summaryrefslogtreecommitdiff
path: root/ChangeLog
diff options
context:
space:
mode:
Diffstat (limited to 'ChangeLog')
-rw-r--r--ChangeLog247
1 files changed, 121 insertions, 126 deletions
diff --git a/ChangeLog b/ChangeLog
index 6a867449e7..250fb2e515 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,67 +1,94 @@
Changes in version 0.2.7.1-alpha - 2015-05-??
Tor 0.2.7.1-alpha is the first alpha release in its series.
+ o New system requirements:
+ - Tor no longer includes workarounds for Libevent versions before
+ 1.3e. Libevent 2.0 or later is recommended. Closes ticket 15248.
+
o Major features (controller):
- Add the ADD_ONION and DEL_ONION commands that allows the creation
and management of hidden services via the controller. Closes
ticket 6411.
- New "GETINFO onions/current" and "GETINFO onions/detached" to get
- information about hidden services created via the controller.
- Part of ticket 6411.
- - New HSFETCH command to launch a request for a hidden service descriptor.
- Closes ticket 14847.
+ information about hidden services created via the controller. Part
+ of ticket 6411.
+ - New HSFETCH command to launch a request for a hidden service
+ descriptor. Closes ticket 14847.
o Major bugfixes (hidden services):
- - Revert commit that made directory authority assign the HSDir flag to
- relay without a DirPort which is bad because relay can't handle
+ - Revert commit that made directory authority assign the HSDir flag
+ to relay without a DirPort which is bad because relay can't handle
BEGIN_DIR cells. Fixes bug 15850; bugfix on tor-0.2.6.3-alpha.
- o Minor features (HS popularity countermeasure):
- - To avoid leaking HS popularity, don't cycle the introduction point
- when we've handled a fixed number of INTRODUCE2 cells but instead
- cycle it when a random value of introductions is reached thus making
- it more difficult for an attacker to find out the amount of clients
- that has passed through the introduction point for a specific HS.
- Closes ticket 15745.
+ o Minor features (clock-jump tolerance):
+ - Recover better when our clock jumps back many hours, like might
+ happen for Tails or Whonix users who start with a very wrong
+ hardware clock, use Tor to discover a more accurate time, and then
+ fix their clock. Resolves part of ticket 8766. [I'd call this a
+ major feature if it actually fixed all of the issues.]
o Minor features (command-line interface):
- - Make --hash-password imply --hush to prevent unnecessary noise. Closes
- ticket 15542.
+ - Make --hash-password imply --hush to prevent unnecessary noise.
+ Closes ticket 15542.
+ - Print a warning whenever we find a relative file path being used
+ as torrc option. Resolves issue 14018.
+ - The "--hash-password" option now implies "--hush" to avoid
+ needless noise. Closes ticket 15542. Patch from "cypherpunks".
+
+ o Minor features (controller):
+ - Controllers can now use GETINFO hs/client/desc/id/... to retrieve
+ items from the client's hidden service descriptor cache. Closes
+ ticket 14845.
- o Minor features (controller)
- - Controllers can now use GETINFO hs/client/desc/id/... to
- retrieve items from the client's hidden service descriptor
- cache. Closes ticket 14845.
+ o Minor features (controller):
+ - Add DirAuthority lines for default directory authorities to output
+ of the GETINFO config/defaults controller command if not already
+ present. Implements ticket 14840.
+ - Implement a new controller command "status/fresh-relay-descs" to
+ fetch a descriptor/extrainfo pair that was generated on demand
+ just for the controller's use. Implements ticket 14784.
o Minor features (DoS-resistance):
- Make it harder for attackers to overwhelm hidden services with
introductions, by blocking multiple introduction requests on the
same circuit. Resolves ticket 15515.
+ o Minor features (geoip):
+ - Update geoip to the April 8 2015 Maxmind GeoLite2 Country database.
+ - Update geoip6 to the April 8 2015 Maxmind GeoLite2
+ Country database.
+
+ o Minor features (HS popularity countermeasure):
+ - To avoid leaking HS popularity, don't cycle the introduction point
+ when we've handled a fixed number of INTRODUCE2 cells but instead
+ cycle it when a random value of introductions is reached thus
+ making it more difficult for an attacker to find out the amount of
+ clients that has passed through the introduction point for a
+ specific HS. Closes ticket 15745.
+
o Minor features (logging):
- Include the Tor version in all LD_BUG log messages, since people
tend to cut and paste those into the bugtracker. Implements
ticket 15026.
o Minor features (pluggable transports):
- - When launching managed pluggable transports, setup a valid open stdin
- in the child process that can be used to detect if tor has terminated.
- The "TOR_PT_EXIT_ON_STDIN_CLOSE" enviornment variable can be used by
- implementations to detect this new behavior. Resolves ticket 15435.
+ - When launching managed pluggable transports, setup a valid open
+ stdin in the child process that can be used to detect if tor has
+ terminated. The "TOR_PT_EXIT_ON_STDIN_CLOSE" enviornment variable
+ can be used by implementations to detect this new behavior.
+ Resolves ticket 15435.
- When launching managed pluggable transports on linux systems,
- attempt to have the kernel deliver a SIGTERM on tor exit if
- the pluggable transport process is still running. Resolves
+ attempt to have the kernel deliver a SIGTERM on tor exit if the
+ pluggable transport process is still running. Resolves
ticket 15471.
-
o Minor features (testing):
- - Add make rule `check-changes` to verify the format of changes files.
- Closes ticket 15180.
- - Add unit tests for control_event_is_interesting().
- Add a compile-time check that the number of events doesn't exceed
- the capacity of control_event_t.event_mask.
- Closes ticket 15431, checks for bugs similar to 13085.
- Patch by "teor".
+ - Add make rule `check-changes` to verify the format of changes
+ files. Closes ticket 15180.
+ - Add unit tests for control_event_is_interesting(). Add a compile-
+ time check that the number of events doesn't exceed the capacity
+ of control_event_t.event_mask. Closes ticket 15431, checks for
+ bugs similar to 13085. Patch by "teor".
- Commandline argument tests moved to Stem. Resolves ticket 14806.
- Integrate the ntor, backtrace and zero lengths keys tests into the
automake test suite. Closes ticket 15344.
@@ -73,60 +100,35 @@ Changes in version 0.2.7.1-alpha - 2015-05-??
- Add a test to verify that the compiler does not eliminate our
memwipe() implementation. Closes ticket 15377.
- o Minor features (controller):
- - Add DirAuthority lines for default directory authorities to output
- of the GETINFO config/defaults controller command if not already
- present. Implements ticket 14840.
- - Implement a new controller command "status/fresh-relay-descs" to
- fetch a descriptor/extrainfo pair that was generated on demand
- just for the controller's use. Implements ticket 14784.
-
- o Minor features (command-line interface):
- - Print a warning whenever we find a relative
- file path being used as torrc option. Resolves issue 14018.
- - The "--hash-password" option now implies "--hush" to avoid needless
- noise. Closes ticket 15542. Patch from "cypherpunks".
-
- o Minor features (clock-jump tolerance):
- - Recover better when our clock jumps back many hours, like might
- happen for Tails or Whonix users who start with a very wrong
- hardware clock, use Tor to discover a more accurate time, and then
- fix their clock. Resolves part of ticket 8766.
- [I'd call this a major feature if it actually fixed all of the issues.]
-
- o Minor features (geoip):
- - Update geoip to the April 8 2015 Maxmind GeoLite2 Country database.
- - Update geoip6 to the April 8 2015 Maxmind GeoLite2 Country database.
-
- o Minor bugfixes (statistics):
- - Disregard the ConnDirectionStatistics torrc options when Tor is
- not a relay since in that mode of operation no sensible data is
- being collected and because Tor might run into measurement hiccups
- when running as a client for some time, then becoming a relay. Fixes
- bug 15604; bugfix on 0.2.2.35.
-
o Minor bugfixes (build):
- - Improve out-of-tree builds by making non-standard rules work and clean up
- additional files and directories. Fixes bug 15053; bugfix on
- 0.2.7.0-alpha.
+ - Improve out-of-tree builds by making non-standard rules work and
+ clean up additional files and directories. Fixes bug 15053; bugfix
+ on 0.2.7.0-alpha.
o Minor bugfixes (command-line interface):
- When "--quiet" is provided along with "--validate-config", do not
- write anything to stdout on success. Fixes bug 14994; bugfix on
- 0.2.3.3-alpha.
+ write anything to stdout on success. Fixes bug 14994; bugfix
+ on 0.2.3.3-alpha.
- When complaining about bad arguments to "--dump-config", use
stderr, not stdout.
o Minor bugfixes (configuration, unit tests):
- Only add the default fallback directories when the DirAuthorities,
AlternateDirAuthority, and FallbackDir directory config options
- are set to their defaults.
- The default fallback directory list is currently empty, this fix
- will only change tor's behaviour when it has default fallback
- directories.
- Includes unit tests for consider_adding_dir_servers().
- Fixes bug 15642; bugfix on 90f6071d8dc0 in 0.2.4.7-alpha.
- Patch by "teor".
+ are set to their defaults. The default fallback directory list is
+ currently empty, this fix will only change tor's behaviour when it
+ has default fallback directories. Includes unit tests for
+ consider_adding_dir_servers(). Fixes bug 15642; bugfix on
+ 90f6071d8dc0 in 0.2.4.7-alpha. Patch by "teor".
+
+ o Minor bugfixes (correctness):
+ - Remove side-effects from tor_assert() calls. This was harmless,
+ because we never disable assertions, but it is bad style and
+ unnecessary. Fixes bug 15211; bugfix on 0.2.5.5, 0.2.2.36,
+ and 0.2.0.10.
+ - For correctness, avoid modifying a constant string in
+ handle_control_postdescriptor. Fixes bug 15546; bugfix
+ on 0.1.1.16-rc.
o Minor bugfixes (hidden service):
- Remove an extraneous newline character from the end of hidden
@@ -135,61 +137,55 @@ Changes in version 0.2.7.1-alpha - 2015-05-??
o Minor bugfixes (interface):
- Print usage information for --dump-config when it is used without
an argument. Also, fix the error message to use different wording
- and add newline at the end. Fixes bug 15541; bugfix on 0.2.5.1-alpha.
+ and add newline at the end. Fixes bug 15541; bugfix
+ on 0.2.5.1-alpha.
o Minor bugfixes (logs):
- When building Tor under Clang, do not include an extra set of
- parentheses in log messages that include function names.
- Fixes bug 15269; bugfix on every released version of Tor when
- compiled with recent enough Clang.
-
- o Minor bugfixes (test networks)
- - When self-testing reachability, use ExtendAllowPrivateAddresses
- to determine if local/private addresses imply reachability.
- The previous fix used TestingTorNetwork, which implies
+ parentheses in log messages that include function names. Fixes bug
+ 15269; bugfix on every released version of Tor when compiled with
+ recent enough Clang.
+
+ o Minor bugfixes (network):
+ - When attempting to use fallback technique for network interface
+ lookup, disregard loopback and multicast addresses since they are
+ unsuitable for public communications.
+
+ o Minor bugfixes (statistics):
+ - Disregard the ConnDirectionStatistics torrc options when Tor is
+ not a relay since in that mode of operation no sensible data is
+ being collected and because Tor might run into measurement hiccups
+ when running as a client for some time, then becoming a relay.
+ Fixes bug 15604; bugfix on 0.2.2.35.
+
+ o Minor bugfixes (test networks):
+ - When self-testing reachability, use ExtendAllowPrivateAddresses to
+ determine if local/private addresses imply reachability. The
+ previous fix used TestingTorNetwork, which implies
ExtendAllowPrivateAddresses, but this excluded rare configs where
ExtendAllowPrivateAddresses is set but TestingTorNetwork is not.
- Fixes bug 15771; bugfix on 0.2.6.1-alpha.
- Patch by "teor", issue discovered by CJ Ess.
+ Fixes bug 15771; bugfix on 0.2.6.1-alpha. Patch by "teor", issue
+ discovered by CJ Ess.
o Minor bugfixes (testing):
- - Set the severity correctly when testing get_interface_addresses_ifaddrs()
- and get_interface_addresses_win32(), so that the tests fail gracefully
+ - Set the severity correctly when testing
+ get_interface_addresses_ifaddrs() and
+ get_interface_addresses_win32(), so that the tests fail gracefully
instead of triggering an assertion. Fixes bug 15759; bugfix on
0.2.6.3-alpha. Reported by Nicolas Derive.
- - Check for matching value in server response in ntor_ref.py.
- Fixes bug 15591; bugfix on 0.2.4.8-alpha. Reported and fixed
+ - Check for matching value in server response in ntor_ref.py. Fixes
+ bug 15591; bugfix on 0.2.4.8-alpha. Reported and fixed
by "joelanders".
- o Minor bugfixes (correctness):
- - Remove side-effects from tor_assert() calls. This was harmless,
- because we never disable assertions, but it is bad style and
- unnecessary. Fixes bug 15211; bugfix on 0.2.5.5, 0.2.2.36, and
- 0.2.0.10.
- - For correctness, avoid modifying a constant string in
- handle_control_postdescriptor. Fixes bug 15546; bugfix on
- 0.1.1.16-rc.
-
- o Minor bugfixes (network):
- - When attempting to use fallback technique for network interface
- lookup, disregard loopback and multicast addresses since they are
- unsuitable for public communications.
-
o Code simplification and refactoring:
- - Move the hacky fallback code out of get_interface_address6()
- into separate function and get it covered with unit-tests. Resolves
+ - Move the hacky fallback code out of get_interface_address6() into
+ separate function and get it covered with unit-tests. Resolves
ticket 14710.
- Refactor hidden service client-side cache lookup to intelligently
report its various failure cases, and disentangle failure cases
involving a lack of introduction points. Closes ticket 14391.
- - Use our own Base64 encoder instead of OpenSSL's, to allow more control
- over the output. Part of ticket 15652.
-
- o Removed code:
- - Remove `USE_OPENSSL_BASE64` and the corresponding fallback code and
- always use the internal Base64 decoder. The internal decoder has been
- part of tor since tor-0.2.0.10-alpha, and no one should be using the
- OpenSSL one. Part of ticket 15652.
+ - Use our own Base64 encoder instead of OpenSSL's, to allow more
+ control over the output. Part of ticket 15652.
o Documentation:
- Improve the descriptions of statistics-related torrc options in
@@ -201,22 +197,21 @@ Changes in version 0.2.7.1-alpha - 2015-05-??
Previously, we had used "router descriptor", "server descriptor",
and "relay descriptor" interchangeably. Part of ticket 14987.
- o New system requirements:
- - Tor no longer includes workarounds for Libevent versions before 1.3e.
- Libevent 2.0 or later is recommended. Closes ticket 15248.
-
o Removed code:
+ - Remove `USE_OPENSSL_BASE64` and the corresponding fallback code
+ and always use the internal Base64 decoder. The internal decoder
+ has been part of tor since tor-0.2.0.10-alpha, and no one should
+ be using the OpenSSL one. Part of ticket 15652.
- Remove the 'tor_strclear()' function; use memwipe() instead.
Closes ticket 14922.
o Removed features:
- - Remove the (seldom-used) DynamicDHGroups feature. For
- anti-fingerprinting we now recommend pluggable transports; for
- forward-secrecy in TLS, we now use the P-256 group.
- Closes ticket 13736.
+ - Remove the (seldom-used) DynamicDHGroups feature. For anti-
+ fingerprinting we now recommend pluggable transports; for forward-
+ secrecy in TLS, we now use the P-256 group. Closes ticket 13736.
- Remove the undocumented "--digests" command-line option. It
- complicated our build process, caused subtle build issues
- on multiple platforms, and is now redundant since we started
+ complicated our build process, caused subtle build issues on
+ multiple platforms, and is now redundant since we started
including git version identifiers. Closes ticket 14742.
- Tor no longer contains workarounds for stat files generated by
super-old versions of Tor that didn't choose guards sensibly.