|
@@ -1,12 +1,28 @@
|
|
|
-Changes in version 0.3.5.1-alpha-2018-09-??
|
|
|
- BLURB HERE. NOTE ABOUT NSS.
|
|
|
+Changes in version 0.3.5.1-alpha-2018-09-18
|
|
|
+ Tor 0.3.5.1-alpha is the first release of the 0.3.5.x series. It adds
|
|
|
+ client authorization for modern (v3) onion services, improves
|
|
|
+ bootstrap reporting, begins reorganizing Tor's codebase, adds optional
|
|
|
+ support for NSS in place of OpenSSL, and much more.
|
|
|
+
|
|
|
+ o Major features (onion services, UI change):
|
|
|
+ - For a newly created onion service, the default version is now 3.
|
|
|
+ Tor still supports existing version 2 services, but the operator
|
|
|
+ now needs to set "HiddenServiceVersion 2" in order to create a new
|
|
|
+ version 2 service. For existing services, Tor now learns the
|
|
|
+ version by reading the key file. Closes ticket 27215.
|
|
|
+
|
|
|
+ o Major features (relay, UI change):
|
|
|
+ - Relays no longer run as exits by default. If the "ExitRelay"
|
|
|
+ option is auto (or unset), and no exit policy is specified with
|
|
|
+ ExitPolicy or ReducedExitPolicy, we now treat ExitRelay as 0.
|
|
|
+ Previously in this case, we allowed exit traffic and logged a
|
|
|
+ warning message. Closes ticket 21530. Patch by Neel Chauhan.
|
|
|
|
|
|
o Major features (bootstrap):
|
|
|
- - Improve user experience by deferring directory progress reporting
|
|
|
- until after a connection to a relay or bridge has succeeded. This
|
|
|
- avoids reporting 80% progress based on cached directory
|
|
|
- information when we can't even connect to a bridge or relay.
|
|
|
- Closes ticket 27169.
|
|
|
+ - Don't report directory progress until after a connection to a
|
|
|
+ relay or bridge has succeeded. Previously, we'd report 80%
|
|
|
+ progress based on cached directory information when we couldn't
|
|
|
+ even connect to the network. Closes ticket 27169.
|
|
|
|
|
|
o Major features (new code layout):
|
|
|
- Nearly all of Tor's source code has been moved around into more
|
|
@@ -22,59 +38,37 @@ Changes in version 0.3.5.1-alpha-2018-09-??
|
|
|
interconnected. We will attempt to improve this in the future.
|
|
|
|
|
|
o Major features (onion services v3):
|
|
|
- - Implement client authorization at the descriptor level. A new
|
|
|
- torrc option was added to control this client side:
|
|
|
- ClientOnionAuthDir <path>. On the service side, if the
|
|
|
- "authorized_clients/" directory exists in the onion service
|
|
|
- directory path, client configuration are read from the files
|
|
|
- within. See the manpage for more details. Closes ticket 27547.
|
|
|
- Patch done by Suphanat Chunhapanya (haxxpop).
|
|
|
+ - Implement onion service client authorization at the descriptor
|
|
|
+ level: only authorized clients can decrypt a service's descriptor
|
|
|
+ to find out how to contact it. A new torrc option was added to
|
|
|
+ control this client side: ClientOnionAuthDir <path>. On the
|
|
|
+ service side, if the "authorized_clients/" directory exists in the
|
|
|
+ onion service directory path, client configuration are read from
|
|
|
+ the files within. See the manpage for more details. Closes ticket
|
|
|
+ 27547. Patch done by Suphanat Chunhapanya (haxxpop).
|
|
|
- Improve revision counter generation in next-gen onion services.
|
|
|
Onion services can now scale by hosting multiple instances on
|
|
|
different hosts without synchronization between them, which was
|
|
|
previously impossible because descriptors would get rejected by
|
|
|
HSDirs. Addresses ticket 25552.
|
|
|
|
|
|
- o Major features (onion services):
|
|
|
- - For a newly created onion service, the default version is now 3.
|
|
|
- Tor still supports version 2 service but the operator now needs to
|
|
|
- specifically set "HiddenServiceVersion 2" in order to create a new
|
|
|
- service. For existing services, tor now learns the version by
|
|
|
- reading the key file so the HiddenServiceVersion is not mandatory
|
|
|
- in that case. Closes ticket 27215.
|
|
|
-
|
|
|
o Major features (portability, cryptography, experimental, TLS):
|
|
|
- Tor now has the option to compile with the NSS library instead of
|
|
|
OpenSSL. This feature is experimental, and we expect that bugs may
|
|
|
remain. It is mainly intended for environments where Tor's
|
|
|
performance is not CPU-bound, and where NSS is already known to be
|
|
|
installed. To try it out, configure Tor with the --enable-nss
|
|
|
- flag. Closes ticket 26631.
|
|
|
- - Tor now has _partial_ support for using the NSS cryptography and
|
|
|
- TLS library in place of OpenSSL. When Tor is configured with
|
|
|
- --enable-nss, it will use NSS for several (but not yet all) of its
|
|
|
- cryptography. (It still relies on OpenSSL for the rest.)
|
|
|
- Eventually, if all goes as planned, "--enable-nss" will produce a
|
|
|
- version of Tor that does not depend on OpenSSL. Implements
|
|
|
- ticket 26816.
|
|
|
-
|
|
|
- WARNING: This feature is experimental. Don't use it for real
|
|
|
- security yet, until the code has had much more review, and more
|
|
|
- bugs have been shaken out.
|
|
|
- - When built with --enable-nss, Tor now uses the NSS library for
|
|
|
- digests, AES, and pseudorandom numbers. Closes ticket 26815.
|
|
|
+ flag. Closes tickets 26631, 26815, and 26816.
|
|
|
|
|
|
- o Major features (relay):
|
|
|
- - Relays no longer run as exits by default. If the "ExitRelay"
|
|
|
- option is auto (or unset), and no exit policy is specified with
|
|
|
- ExitPolicy or ReducedExitPolicy, we now treat ExitRelay as 0.
|
|
|
- Previously in this case, we allowed exit traffic and logged a
|
|
|
- warning message. Closes ticket 21530. Patch by Neel Chauhan.
|
|
|
+ If you are experimenting with this option and using an old cached
|
|
|
+ consensus, Tor may fail to start. To solve this, delete your
|
|
|
+ "cached-microdesc-consensus" file, and restart Tor.
|
|
|
|
|
|
o Major bugfixes (directory authority):
|
|
|
- - Actually check that address we get from DirAuthority configuration
|
|
|
- line is valid IPv4. Explicitly disallow DirAuthority adress to be
|
|
|
- DNS hostname. Fixes bug 26488; bugfix on 0.1.2.10-rc.
|
|
|
+ - Actually check that the address we get from DirAuthority
|
|
|
+ configuration line is valid IPv4. Explicitly disallow DirAuthority
|
|
|
+ adress to be a DNS hostname. Fixes bug 26488; bugfix
|
|
|
+ on 0.1.2.10-rc.
|
|
|
|
|
|
o Major bugfixes (restart-in-process):
|
|
|
- Fix a use-after-free error that could be caused by passing Tor an
|
|
@@ -82,14 +76,15 @@ Changes in version 0.3.5.1-alpha-2018-09-??
|
|
|
Fixes bug 27708; bugfix on 0.3.3.1-alpha.
|
|
|
|
|
|
o Minor features (admin tools):
|
|
|
- - Add new tool that prints expiration date of th signing cert in an
|
|
|
- ed25519_signing_cert file. Resolves issue 19506.
|
|
|
+ - Add a new --key-expiration option to print the expiration date of
|
|
|
+ the signing cert in an ed25519_signing_cert file. Resolves
|
|
|
+ issue 19506.
|
|
|
|
|
|
o Minor features (build):
|
|
|
- If you pass the "--enable-pic" option to configure, Tor will try
|
|
|
to tell the compiler to build position-independent code suitable
|
|
|
- to link into a library. (The default remains -fPIE, for code
|
|
|
- suitable for a relocatable executable.) Closes ticket 23846.
|
|
|
+ to link into a dynamic library. (The default remains -fPIE, for
|
|
|
+ code suitable for a relocatable executable.) Closes ticket 23846.
|
|
|
|
|
|
o Minor features (code correctness, testing):
|
|
|
- Tor's build process now includes a "check-includes" make target to
|
|
@@ -98,10 +93,11 @@ Changes in version 0.3.5.1-alpha-2018-09-??
|
|
|
refactor our codebase. Closes ticket 26447.
|
|
|
|
|
|
o Minor features (code layout):
|
|
|
- - Make a new lowest-level error-handling API for use by code invoked
|
|
|
- from within the logging module. This interface it makes it so the
|
|
|
+ - We have a new "lowest-level" error-handling API for use by code
|
|
|
+ invoked from within the logging module. With this interface, the
|
|
|
logging code is no longer at risk of calling into itself if a
|
|
|
- failure occurs while trying to log something. Closes ticket 26427.
|
|
|
+ failure occurs while it is trying to log something. Closes
|
|
|
+ ticket 26427.
|
|
|
|
|
|
o Minor features (compilation):
|
|
|
- Tor's configure script now supports a --with-malloc= option to
|
|
@@ -111,7 +107,7 @@ Changes in version 0.3.5.1-alpha-2018-09-??
|
|
|
Alex Xu.
|
|
|
|
|
|
o Minor features (config):
|
|
|
- - The "auto" keyword in torrc is now case insensitive. Closes
|
|
|
+ - The "auto" keyword in torrc is now case-insensitive. Closes
|
|
|
ticket 26663.
|
|
|
|
|
|
o Minor features (continuous integration):
|
|
@@ -122,10 +118,10 @@ Changes in version 0.3.5.1-alpha-2018-09-??
|
|
|
- Only run one online rust build in Travis, to reduce network
|
|
|
errors. Skip offline rust builds on Travis for Linux gcc, because
|
|
|
they're redundant. Implements ticket 27252.
|
|
|
- - Skip gcc on OSX in Travis CI, it's rarely used. Skip a duplicate
|
|
|
- hardening-off build in Travis on Tor 0.2.9. Skip gcc on Linux with
|
|
|
- default settings, because all the non-default builds use gcc on
|
|
|
- Linux. Implements ticket 27252.
|
|
|
+ - Skip gcc on OSX in Travis CI, because it's rarely used. Skip a
|
|
|
+ duplicate hardening-off build in Travis on Tor 0.2.9. Skip gcc on
|
|
|
+ Linux with default settings, because all the non-default builds
|
|
|
+ use gcc on Linux. Implements ticket 27252.
|
|
|
|
|
|
o Minor features (controller):
|
|
|
- Emit CIRC_BW events as soon as we detect that we processed an
|
|
@@ -137,7 +133,7 @@ Changes in version 0.3.5.1-alpha-2018-09-??
|
|
|
bias check cells to arrive without counting it as dropped until
|
|
|
either the END arrvies, or the windows are empty. Closes
|
|
|
ticket 25573.
|
|
|
- - Implement 'GETINFO md/all' controller command to enable getting
|
|
|
+ - Implement a 'GETINFO md/all' controller command to enable getting
|
|
|
all known microdesriptors. Closes ticket 8323.
|
|
|
- The GETINFO command now support an "uptime" argument, to return
|
|
|
Tor's uptime in seconds. Closes ticket 25132.
|
|
@@ -148,8 +144,6 @@ Changes in version 0.3.5.1-alpha-2018-09-??
|
|
|
subsystem. Closes ticket 18642. Patch by Neel Chauhan
|
|
|
|
|
|
o Minor features (development):
|
|
|
- - Copy paragraph and URL to Tor's code of conduct document from
|
|
|
- CONTRIBUTING to new CODE_OF_CONDUCT file. Resolves ticket 26638.
|
|
|
- Tor's makefile now supports running the "clippy" Rust style tool
|
|
|
on our Rust code. Closes ticket 22156.
|
|
|
|
|
@@ -168,17 +162,18 @@ Changes in version 0.3.5.1-alpha-2018-09-??
|
|
|
a preconstructed owning controller FD, so that embedding
|
|
|
applications don't need to manage controller ports and
|
|
|
authentication. Closes ticket 24204.
|
|
|
- - The tor_api now has a function that returns the name and version
|
|
|
- of the backend implementing the API. Closes ticket 26947.
|
|
|
+ - The Tor controller API now has a function that returns the name
|
|
|
+ and version of the backend implementing the API. Closes
|
|
|
+ ticket 26947.
|
|
|
|
|
|
o Minor features (geoip):
|
|
|
- Update geoip and geoip6 to the September 6 2018 Maxmind GeoLite2
|
|
|
Country database. Closes ticket 27631.
|
|
|
|
|
|
o Minor features (memory management):
|
|
|
- - Get libevent code to use the same memory allocator that Tor code
|
|
|
- is using by calling event_set_mem_functions() during
|
|
|
- initialization. Resolves ticket 8415.
|
|
|
+ - Get Libevent to use the same memory allocator as Tor, by calling
|
|
|
+ event_set_mem_functions() during initialization. Resolves
|
|
|
+ ticket 8415.
|
|
|
|
|
|
o Minor features (memory usage):
|
|
|
- When not using them, store legacy TAP public onion keys in DER-
|
|
@@ -189,7 +184,7 @@ Changes in version 0.3.5.1-alpha-2018-09-??
|
|
|
- When possible, use RFC5869 HKDF implementation from OpenSSL rather
|
|
|
than own own. Resolves ticket 19979.
|
|
|
|
|
|
- o Minor features (rust, code quality):
|
|
|
+ o Minor features (Rust, code quality):
|
|
|
- Improve rust code quality in the rust protover implementation by
|
|
|
making it more idiomatic. Includes changing an internal API to
|
|
|
take &str instead of &String. Closes ticket 26492.
|
|
@@ -206,6 +201,8 @@ Changes in version 0.3.5.1-alpha-2018-09-??
|
|
|
- Log each included configuration file or directory as we read it,
|
|
|
to provide more visibility about where Tor is reading from. Patch
|
|
|
from Unto Sten; closes ticket 27186.
|
|
|
+ - Low log level of "Scheduler type KIST has been enabled" to INFO.
|
|
|
+ Closes ticket 26703.
|
|
|
|
|
|
o Minor bugfixes (bootstrap):
|
|
|
- Try harder to get descriptors in non-exit test networks, by using
|
|
@@ -224,7 +221,7 @@ Changes in version 0.3.5.1-alpha-2018-09-??
|
|
|
o Minor bugfixes (client, memory usage):
|
|
|
- When not running as a directory cache, there is no need to store
|
|
|
the text of the current consensus networkstatus in RAM.
|
|
|
- Previously, however, clients would store this anyway, at a cost of
|
|
|
+ Previously, however, clients would store it anyway, at a cost of
|
|
|
over 5 MB. Now, they do not. Fixes bug 27247; bugfix
|
|
|
on 0.3.0.1-alpha.
|
|
|
|
|
@@ -240,10 +237,6 @@ Changes in version 0.3.5.1-alpha-2018-09-??
|
|
|
misleadingly suggest that they are sandbox-only. Fixes bug 26525;
|
|
|
bugfix on 0.2.7.1-alpha.
|
|
|
|
|
|
- o Minor bugfixes (compilation):
|
|
|
- - Use Windows-compatible format strings in tor-print-ed-signing-
|
|
|
- cert.c. Fixes bug 26986; bugfix on master.
|
|
|
-
|
|
|
o Minor bugfixes (configuration, Onion Services):
|
|
|
- In rend_service_parse_port_config(), disallow any input to remain
|
|
|
after address-port pair was parsed. This will catch address and
|
|
@@ -251,9 +244,6 @@ Changes in version 0.3.5.1-alpha-2018-09-??
|
|
|
27044; bugfix on 0.2.9.10.
|
|
|
|
|
|
o Minor bugfixes (continuous integration):
|
|
|
- - Improve Appveyor CI IRC logging. Generate correct branches and
|
|
|
- URLs for pull requests and tags. Use unambiguous short commits.
|
|
|
- Fixes bug 26979; bugfix on master.
|
|
|
- Stop reinstalling identical packages in our Windows CI. Fixes bug
|
|
|
27464; bugfix on 0.3.4.1-alpha.
|
|
|
|
|
@@ -284,8 +274,8 @@ Changes in version 0.3.5.1-alpha-2018-09-??
|
|
|
Tor is running as client. Also, log a stack trace for debugging as
|
|
|
this function should only be called when Tor runs as server. Fixes
|
|
|
bug 26892; bugfix on 0.1.1.9-alpha.
|
|
|
- - Refrain from mentioning bug 21018, as it is already fixed. Fixes
|
|
|
- bug 25477; bugfix on 0.2.9.8.
|
|
|
+ - Refrain from mentioning bug 21018 in the logs, as it is already
|
|
|
+ fixed. Fixes bug 25477; bugfix on 0.2.9.8.
|
|
|
|
|
|
o Minor bugfixes (logging, documentation):
|
|
|
- When SafeLogging is enabled, scrub IP address in
|
|
@@ -298,22 +288,21 @@ Changes in version 0.3.5.1-alpha-2018-09-??
|
|
|
padding. Fixes bug 25505; bugfix on 0.3.1.1-alpha.
|
|
|
|
|
|
o Minor bugfixes (onion service v2):
|
|
|
- - Demote a log warning to info in case we do not have a consensus
|
|
|
- when a .onion request comes in. This can happen while bootstrapping
|
|
|
- for instance. The request will follow through after so we really
|
|
|
- don't need to warn the user loudly. Fixes bug 27040; bugfix
|
|
|
+ - Log at level "info", not "warning", in the case that we do not
|
|
|
+ have a consensus when a .onion request comes in. This can happen
|
|
|
+ normally while bootstrapping. Fixes bug 27040; bugfix
|
|
|
on 0.2.8.2-alpha.
|
|
|
|
|
|
o Minor bugfixes (onion service v3):
|
|
|
- - In case the onion service directory can't be created or has wrong
|
|
|
- permissions, do not BUG() on it which lead to a non fatal
|
|
|
- stacktrace. Fixes bug 27335; bugfix on 0.3.2.1.
|
|
|
+ - When the onion service directory can't be created or has the wrong
|
|
|
+ permissions, do not log a stack trace. Fixes bug 27335; bugfix
|
|
|
+ on 0.3.2.1-alpha.
|
|
|
|
|
|
o Minor bugfixes (OS compatibility):
|
|
|
- - On Linux and Windows properly handle configuration change that
|
|
|
- moves a listener to/from wildcard IP address. In case first
|
|
|
- attempt to bind a socket fails, close the old listener and try
|
|
|
- binding a socket again. Fixes bug 17873; bugfix on 0.0.8pre-1.
|
|
|
+ - Properly handle configuration changes that move a listener to/from
|
|
|
+ wildcard IP address. If the first attempt to bind a socket fails,
|
|
|
+ close the old listener and try binding the socket again. Fixes bug
|
|
|
+ 17873; bugfix on 0.0.8pre-1.
|
|
|
|
|
|
o Minor bugfixes (performance)::
|
|
|
- Rework node_is_a_configured_bridge() to no longer call
|
|
@@ -322,26 +311,27 @@ Changes in version 0.3.5.1-alpha-2018-09-??
|
|
|
|
|
|
o Minor bugfixes (relay statistics):
|
|
|
- Update relay descriptor on bandwidth changes only when the uptime
|
|
|
- is smaller than 24h in order to reduce the efficiency of guard
|
|
|
+ is smaller than 24h, in order to reduce the efficiency of guard
|
|
|
discovery attacks. Fixes bug 24104; bugfix on 0.1.1.6-alpha.
|
|
|
|
|
|
o Minor bugfixes (relays):
|
|
|
- - In frac_nodes_with_descriptors(), add for_direct_connect, and
|
|
|
- replace node_has_any_descriptor() with
|
|
|
- node_has_preferred_descriptor(). Also, if we are using bridges and
|
|
|
- there is at least one bridge with a full descriptor, set f_guard
|
|
|
- in compute_frac_paths_available() to 1.0. Fixes bug 25886; bugfix
|
|
|
- on 0.3.5.1-alpha. Patch by Neel Chauhan.
|
|
|
- - Since 0.3.3.5-rc, authorities require DirCache (V2Dir) for the
|
|
|
- Guard flag. Update the message logged on relays when DirCache is
|
|
|
- disabled. Fixes bug 24312; bugfix on 0.3.3.5-rc.
|
|
|
-
|
|
|
- o Minor bugfixes (rust):
|
|
|
- - The protover rewrite in 24031 allowed repeated votes from the same
|
|
|
- voter for the same protocol version to be counted multiple times
|
|
|
- in protover_compute_vote(). Fixes bug 27649; bugfix on 0.3.3.5-rc.
|
|
|
- - protover parsed and accepted unknown protocol names containing
|
|
|
- invalid characters outside the range [A-Za-z0-9-]. Fixes bug
|
|
|
+ - Consider the fact that we'll be making direct connections to our
|
|
|
+ entry and guard nodes when computing the fraction of nodes that
|
|
|
+ have their descriptors. Also, if we are using bridges and there is
|
|
|
+ at least one bridge with a full descriptor, treat the fraction of
|
|
|
+ guards available as 100%. Fixes bug 25886; bugfix on 0.3.5.1-alpha.
|
|
|
+ Patch by Neel Chauhan.
|
|
|
+ - Update the message logged on relays when DirCache is disabled.
|
|
|
+ Since 0.3.3.5-rc, authorities require DirCache (V2Dir) for the
|
|
|
+ Guard flag. Fixes bug 24312; bugfix on 0.3.3.5-rc.
|
|
|
+
|
|
|
+ o Minor bugfixes (rust, protover):
|
|
|
+ - Compute protover votes correctly in the rust version of the
|
|
|
+ protover code. Previously, the protover rewrite in 24031 allowed
|
|
|
+ repeated votes from the same voter for the same protocol version
|
|
|
+ to be counted multiple times in protover_compute_vote(). Fixes bug
|
|
|
+ 27649; bugfix on 0.3.3.5-rc.
|
|
|
+ - Reject protover names that contain invalid characters. Fixes bug
|
|
|
27687; bugfix on 0.3.3.1-alpha.
|
|
|
|
|
|
o Minor bugfixes (testing):
|
|
@@ -367,8 +357,6 @@ Changes in version 0.3.5.1-alpha-2018-09-??
|
|
|
longer needed Closes ticket 26502.
|
|
|
- Include paths to header files within Tor are now qualified by
|
|
|
directory within the top-level src directory.
|
|
|
- - Low log level of "Scheduler type KIST has been enabled" to INFO.
|
|
|
- Ticket 26703
|
|
|
- Many structures have been removed from the centralized "or.h"
|
|
|
header, and moved into their own headers. This will allow us to
|
|
|
reduce the number of places in the code that rely on each
|
|
@@ -399,6 +387,8 @@ Changes in version 0.3.5.1-alpha-2018-09-??
|
|
|
modules. Closes ticket 26526.
|
|
|
|
|
|
o Documentation:
|
|
|
+ - Copy paragraph and URL to Tor's code of conduct document from
|
|
|
+ CONTRIBUTING to new CODE_OF_CONDUCT file. Resolves ticket 26638.
|
|
|
- Remove old instructions from INSTALL document. Closes ticket 26588.
|
|
|
- Warn users that they should not include MyFamily line(s) in their
|
|
|
torrc when running Tor bridge. Closes ticket 26908.
|
|
@@ -410,11 +400,11 @@ Changes in version 0.3.5.1-alpha-2018-09-??
|
|
|
- Tor no longer attempts to run on Windows environments without the
|
|
|
GetAdaptersAddresses() function. This function has existed since
|
|
|
Windows XP, which is itself already older than we support.
|
|
|
- - Remove Tor2web functionalities. The Tor2webMode and
|
|
|
- Tor2webRendezvousPoints options are now obsolete. Note that this
|
|
|
- feature was never shipped in vanilla Tor and it was only possible
|
|
|
- to use this feature by building the support at compile time.
|
|
|
- Closes ticket 26367.
|
|
|
+ - Remove Tor2web functionality. The Tor2webMode and
|
|
|
+ Tor2webRendezvousPoints options are now obsolete. (This feature
|
|
|
+ was never shipped in vanilla Tor and it was only possible to use
|
|
|
+ this feature by building the support at compile time.) Closes
|
|
|
+ ticket 26367.
|
|
|
|
|
|
|
|
|
Changes in version 0.2.9.17 - 2018-09-10
|