From 328078c3a0c21bfb7a1994095ffe5e0d3da03bea Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Mon, 9 Nov 2020 16:57:57 -0500 Subject: changelog for 0.4.3.7 --- ChangeLog | 115 +++++++++++++++++++++++++++++++++++++++++++++ changes/bug31036 | 3 -- changes/bug34400 | 5 -- changes/bug40076 | 5 -- changes/bug40080 | 6 --- changes/bug40099 | 4 -- changes/parallel_unit_test | 4 -- changes/ticket33747 | 7 --- changes/ticket33880 | 6 --- changes/ticket40003 | 3 -- changes/ticket40030 | 7 --- changes/ticket40035 | 5 -- changes/ticket40061 | 5 -- changes/ticket40073 | 3 -- changes/ticket40081 | 6 --- changes/ticket40125 | 4 -- changes/ticket40126 | 4 -- changes/ticket40133 | 5 -- changes/ticket40135 | 3 -- 19 files changed, 115 insertions(+), 85 deletions(-) delete mode 100644 changes/bug31036 delete mode 100644 changes/bug34400 delete mode 100644 changes/bug40076 delete mode 100644 changes/bug40080 delete mode 100644 changes/bug40099 delete mode 100644 changes/parallel_unit_test delete mode 100644 changes/ticket33747 delete mode 100644 changes/ticket33880 delete mode 100644 changes/ticket40003 delete mode 100644 changes/ticket40030 delete mode 100644 changes/ticket40035 delete mode 100644 changes/ticket40061 delete mode 100644 changes/ticket40073 delete mode 100644 changes/ticket40081 delete mode 100644 changes/ticket40125 delete mode 100644 changes/ticket40126 delete mode 100644 changes/ticket40133 delete mode 100644 changes/ticket40135 diff --git a/ChangeLog b/ChangeLog index 7b6bd25c8b..8b7604abe3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,118 @@ +Changes in version 0.4.3.7 - 2020-11-12 + Tor 0.4.3.7 backports several bugfixes from later releases. It + includes a fix for TROVE-2020-005, a security issue that could be + used, under certain cases, by an adversary to observe traffic patterns + on a limited number of circuits intended for a different relay. + + Please be aware that support for the 0.4.3.x series will end on 15 + January 2020. Please upgrade to 0.4.4.x or 0.4.5.x before then, or + downgrade to 0.3.5.x, which will be supported until at least 1 + February 2022. + + o Major features (fallback directory list, backport form 0.4.4.3-alpha): + - Replace the 148 fallback directories originally included in Tor + 0.4.1.4-rc (of which around 105 are still functional) with a list + of 144 fallbacks generated in July 2020. Closes ticket 40061. + + o Major bugfixes (security, backport from 0.4.5.1-alpha): + - When completing a channel, relays now check more thoroughly to + make sure that it matches any pending circuits before attaching + those circuits. Previously, address correctness and Ed25519 + identities were not checked in this case, but only when extending + circuits on an existing channel. Fixes bug 40080; bugfix on + 0.2.7.2-alpha. Resolves TROVE-2020-005. + + o Major bugfixes (NSS, backport from 0.4.4.3-alpha): + - When running with NSS enabled, make sure that NSS knows to expect + nonblocking sockets. Previously, we set our TCP sockets as + nonblocking, but did not tell NSS, which in turn could lead to + unexpected blocking behavior. Fixes bug 40035; bugfix + on 0.3.5.1-alpha. + + o Minor features (security, backport from 0.4.4.4-rc): + - Channels using obsolete versions of the Tor link protocol are no + longer allowed to circumvent address-canonicity checks. (This is + only a minor issue, since such channels have no way to set ed25519 + keys, and therefore should always be rejected for circuits that + specify ed25519 identities.) Closes ticket 40081. + + o Minor features (subprotocol versions, backport from 0.4.5.1-alpha): + - Tor no longer allows subprotocol versions larger than 63. + Previously version numbers up to UINT32_MAX were allowed, which + significantly complicated our code. Implements proposal 318; + closes ticket 40133. + + o Minor features (tests, backport from 0.4.4.5): + - Our "make check" target now runs the unit tests in 8 parallel + chunks. Doing this speeds up hardened CI builds by more than a + factor of two. Closes ticket 40098. + + o Minor features (tests, v2 onion services, backport from 0.4.5.1-alpha): + - Fix a rendezvous cache unit test that was triggering an underflow + on the global rend cache allocation. Fixes bug 40125; bugfix + on 0.2.8.1-alpha. + - Fix another rendezvous cache unit test that was triggering an + underflow on the global rend cache allocation. Fixes bug 40126; + bugfix on 0.2.8.1-alpha. + + o Minor bugfixes (correctness, buffers, backport from 0.4.4.4-rc): + - Fix a correctness bug that could cause an assertion failure if we + ever tried using the buf_move_all() function with an empty input + buffer. As far as we know, no released versions of Tor do this. + Fixes bug 40076; bugfix on 0.3.3.1-alpha. + + o Minor bugfixes (logging, backport from 0.4.5.1-alpha): + - Remove a debug logging statement that uselessly spammed the logs. + Fixes bug 40135; bugfix on 0.3.5.0-alpha. + + o Minor bugfixes (rate limiting, bridges, pluggable transports, backport from 0.4.4.4-rc): + - On a bridge, treat all connections from an ExtORPort as remote by + default for the purposes of rate-limiting. Previously, bridges + would treat the connection as local unless they explicitly + received a "USERADDR" command. ExtORPort connections still count + as local if there is a USERADDR command with an explicit local + address. Fixes bug 33747; bugfix on 0.2.5.1-alpha. + + o Minor bugfixes (relay configuration, crash, backport from 0.4.5.1-alpha): + - Avoid a fatal assert() when failing to create a listener + connection for an address that was in use. Fixes bug 40073; bugfix + on 0.3.5.1-alpha. + + o Minor bugfixes (relay, usability, backport from 0.4.4.3-alpha): + - Adjust the rules for when to warn about having too many + connections to other relays. Previously we'd tolerate up to 1.5 + connections per relay on average. Now we tolerate more connections + for directory authorities, and raise the number of total + connections we need to see before we warn. Fixes bug 33880; bugfix + on 0.3.1.1-alpha. + + o Minor bugfixes (tests, 0.4.4.5): + - Fix the behavior of the rend_cache/clean_v2_descs_as_dir when run + on its own. Previously, it would exit with an error. Fixes bug + 40099; bugfix on 0.2.8.1-alpha. + + o Minor bugfixes (v2 onion services, backport from 0.4.5.1-alpha): + - For HSFETCH commands on v2 onion services addresses, check the + length of bytes decoded, not the base32 length. Fixes bug 34400; + bugfix on 0.4.1.1-alpha. Patch by Neel Chauhan. + + o Minor bugfixes (windows, backport from 0.4.4.4-rc): + - Fix a bug that prevented Tor from starting if its log file grew + above 2GB. Fixes bug 31036; bugfix on 0.2.1.8-alpha. + + o Deprecated features (onion service v2, backport form 0.4.4.2-alpha): + - Add a deprecation warning for version 2 onion services. Closes + ticket 40003. + + o Removed features (backport from 0.4.4.3-alpha): + - Our "check-local" test target no longer tries to use the + Coccinelle semantic patching tool parse all the C files. While it + is a good idea to try to make sure Coccinelle works on our C + before we run a Coccinelle patch, doing so on every test run has + proven to be disruptive. You can still run this tool manually with + "make check-cocci". Closes ticket 40030. ticket 40030. + + Changes in version 0.4.3.6 - 2020-07-09 Tor 0.4.3.6 backports several bugfixes from later releases, including some affecting usability. diff --git a/changes/bug31036 b/changes/bug31036 deleted file mode 100644 index d9921dba43..0000000000 --- a/changes/bug31036 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (windows): - - Fix a bug that prevented Tor from starting if its log file - grew above 2GB. Fixes bug 31036; bugfix on 0.2.1.8-alpha. diff --git a/changes/bug34400 b/changes/bug34400 deleted file mode 100644 index e2b56688b9..0000000000 --- a/changes/bug34400 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (v2 onion services): - - For HSFETCH commands on v2 onion services addresses, check the length of - bytes decoded, not the base32 length. This takes the behavior introduced - in commit a517daa56f5848d25ba79617a1a7b82ed2b0a7c0 into consideration. - Fixes bug 34400; bugfix on 0.4.1.1-alpha. Patch by Neel Chauhan. diff --git a/changes/bug40076 b/changes/bug40076 deleted file mode 100644 index 9ef5969ae8..0000000000 --- a/changes/bug40076 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (correctness, buffers): - - Fix a correctness bug that could cause an assertion failure if we ever - tried using the buf_move_all() function with an empty input. - As far as we know, no released versions of Tor do this. - Fixes bug 40076; bugfix on 0.3.3.1-alpha. diff --git a/changes/bug40080 b/changes/bug40080 deleted file mode 100644 index 8162466354..0000000000 --- a/changes/bug40080 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (security): - - When completing a channel, relays now check more thoroughly to make - sure that it matches any pending circuits before attaching those - circuits. Previously, address correctness and Ed25519 identities were not - checked in this case, but only when extending circuits on an existing - channel. Fixes bug 40080; bugfix on 0.2.7.2-alpha. diff --git a/changes/bug40099 b/changes/bug40099 deleted file mode 100644 index 278ede2023..0000000000 --- a/changes/bug40099 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (tests): - - Fix the behavior of the rend_cache/clean_v2_descs_as_dir when run on - its own. Previously, it would exit with an error. - Fixes bug 40099; bugfix on 0.2.8.1-alpha. diff --git a/changes/parallel_unit_test b/changes/parallel_unit_test deleted file mode 100644 index 79de28636d..0000000000 --- a/changes/parallel_unit_test +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (tests): - - Our "make check" target now runs the unit tests in 8 parallel chunks. - Doing this speeds up hardened CI builds by more than a factor of two. - Closes ticket 40098. diff --git a/changes/ticket33747 b/changes/ticket33747 deleted file mode 100644 index 57c72e9d0a..0000000000 --- a/changes/ticket33747 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes (rate limiting, bridges, pluggable transports): - - On a bridge, treat all connections from an ExtORPort as remote - by default for the purposes of rate-limiting. Previously, - bridges would treat the connection as local unless they explicitly - received a "USERADDR" command. ExtORPort connections still - count as local if there is a USERADDR command with an explicit local - address. Fixes bug 33747; bugfix on 0.2.5.1-alpha. diff --git a/changes/ticket33880 b/changes/ticket33880 deleted file mode 100644 index c1889bb134..0000000000 --- a/changes/ticket33880 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (relay, usability): - - Adjust the rules for when to warn about having too many connections - to other relays. Previously we'd tolerate up to 1.5 connections - per relay on average. Now we tolerate more connections for directory - authorities, and raise the number of total connections we need - to see before we warn. Fixes bug 33880; bugfix on 0.3.1.1-alpha. diff --git a/changes/ticket40003 b/changes/ticket40003 deleted file mode 100644 index 240f464353..0000000000 --- a/changes/ticket40003 +++ /dev/null @@ -1,3 +0,0 @@ - o Deprecated features (onion service v2): - - Add deprecation warning for onion service version 2. Tor now logs a - warning once if a version 2 service is configured. Closes ticket 40003. diff --git a/changes/ticket40030 b/changes/ticket40030 deleted file mode 100644 index c5f3ca4ff9..0000000000 --- a/changes/ticket40030 +++ /dev/null @@ -1,7 +0,0 @@ - o Removed features: - - Our "check-local" test target no longer tries to use the Coccinelle - semantic patching tool parse all the C files. While it is a good idea - to try to make sure Coccinelle works on our C before we run a - Coccinelle patch, doing so on every test run has proven to be disruptive. - You can still run this tool manually with "make check-cocci". Closes - ticket 40030. diff --git a/changes/ticket40035 b/changes/ticket40035 deleted file mode 100644 index 8cdd447199..0000000000 --- a/changes/ticket40035 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes (NSS): - - When running with NSS enabled, make sure that NSS knows to expect - nonblocking sockets. Previously, we set our TCP sockets as blocking, - but did not tell NSS about the fact, which in turn could lead to - unexpected blocking behavior. Fixes bug 40035; bugfix on 0.3.5.1-alpha. diff --git a/changes/ticket40061 b/changes/ticket40061 deleted file mode 100644 index 227664d010..0000000000 --- a/changes/ticket40061 +++ /dev/null @@ -1,5 +0,0 @@ - o Major feature (fallback directory list): - - Replace the 148 fallback directories originally included in - Tor 0.4.1.4-rc (of which around 105 are still functional) with - a list of 144 fallbacks generated in July 2020. - Closes ticket 40061. diff --git a/changes/ticket40073 b/changes/ticket40073 deleted file mode 100644 index 30b028c042..0000000000 --- a/changes/ticket40073 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (relay configuration, crash): - - Avoid a fatal assert() when failing to create a listener connection for an - address that was in use. Fixes bug 40073; bugfix on 0.3.5.1-alpha. diff --git a/changes/ticket40081 b/changes/ticket40081 deleted file mode 100644 index 683ae33518..0000000000 --- a/changes/ticket40081 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor features (security): - - Channels using obsolete versions of the Tor link protocol are no - longer allowed to circumvent address-canonicity checks. - (This is only a minor issue, since such channels have no way to - set ed25519 keys, and therefore should always be rejected.) - Closes ticket 40081. diff --git a/changes/ticket40125 b/changes/ticket40125 deleted file mode 100644 index c68e3ce7b3..0000000000 --- a/changes/ticket40125 +++ /dev/null @@ -1,4 +0,0 @@ - o Testing (onion service v2): - - Fix a rendezvous cache unit test that was triggering an underflow on the - global rend cache allocation. Fixes bug 40125; bugfix on - 0.2.8.1-alpha. diff --git a/changes/ticket40126 b/changes/ticket40126 deleted file mode 100644 index 1f5806e6cb..0000000000 --- a/changes/ticket40126 +++ /dev/null @@ -1,4 +0,0 @@ - o Testing (onion service v2): - - Fix another rendezvous cache unit test that was triggering an underflow on the - global rend cache allocation. Fixes bug 40126; bugfix on - 0.2.8.1-alpha. diff --git a/changes/ticket40133 b/changes/ticket40133 deleted file mode 100644 index 8bbe00b6b2..0000000000 --- a/changes/ticket40133 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features (protocol simplification): - - Tor no longer allows subprotocol versions larger than 63. Previously - versions up to UINT32_MAX were allowed, which significantly complicated - our code. - Implements proposal 318; closes ticket 40133. diff --git a/changes/ticket40135 b/changes/ticket40135 deleted file mode 100644 index 9b60b4f655..0000000000 --- a/changes/ticket40135 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfix (logging): - - Remove a debug logging statement that uselessly spam the logs. Fixes bug - 40135; bugfix on 0.3.5.0-alpha. -- cgit v1.2.3-54-g00ecf