about 6% on i386 hosts without nacl. + Closes ticket 8109. + o Minor features (relay): - If a circuit timed out for at least 3 minutes, check if we have a new external IP address, and publish a new descriptor with the new @@ -350,79 +378,6 @@ Changes in version 0.2.5.9 - 2014-10-2x pf.conf(5) manual page for information on configuring pf to use divert-to rules. Closes ticket 10896; patch from Dana Koch.
- o Minor features (client): - - Add a new option, PredictedPortsRelevanceTime, to control how long - after having received a request to connect to a given port Tor - will try to keep circuits ready in anticipation of future requests - for that port. Patch from "unixninja92"; implements ticket 9176. - - o Minor features (interface): - - Generate a warning if any ports are listed in the SocksPolicy, - DirPolicy, AuthDirReject, AuthDirInvalid, AuthDirBadDir, or - AuthDirBadExit options. (These options only support address - ranges.) Fixes part of ticket 11108. - - o Minor features (kernel API usage): - - Use the SOCK_NONBLOCK socket type, if supported, to open nonblocking - sockets in a single system call. Implements ticket 5129. - - o Minor features (diagnostic): - - Log current accounting state (bytes sent and received + remaining - time for the current accounting period) in the relay's heartbeat - message. Implements ticket 5526; patch from Peter Retzlaff. - - o Minor features (controller): - - Implement the TRANSPORT_LAUNCHED control port event that - notifies controllers about new launched pluggable - transports. Resolves ticket 5609. - - o Minor features (performance): - - If we're using the pure-C 32-bit curve25519_donna implementation - of curve25519, build it with the -fomit-frame-pointer option to - make it go faster on register-starved hosts. This improves our - handshake performance by about 6% on i386 hosts without nacl. - Closes ticket 8109. - - o Minor bugfixes (tools): - - Disable the sandbox name resolver cache when running tor-resolve: - tor-resolve doesn't use the sandbox code, and turning it on was - breaking attempts to do tor-resolve on a non-default server on - Linux. Fixes bug 13295; bugfix on 0.2.5.3-alpha. - - o Minor bugfixes (compilation): - - Compile correctly with builds and forks of OpenSSL (such as - LibreSSL) that disable compression. Fixes bug 12602; bugfix on - 0.2.1.1-alpha. Patch from "dhill". - - o Minor bugfixes (Directory server): - - No longer accept malformed http headers when parsing urls from - headers. Now we reply with Bad Request ("400"). Fixes bug 2767; - bugfix on 0.0.6pre1. - - o Minor bugfixes (misc code correctness): - - In munge_extrainfo_into_routerinfo(), check the return value of - memchr(). This would have been a serious issue if we ever passed - it a non-extrainfo. Fixes bug 8791; bugfix on 0.2.0.6-alpha. Patch - from Arlo Breault. - - On the chance that somebody manages to build Tor on a - platform where time_t is unsigned, correct the way that - microdesc_add_to_cache() handles negative time arguments. - Fixes bug 8042; bugfix on 0.2.3.1-alpha. - - o Minor bugfixes (interface): - - Reject relative control socket paths and emit a warning. Previously, - single-component control socket paths would be rejected, but Tor - would not log why it could not validate the config. Fixes bug 9258; - bugfix on 0.2.3.16-alpha. - - o Minor bugfixes (Directory server): - - When sending a compressed set of descriptors or microdescriptors, - make sure to finalize the zlib stream. Previously, we would write - all the compressed data, but if the last descriptor we wanted to - send was missing or too old, we would not mark the stream as - finished. This caused problems for decompression tools. Fixes bug - 11648; bugfix on 0.1.1.23. - o Minor bugfixes (bridge client): - Stop accepting bridge lines containing hostnames. Doing so would cause clients to perform DNS requests on the hostnames, which was @@ -439,10 +394,15 @@ Changes in version 0.2.5.9 - 2014-10-2x but ScrambleSuit will soon become the first one.) Fixes bug 9162; bugfix on 0.2.0.3-alpha. Based on a patch from "rl1987".
- o Minor bugfixes (compilation): - - Restore the ability to compile Tor with V2_HANDSHAKE_SERVER - turned off (that is, without support for v2 link handshakes). Fixes - bug 4677; bugfix on 0.2.3.2-alpha. Patch from "piet". + o Minor bugfixes (build, auxiliary programs): + - Stop preprocessing the "torify" script with autoconf, since + it no longer refers to LOCALSTATEDIR. Fixes bug 5505; patch + from Guilhem. + - The tor-fw-helper program now follows the standard convention and + exits with status code "0" on success. Fixes bug 9030; bugfix on + 0.2.3.1-alpha. Patch by Arlo Breault. + - Corrected ./configure advice for what openssl dev package you should + install on Debian. Fixes bug 9207; bugfix on 0.2.0.1-alpha.
o Minor bugfixes (client): - Avoid "Tried to open a socket with DisableNetwork set" warnings @@ -521,6 +481,12 @@ Changes in version 0.2.5.9 - 2014-10-2x 9573; bugfix on 0.0.9pre5.
o Minor bugfixes (compilation): + - Compile correctly with builds and forks of OpenSSL (such as + LibreSSL) that disable compression. Fixes bug 12602; bugfix on + 0.2.1.1-alpha. Patch from "dhill". + - Restore the ability to compile Tor with V2_HANDSHAKE_SERVER + turned off (that is, without support for v2 link handshakes). Fixes + bug 4677; bugfix on 0.2.3.2-alpha. Patch from "piet". - In routerlist_assert_ok(), don't take the address of a routerinfo's cache_info member unless that routerinfo is non-NULL. Fixes bug 13096; bugfix on 0.1.1.9-alpha. Patch by "teor". @@ -542,6 +508,9 @@ Changes in version 0.2.5.9 - 2014-10-2x bugfix on 0.2.3.13-alpha. Found by "cypherpunks". - Fix compilation with dmalloc. Fixes bug 11605; bugfix on 0.2.4.10-alpha. + - Build and run correctly on systems like OpenBSD-current that have + patched OpenSSL to remove get_cipher_by_char and/or its + implementations. Fixes issue 13325.
o Minor bugfixes (controller and command-line): - If changing a config option via "setconf" fails in a recoverable @@ -550,10 +519,27 @@ Changes in version 0.2.5.9 - 2014-10-2x write out that file if we successfully switch to the new config option. Fixes bug 5605; bugfix on 0.2.2.26-beta. Patch from "Ryman".
+ o Minor bugfixes (Directory server): + - No longer accept malformed http headers when parsing urls from + headers. Now we reply with Bad Request ("400"). Fixes bug 2767; + bugfix on 0.0.6pre1. + - When sending a compressed set of descriptors or microdescriptors, + make sure to finalize the zlib stream. Previously, we would write + all the compressed data, but if the last descriptor we wanted to + send was missing or too old, we would not mark the stream as + finished. This caused problems for decompression tools. Fixes bug + 11648; bugfix on 0.1.1.23. + o Minor bugfixes (hidden service): - Only retry attempts to connect to a chosen rendezvous point 8 times, not 30. Fixes bug 4241; bugfix on 0.1.0.1-rc.
+ o Minor bugfixes (interface): + - Reject relative control socket paths and emit a warning. Previously, + single-component control socket paths would be rejected, but Tor + would not log why it could not validate the config. Fixes bug 9258; + bugfix on 0.2.3.16-alpha. + o Minor bugfixes (log messages): - Fix a bug where clients using bridges would report themselves as 50% bootstrapped even without a live consensus document. @@ -591,6 +577,14 @@ Changes in version 0.2.5.9 - 2014-10-2x from 'warn' to 'protocol warning'. Closes ticket 8093.
o Minor bugfixes (misc code correctness): + - In munge_extrainfo_into_routerinfo(), check the return value of + memchr(). This would have been a serious issue if we ever passed + it a non-extrainfo. Fixes bug 8791; bugfix on 0.2.0.6-alpha. Patch + from Arlo Breault. + - On the chance that somebody manages to build Tor on a + platform where time_t is unsigned, correct the way that + microdesc_add_to_cache() handles negative time arguments. + Fixes bug 8042; bugfix on 0.2.3.1-alpha. - Fix various instances of undefined behavior in channeltls.c, tor_memmem(), and eventdns.c that would cause us to construct pointers to memory outside an allocated object. (These invalid @@ -698,6 +692,12 @@ Changes in version 0.2.5.9 - 2014-10-2x by forgetting to free things in the unit test code. Fixes bug 11618, bugfixes on many versions of Tor.
+ o Minor bugfixes (tools): + - Disable the sandbox name resolver cache when running tor-resolve: + tor-resolve doesn't use the sandbox code, and turning it on was + breaking attempts to do tor-resolve on a non-default server on + Linux. Fixes bug 13295; bugfix on 0.2.5.3-alpha. + o Minor bugfixes (tor-fw-helper): - Give a correct log message when tor-fw-helper fails to launch. (Previously, we would say something like "tor-fw-helper sent us a @@ -712,16 +712,6 @@ Changes in version 0.2.5.9 - 2014-10-2x own keys when generating a v3 networkstatus vote. These leaks should never have affected anyone in practice.
- o Minor bugfixes (build, auxiliary programs): - - Stop preprocessing the "torify" script with autoconf, since - it no longer refers to LOCALSTATEDIR. Fixes bug 5505; patch - from Guilhem. - - The tor-fw-helper program now follows the standard convention and - exits with status code "0" on success. Fixes bug 9030; bugfix on - 0.2.3.1-alpha. Patch by Arlo Breault. - - Corrected ./configure advice for what openssl dev package you should - install on Debian. Fixes bug 9207; bugfix on 0.2.0.1-alpha. - o Code simplification and refactoring: - Remove some old fallback code designed to keep Tor clients working in a network with only two working relays. Elsewhere in the code we @@ -760,11 +750,6 @@ Changes in version 0.2.5.9 - 2014-10-2x - Get rid of router->address, since in all cases it was just the string representation of router->addr. Resolves ticket 5528.
- o Minor bugfixes (compilation): - - Build and run correctly on systems like OpenBSD-current that have - patched OpenSSL to remove get_cipher_by_char and/or its - implementations. Fixes issue 13325. - o Documentation: - Adjust the URLs in the README to refer to the new locations of several documents on the website. Fixes bug 12830. Patch from