diff --git a/ChangeLog b/ChangeLog index 6a867449e7..250fb2e515 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,67 +1,94 @@ Changes in version 0.2.7.1-alpha - 2015-05-?? Tor 0.2.7.1-alpha is the first alpha release in its series. + o New system requirements: + - Tor no longer includes workarounds for Libevent versions before + 1.3e. Libevent 2.0 or later is recommended. Closes ticket 15248. + o Major features (controller): - Add the ADD_ONION and DEL_ONION commands that allows the creation and management of hidden services via the controller. Closes ticket 6411. - New "GETINFO onions/current" and "GETINFO onions/detached" to get - information about hidden services created via the controller. - Part of ticket 6411. - - New HSFETCH command to launch a request for a hidden service descriptor. - Closes ticket 14847. + information about hidden services created via the controller. Part + of ticket 6411. + - New HSFETCH command to launch a request for a hidden service + descriptor. Closes ticket 14847. o Major bugfixes (hidden services): - - Revert commit that made directory authority assign the HSDir flag to - relay without a DirPort which is bad because relay can't handle + - Revert commit that made directory authority assign the HSDir flag + to relay without a DirPort which is bad because relay can't handle BEGIN_DIR cells. Fixes bug 15850; bugfix on tor-0.2.6.3-alpha. - o Minor features (HS popularity countermeasure): - - To avoid leaking HS popularity, don't cycle the introduction point - when we've handled a fixed number of INTRODUCE2 cells but instead - cycle it when a random value of introductions is reached thus making - it more difficult for an attacker to find out the amount of clients - that has passed through the introduction point for a specific HS. - Closes ticket 15745. + o Minor features (clock-jump tolerance): + - Recover better when our clock jumps back many hours, like might + happen for Tails or Whonix users who start with a very wrong + hardware clock, use Tor to discover a more accurate time, and then + fix their clock. Resolves part of ticket 8766. [I'd call this a + major feature if it actually fixed all of the issues.] o Minor features (command-line interface): - - Make --hash-password imply --hush to prevent unnecessary noise. Closes - ticket 15542. + - Make --hash-password imply --hush to prevent unnecessary noise. + Closes ticket 15542. + - Print a warning whenever we find a relative file path being used + as torrc option. Resolves issue 14018. + - The "--hash-password" option now implies "--hush" to avoid + needless noise. Closes ticket 15542. Patch from "cypherpunks". - o Minor features (controller) - - Controllers can now use GETINFO hs/client/desc/id/... to - retrieve items from the client's hidden service descriptor - cache. Closes ticket 14845. + o Minor features (controller): + - Controllers can now use GETINFO hs/client/desc/id/... to retrieve + items from the client's hidden service descriptor cache. Closes + ticket 14845. + + o Minor features (controller): + - Add DirAuthority lines for default directory authorities to output + of the GETINFO config/defaults controller command if not already + present. Implements ticket 14840. + - Implement a new controller command "status/fresh-relay-descs" to + fetch a descriptor/extrainfo pair that was generated on demand + just for the controller's use. Implements ticket 14784. o Minor features (DoS-resistance): - Make it harder for attackers to overwhelm hidden services with introductions, by blocking multiple introduction requests on the same circuit. Resolves ticket 15515. + o Minor features (geoip): + - Update geoip to the April 8 2015 Maxmind GeoLite2 Country database. + - Update geoip6 to the April 8 2015 Maxmind GeoLite2 + Country database. + + o Minor features (HS popularity countermeasure): + - To avoid leaking HS popularity, don't cycle the introduction point + when we've handled a fixed number of INTRODUCE2 cells but instead + cycle it when a random value of introductions is reached thus + making it more difficult for an attacker to find out the amount of + clients that has passed through the introduction point for a + specific HS. Closes ticket 15745. + o Minor features (logging): - Include the Tor version in all LD_BUG log messages, since people tend to cut and paste those into the bugtracker. Implements ticket 15026. o Minor features (pluggable transports): - - When launching managed pluggable transports, setup a valid open stdin - in the child process that can be used to detect if tor has terminated. - The "TOR_PT_EXIT_ON_STDIN_CLOSE" enviornment variable can be used by - implementations to detect this new behavior. Resolves ticket 15435. + - When launching managed pluggable transports, setup a valid open + stdin in the child process that can be used to detect if tor has + terminated. The "TOR_PT_EXIT_ON_STDIN_CLOSE" enviornment variable + can be used by implementations to detect this new behavior. + Resolves ticket 15435. - When launching managed pluggable transports on linux systems, - attempt to have the kernel deliver a SIGTERM on tor exit if - the pluggable transport process is still running. Resolves + attempt to have the kernel deliver a SIGTERM on tor exit if the + pluggable transport process is still running. Resolves ticket 15471. - o Minor features (testing): - - Add make rule `check-changes` to verify the format of changes files. - Closes ticket 15180. - - Add unit tests for control_event_is_interesting(). - Add a compile-time check that the number of events doesn't exceed - the capacity of control_event_t.event_mask. - Closes ticket 15431, checks for bugs similar to 13085. - Patch by "teor". + - Add make rule `check-changes` to verify the format of changes + files. Closes ticket 15180. + - Add unit tests for control_event_is_interesting(). Add a compile- + time check that the number of events doesn't exceed the capacity + of control_event_t.event_mask. Closes ticket 15431, checks for + bugs similar to 13085. Patch by "teor". - Commandline argument tests moved to Stem. Resolves ticket 14806. - Integrate the ntor, backtrace and zero lengths keys tests into the automake test suite. Closes ticket 15344. @@ -73,60 +100,35 @@ Changes in version 0.2.7.1-alpha - 2015-05-?? - Add a test to verify that the compiler does not eliminate our memwipe() implementation. Closes ticket 15377. - o Minor features (controller): - - Add DirAuthority lines for default directory authorities to output - of the GETINFO config/defaults controller command if not already - present. Implements ticket 14840. - - Implement a new controller command "status/fresh-relay-descs" to - fetch a descriptor/extrainfo pair that was generated on demand - just for the controller's use. Implements ticket 14784. - - o Minor features (command-line interface): - - Print a warning whenever we find a relative - file path being used as torrc option. Resolves issue 14018. - - The "--hash-password" option now implies "--hush" to avoid needless - noise. Closes ticket 15542. Patch from "cypherpunks". - - o Minor features (clock-jump tolerance): - - Recover better when our clock jumps back many hours, like might - happen for Tails or Whonix users who start with a very wrong - hardware clock, use Tor to discover a more accurate time, and then - fix their clock. Resolves part of ticket 8766. - [I'd call this a major feature if it actually fixed all of the issues.] - - o Minor features (geoip): - - Update geoip to the April 8 2015 Maxmind GeoLite2 Country database. - - Update geoip6 to the April 8 2015 Maxmind GeoLite2 Country database. - - o Minor bugfixes (statistics): - - Disregard the ConnDirectionStatistics torrc options when Tor is - not a relay since in that mode of operation no sensible data is - being collected and because Tor might run into measurement hiccups - when running as a client for some time, then becoming a relay. Fixes - bug 15604; bugfix on 0.2.2.35. - o Minor bugfixes (build): - - Improve out-of-tree builds by making non-standard rules work and clean up - additional files and directories. Fixes bug 15053; bugfix on - 0.2.7.0-alpha. + - Improve out-of-tree builds by making non-standard rules work and + clean up additional files and directories. Fixes bug 15053; bugfix + on 0.2.7.0-alpha. o Minor bugfixes (command-line interface): - When "--quiet" is provided along with "--validate-config", do not - write anything to stdout on success. Fixes bug 14994; bugfix on - 0.2.3.3-alpha. + write anything to stdout on success. Fixes bug 14994; bugfix + on 0.2.3.3-alpha. - When complaining about bad arguments to "--dump-config", use stderr, not stdout. o Minor bugfixes (configuration, unit tests): - Only add the default fallback directories when the DirAuthorities, AlternateDirAuthority, and FallbackDir directory config options - are set to their defaults. - The default fallback directory list is currently empty, this fix - will only change tor's behaviour when it has default fallback - directories. - Includes unit tests for consider_adding_dir_servers(). - Fixes bug 15642; bugfix on 90f6071d8dc0 in 0.2.4.7-alpha. - Patch by "teor". + are set to their defaults. The default fallback directory list is + currently empty, this fix will only change tor's behaviour when it + has default fallback directories. Includes unit tests for + consider_adding_dir_servers(). Fixes bug 15642; bugfix on + 90f6071d8dc0 in 0.2.4.7-alpha. Patch by "teor". + + o Minor bugfixes (correctness): + - Remove side-effects from tor_assert() calls. This was harmless, + because we never disable assertions, but it is bad style and + unnecessary. Fixes bug 15211; bugfix on 0.2.5.5, 0.2.2.36, + and 0.2.0.10. + - For correctness, avoid modifying a constant string in + handle_control_postdescriptor. Fixes bug 15546; bugfix + on 0.1.1.16-rc. o Minor bugfixes (hidden service): - Remove an extraneous newline character from the end of hidden @@ -135,61 +137,55 @@ Changes in version 0.2.7.1-alpha - 2015-05-?? o Minor bugfixes (interface): - Print usage information for --dump-config when it is used without an argument. Also, fix the error message to use different wording - and add newline at the end. Fixes bug 15541; bugfix on 0.2.5.1-alpha. + and add newline at the end. Fixes bug 15541; bugfix + on 0.2.5.1-alpha. o Minor bugfixes (logs): - When building Tor under Clang, do not include an extra set of - parentheses in log messages that include function names. - Fixes bug 15269; bugfix on every released version of Tor when - compiled with recent enough Clang. - - o Minor bugfixes (test networks) - - When self-testing reachability, use ExtendAllowPrivateAddresses - to determine if local/private addresses imply reachability. - The previous fix used TestingTorNetwork, which implies - ExtendAllowPrivateAddresses, but this excluded rare configs where - ExtendAllowPrivateAddresses is set but TestingTorNetwork is not. - Fixes bug 15771; bugfix on 0.2.6.1-alpha. - Patch by "teor", issue discovered by CJ Ess. - - o Minor bugfixes (testing): - - Set the severity correctly when testing get_interface_addresses_ifaddrs() - and get_interface_addresses_win32(), so that the tests fail gracefully - instead of triggering an assertion. Fixes bug 15759; bugfix on - 0.2.6.3-alpha. Reported by Nicolas Derive. - - Check for matching value in server response in ntor_ref.py. - Fixes bug 15591; bugfix on 0.2.4.8-alpha. Reported and fixed - by "joelanders". - - o Minor bugfixes (correctness): - - Remove side-effects from tor_assert() calls. This was harmless, - because we never disable assertions, but it is bad style and - unnecessary. Fixes bug 15211; bugfix on 0.2.5.5, 0.2.2.36, and - 0.2.0.10. - - For correctness, avoid modifying a constant string in - handle_control_postdescriptor. Fixes bug 15546; bugfix on - 0.1.1.16-rc. + parentheses in log messages that include function names. Fixes bug + 15269; bugfix on every released version of Tor when compiled with + recent enough Clang. o Minor bugfixes (network): - When attempting to use fallback technique for network interface lookup, disregard loopback and multicast addresses since they are unsuitable for public communications. + o Minor bugfixes (statistics): + - Disregard the ConnDirectionStatistics torrc options when Tor is + not a relay since in that mode of operation no sensible data is + being collected and because Tor might run into measurement hiccups + when running as a client for some time, then becoming a relay. + Fixes bug 15604; bugfix on 0.2.2.35. + + o Minor bugfixes (test networks): + - When self-testing reachability, use ExtendAllowPrivateAddresses to + determine if local/private addresses imply reachability. The + previous fix used TestingTorNetwork, which implies + ExtendAllowPrivateAddresses, but this excluded rare configs where + ExtendAllowPrivateAddresses is set but TestingTorNetwork is not. + Fixes bug 15771; bugfix on 0.2.6.1-alpha. Patch by "teor", issue + discovered by CJ Ess. + + o Minor bugfixes (testing): + - Set the severity correctly when testing + get_interface_addresses_ifaddrs() and + get_interface_addresses_win32(), so that the tests fail gracefully + instead of triggering an assertion. Fixes bug 15759; bugfix on + 0.2.6.3-alpha. Reported by Nicolas Derive. + - Check for matching value in server response in ntor_ref.py. Fixes + bug 15591; bugfix on 0.2.4.8-alpha. Reported and fixed + by "joelanders". + o Code simplification and refactoring: - - Move the hacky fallback code out of get_interface_address6() - into separate function and get it covered with unit-tests. Resolves + - Move the hacky fallback code out of get_interface_address6() into + separate function and get it covered with unit-tests. Resolves ticket 14710. - Refactor hidden service client-side cache lookup to intelligently report its various failure cases, and disentangle failure cases involving a lack of introduction points. Closes ticket 14391. - - Use our own Base64 encoder instead of OpenSSL's, to allow more control - over the output. Part of ticket 15652. - - o Removed code: - - Remove `USE_OPENSSL_BASE64` and the corresponding fallback code and - always use the internal Base64 decoder. The internal decoder has been - part of tor since tor-0.2.0.10-alpha, and no one should be using the - OpenSSL one. Part of ticket 15652. + - Use our own Base64 encoder instead of OpenSSL's, to allow more + control over the output. Part of ticket 15652. o Documentation: - Improve the descriptions of statistics-related torrc options in @@ -201,22 +197,21 @@ Changes in version 0.2.7.1-alpha - 2015-05-?? Previously, we had used "router descriptor", "server descriptor", and "relay descriptor" interchangeably. Part of ticket 14987. - o New system requirements: - - Tor no longer includes workarounds for Libevent versions before 1.3e. - Libevent 2.0 or later is recommended. Closes ticket 15248. - o Removed code: + - Remove `USE_OPENSSL_BASE64` and the corresponding fallback code + and always use the internal Base64 decoder. The internal decoder + has been part of tor since tor-0.2.0.10-alpha, and no one should + be using the OpenSSL one. Part of ticket 15652. - Remove the 'tor_strclear()' function; use memwipe() instead. Closes ticket 14922. o Removed features: - - Remove the (seldom-used) DynamicDHGroups feature. For - anti-fingerprinting we now recommend pluggable transports; for - forward-secrecy in TLS, we now use the P-256 group. - Closes ticket 13736. + - Remove the (seldom-used) DynamicDHGroups feature. For anti- + fingerprinting we now recommend pluggable transports; for forward- + secrecy in TLS, we now use the P-256 group. Closes ticket 13736. - Remove the undocumented "--digests" command-line option. It - complicated our build process, caused subtle build issues - on multiple platforms, and is now redundant since we started + complicated our build process, caused subtle build issues on + multiple platforms, and is now redundant since we started including git version identifiers. Closes ticket 14742. - Tor no longer contains workarounds for stat files generated by super-old versions of Tor that didn't choose guards sensibly.