From a54b269c95df23f519bf32858fac2ce2af6c5ea7 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Fri, 3 Feb 2017 10:50:36 -0500 Subject: Start on an 0.3.0.3-alpha changelog --- ChangeLog | 137 +++++++++++++++++++++++++++++ changes/21359 | 7 -- changes/bug20824 | 3 - changes/bug20980 | 4 - changes/bug21052 | 4 - changes/bug21107 | 6 -- changes/bug21108_029 | 6 -- changes/bug21128 | 5 -- changes/bug21129 | 4 - changes/bug21134 | 5 -- changes/bug21150 | 5 -- changes/bug21242 | 10 --- changes/bug21280 | 5 -- changes/bug21290 | 7 -- changes/bug21294 | 6 -- changes/bug21300 | 6 -- changes/bug21302 | 8 -- changes/bug21357 | 7 -- changes/bug21372 | 4 - changes/change_separate_exit_and_relay.txt | 3 - changes/ciphers.inc | 5 -- changes/feature20956 | 6 -- changes/feature21269 | 3 - changes/server_cipher | 3 - changes/ticket20174 | 4 - changes/ticket21356 | 4 - 26 files changed, 137 insertions(+), 130 deletions(-) delete mode 100644 changes/21359 delete mode 100644 changes/bug20824 delete mode 100644 changes/bug20980 delete mode 100644 changes/bug21052 delete mode 100644 changes/bug21107 delete mode 100644 changes/bug21108_029 delete mode 100644 changes/bug21128 delete mode 100644 changes/bug21129 delete mode 100644 changes/bug21134 delete mode 100644 changes/bug21150 delete mode 100644 changes/bug21242 delete mode 100644 changes/bug21280 delete mode 100644 changes/bug21290 delete mode 100644 changes/bug21294 delete mode 100644 changes/bug21300 delete mode 100644 changes/bug21302 delete mode 100644 changes/bug21357 delete mode 100644 changes/bug21372 delete mode 100644 changes/change_separate_exit_and_relay.txt delete mode 100644 changes/ciphers.inc delete mode 100644 changes/feature20956 delete mode 100644 changes/feature21269 delete mode 100644 changes/server_cipher delete mode 100644 changes/ticket20174 delete mode 100644 changes/ticket21356 diff --git a/ChangeLog b/ChangeLog index 59fdc51d8c..62cf13d388 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,140 @@ +Changes in version 0.3.0.3-alpha - 2017-02-03 + BLURB BLURB BLURB. + + o Major bugfixes (directory authority): + - During voting, when marking a node as a probable sybil, do not + clear its BadExit flag: sybils can still be bad in other ways + too. (We still clear the other flags.) Fixes bug 21108; bugfix + on 0.2.0.13-alpha. + - When deciding whether we have just found a router to be reachable, + do not penalize it for not having performed an Ed25519 link + handshake if it does not claim to support an Ed25519 handshake. + Previously, we would treat such relays as non-running. Fixes bug + 21107; bugfix on 0.2.3.1-alpha. + + o Major bugfixes (entry guards): + - Stop trying to build circuits through entry guards for which we + have no descriptor yet. Also, stop crashing if we *do* + accidentally try to build a circuit in such a state. Fixes bug + 21242; bugfix on 0.3.0.1-alpha. + + o Major bugfixes (IPv6 Exits): + - Stop rejecting all IPv6 traffic on Exits whose exit policy rejects + IPv6 addresses. Instead, only reject a port over IPv6 if the exit + policy rejects that port on more than an IPv6 /16 of addresses. + This bug was made worse by 17027 in 0.2.8.1-alpha, which rejects a + relay's own IPv6 address by default. Fixes bug 21357; bugfix on + commit 004f3f4e53 in 0.2.4.7-alpha. + + o Minor feature (client): + - Enable IPv6 traffic by default on the SocksPort. To disable this, + a user will have to specify "NoIPv6Traffic". Closes ticket 21269. + + o Minor feature (fallback scripts): + - Add a check_existing mode to updateFallbackDirs.py, which checks + if fallbacks in the hard-coded list are working. Closes ticket + 20174. Patch by haxxpop. + + o Minor features (ciphersuite selection): + - Allow servers to accept a wider range of ciphersuites, including + chacha20-poly1305 and AES-CCM. Closes the other part of 15426. + - Clients now advertise a list of ciphersuites closer to the ones + preferred by Firefox. Closes ticket 15426. + + o Minor features (controller, configuration): + - Each of the *Port options, such as SocksPort, ORPort, ControlPort, + and so on, now comes with a __*Port variant that will not be saved + to the torrc file by the controller's SAVECONF command. This + change allows TorBrowser to set up a single-use domain socket for + each time it launches Tor. Closes ticket 20956. + - The GETCONF command can now query options that may only be + meaningful in context-sensitive lists. This allows the controller + to query the mixed SocksPort/__SocksPort style options introduced + in feature 20956. Implements ticket 21300. + + o Minor features (portability, compilation): + - Autoconf now check to determine if OpenSSL structures are opaque, + instead of explicitly checking for OpenSSL version numbers. Part + of ticket 21359. + - Support building with recent LibreSSL code that uses opaque + structures. Closes ticket 21359. + + o Minor features (relay): + - Allow separation of exit and relay traffic to different source IP + addresses. Closes ticket 17975. Written by Michael Sonntag. + + o Minor bugfix (logging): + - Don't recommend the use of Tor2web in non anonymous mode. In that + mode, we disable client functionalities and recommending Tor2web + as a solution is a bad idea because in that case client loses all + anonymity. Tor2web should really only be used in very specific + cases and with users *knowing* what they do. Fixes bug 21294; + bugfix on 0.2.9.3-alpha. + + o Minor bugfixes (client): + - Always recover from failures in extend_info_from_node(), in an + attempt to prevent any recurrence of bug 21242. Fixes bug 21372; + bugfix on 0.2.3.1-alpha. + + o Minor bugfixes (client, entry guards): + - Fix a bug warning (with backtrace) when we fail a channel that + circuits to fallback directories on it. Fixes bug 21128; bugfix + on 0.3.0.1-alpha. + - Fix a spurious bug warning (with backtrace) when removing an + expired entry guard. Fixes bug 21129; bugfix on 0.3.0.1-alpha. + - Fix a bug of the new guard algorithm where tor could stall for up + to 10 minutes before retrying a guard after a long period of no + network. Fixes bug 21052; bugfix on 0.3.0.1-alpha. + - Do not try to build circuits until we have descriptors for our + primary entry guards. Related to fix for bug 21242. + + o Minor bugfixes (configure, autoconf): + - Rename the configure option --enable-expensive-hardening to + --enable-fragile-hardening. TROVE-2017-001 was triggerable only + through the expensive hardening which is making the tor daemon + abort when the issue is detected. Thus, it makes tor more at risk + of remote crashes but safer against RCE or heartbleed bug + category. Fixes bug 21290; bugfix on 0.2.5.4-alpha. + + o Minor bugfixes (controller): + - Restore the (deprecated) DROPGUARDS controller command. Fixes bug + 20824; bugfix on 0.3.0.1-alpha. + + o Minor bugfixes (hidden service): + - Cleanup expiring intro point nodes if no circuit is associated to + it anymore. It was causing, rarely, the service to not open enough + introduction points circuit in the case we had dead expiring + nodes.; bugfix on 0.2.7.2-alpha. + - Stop modifying the value of our torrc option + HiddenServiceStatistics just because we're not a bridge or relay. + Use an internal value for what tor should use and keep the torrc + option intact. Fixes bug 21150; bugfix on 0.2.6.2-alpha. + - Two possible underflow which would ultimately lead to creating a + lot of introduction points circuits and closing them in a non stop + loop. Fixes bug 21302; bugfix on 0.2.7.2-alpha. + + o Minor bugfixes (portability): + - Use "OpenBSD" pre-defined compiler macro instead of "OPENBSD" or + "__OpenBSD__". It is supported by OpenBSD itself and also most + OpenBSD variants like Bitrig. Fixes bug 20980; bugfix + on 0.1.2.1-alpha. + - Do not silently truncate content of files if they are larger than + SIZE_MAX bytes. This issue could occur on 32 bit systems with + large file support and files which are larger than 4 GB. Fixes bug + 21134; bugfix on 0.3.0.1-alpha. + + o Minor bugfixes (tor-resolve): + - The tor-resolve command line tool now rejects hostnames over 255 + characters in length. Previously, it would silently truncate them, + which could lead to bugs. Fixes bug 21280; bugfix on 0.0.9pre5. + Patch by "junglefowl". + + o Minor bugfixes (Windows services): + - Be sure to initialize the monotonic time subsystem before using + it, even when running as an NT service. Fixes bug 21356; bugfix + on 0.2.9.1-alpha. + + Changes in version 0.3.0.2-alpha - 2017-01-23 Tor 0.3.0.2-alpha fixes a denial-of-service bug where an attacker could cause relays and clients to crash, even if they were not built with diff --git a/changes/21359 b/changes/21359 deleted file mode 100644 index 24113a03e6..0000000000 --- a/changes/21359 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor features (portability, compilation): - - Support building with recent LibreSSL code that uses opaque - structures. Closes ticket 21359. - - Autoconf now check to determine if OpenSSL - structures are opaque, instead of explicitly checking for - OpenSSL version numbers. - Part of ticket 21359. diff --git a/changes/bug20824 b/changes/bug20824 deleted file mode 100644 index 0cd52054ed..0000000000 --- a/changes/bug20824 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (controller): - - Restore the (deprecated) DROPGUARDS controller command. - Fixes bug 20824; bugfix on 0.3.0.1-alpha. diff --git a/changes/bug20980 b/changes/bug20980 deleted file mode 100644 index 0f8e28e77a..0000000000 --- a/changes/bug20980 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfix (OpenBSD): - - Use "OpenBSD" pre-defined compiler macro instead of "OPENBSD" or - "__OpenBSD__". It is supported by OpenBSD itself and also most OpenBSD - variants like Bitrig. Fixes bug 20980; bugfix on 0.1.2.1-alpha. diff --git a/changes/bug21052 b/changes/bug21052 deleted file mode 100644 index 0597b3b306..0000000000 --- a/changes/bug21052 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (client, guards): - - Fix a bug of the new guard algorithm where tor could stall for up to 10 - minutes before retrying a guard after a long period of no network. - Fixes bug 21052; bugfix on 0.3.0.1-alpha. diff --git a/changes/bug21107 b/changes/bug21107 deleted file mode 100644 index e9e4e788cb..0000000000 --- a/changes/bug21107 +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfixes (directory authority): - - When deciding whether we have just found a router to be reachable, - do not penalize it for not having performed an Ed25519 link handshake - if it does not claim to support an Ed25519 handshake. Previously, - we would treat such relays as non-running. - Fixes bug 21107; bugfix on 0.2.3.1-alpha. diff --git a/changes/bug21108_029 b/changes/bug21108_029 deleted file mode 100644 index 3a3f004fc6..0000000000 --- a/changes/bug21108_029 +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfixes (directory authority): - - During voting, when marking a node as a probable sybil, do not - clear its BadExit flag: sybils can still be bad in other ways - too. (We still clear the other flags.) Fixes bug 21108; bugfix - on 0.2.0.13-alpha. - diff --git a/changes/bug21128 b/changes/bug21128 deleted file mode 100644 index 972d2a2818..0000000000 --- a/changes/bug21128 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (client, entry guards): - - Fix a bug warning (with backtrace) when we fail a channel - that circuits to fallback directories on it. Fixes bug 21128; - bugfix on 0.3.0.1-alpha. - diff --git a/changes/bug21129 b/changes/bug21129 deleted file mode 100644 index 5a09bb489d..0000000000 --- a/changes/bug21129 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (client, entry guards): - - Fix a spurious bug warning (with backtrace) when removing an - expired entry guard. Fixes bug 21129; bugfix on 0.3.0.1-alpha. - diff --git a/changes/bug21134 b/changes/bug21134 deleted file mode 100644 index b851718372..0000000000 --- a/changes/bug21134 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (portability): - - Do not silently truncate content of files if they are larger - than SIZE_MAX bytes. This issue could occur on 32 bit systems - with large file support and files which are larger than 4 GB. - Fixes bug 21134; bugfix on 0.3.0.1-alpha. diff --git a/changes/bug21150 b/changes/bug21150 deleted file mode 100644 index a5235d509f..0000000000 --- a/changes/bug21150 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (config, hidden service): - - Stop modifying the value of our torrc option HiddenServiceStatistics - just because we're not a bridge or relay. Use an internal value for what - tor should use and keep the torrc option intact. Fixes bug 21150; bugfix - on 0.2.6.2-alpha. diff --git a/changes/bug21242 b/changes/bug21242 deleted file mode 100644 index 0bdc203afc..0000000000 --- a/changes/bug21242 +++ /dev/null @@ -1,10 +0,0 @@ - o Major bugfixes (entry guards): - - Stop trying to build circuits through entry guards for which we - have no descriptor yet. Also, stop crashing if we *do* accidentally - try to build a circuit in such a state. Fixes bug 21242; bugfix - on 0.3.0.1-alpha. - - o Minor features (entry guards): - - Do not try to build circuits until we have descriptors for our - primary entry guards. Related to fix for bug 21242. - diff --git a/changes/bug21280 b/changes/bug21280 deleted file mode 100644 index e9f0bc174c..0000000000 --- a/changes/bug21280 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (tor-resolve): - - The tor-resolve command line tool now rejects hostnames over 255 - characters in length. Previously, it would silently truncate - them, which could lead to bugs. Fixes bug 21280; bugfix on 0.0.9pre5. - Patch by "junglefowl". diff --git a/changes/bug21290 b/changes/bug21290 deleted file mode 100644 index 6c899b8094..0000000000 --- a/changes/bug21290 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes (configure, autoconf): - - Rename the configure option --enable-expensive-hardening to - --enable-fragile-hardening. TROVE-2017-001 was triggerable only through - the expensive hardening which is making the tor daemon abort when the - issue is detected. Thus, it makes tor more at risk of remote crashes but - safer against RCE or heartbleed bug category. Fixes bug 21290; bugfix on - 0.2.5.4-alpha. diff --git a/changes/bug21294 b/changes/bug21294 deleted file mode 100644 index 32351d329c..0000000000 --- a/changes/bug21294 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfix (logging): - - Don't recommend to use Tor2web in non anonymous mode. In that mode, we - disable client functionalities and recommending Tor2web as a solution is - a bad idea because in that case client loses all anonymity. Tor2web - should really only be used in very specific cases and with users - *knowing* what they do. Fixes bug 21294; bugfix on 0.2.9.3-alpha. diff --git a/changes/bug21300 b/changes/bug21300 deleted file mode 100644 index 70cc12a93c..0000000000 --- a/changes/bug21300 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor features (controller): - - The GETCONF command can now query options that may only be meaningful - in context-sensitive lists. This allows the controller to query - the mixed SocksPort/__SocksPort style options introduced in - feature 20956. Implements ticket 21300. - diff --git a/changes/bug21302 b/changes/bug21302 deleted file mode 100644 index 309b3574a6..0000000000 --- a/changes/bug21302 +++ /dev/null @@ -1,8 +0,0 @@ - o Minor bugfixes (hidden service): - - Two possible underflow which would ultimately lead to creating a lot of - introduction points circuits and closing them in a non stop loop. Fixes - bug 21302; bugfix on 0.2.7.2-alpha. - - Cleanup expiring intro point nodes if no circuit is associated to it - anymore. It was causing, rarely, the service to not open enough - introduction points circuit in the case we had dead expiring nodes.; - bugfix on 0.2.7.2-alpha. diff --git a/changes/bug21357 b/changes/bug21357 deleted file mode 100644 index a1cb43a78a..0000000000 --- a/changes/bug21357 +++ /dev/null @@ -1,7 +0,0 @@ - o Major bugfixes (IPv6 Exits): - - Stop rejecting all IPv6 traffic on Exits whose exit policy rejects IPv6 - addresses. Instead, only reject a port over IPv6 if the exit policy - rejects that port on more than an IPv6 /16 of addresses. This bug was - made worse by 17027 in 0.2.8.1-alpha, which rejects a relay's own IPv6 - address by default. - Fixes bug 21357; bugfix on commit 004f3f4e53 in 0.2.4.7-alpha. diff --git a/changes/bug21372 b/changes/bug21372 deleted file mode 100644 index 178ae3aab1..0000000000 --- a/changes/bug21372 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (client): - - Always recover from failures in extend_info_from_node(), - in an attempt to prevent any recurrence of bug 21242. - Fixes bug 21372; bugfix on 0.2.3.1-alpha. diff --git a/changes/change_separate_exit_and_relay.txt b/changes/change_separate_exit_and_relay.txt deleted file mode 100644 index de7defcb41..0000000000 --- a/changes/change_separate_exit_and_relay.txt +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (relay): - - Allow separation of exit and relay traffic to different source IP - addresses. Closes ticket 17975. Written by Michael Sonntag. diff --git a/changes/ciphers.inc b/changes/ciphers.inc deleted file mode 100644 index a8b5fd655f..0000000000 --- a/changes/ciphers.inc +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features (ciphersuite selection): - - Clients now advertise a list of ciphersuites closer to the ones - preferred by Firefox. Closes ticket 15426. - - diff --git a/changes/feature20956 b/changes/feature20956 deleted file mode 100644 index 1ebddb1662..0000000000 --- a/changes/feature20956 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor features (configuration, controller): - - Each of the *Port options, such as SocksPort, ORPort, ControlPort, - and so on, now comes with a __*Port variant that will not be - saved to the torrc file by the controller's SAVECONF command. - This change allows TorBrowser to set up a single-use domain socket - for each time it launches Tor. Closes ticket 20956. diff --git a/changes/feature21269 b/changes/feature21269 deleted file mode 100644 index 4ddbd128af..0000000000 --- a/changes/feature21269 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor feature (client): - - Enable IPv6 traffic by default on the SocksPort. To disable this, a user - will have to specify "NoIPv6Traffic". Closes ticket 21269. diff --git a/changes/server_cipher b/changes/server_cipher deleted file mode 100644 index b80c88a9cd..0000000000 --- a/changes/server_cipher +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (ciphersuite choices): - - Allow servers to accept a wider range of ciphersuites, including - chacha20-poly1305 and AES-CCM. Closes the other part of 15426. diff --git a/changes/ticket20174 b/changes/ticket20174 deleted file mode 100644 index b727fc137f..0000000000 --- a/changes/ticket20174 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor feature (fallback scripts): - - Add a check_existing mode to updateFallbackDirs.py, which checks if - fallbacks in the hard-coded list are working. Closes ticket 20174. - Patch by haxxpop. diff --git a/changes/ticket21356 b/changes/ticket21356 deleted file mode 100644 index 394238ba7d..0000000000 --- a/changes/ticket21356 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (Windows services): - - Be sure to initialize the monotonic time subsystem before using it, - even when running as an NT service. - Fixes bug 21356; bugfix on 0.2.9.1-alpha. -- cgit v1.2.3-54-g00ecf