aboutsummaryrefslogtreecommitdiff
path: root/ChangeLog
diff options
context:
space:
mode:
Diffstat (limited to 'ChangeLog')
-rw-r--r--ChangeLog365
1 files changed, 365 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index cdf7249059..d4d0d35874 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,368 @@
+Changes in version 0.3.5.8 - 2019-02-21
+ Tor 0.3.5.8 backports serveral fixes from later releases, including fixes
+ for an annoying SOCKS-parsing bug that affected users in earlier 0.3.5.x
+ releases.
+
+ It also includes a fix for a medium-severity security bug affecting Tor
+ 0.3.2.1-alpha and later. All Tor instances running an affected release
+ should upgrade to 0.3.3.12, 0.3.4.11, 0.3.5.8, or 0.4.0.2-alpha.
+
+ o Major bugfixes (cell scheduler, KIST, security):
+ - Make KIST consider the outbuf length when computing what it can
+ put in the outbuf. Previously, KIST acted as though the outbuf
+ were empty, which could lead to the outbuf becoming too full. It
+ is possible that an attacker could exploit this bug to cause a Tor
+ client or relay to run out of memory and crash. Fixes bug 29168;
+ bugfix on 0.3.2.1-alpha. This issue is also being tracked as
+ TROVE-2019-001 and CVE-2019-8955.
+
+ o Major bugfixes (networking, backport from 0.4.0.2-alpha):
+ - Gracefully handle empty username/password fields in SOCKS5
+ username/password auth messsage and allow SOCKS5 handshake to
+ continue. Previously, we had rejected these handshakes, breaking
+ certain applications. Fixes bug 29175; bugfix on 0.3.5.1-alpha.
+
+ o Minor features (compilation, backport from 0.4.0.2-alpha):
+ - Compile correctly when OpenSSL is built with engine support
+ disabled, or with deprecated APIs disabled. Closes ticket 29026.
+ Patches from "Mangix".
+
+ o Minor features (geoip):
+ - Update geoip and geoip6 to the February 5 2019 Maxmind GeoLite2
+ Country database. Closes ticket 29478.
+
+ o Minor features (testing, backport from 0.4.0.2-alpha):
+ - Treat all unexpected ERR and BUG messages as test failures. Closes
+ ticket 28668.
+
+ o Minor bugfixes (onion service v3, client, backport from 0.4.0.1-alpha):
+ - Stop logging a "BUG()" warning and stacktrace when we find a SOCKS
+ connection waiting for a descriptor that we actually have in the
+ cache. It turns out that this can actually happen, though it is
+ rare. Now, tor will recover and retry the descriptor. Fixes bug
+ 28669; bugfix on 0.3.2.4-alpha.
+
+ o Minor bugfixes (IPv6, backport from 0.4.0.1-alpha):
+ - Fix tor_ersatz_socketpair on IPv6-only systems. Previously, the
+ IPv6 socket was bound using an address family of AF_INET instead
+ of AF_INET6. Fixes bug 28995; bugfix on 0.3.5.1-alpha. Patch from
+ Kris Katterjohn.
+
+ o Minor bugfixes (build, compatibility, rust, backport from 0.4.0.2-alpha):
+ - Update Cargo.lock file to match the version made by the latest
+ version of Rust, so that "make distcheck" will pass again. Fixes
+ bug 29244; bugfix on 0.3.3.4-alpha.
+
+ o Minor bugfixes (client, clock skew, backport from 0.4.0.1-alpha):
+ - Select guards even if the consensus has expired, as long as the
+ consensus is still reasonably live. Fixes bug 24661; bugfix
+ on 0.3.0.1-alpha.
+
+ o Minor bugfixes (compilation, backport from 0.4.0.1-alpha):
+ - Compile correctly on OpenBSD; previously, we were missing some
+ headers required in order to detect it properly. Fixes bug 28938;
+ bugfix on 0.3.5.1-alpha. Patch from Kris Katterjohn.
+
+ o Minor bugfixes (documentation, backport from 0.4.0.2-alpha):
+ - Describe the contents of the v3 onion service client authorization
+ files correctly: They hold public keys, not private keys. Fixes
+ bug 28979; bugfix on 0.3.5.1-alpha. Spotted by "Felixix".
+
+ o Minor bugfixes (logging, backport from 0.4.0.1-alpha):
+ - Rework rep_hist_log_link_protocol_counts() to iterate through all
+ link protocol versions when logging incoming/outgoing connection
+ counts. Tor no longer skips version 5, and we won't have to
+ remember to update this function when new link protocol version is
+ developed. Fixes bug 28920; bugfix on 0.2.6.10.
+
+ o Minor bugfixes (logging, backport from 0.4.0.2-alpha):
+ - Log more information at "warning" level when unable to read a
+ private key; log more information at "info" level when unable to
+ read a public key. We had warnings here before, but they were lost
+ during our NSS work. Fixes bug 29042; bugfix on 0.3.5.1-alpha.
+
+ o Minor bugfixes (misc, backport from 0.4.0.2-alpha):
+ - The amount of total available physical memory is now determined
+ using the sysctl identifier HW_PHYSMEM (rather than HW_USERMEM)
+ when it is defined and a 64-bit variant is not available. Fixes
+ bug 28981; bugfix on 0.2.5.4-alpha. Patch from Kris Katterjohn.
+
+ o Minor bugfixes (onion services, backport from 0.4.0.2-alpha):
+ - Avoid crashing if ClientOnionAuthDir (incorrectly) contains more
+ than one private key for a hidden service. Fixes bug 29040; bugfix
+ on 0.3.5.1-alpha.
+ - In hs_cache_store_as_client() log an HSDesc we failed to parse at
+ "debug" level. Tor used to log it as a warning, which caused very
+ long log lines to appear for some users. Fixes bug 29135; bugfix
+ on 0.3.2.1-alpha.
+ - Stop logging "Tried to establish rendezvous on non-OR circuit..."
+ as a warning. Instead, log it as a protocol warning, because there
+ is nothing that relay operators can do to fix it. Fixes bug 29029;
+ bugfix on 0.2.5.7-rc.
+
+ o Minor bugfixes (tests, directory clients, backport from 0.4.0.1-alpha):
+ - Mark outdated dirservers when Tor only has a reasonably live
+ consensus. Fixes bug 28569; bugfix on 0.3.2.5-alpha.
+
+ o Minor bugfixes (tests, backport from 0.4.0.2-alpha):
+ - Detect and suppress "bug" warnings from the util/time test on
+ Windows. Fixes bug 29161; bugfix on 0.2.9.3-alpha.
+ - Do not log an error-level message if we fail to find an IPv6
+ network interface from the unit tests. Fixes bug 29160; bugfix
+ on 0.2.7.3-rc.
+
+ o Minor bugfixes (usability, backport from 0.4.0.1-alpha):
+ - Stop saying "Your Guard ..." in pathbias_measure_{use,close}_rate().
+ Some users took this phrasing to mean that the mentioned guard was
+ under their control or responsibility, which it is not. Fixes bug
+ 28895; bugfix on Tor 0.3.0.1-alpha.
+
+
+Changes in version 0.3.5.7 - 2019-01-07
+ Tor 0.3.5.7 is the first stable release in its series; it includes
+ compilation and portability fixes, and a fix for a severe problem
+ affecting directory caches.
+
+ The Tor 0.3.5 series includes several new features and performance
+ improvements, including client authorization for v3 onion services,
+ cleanups to bootstrap reporting, support for improved bandwidth-
+ measurement tools, experimental support for NSS in place of OpenSSL,
+ and much more. It also begins a full reorganization of Tor's code
+ layout, for improved modularity and maintainability in the future.
+ Finally, there is the usual set of performance improvements and
+ bugfixes that we try to do in every release series.
+
+ There are a couple of changes in the 0.3.5 that may affect
+ compatibility. First, the default version for newly created onion
+ services is now v3. Use the HiddenServiceVersion option if you want to
+ override this. Second, some log messages related to bootstrapping have
+ changed; if you use stem, you may need to update to the latest version
+ so it will recognize them.
+
+ We have designated 0.3.5 as a "long-term support" (LTS) series: we
+ will continue to patch major bugs in typical configurations of 0.3.5
+ until at least 1 Feb 2022. (We do not plan to provide long-term
+ support for embedding, Rust support, NSS support, running a directory
+ authority, or unsupported platforms. For these, you will need to stick
+ with the latest stable release.)
+
+ Below are the changes since 0.3.5.6-rc. For a complete list of changes
+ since 0.3.4.9, see the ReleaseNotes file.
+
+ o Major bugfixes (relay, directory):
+ - Always reactivate linked connections in the main loop so long as
+ any linked connection has been active. Previously, connections
+ serving directory information wouldn't get reactivated after the
+ first chunk of data was sent (usually 32KB), which would prevent
+ clients from bootstrapping. Fixes bug 28912; bugfix on
+ 0.3.4.1-alpha. Patch by "cypherpunks3".
+
+ o Minor features (compilation):
+ - When possible, place our warning flags in a separate file, to
+ avoid flooding verbose build logs. Closes ticket 28924.
+
+ o Minor features (geoip):
+ - Update geoip and geoip6 to the January 3 2019 Maxmind GeoLite2
+ Country database. Closes ticket 29012.
+
+ o Minor features (OpenSSL bug workaround):
+ - Work around a bug in OpenSSL 1.1.1a, which prevented the TLS 1.3
+ key export function from handling long labels. When this bug is
+ detected, Tor will disable TLS 1.3. We recommend upgrading to a
+ version of OpenSSL without this bug when it becomes available.
+ Closes ticket 28973.
+
+ o Minor features (performance):
+ - Remove about 96% of the work from the function that we run at
+ startup to test our curve25519_basepoint implementation. Since
+ this function has yet to find an actual failure, we now only run
+ it for 8 iterations instead of 200. Based on our profile
+ information, this change should save around 8% of our startup time
+ on typical desktops, and may have a similar effect on other
+ platforms. Closes ticket 28838.
+ - Stop re-validating our hardcoded Diffie-Hellman parameters on
+ every startup. Doing this wasted time and cycles, especially on
+ low-powered devices. Closes ticket 28851.
+
+ o Minor bugfixes (compilation):
+ - Fix compilation for Android by adding a missing header to
+ freespace.c. Fixes bug 28974; bugfix on 0.3.5.1-alpha.
+
+ o Minor bugfixes (correctness):
+ - Fix an unreached code path where we checked the value of
+ "hostname" inside send_resolved_hostname_cell(). Previously, we
+ used it before checking it; now we check it first. Fixes bug
+ 28879; bugfix on 0.1.2.7-alpha.
+
+ o Minor bugfixes (testing):
+ - Make sure that test_rebind.py actually obeys its timeout, even
+ when it receives a large number of log messages. Fixes bug 28883;
+ bugfix on 0.3.5.4-alpha.
+ - Stop running stem's unit tests as part of "make test-stem", but
+ continue to run stem's unit and online tests during "make test-
+ stem-full". Fixes bug 28568; bugfix on 0.2.6.3-alpha.
+
+ o Minor bugfixes (windows services):
+ - Make Tor start correctly as an NT service again: previously it was
+ broken by refactoring. Fixes bug 28612; bugfix on 0.3.5.3-alpha.
+
+ o Code simplification and refactoring:
+ - When parsing a port configuration, make it more obvious to static
+ analyzer tools that we always initialize the address. Closes
+ ticket 28881.
+
+
+Changes in version 0.3.5.6-rc - 2018-12-18
+ Tor 0.3.5.6-rc fixes numerous small bugs in earlier versions of Tor.
+ It is the first release candidate in the 0.3.5.x series; if no further
+ huge bugs are found, our next release may be the stable 0.3.5.x.
+
+ o Minor features (continuous integration, Windows):
+ - Always show the configure and test logs, and upload them as build
+ artifacts, when building for Windows using Appveyor CI.
+ Implements 28459.
+
+ o Minor features (fallback directory list):
+ - Replace the 150 fallbacks originally introduced in Tor
+ 0.3.3.1-alpha in January 2018 (of which ~115 were still
+ functional), with a list of 157 fallbacks (92 new, 65 existing, 85
+ removed) generated in December 2018. Closes ticket 24803.
+
+ o Minor features (geoip):
+ - Update geoip and geoip6 to the December 5 2018 Maxmind GeoLite2
+ Country database. Closes ticket 28744.
+
+ o Minor bugfixes (compilation):
+ - Add missing dependency on libgdi32.dll for tor-print-ed-signing-
+ cert.exe on Windows. Fixes bug 28485; bugfix on 0.3.5.1-alpha.
+
+ o Minor bugfixes (continuous integration, Windows):
+ - Explicitly specify the path to the OpenSSL library and do not
+ download OpenSSL from Pacman, but instead use the library that is
+ already provided by AppVeyor. Fixes bug 28574; bugfix on master.
+
+ o Minor bugfixes (onion service v3):
+ - When deleting an ephemeral onion service (DEL_ONION), do not close
+ any rendezvous circuits in order to let the existing client
+ connections finish by themselves or closed by the application. The
+ HS v2 is doing that already so now we have the same behavior for
+ all versions. Fixes bug 28619; bugfix on 0.3.3.1-alpha.
+
+ o Minor bugfixes (restart-in-process, boostrap):
+ - Add missing resets of bootstrap tracking state when shutting down
+ (regression caused by ticket 27169). Fixes bug 28524; bugfix
+ on 0.3.5.1-alpha.
+
+ o Minor bugfixes (testing):
+ - Use a separate DataDirectory for the test_rebind script.
+ Previously, this script would run using the default DataDirectory,
+ and sometimes fail. Fixes bug 28562; bugfix on 0.3.5.1-alpha.
+ Patch from Taylor R Campbell.
+ - Stop leaking memory in an entry guard unit test. Fixes bug 28554;
+ bugfix on 0.3.0.1-alpha.
+
+ o Minor bugfixes (Windows):
+ - Correctly identify Windows 8.1, Windows 10, and Windows Server
+ 2008 and later from their NT versions. Fixes bug 28096; bugfix on
+ 0.2.2.34; reported by Keifer Bly.
+ - On recent Windows versions, the GetVersionEx() function may report
+ an earlier Windows version than the running OS. To avoid user
+ confusion, add "[or later]" to Tor's version string on affected
+ versions of Windows. Fixes bug 28096; bugfix on 0.2.2.34; reported
+ by Keifer Bly.
+ - Remove Windows versions that were never supported by the
+ GetVersionEx() function. Stop duplicating the latest Windows
+ version in get_uname(). Fixes bug 28096; bugfix on 0.2.2.34;
+ reported by Keifer Bly.
+
+ o Testing:
+ - Increase logging and tag all log entries with timestamps in
+ test_rebind.py. Provides diagnostics for issue 28229.
+
+ o Code simplification and refactoring (shared random, dirauth):
+ - Change many tor_assert() to use BUG() instead. The idea is to not
+ crash a dirauth but rather scream loudly with a stacktrace and let
+ it continue run. The shared random subsystem is very resilient and
+ if anything wrong happens with it, at worst a non coherent value
+ will be put in the vote and discarded by the other authorities.
+ Closes ticket 19566.
+
+ o Documentation (onion services):
+ - Document in the man page that changing ClientOnionAuthDir value or
+ adding a new file in the directory will not work at runtime upon
+ sending a HUP if Sandbox 1. Closes ticket 28128.
+ - Note in the man page that the only real way to fully revoke an
+ onion service v3 client authorization is by restarting the tor
+ process. Closes ticket 28275.
+
+
+Changes in version 0.3.5.5-alpha - 2018-11-16
+ Tor 0.3.5.5-alpha includes numerous bugfixes on earlier releases,
+ including several that we hope to backport to older release series in
+ the future.
+
+ o Major bugfixes (OpenSSL, portability):
+ - Fix our usage of named groups when running as a TLS 1.3 client in
+ OpenSSL 1.1.1. Previously, we only initialized EC groups when
+ running as a relay, which caused clients to fail to negotiate TLS
+ 1.3 with relays. Fixes bug 28245; bugfix on 0.2.9.15 (when TLS 1.3
+ support was added).
+
+ o Minor features (geoip):
+ - Update geoip and geoip6 to the November 6 2018 Maxmind GeoLite2
+ Country database. Closes ticket 28395.
+
+ o Minor bugfixes (compilation):
+ - Initialize a variable unconditionally in aes_new_cipher(), since
+ some compilers cannot tell that we always initialize it before
+ use. Fixes bug 28413; bugfix on 0.2.9.3-alpha.
+
+ o Minor bugfixes (connection, relay):
+ - Avoid a logging a BUG() stacktrace when closing connection held
+ open because the write side is rate limited but not the read side.
+ Now, the connection read side is simply shut down until Tor is
+ able to flush the connection and close it. Fixes bug 27750; bugfix
+ on 0.3.4.1-alpha.
+
+ o Minor bugfixes (continuous integration, Windows):
+ - Manually configure the zstd compiler options, when building using
+ mingw on Appveyor Windows CI. The MSYS2 mingw zstd package does
+ not come with a pkg-config file. Fixes bug 28454; bugfix
+ on 0.3.4.1-alpha.
+ - Stop using an external OpenSSL install, and stop installing MSYS2
+ packages, when building using mingw on Appveyor Windows CI. Fixes
+ bug 28399; bugfix on 0.3.4.1-alpha.
+
+ o Minor bugfixes (documentation):
+ - Make Doxygen work again after the code movement in the 0.3.5
+ source tree. Fixes bug 28435; bugfix on 0.3.5.1-alpha.
+
+ o Minor bugfixes (Linux seccomp2 sandbox):
+ - Permit the "shutdown()" system call, which is apparently used by
+ OpenSSL under some circumstances. Fixes bug 28183; bugfix
+ on 0.2.5.1-alpha.
+
+ o Minor bugfixes (logging):
+ - Stop talking about the Named flag in log messages. Clients have
+ ignored the Named flag since 0.3.2. Fixes bug 28441; bugfix
+ on 0.3.2.1-alpha.
+
+ o Minor bugfixes (memory leaks):
+ - Fix a harmless memory leak in libtorrunner.a. Fixes bug 28419;
+ bugfix on 0.3.3.1-alpha. Patch from Martin Kepplinger.
+
+ o Minor bugfixes (onion services):
+ - On an intro point for a version 3 onion service, stop closing
+ introduction circuits on an NACK. This lets the client decide
+ whether to reuse the circuit or discard it. Previously, we closed
+ intro circuits when sending NACKs. Fixes bug 27841; bugfix on
+ 0.3.2.1-alpha. Patch by Neel Chaunan.
+ - When replacing a descriptor in the client cache, make sure to
+ close all client introduction circuits for the old descriptor, so
+ we don't end up with unusable leftover circuits. Fixes bug 27471;
+ bugfix on 0.3.2.1-alpha.
+
+
Changes in version 0.3.5.4-alpha - 2018-11-08
Tor 0.3.5.4-alpha includes numerous bugfixes on earlier versions and
improves our continuous integration support. It continues our attempts
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion