[tor-commits] [tor/master] forward-port changelog and release notes
nickm at torproject.org
nickm at torproject.org
Wed Apr 26 19:39:30 UTC 2017
commit e5eb260b7a534ab1ad9d3221c047ca13004b7756
Author: Nick Mathewson <nickm at torproject.org>
Date: Wed Apr 26 15:39:10 2017 -0400
forward-port changelog and release notes
---
ChangeLog | 39 ++++
ReleaseNotes | 592 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 631 insertions(+)
diff --git a/ChangeLog b/ChangeLog
index 2dba2f3..65850b3 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,44 @@
Changes in version 0.3.1.1-alpha - 2017-??-??
+
+Changes in version 0.3.0.6 - 2017-04-26
+ Tor 0.3.0.6 is the first stable release of the Tor 0.3.0 series.
+
+ With the 0.3.0 series, clients and relays now use Ed25519 keys to
+ authenticate their link connections to relays, rather than the old
+ RSA1024 keys that they used before. (Circuit crypto has been
+ Curve25519-authenticated since 0.2.4.8-alpha.) We have also replaced
+ the guard selection and replacement algorithm to behave more robustly
+ in the presence of unreliable networks, and to resist guard-
+ capture attacks.
+
+ This series also includes numerous other small features and bugfixes,
+ along with more groundwork for the upcoming hidden-services revamp.
+
+ Per our stable release policy, we plan to support the Tor 0.3.0
+ release series for at least the next nine months, or for three months
+ after the first stable release of the 0.3.1 series: whichever is
+ longer. If you need a release with long-term support, we recommend
+ that you stay with the 0.2.9 series.
+
+ Below are the changes since 0.3.0.5-rc. For a list of all changes
+ since 0.2.9, see the ReleaseNotes file.
+
+ o Minor features (geoip):
+ - Update geoip and geoip6 to the April 4 2017 Maxmind GeoLite2
+ Country database.
+
+ o Minor bugfixes (control port):
+ - The GETINFO extra-info/digest/<digest> command was broken because
+ of a wrong base16 decode return value check, introduced when
+ refactoring that API. Fixes bug 22034; bugfix on 0.2.9.1-alpha.
+
+ o Minor bugfixes (crash prevention):
+ - Fix a (currently untriggerable, but potentially dangerous) crash
+ bug when base32-encoding inputs whose sizes are not a multiple of
+ 5. Fixes bug 21894; bugfix on 0.2.9.1-alpha.
+
+
Changes in version 0.3.0.5-rc - 2017-04-05
Tor 0.3.0.5-rc fixes a few remaining bugs, large and small, in the
0.3.0 release series.
diff --git a/ReleaseNotes b/ReleaseNotes
index 8b1d54e..ca5a30d 100644
--- a/ReleaseNotes
+++ b/ReleaseNotes
@@ -3,6 +3,598 @@ of Tor. If you want to see more detailed descriptions of the changes in
each development snapshot, see the ChangeLog file.
+Changes in version 0.3.0.6 - 2017-04-26
+ Tor 0.3.0.6 is the first stable release of the Tor 0.3.0 series.
+
+ With the 0.3.0 series, clients and relays now use Ed25519 keys to
+ authenticate their link connections to relays, rather than the old
+ RSA1024 keys that they used before. (Circuit crypto has been
+ Curve25519-authenticated since 0.2.4.8-alpha.) We have also replaced
+ the guard selection and replacement algorithm to behave more robustly
+ in the presence of unreliable networks, and to resist guard-
+ capture attacks.
+
+ This series also includes numerous other small features and bugfixes,
+ along with more groundwork for the upcoming hidden-services revamp.
+
+ Per our stable release policy, we plan to support the Tor 0.3.0
+ release series for at least the next nine months, or for three months
+ after the first stable release of the 0.3.1 series: whichever is
+ longer. If you need a release with long-term support, we recommend
+ that you stay with the 0.2.9 series.
+
+ Below are the changes since 0.2.9.10. For a list of only the changes
+ since 0.3.0.5-rc, see the ChangeLog file.
+
+ o Major features (directory authority, security):
+ - The default for AuthDirPinKeys is now 1: directory authorities
+ will reject relays where the RSA identity key matches a previously
+ seen value, but the Ed25519 key has changed. Closes ticket 18319.
+
+ o Major features (guard selection algorithm):
+ - Tor's guard selection algorithm has been redesigned from the
+ ground up, to better support unreliable networks and restrictive
+ sets of entry nodes, and to better resist guard-capture attacks by
+ hostile local networks. Implements proposal 271; closes
+ ticket 19877.
+
+ o Major features (next-generation hidden services):
+ - Relays can now handle v3 ESTABLISH_INTRO cells as specified by
+ prop224 aka "Next Generation Hidden Services". Service and clients
+ don't use this functionality yet. Closes ticket 19043. Based on
+ initial code by Alec Heifetz.
+ - Relays now support the HSDir version 3 protocol, so that they can
+ can store and serve v3 descriptors. This is part of the next-
+ generation onion service work detailled in proposal 224. Closes
+ ticket 17238.
+
+ o Major features (protocol, ed25519 identity keys):
+ - Clients now support including Ed25519 identity keys in the EXTEND2
+ cells they generate. By default, this is controlled by a consensus
+ parameter, currently disabled. You can turn this feature on for
+ testing by setting ExtendByEd25519ID in your configuration. This
+ might make your traffic appear different than the traffic
+ generated by other users, however. Implements part of ticket
+ 15056; part of proposal 220.
+ - Relays now understand requests to extend to other relays by their
+ Ed25519 identity keys. When an Ed25519 identity key is included in
+ an EXTEND2 cell, the relay will only extend the circuit if the
+ other relay can prove ownership of that identity. Implements part
+ of ticket 15056; part of proposal 220.
+ - Relays now use Ed25519 to prove their Ed25519 identities and to
+ one another, and to clients. This algorithm is faster and more
+ secure than the RSA-based handshake we've been doing until now.
+ Implements the second big part of proposal 220; Closes
+ ticket 15055.
+
+ o Major features (security):
+ - Change the algorithm used to decide DNS TTLs on client and server
+ side, to better resist DNS-based correlation attacks like the
+ DefecTor attack of Greschbach, Pulls, Roberts, Winter, and
+ Feamster. Now relays only return one of two possible DNS TTL
+ values, and clients are willing to believe DNS TTL values up to 3
+ hours long. Closes ticket 19769.
+
+ o Major bugfixes (client, onion service, also in 0.2.9.9):
+ - Fix a client-side onion service reachability bug, where multiple
+ socks requests to an onion service (or a single slow request)
+ could cause us to mistakenly mark some of the service's
+ introduction points as failed, and we cache that failure so
+ eventually we run out and can't reach the service. Also resolves a
+ mysterious "Remote server sent bogus reason code 65021" log
+ warning. The bug was introduced in ticket 17218, where we tried to
+ remember the circuit end reason as a uint16_t, which mangled
+ negative values. Partially fixes bug 21056 and fixes bug 20307;
+ bugfix on 0.2.8.1-alpha.
+
+ o Major bugfixes (crash, directory connections):
+ - Fix a rare crash when sending a begin cell on a circuit whose
+ linked directory connection had already been closed. Fixes bug
+ 21576; bugfix on 0.2.9.3-alpha. Reported by Alec Muffett.
+
+ o Major bugfixes (directory authority):
+ - During voting, when marking a relay as a probable sybil, do not
+ clear its BadExit flag: sybils can still be bad in other ways
+ too. (We still clear the other flags.) Fixes bug 21108; bugfix
+ on 0.2.0.13-alpha.
+
+ o Major bugfixes (DNS):
+ - Fix a bug that prevented exit nodes from caching DNS records for
+ more than 60 seconds. Fixes bug 19025; bugfix on 0.2.4.7-alpha.
+
+ o Major bugfixes (IPv6 Exits):
+ - Stop rejecting all IPv6 traffic on Exits whose exit policy rejects
+ any IPv6 addresses. Instead, only reject a port over IPv6 if the
+ exit policy rejects that port on more than an IPv6 /16 of
+ addresses. This bug was made worse by 17027 in 0.2.8.1-alpha,
+ which rejected a relay's own IPv6 address by default. Fixes bug
+ 21357; bugfix on commit 004f3f4e53 in 0.2.4.7-alpha.
+
+ o Major bugfixes (parsing):
+ - Fix an integer underflow bug when comparing malformed Tor
+ versions. This bug could crash Tor when built with
+ --enable-expensive-hardening, or on Tor 0.2.9.1-alpha through Tor
+ 0.2.9.8, which were built with -ftrapv by default. In other cases
+ it was harmless. Part of TROVE-2017-001. Fixes bug 21278; bugfix
+ on 0.0.8pre1. Found by OSS-Fuzz.
+ - When parsing a malformed content-length field from an HTTP
+ message, do not read off the end of the buffer. This bug was a
+ potential remote denial-of-service attack against Tor clients and
+ relays. A workaround was released in October 2016, to prevent this
+ bug from crashing Tor. This is a fix for the underlying issue,
+ which should no longer matter (if you applied the earlier patch).
+ Fixes bug 20894; bugfix on 0.2.0.16-alpha. Bug found by fuzzing
+ using AFL (http://lcamtuf.coredump.cx/afl/).
+
+ o Major bugfixes (scheduler):
+ - Actually compare circuit policies in ewma_cmp_cmux(). This bug
+ caused the channel scheduler to behave more or less randomly,
+ rather than preferring channels with higher-priority circuits.
+ Fixes bug 20459; bugfix on 0.2.6.2-alpha.
+
+ o Major bugfixes (security, also in 0.2.9.9):
+ - Downgrade the "-ftrapv" option from "always on" to "only on when
+ --enable-expensive-hardening is provided." This hardening option,
+ like others, can turn survivable bugs into crashes--and having it
+ on by default made a (relatively harmless) integer overflow bug
+ into a denial-of-service bug. Fixes bug 21278 (TROVE-2017-001);
+ bugfix on 0.2.9.1-alpha.
+
+ o Minor feature (client):
+ - Enable IPv6 traffic on the SocksPort by default. To disable this,
+ a user will have to specify "NoIPv6Traffic". Closes ticket 21269.
+
+ o Minor feature (fallback scripts):
+ - Add a check_existing mode to updateFallbackDirs.py, which checks
+ if fallbacks in the hard-coded list are working. Closes ticket
+ 20174. Patch by haxxpop.
+
+ o Minor feature (protocol versioning):
+ - Add new protocol version for proposal 224. HSIntro now advertises
+ version "3-4" and HSDir version "1-2". Fixes ticket 20656.
+
+ o Minor features (ciphersuite selection):
+ - Allow relays to accept a wider range of ciphersuites, including
+ chacha20-poly1305 and AES-CCM. Closes the other part of 15426.
+ - Clients now advertise a list of ciphersuites closer to the ones
+ preferred by Firefox. Closes part of ticket 15426.
+
+ o Minor features (controller):
+ - Add "GETINFO sr/current" and "GETINFO sr/previous" keys, to expose
+ shared-random values to the controller. Closes ticket 19925.
+ - When HSFETCH arguments cannot be parsed, say "Invalid argument"
+ rather than "unrecognized." Closes ticket 20389; patch from
+ Ivan Markin.
+
+ o Minor features (controller, configuration):
+ - Each of the *Port options, such as SocksPort, ORPort, ControlPort,
+ and so on, now comes with a __*Port variant that will not be saved
+ to the torrc file by the controller's SAVECONF command. This
+ change allows TorBrowser to set up a single-use domain socket for
+ each time it launches Tor. Closes ticket 20956.
+ - The GETCONF command can now query options that may only be
+ meaningful in context-sensitive lists. This allows the controller
+ to query the mixed SocksPort/__SocksPort style options introduced
+ in feature 20956. Implements ticket 21300.
+
+ o Minor features (diagnostic, directory client):
+ - Warn when we find an unexpected inconsistency in directory
+ download status objects. Prevents some negative consequences of
+ bug 20593.
+
+ o Minor features (directory authorities):
+ - Directory authorities now reject descriptors that claim to be
+ malformed versions of Tor. Helps prevent exploitation of
+ bug 21278.
+ - Reject version numbers with components that exceed INT32_MAX.
+ Otherwise 32-bit and 64-bit platforms would behave inconsistently.
+ Fixes bug 21450; bugfix on 0.0.8pre1.
+
+ o Minor features (directory authority):
+ - Add a new authority-only AuthDirTestEd25519LinkKeys option (on by
+ default) to control whether authorities should try to probe relays
+ by their Ed25519 link keys. This option will go away in a few
+ releases--unless we encounter major trouble in our ed25519 link
+ protocol rollout, in which case it will serve as a safety option.
+
+ o Minor features (directory cache):
+ - Relays and bridges will now refuse to serve the consensus they
+ have if they know it is too old for a client to use. Closes
+ ticket 20511.
+
+ o Minor features (ed25519 link handshake):
+ - Advertise support for the ed25519 link handshake using the
+ subprotocol-versions mechanism, so that clients can tell which
+ relays can identity themselves by Ed25519 ID. Closes ticket 20552.
+
+ o Minor features (entry guards):
+ - Add UseEntryGuards to TEST_OPTIONS_DEFAULT_VALUES in order to not
+ break regression tests.
+ - Require UseEntryGuards when UseBridges is set, in order to make
+ sure bridges aren't bypassed. Resolves ticket 20502.
+
+ o Minor features (fallback directories):
+ - Allow 3 fallback relays per operator, which is safe now that we
+ are choosing 200 fallback relays. Closes ticket 20912.
+ - Annotate updateFallbackDirs.py with the bandwidth and consensus
+ weight for each candidate fallback. Closes ticket 20878.
+ - Display the relay fingerprint when downloading consensuses from
+ fallbacks. Closes ticket 20908.
+ - Exclude relays affected by bug 20499 from the fallback list.
+ Exclude relays from the fallback list if they are running versions
+ known to be affected by bug 20499, or if in our tests they deliver
+ a stale consensus (i.e. one that expired more than 24 hours ago).
+ Closes ticket 20539.
+ - Make it easier to change the output sort order of fallbacks.
+ Closes ticket 20822.
+ - Reduce the minimum fallback bandwidth to 1 MByte/s. Part of
+ ticket 18828.
+ - Require fallback directories to have the same address and port for
+ 7 days (now that we have enough relays with this stability).
+ Relays whose OnionOO stability timer is reset on restart by bug
+ 18050 should upgrade to Tor 0.2.8.7 or later, which has a fix for
+ this issue. Closes ticket 20880; maintains short-term fix
+ in 0.2.8.2-alpha.
+ - Require fallbacks to have flags for 90% of the time (weighted
+ decaying average), rather than 95%. This allows at least 73% of
+ clients to bootstrap in the first 5 seconds without contacting an
+ authority. Part of ticket 18828.
+ - Select 200 fallback directories for each release. Closes
+ ticket 20881.
+
+ o Minor features (fingerprinting resistence, authentication):
+ - Extend the length of RSA keys used for TLS link authentication to
+ 2048 bits. (These weren't used for forward secrecy; for forward
+ secrecy, we used P256.) Closes ticket 13752.
+
+ o Minor features (geoip):
+ - Update geoip and geoip6 to the April 4 2017 Maxmind GeoLite2
+ Country database.
+
+ o Minor features (geoip, also in 0.2.9.9):
+ - Update geoip and geoip6 to the January 4 2017 Maxmind GeoLite2
+ Country database.
+
+ o Minor features (infrastructure):
+ - Implement smartlist_add_strdup() function. Replaces the use of
+ smartlist_add(sl, tor_strdup(str)). Closes ticket 20048.
+
+ o Minor features (linting):
+ - Enhance the changes file linter to warn on Tor versions that are
+ prefixed with "tor-". Closes ticket 21096.
+
+ o Minor features (logging):
+ - In several places, describe unset ed25519 keys as "<unset>",
+ rather than the scary "AAAAAAAA...AAA". Closes ticket 21037.
+
+ o Minor features (portability, compilation):
+ - Autoconf now checks to determine if OpenSSL structures are opaque,
+ instead of explicitly checking for OpenSSL version numbers. Part
+ of ticket 21359.
+ - Support building with recent LibreSSL code that uses opaque
+ structures. Closes ticket 21359.
+
+ o Minor features (relay):
+ - We now allow separation of exit and relay traffic to different
+ source IP addresses, using the OutboundBindAddressExit and
+ OutboundBindAddressOR options respectively. Closes ticket 17975.
+ Written by Michael Sonntag.
+
+ o Minor features (reliability, crash):
+ - Try better to detect problems in buffers where they might grow (or
+ think they have grown) over 2 GB in size. Diagnostic for
+ bug 21369.
+
+ o Minor features (testing):
+ - During 'make test-network-all', if tor logs any warnings, ask
+ chutney to output them. Requires a recent version of chutney with
+ the 21572 patch. Implements 21570.
+
+ o Minor bugfix (control protocol):
+ - The reply to a "GETINFO config/names" request via the control
+ protocol now spells the type "Dependent" correctly. This is a
+ breaking change in the control protocol. (The field seems to be
+ ignored by the most common known controllers.) Fixes bug 18146;
+ bugfix on 0.1.1.4-alpha.
+ - The GETINFO extra-info/digest/<digest> command was broken because
+ of a wrong base16 decode return value check, introduced when
+ refactoring that API. Fixes bug 22034; bugfix on 0.2.9.1-alpha.
+
+ o Minor bugfix (logging):
+ - Don't recommend the use of Tor2web in non-anonymous mode.
+ Recommending Tor2web is a bad idea because the client loses all
+ anonymity. Tor2web should only be used in specific cases by users
+ who *know* and understand the issues. Fixes bug 21294; bugfix
+ on 0.2.9.3-alpha.
+
+ o Minor bugfixes (bug resilience):
+ - Fix an unreachable size_t overflow in base64_decode(). Fixes bug
+ 19222; bugfix on 0.2.0.9-alpha. Found by Guido Vranken; fixed by
+ Hans Jerry Illikainen.
+
+ o Minor bugfixes (build):
+ - Replace obsolete Autoconf macros with their modern equivalent and
+ prevent similar issues in the future. Fixes bug 20990; bugfix
+ on 0.1.0.1-rc.
+
+ o Minor bugfixes (certificate expiration time):
+ - Avoid using link certificates that don't become valid till some
+ time in the future. Fixes bug 21420; bugfix on 0.2.4.11-alpha
+
+ o Minor bugfixes (client):
+ - Always recover from failures in extend_info_from_node(), in an
+ attempt to prevent any recurrence of bug 21242. Fixes bug 21372;
+ bugfix on 0.2.3.1-alpha.
+ - When clients that use bridges start up with a cached consensus on
+ disk, they were ignoring it and downloading a new one. Now they
+ use the cached one. Fixes bug 20269; bugfix on 0.2.3.12-alpha.
+
+ o Minor bugfixes (code correctness):
+ - Repair a couple of (unreachable or harmless) cases of the risky
+ comparison-by-subtraction pattern that caused bug 21278.
+
+ o Minor bugfixes (config):
+ - Don't assert on startup when trying to get the options list and
+ LearnCircuitBuildTimeout is set to 0: we are currently parsing the
+ options so of course they aren't ready yet. Fixes bug 21062;
+ bugfix on 0.2.9.3-alpha.
+
+ o Minor bugfixes (configuration):
+ - Accept non-space whitespace characters after the severity level in
+ the `Log` option. Fixes bug 19965; bugfix on 0.2.1.1-alpha.
+ - Support "TByte" and "TBytes" units in options given in bytes.
+ "TB", "terabyte(s)", "TBit(s)" and "terabit(s)" were already
+ supported. Fixes bug 20622; bugfix on 0.2.0.14-alpha.
+
+ o Minor bugfixes (configure, autoconf):
+ - Rename the configure option --enable-expensive-hardening to
+ --enable-fragile-hardening. Expensive hardening makes the tor
+ daemon abort when some kinds of issues are detected. Thus, it
+ makes tor more at risk of remote crashes but safer against RCE or
+ heartbleed bug category. We now try to explain this issue in a
+ message from the configure script. Fixes bug 21290; bugfix
+ on 0.2.5.4-alpha.
+
+ o Minor bugfixes (consensus weight):
+ - Add new consensus method that initializes bw weights to 1 instead
+ of 0. This prevents a zero weight from making it all the way to
+ the end (happens in small testing networks) and causing an error.
+ Fixes bug 14881; bugfix on 0.2.2.17-alpha.
+
+ o Minor bugfixes (crash prevention):
+ - Fix an (currently untriggerable, but potentially dangerous) crash
+ bug when base32-encoding inputs whose sizes are not a multiple of
+ 5. Fixes bug 21894; bugfix on 0.2.9.1-alpha.
+
+ o Minor bugfixes (dead code):
+ - Remove a redundant check for PidFile changes at runtime in
+ options_transition_allowed(): this check is already performed
+ regardless of whether the sandbox is active. Fixes bug 21123;
+ bugfix on 0.2.5.4-alpha.
+
+ o Minor bugfixes (descriptors):
+ - Correctly recognise downloaded full descriptors as valid, even
+ when using microdescriptors as circuits. This affects clients with
+ FetchUselessDescriptors set, and may affect directory authorities.
+ Fixes bug 20839; bugfix on 0.2.3.2-alpha.
+
+ o Minor bugfixes (directory mirrors):
+ - Allow relays to use directory mirrors without a DirPort: these
+ relays need to be contacted over their ORPorts using a begindir
+ connection. Fixes one case of bug 20711; bugfix on 0.2.8.2-alpha.
+ - Clarify the message logged when a remote relay is unexpectedly
+ missing an ORPort or DirPort: users were confusing this with a
+ local port. Fixes another case of bug 20711; bugfix
+ on 0.2.8.2-alpha.
+
+ o Minor bugfixes (directory system):
+ - Bridges and relays now use microdescriptors (like clients do)
+ rather than old-style router descriptors. Now bridges will blend
+ in with clients in terms of the circuits they build. Fixes bug
+ 6769; bugfix on 0.2.3.2-alpha.
+ - Download all consensus flavors, descriptors, and authority
+ certificates when FetchUselessDescriptors is set, regardless of
+ whether tor is a directory cache or not. Fixes bug 20667; bugfix
+ on all recent tor versions.
+
+ o Minor bugfixes (documentation):
+ - Update the tor manual page to document every option that can not
+ be changed while tor is running. Fixes bug 21122.
+
+ o Minor bugfixes (ed25519 certificates):
+ - Correctly interpret ed25519 certificates that would expire some
+ time after 19 Jan 2038. Fixes bug 20027; bugfix on 0.2.7.2-alpha.
+
+ o Minor bugfixes (fallback directories):
+ - Avoid checking fallback candidates' DirPorts if they are down in
+ OnionOO. When a relay operator has multiple relays, this
+ prioritizes relays that are up over relays that are down. Fixes
+ bug 20926; bugfix on 0.2.8.3-alpha.
+ - Stop failing when OUTPUT_COMMENTS is True in updateFallbackDirs.py.
+ Fixes bug 20877; bugfix on 0.2.8.3-alpha.
+ - Stop failing when a relay has no uptime data in
+ updateFallbackDirs.py. Fixes bug 20945; bugfix on 0.2.8.1-alpha.
+
+ o Minor bugfixes (hidden service):
+ - Clean up the code for expiring intro points with no associated
+ circuits. It was causing, rarely, a service with some expiring
+ introduction points to not open enough additional introduction
+ points. Fixes part of bug 21302; bugfix on 0.2.7.2-alpha.
+ - Resolve two possible underflows which could lead to creating and
+ closing a lot of introduction point circuits in a non-stop loop.
+ Fixes bug 21302; bugfix on 0.2.7.2-alpha.
+ - Stop setting the torrc option HiddenServiceStatistics to "0" just
+ because we're not a bridge or relay. Instead, we preserve whatever
+ value the user set (or didn't set). Fixes bug 21150; bugfix
+ on 0.2.6.2-alpha.
+
+ o Minor bugfixes (hidden services):
+ - Make hidden services check for failed intro point connections,
+ even when they have exceeded their intro point creation limit.
+ Fixes bug 21596; bugfix on 0.2.7.2-alpha. Reported by Alec Muffett.
+ - Make hidden services with 8 to 10 introduction points check for
+ failed circuits immediately after startup. Previously, they would
+ wait for 5 minutes before performing their first checks. Fixes bug
+ 21594; bugfix on 0.2.3.9-alpha. Reported by Alec Muffett.
+ - Stop ignoring misconfigured hidden services. Instead, refuse to
+ start tor until the misconfigurations have been corrected. Fixes
+ bug 20559; bugfix on multiple commits in 0.2.7.1-alpha
+ and earlier.
+
+ o Minor bugfixes (IPv6):
+ - Make IPv6-using clients try harder to find an IPv6 directory
+ server. Fixes bug 20999; bugfix on 0.2.8.2-alpha.
+ - When IPv6 addresses have not been downloaded yet (microdesc
+ consensus documents don't list relay IPv6 addresses), use hard-
+ coded addresses for authorities, fallbacks, and configured
+ bridges. Now IPv6-only clients can use microdescriptors. Fixes bug
+ 20996; bugfix on b167e82 from 19608 in 0.2.8.5-alpha.
+
+ o Minor bugfixes (memory leak at exit):
+ - Fix a small harmless memory leak at exit of the previously unused
+ RSA->Ed identity cross-certificate. Fixes bug 17779; bugfix
+ on 0.2.7.2-alpha.
+
+ o Minor bugfixes (onion services):
+ - Allow the number of introduction points to be as low as 0, rather
+ than as low as 3. Fixes bug 21033; bugfix on 0.2.7.2-alpha.
+
+ o Minor bugfixes (portability):
+ - Use "OpenBSD" compiler macro instead of "OPENBSD" or "__OpenBSD__".
+ It is supported by OpenBSD itself, and also by most OpenBSD
+ variants (such as Bitrig). Fixes bug 20980; bugfix
+ on 0.1.2.1-alpha.
+
+ o Minor bugfixes (portability, also in 0.2.9.9):
+ - Avoid crashing when Tor is built using headers that contain
+ CLOCK_MONOTONIC_COARSE, but then tries to run on an older kernel
+ without CLOCK_MONOTONIC_COARSE. Fixes bug 21035; bugfix
+ on 0.2.9.1-alpha.
+ - Fix Libevent detection on platforms without Libevent 1 headers
+ installed. Fixes bug 21051; bugfix on 0.2.9.1-alpha.
+
+ o Minor bugfixes (relay):
+ - Avoid a double-marked-circuit warning that could happen when we
+ receive DESTROY cells under heavy load. Fixes bug 20059; bugfix
+ on 0.1.0.1-rc.
+ - Honor DataDirectoryGroupReadable when tor is a relay. Previously,
+ initializing the keys would reset the DataDirectory to 0700
+ instead of 0750 even if DataDirectoryGroupReadable was set to 1.
+ Fixes bug 19953; bugfix on 0.0.2pre16. Patch by "redfish".
+
+ o Minor bugfixes (testing):
+ - Fix Raspbian build issues related to missing socket errno in
+ test_util.c. Fixes bug 21116; bugfix on 0.2.8.2. Patch by "hein".
+ - Remove undefined behavior from the backtrace generator by removing
+ its signal handler. Fixes bug 21026; bugfix on 0.2.5.2-alpha.
+ - Use bash in src/test/test-network.sh. This ensures we reliably
+ call chutney's newer tools/test-network.sh when available. Fixes
+ bug 21562; bugfix on 0.2.9.1-alpha.
+
+ o Minor bugfixes (tor-resolve):
+ - The tor-resolve command line tool now rejects hostnames over 255
+ characters in length. Previously, it would silently truncate them,
+ which could lead to bugs. Fixes bug 21280; bugfix on 0.0.9pre5.
+ Patch by "junglefowl".
+
+ o Minor bugfixes (unit tests):
+ - Allow the unit tests to pass even when DNS lookups of bogus
+ addresses do not fail as expected. Fixes bug 20862 and 20863;
+ bugfix on unit tests introduced in 0.2.8.1-alpha
+ through 0.2.9.4-alpha.
+
+ o Minor bugfixes (util):
+ - When finishing writing a file to disk, if we were about to replace
+ the file with the temporary file created before and we fail to
+ replace it, remove the temporary file so it doesn't stay on disk.
+ Fixes bug 20646; bugfix on 0.2.0.7-alpha. Patch by fk.
+
+ o Minor bugfixes (Windows services):
+ - Be sure to initialize the monotonic time subsystem before using
+ it, even when running as an NT service. Fixes bug 21356; bugfix
+ on 0.2.9.1-alpha.
+
+ o Minor bugfixes (Windows):
+ - Check for getpagesize before using it to mmap files. This fixes
+ compilation in some MinGW environments. Fixes bug 20530; bugfix on
+ 0.1.2.1-alpha. Reported by "ice".
+
+ o Code simplification and refactoring:
+ - Abolish all global guard context in entrynodes.c; replace with new
+ guard_selection_t structure as preparation for proposal 271.
+ Closes ticket 19858.
+ - Extract magic numbers in circuituse.c into defined variables.
+ - Introduce rend_service_is_ephemeral() that tells if given onion
+ service is ephemeral. Replace unclear NULL-checkings for service
+ directory with this function. Closes ticket 20526.
+ - Refactor circuit_is_available_for_use to remove unnecessary check.
+ - Refactor circuit_predict_and_launch_new for readability and
+ testability. Closes ticket 18873.
+ - Refactor code to manipulate global_origin_circuit_list into
+ separate functions. Closes ticket 20921.
+ - Refactor large if statement in purpose_needs_anonymity to use
+ switch statement instead. Closes part of ticket 20077.
+ - Refactor the hashing API to return negative values for errors, as
+ is done as throughout the codebase. Closes ticket 20717.
+ - Remove data structures that were used to index or_connection
+ objects by their RSA identity digests. These structures are fully
+ redundant with the similar structures used in the
+ channel abstraction.
+ - Remove duplicate code in the channel_write_*cell() functions.
+ Closes ticket 13827; patch from Pingl.
+ - Remove redundant behavior of is_sensitive_dir_purpose, refactor to
+ use only purpose_needs_anonymity. Closes part of ticket 20077.
+ - The code to generate and parse EXTEND and EXTEND2 cells has been
+ replaced with code automatically generated by the
+ "trunnel" utility.
+
+ o Documentation (formatting):
+ - Clean up formatting of tor.1 man page and HTML doc, where <pre>
+ blocks were incorrectly appearing. Closes ticket 20885.
+
+ o Documentation (man page):
+ - Clarify many options in tor.1 and add some min/max values for
+ HiddenService options. Closes ticket 21058.
+
+ o Documentation:
+ - Change '1' to 'weight_scale' in consensus bw weights calculation
+ comments, as that is reality. Closes ticket 20273. Patch
+ from pastly.
+ - Clarify that when ClientRejectInternalAddresses is enabled (which
+ is the default), multicast DNS hostnames for machines on the local
+ network (of the form *.local) are also rejected. Closes
+ ticket 17070.
+ - Correct the value for AuthDirGuardBWGuarantee in the manpage, from
+ 250 KBytes to 2 MBytes. Fixes bug 20435; bugfix on 0.2.5.6-alpha.
+ - Include the "TBits" unit in Tor's man page. Fixes part of bug
+ 20622; bugfix on 0.2.5.1-alpha.
+ - Small fixes to the fuzzing documentation. Closes ticket 21472.
+ - Stop the man page from incorrectly stating that HiddenServiceDir
+ must already exist. Fixes 20486.
+ - Update the description of the directory server options in the
+ manual page, to clarify that a relay no longer needs to set
+ DirPort in order to be a directory cache. Closes ticket 21720.
+
+ o Removed features:
+ - The AuthDirMaxServersPerAuthAddr option no longer exists: The same
+ limit for relays running on a single IP applies to authority IP
+ addresses as well as to non-authority IP addresses. Closes
+ ticket 20960.
+ - The UseDirectoryGuards torrc option no longer exists: all users
+ that use entry guards will also use directory guards. Related to
+ proposal 271; implements part of ticket 20831.
+
+ o Testing:
+ - Add tests for networkstatus_compute_bw_weights_v10.
+ - Add unit tests circuit_predict_and_launch_new.
+ - Extract dummy_origin_circuit_new so it can be used by other
+ test functions.
+ - New unit tests for tor_htonll(). Closes ticket 19563. Patch
+ from "overcaffeinated".
+ - Perform the coding style checks when running the tests and fail
+ when coding style violations are found. Closes ticket 5500.
+
+
Changes in version 0.2.8.13 - 2017-03-03
Tor 0.2.8.13 backports a security fix from later Tor
releases. Anybody running Tor 0.2.8.12 or earlier should upgrade to this
More information about the tor-commits
mailing list