nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-24 04:13:28 +01:00
Code Issues Packages Projects Releases Wiki Activity

Re-run formatChangelog.py

Browse Source
This commit is contained in:
Nick Mathewson 2016-02-01 23:55:16 -05:00
parent b8171e9f85
commit 937afe746f
1 changed files with 124 additions and 123 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

247
ChangeLog
View File

@ -1,16 +1,12 @@
Changes in version 0.2.8.1-alpha - 2016-02-0? Changes in version 0.2.8.1-alpha - 2016-02-0?
XXXX Blurb goes here XXXX XXXX Blurb goes here XXXX
o Removed features: o Major features (security, Linux):
- Remove client-side support for connecting to Tor servers running - When Tor is started as root on Linux and told to switch user ID,
versions of Tor before 0.2.3.6-alpha. These servers didn't support it can now retain the capabilitity to bind to low ports. By
the v3 TLS handshake protocol, and are no longer allowed on the default, Tor will do this only when it's switching user ID and
Tor network. Implements the client side of ticket 11150. Based on some low ports have been configured. You can change this behavior
patches by Tom van der Woerdt. with the new option KeepBindCapabilities. Closes ticket 8195.
o Major key updates:
- Update the V3 identity key for dannenberg: it was changed on 18
November 2015. Closes task 17906. Patch by "teor".
o Major features (consensus downloads): o Major features (consensus downloads):
- Schedule multiple in-progress consensus downloads during client - Schedule multiple in-progress consensus downloads during client
@ -29,24 +25,29 @@ Changes in version 0.2.8.1-alpha - 2016-02-0?
"teor". OnionOO script by "weasel", "teor", "gsathya", "teor". OnionOO script by "weasel", "teor", "gsathya",
and "karsten". and "karsten".
o Major features (security, Linux): o Major features (directory system):
- When Tor is started as root on Linux and told to switch user ID, - Previously only relays who explicitly opened a directory port
it can now retain the capabilitity to bind to low ports. By (DirPort) accepted directory requests from clients. Now all
default, Tor will do this only when it's switching user ID and relays, with and without a DirPort, who do not disable the
some low ports have been configured. You can change this behavior DirCache option accept and serve directory requests sent
with the new option KeepBindCapabilities. Closes ticket 8195. (tunnelled) through their ORPort. Closes ticket 12538.
o Minor features (security, RNG): o Major key updates:
- Adjust Tor's use of OpenSSL's RNG APIs so that they absolutely, - Update the V3 identity key for dannenberg: it was changed on 18
positively are not allowed to fail. Previously we depended on November 2015. Closes task 17906. Patch by "teor".
internals about OpenSSL behavior. Closes ticket 17686.
- Never use the system entropy output directly for anything besides o Minor features (security, clock):
seeding the PRNG. When we want to generate important keys, instead - Warn when the system clock is set back in time (when the state
of using system entropy directly, hash it with the PRNG stream. file was last written in the future). Tor doesn't know that
This may help resist certain attacks based on broken OS entropy consensuses have expired if the clock is in the past. Patch by
implementations. Closes part of ticket 17694. "teor". Implements ticket 17188.
- Use modern system calls to generate strong entropy on platforms
that provide them. Closes ticket 13696. o Minor features (security, exit policies):
- ExitPolicyRejectPrivate rejects more private addresses by default.
Specifically, it rejects the relay's outbound bind addresses (if
configured), and the relay's configured port addresses (such as
ORPort and DirPort). Fixes bug 17027; bugfix on 0.2.0.11-alpha.
Patch by "teor".
o Minor features (security, memory erasure): o Minor features (security, memory erasure):
- Set unused entires in a smartlist to NULL. This helped catch - Set unused entires in a smartlist to NULL. This helped catch
@ -62,53 +63,17 @@ Changes in version 0.2.8.1-alpha - 2016-02-0?
bugfix on 0.2.3.25 and 0.2.4.6-alpha. Reported by "gk", patch bugfix on 0.2.3.25 and 0.2.4.6-alpha. Reported by "gk", patch
by "teor". by "teor".
o Minor features (security, clock): o Minor features (security, RNG):
- Warn when the system clock is set back in time (when the state - Adjust Tor's use of OpenSSL's RNG APIs so that they absolutely,
file was last written in the future). Tor doesn't know that positively are not allowed to fail. Previously we depended on
consensuses have expired if the clock is in the past. Patch by internals about OpenSSL behavior. Closes ticket 17686.
"teor". Implements ticket 17188. - Never use the system entropy output directly for anything besides
seeding the PRNG. When we want to generate important keys, instead
o Minor features (crypto): of using system entropy directly, hash it with the PRNG stream.
- Add SHA512 support to crypto.c. Closes ticket 17663; patch from This may help resist certain attacks based on broken OS entropy
George Tankersley. implementations. Closes part of ticket 17694.
- Add SHA3 and SHAKE support to crypto.c. Closes ticket 17783. - Use modern system calls to generate strong entropy on platforms
- When allocating a digest state object, allocate no more space than that provide them. Closes ticket 13696.
we actually need. Previously, we were allocating as much space as
the state for the largest algorithm would need. This change saves
up to 672 bytes per circuit. Closes ticket 17796.
o Minor features (directory downloads):
- Wait for busy authorities and fallbacks to become non-busy when
bootstrapping. (A similar change was made in 6c443e987d for
directory servers chosen from the consensus.) Closes ticket 17864;
patch by "teor".
- Add UseDefaultFallbackDirs, which enables any hard-coded fallback
directory mirrors. Default is 1, set it to 0 to disable fallbacks.
Implements ticket 17576. Patch by "teor".
o Minor features (IPv6):
- Add a flag ipv6=address:orport to the DirAuthority and FallbackDir
torrc options. Add hard-coded ipv6 addresses for directory
authorities with ipv6 lines in their descriptors. Closes ticket
17327; patch from Nick Mathewson / "teor".
- Add address policy assume_action support for IPv6 addresses.
- Limit IPv6 mask bits to 128.
- Warn when comparing against an AF_UNSPEC address in a policy, it's
almost always a bug. Closes ticket 17863; patch by "teor".
- Allow users to configure directory authorities and fallback
directory servers with IPv6 addresses and ORPorts. Resolves
ticket 6027.
- routerset_parse now accepts IPv6 literal addresses. Fixes bug
17060; bugfix on 0.2.1.3-alpha. Patch by "teor".
- Make tor_ersatz_socketpair work on IPv6-only systems. Fixes bug
17638; bugfix on 0.0.2pre8. Patch by "teor".
o Minor features (logging):
- When logging to syslog, allow a tag to be added to the syslog
identity (the string prepended to every log message).
The tag can be configured with SyslogIdentityTag and
defaults to none. Setting it to "foo" will cause logs to be tagged
as "Tor-foo". Closes ticket 17194.
o Minor features (accounting): o Minor features (accounting):
- Added two modes to AccountingRule in torrc for limiting just input - Added two modes to AccountingRule in torrc for limiting just input
@ -131,17 +96,52 @@ Changes in version 0.2.8.1-alpha - 2016-02-0?
for the reject rules added by ExitPolicyRejectPrivate. This makes for the reject rules added by ExitPolicyRejectPrivate. This makes
it easier for stem to display exit policies. it easier for stem to display exit policies.
o Major features (directory system): o Minor features (crypto):
- Previously only relays who explicitly opened a directory port - Add SHA512 support to crypto.c. Closes ticket 17663; patch from
(DirPort) accepted directory requests from clients. Now all George Tankersley.
relays, with and without a DirPort, who do not disable the - Add SHA3 and SHAKE support to crypto.c. Closes ticket 17783.
DirCache option accept and serve directory requests sent - When allocating a digest state object, allocate no more space than
(tunnelled) through their ORPort. Closes ticket 12538. we actually need. Previously, we were allocating as much space as
the state for the largest algorithm would need. This change saves
up to 672 bytes per circuit. Closes ticket 17796.
o Minor features (directory downloads):
- Wait for busy authorities and fallbacks to become non-busy when
bootstrapping. (A similar change was made in 6c443e987d for
directory servers chosen from the consensus.) Closes ticket 17864;
patch by "teor".
- Add UseDefaultFallbackDirs, which enables any hard-coded fallback
directory mirrors. Default is 1, set it to 0 to disable fallbacks.
Implements ticket 17576. Patch by "teor".
o Minor features (geoip): o Minor features (geoip):
- Update geoip and geoip6 to the January 5 2016 Maxmind GeoLite2 - Update geoip and geoip6 to the January 5 2016 Maxmind GeoLite2
Country database. Country database.
o Minor features (IPv6):
- Add a flag ipv6=address:orport to the DirAuthority and FallbackDir
torrc options. Add hard-coded ipv6 addresses for directory
authorities with ipv6 lines in their descriptors. Closes ticket
17327; patch from Nick Mathewson / "teor".
- Add address policy assume_action support for IPv6 addresses.
- Limit IPv6 mask bits to 128.
- Warn when comparing against an AF_UNSPEC address in a policy, it's
almost always a bug. Closes ticket 17863; patch by "teor".
- Allow users to configure directory authorities and fallback
directory servers with IPv6 addresses and ORPorts. Resolves
ticket 6027.
- routerset_parse now accepts IPv6 literal addresses. Fixes bug
17060; bugfix on 0.2.1.3-alpha. Patch by "teor".
- Make tor_ersatz_socketpair work on IPv6-only systems. Fixes bug
17638; bugfix on 0.0.2pre8. Patch by "teor".
o Minor features (logging):
- When logging to syslog, allow a tag to be added to the syslog
identity (the string prepended to every log message). The tag can
be configured with SyslogIdentityTag and defaults to none. Setting
it to "foo" will cause logs to be tagged as "Tor-foo". Closes
ticket 17194.
o Minor features (portability): o Minor features (portability):
- Use timingsafe_memcmp() where available. Closes ticket 17944; - Use timingsafe_memcmp() where available. Closes ticket 17944;
patch from <logan@hackers.mu>. patch from <logan@hackers.mu>.
@ -162,6 +162,11 @@ Changes in version 0.2.8.1-alpha - 2016-02-0?
- The replay cache now uses SHA256 instead of SHA1. Implements - The replay cache now uses SHA256 instead of SHA1. Implements
feature 8961. Patch by "teor", issue reported by "rransom". feature 8961. Patch by "teor", issue reported by "rransom".
o Minor features (SipHash-2-4 performance):
- Improve performance when hashing non-multiple of 8 sized buffers,
based on Andrew Moon's Public Domain SipHash-2-4 implementation.
Fixes bug 17544; bugfix on 0.2.5.3-alpha.
o Minor features (unix file permissions): o Minor features (unix file permissions):
- Defer creation of Unix sockets until after setuid. This avoids - Defer creation of Unix sockets until after setuid. This avoids
needing CAP_CHOWN and CAP_FOWNER when using systemd's needing CAP_CHOWN and CAP_FOWNER when using systemd's
@ -177,47 +182,6 @@ Changes in version 0.2.8.1-alpha - 2016-02-0?
DataDirectory will be made readable by the default GID. Implements DataDirectory will be made readable by the default GID. Implements
part of ticket 17562. Patch from Jamie Nguyen. part of ticket 17562. Patch from Jamie Nguyen.
o Minor features (security, exit policies):
- ExitPolicyRejectPrivate rejects more private addresses by default.
Specifically, it rejects the relay's outbound bind addresses (if
configured), and the relay's configured port addresses (such as
ORPort and DirPort). Fixes bug 17027; bugfix on 0.2.0.11-alpha.
Patch by "teor".
o Minor bugfixes (crypto):
- Check the return value of HMAC() and assert on failure. Fixes bug
17658; bugfix on 0.2.3.6-alpha. Patch by "teor".
o Minor bugfixes (fallback directories):
- Mark fallbacks as "too busy" when they return a 503 response,
rather than just marking authorities. Fixes bug 17572; bugfix on
0.2.4.7-alpha. Patch by "teor".
o Minor bugfixes (relays, hidden services):
- Refuse connection requests to private OR addresses unless
ExtendAllowPrivateAddresses is set. Previously, tor would connect,
then refuse to send any cells to a private address. Fixes bugs
17674 and 8976; bugfix on 0.2.3.21-rc. Patch by "teor".
o Minor features (SipHash-2-4 performance):
- Improve performance when hashing non-multiple of 8 sized buffers,
based on Andrew Moon's Public Domain SipHash-2-4 implementation.
Fixes bug 17544; bugfix on 0.2.5.3-alpha.
o Minor bugfixes (testing):
- The test for log_heartbeat was incorrectly failing in timezones
with non-integer offsets. Instead of comparing the end of the time
string against a constant, compare it to the output of
format_local_iso_time when given the correct input. Fixes bug
18039; bugfix on 0.2.5.4-alpha.
- Make unit tests pass on IPv6-only systems, and systems without
localhost addresses (like some FreeBSD jails). Fixes bug 17632;
bugfix on 0.2.7.3-rc. Patch by "teor".
- Fix a memory leak in the ntor test. Fixes bug 17778; bugfix
on 0.2.4.8-alpha.
- Check the full results of SHA256 and SHA512 digests in the unit
tests. Bugfix on 0.2.2.4-alpha. Patch by "teor".
o Minor bugfixes (accounting): o Minor bugfixes (accounting):
- The max bandwidth when using 'AccountRule sum' is now correctly - The max bandwidth when using 'AccountRule sum' is now correctly
logged. Fixes bug 18024; bugfix on 0.2.6.1-alpha. Patch logged. Fixes bug 18024; bugfix on 0.2.6.1-alpha. Patch
@ -254,6 +218,15 @@ Changes in version 0.2.8.1-alpha - 2016-02-0?
- Remove config.log only from make distclean, not from make clean. - Remove config.log only from make distclean, not from make clean.
Fixes bug 17924; bugfix on 0.2.4.1-alpha. Fixes bug 17924; bugfix on 0.2.4.1-alpha.
o Minor bugfixes (crypto):
- Check the return value of HMAC() and assert on failure. Fixes bug
17658; bugfix on 0.2.3.6-alpha. Patch by "teor".
o Minor bugfixes (fallback directories):
- Mark fallbacks as "too busy" when they return a 503 response,
rather than just marking authorities. Fixes bug 17572; bugfix on
0.2.4.7-alpha. Patch by "teor".
o Minor bugfixes (IPv6): o Minor bugfixes (IPv6):
- Update the limits in max_dl_per_request for IPv6 address length. - Update the limits in max_dl_per_request for IPv6 address length.
Fixes bug 17573; bugfix on 0.2.1.5-alpha. Fixes bug 17573; bugfix on 0.2.1.5-alpha.
@ -283,6 +256,12 @@ Changes in version 0.2.8.1-alpha - 2016-02-0?
longer than the ORPort reachability test. Fixes bug 18050; bugfix longer than the ORPort reachability test. Fixes bug 18050; bugfix
on 0.1.0.1-rc. Reported by "starlight", patch by "teor". on 0.1.0.1-rc. Reported by "starlight", patch by "teor".
o Minor bugfixes (relays, hidden services):
- Refuse connection requests to private OR addresses unless
ExtendAllowPrivateAddresses is set. Previously, tor would connect,
then refuse to send any cells to a private address. Fixes bugs
17674 and 8976; bugfix on 0.2.3.21-rc. Patch by "teor".
o Minor bugfixes (safe logging): o Minor bugfixes (safe logging):
- When logging a malformed hostname received through socks4, scrub - When logging a malformed hostname received through socks4, scrub
it if SafeLogging says we should. Fixes bug 17419; bugfix it if SafeLogging says we should. Fixes bug 17419; bugfix
@ -298,6 +277,20 @@ Changes in version 0.2.8.1-alpha - 2016-02-0?
cases with maximal values. Fixes part of bug 13192; bugfix cases with maximal values. Fixes part of bug 13192; bugfix
on 0.2.6.2-alpha. on 0.2.6.2-alpha.
o Minor bugfixes (testing):
- The test for log_heartbeat was incorrectly failing in timezones
with non-integer offsets. Instead of comparing the end of the time
string against a constant, compare it to the output of
format_local_iso_time when given the correct input. Fixes bug
18039; bugfix on 0.2.5.4-alpha.
- Make unit tests pass on IPv6-only systems, and systems without
localhost addresses (like some FreeBSD jails). Fixes bug 17632;
bugfix on 0.2.7.3-rc. Patch by "teor".
- Fix a memory leak in the ntor test. Fixes bug 17778; bugfix
on 0.2.4.8-alpha.
- Check the full results of SHA256 and SHA512 digests in the unit
tests. Bugfix on 0.2.2.4-alpha. Patch by "teor".
o Minor bugfixes (TLS context): o Minor bugfixes (TLS context):
- Assert when the TLS contexts fail to initialize. Fixes bug 17683; - Assert when the TLS contexts fail to initialize. Fixes bug 17683;
bugfix on 0.0.6. bugfix on 0.0.6.
@ -337,6 +330,13 @@ Changes in version 0.2.8.1-alpha - 2016-02-0?
whenever we mention a document that belongs in torspce. Fixes whenever we mention a document that belongs in torspce. Fixes
issue 17392. issue 17392.
o Removed features:
- Remove client-side support for connecting to Tor servers running
versions of Tor before 0.2.3.6-alpha. These servers didn't support
the v3 TLS handshake protocol, and are no longer allowed on the
Tor network. Implements the client side of ticket 11150. Based on
patches by Tom van der Woerdt.
o Testing: o Testing:
- Add unit tests that check for common RNG failure modes, such as - Add unit tests that check for common RNG failure modes, such as
returning all zeroes, identical values, or incrementing values returning all zeroes, identical values, or incrementing values
@ -348,8 +348,9 @@ Changes in version 0.2.8.1-alpha - 2016-02-0?
- Cover dns_resolve_impl() in dns.c with unit tests. Implements a - Cover dns_resolve_impl() in dns.c with unit tests. Implements a
portion of ticket 16831. portion of ticket 16831.
- More unit tests for compat_libevent.c, procmon.c, tortls.c, - More unit tests for compat_libevent.c, procmon.c, tortls.c,
util_format.c, directory.c, and options_validate.c. Closes tickets 17075, util_format.c, directory.c, and options_validate.c. Closes tickets
17082, 17084, 17003, and 17076 respectively. Patches from Ola Bini. 17075, 17082, 17084, 17003, and 17076 respectively. Patches from
Ola Bini.
- Unit tests for directory_handle_command_get. Closes ticket 17004. - Unit tests for directory_handle_command_get. Closes ticket 17004.
Patch from Reinaldo de Souza Jr. Patch from Reinaldo de Souza Jr.