nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-23 20:03:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

Write a blurb, pull UI changes to the front, edit

Browse Source
This commit is contained in:
Nick Mathewson 2018-09-17 16:04:30 -04:00
parent 765caaea77
commit 3d80246a4e
1 changed files with 100 additions and 110 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

210
ChangeLog
View File

@ -1,12 +1,28 @@
Changes in version 0.3.5.1-alpha-2018-09-??
BLURB HERE. NOTE ABOUT NSS.
Changes in version 0.3.5.1-alpha-2018-09-18
Tor 0.3.5.1-alpha is the first release of the 0.3.5.x series. It adds
client authorization for modern (v3) onion services, improves
bootstrap reporting, begins reorganizing Tor's codebase, adds optional
support for NSS in place of OpenSSL, and much more.
o Major features (onion services, UI change):
- For a newly created onion service, the default version is now 3.
Tor still supports existing version 2 services, but the operator
now needs to set "HiddenServiceVersion 2" in order to create a new
version 2 service. For existing services, Tor now learns the
version by reading the key file. Closes ticket 27215.
o Major features (relay, UI change):
- Relays no longer run as exits by default. If the "ExitRelay"
option is auto (or unset), and no exit policy is specified with
ExitPolicy or ReducedExitPolicy, we now treat ExitRelay as 0.
Previously in this case, we allowed exit traffic and logged a
warning message. Closes ticket 21530. Patch by Neel Chauhan.
o Major features (bootstrap):
- Improve user experience by deferring directory progress reporting
until after a connection to a relay or bridge has succeeded. This
avoids reporting 80% progress based on cached directory
information when we can't even connect to a bridge or relay.
Closes ticket 27169.
- Don't report directory progress until after a connection to a
relay or bridge has succeeded. Previously, we'd report 80%
progress based on cached directory information when we couldn't
even connect to the network. Closes ticket 27169.
o Major features (new code layout):
- Nearly all of Tor's source code has been moved around into more
@ -22,59 +38,37 @@ Changes in version 0.3.5.1-alpha-2018-09-??
interconnected. We will attempt to improve this in the future.
o Major features (onion services v3):
- Implement client authorization at the descriptor level. A new
torrc option was added to control this client side:
ClientOnionAuthDir <path>. On the service side, if the
"authorized_clients/" directory exists in the onion service
directory path, client configuration are read from the files
within. See the manpage for more details. Closes ticket 27547.
Patch done by Suphanat Chunhapanya (haxxpop).
- Implement onion service client authorization at the descriptor
level: only authorized clients can decrypt a service's descriptor
to find out how to contact it. A new torrc option was added to
control this client side: ClientOnionAuthDir <path>. On the
service side, if the "authorized_clients/" directory exists in the
onion service directory path, client configuration are read from
the files within. See the manpage for more details. Closes ticket
27547. Patch done by Suphanat Chunhapanya (haxxpop).
- Improve revision counter generation in next-gen onion services.
Onion services can now scale by hosting multiple instances on
different hosts without synchronization between them, which was
previously impossible because descriptors would get rejected by
HSDirs. Addresses ticket 25552.
o Major features (onion services):
- For a newly created onion service, the default version is now 3.
Tor still supports version 2 service but the operator now needs to
specifically set "HiddenServiceVersion 2" in order to create a new
service. For existing services, tor now learns the version by
reading the key file so the HiddenServiceVersion is not mandatory
in that case. Closes ticket 27215.
o Major features (portability, cryptography, experimental, TLS):
- Tor now has the option to compile with the NSS library instead of
OpenSSL. This feature is experimental, and we expect that bugs may
remain. It is mainly intended for environments where Tor's
performance is not CPU-bound, and where NSS is already known to be
installed. To try it out, configure Tor with the --enable-nss
flag. Closes ticket 26631.
- Tor now has _partial_ support for using the NSS cryptography and
TLS library in place of OpenSSL. When Tor is configured with
--enable-nss, it will use NSS for several (but not yet all) of its
cryptography. (It still relies on OpenSSL for the rest.)
Eventually, if all goes as planned, "--enable-nss" will produce a
version of Tor that does not depend on OpenSSL. Implements
ticket 26816.
flag. Closes tickets 26631, 26815, and 26816.
WARNING: This feature is experimental. Don't use it for real
security yet, until the code has had much more review, and more
bugs have been shaken out.
- When built with --enable-nss, Tor now uses the NSS library for
digests, AES, and pseudorandom numbers. Closes ticket 26815.
o Major features (relay):
- Relays no longer run as exits by default. If the "ExitRelay"
option is auto (or unset), and no exit policy is specified with
ExitPolicy or ReducedExitPolicy, we now treat ExitRelay as 0.
Previously in this case, we allowed exit traffic and logged a
warning message. Closes ticket 21530. Patch by Neel Chauhan.
If you are experimenting with this option and using an old cached
consensus, Tor may fail to start. To solve this, delete your
"cached-microdesc-consensus" file, and restart Tor.
o Major bugfixes (directory authority):
- Actually check that address we get from DirAuthority configuration
line is valid IPv4. Explicitly disallow DirAuthority adress to be
DNS hostname. Fixes bug 26488; bugfix on 0.1.2.10-rc.
- Actually check that the address we get from DirAuthority
configuration line is valid IPv4. Explicitly disallow DirAuthority
adress to be a DNS hostname. Fixes bug 26488; bugfix
on 0.1.2.10-rc.
o Major bugfixes (restart-in-process):
- Fix a use-after-free error that could be caused by passing Tor an
@ -82,14 +76,15 @@ Changes in version 0.3.5.1-alpha-2018-09-??
Fixes bug 27708; bugfix on 0.3.3.1-alpha.
o Minor features (admin tools):
- Add new tool that prints expiration date of th signing cert in an
ed25519_signing_cert file. Resolves issue 19506.
- Add a new --key-expiration option to print the expiration date of
the signing cert in an ed25519_signing_cert file. Resolves
issue 19506.
o Minor features (build):
- If you pass the "--enable-pic" option to configure, Tor will try
to tell the compiler to build position-independent code suitable
to link into a library. (The default remains -fPIE, for code
suitable for a relocatable executable.) Closes ticket 23846.
to link into a dynamic library. (The default remains -fPIE, for
code suitable for a relocatable executable.) Closes ticket 23846.
o Minor features (code correctness, testing):
- Tor's build process now includes a "check-includes" make target to
@ -98,10 +93,11 @@ Changes in version 0.3.5.1-alpha-2018-09-??
refactor our codebase. Closes ticket 26447.
o Minor features (code layout):
- Make a new lowest-level error-handling API for use by code invoked
from within the logging module. This interface it makes it so the
- We have a new "lowest-level" error-handling API for use by code
invoked from within the logging module. With this interface, the
logging code is no longer at risk of calling into itself if a
failure occurs while trying to log something. Closes ticket 26427.
failure occurs while it is trying to log something. Closes
ticket 26427.
o Minor features (compilation):
- Tor's configure script now supports a --with-malloc= option to
@ -111,7 +107,7 @@ Changes in version 0.3.5.1-alpha-2018-09-??
Alex Xu.
o Minor features (config):
- The "auto" keyword in torrc is now case insensitive. Closes
- The "auto" keyword in torrc is now case-insensitive. Closes
ticket 26663.
o Minor features (continuous integration):
@ -122,10 +118,10 @@ Changes in version 0.3.5.1-alpha-2018-09-??
- Only run one online rust build in Travis, to reduce network
errors. Skip offline rust builds on Travis for Linux gcc, because
they're redundant. Implements ticket 27252.
- Skip gcc on OSX in Travis CI, it's rarely used. Skip a duplicate
hardening-off build in Travis on Tor 0.2.9. Skip gcc on Linux with
default settings, because all the non-default builds use gcc on
Linux. Implements ticket 27252.
- Skip gcc on OSX in Travis CI, because it's rarely used. Skip a
duplicate hardening-off build in Travis on Tor 0.2.9. Skip gcc on
Linux with default settings, because all the non-default builds
use gcc on Linux. Implements ticket 27252.
o Minor features (controller):
- Emit CIRC_BW events as soon as we detect that we processed an
@ -137,7 +133,7 @@ Changes in version 0.3.5.1-alpha-2018-09-??
bias check cells to arrive without counting it as dropped until
either the END arrvies, or the windows are empty. Closes
ticket 25573.
- Implement 'GETINFO md/all' controller command to enable getting
- Implement a 'GETINFO md/all' controller command to enable getting
all known microdesriptors. Closes ticket 8323.
- The GETINFO command now support an "uptime" argument, to return
Tor's uptime in seconds. Closes ticket 25132.
@ -148,8 +144,6 @@ Changes in version 0.3.5.1-alpha-2018-09-??
subsystem. Closes ticket 18642. Patch by Neel Chauhan
o Minor features (development):
- Copy paragraph and URL to Tor's code of conduct document from
CONTRIBUTING to new CODE_OF_CONDUCT file. Resolves ticket 26638.
- Tor's makefile now supports running the "clippy" Rust style tool
on our Rust code. Closes ticket 22156.
@ -168,17 +162,18 @@ Changes in version 0.3.5.1-alpha-2018-09-??
a preconstructed owning controller FD, so that embedding
applications don't need to manage controller ports and
authentication. Closes ticket 24204.
- The tor_api now has a function that returns the name and version
of the backend implementing the API. Closes ticket 26947.
- The Tor controller API now has a function that returns the name
and version of the backend implementing the API. Closes
ticket 26947.
o Minor features (geoip):
- Update geoip and geoip6 to the September 6 2018 Maxmind GeoLite2
Country database. Closes ticket 27631.
o Minor features (memory management):
- Get libevent code to use the same memory allocator that Tor code
is using by calling event_set_mem_functions() during
initialization. Resolves ticket 8415.
- Get Libevent to use the same memory allocator as Tor, by calling
event_set_mem_functions() during initialization. Resolves
ticket 8415.
o Minor features (memory usage):
- When not using them, store legacy TAP public onion keys in DER-
@ -189,7 +184,7 @@ Changes in version 0.3.5.1-alpha-2018-09-??
- When possible, use RFC5869 HKDF implementation from OpenSSL rather
than own own. Resolves ticket 19979.
o Minor features (rust, code quality):
o Minor features (Rust, code quality):
- Improve rust code quality in the rust protover implementation by
making it more idiomatic. Includes changing an internal API to
take &str instead of &String. Closes ticket 26492.
@ -206,6 +201,8 @@ Changes in version 0.3.5.1-alpha-2018-09-??
- Log each included configuration file or directory as we read it,
to provide more visibility about where Tor is reading from. Patch
from Unto Sten; closes ticket 27186.
- Low log level of "Scheduler type KIST has been enabled" to INFO.
Closes ticket 26703.
o Minor bugfixes (bootstrap):
- Try harder to get descriptors in non-exit test networks, by using
@ -224,7 +221,7 @@ Changes in version 0.3.5.1-alpha-2018-09-??
o Minor bugfixes (client, memory usage):
- When not running as a directory cache, there is no need to store
the text of the current consensus networkstatus in RAM.
Previously, however, clients would store this anyway, at a cost of
Previously, however, clients would store it anyway, at a cost of
over 5 MB. Now, they do not. Fixes bug 27247; bugfix
on 0.3.0.1-alpha.
@ -240,10 +237,6 @@ Changes in version 0.3.5.1-alpha-2018-09-??
misleadingly suggest that they are sandbox-only. Fixes bug 26525;
bugfix on 0.2.7.1-alpha.
o Minor bugfixes (compilation):
- Use Windows-compatible format strings in tor-print-ed-signing-
cert.c. Fixes bug 26986; bugfix on master.
o Minor bugfixes (configuration, Onion Services):
- In rend_service_parse_port_config(), disallow any input to remain
after address-port pair was parsed. This will catch address and
@ -251,9 +244,6 @@ Changes in version 0.3.5.1-alpha-2018-09-??
27044; bugfix on 0.2.9.10.
o Minor bugfixes (continuous integration):
- Improve Appveyor CI IRC logging. Generate correct branches and
URLs for pull requests and tags. Use unambiguous short commits.
Fixes bug 26979; bugfix on master.
- Stop reinstalling identical packages in our Windows CI. Fixes bug
27464; bugfix on 0.3.4.1-alpha.
@ -284,8 +274,8 @@ Changes in version 0.3.5.1-alpha-2018-09-??
Tor is running as client. Also, log a stack trace for debugging as
this function should only be called when Tor runs as server. Fixes
bug 26892; bugfix on 0.1.1.9-alpha.
- Refrain from mentioning bug 21018, as it is already fixed. Fixes
bug 25477; bugfix on 0.2.9.8.
- Refrain from mentioning bug 21018 in the logs, as it is already
fixed. Fixes bug 25477; bugfix on 0.2.9.8.
o Minor bugfixes (logging, documentation):
- When SafeLogging is enabled, scrub IP address in
@ -298,22 +288,21 @@ Changes in version 0.3.5.1-alpha-2018-09-??
padding. Fixes bug 25505; bugfix on 0.3.1.1-alpha.
o Minor bugfixes (onion service v2):
- Demote a log warning to info in case we do not have a consensus
when a .onion request comes in. This can happen while bootstrapping
for instance. The request will follow through after so we really
don't need to warn the user loudly. Fixes bug 27040; bugfix
- Log at level "info", not "warning", in the case that we do not
have a consensus when a .onion request comes in. This can happen
normally while bootstrapping. Fixes bug 27040; bugfix
on 0.2.8.2-alpha.
o Minor bugfixes (onion service v3):
- In case the onion service directory can't be created or has wrong
permissions, do not BUG() on it which lead to a non fatal
stacktrace. Fixes bug 27335; bugfix on 0.3.2.1.
- When the onion service directory can't be created or has the wrong
permissions, do not log a stack trace. Fixes bug 27335; bugfix
on 0.3.2.1-alpha.
o Minor bugfixes (OS compatibility):
- On Linux and Windows properly handle configuration change that
moves a listener to/from wildcard IP address. In case first
attempt to bind a socket fails, close the old listener and try
binding a socket again. Fixes bug 17873; bugfix on 0.0.8pre-1.
- Properly handle configuration changes that move a listener to/from
wildcard IP address. If the first attempt to bind a socket fails,
close the old listener and try binding the socket again. Fixes bug
17873; bugfix on 0.0.8pre-1.
o Minor bugfixes (performance)::
- Rework node_is_a_configured_bridge() to no longer call
@ -322,26 +311,27 @@ Changes in version 0.3.5.1-alpha-2018-09-??
o Minor bugfixes (relay statistics):
- Update relay descriptor on bandwidth changes only when the uptime
is smaller than 24h in order to reduce the efficiency of guard
is smaller than 24h, in order to reduce the efficiency of guard
discovery attacks. Fixes bug 24104; bugfix on 0.1.1.6-alpha.
o Minor bugfixes (relays):
- In frac_nodes_with_descriptors(), add for_direct_connect, and
replace node_has_any_descriptor() with
node_has_preferred_descriptor(). Also, if we are using bridges and
there is at least one bridge with a full descriptor, set f_guard
in compute_frac_paths_available() to 1.0. Fixes bug 25886; bugfix
on 0.3.5.1-alpha. Patch by Neel Chauhan.
- Since 0.3.3.5-rc, authorities require DirCache (V2Dir) for the
Guard flag. Update the message logged on relays when DirCache is
disabled. Fixes bug 24312; bugfix on 0.3.3.5-rc.
- Consider the fact that we'll be making direct connections to our
entry and guard nodes when computing the fraction of nodes that
have their descriptors. Also, if we are using bridges and there is
at least one bridge with a full descriptor, treat the fraction of
guards available as 100%. Fixes bug 25886; bugfix on 0.3.5.1-alpha.
Patch by Neel Chauhan.
- Update the message logged on relays when DirCache is disabled.
Since 0.3.3.5-rc, authorities require DirCache (V2Dir) for the
Guard flag. Fixes bug 24312; bugfix on 0.3.3.5-rc.
o Minor bugfixes (rust):
- The protover rewrite in 24031 allowed repeated votes from the same
voter for the same protocol version to be counted multiple times
in protover_compute_vote(). Fixes bug 27649; bugfix on 0.3.3.5-rc.
- protover parsed and accepted unknown protocol names containing
invalid characters outside the range [A-Za-z0-9-]. Fixes bug
o Minor bugfixes (rust, protover):
- Compute protover votes correctly in the rust version of the
protover code. Previously, the protover rewrite in 24031 allowed
repeated votes from the same voter for the same protocol version
to be counted multiple times in protover_compute_vote(). Fixes bug
27649; bugfix on 0.3.3.5-rc.
- Reject protover names that contain invalid characters. Fixes bug
27687; bugfix on 0.3.3.1-alpha.
o Minor bugfixes (testing):
@ -367,8 +357,6 @@ Changes in version 0.3.5.1-alpha-2018-09-??
longer needed Closes ticket 26502.
- Include paths to header files within Tor are now qualified by
directory within the top-level src directory.
- Low log level of "Scheduler type KIST has been enabled" to INFO.
Ticket 26703
- Many structures have been removed from the centralized "or.h"
header, and moved into their own headers. This will allow us to
reduce the number of places in the code that rely on each
@ -399,6 +387,8 @@ Changes in version 0.3.5.1-alpha-2018-09-??
modules. Closes ticket 26526.
o Documentation:
- Copy paragraph and URL to Tor's code of conduct document from
CONTRIBUTING to new CODE_OF_CONDUCT file. Resolves ticket 26638.
- Remove old instructions from INSTALL document. Closes ticket 26588.
- Warn users that they should not include MyFamily line(s) in their
torrc when running Tor bridge. Closes ticket 26908.
@ -410,11 +400,11 @@ Changes in version 0.3.5.1-alpha-2018-09-??
- Tor no longer attempts to run on Windows environments without the
GetAdaptersAddresses() function. This function has existed since
Windows XP, which is itself already older than we support.
- Remove Tor2web functionalities. The Tor2webMode and
Tor2webRendezvousPoints options are now obsolete. Note that this
feature was never shipped in vanilla Tor and it was only possible
to use this feature by building the support at compile time.
Closes ticket 26367.
- Remove Tor2web functionality. The Tor2webMode and
Tor2webRendezvousPoints options are now obsolete. (This feature
was never shipped in vanilla Tor and it was only possible to use
this feature by building the support at compile time.) Closes
ticket 26367.
Changes in version 0.2.9.17 - 2018-09-10