|
@@ -1,16 +1,6 @@
|
|
|
Changes in version 0.3.1.1-alpha - 2017-05-??
|
|
|
blurb goes here
|
|
|
|
|
|
- o Major features (security, stability, experimental):
|
|
|
- - Tor now has the optional ability to include modules written in
|
|
|
- Rust. To turn this on, pass the "--enable-rust" flag to the
|
|
|
- configure script. It's not time to get excited yet: currently,
|
|
|
- there is no actual Rust functionality beyond some simple glue
|
|
|
- code, and a notice at startup to tell you that Rust is running.
|
|
|
- Still, we hope that programmers and packagers will try building
|
|
|
- with rust support, so that we can find issues with the build
|
|
|
- system, and solve portability issues. Closes ticket 22106.
|
|
|
-
|
|
|
o Major features (directory protocol):
|
|
|
- Tor relays and authorities are now able to serve clients an
|
|
|
abbreviated version of the networkstatus consensus document,
|
|
@@ -20,21 +10,27 @@ Changes in version 0.3.1.1-alpha - 2017-05-??
|
|
|
server, they will use far less bandwidth (up to 94% less) to keep
|
|
|
an up-to-date consensus. Implements proposal 140; closes ticket
|
|
|
13339. Based on work by by Daniel Martí.
|
|
|
-
|
|
|
- o Major features (directory system):
|
|
|
- Tor's compression module now includes support for the zstd and
|
|
|
lzma2 compression algorithms, if the libzstd and liblzma libraries
|
|
|
are available when Tor is compiled. Once these features are
|
|
|
exposed in the directory module, they will enable Tor to provide
|
|
|
better compression ratios on directory documents. Part of an
|
|
|
implementation for proposal 278; closes ticket 21662.
|
|
|
-
|
|
|
- o Major features (internals):
|
|
|
- Add an ed diff/patch backend, optimized for consensus documents.
|
|
|
This backend will be the basis of our consensus diff
|
|
|
implementation. Most of the work here was done by Daniel Martí.
|
|
|
Closes ticket 21643.
|
|
|
|
|
|
+ o Major features (experimental):
|
|
|
+ - Tor now has the optional ability to include modules written in
|
|
|
+ Rust. To turn this on, pass the "--enable-rust" flag to the
|
|
|
+ configure script. It's not time to get excited yet: currently,
|
|
|
+ there is no actual Rust functionality beyond some simple glue
|
|
|
+ code, and a notice at startup to tell you that Rust is running.
|
|
|
+ Still, we hope that programmers and packagers will try building
|
|
|
+ with rust support, so that we can find issues with the build
|
|
|
+ system, and solve portability issues. Closes ticket 22106.
|
|
|
+
|
|
|
o Major features (traffic analysis resistance):
|
|
|
- Relays and clients will now send a padding cell on idle OR
|
|
|
connections every 1.5 to 9.5 seconds (tunable via consensus
|
|
@@ -52,24 +48,11 @@ Changes in version 0.3.1.1-alpha - 2017-05-??
|
|
|
is set in torrc. These 24 hour totals are also rounded to
|
|
|
multiples of 10000.
|
|
|
|
|
|
- o Major bugfixes (hidden service directory, security):
|
|
|
- - Fix an assertion failure in the hidden service directory code,
|
|
|
- which could be used by an attacker to remotely cause a Tor relay
|
|
|
- process to exit. Relays running earlier versions of Tor 0.3.0.x
|
|
|
- should upgrade. This security issue is tracked as tracked as
|
|
|
- TROVE-2017-002. Fixes bug 22246; bugfix on 0.3.0.1-alpha.
|
|
|
-
|
|
|
o Major bugfixes (linux TPROXY support):
|
|
|
- Fix a typo that had prevented TPROXY-based transparent proxying
|
|
|
from working under Linux. Fixes bug 18100; bugfix on 0.2.6.3-alpha.
|
|
|
Patch from "d4fq0fQAgoJ".
|
|
|
|
|
|
- o Minor features (defaults, security):
|
|
|
- - The default value for UseCreateFast is now 0: clients which
|
|
|
- haven't yet received a consensus document will nonetheless use a
|
|
|
- proper handshake to talk to their directory servers (when they
|
|
|
- can). Closes ticket 21407.
|
|
|
-
|
|
|
o Minor features (security, windows):
|
|
|
- Enable a couple of pieces of Windows hardening: one
|
|
|
(HeapEnableTerminationOnCorruption) that has been on-by-default
|
|
@@ -77,13 +60,29 @@ Changes in version 0.3.1.1-alpha - 2017-05-??
|
|
|
(PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION) which we believe doesn't
|
|
|
affect us, but shouldn't do any harm. Closes ticket 21953.
|
|
|
|
|
|
- o Minor feature (defaults, directory):
|
|
|
+ o Minor features (controller):
|
|
|
+ - Warn the first time that a controller requests data in the long-
|
|
|
+ deprecated 'GETINFO network-status' format. Closes ticket 21703.
|
|
|
+
|
|
|
+ o Minor features (defaults):
|
|
|
+ - The default value for UseCreateFast is now 0: clients which
|
|
|
+ haven't yet received a consensus document will nonetheless use a
|
|
|
+ proper handshake to talk to their directory servers (when they
|
|
|
+ can). Closes ticket 21407.
|
|
|
- Onion key rotation and expiry intervals are now defined as a
|
|
|
network consensus parameter as per proposal 274. The default
|
|
|
lifetime of an onion key is bumped from 7 to 28 days. Old onion
|
|
|
keys will expire after 7 days by default. Closes ticket 21641.
|
|
|
|
|
|
- o Minor feature (hidden services):
|
|
|
+ o Minor features (fallback directory list):
|
|
|
+ - Update the fallback directory mirror whitelist and blacklist based
|
|
|
+ on operator emails. Closes task 21121.
|
|
|
+ - Replace the 177 fallbacks originally introduced in Tor 0.2.9.8 in
|
|
|
+ December 2016 (of which ~126 were still functional), with a list
|
|
|
+ of 151 fallbacks (32 new, 119 existing, 58 removed) generated in
|
|
|
+ May 2017. Resolves ticket 21564.
|
|
|
+
|
|
|
+ o Minor features (hidden services):
|
|
|
- Add more information to the message logged when a hidden service
|
|
|
descriptor has fewer introduction points than specified in
|
|
|
HiddenServiceNumIntroductionPoints. Follow up to tickets 21598 and
|
|
@@ -94,37 +93,21 @@ Changes in version 0.3.1.1-alpha - 2017-05-??
|
|
|
- Log a message when a hidden service reaches its introduction point
|
|
|
circuit limit, and when that limit is reset. Follow up to ticket
|
|
|
21594, closes ticket 21622.
|
|
|
+ - Warn user if multiple entries in EntryNodes and at least one
|
|
|
+ HiddenService are used together. Pinning EntryNodes along with an
|
|
|
+ hidden service can be possibly harmful for instance see ticket
|
|
|
+ 14917 or 21155. Closes ticket 21155.
|
|
|
|
|
|
- o Minor feature (include on config files):
|
|
|
- - Adds config-can-saveconf to GETINFO command to tell if SAVECONF
|
|
|
- will work without the FORCE option, closes ticket 1922.
|
|
|
+ o Minor features (include in torrc config files):
|
|
|
- Allow the use of %include on configuration files to include
|
|
|
settings from other files or directories. Using %include with a
|
|
|
directory will include all (non-dot) files in that directory in
|
|
|
lexically sorted order (non-recursive), closes ticket 1922.
|
|
|
- - Makes SAVECONF command return error when overwriting a torrc that
|
|
|
+ - Make SAVECONF command return error when overwriting a torrc that
|
|
|
has includes. Using SAVECONF with the FORCE option will allow it
|
|
|
to overwrite torrc even if includes are used, closes ticket 1922.
|
|
|
-
|
|
|
- o Minor features (controller):
|
|
|
- - Warn the first time that a controller requests data in the long-
|
|
|
- deprecated 'GETINFO network-status' format. Closes ticket 21703.
|
|
|
-
|
|
|
- o Minor features (fallback directories):
|
|
|
- - Update the fallback directory mirror whitelist and blacklist based
|
|
|
- on operator emails. Closes task 21121.
|
|
|
-
|
|
|
- o Minor features (fallback directory list):
|
|
|
- - Replace the 177 fallbacks originally introduced in Tor 0.2.9.8 in
|
|
|
- December 2016 (of which ~126 were still functional), with a list
|
|
|
- of 151 fallbacks (32 new, 119 existing, 58 removed) generated in
|
|
|
- May 2017. Resolves ticket 21564.
|
|
|
-
|
|
|
- o Minor features (hidden service, logging):
|
|
|
- - Warn user if multiple entries in EntryNodes and at least one
|
|
|
- HiddenService are used together. Pinning EntryNodes along with an
|
|
|
- hidden service can be possibly harmful for instance see ticket
|
|
|
- 14917 or 21155. Closes ticket 21155.
|
|
|
+ - Adds config-can-saveconf to GETINFO command to tell if SAVECONF
|
|
|
+ will work without the FORCE option, closes ticket 1922.
|
|
|
|
|
|
o Minor features (infrastructure, seccomp2 sandbox):
|
|
|
- We now have a document storage backend compatible with the Linux
|
|
@@ -150,8 +133,6 @@ Changes in version 0.3.1.1-alpha - 2017-05-??
|
|
|
- The minimal keccak implementation we include now accesses memory
|
|
|
more efficiently, especially on little-endian systems. Closes
|
|
|
ticket 21737.
|
|
|
-
|
|
|
- o Minor features (performance, controller):
|
|
|
- Add an O(1) implementation of channel_find_by_global_id().
|
|
|
|
|
|
o Minor features (relay, configuration):
|
|
@@ -178,29 +159,16 @@ Changes in version 0.3.1.1-alpha - 2017-05-??
|
|
|
examining Tor network performance issues. There are no trace
|
|
|
events yet, and event-tracing is off by default unless enabled at
|
|
|
compile time. Implements ticket 13802.
|
|
|
-
|
|
|
- o Minor features (unit tests):
|
|
|
- Improve version parsing tests: add tests for typical version
|
|
|
components, add tests for invalid versions, including numeric
|
|
|
range and non-numeric prefixes. Unit tests 21278, 21450, and
|
|
|
21507. Partially implements 21470.
|
|
|
|
|
|
- o Minor bugfix (directory authority):
|
|
|
- - Prevent the shared randomness subsystem from asserting when
|
|
|
- initialized by a bridge authority with an incomplete configuration
|
|
|
- file. Fixes bug 21586; bugfix on 0.2.9.8.
|
|
|
-
|
|
|
o Minor bugfixes (bandwidth accounting):
|
|
|
- Roll over monthly accounting at the configured hour and minute,
|
|
|
rather than always at 00:00. Fixes bug 22245; bugfix on 0.0.9rc1.
|
|
|
Found by Andrey Karpov with PVS-Studio.
|
|
|
|
|
|
- o Minor bugfixes (cell, logging):
|
|
|
- - Downgrade a log statement from bug to protocol warning because
|
|
|
- there is at least one use case where it can be triggered by a
|
|
|
- buggy tor implementation on the Internet for instance. Fixes bug
|
|
|
- 21293; bugfix on 0.1.1.14-alpha.
|
|
|
-
|
|
|
o Minor bugfixes (code correctness):
|
|
|
- Accurately identify client connections using their lack of peer
|
|
|
authentication. This means that we bail out earlier if asked to
|
|
@@ -241,28 +209,23 @@ Changes in version 0.3.1.1-alpha - 2017-05-??
|
|
|
connections that are kept open between relays. Fixes bug 17604;
|
|
|
bugfix on 0.2.5.5-alpha.
|
|
|
|
|
|
- o Minor bugfixes (control, hidden service client):
|
|
|
+ o Minor bugfixes (controller):
|
|
|
+ - GETINFO onions/current and onions/detached no longer 551 on empty
|
|
|
+ lists Fixes bug 21329; bugfix on 0.2.7.1-alpha.
|
|
|
- Trigger HS descriptor events on the control port when the client
|
|
|
is unable to pick a suitable hidden service directory. This can
|
|
|
happen if they are all in the ExcludeNodes list or they all have
|
|
|
been queried inside the allowed 15 minutes. Fixes bug 22042;
|
|
|
bugfix on 0.2.5.2-alpha.
|
|
|
|
|
|
- o Minor bugfixes (controller):
|
|
|
- - GETINFO onions/current and onions/detached no longer 551 on empty
|
|
|
- lists Fixes bug 21329; bugfix on 0.2.7.1-alpha.
|
|
|
-
|
|
|
o Minor bugfixes (directory authority):
|
|
|
- When rejecting a router descriptor because the relay is running an
|
|
|
obsolete version of Tor without ntor support, warn about the
|
|
|
obsolete tor version, not the missing ntor key. Fixes bug 20270;
|
|
|
bugfix on 0.2.9.3-alpha.
|
|
|
-
|
|
|
- o Minor bugfixes (documentation):
|
|
|
- - Default of NumEntryGuards is 1 if the consensus parameter guard-n-
|
|
|
- primary-guards-to-use isn't set. Default of NumDirectoryGuards is
|
|
|
- 3 if the consensus parameter guard-n-primary-dir-guards-to-use
|
|
|
- isn't set. Fixes bug 21715; bugfix on 0.3.0.1-alpha.
|
|
|
+ - Prevent the shared randomness subsystem from asserting when
|
|
|
+ initialized by a bridge authority with an incomplete configuration
|
|
|
+ file. Fixes bug 21586; bugfix on 0.2.9.8.
|
|
|
|
|
|
o Minor bugfixes (exit-side DNS):
|
|
|
- Fix an untriggerable assertion that checked the output of a
|
|
@@ -270,12 +233,10 @@ Changes in version 0.3.1.1-alpha - 2017-05-??
|
|
|
expected. Fixes bug 22244; bugfix on 0.2.0.20-rc. Found by Andrey
|
|
|
Karpov using PVS-Studio.
|
|
|
|
|
|
- o Minor bugfixes (fallback directory mirrors):
|
|
|
+ o Minor bugfixes (fallback directories):
|
|
|
- Make the usage example in updateFallbackDirs.py actually work.
|
|
|
(And explain what it does.) Fixes bug 22270; bugfix
|
|
|
on 0.3.0.3-alpha.
|
|
|
-
|
|
|
- o Minor bugfixes (fallbacks):
|
|
|
- Decrease the guard flag average required to be a fallback. This
|
|
|
allows us to keep relays that have their guard flag removed when
|
|
|
they restart. Fixes bug 20913; bugfix on 0.2.8.1-alpha.
|
|
@@ -285,12 +246,10 @@ Changes in version 0.3.1.1-alpha - 2017-05-??
|
|
|
and relay identity key for at least 30 days before they are
|
|
|
selected. Fixes bug 20913; bugfix on 0.2.8.1-alpha.
|
|
|
|
|
|
- o Minor bugfixes (hidden service):
|
|
|
+ o Minor bugfixes (hidden services):
|
|
|
- Stop printing cryptic warning when a client tries to connect on an
|
|
|
invalid port of the service. Fixes bug 16706; bugfix
|
|
|
on 0.2.6.3-alpha.
|
|
|
-
|
|
|
- o Minor bugfixes (hidden services):
|
|
|
- Simplify hidden service descriptor creation by using an existing
|
|
|
flag to check if an introduction point is established. Fixes bug
|
|
|
21599; bugfix on 0.2.7.2-alpha.
|
|
@@ -299,6 +258,12 @@ Changes in version 0.3.1.1-alpha - 2017-05-??
|
|
|
- Fix a small memory leak at exit from the backtrace handler code.
|
|
|
Fixes bug 21788; bugfix on 0.2.5.2-alpha. Patch from Daniel Pinto.
|
|
|
|
|
|
+ o Minor bugfixes (protocol, logging):
|
|
|
+ - Downgrade a log statement from bug to protocol warning because
|
|
|
+ there is at least one use case where it can be triggered by a
|
|
|
+ buggy tor implementation on the Internet for instance. Fixes bug
|
|
|
+ 21293; bugfix on 0.1.1.14-alpha.
|
|
|
+
|
|
|
o Minor bugfixes (testing):
|
|
|
- Make test-network.sh always call chutney's test-network.sh.
|
|
|
Previously, this only worked on systems which had bash installed,
|
|
@@ -307,8 +272,6 @@ Changes in version 0.3.1.1-alpha - 2017-05-??
|
|
|
- Use unbuffered I/O for utility functions around the
|
|
|
process_handle_t type. This fixes unit test failures reported on
|
|
|
OpenBSD and FreeBSD. Fixes bug 21654; bugfix on 0.2.3.1-alpha.
|
|
|
-
|
|
|
- o Minor bugfixes (unit tests):
|
|
|
- Make display of captured unit test log messages consistent. Fixes
|
|
|
bug 21510; bugfix on 0.2.9.3-alpha.
|
|
|
|
|
@@ -352,6 +315,10 @@ Changes in version 0.3.1.1-alpha - 2017-05-??
|
|
|
Closes ticket 21873.
|
|
|
- Correct the documentation about the default DataDirectory value.
|
|
|
Closes ticket 21151.
|
|
|
+ - Default of NumEntryGuards is 1 if the consensus parameter guard-n-
|
|
|
+ primary-guards-to-use isn't set. Default of NumDirectoryGuards is
|
|
|
+ 3 if the consensus parameter guard-n-primary-dir-guards-to-use
|
|
|
+ isn't set. Fixes bug 21715; bugfix on 0.3.0.1-alpha.
|
|
|
- Document key=value pluggable transport arguments for Bridge lines
|
|
|
in torrc. Fixes bug 20341; bugfix on 0.2.5.1-alpha.
|
|
|
- Note that bandwidth-limiting options don't affect TCP headers or
|