diff options
Diffstat (limited to 'ChangeLog')
-rw-r--r-- | ChangeLog | 354 |
1 files changed, 177 insertions, 177 deletions
@@ -150,100 +150,6 @@ Changes in version 0.4.7.2-alpha - 2021-10-26 ticket 40485. -Changes in version 0.4.7.1-alpha - 2021-09-17 - This version is the first alpha release of the 0.4.7.x series. One - major feature is Vanguards Lite, from proposal 333, to help mitigate - guard discovery attacks against onion services. It also includes - numerous bugfixes. - - o Major features (Proposal 332, onion services, guard selection algorithm): - - Clients and onion services now choose four long-lived "layer 2" - guard relays for use as the middle hop in all onion circuits. - These relays are kept in place for a randomized duration averaging - 1 week. This mitigates guard discovery attacks against clients and - short-lived onion services such as OnionShare. Long-lived onion - services that need high security should still use the Vanguards - addon (https://github.com/mikeperry-tor/vanguards). Closes ticket - 40363; implements proposal 333. - - o Minor features (bridge testing support): - - Let external bridge reachability testing tools discard cached - bridge descriptors when setting new bridges, so they can be sure - to get a clean reachability test. Implements ticket 40209. - - o Minor features (fuzzing): - - When building with --enable-libfuzzer, use a set of compiler flags - that works with more recent versions of the library. Previously we - were using a set of flags from 2017. Closes ticket 40407. - - o Minor features (testing configuration): - - When TestingTorNetwork is enabled, skip the permissions check on - hidden service directories. Closes ticket 40338. - - On a testing network, relays can now use the - TestingMinTimeToReportBandwidth option to change the smallest - amount of time over which they're willing to report their observed - maximum bandwidth. Previously, this was fixed at 1 day. For - safety, values under 2 hours are only supported on testing - networks. Part of a fix for ticket 40337. - - Relays on testing networks no longer rate-limit how frequently - they are willing to report new bandwidth measurements. Part of a - fix for ticket 40337. - - Relays on testing networks now report their observed bandwidths - immediately from startup. Previously, they waited until they had - been running for a full day. Closes ticket 40337. - - o Minor bugfixes (circuit padding): - - Don't send STOP circuit padding cells when the other side has - already shut down the corresponding padding machine. Fixes bug - 40435; bugfix on 0.4.0.1-alpha. - - o Minor bugfixes (compatibility): - - Fix compatibility with the most recent Libevent versions, which no - longer have an evdns_set_random_bytes() function. Because this - function has been a no-op since Libevent 2.0.4-alpha, it is safe - for us to just stop calling it. Fixes bug 40371; bugfix - on 0.2.1.7-alpha. - - o Minor bugfixes (control, sandbox): - - Allows the control command SAVECONF to succeed when the seccomp - sandbox is enabled. Makes SAVECONF keep only one backup file, to - simplify implementation. Fixes bug 40317; bugfix on 0.2.5.4-alpha. - Patch by Daniel Pinto. - - o Minor bugfixes (heartbeat): - - Adjust the heartbeat log message about distinct clients to - consider the HeartbeatPeriod rather than a flat 6-hour delay. - Fixes bug 40330; bugfix on 0.2.6.3-alpha. - - o Minor bugfixes (logging, relay): - - Add spaces between the "and" when logging the "Your server has not - managed to confirm reachability for its" on dual-stack relays. - Fixes bug 40453; bugfix on 0.4.5.1-alpha. Patch by Neel Chauhan. - - o Minor bugfixes (onion service): - - Do not flag an HSDir as non-running in case the descriptor upload - or fetch fails. An onion service closes pending directory - connections before uploading a new descriptor which leads to - wrongly flagging many relays and thus affecting circuit path - selection. Fixes bug 40434; bugfix on 0.2.0.13-alpha. - - o Minor bugfixes (statistics): - - Fix a fencepost issue when we check stability_last_downrated where - we called rep_hist_downrate_old_runs() twice. Fixes bug 40394; - bugfix on 0.2.0.5-alpha. Patch by Neel Chauhan. - - o Minor bugfixes (tests): - - Fix a bug that prevented some tests from running with the correct - names. Fixes bug 40365; bugfix on 0.4.3.1-alpha. - - o Documentation: - - Add links to original tor design paper and anonbib to - docs/HACKING/README.1st.md. Closes ticket 33742. Patch from - Emily Bones. - - Describe the "fingerprint-ed25519" file in the tor.1 man page. - Fixes bug 40467; bugfix on 0.4.3.1-alpha. Patch by Neel Chauhan. - - Changes in version 0.4.6.8 - 2021-10-26 This version fixes several bugs from earlier versions of Tor. One highlight is a fix on how we track DNS timeouts to report general @@ -303,52 +209,6 @@ Changes in version 0.4.6.8 - 2021-10-26 Fixes bug 40474; bugfix on 0.4.5.8. -Changes in version 0.4.6.7 - 2021-08-16 - This version fixes several bugs from earlier versions of Tor, - including one that could lead to a denial-of-service attack. Everyone - running an earlier version, whether as a client, a relay, or an onion - service, should upgrade to Tor 0.3.5.16, 0.4.5.10, or 0.4.6.7. - - o Major bugfixes (cryptography, security): - - Resolve an assertion failure caused by a behavior mismatch between - our batch-signature verification code and our single-signature - verification code. This assertion failure could be triggered - remotely, leading to a denial of service attack. We fix this issue - by disabling batch verification. Fixes bug 40078; bugfix on - 0.2.6.1-alpha. This issue is also tracked as TROVE-2021-007 and - CVE-2021-38385. Found by Henry de Valence. - - o Minor feature (fallbackdir): - - Regenerate fallback directories list. Close ticket 40447. - - o Minor features (geoip data): - - Update the geoip files to match the IPFire Location Database, as - retrieved on 2021/08/12. - - o Minor bugfix (crypto): - - Disable the unused batch verification feature of ed25519-donna. - Fixes bug 40078; bugfix on 0.2.6.1-alpha. Found by Henry - de Valence. - - o Minor bugfixes (onion service): - - Send back the extended SOCKS error 0xF6 (Onion Service Invalid - Address) for a v2 onion address. Fixes bug 40421; bugfix - on 0.4.6.2-alpha. - - o Minor bugfixes (relay): - - Reduce the compression level for data streaming from HIGH to LOW - in order to reduce CPU load on the directory relays. Fixes bug - 40301; bugfix on 0.3.5.1-alpha. - - o Minor bugfixes (timekeeping): - - Calculate the time of day correctly on systems where the time_t - type includes leap seconds. (This is not the case on most - operating systems, but on those where it occurs, our tor_timegm - function did not correctly invert the system's gmtime function, - which could result in assertion failures when calculating voting - schedules.) Fixes bug 40383; bugfix on 0.2.0.3-alpha. - - Changes in version 0.4.5.11 - 2021-10-26 The major change in this version is that v2 onion services are now disabled at the client, service, and relay: any Tor nodes running this @@ -430,6 +290,183 @@ Changes in version 0.4.5.11 - 2021-10-26 Fixes bug 40474; bugfix on 0.4.5.8. +Changes in version 0.3.5.17 - 2021-10-26 + The major change in this version is that v2 onion services are now + disabled at the client, service, and relay: any Tor nodes running this + version and onward will stop supporting v2 onion services. This is the + last step in the long deprecation process of v2 onion services. + Everyone running an earlier version, whether as a client, a relay, or + an onion service, should upgrade to Tor 0.3.5.17, 0.4.5.11, + or 0.4.6.8. + + o Major feature (onion service v2, backport from 0.4.5.11): + - See https://blog.torproject.org/v2-deprecation-timeline for + details on how to transition from v2 to v3. + - The control port commands HSFETCH and HSPOST no longer allow + version 2, and it is no longer possible to create a v2 service + with ADD_ONION. + - Tor no longer allows creating v2 services, or connecting as a + client to a v2 service. Relays will decline to be a v2 HSDir or + introduction point. This effectively disables onion service + version 2 Tor-wide. Closes ticket 40476. + + o Minor features (bridge, backport from 0.4.6.8): + - We now announce the URL to Tor's new bridge status at + https://bridges.torproject.org/ when Tor is configured to run as a + bridge relay. Closes ticket 30477. + + o Minor features (fallbackdir): + - Regenerate fallback directories for October 2021. Closes + ticket 40493. + + o Minor bugfixes (compatibility, backport from 0.4.6.8): + - Fix compatibility with the most recent Libevent versions, which no + longer have an evdns_set_random_bytes() function. Because this + function has been a no-op since Libevent 2.0.4-alpha, it is safe + for us to just stop calling it. Fixes bug 40371; bugfix + on 0.2.1.7-alpha. + + +Changes in version 0.4.7.1-alpha - 2021-09-17 + This version is the first alpha release of the 0.4.7.x series. One + major feature is Vanguards Lite, from proposal 333, to help mitigate + guard discovery attacks against onion services. It also includes + numerous bugfixes. + + o Major features (Proposal 332, onion services, guard selection algorithm): + - Clients and onion services now choose four long-lived "layer 2" + guard relays for use as the middle hop in all onion circuits. + These relays are kept in place for a randomized duration averaging + 1 week. This mitigates guard discovery attacks against clients and + short-lived onion services such as OnionShare. Long-lived onion + services that need high security should still use the Vanguards + addon (https://github.com/mikeperry-tor/vanguards). Closes ticket + 40363; implements proposal 333. + + o Minor features (bridge testing support): + - Let external bridge reachability testing tools discard cached + bridge descriptors when setting new bridges, so they can be sure + to get a clean reachability test. Implements ticket 40209. + + o Minor features (fuzzing): + - When building with --enable-libfuzzer, use a set of compiler flags + that works with more recent versions of the library. Previously we + were using a set of flags from 2017. Closes ticket 40407. + + o Minor features (testing configuration): + - When TestingTorNetwork is enabled, skip the permissions check on + hidden service directories. Closes ticket 40338. + - On a testing network, relays can now use the + TestingMinTimeToReportBandwidth option to change the smallest + amount of time over which they're willing to report their observed + maximum bandwidth. Previously, this was fixed at 1 day. For + safety, values under 2 hours are only supported on testing + networks. Part of a fix for ticket 40337. + - Relays on testing networks no longer rate-limit how frequently + they are willing to report new bandwidth measurements. Part of a + fix for ticket 40337. + - Relays on testing networks now report their observed bandwidths + immediately from startup. Previously, they waited until they had + been running for a full day. Closes ticket 40337. + + o Minor bugfixes (circuit padding): + - Don't send STOP circuit padding cells when the other side has + already shut down the corresponding padding machine. Fixes bug + 40435; bugfix on 0.4.0.1-alpha. + + o Minor bugfixes (compatibility): + - Fix compatibility with the most recent Libevent versions, which no + longer have an evdns_set_random_bytes() function. Because this + function has been a no-op since Libevent 2.0.4-alpha, it is safe + for us to just stop calling it. Fixes bug 40371; bugfix + on 0.2.1.7-alpha. + + o Minor bugfixes (control, sandbox): + - Allows the control command SAVECONF to succeed when the seccomp + sandbox is enabled. Makes SAVECONF keep only one backup file, to + simplify implementation. Fixes bug 40317; bugfix on 0.2.5.4-alpha. + Patch by Daniel Pinto. + + o Minor bugfixes (heartbeat): + - Adjust the heartbeat log message about distinct clients to + consider the HeartbeatPeriod rather than a flat 6-hour delay. + Fixes bug 40330; bugfix on 0.2.6.3-alpha. + + o Minor bugfixes (logging, relay): + - Add spaces between the "and" when logging the "Your server has not + managed to confirm reachability for its" on dual-stack relays. + Fixes bug 40453; bugfix on 0.4.5.1-alpha. Patch by Neel Chauhan. + + o Minor bugfixes (onion service): + - Do not flag an HSDir as non-running in case the descriptor upload + or fetch fails. An onion service closes pending directory + connections before uploading a new descriptor which leads to + wrongly flagging many relays and thus affecting circuit path + selection. Fixes bug 40434; bugfix on 0.2.0.13-alpha. + + o Minor bugfixes (statistics): + - Fix a fencepost issue when we check stability_last_downrated where + we called rep_hist_downrate_old_runs() twice. Fixes bug 40394; + bugfix on 0.2.0.5-alpha. Patch by Neel Chauhan. + + o Minor bugfixes (tests): + - Fix a bug that prevented some tests from running with the correct + names. Fixes bug 40365; bugfix on 0.4.3.1-alpha. + + o Documentation: + - Add links to original tor design paper and anonbib to + docs/HACKING/README.1st.md. Closes ticket 33742. Patch from + Emily Bones. + - Describe the "fingerprint-ed25519" file in the tor.1 man page. + Fixes bug 40467; bugfix on 0.4.3.1-alpha. Patch by Neel Chauhan. + + +Changes in version 0.4.6.7 - 2021-08-16 + This version fixes several bugs from earlier versions of Tor, + including one that could lead to a denial-of-service attack. Everyone + running an earlier version, whether as a client, a relay, or an onion + service, should upgrade to Tor 0.3.5.16, 0.4.5.10, or 0.4.6.7. + + o Major bugfixes (cryptography, security): + - Resolve an assertion failure caused by a behavior mismatch between + our batch-signature verification code and our single-signature + verification code. This assertion failure could be triggered + remotely, leading to a denial of service attack. We fix this issue + by disabling batch verification. Fixes bug 40078; bugfix on + 0.2.6.1-alpha. This issue is also tracked as TROVE-2021-007 and + CVE-2021-38385. Found by Henry de Valence. + + o Minor feature (fallbackdir): + - Regenerate fallback directories list. Close ticket 40447. + + o Minor features (geoip data): + - Update the geoip files to match the IPFire Location Database, as + retrieved on 2021/08/12. + + o Minor bugfix (crypto): + - Disable the unused batch verification feature of ed25519-donna. + Fixes bug 40078; bugfix on 0.2.6.1-alpha. Found by Henry + de Valence. + + o Minor bugfixes (onion service): + - Send back the extended SOCKS error 0xF6 (Onion Service Invalid + Address) for a v2 onion address. Fixes bug 40421; bugfix + on 0.4.6.2-alpha. + + o Minor bugfixes (relay): + - Reduce the compression level for data streaming from HIGH to LOW + in order to reduce CPU load on the directory relays. Fixes bug + 40301; bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (timekeeping): + - Calculate the time of day correctly on systems where the time_t + type includes leap seconds. (This is not the case on most + operating systems, but on those where it occurs, our tor_timegm + function did not correctly invert the system's gmtime function, + which could result in assertion failures when calculating voting + schedules.) Fixes bug 40383; bugfix on 0.2.0.3-alpha. + + Changes in version 0.4.5.10 - 2021-08-16 This version fixes several bugs from earlier versions of Tor, including one that could lead to a denial-of-service attack. Everyone @@ -479,43 +516,6 @@ Changes in version 0.4.5.10 - 2021-08-16 versions of NSS. Fixes bug 40409; bugfix on 0.3.5.1-alpha. -Changes in version 0.3.5.17 - 2021-10-26 - The major change in this version is that v2 onion services are now - disabled at the client, service, and relay: any Tor nodes running this - version and onward will stop supporting v2 onion services. This is the - last step in the long deprecation process of v2 onion services. - Everyone running an earlier version, whether as a client, a relay, or - an onion service, should upgrade to Tor 0.3.5.17, 0.4.5.11, - or 0.4.6.8. - - o Major feature (onion service v2, backport from 0.4.5.11): - - See https://blog.torproject.org/v2-deprecation-timeline for - details on how to transition from v2 to v3. - - The control port commands HSFETCH and HSPOST no longer allow - version 2, and it is no longer possible to create a v2 service - with ADD_ONION. - - Tor no longer allows creating v2 services, or connecting as a - client to a v2 service. Relays will decline to be a v2 HSDir or - introduction point. This effectively disables onion service - version 2 Tor-wide. Closes ticket 40476. - - o Minor features (bridge, backport from 0.4.6.8): - - We now announce the URL to Tor's new bridge status at - https://bridges.torproject.org/ when Tor is configured to run as a - bridge relay. Closes ticket 30477. - - o Minor features (fallbackdir): - - Regenerate fallback directories for October 2021. Closes - ticket 40493. - - o Minor bugfixes (compatibility, backport from 0.4.6.8): - - Fix compatibility with the most recent Libevent versions, which no - longer have an evdns_set_random_bytes() function. Because this - function has been a no-op since Libevent 2.0.4-alpha, it is safe - for us to just stop calling it. Fixes bug 40371; bugfix - on 0.2.1.7-alpha. - - Changes in version 0.3.5.16 - 2021-08-16 This version fixes several bugs from earlier versions of Tor, including one that could lead to a denial-of-service attack. Everyone |