diff options
Diffstat (limited to 'ReleaseNotes')
-rw-r--r-- | ReleaseNotes | 276 |
1 files changed, 276 insertions, 0 deletions
diff --git a/ReleaseNotes b/ReleaseNotes index 670d8fb89a..7e5dce10e8 100644 --- a/ReleaseNotes +++ b/ReleaseNotes @@ -2,6 +2,282 @@ This document summarizes new features and bugfixes in each stable release of Tor. If you want to see more detailed descriptions of the changes in each development snapshot, see the ChangeLog file. +Changes in version 0.4.9.1-alpha - 2024-12-03 + This is the first alpha of the 0.4.9.x series. This release mostly consists + of bugfixes including some major ones. There are several minor features in + this release but no large new subsystem. Most of the fixes in this release + are already in 0.4.8.x stable series. + + o Major bugfixes (circuit building): + - Conflux circuit building was ignoring the "predicted ports" + feature, which aims to make Tor stop building circuits if there + have been no user requests lately. This bug led to every idle Tor + on the network building and discarding circuits every 30 seconds, + which added overall load to the network, used bandwidth and + battery from clients that weren't actively using their Tor, and + kept sockets open on guards which added connection padding + essentially forever. Fixes bug 40981; bugfix on 0.4.8.1-alpha; + + o Major bugfixes (conflux): + - Fix an issue that prevented us from pre-building more conflux sets + after existing sets had been used. Fixes bug 40862; bugfix + on 0.4.8.1-alpha. + + o Major bugfixes (guard usage): + - When Tor excluded a guard due to temporary circuit restrictions, + it considered *additional* primary guards for potential usage by + that circuit. This could result in more than the specified number + of guards (currently 2) being used, long-term, by the tor client. + This could happen when a Guard was also selected as an Exit node, + but it was exacerbated by the Conflux guard restrictions. Both + instances have been fixed. Fixes bug 40876; bugfix + on 0.3.0.1-alpha. + + o Major bugfixes (onion service): + - Fix a reliability issue where services were expiring their + introduction points every consensus update. This caused + connectivity issues for clients caching the old descriptor and + intro points. Bug reported and fixed by gitlab user + @hyunsoo.kim676. Fixes bug 40858; bugfix on 0.4.7.5-alpha. + + o Major bugfixes (onion service, TROVE-2023-006): + - Fix a possible hard assert on a NULL pointer when recording a + failed rendezvous circuit on the service side for the MetricsPort. + Fixes bug 40883; bugfix on 0.4.8.1-alpha + + o Major bugfixes (sandbox): + - Fix sandbox to work on architectures that use Linux's generic + syscall interface, extending support for AArch64 (ARM64) and + adding support for RISC-V, allowing test_include.sh and the + sandbox unit tests to pass on these systems even when building + with fragile hardening enabled. Fixes bugs 40465 and 40599; bugfix + on 0.2.5.1-alpha. + + o Major bugfixes (TROVE-2023-004, relay): + - Mitigate an issue when Tor compiled with OpenSSL can crash during + handshake with a remote relay. Fixes bug 40874; bugfix + on 0.2.7.2-alpha. + + o Major bugfixes (TROVE-2023-007, exit): + - Improper error propagation from a safety check in conflux leg + linking lead to a desynchronization of which legs were part of a + conflux set, ultimately causing a UAF and NULL pointer dereference + crash on Exit relays. Fixes bug 40897; bugfix on 0.4.8.1-alpha. + + o Minor feature (authority): + - Reject 0.4.7.x series at the authority level. Closes ticket 40896. + + o Minor feature (bridges, pluggable transport): + - Add STATUS TYPE=version handler for Pluggable Transport. This + allows us to gather version statistics on Pluggable Transport + usage from bridge servers on our metrics portal. Closes + ticket 11101. + + o Minor feature (defense in depth): + - Verify needle is smaller than haystack before calling memmem. + Closes ticket 40854. + + o Minor feature (dirauth): + - Add back faravahar with a new address and new keys. Closes 40689. + + o Minor feature (dirauth, tor26): + - New IP address and keys. + + o Minor feature (directory authority): + - Allow BandwidthFiles "node_id" KeyValue without the dollar sign at + the start of the hexdigit, in order to easier database queries + combining Tor documents in which the relays fingerprint does not + include it. Fixes bug 40891; bugfix on 0.4.7 (all supported + versions of Tor). + - Introduce MinimalAcceptedServerVersion to allow modification of + minimal accepted version for relays without requiring a new tor + release. Closes ticket 40817. + + o Minor feature (exit policies): + - Implement reevaluating new exit policy against existing + connections. This is controlled by new config option + ReevaluateExitPolicy, defaulting to 0. Closes ticket 40676. + + o Minor feature (exit relay, DoS resitance): + - Implement a token-bucket based rate limiter for stream creation + and resolve request. It is configured by the DoSStream* family of + configuration options. Closes ticket 40736. + + o Minor feature (metrics port): + - New metrics on the MetricsPort for the number of BUG() that + occurred at runtime. Closes MR 760. + + o Minor feature (metrics port, relay): + - Add new metrics for relays on the MetricsPort namely the count of + drop cell, destroy cell and the number of circuit protocol + violation seen that lead to a circuit close. Closes ticket 40816. + + o Minor feature (testing): + - test-network now unconditionally includes IPv6 instead of trying + to detect IPv6 support. + + o Minor feature (testing, CI): + - Use a fixed version of chutney (be881a1e) instead of its current + HEAD. This version should also be preferred when testing locally. + + o Minor features (debugging, compression): + - Log the input and output buffer sizes when we detect a potential + compression bomb. Diagnostic for ticket 40739. + + o Minor features (forward-compatibility): + - We now correctly parse microdescriptors and router descriptors + that do not include TAP onion keys. (For backward compatibility, + authorities continue to require these keys.) Implements part of + proposal 350. + + o Minor features (portability, android): + - Use /data/local/tmp for data storage on Android by default. Closes + ticket 40487. Patch from Hans-Christoph Steiner. + + o Minor features (SOCKS): + - Detect invalid SOCKS5 username/password combinations according to + new extended parameters syntax. (Currently, this rejects any + SOCKS5 username beginning with "<torS0X>", except for the username + "<torS0X>0". Such usernames are now reserved to communicate + additional parameters with other Tor implementations.) Implements + proposal 351. + + o Minor bugfix (circuit): + - Remove a log_warn being triggered by a protocol violation that + already emits a protocol warning log. Fixes bug 40932; bugfix + on 0.4.8.1-alpha. + + o Minor bugfix (defensive programming): + - Disable multiple BUG warnings of a missing relay identity key when + starting an instance of Tor compiled without relay support. Fixes + bug 40848; bugfix on 0.4.3.1-alpha. + + o Minor bugfix (MetricsPort, relay): + - Handle rephist tracking of ntor and ntor_v3 handshakes + individually such that MetricsPort exposes the correct values. + Fixes bug 40638; bugfix on 0.4.7.11. + + o Minor bugfix (NetBSD, compilation): + - Fix compilation issue on NetBSD by avoiding an unnecessary + dependency on "huge" page mappings in Equi-X. Fixes bug 40843; + bugfix on 0.4.8.1-alpha. + + o Minor bugfix (NetBSD, testing): + - Fix test failures in "crypto/hashx" and "slow/crypto/equix" on + x86_64 and aarch64 NetBSD hosts, by adding support for + PROT_MPROTECT() flags. Fixes bug 40844; bugfix on 0.4.8.1-alpha. + + o Minor bugfix (process): + - Avoid closing all possible FDs when spawning a process (PT). On + some systems, this could lead to 3+ minutes hang. Fixes bug 40990; + bugfix on 0.3.5.1-alpha. + + o Minor bugfix (relay, sandbox): + - Disable a sandbox unit test that is failing on Debian Sid breaking + our nightly packages. Fixes bug 40918; bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (bridge authority): + - When reporting a pseudo-networkstatus as a bridge authority, or + answering "ns/purpose/*" controller requests, include accurate + published-on dates from our list of router descriptors. Fixes bug + 40855; bugfix on 0.4.8.1-alpha. + + o Minor bugfixes (bridge): + - Don't warn when BridgeRelay is 1 and ExitRelay is explicitly set + to 0. Fixes bug 40884; bugfix on 0.4.8.3-rc. + + o Minor bugfixes (bridges, statistics): + - Correctly report statistics for client count over Pluggable + transport. Fixes bug 40871; bugfix on 0.4.8.4 + + o Minor bugfixes (compiler warnings): + - Make sure the two bitfields in the half-closed edge struct are + unsigned, as we're using them for boolean values and assign 1 to + them. Fixes bug 40911; bugfix on 0.4.7.2-alpha. + + o Minor bugfixes (compression, zstd): + - Use less frightening language and lower the log-level of our run- + time ABI compatibility check message in our Zstd compression + subsystem. Fixes bug 40815; bugfix on 0.4.3.1-alpha. + + o Minor bugfixes (conflux): + - Avoid a potential hard assert (crash) when sending a cell on a + Conflux set. Fixes bug 40921; bugfix on 0.4.8.1-alpha. + - Demote a relay-side warn about too many legs to ProtocolWarn, as + there are conditions that it can briefly happen during set + construction. Also add additional set logging details for all + error cases. Fixes bug 40841; bugfix on 0.4.8.1-alpha. + - Make sure we don't process a closed circuit when packaging data. + This lead to a non fatal BUG() spamming logs. Fixes bug 40908; + bugfix on 0.4.8.1-alpha. + - Prevent non-fatal assert stacktrace caused by using conflux sets + during their teardown process. Fixes bug 40842; bugfix + on 0.4.8.1-alpha. + + o Minor bugfixes (conflux, client): + - Avoid a non fatal assert caused by data coming in on a conflux set + that is being freed during shutdown. Fixes bug 40870; bugfix + on 0.4.8.1-alpha. + + o Minor bugfixes (directory authorities): + - Add a warning when publishing a vote or signatures to another + directory authority fails. Fixes bug 40910; bugfix + on 0.2.0.3-alpha. + + o Minor bugfixes (directory authority): + - Look at the network parameter "maxunmeasuredbw" with the correct + spelling. Fixes bug 40869; bugfix on 0.4.6.1-alpha. + + o Minor bugfixes (memleak, authority): + - Fix a small memleak when computing a new consensus. This only + affects directory authorities. Fixes bug 40966; bugfix + on 0.3.5.1-alpha. + + o Minor bugfixes (memory): + - Fix a pointer free that wasn't set to NULL afterwards which could + be reused by calling back in the free all function. Fixes bug + 40989; bugfix on 0.4.8.13. + - Fix memory leaks of the CPU worker code during shutdown. Fixes bug + 833; bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (sandbox, bwauth): + - Fix sandbox to work for bandwidth authority. Fixes bug 40933; + bugfix on 0.2.2.1-alpha + + o Minor bugfixes (testing): + - Enabling TestingTorNetwork no longer forces fast hidden service + intro point rotation. This reduces noise and errors when using + hidden services with TestingTorNetwork enabled. Fixes bug 40922; + bugfix on 0.3.2.1-alpha. + + o Minor bugfixes (tor-resolve): + - Create socket with correct family as given by sockshost, fixes + IPv6. Fixes bug 40982; bugfix on 0.4.9.0-alpha. + + o Minor bugfixes (vanguards addon support): + - Count the conflux linked cell as valid when it is successfully + processed. This will quiet a spurious warn in the vanguards addon. + Fixes bug 40878; bugfix on 0.4.8.1-alpha. + + o Removed features: + - Directory authorities no longer support consensus methods before + method 32. Closes ticket 40835. + + o Removed features (directory authority): + - We include a new consensus method that removes support for + computing "package" lines in consensus documents. This feature was + never used, and support for including it in our votes was removed + in 0.4.2.1-alpha. Finishes implementation of proposal 301. + + o Removed features (obsolete): + - Relays no longer support the obsolete TAP circuit extension + protocol. (For backward compatibility, however, relays still + continue to include TAP keys in their descriptors.) Implements + part of proposal 350. + - Removed some vestigial code for selecting the TAP circuit + extension protocol. + + Changes in version 0.4.8.12 - 2024-06-06 This is a minor release with couple bugfixes affecting conflux and logging. We also have the return of faravahar directory authority with new keys and |