|
@@ -15,32 +15,43 @@ Changes in version 0.2.7.2-alpha - 2015-07-2?
|
|
|
that it can be kept offline. Relays also generate an online
|
|
that it can be kept offline. Relays also generate an online
|
|
|
signing key, and a set of other Ed25519 keys and certificates.
|
|
signing key, and a set of other Ed25519 keys and certificates.
|
|
|
These are all automatically regenerated and rotated as needed.
|
|
These are all automatically regenerated and rotated as needed.
|
|
|
|
|
+ Implements part of ticket 12498.
|
|
|
- Directory authorities now vote on Ed25519 identity keys along with
|
|
- Directory authorities now vote on Ed25519 identity keys along with
|
|
|
- RSA1024 keys.
|
|
|
|
|
|
|
+ RSA1024 keys. Implements part of ticket 12498.
|
|
|
- Directory authorities track which Ed25519 identity keys have been
|
|
- Directory authorities track which Ed25519 identity keys have been
|
|
|
used with which RSA1024 identity keys, and do not allow them to
|
|
used with which RSA1024 identity keys, and do not allow them to
|
|
|
- vary freely.
|
|
|
|
|
- - Microdescriptors now include ed25519 identity keys.
|
|
|
|
|
|
|
+ vary freely. Implements part of ticket 12498.
|
|
|
|
|
+ - Microdescriptors now include ed25519 identity keys. Implements
|
|
|
|
|
+ part of ticket 12498.
|
|
|
- Add support for offline encrypted ed25519 master keys. To use this
|
|
- Add support for offline encrypted ed25519 master keys. To use this
|
|
|
feature on your tor relay, run "tor --keygen" to make a new master
|
|
feature on your tor relay, run "tor --keygen" to make a new master
|
|
|
key (or to make a new signing key if you already have a master
|
|
key (or to make a new signing key if you already have a master
|
|
|
key). Closes ticket 13642.
|
|
key). Closes ticket 13642.
|
|
|
|
|
|
|
|
o Major features (Hidden services):
|
|
o Major features (Hidden services):
|
|
|
- - Add the torrc option HiddenServiceNumIntroductionPoints for an
|
|
|
|
|
- operator to specify a fix amount of introduction points. Maximum
|
|
|
|
|
- value is 10 and default is 3. Closes ticket 4862.
|
|
|
|
|
|
|
+ - Add the torrc option HiddenServiceNumIntroductionPoints, to
|
|
|
|
|
+ specify a fixed amount of introduction points. Its maximum value
|
|
|
|
|
+ is 10 and default is 3. Closes ticket 4862.
|
|
|
- Remove the adaptive algorithm for chosing the number of
|
|
- Remove the adaptive algorithm for chosing the number of
|
|
|
introduction points, which tended to leak popularity information
|
|
introduction points, which tended to leak popularity information
|
|
|
by changing the amount of introduction points depending on the
|
|
by changing the amount of introduction points depending on the
|
|
|
amount of traffic the HS sees. Closes ticket 4862.
|
|
amount of traffic the HS sees. Closes ticket 4862.
|
|
|
|
|
|
|
|
o Major features (onion key cross-certification):
|
|
o Major features (onion key cross-certification):
|
|
|
- - Relay descriptors now include signatures of the identity keys
|
|
|
|
|
- using the TAP and ntor onion keys. This allows relays to prove
|
|
|
|
|
- ownership of their own onion keys. Because of this change,
|
|
|
|
|
- microdescriptors no longer need to include RSA identity keys.
|
|
|
|
|
- Implements proposal 228; closes ticket 12499.
|
|
|
|
|
|
|
+ - Relay descriptors now include signatures of their own identity
|
|
|
|
|
+ keys, made using the TAP and ntor onion keys. These signatures
|
|
|
|
|
+ allow relays to prove ownership of their own onion keys. Because
|
|
|
|
|
+ of this change, microdescriptors will no longer need to include
|
|
|
|
|
+ RSA identity keys. Implements proposal 228; closes ticket 12499.
|
|
|
|
|
+
|
|
|
|
|
+ o Major features (performance):
|
|
|
|
|
+ - Improve the runtime speed of Ed25519 operations by using the
|
|
|
|
|
+ public-domain ed25519-donna by Andrew M. ("floodyberry").
|
|
|
|
|
+ Implements ticket 16467.
|
|
|
|
|
+ - Improve the runtime speed of the ntor handshake by using an
|
|
|
|
|
+ optimized curve25519 basepoint scalarmult implementation from the
|
|
|
|
|
+ public-domain ed25519-donna by Andrew M. ("floodyberry"), based on
|
|
|
|
|
+ ideas by Adam Langley. Implements ticket 9663.
|
|
|
|
|
|
|
|
o Major bugfixes (client-side privacy, also in 0.2.6.9):
|
|
o Major bugfixes (client-side privacy, also in 0.2.6.9):
|
|
|
- Properly separate out each SOCKSPort when applying stream
|
|
- Properly separate out each SOCKSPort when applying stream
|
|
@@ -59,13 +70,21 @@ Changes in version 0.2.7.2-alpha - 2015-07-2?
|
|
|
of a setback. First-round fix for bug 16381; bugfix
|
|
of a setback. First-round fix for bug 16381; bugfix
|
|
|
on 0.2.6.3-alpha.
|
|
on 0.2.6.3-alpha.
|
|
|
|
|
|
|
|
|
|
+ o Major bugfixes (hidden services):
|
|
|
|
|
+ - When cannibalizing a circuit for an introduction point, always
|
|
|
|
|
+ extend to the chosen exit node (creating a 4 hop circuit).
|
|
|
|
|
+ Previously Tor would use the current circuit exit node, which
|
|
|
|
|
+ changed the original choice of introduction point, and could cause
|
|
|
|
|
+ the hidden service to skip excluded introduction points or
|
|
|
|
|
+ reconnect to a skipped introduction point. Fixes bug 16260; bugfix
|
|
|
|
|
+ on 0.1.0.1-rc.
|
|
|
|
|
+
|
|
|
o Major bugfixes (open file limit):
|
|
o Major bugfixes (open file limit):
|
|
|
- - The max open file limit wasn't checked before calling
|
|
|
|
|
- tor_accept_socket_nonblocking() which made tor go beyond the open
|
|
|
|
|
- file limit set previously. With this fix, before opening a new
|
|
|
|
|
- socket, tor validates the open file limit just before and if the
|
|
|
|
|
- max has been reached, return EMFILE. Fixes bug 16288; bugfix
|
|
|
|
|
- on 0.1.1.1-alpha.
|
|
|
|
|
|
|
+ - The open file limit wasn't checked before calling
|
|
|
|
|
+ tor_accept_socket_nonblocking(), which would made Tor exceed the
|
|
|
|
|
+ limit. Now, before opening a new socket, Tor validates the open
|
|
|
|
|
+ file limit just before, and if the max has been reached, return an
|
|
|
|
|
+ error. Fixes bug 16288; bugfix on 0.1.1.1-alpha.
|
|
|
|
|
|
|
|
o Major bugfixes (stability, also in 0.2.6.10):
|
|
o Major bugfixes (stability, also in 0.2.6.10):
|
|
|
- Stop crashing with an assertion failure when parsing certain kinds
|
|
- Stop crashing with an assertion failure when parsing certain kinds
|
|
@@ -86,17 +105,18 @@ Changes in version 0.2.7.2-alpha - 2015-07-2?
|
|
|
hours uptime requirement for HSDir. Implements ticket 8243.
|
|
hours uptime requirement for HSDir. Implements ticket 8243.
|
|
|
|
|
|
|
|
o Minor features (client):
|
|
o Minor features (client):
|
|
|
- - Relax the validation done to hostnames in SOCKS5 requests, and
|
|
|
|
|
- allow '_' to cope with domains observed in the wild that are
|
|
|
|
|
- serving non-RFC compliant records. Resolves ticket 16430.
|
|
|
|
|
|
|
+ - Relax the validation of hostnames in SOCKS5 requests, allowing the
|
|
|
|
|
+ character '_' to appear, in order to cope with domains observed in
|
|
|
|
|
+ the wild that are serving non-RFC compliant records. Resolves
|
|
|
|
|
+ ticket 16430.
|
|
|
- Add GroupWritable and WorldWritable options to unix-socket based
|
|
- Add GroupWritable and WorldWritable options to unix-socket based
|
|
|
SocksPort and ControlPort options. These options apply to a single
|
|
SocksPort and ControlPort options. These options apply to a single
|
|
|
socket, and override {Control,Socks}SocketsGroupWritable. Closes
|
|
socket, and override {Control,Socks}SocketsGroupWritable. Closes
|
|
|
ticket 15220.
|
|
ticket 15220.
|
|
|
|
|
|
|
|
o Minor features (control protocol):
|
|
o Minor features (control protocol):
|
|
|
- - Support network-liveness GETINFO key and NETWORK_LIVENESS events
|
|
|
|
|
- in the control protocol. Resolves ticket 15358.
|
|
|
|
|
|
|
+ - Support network-liveness GETINFO key and NETWORK_LIVENESS event in
|
|
|
|
|
+ the control protocol. Resolves ticket 15358.
|
|
|
|
|
|
|
|
o Minor features (directory authorities):
|
|
o Minor features (directory authorities):
|
|
|
- Directory authorities no longer vote against the "Fast", "Stable",
|
|
- Directory authorities no longer vote against the "Fast", "Stable",
|
|
@@ -116,15 +136,6 @@ Changes in version 0.2.7.2-alpha - 2015-07-2?
|
|
|
optionally tear down the circuit when the limit is exceeded. Part
|
|
optionally tear down the circuit when the limit is exceeded. Part
|
|
|
of ticket 16052.
|
|
of ticket 16052.
|
|
|
|
|
|
|
|
- o Minor features (performance):
|
|
|
|
|
- - Improve the runtime speed of Ed25519 operations by using the
|
|
|
|
|
- public-domain ed25519-donna by Andrew M. ("floodyberry").
|
|
|
|
|
- Implements ticket 16467.
|
|
|
|
|
- - Improve the runtime speed of the ntor handshake by using an
|
|
|
|
|
- optimized curve25519 basepoint scalarmult implementation from the
|
|
|
|
|
- public-domain ed25519-donna by Andrew M. ("floodyberry"), based on
|
|
|
|
|
- ideas by Adam Langley. Implements ticket 9663.
|
|
|
|
|
-
|
|
|
|
|
o Minor features (portability):
|
|
o Minor features (portability):
|
|
|
- Use C99 variadic macros when the compiler is not GCC. This avoids
|
|
- Use C99 variadic macros when the compiler is not GCC. This avoids
|
|
|
failing compilations on MSVC, and fixes a log-file-based race
|
|
failing compilations on MSVC, and fixes a log-file-based race
|
|
@@ -137,8 +148,8 @@ Changes in version 0.2.7.2-alpha - 2015-07-2?
|
|
|
|
|
|
|
|
o Minor bugfixes (controller):
|
|
o Minor bugfixes (controller):
|
|
|
- Add the descriptor ID in each HS_DESC control event. It was
|
|
- Add the descriptor ID in each HS_DESC control event. It was
|
|
|
- missing but specified in control-spec.txt. Fixes bug 15881; bugfix
|
|
|
|
|
- on 0.2.5.2-alpha.
|
|
|
|
|
|
|
+ missing, but specified in control-spec.txt. Fixes bug 15881;
|
|
|
|
|
+ bugfix on 0.2.5.2-alpha.
|
|
|
|
|
|
|
|
o Minor bugfixes (crypto error-handling, also in 0.2.6.10):
|
|
o Minor bugfixes (crypto error-handling, also in 0.2.6.10):
|
|
|
- Check for failures from crypto_early_init, and refuse to continue.
|
|
- Check for failures from crypto_early_init, and refuse to continue.
|
|
@@ -148,15 +159,6 @@ Changes in version 0.2.7.2-alpha - 2015-07-2?
|
|
|
when implementing ticket 4900. Patch by "teor".
|
|
when implementing ticket 4900. Patch by "teor".
|
|
|
|
|
|
|
|
o Minor bugfixes (hidden services):
|
|
o Minor bugfixes (hidden services):
|
|
|
- - When cannibalizing a circuit for an introduction point, always
|
|
|
|
|
- extend to the chosen exit node creating a 4 hop circuit instead of
|
|
|
|
|
- using the current circuit exit node which resulted in changing the
|
|
|
|
|
- original intro point choice. This resulted in the hidden service
|
|
|
|
|
- skipping excluded nodes like for instance reconnecting to an
|
|
|
|
|
- expired intro point. Fixes bug 16260; bugfix on 0.1.0.1-rc. This
|
|
|
|
|
- is particularly important for the introduction point retry
|
|
|
|
|
- behavior (see bug 8239) since cannibalization is allowed, which is
|
|
|
|
|
- desired, so it's important to pin the chosen exit point.
|
|
|
|
|
- Fix a crash when reloading configuration while at least one
|
|
- Fix a crash when reloading configuration while at least one
|
|
|
configured and one ephemeral hidden service exists. Fixes bug
|
|
configured and one ephemeral hidden service exists. Fixes bug
|
|
|
16060; bugfix on 0.2.7.1-alpha.
|
|
16060; bugfix on 0.2.7.1-alpha.
|
|
@@ -174,9 +176,10 @@ Changes in version 0.2.7.2-alpha - 2015-07-2?
|
|
|
on 0.2.6.3-alpha. Patch from "teor".
|
|
on 0.2.6.3-alpha. Patch from "teor".
|
|
|
|
|
|
|
|
o Minor bugfixes (Linux seccomp2 sandbox, also in 0.2.6.9):
|
|
o Minor bugfixes (Linux seccomp2 sandbox, also in 0.2.6.9):
|
|
|
- - Fix sandboxing to work when running as a relaymby renaming of
|
|
|
|
|
- secret_id_key, and allowing the eventfd2 and futex syscalls. Fixes
|
|
|
|
|
- bug 16244; bugfix on 0.2.6.1-alpha. Patch by Peter Palfrader.
|
|
|
|
|
|
|
+ - Fix sandboxing to work when running as a relay, by allowing the
|
|
|
|
|
+ renaming of secret_id_key, and allowing the eventfd2 and futex
|
|
|
|
|
+ syscalls. Fixes bug 16244; bugfix on 0.2.6.1-alpha. Patch by
|
|
|
|
|
+ Peter Palfrader.
|
|
|
- Allow systemd connections to work with the Linux seccomp2 sandbox
|
|
- Allow systemd connections to work with the Linux seccomp2 sandbox
|
|
|
code. Fixes bug 16212; bugfix on 0.2.6.2-alpha. Patch by
|
|
code. Fixes bug 16212; bugfix on 0.2.6.2-alpha. Patch by
|
|
|
Peter Palfrader.
|
|
Peter Palfrader.
|
|
@@ -188,12 +191,6 @@ Changes in version 0.2.7.2-alpha - 2015-07-2?
|
|
|
o Minor bugfixes (tests):
|
|
o Minor bugfixes (tests):
|
|
|
- Use the configured Python executable when running test-stem-full.
|
|
- Use the configured Python executable when running test-stem-full.
|
|
|
Fixes bug 16470; bugfix on 0.2.7.1-alpha.
|
|
Fixes bug 16470; bugfix on 0.2.7.1-alpha.
|
|
|
- - Document use of coverity, clang static analyzer, and clang dynamic
|
|
|
|
|
- undefined behavior and address sanitizers in doc/HACKING. Add
|
|
|
|
|
- clang dynamic sanitizer blacklist in
|
|
|
|
|
- contrib/clang/sanitizer_blacklist.txt to exempt known undefined
|
|
|
|
|
- behavior. Include detailed usage instructions in the blacklist.
|
|
|
|
|
- Patch by "teor". Closes ticket 15817.
|
|
|
|
|
|
|
|
|
|
o Minor bugfixes (tests, also in 0.2.6.9):
|
|
o Minor bugfixes (tests, also in 0.2.6.9):
|
|
|
- Fix a crash in the unit tests when built with MSVC2013. Fixes bug
|
|
- Fix a crash in the unit tests when built with MSVC2013. Fixes bug
|
|
@@ -202,7 +199,7 @@ Changes in version 0.2.7.2-alpha - 2015-07-2?
|
|
|
o Minor bugfixes (threads, comments):
|
|
o Minor bugfixes (threads, comments):
|
|
|
- Always initialize return value in compute_desc_id in rendcommon.c
|
|
- Always initialize return value in compute_desc_id in rendcommon.c
|
|
|
Patch by "teor". Fixes part of bug 16115; bugfix on 0.2.7.1-alpha.
|
|
Patch by "teor". Fixes part of bug 16115; bugfix on 0.2.7.1-alpha.
|
|
|
- - Check for NULL values in getinfo_helper_onions Patch by "teor".
|
|
|
|
|
|
|
+ - Check for NULL values in getinfo_helper_onions(). Patch by "teor".
|
|
|
Fixes part of bug 16115; bugfix on 0.2.7.1-alpha.
|
|
Fixes part of bug 16115; bugfix on 0.2.7.1-alpha.
|
|
|
- Remove undefined directive-in-macro in test_util_writepid clang
|
|
- Remove undefined directive-in-macro in test_util_writepid clang
|
|
|
3.7 complains that using a preprocessor directive inside a macro
|
|
3.7 complains that using a preprocessor directive inside a macro
|
|
@@ -235,6 +232,12 @@ Changes in version 0.2.7.2-alpha - 2015-07-2?
|
|
|
authorities have long set it to 1. Closes ticket 16543.
|
|
authorities have long set it to 1. Closes ticket 16543.
|
|
|
|
|
|
|
|
o Testing:
|
|
o Testing:
|
|
|
|
|
+ - Document use of coverity, clang static analyzer, and clang dynamic
|
|
|
|
|
+ undefined behavior and address sanitizers in doc/HACKING. Add
|
|
|
|
|
+ clang dynamic sanitizer blacklist in
|
|
|
|
|
+ contrib/clang/sanitizer_blacklist.txt to exempt known undefined
|
|
|
|
|
+ behavior. Include detailed usage instructions in the blacklist.
|
|
|
|
|
+ Patch by "teor". Closes ticket 15817.
|
|
|
- The link authentication protocol code now has extensive tests.
|
|
- The link authentication protocol code now has extensive tests.
|
|
|
- The relay descriptor signature testing code now has
|
|
- The relay descriptor signature testing code now has
|
|
|
extensive tests.
|
|
extensive tests.
|
Nick Mathewson