diff options
Diffstat (limited to 'ChangeLog')
| -rw-r--r-- | ChangeLog | 276 |
1 files changed, 276 insertions, 0 deletions
@@ -1,3 +1,279 @@ +Changes in version 0.4.9.1-alpha - 2024-12-03 + This is the first alpha of the 0.4.9.x series. This release mostly consists + of bugfixes including some major ones. There are several minor features in + this release but no large new subsystem. Most of the fixes in this release + are already in 0.4.8.x stable series. + + o Major bugfixes (circuit building): + - Conflux circuit building was ignoring the "predicted ports" + feature, which aims to make Tor stop building circuits if there + have been no user requests lately. This bug led to every idle Tor + on the network building and discarding circuits every 30 seconds, + which added overall load to the network, used bandwidth and + battery from clients that weren't actively using their Tor, and + kept sockets open on guards which added connection padding + essentially forever. Fixes bug 40981; bugfix on 0.4.8.1-alpha; + + o Major bugfixes (conflux): + - Fix an issue that prevented us from pre-building more conflux sets + after existing sets had been used. Fixes bug 40862; bugfix + on 0.4.8.1-alpha. + + o Major bugfixes (guard usage): + - When Tor excluded a guard due to temporary circuit restrictions, + it considered *additional* primary guards for potential usage by + that circuit. This could result in more than the specified number + of guards (currently 2) being used, long-term, by the tor client. + This could happen when a Guard was also selected as an Exit node, + but it was exacerbated by the Conflux guard restrictions. Both + instances have been fixed. Fixes bug 40876; bugfix + on 0.3.0.1-alpha. + + o Major bugfixes (onion service): + - Fix a reliability issue where services were expiring their + introduction points every consensus update. This caused + connectivity issues for clients caching the old descriptor and + intro points. Bug reported and fixed by gitlab user + @hyunsoo.kim676. Fixes bug 40858; bugfix on 0.4.7.5-alpha. + + o Major bugfixes (onion service, TROVE-2023-006): + - Fix a possible hard assert on a NULL pointer when recording a + failed rendezvous circuit on the service side for the MetricsPort. + Fixes bug 40883; bugfix on 0.4.8.1-alpha + + o Major bugfixes (sandbox): + - Fix sandbox to work on architectures that use Linux's generic + syscall interface, extending support for AArch64 (ARM64) and + adding support for RISC-V, allowing test_include.sh and the + sandbox unit tests to pass on these systems even when building + with fragile hardening enabled. Fixes bugs 40465 and 40599; bugfix + on 0.2.5.1-alpha. + + o Major bugfixes (TROVE-2023-004, relay): + - Mitigate an issue when Tor compiled with OpenSSL can crash during + handshake with a remote relay. Fixes bug 40874; bugfix + on 0.2.7.2-alpha. + + o Major bugfixes (TROVE-2023-007, exit): + - Improper error propagation from a safety check in conflux leg + linking lead to a desynchronization of which legs were part of a + conflux set, ultimately causing a UAF and NULL pointer dereference + crash on Exit relays. Fixes bug 40897; bugfix on 0.4.8.1-alpha. + + o Minor feature (authority): + - Reject 0.4.7.x series at the authority level. Closes ticket 40896. + + o Minor feature (bridges, pluggable transport): + - Add STATUS TYPE=version handler for Pluggable Transport. This + allows us to gather version statistics on Pluggable Transport + usage from bridge servers on our metrics portal. Closes + ticket 11101. + + o Minor feature (defense in depth): + - Verify needle is smaller than haystack before calling memmem. + Closes ticket 40854. + + o Minor feature (dirauth): + - Add back faravahar with a new address and new keys. Closes 40689. + + o Minor feature (dirauth, tor26): + - New IP address and keys. + + o Minor feature (directory authority): + - Allow BandwidthFiles "node_id" KeyValue without the dollar sign at + the start of the hexdigit, in order to easier database queries + combining Tor documents in which the relays fingerprint does not + include it. Fixes bug 40891; bugfix on 0.4.7 (all supported + versions of Tor). + - Introduce MinimalAcceptedServerVersion to allow modification of + minimal accepted version for relays without requiring a new tor + release. Closes ticket 40817. + + o Minor feature (exit policies): + - Implement reevaluating new exit policy against existing + connections. This is controlled by new config option + ReevaluateExitPolicy, defaulting to 0. Closes ticket 40676. + + o Minor feature (exit relay, DoS resitance): + - Implement a token-bucket based rate limiter for stream creation + and resolve request. It is configured by the DoSStream* family of + configuration options. Closes ticket 40736. + + o Minor feature (metrics port): + - New metrics on the MetricsPort for the number of BUG() that + occurred at runtime. Closes MR 760. + + o Minor feature (metrics port, relay): + - Add new metrics for relays on the MetricsPort namely the count of + drop cell, destroy cell and the number of circuit protocol + violation seen that lead to a circuit close. Closes ticket 40816. + + o Minor feature (testing): + - test-network now unconditionally includes IPv6 instead of trying + to detect IPv6 support. + + o Minor feature (testing, CI): + - Use a fixed version of chutney (be881a1e) instead of its current + HEAD. This version should also be preferred when testing locally. + + o Minor features (debugging, compression): + - Log the input and output buffer sizes when we detect a potential + compression bomb. Diagnostic for ticket 40739. + + o Minor features (forward-compatibility): + - We now correctly parse microdescriptors and router descriptors + that do not include TAP onion keys. (For backward compatibility, + authorities continue to require these keys.) Implements part of + proposal 350. + + o Minor features (portability, android): + - Use /data/local/tmp for data storage on Android by default. Closes + ticket 40487. Patch from Hans-Christoph Steiner. + + o Minor features (SOCKS): + - Detect invalid SOCKS5 username/password combinations according to + new extended parameters syntax. (Currently, this rejects any + SOCKS5 username beginning with "<torS0X>", except for the username + "<torS0X>0". Such usernames are now reserved to communicate + additional parameters with other Tor implementations.) Implements + proposal 351. + + o Minor bugfix (circuit): + - Remove a log_warn being triggered by a protocol violation that + already emits a protocol warning log. Fixes bug 40932; bugfix + on 0.4.8.1-alpha. + + o Minor bugfix (defensive programming): + - Disable multiple BUG warnings of a missing relay identity key when + starting an instance of Tor compiled without relay support. Fixes + bug 40848; bugfix on 0.4.3.1-alpha. + + o Minor bugfix (MetricsPort, relay): + - Handle rephist tracking of ntor and ntor_v3 handshakes + individually such that MetricsPort exposes the correct values. + Fixes bug 40638; bugfix on 0.4.7.11. + + o Minor bugfix (NetBSD, compilation): + - Fix compilation issue on NetBSD by avoiding an unnecessary + dependency on "huge" page mappings in Equi-X. Fixes bug 40843; + bugfix on 0.4.8.1-alpha. + + o Minor bugfix (NetBSD, testing): + - Fix test failures in "crypto/hashx" and "slow/crypto/equix" on + x86_64 and aarch64 NetBSD hosts, by adding support for + PROT_MPROTECT() flags. Fixes bug 40844; bugfix on 0.4.8.1-alpha. + + o Minor bugfix (process): + - Avoid closing all possible FDs when spawning a process (PT). On + some systems, this could lead to 3+ minutes hang. Fixes bug 40990; + bugfix on 0.3.5.1-alpha. + + o Minor bugfix (relay, sandbox): + - Disable a sandbox unit test that is failing on Debian Sid breaking + our nightly packages. Fixes bug 40918; bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (bridge authority): + - When reporting a pseudo-networkstatus as a bridge authority, or + answering "ns/purpose/*" controller requests, include accurate + published-on dates from our list of router descriptors. Fixes bug + 40855; bugfix on 0.4.8.1-alpha. + + o Minor bugfixes (bridge): + - Don't warn when BridgeRelay is 1 and ExitRelay is explicitly set + to 0. Fixes bug 40884; bugfix on 0.4.8.3-rc. + + o Minor bugfixes (bridges, statistics): + - Correctly report statistics for client count over Pluggable + transport. Fixes bug 40871; bugfix on 0.4.8.4 + + o Minor bugfixes (compiler warnings): + - Make sure the two bitfields in the half-closed edge struct are + unsigned, as we're using them for boolean values and assign 1 to + them. Fixes bug 40911; bugfix on 0.4.7.2-alpha. + + o Minor bugfixes (compression, zstd): + - Use less frightening language and lower the log-level of our run- + time ABI compatibility check message in our Zstd compression + subsystem. Fixes bug 40815; bugfix on 0.4.3.1-alpha. + + o Minor bugfixes (conflux): + - Avoid a potential hard assert (crash) when sending a cell on a + Conflux set. Fixes bug 40921; bugfix on 0.4.8.1-alpha. + - Demote a relay-side warn about too many legs to ProtocolWarn, as + there are conditions that it can briefly happen during set + construction. Also add additional set logging details for all + error cases. Fixes bug 40841; bugfix on 0.4.8.1-alpha. + - Make sure we don't process a closed circuit when packaging data. + This lead to a non fatal BUG() spamming logs. Fixes bug 40908; + bugfix on 0.4.8.1-alpha. + - Prevent non-fatal assert stacktrace caused by using conflux sets + during their teardown process. Fixes bug 40842; bugfix + on 0.4.8.1-alpha. + + o Minor bugfixes (conflux, client): + - Avoid a non fatal assert caused by data coming in on a conflux set + that is being freed during shutdown. Fixes bug 40870; bugfix + on 0.4.8.1-alpha. + + o Minor bugfixes (directory authorities): + - Add a warning when publishing a vote or signatures to another + directory authority fails. Fixes bug 40910; bugfix + on 0.2.0.3-alpha. + + o Minor bugfixes (directory authority): + - Look at the network parameter "maxunmeasuredbw" with the correct + spelling. Fixes bug 40869; bugfix on 0.4.6.1-alpha. + + o Minor bugfixes (memleak, authority): + - Fix a small memleak when computing a new consensus. This only + affects directory authorities. Fixes bug 40966; bugfix + on 0.3.5.1-alpha. + + o Minor bugfixes (memory): + - Fix a pointer free that wasn't set to NULL afterwards which could + be reused by calling back in the free all function. Fixes bug + 40989; bugfix on 0.4.8.13. + - Fix memory leaks of the CPU worker code during shutdown. Fixes bug + 833; bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (sandbox, bwauth): + - Fix sandbox to work for bandwidth authority. Fixes bug 40933; + bugfix on 0.2.2.1-alpha + + o Minor bugfixes (testing): + - Enabling TestingTorNetwork no longer forces fast hidden service + intro point rotation. This reduces noise and errors when using + hidden services with TestingTorNetwork enabled. Fixes bug 40922; + bugfix on 0.3.2.1-alpha. + + o Minor bugfixes (tor-resolve): + - Create socket with correct family as given by sockshost, fixes + IPv6. Fixes bug 40982; bugfix on 0.4.9.0-alpha. + + o Minor bugfixes (vanguards addon support): + - Count the conflux linked cell as valid when it is successfully + processed. This will quiet a spurious warn in the vanguards addon. + Fixes bug 40878; bugfix on 0.4.8.1-alpha. + + o Removed features: + - Directory authorities no longer support consensus methods before + method 32. Closes ticket 40835. + + o Removed features (directory authority): + - We include a new consensus method that removes support for + computing "package" lines in consensus documents. This feature was + never used, and support for including it in our votes was removed + in 0.4.2.1-alpha. Finishes implementation of proposal 301. + + o Removed features (obsolete): + - Relays no longer support the obsolete TAP circuit extension + protocol. (For backward compatibility, however, relays still + continue to include TAP keys in their descriptors.) Implements + part of proposal 350. + - Removed some vestigial code for selecting the TAP circuit + extension protocol. + + Changes in version 0.4.8.12 - 2024-06-06 This is a minor release with couple bugfixes affecting conflux and logging. We also have the return of faravahar directory authority with new keys and |