February 2021 - tor-packagers - lists.torproject.org

New *stable* release: Tor 0.4.5.6
by Nick Mathewson 15 Feb '21

15 Feb '21

Hello! Tor 0.4.5.6 is now signed and uploaded to https://dist.torproject.org/ . It's officially a stable release now! Below is a list of the changes since 0.4.5.5-rc. For a list of all the changes since 0.4.4.7, see the ReleaseNotes file. Official announcements will follow after the website has updated. Changes in version 0.4.5.6 - 2021-02-15 The Tor 0.4.5.x release series is dedicated to the memory of Karsten Loesing (1979-2020), Tor developer, cypherpunk, husband, and father. Karsten is best known for creating the Tor metrics portal and leading the metrics team, but he was involved in Tor from the early days. For example, while he was still a student he invented and implemented the v2 onion service directory design, and he also served as an ambassador to the many German researchers working in the anonymity field. We loved him and respected him for his patience, his consistency, and his welcoming approach to growing our community. This release series introduces significant improvements in relay IPv6 address discovery, a new "MetricsPort" mechanism for relay operators to measure performance, LTTng support, build system improvements to help when using Tor as a static library, and significant bugfixes related to Windows relay performance. It also includes numerous smaller features and bugfixes. Below are the changes since 0.4.4.4-rc. For a complete list of changes since 0.4.4.7, see the ReleaseNotes file. o Major bugfixes (IPv6, relay): - Fix a bug that prevented a relay from publishing its descriptor if an auto-discovered IPv6 that was found unreachable. Fixes bug 40279; bugfix on 0.4.5.1-alpha. o Minor features (protocol versions): - Stop claiming to support the "DirCache=1" subprotocol version. Technically, we stopped supporting this subprotocol back in 0.4.5.1-alpha, but we needed to wait for the authorities to stop listing it as "required" before we could drop it from the list. Closes ticket 40221. o Minor bugfixes (logging): - Avoid a spurious log message about missing subprotocol versions, when the consensus that we're reading from is older than the current release. Previously we had made this message nonfatal, but in practice, it is never relevant when the consensus is older than the current release. Fixes bug 40281; bugfix on 0.4.0.1-alpha. o Minor bugfixes (metrics port): - Fix a bug warning when a metrics port socket was unexpectedly closed. Fixes bug 40257; bugfix on 0.4.5.1-alpha o Minor bugfixes (relay): - Allow relays to have a RFC1918 address if PublishServerDescriptor is set to 0 and AssumeReachable is set to 1. This is to support the use case of a bridge on a local network, exposed via a pluggable transport. Fixes bug 40208; bugfix on 0.4.5.1-alpha. o Minor bugfixes (relay, config): - Fix a problem in the removal of duplicate ORPorts from the internal port list when loading the config file. We were removing the wrong ports, breaking valid torrc uses cases for multiple ORPorts of the same address family. Fixes bug 40289; bugfix on 0.4.5.1-alpha. cheers, -- Nick

1 0

Of potential interest: changes to Tor's LTS policy
by Nick Mathewson 05 Feb '21

05 Feb '21

Hello! I've been working on a proposed change to Tor's LTS policies. I've run it by a few people already, and now I've posted it on tor-dev for broader comment. If you're not on tor-dev, you can read it at https://lists.torproject.org/pipermail/tor-dev/2021-February/014515.html (summary: If we decide to do this, we will still be able to do LTS releases, but we will backport fewer things to them, and we will make fewer promises about how well they will work on the network.) I'm especially interested in feedback from packagers here. best wishes, -- Nick

2 1

New stable releases: 0.4.4.7, 0.4.3.8, 0.3.5.13
by Nick Mathewson 03 Feb '21

03 Feb '21

Hello! The abovementioned releases are the latest in their series. They contain code that we hope will protect the network against denial-of-service attacks, and make v3 hidden services more robust in the presence of such attacks. You can download the source, as usual, at https://dist.torproject.org/. Note that support for 0.4.3.x will end later this month; if you're on that version, you should probably upgrade to 0.4.4.x or 0.4.5.x. See https://gitlab.torproject.org/tpo/core/team/-/wikis/NetworkTeam/CoreTorRele… for information on our supported release series and schedules. We anticipate that 0.4.5.x will be "officially" stable on 15 Feb, and that differences from 0.4.5.5-rc will be minimal. Official release announcements will follow after the website updates. Here are the changelogs: Changes in version 0.4.4.7 - 2021-02-03 Tor 0.4.4.7 backports numerous bugfixes from later releases, including one that made v3 onion services more susceptible to denial-of-service attacks, and a feature that makes some kinds of DoS attacks harder to perform. o Major bugfixes (onion service v3, backport from 0.4.5.3-rc): - Stop requiring a live consensus for v3 clients and services, and allow a "reasonably live" consensus instead. This allows v3 onion services to work even if the authorities fail to generate a consensus for more than 2 hours in a row. Fixes bug 40237; bugfix on 0.3.5.1-alpha. o Major feature (exit, backport from 0.4.5.5-rc): - Re-entry into the network is now denied at the Exit level to all relays' ORPorts and authorities' ORPorts and DirPorts. This change should help mitgate a set of denial-of-service attacks. Closes ticket 2667. o Minor feature (build system, backport from 0.4.5.4-rc): - New "make lsp" command to generate the compile_commands.json file used by the ccls language server. The "bear" program is needed for this. Closes ticket 40227. o Minor features (compilation, backport from 0.4.5.2-rc): - Disable deprecation warnings when building with OpenSSL 3.0.0 or later. There are a number of APIs newly deprecated in OpenSSL 3.0.0 that Tor still requires. (A later version of Tor will try to stop depending on these APIs.) Closes ticket 40165. o Minor features (crypto, backport from 0.4.5.3-rc): - Fix undefined behavior on our Keccak library. The bug only appeared on platforms with 32-byte CPU cache lines (e.g. armv5tel) and would result in wrong digests. Fixes bug 40210; bugfix on 0.2.8.1-alpha. Thanks to Bernhard Übelacker, Arnd Bergmann and weasel for diagnosing this. o Minor bugfixes (compatibility, backport from 0.4.5.1-rc): - Strip '\r' characters when reading text files on Unix platforms. This should resolve an issue where a relay operator migrates a relay from Windows to Unix, but does not change the line ending of Tor's various state files to match the platform, and the CRLF line endings from Windows end up leaking into other files such as the extra-info document. Fixes bug 33781; bugfix on 0.0.9pre5. o Minor bugfixes (compilation, backport from 0.4.5.3-rc): - Fix a compilation warning about unreachable fallthrough annotations when building with "--enable-all-bugs-are-fatal" on some compilers. Fixes bug 40241; bugfix on 0.3.5.4-alpha. o Minor bugfixes (SOCKS5, backport from 0.4.5.3-rc): - Handle partial SOCKS5 messages correctly. Previously, our code would send an incorrect error message if it got a SOCKS5 request that wasn't complete. Fixes bug 40190; bugfix on 0.3.5.1-alpha. o Minor bugfixes (testing, backport from 0.4.5.2-alpha): - Fix the `config/parse_tcp_proxy_line` test so that it works correctly on systems where the DNS provider hijacks invalid queries. Fixes part of bug 40179; bugfix on 0.4.3.1-alpha. - Fix our Python reference-implementation for the v3 onion service handshake so that it works correctly with the version of hashlib provided by Python 3.9. Fixes part of bug 40179; bugfix on 0.3.1.6-rc. - Fix the `tortls/openssl/log_one_error` test to work with OpenSSL 3.0.0. Fixes bug 40170; bugfix on 0.2.8.1-alpha. Changes in version 0.4.3.8 - 2021-02-03 Tor 0.4.3.8 backports numerous bugfixes from later releases, including one that made v3 onion services more susceptible to denial-of-service attacks, and a feature that makes some kinds of DoS attacks harder to perform. Note that this is, in all likelihood, the last release of Tor 0.4.3.x, which will reach end-of-life on 15 Feb 2021. o Major bugfixes (onion service v3, backport from 0.4.5.3-rc): - Stop requiring a live consensus for v3 clients and services, and allow a "reasonably live" consensus instead. This allows v3 onion services to work even if the authorities fail to generate a consensus for more than 2 hours in a row. Fixes bug 40237; bugfix on 0.3.5.1-alpha. o Major bugfixes (stats, onion services, backport from 0.4.4.5): - Fix a bug where we were undercounting the Tor network's total onion service traffic, by ignoring any traffic originating from clients. Now we count traffic from both clients and services. Fixes bug 40117; bugfix on 0.2.6.2-alpha. o Major feature (exit, backport from 0.4.5.5-rc): - Re-entry into the network is now denied at the Exit level to all relays' ORPorts and authorities' ORPorts and DirPorts. This change should help mitgate a set of denial-of-service attacks. Closes ticket 2667. o Minor feature (build system, backport from 0.4.5.4-rc): - New "make lsp" command to generate the compile_commands.json file used by the ccls language server. The "bear" program is needed for this. Closes ticket 40227. o Minor features (compilation, backport from 0.4.5.2-rc): - Disable deprecation warnings when building with OpenSSL 3.0.0 or later. There are a number of APIs newly deprecated in OpenSSL 3.0.0 that Tor still requires. (A later version of Tor will try to stop depending on these APIs.) Closes ticket 40165. o Minor features (crypto, backport from 0.4.5.3-rc): - Fix undefined behavior on our Keccak library. The bug only appeared on platforms with 32-byte CPU cache lines (e.g. armv5tel) and would result in wrong digests. Fixes bug 40210; bugfix on 0.2.8.1-alpha. Thanks to Bernhard Übelacker, Arnd Bergmann and weasel for diagnosing this. o Minor bugfixes (compatibility, backport from 0.4.5.1-rc): - Strip '\r' characters when reading text files on Unix platforms. This should resolve an issue where a relay operator migrates a relay from Windows to Unix, but does not change the line ending of Tor's various state files to match the platform, and the CRLF line endings from Windows end up leaking into other files such as the extra-info document. Fixes bug 33781; bugfix on 0.0.9pre5. o Minor bugfixes (compilation, backport from 0.4.5.1-rc): - Resolve a compilation warning that could occur in test_connection.c. Fixes bug 40113; bugfix on 0.2.9.3-alpha. o Minor bugfixes (compilation, backport from 0.4.5.3-rc): - Fix a compilation warning about unreachable fallthrough annotations when building with "--enable-all-bugs-are-fatal" on some compilers. Fixes bug 40241; bugfix on 0.3.5.4-alpha. o Minor bugfixes (SOCKS5, backport from 0.4.5.3-rc): - Handle partial SOCKS5 messages correctly. Previously, our code would send an incorrect error message if it got a SOCKS5 request that wasn't complete. Fixes bug 40190; bugfix on 0.3.5.1-alpha. o Minor bugfixes (testing, backport from 0.4.5.2-alpha): - Fix the `config/parse_tcp_proxy_line` test so that it works correctly on systems where the DNS provider hijacks invalid queries. Fixes part of bug 40179; bugfix on 0.4.3.1-alpha. - Fix our Python reference-implementation for the v3 onion service handshake so that it works correctly with the version of hashlib provided by Python 3.9. Fixes part of bug 40179; bugfix on 0.3.1.6-rc. - Fix the `tortls/openssl/log_one_error` test to work with OpenSSL 3.0.0. Fixes bug 40170; bugfix on 0.2.8.1-alpha. Changes in version 0.3.5.13 - 2020-02-03 Tor 0.3.5.13 backports numerous bugfixes from later releases, including one that made v3 onion services more susceptible to denial-of-service attacks, and a feature that makes some kinds of DoS attacks harder to perform. o Major bugfixes (onion service v3, backport from 0.4.5.3-rc): - Stop requiring a live consensus for v3 clients and services, and allow a "reasonably live" consensus instead. This allows v3 onion services to work even if the authorities fail to generate a consensus for more than 2 hours in a row. Fixes bug 40237; bugfix on 0.3.5.1-alpha. o Major bugfixes (stats, onion services, backport from 0.4.4.5): - Fix a bug where we were undercounting the Tor network's total onion service traffic, by ignoring any traffic originating from clients. Now we count traffic from both clients and services. Fixes bug 40117; bugfix on 0.2.6.2-alpha. o Major feature (exit, backport from 0.4.5.5-rc): - Re-entry into the network is now denied at the Exit level to all relays' ORPorts and authorities' ORPorts and DirPorts. This change should help mitgate a set of denial-of-service attacks. Closes ticket 2667. o Minor feature (build system, backport from 0.4.5.4-rc): - New "make lsp" command to generate the compile_commands.json file used by the ccls language server. The "bear" program is needed for this. Closes ticket 40227. o Minor features (compilation, backport from 0.4.5.2-rc): - Disable deprecation warnings when building with OpenSSL 3.0.0 or later. There are a number of APIs newly deprecated in OpenSSL 3.0.0 that Tor still requires. (A later version of Tor will try to stop depending on these APIs.) Closes ticket 40165. o Minor features (crypto, backport from 0.4.5.3-rc): - Fix undefined behavior on our Keccak library. The bug only appeared on platforms with 32-byte CPU cache lines (e.g. armv5tel) and would result in wrong digests. Fixes bug 40210; bugfix on 0.2.8.1-alpha. Thanks to Bernhard Übelacker, Arnd Bergmann and weasel for diagnosing this. o Minor bugfixes (compatibility, backport from 0.4.5.1-rc): - Strip '\r' characters when reading text files on Unix platforms. This should resolve an issue where a relay operator migrates a relay from Windows to Unix, but does not change the line ending of Tor's various state files to match the platform, and the CRLF line endings from Windows end up leaking into other files such as the extra-info document. Fixes bug 33781; bugfix on 0.0.9pre5. o Minor bugfixes (compilation, backport from 0.4.5.1-rc): - Resolve a compilation warning that could occur in test_connection.c. Fixes bug 40113; bugfix on 0.2.9.3-alpha. o Minor bugfixes (compilation, backport from 0.4.5.3-rc): - Fix a compilation warning about unreachable fallthrough annotations when building with "--enable-all-bugs-are-fatal" on some compilers. Fixes bug 40241; bugfix on 0.3.5.4-alpha. o Minor bugfixes (SOCKS5, backport from 0.4.5.3-rc): - Handle partial SOCKS5 messages correctly. Previously, our code would send an incorrect error message if it got a SOCKS5 request that wasn't complete. Fixes bug 40190; bugfix on 0.3.5.1-alpha. o Minor bugfixes (testing, backport from 0.4.5.2-alpha): - Fix our Python reference-implementation for the v3 onion service handshake so that it works correctly with the version of hashlib provided by Python 3.9. Fixes part of bug 40179; bugfix on 0.3.1.6-rc. - Fix the `tortls/openssl/log_one_error` test to work with OpenSSL 3.0.0. Fixes bug 40170; bugfix on 0.2.8.1-alpha.

1 0

Tor 0.4.5.5-rc is released!
by Nick Mathewson 01 Feb '21

01 Feb '21

We need to do one more release candidate to fit in a couple of important fixes. We hope this is the last one before stable, though. Please check it out? Download as usual at https://dist.torproject.org/ Testing this release in particular is pretty vital, since we plan to backport the anti-DoS feature to other stable releases soon. Additionally, we're planning to put out stable releases later this week, if all goes well. Here's the changelog: Changes in version 0.4.5.5-rc - 2021-02-01 Tor 0.4.5.5-rc is the third release candidate in its series. We're coming closer and closer to a stable release series. This release fixes an annoyance with address detection code, and somewhat mitigates an ongoing denial-of-service attack. We anticipate no more code changes between this and the stable release, though of course that could change. o Major feature (exit): - Re-entry into the network is now denied at the Exit level to all relays' ORPorts and authorities' ORPorts and DirPorts. This change should help mitgate a set of denial-of-service attacks. Closes ticket 2667. o Minor bugfixes (relay, configuration): - Don't attempt to discover our address (IPv4 or IPv6) if no ORPort for it can be found in the configuration. Fixes bug 40254; bugfix on 0.4.5.1-alpha. best wishes,, -- Nick

1 0