Commit 0b889e70 authored by Nick Mathewson's avatar Nick Mathewson 🦀
Browse files

forward-port the changelog for

parent 285dbeef
Changes in version - 2020-06-16
This is the first alpha release in the 0.4.4.x series. It improves
our guard selection algorithms, improves the amount of code that
can be disabled when running without relay support, and includes numerous
small bugfixes and enhancements. It also lays the ground for some IPv6
features that we'll be developing more in the next (0.4.5) series.
Here are the changes since
o Major features (Proposal 310, performance + security):
- Implements Proposal 310, "Bandaid on guard selection". Proposal
310 solves load-balancing issues with older versions of the guard
selection algorithm, and improves its security. Under this new
algorithm, a newly selected guard never becomes Primary unless all
previously sampled guards are unreachable. Implements
recommendation from 32088. (Proposal 310 is linked to the CLAPS
project researching optimal client location-aware path selections.
This project is a collaboration between the UCLouvain Crypto Group,
the U.S. Naval Research Laboratory, and Princeton University.)
o Major features (IPv6, relay):
- Consider IPv6-only EXTEND2 cells valid on relays. Log a protocol
warning if the IPv4 or IPv6 address is an internal address, and
internal addresses are not allowed. But continue to use the other
address, if it is valid. Closes ticket 33817.
- If a relay can extend over IPv4 and IPv6, and both addresses are
provided, it chooses between them uniformly at random. Closes
ticket 33817.
- Re-use existing IPv6 connections for circuit extends. Closes
ticket 33817.
- Relays may extend circuits over IPv6, if the relay has an IPv6
ORPort, and the client supplies the other relay's IPv6 ORPort in
the EXTEND2 cell. IPv6 extends will be used by the relay IPv6
ORPort self-tests in 33222. Closes ticket 33817.
o Major features (v3 onion services):
- Allow v3 onion services to act as OnionBalance backend instances,
by using the HiddenServiceOnionBalanceInstance torrc option.
Closes ticket 32709.
o Minor feature (developer tools):
- Add a script to help check the alphabetical ordering of option
names in the manual page. Closes ticket 33339.
o Minor feature (onion service client, SOCKS5):
- Add 3 new SocksPort ExtendedErrors (F2, F3, F7) that reports back
new type of onion service connection failures. The semantics of
these error codes are documented in proposal 309. Closes
ticket 32542.
o Minor feature (onion service v3):
- If a service cannot upload its descriptor(s), log why at INFO
level. Closes ticket 33400; bugfix on
o Minor feature (python scripts):
- Stop assuming that /usr/bin/python exists. Instead of using a
hardcoded path in scripts that still use Python 2, use
/usr/bin/env, similarly to the scripts that use Python 3. Fixes
bug 33192; bugfix on 0.4.2.
o Minor features (client-only compilation):
- Disable more code related to the ext_orport protocol when
compiling without support for relay mode. Closes ticket 33368.
- Disable more of our self-testing code when support for relay mode
is disabled. Closes ticket 33370.
o Minor features (code safety):
- Check for failures of tor_inet_ntop() and tor_inet_ntoa()
functions in DNS and IP address processing code, and adjust
codepaths to make them less likely to crash entire Tor instances.
Resolves issue 33788.
o Minor features (compilation size):
- Most server-side DNS code is now disabled when building without
support for relay mode. Closes ticket 33366.
o Minor features (continuous integration):
- Run unit-test and integration test (Stem, Chutney) jobs with
ALL_BUGS_ARE_FATAL macro being enabled on Travis and Appveyor.
Resolves ticket 32143.
o Minor features (control port):
- Return a descriptive error message from the 'GETINFO status/fresh-
relay-descs' command on the control port. Previously, we returned
a generic error of "Error generating descriptor". Closes ticket
32873. Patch by Neel Chauhan.
o Minor features (developer tooling):
- Refrain from listing all .a files that are generated by the Tor
build in .gitignore. Add a single wildcard *.a entry that covers
all of them for present and future. Closes ticket 33642.
- Add a script ("") to install git hooks and
helper scripts. Closes ticket 33451.
o Minor features (directory authority, shared random):
- Refactor more authority-only parts of the shared-random scheduling
code to reside in the dirauth module, and to be disabled when
compiling with --disable-module-dirauth. Closes ticket 33436.
o Minor features (directory):
- Remember the number of bytes we have downloaded for each directory
purpose while bootstrapping, and while fully bootstrapped. Log
this information as part of the heartbeat message. Closes
ticket 32720.
o Minor features (IPv6 support):
- Adds IPv6 support to tor_addr_is_valid(). Adds tests for the above
changes and tor_addr_is_null(). Closes ticket 33679. Patch
by MrSquanchee.
- Allow clients and relays to send dual-stack and IPv6-only EXTEND2
cells. Parse dual-stack and IPv6-only EXTEND2 cells on relays.
Closes ticket 33901.
o Minor features (logging):
- When trying to find our own address, add debug-level logging to
report the sources of candidate addresses. Closes ticket 32888.
o Minor features (testing, architecture):
- Our test scripts now double-check that subsystem initialization
order is consistent with the inter-module dependencies established
by our .may_include files. Implements ticket 31634.
- Initialize all subsystems at the beginning of our unit test
harness, to avoid crashes due to uninitialized subsystems. Follow-
up from ticket 33316.
o Minor features (v3 onion services):
- Add v3 onion service status to the dumpstats() call which is
triggered by a SIGUSR1 signal. Previously, we only did v2 onion
services. Closes ticket 24844. Patch by Neel Chauhan.
o Minor features (windows):
- Add support for console control signals like Ctrl+C in Windows.
Closes ticket 34211. Patch from Damon Harris (TheDcoder).
o Minor bugfix (onion service v3):
- Prevent an assert() that would occur when cleaning the client
descriptor cache, and attempting to close circuits for a non-
decrypted descriptor (lacking client authorization). Fixes bug
33458; bugfix on
o Minor bugfix (refactoring):
- Lift circuit_build_times_disabled() out of the
circuit_expire_building() loop, to save CPU time when there are
many circuits open. Fixes bug 33977; bugfix on
o Minor bugfixes (client performance):
- Resume use of preemptively-built circuits when UseEntryGuards is set
to 0. We accidentally disabled this feature with that config
setting, leading to slower load times. Fixes bug 34303; bugfix
o Minor bugfixes (directory authorities):
- Directory authorities now reject votes that arrive too late. In
particular, once an authority has started fetching missing votes,
it no longer accepts new votes posted by other authorities. This
change helps prevent a consensus split, where only some authorities
have the late vote. Fixes bug 4631; bugfix on
o Minor bugfixes (git scripts):
- Stop executing the checked-out pre-commit hook from the pre-push
hook. Instead, execute the copy in the user's git directory. Fixes
bug 33284; bugfix on
o Minor bugfixes (initialization):
- Initialize the subsystems in our code in an order more closely
corresponding to their dependencies, so that every system is
initialized before the ones that (theoretically) depend on it.
Fixes bug 33316; bugfix on
o Minor bugfixes (IPv4, relay):
- Check for invalid zero IPv4 addresses and ports when sending and
receiving extend cells. Fixes bug 33900; bugfix on
o Minor bugfixes (IPv6, relay):
- Consider IPv6 addresses when checking if a connection is
canonical. In 17604, relays assumed that a remote relay could
consider an IPv6 connection canonical, but did not set the
canonical flag on their side of the connection. Fixes bug 33899;
bugfix on
- Log IPv6 addresses on connections where this relay is the
responder. Previously, responding relays would replace the remote
IPv6 address with the IPv4 address from the consensus. Fixes bug
33899; bugfix on
o Minor bugfixes (linux seccomp sandbox nss):
- Fix a startup crash when tor is compiled with --enable-nss and
sandbox support is enabled. Fixes bug 34130; bugfix on Patch by Daniel Pinto.
o Minor bugfixes (logging, testing):
- Make all of tor's assertion macros support the ALL_BUGS_ARE_FATAL
used to log a non-fatal warning, regardless of the debugging
mode.) Fixes bug 33917; bugfix on
o Minor bugfixes (logs):
- Remove surprising empty line in the INFO-level log about circuit
build timeout. Fixes bug 33531; bugfix on
o Minor bugfixes (mainloop):
- Better guard against growing a buffer past its maximum 2GB in
size. Fixes bug 33131; bugfix on
o Minor bugfixes (manual page):
- Update the man page to reflect that MinUptimeHidServDirectoryV2
defaults to 96 hours. Fixes bug 34299; bugfix on
o Minor bugfixes (onion service v3, client):
- Remove a BUG() that was causing a stacktrace when a descriptor
changed at an unexpected time. Fixes bug 28992; bugfix
o Minor bugfixes (onion service, logging):
- Fix a typo in a log message PublishHidServDescriptors is set to 0.
Fixes bug 33779; bugfix on
o Minor bugfixes (portability):
- Fix a portability error in the configure script, where we were
using "==" instead of "=". Fixes bug 34233; bugfix on
o Minor bugfixes (protocol versions):
- Sort tor's supported protocol version lists, as recommended by the
tor directory specification. Fixes bug 33285; bugfix
o Minor bugfixes (relays):
- Stop advertising incorrect IPv6 ORPorts in relay and bridge
descriptors, when the IPv6 port was configured as "auto". Fixes
bug 32588; bugfix on
o Code simplification and refactoring:
- Define and use a new constant TOR_ADDRPORT_BUF_LEN which is like
TOR_ADDR_BUF_LEN but includes enough space for an IP address,
brackets, separating colon, and port number. Closes ticket 33956.
Patch by Neel Chauhan.
- Merge the orconn and ocirc events into the "core" subsystem, which
manages or connections and origin circuits. Previously they were
isolated in subsystems of their own.
- Move LOG_PROTOCOL_WARN to app/config. Resolves a dependency
inversion. Closes ticket 33633.
- Move the circuit extend code to the relay module. Split the
circuit extend function into smaller functions. Closes
ticket 33633.
- Rewrite port_parse_config() to use the default port flags from
port_cfg_new(). Closes ticket 32994. Patch by MrSquanchee.
- Updated comments in 'scheduler.c' to reflect old code changes, and
simplified the scheduler channel state change code. Closes
ticket 33349.
o Documentation:
- Document the limitations of using %include on config files with
seccomp sandbox enabled. Fixes documentation bug 34133; bugfix on Patch by Daniel Pinto.
- Fix several doxygen warnings related to imbalanced groups. Closes
ticket 34255.
o Removed features:
- Remove the ClientAutoIPv6ORPort option. This option attempted to
randomly choose between IPv4 and IPv6 for client connections, and
wasn't a true implementation of Happy Eyeballs. Often, this option
failed on IPv4-only or IPv6-only connections. Closes ticket 32905.
Patch by Neel Chauhan.
- Stop shipping contrib/dist/rc.subr file, as it is not being used
on FreeBSD anymore. Closes issue 31576.
o Testing:
- Add a basic IPv6 test to "make test-network". This test only runs
when the local machine has an IPv6 stack. Closes ticket 33300.
- Add test-network-ipv4 and test-network-ipv6 jobs to the Makefile.
These jobs run the IPv4-only and dual-stack chutney flavours from
test-network-all. Closes ticket 33280.
- Remove a redundant distcheck job. Closes ticket 33194.
- Run the test-network-ipv6 Makefile target in the Travis CI IPv6
chutney job. This job runs on macOS, so it's a bit slow. Closes
ticket 33303.
- Sort the Travis jobs in order of speed. Putting the slowest jobs
first takes full advantage of Travis job concurrency. Closes
ticket 33194.
- Stop allowing the Chutney IPv6 Travis job to fail. This job was
previously configured to fast_finish (which requires
allow_failure), to speed up the build. Closes ticket 33195.
- Test v3 onion services to tor's mixed IPv4 chutney network. And
add a mixed IPv6 chutney network. These networks are used in the
test-network-all, test-network-ipv4, and test-network-ipv6 make
targets. Closes ticket 33334.
- Use the "bridges+hs-v23" chutney network flavour in "make test-
network". This test requires a recent version of chutney (mid-
February 2020). Closes ticket 28208.
- When a Travis chutney job fails, use chutney's new ""
tool to produce detailed diagnostic output. Closes ticket 32792.
o Code simplification and refactoring (onion service):
- Refactor configuration parsing to use the new config subsystem
code. Closes ticket 33014.
o Code simplification and refactoring (relay address):
- Move a series of functions related to address resolving into their
own files. Closes ticket 33789.
o Documentation (manual page):
- Add cross reference links and a table of contents to the HTML tor
manual page. Closes ticket 33369. Work by Swati Thacker as part of
Google Season of Docs.
- Alphabetize the Denial of Service Mitigation Options, Directory
Authority Server Options, Hidden Service Options, and Testing
Network Options sections of the tor(1) manual page. Closes ticket
33275. Work by Swati Thacker as part of Google Season of Docs.
- Refrain from mentioning nicknames in manpage section for MyFamily
torrc option. Resolves issue 33417.
- Updated the options set by TestingTorNetwork in the manual page.
Closes ticket 33778.
Changes in version - 2020-05-15
Tor is the first stable release in the 0.4.3.x series. This
series adds support for building without relay code enabled, and
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment