From 799bab410b99f1a569acf8a817c9170ad529a4ed Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Fri, 12 Feb 2021 14:13:06 -0500 Subject: Sort the 0.4.5.6 release notes. --- ReleaseNotes | 264 ++++++++++++++++++++++++++++------------------------------- 1 file changed, 127 insertions(+), 137 deletions(-) diff --git a/ReleaseNotes b/ReleaseNotes index da49672b2f..9accb4b658 100644 --- a/ReleaseNotes +++ b/ReleaseNotes @@ -5,151 +5,15 @@ changes in each development snapshot, see the ChangeLog file. Changes in version 0.4.5.6 - 2021-02-15 BLURB - Below are the changes since 0.4.4.XX. For a list only of the changes + Below are the changes since 0.4.4.5. For a list only of the changes since 0.4.5.5-rc, see the ChangeLog file. - o Minor bugfixes (logging): - - Avoid a spurious log message about missing subprotocol versions, - when the consensus that we're reading from is older than the - current release. Previously we had made this message nonfatal, but - in practice, it is never relevant when the consensus is older than - the current release. Fixes bug 40281; bugfix on 0.4.0.1-alpha. - o Major feature (exit): - Re-entry into the network is now denied at the Exit level to all relays' ORPorts and authorities' ORPorts and DirPorts. This change should help mitgate a set of denial-of-service attacks. Closes ticket 2667. - o Major bugfixes (directory cache, performance, windows): - - Limit the number of items in the consensus diff cache to 64 on - Windows. We hope this will mitigate an issue where Windows relay - operators reported Tor using 100% CPU, while we investigate better - solutions. Fixes bug 24857; bugfix on 0.3.1.1-alpha. - - o Minor feature (build system): - - New "make lsp" command to generate the compile_commands.json file - used by the ccls language server. The "bear" program is needed for - this. Closes ticket 40227. - - o Minor features (authority, logging): - - Log more information for directory authority operators during the - consensus voting process, and while processing relay descriptors. - Closes ticket 40245. - - o Minor bugfixes (compilation): - - Change the linker flag ordering in our library search code so that - it works for compilers that need the libraries to be listed in the - right order. Fixes bug 33624; bugfix on 0.1.1.0-alpha. - - o Minor bugfixes (onion services): - - Avoid a non-fatal assertion in certain edge-cases when - establishing a circuit to an onion service. Fixes bug 32666; - bugfix on 0.3.0.3-alpha. - - - o Major bugfixes (onion service v3): - - Stop requiring a live consensus for v3 clients and services, and - allow a "reasonably live" consensus instead. This allows v3 onion - services to work even if the authorities fail to generate a - consensus for more than 2 hours in a row. Fixes bug 40237; bugfix - on 0.3.5.1-alpha. - - o Minor features (crypto): - - Fix undefined behavior on our Keccak library. The bug only - appeared on platforms with 32-byte CPU cache lines (e.g. armv5tel) - and would result in wrong digests. Fixes bug 40210; bugfix on - 0.2.8.1-alpha. Thanks to Bernhard Übelacker, Arnd Bergmann and - weasel for diagnosing this. - - o Minor features (documentation): - - Mention the "!badexit" directive that can appear in an authority's - approved-routers file, and update the description of the - "!invalid" directive. Closes ticket 40188. - - o Minor bugfixes (compilation): - - Fix a compilation warning about unreachable fallthrough - annotations when building with "--enable-all-bugs-are-fatal" on - some compilers. Fixes bug 40241; bugfix on 0.3.5.4-alpha. - - Fix the "--enable-static-tor" switch to properly set the "-static" - compile option onto the tor binary only. Fixes bug 40111; bugfix - on 0.2.3.1-alpha. - - o Minor bugfixes (SOCKS5): - - Handle partial SOCKS5 messages correctly. Previously, our code - would send an incorrect error message if it got a SOCKS5 request - that wasn't complete. Fixes bug 40190; bugfix on 0.3.5.1-alpha. - - - - o Major bugfixes (relay, windows): - - Fix a bug in our implementation of condition variables on Windows. - Previously, a relay on Windows would use 100% CPU after running - for some time. Because of this change, Tor now require Windows - Vista or later to build and run. Fixes bug 30187; bugfix on - 0.2.6.3-alpha. (This bug became more serious in 0.3.1.1-alpha with - the introduction of consensus diffs.) Patch by Daniel Pinto. - - o Minor features (compilation): - - Disable deprecation warnings when building with OpenSSL 3.0.0 or - later. There are a number of APIs newly deprecated in OpenSSL - 3.0.0 that Tor still requires. (A later version of Tor will try to - stop depending on these APIs.) Closes ticket 40165. - - o Minor features (protocol, proxy support, defense in depth): - - Respond more deliberately to misbehaving proxies that leave - leftover data on their connections, so as to make Tor even less - likely to allow the proxies to pass their data off as having come - from a relay. Closes ticket 40017. - - o Minor features (safety): - - Log a warning at startup if Tor is built with compile-time options - that are likely to make it less stable or reliable. Closes - ticket 18888. - - o Minor bugfixes (circuit, handshake): - - In the v3 handshaking code, use connection_or_change_state() to - change the state. Previously, we changed the state directly, but - this did not pass the state change to the pubsub or channel - objects, potentially leading to bugs. Fixes bug 32880; bugfix on - 0.2.3.6-alpha. Patch by Neel Chauhan. - - o Minor bugfixes (configuration): - - Exit Tor on a misconfiguration when the Bridge line is configured - to use a transport but no corresponding ClientTransportPlugin can - be found. Prior to this fix, Tor would attempt to connect to the - bridge directly without using the transport, making it easier for - adversaries to notice the bridge. Fixes bug 25528; bugfix - on 0.2.6.1-alpha. - - o Minor bugfixes (crash, relay, signing key): - - Avoid assertion failures when we run Tor from the command line - with `--key-expiration sign`, but an ORPort is not set. Fixes bug - 40015; bugfix on 0.3.2.1-alpha. Patch by Neel Chauhan. - - o Minor bugfixes (logging): - - Remove trailing whitespace from control event log messages. Fixes - bug 32178; bugfix on 0.1.1.1-alpha. Based on a patch by - Amadeusz Pawlik. - - Turn warning-level log message about SENDME failure into a debug- - level message. (This event can happen naturally, and is no reason - for concern). Fixes bug 40142; bugfix on 0.4.1.1-alpha. - - o Minor bugfixes (testing): - - Fix the `config/parse_tcp_proxy_line` test so that it works - correctly on systems where the DNS provider hijacks invalid - queries. Fixes part of bug 40179; bugfix on 0.4.3.1-alpha. - - Fix our Python reference-implementation for the v3 onion service - handshake so that it works correctly with the version of hashlib - provided by Python 3.9. Fixes part of bug 40179; bugfix - on 0.3.1.6-rc. - - Fix the `tortls/openssl/log_one_error` test to work with OpenSSL - 3.0.0. Fixes bug 40170; bugfix on 0.2.8.1-alpha. - - o Removed features (controller): - - Remove the "GETINFO network-status" controller command. It has - been deprecated since 0.3.1.1-alpha. Closes ticket 22473. - o Major features (build): - When building Tor, first link all object files into a single static library. This may help with embedding Tor in other @@ -163,6 +27,7 @@ Changes in version 0.4.5.6 - 2021-02-15 the moment, the only supported output format is Prometheus data model. Closes ticket 40063. See the manual page for more information and security considerations. + o Major features (relay, IPv6): - The torrc option Address now supports IPv6. This unifies our address discovery interface to support IPv4, IPv6, and hostnames. @@ -195,6 +60,27 @@ Changes in version 0.4.5.6 - 2021-02-15 circuits on an existing channel. Fixes bug 40080; bugfix on 0.2.7.2-alpha. Resolves TROVE-2020-005. + o Major bugfixes (directory cache, performance, windows): + - Limit the number of items in the consensus diff cache to 64 on + Windows. We hope this will mitigate an issue where Windows relay + operators reported Tor using 100% CPU, while we investigate better + solutions. Fixes bug 24857; bugfix on 0.3.1.1-alpha. + + o Major bugfixes (onion service v3): + - Stop requiring a live consensus for v3 clients and services, and + allow a "reasonably live" consensus instead. This allows v3 onion + services to work even if the authorities fail to generate a + consensus for more than 2 hours in a row. Fixes bug 40237; bugfix + on 0.3.5.1-alpha. + + o Major bugfixes (relay, windows): + - Fix a bug in our implementation of condition variables on Windows. + Previously, a relay on Windows would use 100% CPU after running + for some time. Because of this change, Tor now require Windows + Vista or later to build and run. Fixes bug 30187; bugfix on + 0.2.6.3-alpha. (This bug became more serious in 0.3.1.1-alpha with + the introduction of consensus diffs.) Patch by Daniel Pinto. + o Major bugfixes (TLS, buffer): - When attempting to read N bytes on a TLS connection, really try to read all N bytes. Previously, Tor would stop reading after the @@ -202,6 +88,11 @@ Changes in version 0.4.5.6 - 2021-02-15 and not check for more data until the next mainloop event. Fixes bug 40006; bugfix on 0.1.0.5-rc. + o Minor feature (build system): + - New "make lsp" command to generate the compile_commands.json file + used by the ccls language server. The "bear" program is needed for + this. Closes ticket 40227. + o Minor features (address discovery): - If no Address statements are found, relays now prioritize guessing their address by looking at the local interface instead of the @@ -214,6 +105,11 @@ Changes in version 0.4.5.6 - 2021-02-15 timestamp format support. Patch by Daniel Pinto. Closes ticket 30045. + o Minor features (authority, logging): + - Log more information for directory authority operators during the + consensus voting process, and while processing relay descriptors. + Closes ticket 40245. + o Minor features (bootstrap reporting): - When reporting bootstrapping status on a relay, do not consider connections that have never been the target of an origin circuit. @@ -228,6 +124,12 @@ Changes in version 0.4.5.6 - 2021-02-15 - If the configure script has given any warnings, remind the user about them at the end of the script. Related to 40138. + o Minor features (compilation): + - Disable deprecation warnings when building with OpenSSL 3.0.0 or + later. There are a number of APIs newly deprecated in OpenSSL + 3.0.0 that Tor still requires. (A later version of Tor will try to + stop depending on these APIs.) Closes ticket 40165. + o Minor features (configuration): - Allow using wildcards (* and ?) with the %include option on configuration files. Closes ticket 25140. Patch by Daniel Pinto. @@ -255,6 +157,13 @@ Changes in version 0.4.5.6 - 2021-02-15 address. We keep "GETINFO address" for backwards-compatibility. Closes ticket 40039. Patch by Neel Chauhan. + o Minor features (crypto): + - Fix undefined behavior on our Keccak library. The bug only + appeared on platforms with 32-byte CPU cache lines (e.g. armv5tel) + and would result in wrong digests. Fixes bug 40210; bugfix on + 0.2.8.1-alpha. Thanks to Bernhard Übelacker, Arnd Bergmann and + weasel for diagnosing this. + o Minor features (directory authorities): - Authorities now list a different set of protocols as required and recommended. These lists have been chosen so that only truly @@ -286,6 +195,11 @@ Changes in version 0.4.5.6 - 2021-02-15 servers list. Authorities previously added only their IPv4 addresses. Closes ticket 32822. + o Minor features (documentation): + - Mention the "!badexit" directive that can appear in an authority's + approved-routers file, and update the description of the + "!invalid" directive. Closes ticket 40188. + o Minor features (ed25519, relay): - Save a relay's base64-encoded ed25519 identity key to the data directory in a file named fingerprint-ed25519. Closes ticket @@ -324,6 +238,12 @@ Changes in version 0.4.5.6 - 2021-02-15 pluggable transport honors this option, so each pluggable transport needs to implement support on its own. Closes ticket 5304. + o Minor features (protocol, proxy support, defense in depth): + - Respond more deliberately to misbehaving proxies that leave + leftover data on their connections, so as to make Tor even less + likely to allow the proxies to pass their data off as having come + from a relay. Closes ticket 40017. + o Minor features (relay address tracking): - We now store relay addresses for OR connections in a more logical way. Previously we would sometimes overwrite the actual address of @@ -358,6 +278,11 @@ Changes in version 0.4.5.6 - 2021-02-15 - When launching IPv6 ORPort self-test circuits, make sure that the second-last hop can initiate an IPv6 extend. Closes ticket 33222. + o Minor features (safety): + - Log a warning at startup if Tor is built with compile-time options + that are likely to make it less stable or reliable. Closes + ticket 18888. + o Minor features (specification update): - Several fields in microdescriptors, router descriptors, and consensus documents that were formerly optional are now required. @@ -417,6 +342,13 @@ Changes in version 0.4.5.6 - 2021-02-15 circuit padding again after the machines have already completed. Fixes bug 32040; bugfix on 0.4.1.1-alpha. + o Minor bugfixes (circuit, handshake): + - In the v3 handshaking code, use connection_or_change_state() to + change the state. Previously, we changed the state directly, but + this did not pass the state change to the pubsub or channel + objects, potentially leading to bugs. Fixes bug 32880; bugfix on + 0.2.3.6-alpha. Patch by Neel Chauhan. + o Minor bugfixes (compatibility): - Strip '\r' characters when reading text files on Unix platforms. This should resolve an issue where a relay operator migrates a @@ -426,19 +358,52 @@ Changes in version 0.4.5.6 - 2021-02-15 extra-info document. Fixes bug 33781; bugfix on 0.0.9pre5. o Minor bugfixes (compilation): + - Change the linker flag ordering in our library search code so that + it works for compilers that need the libraries to be listed in the + right order. Fixes bug 33624; bugfix on 0.1.1.0-alpha. + - Fix a compilation warning about unreachable fallthrough + annotations when building with "--enable-all-bugs-are-fatal" on + some compilers. Fixes bug 40241; bugfix on 0.3.5.4-alpha. + - Fix the "--enable-static-tor" switch to properly set the "-static" + compile option onto the tor binary only. Fixes bug 40111; bugfix + on 0.2.3.1-alpha. - Fix compiler warnings that would occur when building with "--enable-all-bugs-are-fatal" and "--disable-module-relay" at the same time. Fixes bug 40129; bugfix on 0.4.4.1-alpha. - Resolve a compilation warning that could occur in test_connection.c. Fixes bug 40113; bugfix on 0.2.9.3-alpha. + o Minor bugfixes (configuration): + - Exit Tor on a misconfiguration when the Bridge line is configured + to use a transport but no corresponding ClientTransportPlugin can + be found. Prior to this fix, Tor would attempt to connect to the + bridge directly without using the transport, making it easier for + adversaries to notice the bridge. Fixes bug 25528; bugfix + on 0.2.6.1-alpha. + o Minor bugfixes (control port): - Make sure we send the SOCKS request address in relay begin cells when a stream is attached with the purpose CIRCUIT_PURPOSE_CONTROLLER. Fixes bug 33124; bugfix on 0.0.5. Patch by Neel Chauhan. + o Minor bugfixes (crash, relay, signing key): + - Avoid assertion failures when we run Tor from the command line + with `--key-expiration sign`, but an ORPort is not set. Fixes bug + 40015; bugfix on 0.3.2.1-alpha. Patch by Neel Chauhan. + o Minor bugfixes (logging): + - Avoid a spurious log message about missing subprotocol versions, + when the consensus that we're reading from is older than the + current release. Previously we had made this message nonfatal, but + in practice, it is never relevant when the consensus is older than + the current release. Fixes bug 40281; bugfix on 0.4.0.1-alpha. + - Remove trailing whitespace from control event log messages. Fixes + bug 32178; bugfix on 0.1.1.1-alpha. Based on a patch by + Amadeusz Pawlik. + - Turn warning-level log message about SENDME failure into a debug- + level message. (This event can happen naturally, and is no reason + for concern). Fixes bug 40142; bugfix on 0.4.1.1-alpha. - Remove a debug logging statement that uselessly spammed the logs. Fixes bug 40135; bugfix on 0.3.5.0-alpha. - When logging a rate-limited message about how many messages have @@ -448,6 +413,11 @@ Changes in version 0.4.5.6 - 2021-02-15 messages started to occur. Fixes bug 19431; bugfix on 0.2.2.16-alpha. + o Minor bugfixes (onion services): + - Avoid a non-fatal assertion in certain edge-cases when + establishing a circuit to an onion service. Fixes bug 32666; + bugfix on 0.3.0.3-alpha. + o Minor bugfixes (relay configuration, crash): - Avoid a fatal assert() when failing to create a listener connection for an address that was in use. Fixes bug 40073; bugfix @@ -468,6 +438,11 @@ Changes in version 0.4.5.6 - 2021-02-15 evidence that we're reachable on some other address. Fixes bug 20165; bugfix on 0.1.0.1-rc. + o Minor bugfixes (SOCKS5): + - Handle partial SOCKS5 messages correctly. Previously, our code + would send an incorrect error message if it got a SOCKS5 request + that wasn't complete. Fixes bug 40190; bugfix on 0.3.5.1-alpha. + o Minor bugfixes (spec conformance): - Use the correct key type when generating signing->link certificates. Fixes bug 40124; bugfix on 0.2.7.2-alpha. @@ -481,6 +456,17 @@ Changes in version 0.4.5.6 - 2021-02-15 protocols_known being set. Fixes bug 34232; bugfix on 0.3.3.2-alpha. Patch by Neel Chauhan. + o Minor bugfixes (testing): + - Fix the `config/parse_tcp_proxy_line` test so that it works + correctly on systems where the DNS provider hijacks invalid + queries. Fixes part of bug 40179; bugfix on 0.4.3.1-alpha. + - Fix our Python reference-implementation for the v3 onion service + handshake so that it works correctly with the version of hashlib + provided by Python 3.9. Fixes part of bug 40179; bugfix + on 0.3.1.6-rc. + - Fix the `tortls/openssl/log_one_error` test to work with OpenSSL + 3.0.0. Fixes bug 40170; bugfix on 0.2.8.1-alpha. + o Minor bugfixes (v2 onion services): - For HSFETCH commands on v2 onion services addresses, check the length of bytes decoded, not the base32 length. Fixes bug 34400; @@ -566,6 +552,10 @@ Changes in version 0.4.5.6 - 2021-02-15 - Document in depth the circuit subsystem trace events in the new doc/tracing/EventsCircuit.md. Closes ticket 40036. + o Removed features (controller): + - Remove the "GETINFO network-status" controller command. It has + been deprecated since 0.3.1.1-alpha. Closes ticket 22473. + Changes in version 0.4.4.6 - 2020-11-12 Tor 0.4.4.6 is the second stable release in the 0.4.4.x series. It -- cgit v1.2.3-54-g00ecf