diff options
| -rw-r--r-- | ChangeLog | 170 | ||||
| -rw-r--r-- | changes/40241 | 4 | ||||
| -rw-r--r-- | changes/bug30187 | 5 | ||||
| -rw-r--r-- | changes/bug32880 | 5 | ||||
| -rw-r--r-- | changes/bug40015 | 4 | ||||
| -rw-r--r-- | changes/bug40017 | 5 | ||||
| -rw-r--r-- | changes/bug40172 | 3 | ||||
| -rw-r--r-- | changes/bug40177 | 3 | ||||
| -rw-r--r-- | changes/bug40179_part1 | 4 | ||||
| -rw-r--r-- | changes/bug40179_part2 | 4 | ||||
| -rw-r--r-- | changes/bug40187 | 5 | ||||
| -rw-r--r-- | changes/bug40190 | 4 | ||||
| -rw-r--r-- | changes/bug40210 | 5 | ||||
| -rw-r--r-- | changes/ticket18888 | 3 | ||||
| -rw-r--r-- | changes/ticket22473 | 3 | ||||
| -rw-r--r-- | changes/ticket25528 | 6 | ||||
| -rw-r--r-- | changes/ticket32178 | 3 | ||||
| -rw-r--r-- | changes/ticket40071 | 7 | ||||
| -rw-r--r-- | changes/ticket40111 | 7 | ||||
| -rw-r--r-- | changes/ticket40142 | 3 | ||||
| -rw-r--r-- | changes/ticket40165 | 5 | ||||
| -rw-r--r-- | changes/ticket40170 | 3 | ||||
| -rw-r--r-- | changes/ticket40174 | 4 | ||||
| -rw-r--r-- | changes/ticket40183 | 4 | ||||
| -rw-r--r-- | changes/ticket40188 | 4 | ||||
| -rw-r--r-- | changes/ticket40195 | 5 | ||||
| -rw-r--r-- | changes/ticket40201 | 3 | ||||
| -rw-r--r-- | changes/ticket40205 | 5 | ||||
| -rw-r--r-- | changes/ticket40226 | 5 | ||||
| -rw-r--r-- | changes/ticket40237 | 5 |
30 files changed, 170 insertions, 126 deletions
@@ -1,3 +1,173 @@ +Changes in version 0.4.5.3-rc - 2021-01-12 + Tor 0.4.5.3-rc is the first release candidate in its series. It fixes + several bugs, including one that broke onion services on certain older + ARM CPUs. + + Though we anticipate that we'll be doing a bit more clean-up between + now and the stable release, we expect that our remaining changes will + be fairly simple. There will be at least one more release candidate + before 0.4.5.x is stable. + + o Major bugfixes (onion service v3): + - Stop requiring a live consensus for v3 clients and services, and + allow a "reasonably live" consensus instead. This allows v3 onion + services to work even if the authorities fail to generate a + consensus for more than 2 hours in a row. Fixes bug 40237; bugfix + on 0.3.5.1-alpha. + + o Minor features (crypto): + - Fix undefined behavior on our Keccak library. The bug only + appeared on platforms with 32-byte CPU cache lines (e.g. armv5tel) + and would result in wrong digests. Fixes bug 40210; bugfix on + 0.2.8.1-alpha. Thanks to Bernhard Übelacker, Arnd Bergmann and + weasel for diagnosing this. + + o Minor features (documentation): + - Mention the "!badexit" directive that can appear in an authority's + approved-routers file, and update the description of the + "!invalid" directive. Closes ticket 40188. + + o Minor bugfixes (compilation): + - Fix a compilation warning about unreachable fallthrough + annotations when building with "--enable-all-bugs-are-fatal" on + some compilers. Fixes bug 40241; bugfix on 0.3.5.4-alpha. + - Fix the "--enable-static-tor" switch to properly set the "-static" + compile option onto the tor binary only. Fixes bug 40111; bugfix + on 0.2.3.1-alpha. + + o Minor bugfixes (config, bridge): + - Really fix the case where torrc has a missing ClientTransportPlugin + but is configured with a Bridge line and UseBridges. Previously, + we didn't look at the managed proxy list and thus would fail for + the "exec" case. Fixes bug 40106; bugfix on 0.4.5.1-alpha. + + o Minor bugfixes (logging, relay): + - Log our address as reported by the directory authorities, if none + was configured or detected before. Fixes bug 40201; bugfix + on 0.4.5.1-alpha. + - When a launching bandwidth testing circuit, don't incorrectly call + it a reachability test, or trigger a "CHECKING_REACHABILITY" + control event. Fixes bug 40205; bugfix on 0.4.5.1-alpha. + + o Minor bugfixes (relay, statistics): + - Report the correct connection statistics in our extrainfo + documents. Previously there was a problem in the file loading + function which would wrongly truncate a state file, causing the + wrong information to be reported. Fixes bug 40226; bugfix + on 0.4.5.1-alpha. + + o Minor bugfixes (SOCKS5): + - Handle partial SOCKS5 messages correctly. Previously, our code + would send an incorrect error message if it got a SOCKS5 request + that wasn't complete. Fixes bug 40190; bugfix on 0.3.5.1-alpha. + + +Changes in version 0.4.5.2-alpha - 2020-11-23 + Tor 0.4.5.2-alpha is the second alpha release in the 0.4.5.x series. + It fixes several bugs present in earlier releases, including one that + made it impractical to run relays on Windows. It also adds a few small + safety features to improve Tor's behavior in the presence of strange + compile-time options, misbehaving proxies, and future versions + of OpenSSL. + + o Major bugfixes (relay, windows): + - Fix a bug in our implementation of condition variables on Windows. + Previously, a relay on Windows would use 100% CPU after running + for some time. Because of this change, Tor now require Windows + Vista or later to build and run. Fixes bug 30187; bugfix on + 0.2.6.3-alpha. (This bug became more serious in 0.3.1.1-alpha with + the introduction of consensus diffs.) Patch by Daniel Pinto. + + o Minor features (compilation): + - Disable deprecation warnings when building with OpenSSL 3.0.0 or + later. There are a number of APIs newly deprecated in OpenSSL + 3.0.0 that Tor still requires. (A later version of Tor will try to + stop depending on these APIs.) Closes ticket 40165. + + o Minor features (protocol, proxy support, defense in depth): + - Respond more deliberately to misbehaving proxies that leave + leftover data on their connections, so as to make Tor even less + likely to allow the proxies to pass their data off as having come + from a relay. Closes ticket 40017. + + o Minor features (safety): + - Log a warning at startup if Tor is built with compile-time options + that are likely to make it less stable or reliable. Closes + ticket 18888. + + o Minor bugfixes (circuit, handshake): + - In the v3 handshaking code, use connection_or_change_state() to + change the state. Previously, we changed the state directly, but + this did not pass the state change to the pubsub or channel + objects, potentially leading to bugs. Fixes bug 32880; bugfix on + 0.2.3.6-alpha. Patch by Neel Chauhan. + + o Minor bugfixes (compilation): + - Use the correct 'ranlib' program when building libtor.a. + Previously we used the default ranlib, which broke some kinds of + cross-compilation. Fixes bug 40172; bugfix on 0.4.5.1-alpha. + - Remove a duplicate typedef in metrics_store.c. Fixes bug 40177; + bugfix on 0.4.5.1-alpha. + - When USDT tracing is enabled, and STAP_PROBEV() is missing, don't + attempt to build. Linux supports that macro but not the BSDs. + Fixes bug 40174; bugfix on 0.4.5.1-alpha. + + o Minor bugfixes (configuration): + - Exit Tor on a misconfiguration when the Bridge line is configured + to use a transport but no corresponding ClientTransportPlugin can + be found. Prior to this fix, Tor would attempt to connect to the + bridge directly without using the transport, making it easier for + adversaries to notice the bridge. Fixes bug 25528; bugfix + on 0.2.6.1-alpha. + - Fix an issue where an ORPort was compared with other kinds of + ports, when it should have been only checked against other + ORPorts. This bug would lead to "DirPort auto" getting ignored. + Fixes bug 40195; bugfix on 0.4.5.1-alpha. + - Fix a bug where a second non-ORPort with a variant family (ex: + SocksPort [::1]:9050) would be ignored due to a configuration + parsing error. Fixes bug 40183; bugfix on 0.4.5.1-alpha. + + o Minor bugfixes (crash, relay, signing key): + - Avoid assertion failures when we run Tor from the command line + with `--key-expiration sign`, but an ORPort is not set. Fixes bug + 40015; bugfix on 0.3.2.1-alpha. Patch by Neel Chauhan. + + o Minor bugfixes (logging): + - Remove trailing whitespace from control event log messages. Fixes + bug 32178; bugfix on 0.1.1.1-alpha. Based on a patch by + Amadeusz Pawlik. + - Turn warning-level log message about SENDME failure into a debug- + level message. (This event can happen naturally, and is no reason + for concern). Fixes bug 40142; bugfix on 0.4.1.1-alpha. + + o Minor bugfixes (relay, address discovery): + - Don't trigger an IP change when no new valid IP can be found. + Fixes bug 40071; bugfix on 0.4.5.1-alpha. + - When attempting to discover our IP, use a simple test circuit, + rather than a descriptor fetch: the same address information is + present in NETINFO cells, and is better authenticated there. Fixes + bug 40071; bugfix on 0.4.5.1-alpha. + + o Minor bugfixes (testing): + - Fix the `config/parse_tcp_proxy_line` test so that it works + correctly on systems where the DNS provider hijacks invalid + queries. Fixes part of bug 40179; bugfix on 0.4.3.1-alpha. + - Fix unit tests that used newly generated list of routers so that + they check them with respect to the date when they were generated, + not with respect to the current time. Fixes bug 40187; bugfix + on 0.4.5.1-alpha. + - Fix our Python reference-implementation for the v3 onion service + handshake so that it works correctly with the version of hashlib + provided by Python 3.9. Fixes part of bug 40179; bugfix + on 0.3.1.6-rc. + - Fix the `tortls/openssl/log_one_error` test to work with OpenSSL + 3.0.0. Fixes bug 40170; bugfix on 0.2.8.1-alpha. + + o Removed features (controller): + - Remove the "GETINFO network-status" controller command. It has + been deprecated since 0.3.1.1-alpha. Closes ticket 22473. + + Changes in version 0.4.4.6 - 2020-11-12 Tor 0.4.4.6 is the second stable release in the 0.4.4.x series. It backports fixes from later releases, including a fix for TROVE-2020- diff --git a/changes/40241 b/changes/40241 deleted file mode 100644 index c9b2e2c011..0000000000 --- a/changes/40241 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (compilation): - - Fix a compilation warning about unreachable fallthrough annotations - when building with "--enable-all-bugs-are-fatal" on some compilers. - Fixes bug 40241; bugfix on 0.3.5.4-alpha. diff --git a/changes/bug30187 b/changes/bug30187 deleted file mode 100644 index 2a3358d6be..0000000000 --- a/changes/bug30187 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes (relay, windows): - - Fix bug where running a relay on Windows would use 100% - CPU after some time. Makes Windows >= Vista the required - Windows version to build and run tor. Fixes bug 30187; - bugfix on 0.4.5.1-alpha. Patch by Daniel Pinto. diff --git a/changes/bug32880 b/changes/bug32880 deleted file mode 100644 index a25cabb7dc..0000000000 --- a/changes/bug32880 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (circuit, handshake): - - In the v3 handshaking code, Use connection_or_change_state() to change - the state. Previously, we changed the state directly, but this did not - pass a state change to the pubsub or channel object. Fixes bug 32880; - bugfix on 0.2.3.6-alpha. Patch by Neel Chauhan. diff --git a/changes/bug40015 b/changes/bug40015 deleted file mode 100644 index 1d190df751..0000000000 --- a/changes/bug40015 +++ /dev/null @@ -1,4 +0,0 @@ - o Major bugfixes (crash, relay, signing key): - - Avoid asserts when we run Tor from the command line with - `--key-expiration sign` when an ORPort is not set. Fixes - bug 40015; bugfix on 0.3.2.1-alpha. Patch by Neel Chauhan. diff --git a/changes/bug40017 b/changes/bug40017 deleted file mode 100644 index 3f5c2da968..0000000000 --- a/changes/bug40017 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features (protocol, proxy support, defense in depth): - - Respond more deliberately to misbehaving proxies that leave leftover - data on their connections, so as to be even less likely as to allow - them to pass their data off as having come from a relay. - Closes ticket 40017. diff --git a/changes/bug40172 b/changes/bug40172 deleted file mode 100644 index a73fcb39a3..0000000000 --- a/changes/bug40172 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (compilation): - - Fix a compilation issue in which the correct 'ranlib' program was not - used when building libtor.a. Fixes bug 40172; bugfix on 0.4.5.1-alpha. diff --git a/changes/bug40177 b/changes/bug40177 deleted file mode 100644 index b08be64e47..0000000000 --- a/changes/bug40177 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (compilation): - - Remove a duplicate typedef in metrics_store.c. Fixes bug 40177; - bugfix on 0.4.5.1-alpha. diff --git a/changes/bug40179_part1 b/changes/bug40179_part1 deleted file mode 100644 index c302373534..0000000000 --- a/changes/bug40179_part1 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (testing, portability): - - Fix our Python reference-implementation for the v3 onion service - handshake so that it works correctly with the version of hashlib provided - by Python 3.9. Fixes part of bug 40179; bugfix on 0.3.1.6-rc. diff --git a/changes/bug40179_part2 b/changes/bug40179_part2 deleted file mode 100644 index 15dc861321..0000000000 --- a/changes/bug40179_part2 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (testing): - - Fix the config/parse_tcp_proxy_line test so that it works correctly on - systems where the DNS provider hijacks invalid queries. - Fixes part of bug 40179; bugfix on 0.4.3.1-alpha. diff --git a/changes/bug40187 b/changes/bug40187 deleted file mode 100644 index 563e4b4d76..0000000000 --- a/changes/bug40187 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (testing): - - Fix unit tests that used newly generated list of routers so that they - check them with respect to the date when they were generated, not - with respect to the current time. Fixes bug 40187; bugfix on - 0.4.5.1-alpha. diff --git a/changes/bug40190 b/changes/bug40190 deleted file mode 100644 index 0f3d6941dc..0000000000 --- a/changes/bug40190 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (SOCKS5): - - Handle partial socks5 messages correctly. Previously, our code would - send an incorrect error message if it got a socks5 request that wasn't - complete. Fixes bug 40190; bugfix on 0.3.5.1-alpha. diff --git a/changes/bug40210 b/changes/bug40210 deleted file mode 100644 index f492262a11..0000000000 --- a/changes/bug40210 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features (crypto): - - Fix undefined behavior on our Keccak library. The bug only appears on - platforms with 32-byte CPU cache lines (e.g. armv5tel) and would result - in wrong digests. Fixes bug 40210; bugfix on 0.2.8.1-alpha. Thanks to - Bernhard Übelacker, Arnd Bergmann and weasel for diagnosing this. diff --git a/changes/ticket18888 b/changes/ticket18888 deleted file mode 100644 index 279eab76ad..0000000000 --- a/changes/ticket18888 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (safety): - - Log a warning at startup if Tor is built with compile-time options that - are likely to make it less stable or reliable. Closes ticket 18888. diff --git a/changes/ticket22473 b/changes/ticket22473 deleted file mode 100644 index c7496f9da7..0000000000 --- a/changes/ticket22473 +++ /dev/null @@ -1,3 +0,0 @@ - o Removed features (controller): - - Remove the "GETINFO network-status" controller command. It has - been deprecated since 0.3.1.1-alpha. Closes ticket 22473. diff --git a/changes/ticket25528 b/changes/ticket25528 deleted file mode 100644 index cfc6c91fb7..0000000000 --- a/changes/ticket25528 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (client, bridge, configuration): - - Exit tor on a misconfiguration when the Bridge line has a transport but - no corresponding ClientTransportPlugin can be found. Prior to this fix, - tor would attempt to connect to the bridge directly without using the - transport leading to a possible leak on the wire. Fixes bug 25528; - bugfix on 0.2.6.1-alpha. diff --git a/changes/ticket32178 b/changes/ticket32178 deleted file mode 100644 index c13e490cb0..0000000000 --- a/changes/ticket32178 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (logging): - - Remove trailing whitespaces from control event log messages. Fixes bug - 32178; bugfix on 0.1.1.1-alpha. Based on a patch by Amadeusz Pawlik. diff --git a/changes/ticket40071 b/changes/ticket40071 deleted file mode 100644 index 1e294a68e7..0000000000 --- a/changes/ticket40071 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes (relay, address): - - Don't trigger an IP change if no new valid IP can be found. Fixes bug - 40071; bugfix on 0.4.5.1-alpha. - - When attempting to discover our IP, don't launch a descriptor fetch - anymore but rather a simple test circuit since the address discovery is - through the NETINFO cell now from the authorities. Fixes bug 40071; bugfix - on 0.4.5.1-alpha. diff --git a/changes/ticket40111 b/changes/ticket40111 deleted file mode 100644 index a82ca0d489..0000000000 --- a/changes/ticket40111 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes (configure, build): - - Fix the --enable-static-tor switch to properly set the -static compile - option onto the tor binary only. Fixes bug 40111; bugfix on - 0.2.3.1-alpha. - - Path to static libevent has been fixed as well which affects the - --enable-static-libevent to behave correctly now. The .a file is in - .libs/ of libevent repository, not at the root. diff --git a/changes/ticket40142 b/changes/ticket40142 deleted file mode 100644 index 25a96b3df3..0000000000 --- a/changes/ticket40142 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (logging, flow control): - - Turn a SENDME failure log warning into a debug. It can actually happen - naturally. Fixes bug 40142; bugfix on 0.4.1.1-alpha. diff --git a/changes/ticket40165 b/changes/ticket40165 deleted file mode 100644 index a8dd0a339b..0000000000 --- a/changes/ticket40165 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features (compilation): - - Disable deprecation warnings when building with OpenSSL 3.0.0 or later. - There are a number of newly deprecated APIs in OpenSSL 3.0.0 that Tor - still requires. (A later version of Tor will try to stop depending on - these.) Closes ticket 40165. diff --git a/changes/ticket40170 b/changes/ticket40170 deleted file mode 100644 index cc1c8dbad1..0000000000 --- a/changes/ticket40170 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (tests): - - Fix the "tortls/openssl/log_one_error" test to work with OpenSSL 3.0.0. - Fixes bug 40170; bugfix on 0.2.8.1-alpha. diff --git a/changes/ticket40174 b/changes/ticket40174 deleted file mode 100644 index 869a2756f4..0000000000 --- a/changes/ticket40174 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (configure, build): - - With USDT tracing enabled, if STAP_PROBEV() is missing, don't attempt to - build. Linux supports that macro but not the BSDs. Fixes bug 40174; bugfix - on 0.4.5.1-alpha. diff --git a/changes/ticket40183 b/changes/ticket40183 deleted file mode 100644 index 3c4bdf21e2..0000000000 --- a/changes/ticket40183 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (port configuration): - - Second non ORPort of a different family (ex: SocksPort [::1]:9050) was - ignored due to a logical configuration parsing error. Fixes bug 40183; - bugfix on 0.4.5.1-alpha. diff --git a/changes/ticket40188 b/changes/ticket40188 deleted file mode 100644 index e29b2a9438..0000000000 --- a/changes/ticket40188 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (documentation): - - Mention the !badexit directive that can appear in an authority's - approved-routers file, and update the description of the !invalid - directive. Closes ticket 40188. diff --git a/changes/ticket40195 b/changes/ticket40195 deleted file mode 100644 index caa0bace94..0000000000 --- a/changes/ticket40195 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (configuration, ports): - - Fix an issue where an ORPort was validated against other type of ports - when it should have been only checked against other ORPorts. This lead to - "DirPort auto" to be ignored and failing to be used. Fixes bug 40195; - bugfix on 0.4.5.1-alpha. diff --git a/changes/ticket40201 b/changes/ticket40201 deleted file mode 100644 index cdf8d99172..0000000000 --- a/changes/ticket40201 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (logging, relay): - - Logs the address discovered by the directory authorities if none were - configured or detected before. Fixes bug 40201; bugfix on 0.4.5.1-alpha. diff --git a/changes/ticket40205 b/changes/ticket40205 deleted file mode 100644 index e21c7fab7c..0000000000 --- a/changes/ticket40205 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (relay, logging, reachability): - - When launching bandwidth testing circuit, don't log notice that we are - doing a reachability test. Furthermore, avoid to trigger a - "CHECKING_REACHABILITY" control event. Fixes bug 40205; bugfix on - 0.4.5.1-alpha. diff --git a/changes/ticket40226 b/changes/ticket40226 deleted file mode 100644 index 4775438f63..0000000000 --- a/changes/ticket40226 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (relay, statistics): - - The connection statistics were wrongly exported in the extrainfo document - due to a problem in the file loading function which would wrongly truncate - the file reporting the wrong information. It is now fixed. Fixes bug - 40226; bugfix on 0.4.5.1-alpha. diff --git a/changes/ticket40237 b/changes/ticket40237 deleted file mode 100644 index fc32f59cd4..0000000000 --- a/changes/ticket40237 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes (onion service v3): - - Stop requiring a live consensus for v3 clients and services to work. The - use of a reasonably live consensus will allow v3 to work properly in most - cases if the network failed to generate a consensus for more than 2 hours - in a row. Fixes bug 40237; bugfix on 0.3.5.1-alpha. |