|
@@ -1,3 +1,221 @@
|
|
|
+Changes in version 0.2.9.3-alpha - 2016-09-2?
|
|
|
+ Tor 0.2.9.3-alpha adds improved support for entities that
|
|
|
+ want to make high-performance services available through the Tor .onion
|
|
|
+ mechanism without themselves receiving anonymity as they host those
|
|
|
+ services. It also tries harder to ensure that all steps on a circuit are
|
|
|
+ using the strongest crypto possible, strengthens some TLS properties, and
|
|
|
+ resolves several bugs -- including a pair of crash bugs from the 0.2.8
|
|
|
+ series. Anybody running an earlier version of 0.2.9.x should upgrade.
|
|
|
+
|
|
|
+ XXXXX Add items from the 0.2.8.8 changelog.
|
|
|
+
|
|
|
+ o Major features (circuit building, security):
|
|
|
+ - Authorities, relays and clients specifically check that each
|
|
|
+ descriptor has an ntor key.
|
|
|
+ - Circuit-building code assumes that all hops can use ntor,
|
|
|
+ except for rare hidden service protocol cases.
|
|
|
+ - Client code never chooses nodes without ntor keys: they will not
|
|
|
+ be selected during circuit-building, or as guards, or as directory
|
|
|
+ mirrors, or as introduction or rendezvous points.
|
|
|
+ - Clients avoid downloading a descriptor if the relay version is
|
|
|
+ too old to support ntor.
|
|
|
+ - Tor authorities, relays, and clients only use ntor, except for
|
|
|
+ rare cases in the hidden service protocol.
|
|
|
+
|
|
|
+ o Major features (onion services):
|
|
|
+ - Add experimental HiddenServiceSingleHopMode and
|
|
|
+ HiddenServiceNonAnonymousMode options. When both are set to 1, every
|
|
|
+ hidden service on a tor instance becomes a non-anonymous Single Onion
|
|
|
+ Service. Single Onions make one-hop (direct) connections to their
|
|
|
+ introduction and renzedvous points. One-hop circuits make Single Onion
|
|
|
+ servers easily locatable, but clients remain location-anonymous.
|
|
|
+ This is compatible with the existing hidden service implementation, and
|
|
|
+ works on the current tor network without any changes to older relays or
|
|
|
+ clients.
|
|
|
+ Implements proposal 260, completes ticket 17178. Patch by teor and asn.
|
|
|
+
|
|
|
+ o Major features (resource management):
|
|
|
+ - Tor now includes support for noticing when we are about to run out of
|
|
|
+ sockets, and preemptively closing connections of lower priority.
|
|
|
+ (This feature is off by default for now, since the current prioritizing
|
|
|
+ method is not mature enough yet. You can enable it by setting
|
|
|
+ "DisableOOSCheck 0".) Closes ticket 18640.
|
|
|
+
|
|
|
+ o Major bugfixes (circuit building):
|
|
|
+ - Hidden service client-to-intro-point and service-to-rendezvous-point
|
|
|
+ cicruitss use the TAP key supplied by the protocol, to avoid
|
|
|
+ epistemic attacks.
|
|
|
+ Fixes bug 19163; bugfix on 0.2.4.18-rc.
|
|
|
+
|
|
|
+ o Major bugfixes (compilation, OpenBSD):
|
|
|
+ - Fix a Libevent-detection bug in our autoconf script that would
|
|
|
+ prevent Tor from linking successfully on OpenBSD. Patch from
|
|
|
+ rubiate. Fixes bug 19902; bugfix on 0.2.9.1-alpha.
|
|
|
+
|
|
|
+ o Major bugfixes (hidden services):
|
|
|
+ - Clients require hidden services to include the TAP keys
|
|
|
+ for their intro points in the hidden service descriptor.
|
|
|
+ This prevents an inadvertent upgrade to ntor, which a
|
|
|
+ malicious hidden service could use to discover which
|
|
|
+ consensus a client has.
|
|
|
+ Fixes bug 20012; bugfix on 0.2.4.8-alpha. Patch by teor.
|
|
|
+
|
|
|
+ o Minor feature (port flags):
|
|
|
+ - Add *Port flags NoDNSRequest and NoOnionTraffic, and
|
|
|
+ the synthetic flag OnionTrafficOnly, which is equivalent to
|
|
|
+ NoDNSRequest, NoIPv4Traffic, and NoIPv6Traffic.
|
|
|
+ Closes enhancement 18693; patch by "teor".
|
|
|
+
|
|
|
+ o Minor features (testing, ipv6):
|
|
|
+ - Add the single-onion and single-onion-ipv6 chutney targets to
|
|
|
+ make test-network-all. This requires a recent chutney version
|
|
|
+ with the single onion network flavours (git c72a652 or later).
|
|
|
+ Closes ticket 20072; patch by teor.
|
|
|
+ - Add the hs-ipv6 chutney target to make test-network-all's IPv6
|
|
|
+ tests. Remove bridges+hs, as it's somewhat redundant.
|
|
|
+ This requires a recent chutney version that supports IPv6 clients,
|
|
|
+ relays, and authorities.
|
|
|
+ Closes ticket 20069; patch by teor.
|
|
|
+
|
|
|
+ o Minor features (directory authority):
|
|
|
+ - After voting, if the authorities decide that a relay is not "Valid",
|
|
|
+ they no longer include it in the consensus at all. Closes ticket
|
|
|
+ 20002; implements part of proposal 272.
|
|
|
+
|
|
|
+ o Minor features (security, TLS):
|
|
|
+ - Servers no longer support clients that do not provide AES
|
|
|
+ ciphersuites. (3DES is no longer considered an acceptable
|
|
|
+ cipher.) We believe that no such clients currently exist,
|
|
|
+ since we have required OpenSSL 0.9.7 or later since 2009.
|
|
|
+ Closes ticket 19998.
|
|
|
+
|
|
|
+ o Minor features (testing):
|
|
|
+ - Disable memory protections on OpenBSD when testing memwipe().
|
|
|
+ The test deliberately invokes undefined behaviour which the
|
|
|
+ protections interfere with. Patch from "rubiate". Closes ticket
|
|
|
+ 20066.
|
|
|
+
|
|
|
+ o Minor features (Tor2web):
|
|
|
+ - Make Tor2web clients respect ReachableAddresses.
|
|
|
+ This feature was inadvertently enabled in 0.2.8.6, then removed
|
|
|
+ by bugfix 19973 on 0.2.8.7.
|
|
|
+ Implements feature 20034. Patch by teor.
|
|
|
+
|
|
|
+ o Minor features (unit tests):
|
|
|
+ - Our link-handshake unit tests now check, that when invalid
|
|
|
+ handshakes fail, they fail with the error messages we
|
|
|
+ expected.
|
|
|
+ - Our unit testing code that captures log messages no longer prevents
|
|
|
+ them from being written out if the user asked for them (by passing
|
|
|
+ --debug or --info or or --notice --warn to the "test" binary). This
|
|
|
+ change will prevent us from missing unexpected log messages simply
|
|
|
+ because we were looking for others. Related to ticket 19999.
|
|
|
+ - The unit tests now log all warning messages with the "BUG" flag.
|
|
|
+ Previously, they only logged errors by default. This change will
|
|
|
+ help us make our testing code more correct, and make sure that
|
|
|
+ we only hit this code when we mean to. This is preparatory work
|
|
|
+ for ticket 19999.
|
|
|
+ - The unit tests now treat any failure of a "tor_assert_nonfatal()"
|
|
|
+ assertion as a test failure.
|
|
|
+ - We've done significant work to make the unit tests run faster.
|
|
|
+
|
|
|
+ o Minor bug fixes (circuits):
|
|
|
+ - Use CircuitBuildTimeout whenever LearnCircuitBuildTimeout is disabled.
|
|
|
+ Fixes bug 19678; bugfix on commit 5b0b51ca3 in 0.2.4.12-alpha. Patch by teor.
|
|
|
+
|
|
|
+ o Minor bugfixes (options):
|
|
|
+ - Check the consistency of UseEntryGuards and EntryNodes more reliably.
|
|
|
+ Fixes bug 20074; bugfix on commit 686aaa5c in tor-0.2.4.12-alpha. Patch by teor.
|
|
|
+ - Stop changing the configured value of UseEntryGuards on authorities
|
|
|
+ and Tor2web clients.
|
|
|
+ Fixes bug 20074; bugfix on commits 51fc6799 in tor-0.1.1.16-rc and
|
|
|
+ acda1735 in tor-0.2.4.3-alpha. Patch by teor.
|
|
|
+
|
|
|
+ o Minor bugfixes (Tor2web):
|
|
|
+ - Prevent Tor2web clients running hidden services, these services are
|
|
|
+ not anonymous due to the one-hop client paths.
|
|
|
+ Fixes bug 19678. Patch by teor.
|
|
|
+
|
|
|
+ o Minor bugfixes (allocation):
|
|
|
+ - Change how we allocate memory for large chunks on buffers, to avoid
|
|
|
+ a (currently impossible) integer overflow, and to waste less space
|
|
|
+ when allocating unusually large chunks. Fixes bug 20081; bugfix on
|
|
|
+ 0.2.0.16-alpha. Issue identified by Guido Vranken.
|
|
|
+ - Always include orconfig.h before including any other C headers.
|
|
|
+ Sometimes, it includes macros that affect the behavior of the
|
|
|
+ standard headers. Fixes bug 19767; bugfix on 0.2.9.1-alpha (the first
|
|
|
+ version to use AC_USE_SYSTEM_EXTENSIONS).
|
|
|
+ - Fix a syntax error in the IF_BUG_ONCE__() macro in non-
|
|
|
+ GCC-compatible compilers. Fixes bug 20141; bugfix on
|
|
|
+ 0.2.9.1-alpha. Patch from Gisle Vanem.
|
|
|
+ - Stop trying to build with Clang 4.0's -Wthread-safety
|
|
|
+ warnings. They apparently require a set of annotations that we
|
|
|
+ aren't currently using, and they create false positives in our
|
|
|
+ pthreads wrappers. Fixes bug 20110; bugfix on 0.2.9.1-alpha.
|
|
|
+
|
|
|
+ o Minor bugfixes (directory authority):
|
|
|
+ - Die with a useful error when the operator forgets to place the
|
|
|
+ authority_signing_key file into the keys directory. This avoids an
|
|
|
+ uninformative assert & traceback about having an invalid key.
|
|
|
+ Fixes bug 20065; bugfix on 0.2.0.1-alpha.
|
|
|
+ - When allowing private addresses, mark Exits that only exit to
|
|
|
+ private locations as such. Fixes bug 20064; bugfix on
|
|
|
+ 0.2.2.9-alpha.
|
|
|
+
|
|
|
+ o Minor bugfixes (documentation):
|
|
|
+ - Document the default PathsNeededToBuildCircuits value that's
|
|
|
+ used by clients when the directory authorities don't set
|
|
|
+ min_paths_for_circs_pct.
|
|
|
+ Fixes bug 20117; bugfix on 02c320916e02 in tor-0.2.4.10-alpha.
|
|
|
+ Patch by teor, reported by Jesse V.
|
|
|
+ - Fix manual for the User option: it takes a username, not a UID.
|
|
|
+ Fixes bug 19122; bugfix on 0.0.2pre16 (the first version to have
|
|
|
+ a manpage!).
|
|
|
+
|
|
|
+ o Minor bugfixes (hidden services):
|
|
|
+ - Stop logging intro point details to the client log on
|
|
|
+ certain error conditions.
|
|
|
+ Fixed as part of bug 20012; bugfix on 0.2.4.8-alpha.
|
|
|
+ Patch by teor.
|
|
|
+
|
|
|
+ o Minor bugfixes (IPv6, testing):
|
|
|
+ - Check for IPv6 correctly on Linux when running test networks.
|
|
|
+ Fixes bug 19905; bugfix on 0.2.7.3-rc; patch by teor.
|
|
|
+
|
|
|
+ o Minor bugfixes (Linux seccomp2 sandbox):
|
|
|
+ - Add permission to run the sched_yield() and sigaltstack() system
|
|
|
+ calls, in order to support versions of Tor compiled with
|
|
|
+ asan or ubsan code that use these calls. Now "sandbox 1" and
|
|
|
+ "--enable-expensive-hardening" should be compatible.
|
|
|
+ Fixes bug 20063; bugfix on 0.2.5.1-alpha.
|
|
|
+
|
|
|
+ o Minor bugfixes (logging):
|
|
|
+ - When logging a message from the BUG() macro, be explicit about what
|
|
|
+ we were asserting. Previously we were confusing what we were asserting
|
|
|
+ with what the bug was. Fixes bug 20093; bugfix on 0.2.9.1-alpha.
|
|
|
+ - When we are unable to remove the bw_accounting file, do not warn
|
|
|
+ if the reason we couldn't remove it was that it didn't exist.
|
|
|
+ Fixes bug 19964; bugfix on 0.2.5.4-alpha. Patch
|
|
|
+ from 'pastly'.
|
|
|
+
|
|
|
+ o Minor bugfixes (option parsing):
|
|
|
+ - Count unix sockets when counting client listeners (SOCKS, Trans,
|
|
|
+ NATD, and DNS). This has no user-visible behaviour changes: these
|
|
|
+ options are set once, and never read.
|
|
|
+ Required for correct behaviour in ticket 17178.
|
|
|
+ Fixes bug 19677; bugfix on 0.2.6.3-alpha. Patch by teor.
|
|
|
+
|
|
|
+ o Minor bugfixes (unit tests):
|
|
|
+ - Fix shared random unit test that was failing on big endian architecture
|
|
|
+ due to internal representation of a integer copied to a buffer. The test
|
|
|
+ is changed to take a full 32 bytes of data and use the output of a
|
|
|
+ python script that make the COMMIT and REVEAL calculation according to
|
|
|
+ the spec. Fixes bug 19977; bugfix on tor-0.2.9.1-alpha.
|
|
|
+ - The tor_tls_server_info_callback unit test no longer crashes when
|
|
|
+ debug-level logging is turned on. Fixes bug 20041; bugfix on
|
|
|
+ 0.2.8.1-alpha.
|
|
|
+
|
|
|
+
|
|
|
Changes in version 0.2.9.2-alpha - 2016-08-24
|
|
|
Tor 0.2.9.2-alpha continues development of the 0.2.9 series with
|
|
|
several new features and bugfixes. It also includes an important
|