summaryrefslogtreecommitdiff
path: root/ChangeLog
diff options
context:
space:
mode:
Diffstat (limited to 'ChangeLog')
-rw-r--r--ChangeLog309
1 files changed, 308 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog
index b5dc9f692a..7b6bd25c8b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,310 @@
+Changes in version 0.4.3.6 - 2020-07-09
+ Tor 0.4.3.6 backports several bugfixes from later releases, including
+ some affecting usability.
+
+ This release also fixes TROVE-2020-001, a medium-severity denial of
+ service vulnerability affecting all versions of Tor when compiled with
+ the NSS encryption library. (This is not the default configuration.)
+ Using this vulnerability, an attacker could cause an affected Tor
+ instance to crash remotely. This issue is also tracked as CVE-2020-
+ 15572. Anybody running a version of Tor built with the NSS library
+ should upgrade to 0.3.5.11, 0.4.2.8, 0.4.3.6, or 0.4.4.2-alpha
+ or later.
+
+ o Major bugfixes (NSS, security, backport from 0.4.4.2-alpha):
+ - Fix a crash due to an out-of-bound memory access when Tor is
+ compiled with NSS support. Fixes bug 33119; bugfix on
+ 0.3.5.1-alpha. This issue is also tracked as TROVE-2020-001
+ and CVE-2020-15572.
+
+ o Minor bugfix (CI, Windows, backport from 0.4.4.2-alpha):
+ - Use the correct 64-bit printf format when compiling with MINGW on
+ Appveyor. Fixes bug 40026; bugfix on 0.3.5.5-alpha.
+
+ o Minor bugfixes (client performance, backport from 0.4.4.1-alpha):
+ - Resume use of preemptively-built circuits when UseEntryGuards is set
+ to 0. We accidentally disabled this feature with that config
+ setting, leading to slower load times. Fixes bug 34303; bugfix
+ on 0.3.3.2-alpha.
+
+ o Minor bugfixes (compiler warnings, backport from 0.4.4.2-alpha):
+ - Fix a compiler warning on platforms with 32-bit time_t values.
+ Fixes bug 40028; bugfix on 0.3.2.8-rc.
+
+ o Minor bugfixes (linux seccomp sandbox, nss, backport from 0.4.4.1-alpha):
+ - Fix a startup crash when tor is compiled with --enable-nss and
+ sandbox support is enabled. Fixes bug 34130; bugfix on
+ 0.3.5.1-alpha. Patch by Daniel Pinto.
+
+ o Minor bugfixes (logging, backport from 0.4.4.2-alpha):
+ - Downgrade a noisy log message that could occur naturally when
+ receiving an extrainfo document that we no longer want. Fixes bug
+ 16016; bugfix on 0.2.6.3-alpha.
+
+ o Minor bugfixes (manual page, backport from 0.4.4.1-alpha):
+ - Update the man page to reflect that MinUptimeHidServDirectoryV2
+ defaults to 96 hours. Fixes bug 34299; bugfix on 0.2.6.3-alpha.
+
+ o Minor bugfixes (onion service v3, backport from 0.4.4.1-alpha):
+ - Prevent an assert() that would occur when cleaning the client
+ descriptor cache, and attempting to close circuits for a non-
+ decrypted descriptor (lacking client authorization). Fixes bug
+ 33458; bugfix on 0.4.2.1-alpha.
+
+ o Minor bugfixes (portability, backport from 0.4.4.1-alpha):
+ - Fix a portability error in the configure script, where we were
+ using "==" instead of "=". Fixes bug 34233; bugfix on 0.4.3.5.
+
+ o Minor bugfixes (relays, backport from 0.4.4.1-alpha):
+ - Stop advertising incorrect IPv6 ORPorts in relay and bridge
+ descriptors, when the IPv6 port was configured as "auto". Fixes
+ bug 32588; bugfix on 0.2.3.9-alpha.
+
+ o Documentation (backport from 0.4.4.1-alpha):
+ - Fix several doxygen warnings related to imbalanced groups. Closes
+ ticket 34255.
+
+
+Changes in version 0.4.3.5 - 2020-05-15
+ Tor 0.4.3.5 is the first stable release in the 0.4.3.x series. This
+ series adds support for building without relay code enabled, and
+ implements functionality needed for OnionBalance with v3 onion
+ services. It includes significant refactoring of our configuration and
+ controller functionality, and fixes numerous smaller bugs and
+ performance issues.
+
+ Per our support policy, we support each stable release series for nine
+ months after its first stable release, or three months after the first
+ stable release of the next series: whichever is longer. This means
+ that 0.4.3.x will be supported until around February 2021--later, if
+ 0.4.4.x is later than anticipated.
+
+ Note also that support for 0.4.1.x is about to end on May 20 of this
+ year; 0.4.2.x will be supported until September 15. We still plan to
+ continue supporting 0.3.5.x, our long-term stable series, until
+ Feb 2022.
+
+ Below are the changes since 0.4.3.4-rc. For a complete list of changes
+ since 0.4.2.6, see the ReleaseNotes file.
+
+ o Minor bugfixes (compiler compatibility):
+ - Avoid compiler warnings from Clang 10 related to the use of GCC-
+ style "/* falls through */" comments. Both Clang and GCC allow
+ __attribute__((fallthrough)) instead, so that's what we're using
+ now. Fixes bug 34078; bugfix on 0.3.1.3-alpha.
+ - Fix compilation warnings with GCC 10.0.1. Fixes bug 34077; bugfix
+ on 0.4.0.3-alpha.
+
+ o Minor bugfixes (logging):
+ - Stop truncating IPv6 addresses and ports in channel and connection
+ logs. Fixes bug 33918; bugfix on 0.2.4.4-alpha.
+ - Fix a logic error in a log message about whether an address was
+ invalid. Previously, the code would never report that onion
+ addresses were onion addresses. Fixes bug 34131; bugfix
+ on 0.4.3.1-alpha.
+
+
+Changes in version 0.4.3.4-rc - 2020-04-13
+ Tor 0.4.3.4-rc is the first release candidate in its series. It fixes
+ several bugs from earlier versions, including one affecting DoS
+ defenses on bridges using pluggable transports.
+
+ o Major bugfixes (DoS defenses, bridges, pluggable transport):
+ - Fix a bug that was preventing DoS defenses from running on bridges
+ with a pluggable transport. Previously, the DoS subsystem was not
+ given the transport name of the client connection, thus failed to
+ find the GeoIP cache entry for that client address. Fixes bug
+ 33491; bugfix on 0.3.3.2-alpha.
+
+ o Minor feature (sendme, flow control):
+ - Default to sending SENDME version 1 cells. (Clients are already
+ sending these, because of a consensus parameter telling them to do
+ so: this change only affects what clients would do if the
+ consensus didn't contain a recommendation.) Closes ticket 33623.
+
+ o Minor features (testing):
+ - The unit tests now support a "TOR_SKIP_TESTCASES" environment
+ variable to specify a list of space-separated test cases that
+ should not be executed. We will use this to disable certain tests
+ that are failing on Appveyor because of mismatched OpenSSL
+ libraries. Part of ticket 33643.
+
+ o Minor bugfixes (--disable-module-relay):
+ - Fix an assertion failure when Tor is built without the relay
+ module, and then invoked with the "User" option. Fixes bug 33668;
+ bugfix on 0.4.3.1-alpha.
+
+ o Minor bugfixes (--disable-module-relay,--disable-module-dirauth):
+ - Set some output arguments in the relay and dirauth module stubs,
+ to guard against future stub argument handling bugs like 33668.
+ Fixes bug 33674; bugfix on 0.4.3.1-alpha.
+
+ o Minor bugfixes (build system):
+ - Correctly output the enabled module in the configure summary.
+ Before that, the list shown was just plain wrong. Fixes bug 33646;
+ bugfix on 0.4.3.2-alpha.
+
+ o Minor bugfixes (client, IPv6):
+ - Stop forcing all non-SocksPorts to prefer IPv6 exit connections.
+ Instead, prefer IPv6 connections by default, but allow users to
+ change their configs using the "NoPreferIPv6" port flag. Fixes bug
+ 33608; bugfix on 0.4.3.1-alpha.
+ - Revert PreferIPv6 set by default on the SocksPort because it broke
+ the torsocks use case. Tor doesn't have a way for an application
+ to request the hostname to be resolved for a specific IP version,
+ but torsocks requires that. Up until now, IPv4 was used by default
+ so torsocks is expecting that, and can't handle a possible IPv6
+ being returned. Fixes bug 33804; bugfix on 0.4.3.1-alpha.
+
+ o Minor bugfixes (key portability):
+ - When reading PEM-encoded key data, tolerate CRLF line-endings even
+ if we are not running on Windows. Previously, non-Windows hosts
+ would reject these line-endings in certain positions, making
+ certain key files hard to move from one host to another. Fixes bug
+ 33032; bugfix on 0.3.5.1-alpha.
+
+ o Minor bugfixes (logging):
+ - Flush stderr, stdout, and file logs during shutdown, if supported
+ by the OS. This change helps make sure that any final logs are
+ recorded. Fixes bug 33087; bugfix on 0.4.1.6.
+ - Stop closing stderr and stdout during shutdown. Closing these file
+ descriptors can hide sanitiser logs. Fixes bug 33087; bugfix
+ on 0.4.1.6.
+
+ o Minor bugfixes (onion services v3):
+ - Relax severity of a log message that can appear naturally when
+ decoding onion service descriptors as a relay. Also add some
+ diagnostics to debug any future bugs in that area. Fixes bug
+ 31669; bugfix on 0.3.0.1-alpha.
+ - Block a client-side assertion by disallowing the registration of
+ an x25519 client auth key that's all zeroes. Fixes bug 33545;
+ bugfix on 0.4.3.1-alpha. Based on patch from "cypherpunks".
+
+ o Code simplification and refactoring:
+ - Disable our coding standards best practices tracker in our git
+ hooks. (0.4.3 branches only.) Closes ticket 33678.
+
+ o Testing:
+ - Avoid conflicts between the fake sockets in tor's unit tests, and
+ real file descriptors. Resolves issues running unit tests with
+ GitHub Actions, where the process that embeds or launches the
+ tests has already opened a large number of file descriptors. Fixes
+ bug 33782; bugfix on 0.2.8.1-alpha. Found and fixed by
+ Putta Khunchalee.
+
+ o Testing (CI):
+ - In our Appveyor Windows CI, copy required DLLs to test and app
+ directories, before running tor's tests. This ensures that tor.exe
+ and test*.exe use the correct version of each DLL. This fix is not
+ required, but we hope it will avoid DLL search issues in future.
+ Fixes bug 33673; bugfix on 0.3.4.2-alpha.
+ - On Appveyor, skip the crypto/openssl_version test, which is
+ failing because of a mismatched library installation. Fix
+ for 33643.
+
+
+Changes in version 0.4.3.3-alpha - 2020-03-18
+ Tor 0.4.3.3-alpha fixes several bugs in previous releases, including
+ TROVE-2020-002, a major denial-of-service vulnerability that affected
+ all released Tor instances since 0.2.1.5-alpha. Using this
+ vulnerability, an attacker could cause Tor instances to consume a huge
+ amount of CPU, disrupting their operations for several seconds or
+ minutes. This attack could be launched by anybody against a relay, or
+ by a directory cache against any client that had connected to it. The
+ attacker could launch this attack as much as they wanted, thereby
+ disrupting service or creating patterns that could aid in traffic
+ analysis. This issue was found by OSS-Fuzz, and is also tracked
+ as CVE-2020-10592.
+
+ We do not have reason to believe that this attack is currently being
+ exploited in the wild, but nonetheless we advise everyone to upgrade
+ as soon as packages are available.
+
+ o Major bugfixes (security, denial-of-service):
+ - Fix a denial-of-service bug that could be used by anyone to
+ consume a bunch of CPU on any Tor relay or authority, or by
+ directories to consume a bunch of CPU on clients or hidden
+ services. Because of the potential for CPU consumption to
+ introduce observable timing patterns, we are treating this as a
+ high-severity security issue. Fixes bug 33119; bugfix on
+ 0.2.1.5-alpha. Found by OSS-Fuzz. We are also tracking this issue
+ as TROVE-2020-002 and CVE-2020-10592.
+
+ o Major bugfixes (circuit padding, memory leak):
+ - Avoid a remotely triggered memory leak in the case that a circuit
+ padding machine is somehow negotiated twice on the same circuit.
+ Fixes bug 33619; bugfix on 0.4.0.1-alpha. Found by Tobias Pulls.
+ This is also tracked as TROVE-2020-004 and CVE-2020-10593.
+
+ o Major bugfixes (directory authority):
+ - Directory authorities will now send a 503 (not enough bandwidth)
+ code to clients when under bandwidth pressure. Known relays and
+ other authorities will always be answered regardless of the
+ bandwidth situation. Fixes bug 33029; bugfix on 0.1.2.5-alpha.
+
+ o Minor features (diagnostic):
+ - Improve assertions and add some memory-poisoning code to try to
+ track down possible causes of a rare crash (32564) in the EWMA
+ code. Closes ticket 33290.
+
+ o Minor features (directory authorities):
+ - Directory authorities now reject descriptors from relays running
+ Tor versions from the 0.2.9 and 0.4.0 series. The 0.3.5 series is
+ still allowed. Resolves ticket 32672. Patch by Neel Chauhan.
+
+ o Minor features (usability):
+ - Include more information when failing to parse a configuration
+ value. This should make it easier to tell what's going wrong when
+ a configuration file doesn't parse. Closes ticket 33460.
+
+ o Minor bugfix (relay, configuration):
+ - Warn if the ContactInfo field is not set, and tell the relay
+ operator that not having a ContactInfo field set might cause their
+ relay to get rejected in the future. Fixes bug 33361; bugfix
+ on 0.1.1.10-alpha.
+
+ o Minor bugfixes (coding best practices checks):
+ - Allow the "practracker" script to read unicode files when using
+ Python 2. We made the script use unicode literals in 0.4.3.1-alpha,
+ but didn't change the codec for opening files. Fixes bug 33374;
+ bugfix on 0.4.3.1-alpha.
+
+ o Minor bugfixes (continuous integration):
+ - Remove the buggy and unused mirroring job. Fixes bug 33213; bugfix
+ on 0.3.2.2-alpha.
+
+ o Minor bugfixes (onion service v3, client):
+ - Remove a BUG() warning that would cause a stack trace if an onion
+ service descriptor was freed while we were waiting for a
+ rendezvous circuit to complete. Fixes bug 28992; bugfix
+ on 0.3.2.1-alpha.
+
+ o Minor bugfixes (onion services v3):
+ - Fix an assertion failure that could result from a corrupted
+ ADD_ONION control port command. Found by Saibato. Fixes bug 33137;
+ bugfix on 0.3.3.1-alpha. This issue is also tracked
+ as TROVE-2020-003.
+
+ o Documentation (manpage):
+ - Alphabetize the Server and Directory server sections of the tor
+ manpage. Also split Statistics options into their own section of
+ the manpage. Closes ticket 33188. Work by Swati Thacker as part of
+ Google Season of Docs.
+ - Document the __OwningControllerProcess torrc option and specify
+ its polling interval. Resolves issue 32971.
+
+ o Testing (Travis CI):
+ - Remove a redundant distcheck job. Closes ticket 33194.
+ - Sort the Travis jobs in order of speed: putting the slowest jobs
+ first takes full advantage of Travis job concurrency. Closes
+ ticket 33194.
+ - Stop allowing the Chutney IPv6 Travis job to fail. This job was
+ previously configured to fast_finish (which requires
+ allow_failure), to speed up the build. Closes ticket 33195.
+ - When a Travis chutney job fails, use chutney's new "diagnostics.sh"
+ tool to produce detailed diagnostic output. Closes ticket 32792.
+
+
Changes in version 0.4.3.2-alpha - 2020-02-10
This is the second stable alpha release in the Tor 0.4.3.x series. It
fixes several bugs present in the previous alpha release. Anybody
@@ -415,7 +722,7 @@ Changes in version 0.4.3.1-alpha - 2020-01-22
o Minor bugfixes (controller):
- In routerstatus_has_changed(), check all the fields that are
output over the control port. Fixes bug 20218; bugfix
- on 0.1.1.11-alpha
+ on 0.1.1.11-alpha.
o Minor bugfixes (correctness checks):
- Use GCC/Clang's printf-checking feature to make sure that
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion