|
|
@@ -1,3 +1,501 @@
|
|
|
+Changes in version 0.3.4.1-alpha - 2018-05-1?
|
|
|
+ XXX BLURB
|
|
|
+
|
|
|
+
|
|
|
+ o Major feature (directory authority, modularization):
|
|
|
+ - The directory authority subsystem has been modularized. The code is now
|
|
|
+ located in src/or/dirauth/ which is compiled in by default. To disable the
|
|
|
+ module, the configure option --disable-module-dirauth has been added.
|
|
|
+ Closes ticket 25610;
|
|
|
+
|
|
|
+ o Major feature (main loop, CPU usage):
|
|
|
+ - Previously, tor would enable at startup all possible main loop event
|
|
|
+ regardless if it needed them. For instance, directory authorities
|
|
|
+ callbacks were fired up even for client only. We have now refactored this
|
|
|
+ whole interface to only enable the appropriate callbacks depending on what
|
|
|
+ are tor roles (client only, relay, hidden service, etc.). Furthermore,
|
|
|
+ these events now depend on DisableNetwork or the hibernation state in
|
|
|
+ order to enable them. This is a big step towards reducing client CPU usage
|
|
|
+ by reducing the amount of wake ups the daemon does. Closes ticket 25376
|
|
|
+ and 25762.
|
|
|
+
|
|
|
+ o Major features (CPU usage, mobile):
|
|
|
+ - When Tor is disabled (via DisableNetwork or via hibernation), it
|
|
|
+ no longer needs to run any per-second events. This change should
|
|
|
+ make it easier for mobile applications to disable Tor while the
|
|
|
+ device is sleeping, or Tor is not running. Closes ticket 26063.
|
|
|
+
|
|
|
+ o Major features (main loop, CPU wakeup):
|
|
|
+ - The bandwidth-limitation logic has been refactored so that
|
|
|
+ bandwidth calculations are performed on-demand, rather than
|
|
|
+ every TokenBucketRefillInterval milliseconds.
|
|
|
+ This change should improve the granularity of our bandwidth
|
|
|
+ calculations, and limit the number of times that the Tor process needs
|
|
|
+ to wake up when it is idle. Closes ticket 25373.
|
|
|
+
|
|
|
+ o Major bugfixes (directory authorities, security):
|
|
|
+ - When directory authorities read a zero-byte bandwidth file, they log
|
|
|
+ a warning with the contents of an uninitialised buffer. Log a warning
|
|
|
+ about the empty file instead.
|
|
|
+ Fixes bug 26007; bugfix on 0.2.2.1-alpha.
|
|
|
+
|
|
|
+ o Major bugfixes (directory authority):
|
|
|
+ - Avoid a crash when testing router reachability on a router that could
|
|
|
+ have an ed25519 ID, but which does not. Fixes bug 25415; bugfix on
|
|
|
+ 0.3.3.2-alpha.
|
|
|
+
|
|
|
+ o Major bugfixes (onion service):
|
|
|
+ - Correctly detect when onion services get disabled after HUP.
|
|
|
+ Fixes bug 25761; bugfix on 0.3.2.1.
|
|
|
+
|
|
|
+ o Major bugfixes (protover, voting):
|
|
|
+ - Revise Rust implementation of protover to use a more memory-efficient
|
|
|
+ voting algorithm and corresponding data structures, thus avoiding a
|
|
|
+ potential (but small impact) DoS attack where specially crafted protocol
|
|
|
+ strings would expand to several potential megabytes in memory. In the
|
|
|
+ process, several portions of code were revised to be methods on new,
|
|
|
+ custom types, rather than functions taking interchangeable types, thus
|
|
|
+ increasing type safety of the module. Custom error types and handling
|
|
|
+ were added as well, in order to facilitate better error dismissal/handling
|
|
|
+ in outside crates and avoid mistakenly passing an internal error string to
|
|
|
+ C over the FFI boundary. Many tests were added, and some previous
|
|
|
+ differences between the C and Rust implementations have been
|
|
|
+ remedied. Fixes bug 24031; bugfix on 0.3.3.1-alpha.
|
|
|
+
|
|
|
+ o Major bugfixes (relay, denial of service):
|
|
|
+ - Impose a limit on circuit cell queue size. The limit can be controlled by
|
|
|
+ a consensus parameter. Fixes bug 25226; bugfix on 0.2.4.14-alpha.
|
|
|
+
|
|
|
+ o Minor feature (entry guards):
|
|
|
+ - Introduce torrc option NumPrimaryGuards for controlling the number of
|
|
|
+ primary guards. Closes ticket 25843.
|
|
|
+
|
|
|
+ o Minor features (accounting):
|
|
|
+ - When we become dormant, use a scheduled event to wake up at the right
|
|
|
+ time. Previously, we would use the per-second timer to check whether
|
|
|
+ to wake up, but we no longer have any per-second timers enabled when
|
|
|
+ the network is disabled. Closes ticket 26064.
|
|
|
+
|
|
|
+ o Minor features (code quality):
|
|
|
+ - Add optional spell-checking for the Tor codebase, using the "misspell"
|
|
|
+ program. To use this feature, run "make check-typos".
|
|
|
+ Closes ticket 25024.
|
|
|
+
|
|
|
+ o Minor features (compatibility):
|
|
|
+ - Tor now detects versions of OpenSSL 1.1.0 and later compiled with the
|
|
|
+ no-deprecated option, and builds correctly with them. Closes
|
|
|
+ tickets 19429, 19981, and 25353.
|
|
|
+
|
|
|
+ o Minor features (compilation, portability):
|
|
|
+ - Avoid some compilation warnings with recent versions
|
|
|
+ of LibreSSL. Closes ticket 26006.
|
|
|
+
|
|
|
+ o Minor features (compression, zstd):
|
|
|
+ - When running with zstd, Tor now considers using advanced functions that
|
|
|
+ the zstd maintainers have labeled as potentially unstable. To
|
|
|
+ prevent breakage, Tor will only use this functionality when
|
|
|
+ the runtime version of the zstd library matches the version
|
|
|
+ with which it were compiled. Closes ticket 25162.
|
|
|
+
|
|
|
+ o Minor features (configuration):
|
|
|
+ - The "DownloadSchedule" options have been renamed to end with
|
|
|
+ "DownloadInitialDelay". The old names are still allowed, but will
|
|
|
+ produce a warning. Comma-separated lists are still permitted for
|
|
|
+ these options, but all values after the first are ignored (as they have
|
|
|
+ been since 0.2.9). Closes ticket 23354.
|
|
|
+
|
|
|
+ o Minor features (continuous integration):
|
|
|
+ - Our .travis.yml configuration now includes support for testing
|
|
|
+ the results of "make distcheck". (It's not uncommon for "make check" to
|
|
|
+ pass but "make distcheck" to fail.) Closes ticket 25814.
|
|
|
+ - Our Travis CI configuration now integrates with the Coveralls coverage
|
|
|
+ analysis tool. Closes ticket 25818.
|
|
|
+
|
|
|
+ o Minor features (control port):
|
|
|
+ - Introduce GETINFO "current-time/{local,utc}" to return the local
|
|
|
+ and UTC times respectively in ISO format. This helps a controller
|
|
|
+ like Tor Browser detect a time-related error. Closes ticket 25511.
|
|
|
+ Patch by Neel Chauhan.
|
|
|
+ - Introduce new fields to the CIRC_BW event. There are two new fields in
|
|
|
+ each of the read and written directions. The DELIVERED fields report the
|
|
|
+ total valid data on the circuit, as measured by the payload sizes of
|
|
|
+ verified and error-checked relay command cells. The OVERHEAD fields
|
|
|
+ report the total unused bytes in each of these cells. Closes ticket 25903.
|
|
|
+
|
|
|
+ o Minor features (directory authority):
|
|
|
+ - Directory authorities now open their key-pinning files as O_SYNC,
|
|
|
+ to prevent themselves from accidentally writing partial lines.
|
|
|
+ Closes ticket 23909.
|
|
|
+
|
|
|
+ o Minor features (directory authority, forward compatibility):
|
|
|
+ - Make the lines of the measured bandwidth file able to contain their
|
|
|
+ entries in any order. Previously, the node_id entry needed to come
|
|
|
+ first. Closes ticket 26004.
|
|
|
+
|
|
|
+ o Minor features (geoip):
|
|
|
+ - Update geoip and geoip6 to the May 1 2018 Maxmind GeoLite2
|
|
|
+ Country database. Closes ticket 26104.
|
|
|
+
|
|
|
+ o Minor features (mainloop):
|
|
|
+ - Move responsibility for
|
|
|
+ closing connections, circuits, and channels
|
|
|
+ from a once-per-second callback to a callback that is only scheduled as
|
|
|
+ needed. Once enough items are removed from our once-per-second
|
|
|
+ callback, we can eliminate it entirely to conserve CPU when idle.
|
|
|
+ Closes ticket
|
|
|
+ 25932.
|
|
|
+ - Move responsibility for
|
|
|
+ consensus voting
|
|
|
+ from a once-per-second callback to a callback that is only scheduled as
|
|
|
+ needed. Once enough items are removed from our once-per-second
|
|
|
+ callback, we can eliminate it entirely to conserve CPU when idle.
|
|
|
+ Closes ticket
|
|
|
+ 25937.
|
|
|
+ - Move responsibility for
|
|
|
+ flushing log callbacks
|
|
|
+ from a once-per-second callback to a callback that is only scheduled as
|
|
|
+ needed. Once enough items are removed from our once-per-second
|
|
|
+ callback, we can eliminate it entirely to conserve CPU when idle.
|
|
|
+ Closes ticket
|
|
|
+ 25951.
|
|
|
+ - Move responsibility for
|
|
|
+ honoring delayed SIGNEWNYM requests
|
|
|
+ from a once-per-second callback to a callback that is only scheduled as
|
|
|
+ needed. Once enough items are removed from our once-per-second
|
|
|
+ callback, we can eliminate it entirely to conserve CPU when idle.
|
|
|
+ Closes ticket
|
|
|
+ 25949.
|
|
|
+ - Move responsibility for
|
|
|
+ rescanning the consensus cache
|
|
|
+ from a once-per-second callback to a callback that is only scheduled as
|
|
|
+ needed. Once enough items are removed from our once-per-second
|
|
|
+ callback, we can eliminate it entirely to conserve CPU when idle.
|
|
|
+ Closes ticket:
|
|
|
+ 25931.
|
|
|
+ - Move responsibility for
|
|
|
+ saving the state file to disk
|
|
|
+ from a once-per-second callback to a callback that is only scheduled as
|
|
|
+ needed. Once enough items are removed from our once-per-second
|
|
|
+ callback, we can eliminate it entirely to conserve CPU when idle.
|
|
|
+ Closes ticket
|
|
|
+ 25948.
|
|
|
+ - Move responsibility for
|
|
|
+ warning relay operators about unreachable ports
|
|
|
+ from a once-per-second callback to a callback that is only scheduled as
|
|
|
+ needed. Once enough items are removed from our once-per-second
|
|
|
+ callback, we can eliminate it entirely to conserve CPU when idle.
|
|
|
+ Closes ticket
|
|
|
+ 25952.
|
|
|
+ - Move responsibility for
|
|
|
+ keeping track of Tor's uptime
|
|
|
+ from a nce-per-second callback to a callback that is only scheduled as
|
|
|
+ needed. Once enough items are removed from our once-per-second
|
|
|
+ callback, we can eliminate it entirely to conserve CPU when idle.
|
|
|
+ Closes ticket
|
|
|
+ 26009.
|
|
|
+
|
|
|
+ o Minor features (performance):
|
|
|
+ - Avoid a needless call to malloc() when processing an incoming
|
|
|
+ relay cell. Closes ticket 24914.
|
|
|
+
|
|
|
+ o Minor features (performance, 32-bit):
|
|
|
+ - Make our timing-wheel code run a tiny bit faster on 32-bit platforms,
|
|
|
+ by preferring 32-bit math to 64-bit. Closes ticket 24688.
|
|
|
+
|
|
|
+ o Minor features (performance, allocation):
|
|
|
+ - Avoid a needless malloc()/free() pair every time we handle an ntor
|
|
|
+ handshake. Closes ticket 25150.
|
|
|
+
|
|
|
+ o Minor features (Testing):
|
|
|
+ - Add a unit test for voting_schedule_get_start_of_next_interval().
|
|
|
+ Closes ticket 26014, and helps make unit test coverage more
|
|
|
+ deterministic.
|
|
|
+ - A new unittests module specifically for testing the functions in the
|
|
|
+ (new-ish) bridges.c module has been created with new unittests, raising
|
|
|
+ the code coverage percentages. Closes 25425.
|
|
|
+ - We now have improved testing for addressmap_get_virtual_address()
|
|
|
+ function. This should improve our test coverage, and make our test
|
|
|
+ coverage more deterministic. Closes ticket 25993.
|
|
|
+
|
|
|
+ o Minor features (timekeeping, circuit scheduling):
|
|
|
+ - When keeping track of how busy each circuit have been recently on
|
|
|
+ a given connection, use coarse-grained monotonic timers rather than
|
|
|
+ gettimeofday(). This change should marginally increase accuracy
|
|
|
+ and performance. Implements part of ticket 25927.
|
|
|
+
|
|
|
+ o Minor bugfix (controler):
|
|
|
+ - Make CIRC_BW event reflect the total of all data sent on a circuit,
|
|
|
+ including padding and dropped cells. Also fix a mis-counting bug
|
|
|
+ when STREAM_BW events were enabled. Fixes bug 25400; bugfix on
|
|
|
+ 0.2.5.2-alpha.
|
|
|
+
|
|
|
+ o Minor bugfix (Multiple includes):
|
|
|
+ - Fixed multiple includes of trasports.h in src/or/connection.c
|
|
|
+ Fixes bug 25261; bugfix on 0.2.5.1-alpha.
|
|
|
+
|
|
|
+ o Minor bugfixes (Assert crash):
|
|
|
+ - Avoid an assert in the circuit build timeout code if we fail to
|
|
|
+ allow any circuits to actually complete. Fixes bug 25733;
|
|
|
+ bugfix on 0.2.2.2-alpha.
|
|
|
+
|
|
|
+ o Minor bugfixes (bandwidth management):
|
|
|
+ - Consider ourselves "low on write bandwidth" if we have exhausted our
|
|
|
+ write bandwidth some time in the last second. This was the
|
|
|
+ documented behavior before, but the actual behavior was to change
|
|
|
+ this value every TokenBucketRefillInterval. Fixes bug 25828; bugfix on
|
|
|
+ 0.2.3.5-alpha.
|
|
|
+
|
|
|
+ o Minor bugfixes (C correctness):
|
|
|
+ - Add a missing lock acquisition in the shutdown code of the
|
|
|
+ control subsystem. Fixes bug 25675; bugfix on 0.2.7.3-rc. Found
|
|
|
+ by Coverity; this is CID 1433643.
|
|
|
+
|
|
|
+ o Minor bugfixes (channel_get_for_extend()):
|
|
|
+ - Remove the unused variable n_possible from the function
|
|
|
+ Fixes bug 25645; bugfix on 0.2.4.4-alpha
|
|
|
+
|
|
|
+ o Minor bugfixes (circuit path selection):
|
|
|
+ - Don't count path selection failures as circuit build failures. This
|
|
|
+ should eliminate cases where Tor blames its guard or the network
|
|
|
+ for situations like insufficient microdescriptors and/or overly
|
|
|
+ restrictive torrc settings. Fixes bug 25705; bugfix on 0.3.3.1-alpha.
|
|
|
+
|
|
|
+ o Minor bugfixes (client):
|
|
|
+ - Don't consider Tor running as a client if the ControlPort is open. Fixes
|
|
|
+ bug 26062; bugfix on 0.2.9.4-alpha.
|
|
|
+
|
|
|
+ o Minor bugfixes (control interface):
|
|
|
+ - Respond with more human readable error messages to GETINFO
|
|
|
+ exit-policy/* requests. Also, let controller know if error
|
|
|
+ is transient (response code 551) or not (response code 552).
|
|
|
+ Fixes bug 25852; bugfix on 0.2.8.1-alpha.
|
|
|
+
|
|
|
+ o Minor bugfixes (directory client):
|
|
|
+ - When unverified-consensus is verified, rename it to cached-consenus.
|
|
|
+ Fixes bug 4187; bugfix on 0.2.0.3-alpha.
|
|
|
+
|
|
|
+ o Minor bugfixes (directory server cert fetch):
|
|
|
+ - Fixed launching a certificate fetch always during the scheduled
|
|
|
+ periodic consensus fetch by fetching only in those cases when
|
|
|
+ consensus are waiting for certs.
|
|
|
+ Fixes bug 24740; bugfix on 0.2.9.1-alpha.
|
|
|
+
|
|
|
+ o Minor bugfixes (documentation):
|
|
|
+ - Stop saying in the manual that clients cache ipv4 dns answers
|
|
|
+ from exit relays. We haven't used them since 0.2.6.3-alpha, and
|
|
|
+ in ticket 24050 we stopped even caching them as of 0.3.2.6-alpha,
|
|
|
+ but we forgot to say so in the man page. Fixes bug 26052; bugfix
|
|
|
+ on 0.3.2.6-alpha.
|
|
|
+
|
|
|
+ o Minor bugfixes (Duplicate code):
|
|
|
+ - Remove duplicate code in parse_{c,s}method_line and bootstrap
|
|
|
+ their functionalities into a single function. Fixes
|
|
|
+ bug 6236; bugfix on 0.2.3.6-alpha.
|
|
|
+
|
|
|
+ o Minor bugfixes (error reporting):
|
|
|
+ - Improve tolerance for directory authorities with skewed clocks.
|
|
|
+ Previously, an authority with a clock more than 60 seconds ahead
|
|
|
+ could cause a client with a correct clock to warn that the
|
|
|
+ client's clock was behind. Now the clocks of a majority of
|
|
|
+ directory authorities have to be ahead of the client before this
|
|
|
+ warning will occur. Fixes bug 25756; bugfix on 0.2.2.25-alpha.
|
|
|
+
|
|
|
+ o Minor bugfixes (freebsd):
|
|
|
+ - In have_enough_mem_for_dircache(), the variable DIRCACHE_MIN_MEM_MB
|
|
|
+ does not stringify on FreeBSD, so we switch to tor_asprintf(). Fixes
|
|
|
+ bug 20887; bugfix on 0.2.8.1-alpha. Patch by Neel Chauhan.
|
|
|
+
|
|
|
+ o Minor bugfixes (hidden service v3):
|
|
|
+ - Fix a memory leak when an hidden service v3 is configured and gets a
|
|
|
+ SIGHUP signal. Fixes bug 25901; bugfix on 0.3.2.1-alpha.
|
|
|
+ - When parsing the descriptor signature, look for the token plus an extra
|
|
|
+ white-space at the end. This is more correct but also will allow us to
|
|
|
+ support new fields that might start with "signature". Fixes bug 26069;
|
|
|
+ bugfix on 0.3.0.1-alpha.
|
|
|
+
|
|
|
+ o Minor bugfixes (Linux seccomp2 sandbox):
|
|
|
+ - Allow the nanosleep() system call, which glibc uses to implement
|
|
|
+ sleep() and usleep(). Fixes bug 24969; bugfix on 0.2.5.1-alpha.
|
|
|
+
|
|
|
+ o Minor bugfixes (path selection):
|
|
|
+ - Only select relays when they have the descriptors we prefer to
|
|
|
+ use for them. This change fixes a bug where we could select
|
|
|
+ a relay because it had _some_ descriptor, but reject it later with
|
|
|
+ a nonfatal assertion error because it didn't have the exact one we
|
|
|
+ wanted. Fixes bugs 25691 and 25692; bugfix on 0.3.3.4-alpha.
|
|
|
+
|
|
|
+ o Minor bugfixes (portability):
|
|
|
+ - Do not align mmap length, as it is not required by POSIX, and the
|
|
|
+ getpagesize function is deprecated. Fixes bug 25399; bugfix on
|
|
|
+ 0.1.1.23.
|
|
|
+
|
|
|
+ o Minor bugfixes (relay statistics):
|
|
|
+ - When a relay is collecting internal statistics about how many
|
|
|
+ create cell requests it has seen of each type, accurately count the
|
|
|
+ requests from relays that temporarily fall out of the consensus. (To
|
|
|
+ be extra conservative, we were already ignoring requests from
|
|
|
+ clients in our counts, and we continue ignoring them here.) Fixes
|
|
|
+ bug 24910; bugfix on 0.2.4.17-rc.
|
|
|
+
|
|
|
+ o Minor bugfixes (relay, crash):
|
|
|
+ - Avoid a crash when running with DirPort set but ORPort tuned off.
|
|
|
+ Fixes a case of bug 23693; bugfix on 0.3.1.1-alpha.
|
|
|
+
|
|
|
+ o Minor bugfixes (restart-in-process):
|
|
|
+ - When shutting down, Tor now clears all the flags in the control.c
|
|
|
+ module. This should prevent a bug where authentication cookies
|
|
|
+ are not generated on restart. Fixes bug 25512; bugfix on 0.3.3.1-alpha.
|
|
|
+
|
|
|
+ o Minor bugfixes (test):
|
|
|
+ - When testing workqueue event-cancellation, make sure that we actually
|
|
|
+ cancel an event, and that cancel each event with equal probability.
|
|
|
+ (It was previously possible, though extremely unlikely, for our
|
|
|
+ event-canceling test not to cancel any events.) Fixes bug 26008;
|
|
|
+ bugfix on 0.2.6.3-alpha.
|
|
|
+
|
|
|
+ o Minor bugfixes (testing):
|
|
|
+ - Repeat part of the test in test_client_pick_intro() a number of times,
|
|
|
+ to give it consistent coverage. Fixes bug 25996; bugfix on
|
|
|
+ 0.3.2.1-alpha.
|
|
|
+
|
|
|
+ o Minor bugfixes (testing, coverage):
|
|
|
+ - Remove randomness from the hs_common/responsible_hsdirs test,
|
|
|
+ so that it always takes the same path through the function it tests.
|
|
|
+ Fixes bug 25997; bugfix on 0.3.2.1-alpha.
|
|
|
+
|
|
|
+ o Minor bugfixes (tests):
|
|
|
+ - Change the behavior of the "channel/outbound" test so that it never
|
|
|
+ causes a 10-second rollover for the EWMA circuitmux code. Previously,
|
|
|
+ this behavior would happen randomly, and result in fluctuating test
|
|
|
+ coverage. Fixes bug 25994; bugfix on 0.3.3.1-alpha.
|
|
|
+ - Use X509_new() to allocate certificates that will be freed later
|
|
|
+ with X509_free(). Previously, some parts of the unit tests had
|
|
|
+ used tor_malloc_zero(), which is incorrect, and which caused
|
|
|
+ test failures on Windows when they were built with extra hardening.
|
|
|
+ Fixes bugs 25943 and 25944; bugfix on 0.2.8.1-alpha.
|
|
|
+ Patch by Marcin Cieślak.
|
|
|
+ - While running the circuit_timeout test, fix the PRNG to a deterministic
|
|
|
+ AES stream, so that the test coverage from this test will itself be
|
|
|
+ deterministic. Fixes bug 25995; bugfix on 0.2.2.2-alpha.
|
|
|
+
|
|
|
+ o Minor bugfixes (vanguards):
|
|
|
+ - Allow the last hop in a vanguard circuit to be the same as our first,
|
|
|
+ to prevent the adversary from influencing guard node choice by choice
|
|
|
+ of last hop. Also prevent the creation of A - B - A paths, or A - A
|
|
|
+ paths, which are forbidden by relays. Fixes bug 25870; bugfix on
|
|
|
+ 0.3.3.1-alpha.
|
|
|
+
|
|
|
+ o Code simplification and refactoring:
|
|
|
+ We remove the PortForwsrding and PortForwardingHelper options, related
|
|
|
+ functions, and the port_forwarding tests. These options were used by
|
|
|
+ the now-deprecated Vidalia to help ordinary users become Tor relays or
|
|
|
+ bridges. Closes ticket 25409. Patch by Neel Chauhan.
|
|
|
+ - In order to make the OR and dir checking function in router.c less
|
|
|
+ confusing we renamed some functions and consider_testing_reachability()
|
|
|
+ has been splitted into router_should_check_reachability() and
|
|
|
+ router_do_reachability_checks(). Also we improved the documentation in
|
|
|
+ some functions. Closes ticket 18918.
|
|
|
+ - Initial work to isolate Libevent usage to a handful of modules in our
|
|
|
+ codebase, to simplify our call structure, and so that we can more
|
|
|
+ easily change event loops in the future if needed. Closes ticket
|
|
|
+ 23750.
|
|
|
+ - Introduce a function to call getsockname() and return
|
|
|
+ tor_addr_t, to save a little complexity throughout the codebase.
|
|
|
+ Closes ticket 18105.
|
|
|
+ - Make hsdir_index in node_t a hsdir_index_t rather than a pointer
|
|
|
+ as hsdir_index is always present. Also, we move hsdir_index_t into
|
|
|
+ or.h. Closes ticket 23094. Patch by Neel Chauhan.
|
|
|
+ - Merge functions used for describing nodes and suppress the functions
|
|
|
+ that do not allocate memory for the output buffer string.
|
|
|
+ NODE_DESC_BUF_LEN constant and format_node_description() function
|
|
|
+ cannot be used externally from router.c module anymore.
|
|
|
+ Closes ticket 25432. Patch by valentecaio.
|
|
|
+ - Our main loop has been simplified so that all important operations
|
|
|
+ happen inside events. Previously, some operations had to happen
|
|
|
+ outside the event loop, to prevent infinite sequences of event
|
|
|
+ activations. Closes ticket 25374.
|
|
|
+ - Put a SHA1 public key digest in hs_service_intro_point_t, and use it in
|
|
|
+ register_intro_circ() and service_intro_point_new(). This prevents the
|
|
|
+ digest from being re-calculated each time. Closes ticket 23107. Patch by
|
|
|
+ Neel Chauhan.
|
|
|
+ - Refactor token-bucket implementations to use a common backend.
|
|
|
+ Closes ticket 25766.
|
|
|
+ - Remove extern declaration of stats_n_seconds_working variable from main,
|
|
|
+ protecting its accesses with get_uptime() and reset_uptime() functions.
|
|
|
+ Closes ticket 25081, patch by “valentecaio”.
|
|
|
+ - Remove our previous logic for "cached gettimeofday()" -- our coarse
|
|
|
+ monotonic timers are fast enough for this purpose, and far less
|
|
|
+ error-prone. Implements part of ticket 25927.
|
|
|
+ - Remove the return value for fascist_firewall_choose_address_base(),
|
|
|
+ and sister functions such as fascist_firewall_choose_address_node()
|
|
|
+ and fascist_firewall_choose_address_rs(). Also, while we're here,
|
|
|
+ initialize the ap argument as leaving it uninitialized can pose a
|
|
|
+ security hazard. Closes ticket 24734. Patch by Neel Chauhan.
|
|
|
+ - Rename two fields of connection_t struct.
|
|
|
+ timestamp_lastwritten is renamed to timestamp_last_write_allowed and
|
|
|
+ timestamp_lastread is renamed to timestamp_last_read_allowed.
|
|
|
+ Closes ticket 24714, patch by "valentecaio".
|
|
|
+ - Since Tor requires C99, remove our old workaround code for libc
|
|
|
+ implementations where free(NULL) doesn't work. Closes ticket 24484.
|
|
|
+ - Use our standard rate-limiting code to deal with excessive libevent
|
|
|
+ failures, rather than the hand-rolled logic we had before.
|
|
|
+ Closes ticket 26016.
|
|
|
+ - We remove the return value of node_get_prim_orport() and
|
|
|
+ node_get_prim_dirport(), and introduce node_get_prim_orport()
|
|
|
+ in node_ipv6_or_preferred() and node_ipv6_dir_preferred() in
|
|
|
+ order to check for a null address. Closes ticket 23873. Patch
|
|
|
+ by Neel Chauhan.
|
|
|
+ - We switch to should_record_bridge_info() in geoip_note_client_seen() and
|
|
|
+ options_need_geoip_info() instead of accessing the configuration values
|
|
|
+ directly. Fixes bug 25290; bugfix on 0.2.1.6-alpha. Patch by Neel
|
|
|
+ Chauhan.
|
|
|
+
|
|
|
+ o Deprecated features:
|
|
|
+ - As we are not recommending 0.2.5 anymore we require relays that once had
|
|
|
+ an ed25519 key associated with their RSA key to always have that key
|
|
|
+ instead of allowing them to drop back to a version that didn't support
|
|
|
+ ed25519. This means they need to use a new RSA key if the want to
|
|
|
+ downgrade to an older version of tor without ed25519. Closes ticket 20522.
|
|
|
+
|
|
|
+ o Documentation:
|
|
|
+ - Correct an IPv6 error in the documentation for ExitPolicy.
|
|
|
+ Closes ticket 25857. Patch from "CTassisF".
|
|
|
+
|
|
|
+ o New system requirements:
|
|
|
+ - Tor no longer tries to support systems without mmap() or some local
|
|
|
+ equivalent. Apparently, compilation on such systems has been broken for
|
|
|
+ some time, without anybody noticing or complaining. Closes ticket
|
|
|
+ 25398.
|
|
|
+
|
|
|
+ o Removed features:
|
|
|
+ - Directory authorities will no longer support voting according to any
|
|
|
+ consensus method before consensus method 25. This keeps authorities
|
|
|
+ compatible with all authorities running 0.2.9.8 and later, and does
|
|
|
+ not break any clients or relays. Implements ticket 24378 and
|
|
|
+ proposal 290.
|
|
|
+ - The PortForwarding and PortForwardingHelper features have been
|
|
|
+ removed. The reasoning is, given that implementations of NAT traversal
|
|
|
+ protocols within common consumer grade routers are frequently buggy, and
|
|
|
+ that the target audience for a NAT punching feature is a perhaps
|
|
|
+ less-technically-inclined relay operator, when the helper fails to setup
|
|
|
+ traversal the problems are usually deep, ugly, and very router specific,
|
|
|
+ making them horrendously impossible for technical support to reliable
|
|
|
+ assist with, and thus resulting in frustration all around. Unfortunately,
|
|
|
+ relay operators who would like to run relays behind NATs will need to
|
|
|
+ become more familiar with the port forwarding configurations on their
|
|
|
+ local router. Closes 25409.
|
|
|
+ - The TestingEnableTbEmptyEvent option has been removed. It was used
|
|
|
+ in testing simulations to measure how often connection buckets were
|
|
|
+ emptied, in order to improve our scheduling, but it has not
|
|
|
+ been actively used in years. Closes ticket 25760.
|
|
|
+ - The old "round-robin" circuit multiplexer (circuitmux)
|
|
|
+ implementation has been removed, along with a fairly large set of
|
|
|
+ code that existed to support it. It has not been the default
|
|
|
+ circuitmux since we introduced the "EWMA" circuitmux in 0.2.4.x,
|
|
|
+ but it still required an unreasonable amount of memory and CPU.
|
|
|
+ Closes ticket 25268.
|
|
|
+
|
|
|
+
|
|
|
Changes in version 0.3.3.5-rc - 2018-04-15
|
|
|
Tor 0.3.3.5-rc fixes various bugs in earlier versions of Tor,
|
|
|
including some that could affect reliability or correctness.
|
Nick Mathewson