commit 0c9e27ddbef4c9f46b45c76d5c829f87ade740b7 Author: David Goulet dgoulet@torproject.org Date: Mon Oct 25 10:43:42 2021 -0400
changelog: Changelog for 0.4.5.11
Signed-off-by: David Goulet dgoulet@torproject.org --- ChangeLog | 77 +++++++++++++++++++++++++++++++++++++++++++++++++++++ ReleaseNotes | 77 +++++++++++++++++++++++++++++++++++++++++++++++++++++ changes/bug40175 | 5 ---- changes/bug40371 | 6 ----- changes/bug40375 | 5 ---- changes/ticket30477 | 4 --- changes/ticket40337 | 16 ----------- changes/ticket40434 | 6 ----- changes/ticket40474 | 5 ---- changes/ticket40476 | 8 ------ changes/ticket40493 | 2 -- 11 files changed, 154 insertions(+), 57 deletions(-)
diff --git a/ChangeLog b/ChangeLog index c60d9fa7b2..618da8ee3c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,80 @@ +Changes in version 0.4.5.11 - 2021-10-26 + This version fixes several bugs from earlier versions of Tor. A major + change is that v2 onion service are now disabled at the client, + service and relay meaning that any tor nodes running this version and + onward will stops supporting v2. This is the last step into the long + deprecation process of onion service version 2. Everyone running an + earlier version, whether as a client, a relay, or an onion service, + should upgrade to Tor 0.3.5.17, 0.4.5.11, or 0.4.6.8. + + o Major feature (onion service v2): + - See https://blog.torproject.org/v2-deprecation-timeline for + details on how to transition from v2 to v3. + - The control port command HSFETCH and HSPOST don't allow version 2 + as well. It is also not possible to create a v2 service + with ADD_ONION. + - Tor does NOT allow anymore to create v2 services, to connect as a + client to a v2 service and for a relay to be a v2 HSDir or + introduction point. This effectively disable onion service version + 2 tor wide. Closes 40476. + + o Minor features (bridge, backport from 0.4.6.8): + - We now announce the URL to Tor's new bridge status at + https://bridges.torproject.org/ when Tor is configured to run as a + bridge relay. Closes ticket 30477. + + o Minor features (fallbackdir): + - Regenerate fallback directories for October 2021. Close + ticket 40493. + + o Minor features (logging, diagnostic, backport from 0.4.6.5): + - Log decompression failures at a higher severity level, since they + can help provide missing context for other warning messages. We + rate-limit these messages, to avoid flooding the logs if they + begin to occur frequently. Closes ticket 40175. + + o Minor features (testing, backport from 0.4.6.8): + - On a testing network, relays can now use the + TestingMinTimeToReportBandwidth option to change the smallest + amount of time over which they're willing to report their observed + maximum bandwidth. Previously, this was fixed at 1 day. For + safety, values under 2 hours are only supported on testing + networks. Part of a fix for ticket 40337. + - Relays on testing networks no longer rate-limit how frequently + they are willing to report new bandwidth measurements. Part of a + fix for ticket 40337. + - Relays on testing networks now report their observed bandwidths + immediately from startup. Previously, they waited until they had + been running for a full day. Closes ticket 40337. + + o Minor bugfix (onion service, backport from 0.4.6.8): + - Do not flag an HSDir as non-running in case the descriptor upload + or fetch fails. An onion service closes pending directory + connections before uploading a new descriptor which can thus lead + to wrongly flagging many relays and thus affecting circuit building + path selection. Fixes bug 40434; bugfix on 0.2.0.13-alpha. + + o Minor bugfixes (compatibility, backport from 0.4.6.8): + - Fix compatibility with the most recent Libevent versions, which no + longer have an evdns_set_random_bytes() function. Because this + function has been a no-op since Libevent 2.0.4-alpha, it is safe + for us to just stop calling it. Fixes bug 40371; bugfix + on 0.2.1.7-alpha. + + o Minor bugfixes (consensus handling, backport from 0.4.6.4-rc): + - Avoid a set of bugs that could be caused by inconsistently + preferring an out-of-date consensus stored in a stale directory + cache over a more recent one stored on disk as the latest + consensus. Fixes bug 40375; bugfix on 0.3.1.1-alpha. + + o Minor bugfixes (onion service, TROVE-2021-008, backport from 0.4.6.8): + - Only log once any v2 access attempts in order to not pollute the + logs with warnings and avoid recording the times on disk when v2 + access was attempted. Important to note that the onion address was + _never_ logged. That is a Low security issue. Fixes bug 40474; + bugfix on 0.4.5.8. + + Changes in version 0.4.5.10 - 2021-08-16 This version fixes several bugs from earlier versions of Tor, including one that could lead to a denial-of-service attack. Everyone diff --git a/ReleaseNotes b/ReleaseNotes index a6e39c2362..58f4a9b263 100644 --- a/ReleaseNotes +++ b/ReleaseNotes @@ -2,6 +2,83 @@ This document summarizes new features and bugfixes in each stable release of Tor. If you want to see more detailed descriptions of the changes in each development snapshot, see the ChangeLog file.
+Changes in version 0.4.5.11 - 2021-10-26 + This version fixes several bugs from earlier versions of Tor. A major + change is that v2 onion service are now disabled at the client, + service and relay meaning that any tor nodes running this version and + onward will stops supporting v2. This is the last step into the long + deprecation process of onion service version 2. Everyone running an + earlier version, whether as a client, a relay, or an onion service, + should upgrade to Tor 0.3.5.17, 0.4.5.11, or 0.4.6.8. + + o Major feature (onion service v2): + - See https://blog.torproject.org/v2-deprecation-timeline for + details on how to transition from v2 to v3. + - The control port command HSFETCH and HSPOST don't allow version 2 + as well. It is also not possible to create a v2 service + with ADD_ONION. + - Tor does NOT allow anymore to create v2 services, to connect as a + client to a v2 service and for a relay to be a v2 HSDir or + introduction point. This effectively disable onion service version + 2 tor wide. Closes 40476. + + o Minor features (bridge, backport from 0.4.6.8): + - We now announce the URL to Tor's new bridge status at + https://bridges.torproject.org/ when Tor is configured to run as a + bridge relay. Closes ticket 30477. + + o Minor features (fallbackdir): + - Regenerate fallback directories for October 2021. Close + ticket 40493. + + o Minor features (logging, diagnostic, backport from 0.4.6.5): + - Log decompression failures at a higher severity level, since they + can help provide missing context for other warning messages. We + rate-limit these messages, to avoid flooding the logs if they + begin to occur frequently. Closes ticket 40175. + + o Minor features (testing, backport from 0.4.6.8): + - On a testing network, relays can now use the + TestingMinTimeToReportBandwidth option to change the smallest + amount of time over which they're willing to report their observed + maximum bandwidth. Previously, this was fixed at 1 day. For + safety, values under 2 hours are only supported on testing + networks. Part of a fix for ticket 40337. + - Relays on testing networks no longer rate-limit how frequently + they are willing to report new bandwidth measurements. Part of a + fix for ticket 40337. + - Relays on testing networks now report their observed bandwidths + immediately from startup. Previously, they waited until they had + been running for a full day. Closes ticket 40337. + + o Minor bugfix (onion service, backport from 0.4.6.8): + - Do not flag an HSDir as non-running in case the descriptor upload + or fetch fails. An onion service closes pending directory + connections before uploading a new descriptor which can thus lead + to wrongly flagging many relays and thus affecting circuit building + path selection. Fixes bug 40434; bugfix on 0.2.0.13-alpha. + + o Minor bugfixes (compatibility, backport from 0.4.6.8): + - Fix compatibility with the most recent Libevent versions, which no + longer have an evdns_set_random_bytes() function. Because this + function has been a no-op since Libevent 2.0.4-alpha, it is safe + for us to just stop calling it. Fixes bug 40371; bugfix + on 0.2.1.7-alpha. + + o Minor bugfixes (consensus handling, backport from 0.4.6.4-rc): + - Avoid a set of bugs that could be caused by inconsistently + preferring an out-of-date consensus stored in a stale directory + cache over a more recent one stored on disk as the latest + consensus. Fixes bug 40375; bugfix on 0.3.1.1-alpha. + + o Minor bugfixes (onion service, TROVE-2021-008, backport from 0.4.6.8): + - Only log once any v2 access attempts in order to not pollute the + logs with warnings and avoid recording the times on disk when v2 + access was attempted. Important to note that the onion address was + _never_ logged. That is a Low security issue. Fixes bug 40474; + bugfix on 0.4.5.8. + + Changes in version 0.4.5.10 - 2021-08-16 This version fixes several bugs from earlier versions of Tor, including one that could lead to a denial-of-service attack. Everyone running an earlier diff --git a/changes/bug40175 b/changes/bug40175 deleted file mode 100644 index aa2ce9566f..0000000000 --- a/changes/bug40175 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features (logging, diagnostic): - - Log decompression failures at a higher severity level, since they - can help provide missing context for other warning messages. - We rate-limit these messages, to avoid flooding the logs if they - begin to occur frequently. Closes ticket 40175. diff --git a/changes/bug40371 b/changes/bug40371 deleted file mode 100644 index 8cc7117f9f..0000000000 --- a/changes/bug40371 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (compatibility): - - Fix compatibility with the most recent Libevent versions, which - no longer have an evdns_set_random_bytes() function. Because - this function has been a no-op since Libevent 2.0.4-alpha, - it is safe for us to just stop calling it. Fixes bug 40371; - bugfix on 0.2.1.7-alpha. diff --git a/changes/bug40375 b/changes/bug40375 deleted file mode 100644 index 7ac32bc628..0000000000 --- a/changes/bug40375 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (consensus handling): - - Avoid a set of bugs that could be caused by inconsistently preferring - an out-of-date consensus stored in a stale directory cache over - a more recent one stored on disk as the latest consensus. - Fixes bug 40375; bugfix on 0.3.1.1-alpha. diff --git a/changes/ticket30477 b/changes/ticket30477 deleted file mode 100644 index 379fc4e7eb..0000000000 --- a/changes/ticket30477 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (bridge): - - We now announce the URL to Tor's new bridge status at - https://bridges.torproject.org/ when Tor is configured to run as a bridge - relay. Closes ticket 30477. diff --git a/changes/ticket40337 b/changes/ticket40337 deleted file mode 100644 index 1c86fc4c99..0000000000 --- a/changes/ticket40337 +++ /dev/null @@ -1,16 +0,0 @@ - o Minor features (testing): - - On a testing network, relays can now use the - TestingMinTimeToReportBandwidth option to change - the smallest amount of time over which they're willing to report - their observed maximum bandwidth. Previously, this was fixed - at 1 day. For safety, values under 2 hours are only supported on - testing networks. Part of a fix for ticket 40337. - - o Minor features (testing): - - Relays on testing networks now report their observed bandwidths - immediately from startup. Previously, they waited - until they had been running for a full day. Closes ticket - 40337. - - Relays on testing networks no longer rate-limit how frequently - they are willing to report new bandwidth measurements. Part of a fix - for ticket 40337. diff --git a/changes/ticket40434 b/changes/ticket40434 deleted file mode 100644 index 988bb416be..0000000000 --- a/changes/ticket40434 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfix (onion service): - - Do not flag an HSDir as non-running in case the descriptor upload or - fetch fails. An onion service closes pending directory connections - before uploading a new descriptor which can thus lead to wrongly - flagging many relays and thus affecting circuit building path selection. - Fixes bug 40434; bugfix on 0.2.0.13-alpha. diff --git a/changes/ticket40474 b/changes/ticket40474 deleted file mode 100644 index d2a7231106..0000000000 --- a/changes/ticket40474 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (onion service, TROVE-2021-008): - - Only log once any v2 access attempts in order to not pollute the logs - with warnings and avoid recording the times on disk when v2 access was - attempted. Important to note that the onion address was _never_ logged. - That is a Low security issue. Fixes bug 40474; bugfix on 0.4.5.8. diff --git a/changes/ticket40476 b/changes/ticket40476 deleted file mode 100644 index 062e36f9bc..0000000000 --- a/changes/ticket40476 +++ /dev/null @@ -1,8 +0,0 @@ - o Major feature (onion service v2): - - Tor does NOT allow anymore to create v2 services, to connect as a client - to a v2 service and for a relay to be a v2 HSDir or introduction point. - This effectively disable onion service version 2 tor wide. Closes 40476. - - The control port command HSFETCH and HSPOST don't allow version 2 as well. - It is also not possible to create a v2 service with ADD_ONION. - - See https://blog.torproject.org/v2-deprecation-timeline for details on - how to transition from v2 to v3. diff --git a/changes/ticket40493 b/changes/ticket40493 deleted file mode 100644 index eb9baf916b..0000000000 --- a/changes/ticket40493 +++ /dev/null @@ -1,2 +0,0 @@ - o Minor features (fallbackdir): - - Regenerate fallback directories for October 2021. Close ticket 40493.
tor-commits@lists.torproject.org