|
@@ -1,35 +1,12 @@
|
|
|
Changes in version 0.3.5.1-alpha-2018-09-??
|
|
|
BLURB HERE. NOTE ABOUT NSS.
|
|
|
|
|
|
- o Major features (experimental, library support):
|
|
|
- - Tor now has _partial_ support for using the NSS cryptography
|
|
|
- library in place of OpenSSL. When Tor is configured with
|
|
|
- --enable-nss, it will use NSS for several (but not yet all) of its
|
|
|
- cryptography. (It still relies on OpenSSL for the rest.)
|
|
|
- Eventually, if all goes as planned, "--enable-nss" will produce a
|
|
|
- version of Tor that does not depend on OpenSSL. Implements ticket
|
|
|
- 26816. WARNING: This feature is experimental. Don't use it for
|
|
|
- real security yet, until the code has had much more review, and
|
|
|
- more bugs have been shaken out.
|
|
|
- - When built with --enable-nss, Tor now uses the NSS library for
|
|
|
- digests, AES, and pseudorandom numbers. Closes ticket 26815.
|
|
|
-
|
|
|
- o Major features (hidden service v3):
|
|
|
- - Implement client authorization at the descriptor level. A new
|
|
|
- torrc option was added to control this client side:
|
|
|
- ClientOnionAuthDir <path>. On the service side, if the
|
|
|
- "authorized_clients/" directory exists in the onion service
|
|
|
- directory path, client configuration are read from the files
|
|
|
- within. See the manpage for more details. Closes ticket 27547.
|
|
|
- Patch done by Suphanat Chunhapanya (haxxpop).
|
|
|
-
|
|
|
- o Major features (hidden service):
|
|
|
- - For a newly created hidden service, the default version is now 3.
|
|
|
- Tor still supports version 2 service but the operator now needs to
|
|
|
- specifically set "HiddenServiceVersion 2" in order to create a new
|
|
|
- service. For existing services, tor now learns the version by
|
|
|
- reading the key file so the HiddenServiceVersion is not mandatory
|
|
|
- in that case. Closes ticket 27215.
|
|
|
+ o Major features (bootstrap):
|
|
|
+ - Improve user experience by deferring directory progress reporting
|
|
|
+ until after a connection to a relay or bridge has succeeded. This
|
|
|
+ avoids reporting 80% progress based on cached directory
|
|
|
+ information when we can't even connect to a bridge or relay.
|
|
|
+ Closes ticket 27169.
|
|
|
|
|
|
o Major features (new code layout):
|
|
|
- Nearly all of Tor's source code has been moved around into more
|
|
@@ -44,13 +21,28 @@ Changes in version 0.3.5.1-alpha-2018-09-??
|
|
|
refactored to be acyclic, the main body of Tor is still too
|
|
|
interconnected. We will attempt to improve this in the future.
|
|
|
|
|
|
- o Major features (onion services):
|
|
|
+ o Major features (onion services v3):
|
|
|
+ - Implement client authorization at the descriptor level. A new
|
|
|
+ torrc option was added to control this client side:
|
|
|
+ ClientOnionAuthDir <path>. On the service side, if the
|
|
|
+ "authorized_clients/" directory exists in the onion service
|
|
|
+ directory path, client configuration are read from the files
|
|
|
+ within. See the manpage for more details. Closes ticket 27547.
|
|
|
+ Patch done by Suphanat Chunhapanya (haxxpop).
|
|
|
- Improve revision counter generation in next-gen onion services.
|
|
|
Onion services can now scale by hosting multiple instances on
|
|
|
different hosts without synchronization between them, which was
|
|
|
previously impossible because descriptors would get rejected by
|
|
|
HSDirs. Addresses ticket 25552.
|
|
|
|
|
|
+ o Major features (onion services):
|
|
|
+ - For a newly created onion service, the default version is now 3.
|
|
|
+ Tor still supports version 2 service but the operator now needs to
|
|
|
+ specifically set "HiddenServiceVersion 2" in order to create a new
|
|
|
+ service. For existing services, tor now learns the version by
|
|
|
+ reading the key file so the HiddenServiceVersion is not mandatory
|
|
|
+ in that case. Closes ticket 27215.
|
|
|
+
|
|
|
o Major features (portability, cryptography, experimental, TLS):
|
|
|
- Tor now has the option to compile with the NSS library instead of
|
|
|
OpenSSL. This feature is experimental, and we expect that bugs may
|
|
@@ -58,6 +50,19 @@ Changes in version 0.3.5.1-alpha-2018-09-??
|
|
|
performance is not CPU-bound, and where NSS is already known to be
|
|
|
installed. To try it out, configure Tor with the --enable-nss
|
|
|
flag. Closes ticket 26631.
|
|
|
+ - Tor now has _partial_ support for using the NSS cryptography and
|
|
|
+ TLS library in place of OpenSSL. When Tor is configured with
|
|
|
+ --enable-nss, it will use NSS for several (but not yet all) of its
|
|
|
+ cryptography. (It still relies on OpenSSL for the rest.)
|
|
|
+ Eventually, if all goes as planned, "--enable-nss" will produce a
|
|
|
+ version of Tor that does not depend on OpenSSL. Implements
|
|
|
+ ticket 26816.
|
|
|
+
|
|
|
+ WARNING: This feature is experimental. Don't use it for real
|
|
|
+ security yet, until the code has had much more review, and more
|
|
|
+ bugs have been shaken out.
|
|
|
+ - When built with --enable-nss, Tor now uses the NSS library for
|
|
|
+ digests, AES, and pseudorandom numbers. Closes ticket 26815.
|
|
|
|
|
|
o Major features (relay):
|
|
|
- Relays no longer run as exits by default. If the "ExitRelay"
|
|
@@ -77,15 +82,8 @@ Changes in version 0.3.5.1-alpha-2018-09-??
|
|
|
Fixes bug 27708; bugfix on 0.3.3.1-alpha.
|
|
|
|
|
|
o Minor features (admin tools):
|
|
|
- - Add new tool that prints expiration date of signing cert in
|
|
|
- ed25519_signing_cert. Resolves issue 19506.
|
|
|
-
|
|
|
- o Minor features (bootstrap):
|
|
|
- - Improve user experience by deferring directory progress reporting
|
|
|
- until after a connection to a relay or bridge has succeeded. This
|
|
|
- avoids reporting 80% progress based on cached directory
|
|
|
- information when we can't even connect to a bridge or relay.
|
|
|
- Closes ticket 27169.
|
|
|
+ - Add new tool that prints expiration date of th signing cert in an
|
|
|
+ ed25519_signing_cert file. Resolves issue 19506.
|
|
|
|
|
|
o Minor features (build):
|
|
|
- If you pass the "--enable-pic" option to configure, Tor will try
|
|
@@ -112,6 +110,10 @@ Changes in version 0.3.5.1-alpha-2018-09-??
|
|
|
default). Addresses part of ticket 20424. Based on a patch from
|
|
|
Alex Xu.
|
|
|
|
|
|
+ o Minor features (config):
|
|
|
+ - The "auto" keyword in torrc is now case insensitive. Closes
|
|
|
+ ticket 26663.
|
|
|
+
|
|
|
o Minor features (continuous integration):
|
|
|
- Don't do a distcheck with --disable-module-dirauth in Travis.
|
|
|
Implements ticket 27252.
|
|
@@ -157,8 +159,6 @@ Changes in version 0.3.5.1-alpha-2018-09-??
|
|
|
- When a bandwidth file is used to obtain the bandwidth measurements,
|
|
|
include this bandwidth file headers in the votes. Closes
|
|
|
ticket 3723.
|
|
|
-
|
|
|
- o Minor features (directory):
|
|
|
- Improved support for networks with only a single authority or a
|
|
|
single fallback directory. Patch from Gabriel Somlo. Closes
|
|
|
ticket 25928.
|
|
@@ -168,15 +168,13 @@ Changes in version 0.3.5.1-alpha-2018-09-??
|
|
|
a preconstructed owning controller FD, so that embedding
|
|
|
applications don't need to manage controller ports and
|
|
|
authentication. Closes ticket 24204.
|
|
|
+ - The tor_api now has a function that returns the name and version
|
|
|
+ of the backend implementing the API. Closes ticket 26947.
|
|
|
|
|
|
o Minor features (geoip):
|
|
|
- Update geoip and geoip6 to the September 6 2018 Maxmind GeoLite2
|
|
|
Country database. Closes ticket 27631.
|
|
|
|
|
|
- o Minor features (in-process API):
|
|
|
- - The tor_api now has a function that returns the name and version
|
|
|
- of the backend implementing the API. Closes ticket 26947.
|
|
|
-
|
|
|
o Minor features (memory management):
|
|
|
- Get libevent code to use the same memory allocator that Tor code
|
|
|
is using by calling event_set_mem_functions() during
|
|
@@ -187,12 +185,12 @@ Changes in version 0.3.5.1-alpha-2018-09-??
|
|
|
encoded format, rather than as expanded public keys. This should
|
|
|
save several megabytes on typical clients. Closes ticket 27246.
|
|
|
|
|
|
- o Minor features (openssl):
|
|
|
- - When possible, use RFC5869 HKDF implementation from OpenSSL.
|
|
|
- Resolves ticket 19979.
|
|
|
+ o Minor features (OpenSSL):
|
|
|
+ - When possible, use RFC5869 HKDF implementation from OpenSSL rather
|
|
|
+ than own own. Resolves ticket 19979.
|
|
|
|
|
|
o Minor features (rust, code quality):
|
|
|
- - Improve rust code quality in the Rust protover implementation by
|
|
|
+ - Improve rust code quality in the rust protover implementation by
|
|
|
making it more idiomatic. Includes changing an internal API to
|
|
|
take &str instead of &String. Closes ticket 26492.
|
|
|
|
|
@@ -209,21 +207,6 @@ Changes in version 0.3.5.1-alpha-2018-09-??
|
|
|
to provide more visibility about where Tor is reading from. Patch
|
|
|
from Unto Sten; closes ticket 27186.
|
|
|
|
|
|
- o Minor features(config):
|
|
|
- - The "auto" keyword in torrc is now case insensitive. Closes
|
|
|
- ticket 26663.
|
|
|
-
|
|
|
- o Minor bugfixes (security):
|
|
|
- - Refrain from potentially insecure usage of strncat() in
|
|
|
- configure_backtrace_handler(). Use snprintf() instead. Fixes bug
|
|
|
- 26522; bugfix on a969ce464dc23db39725a891d60537f3d3e51b50 (not in
|
|
|
- any tor release).
|
|
|
-
|
|
|
- o Minor bugfixes (appveyor ci):
|
|
|
- - Improve Appveyor CI IRC logging. Generate correct branches and
|
|
|
- URLs for pull requests and tags. Use unambiguous short commits.
|
|
|
- Fixes bug 26979; bugfix on master.
|
|
|
-
|
|
|
o Minor bugfixes (bootstrap):
|
|
|
- Try harder to get descriptors in non-exit test networks, by using
|
|
|
the mid weight for the third hop when there are no exits. Fixes
|
|
@@ -268,6 +251,9 @@ Changes in version 0.3.5.1-alpha-2018-09-??
|
|
|
27044; bugfix on 0.2.9.10.
|
|
|
|
|
|
o Minor bugfixes (continuous integration):
|
|
|
+ - Improve Appveyor CI IRC logging. Generate correct branches and
|
|
|
+ URLs for pull requests and tags. Use unambiguous short commits.
|
|
|
+ Fixes bug 26979; bugfix on master.
|
|
|
- Stop reinstalling identical packages in our Windows CI. Fixes bug
|
|
|
27464; bugfix on 0.3.4.1-alpha.
|
|
|
|
|
@@ -282,18 +268,6 @@ Changes in version 0.3.5.1-alpha-2018-09-??
|
|
|
- Avoid a double-close when shutting down a stalled directory
|
|
|
connection. Fixes bug 26896; bugfix on 0.3.4.1-alpha.
|
|
|
|
|
|
- o Minor bugfixes (hidden service v2):
|
|
|
- - Demote a log warning to info in case we do not have a consensus
|
|
|
- when a .onion request comes in. This can happen while bootstrapping
|
|
|
- for instance. The request will follow through after so we really
|
|
|
- don't need to warn the user loudly. Fixes bug 27040; bugfix
|
|
|
- on 0.2.8.2-alpha.
|
|
|
-
|
|
|
- o Minor bugfixes (hidden service v3):
|
|
|
- - In case the hidden service directory can't be created or has wrong
|
|
|
- permissions, do not BUG() on it which lead to a non fatal
|
|
|
- stacktrace. Fixes bug 27335; bugfix on 0.3.2.1.
|
|
|
-
|
|
|
o Minor bugfixes (HTTP tunnel):
|
|
|
- Fix a bug warning when closing an HTTP tunnel connection due to an
|
|
|
HTTP request we couldn't handle. Fixes bug 26470; bugfix
|
|
@@ -323,6 +297,18 @@ Changes in version 0.3.5.1-alpha-2018-09-??
|
|
|
- Ensure circuitmux queues are empty before scheduling or sending
|
|
|
padding. Fixes bug 25505; bugfix on 0.3.1.1-alpha.
|
|
|
|
|
|
+ o Minor bugfixes (onion service v2):
|
|
|
+ - Demote a log warning to info in case we do not have a consensus
|
|
|
+ when a .onion request comes in. This can happen while bootstrapping
|
|
|
+ for instance. The request will follow through after so we really
|
|
|
+ don't need to warn the user loudly. Fixes bug 27040; bugfix
|
|
|
+ on 0.2.8.2-alpha.
|
|
|
+
|
|
|
+ o Minor bugfixes (onion service v3):
|
|
|
+ - In case the onion service directory can't be created or has wrong
|
|
|
+ permissions, do not BUG() on it which lead to a non fatal
|
|
|
+ stacktrace. Fixes bug 27335; bugfix on 0.3.2.1.
|
|
|
+
|
|
|
o Minor bugfixes (OS compatibility):
|
|
|
- On Linux and Windows properly handle configuration change that
|
|
|
moves a listener to/from wildcard IP address. In case first
|
|
@@ -339,15 +325,13 @@ Changes in version 0.3.5.1-alpha-2018-09-??
|
|
|
is smaller than 24h in order to reduce the efficiency of guard
|
|
|
discovery attacks. Fixes bug 24104; bugfix on 0.1.1.6-alpha.
|
|
|
|
|
|
- o Minor bugfixes (relay):
|
|
|
+ o Minor bugfixes (relays):
|
|
|
- In frac_nodes_with_descriptors(), add for_direct_connect, and
|
|
|
replace node_has_any_descriptor() with
|
|
|
node_has_preferred_descriptor(). Also, if we are using bridges and
|
|
|
there is at least one bridge with a full descriptor, set f_guard
|
|
|
in compute_frac_paths_available() to 1.0. Fixes bug 25886; bugfix
|
|
|
on 0.3.5.1-alpha. Patch by Neel Chauhan.
|
|
|
-
|
|
|
- o Minor bugfixes (relays):
|
|
|
- Since 0.3.3.5-rc, authorities require DirCache (V2Dir) for the
|
|
|
Guard flag. Update the message logged on relays when DirCache is
|
|
|
disabled. Fixes bug 24312; bugfix on 0.3.3.5-rc.
|
|
@@ -371,6 +355,8 @@ Changes in version 0.3.5.1-alpha-2018-09-??
|
|
|
- When logging a version mismatch in our openssl_version tests,
|
|
|
report the actual offending version strings. Fixes bug 26152;
|
|
|
bugfix on 0.2.9.1-alpha.
|
|
|
+ - Fix forking tests on Windows when there is a space somewhere in
|
|
|
+ the path. Fixes bug 26437; bugfix on 0.2.2.4-alpha.
|
|
|
|
|
|
o Minor bugfixes (torrc):
|
|
|
- Tor now validates that the ContactInfo config option is valid UTF-
|
|
@@ -424,12 +410,6 @@ Changes in version 0.3.5.1-alpha-2018-09-??
|
|
|
- Tor no longer attempts to run on Windows environments without the
|
|
|
GetAdaptersAddresses() function. This function has existed since
|
|
|
Windows XP, which is itself already older than we support.
|
|
|
-
|
|
|
- o Testing:
|
|
|
- - Fix forking tests on Windows when there is a space somewhere in
|
|
|
- the path. Fixes bug 26437; bugfix on 0.2.2.4-alpha.
|
|
|
-
|
|
|
- o Removed features (hidden service, tor2web):
|
|
|
- Remove Tor2web functionalities. The Tor2webMode and
|
|
|
Tor2webRendezvousPoints options are now obsolete. Note that this
|
|
|
feature was never shipped in vanilla Tor and it was only possible
|