From 39733d72ed190759da4b647566ecf45f2b51310d Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Thu, 22 Sep 2016 18:22:33 -0400 Subject: sort entries into a changelog. --- ChangeLog | 218 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 218 insertions(+) diff --git a/ChangeLog b/ChangeLog index d273b62bc8..b5d5985c39 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,221 @@ +Changes in version 0.2.9.3-alpha - 2016-09-2? + Tor 0.2.9.3-alpha adds improved support for entities that + want to make high-performance services available through the Tor .onion + mechanism without themselves receiving anonymity as they host those + services. It also tries harder to ensure that all steps on a circuit are + using the strongest crypto possible, strengthens some TLS properties, and + resolves several bugs -- including a pair of crash bugs from the 0.2.8 + series. Anybody running an earlier version of 0.2.9.x should upgrade. + + XXXXX Add items from the 0.2.8.8 changelog. + + o Major features (circuit building, security): + - Authorities, relays and clients specifically check that each + descriptor has an ntor key. + - Circuit-building code assumes that all hops can use ntor, + except for rare hidden service protocol cases. + - Client code never chooses nodes without ntor keys: they will not + be selected during circuit-building, or as guards, or as directory + mirrors, or as introduction or rendezvous points. + - Clients avoid downloading a descriptor if the relay version is + too old to support ntor. + - Tor authorities, relays, and clients only use ntor, except for + rare cases in the hidden service protocol. + + o Major features (onion services): + - Add experimental HiddenServiceSingleHopMode and + HiddenServiceNonAnonymousMode options. When both are set to 1, every + hidden service on a tor instance becomes a non-anonymous Single Onion + Service. Single Onions make one-hop (direct) connections to their + introduction and renzedvous points. One-hop circuits make Single Onion + servers easily locatable, but clients remain location-anonymous. + This is compatible with the existing hidden service implementation, and + works on the current tor network without any changes to older relays or + clients. + Implements proposal 260, completes ticket 17178. Patch by teor and asn. + + o Major features (resource management): + - Tor now includes support for noticing when we are about to run out of + sockets, and preemptively closing connections of lower priority. + (This feature is off by default for now, since the current prioritizing + method is not mature enough yet. You can enable it by setting + "DisableOOSCheck 0".) Closes ticket 18640. + + o Major bugfixes (circuit building): + - Hidden service client-to-intro-point and service-to-rendezvous-point + cicruitss use the TAP key supplied by the protocol, to avoid + epistemic attacks. + Fixes bug 19163; bugfix on 0.2.4.18-rc. + + o Major bugfixes (compilation, OpenBSD): + - Fix a Libevent-detection bug in our autoconf script that would + prevent Tor from linking successfully on OpenBSD. Patch from + rubiate. Fixes bug 19902; bugfix on 0.2.9.1-alpha. + + o Major bugfixes (hidden services): + - Clients require hidden services to include the TAP keys + for their intro points in the hidden service descriptor. + This prevents an inadvertent upgrade to ntor, which a + malicious hidden service could use to discover which + consensus a client has. + Fixes bug 20012; bugfix on 0.2.4.8-alpha. Patch by teor. + + o Minor feature (port flags): + - Add *Port flags NoDNSRequest and NoOnionTraffic, and + the synthetic flag OnionTrafficOnly, which is equivalent to + NoDNSRequest, NoIPv4Traffic, and NoIPv6Traffic. + Closes enhancement 18693; patch by "teor". + + o Minor features (testing, ipv6): + - Add the single-onion and single-onion-ipv6 chutney targets to + make test-network-all. This requires a recent chutney version + with the single onion network flavours (git c72a652 or later). + Closes ticket 20072; patch by teor. + - Add the hs-ipv6 chutney target to make test-network-all's IPv6 + tests. Remove bridges+hs, as it's somewhat redundant. + This requires a recent chutney version that supports IPv6 clients, + relays, and authorities. + Closes ticket 20069; patch by teor. + + o Minor features (directory authority): + - After voting, if the authorities decide that a relay is not "Valid", + they no longer include it in the consensus at all. Closes ticket + 20002; implements part of proposal 272. + + o Minor features (security, TLS): + - Servers no longer support clients that do not provide AES + ciphersuites. (3DES is no longer considered an acceptable + cipher.) We believe that no such clients currently exist, + since we have required OpenSSL 0.9.7 or later since 2009. + Closes ticket 19998. + + o Minor features (testing): + - Disable memory protections on OpenBSD when testing memwipe(). + The test deliberately invokes undefined behaviour which the + protections interfere with. Patch from "rubiate". Closes ticket + 20066. + + o Minor features (Tor2web): + - Make Tor2web clients respect ReachableAddresses. + This feature was inadvertently enabled in 0.2.8.6, then removed + by bugfix 19973 on 0.2.8.7. + Implements feature 20034. Patch by teor. + + o Minor features (unit tests): + - Our link-handshake unit tests now check, that when invalid + handshakes fail, they fail with the error messages we + expected. + - Our unit testing code that captures log messages no longer prevents + them from being written out if the user asked for them (by passing + --debug or --info or or --notice --warn to the "test" binary). This + change will prevent us from missing unexpected log messages simply + because we were looking for others. Related to ticket 19999. + - The unit tests now log all warning messages with the "BUG" flag. + Previously, they only logged errors by default. This change will + help us make our testing code more correct, and make sure that + we only hit this code when we mean to. This is preparatory work + for ticket 19999. + - The unit tests now treat any failure of a "tor_assert_nonfatal()" + assertion as a test failure. + - We've done significant work to make the unit tests run faster. + + o Minor bug fixes (circuits): + - Use CircuitBuildTimeout whenever LearnCircuitBuildTimeout is disabled. + Fixes bug 19678; bugfix on commit 5b0b51ca3 in 0.2.4.12-alpha. Patch by teor. + + o Minor bugfixes (options): + - Check the consistency of UseEntryGuards and EntryNodes more reliably. + Fixes bug 20074; bugfix on commit 686aaa5c in tor-0.2.4.12-alpha. Patch by teor. + - Stop changing the configured value of UseEntryGuards on authorities + and Tor2web clients. + Fixes bug 20074; bugfix on commits 51fc6799 in tor-0.1.1.16-rc and + acda1735 in tor-0.2.4.3-alpha. Patch by teor. + + o Minor bugfixes (Tor2web): + - Prevent Tor2web clients running hidden services, these services are + not anonymous due to the one-hop client paths. + Fixes bug 19678. Patch by teor. + + o Minor bugfixes (allocation): + - Change how we allocate memory for large chunks on buffers, to avoid + a (currently impossible) integer overflow, and to waste less space + when allocating unusually large chunks. Fixes bug 20081; bugfix on + 0.2.0.16-alpha. Issue identified by Guido Vranken. + - Always include orconfig.h before including any other C headers. + Sometimes, it includes macros that affect the behavior of the + standard headers. Fixes bug 19767; bugfix on 0.2.9.1-alpha (the first + version to use AC_USE_SYSTEM_EXTENSIONS). + - Fix a syntax error in the IF_BUG_ONCE__() macro in non- + GCC-compatible compilers. Fixes bug 20141; bugfix on + 0.2.9.1-alpha. Patch from Gisle Vanem. + - Stop trying to build with Clang 4.0's -Wthread-safety + warnings. They apparently require a set of annotations that we + aren't currently using, and they create false positives in our + pthreads wrappers. Fixes bug 20110; bugfix on 0.2.9.1-alpha. + + o Minor bugfixes (directory authority): + - Die with a useful error when the operator forgets to place the + authority_signing_key file into the keys directory. This avoids an + uninformative assert & traceback about having an invalid key. + Fixes bug 20065; bugfix on 0.2.0.1-alpha. + - When allowing private addresses, mark Exits that only exit to + private locations as such. Fixes bug 20064; bugfix on + 0.2.2.9-alpha. + + o Minor bugfixes (documentation): + - Document the default PathsNeededToBuildCircuits value that's + used by clients when the directory authorities don't set + min_paths_for_circs_pct. + Fixes bug 20117; bugfix on 02c320916e02 in tor-0.2.4.10-alpha. + Patch by teor, reported by Jesse V. + - Fix manual for the User option: it takes a username, not a UID. + Fixes bug 19122; bugfix on 0.0.2pre16 (the first version to have + a manpage!). + + o Minor bugfixes (hidden services): + - Stop logging intro point details to the client log on + certain error conditions. + Fixed as part of bug 20012; bugfix on 0.2.4.8-alpha. + Patch by teor. + + o Minor bugfixes (IPv6, testing): + - Check for IPv6 correctly on Linux when running test networks. + Fixes bug 19905; bugfix on 0.2.7.3-rc; patch by teor. + + o Minor bugfixes (Linux seccomp2 sandbox): + - Add permission to run the sched_yield() and sigaltstack() system + calls, in order to support versions of Tor compiled with + asan or ubsan code that use these calls. Now "sandbox 1" and + "--enable-expensive-hardening" should be compatible. + Fixes bug 20063; bugfix on 0.2.5.1-alpha. + + o Minor bugfixes (logging): + - When logging a message from the BUG() macro, be explicit about what + we were asserting. Previously we were confusing what we were asserting + with what the bug was. Fixes bug 20093; bugfix on 0.2.9.1-alpha. + - When we are unable to remove the bw_accounting file, do not warn + if the reason we couldn't remove it was that it didn't exist. + Fixes bug 19964; bugfix on 0.2.5.4-alpha. Patch + from 'pastly'. + + o Minor bugfixes (option parsing): + - Count unix sockets when counting client listeners (SOCKS, Trans, + NATD, and DNS). This has no user-visible behaviour changes: these + options are set once, and never read. + Required for correct behaviour in ticket 17178. + Fixes bug 19677; bugfix on 0.2.6.3-alpha. Patch by teor. + + o Minor bugfixes (unit tests): + - Fix shared random unit test that was failing on big endian architecture + due to internal representation of a integer copied to a buffer. The test + is changed to take a full 32 bytes of data and use the output of a + python script that make the COMMIT and REVEAL calculation according to + the spec. Fixes bug 19977; bugfix on tor-0.2.9.1-alpha. + - The tor_tls_server_info_callback unit test no longer crashes when + debug-level logging is turned on. Fixes bug 20041; bugfix on + 0.2.8.1-alpha. + + Changes in version 0.2.9.2-alpha - 2016-08-24 Tor 0.2.9.2-alpha continues development of the 0.2.9 series with several new features and bugfixes. It also includes an important -- cgit v1.2.3-54-g00ecf