diff options
author | Tor CI Release <no-email@torproject.org> | 2022-11-10 14:41:43 +0000 |
---|---|---|
committer | David Goulet <dgoulet@torproject.org> | 2022-11-10 09:51:06 -0500 |
commit | f5e5ae73006386fe727154e6bd719358825b173d (patch) | |
tree | 9baeeef17d319264c56488f67b685fe4b0c3bac1 | |
parent | 776c3adeb472a7068c573853040b8abdc4ac0ac5 (diff) | |
download | tor-f5e5ae73006386fe727154e6bd719358825b173d.tar.gz tor-f5e5ae73006386fe727154e6bd719358825b173d.zip |
release: ChangeLog and ReleaseNotes for 0.4.7.11
-rw-r--r-- | ChangeLog | 124 | ||||
-rw-r--r-- | ReleaseNotes | 124 | ||||
-rw-r--r-- | changes/bug40673 | 7 | ||||
-rw-r--r-- | changes/bug40684 | 6 | ||||
-rw-r--r-- | changes/bug40698 | 11 | ||||
-rw-r--r-- | changes/fallbackdirs-2022-11-10 | 2 | ||||
-rw-r--r-- | changes/geoip-2022-08-12 | 5 | ||||
-rw-r--r-- | changes/geoip-2022-11-10 | 3 | ||||
-rw-r--r-- | changes/ticket40194 | 9 | ||||
-rw-r--r-- | changes/ticket40648 | 3 | ||||
-rw-r--r-- | changes/ticket40663 | 3 | ||||
-rw-r--r-- | changes/ticket40674 | 3 | ||||
-rw-r--r-- | changes/ticket40680 | 6 | ||||
-rw-r--r-- | changes/ticket40683 | 6 | ||||
-rw-r--r-- | changes/ticket40687 | 2 | ||||
-rw-r--r-- | changes/ticket40688 | 3 | ||||
-rw-r--r-- | changes/ticket40692 | 3 | ||||
-rw-r--r-- | changes/ticket40694 | 5 | ||||
-rw-r--r-- | changes/ticket40696 | 3 | ||||
-rw-r--r-- | changes/ticket40703 | 4 | ||||
-rw-r--r-- | changes/ticket40704 | 6 | ||||
-rw-r--r-- | changes/ticket40708 | 3 |
22 files changed, 248 insertions, 93 deletions
@@ -1,3 +1,127 @@ +Changes in version 0.4.7.11 - 2022-11-10 + This version contains several major fixes aimed at helping defend against + network denial of service. It is also extending drastically the MetricsPort + for relays to help us gather more internal data to investigate performance + and attacks. + + We strongly recommend to upgrade to this version especially for Exit relays + in order to help the network defend against this ongoing DDoS. + + o Directory authority changes (dizum, Faravahar): + - Change dizum IP address. Closes ticket 40687. + - Remove Faravahar until its operator, Sina, set it back up online + outside of Team Cymru network. Closes ticket 40688. + + o Major bugfixes (geoip data): + - IPFire informed us on August 12th that databases generated after + (including) August 10th did not have proper ARIN network + allocations. We are updating the database to use the one generated + on August 9th, 2022. Fixes bug 40658; bugfix on 0.4.5.13. + + o Major bugfixes (onion service): + - Set a much higher circuit build timeout for opened client rendezvous + circuit. Before this, tor would time them out very quickly leading to + unnecessary retries meaning more load on the network. Fixes bug 40694; + bugfix on 0.3.5.1-alpha. + + o Major bugfixes (OSX): + - Fix coarse-time computation on Apple platforms (like Mac M1) where + the Mach absolute time ticks do not correspond directly to + nanoseconds. Previously, we computed our shift value wrong, which + led us to give incorrect timing results. Fixes bug 40684; bugfix + on 0.3.3.1-alpha. + + o Major bugfixes (relay): + - Improve security of our DNS cache by randomly clipping the TTL + value. TROVE-2021-009. Fixes bug 40674; bugfix on 0.3.5.1-alpha. + + o Minor feature (Mac and iOS build): + - Change how combine_libs works on Darwin like platforms to make + sure we don't include any `__.SYMDEF` and `__.SYMDEF SORTED` + symbols on the archive before we repack and run ${RANLIB} on the + archive. This fixes a build issue with recent Xcode versions on + Mac Silicon and iOS. Closes ticket 40683. + + o Minor feature (metrics): + - Add various congestion control counters to the MetricsPort. Closes + ticket 40708. + + o Minor feature (performance): + - Bump the maximum amount of CPU that can be used from 16 to 128. Note + that NumCPUs torrc option overrides this hardcoded maximum. Fixes bug + 40703; bugfix on 0.3.5.1-alpha. + + o Minor feature (relay): + - Make an hardcoded value for the maximum of per CPU tasks into a + consensus parameter. + - Two new consensus parameters are added to control the wait time in + queue of the onionskins. One of them is the torrc + MaxOnionQueueDelay options which supersedes the consensus + parameter. Closes ticket 40704. + + o Minor feature (relay, DoS): + - Apply circuit creation anti-DoS defenses if the outbound circuit + max cell queue size is reached too many times. This introduces two + new consensus parameters to control the queue size limit and + number of times allowed to go over that limit. Closes ticket 40680. + + o Minor feature (relay, metrics): + - Add DoS defenses counter to MetricsPort. + - Add congestion control RTT reset counter to MetricsPort. + - Add counters to the MetricsPort how many connections, per type, + are currently opened and how many were created. + - Add relay flags from the consensus to the MetricsPort. + - Add total number of opened circuits to MetricsPort. + - Add total number of streams seen by an Exit to the MetricsPort. + - Add traffic stats as in number of read/written bytes in total. + - Related to ticket 40194. + + o Minor features (fallbackdir): + - Regenerate fallback directories generated on November 10, 2022. + + o Minor features (geoip data): + - Update the geoip files to match the IPFire Location Database, as + retrieved on 2022/11/10. + + o Minor bugfixes (authorities, sandbox): + - Allow to write file my-consensus-<flavor-name> to disk when + sandbox is activated. Fixes bug 40663; bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (dirauth): + - Directory authorities stop voting a consensus "Measured" weight + for relays with the Authority flag. Now these relays will be + considered unmeasured, which should reserve their bandwidth for + their dir auth role and minimize distractions from other roles. In + place of the "Measured" weight, they now include a + "MeasuredButAuthority" weight (not used by anything) so the + bandwidth authority's opinion on this relay can be recorded for + posterity. Lastly, remove the AuthDirDontVoteOnDirAuthBandwidth + torrc option which never worked right. Fixes bugs 40698 and 40700; + bugfix on 0.4.7.2-alpha. + + o Minor bugfixes (onion service client): + - A collapsing onion service circuit should be seen as an + "unreachable" error so it can be retried. Fixes bug 40692; bugfix + on 0.3.5.1-alpha. + + o Minor bugfixes (onion service): + - Make the service retry a rendezvous if the circuit is being + repurposed for measurements. Fixes bug 40696; bugfix + on 0.3.5.1-alpha. + + o Minor bugfixes (relay overload statistics): + - Count total create cells vs dropped create cells properly, when + assessing if our fraction of dropped cells is too high. We only + count non-client circuits in the denominator, but we would include + client circuits in the numerator, leading to surprising log lines + claiming that we had dropped more than 100% of incoming create + cells. Fixes bug 40673; bugfix on 0.4.7.1-alpha. + + o Code simplification and refactoring (bridges): + - Remove unused code related to ExtPort connection ID. Fixes bug + 40648; bugfix on 0.3.5.1-alpha. + + Changes in version 0.4.7.10 - 2022-08-12 This version updates the geoip cache that we generate from IPFire location database to use the August 9th, 2022 one. Everyone MUST update to this diff --git a/ReleaseNotes b/ReleaseNotes index 510daf1384..2f43a8b876 100644 --- a/ReleaseNotes +++ b/ReleaseNotes @@ -2,6 +2,130 @@ This document summarizes new features and bugfixes in each stable release of Tor. If you want to see more detailed descriptions of the changes in each development snapshot, see the ChangeLog file. +Changes in version 0.4.7.11 - 2022-11-10 + This version contains several major fixes aimed at helping defend against + network denial of service. It is also extending drastically the MetricsPort + for relays to help us gather more internal data to investigate performance + and attacks. + + We strongly recommend to upgrade to this version especially for Exit relays + in order to help the network defend against this ongoing DDoS. + + o Directory authority changes (dizum, Faravahar): + - Change dizum IP address. Closes ticket 40687. + - Remove Faravahar until its operator, Sina, set it back up online + outside of Team Cymru network. Closes ticket 40688. + + o Major bugfixes (geoip data): + - IPFire informed us on August 12th that databases generated after + (including) August 10th did not have proper ARIN network + allocations. We are updating the database to use the one generated + on August 9th, 2022. Fixes bug 40658; bugfix on 0.4.5.13. + + o Major bugfixes (onion service): + - Set a much higher circuit build timeout for opened client rendezvous + circuit. Before this, tor would time them out very quickly leading to + unnecessary retries meaning more load on the network. Fixes bug 40694; + bugfix on 0.3.5.1-alpha. + + o Major bugfixes (OSX): + - Fix coarse-time computation on Apple platforms (like Mac M1) where + the Mach absolute time ticks do not correspond directly to + nanoseconds. Previously, we computed our shift value wrong, which + led us to give incorrect timing results. Fixes bug 40684; bugfix + on 0.3.3.1-alpha. + + o Major bugfixes (relay): + - Improve security of our DNS cache by randomly clipping the TTL + value. TROVE-2021-009. Fixes bug 40674; bugfix on 0.3.5.1-alpha. + + o Minor feature (Mac and iOS build): + - Change how combine_libs works on Darwin like platforms to make + sure we don't include any `__.SYMDEF` and `__.SYMDEF SORTED` + symbols on the archive before we repack and run ${RANLIB} on the + archive. This fixes a build issue with recent Xcode versions on + Mac Silicon and iOS. Closes ticket 40683. + + o Minor feature (metrics): + - Add various congestion control counters to the MetricsPort. Closes + ticket 40708. + + o Minor feature (performance): + - Bump the maximum amount of CPU that can be used from 16 to 128. Note + that NumCPUs torrc option overrides this hardcoded maximum. Fixes bug + 40703; bugfix on 0.3.5.1-alpha. + + o Minor feature (relay): + - Make an hardcoded value for the maximum of per CPU tasks into a + consensus parameter. + - Two new consensus parameters are added to control the wait time in + queue of the onionskins. One of them is the torrc + MaxOnionQueueDelay options which supersedes the consensus + parameter. Closes ticket 40704. + + o Minor feature (relay, DoS): + - Apply circuit creation anti-DoS defenses if the outbound circuit + max cell queue size is reached too many times. This introduces two + new consensus parameters to control the queue size limit and + number of times allowed to go over that limit. Closes ticket 40680. + + o Minor feature (relay, metrics): + - Add DoS defenses counter to MetricsPort. + - Add congestion control RTT reset counter to MetricsPort. + - Add counters to the MetricsPort how many connections, per type, + are currently opened and how many were created. + - Add relay flags from the consensus to the MetricsPort. + - Add total number of opened circuits to MetricsPort. + - Add total number of streams seen by an Exit to the MetricsPort. + - Add traffic stats as in number of read/written bytes in total. + - Related to ticket 40194. + + o Minor features (fallbackdir): + - Regenerate fallback directories generated on November 10, 2022. + + o Minor features (geoip data): + - Update the geoip files to match the IPFire Location Database, as + retrieved on 2022/11/10. + + o Minor bugfixes (authorities, sandbox): + - Allow to write file my-consensus-<flavor-name> to disk when + sandbox is activated. Fixes bug 40663; bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (dirauth): + - Directory authorities stop voting a consensus "Measured" weight + for relays with the Authority flag. Now these relays will be + considered unmeasured, which should reserve their bandwidth for + their dir auth role and minimize distractions from other roles. In + place of the "Measured" weight, they now include a + "MeasuredButAuthority" weight (not used by anything) so the + bandwidth authority's opinion on this relay can be recorded for + posterity. Lastly, remove the AuthDirDontVoteOnDirAuthBandwidth + torrc option which never worked right. Fixes bugs 40698 and 40700; + bugfix on 0.4.7.2-alpha. + + o Minor bugfixes (onion service client): + - A collapsing onion service circuit should be seen as an + "unreachable" error so it can be retried. Fixes bug 40692; bugfix + on 0.3.5.1-alpha. + + o Minor bugfixes (onion service): + - Make the service retry a rendezvous if the circuit is being + repurposed for measurements. Fixes bug 40696; bugfix + on 0.3.5.1-alpha. + + o Minor bugfixes (relay overload statistics): + - Count total create cells vs dropped create cells properly, when + assessing if our fraction of dropped cells is too high. We only + count non-client circuits in the denominator, but we would include + client circuits in the numerator, leading to surprising log lines + claiming that we had dropped more than 100% of incoming create + cells. Fixes bug 40673; bugfix on 0.4.7.1-alpha. + + o Code simplification and refactoring (bridges): + - Remove unused code related to ExtPort connection ID. Fixes bug + 40648; bugfix on 0.3.5.1-alpha. + + Changes in version 0.4.7.10 - 2022-08-12 This version updates the geoip cache that we generate from IPFire location database to use the August 9th, 2022 one. Everyone MUST update to this diff --git a/changes/bug40673 b/changes/bug40673 deleted file mode 100644 index 1bbf42649b..0000000000 --- a/changes/bug40673 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes (relay overload statistics): - - Count total create cells vs dropped create cells properly, when - assessing if our fraction of dropped cells is too high. We only - count non-client circuits in the denominator, but we would include - client circuits in the numerator, leading to surprising log lines - claiming that we had dropped more than 100% of incoming create - cells. Fixes bug 40673; bugfix on 0.4.7.1-alpha. diff --git a/changes/bug40684 b/changes/bug40684 deleted file mode 100644 index 8c751ede2c..0000000000 --- a/changes/bug40684 +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfixes (OSX): - - Fix coarse-time computation on Apple platforms (like Mac M1) where - the Mach absolute time ticks do not correspond directly to - nanoseconds. Previously, we computed our shift value wrong, which - led us to give incorrect timing results. - Fixes bug 40684; bugfix on 0.3.3.1-alpha. diff --git a/changes/bug40698 b/changes/bug40698 deleted file mode 100644 index 98ddd4f968..0000000000 --- a/changes/bug40698 +++ /dev/null @@ -1,11 +0,0 @@ - o Minor bugfixes (dirauth): - - Directory authorities stop voting a consensus "Measured" weight - for relays with the Authority flag. Now these relays will be - considered unmeasured, which should reserve their bandwidth - for their dir auth role and minimize distractions from other - roles. In place of the "Measured" weight, they now include a - "MeasuredButAuthority" weight (not used by anything) so the - bandwidth authority's opinion on this relay can be recorded for - posterity. Lastly, remove the AuthDirDontVoteOnDirAuthBandwidth - torrc option which never worked right. Fixes bugs 40698 and 40700; - bugfix on 0.4.7.2-alpha. diff --git a/changes/fallbackdirs-2022-11-10 b/changes/fallbackdirs-2022-11-10 deleted file mode 100644 index 64df9c5f10..0000000000 --- a/changes/fallbackdirs-2022-11-10 +++ /dev/null @@ -1,2 +0,0 @@ - o Minor features (fallbackdir): - - Regenerate fallback directories generated on November 10, 2022. diff --git a/changes/geoip-2022-08-12 b/changes/geoip-2022-08-12 deleted file mode 100644 index e8f282db01..0000000000 --- a/changes/geoip-2022-08-12 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes (geoip data): - - IPFire informed us on August 12th that databases generated after - (including) August 10th did not have proper ARIN network allocations. We - are updating the database to use the one generated on August 9th, 2022. - Fixes bug 40658; bugfix on 0.4.5.13. diff --git a/changes/geoip-2022-11-10 b/changes/geoip-2022-11-10 deleted file mode 100644 index dce05f50c4..0000000000 --- a/changes/geoip-2022-11-10 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (geoip data): - - Update the geoip files to match the IPFire Location Database, - as retrieved on 2022/11/10. diff --git a/changes/ticket40194 b/changes/ticket40194 deleted file mode 100644 index 9f3a4833cf..0000000000 --- a/changes/ticket40194 +++ /dev/null @@ -1,9 +0,0 @@ - o Minor feature (relay, metrics): - - Add counters to the MetricsPort how many connections, per type, are - currently opened and how many were created. Part of ticket 40194. - - Add total number of streams seen by an Exit to the MetricsPort. - - Add congestion control RTT reset counter to MetricsPort. - - Add DoS defenses counter to MetricsPort. - - Add relay flags from the consensus to the MetricsPort. - - Add total number of opened circuits to MetricsPort. - - Add traffic stats as in number of read/written bytes in total. diff --git a/changes/ticket40648 b/changes/ticket40648 deleted file mode 100644 index a891e30204..0000000000 --- a/changes/ticket40648 +++ /dev/null @@ -1,3 +0,0 @@ - o Code simplification and refactoring (bridges): - - Remove unused code related to ExtPort connection ID. Fixes bug 40648; - bugfix on 0.3.5.1-alpha. diff --git a/changes/ticket40663 b/changes/ticket40663 deleted file mode 100644 index 3992d8e2b5..0000000000 --- a/changes/ticket40663 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (authorities, sandbox): - - Allow to write file my-consensus-<flavor-name> to disk when sandbox is - activated. Fixes bug 40663; bugfix on 0.3.5.1-alpha. diff --git a/changes/ticket40674 b/changes/ticket40674 deleted file mode 100644 index b371cafcf0..0000000000 --- a/changes/ticket40674 +++ /dev/null @@ -1,3 +0,0 @@ - o Major bugfixes (relay): - - Improve security of our DNS cache by randomly clipping the TTL value. - TROVE-2021-009. Fixes bug 40674; bugfix on 0.3.5.1-alpha. diff --git a/changes/ticket40680 b/changes/ticket40680 deleted file mode 100644 index 1383844969..0000000000 --- a/changes/ticket40680 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor feature (relay, DoS): - - Apply circuit creation anti-DoS defenses if the outbound circuit max cell - queue size is reached too many times. This introduces two new consensus - parameters to control the queue size limit and number of times allowed to - go over that limit. Close ticket 40680. - diff --git a/changes/ticket40683 b/changes/ticket40683 deleted file mode 100644 index 6df078ebae..0000000000 --- a/changes/ticket40683 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor feature (Mac and iOS build): - - Change how combine_libs works on Darwin like platforms to - make sure we don't include any `__.SYMDEF` and `__.SYMDEF SORTED` - symbols on the archive before we repack and run ${RANLIB} on the - archive. This fixes a build issue with recent Xcode versions on - Mac Silicon and iOS. Closes ticket 40683. diff --git a/changes/ticket40687 b/changes/ticket40687 deleted file mode 100644 index e96119cf49..0000000000 --- a/changes/ticket40687 +++ /dev/null @@ -1,2 +0,0 @@ - o Directory authority changes (dizum): - - Change dizum IP address. Closes ticket 40687. diff --git a/changes/ticket40688 b/changes/ticket40688 deleted file mode 100644 index 79350cb836..0000000000 --- a/changes/ticket40688 +++ /dev/null @@ -1,3 +0,0 @@ - o Directory authority changes (Faravahar): - - Remove Faravahar until its operator, Sina, set it back up online outside - of Team Cymru network. Closes ticket 40688. diff --git a/changes/ticket40692 b/changes/ticket40692 deleted file mode 100644 index 8405486115..0000000000 --- a/changes/ticket40692 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (onion service client): - - A collapsing onion service circuit should be seen as an "unreachable" - error so it can be retried. Fixes bug 40692; bugfix on 0.3.5.1-alpha. diff --git a/changes/ticket40694 b/changes/ticket40694 deleted file mode 100644 index f17639cc27..0000000000 --- a/changes/ticket40694 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes (onion service): - - Set a much higher circuit build timeout for opened client rendezvous - circuit. Before this, tor would time them out very quickly leading to many - unnecessary retries and thus more load on the network. Fixes bug 40694; - bugfix on 0.3.5.1-alpha. diff --git a/changes/ticket40696 b/changes/ticket40696 deleted file mode 100644 index a2c09f6a83..0000000000 --- a/changes/ticket40696 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (onion service): - - Make the service retry a rendezvous if the circuit is being repurposed for - measurements. Fixes bug 40696; bugfix on 0.3.5.1-alpha. diff --git a/changes/ticket40703 b/changes/ticket40703 deleted file mode 100644 index f005f8f851..0000000000 --- a/changes/ticket40703 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor feature (performance): - - Bump the maximum amount of CPU to use from 16 to 128. Note that NumCPUs - torrc option overrides this hardcoded maximum. Fixes bug 40703; bugfix on - 0.3.5.1-alpha. diff --git a/changes/ticket40704 b/changes/ticket40704 deleted file mode 100644 index b1a83488da..0000000000 --- a/changes/ticket40704 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor feature (relay): - - Two new consensus parameters are added to control the wait time in queue - of the onionskins. One of them is the torrc MaxOnionQueueDelay options - which supersedes the consensus parameter. Closes ticket 40704. - - Change a hardcoded value for the maximum of per CPU tasks into a - consensus parameter. diff --git a/changes/ticket40708 b/changes/ticket40708 deleted file mode 100644 index 1c4a044a0b..0000000000 --- a/changes/ticket40708 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor feature (metrics): - - Add various congestion control counters to the MetricsPort. Closes ticket - 40708. |