[tor-commits] [tor/release-0.3.2] Make a changelog for 0.3.2.10
nickm at torproject.org
nickm at torproject.org
Tue Feb 27 21:55:59 UTC 2018
commit 3acf6cafbb655a73f0a52b38a0dbd94eb5befa3f
Author: Nick Mathewson <nickm at torproject.org>
Date: Tue Feb 27 16:55:08 2018 -0500
Make a changelog for 0.3.2.10
(Note that two entries are marked OMIT: they are bugfixes on #24902
that we're backporting along with the #24902 code. I think that
means that we don't backport their changelog entries, since they are
bugfixes on a later version of Tor?)
---
ChangeLog | 145 +++++++++++++++++++++++++++++++++++++++++++++
changes/bug21074_downgrade | 4 --
changes/bug24526 | 4 --
changes/bug24652 | 6 --
changes/bug24700 | 4 --
changes/bug24826_031 | 4 --
changes/bug24859 | 4 --
changes/bug24894 | 5 --
changes/bug24895 | 8 ---
changes/bug24898 | 8 ---
changes/bug24952 | 5 --
changes/bug24972 | 4 --
changes/bug24975 | 6 --
changes/bug24976 | 5 --
changes/bug24978 | 7 ---
changes/bug25005 | 4 --
changes/bug25070 | 3 -
changes/bug25105 | 5 --
changes/bug25223 | 4 --
changes/geoip-2018-02-07 | 4 --
changes/ticket24902 | 13 ----
changes/ticket25122 | 4 --
changes/ticket25170 | 5 --
changes/ticket25202 | 4 --
changes/ticket25323 | 4 --
25 files changed, 145 insertions(+), 124 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index da312f2d8..bad9f1b93 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,148 @@
+Changes in version 0.3.2.10 - 2018-03-??
+ Tor 0.3.2.10 is the second stable release in the 0.3.2 series. It
+ backports a number of bugfixes, including important fixes for security
+ issues.
+
+ BLURB HERE.
+
+ o Major features (denial-of-service mitigation, backport from 0.3.3.2-alpha):
+ - Give relays some defenses against the recent network overload. We
+ start with three defenses (default parameters in parentheses).
+ First: if a single client address makes too many concurrent
+ connections (>100), hang up on further connections. Second: if a
+ single client address makes circuits too quickly (more than 3 per
+ second, with an allowed burst of 90) while also having too many
+ connections open (3), refuse new create cells for the next while
+ (1-2 hours). Third: if a client asks to establish a rendezvous
+ point to you directly, ignore the request. These defenses can be
+ manually controlled by new torrc options, but relays will also
+ take guidance from consensus parameters, so there's no need to
+ configure anything manually. Implements ticket 24902.
+
+ o Major bugfixes (onion services, retry behavior, backport from 0.3.3.1-alpha):
+ - Fix an "off by 2" error in counting rendezvous failures on the
+ onion service side. While we thought we would stop the rendezvous
+ attempt after one failed circuit, we were actually making three
+ circuit attempts before giving up. Now switch to a default of 2,
+ and allow the consensus parameter "hs_service_max_rdv_failures" to
+ override. Fixes bug 24895; bugfix on 0.0.6.
+ - New-style (v3) onion services now obey the "max rendezvous circuit
+ attempts" logic. Previously they would make as many rendezvous
+ circuit attempts as they could fit in the MAX_REND_TIMEOUT second
+ window before giving up. Fixes bug 24894; bugfix on 0.3.2.1-alpha.
+
+ o Major bugfixes (protocol versions, backport from 0.3.3.2-alpha):
+ - Add Link protocol version 5 to the supported protocols list. Fixes
+ bug 25070; bugfix on 0.3.1.1-alpha.
+
+ o Major bugfixes (relay, backport from 0.3.3.1-alpha):
+ - Fix a set of false positives where relays would consider
+ connections to other relays as being client-only connections (and
+ thus e.g. deserving different link padding schemes) if those
+ relays fell out of the consensus briefly. Now we look only at the
+ initial handshake and whether the connection authenticated as a
+ relay. Fixes bug 24898; bugfix on 0.3.1.1-alpha.
+
+ o Major bugfixes (scheduler, consensus, backport from 0.3.3.2-alpha):
+ - The scheduler subsystem was failing to promptly notice changes in
+ consensus parameters, making it harder to switch schedulers
+ network-wide. Fixes bug 24975; bugfix on 0.3.2.1-alpha.
+
+ o Minor features (denial-of-service avoidance, backport from 0.3.3.2-alpha):
+ - Make our OOM handler aware of the geoip client history cache so it
+ doesn't fill up the memory. This check is important for IPv6 and
+ our DoS mitigation subsystem. Closes ticket 25122.
+
+ o Minor features (compatibility, OpenSSL, backport from 0.3.3.3-alpha):
+ - Tor will now support TLS1.3 once OpenSSL 1.1.1 is released.
+ Previous versions of Tor would not have worked with OpenSSL 1.1.1,
+ since they neither disabled TLS 1.3 nor enabled any of the
+ ciphersuites it requires. Here we enable the TLS 1.3 ciphersuites.
+ Closes ticket 24978.
+
+ o Minor features (geoip):
+ - Update geoip and geoip6 to the February 7 2018 Maxmind GeoLite2
+ Country database.
+
+ o Minor features (logging, diagnostic, backport from 0.3.3.2-alpha):
+ - When logging a failure to check a hidden service's certificate,
+ also log what the problem with the certificate was. Diagnostic
+ for ticket 24972.
+
+ o Minor bugfix (channel connection, backport from 0.3.3.2-alpha):
+ - Use the actual observed address of an incoming relay connection,
+ not the canonical address of the relay from its descriptor, when
+ making decisions about how to handle the incoming connection.
+ Fixes bug 24952; bugfix on 0.2.4.11-alpha. Patch by "ffmancera".
+
+ o Minor bugfix (directory authority, backport from 0.3.3.2-alpha):
+ - Directory authorities, when refusing a descriptor from a rejected
+ relay, now explicitly tell the relay (in its logs) to set a valid
+ ContactInfo address and contact the bad-relays@ mailing list.
+ Fixes bug 25170; bugfix on 0.2.9.1.
+
+ o Minor bugfixes (build, rust, backport from 0.3.3.1-alpha):
+ - When building with Rust on OSX, link against libresolv, to work
+ around the issue at https://github.com/rust-lang/rust/issues/46797.
+ Fixes bug 24652; bugfix on 0.3.1.1-alpha.
+
+
+ [[[[ OMIT
+ o Minor bugfixes (DoS mitigation):
+ - Add extra safety checks when refilling the circuit creation bucket to
+ ensure we never set a value that is above the allowed burst. Fixes
+ bug 25202; bugfix on 0.3.3.2-alpha.
+ - Make sure we don't modify consensus parameters if we aren't a public
+ relay when a new consensus arrives. Fixes bug 25223; bugfix on
+ 0.3.3.2-alpha.
+ OMIT]]]]
+
+ o Minor bugfixes (onion services, backport from 0.3.3.2-alpha):
+ - Remove a BUG() statement when a client fetches an onion descriptor
+ that has a lower revision counter than the one in its cache. This
+ can happen in normal circumstances due to HSDir desync. Fixes bug
+ 24976; bugfix on 0.3.2.1-alpha.
+
+ o Minor bugfixes (logging, backport from 0.3.3.2-alpha):
+ - Don't treat inability to store a cached consensus object as a bug:
+ it can happen normally when we are out of disk space. Fixes bug
+ 24859; bugfix on 0.3.1.1-alpha.
+
+ o Minor bugfixes (performance, fragile-hardening, backport from 0.3.3.1-alpha):
+ - Improve the performance of our consensus-diff application code
+ when Tor is built with the --enable-fragile-hardening option set.
+ Fixes bug 24826; bugfix on 0.3.1.1-alpha.
+
+ o Minor bugfixes (OSX, backport from 0.3.3.1-alpha):
+ - Don't exit the Tor process if setrlimit() fails to change the file
+ limit (which can happen sometimes on some versions of OSX). Fixes
+ bug 21074; bugfix on 0.0.9pre5.
+
+ o Minor bugfixes (scheduler, KIST, backport from 0.3.3.2-alpha):
+ - Avoid adding the same channel twice in the KIST scheduler pending
+ list, which would waste CPU cycles. Fixes bug 24700; bugfix
+ on 0.3.2.1-alpha.
+
+ o Minor bugfixes (testing, backport from 0.3.3.1-alpha):
+ - Fix a memory leak in the scheduler/loop_kist unit test. Fixes bug
+ 25005; bugfix on 0.3.2.7-rc.
+
+ o Minor bugfixes (v3 onion services, backport from 0.3.3.2-alpha):
+ - Look at the "HSRend" protocol version, not the "HSDir" protocol
+ version, when deciding whether a consensus entry can support the
+ v3 onion service protocol as a rendezvous point. Fixes bug 25105;
+ bugfix on 0.3.2.1-alpha.
+
+ o Code simplification and refactoring (backport from 0.3.3.3-alpha):
+ - Update the "rust dependencies" submodule to be a project-level
+ repository, rather than a user repository. Closes ticket 25323.
+
+ o Documentation (backport from 0.3.3.1-alpha)
+ - Document that operators who run more than one relay or bridge are
+ expected to set MyFamily and ContactInfo correctly. Closes
+ ticket 24526.
+
+
Changes in version 0.3.2.9 - 2018-01-09
Tor 0.3.2.9 is the first stable release in the 0.3.2 series.
diff --git a/changes/bug21074_downgrade b/changes/bug21074_downgrade
deleted file mode 100644
index 1bc1f8523..000000000
--- a/changes/bug21074_downgrade
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfixes (portability):
- - Don't exit the Tor process if setrlimit() fails to change the file
- limit (which can happen sometimes on some versions of OSX). Fixes
- bug 21074; bugfix on 0.0.9pre5.
diff --git a/changes/bug24526 b/changes/bug24526
deleted file mode 100644
index 4d69defa9..000000000
--- a/changes/bug24526
+++ /dev/null
@@ -1,4 +0,0 @@
- o Documentation:
- - Document that operators who run more than one relay or bridge are
- expected to set MyFamily and ContactInfo correctly. Closes ticket
- 24526.
diff --git a/changes/bug24652 b/changes/bug24652
deleted file mode 100644
index 6e35e259e..000000000
--- a/changes/bug24652
+++ /dev/null
@@ -1,6 +0,0 @@
- o Minor bugfixes (build, compatibility, rust, OSX):
-
- - When building with Rust on OSX, link against libresolv, to
- work around the issue at
- https://github.com/rust-lang/rust/issues/46797. Fixes bug
- 24652; bugfix on 0.3.1.1-alpha.
diff --git a/changes/bug24700 b/changes/bug24700
deleted file mode 100644
index 74dc581a0..000000000
--- a/changes/bug24700
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfixes (scheduler, KIST):
- - Avoid adding the same channel twice in the KIST scheduler pending list
- wasting CPU cycles at handling the same channel twice. Fixes bug 24700;
- bugfix on 0.3.2.1-alpha.
diff --git a/changes/bug24826_031 b/changes/bug24826_031
deleted file mode 100644
index 3d4a66184..000000000
--- a/changes/bug24826_031
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfixes (performance, fragile-hardening):
- - Improve the performance of our consensus-diff application code when Tor
- is built with the --enable-fragile-hardening option set. Fixes bug
- 24826; bugfix on 0.3.1.1-alpha.
diff --git a/changes/bug24859 b/changes/bug24859
deleted file mode 100644
index 122109d65..000000000
--- a/changes/bug24859
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfixes (logging):
- - Don't treat inability to store a cached consensus object as a
- bug: it can happen normally when we are out of disk space.
- Fixes bug 24859; bugfix on 0.3.1.1-alpha.
diff --git a/changes/bug24894 b/changes/bug24894
deleted file mode 100644
index b08cdce1f..000000000
--- a/changes/bug24894
+++ /dev/null
@@ -1,5 +0,0 @@
- o Major bugfixes (v3 onion services):
- - New-style (v3) onion services now obey the "max rendezvous circuit
- attempts" logic. Previously they would make as many rendezvous
- circuit attempts as they could fit in the MAX_REND_TIMEOUT second
- window before giving up. Fixes bug 24894; bugfix on 0.3.2.1-alpha.
diff --git a/changes/bug24895 b/changes/bug24895
deleted file mode 100644
index 7edde94a0..000000000
--- a/changes/bug24895
+++ /dev/null
@@ -1,8 +0,0 @@
- o Major bugfixes (onion services):
- - Fix an "off by 2" error in counting rendezvous failures on the onion
- service side. While we thought we would stop the rendezvous attempt
- after one failed circuit, we were actually making three circuit attempts
- before giving up. Now switch to a default of 2, and allow the consensus
- parameter "hs_service_max_rdv_failures" to override. Fixes bug 24895;
- bugfix on 0.0.6.
-
diff --git a/changes/bug24898 b/changes/bug24898
deleted file mode 100644
index f64340d71..000000000
--- a/changes/bug24898
+++ /dev/null
@@ -1,8 +0,0 @@
- o Major bugfixes (relays):
- - Fix a set of false positives where relays would consider connections
- to other relays as being client-only connections (and thus e.g.
- deserving different link padding schemes) if those relays fell out
- of the consensus briefly. Now we look only at the initial handshake
- and whether the connection authenticated as a relay. Fixes bug
- 24898; bugfix on 0.3.1.1-alpha.
-
diff --git a/changes/bug24952 b/changes/bug24952
deleted file mode 100644
index 93174c04f..000000000
--- a/changes/bug24952
+++ /dev/null
@@ -1,5 +0,0 @@
- o Minor bugfix (channel connection):
- - The accurate address of a connection is real_addr, not the addr member.
- TLS Channel remote address is now real_addr content instead of addr
- member. Fixes bug 24952; bugfix on 707c1e2e26 in 0.2.4.11-alpha.
- Patch by "ffmancera".
diff --git a/changes/bug24972 b/changes/bug24972
deleted file mode 100644
index 5adf970ab..000000000
--- a/changes/bug24972
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor features (logging, diagnostic):
- - When logging a failure to check a hidden service's certificate,
- also log what the problem with the certificate was. Diagnostic
- for ticket 24972.
diff --git a/changes/bug24975 b/changes/bug24975
deleted file mode 100644
index 32a5dfc92..000000000
--- a/changes/bug24975
+++ /dev/null
@@ -1,6 +0,0 @@
- o Major bugfixes (scheduler, consensus):
- - A logic in the code was preventing the scheduler subystem to properly
- make a decision based on the latest consensus when it arrives. This lead
- to the scheduler failing to notice any consensus parameters that might
- have changed between consensuses. Fixes bug 24975; bugfix on
- 0.3.2.1-alpha.
diff --git a/changes/bug24976 b/changes/bug24976
deleted file mode 100644
index 9c3be86ea..000000000
--- a/changes/bug24976
+++ /dev/null
@@ -1,5 +0,0 @@
- o Minor bugfixes (hidden service v3 client):
- - Remove a BUG() statement which can be triggered in normal circumstances
- where a client fetches a descriptor that has a lower revision counter
- than the one in its cache. This can happen due to HSDir desync. Fixes
- bug 24976; bugfix on 0.3.2.1-alpha.
diff --git a/changes/bug24978 b/changes/bug24978
deleted file mode 100644
index 5dc45c744..000000000
--- a/changes/bug24978
+++ /dev/null
@@ -1,7 +0,0 @@
- o Minor features (compatibility, OpenSSL):
- - Tor will now support TLS1.3 once OpenSSL 1.1.1 is released.
- Previous versions of Tor would not have worked with OpenSSL
- 1.1.1, since they neither disabled TLS 1.3 nor enabled any of the
- ciphersuites it requires. Here we enable the TLS 1.3 ciphersuites.
- Closes ticket 24978.
-
diff --git a/changes/bug25005 b/changes/bug25005
deleted file mode 100644
index dedf283aa..000000000
--- a/changes/bug25005
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfixes (unit tests):
- - Fix a memory leak in the scheduler/loop_kist unit test. Fixes bug
- 25005; bugfix on 0.3.2.7-rc.
-
diff --git a/changes/bug25070 b/changes/bug25070
deleted file mode 100644
index c2f4e58c4..000000000
--- a/changes/bug25070
+++ /dev/null
@@ -1,3 +0,0 @@
- o Major bugfixes (protocol versions):
- - Add Link protocol version 5 to the supported protocols list.
- Fixes bug 25070; bugfix on 0.3.1.1-alpha.
diff --git a/changes/bug25105 b/changes/bug25105
deleted file mode 100644
index 36d1a5f16..000000000
--- a/changes/bug25105
+++ /dev/null
@@ -1,5 +0,0 @@
- o Minor bugfixes (v3 onion services):
- - Look at the "HSRend" protocol version, not the "HSDir" protocol
- version, when deciding whether a consensus entry can support
- the v3 onion service protocol as a rendezvous point.
- Fixes bug 25105; bugfix on 0.3.2.1-alpha.
diff --git a/changes/bug25223 b/changes/bug25223
deleted file mode 100644
index fdd556350..000000000
--- a/changes/bug25223
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfixes (DoS mitigation):
- - Make sure we don't modify consensus parameters if we aren't a public
- relay when a new consensus arrives. Fixes bug 25223; bugfix on
- 0.3.3.2-alpha.
diff --git a/changes/geoip-2018-02-07 b/changes/geoip-2018-02-07
deleted file mode 100644
index f45228fd7..000000000
--- a/changes/geoip-2018-02-07
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor features (geoip):
- - Update geoip and geoip6 to the February 7 2018 Maxmind GeoLite2
- Country database.
-
diff --git a/changes/ticket24902 b/changes/ticket24902
deleted file mode 100644
index 1a2ef95cc..000000000
--- a/changes/ticket24902
+++ /dev/null
@@ -1,13 +0,0 @@
- o Major features (denial of service mitigation):
- - Give relays some defenses against the recent network overload. We start
- with three defenses (default parameters in parentheses). First: if a
- single client address makes too many concurrent connections (>100), hang
- up on further connections. Second: if a single client address makes
- circuits too quickly (more than 3 per second, with an allowed burst of
- 90) while also having too many connections open (3), refuse new create
- cells for the next while (1-2 hours). Third: if a client asks to
- establish a rendezvous point to you directly, ignore the request. These
- defenses can be manually controlled by new torrc options, but relays
- will also take guidance from consensus parameters, so there's no need to
- configure anything manually. Implements ticket 24902.
-
diff --git a/changes/ticket25122 b/changes/ticket25122
deleted file mode 100644
index 2921811b2..000000000
--- a/changes/ticket25122
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor feature (geoip cache):
- - Make our OOM handler aware of the geoip client history cache so it
- doesn't fill up the memory which is especially important for IPv6 and
- our DoS mitigation subsystem. Closes ticket 25122.
diff --git a/changes/ticket25170 b/changes/ticket25170
deleted file mode 100644
index 065213940..000000000
--- a/changes/ticket25170
+++ /dev/null
@@ -1,5 +0,0 @@
- o Minor bugfix (directory authority, documentation):
- - When a fingerprint or network address is marked as rejected, the
- returned message by the authority now explicitly mention to set a valid
- ContactInfo address and contact the bad-relays@ mailing list. Fixes bug
- 25170; bugfix on 0.2.9.1.
diff --git a/changes/ticket25202 b/changes/ticket25202
deleted file mode 100644
index ba64abad7..000000000
--- a/changes/ticket25202
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfixes (DoS mitigation):
- - Add extra safety checks when refilling the circuit creation bucket to
- ensure we never set a value that is above the allowed burst. Fixes
- bug 25202; bugfix on 0.3.3.2-alpha.
diff --git a/changes/ticket25323 b/changes/ticket25323
deleted file mode 100644
index 836825de5..000000000
--- a/changes/ticket25323
+++ /dev/null
@@ -1,4 +0,0 @@
- o Code simplification and refactoring:
- - Update the "rust dependencies" submodule to be an project-level
- repository, rather than a user repository. Closes ticket 25323.
-
More information about the tor-commits
mailing list