diff options
Diffstat (limited to 'ChangeLog')
-rw-r--r-- | ChangeLog | 356 |
1 files changed, 356 insertions, 0 deletions
@@ -1,3 +1,359 @@ +Changes in version 0.2.6.3-alpha - 2015-02-?? + + blah blah blah + + o Major features (changed defaults): + - Prevent relay operators from unintentionally running exits: When + a relay is configured as an exit node, we now warn the user + unless the 'ExitRelay' option is set to 1. We warn even more + loudly if the relay is configured with the default exit policy, + since this tends to indicate accidental misconfiguration. + Setting 'ExitRelay' to 0 stops Tor from running as an exit relay. + Closes ticket 10067. + + o Major features (security) + - Implementation of an AF_UNIX socket option to implement a SOCKS + proxy reachable by Unix Domain Socket. This allows client applications to + communicate with Tor without having the ability to create AF_INET or + AF_INET6 family sockets. If an application has permission to create a socket + with AF_UNIX, it may directly communicate with Tor as if it were an other + SOCKS proxy. This should allow high risk applications to be entirely prevented + from connecting directly with TCP/IP, they will be able to only connect to the + internet through AF_UNIX and only through Tor. + To create a socket of this type, use the syntax "unix:/path/to/socket". + Closes ticket 12585. + + o Major features (hidden services): + - Support mapping hidden service virtual ports to AF_UNIX sockets on + suitable platforms. Resolves ticket #11485. + + o Major features (performance): + - Refactor the CPU worker implementation for better performance by + avoiding the kernel and lengthening pipelines. The original + implementation used sockets to transfer data from the main thread + to the worker threads, and didn't allow any thread to be assigned + more than a single piece of work at once. The new implementation + avoids communications overhead by making requests in shared + memory, avoiding kernel IO where possible, and keeping more + request in flight at once. Resolves issue #9682. + + o Removed features: + - To avoid confusion with the 'ExitRelay' option, 'ExitNode' is no + longer silently accepted as an alias for 'ExitNodes'. + + o Major bugfixes (client): + - Allow MapAddress and AutomapHostsOnResolve to work together when an + address is mapped into another address type that must be + automapped at resolve time. Fixes bug 7555; bugfix on + 0.2.0.1-alpha. + + o Major bugfixes (exit node stability): + - Fix an assertion failure that could occur under high DNS load. Fixes + bug 14129; bugfix on Tor 0.0.7rc1. Found by "jowr"; diagnosed and fixed + by "cypherpunks". + + o Major bugfixes (mixed relay-client operation): + - When running as a relay and a client at the same time (not + recommended), if we decide not to use a new guard because we + want to retry older guards, only close the locally-originating + circuits passing through that guard. Previously we would close + all the circuits. Fixes bug 9819; bugfix on + 0.2.1.1-alpha. Reported by "skruffy". + + o Minor features (authorities, testing): + - Create TestingDirAuthVoteHSDir like TestingDirAuthVoteExit/Guard. + Ensures that authorities vote the HSDir flag for the listed + relays regardless of uptime or ORPort connectivity. + Respects the value of VoteOnHidServDirectoriesV2. + Partial implementation for ticket 14067. Patch by "teor". + + o Minor features (build): + - New --disable-system-torrc compile-time option to prevent Tor from + looking for a system-wide torrc or torrc-defaults tile. Resolves + ticket 13037. + + o Minor features (controller): + - Include SOCKS_USERNAME and SOCKS_PASSWORD values in controller + events to let controllers observe circuit isolation inputs. + Closes ticket 8405. + - ControlPort now supports the unix:/path/to/dir syntax as an alternative + to the ControlSocket option, for consistency with SocksPort and + hidden services. Closes ticket 14451. + - New "GETINFO bw-event-cache" to get information about recent bandwidth + events. Closes ticket 14128. Useful for controllers to get recent + bandwidth history after the fix for 13988. + + o Minor features (directory client): + - When downloading server- or microdescriptors from a directory server, + we no longer launch multiple simultaneous requests to the same server. + This reduces load on the directory servers, especially when directory + guards are in use. Closes ticket 9969. + - When downloading server- or microdescriptors over a tunneled + connection, do not limit the length of our request to what the Squid + proxy is willing to handle. Part of ticket 9969. + + o Minor features (directory system): + - Authorities can now vote on the correct digests and latest versions for + different software packages. This allows packages that include Tor to use + the Tor authority system as a way to get notified of updates and their + correct digests. Implements proposal 227. Closes ticket 10395. + + o Minor features (directory, memory usage): + - When we have recently been under memory pressure (over 3/4 of + MaxMemInQueues is allocated), then allocate smaller zlib objects for + small requests. Closes ticket 11791. + + o Minor features (DOS resistance): + - Count the total number of bytes used storing hidden service descriptors + against the value of MaxMemInQueues. If we're low on memory, and more + than 20% of our memory is used holding hidden service descriptors, free + them until no more than 10% of our memory holds hidden service + descriptors. Free the least recently fetched descriptors first. + Resolves ticket 13806. + + o Minor features (geoip): + - Update geoip to the January 7 2015 Maxmind GeoLite2 Country database. + - Update geoip6 to the January 7 2015 Maxmind GeoLite2 Country database. + + o Minor features (Guard nodes): + - Reduce the time delay before saving guard status to disk from 10 + minute to 30 seconds (or from one hour to 10 minutes if + AvoidDiskWrites is set). Closes ticket 12485. + + o Minor features (hidden service): + - Make hidden service Sybil attacks harder by changing the minimum + time required to become an HSDir from 25 hours up to 96 hours. + Addresses ticket #14149. + - New option "HiddenServiceAllowUnknownPorts" to allow hidden + services to disable the anti-scanning feature introduced in + 0.2.6.2-alpha. With this option not set, a connection to an + unlisted port closes the circuit. With this option set, only a + RELAY_DONE cell is sent. Closes ticket #14084. + + o Minor features (interface): + - Implement '-f -' CLI suboption to allow torrc to be read + from standard input, thus not requiring to store torrc in file + system. Implements feature 13865. + + o Minor features (logging): + - Add a count of unique clients to the bridge heartbeat message. Resolves + ticket 6852. + - Suppress "router info incompatible with extra info" message when + reading extrainfo documents from cache. (This message got loud + around when we closed bug 9812 in 0.2.6.2-alpha.) Closes ticket + 13762. + - Elevate authorized-client message from DEBUG to INFO. Closes + ticket 14015. + + o Minor features (systemd): + - Various improvements and modernizations in systemd hardening support. + Closes ticket 13805. Patch from Craig Andrews. + + o Minor features (stability): + - Prevent bugs from causing infinite loops in our hash-table + iteration code by adding assertions that cached hash values have + not been corrupted. Closes ticket 11737. + + o Minor features (testing networks): + - Drop the minimum RendPostPeriod on a testing network to 5 seconds, + and the default to 2 minutes. Closes ticket 13401. Patch by "nickm". + - Drop the MIN_REND_INITIAL_POST_DELAY on a testing network to 5 seconds, + but keep the default at 30 seconds. This reduces HS bootstrap time to + around 25 seconds. Change src/test/test-network.sh default time to match. + Closes ticket 13401. Patch by "teor". + + o Minor bugfixes (automapping): + - Prevent changes to other options from removing the wildcard value "." + from "AutomapHostsSuffixes". + Fixes bug 12509; bugfix on 0.2.0.1-alpha. + + o Minor bugfixes (build): + - Avoid warnings when building with systemd 209 or later. + Fixes bug 14072; bugfix on 0.2.6.2-alpha. Patch from "h.venev". + + o Minor bugfixes (client DNS): + - Report the correct cached DNS expiration times. Previously, we + would report everything as "never expires." Fixes bug 14193; + bugfix on 0.2.3.17-beta. + - Avoid a small memory leak when we find a cached answer for a reverse + DNS lookup in a client-side DNS cache. (Remember, client-side DNS + caching is off by default, and is not recommended.) Fixes bug 14259; + bugfix on 0.2.0.1-alpha. + + o Minor bugfixes (client, automapping): + - Check for a missing option value in parse_virtual_addr_network + before asserting on the NULL in tor_addr_parse_mask_ports. + This avoids crashing on torrc lines like + Vi[rtualAddrNetworkIPv[4|6]] when no value follows the option. + Fixes bug 14142; bugfix on 0.2.4.7-alpha. + Patch by "teor". + - Fix a memory leak when using AutomapHostsOnResolve. + Fixes bug 14195; bugfix on 0.1.0.1-rc. + + o Minor bugfixes (client, IPV6): + - Reject socks requests to literal IPv6 addresses when IPv6Traffic + flag is not set; and not because the NoIPv4Traffic flag was set. + Previously we'd looked at the NoIPv4Traffic flag for both types + of literal addresses. Fixes bug 14280; bugfix on 0.2.4.7-alpha. + + o Minor bugfixes (client, bridges): + - When we are using bridges and we had a network connectivity problem, only + retry connecting to our currently configured bridges, not all bridges we + know about and remember using. + Fixes bug 14216; bugfix on tor-0.2.2.17-alpha. Patch from arma. + + o Minor bugfixes (compilation): + - Build without warnings with the stock OpenSSL srtp.h header, + which has a duplicate declaration of SSL_get_selected_srtp_profile(). + Fixes bug 14220; this is OpenSSL's bug, not ours. + - The address of an array in the middle of a structure will + always be non-NULL. clang recognises this and complains. + Disable the tautologous and redundant check to silence + this warning. + Fixes bug 14001; bugfix on 0.2.1.2-alpha. + - Compile correctly with (unreleased) OpenSSL 1.1.0 headers. + Addresses ticket 14188. + + o Minor bugfixes (controller): + - Add a code for the END_CIRC_REASON_IP_NOW_REDUNDANT circuit close + reason. Fixes bug 14207; bugfix on 0.2.6.2-alpha. + - Avoid crashing on a malformed EXTENDCIRCUIT command. Fixes bug 14116; + bugfix on 0.2.2.9-alpha. + + o Minor bugfixes (directory authority): + - Allow directory authorities to fetch more data from one + another if they find themselves missing lots of votes. + Previously, they had been bumping against the 10 MB queued + data limit. Fixes bug 14261; bugfix on 0.1.2.5-alpha. + - Enlarge the buffer to read bw-auth generated files to avoid an + issue when parsing the file in dirserv_read_measured_bandwidths(). + Fixes bug 14125; bugfix on 0.2.2.1-alpha. + + o Minor bugfixes (file handling): + - Stop failing when key files are zero-length. Instead, generate new + keys, and overwrite the empty key files. + Fixes bug 13111; bugfix on all versions of Tor. Patch by "teor". + - Stop generating a fresh .old RSA key file when the .old file is + missing. Fixes part of 13111; bugfix on 0.0.6rc1. + - Avoid overwriting .old key files with empty key files. + - Skip loading zero-length extra info store, router store, stats, state, + and key files. + - Avoid crashing when trying to reload a torrc specified as a relative + path with RunAsDaemon turned on. Fixes bug 13397; bugfix on + 0.2.3.11-alpha. + + o Minor bugfixes (hidden services): + - Close the intro circuit once we don't have any more usable intro + points instead of making it timeout at some point. This also make sure + no extra HS descriptor fetch is triggered. + Fixes bug 14224; bugfix on 0.0.6. + - When fetching a hidden service descriptor for a down service that we + recently up, do not keep refetching until we try the same replica twice + in a row. Fixes bug 14219; bugfix on 0.2.0.10-alpha. + - Successfully launch Tor with a nonexistent hidden service directory. + Our fix for bug 13942 didn't catch this case. Fixes bug 14106; + bugfix on 0.2.6.2-alpha. + + o Minor bugfixes (logging): + - Avoid crashing when there are more log domains than entries in + domain_list. Bugfix on 0.2.3.1-alpha. + - Add a string representation for LD_SCHED. Fixes bug 14740; + bugfix on 0.2.6.1-alpha. + + o Minor bugfixes (parsing): + - Stop accepting milliseconds (or other junk) at the end of + descriptor publication times. Fixes bug 9286; bugfix on + 0.0.2pre25. + - Support two-number and three-number version numbers correctly, in + case we change the Tor versioning system in the future. Fixes bug + 13661; bugfix on 0.0.8pre1. + + o Minor bugfixes (portability): + - Fix the ioctl()-based network interface lookup code so that it will + work on systems that have variable-length struct ifreq, for example + Mac OS X. + + o Minor bugfixes (shutdown): + - When shutting down, always call event_del() on lingering read or + write events before freeing them. Otherwise, we risk double-frees + or read-after-frees in event_base_free(). Fixes bug 12985; bugfix on + 0.1.0.2-rc. + + o Minor bugfixes (small memory leaks): + - Avoid leaking memory when using IPv6 virtual address mappings. + Fixes bug 14123; bugfix on 0.2.4.7-alpha. Patch by Tom van der + Woerdt. + + o Minor bugfixes (statistics): + - Increase period over which bandwidth observations are aggregated + from 15 minutes to 4 hours. Fixes bug 13988; bugfix on 0.0.8pre1. + + o Minor bugfixes (systemd support): + - Fix detection and operation of systemd watchdog. Fixes part of + bug 14141; bugfix on 0.2.6.2-alpha. Patch from Tomasz Torcz. + - Run correctly under systemd with the RunAsDaemon option set. + Fixes part of bug 14141; bugfix on 0.2.5.7-rc. Patch from Tomasz + Torcz. + - Inform the systemd supervisor about more changes in the Tor process + status. Implements part of ticket 14141. Patch from Tomasz Torcz. + - Cause the "--disable-systemd" option to actually disable systemd + support. Fixes bug 14350; bugfix on 0.2.6.2-alpha. Patch from + "blueness". + + o Minor bugfixes (TLS): + - Check more thoroughly throughout the TLS code for possible unlogged + TLS errors. Possible diagnostic or fix for bug 13319. + + o Code simplification and refactoring: + - Move fields related to isolating and configuring client ports + into a shared structure. Previously, they were duplicated across + port_cfg_t, listener_connection_t, and edge_connection_t. + Failure to copy one of them correctly had been the cause of at + least one bug in the past. Closes ticket 8546. + - Refactor the get_interface_addresses_raw() Doom-function into + multiple smaller and easier to understand subfunctions. Cover the + resulting subfunctions with unit-tests. Fixes a significant portion + of issue 12376. + - Remove workaround in dirserv_thinks_router_is_hs_dir() that was only + for version <= 0.2.2.24 which is now deprecated. Closes ticket 14202. + - Remove a test for a long-defunct broken version-one directory server. + + o Documentation: + - Adding section on OpenBSD to our TUNING document. Thanks to + mmcc for writing the OpenBSD-specific tips. Resolves ticket + 13702. + - Make the tor-resolve documentation match its help string and its + options. Resolves part of ticket 14325. + - Log a more useful error message from tor-resolve when failing to + look up a hidden service address. Resolves part of ticket 14325. + + o Downgraded warnings: + - Don't warn when we've attempted to contact a relay using the wrong + ntor onion key. Closes ticket 9635. + + o Testing: + - Make the checkdir/perms test complete successfully even if the + global umask is not 022. Fixes bug 14215; bugfix on 0.2.6.2-alpha. + - Test that tor does not fail when key files are zero-length. + Check that tor generates new keys, and overwrites the empty key files. + - Test that tor generates new keys when keys are missing (existing + behaviour). + - Test that tor does not overwrite key files that already contain data + (existing behaviour). + Tests bug 13111. Patch by "teor". + - New "make test-stem" target to run stem integration tests. + Requires that the "STEM_SOURCE_DIR" environment variable be set. + Closes ticket 14107. + - Make the test_cmdline_args.py script work correctly on Windows. + Patch from Gisle Vanem. + - Move the slower unit tests into a new "./src/test/test-slow" binary + that can be run independently of the other tests. Closes ticket 13243. + - Avoid undefined behavior when sampling huge values from the + Laplace distribution. This made unittests fail on Raspberry Pi. + Bug found by Device. Fixes bug 14090; bugfix on 0.2.6.2-alpha. + + + Changes in version 0.2.6.2-alpha - 2014-12-31 Tor 0.2.6.2-alpha is the second alpha release in the 0.2.6.x series. It introduces a major new backend for deciding when to send cells on |