This is an automated email from the git hooks/post-receive script. dgoulet pushed a commit to branch release-0.4.7 in repository tor. commit 5021fb50ee60d713e54efc4cc60620df1218e463 Author: Tor CI Release <no-email@torproject.org> AuthorDate: Thu Aug 11 13:40:44 2022 +0000 release: ChangeLog and ReleaseNotes for 0.4.7.9 --- ChangeLog | 68 +++++++++++++++++++++++++++++++++++++++++ ReleaseNotes | 68 +++++++++++++++++++++++++++++++++++++++++ changes/bug40639 | 5 --- changes/bug40642 | 9 ------ changes/bug40644 | 8 ----- changes/bug40645 | 5 --- changes/fallbackdirs-2022-08-11 | 2 -- changes/geoip-2022-08-11 | 3 -- changes/ticket40604 | 5 --- changes/ticket40623 | 4 --- changes/ticket40649 | 4 --- changes/ticket40652 | 10 ------ 12 files changed, 136 insertions(+), 55 deletions(-) diff --git a/ChangeLog b/ChangeLog index 0ed1710d7b..38c7dd6d22 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,71 @@ +INSERT SUMMARY BLURP + +Changes in version 0.4.7.9 - 2022-08-11 + o Major bugfixes (congestion control): + - Implement RFC3742 Limited Slow Start. Congestion control was + overshooting the congestion window during slow start, particularly + for onion service activity. With this fix, we now update the + congestion window more often during slow start, as well as dampen + the exponential growth when the congestion window grows above a + capping parameter. This should reduce the memory increases guard + relays were seeing, as well as allow us to set lower queue limits + to defend against ongoing DoS attacks. Fixes bug 40642; bugfix + on 0.4.7.5-alpha. + + o Major bugfixes (relay): + - Remove OR connections btrack subsystem entries when the + connections closes normally. Before this, we would only close it + on error and thus leaking memory for each normal OR connections. + Fixes bug 40604; bugfix on 0.4.0.1-alpha. + - Stop sending TRUNCATED cell and instead close the circuits which + sends a DESTROY cell so every relay in the circuit path can stop + queuing cells. Fixes bug 40623; bugfix on 0.1.0.2-rc. + + o Major bugfixes (vanguards): + - We had omitted some checks for whether our vanguards (second layer + guards from proposal 333) overlapped. Now make sure to pick each + of them to be independent. Also, change the design to allow them + to come from the same family. Fixes bug 40639; bugfix + on 0.4.7.1-alpha. + + o Minor features (dirauth): + - Add a torrc option to control the Guard flag bandwidth threshold + percentile. Closes ticket 40652. + - Add an AuthDirVoteGuard torrc option that can allow authorities to + assign the Guard flag to the given fingerprints/country code/IPs. + This is a needed feature mostly for defense purposes in case a DoS + hits the network and relay start losing the Guard flags too fast. + - Make UPTIME_TO_GUARANTEE_STABLE, MTBF_TO_GUARANTEE_STABLE, + TIME_KNOWN_TO_GUARANTEE_FAMILIAR WFU_TO_GUARANTEE_GUARD tunable + from torrc. + + o Minor features (fallbackdir): + - Regenerate fallback directories generated on August 11, 2022. + + o Minor features (geoip data): + - Update the geoip files to match the IPFire Location Database, as + retrieved on 2022/08/11. + + o Minor bugfixes (congestion control): + - Add a check for an integer underflow condition that might happen + in cases where the system clock is stopped, the ORconn is blocked, + and the endpoint sends more than a congestion window worth of non- + data control cells at once. This would cause a large congestion + window to be calculated instead of a small one. No security + impact. Fixes bug 40644; bugfix on 0.4.7.5-alpha. + + o Minor bugfixes (defense in depth): + - Change a test in the netflow padding code to make it more + _obviously_ safe against remotely triggered crashes. (It was safe + against these before, but not obviously so.) Fixes bug 40645; + bugfix on 0.3.1.1-alpha. + + o Minor bugfixes (relay): + - Do not propagate either forward or backward a DESTROY remote + reason when closing a circuit so to avoid a possible side channel. + Fixes bug 40649; bugfix on 0.1.2.4-alpha. + + Changes in version 0.4.7.8 - 2022-06-17 This version fixes several bugfixes including a High severity security issue categorized as a Denial of Service. Everyone running an earlier version diff --git a/ReleaseNotes b/ReleaseNotes index ae90f71510..708e7220c3 100644 --- a/ReleaseNotes +++ b/ReleaseNotes @@ -2,6 +2,74 @@ This document summarizes new features and bugfixes in each stable release of Tor. If you want to see more detailed descriptions of the changes in each development snapshot, see the ChangeLog file. +INSERT SUMMARY BLURP + +Changes in version 0.4.7.9 - 2022-08-11 + o Major bugfixes (congestion control): + - Implement RFC3742 Limited Slow Start. Congestion control was + overshooting the congestion window during slow start, particularly + for onion service activity. With this fix, we now update the + congestion window more often during slow start, as well as dampen + the exponential growth when the congestion window grows above a + capping parameter. This should reduce the memory increases guard + relays were seeing, as well as allow us to set lower queue limits + to defend against ongoing DoS attacks. Fixes bug 40642; bugfix + on 0.4.7.5-alpha. + + o Major bugfixes (relay): + - Remove OR connections btrack subsystem entries when the + connections closes normally. Before this, we would only close it + on error and thus leaking memory for each normal OR connections. + Fixes bug 40604; bugfix on 0.4.0.1-alpha. + - Stop sending TRUNCATED cell and instead close the circuits which + sends a DESTROY cell so every relay in the circuit path can stop + queuing cells. Fixes bug 40623; bugfix on 0.1.0.2-rc. + + o Major bugfixes (vanguards): + - We had omitted some checks for whether our vanguards (second layer + guards from proposal 333) overlapped. Now make sure to pick each + of them to be independent. Also, change the design to allow them + to come from the same family. Fixes bug 40639; bugfix + on 0.4.7.1-alpha. + + o Minor features (dirauth): + - Add a torrc option to control the Guard flag bandwidth threshold + percentile. Closes ticket 40652. + - Add an AuthDirVoteGuard torrc option that can allow authorities to + assign the Guard flag to the given fingerprints/country code/IPs. + This is a needed feature mostly for defense purposes in case a DoS + hits the network and relay start losing the Guard flags too fast. + - Make UPTIME_TO_GUARANTEE_STABLE, MTBF_TO_GUARANTEE_STABLE, + TIME_KNOWN_TO_GUARANTEE_FAMILIAR WFU_TO_GUARANTEE_GUARD tunable + from torrc. + + o Minor features (fallbackdir): + - Regenerate fallback directories generated on August 11, 2022. + + o Minor features (geoip data): + - Update the geoip files to match the IPFire Location Database, as + retrieved on 2022/08/11. + + o Minor bugfixes (congestion control): + - Add a check for an integer underflow condition that might happen + in cases where the system clock is stopped, the ORconn is blocked, + and the endpoint sends more than a congestion window worth of non- + data control cells at once. This would cause a large congestion + window to be calculated instead of a small one. No security + impact. Fixes bug 40644; bugfix on 0.4.7.5-alpha. + + o Minor bugfixes (defense in depth): + - Change a test in the netflow padding code to make it more + _obviously_ safe against remotely triggered crashes. (It was safe + against these before, but not obviously so.) Fixes bug 40645; + bugfix on 0.3.1.1-alpha. + + o Minor bugfixes (relay): + - Do not propagate either forward or backward a DESTROY remote + reason when closing a circuit so to avoid a possible side channel. + Fixes bug 40649; bugfix on 0.1.2.4-alpha. + + Changes in version 0.4.7.8 - 2022-06-17 This version fixes several bugfixes including a High severity security issue categorized as a Denial of Service. Everyone running an earlier version diff --git a/changes/bug40639 b/changes/bug40639 deleted file mode 100644 index d975e9ad22..0000000000 --- a/changes/bug40639 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes (vanguards): - - We had omitted some checks for whether our vanguards (second layer - guards from proposal 333) overlapped. Now make sure to pick each - of them to be independent. Also, change the design to allow them to - come from the same family. Fixes bug 40639; bugfix on 0.4.7.1-alpha. diff --git a/changes/bug40642 b/changes/bug40642 deleted file mode 100644 index f50d87e031..0000000000 --- a/changes/bug40642 +++ /dev/null @@ -1,9 +0,0 @@ - o Major bugfixes (congestion control): - - Implement RFC3742 Limited Slow Start. Congestion control was - overshooting the congestion window during slow start, particularly for - onion service activity. With this fix, we now update the congestion - window more often during slow start, as well as dampen the exponential - growth when the congestion window grows above a capping parameter. - This should reduce the memory increases guard relays were seeing, as - well as allow us to set lower queue limits to defend against - ongoing DoS attacks. Fixes bug 40642; bugfix on 0.4.7.5-alpha. diff --git a/changes/bug40644 b/changes/bug40644 deleted file mode 100644 index a27c63ede2..0000000000 --- a/changes/bug40644 +++ /dev/null @@ -1,8 +0,0 @@ - o Minor bugfixes (congestion control): - - Add a check for an integer underflow condition that might - happen in cases where the system clock is stopped, the - ORconn is blocked, and the endpoint sends more than a - congestion window worth of non-data control cells at once. - This would cause a large congestion window to be calculated - instead of a small one. No security impact. Fixes bug 40644; - bugfix on 0.4.7.5-alpha. diff --git a/changes/bug40645 b/changes/bug40645 deleted file mode 100644 index 044d5b67d2..0000000000 --- a/changes/bug40645 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (defense in depth): - - Change a test in the netflow padding code to make it more - _obviously_ safe against remotely triggered crashes. - (It was safe against these before, but not obviously so.) - Fixes bug 40645; bugfix on 0.3.1.1-alpha. diff --git a/changes/fallbackdirs-2022-08-11 b/changes/fallbackdirs-2022-08-11 deleted file mode 100644 index 21200700ad..0000000000 --- a/changes/fallbackdirs-2022-08-11 +++ /dev/null @@ -1,2 +0,0 @@ - o Minor features (fallbackdir): - - Regenerate fallback directories generated on August 11, 2022. diff --git a/changes/geoip-2022-08-11 b/changes/geoip-2022-08-11 deleted file mode 100644 index aad2392f1f..0000000000 --- a/changes/geoip-2022-08-11 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (geoip data): - - Update the geoip files to match the IPFire Location Database, - as retrieved on 2022/08/11. diff --git a/changes/ticket40604 b/changes/ticket40604 deleted file mode 100644 index ec24a46e66..0000000000 --- a/changes/ticket40604 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes (relay): - - Remove OR connections btrack subsystem entries when the connections - closes normally. Before this, we would only close it on error and thus - leaking memory for each normal OR connections. Fixes bug 40604; bugfix - on 0.4.0.1-alpha. diff --git a/changes/ticket40623 b/changes/ticket40623 deleted file mode 100644 index d2a0e7eaad..0000000000 --- a/changes/ticket40623 +++ /dev/null @@ -1,4 +0,0 @@ - o Major bugfixes (relay): - - Stop sending TRUNCATED cell and instead close the circuits which sends a - DESTROY cell so every relay in the circuit path can stop queuing cells. - Fixes bug 40623; bugfix on 0.1.0.2-rc. diff --git a/changes/ticket40649 b/changes/ticket40649 deleted file mode 100644 index 28df58f106..0000000000 --- a/changes/ticket40649 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (relay): - - Do not propagate either forward or backward a DESTROY remote reason when - closing a circuit so to avoid a possible side channel. Fixes bug 40649; - bugfix on 0.1.2.4-alpha. diff --git a/changes/ticket40652 b/changes/ticket40652 deleted file mode 100644 index ff9f4d0591..0000000000 --- a/changes/ticket40652 +++ /dev/null @@ -1,10 +0,0 @@ - o Minor features (dirauth): - - Add an AuthDirVoteGuard torrc option that can allow authorities to - assign the Guard flag to the given fingerprints/country code/IPs. This - is a needed feature mostly for defense purposes in case a DoS hits the - network and relay start losing the Guard flags too fast. - - Make UPTIME_TO_GUARANTEE_STABLE, MTBF_TO_GUARANTEE_STABLE, - TIME_KNOWN_TO_GUARANTEE_FAMILIAR WFU_TO_GUARANTEE_GUARD tunable from - torrc. - - Add a torrc option to control the Guard flag bandwidth threshold - percentile. Closes ticket 40652. -- To stop receiving notification emails like this one, please contact the administrator of this repository.