|
@@ -2,6 +2,648 @@ This document summarizes new features and bugfixes in each stable
|
|
|
release of Tor. If you want to see more detailed descriptions of the
|
|
|
changes in each development snapshot, see the ChangeLog file.
|
|
|
|
|
|
+Changes in version 0.4.2.5 - 2019-12-??
|
|
|
+ Blurb blurb.
|
|
|
+
|
|
|
+ o Major features (directory authorities):
|
|
|
+ - Directory authorities now reject relays running all currently
|
|
|
+ deprecated release series. The currently supported release series
|
|
|
+ are: 0.2.9, 0.3.5, 0.4.0, 0.4.1, and 0.4.2. Closes ticket 31549.
|
|
|
+
|
|
|
+ o Major features (onion service v3, denial of service):
|
|
|
+ - Add onion service introduction denial of service defenses. Intro
|
|
|
+ points can now rate-limit client introduction requests, using
|
|
|
+ parameters that can be sent by the service within the
|
|
|
+ ESTABLISH_INTRO cell. If the cell extension for this is not used,
|
|
|
+ the intro point will honor the consensus parameters. Closes
|
|
|
+ ticket 30924.
|
|
|
+
|
|
|
+ o Major bugfixes (circuit build, guard):
|
|
|
+ - When considering upgrading circuits from "waiting for guard" to
|
|
|
+ "open", always ignore circuits that are marked for close.
|
|
|
+ Previously we could end up in the situation where a subsystem is
|
|
|
+ notified of a circuit opening, but the circuit is still marked for
|
|
|
+ close, leading to undesirable behavior. Fixes bug 30871; bugfix
|
|
|
+ on 0.3.0.1-alpha.
|
|
|
+
|
|
|
+ o Major bugfixes (crash, Linux, Android):
|
|
|
+ - Tolerate systems (including some Android installations) where
|
|
|
+ madvise and MADV_DONTDUMP are available at build-time, but not at
|
|
|
+ run time. Previously, these systems would notice a failed syscall
|
|
|
+ and abort. Fixes bug 31570; bugfix on 0.4.1.1-alpha.
|
|
|
+ - Tolerate systems (including some Linux installations) where
|
|
|
+ madvise and/or MADV_DONTFORK are available at build-time, but not
|
|
|
+ at run time. Previously, these systems would notice a failed
|
|
|
+ syscall and abort. Fixes bug 31696; bugfix on 0.4.1.1-alpha.
|
|
|
+
|
|
|
+ o Major bugfixes (embedded Tor):
|
|
|
+ - Avoid a possible crash when restarting Tor in embedded mode and
|
|
|
+ enabling a different set of publish/subscribe messages. Fixes bug
|
|
|
+ 31898; bugfix on 0.4.1.1-alpha.
|
|
|
+
|
|
|
+ o Major bugfixes (relay):
|
|
|
+ - Relays now respect their AccountingMax bandwidth again. When
|
|
|
+ relays entered "soft" hibernation (which typically starts when
|
|
|
+ we've hit 90% of our AccountingMax), we had stopped checking
|
|
|
+ whether we should enter hard hibernation. Soft hibernation refuses
|
|
|
+ new connections and new circuits, but the existing circuits can
|
|
|
+ continue, meaning that relays could have exceeded their configured
|
|
|
+ AccountingMax. Fixes bug 32108; bugfix on 0.4.0.1-alpha.
|
|
|
+
|
|
|
+ o Major bugfixes (torrc parsing):
|
|
|
+ - Stop ignoring torrc options after an %include directive, when the
|
|
|
+ included directory ends with a file that does not contain any
|
|
|
+ config options (but does contain comments or whitespace). Fixes
|
|
|
+ bug 31408; bugfix on 0.3.1.1-alpha.
|
|
|
+
|
|
|
+ o Major bugfixes (v3 onion services):
|
|
|
+ - Onion services now always use the exact number of intro points
|
|
|
+ configured with the HiddenServiceNumIntroductionPoints option (or
|
|
|
+ fewer if nodes are excluded). Before, a service could sometimes
|
|
|
+ pick more intro points than configured. Fixes bug 31548; bugfix
|
|
|
+ on 0.3.2.1-alpha.
|
|
|
+
|
|
|
+ o Minor feature (onion services, control port):
|
|
|
+ - The ADD_ONION command's keyword "BEST" now defaults to ED25519-V3
|
|
|
+ (v3) onion services. Previously it defaulted to RSA1024 (v2).
|
|
|
+ Closes ticket 29669.
|
|
|
+
|
|
|
+ o Minor features (auto-formatting scripts):
|
|
|
+ - When annotating C macros, never generate a line that our check-
|
|
|
+ spaces script would reject. Closes ticket 31759.
|
|
|
+ - When annotating C macros, try to remove cases of double-negation.
|
|
|
+ Closes ticket 31779.
|
|
|
+
|
|
|
+ o Minor features (best practices tracker):
|
|
|
+ - Our best-practices tracker now integrates with our include-checker
|
|
|
+ tool to keep track of how many layering violations we have not yet
|
|
|
+ fixed. We hope to reduce this number over time to improve Tor's
|
|
|
+ modularity. Closes ticket 31176.
|
|
|
+ - Add a TOR_PRACTRACKER_OPTIONS variable for passing arguments to
|
|
|
+ practracker from the environment. We may want this for continuous
|
|
|
+ integration. Closes ticket 31309.
|
|
|
+ - Give a warning rather than an error when a practracker exception
|
|
|
+ is violated by a small amount, add a --list-overbroad option to
|
|
|
+ practracker that lists exceptions that are stricter than they need
|
|
|
+ to be, and provide an environment variable for disabling
|
|
|
+ practracker. Closes ticket 30752.
|
|
|
+ - Our best-practices tracker now looks at headers as well as C
|
|
|
+ files. Closes ticket 31175.
|
|
|
+
|
|
|
+ o Minor features (build system):
|
|
|
+ - Make pkg-config use --prefix when cross-compiling, if
|
|
|
+ PKG_CONFIG_PATH is not set. Closes ticket 32191.
|
|
|
+ - Add --disable-manpage and --disable-html-manual options to
|
|
|
+ configure script. This will enable shortening build times by not
|
|
|
+ building documentation. Resolves issue 19381.
|
|
|
+
|
|
|
+ o Minor features (compilation):
|
|
|
+ - Log a more useful error message when we are compiling and one of
|
|
|
+ the compile-time hardening options we have selected can be linked
|
|
|
+ but not executed. Closes ticket 27530.
|
|
|
+
|
|
|
+ o Minor features (configuration):
|
|
|
+ - The configuration code has been extended to allow splitting
|
|
|
+ configuration data across multiple objects. Previously, all
|
|
|
+ configuration data needed to be kept in a single object, which
|
|
|
+ tended to become bloated. Closes ticket 31240.
|
|
|
+
|
|
|
+ o Minor features (continuous integration):
|
|
|
+ - When building on Appveyor and Travis, pass the "-k" flag to make,
|
|
|
+ so that we are informed of all compilation failures, not just the
|
|
|
+ first one or two. Closes ticket 31372.
|
|
|
+ - When running CI builds on Travis, put some random data in
|
|
|
+ ~/.torrc, to make sure no tests are reading the Tor configuration
|
|
|
+ file from its default location. Resolves issue 30102.
|
|
|
+
|
|
|
+ o Minor features (debugging):
|
|
|
+ - Log a nonfatal assertion failure if we encounter a configuration
|
|
|
+ line whose command is "CLEAR" but which has a nonempty value. This
|
|
|
+ should be impossible, according to the rules of our configuration
|
|
|
+ line parsing. Closes ticket 31529.
|
|
|
+
|
|
|
+ o Minor features (geoip):
|
|
|
+ - Update geoip and geoip6 to the November 6 2019 Maxmind GeoLite2
|
|
|
+ Country database. Closes ticket 32440.
|
|
|
+ - Update geoip and geoip6 to the October 1 2019 Maxmind GeoLite2
|
|
|
+ Country database. Closes ticket 31931.
|
|
|
+
|
|
|
+ o Minor features (git hooks):
|
|
|
+ - Our pre-commit git hook now checks for a special file before
|
|
|
+ running practracker, so that practracker only runs on branches
|
|
|
+ that are based on master. Since the pre-push hook calls the pre-
|
|
|
+ commit hook, practracker will also only run before pushes of
|
|
|
+ branches based on master. Closes ticket 30979.
|
|
|
+
|
|
|
+ o Minor features (git scripts):
|
|
|
+ - Add a "--" command-line argument, to separate git-push-all.sh
|
|
|
+ script arguments from arguments that are passed through to git
|
|
|
+ push. Closes ticket 31314.
|
|
|
+ - Add a -r <remote-name> argument to git-push-all.sh, so the script
|
|
|
+ can push test branches to a personal remote. Closes ticket 31314.
|
|
|
+ - Add a -t <test-branch-prefix> argument to git-merge-forward.sh and
|
|
|
+ git-push-all.sh, which makes these scripts create, merge forward,
|
|
|
+ and push test branches. Closes ticket 31314.
|
|
|
+ - Add a -u argument to git-merge-forward.sh, so that the script can
|
|
|
+ re-use existing test branches after a merge failure and fix.
|
|
|
+ Closes ticket 31314.
|
|
|
+ - Add a TOR_GIT_PUSH env var, which sets the default git push
|
|
|
+ command and arguments for git-push-all.sh. Closes ticket 31314.
|
|
|
+ - Add a TOR_PUSH_DELAY variable to git-push-all.sh, which makes the
|
|
|
+ script push master and maint branches with a delay between each
|
|
|
+ branch. These delays trigger the CI jobs in a set order, which
|
|
|
+ should show the most likely failures first. Also make pushes
|
|
|
+ atomic by default, and make the script pass any command-line
|
|
|
+ arguments to git push. Closes ticket 29879.
|
|
|
+ - Call the shellcheck script from the pre-commit hook. Closes
|
|
|
+ ticket 30967.
|
|
|
+ - Skip pushing test branches that are the same as a remote
|
|
|
+ maint/release/master branch in git-push-all.sh by default. Add a
|
|
|
+ -s argument, so git-push-all.sh can push all test branches. Closes
|
|
|
+ ticket 31314.
|
|
|
+
|
|
|
+ o Minor features (IPv6, logging):
|
|
|
+ - Log IPv6 addresses as well as IPv4 addresses when describing
|
|
|
+ routerinfos, routerstatuses, and nodes. Closes ticket 21003.
|
|
|
+
|
|
|
+ o Minor features (maintenance scripts):
|
|
|
+ - Add a Coccinelle script to detect bugs caused by incrementing or
|
|
|
+ decrementing a variable inside a call to log_debug(). Since
|
|
|
+ log_debug() is a macro whose arguments are conditionally
|
|
|
+ evaluated, it is usually an error to do this. One such bug was
|
|
|
+ 30628, in which SENDME cells were miscounted by a decrement
|
|
|
+ operator inside a log_debug() call. Closes ticket 30743.
|
|
|
+
|
|
|
+ o Minor features (onion service v3):
|
|
|
+ - Do not allow single hop clients to fetch or post an HS descriptor
|
|
|
+ from an HSDir. Closes ticket 24964.
|
|
|
+
|
|
|
+ o Minor features (onion service):
|
|
|
+ - Disallow single-hop clients at the introduction point. We've
|
|
|
+ removed Tor2web support a while back and single-hop rendezvous
|
|
|
+ attempts are blocked at the relays. This change should remove load
|
|
|
+ off the network from spammy clients. Close ticket 24963.
|
|
|
+
|
|
|
+ o Minor features (onion services v3):
|
|
|
+ - Assist users who try to setup v2 client authorization in v3 onion
|
|
|
+ services by pointing them to the right documentation. Closes
|
|
|
+ ticket 28966.
|
|
|
+
|
|
|
+ o Minor features (stem tests):
|
|
|
+ - Change "make test-stem" so it only runs the stem tests that use
|
|
|
+ tor. This change makes test-stem faster and more reliable. Closes
|
|
|
+ ticket 31554.
|
|
|
+
|
|
|
+ o Minor features (testing):
|
|
|
+ - When running tests that attempt to look up hostnames, replace the
|
|
|
+ libc name lookup functions with ones that do not actually touch
|
|
|
+ the network. This way, the tests complete more quickly in the
|
|
|
+ presence of a slow or missing DNS resolver. Closes ticket 31841.
|
|
|
+ - Add a script to invoke "tor --dump-config" and "tor
|
|
|
+ --verify-config" with various configuration options, and see
|
|
|
+ whether tor's resulting configuration or error messages are what
|
|
|
+ we expect. Use it for integration testing of our +Option and
|
|
|
+ /Option flags. Closes ticket 31637.
|
|
|
+ - Improve test coverage for our existing configuration parsing and
|
|
|
+ management API. Closes ticket 30893.
|
|
|
+ - Add integration tests to make sure that practracker gives the
|
|
|
+ outputs we expect. Closes ticket 31477.
|
|
|
+ - The practracker self-tests are now run as part of the Tor test
|
|
|
+ suite. Closes ticket 31304.
|
|
|
+
|
|
|
+ o Minor features (testing, continuous integration):
|
|
|
+ - Disable all but one Travis CI macOS build, to mitigate slow
|
|
|
+ scheduling of Travis macOS jobs. Closes ticket 32177.
|
|
|
+ - Run the chutney IPv6 networks as part of Travis CI. Closes
|
|
|
+ ticket 30860.
|
|
|
+ - Simplify the Travis CI build matrix, and optimise for build time.
|
|
|
+ Closes ticket 31859.
|
|
|
+ - Use Windows Server 2019 instead of Windows Server 2016 in our
|
|
|
+ Appveyor builds. Closes ticket 32086.
|
|
|
+
|
|
|
+ o Minor features (token bucket):
|
|
|
+ - Implement a generic token bucket that uses a single counter, for
|
|
|
+ use in anti-DoS onion service work. Closes ticket 30687.
|
|
|
+
|
|
|
+ o Minor bugfixes (Appveyor continuous integration):
|
|
|
+ - Avoid spurious errors when Appveyor CI fails before the install
|
|
|
+ step. Fixes bug 31884; bugfix on 0.3.4.2-alpha.
|
|
|
+
|
|
|
+ o Minor bugfixes (best practices tracker):
|
|
|
+ - Fix a few issues in the best-practices script, including tests,
|
|
|
+ tab tolerance, error reporting, and directory-exclusion logic.
|
|
|
+ Fixes bug 29746; bugfix on 0.4.1.1-alpha.
|
|
|
+ - When running check-best-practices, only consider files in the src
|
|
|
+ subdirectory. Previously we had recursively considered all
|
|
|
+ subdirectories, which made us get confused by the temporary
|
|
|
+ directories made by "make distcheck". Fixes bug 31578; bugfix
|
|
|
+ on 0.4.1.1-alpha.
|
|
|
+
|
|
|
+ o Minor bugfixes (build system):
|
|
|
+ - Interpret "--disable-module-dirauth=no" correctly. Fixes bug
|
|
|
+ 32124; bugfix on 0.3.4.1-alpha.
|
|
|
+ - Interpret "--with-tcmalloc=no" correctly. Fixes bug 32124; bugfix
|
|
|
+ on 0.2.0.20-rc.
|
|
|
+ - Stop failing when jemalloc is requested, but tcmalloc is not
|
|
|
+ found. Fixes bug 32124; bugfix on 0.3.5.1-alpha.
|
|
|
+ - When pkg-config is not installed, or a library that depends on
|
|
|
+ pkg-config is not found, tell the user what to do to fix the
|
|
|
+ problem. Fixes bug 31922; bugfix on 0.3.1.1-alpha.
|
|
|
+ - Do not include the deprecated <sys/sysctl.h> on Linux or Windows
|
|
|
+ systems. Fixes bug 31673; bugfix on 0.2.5.4-alpha.
|
|
|
+
|
|
|
+ o Minor bugfixes (chutney, makefiles, documentation):
|
|
|
+ - "make test-network-all" now shows the warnings from each test-
|
|
|
+ network.sh run on the console, so developers see new warnings
|
|
|
+ early. We've also improved the documentation for this feature, and
|
|
|
+ renamed a Makefile variable so the code is self-documenting. Fixes
|
|
|
+ bug 30455; bugfix on 0.3.0.4-rc.
|
|
|
+
|
|
|
+ o Minor bugfixes (client, onion service v3):
|
|
|
+ - Fix a BUG() assertion that occurs within a very small race window
|
|
|
+ between when a client intro circuit opens and when its descriptor
|
|
|
+ gets cleaned up from the cache. The circuit is now closed early,
|
|
|
+ which will trigger a re-fetch of the descriptor and continue the
|
|
|
+ connection. Fixes bug 28970; bugfix on 0.3.2.1-alpha.
|
|
|
+
|
|
|
+ o Minor bugfixes (code quality):
|
|
|
+ - Fix "make check-includes" so it runs correctly on out-of-tree
|
|
|
+ builds. Fixes bug 31335; bugfix on 0.3.5.1-alpha.
|
|
|
+
|
|
|
+ o Minor bugfixes (compilation):
|
|
|
+ - Add more stub functions to fix compilation on Android with link-
|
|
|
+ time optimization when --disable-module-dirauth is used.
|
|
|
+ Previously, these compilation settings would make the compiler
|
|
|
+ look for functions that didn't exist. Fixes bug 31552; bugfix
|
|
|
+ on 0.4.1.1-alpha.
|
|
|
+ - Suppress spurious float-conversion warnings from GCC when calling
|
|
|
+ floating-point classifier functions on FreeBSD. Fixes part of bug
|
|
|
+ 31687; bugfix on 0.3.1.5-alpha.
|
|
|
+
|
|
|
+ o Minor bugfixes (configuration):
|
|
|
+ - Invalid floating-point values in the configuration file are now
|
|
|
+ treated as errors in the configuration. Previously, they were
|
|
|
+ ignored and treated as zero. Fixes bug 31475; bugfix on 0.0.1.
|
|
|
+
|
|
|
+ o Minor bugfixes (connections):
|
|
|
+ - Avoid trying to read data from closed connections, which can cause
|
|
|
+ needless loops in Libevent and infinite loops in Shadow. Fixes bug
|
|
|
+ 30344; bugfix on 0.1.1.1-alpha.
|
|
|
+
|
|
|
+ o Minor bugfixes (controller protocol):
|
|
|
+ - Fix the MAPADDRESS controller command to accept one or more
|
|
|
+ arguments. Previously, it required two or more arguments, and
|
|
|
+ ignored the first. Fixes bug 31772; bugfix on 0.4.1.1-alpha.
|
|
|
+
|
|
|
+ o Minor bugfixes (coverity):
|
|
|
+ - Add an assertion when parsing a BEGIN cell so that coverity can be
|
|
|
+ sure that we are not about to dereference a NULL address. Fixes
|
|
|
+ bug 31026; bugfix on 0.2.4.7-alpha. This is CID 1447296.
|
|
|
+ - In our siphash implementation, when building for coverity, use
|
|
|
+ memcpy in place of a switch statement, so that coverity can tell
|
|
|
+ we are not accessing out-of-bounds memory. Fixes bug 31025; bugfix
|
|
|
+ on 0.2.8.1-alpha. This is tracked as CID 1447293 and 1447295.
|
|
|
+ - Fix several coverity warnings from our unit tests. Fixes bug
|
|
|
+ 31030; bugfix on 0.2.4.1-alpha, 0.3.2.1-alpha, and 0.4.0.1-alpha.
|
|
|
+
|
|
|
+ o Minor bugfixes (crash):
|
|
|
+ - When running Tor with an option like --verify-config or
|
|
|
+ --dump-config that does not start the event loop, avoid crashing
|
|
|
+ if we try to exit early because of an error. Fixes bug 32407;
|
|
|
+ bugfix on 0.3.3.1-alpha.
|
|
|
+
|
|
|
+ o Minor bugfixes (developer tooling):
|
|
|
+ - Only log git script changes in the post-merge script when the
|
|
|
+ merge was to the master branch. Fixes bug 31040; bugfix
|
|
|
+ on 0.4.1.1-alpha.
|
|
|
+
|
|
|
+ o Minor bugfixes (directory authorities):
|
|
|
+ - Return a distinct status when formatting annotations fails. Fixes
|
|
|
+ bug 30780; bugfix on 0.2.0.8-alpha.
|
|
|
+
|
|
|
+ o Minor bugfixes (error handling):
|
|
|
+ - Always lock the backtrace buffer before it is used. Fixes bug
|
|
|
+ 31734; bugfix on 0.2.5.3-alpha.
|
|
|
+ - On abort, try harder to flush the output buffers of log messages.
|
|
|
+ On some platforms (macOS), log messages could be discarded when
|
|
|
+ the process terminates. Fixes bug 31571; bugfix on 0.3.5.1-alpha.
|
|
|
+ - Report the tor version whenever an assertion fails. Previously, we
|
|
|
+ only reported the Tor version on some crashes, and some non-fatal
|
|
|
+ assertions. Fixes bug 31571; bugfix on 0.3.5.1-alpha.
|
|
|
+ - When tor aborts due to an error, close log file descriptors before
|
|
|
+ aborting. Closing the logs makes some OSes flush log file buffers,
|
|
|
+ rather than deleting buffered log lines. Fixes bug 31594; bugfix
|
|
|
+ on 0.2.5.2-alpha.
|
|
|
+
|
|
|
+ o Minor bugfixes (FreeBSD, PF-based proxy, IPv6):
|
|
|
+ - When extracting an IPv6 address from a PF-based proxy, verify that
|
|
|
+ we are actually configured to receive an IPv6 address, and log an
|
|
|
+ internal error if not. Fixes part of bug 31687; bugfix
|
|
|
+ on 0.2.3.4-alpha.
|
|
|
+
|
|
|
+ o Minor bugfixes (git hooks):
|
|
|
+ - Remove a duplicate call to practracker from the pre-push hook. The
|
|
|
+ pre-push hook already calls the pre-commit hook, which calls
|
|
|
+ practracker. Fixes bug 31462; bugfix on 0.4.1.1-alpha.
|
|
|
+
|
|
|
+ o Minor bugfixes (git scripts):
|
|
|
+ - Stop hard-coding the bash path in the git scripts. Some OSes don't
|
|
|
+ have bash in /usr/bin, others have an ancient bash at this path.
|
|
|
+ Fixes bug 30840; bugfix on 0.4.0.1-alpha.
|
|
|
+ - Stop hard-coding the tor master branch name and worktree path in
|
|
|
+ the git scripts. Fixes bug 30841; bugfix on 0.4.0.1-alpha.
|
|
|
+ - Allow git-push-all.sh to be run from any directory. Previously,
|
|
|
+ the script only worked if run from an upstream worktree directory.
|
|
|
+ Closes ticket 31678.
|
|
|
+
|
|
|
+ o Minor bugfixes (guards):
|
|
|
+ - When tor is missing descriptors for some primary entry guards,
|
|
|
+ make the log message less alarming. It's normal for descriptors to
|
|
|
+ expire, as long as tor fetches new ones soon after. Fixes bug
|
|
|
+ 31657; bugfix on 0.3.3.1-alpha.
|
|
|
+
|
|
|
+ o Minor bugfixes (ipv6):
|
|
|
+ - Check for private IPv6 addresses alongside their IPv4 equivalents
|
|
|
+ when authorities check descriptors. Previously, we only checked
|
|
|
+ for private IPv4 addresses. Fixes bug 31088; bugfix on
|
|
|
+ 0.2.3.21-rc. Patch by Neel Chauhan.
|
|
|
+ - When parsing microdescriptors, we should check the IPv6 exit
|
|
|
+ policy alongside IPv4. Previously, we checked both exit policies
|
|
|
+ for only router info structures, while microdescriptors were
|
|
|
+ IPv4-only. Fixes bug 27284; bugfix on 0.2.3.1-alpha. Patch by
|
|
|
+ Neel Chauhan.
|
|
|
+
|
|
|
+ o Minor bugfixes (logging):
|
|
|
+ - Add a missing check for HAVE_PTHREAD_H, because the backtrace code
|
|
|
+ uses mutexes. Fixes bug 31614; bugfix on 0.2.5.2-alpha.
|
|
|
+ - Disable backtrace signal handlers when shutting down tor. Fixes
|
|
|
+ bug 31614; bugfix on 0.2.5.2-alpha.
|
|
|
+ - Rate-limit our the logging message about the obsolete .exit
|
|
|
+ notation. Previously, there was no limit on this warning, which
|
|
|
+ could potentially be triggered many times by a hostile website.
|
|
|
+ Fixes bug 31466; bugfix on 0.2.2.1-alpha.
|
|
|
+ - When initialising log domain masks, only set known log domains.
|
|
|
+ Fixes bug 31854; bugfix on 0.2.1.1-alpha.
|
|
|
+ - Change log level of message "Hash of session info was not as
|
|
|
+ expected" to LOG_PROTOCOL_WARN. Fixes bug 12399; bugfix
|
|
|
+ on 0.1.1.10-alpha.
|
|
|
+ - Fix a code issue that would have broken our parsing of log domains
|
|
|
+ as soon as we had 33 of them. Fortunately, we still only have 29.
|
|
|
+ Fixes bug 31451; bugfix on 0.4.1.4-rc.
|
|
|
+
|
|
|
+ o Minor bugfixes (logging, protocol violations):
|
|
|
+ - Do not log a nonfatal assertion failure when receiving a VERSIONS
|
|
|
+ cell on a connection using the obsolete v1 link protocol. Log a
|
|
|
+ protocol_warn instead. Fixes bug 31107; bugfix on 0.2.4.4-alpha.
|
|
|
+
|
|
|
+ o Minor bugfixes (mainloop, periodic events, in-process API):
|
|
|
+ - Reset the periodic events' "enabled" flag when Tor is shut down
|
|
|
+ cleanly. Previously, this flag was left on, which caused periodic
|
|
|
+ events not to be re-enabled when Tor was relaunched in-process
|
|
|
+ with tor_api.h after a shutdown. Fixes bug 32058; bugfix
|
|
|
+ on 0.3.3.1-alpha.
|
|
|
+
|
|
|
+ o Minor bugfixes (memory management):
|
|
|
+ - Stop leaking a small amount of memory in nt_service_install(), in
|
|
|
+ unreachable code. Fixes bug 30799; bugfix on 0.2.0.7-alpha. Patch
|
|
|
+ by Xiaoyin Liu.
|
|
|
+
|
|
|
+ o Minor bugfixes (modules):
|
|
|
+ - Explain what the optional Directory Authority module is, and what
|
|
|
+ happens when it is disabled. Fixes bug 31825; bugfix
|
|
|
+ on 0.3.4.1-alpha.
|
|
|
+
|
|
|
+ o Minor bugfixes (multithreading):
|
|
|
+ - Avoid some undefined behaviour when freeing mutexes. Fixes bug
|
|
|
+ 31736; bugfix on 0.0.7.
|
|
|
+
|
|
|
+ o Minor bugfixes (networking, IP addresses):
|
|
|
+ - When parsing addresses via Tor's internal DNS lookup API, reject
|
|
|
+ IPv4 addresses in square brackets, and accept IPv6 addresses in
|
|
|
+ square brackets. This change completes the work started in 23082,
|
|
|
+ making address parsing consistent between tor's internal DNS
|
|
|
+ lookup and address parsing APIs. Fixes bug 30721; bugfix
|
|
|
+ on 0.2.1.5-alpha.
|
|
|
+ - When parsing addresses via Tor's internal address:port parsing and
|
|
|
+ DNS lookup APIs, require IPv6 addresses with ports to have square
|
|
|
+ brackets. But allow IPv6 addresses without ports, whether or not
|
|
|
+ they have square brackets. Fixes bug 30721; bugfix
|
|
|
+ on 0.2.1.5-alpha.
|
|
|
+
|
|
|
+ o Minor bugfixes (onion service v3):
|
|
|
+ - When purging the client descriptor cache, close any introduction
|
|
|
+ point circuits associated with purged cache entries. This avoids
|
|
|
+ picking those circuits later when connecting to the same
|
|
|
+ introduction points. Fixes bug 30921; bugfix on 0.3.2.1-alpha.
|
|
|
+
|
|
|
+ o Minor bugfixes (onion services):
|
|
|
+ - In the hs_ident_circuit_t data structure, remove the unused field
|
|
|
+ circuit_type and the respective argument in hs_ident_circuit_new().
|
|
|
+ This field was set by clients (for introduction) and services (for
|
|
|
+ introduction and rendezvous) but was never used afterwards. Fixes
|
|
|
+ bug 31490; bugfix on 0.3.2.1-alpha. Patch by Neel Chauhan.
|
|
|
+
|
|
|
+ o Minor bugfixes (operator tools):
|
|
|
+ - Make tor-print-ed-signing-cert(1) print certificate expiration
|
|
|
+ date in RFC 1123 and UNIX timestamp formats, to make output
|
|
|
+ machine readable. Fixes bug 31012; bugfix on 0.3.5.1-alpha.
|
|
|
+
|
|
|
+ o Minor bugfixes (process management):
|
|
|
+ - Remove overly strict assertions that triggered when a pluggable
|
|
|
+ transport failed to launch. Fixes bug 31091; bugfix
|
|
|
+ on 0.4.0.1-alpha.
|
|
|
+ - Remove an assertion in the Unix process backend. This assertion
|
|
|
+ would trigger when we failed to find the executable for a child
|
|
|
+ process. Fixes bug 31810; bugfix on 0.4.0.1-alpha.
|
|
|
+
|
|
|
+ o Minor bugfixes (relay):
|
|
|
+ - Avoid crashing when starting with a corrupt keys directory where
|
|
|
+ the old ntor key and the new ntor key are identical. Fixes bug
|
|
|
+ 30916; bugfix on 0.2.4.8-alpha.
|
|
|
+
|
|
|
+ o Minor bugfixes (rust):
|
|
|
+ - Correctly exclude a redundant rust build job in Travis. Fixes bug
|
|
|
+ 31463; bugfix on 0.3.5.4-alpha.
|
|
|
+ - Raise the minimum rustc version to 1.31.0, as checked by configure
|
|
|
+ and CI. Fixes bug 31442; bugfix on 0.3.5.4-alpha.
|
|
|
+
|
|
|
+ o Minor bugfixes (sendme, code structure):
|
|
|
+ - Rename the trunnel SENDME file definition from sendme.trunnel to
|
|
|
+ sendme_cell.trunnel to avoid having twice sendme.{c|h} in the
|
|
|
+ repository. Fixes bug 30769; bugfix on 0.4.1.1-alpha.
|
|
|
+
|
|
|
+ o Minor bugfixes (statistics):
|
|
|
+ - Stop removing the ed25519 signature if the extra info file is too
|
|
|
+ big. If the signature data was removed, but the keyword was kept,
|
|
|
+ this could result in an unparseable extra info file. Fixes bug
|
|
|
+ 30958; bugfix on 0.2.7.2-alpha.
|
|
|
+
|
|
|
+ o Minor bugfixes (subsystems):
|
|
|
+ - Make the subsystem init order match the subsystem module
|
|
|
+ dependencies. Call windows process security APIs as early as
|
|
|
+ possible. Initialize logging before network and time, so that
|
|
|
+ network and time can use logging. Fixes bug 31615; bugfix
|
|
|
+ on 0.4.0.1-alpha.
|
|
|
+
|
|
|
+ o Minor bugfixes (testing):
|
|
|
+ - Avoid intermittent test failures due to a test that had relied on
|
|
|
+ inconsistent timing sources. Fixes bug 31995; bugfix
|
|
|
+ on 0.3.1.3-alpha.
|
|
|
+ - When testing port rebinding, don't busy-wait for tor to log.
|
|
|
+ Instead, actually sleep for a short time before polling again.
|
|
|
+ Also improve the formatting of control commands and log messages.
|
|
|
+ Fixes bug 31837; bugfix on 0.3.5.1-alpha.
|
|
|
+ - Teach the util/socketpair_ersatz test to work correctly when we
|
|
|
+ have no network stack configured. Fixes bug 30804; bugfix
|
|
|
+ on 0.2.5.1-alpha.
|
|
|
+
|
|
|
+ o Minor bugfixes (tests, SunOS):
|
|
|
+ - Avoid a map_anon_nofork test failure due to a signed/unsigned
|
|
|
+ integer comparison. Fixes bug 31897; bugfix on 0.4.1.1-alpha.
|
|
|
+
|
|
|
+ o Minor bugfixes (tls, logging):
|
|
|
+ - Log bugs about the TLS read buffer's length only once, rather than
|
|
|
+ filling the logs with similar warnings. Fixes bug 31939; bugfix
|
|
|
+ on 0.3.0.4-rc.
|
|
|
+
|
|
|
+ o Minor bugfixes (v2 single onion services):
|
|
|
+ - Always retry v2 single onion service intro and rend circuits with
|
|
|
+ a 3-hop path. Previously, v2 single onion services used a 3-hop
|
|
|
+ path when rendezvous circuits were retried after a remote or
|
|
|
+ delayed failure, but a 1-hop path for immediate retries. Fixes bug
|
|
|
+ 23818; bugfix on 0.2.9.3-alpha.
|
|
|
+
|
|
|
+ o Minor bugfixes (v3 onion services):
|
|
|
+ - When cleaning up intro circuits for a v3 onion service, don't
|
|
|
+ remove circuits that have an established or pending circuit, even
|
|
|
+ if they ran out of retries. This way, we don't remove a circuit on
|
|
|
+ its last retry. Fixes bug 31652; bugfix on 0.3.2.1-alpha.
|
|
|
+
|
|
|
+ o Minor bugfixes (v3 single onion services):
|
|
|
+ - Always retry v3 single onion service intro and rend circuits with
|
|
|
+ a 3-hop path. Previously, v3 single onion services used a 3-hop
|
|
|
+ path when rend circuits were retried after a remote or delayed
|
|
|
+ failure, but a 1-hop path for immediate retries. Fixes bug 23818;
|
|
|
+ bugfix on 0.3.2.1-alpha.
|
|
|
+ - Make v3 single onion services fall back to a 3-hop intro, when all
|
|
|
+ intro points are unreachable via a 1-hop path. Previously, v3
|
|
|
+ single onion services failed when all intro nodes were unreachable
|
|
|
+ via a 1-hop path. Fixes bug 23507; bugfix on 0.3.2.1-alpha.
|
|
|
+
|
|
|
+ o Code simplification and refactoring:
|
|
|
+ - Refactor connection_control_process_inbuf() to reduce the size of
|
|
|
+ a practracker exception. Closes ticket 31840.
|
|
|
+ - Refactor the microdescs_parse_from_string() function into smaller
|
|
|
+ pieces, for better comprehensibility. Closes ticket 31675.
|
|
|
+ - Use SEVERITY_MASK_IDX() to find the LOG_* mask indexes in the unit
|
|
|
+ tests and fuzzers, rather than using hard-coded values. Closes
|
|
|
+ ticket 31334.
|
|
|
+ - Interface for function `decrypt_desc_layer` cleaned up. Closes
|
|
|
+ ticket 31589.
|
|
|
+
|
|
|
+ o Documentation:
|
|
|
+ - Correct the description of "GuardLifetime". Fixes bug 31189;
|
|
|
+ bugfix on 0.3.0.1-alpha.
|
|
|
+ - Make clear in the man page, in both the bandwidth section and the
|
|
|
+ AccountingMax section, that Tor counts in powers of two, not
|
|
|
+ powers of ten: 1 GByte is 1024*1024*1024 bytes, not one billion
|
|
|
+ bytes. Resolves ticket 32106.
|
|
|
+ - Document the signal-safe logging behaviour in the tor man page.
|
|
|
+ Also add some comments to the relevant functions. Closes
|
|
|
+ ticket 31839.
|
|
|
+ - Explain why we can't destroy the backtrace buffer mutex. Explain
|
|
|
+ why we don't need to destroy the log mutex. Closes ticket 31736.
|
|
|
+ - The Tor source code repository now includes a (somewhat dated)
|
|
|
+ description of Tor's modular architecture, in doc/HACKING/design.
|
|
|
+ This is based on the old "tor-guts.git" repository, which we are
|
|
|
+ adopting and superseding. Closes ticket 31849.
|
|
|
+ - Improve documentation in circuit padding subsystem. Patch by
|
|
|
+ Tobias Pulls. Closes ticket 31113.
|
|
|
+ - Include an example usage for IPv6 ORPort in our sample torrc.
|
|
|
+ Closes ticket 31320; patch from Ali Raheem.
|
|
|
+ - Use RFC 2397 data URL scheme to embed an image into tor-exit-
|
|
|
+ notice.html so that operators no longer have to host it
|
|
|
+ themselves. Closes ticket 31089.
|
|
|
+
|
|
|
+ o Removed features:
|
|
|
+ - No longer include recommended package digests in votes as detailed
|
|
|
+ in proposal 301. The RecommendedPackages torrc option is
|
|
|
+ deprecated and will no longer have any effect. "package" lines
|
|
|
+ will still be considered when computing consensuses for consensus
|
|
|
+ methods that include them. (This change has no effect on the list
|
|
|
+ of recommended Tor versions, which is still in use.) Closes
|
|
|
+ ticket 29738.
|
|
|
+ - Remove torctl.in from contrib/dist directory. Resolves
|
|
|
+ ticket 30550.
|
|
|
+
|
|
|
+ o Testing:
|
|
|
+ - Require C99 standards-conforming code in Travis CI, but allow GNU
|
|
|
+ gcc extensions. Also activates clang's -Wtypedef-redefinition
|
|
|
+ warnings. Build some jobs with -std=gnu99, and some jobs without.
|
|
|
+ Closes ticket 32500.
|
|
|
+ - Run shellcheck for all non-third-party shell scripts that are
|
|
|
+ shipped with Tor. Closes ticket 29533.
|
|
|
+ - When checking shell scripts, ignore any user-created directories.
|
|
|
+ Closes ticket 30967.
|
|
|
+
|
|
|
+ o Code simplification and refactoring (config handling):
|
|
|
+ - Extract our variable manipulation code from confparse.c to a new
|
|
|
+ lower-level typedvar.h module. Closes ticket 30864.
|
|
|
+ - Lower another layer of object management from confparse.c to a
|
|
|
+ more general tool. Now typed structure members are accessible via
|
|
|
+ an abstract type. Implements ticket 30914.
|
|
|
+ - Move our backend logic for working with configuration and state
|
|
|
+ files into a lower-level library, since it no longer depends on
|
|
|
+ any tor-specific functionality. Closes ticket 31626.
|
|
|
+ - Numerous simplifications in configuration-handling logic: remove
|
|
|
+ duplicated macro definitions, replace magical names with flags,
|
|
|
+ and refactor "TestingTorNetwork" to use the same default-option
|
|
|
+ logic as the rest of Tor. Closes ticket 30935.
|
|
|
+ - Replace our ad-hoc set of flags for configuration variables and
|
|
|
+ configuration variable types with fine-grained orthogonal flags
|
|
|
+ corresponding to the actual behavior we want. Closes ticket 31625.
|
|
|
+
|
|
|
+ o Code simplification and refactoring (misc):
|
|
|
+ - Eliminate some uses of lower-level control reply abstractions,
|
|
|
+ primarily in the onion_helper functions. Closes ticket 30889.
|
|
|
+ - Rework bootstrap tracking to use the new publish-subscribe
|
|
|
+ subsystem. Closes ticket 29976.
|
|
|
+ - Rewrite format_node_description() and router_get_verbose_nickname()
|
|
|
+ to use strlcpy() and strlcat(). The previous implementation used
|
|
|
+ memcpy() and pointer arithmetic, which was error-prone. Closes
|
|
|
+ ticket 31545. This is CID 1452819.
|
|
|
+ - Split extrainfo_dump_to_string() into smaller functions. Closes
|
|
|
+ ticket 30956.
|
|
|
+ - Use the ptrdiff_t type consistently for expressing variable
|
|
|
+ offsets and pointer differences. Previously we incorrectly (but
|
|
|
+ harmlessly) used int and sometimes off_t for these cases. Closes
|
|
|
+ ticket 31532.
|
|
|
+ - Use the subsystems mechanism to manage the main event loop code.
|
|
|
+ Closes ticket 30806.
|
|
|
+ - Various simplifications and minor improvements to the circuit
|
|
|
+ padding machines. Patch by Tobias Pulls. Closes tickets 31112
|
|
|
+ and 31098.
|
|
|
+
|
|
|
+ o Documentation (hard-coded directories):
|
|
|
+ - Improve the documentation for the DirAuthority and FallbackDir
|
|
|
+ torrc options. Closes ticket 30955.
|
|
|
+
|
|
|
+ o Documentation (tor.1 man page):
|
|
|
+ - Fix typo in tor.1 man page: the option is "--help", not "-help".
|
|
|
+ Fixes bug 31008; bugfix on 0.2.2.9-alpha.
|
|
|
+
|
|
|
+ o Testing (continuous integration):
|
|
|
+ - Use Ubuntu Bionic images for our Travis CI builds, so we can get a
|
|
|
+ recent version of coccinelle. But leave chutney on Ubuntu Trusty,
|
|
|
+ until we can fix some Bionic permissions issues (see ticket
|
|
|
+ 32240). Related to ticket 31919.
|
|
|
+ - Install the mingw OpenSSL package in Appveyor. This makes sure
|
|
|
+ that the OpenSSL headers and libraries match in Tor's Appveyor
|
|
|
+ builds. (This bug was triggered by an Appveyor image update.)
|
|
|
+ Fixes bug 32449; bugfix on 0.3.5.6-rc.
|
|
|
+ - In Travis, use Xcode 11.2 on macOS 10.14. Closes ticket 32241.
|
|
|
+
|
|
|
+
|
|
|
Changes in version 0.4.1.6 - 2019-09-19
|
|
|
This release backports several bugfixes to improve stability and
|
|
|
correctness. Anyone experiencing build problems or crashes with 0.4.1.5,
|