|
|
@@ -1,4 +1,223 @@
|
|
|
-Changes in version 0.3.0.1-alpha - 2016-??-??
|
|
|
+Changes in version 0.3.0.1-alpha - 2016-12-??
|
|
|
+ Tor 0.3.0.1-alpha is the first alpha release in the 0.3.0 development
|
|
|
+ series. It strengthens Tor's link and circuit handshakes by
|
|
|
+ identifying relays by their Ed25519 keys, improves the algorithm that
|
|
|
+ clients use to choose and maintain their list of guards, and includes
|
|
|
+ additional backend support for the next-generation hidden service
|
|
|
+ design. It also contains numerous other small features and
|
|
|
+ improvements to security, correctness, and performance.
|
|
|
+
|
|
|
+ Below are the changes since 0.2.9.8.
|
|
|
+
|
|
|
+ o Major features (next-generation hidden services):
|
|
|
+ - Relays can now handle v3 ESTABLISH_INTRO cells as specified by
|
|
|
+ prop224 aka "Next Generation Hidden Services". Service and clients
|
|
|
+ don't yet use this code functionnality. It marks another step
|
|
|
+ towards prop224 deployment. Resolves ticket 19043. Initial code by
|
|
|
+ Alec Heifetz.
|
|
|
+ - Tor relays now support the HSDir version 3 protocol meaning they
|
|
|
+ can store and serve v3 descriptors. This is part of the next
|
|
|
+ generation onion service work detailled in proposal 224. The tor
|
|
|
+ daemon also contains all the necessary code to encode and decode a
|
|
|
+ v3 descriptor but it's currently only used by the directory
|
|
|
+ subsystem. Closes ticket 17238.
|
|
|
+
|
|
|
+ o Major features (protocol, ed25519 identity keys):
|
|
|
+ - Tor relays now use Ed25519 to prove their Ed25519 identities and
|
|
|
+ to one another, and to clients. This algorithm is faster and more
|
|
|
+ secure than the RSA-based handshake we've been doing until now.
|
|
|
+ Implements the second big part of proposal 220; Closes
|
|
|
+ ticket 15055.
|
|
|
+ - Clients now support including Ed25519 identity keys in the EXTEND2
|
|
|
+ cells they generate. By default, this is controlled by a consensus
|
|
|
+ parameter, currently disabled. You can turn this feature on for
|
|
|
+ testing by setting ExtendByEd25519ID in your configuration. This
|
|
|
+ might make your traffic appear different than the traffic
|
|
|
+ generated by other users, however. Implements part of ticket
|
|
|
+ 15056; part of proposal 220.
|
|
|
+ - Relays now understand requests to extend to other relays by their
|
|
|
+ Ed25519 identity keys. When an Ed25519 identity key is included in
|
|
|
+ an EXTEND2 cell, the relay will only extend the circuit if the
|
|
|
+ other relay can prove ownership of that identity. Implements part
|
|
|
+ of ticket 15056; part of proposal 220.
|
|
|
+
|
|
|
+ o Major bugfixes (scheduler):
|
|
|
+ - Fix an issue where the ewma_cmp_cmux() function would never
|
|
|
+ consider circuit policies to be different. This bug caused the
|
|
|
+ channel scheduler to behave more or less randomly, rather than
|
|
|
+ preferring channels with higher-priority circuits. Fixes bug
|
|
|
+ 20459; bugfix on 0.2.6.2-alpha.
|
|
|
+
|
|
|
+ o Minor features (controller):
|
|
|
+ - When HSFETCH arguments cannot be parsed, say "Invalid argument"
|
|
|
+ rather than "unrecognized." Closes ticket 20389; patch from
|
|
|
+ Ivan Markin.
|
|
|
+
|
|
|
+ o Minor features (diagnostic, directory client):
|
|
|
+ - Warn if we find an unexpected inconsistency in directory download
|
|
|
+ status objects. Prevents some negative consequences of bug 20593.
|
|
|
+
|
|
|
+ o Minor features (directory authority):
|
|
|
+ - Add a new authority-only AuthDirTestEd25519LinkKeys option (on by
|
|
|
+ default) to control whether authorities should try to probe relays
|
|
|
+ by their Ed25519 link keys. This option will go away in a few
|
|
|
+ releases--unless we encounter major trouble in our ed25519 link
|
|
|
+ protocol rollout, in which case it will serve as a safety option.
|
|
|
+
|
|
|
+ o Minor features (directory cache):
|
|
|
+ - Relays and bridges will now refuse to serve the consensus they
|
|
|
+ have if they know it is too old for a client to use. Closes
|
|
|
+ ticket 20511.
|
|
|
+
|
|
|
+ o Minor features (ed25519 link handshake):
|
|
|
+ - Advertise support for the ed25519 link handshake using the
|
|
|
+ subprotocol-versions mechanism, so that clients can tell which
|
|
|
+ relays can identity themselves by Ed25519 ID. Closes ticket 20552.
|
|
|
+
|
|
|
+ o Minor features (fingerprinting resistence, authentication):
|
|
|
+ - Extend the length of RSA keys used for TLS link authentication to
|
|
|
+ 2048 bits. (These weren't used for forward secrecy; for forward
|
|
|
+ secrecy, we used P256.) Closes ticket 13752.
|
|
|
+
|
|
|
+ o Minor features (infrastructure):
|
|
|
+ - Implement smartlist_add_strdup() function. Replaces the use of
|
|
|
+ smartlist_add(sl, tor_strdup(str)). Closes ticket 20048.
|
|
|
+
|
|
|
+ o Minor features (unit tests):
|
|
|
+ - Add tests for networkstatus_compute_bw_weights_v10.
|
|
|
+ - Add unit tests circuit_predict_and_launch_new.
|
|
|
+ - Extract dummy_origin_circuit_new so it can be used by other
|
|
|
+ test functions.
|
|
|
+
|
|
|
+ o Minor bugfix (configuration):
|
|
|
+ - Accept non-space whitespace characters after the severity level in
|
|
|
+ the `Log` option. Fixes bug 19965; bugfix on 0.2.1.1-alpha.
|
|
|
+
|
|
|
+ o Minor bugfix (hidden services):
|
|
|
+ - Change ephemeral service checks in `rendservice.c` to use the new
|
|
|
+ `rend_service_is_ephemeral` helper function. Fixes bug 20853;
|
|
|
+ bugfix on bug 20526; not in any released version of Tor.
|
|
|
+
|
|
|
+ o Minor bugfix (util):
|
|
|
+ - When finishing writing a file to disk, if we were about to replace
|
|
|
+ the file with the temporary file created before and we fail to
|
|
|
+ replace it, remove the temporary file so it doesn't stay on disk.
|
|
|
+ Fixes bug 20646; bugfix on tor-0.2.0.7-alpha. Patch by fk.
|
|
|
+
|
|
|
+ o Minor bugfixes (client):
|
|
|
+ - When clients that use bridges start up with a cached consensus on
|
|
|
+ disk, they were ignoring it and downloading a new one. Now they
|
|
|
+ use the cached one. Fixes bug 20269; bugfix on 0.2.3.12-alpha.
|
|
|
+
|
|
|
+ o Minor bugfixes (configuration):
|
|
|
+ - Support "TByte" and "TBytes" units in options given in bytes.
|
|
|
+ "TB", "terabyte(s)", "TBit(s)" and "terabit(s)" were already
|
|
|
+ supported. Fixes bug 20622; bugfix on 0.2.0.14-alpha.
|
|
|
+
|
|
|
+ o Minor bugfixes (consensus weight):
|
|
|
+ - Add new consensus method that initializes bw weights to 1 instead
|
|
|
+ of 0. This prevents a zero weight from making it all the way to
|
|
|
+ the end (happens in small testing networks) and causing an error.
|
|
|
+ Fixes bug 14881; bugfix on 0.2.2.17-alpha.
|
|
|
+
|
|
|
+ o Minor bugfixes (descriptors):
|
|
|
+ - Correctly recognise downloaded full descriptors as valid, even
|
|
|
+ when using microdescriptors as circuits. This affects clients with
|
|
|
+ FetchUselessDescriptors set, and may affect directory authorities.
|
|
|
+ Fixes bug 20839; bugfix on commit 6083276 in 0.2.3.2-alpha.
|
|
|
+
|
|
|
+ o Minor bugfixes (directory downloads):
|
|
|
+ - Download all consensus flavors, descriptors, and authority
|
|
|
+ certificates when FetchUselessDescriptors is set, regardless of
|
|
|
+ whether tor is a directory cache or not. Fixes bug 20667; bugfix
|
|
|
+ on all recent tor versions.
|
|
|
+
|
|
|
+ o Minor bugfixes (directory system):
|
|
|
+ - Bridges and relays now use microdescriptors (like clients do)
|
|
|
+ rather than old-style router descriptors. Now bridges will blend
|
|
|
+ in with clients in terms of the circuits they build. Fixes bug
|
|
|
+ 6769; bugfix on 0.2.3.2-alpha.
|
|
|
+
|
|
|
+ o Minor bugfixes (ed25519 certificates):
|
|
|
+ - Correctly interpret ed25519 certificates that would expire some
|
|
|
+ time after 19 Jan 2038. Fixes bug 20027; bugfix on 0.2.7.2-alpha.
|
|
|
+
|
|
|
+ o Minor bugfixes (hidden services):
|
|
|
+ - Stop ignoring duplicate hidden services when validating: this
|
|
|
+ could lead to a crash when those services were created. Fixes bug
|
|
|
+ 20860; bugfix on 20559; not in any released version of tor.
|
|
|
+ - Stop ignoring misconfigured hidden services. Instead, refuse to
|
|
|
+ start tor until the misconfigurations have been corrected. Fixes
|
|
|
+ bug 20559; bugfix on multiple commits in 0.2.7.1-alpha
|
|
|
+ and earlier.
|
|
|
+
|
|
|
+ o Minor bugfixes (memory leak at exit):
|
|
|
+ - Fix a small harmless memory leak at exit of the previously unused
|
|
|
+ RSA->Ed identity cross-certificate. Fixes bug 17779; bugfix
|
|
|
+ on 0.2.7.2-alpha.
|
|
|
+
|
|
|
+ o Minor bugfixes (Windows):
|
|
|
+ - Check for getpagesize before using it to mmap files. This fixes
|
|
|
+ compilation in some MinGW environments. Fixes bug 20530; bugfix on
|
|
|
+ 0.1.2.1-alpha. Reported by "ice".
|
|
|
+
|
|
|
+ o Code simplification and refactoring:
|
|
|
+ - Abolish all global guard context in entrynodes.c; replace with new
|
|
|
+ guard_selection_t structure as preparation for proposal 271.
|
|
|
+ Closes ticket 19858.
|
|
|
+ - Introduce rend_service_is_ephemeral() that tells if given onion
|
|
|
+ service is ephemeral. Replace unclear NULL-checkings for service
|
|
|
+ directory with this function. Closes ticket 20526.
|
|
|
+ - Extract magic numbers in circuituse.c into defined variables.
|
|
|
+ - Refactor circuit_is_available_for_use to remove unnecessary check.
|
|
|
+ - Refactor circuit_predict_and_launch_new for readability and
|
|
|
+ testability. Closes ticket 18873.
|
|
|
+ - Refactor large if statement in purpose_needs_anonymity to use
|
|
|
+ switch statement instead. Closes part of ticket 20077.
|
|
|
+ - Refactor the hashing API to return negative values for errors, as
|
|
|
+ is done as throughout the codebase. Closes ticket 20717.
|
|
|
+ - Remove data structures that were used to index or_connection
|
|
|
+ objects by their RSA identity digests. These structures are fully
|
|
|
+ redundant with the similar structures used in the
|
|
|
+ channel abstraction.
|
|
|
+ - Remove duplicate code in the channel_write_*cell() functions.
|
|
|
+ Closes ticket 13827; patch from Pingl.
|
|
|
+ - Remove redundant behavior of is_sensitive_dir_purpose, refactor to
|
|
|
+ use only purpose_needs_anonymity. Closes part of ticket 20077.
|
|
|
+ - The code to generate and parse EXTEND and EXTEND2 cells has been
|
|
|
+ replaced with code automatically generated by the
|
|
|
+ "trunnel" utility.
|
|
|
+
|
|
|
+ o Documentation:
|
|
|
+ - Include the "TBits" unit in Tor's man page. Fixes part of bug
|
|
|
+ 20622; bugfix on tor-0.2.5.1-alpha.
|
|
|
+ - Change '1' to 'weight_scale' in consensus bw weights calculation
|
|
|
+ comments, as that is reality. Closes ticket 20273. Patch
|
|
|
+ from pastly.
|
|
|
+ - Set the default value from 250 KBytes to 2 MBytes for
|
|
|
+ AuthDirGuardBWGuarantee in the man page which is what the code is
|
|
|
+ using; Fixes bug 20435; bugfix on tor-0.2.5.6-alpha.
|
|
|
+ - Stop the man page from ncorrectly stating that HiddenServiceDir
|
|
|
+ must already exist. This is not true. Fixes 20486.
|
|
|
+ - Clarify that when `ClientRejectInternalAddresses` is enabled
|
|
|
+ (which is the default), multicast DNS hostnames for machines on
|
|
|
+ the local network (of the form *.local) are also rejected. Closes
|
|
|
+ ticket 17070.
|
|
|
+
|
|
|
+ o Removed features:
|
|
|
+ - The AuthDirMaxServersPerAuthAddr option no longer exists: The same
|
|
|
+ limit for relays running on a single IP applies to authority IP
|
|
|
+ addresses as well as to non-authority IP addresses. Closes
|
|
|
+ ticket 20960.
|
|
|
+ - The UseDirectoryGuards torrc options is no longer present: all
|
|
|
+ users that use entry guards will also use directory guards.
|
|
|
+ Related to proposal 271; implements part of ticket 20831.
|
|
|
+
|
|
|
+ o Testing:
|
|
|
+ - New unit tests for tor_htonll(). Closes ticket 19563. Patch
|
|
|
+ from "overcaffeinated".
|
|
|
+ - Perform the coding style checks when running the tests and fail
|
|
|
+ when coding style violations are found. Closes ticket 5500.
|
|
|
|
|
|
|
|
|
Changes in version 0.2.8.12 - 2016-12-19
|
Nick Mathewson