The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2021-07-22T16:22:40Zhttps://gitlab.torproject.org/tpo/core/tor/-/issues/22951NETINFO cells are mandatory, but tor-spec says "may"2021-07-22T16:22:40ZteorNETINFO cells are mandatory, but tor-spec says "may"In this context, "may" is ambiguous: NETINFO is actually a mandatory requirement:
```
cell (4.5). As soon as it gets the CERTS cell, the initiator knows
whether the responder is correctly authenticated. At this point the
- initi...In this context, "may" is ambiguous: NETINFO is actually a mandatory requirement:
```
cell (4.5). As soon as it gets the CERTS cell, the initiator knows
whether the responder is correctly authenticated. At this point the
- initiator may send a NETINFO cell if it does not wish to
+ initiator MUST send a NETINFO cell if it does not wish to
authenticate, or a CERTS cell, an AUTHENTICATE cell (4.4), and a NETINFO
cell if it does. When this handshake is in use, the first cell must
be VERSIONS, VPADDING or AUTHORIZE, and no other cell type is allowed to
intervene besides those specified, except for PADDING and VPADDING cells.
```
https://gitweb.torproject.org/torspec.git/tree/tor-spec.txt#n482Tor: 0.3.2.x-finalhttps://gitlab.torproject.org/tpo/core/tor/-/issues/22962Clarify the security severity of issues that make denial of service easier2021-07-22T16:22:40ZteorClarify the security severity of issues that make denial of service easierhttps://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/SecurityPolicy
In legacy/trac#22948, we discovered that the relay integrity digest was easier to guess than it should be. This makes the following classes of attacks ea...https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/SecurityPolicy
In legacy/trac#22948, we discovered that the relay integrity digest was easier to guess than it should be. This makes the following classes of attacks easier:
* sending bandwidth and guessing the integrity digest, and
* modifying cells and manipulating the integrity digest.Tor: unspecifiedhttps://gitlab.torproject.org/tpo/core/tor/-/issues/22995prop224 should say we use SHA3-256 for rend circuit digests2021-07-22T16:22:40Zteorprop224 should say we use SHA3-256 for rend circuit digestsIn prop224, the rend section says:
```
A successfully completed handshake, as embedded in the
INTRODUCE/RENDEZVOUS cells, gives the client and hidden service host
a shared set of keys Kf, Kb, Df, Db, which they use for sending
...In prop224, the rend section says:
```
A successfully completed handshake, as embedded in the
INTRODUCE/RENDEZVOUS cells, gives the client and hidden service host
a shared set of keys Kf, Kb, Df, Db, which they use for sending
end-to-end traffic encryption and authentication as in the regular
Tor relay encryption protocol, applying encryption with these keys
before other encryption, and decrypting with these keys before other
decryption. The client encrypts with Kf and decrypts with Kb; the
service host does the opposite.
```
https://gitweb.torproject.org/torspec.git/tree/proposals/224-rend-spec-ng.txt#n1890
But that's not what the code does: circuit_init_cpath_crypto() uses SHA3-256 rather than SHA1 when `is_hs_v3` is true.Tor: 0.3.2.x-finalGeorge KadianakisGeorge Kadianakishttps://gitlab.torproject.org/tpo/core/tor/-/issues/22996The router protocol versions section in dir-spec is out of date2021-09-16T14:32:00ZteorThe router protocol versions section in dir-spec is out of dateI doubt clients do this: they only download the consensus, not votes:
```
A client should believe that a router supports a given feature if that
feature is supported by the router or protocol versions in more than half
of the live ...I doubt clients do this: they only download the consensus, not votes:
```
A client should believe that a router supports a given feature if that
feature is supported by the router or protocol versions in more than half
of the live networkstatuses' "v" entries for that router.
```
https://gitweb.torproject.org/torspec.git/tree/dir-spec.txt#n3493Tor: 0.3.2.x-finalNick MathewsonNick Mathewsonhttps://gitlab.torproject.org/tpo/core/tor/-/issues/23009Make it clear that RELAY_SENDME cells don't have a payload2021-07-22T16:22:26ZteorMake it clear that RELAY_SENDME cells don't have a payloadtor-spec taslks about SENDME cells, but doesn't say if they have a payload or not. We should probably make this explicit:
https://gitweb.torproject.org/torspec.git/tree/tor-spec.txt#n1560tor-spec taslks about SENDME cells, but doesn't say if they have a payload or not. We should probably make this explicit:
https://gitweb.torproject.org/torspec.git/tree/tor-spec.txt#n1560Tor: 0.3.2.x-finalhttps://gitlab.torproject.org/tpo/core/tor/-/issues/23340There is no HSDir3 flag, but prop224 says there should be2021-07-22T16:22:26ZteorThere is no HSDir3 flag, but prop224 says there should beI think we need to update this part of the proposal to say that a v3 HSDir has:
* the HSDir flag, and
* HSDir protocol version 2, and
* a tor version >= 0.3.0.8.
https://gitweb.torproject.org/torspec.git/tree/proposals/224-rend-spec-ng....I think we need to update this part of the proposal to say that a v3 HSDir has:
* the HSDir flag, and
* HSDir protocol version 2, and
* a tor version >= 0.3.0.8.
https://gitweb.torproject.org/torspec.git/tree/proposals/224-rend-spec-ng.txt#n635Tor: 0.3.2.x-finalhttps://gitlab.torproject.org/tpo/core/tor/-/issues/23368Add design and coding guidelines for using floating point2021-07-22T16:22:26ZteorAdd design and coding guidelines for using floating pointWe should add these to a document in doc/HACKING:
1. Don't use floats.
2. If you must use floats, document how the limits of floating point precision and calculation accuracy affect function outputs.
3. Remember that different environme...We should add these to a document in doc/HACKING:
1. Don't use floats.
2. If you must use floats, document how the limits of floating point precision and calculation accuracy affect function outputs.
3. Remember that different environments can get different results from the same floating point calculations. So you can't use floats in anything that needs to be deterministic, like consensus generation.Tor: 0.3.2.x-finalTaylor YuTaylor Yuhttps://gitlab.torproject.org/tpo/core/tor/-/issues/23427Add new Ubuntu packager to ReleasingTor.md2021-07-22T16:22:26ZDavid Gouletdgoulet@torproject.orgAdd new Ubuntu packager to ReleasingTor.mdAn Ubuntu packager has been found and is super willing to continue his great work already.
Here is some of the ongoing work to get Xenial (16.04 LTS) to migrate to 029.
https://bugs.launchpad.net/ubuntu/+source/tor/+bug/1710753
That b...An Ubuntu packager has been found and is super willing to continue his great work already.
Here is some of the ongoing work to get Xenial (16.04 LTS) to migrate to 029.
https://bugs.launchpad.net/ubuntu/+source/tor/+bug/1710753
That being said, we should add him to the `ReleasingTor.md` so he gets notified when a new tarball is released.Tor: 0.3.2.x-finalDavid Gouletdgoulet@torproject.orgDavid Gouletdgoulet@torproject.orghttps://gitlab.torproject.org/tpo/core/tor/-/issues/23515remove inappropriate paragraph in GettingStarted.md2021-07-22T16:22:26ZTracremove inappropriate paragraph in GettingStarted.mddoc/HACKING/GettingStarted.md says "you might like reading doc/HACKING", which is reader obviously is already doing :)
Let' remove the paragraph containing this line as it adds no information at all.
**Trac**:
**Username**: mergedoc/HACKING/GettingStarted.md says "you might like reading doc/HACKING", which is reader obviously is already doing :)
Let' remove the paragraph containing this line as it adds no information at all.
**Trac**:
**Username**: mergeTor: 0.3.2.x-finalhttps://gitlab.torproject.org/tpo/core/tor/-/issues/23528Explain the restrictions on divisor in round*_to_next_multiple_of2021-07-22T16:22:26ZteorExplain the restrictions on divisor in round*_to_next_multiple_ofThis is a comment-only branch.This is a comment-only branch.Tor: 0.3.2.x-finalhttps://gitlab.torproject.org/tpo/core/tor/-/issues/23553Add FreeBSD ports maintainer to ReleasingTor.md2021-07-22T16:22:26ZcypherpunksAdd FreeBSD ports maintainer to ReleasingTor.mdI forwarded teor's offer to the FreeBSD tor ports maintainer:
```
The tor project emails package/ports maintainers directly including info
for upcoming tor releases containing security fixes:
http://lists.nycbug.org/pipermail/tor-bsd/2...I forwarded teor's offer to the FreeBSD tor ports maintainer:
```
The tor project emails package/ports maintainers directly including info
for upcoming tor releases containing security fixes:
http://lists.nycbug.org/pipermail/tor-bsd/2016-October/000462.html
Would you want to get these notifications?
What email address would you like to use for that?
https://gitweb.torproject.org/tor.git/tree/doc/HACKING/ReleasingTor.md#n143
btw:
likely on 2017-09-18 there will be a release fixing a medium rated
weakness in tor this will affect security/tor and security/tor-devel
https://trac.torproject.org/projects/tor/wiki/TROVE
thanks for keeping th tor ports updated!
nusenu
```
```
On 09/17/17 14:47, nusenu wrote:
> Would you want to get these notifications?
>
> What email address would you like to use for that?
Hi Nusenu,
Yes, please. This e-mail is fine.
Thank you!
Yuri
```
patch:
```
@@ -153,6 +153,7 @@
- {mike} at tig dot as
- {tails-rm} at boum dot org
- {simon} at sdeziel.info
+ - {yuri} at rawbw.com
4. Add the version number to Trac. To do this, go to Trac, log in,
select "Admin" near the top of the screen, then select "Versions" from
```Tor: 0.3.2.x-finalNick MathewsonNick Mathewsonhttps://gitlab.torproject.org/tpo/core/tor/-/issues/23562keep changes files on master release-ready2021-07-22T16:22:26ZTaylor Yukeep changes files on master release-readyRecently, running `make check-changes` produced dozens of errors on master. We should make sure master is `check-changes` clean so we can run `make check-changes` in our CI automation (and start doing so).Recently, running `make check-changes` produced dozens of errors on master. We should make sure master is `check-changes` clean so we can run `make check-changes` in our CI automation (and start doing so).Tor: 0.3.2.x-finalhttps://gitlab.torproject.org/tpo/core/tor/-/issues/23563document changes files release-readiness requirement in doc/HACKING2021-07-22T16:22:26ZTaylor Yudocument changes files release-readiness requirement in doc/HACKINGTor: 0.3.2.x-finalNick MathewsonNick Mathewsonhttps://gitlab.torproject.org/tpo/core/tor/-/issues/23564run make check-changes in CI2021-07-22T16:22:26ZTaylor Yurun make check-changes in CIWe should run `make check-changes` in our CI automation (Travis, oniongit, etc.) so we can make sure our changes files are release-ready at or before merge time.We should run `make check-changes` in our CI automation (Travis, oniongit, etc.) so we can make sure our changes files are release-ready at or before merge time.Tor: 0.3.2.x-finalNick MathewsonNick Mathewsonhttps://gitlab.torproject.org/tpo/community/support/-/issues/23565document signs of client clock skew to ease troubleshooting2022-03-01T18:22:08ZTaylor Yudocument signs of client clock skew to ease troubleshootingTicket legacy/trac#23508 describes some ways that clock skews during client bootstrapping can often cause stalls without any useful user feedback. Document some signs of this behavior (e.g., specific message patterns in log files, Tor L...Ticket legacy/trac#23508 describes some ways that clock skews during client bootstrapping can often cause stalls without any useful user feedback. Document some signs of this behavior (e.g., specific message patterns in log files, Tor Launcher messages when stalled) so we can better help users who aren't running a modern enough release to mitigate these issues.Tor: unspecifiedhttps://gitlab.torproject.org/tpo/core/tor/-/issues/23572Clarify what the client timestamp actually does2021-07-22T16:22:26ZteorClarify what the client timestamp actually doesAnd other wording/formatting fixes.
This is misleading, so I'm putting it in 0.3.2.
Please merge my branch minor-comments.And other wording/formatting fixes.
This is misleading, so I'm putting it in 0.3.2.
Please merge my branch minor-comments.Tor: 0.3.2.x-finalteorteorhttps://gitlab.torproject.org/tpo/core/tor/-/issues/23580doc: HiddenServiceVersion man page entry only lists version 2 as supported2021-07-22T16:22:26ZDavid Gouletdgoulet@torproject.orgdoc: HiddenServiceVersion man page entry only lists version 2 as supportedWith hs v3 merged in 032, this isn't true anymore.With hs v3 merged in 032, this isn't true anymore.Tor: 0.3.2.x-finalDavid Gouletdgoulet@torproject.orgDavid Gouletdgoulet@torproject.orghttps://gitlab.torproject.org/tpo/core/tor/-/issues/23611misspelled reference "UseEntryGuardsAsDirectoryGuards" to obsolete config par...2021-07-22T16:22:26ZTaylor Yumisspelled reference "UseEntryGuardsAsDirectoryGuards" to obsolete config parameter in manual pageThe manual page says
```
[[NumDirectoryGuards]] **NumDirectoryGuards** __NUM__::
If UseEntryGuardsAsDirectoryGuards is enabled, we try to make sure we have
at least NUM routers to use as directory guards. If this option is set to...The manual page says
```
[[NumDirectoryGuards]] **NumDirectoryGuards** __NUM__::
If UseEntryGuardsAsDirectoryGuards is enabled, we try to make sure we have
at least NUM routers to use as directory guards. If this option is set to
0, use the value from the guard-n-primary-dir-guards-to-use consensus
parameter, and default to 3 if the consensus parameter isn't set.
(Default: 0)
```
The (obsolete) config parameter with the closest spelling is `UseEntryGuardsAsDirGuards` at least according to `config.c`. The correct fix is probably to delete the conditional at the beginning of that sentence.Tor: 0.3.2.x-finalTaylor YuTaylor Yuhttps://gitlab.torproject.org/tpo/core/tor/-/issues/23635improve AccountingStart manual entry2021-07-22T16:22:26Zcypherpunksimprove AccountingStart manual entrybackground:
relay operator question:
https://lists.torproject.org/pipermail/tor-relays/2017-September/013068.html
Teor eplained it very well here, this should go into the manual page.
https://lists.torproject.org/pipermail/tor-relays/20...background:
relay operator question:
https://lists.torproject.org/pipermail/tor-relays/2017-September/013068.html
Teor eplained it very well here, this should go into the manual page.
https://lists.torproject.org/pipermail/tor-relays/2015-May/006956.htmlTor: 0.3.3.x-finalhttps://gitlab.torproject.org/tpo/core/tor/-/issues/23678Tor kinda _is_ an http proxy now...2021-07-22T16:22:26ZNick MathewsonTor kinda _is_ an http proxy now...When we added HTTPTunnelPort, the answer that we give when you try to use your SOCKSPort as an HTTP proxy became wrong. We should fix it and explain that, Tor sorta _is_ an HTTP proxy... but this port isn't.When we added HTTPTunnelPort, the answer that we give when you try to use your SOCKSPort as an HTTP proxy became wrong. We should fix it and explain that, Tor sorta _is_ an HTTP proxy... but this port isn't.Tor: 0.3.2.x-finalNick MathewsonNick Mathewson