summaryrefslogtreecommitdiff
path: root/ChangeLog
diff options
context:
space:
mode:
Diffstat (limited to 'ChangeLog')
-rw-r--r--ChangeLog354
1 files changed, 177 insertions, 177 deletions
diff --git a/ChangeLog b/ChangeLog
index a061775812..d1bc48dc0c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -150,100 +150,6 @@ Changes in version 0.4.7.2-alpha - 2021-10-26
ticket 40485.
-Changes in version 0.4.7.1-alpha - 2021-09-17
- This version is the first alpha release of the 0.4.7.x series. One
- major feature is Vanguards Lite, from proposal 333, to help mitigate
- guard discovery attacks against onion services. It also includes
- numerous bugfixes.
-
- o Major features (Proposal 332, onion services, guard selection algorithm):
- - Clients and onion services now choose four long-lived "layer 2"
- guard relays for use as the middle hop in all onion circuits.
- These relays are kept in place for a randomized duration averaging
- 1 week. This mitigates guard discovery attacks against clients and
- short-lived onion services such as OnionShare. Long-lived onion
- services that need high security should still use the Vanguards
- addon (https://github.com/mikeperry-tor/vanguards). Closes ticket
- 40363; implements proposal 333.
-
- o Minor features (bridge testing support):
- - Let external bridge reachability testing tools discard cached
- bridge descriptors when setting new bridges, so they can be sure
- to get a clean reachability test. Implements ticket 40209.
-
- o Minor features (fuzzing):
- - When building with --enable-libfuzzer, use a set of compiler flags
- that works with more recent versions of the library. Previously we
- were using a set of flags from 2017. Closes ticket 40407.
-
- o Minor features (testing configuration):
- - When TestingTorNetwork is enabled, skip the permissions check on
- hidden service directories. Closes ticket 40338.
- - On a testing network, relays can now use the
- TestingMinTimeToReportBandwidth option to change the smallest
- amount of time over which they're willing to report their observed
- maximum bandwidth. Previously, this was fixed at 1 day. For
- safety, values under 2 hours are only supported on testing
- networks. Part of a fix for ticket 40337.
- - Relays on testing networks no longer rate-limit how frequently
- they are willing to report new bandwidth measurements. Part of a
- fix for ticket 40337.
- - Relays on testing networks now report their observed bandwidths
- immediately from startup. Previously, they waited until they had
- been running for a full day. Closes ticket 40337.
-
- o Minor bugfixes (circuit padding):
- - Don't send STOP circuit padding cells when the other side has
- already shut down the corresponding padding machine. Fixes bug
- 40435; bugfix on 0.4.0.1-alpha.
-
- o Minor bugfixes (compatibility):
- - Fix compatibility with the most recent Libevent versions, which no
- longer have an evdns_set_random_bytes() function. Because this
- function has been a no-op since Libevent 2.0.4-alpha, it is safe
- for us to just stop calling it. Fixes bug 40371; bugfix
- on 0.2.1.7-alpha.
-
- o Minor bugfixes (control, sandbox):
- - Allows the control command SAVECONF to succeed when the seccomp
- sandbox is enabled. Makes SAVECONF keep only one backup file, to
- simplify implementation. Fixes bug 40317; bugfix on 0.2.5.4-alpha.
- Patch by Daniel Pinto.
-
- o Minor bugfixes (heartbeat):
- - Adjust the heartbeat log message about distinct clients to
- consider the HeartbeatPeriod rather than a flat 6-hour delay.
- Fixes bug 40330; bugfix on 0.2.6.3-alpha.
-
- o Minor bugfixes (logging, relay):
- - Add spaces between the "and" when logging the "Your server has not
- managed to confirm reachability for its" on dual-stack relays.
- Fixes bug 40453; bugfix on 0.4.5.1-alpha. Patch by Neel Chauhan.
-
- o Minor bugfixes (onion service):
- - Do not flag an HSDir as non-running in case the descriptor upload
- or fetch fails. An onion service closes pending directory
- connections before uploading a new descriptor which leads to
- wrongly flagging many relays and thus affecting circuit path
- selection. Fixes bug 40434; bugfix on 0.2.0.13-alpha.
-
- o Minor bugfixes (statistics):
- - Fix a fencepost issue when we check stability_last_downrated where
- we called rep_hist_downrate_old_runs() twice. Fixes bug 40394;
- bugfix on 0.2.0.5-alpha. Patch by Neel Chauhan.
-
- o Minor bugfixes (tests):
- - Fix a bug that prevented some tests from running with the correct
- names. Fixes bug 40365; bugfix on 0.4.3.1-alpha.
-
- o Documentation:
- - Add links to original tor design paper and anonbib to
- docs/HACKING/README.1st.md. Closes ticket 33742. Patch from
- Emily Bones.
- - Describe the "fingerprint-ed25519" file in the tor.1 man page.
- Fixes bug 40467; bugfix on 0.4.3.1-alpha. Patch by Neel Chauhan.
-
-
Changes in version 0.4.6.8 - 2021-10-26
This version fixes several bugs from earlier versions of Tor. One
highlight is a fix on how we track DNS timeouts to report general
@@ -303,52 +209,6 @@ Changes in version 0.4.6.8 - 2021-10-26
Fixes bug 40474; bugfix on 0.4.5.8.
-Changes in version 0.4.6.7 - 2021-08-16
- This version fixes several bugs from earlier versions of Tor,
- including one that could lead to a denial-of-service attack. Everyone
- running an earlier version, whether as a client, a relay, or an onion
- service, should upgrade to Tor 0.3.5.16, 0.4.5.10, or 0.4.6.7.
-
- o Major bugfixes (cryptography, security):
- - Resolve an assertion failure caused by a behavior mismatch between
- our batch-signature verification code and our single-signature
- verification code. This assertion failure could be triggered
- remotely, leading to a denial of service attack. We fix this issue
- by disabling batch verification. Fixes bug 40078; bugfix on
- 0.2.6.1-alpha. This issue is also tracked as TROVE-2021-007 and
- CVE-2021-38385. Found by Henry de Valence.
-
- o Minor feature (fallbackdir):
- - Regenerate fallback directories list. Close ticket 40447.
-
- o Minor features (geoip data):
- - Update the geoip files to match the IPFire Location Database, as
- retrieved on 2021/08/12.
-
- o Minor bugfix (crypto):
- - Disable the unused batch verification feature of ed25519-donna.
- Fixes bug 40078; bugfix on 0.2.6.1-alpha. Found by Henry
- de Valence.
-
- o Minor bugfixes (onion service):
- - Send back the extended SOCKS error 0xF6 (Onion Service Invalid
- Address) for a v2 onion address. Fixes bug 40421; bugfix
- on 0.4.6.2-alpha.
-
- o Minor bugfixes (relay):
- - Reduce the compression level for data streaming from HIGH to LOW
- in order to reduce CPU load on the directory relays. Fixes bug
- 40301; bugfix on 0.3.5.1-alpha.
-
- o Minor bugfixes (timekeeping):
- - Calculate the time of day correctly on systems where the time_t
- type includes leap seconds. (This is not the case on most
- operating systems, but on those where it occurs, our tor_timegm
- function did not correctly invert the system's gmtime function,
- which could result in assertion failures when calculating voting
- schedules.) Fixes bug 40383; bugfix on 0.2.0.3-alpha.
-
-
Changes in version 0.4.5.11 - 2021-10-26
The major change in this version is that v2 onion services are now
disabled at the client, service, and relay: any Tor nodes running this
@@ -430,6 +290,183 @@ Changes in version 0.4.5.11 - 2021-10-26
Fixes bug 40474; bugfix on 0.4.5.8.
+Changes in version 0.3.5.17 - 2021-10-26
+ The major change in this version is that v2 onion services are now
+ disabled at the client, service, and relay: any Tor nodes running this
+ version and onward will stop supporting v2 onion services. This is the
+ last step in the long deprecation process of v2 onion services.
+ Everyone running an earlier version, whether as a client, a relay, or
+ an onion service, should upgrade to Tor 0.3.5.17, 0.4.5.11,
+ or 0.4.6.8.
+
+ o Major feature (onion service v2, backport from 0.4.5.11):
+ - See https://blog.torproject.org/v2-deprecation-timeline for
+ details on how to transition from v2 to v3.
+ - The control port commands HSFETCH and HSPOST no longer allow
+ version 2, and it is no longer possible to create a v2 service
+ with ADD_ONION.
+ - Tor no longer allows creating v2 services, or connecting as a
+ client to a v2 service. Relays will decline to be a v2 HSDir or
+ introduction point. This effectively disables onion service
+ version 2 Tor-wide. Closes ticket 40476.
+
+ o Minor features (bridge, backport from 0.4.6.8):
+ - We now announce the URL to Tor's new bridge status at
+ https://bridges.torproject.org/ when Tor is configured to run as a
+ bridge relay. Closes ticket 30477.
+
+ o Minor features (fallbackdir):
+ - Regenerate fallback directories for October 2021. Closes
+ ticket 40493.
+
+ o Minor bugfixes (compatibility, backport from 0.4.6.8):
+ - Fix compatibility with the most recent Libevent versions, which no
+ longer have an evdns_set_random_bytes() function. Because this
+ function has been a no-op since Libevent 2.0.4-alpha, it is safe
+ for us to just stop calling it. Fixes bug 40371; bugfix
+ on 0.2.1.7-alpha.
+
+
+Changes in version 0.4.7.1-alpha - 2021-09-17
+ This version is the first alpha release of the 0.4.7.x series. One
+ major feature is Vanguards Lite, from proposal 333, to help mitigate
+ guard discovery attacks against onion services. It also includes
+ numerous bugfixes.
+
+ o Major features (Proposal 332, onion services, guard selection algorithm):
+ - Clients and onion services now choose four long-lived "layer 2"
+ guard relays for use as the middle hop in all onion circuits.
+ These relays are kept in place for a randomized duration averaging
+ 1 week. This mitigates guard discovery attacks against clients and
+ short-lived onion services such as OnionShare. Long-lived onion
+ services that need high security should still use the Vanguards
+ addon (https://github.com/mikeperry-tor/vanguards). Closes ticket
+ 40363; implements proposal 333.
+
+ o Minor features (bridge testing support):
+ - Let external bridge reachability testing tools discard cached
+ bridge descriptors when setting new bridges, so they can be sure
+ to get a clean reachability test. Implements ticket 40209.
+
+ o Minor features (fuzzing):
+ - When building with --enable-libfuzzer, use a set of compiler flags
+ that works with more recent versions of the library. Previously we
+ were using a set of flags from 2017. Closes ticket 40407.
+
+ o Minor features (testing configuration):
+ - When TestingTorNetwork is enabled, skip the permissions check on
+ hidden service directories. Closes ticket 40338.
+ - On a testing network, relays can now use the
+ TestingMinTimeToReportBandwidth option to change the smallest
+ amount of time over which they're willing to report their observed
+ maximum bandwidth. Previously, this was fixed at 1 day. For
+ safety, values under 2 hours are only supported on testing
+ networks. Part of a fix for ticket 40337.
+ - Relays on testing networks no longer rate-limit how frequently
+ they are willing to report new bandwidth measurements. Part of a
+ fix for ticket 40337.
+ - Relays on testing networks now report their observed bandwidths
+ immediately from startup. Previously, they waited until they had
+ been running for a full day. Closes ticket 40337.
+
+ o Minor bugfixes (circuit padding):
+ - Don't send STOP circuit padding cells when the other side has
+ already shut down the corresponding padding machine. Fixes bug
+ 40435; bugfix on 0.4.0.1-alpha.
+
+ o Minor bugfixes (compatibility):
+ - Fix compatibility with the most recent Libevent versions, which no
+ longer have an evdns_set_random_bytes() function. Because this
+ function has been a no-op since Libevent 2.0.4-alpha, it is safe
+ for us to just stop calling it. Fixes bug 40371; bugfix
+ on 0.2.1.7-alpha.
+
+ o Minor bugfixes (control, sandbox):
+ - Allows the control command SAVECONF to succeed when the seccomp
+ sandbox is enabled. Makes SAVECONF keep only one backup file, to
+ simplify implementation. Fixes bug 40317; bugfix on 0.2.5.4-alpha.
+ Patch by Daniel Pinto.
+
+ o Minor bugfixes (heartbeat):
+ - Adjust the heartbeat log message about distinct clients to
+ consider the HeartbeatPeriod rather than a flat 6-hour delay.
+ Fixes bug 40330; bugfix on 0.2.6.3-alpha.
+
+ o Minor bugfixes (logging, relay):
+ - Add spaces between the "and" when logging the "Your server has not
+ managed to confirm reachability for its" on dual-stack relays.
+ Fixes bug 40453; bugfix on 0.4.5.1-alpha. Patch by Neel Chauhan.
+
+ o Minor bugfixes (onion service):
+ - Do not flag an HSDir as non-running in case the descriptor upload
+ or fetch fails. An onion service closes pending directory
+ connections before uploading a new descriptor which leads to
+ wrongly flagging many relays and thus affecting circuit path
+ selection. Fixes bug 40434; bugfix on 0.2.0.13-alpha.
+
+ o Minor bugfixes (statistics):
+ - Fix a fencepost issue when we check stability_last_downrated where
+ we called rep_hist_downrate_old_runs() twice. Fixes bug 40394;
+ bugfix on 0.2.0.5-alpha. Patch by Neel Chauhan.
+
+ o Minor bugfixes (tests):
+ - Fix a bug that prevented some tests from running with the correct
+ names. Fixes bug 40365; bugfix on 0.4.3.1-alpha.
+
+ o Documentation:
+ - Add links to original tor design paper and anonbib to
+ docs/HACKING/README.1st.md. Closes ticket 33742. Patch from
+ Emily Bones.
+ - Describe the "fingerprint-ed25519" file in the tor.1 man page.
+ Fixes bug 40467; bugfix on 0.4.3.1-alpha. Patch by Neel Chauhan.
+
+
+Changes in version 0.4.6.7 - 2021-08-16
+ This version fixes several bugs from earlier versions of Tor,
+ including one that could lead to a denial-of-service attack. Everyone
+ running an earlier version, whether as a client, a relay, or an onion
+ service, should upgrade to Tor 0.3.5.16, 0.4.5.10, or 0.4.6.7.
+
+ o Major bugfixes (cryptography, security):
+ - Resolve an assertion failure caused by a behavior mismatch between
+ our batch-signature verification code and our single-signature
+ verification code. This assertion failure could be triggered
+ remotely, leading to a denial of service attack. We fix this issue
+ by disabling batch verification. Fixes bug 40078; bugfix on
+ 0.2.6.1-alpha. This issue is also tracked as TROVE-2021-007 and
+ CVE-2021-38385. Found by Henry de Valence.
+
+ o Minor feature (fallbackdir):
+ - Regenerate fallback directories list. Close ticket 40447.
+
+ o Minor features (geoip data):
+ - Update the geoip files to match the IPFire Location Database, as
+ retrieved on 2021/08/12.
+
+ o Minor bugfix (crypto):
+ - Disable the unused batch verification feature of ed25519-donna.
+ Fixes bug 40078; bugfix on 0.2.6.1-alpha. Found by Henry
+ de Valence.
+
+ o Minor bugfixes (onion service):
+ - Send back the extended SOCKS error 0xF6 (Onion Service Invalid
+ Address) for a v2 onion address. Fixes bug 40421; bugfix
+ on 0.4.6.2-alpha.
+
+ o Minor bugfixes (relay):
+ - Reduce the compression level for data streaming from HIGH to LOW
+ in order to reduce CPU load on the directory relays. Fixes bug
+ 40301; bugfix on 0.3.5.1-alpha.
+
+ o Minor bugfixes (timekeeping):
+ - Calculate the time of day correctly on systems where the time_t
+ type includes leap seconds. (This is not the case on most
+ operating systems, but on those where it occurs, our tor_timegm
+ function did not correctly invert the system's gmtime function,
+ which could result in assertion failures when calculating voting
+ schedules.) Fixes bug 40383; bugfix on 0.2.0.3-alpha.
+
+
Changes in version 0.4.5.10 - 2021-08-16
This version fixes several bugs from earlier versions of Tor,
including one that could lead to a denial-of-service attack. Everyone
@@ -479,43 +516,6 @@ Changes in version 0.4.5.10 - 2021-08-16
versions of NSS. Fixes bug 40409; bugfix on 0.3.5.1-alpha.
-Changes in version 0.3.5.17 - 2021-10-26
- The major change in this version is that v2 onion services are now
- disabled at the client, service, and relay: any Tor nodes running this
- version and onward will stop supporting v2 onion services. This is the
- last step in the long deprecation process of v2 onion services.
- Everyone running an earlier version, whether as a client, a relay, or
- an onion service, should upgrade to Tor 0.3.5.17, 0.4.5.11,
- or 0.4.6.8.
-
- o Major feature (onion service v2, backport from 0.4.5.11):
- - See https://blog.torproject.org/v2-deprecation-timeline for
- details on how to transition from v2 to v3.
- - The control port commands HSFETCH and HSPOST no longer allow
- version 2, and it is no longer possible to create a v2 service
- with ADD_ONION.
- - Tor no longer allows creating v2 services, or connecting as a
- client to a v2 service. Relays will decline to be a v2 HSDir or
- introduction point. This effectively disables onion service
- version 2 Tor-wide. Closes ticket 40476.
-
- o Minor features (bridge, backport from 0.4.6.8):
- - We now announce the URL to Tor's new bridge status at
- https://bridges.torproject.org/ when Tor is configured to run as a
- bridge relay. Closes ticket 30477.
-
- o Minor features (fallbackdir):
- - Regenerate fallback directories for October 2021. Closes
- ticket 40493.
-
- o Minor bugfixes (compatibility, backport from 0.4.6.8):
- - Fix compatibility with the most recent Libevent versions, which no
- longer have an evdns_set_random_bytes() function. Because this
- function has been a no-op since Libevent 2.0.4-alpha, it is safe
- for us to just stop calling it. Fixes bug 40371; bugfix
- on 0.2.1.7-alpha.
-
-
Changes in version 0.3.5.16 - 2021-08-16
This version fixes several bugs from earlier versions of Tor,
including one that could lead to a denial-of-service attack. Everyone