diff options
Diffstat (limited to 'ReleaseNotes')
| -rw-r--r-- | ReleaseNotes | 649 |
1 files changed, 649 insertions, 0 deletions
diff --git a/ReleaseNotes b/ReleaseNotes index 42017292c5..aaab3f5ac2 100644 --- a/ReleaseNotes +++ b/ReleaseNotes @@ -2,6 +2,655 @@ This document summarizes new features and bugfixes in each stable release of Tor. If you want to see more detailed descriptions of the changes in each development snapshot, see the ChangeLog file. +Changes in version 0.4.6.12 - 2022-08-12 + This version updates the geoip cache that we generate from IPFire location + database to use the August 9th, 2022 one. Everyone MUST update to this + latest release else circuit path selection and relay metrics are badly + affected. + + o Major bugfixes (geoip data): + - IPFire informed us on August 12th that databases generated after + (including) August 10th did not have proper ARIN network allocations. We + are updating the database to use the one generated on August 9th, 2022. + Fixes bug 40658; bugfix on 0.4.6.11. + + +Changes in version 0.4.6.11 - 2022-08-11 + This version contains two major fixes aimed at reducing memory pressure on + relays and possible side-channel. The rest of the fixes were backported for + stability or safety purposes. + + This is the very LAST version of this series. As of August 1st 2022, it is + end-of-life (EOL). We thus strongly recommend to upgrade to the latest + stable of the 0.4.7.x series. + + o Major bugfixes (relay): + - Remove OR connections btrack subsystem entries when the connections + close normally. Before this, we would only remove the entry on error and + thus leaking memory for each normal OR connections. Fixes bug 40604; + bugfix on 0.4.0.1-alpha. + - Stop sending TRUNCATED cell and instead close the circuit from which we + received a DESTROY cell. This makes every relay in the circuit path to + stop queuing cells. Fixes bug 40623; bugfix on 0.1.0.2-rc. + + o Minor features (fallbackdir): + - Regenerate fallback directories generated on August 11, 2022. + + o Minor features (geoip data): + - Update the geoip files to match the IPFire Location Database, as + retrieved on 2022/08/11. + + o Minor features (linux seccomp2 sandbox): + - Permit the clone3 syscall, which is apparently used in glibc-2.34 + and later. Closes ticket 40590. + + o Minor bugfixes (controller, path bias): + - When a circuit's path is specified, in full or in part, from the + controller API, do not count that circuit towards our path-bias + calculations. (Doing so was incorrect, since we cannot tell + whether the controller is selecting relays randomly.) Resolves a + "Bug" warning. Fixes bug 40515; bugfix on 0.2.4.10-alpha. + + o Minor bugfixes (defense in depth): + - Change a test in the netflow padding code to make it more + _obviously_ safe against remotely triggered crashes. (It was safe + against these before, but not obviously so.) Fixes bug 40645; + bugfix on 0.3.1.1-alpha. + + o Minor bugfixes (linux seccomp2 sandbox): + - Allow the rseq system call in the sandbox. This solves a crash + issue with glibc 2.35 on Linux. Patch from pmu-ipf. Fixes bug + 40601; bugfix on 0.3.5.11. + + o Minor bugfixes (metrics port, onion service): + - The MetricsPort line for an onion service with multiple ports are now + unique that is one line per port. Before this, all ports of an onion + service would be on the same line which violates the Prometheus rules of + unique labels. Fixes bug 40581; bugfix on 0.4.5.1-alpha. + + o Minor bugfixes (onion service, client): + - Fix a fatal assert due to a guard subsystem recursion triggered by + the onion service client. Fixes bug 40579; bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (performance, DoS): + - Fix one case of a not-especially viable denial-of-service attack + found by OSS-Fuzz in our consensus-diff parsing code. This attack + causes a lot small of memory allocations and then immediately + frees them: this is only slow when running with all the sanitizers + enabled. Fixes one case of bug 40472; bugfix on 0.3.1.1-alpha. + + o Minor bugfixes (relay): + - Do not propagate either forward or backward a DESTROY remote reason when + closing a circuit in order to avoid a possible side channel. Fixes bug + 40649; bugfix on 0.1.2.4-alpha. + + +Changes in version 0.4.6.10 - 2022-02-04 + This version contains minor bugfixes but one in particular is that relays + don't advertise onion service v2 support at the protocol version level. + + o Minor features (fallbackdir): + - Regenerate fallback directories generated on February 04, 2022. + + o Minor features (geoip data): + - Update the geoip files to match the IPFire Location Database, as + retrieved on 2022/02/04. + + o Minor bugfix (logging): + - Update a log notice dead URL to a working one. Fixes bug 40544; + bugfix on 0.3.5.1-alpha. + + o Minor bugfix (relay): + - Remove the HSDir and HSIntro onion service v2 protocol versions so + relay stop advertising that they support them. Fixes bug 40509; + bugfix on 0.3.5.17. + + o Minor bugfixes (MetricsPort, Prometheus): + - Add double quotes to the label values of the onion service + metrics. Fixes bug 40552; bugfix on 0.4.5.1-alpha. + + +Changes in version 0.4.6.9 - 2021-12-15 + This version fixes several bugs from earlier versions of Tor. One important + piece is the removal of DNS timeout metric from the overload general signal. + See below for more details. + + o Major bugfixes (relay, overload): + - Don't make Tor DNS timeout trigger an overload general state. + These timeouts are different from DNS server timeout. They have to + be seen as timeout related to UX and not because of a network + problem. Fixes bug 40527; bugfix on 0.4.6.1-alpha. + + o Minor feature (reproducible build): + - The repository can now build reproducible tarballs which adds the + build command "make dist-reprod" for that purpose. Closes + ticket 26299. + + o Minor features (compilation): + - Give an error message if trying to build with a version of + LibreSSL known not to work with Tor. (There's an incompatibility + with LibreSSL versions 3.2.1 through 3.4.0 inclusive because of + their incompatibility with OpenSSL 1.1.1's TLSv1.3 APIs.) Closes + ticket 40511. + + o Minor features (fallbackdir): + - Regenerate fallback directories generated on December 15, 2021. + + o Minor features (geoip data): + - Update the geoip files to match the IPFire Location Database, as + retrieved on 2021/12/15. + + o Minor bugfixes (compilation): + - Fix our configuration logic to detect whether we had OpenSSL 3: + previously, our logic was reversed. This has no other effect than + to change whether we suppress deprecated API warnings. Fixes bug + 40429; bugfix on 0.3.5.13. + + o Minor bugfixes (relay): + - Reject IPv6-only DirPorts. Our reachability self-test forces + DirPorts to be IPv4, but our configuration parser allowed them to + be IPv6-only, which led to an assertion failure. Fixes bug 40494; + bugfix on 0.4.5.1-alpha. + + o Documentation (man, relay): + - Missing "OverloadStatistics" in tor.1 manpage. Fixes bug 40504; + bugfix on 0.4.6.1-alpha. + + +Changes in version 0.4.6.8 - 2021-10-26 + This version fixes several bugs from earlier versions of Tor. One + highlight is a fix on how we track DNS timeouts to report general + relay overload. + + o Major bugfixes (relay, overload state): + - Relays report the general overload state for DNS timeout errors + only if X% of all DNS queries over Y seconds are errors. Before + that, it only took 1 timeout to report the overload state which + was just too low of a threshold. The X and Y values are 1% and 10 + minutes respectively but they are also controlled by consensus + parameters. Fixes bug 40491; bugfix on 0.4.6.1-alpha. + + o Minor features (fallbackdir): + - Regenerate fallback directories for October 2021. Closes + ticket 40493. + + o Minor features (testing): + - On a testing network, relays can now use the + TestingMinTimeToReportBandwidth option to change the smallest + amount of time over which they're willing to report their observed + maximum bandwidth. Previously, this was fixed at 1 day. For + safety, values under 2 hours are only supported on testing + networks. Part of a fix for ticket 40337. + - Relays on testing networks no longer rate-limit how frequently + they are willing to report new bandwidth measurements. Part of a + fix for ticket 40337. + - Relays on testing networks now report their observed bandwidths + immediately from startup. Previously, they waited until they had + been running for a full day. Closes ticket 40337. + + o Minor bugfix (onion service): + - Do not flag an HSDir as non-running in case the descriptor upload + or fetch fails. An onion service closes pending directory + connections before uploading a new descriptor which can thus lead + to wrongly flagging many relays and thus affecting circuit building + path selection. Fixes bug 40434; bugfix on 0.2.0.13-alpha. + - Improve logging when a bad HS version is given. Fixes bug 40476; + bugfix on 0.4.6.1-alpha. + + o Minor bugfix (CI, onion service): + - Exclude onion service version 2 Stem tests in our CI. Fixes bug 40500; + bugfix on 0.3.2.1-alpha. + + o Minor bugfixes (compatibility): + - Fix compatibility with the most recent Libevent versions, which no + longer have an evdns_set_random_bytes() function. Because this + function has been a no-op since Libevent 2.0.4-alpha, it is safe + for us to just stop calling it. Fixes bug 40371; bugfix + on 0.2.1.7-alpha. + + o Minor bugfixes (onion service, TROVE-2021-008): + - Only log v2 access attempts once total, in order to not pollute + the logs with warnings and to avoid recording the times on disk + when v2 access was attempted. Note that the onion address was + _never_ logged. This counts as a Low-severity security issue. + Fixes bug 40474; bugfix on 0.4.5.8. + + +Changes in version 0.4.6.7 - 2021-08-16 + This version fixes several bugs from earlier versions of Tor, including one + that could lead to a denial-of-service attack. Everyone running an earlier + version, whether as a client, a relay, or an onion service, should upgrade + to Tor 0.3.5.16, 0.4.5.10, or 0.4.6.7. + + o Major bugfixes (cryptography, security): + - Resolve an assertion failure caused by a behavior mismatch between our + batch-signature verification code and our single-signature verification + code. This assertion failure could be triggered remotely, leading to a + denial of service attack. We fix this issue by disabling batch + verification. Fixes bug 40078; bugfix on 0.2.6.1-alpha. This issue is + also tracked as TROVE-2021-007 and CVE-2021-38385. Found by Henry de + Valence. + + o Minor feature (fallbackdir): + - Regenerate fallback directories list. Close ticket 40447. + + o Minor features (geoip data): + - Update the geoip files to match the IPFire Location Database, + as retrieved on 2021/08/12. + + o Minor bugfix (crypto): + - Disable the unused batch verification feature of ed25519-donna. Fixes + bug 40078; bugfix on 0.2.6.1-alpha. Found by Henry de Valence. + + o Minor bugfixes (onion service): + - Send back the extended SOCKS error 0xF6 (Onion Service Invalid Address) + for a v2 onion address. Fixes bug 40421; bugfix on 0.4.6.2-alpha. + + o Minor bugfixes (relay): + - Reduce the compression level for data streaming from HIGH to LOW in + order to reduce CPU load on the directory relays. Fixes bug 40301; + bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (timekeeping): + - Calculate the time of day correctly on systems where the time_t + type includes leap seconds. (This is not the case on most + operating systems, but on those where it occurs, our tor_timegm + function did not correctly invert the system's gmtime function, + which could result in assertion failures when calculating + voting schedules.) Fixes bug 40383; bugfix on 0.2.0.3-alpha. + + +Changes in version 0.4.6.6 - 2021-06-30 + Tor 0.4.6.6 makes several small fixes on 0.4.6.5, including one that + allows Tor to build correctly on older versions of GCC. You should + upgrade to this version if you were having trouble building Tor + 0.4.6.5; otherwise, there is probably no need. + + o Minor bugfixes (compilation): + - Fix a compilation error when trying to build Tor with a compiler + that does not support const variables in static initializers. + Fixes bug 40410; bugfix on 0.4.6.5. + - Suppress a strict-prototype warning when building with some + versions of NSS. Fixes bug 40409; bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (testing): + - Enable the deterministic RNG for unit tests that covers the + address set bloomfilter-based API's. Fixes bug 40419; bugfix + on 0.3.3.2-alpha. + + +Changes in version 0.4.6.5 - 2021-06-14 + Tor 0.4.6.5 is the first stable release in its series. The 0.4.6.x + series includes numerous features and bugfixes, including a significant + improvement to our circuit timeout algorithm that should improve + observed client performance, and a way for relays to report when they are + overloaded. + + This release also includes security fixes for several security issues, + including a denial-of-service attack against onion service clients, + and another denial-of-service attack against relays. Everybody should + upgrade to one of 0.3.5.15, 0.4.4.9, 0.4.5.9, or 0.4.6.5. + + Below are the changes since 0.4.5.8. For a list of changes since + 0.4.6.4-rc, see the ChangeLog file. + + o Major bugfixes (security): + - Don't allow relays to spoof RELAY_END or RELAY_RESOLVED cell on + half-closed streams. Previously, clients failed to validate which + hop sent these cells: this would allow a relay on a circuit to end + a stream that wasn't actually built with it. Fixes bug 40389; + bugfix on 0.3.5.1-alpha. This issue is also tracked as TROVE-2021- + 003 and CVE-2021-34548. + + o Major bugfixes (security, defense-in-depth): + - Detect more failure conditions from the OpenSSL RNG code. + Previously, we would detect errors from a missing RNG + implementation, but not failures from the RNG code itself. + Fortunately, it appears those failures do not happen in practice + when Tor is using OpenSSL's default RNG implementation. Fixes bug + 40390; bugfix on 0.2.8.1-alpha. This issue is also tracked as + TROVE-2021-004. Reported by Jann Horn at Google's Project Zero. + + o Major bugfixes (security, denial of service): + - Resist a hashtable-based CPU denial-of-service attack against + relays. Previously we used a naive unkeyed hash function to look + up circuits in a circuitmux object. An attacker could exploit this + to construct circuits with chosen circuit IDs, to create + collisions and make the hash table inefficient. Now we use a + SipHash construction here instead. Fixes bug 40391; bugfix on + 0.2.4.4-alpha. This issue is also tracked as TROVE-2021-005 and + CVE-2021-34549. Reported by Jann Horn from Google's Project Zero. + - Fix an out-of-bounds memory access in v3 onion service descriptor + parsing. An attacker could exploit this bug by crafting an onion + service descriptor that would crash any client that tried to visit + it. Fixes bug 40392; bugfix on 0.3.0.1-alpha. This issue is also + tracked as TROVE-2021-006 and CVE-2021-34550. Reported by Sergei + Glazunov from Google's Project Zero. + + o Major features (control port, onion services): + - Add controller support for creating version 3 onion services with + client authorization. Previously, only v2 onion services could be + created with client authorization. Closes ticket 40084. Patch by + Neel Chauhan. + + o Major features (directory authority): + - When voting on a relay with a Sybil-like appearance, add the Sybil + flag when clearing out the other flags. This lets a relay operator + know why their relay hasn't been included in the consensus. Closes + ticket 40255. Patch by Neel Chauhan. + + o Major features (metrics): + - Relays now report how overloaded they are in their extrainfo + documents. This information is controlled with the + OverloadStatistics torrc option, and it will be used to improve + decisions about the network's load balancing. Implements proposal + 328; closes ticket 40222. + + o Major features (relay, denial of service): + - Add a new DoS subsystem feature to control the rate of client + connections for relays. Closes ticket 40253. + + o Major features (statistics): + - Relays now publish statistics about the number of v3 onion + services and volume of v3 onion service traffic, in the same + manner they already do for v2 onions. Closes ticket 23126. + + o Major bugfixes (circuit build timeout): + - Improve the accuracy of our circuit build timeout calculation for + 60%, 70%, and 80% build rates for various guard choices. We now + use a maximum likelihood estimator for Pareto parameters of the + circuit build time distribution, instead of a "right-censored + estimator". This causes clients to ignore circuits that never + finish building in their timeout calculations. Previously, clients + were counting such unfinished circuits as having the highest + possible build time value, when in reality these circuits most + likely just contain relays that are offline. We also now wait a + bit longer to let circuits complete for measurement purposes, + lower the minimum possible effective timeout from 1.5 seconds to + 10ms, and increase the resolution of the circuit build time + histogram from 50ms bin widths to 10ms bin widths. Additionally, + we alter our estimate Xm by taking the maximum of the top 10 most + common build time values of the 10ms histogram, and compute Xm as + the average of these. Fixes bug 40168; bugfix on 0.2.2.14-alpha. + - Remove max_time calculation and associated warning from circuit + build timeout 'alpha' parameter estimation, as this is no longer + needed by our new estimator from 40168. Fixes bug 34088; bugfix + on 0.2.2.9-alpha. + + o Major bugfixes (signing key): + - In the tor-gencert utility, give an informative error message if + the passphrase given in `--create-identity-key` is too short. + Fixes bug 40189; bugfix on 0.2.0.1-alpha. Patch by Neel Chauhan. + + o Minor features (bridge): + - We now announce the URL to Tor's new bridge status at + https://bridges.torproject.org/ when Tor is configured to run as a + bridge relay. Closes ticket 30477. + + o Minor features (build system): + - New "make lsp" command to auto generate the compile_commands.json + file used by the ccls server. The "bear" program is needed for + this. Closes ticket 40227. + + o Minor features (client): + - Clients now check whether their streams are attempting to re-enter + the Tor network (i.e. to send Tor traffic over Tor), and close + them preemptively if they think exit relays will refuse them for + this reason. See ticket 2667 for details. Closes ticket 40271. + + o Minor features (command line): + - Add long format name "--torrc-file" equivalent to the existing + command-line option "-f". Closes ticket 40324. Patch by + Daniel Pinto. + + o Minor features (command-line interface): + - Add build informations to `tor --version` in order to ease + reproducible builds. Closes ticket 32102. + - When parsing command-line flags that take an optional argument, + treat the argument as absent if it would start with a '-' + character. Arguments in that form are not intelligible for any of + our optional-argument flags. Closes ticket 40223. + - Allow a relay operator to list the ed25519 keys on the command + line by adding the `rsa` and `ed25519` arguments to the + --list-fingerprint flag to show the respective RSA and ed25519 + relay fingerprint. Closes ticket 33632. Patch by Neel Chauhan. + + o Minor features (compatibility): + - Remove an assertion function related to TLS renegotiation. It was + used nowhere outside the unit tests, and it was breaking + compilation with recent alpha releases of OpenSSL 3.0.0. Closes + ticket 40399. + + o Minor features (control port, stream handling): + - Add the stream ID to the event line in the ADDRMAP control event. + Closes ticket 40249. Patch by Neel Chauhan. + + o Minor features (dormant mode): + - Add a new 'DormantTimeoutEnabled' option to allow coarse-grained + control over whether the client ever becomes dormant from + inactivity. Most people won't need this. Closes ticket 40228. + - Add a new 'DormantTimeoutEnabled' option for coarse-grained + control over whether the client can become dormant from + inactivity. Most people won't need this. Closes ticket 40228. + + o Minor features (geoip data): + - Update the geoip files to match the IPFire Location Database, as + retrieved on 2021/06/10. + + o Minor features (logging): + - Edit heartbeat log messages so that more of them begin with the + string "Heartbeat: ". Closes ticket 40322; patch + from 'cypherpunks'. + - Change the DoS subsystem heartbeat line format to be more clear on + what has been detected/rejected, and which option is disabled (if + any). Closes ticket 40308. + - In src/core/mainloop/mainloop.c and src/core/mainloop/connection.c, + put brackets around IPv6 addresses in log messages. Closes ticket + 40232. Patch by Neel Chauhan. + + o Minor features (logging, diagnostic): + - Log decompression failures at a higher severity level, since they + can help provide missing context for other warning messages. We + rate-limit these messages, to avoid flooding the logs if they + begin to occur frequently. Closes ticket 40175. + + o Minor features (onion services): + - Add a warning message when trying to connect to (no longer + supported) v2 onion services. Closes ticket 40373. + + o Minor features (performance, windows): + - Use SRWLocks to implement locking on Windows. Replaces the + "critical section" locking implementation with the faster + SRWLocks, available since Windows Vista. Closes ticket 17927. + Patch by Daniel Pinto. + + o Minor features (protocol, proxy support, defense in depth): + - Close HAProxy connections if they somehow manage to send us data + before we start reading. Closes another case of ticket 40017. + + o Minor features (tests, portability): + - Port the hs_build_address.py test script to work with recent + versions of python. Closes ticket 40213. Patch from + Samanta Navarro. + + o Minor features (vote document): + - Add a "stats" line to directory authority votes, to report various + statistics that authorities compute about the relays. This will + help us diagnose the network better. Closes ticket 40314. + + o Minor bugfixes (build): + - The configure script now shows whether or not lzma and zstd have + been used, not just if the enable flag was passed in. Fixes bug + 40236; bugfix on 0.4.3.1-alpha. + + o Minor bugfixes (compatibility): + - Fix a failure in the test cases when running on the "hppa" + architecture, along with a related test that might fail on other + architectures in the future. Fixes bug 40274; bugfix + on 0.2.5.1-alpha. + + o Minor bugfixes (compilation): + - Fix a compilation warning about unused functions when building + with a libc that lacks the GLOB_ALTDIRFUNC constant. Fixes bug + 40354; bugfix on 0.4.5.1-alpha. Patch by Daniel Pinto. + + o Minor bugfixes (consensus handling): + - Avoid a set of bugs that could be caused by inconsistently + preferring an out-of-date consensus stored in a stale directory + cache over a more recent one stored on disk as the latest + consensus. Fixes bug 40375; bugfix on 0.3.1.1-alpha. + + o Minor bugfixes (control, sandbox): + - Allow the control command SAVECONF to succeed when the seccomp + sandbox is enabled, and make SAVECONF keep only one backup file to + simplify implementation. Previously SAVECONF allowed a large + number of backup files, which made it incompatible with the + sandbox. Fixes bug 40317; bugfix on 0.2.5.4-alpha. Patch by + Daniel Pinto. + + o Minor bugfixes (directory authorities, voting): + - Add a new consensus method (31) to support any future changes that + authorities decide to make to the value of bwweightscale or + maxunmeasuredbw. Previously, there was a bug that prevented the + authorities from parsing these consensus parameters correctly under + most circumstances. Fixes bug 19011; bugfix on 0.2.2.10-alpha. + + o Minor bugfixes (ipv6): + - Allow non-SOCKSPorts to disable IPv4, IPv6, and PreferIPv4. Some + rare configurations might break, but in this case you can disable + NoIPv4Traffic and NoIPv6Traffic as needed. Fixes bug 33607; bugfix + on 0.4.1.1-alpha. Patch by Neel Chauhan. + + o Minor bugfixes (key generation): + - Do not require a valid torrc when using the `--keygen` argument to + generate a signing key. This allows us to generate keys on systems + or users which may not run Tor. Fixes bug 40235; bugfix on + 0.2.7.2-alpha. Patch by Neel Chauhan. + + o Minor bugfixes (logging, relay): + - Emit a warning if an Address is found to be internal and tor can't + use it. Fixes bug 40290; bugfix on 0.4.5.1-alpha. + + o Minor bugfixes (metrics port): + - Fix a bug that made tor try to re-bind() on an already open + MetricsPort every 60 seconds. Fixes bug 40370; bugfix + on 0.4.5.1-alpha. + + o Minor bugfixes (onion services, logging): + - Downgrade the severity of a few rendezvous circuit-related + warnings from warning to info. Fixes bug 40207; bugfix on + 0.3.2.1-alpha. Patch by Neel Chauhan. + + o Minor bugfixes (relay): + - Reduce the compression level for data streaming from HIGH to LOW. + This should reduce the CPU and memory burden for directory caches. + Fixes bug 40301; bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (testing, BSD): + - Fix pattern-matching errors when patterns expand to invalid paths + on BSD systems. Fixes bug 40318; bugfix on 0.4.5.1-alpha. Patch by + Daniel Pinto. + + o Code simplification and refactoring: + - Remove the orconn_ext_or_id_map structure and related functions. + (Nothing outside of unit tests used them.) Closes ticket 33383. + Patch by Neel Chauhan. + + o Removed features: + - Remove unneeded code for parsing private keys in directory + documents. This code was only used for client authentication in v2 + onion services, which are now unsupported. Closes ticket 40374. + - As of this release, Tor no longer supports the old v2 onion + services. They were deprecated last July for security, and support + will be removed entirely later this year. We strongly encourage + everybody to migrate to v3 onion services. For more information, + see https://blog.torproject.org/v2-deprecation-timeline . Closes + ticket 40266. (NOTE: We accidentally released an earlier version + of the 0.4.6.1-alpha changelog without this entry. Sorry for + the confusion!) + + o Code simplification and refactoring (metrics, DoS): + - Move the DoS subsystem into the subsys manager, including its + configuration options. Closes ticket 40261. + + o Documentation (manual): + - Move the ServerTransport* options to the "SERVER OPTIONS" section. + Closes issue 40331. + - Indicate that the HiddenServiceStatistics option also applies to + bridges. Closes ticket 40346. + - Move the description of BridgeRecordUsageByCountry to the section + "STATISTICS OPTIONS". Closes ticket 40323. + + o Removed features (relay): + - Because DirPorts are only used on authorities, relays no longer + advertise them. Similarly, self-testing for DirPorts has been + disabled, since an unreachable DirPort is no reason for a relay + not to advertise itself. (Configuring a DirPort will still work, + for now.) Closes ticket 40282. + + +Changes in version 0.4.5.8 - 2021-05-10 + Tor 0.4.5.8 fixes several bugs in earlier version, backporting fixes + from the 0.4.6.x series. + + o Minor features (compatibility, Linux seccomp sandbox, backport from 0.4.6.3-rc): + - Add a workaround to enable the Linux sandbox to work correctly + with Glibc 2.33. This version of Glibc has started using the + fstatat() system call, which previously our sandbox did not allow. + Closes ticket 40382; see the ticket for a discussion of trade-offs. + + o Minor features (compilation, backport from 0.4.6.3-rc): + - Make the autoconf script build correctly with autoconf versions + 2.70 and later. Closes part of ticket 40335. + + o Minor features (fallback directory list, backport from 0.4.6.2-alpha): + - Regenerate the list of fallback directories to contain a new set + of 200 relays. Closes ticket 40265. + + o Minor features (geoip data): + - Update the geoip files to match the IPFire Location Database, as + retrieved on 2021/05/07. + + o Minor features (onion services): + - Add warning message when connecting to now deprecated v2 onion + services. As announced, Tor 0.4.5.x is the last series that will + support v2 onions. Closes ticket 40373. + + o Minor bugfixes (bridge, pluggable transport, backport from 0.4.6.2-alpha): + - Fix a regression that made it impossible start Tor using a bridge + line with a transport name and no fingerprint. Fixes bug 40360; + bugfix on 0.4.5.4-rc. + + o Minor bugfixes (build, cross-compilation, backport from 0.4.6.3-rc): + - Allow a custom "ar" for cross-compilation. Our previous build + script had used the $AR environment variable in most places, but + it missed one. Fixes bug 40369; bugfix on 0.4.5.1-alpha. + + o Minor bugfixes (channel, DoS, backport from 0.4.6.2-alpha): + - Fix a non-fatal BUG() message due to a too-early free of a string, + when listing a client connection from the DoS defenses subsystem. + Fixes bug 40345; bugfix on 0.4.3.4-rc. + + o Minor bugfixes (compiler warnings, backport from 0.4.6.3-rc): + - Fix an indentation problem that led to a warning from GCC 11.1.1. + Fixes bug 40380; bugfix on 0.3.0.1-alpha. + + o Minor bugfixes (controller, backport from 0.4.6.1-alpha): + - Fix a "BUG" warning that would appear when a controller chooses + the first hop for a circuit, and that circuit completes. Fixes bug + 40285; bugfix on 0.3.2.1-alpha. + + o Minor bugfixes (onion service, client, memory leak, backport from 0.4.6.3-rc): + - Fix a bug where an expired cached descriptor could get overwritten + with a new one without freeing it, leading to a memory leak. Fixes + bug 40356; bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (testing, BSD, backport from 0.4.6.2-alpha): + - Fix pattern-matching errors when patterns expand to invalid paths + on BSD systems. Fixes bug 40318; bugfix on 0.4.5.1-alpha. Patch by + Daniel Pinto. + + Changes in version 0.3.5.14 - 2021-03-16 Tor 0.3.5.14 backports fixes for two important denial-of-service bugs in earlier versions of Tor. |