diff --git a/ChangeLog b/ChangeLog index 03cfa1f0c4..4f817e4152 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,58 +1,58 @@ Changes in version 0.2.7.3-rc - 2015-09-2? - - Tor 0.2.7.3-rc is the first release candidate in the 0.2.7 series. It + Tor 0.2.7.3-rc is the first release candidate in the 0.2.7 series. It contains numerous usability fixes for Ed25519 keys, safeguards against - several misconfiguration problems, significant simplifications to Tor's - callgraph, and numerous bugfixes and small - features. + several misconfiguration problems, significant simplifications to + Tor's callgraph, and numerous bugfixes and small features. This is the most tested release of Tor to date. The unit tests cover 39.40% of the code, and the integration tests (accessible with "make - test-full-online", requiring stem and chutney and a network connection) - raise the coverage to XXX. + test-full-online", requiring stem and chutney and a network + connection) raise the coverage to XXX. If this is your first time upgrading a relay to Tor 0.2.7, your Tor - relay will, by default, generate a new Ed25519 identity key. If you + relay will, by default, generate a new Ed25519 identity key. If you would prefer to keep your Ed25519 identity key offline or encrypted - for improved security, you can do so by following the instructions at - XXX. + for improved security, you can do so by following the instructions + at XXX. o Major features (security, hidden services): - - Hidden services are required to use more than one EntryNode, - to avoid a guard discovery attack. See ticket for more - information. Fixes ticket 14917. - - o Major features (relay, Ed25519): - - Significant usability improvements for Ed25519 - key management. Log messages are better, and the code can recover - from far more failure conditions. Thanks to "s7r" for reporting - and diagnosing so many of these! - - On receiving a HUP signal, check to see whether the Ed25519 - signing key has changed, and reload it if so. Closes ticket 16790. + - Hidden services are required to use more than one EntryNode, to + avoid a guard discovery attack. See ticket for more information. + Fixes ticket 14917. o Major features (ed25519 performance): - - Improve the speed of Ed25519 operations and Curve25519 - keypair generation when built targeting 32 bit x86 platforms with - SSE2 available. Implements ticket 16535. + - Improve the speed of Ed25519 operations and Curve25519 keypair + generation when built targeting 32 bit x86 platforms with SSE2 + available. Implements ticket 16535. - Improve the runtime speed of Ed25519 signature verification by - using Ed25519-donna's batch verification support. Implements ticket 16533. + using Ed25519-donna's batch verification support. Implements + ticket 16533. o Major features (performance testing): - The test-network.sh script now supports performance testing. - Requires corresponding chutney performance testing changes. - Patch by "teor". Closes ticket 14175. + Requires corresponding chutney performance testing changes. Patch + by "teor". Closes ticket 14175. + + o Major features (relay, Ed25519): + - Significant usability improvements for Ed25519 key management. Log + messages are better, and the code can recover from far more + failure conditions. Thanks to "s7r" for reporting and diagnosing + so many of these! + - On receiving a HUP signal, check to see whether the Ed25519 + signing key has changed, and reload it if so. Closes ticket 16790. o Major bugfixes (relay, Ed25519): - Avoid crashing on 'tor --keygen'. Fixes bug 16679; bugfix on 0.2.7.2-alpha. Reported by "s7r". - - Improve handling of expired signing keys with offline master - keys. Fixes bug 16685; bugfix on 0.2.7.2-alpha. Reported by "s7r". + - Improve handling of expired signing keys with offline master keys. + Fixes bug 16685; bugfix on 0.2.7.2-alpha. Reported by "s7r". o Minor features (client-side privacy): - - New KeyAliveSOCKSAuth option to indefinitely extend circuit lifespan - when IsolateSOCKSAuth and streams with SOCKS authentication are attached - to the circuit. This allows applications like TorBrowser to - manage circuit lifetime on their own. Implements feature 15482. + - New KeyAliveSOCKSAuth option to indefinitely extend circuit + lifespan when IsolateSOCKSAuth and streams with SOCKS + authentication are attached to the circuit. This allows + applications like TorBrowser to manage circuit lifetime on their + own. Implements feature 15482. - When logging malformed hostnames from SOCKS5 requests, respect SafeLogging configuration. Fixes bug 16891; bugfix on 0.1.1.16-rc. @@ -73,79 +73,39 @@ Changes in version 0.2.7.3-rc - 2015-09-2? option HiddenServiceStatistics to "1" by default. Closes ticket 15254. - Client now uses an introduction point failure cache to know when - to fetch or keep a descriptor in their cache. Previously, - failures were recorded implicitly, but not explicitly remembered. - Closes ticket 16389. + to fetch or keep a descriptor in their cache. Previously, failures + were recorded implicitly, but not explicitly remembered. Closes + ticket 16389. o Minor features (testing, authorities, documentation): - New TestingDirAuthVote{Exit,Guard,HSDir}IsStrict flags to - explicitly manage consensus flags in t3esting networks. - Patch by "robgjansen", modified by "teor". Implements part of - ticket 14882. + explicitly manage consensus flags in t3esting networks. Patch by + "robgjansen", modified by "teor". Implements part of ticket 14882. o Minor bugfixes (security, exit policies): - - ExitPolicyRejectPrivate now also rejects - the relay's published IPv6 address (if any), and any publicly - routable IPv4 or IPv6 addresses on any local interfacesn. - ticket 17027. Patch by "teor". Fixes bug 17027; bugfix on 0.2.0.11-alpha. - - o Minor bugfixes (portability): - - Try harder to normalize the exit status of the Tor process to the - standard-provided range. Fixes bug 16975; bugfix on every version - of Tor ever. - - Check correctly for windows socket errors in the workqueue - backend. Fixes bug 16741; bugfix on 0.2.6.3-alpha. - - Fix the behavior of crypto_rand_time_range() when told to consider times - before 1970. (These times were possible when running in a - simulated network environment where time()'s output starts at - zero.) Fixes bug 16980; bugfix on 0.2.7.1-alpha. - - o Minor bugfixes (documentation): - - Fix the usage message of tor-resolve(1) so that it no longer lists - the removed -F option. Fixes bug 16913; bugfix on - 0.2.2.28-beta. - - Fix an error in the manual page and comments for - TestingDirAuthVoteHSDir[IsStrict], which suggested that a HSDir - required "ORPort connectivity". While this is true, it is in no - way unique to the HSDir flag. Of all the flags, only HSDirs need a - DirPort configured in order for the authorities to assign that - particular flag. Patch by "teor". Fixed as part of 14882; bugfix on 0.2.6.3-alpha. - - o Minor bugfixes (relay): - - Ensure that worker threads actually exit when a fatal error or - shutdown is indicated. This fix doesn't currently affect the behaviour - of Tor, because Tor workers never indicates fatal error or shutdown except - in the unit tests. Fixes bug 16868; bugfix on 0.2.6.3-alpha. - - o Minor bugfixes (correctness): - - When calling channel_free_list(), avoid calling smartlist_remove() - while inside a FOREACH loop. This partially reverts commit - 17356fe7fd96af where the correct SMARTLIST_DEL_CURRENT was - incorrectly removed. Fixes bug 16924; bugfix on 0.2.4.4-alpha. + - ExitPolicyRejectPrivate now also rejects the relay's published + IPv6 address (if any), and any publicly routable IPv4 or IPv6 + addresses on any local interfacesn. ticket 17027. Patch by "teor". + Fixes bug 17027; bugfix on 0.2.0.11-alpha. o Minor bug fixes (torrc exit policies): - - In torrc, "accept6 *" and "reject6 *" ExitPolicy lines now - only produce IPv6 wildcard addresses. - Previously they would produce both IPv4 and IPv6 - wildcard addresses. Patch by "teor". Fixes part of bug 16069; bugfix on 0.2.4.7-alpha. - - When parsing torrc ExitPolicies, we now warn for a number of - cases where the user's intent is likely to differ from Tor's - actual behavior. These include: using an IPv4 address - with an accept6 or reject6 line; using "private" on an accept6 - or reject6 line; and including any ExitPolicy lines after - accept *:* or reject *:*. Related to ticket 16069. + - In torrc, "accept6 *" and "reject6 *" ExitPolicy lines now only + produce IPv6 wildcard addresses. Previously they would produce + both IPv4 and IPv6 wildcard addresses. Patch by "teor". Fixes part + of bug 16069; bugfix on 0.2.4.7-alpha. + - When parsing torrc ExitPolicies, we now warn for a number of cases + where the user's intent is likely to differ from Tor's actual + behavior. These include: using an IPv4 address with an accept6 or + reject6 line; using "private" on an accept6 or reject6 line; and + including any ExitPolicy lines after accept *:* or reject *:*. + Related to ticket 16069. - When parsing torrc ExitPolicies, we now issue an info-level message: when expanding an "accept/reject *" line to include both IPv4 and IPv6 wildcard addresses. Related to ticket 16069. - - In each instance above, usage advice is provided to avoid the message. - Resolves ticket 16069. Patch by "teor". Fixes part of bug + - In each instance above, usage advice is provided to avoid the + message. Resolves ticket 16069. Patch by "teor". Fixes part of bug 16069; bugfix on 0.2.4.7-alpha. - o Minor bugfixes (open file limit): - - Fix set_max_file_descriptors() to set by default the max open file - limit to the current limit when setrlimit() fails. Fixes bug 16274; bugfix on tor- - 0.2.0.10-alpha. Patch by dgoulet. - o Minor bugfixes (authority): - Don't assign "HSDir" to a router if it isn't Valid and Running. Fixes bug 16524; bugfix on 0.2.7.2-alpha. @@ -157,8 +117,26 @@ Changes in version 0.2.7.3-rc - 2015-09-2? bug 16286; bugfix on 0.2.7.2-alpha. o Minor bugfixes (control port): - - Repair a warning and a spurious result when getting the maximum number of file descriptors - from the controller. Fixes bug 16697; bugfix on 0.2.7.2-alpha. + - Repair a warning and a spurious result when getting the maximum + number of file descriptors from the controller. Fixes bug 16697; + bugfix on 0.2.7.2-alpha. + + o Minor bugfixes (correctness): + - When calling channel_free_list(), avoid calling smartlist_remove() + while inside a FOREACH loop. This partially reverts commit + 17356fe7fd96af where the correct SMARTLIST_DEL_CURRENT was + incorrectly removed. Fixes bug 16924; bugfix on 0.2.4.4-alpha. + + o Minor bugfixes (documentation): + - Fix the usage message of tor-resolve(1) so that it no longer lists + the removed -F option. Fixes bug 16913; bugfix on 0.2.2.28-beta. + - Fix an error in the manual page and comments for + TestingDirAuthVoteHSDir[IsStrict], which suggested that a HSDir + required "ORPort connectivity". While this is true, it is in no + way unique to the HSDir flag. Of all the flags, only HSDirs need a + DirPort configured in order for the authorities to assign that + particular flag. Patch by "teor". Fixed as part of 14882; bugfix + on 0.2.6.3-alpha. o Minor bugfixes (Ed25519): - Fix a memory leak when reading router descriptors with expired @@ -170,13 +148,33 @@ Changes in version 0.2.7.3-rc - 2015-09-2? - Allow routers with ed25519 keys to run correctly under the seccomp2 sandbox. Fixes bug 16965; bugfix on 0.2.7.2-alpha. + o Minor bugfixes (open file limit): + - Fix set_max_file_descriptors() to set by default the max open file + limit to the current limit when setrlimit() fails. Fixes bug + 16274; bugfix on tor- 0.2.0.10-alpha. Patch by dgoulet. + o Minor bugfixes (portability): + - Try harder to normalize the exit status of the Tor process to the + standard-provided range. Fixes bug 16975; bugfix on every version + of Tor ever. + - Check correctly for windows socket errors in the workqueue + backend. Fixes bug 16741; bugfix on 0.2.6.3-alpha. + - Fix the behavior of crypto_rand_time_range() when told to consider + times before 1970. (These times were possible when running in a + simulated network environment where time()'s output starts at + zero.) Fixes bug 16980; bugfix on 0.2.7.1-alpha. - Restore correct operation of TLS client-cipher detection on OpenSSL 1.1. Fixes bug 14047; bugfix on 0.2.7.2-alpha. o Minor bugfixes (relay): - - Unblock threads before releasing the work queue mutex to ensure predictable - scheduling behavior. Fixes bug 16644; bugfix on 0.2.6.3-alpha. + - Ensure that worker threads actually exit when a fatal error or + shutdown is indicated. This fix doesn't currently affect the + behaviour of Tor, because Tor workers never indicates fatal error + or shutdown except in the unit tests. Fixes bug 16868; bugfix + on 0.2.6.3-alpha. + - Unblock threads before releasing the work queue mutex to ensure + predictable scheduling behavior. Fixes bug 16644; bugfix + on 0.2.6.3-alpha. o Code simplification and refactoring: - Change the function that's called when we need to retry all