mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-30 15:43:32 +01:00
Start on release-notes for 0.3.4.8
This commit is contained in:
parent
b64b7770d1
commit
eca4c39a43
722
ReleaseNotes
722
ReleaseNotes
@ -2,6 +2,727 @@ This document summarizes new features and bugfixes in each stable
|
||||
release of Tor. If you want to see more detailed descriptions of the
|
||||
changes in each development snapshot, see the ChangeLog file.
|
||||
|
||||
Changes in version 0.3.4.8 - 2018-09-10
|
||||
This is the first stable release of its series. BLURB BLURB BLURB.
|
||||
|
||||
o Directory authority changes:
|
||||
- The "Bifroest" bridge authority has been retired; the new bridge
|
||||
authority is "Serge", and it is operated by George from the
|
||||
TorBSD project. Closes ticket 26771.
|
||||
- Add an IPv6 address for the "dannenberg" directory authority.
|
||||
Closes ticket 26343.
|
||||
|
||||
o New system requirements:
|
||||
- Tor no longer tries to support old operating systems without
|
||||
mmap() or some local equivalent. Apparently, compilation on such
|
||||
systems has been broken for some time, without anybody noticing or
|
||||
complaining. Closes ticket 25398.
|
||||
|
||||
o Major features (directory authority, modularization):
|
||||
- The directory authority subsystem has been modularized. The code
|
||||
is now located in src/or/dirauth/, and is compiled in by default.
|
||||
To disable the module, the configure option
|
||||
--disable-module-dirauth has been added. This module may be
|
||||
disabled by default in some future release. Closes ticket 25610.
|
||||
|
||||
o Major features (main loop, CPU usage):
|
||||
- When Tor is disabled (via DisableNetwork or via hibernation), it
|
||||
no longer needs to run any per-second events. This change should
|
||||
make it easier for mobile applications to disable Tor while the
|
||||
device is sleeping, or Tor is not running. Closes ticket 26063.
|
||||
- Tor no longer enables all of its periodic events by default.
|
||||
Previously, Tor would enable all possible main loop events,
|
||||
regardless of whether it needed them. Furthermore, many of these
|
||||
events are now disabled with Tor is hibernating or DisableNetwork
|
||||
is set. This is a big step towards reducing client CPU usage by
|
||||
reducing the amount of wake-ups the daemon does. Closes ticket
|
||||
25376 and 25762.
|
||||
- The bandwidth-limitation logic has been refactored so that
|
||||
bandwidth calculations are performed on-demand, rather than every
|
||||
TokenBucketRefillInterval milliseconds. This change should improve
|
||||
the granularity of our bandwidth calculations, and limit the
|
||||
number of times that the Tor process needs to wake up when it is
|
||||
idle. Closes ticket 25373.
|
||||
- Move responsibility for many operations from a once-per-second
|
||||
callback to a callback that is only scheduled as needed. Moving
|
||||
this functionality has allowed us to disable the callback when
|
||||
Tor's network is disabled. Once enough items are removed from our
|
||||
once-per-second callback, we can eliminate it entirely to conserve
|
||||
CPU when idle. The functionality removed includes: closing
|
||||
connections, circuits, and channels (ticket 25932); consensus
|
||||
voting (25937); flushing log callbacks (25951); honoring delayed
|
||||
SIGNEWNYM requests (25949); rescanning the consensus cache
|
||||
(25931); saving the state file to disk (25948); warning relay
|
||||
operators about unreachable ports (25952); and keeping track of
|
||||
Tor's uptime (26009).
|
||||
|
||||
o Major bugfixes (directory authorities, security):
|
||||
- When directory authorities read a zero-byte bandwidth file, they
|
||||
would previously log a warning with the contents of an
|
||||
uninitialised buffer. They now log a warning about the empty file
|
||||
instead. Fixes bug 26007; bugfix on 0.2.2.1-alpha.
|
||||
|
||||
o Major bugfixes (security, directory authority, denial-of-service, also in 0.3.3.6):
|
||||
- Fix a bug that could have allowed an attacker to force a directory
|
||||
authority to use up all its RAM by passing it a maliciously
|
||||
crafted protocol versions string. Fixes bug 25517; bugfix on
|
||||
0.2.9.4-alpha. This issue is also tracked as TROVE-2018-005.
|
||||
|
||||
o Major bugfixes (crash):
|
||||
- Avoid a rare assertion failure in the circuit build timeout code
|
||||
if we fail to allow any circuits to actually complete. Fixes bug
|
||||
25733; bugfix on 0.2.2.2-alpha.
|
||||
|
||||
o Major bugfixes (directory authority):
|
||||
- Stop leaking memory on directory authorities when planning to
|
||||
vote. This bug was crashing authorities by exhausting their
|
||||
memory. Fixes bug 26435; bugfix on 0.3.3.6.
|
||||
- Avoid a crash when testing router reachability on a router that
|
||||
could have an ed25519 ID, but which does not. Fixes bug 25415;
|
||||
bugfix on 0.3.3.2-alpha.
|
||||
|
||||
o Major bugfixes (onion service):
|
||||
- Correctly detect when onion services get disabled after HUP. Fixes
|
||||
bug 25761; bugfix on 0.3.2.1.
|
||||
|
||||
o Major bugfixes (protover, voting):
|
||||
- Revise Rust implementation of protover to use a more memory-
|
||||
efficient voting algorithm and corresponding data structures, thus
|
||||
avoiding a potential (but small impact) DoS attack where specially
|
||||
crafted protocol strings would expand to several potential
|
||||
megabytes in memory. In the process, several portions of code were
|
||||
revised to be methods on new, custom types, rather than functions
|
||||
taking interchangeable types, thus increasing type safety of the
|
||||
module. Custom error types and handling were added as well, in
|
||||
order to facilitate better error dismissal/handling in outside
|
||||
crates and avoid mistakenly passing an internal error string to C
|
||||
over the FFI boundary. Many tests were added, and some previous
|
||||
differences between the C and Rust implementations have been
|
||||
remedied. Fixes bug 24031; bugfix on 0.3.3.1-alpha.
|
||||
|
||||
o Major bugfixes (relay, denial of service):
|
||||
- Impose a limit on circuit cell queue size. The limit can be
|
||||
controlled by a consensus parameter. Fixes bug 25226; bugfix
|
||||
on 0.2.4.14-alpha.
|
||||
|
||||
o Major bugfixes (rust, testing):
|
||||
- Make sure that failing tests in Rust will actually cause the build
|
||||
to fail: previously, they were ignored. Fixes bug 26258; bugfix
|
||||
on 0.3.3.4-alpha.
|
||||
|
||||
o Minor feature (directory authorities):
|
||||
- Stop warning about incomplete bw lines before the first complete
|
||||
bw line has been found, so that additional header lines can be
|
||||
ignored. Fixes bug 25960; bugfix on 0.2.2.1-alpha
|
||||
|
||||
o Minor features (accounting):
|
||||
- When Tor becomes dormant, it now uses a scheduled event to wake up
|
||||
at the right time. Previously, we would use the per-second timer
|
||||
to check whether to wake up, but we no longer have any per-second
|
||||
timers enabled when the network is disabled. Closes ticket 26064.
|
||||
|
||||
o Minor features (bug workaround):
|
||||
- Compile correctly on systems that provide the C11 stdatomic.h
|
||||
header, but where C11 atomic functions don't actually compile.
|
||||
Closes ticket 26779; workaround for Debian issue 903709.
|
||||
|
||||
o Minor features (code quality):
|
||||
- Add optional spell-checking for the Tor codebase, using the
|
||||
"misspell" program. To use this feature, run "make check-typos".
|
||||
Closes ticket 25024.
|
||||
|
||||
o Minor features (compatibility):
|
||||
- Tell OpenSSL to maintain backward compatibility with previous
|
||||
RSA1024/DH1024 users in Tor. With OpenSSL 1.1.1-pre6, these
|
||||
ciphers are disabled by default. Closes ticket 27344.
|
||||
- Tor now detects versions of OpenSSL 1.1.0 and later compiled with
|
||||
the no-deprecated option, and builds correctly with them. Closes
|
||||
tickets 19429, 19981, and 25353.
|
||||
- Avoid some compilation warnings with recent versions of LibreSSL.
|
||||
Closes ticket 26006.
|
||||
|
||||
o Minor features (compilation):
|
||||
- When building Tor, prefer to use Python 3 over Python 2, and more
|
||||
recent (contemplated) versions over older ones. Closes
|
||||
ticket 26372.
|
||||
- When compiling with --enable-openbsd-malloc or --enable-tcmalloc,
|
||||
tell the compiler not to include the system malloc implementation.
|
||||
Fixes bug 20424; bugfix on 0.2.0.20-rc.
|
||||
- Don't try to use a pragma to temporarily disable the
|
||||
-Wunused-const-variable warning if the compiler doesn't support
|
||||
it. Fixes bug 26785; bugfix on 0.3.2.11.
|
||||
- When building Tor, prefer to use Python 3 over Python 2, and more
|
||||
recent (contemplated) versions over older ones. Closes
|
||||
ticket 26372.
|
||||
|
||||
o Minor features (compression, zstd):
|
||||
- When running with zstd, Tor now considers using advanced functions
|
||||
that the zstd maintainers have labeled as potentially unstable. To
|
||||
prevent breakage, Tor will only use this functionality when the
|
||||
runtime version of the zstd library matches the version with which
|
||||
Tor was compiled. Closes ticket 25162.
|
||||
|
||||
o Minor features (configuration):
|
||||
- The "DownloadSchedule" options have been renamed to end with
|
||||
"DownloadInitialDelay". The old names are still allowed, but will
|
||||
produce a warning. Comma-separated lists are still permitted for
|
||||
these options, but all values after the first are ignored (as they
|
||||
have been since 0.2.9). Closes ticket 23354.
|
||||
|
||||
o Minor features (continuous integration):
|
||||
- Log the compiler path and version during Appveyor builds.
|
||||
Implements ticket 27449.
|
||||
- Show config.log and test-suite.log after failed Appveyor builds.
|
||||
Also upload the zipped full logs as a build artifact. Implements
|
||||
ticket 27430.
|
||||
- Backport Travis rust distcheck to 0.3.3. Closes ticket 24629.
|
||||
- Enable macOS builds in our Travis CI configuration. Closes
|
||||
ticket 24629.
|
||||
- Install libcap-dev and libseccomp2-dev so these optional
|
||||
dependencies get tested on Travis CI. Closes ticket 26560.
|
||||
- Only post Appveyor IRC notifications when the build fails.
|
||||
Implements ticket 27275.
|
||||
- Run asciidoc during Travis CI. Implements ticket 27087.
|
||||
- Use ccache in our Travis CI configuration. Closes ticket 26952.
|
||||
- Add the necessary configuration files for continuous integration
|
||||
testing on Windows, via the Appveyor platform. Closes ticket
|
||||
25549. Patches from Marcin Cieślak and Isis Lovecruft.
|
||||
- Our .travis.yml configuration now includes support for testing the
|
||||
results of "make distcheck". (It's not uncommon for "make check"
|
||||
to pass but "make distcheck" to fail.) Closes ticket 25814.
|
||||
- Our Travis CI configuration now integrates with the Coveralls
|
||||
coverage analysis tool. Closes ticket 25818.
|
||||
|
||||
o Minor features (continuous integration, rust):
|
||||
- Use cargo cache in our Travis CI configuration. Closes
|
||||
ticket 26952.
|
||||
|
||||
o Minor features (control port):
|
||||
- Introduce GETINFO "current-time/{local,utc}" to return the local
|
||||
and UTC times respectively in ISO format. This helps a controller
|
||||
like Tor Browser detect a time-related error. Closes ticket 25511.
|
||||
Patch by Neel Chauhan.
|
||||
- Introduce new fields to the CIRC_BW event. There are two new
|
||||
fields in each of the read and written directions. The DELIVERED
|
||||
fields report the total valid data on the circuit, as measured by
|
||||
the payload sizes of verified and error-checked relay command
|
||||
cells. The OVERHEAD fields report the total unused bytes in each
|
||||
of these cells. Closes ticket 25903.
|
||||
|
||||
o Minor features (controller):
|
||||
- The control port now exposes the list of HTTPTunnelPorts and
|
||||
ExtOrPorts via GETINFO net/listeners/httptunnel and
|
||||
net/listeners/extor respectively. Closes ticket 26647.
|
||||
|
||||
o Minor features (directory authorities):
|
||||
- Authorities no longer vote to make the subprotocol version
|
||||
"LinkAuth=1" a requirement: it is unsupportable with NSS, and
|
||||
hasn't been needed since Tor 0.3.0.1-alpha. Closes ticket 27286.
|
||||
|
||||
o Minor features (directory authority):
|
||||
- Directory authorities now open their key-pinning files as O_SYNC,
|
||||
to limit their chances of accidentally writing partial lines.
|
||||
Closes ticket 23909.
|
||||
|
||||
o Minor features (directory authority, forward compatibility):
|
||||
- Make the lines of the measured bandwidth file able to contain
|
||||
their entries in any order. Previously, the node_id entry needed
|
||||
to come first. Closes ticket 26004.
|
||||
|
||||
o Minor features (entry guards):
|
||||
- Introduce a new torrc option NumPrimaryGuards for controlling the
|
||||
number of primary guards. Closes ticket 25843.
|
||||
|
||||
o Minor features (geoip):
|
||||
- Update geoip and geoip6 to the August 7 2018 Maxmind GeoLite2
|
||||
Country database. Closes ticket 27089.
|
||||
|
||||
o Minor features (performance):
|
||||
- Avoid a needless call to malloc() when processing an incoming
|
||||
relay cell. Closes ticket 24914.
|
||||
- Make our timing-wheel code run a tiny bit faster on 32-bit
|
||||
platforms, by preferring 32-bit math to 64-bit. Closes
|
||||
ticket 24688.
|
||||
- Avoid a needless malloc()/free() pair every time we handle an ntor
|
||||
handshake. Closes ticket 25150.
|
||||
|
||||
o Minor features (relay, diagnostic):
|
||||
- Add several checks to detect whether Tor relays are uploading
|
||||
their descriptors without specifying why they regenerated them.
|
||||
Diagnostic for ticket 25686.
|
||||
|
||||
o Minor features (Rust, portability):
|
||||
- Rust cross-compilation is now supported. Closes ticket 25895.
|
||||
|
||||
o Minor features (testing):
|
||||
- Add a unit test for voting_schedule_get_start_of_next_interval().
|
||||
Closes ticket 26014, and helps make unit test coverage
|
||||
more deterministic.
|
||||
- A new unittests module specifically for testing the functions in
|
||||
the (new-ish) bridges.c module has been created with new
|
||||
unittests, raising the code coverage percentages. Closes 25425.
|
||||
- We now have improved testing for addressmap_get_virtual_address()
|
||||
function. This should improve our test coverage, and make our test
|
||||
coverage more deterministic. Closes ticket 25993.
|
||||
|
||||
o Minor features (timekeeping, circuit scheduling):
|
||||
- When keeping track of how busy each circuit have been recently on
|
||||
a given connection, use coarse-grained monotonic timers rather
|
||||
than gettimeofday(). This change should marginally increase
|
||||
accuracy and performance. Implements part of ticket 25927.
|
||||
|
||||
o Minor features (unit tests):
|
||||
- Test complete bandwidth measurements files, and test that
|
||||
incomplete bandwidth lines only give warnings when the end of the
|
||||
header has not been detected. Fixes bug 25947; bugfix
|
||||
on 0.2.2.1-alpha
|
||||
|
||||
o Minor bugfixes (bandwidth management):
|
||||
- Consider ourselves "low on write bandwidth" if we have exhausted
|
||||
our write bandwidth some time in the last second. This was the
|
||||
documented behavior before, but the actual behavior was to change
|
||||
this value every TokenBucketRefillInterval. Fixes bug 25828;
|
||||
bugfix on 0.2.3.5-alpha.
|
||||
|
||||
o Minor bugfixes (C correctness):
|
||||
- Add a missing lock acquisition in the shutdown code of the control
|
||||
subsystem. Fixes bug 25675; bugfix on 0.2.7.3-rc. Found by
|
||||
Coverity; this is CID 1433643.
|
||||
|
||||
o Minor bugfixes (circuit path selection):
|
||||
- Don't count path selection failures as circuit build failures.
|
||||
This change should eliminate cases where Tor blames its guard or
|
||||
the network for situations like insufficient microdescriptors
|
||||
and/or overly restrictive torrc settings. Fixes bug 25705; bugfix
|
||||
on 0.3.3.1-alpha.
|
||||
|
||||
o Minor bugfixes (client):
|
||||
- Don't consider Tor running as a client if the ControlPort is open,
|
||||
but no actual client ports are open. Fixes bug 26062; bugfix
|
||||
on 0.2.9.4-alpha.
|
||||
|
||||
o Minor bugfixes (code style):
|
||||
- Fixed multiple includes of transports.h in src/or/connection.c
|
||||
Fixes bug 25261; bugfix on 0.2.5.1-alpha.
|
||||
- Remove the unused variable n_possible from the function
|
||||
channel_get_for_extend(). Fixes bug 25645; bugfix on 0.2.4.4-alpha
|
||||
|
||||
o Minor bugfixes (compatibility, openssl):
|
||||
- Work around a change in OpenSSL 1.1.1 where return values that
|
||||
would previously indicate "no password" now indicate an empty
|
||||
password. Without this workaround, Tor instances running with
|
||||
OpenSSL 1.1.1 would accept descriptors that other Tor instances
|
||||
would reject. Fixes bug 26116; bugfix on 0.2.5.16.
|
||||
|
||||
o Minor bugfixes (compilation):
|
||||
- Silence a spurious compiler warning on the GetAdaptersAddresses
|
||||
function pointer cast. This issue is already fixed by 26481 in
|
||||
0.3.5 and later, by removing the lookup and cast. Fixes bug 27465;
|
||||
bugfix on 0.2.3.11-alpha.
|
||||
- Stop calling SetProcessDEPPolicy() on 64-bit Windows. It is not
|
||||
supported, and always fails. Some compilers warn about the
|
||||
function pointer cast on 64-bit Windows. Fixes bug 27461; bugfix
|
||||
on 0.2.2.23-alpha.
|
||||
- Fix a compilation warning on some versions of GCC when building
|
||||
code that calls routerinfo_get_my_routerinfo() twice, assuming
|
||||
that the second call will succeed if the first one did. Fixes bug
|
||||
26269; bugfix on 0.2.8.2-alpha.
|
||||
- Fix a compilation warning on some versions of GCC when building
|
||||
code that calls routerinfo_get_my_routerinfo() twice, assuming
|
||||
that the second call will succeed if the first one did. Fixes bug
|
||||
26269; bugfix on 0.2.8.2-alpha.
|
||||
- Refrain from compiling unit testing related object files when
|
||||
--disable-unittests is set to configure script. Fixes bug 24891;
|
||||
bugfix on 0.2.5.1-alpha.
|
||||
- The --enable-fatal-warnings flag now affects Rust code as well.
|
||||
Closes ticket 26245.
|
||||
- Silence unused-const-variable warnings in zstd.h with some GCC
|
||||
versions. Fixes bug 26272; bugfix on 0.3.1.1-alpha.
|
||||
- Avoid a compiler warning when casting the return value of
|
||||
smartlist_len() to double with DEBUG_SMARTLIST enabled. Fixes bug
|
||||
26283; bugfix on 0.2.4.10-alpha.
|
||||
|
||||
o Minor bugfixes (compilation, windows):
|
||||
- Don't link or search for pthreads when building for Windows, even
|
||||
if we are using build environment (like mingw) that provides a
|
||||
pthreads library. Fixes bug 27081; bugfix on 0.1.0.1-rc.
|
||||
|
||||
o Minor bugfixes (continuous integration):
|
||||
- Build with zstd on macOS. Fixes bug 27090; bugfix on 0.3.1.5-alpha.
|
||||
- Skip a pair of unreliable key generation tests on Windows, until
|
||||
the underlying issue in bug 26076 is resolved. Fixes bug 26830 and
|
||||
bug 26853; bugfix on 0.2.7.3-rc and 0.3.2.1-alpha respectively.
|
||||
|
||||
o Minor bugfixes (control port):
|
||||
- Respond with more human-readable error messages to GETINFO exit-
|
||||
policy/* requests. Also, let controller know if an error is
|
||||
transient (response code 551) or not (response code 552). Fixes
|
||||
bug 25852; bugfix on 0.2.8.1-alpha.
|
||||
- Handle the HSADDRESS= argument to the HSPOST command properly.
|
||||
(Previously, this argument was misparsed and thus ignored.) Fixes
|
||||
bug 26523; bugfix on 0.3.3.1-alpha. Patch by "akwizgran".
|
||||
- Parse the "HSADDRESS=" parameter in HSPOST commands properly.
|
||||
Previously, it was misparsed and ignored. Fixes bug 26523; bugfix
|
||||
on 0.3.3.1-alpha. Patch by "akwizgran".
|
||||
- Improve accuracy of the BUILDTIMEOUT_SET control port event's
|
||||
TIMEOUT_RATE and CLOSE_RATE fields. (We were previously
|
||||
miscounting the total number of circuits for these field values.)
|
||||
Fixes bug 26121; bugfix on 0.3.3.1-alpha.
|
||||
- Make CIRC_BW event reflect the total of all data sent on a
|
||||
circuit, including padding and dropped cells. Also fix a mis-
|
||||
counting bug when STREAM_BW events were enabled. Fixes bug 25400;
|
||||
bugfix on 0.2.5.2-alpha.
|
||||
|
||||
o Minor bugfixes (correctness, client):
|
||||
- Upon receiving a malformed connected cell, stop processing the cell
|
||||
immediately. Previously we would mark the connection for close, but
|
||||
continue processing the cell as if the connection were open. Fixes bug
|
||||
26072; bugfix on 0.2.4.7-alpha.
|
||||
|
||||
o Minor bugfixes (correctness, flow control):
|
||||
- Upon receiving a stream-level SENDME cell, verify that our window
|
||||
has not grown too large. Fixes bug 26214; bugfix on svn
|
||||
r54 (pre-0.0.1)
|
||||
|
||||
o Minor bugfixes (directory authority):
|
||||
- When voting for recommended versions, make sure that all of the
|
||||
versions are well-formed and parsable. Fixes bug 26485; bugfix
|
||||
on 0.1.1.6-alpha.
|
||||
|
||||
o Minor bugfixes (directory client):
|
||||
- When unverified-consensus is verified, rename it to cached-
|
||||
consenus. Fixes bug 4187; bugfix on 0.2.0.3-alpha.
|
||||
- Fixed launching a certificate fetch always during the scheduled
|
||||
periodic consensus fetch by fetching only in those cases when
|
||||
consensus are waiting for certs. Fixes bug 24740; bugfix
|
||||
on 0.2.9.1-alpha.
|
||||
|
||||
o Minor bugfixes (documentation):
|
||||
- Stop saying in the manual that clients cache ipv4 dns answers from
|
||||
exit relays. We haven't used them since 0.2.6.3-alpha, and in
|
||||
ticket 24050 we stopped even caching them as of 0.3.2.6-alpha, but
|
||||
we forgot to say so in the man page. Fixes bug 26052; bugfix
|
||||
on 0.3.2.6-alpha.
|
||||
|
||||
o Minor bugfixes (error reporting):
|
||||
- Improve tolerance for directory authorities with skewed clocks.
|
||||
Previously, an authority with a clock more than 60 seconds ahead
|
||||
could cause a client with a correct clock to warn that the
|
||||
client's clock was behind. Now the clocks of a majority of
|
||||
directory authorities have to be ahead of the client before this
|
||||
warning will occur. Fixes bug 25756; bugfix on 0.2.2.25-alpha.
|
||||
|
||||
o Minor bugfixes (hardening):
|
||||
- Prevent a possible out-of-bounds smartlist read in
|
||||
protover_compute_vote(). Fixes bug 26196; bugfix on 0.2.9.4-alpha.
|
||||
|
||||
o Minor bugfixes (in-process restart):
|
||||
- Always call tor_free_all() when leaving tor_run_main(). When we
|
||||
did not, restarting tor in-process would cause an assertion
|
||||
failure. Fixes bug 26948; bugfix on 0.3.3.1-alpha.
|
||||
- When shutting down, Tor now clears all the flags in the control.c
|
||||
module. This should prevent a bug where authentication cookies are
|
||||
not generated on restart. Fixes bug 25512; bugfix on 0.3.3.1-alpha.
|
||||
|
||||
o Minor bugfixes (Linux seccomp2 sandbox):
|
||||
- Allow the nanosleep() system call, which glibc uses to implement
|
||||
sleep() and usleep(). Fixes bug 24969; bugfix on 0.2.5.1-alpha.
|
||||
- Fix a bug in out sandboxing rules for the openat() syscall.
|
||||
Previously, no openat() call would be permitted, which would break
|
||||
filesystem operations on recent glibc versions. Fixes bug 25440;
|
||||
bugfix on 0.2.9.15. Diagnosis and patch from Daniel Pinto.
|
||||
|
||||
o Minor bugfixes (logging):
|
||||
- Improve the log message when connection initiators fail to
|
||||
authenticate direct connections to relays. Fixes bug 26927; bugfix
|
||||
on 0.3.0.1-alpha.
|
||||
|
||||
o Minor bugfixes (memory, correctness):
|
||||
- Fix a number of small memory leaks identified by coverity. Fixes
|
||||
bug 26467; bugfix on numerous Tor versions.
|
||||
|
||||
o Minor bugfixes (onion service):
|
||||
- Fix a memory leak when a v3 onion service is configured and gets a
|
||||
SIGHUP signal. Fixes bug 25901; bugfix on 0.3.2.1-alpha.
|
||||
- When parsing the descriptor signature, look for the token plus an
|
||||
extra white-space at the end. This is more correct but also will
|
||||
allow us to support new fields that might start with "signature".
|
||||
Fixes bug 26069; bugfix on 0.3.0.1-alpha.
|
||||
|
||||
o Minor bugfixes (onion services):
|
||||
- Silence a spurious compiler warning in
|
||||
rend_client_send_introduction(). Fixes bug 27463; bugfix
|
||||
on 0.1.1.2-alpha.
|
||||
- Fix bug that causes services to not ever rotate their descriptors
|
||||
if they were getting SIGHUPed often. Fixes bug 26932; bugfix
|
||||
on 0.3.2.1-alpha.
|
||||
- Recompute some consensus information after detecting a clock jump,
|
||||
or after transitioning from a non-live consensus to a live
|
||||
consensus. We do this to avoid having an outdated state, and
|
||||
miscalculating the index for next-generation onion services. Fixes
|
||||
bug 24977; bugfix on 0.3.2.1-alpha.
|
||||
|
||||
o Minor bugfixes (path selection):
|
||||
- Only select relays when they have the descriptors we prefer to use
|
||||
for them. This change fixes a bug where we could select a relay
|
||||
because it had _some_ descriptor, but reject it later with a
|
||||
nonfatal assertion error because it didn't have the exact one we
|
||||
wanted. Fixes bugs 25691 and 25692; bugfix on 0.3.3.4-alpha.
|
||||
|
||||
o Minor bugfixes (portability):
|
||||
- Fix compilation of the unit tests on GNU/Hurd, which does not
|
||||
define PATH_MAX. Fixes bug 26873; bugfix on 0.3.3.1-alpha. Patch
|
||||
from "paulusASol".
|
||||
- Work around two different bugs in the OS X 10.10 and later SDKs
|
||||
that would prevent us from successfully targeting earlier versions
|
||||
of OS X. Fixes bug 26876; bugfix on 0.3.3.1-alpha.
|
||||
- Do not align mmap length, as it is not required by POSIX, and the
|
||||
getpagesize function is deprecated. Fixes bug 25399; bugfix
|
||||
on 0.1.1.23.
|
||||
|
||||
o Minor bugfixes (portability, FreeBSD):
|
||||
- In have_enough_mem_for_dircache(), the variable DIRCACHE_MIN_MEM_MB
|
||||
does not stringify on FreeBSD, so we switch to tor_asprintf().
|
||||
Fixes bug 20887; bugfix on 0.2.8.1-alpha. Patch by Neel Chauhan.
|
||||
|
||||
o Minor bugfixes (relay statistics):
|
||||
- When a relay is collecting internal statistics about how many
|
||||
create cell requests it has seen of each type, accurately count
|
||||
the requests from relays that temporarily fall out of the
|
||||
consensus. (To be extra conservative, we were already ignoring
|
||||
requests from clients in our counts, and we continue ignoring them
|
||||
here.) Fixes bug 24910; bugfix on 0.2.4.17-rc.
|
||||
|
||||
o Minor bugfixes (relay):
|
||||
- Relays now correctly block attempts to re-extend to the previous
|
||||
relay by Ed25519 identity. Previously they would warn in this
|
||||
case, but not actually reject the attempt. Fixes bug 26158; bugfix
|
||||
on 0.3.0.1-alpha.
|
||||
- Avoid a crash when running with DirPort set but ORPort turned off.
|
||||
Fixes a case of bug 23693; bugfix on 0.3.1.1-alpha.
|
||||
|
||||
o Minor bugfixes (rust):
|
||||
- Backport test_rust.sh from master. Fixes bug 26497; bugfix
|
||||
on 0.3.1.5-alpha.
|
||||
- Protover parsing was accepting the presence of whitespace in
|
||||
version strings, which the C implementation would choke on, e.g.
|
||||
"Desc=1\t,2". Fixes bug 27177; bugfix on 0.3.3.5-rc.
|
||||
- Protover parsing was ignoring a 2nd hyphen and everything after
|
||||
it, accepting entries like "Link=1-5-foo". Fixes bug 27164; bugfix
|
||||
on 0.3.3.1-alpha.
|
||||
- Stop setting $CARGO_HOME. cargo will use the user's $CARGO_HOME, or
|
||||
$HOME/.cargo by default. Fixes bug 26497; bugfix on 0.3.1.5-alpha.
|
||||
- cd to ${abs_top_builddir}/src/rust before running cargo in
|
||||
src/test/test_rust.sh. This makes the working directory consistent
|
||||
between builds and tests. Fixes bug 26497; bugfix on 0.3.3.2-alpha.
|
||||
|
||||
o Minor bugfixes (single onion services, Tor2web):
|
||||
- Log a protocol warning when single onion services or Tor2web
|
||||
clients fail to authenticate direct connections to relays. Fixes
|
||||
bug 26924; bugfix on 0.2.9.1-alpha.
|
||||
|
||||
o Minor bugfixes (test coverage tools):
|
||||
- Update our "cov-diff" script to handle output from the latest
|
||||
version of gcov, and to remove extraneous timestamp information
|
||||
from its output. Fixes bugs 26101 and 26102; bugfix
|
||||
on 0.2.5.1-alpha.
|
||||
|
||||
o Minor bugfixes (testing):
|
||||
- Disable core dumps in test_bt.sh, to avoid failures in "make
|
||||
distcheck". Fixes bug 26787; bugfix on 0.2.5.2-alpha.
|
||||
- When testing workqueue event-cancellation, make sure that we
|
||||
actually cancel an event, and that cancel each event with equal
|
||||
probability. (It was previously possible, though extremely
|
||||
unlikely, for our event-canceling test not to cancel any events.)
|
||||
Fixes bug 26008; bugfix on 0.2.6.3-alpha.
|
||||
- Repeat part of the test in test_client_pick_intro() a number of
|
||||
times, to give it consistent coverage. Fixes bug 25996; bugfix
|
||||
on 0.3.2.1-alpha.
|
||||
- Remove randomness from the hs_common/responsible_hsdirs test, so
|
||||
that it always takes the same path through the function it tests.
|
||||
Fixes bug 25997; bugfix on 0.3.2.1-alpha.
|
||||
- Change the behavior of the "channel/outbound" test so that it
|
||||
never causes a 10-second rollover for the EWMA circuitmux code.
|
||||
Previously, this behavior would happen randomly, and result in
|
||||
fluctuating test coverage. Fixes bug 25994; bugfix
|
||||
on 0.3.3.1-alpha.
|
||||
- Use X509_new() to allocate certificates that will be freed later
|
||||
with X509_free(). Previously, some parts of the unit tests had
|
||||
used tor_malloc_zero(), which is incorrect, and which caused test
|
||||
failures on Windows when they were built with extra hardening.
|
||||
Fixes bugs 25943 and 25944; bugfix on 0.2.8.1-alpha. Patch by
|
||||
Marcin Cieślak.
|
||||
- While running the circuit_timeout test, fix the PRNG to a
|
||||
deterministic AES stream, so that the test coverage from this test
|
||||
will itself be deterministic. Fixes bug 25995; bugfix
|
||||
on 0.2.2.2-alpha.
|
||||
|
||||
o Minor bugfixes (testing, bootstrap):
|
||||
- When calculating bootstrap progress, check exit policies and the
|
||||
exit flag. Previously, Tor would only check the exit flag, which
|
||||
caused race conditions in small and fast networks like chutney.
|
||||
Fixes bug 27236; bugfix on 0.2.6.3-alpha.
|
||||
|
||||
o Minor bugfixes (testing, chutney):
|
||||
- When running make test-network-all, use the mixed+hs-v2 network.
|
||||
(A previous fix to chutney removed v3 onion services from the
|
||||
mixed+hs-v23 network, so seeing "mixed+hs-v23" in tests is
|
||||
confusing.) Fixes bug 27345; bugfix on 0.3.2.1-alpha.
|
||||
- Before running make test-network-all, delete old logs and test
|
||||
result files, to avoid spurious failures. Fixes bug 27295; bugfix
|
||||
on 0.2.7.3-rc.
|
||||
|
||||
o Minor bugfixes (testing, compatibility):
|
||||
- When running the ntor_ref.py and hs_ntor_ref.py tests, make sure
|
||||
only to pass strings (rather than "bytes" objects) to the Python
|
||||
subprocess module. Python 3 on Windows seems to require this.
|
||||
Fixes bug 26535; bugfix on 0.2.5.5-alpha (for ntor_ref.py) and
|
||||
0.3.1.1-alpha (for hs_ntor_ref.py).
|
||||
- When running the hs_ntor_ref.py test, make sure only to pass
|
||||
strings (rather than "bytes" objects) to the Python subprocess
|
||||
module. Python 3 on Windows seems to require this. Fixes bug
|
||||
26535; bugfix on 0.3.1.1-alpha.
|
||||
- When running the ntor_ref.py test, make sure only to pass strings
|
||||
(rather than "bytes" objects) to the Python subprocess module.
|
||||
Python 3 on Windows seems to require this. Fixes bug 26535; bugfix
|
||||
on 0.2.5.5-alpha.
|
||||
|
||||
o Minor bugfixes (testing, openssl compatibility):
|
||||
- Our "tortls/cert_matches_key" unit test no longer relies on
|
||||
OpenSSL internals. Previously, it relied on unsupported OpenSSL
|
||||
behavior in a way that caused it to crash with OpenSSL 1.0.2p.
|
||||
Fixes bug 27226; bugfix on 0.2.5.1-alpha.
|
||||
|
||||
o Minor bugfixes (v3 onion services):
|
||||
- Stop sending ed25519 link specifiers in v3 onion service introduce
|
||||
cells and descriptors, when the rendezvous or introduction point
|
||||
doesn't support ed25519 link authentication. Fixes bug 26627;
|
||||
bugfix on 0.3.2.4-alpha.
|
||||
|
||||
o Minor bugfixes (vanguards):
|
||||
- Allow the last hop in a vanguard circuit to be the same as our
|
||||
first, to prevent the adversary from influencing guard node choice
|
||||
by choice of last hop. Also prevent the creation of A - B - A
|
||||
paths, or A - A paths, which are forbidden by relays. Fixes bug
|
||||
25870; bugfix on 0.3.3.1-alpha.
|
||||
|
||||
o Minor bugfixes (Windows, compilation):
|
||||
- Silence a compilation warning on MSVC 2017 and clang-cl. Fixes bug
|
||||
27185; bugfix on 0.2.2.2-alpha.
|
||||
|
||||
o Code simplification and refactoring:
|
||||
- Remove duplicate code in parse_{c,s}method_line and bootstrap
|
||||
their functionalities into a single function. Fixes bug 6236;
|
||||
bugfix on 0.2.3.6-alpha.
|
||||
- We remove the PortForwsrding and PortForwardingHelper options,
|
||||
related functions, and the port_forwarding tests. These options
|
||||
were used by the now-deprecated Vidalia to help ordinary users
|
||||
become Tor relays or bridges. Closes ticket 25409. Patch by
|
||||
Neel Chauhan.
|
||||
- In order to make the OR and dir checking function in router.c less
|
||||
confusing we renamed some functions and
|
||||
consider_testing_reachability() has been split into
|
||||
router_should_check_reachability() and
|
||||
router_do_reachability_checks(). Also we improved the documentation
|
||||
in some functions. Closes ticket 18918.
|
||||
- Initial work to isolate Libevent usage to a handful of modules in
|
||||
our codebase, to simplify our call structure, and so that we can
|
||||
more easily change event loops in the future if needed. Closes
|
||||
ticket 23750.
|
||||
- Introduce a function to call getsockname() and return tor_addr_t,
|
||||
to save a little complexity throughout the codebase. Closes
|
||||
ticket 18105.
|
||||
- Make hsdir_index in node_t a hsdir_index_t rather than a pointer
|
||||
as hsdir_index is always present. Also, we move hsdir_index_t into
|
||||
or.h. Closes ticket 23094. Patch by Neel Chauhan.
|
||||
- Merge functions used for describing nodes and suppress the
|
||||
functions that do not allocate memory for the output buffer
|
||||
string. NODE_DESC_BUF_LEN constant and format_node_description()
|
||||
function cannot be used externally from router.c module anymore.
|
||||
Closes ticket 25432. Patch by valentecaio.
|
||||
- Our main loop has been simplified so that all important operations
|
||||
happen inside events. Previously, some operations had to happen
|
||||
outside the event loop, to prevent infinite sequences of event
|
||||
activations. Closes ticket 25374.
|
||||
- Put a SHA1 public key digest in hs_service_intro_point_t, and use
|
||||
it in register_intro_circ() and service_intro_point_new(). This
|
||||
prevents the digest from being re-calculated each time. Closes
|
||||
ticket 23107. Patch by Neel Chauhan.
|
||||
- Refactor token-bucket implementations to use a common backend.
|
||||
Closes ticket 25766.
|
||||
- Remove extern declaration of stats_n_seconds_working variable from
|
||||
main, protecting its accesses with get_uptime() and reset_uptime()
|
||||
functions. Closes ticket 25081, patch by “valentecaio”.
|
||||
- Remove our previous logic for "cached gettimeofday()" -- our
|
||||
coarse monotonic timers are fast enough for this purpose, and far
|
||||
less error-prone. Implements part of ticket 25927.
|
||||
- Remove the return value for fascist_firewall_choose_address_base(),
|
||||
and sister functions such as fascist_firewall_choose_address_node()
|
||||
and fascist_firewall_choose_address_rs(). Also, while we're here,
|
||||
initialize the ap argument as leaving it uninitialized can pose a
|
||||
security hazard. Closes ticket 24734. Patch by Neel Chauhan.
|
||||
- Rename two fields of connection_t struct. timestamp_lastwritten is
|
||||
renamed to timestamp_last_write_allowed and timestamp_lastread is
|
||||
renamed to timestamp_last_read_allowed. Closes ticket 24714, patch
|
||||
by "valentecaio".
|
||||
- Since Tor requires C99, remove our old workaround code for libc
|
||||
implementations where free(NULL) doesn't work. Closes ticket 24484.
|
||||
- Use our standard rate-limiting code to deal with excessive
|
||||
libevent failures, rather than the hand-rolled logic we had
|
||||
before. Closes ticket 26016.
|
||||
- We remove the return value of node_get_prim_orport() and
|
||||
node_get_prim_dirport(), and introduce node_get_prim_orport() in
|
||||
node_ipv6_or_preferred() and node_ipv6_dir_preferred() in order to
|
||||
check for a null address. Closes ticket 23873. Patch by
|
||||
Neel Chauhan.
|
||||
- We switch to should_record_bridge_info() in
|
||||
geoip_note_client_seen() and options_need_geoip_info() instead of
|
||||
accessing the configuration values directly. Fixes bug 25290;
|
||||
bugfix on 0.2.1.6-alpha. Patch by Neel Chauhan.
|
||||
|
||||
o Deprecated features:
|
||||
- As we are not recommending 0.2.5 anymore, we require relays that
|
||||
once had an ed25519 key associated with their RSA key to always
|
||||
have that key, instead of allowing them to drop back to a version
|
||||
that didn't support ed25519. This means they need to use a new RSA
|
||||
key if the want to downgrade to an older version of tor without
|
||||
ed25519. Closes ticket 20522.
|
||||
|
||||
o Documentation:
|
||||
- Correct an IPv6 error in the documentation for ExitPolicy. Closes
|
||||
ticket 25857. Patch from "CTassisF".
|
||||
|
||||
o Removed features:
|
||||
- Directory authorities will no longer support voting according to
|
||||
any consensus method before consensus method 25. This keeps
|
||||
authorities compatible with all authorities running 0.2.9.8 and
|
||||
later, and does not break any clients or relays. Implements ticket
|
||||
24378 and proposal 290.
|
||||
- The PortForwarding and PortForwardingHelper features have been
|
||||
removed. The reasoning is, given that implementations of NAT
|
||||
traversal protocols within common consumer grade routers are
|
||||
frequently buggy, and that the target audience for a NAT punching
|
||||
feature is a perhaps less-technically-inclined relay operator,
|
||||
when the helper fails to setup traversal the problems are usually
|
||||
deep, ugly, and very router specific, making them horrendously
|
||||
impossible for technical support to reliable assist with, and thus
|
||||
resulting in frustration all around. Unfortunately, relay
|
||||
operators who would like to run relays behind NATs will need to
|
||||
become more familiar with the port forwarding configurations on
|
||||
their local router. Closes 25409.
|
||||
- The TestingEnableTbEmptyEvent option has been removed. It was used
|
||||
in testing simulations to measure how often connection buckets
|
||||
were emptied, in order to improve our scheduling, but it has not
|
||||
been actively used in years. Closes ticket 25760.
|
||||
- The old "round-robin" circuit multiplexer (circuitmux)
|
||||
implementation has been removed, along with a fairly large set of
|
||||
code that existed to support it. It has not been the default
|
||||
circuitmux since we introduced the "EWMA" circuitmux in 0.2.4.x,
|
||||
but it still required an unreasonable amount of memory and CPU.
|
||||
Closes ticket 25268.
|
||||
|
||||
|
||||
|
||||
Changes in version 0.3.3.9 - 2018-07-13
|
||||
Tor 0.3.3.9 moves to a new bridge authority, meaning people running
|
||||
bridge relays should upgrade.
|
||||
@ -19348,4 +20069,3 @@ Changes in version 0.0.2pre13 - 2003-10-19
|
||||
- If --DebugLogFile is specified, log to it at -l debug
|
||||
- If --LogFile is specified, use it instead of commandline
|
||||
- If --RunAsDaemon is set, tor forks and backgrounds on startup
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user