mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-28 06:13:31 +01:00
Start an 0.4.3.5 releasenotes
This was made by taking all 0.4.3.x changelogs up to this point and sorting them.
This commit is contained in:
parent
5eee5d8bc0
commit
59ac7fdcf0
717
ReleaseNotes
717
ReleaseNotes
@ -2,6 +2,723 @@ This document summarizes new features and bugfixes in each stable
|
||||
release of Tor. If you want to see more detailed descriptions of the
|
||||
changes in each development snapshot, see the ChangeLog file.
|
||||
|
||||
Changes in version 0.4.3.5 - 2020-05-15
|
||||
COPY BLURB HERE.
|
||||
|
||||
Below are the changes since 0.4.2.5. For a list of only the changes
|
||||
since 0.4.3.4-rc, see the ChangeLog file.
|
||||
|
||||
o New system requirements:
|
||||
- When building Tor, you now need to have Python 3 in order to run
|
||||
the integration tests. (Python 2 is officially unsupported
|
||||
upstream, as of 1 Jan 2020.) Closes ticket 32608.
|
||||
|
||||
o Major features (build system):
|
||||
- The relay code can now be disabled using the --disable-module-relay
|
||||
configure option. When this option is set, we also disable the
|
||||
dirauth module. Closes ticket 32123.
|
||||
- When Tor is compiled --disable-module-relay, we also omit the code
|
||||
used to act as a directory cache. Closes ticket 32487.
|
||||
|
||||
o Major features (directory authority, ed25519):
|
||||
- Add support for banning a relay's ed25519 keys in the approved-
|
||||
routers file. This will help us migrate away from RSA keys in the
|
||||
future. Previously, only RSA keys could be banned in approved-
|
||||
routers. Resolves ticket 22029. Patch by Neel Chauhan.
|
||||
|
||||
o Major features (onion service, controller):
|
||||
- New control port commands to manage client-side onion service
|
||||
authorization credentials. The ONION_CLIENT_AUTH_ADD command adds
|
||||
a credential, ONION_CLIENT_AUTH_REMOVE deletes a credential, and
|
||||
ONION_CLIENT_AUTH_VIEW lists the credentials. Closes ticket 30381.
|
||||
|
||||
o Major features (onion service, SOCKS5):
|
||||
- Introduce a new SocksPort flag, ExtendedErrors, to support more
|
||||
detailed error codes in information for applications that support
|
||||
them. Closes ticket 30382; implements proposal 304.
|
||||
|
||||
o Major features (proxy):
|
||||
- In addition to its current supported proxy types (HTTP CONNECT,
|
||||
SOCKS4, and SOCKS5), Tor can now make its OR connections through a
|
||||
HAProxy server. A new torrc option was added to specify the
|
||||
address/port of the server: TCPProxy <protocol> <host>:<port>.
|
||||
Currently the only supported protocol for the option is haproxy.
|
||||
Closes ticket 31518. Patch done by Suphanat Chunhapanya (haxxpop).
|
||||
|
||||
o Major bugfixes (security, denial-of-service):
|
||||
- Fix a denial-of-service bug that could be used by anyone to
|
||||
consume a bunch of CPU on any Tor relay or authority, or by
|
||||
directories to consume a bunch of CPU on clients or hidden
|
||||
services. Because of the potential for CPU consumption to
|
||||
introduce observable timing patterns, we are treating this as a
|
||||
high-severity security issue. Fixes bug 33119; bugfix on
|
||||
0.2.1.5-alpha. Found by OSS-Fuzz. We are also tracking this issue
|
||||
as TROVE-2020-002 and CVE-2020-10592.
|
||||
|
||||
o Major bugfixes (circuit padding, memory leak):
|
||||
- Avoid a remotely triggered memory leak in the case that a circuit
|
||||
padding machine is somehow negotiated twice on the same circuit.
|
||||
Fixes bug 33619; bugfix on 0.4.0.1-alpha. Found by Tobias Pulls.
|
||||
This is also tracked as TROVE-2020-004 and CVE-2020-10593.
|
||||
|
||||
o Major bugfixes (directory authority):
|
||||
- Directory authorities will now send a 503 (not enough bandwidth)
|
||||
code to clients when under bandwidth pressure. Known relays and
|
||||
other authorities will always be answered regardless of the
|
||||
bandwidth situation. Fixes bug 33029; bugfix on 0.1.2.5-alpha.
|
||||
|
||||
o Major bugfixes (DoS defenses, bridges, pluggable transport):
|
||||
- Fix a bug that was preventing DoS defenses from running on bridges
|
||||
with a pluggable transport. Previously, the DoS subsystem was not
|
||||
given the transport name of the client connection, thus failed to
|
||||
find the GeoIP cache entry for that client address. Fixes bug
|
||||
33491; bugfix on 0.3.3.2-alpha.
|
||||
|
||||
o Major bugfixes (linux seccomp sandbox):
|
||||
- Correct how we use libseccomp. Particularly, stop assuming that
|
||||
rules are applied in a particular order or that more rules are
|
||||
processed after the first match. Neither is the case! In
|
||||
libseccomp <2.4.0 this led to some rules having no effect.
|
||||
libseccomp 2.4.0 changed how rules are generated, leading to a
|
||||
different ordering, which in turn led to a fatal crash during
|
||||
startup. Fixes bug 29819; bugfix on 0.2.5.1-alpha. Patch by
|
||||
Peter Gerber.
|
||||
- Fix crash when reloading logging configuration while the
|
||||
experimental sandbox is enabled. Fixes bug 32841; bugfix on
|
||||
0.4.1.7. Patch by Peter Gerber.
|
||||
|
||||
o Major bugfixes (networking):
|
||||
- Correctly handle IPv6 addresses in SOCKS5 RESOLVE_PTR requests,
|
||||
and accept strings as well as binary addresses. Fixes bug 32315;
|
||||
bugfix on 0.3.5.1-alpha.
|
||||
|
||||
o Major bugfixes (onion service client, authorization):
|
||||
- On a NEWNYM signal, purge entries from the ephemeral client
|
||||
authorization cache. The permanent ones are kept. Fixes bug 33139;
|
||||
bugfix on 0.4.3.1-alpha.
|
||||
|
||||
o Major bugfixes (onion service):
|
||||
- Report HS circuit failure back into the HS subsystem so we take
|
||||
appropriate action with regards to the client introduction point
|
||||
failure cache. This improves reachability of onion services, since
|
||||
now clients notice failing introduction circuits properly. Fixes
|
||||
bug 32020; bugfix on 0.3.2.1-alpha.
|
||||
|
||||
o Minor feature (configure, build system):
|
||||
- Output a list of enabled/disabled features at the end of the
|
||||
configure process in a pleasing way. Closes ticket 31373.
|
||||
|
||||
o Minor feature (heartbeat, onion service):
|
||||
- Add the DoS INTRODUCE2 defenses counter to the heartbeat DoS
|
||||
message. Closes ticket 31371.
|
||||
|
||||
o Minor feature (sendme, flow control):
|
||||
- Default to sending SENDME version 1 cells. (Clients are already
|
||||
sending these, because of a consensus parameter telling them to do
|
||||
so: this change only affects what clients would do if the
|
||||
consensus didn't contain a recommendation.) Closes ticket 33623.
|
||||
|
||||
o Minor features (best practices tracker):
|
||||
- Practracker now supports a --regen-overbroad option to regenerate
|
||||
the exceptions file, but only to revise exceptions to be _less_
|
||||
tolerant of best-practices violations. Closes ticket 32372.
|
||||
|
||||
o Minor features (configuration validation):
|
||||
- Configuration validation can now be done by per-module callbacks,
|
||||
rather than a global validation function. This will let us reduce
|
||||
the size of config.c and some of its more cumbersome functions.
|
||||
Closes ticket 31241.
|
||||
|
||||
o Minor features (configuration):
|
||||
- If a configured hardware crypto accelerator in AccelName is
|
||||
prefixed with "!", Tor now exits when it cannot be found. Closes
|
||||
ticket 32406.
|
||||
- We now use flag-driven logic to warn about obsolete configuration
|
||||
fields, so that we can include their names. In 0.4.2, we used a
|
||||
special type, which prevented us from generating good warnings.
|
||||
Implements ticket 32404.
|
||||
|
||||
o Minor features (continuous integration):
|
||||
- Run Doxygen Makefile target on Travis, so we can learn about
|
||||
regressions in our internal documentation. Closes ticket 32455.
|
||||
- Stop allowing failures on the Travis CI stem tests job. It looks
|
||||
like all the stem hangs we were seeing before are now fixed.
|
||||
Closes ticket 33075.
|
||||
|
||||
o Minor features (controller):
|
||||
- Add stream isolation data to STREAM event. Closes ticket 19859.
|
||||
- Implement a new GETINFO command to fetch microdescriptor
|
||||
consensus. Closes ticket 31684.
|
||||
|
||||
o Minor features (debugging, directory system):
|
||||
- Don't crash when we find a non-guard with a guard-fraction value
|
||||
set. Instead, log a bug warning, in an attempt to figure out how
|
||||
this happened. Diagnostic for ticket 32868.
|
||||
|
||||
o Minor features (defense in depth):
|
||||
- Add additional checks around tor_vasprintf() usage, in case the
|
||||
function returns an error. Patch by Tobias Stoeckmann. Fixes
|
||||
ticket 31147.
|
||||
|
||||
o Minor features (developer tooling):
|
||||
- Remove the 0.2.9.x series branches from git scripts (git-merge-
|
||||
forward.sh, git-pull-all.sh, git-push-all.sh, git-setup-dirs.sh).
|
||||
Closes ticket 32772.
|
||||
|
||||
o Minor features (developer tools):
|
||||
- Add a check_cocci_parse.sh script that checks that new code is
|
||||
parseable by Coccinelle. Add an exceptions file for unparseable
|
||||
files, and run the script from travis CI. Closes ticket 31919.
|
||||
- Call the check_cocci_parse.sh script from a 'check-cocci' Makefile
|
||||
target. Closes ticket 31919.
|
||||
- Add a rename_c_identifiers.py tool to rename a bunch of C
|
||||
identifiers at once, and generate a well-formed commit message
|
||||
describing the change. This should help with refactoring. Closes
|
||||
ticket 32237.
|
||||
- Add some scripts in "scripts/coccinelle" to invoke the Coccinelle
|
||||
semantic patching tool with the correct flags. These flags are
|
||||
fairly easy to forget, and these scripts should help us use
|
||||
Coccinelle more effectively in the future. Closes ticket 31705.
|
||||
|
||||
o Minor features (diagnostic):
|
||||
- Improve assertions and add some memory-poisoning code to try to
|
||||
track down possible causes of a rare crash (32564) in the EWMA
|
||||
code. Closes ticket 33290.
|
||||
|
||||
o Minor features (directory authorities):
|
||||
- Directory authorities now reject descriptors from relays running
|
||||
Tor versions from the 0.2.9 and 0.4.0 series. The 0.3.5 series is
|
||||
still allowed. Resolves ticket 32672. Patch by Neel Chauhan.
|
||||
|
||||
o Minor features (Doxygen):
|
||||
- Update Doxygen configuration file to a more recent template (from
|
||||
1.8.15). Closes ticket 32110.
|
||||
- "make doxygen" now works with out-of-tree builds. Closes
|
||||
ticket 32113.
|
||||
- Make sure that doxygen outputs documentation for all of our C
|
||||
files. Previously, some were missing @file declarations, causing
|
||||
them to be ignored. Closes ticket 32307.
|
||||
- Our "make doxygen" target now respects --enable-fatal-warnings by
|
||||
default, and does not warn about items that are missing
|
||||
documentation. To warn about missing documentation, run configure
|
||||
with the "--enable-missing-doc-warnings" flag: doing so suspends
|
||||
fatal warnings for doxygen. Closes ticket 32385.
|
||||
|
||||
o Minor features (git scripts):
|
||||
- Add TOR_EXTRA_CLONE_ARGS to git-setup-dirs.sh for git clone
|
||||
customisation. Closes ticket 32347.
|
||||
- Add git-setup-dirs.sh, which sets up an upstream git repository
|
||||
and worktrees for tor maintainers. Closes ticket 29603.
|
||||
- Add TOR_EXTRA_REMOTE_* to git-setup-dirs.sh for a custom extra
|
||||
remote. Closes ticket 32347.
|
||||
- Call the check_cocci_parse.sh script from the git commit and push
|
||||
hooks. Closes ticket 31919.
|
||||
- Make git-push-all.sh skip unchanged branches when pushing to
|
||||
upstream. The script already skipped unchanged test branches.
|
||||
Closes ticket 32216.
|
||||
- Make git-setup-dirs.sh create a master symlink in the worktree
|
||||
directory. Closes ticket 32347.
|
||||
- Skip unmodified source files when doing some existing git hook
|
||||
checks. Related to ticket 31919.
|
||||
|
||||
o Minor features (IPv6, client):
|
||||
- Make Tor clients tell dual-stack exits that they prefer IPv6
|
||||
connections. This change is equivalent to setting the PreferIPv6
|
||||
flag on SOCKSPorts (and most other listener ports). Tor Browser
|
||||
has been setting this flag for some time, and we want to remove a
|
||||
client distinguisher at exits. Closes ticket 32637.
|
||||
|
||||
o Minor features (portability, android):
|
||||
- When building for Android, disable some tests that depend on $HOME
|
||||
and/or pwdb, which Android doesn't have. Closes ticket 32825.
|
||||
Patch from Hans-Christoph Steiner.
|
||||
|
||||
o Minor features (relay modularity):
|
||||
- Split the relay and server pluggable transport config code into
|
||||
separate files in the relay module. Disable this code when the
|
||||
relay module is disabled. Closes part of ticket 32213.
|
||||
- When the relay module is disabled, reject attempts to set the
|
||||
ORPort, DirPort, DirCache, BridgeRelay, ExtORPort, or
|
||||
ServerTransport* options, rather than ignoring the values of these
|
||||
options. Closes part of ticket 32213.
|
||||
|
||||
o Minor features (relay):
|
||||
- When the relay module is disabled, change the default config so
|
||||
that DirCache is 0, and ClientOnly is 1. Closes ticket 32410.
|
||||
|
||||
o Minor features (release tools):
|
||||
- Port our ChangeLog formatting and sorting tools to Python 3.
|
||||
Closes ticket 32704.
|
||||
|
||||
o Minor features (testing):
|
||||
- The unit tests now support a "TOR_SKIP_TESTCASES" environment
|
||||
variable to specify a list of space-separated test cases that
|
||||
should not be executed. We will use this to disable certain tests
|
||||
that are failing on Appveyor because of mismatched OpenSSL
|
||||
libraries. Part of ticket 33643.
|
||||
- Detect some common failure cases for test_parseconf.sh in
|
||||
src/test/conf_failures. Closes ticket 32451.
|
||||
- Allow test_parseconf.sh to test expected log outputs for successful
|
||||
configs, as well as failed configs. Closes ticket 32451.
|
||||
- The test_parseconf.sh script now supports result variants for any
|
||||
combination of the optional libraries lzma, nss, and zstd. Closes
|
||||
ticket 32397.
|
||||
|
||||
o Minor features (tests, Android):
|
||||
- When running the unit tests on Android, create temporary files in
|
||||
a subdirectory of /data/local/tmp. Closes ticket 32172. Based on a
|
||||
patch from Hans-Christoph Steiner.
|
||||
|
||||
o Minor features (usability):
|
||||
- Include more information when failing to parse a configuration
|
||||
value. This should make it easier to tell what's going wrong when
|
||||
a configuration file doesn't parse. Closes ticket 33460.
|
||||
|
||||
o Minor bugfix (relay, configuration):
|
||||
- Warn if the ContactInfo field is not set, and tell the relay
|
||||
operator that not having a ContactInfo field set might cause their
|
||||
relay to get rejected in the future. Fixes bug 33361; bugfix
|
||||
on 0.1.1.10-alpha.
|
||||
|
||||
o Minor bugfixes (--disable-module-relay):
|
||||
- Fix an assertion failure when Tor is built without the relay
|
||||
module, and then invoked with the "User" option. Fixes bug 33668;
|
||||
bugfix on 0.4.3.1-alpha.
|
||||
|
||||
o Minor bugfixes (--disable-module-relay,--disable-module-dirauth):
|
||||
- Set some output arguments in the relay and dirauth module stubs,
|
||||
to guard against future stub argument handling bugs like 33668.
|
||||
Fixes bug 33674; bugfix on 0.4.3.1-alpha.
|
||||
|
||||
o Minor bugfixes (bridges):
|
||||
- Lowercase the configured value of BridgeDistribution before adding
|
||||
it to the descriptor. Fixes bug 32753; bugfix on 0.3.2.3-alpha.
|
||||
|
||||
o Minor bugfixes (build system):
|
||||
- Correctly output the enabled module in the configure summary.
|
||||
Before that, the list shown was just plain wrong. Fixes bug 33646;
|
||||
bugfix on 0.4.3.2-alpha.
|
||||
- Revise configure options that were either missing or incorrect in
|
||||
the configure summary. Fixes bug 32230; bugfix on 0.4.3.1-alpha.
|
||||
- Fix "make autostyle" for out-of-tree builds. Fixes bug 32370;
|
||||
bugfix on 0.4.1.2-alpha.
|
||||
|
||||
o Minor bugfixes (client, IPv6):
|
||||
- Stop forcing all non-SocksPorts to prefer IPv6 exit connections.
|
||||
Instead, prefer IPv6 connections by default, but allow users to
|
||||
change their configs using the "NoPreferIPv6" port flag. Fixes bug
|
||||
33608; bugfix on 0.4.3.1-alpha.
|
||||
- Revert PreferIPv6 set by default on the SocksPort because it broke
|
||||
the torsocks use case. Tor doesn't have a way for an application
|
||||
to request the hostname to be resolved for a specific IP version,
|
||||
but torsocks requires that. Up until now, IPv4 was used by default
|
||||
so torsocks is expecting that, and can't handle a possible IPv6
|
||||
being returned. Fixes bug 33804; bugfix on 0.4.3.1-alpha.
|
||||
|
||||
o Minor bugfixes (coding best practices checks):
|
||||
- Allow the "practracker" script to read unicode files when using
|
||||
Python 2. We made the script use unicode literals in 0.4.3.1-alpha,
|
||||
but didn't change the codec for opening files. Fixes bug 33374;
|
||||
bugfix on 0.4.3.1-alpha.
|
||||
|
||||
o Minor bugfixes (compiler compatibility):
|
||||
- Avoid compiler warnings from Clang 10 related to the use of GCC-
|
||||
style "/* falls through */" comments. Both Clang and GCC allow
|
||||
__attribute__((fallthrough)) instead, so that's what we're using
|
||||
now. Fixes bug 34078; bugfix on 0.3.1.3-alpha.
|
||||
- Fix compilation warnings with GCC 10.0.1. Fixes bug 34077; bugfix
|
||||
on 0.4.0.3-alpha.
|
||||
|
||||
o Minor bugfixes (configuration handling):
|
||||
- Make control_event_conf_changed() take in a config_line_t instead
|
||||
of a smartlist of alternating key/value entries. Fixes bug 31531;
|
||||
bugfix on 0.2.3.3-alpha. Patch by Neel Chauhan.
|
||||
|
||||
o Minor bugfixes (configuration):
|
||||
- Check for multiplication overflow when parsing memory units inside
|
||||
configuration. Fixes bug 30920; bugfix on 0.0.9rc1.
|
||||
- When dumping the configuration, stop adding a trailing space after
|
||||
the option name when there is no option value. This issue only
|
||||
affects options that accept an empty value or list. (Most options
|
||||
reject empty values, or delete the entire line from the dumped
|
||||
options.) Fixes bug 32352; bugfix on 0.0.9pre6.
|
||||
- Avoid changing the user's value of HardwareAccel as stored by
|
||||
SAVECONF, when AccelName is set but HardwareAccel is not. Fixes
|
||||
bug 32382; bugfix on 0.2.2.1-alpha.
|
||||
- When creating a KeyDirectory with the same location as the
|
||||
DataDirectory (not recommended), respect the DataDirectory's
|
||||
group-readable setting if one has not been set for the
|
||||
KeyDirectory. Fixes bug 27992; bugfix on 0.3.3.1-alpha.
|
||||
|
||||
o Minor bugfixes (continuous integration):
|
||||
- Remove the buggy and unused mirroring job. Fixes bug 33213; bugfix
|
||||
on 0.3.2.2-alpha.
|
||||
|
||||
o Minor bugfixes (controller protocol):
|
||||
- Fix a memory leak introduced by refactoring of control reply
|
||||
formatting code. Fixes bug 33039; bugfix on 0.4.3.1-alpha.
|
||||
- Fix a memory leak in GETINFO responses. Fixes bug 33103; bugfix
|
||||
on 0.4.3.1-alpha.
|
||||
- When receiving "ACTIVE" or "DORMANT" signals on the control port,
|
||||
report them as SIGNAL events. Previously we would log a bug
|
||||
warning. Fixes bug 33104; bugfix on 0.4.0.1-alpha.
|
||||
|
||||
o Minor bugfixes (controller):
|
||||
- In routerstatus_has_changed(), check all the fields that are
|
||||
output over the control port. Fixes bug 20218; bugfix
|
||||
on 0.1.1.11-alpha
|
||||
|
||||
o Minor bugfixes (correctness checks):
|
||||
- Use GCC/Clang's printf-checking feature to make sure that
|
||||
tor_assertf() arguments are correctly typed. Fixes bug 32765;
|
||||
bugfix on 0.4.1.1-alpha.
|
||||
|
||||
o Minor bugfixes (developer tools):
|
||||
- Allow paths starting with ./ in scripts/add_c_file.py. Fixes bug
|
||||
31336; bugfix on 0.4.1.2-alpha.
|
||||
|
||||
o Minor bugfixes (dirauth module):
|
||||
- Split the dirauth config code into a separate file in the dirauth
|
||||
module. Disable this code when the dirauth module is disabled.
|
||||
Closes ticket 32213.
|
||||
- When the dirauth module is disabled, reject attempts to set the
|
||||
AuthoritativeDir option, rather than ignoring the value of the
|
||||
option. Fixes bug 32213; bugfix on 0.3.4.1-alpha.
|
||||
|
||||
o Minor bugfixes (embedded Tor):
|
||||
- When starting Tor any time after the first time in a process,
|
||||
register the thread in which it is running as the main thread.
|
||||
Previously, we only did this on Windows, which could lead to bugs
|
||||
like 23081 on non-Windows platforms. Fixes bug 32884; bugfix
|
||||
on 0.3.3.1-alpha.
|
||||
|
||||
o Minor bugfixes (git scripts):
|
||||
- Avoid sleeping before the last push in git-push-all.sh. Closes
|
||||
ticket 32216.
|
||||
- Forward all unrecognised arguments in git-push-all.sh to git push.
|
||||
Closes ticket 32216.
|
||||
|
||||
o Minor bugfixes (hidden service v3):
|
||||
- Do not rely on a "circuit established" flag for intro circuits but
|
||||
instead always query the HS circuit map. This is to avoid sync
|
||||
issue with that flag and the map. Fixes bug 32094; bugfix
|
||||
on 0.3.2.1-alpha.
|
||||
|
||||
o Minor bugfixes (key portability):
|
||||
- When reading PEM-encoded key data, tolerate CRLF line-endings even
|
||||
if we are not running on Windows. Previously, non-Windows hosts
|
||||
would reject these line-endings in certain positions, making
|
||||
certain key files hard to move from one host to another. Fixes bug
|
||||
33032; bugfix on 0.3.5.1-alpha.
|
||||
|
||||
o Minor bugfixes (logging):
|
||||
- Stop truncating IPv6 addresses and ports in channel and connection
|
||||
logs. Fixes bug 33918; bugfix on 0.2.4.4-alpha.
|
||||
- Fix a logic error in a log message about whether an address was
|
||||
invalid. Previously, the code would never report that onion
|
||||
addresses were onion addresses. Fixes bug 34131; bugfix
|
||||
on 0.4.3.1-alpha.
|
||||
- Flush stderr, stdout, and file logs during shutdown, if supported
|
||||
by the OS. This change helps make sure that any final logs are
|
||||
recorded. Fixes bug 33087; bugfix on 0.4.1.6.
|
||||
- Stop closing stderr and stdout during shutdown. Closing these file
|
||||
descriptors can hide sanitiser logs. Fixes bug 33087; bugfix
|
||||
on 0.4.1.6.
|
||||
- If we encounter a bug when flushing a buffer to a TLS connection,
|
||||
only log the bug once per invocation of the Tor process.
|
||||
Previously we would log with every occurrence, which could cause
|
||||
us to run out of disk space. Fixes bug 33093; bugfix
|
||||
on 0.3.2.2-alpha.
|
||||
- When logging a bug, do not say "Future instances of this warning
|
||||
will be silenced" unless we are actually going to silence them.
|
||||
Previously we would say this whenever a BUG() check failed in the
|
||||
code. Fixes bug 33095; bugfix on 0.4.1.1-alpha.
|
||||
|
||||
o Minor bugfixes (logging, crash):
|
||||
- Avoid a possible crash when trying to log a (fatal) assertion
|
||||
failure about mismatched magic numbers in configuration objects.
|
||||
Fixes bug 32771; bugfix on 0.4.2.1-alpha.
|
||||
|
||||
o Minor bugfixes (onion service v2):
|
||||
- Move a series of v2 onion service warnings to protocol-warning
|
||||
level because they can all be triggered remotely by a malformed
|
||||
request. Fixes bug 32706; bugfix on 0.1.1.14-alpha.
|
||||
- When sending the INTRO cell for a v2 Onion Service, look at the
|
||||
failure cache alongside timeout values to check if the intro point
|
||||
is marked as failed. Previously, we only looked at the relay
|
||||
timeout values. Fixes bug 25568; bugfix on 0.2.7.3-rc. Patch by
|
||||
Neel Chauhan.
|
||||
|
||||
o Minor bugfixes (onion service v3, client authorization):
|
||||
- When removing client authorization credentials using the control
|
||||
port, also remove the associated descriptor, so the onion service
|
||||
can no longer be contacted. Fixes bug 33148; bugfix
|
||||
on 0.4.3.1-alpha.
|
||||
|
||||
o Minor bugfixes (onion service v3, client):
|
||||
- Remove a BUG() warning that would cause a stack trace if an onion
|
||||
service descriptor was freed while we were waiting for a
|
||||
rendezvous circuit to complete. Fixes bug 28992; bugfix
|
||||
on 0.3.2.1-alpha.
|
||||
|
||||
o Minor bugfixes (onion services v3):
|
||||
- Relax severity of a log message that can appear naturally when
|
||||
decoding onion service descriptors as a relay. Also add some
|
||||
diagnostics to debug any future bugs in that area. Fixes bug
|
||||
31669; bugfix on 0.3.0.1-alpha.
|
||||
- Block a client-side assertion by disallowing the registration of
|
||||
an x25519 client auth key that's all zeroes. Fixes bug 33545;
|
||||
bugfix on 0.4.3.1-alpha. Based on patch from "cypherpunks".
|
||||
- Fix an assertion failure that could result from a corrupted
|
||||
ADD_ONION control port command. Found by Saibato. Fixes bug 33137;
|
||||
bugfix on 0.3.3.1-alpha. This issue is also tracked
|
||||
as TROVE-2020-003.
|
||||
|
||||
o Minor bugfixes (onion services v3, client):
|
||||
- Properly handle the client rendezvous circuit timeout. Previously
|
||||
Tor would sometimes timeout a rendezvous circuit awaiting the
|
||||
introduction ACK, and find itself unable to re-establish all
|
||||
circuits because the rendezvous circuit timed out too early. Fixes
|
||||
bug 32021; bugfix on 0.3.2.1-alpha.
|
||||
|
||||
o Minor bugfixes (onion services):
|
||||
- In cancel_descriptor_fetches(), use
|
||||
connection_list_by_type_purpose() instead of
|
||||
connection_list_by_type_state(). Fixes bug 32639; bugfix on
|
||||
0.3.2.1-alpha. Patch by Neel Chauhan.
|
||||
|
||||
o Minor bugfixes (pluggable transports):
|
||||
- When receiving a message on standard error from a pluggable
|
||||
transport, log it at info level, rather than as a warning. Fixes
|
||||
bug 33005; bugfix on 0.4.0.1-alpha.
|
||||
|
||||
o Minor bugfixes (rust, build):
|
||||
- Fix a syntax warning given by newer versions of Rust that was
|
||||
creating problems for our continuous integration. Fixes bug 33212;
|
||||
bugfix on 0.3.5.1-alpha.
|
||||
|
||||
o Minor bugfixes (scripts):
|
||||
- Fix update_versions.py for out-of-tree builds. Fixes bug 32371;
|
||||
bugfix on 0.4.0.1-alpha.
|
||||
|
||||
o Minor bugfixes (test):
|
||||
- Use the same code to find the tor binary in all of our test
|
||||
scripts. This change makes sure we are always using the coverage
|
||||
binary when coverage is enabled. Fixes bug 32368; bugfix
|
||||
on 0.2.7.3-rc.
|
||||
|
||||
o Minor bugfixes (testing):
|
||||
- Stop ignoring "tor --dump-config" errors in test_parseconf.sh.
|
||||
Fixes bug 32468; bugfix on 0.4.2.1-alpha.
|
||||
- When TOR_DISABLE_PRACTRACKER is set, do not apply it to the
|
||||
test_practracker.sh script. Doing so caused a test failure. Fixes
|
||||
bug 32705; bugfix on 0.4.2.1-alpha.
|
||||
- When TOR_DISABLE_PRACTRACKER is set, log a notice to stderr when
|
||||
skipping practracker checks. Fixes bug 32705; bugfix
|
||||
on 0.4.2.1-alpha.
|
||||
|
||||
o Minor bugfixes (tests):
|
||||
- Our option-validation tests no longer depend on specially
|
||||
configured non-default, non-passing sets of options. Previously,
|
||||
the tests had been written to assume that options would _not_ be
|
||||
set to their defaults, which led to needless complexity and
|
||||
verbosity. Fixes bug 32175; bugfix on 0.2.8.1-alpha.
|
||||
|
||||
o Minor bugfixes (TLS bug handling):
|
||||
- When encountering a bug in buf_read_from_tls(), return a "MISC"
|
||||
error code rather than "WANTWRITE". This change might help avoid
|
||||
some CPU-wasting loops if the bug is ever triggered. Bug reported
|
||||
by opara. Fixes bug 32673; bugfix on 0.3.0.4-alpha.
|
||||
|
||||
o Minor bugfixes (windows service):
|
||||
- Initialize the publish/subscribe system when running as a windows
|
||||
service. Fixes bug 32778; bugfix on 0.4.1.1-alpha.
|
||||
|
||||
o Code simplification and refactoring:
|
||||
- Disable our coding standards best practices tracker in our git
|
||||
hooks. (0.4.3 branches only.) Closes ticket 33678.
|
||||
|
||||
o Deprecated features:
|
||||
- Deprecate the ClientAutoIPv6ORPort option. This option was not
|
||||
true "Happy Eyeballs", and often failed on connections that
|
||||
weren't reliably dual-stack. Closes ticket 32942. Patch by
|
||||
Neel Chauhan.
|
||||
|
||||
o Documentation:
|
||||
- Provide a quickstart guide for a Circuit Padding Framework, and
|
||||
documentation for researchers to implement and study circuit
|
||||
padding machines. Closes ticket 28804.
|
||||
- Add documentation in 'HelpfulTools.md' to describe how to build a
|
||||
tag file. Closes ticket 32779.
|
||||
- Create a high-level description of the long-term software
|
||||
architecture goals. Closes ticket 32206.
|
||||
- Describe the --dump-config command in the manual page. Closes
|
||||
ticket 32467.
|
||||
- Unite coding advice from this_not_that.md in torguts repo into our
|
||||
coding standards document. Resolves ticket 31853.
|
||||
|
||||
o Removed features:
|
||||
- Our Doxygen configuration no longer generates LaTeX output. The
|
||||
reference manual produced by doing this was over 4000 pages long,
|
||||
and generally unusable. Closes ticket 32099.
|
||||
- The option "TestingEstimatedDescriptorPropagationTime" is now
|
||||
marked as obsolete. It has had no effect since 0.3.0.7, when
|
||||
clients stopped rejecting consensuses "from the future". Closes
|
||||
ticket 32807.
|
||||
- We no longer support consensus methods before method 28; these
|
||||
methods were only used by authorities running versions of Tor that
|
||||
are now at end-of-life. In effect, this means that clients,
|
||||
relays, and authorities now assume that authorities will be
|
||||
running version 0.3.5.x or later. Closes ticket 32695.
|
||||
|
||||
o Testing:
|
||||
- Avoid conflicts between the fake sockets in tor's unit tests, and
|
||||
real file descriptors. Resolves issues running unit tests with
|
||||
GitHub Actions, where the process that embeds or launches the
|
||||
tests has already opened a large number of file descriptors. Fixes
|
||||
bug 33782; bugfix on 0.2.8.1-alpha. Found and fixed by
|
||||
Putta Khunchalee.
|
||||
- Add more test cases for tor's UTF-8 validation function. Also,
|
||||
check the arguments passed to the function for consistency. Closes
|
||||
ticket 32845.
|
||||
- Improve test coverage for relay and dirauth config code, focusing
|
||||
on option validation and normalization. Closes ticket 32213.
|
||||
- Improve the consistency of test_parseconf.sh output, and run all
|
||||
the tests, even if one fails. Closes ticket 32213.
|
||||
- Re-enable the Travis CI macOS Chutney build, but don't let it
|
||||
prevent the Travis job from finishing. (The Travis macOS jobs are
|
||||
slow, so we don't want to have it delay the whole CI process.)
|
||||
Closes ticket 32629.
|
||||
- Run the practracker unit tests in the pre-commit git hook. Closes
|
||||
ticket 32609.
|
||||
- Turn off Tor's Sandbox in Chutney jobs, and run those jobs on
|
||||
Ubuntu Bionic. Turning off the Sandbox is a work-around, until we
|
||||
fix the sandbox errors in 32722. Closes ticket 32240.
|
||||
|
||||
o Code simplification and refactoring (channel):
|
||||
- Channel layer had a variable length cell handler that was not used
|
||||
and thus removed. Closes ticket 32892.
|
||||
|
||||
o Code simplification and refactoring (configuration):
|
||||
- Immutability is now implemented as a flag on individual
|
||||
configuration options rather than as part of the option-transition
|
||||
checking code. Closes ticket 32344.
|
||||
- Instead of keeping a list of configuration options to check for
|
||||
relative paths, check all the options whose type is "FILENAME".
|
||||
Solves part of ticket 32339.
|
||||
- Our default log (which ordinarily sends NOTICE-level messages to
|
||||
standard output) is now handled in a more logical manner.
|
||||
Previously, we replaced the configured log options if they were
|
||||
empty. Now, we interpret an empty set of log options as meaning
|
||||
"use the default log". Closes ticket 31999.
|
||||
- Remove some unused arguments from the options_validate() function,
|
||||
to simplify our code and tests. Closes ticket 32187.
|
||||
- Simplify the options_validate() code so that it looks at the
|
||||
default options directly, rather than taking default options as an
|
||||
argument. This change lets us simplify its interface. Closes
|
||||
ticket 32185.
|
||||
- Use our new configuration architecture to move most authority-
|
||||
related options to the directory authority module. Closes
|
||||
ticket 32806.
|
||||
- When parsing the command line, handle options that determine our
|
||||
"quiet level" and our mode of operation (e.g., --dump-config and
|
||||
so on) all in one table. Closes ticket 32003.
|
||||
|
||||
o Code simplification and refactoring (controller):
|
||||
- Create a new abstraction for formatting control protocol reply
|
||||
lines based on key-value pairs. Refactor some existing control
|
||||
protocol code to take advantage of this. Closes ticket 30984.
|
||||
- Create a helper function that can fetch network status or
|
||||
microdesc consensuses. Closes ticket 31684.
|
||||
|
||||
o Code simplification and refactoring (dirauth modularization):
|
||||
- Remove the last remaining HAVE_MODULE_DIRAUTH inside a function.
|
||||
Closes ticket 32163.
|
||||
- Replace some confusing identifiers in process_descs.c. Closes
|
||||
ticket 29826.
|
||||
- Simplify some relay and dirauth config code. Closes ticket 32213.
|
||||
|
||||
o Code simplification and refactoring (mainloop):
|
||||
- Simplify the ip_address_changed() function by removing redundant
|
||||
checks. Closes ticket 33091.
|
||||
|
||||
o Code simplification and refactoring (misc):
|
||||
- Make all the structs we declare follow the same naming convention
|
||||
of ending with "_t". Closes ticket 32415.
|
||||
- Move and rename some configuration-related code for clarity.
|
||||
Closes ticket 32304.
|
||||
- Our include.am files are now broken up by subdirectory.
|
||||
Previously, src/core/include.am covered all of the subdirectories
|
||||
in "core", "feature", and "app". Closes ticket 32137.
|
||||
- Remove underused NS*() macros from test code: they make our tests
|
||||
more confusing, especially for code-formatting tools. Closes
|
||||
ticket 32887.
|
||||
|
||||
o Code simplification and refactoring (relay modularization):
|
||||
- Disable relay_periodic when the relay module is disabled. Closes
|
||||
ticket 32244.
|
||||
- Disable relay_sys when the relay module is disabled. Closes
|
||||
ticket 32245.
|
||||
|
||||
o Code simplification and refactoring (tool support):
|
||||
- Add numerous missing dependencies to our include files, so that
|
||||
they can be included in different reasonable orders and still
|
||||
compile. Addresses part of ticket 32764.
|
||||
- Fix some parts of our code that were difficult for Coccinelle to
|
||||
parse. Related to ticket 31705.
|
||||
- Fix some small issues in our code that prevented automatic
|
||||
formatting tools from working. Addresses part of ticket 32764.
|
||||
|
||||
o Documentation (manpage):
|
||||
- Alphabetize the Server and Directory server sections of the tor
|
||||
manpage. Also split Statistics options into their own section of
|
||||
the manpage. Closes ticket 33188. Work by Swati Thacker as part of
|
||||
Google Season of Docs.
|
||||
- Document the __OwningControllerProcess torrc option and specify
|
||||
its polling interval. Resolves issue 32971.
|
||||
- Split "Circuit Timeout" options and "Node Selection" options into
|
||||
their own sections of the tor manpage. Closes tickets 32928 and
|
||||
32929. Work by Swati Thacker as part of Google Season of Docs.
|
||||
- Alphabetize the Client Options section of the tor manpage. Closes
|
||||
ticket 32846.
|
||||
- Alphabetize the General Options section of the tor manpage. Closes
|
||||
ticket 32708.
|
||||
- In the tor(1) manpage, reword and improve formatting of the
|
||||
COMMAND-LINE OPTIONS and DESCRIPTION sections. Closes ticket
|
||||
32277. Based on work by Swati Thacker as part of Google Season
|
||||
of Docs.
|
||||
- In the tor(1) manpage, reword and improve formatting of the FILES,
|
||||
SEE ALSO, and BUGS sections. Closes ticket 32176. Based on work by
|
||||
Swati Thacker as part of Google Season of Docs.
|
||||
|
||||
o Testing (CI):
|
||||
- In our Appveyor Windows CI, copy required DLLs to test and app
|
||||
directories, before running tor's tests. This ensures that tor.exe
|
||||
and test*.exe use the correct version of each DLL. This fix is not
|
||||
required, but we hope it will avoid DLL search issues in future.
|
||||
Fixes bug 33673; bugfix on 0.3.4.2-alpha.
|
||||
- On Appveyor, skip the crypto/openssl_version test, which is
|
||||
failing because of a mismatched library installation. Fix
|
||||
for 33643.
|
||||
|
||||
o Testing (circuit, EWMA):
|
||||
- Add unit tests for circuitmux and EWMA subsystems. Closes
|
||||
ticket 32196.
|
||||
|
||||
o Testing (continuous integration):
|
||||
- Use zstd in our Travis Linux builds. Closes ticket 32242.
|
||||
|
||||
o Testing (Travis CI):
|
||||
- Remove a redundant distcheck job. Closes ticket 33194.
|
||||
- Sort the Travis jobs in order of speed: putting the slowest jobs
|
||||
first takes full advantage of Travis job concurrency. Closes
|
||||
ticket 33194.
|
||||
- Stop allowing the Chutney IPv6 Travis job to fail. This job was
|
||||
previously configured to fast_finish (which requires
|
||||
allow_failure), to speed up the build. Closes ticket 33195.
|
||||
- When a Travis chutney job fails, use chutney's new "diagnostics.sh"
|
||||
tool to produce detailed diagnostic output. Closes ticket 32792.
|
||||
|
||||
|
||||
Changes in version 0.4.2.6 - 2020-01-30
|
||||
This is the second stable release in the 0.4.2.x series. It backports
|
||||
|
Loading…
Reference in New Issue
Block a user