Skip to content
Snippets Groups Projects
ChangeLog 763 KiB
Newer Older
Changes in version 0.2.4.10-alpha - 2013-02-04
  Tor 0.2.4.10-alpha adds defenses at the directory authority level from
  certain attacks that flood the network with relays; changes the queue
  for circuit create requests from a sized-based limit to a time-based
  limit; resumes building with MSVC on Windows; and fixes a wide variety
  of other issues.

  o Major bugfixes (directory authority):
    - When computing directory thresholds, ignore any rejected-as-sybil
      nodes during the computation so that they can't influence Fast,
      Guard, etc. (We shoud have done this for proposal 109.) Fixes
      bug 8146.
    - When marking a node as a likely sybil, reset its uptime metrics
      to zero, so that it cannot time towards getting marked as Guard,
      Stable, or HSDir. (We shoud have done this for proposal 109.) Fixes
      bug 8147.

  o Major bugfixes:
    - When a TLS write is partially successful but incomplete, remember
      that the flushed part has been flushed, and notice that bytes were
      actually written. Reported and fixed pseudonymously. Fixes bug
      7708; bugfix on Tor 0.1.0.5-rc.
    - Reject bogus create and relay cells with 0 circuit ID or 0 stream
      ID: these could be used to create unexpected streams and circuits
      which would count as "present" to some parts of Tor but "absent"
      to others, leading to zombie circuits and streams or to a bandwidth
      denial-of-service. Fixes bug 7889; bugfix on every released version
      of Tor. Reported by "oftc_must_be_destroyed".
    - Rename all macros in our local copy of queue.h to begin with "TOR_".
      This change seems the only good way to permanently prevent conflicts
      with queue.h on various operating systems. Fixes bug 8107; bugfix
      on 0.2.4.6-alpha.

  o Major features (relay):
    - Instead of limiting the number of queued onionskins (aka circuit
      create requests) to a fixed, hard-to-configure number, we limit
      the size of the queue based on how many we expect to be able to
      process in a given amount of time. We estimate the time it will
      take to process an onionskin based on average processing time
      of previous onionskins. Closes ticket 7291. You'll never have to
      configure MaxOnionsPending again.

  o Major features (portability):
    - Resume building correctly with MSVC and Makefile.nmake. This patch
      resolves numerous bugs and fixes reported by ultramage, including
      7305, 7308, 7309, 7310, 7312, 7313, 7315, 7316, and 7669.
    - Make the ntor and curve25519 code build correctly with MSVC.
      Fix on 0.2.4.8-alpha.

  o Minor features:
    - When directory authorities are computing thresholds for flags,
      never let the threshold for the Fast flag fall below 4096
      bytes. Also, do not consider nodes with extremely low bandwidths
      when deciding thresholds for various directory flags. This change
      should raise our threshold for Fast relays, possibly in turn
      improving overall network performance; see ticket 1854. Resolves
      ticket 8145.
    - The Tor client now ignores sub-domain components of a .onion
      address. This change makes HTTP "virtual" hosting
      possible: http://foo.aaaaaaaaaaaaaaaa.onion/ and
      http://bar.aaaaaaaaaaaaaaaa.onion/ can be two different websites
      hosted on the same hidden service. Implements proposal 204.
    - We compute the overhead from passing onionskins back and forth to
      cpuworkers, and report it when dumping statistics in response to
      SIGUSR1. Supports ticket 7291.

  o Minor features (path selection):
    - When deciding whether we have enough descriptors to build circuits,
      instead of looking at raw relay counts, look at which fraction
      of (bandwidth-weighted) paths we're able to build. This approach
      keeps clients from building circuits if their paths are likely to
      stand out statistically. The default fraction of paths needed is
      taken from the consensus directory; you can override it with the
      new PathsNeededToBuildCircuits option. Fixes ticket 5956.
    - When any country code is listed in ExcludeNodes or ExcludeExitNodes,
      and we have GeoIP information, also exclude all nodes with unknown
      countries "??" and "A1". This behavior is controlled by the
      new GeoIPExcludeUnknown option: you can make such nodes always
      excluded with "GeoIPExcludeUnknown 1", and disable the feature
      with "GeoIPExcludeUnknown 0". Setting "GeoIPExcludeUnknown auto"
      gets you the default behavior. Implements feature 7706.
    - Path Use Bias: Perform separate accounting for successful circuit
      use. Keep separate statistics on stream attempt rates versus stream
      success rates for each guard. Provide configurable thresholds to
      determine when to emit log messages or disable use of guards that
      fail too many stream attempts. Resolves ticket 7802.

  o Minor features (log messages):
    - When learning a fingerprint for a bridge, log its corresponding
      transport type. Implements ticket 7896.
    - Improve the log message when "Bug/attack: unexpected sendme cell
      from client" occurs, to help us track bug 8093.

  o Minor bugfixes:
    - Remove a couple of extraneous semicolons that were upsetting the
      cparser library. Patch by Christian Grothoff. Fixes bug 7115;
      bugfix on 0.2.2.1-alpha.
    - Remove a source of rounding error during path bias count scaling;
      don't count cannibalized circuits as used for path bias until we
      actually try to use them; and fix a circuit_package_relay_cell()
      warning message about n_chan==NULL. Fixes bug 7802.
    - Detect nacl when its headers are in a nacl/ subdirectory. Also,
      actually link against nacl when we're configured to use it. Fixes
      bug 7972; bugfix on 0.2.4.8-alpha.
    - Compile correctly with the --disable-curve25519 option. Fixes
      bug 8153; bugfix on 0.2.4.8-alpha.

  o Build improvements:
    - Do not report status verbosely from autogen.sh unless the -v flag
      is specified. Fixes issue 4664. Patch from Onizuka.
    - Replace all calls to snprintf() outside of src/ext with
      tor_snprintf(). Also remove the #define to replace snprintf with
      _snprintf on Windows; they have different semantics, and all of
      our callers should be using tor_snprintf() anyway. Fixes bug 7304.
    - Try to detect if we are ever building on a platform where
      memset(...,0,...) does not set the value of a double to 0.0. Such
      platforms are permitted by the C standard, though in practice
      they're pretty rare (since IEEE 754 is nigh-ubiquitous). We don't
      currently support them, but it's better to detect them and fail
      than to perform erroneously.

  o Removed features:
    - Stop exporting estimates of v2 and v3 directory traffic shares
      in extrainfo documents. They were unneeded and sometimes inaccurate.
      Also stop exporting any v2 directory request statistics. Resolves
      ticket 5823.
    - Drop support for detecting and warning about versions of Libevent
      before 1.3e. Nothing reasonable ships with them any longer;
      warning the user about them shouldn't be needed. Resolves ticket
      6826.

  o Code simplifications and refactoring:
    - Rename "isin" functions to "contains", for grammar. Resolves
      ticket 5285.
    - Rename Tor's logging function log() to tor_log(), to avoid conflicts
      with the natural logarithm function from the system libm. Resolves
      ticket 7599.
Changes in version 0.2.4.9-alpha - 2013-01-15
  Tor 0.2.4.9-alpha provides a quick fix to make the new ntor handshake
  work more robustly.

  o Major bugfixes:
    - Fix backward compatibility logic when receiving an embedded ntor
      handshake tunneled in a CREATE cell. This clears up the "Bug:
      couldn't format CREATED cell" warning. Fixes bug 7959; bugfix
      on 0.2.4.8-alpha.
Changes in version 0.2.4.8-alpha - 2013-01-14
  Tor 0.2.4.8-alpha introduces directory guards to reduce user enumeration
  risks, adds a new stronger and faster circuit handshake, and offers
  stronger and faster link encryption when both sides support it.

  o Major features:
    - Preliminary support for directory guards (proposal 207): when
      possible, clients now use their entry guards for non-anonymous
      directory requests. This can help prevent client enumeration. Note
      that this behavior only works when we have a usable consensus
      directory, and when options about what to download are more or less
      standard. In the future we should re-bootstrap from our guards,
      rather than re-bootstrapping from the preconfigured list of
      directory sources that ships with Tor. Resolves ticket 6526.
    - Tor relays and clients now support a better CREATE/EXTEND cell
      format, allowing the sender to specify multiple address, identity,
      and handshake types. Implements Robert Ransom's proposal 200;
      closes ticket 7199.

  o Major features (new circuit handshake):
    - Tor now supports a new circuit extension handshake designed by Ian
      Goldberg, Douglas Stebila, and Berkant Ustaoglu. Our original
      circuit extension handshake, later called "TAP", was a bit slow
      (especially on the relay side), had a fragile security proof, and
      used weaker keys than we'd now prefer. The new circuit handshake
      uses Dan Bernstein's "curve25519" elliptic-curve Diffie-Hellman
      function, making it significantly more secure than the older
      handshake, and significantly faster. Tor can use one of two built-in
      pure-C curve25519-donna implementations by Adam Langley, or it
      can link against the "nacl" library for a tuned version if present.

      The built-in version is very fast for 64-bit systems when building
      with GCC. The built-in 32-bit version is still faster than the
      old TAP protocol, but using libnacl is better on most such hosts.

      Clients don't currently use this protocol by default, since
      comparatively few clients support it so far. To try it, set
      UseNTorHandshake to 1.

      Implements proposal 216; closes ticket 7202.

  o Major features (better link encryption):
    - Relays can now enable the ECDHE TLS ciphersuites when available
      and appropriate. These ciphersuites let us negotiate forward-secure
      TLS secret keys more safely and more efficiently than with our
      previous use of Diffie-Hellman modulo a 1024-bit prime. By default,
      public relays prefer the (faster) P224 group, and bridges prefer
      the (more common) P256 group; you can override this with the
      TLSECGroup option.

      Enabling these ciphers was a little tricky, since for a long time,
      clients had been claiming to support them without actually doing
      so, in order to foil fingerprinting. But with the client-side
      implementation of proposal 198 in 0.2.3.17-beta, clients can now
      match the ciphers from recent Firefox versions *and* list the
      ciphers they actually mean, so relays can believe such clients
      when they advertise ECDHE support in their TLS ClientHello messages.

      This feature requires clients running 0.2.3.17-beta or later,
      and requires both sides to be running OpenSSL 1.0.0 or later
      with ECC support. OpenSSL 1.0.1, with the compile-time option
      "enable-ec_nistp_64_gcc_128", is highly recommended.

      Implements the relay side of proposal 198; closes ticket 7200.

  o Major bugfixes:
    - Avoid crashing when, as a relay without IPv6-exit support, a
      client insists on getting an IPv6 address or nothing. Fixes bug
      7814; bugfix on 0.2.4.7-alpha.

  o Minor features:
    - Improve circuit build timeout handling for hidden services.
      In particular: adjust build timeouts more accurately depending
      upon the number of hop-RTTs that a particular circuit type
      undergoes. Additionally, launch intro circuits in parallel
      if they timeout, and take the first one to reply as valid.
    - Work correctly on Unix systems where EAGAIN and EWOULDBLOCK are
      separate error codes; or at least, don't break for that reason.
      Fixes bug 7935. Reported by "oftc_must_be_destroyed".
    - Update to the January 2 2013 Maxmind GeoLite Country database.

  o Minor features (testing):
    - Add benchmarks for DH (1024-bit multiplicative group) and ECDH
      (P-256) Diffie-Hellman handshakes to src/or/bench.
    - Add benchmark functions to test onion handshake performance.

  o Minor features (path bias detection):
    - Alter the Path Bias log messages to be more descriptive in terms
      of reporting timeouts and other statistics.
    - Create three levels of Path Bias log messages, as opposed to just
      two. These are configurable via consensus as well as via the torrc
      options PathBiasNoticeRate, PathBiasWarnRate, PathBiasExtremeRate.
      The default values are 0.70, 0.50, and 0.30 respectively.
    - Separate the log message levels from the decision to drop guards,
      which also is available via torrc option PathBiasDropGuards.
      PathBiasDropGuards still defaults to 0 (off).
    - Deprecate PathBiasDisableRate in favor of PathBiasDropGuards
      in combination with PathBiasExtremeRate.
    - Increase the default values for PathBiasScaleThreshold and
      PathBiasCircThreshold from (200, 20) to (300, 150).
    - Add in circuit usage accounting to path bias. If we try to use a
      built circuit but fail for any reason, it counts as path bias.
      Certain classes of circuits where the adversary gets to pick your
      destination node are exempt from this accounting. Usage accounting
      can be specifically disabled via consensus parameter or torrc.
    - Convert all internal path bias state to double-precision floating
      point, to avoid roundoff error and other issues.
    - Only record path bias information for circuits that have completed
      *two* hops. Assuming end-to-end tagging is the attack vector, this
      makes us more resilient to ambient circuit failure without any
      detection capability loss.

  o Minor bugfixes (log messages):
    - Rate-limit the "No circuits are opened. Relaxed timeout for a
      circuit with channel state open..." message to once per hour to
      keep it from filling the notice logs. Mitigates bug 7799 but does
      not fix the underlying cause. Bugfix on 0.2.4.7-alpha.
    - Avoid spurious warnings when configuring multiple client ports of
      which only some are nonlocal. Previously, we had claimed that some
      were nonlocal when in fact they weren't. Fixes bug 7836; bugfix on
      0.2.3.3-alpha.

  o Code simplifications and refactoring:
    - Get rid of a couple of harmless clang warnings, where we compared
      enums to ints. These warnings are newly introduced in clang 3.2.
    - Split the onion.c file into separate modules for the onion queue
      and the different handshakes it supports.
    - Remove the marshalling/unmarshalling code for sending requests to
      cpuworkers over a socket, and instead just send structs. The
      recipient will always be the same Tor binary as the sender, so
      any encoding is overkill.


Changes in version 0.2.4.7-alpha - 2012-12-24
  Tor 0.2.4.7-alpha introduces a new approach to providing fallback
  directory mirrors for more robust bootstrapping; fixes more issues where
  clients with changing network conditions refuse to make any circuits;
  adds initial support for exiting to IPv6 addresses; resumes being able
  to update our GeoIP database, and includes the geoip6 file this time;
  turns off the client-side DNS cache by default due to privacy risks;
  and fixes a variety of other issues.

  o Major features (client resilience):
    - Add a new "FallbackDir" torrc option to use when we can't use
      a directory mirror from the consensus (either because we lack a
      consensus, or because they're all down). Currently, all authorities
      are fallbacks by default, and there are no other default fallbacks,
      but that will change. This option will allow us to give clients a
      longer list of servers to try to get a consensus from when first
      connecting to the Tor network, and thereby reduce load on the
      directory authorities. Implements proposal 206, "Preconfigured
      directory sources for bootstrapping". We also removed the old
      "FallbackNetworkstatus" option, since we never got it working well
      enough to use it. Closes bug 572.
    - If we have no circuits open, use a relaxed timeout (the
      95-percentile cutoff) until a circuit succeeds. This heuristic
      should allow Tor to succeed at building circuits even when the
      network connection drastically changes. Should help with bug 3443.

  o Major features (IPv6):
    - Tor now has (alpha) support for exiting to IPv6 addresses. To
      enable it as an exit node, make sure that you have IPv6
      connectivity, then set the IPv6Exit flag to 1. Also make sure your
      exit policy reads as you would like: the address * applies to all
      address families, whereas *4 is IPv4 address only, and *6 is IPv6
      addresses only. On the client side, you'll need to wait until the
      authorities have upgraded, wait for enough exits to support IPv6,
      apply the "IPv6Traffic" flag to a SocksPort, and use Socks5. Closes
      ticket 5547, implements proposal 117 as revised in proposal 208.

      We DO NOT recommend that clients with actual anonymity needs start
      using IPv6 over Tor yet, since not enough exits support it yet.

  o Major features (geoip database):
    - Maxmind began labelling Tor relays as being in country "A1",
      which breaks by-country node selection inside Tor. Now we use a
      script to replace "A1" ("Anonymous Proxy") entries in our geoip
      file with real country codes. This script fixes about 90% of "A1"
      entries automatically and uses manual country code assignments to
      fix the remaining 10%. See src/config/README.geoip for details.
      Fixes bug 6266. Also update to the December 5 2012 Maxmind GeoLite
      Country database, as modified above.

  o Major bugfixes (client-side DNS):
    - Turn off the client-side DNS cache by default. Updating and using
      the DNS cache is now configurable on a per-client-port
      level. SOCKSPort, DNSPort, etc lines may now contain
      {No,}Cache{IPv4,IPv6,}DNS lines to indicate that we shouldn't
      cache these types of DNS answers when we receive them from an
      exit node in response to an application request on this port, and
      {No,}UseCached{IPv4,IPv6,DNS} lines to indicate that if we have
      cached DNS answers of these types, we shouldn't use them. It's
      potentially risky to use cached DNS answers at the client, since
      doing so can indicate to one exit what answers we've gotten
      for DNS lookups in the past. With IPv6, this becomes especially
      problematic. Using cached DNS answers for requests on the same
      circuit would present less linkability risk, since all traffic
      on a circuit is already linkable, but it would also provide
      little performance benefit: the exit node caches DNS replies
      too. Implements a simplified version of Proposal 205. Implements
      ticket 7570.

  o Major bugfixes (other):
    - Alter circuit build timeout measurement to start at the point
      where we begin the CREATE/CREATE_FAST step (as opposed to circuit
      initialization). This should make our timeout measurements more
      uniform. Previously, we were sometimes including ORconn setup time
      in our circuit build time measurements. Should resolve bug 3443.
    - Fix an assertion that could trigger in hibernate_go_dormant() when
      closing an or_connection_t: call channel_mark_for_close() rather
      than connection_mark_for_close(). Fixes bug 7267. Bugfix on
      0.2.4.4-alpha.
    - Include the geoip6 IPv6 GeoIP database in the tarball. Fixes bug
      7655; bugfix on 0.2.4.6-alpha.

  o Minor features:
    - Add a new torrc option "ServerTransportListenAddr" to let bridge
      operators select the address where their pluggable transports will
      listen for connections. Resolves ticket 7013.
    - Allow an optional $ before the node identity digest in the
      controller command GETINFO ns/id/<identity>, for consistency with
      md/id/<identity> and desc/id/<identity>. Resolves ticket 7059.
    - Log packaged cell fullness as part of the heartbeat message.
      Diagnosis to try to determine the extent of bug 7743.

  o Minor features (IPv6):
    - AutomapHostsOnResolve now supports IPv6 addresses. By default, we
      prefer to hand out virtual IPv6 addresses, since there are more of
      them and we can't run out. To override this behavior and make IPv4
      addresses preferred, set NoPreferIPv6Automap on whatever SOCKSPort
      or DNSPort you're using for resolving. Implements ticket 7571.
    - AutomapHostsOnResolve responses are now randomized, to avoid
      annoying situations where Tor is restarted and applications
      connect to the wrong addresses.
    - Never try more than 1000 times to pick a new virtual address when
      AutomapHostsOnResolve is set. That's good enough so long as we
      aren't close to handing out our entire virtual address space;
      if you're getting there, it's best to switch to IPv6 virtual
      addresses anyway.

  o Minor bugfixes:
    - The ADDRMAP command can no longer generate an ill-formed error
      code on a failed MAPADDRESS. It now says "internal" rather than
      an English sentence fragment with spaces in the middle. Bugfix on
      Tor 0.2.0.19-alpha.
    - Fix log messages and comments to avoid saying "GMT" when we mean
      "UTC". Fixes bug 6113.
    - Compile on win64 using mingw64. Fixes bug 7260; patches from
      "yayooo".
    - Fix a crash when debugging unit tests on Windows: deallocate a
      shared library with FreeLibrary, not CloseHandle. Fixes bug 7306;
      bugfix on 0.2.2.17-alpha. Reported by "ultramage".

  o Renamed options:
    - The DirServer option is now DirAuthority, for consistency with
      current naming patterns. You can still use the old DirServer form.

  o Code simplification and refactoring:
    - Move the client-side address-map/virtual-address/DNS-cache code
      out of connection_edge.c into a new addressmap.c module.
    - Remove unused code for parsing v1 directories and "running routers"
      documents. Fixes bug 6887.


Changes in version 0.2.3.25 - 2012-11-19
  The Tor 0.2.3 release series is dedicated to the memory of Len "rabbi"
  Sassaman (1980-2011), a long-time cypherpunk, anonymity researcher,
  Mixmaster maintainer, Pynchon Gate co-designer, CodeCon organizer,
  programmer, and friend. Unstinting in his dedication to the cause of
  freedom, he inspired and helped many of us as we began our work on
  anonymity, and inspires us still. Please honor his memory by writing
  software to protect people's freedoms, and by helping others to do so.

  Tor 0.2.3.25, the first stable release in the 0.2.3 branch, features
  significantly reduced directory overhead (via microdescriptors),
  enormous crypto performance improvements for fast relays on new
  enough hardware, a new v3 TLS handshake protocol that can better
  resist fingerprinting, support for protocol obfuscation plugins (aka
  pluggable transports), better scalability for hidden services, IPv6
  support for bridges, performance improvements like allowing clients
  to skip the first round-trip on the circuit ("optimistic data") and
  refilling token buckets more often, a new "stream isolation" design
  to isolate different applications on different circuits, and many
  stability, security, and privacy fixes.

  o Major bugfixes:
    - Tor tries to wipe potentially sensitive data after using it, so
      that if some subsequent security failure exposes Tor's memory,
      the damage will be limited. But we had a bug where the compiler
      was eliminating these wipe operations when it decided that the
      memory was no longer visible to a (correctly running) program,
      hence defeating our attempt at defense in depth. We fix that
      by using OpenSSL's OPENSSL_cleanse() operation, which a compiler
      is unlikely to optimize away. Future versions of Tor may use
      a less ridiculously heavy approach for this. Fixes bug 7352.
      Reported in an article by Andrey Karpov.

  o Minor bugfixes:
    - Fix a harmless bug when opting against publishing a relay descriptor
      because DisableNetwork is set. Fixes bug 7464; bugfix on
      0.2.3.9-alpha.


Roger Dingledine's avatar
Roger Dingledine committed
Changes in version 0.2.4.6-alpha - 2012-11-13
  Tor 0.2.4.6-alpha fixes an assert bug that has been plaguing relays,
  makes our defense-in-depth memory wiping more reliable, and begins to
  count IPv6 addresses in bridge statistics,

  o Major bugfixes:
    - Fix an assertion failure that could occur when closing a connection
      with a spliced rendezvous circuit. Fix for bug 7212; bugfix on
      Tor 0.2.4.4-alpha.
    - Tor tries to wipe potentially sensitive data after using it, so
      that if some subsequent security failure exposes Tor's memory,
      the damage will be limited. But we had a bug where the compiler
      was eliminating these wipe operations when it decided that the
      memory was no longer visible to a (correctly running) program,
      hence defeating our attempt at defense in depth. We fix that
      by using OpenSSL's OPENSSL_cleanse() operation, which a compiler
      is unlikely to optimize away. Future versions of Tor may use
      a less ridiculously heavy approach for this. Fixes bug 7352.
      Reported in an article by Andrey Karpov.

  o Minor features:
    - Add GeoIP database for IPv6 addresses. The new config option
      is GeoIPv6File.
    - Bridge statistics now count bridge clients connecting over IPv6:
      bridge statistics files now list "bridge-ip-versions" and
      extra-info documents list "geoip6-db-digest". The control protocol
      "CLIENTS_SEEN" and "ip-to-country" queries now support IPv6. Initial
      implementation by "shkoo", addressing ticket 5055.

  o Minor bugfixes:
    - Warn when we are binding low ports when hibernation is enabled;
      previously we had warned when we were _advertising_ low ports with
      hibernation enabled. Fixes bug 7285; bugfix on 0.2.3.9-alpha.
    - Fix a harmless bug when opting against publishing a relay descriptor
      because DisableNetwork is set. Fixes bug 7464; bugfix on
      0.2.3.9-alpha.
    - Add warning message when a managed proxy dies during configuration.
      Fixes bug 7195; bugfix on 0.2.4.2-alpha.
    - Fix a linking error when building tor-fw-helper without miniupnp.
      Fixes bug 7235; bugfix on 0.2.4.2-alpha. Fix by Anthony G. Basile.
    - Check for closing an or_connection_t without going through correct
      channel functions; emit a warning and then call
      connection_or_close_for_error() so we don't assert as in bugs 7212
      and 7267.
    - Compile correctly on compilers without C99 designated initializer
      support. Fixes bug 7286; bugfix on 0.2.4.4-alpha.
    - Avoid a possible assert that can occur when channel_send_destroy() is
      called on a channel in CHANNEL_STATE_CLOSING, CHANNEL_STATE_CLOSED,
      or CHANNEL_STATE_ERROR when the Tor process is resumed after being
      blocked for a long interval. Fixes bug 7350; bugfix on 0.2.4.4-alpha.
    - Fix a memory leak on failing cases of channel_tls_process_certs_cell.
      Fixes bug 7422; bugfix on 0.2.4.4-alpha.

  o Code simplification and refactoring:
    - Start using OpenBSD's implementation of queue.h, so that we don't
      need to hand-roll our own pointer and list structures whenever we
      need them. (We can't rely on a sys/queue.h, since some operating
      systems don't have them, and the ones that do have them don't all
      present the same extensions.)


Changes in version 0.2.4.5-alpha - 2012-10-25
Roger Dingledine's avatar
Roger Dingledine committed
  Tor 0.2.4.5-alpha comes hard at the heels of 0.2.4.4-alpha, to fix
  two important security vulnerabilities that could lead to remotely
  triggerable relay crashes, fix a major bug that was preventing clients
  from choosing suitable exit nodes, and refactor some of our code.

  o Major bugfixes (security, also in 0.2.3.24-rc):
    - Fix a group of remotely triggerable assertion failures related to
      incorrect link protocol negotiation. Found, diagnosed, and fixed
Roger Dingledine's avatar
Roger Dingledine committed
      by "some guy from France". Fix for CVE-2012-2250; bugfix on
    - Fix a denial of service attack by which any directory authority
      could crash all the others, or by which a single v2 directory
      authority could crash everybody downloading v2 directory
      information. Fixes bug 7191; bugfix on 0.2.0.10-alpha.

  o Major bugfixes (also in 0.2.3.24-rc):
    - When parsing exit policy summaries from microdescriptors, we had
      previously been ignoring the last character in each one, so that
      "accept 80,443,8080" would be treated by clients as indicating
      a node that allows access to ports 80, 443, and 808. That would
      lead to clients attempting connections that could never work,
      and ignoring exit nodes that would support their connections. Now
      clients parse these exit policy summaries correctly. Fixes bug 7192;
      bugfix on 0.2.3.1-alpha.

  o Minor bugfixes (also in 0.2.3.24-rc):
    - Clients now consider the ClientRejectInternalAddresses config option
      when using a microdescriptor consensus stanza to decide whether
      an exit relay would allow exiting to an internal address. Fixes
      bug 7190; bugfix on 0.2.3.1-alpha.

  o Minor bugfixes:
    - Only disable TLS session ticket support when running as a TLS
Roger Dingledine's avatar
Roger Dingledine committed
      server. Now clients will blend better with regular Firefox
      connections. Fixes bug 7189; bugfix on Tor 0.2.3.23-rc.

  o Code simplification and refactoring:
    - Start using OpenBSD's implementation of queue.h (originally by
      Niels Provos).
    - Move the entry node code from circuitbuild.c to its own file.
    - Move the circuit build timeout tracking code from circuitbuild.c
      to its own file.
Changes in version 0.2.3.24-rc - 2012-10-25
  Tor 0.2.3.24-rc fixes two important security vulnerabilities that
  could lead to remotely triggerable relay crashes, and fixes
  a major bug that was preventing clients from choosing suitable exit
  nodes.

  o Major bugfixes (security):
    - Fix a group of remotely triggerable assertion failures related to
      incorrect link protocol negotiation. Found, diagnosed, and fixed
      by "some guy from France". Fix for CVE-2012-2250; bugfix on
      0.2.3.6-alpha.
    - Fix a denial of service attack by which any directory authority
      could crash all the others, or by which a single v2 directory
      authority could crash everybody downloading v2 directory
      information. Fixes bug 7191; bugfix on 0.2.0.10-alpha.

  o Major bugfixes:
    - When parsing exit policy summaries from microdescriptors, we had
      previously been ignoring the last character in each one, so that
      "accept 80,443,8080" would be treated by clients as indicating
      a node that allows access to ports 80, 443, and 808. That would
      lead to clients attempting connections that could never work,
      and ignoring exit nodes that would support their connections. Now
      clients parse these exit policy summaries correctly. Fixes bug 7192;
      bugfix on 0.2.3.1-alpha.

  o Minor bugfixes:
    - Clients now consider the ClientRejectInternalAddresses config option
      when using a microdescriptor consensus stanza to decide whether
      an exit relay would allow exiting to an internal address. Fixes
      bug 7190; bugfix on 0.2.3.1-alpha.


Changes in version 0.2.4.4-alpha - 2012-10-20
  Tor 0.2.4.4-alpha adds a new v3 directory authority, fixes a privacy
  vulnerability introduced by a change in OpenSSL, fixes a remotely
  triggerable assert, and adds new channel_t and circuitmux_t abstractions
  that will make it easier to test new connection transport and cell
  scheduling algorithms.

  o New directory authorities (also in 0.2.3.23-rc):
    - Add Faravahar (run by Sina Rabbani) as the ninth v3 directory
      authority. Closes ticket 5749.

  o Major bugfixes (security/privacy, also in 0.2.3.23-rc):
    - Disable TLS session tickets. OpenSSL's implementation was giving
      our TLS session keys the lifetime of our TLS context objects, when
      perfect forward secrecy would want us to discard anything that
      could decrypt a link connection as soon as the link connection
      was closed. Fixes bug 7139; bugfix on all versions of Tor linked
      against OpenSSL 1.0.0 or later. Found by Florent Daignière.
    - Discard extraneous renegotiation attempts once the V3 link
      protocol has been initiated. Failure to do so left us open to
      a remotely triggerable assertion failure. Fixes CVE-2012-2249;
      bugfix on 0.2.3.6-alpha. Reported by "some guy from France".

  o Internal abstraction features:
    - Introduce new channel_t abstraction between circuits and
      or_connection_t to allow for implementing alternate OR-to-OR
      transports. A channel_t is an abstract object which can either be a
      cell-bearing channel, which is responsible for authenticating and
      handshaking with the remote OR and transmitting cells to and from
      it, or a listening channel, which spawns new cell-bearing channels
      at the request of remote ORs. Implements part of ticket 6465.
    - Also new is the channel_tls_t subclass of channel_t, adapting it
      to the existing or_connection_t code. The V2/V3 protocol handshaking
      code which formerly resided in command.c has been moved below the
      channel_t abstraction layer and may be found in channeltls.c now.
      Implements the rest of ticket 6465.
    - Introduce new circuitmux_t storing the queue of circuits for
      a channel; this encapsulates and abstracts the queue logic and
      circuit selection policy, and allows the latter to be overridden
      easily by switching out a policy object. The existing EWMA behavior
      is now implemented as a circuitmux_policy_t. Resolves ticket 6816.

  o Required libraries:
    - Tor now requires OpenSSL 0.9.8 or later. OpenSSL 1.0.0 or later is
      strongly recommended.

  o Minor features:
    - Warn users who run hidden services on a Tor client with
      UseEntryGuards disabled that their hidden services will be
      vulnerable to http://freehaven.net/anonbib/#hs-attack06 (the
      attack which motivated Tor to support entry guards in the first
      place). Resolves ticket 6889.
    - Tor now builds correctly on Bitrig, an OpenBSD fork. Patch from
      dhill. Resolves ticket 6982.
    - Option OutboundBindAddress can be specified multiple times and
      accepts IPv6 addresses. Resolves ticket 6876.

  o Minor bugfixes (also in 0.2.3.23-rc):
    - Don't serve or accept v2 hidden service descriptors over a
      relay's DirPort. It's never correct to do so, and disabling it
      might make it more annoying to exploit any bugs that turn up in the
      descriptor-parsing code. Fixes bug 7149.
    - Fix two cases in src/or/transports.c where we were calling
      fmt_addr() twice in a parameter list. Bug found by David
      Fifield. Fixes bug 7014; bugfix on 0.2.3.9-alpha.
    - Fix memory leaks whenever we logged any message about the "path
      bias" detection. Fixes bug 7022; bugfix on 0.2.3.21-rc.
    - When relays refuse a "create" cell because their queue of pending
      create cells is too big (typically because their cpu can't keep up
      with the arrival rate), send back reason "resource limit" rather
      than reason "internal", so network measurement scripts can get a
      more accurate picture. Fixes bug 7037; bugfix on 0.1.1.11-alpha.

  o Minor bugfixes:
    - Command-line option "--version" implies "--quiet". Fixes bug 6997.
    - Free some more still-in-use memory at exit, to make hunting for
      memory leaks easier. Resolves bug 7029.
    - When a Tor client gets a "truncated" relay cell, the first byte of
      its payload specifies why the circuit was truncated. We were
      ignoring this 'reason' byte when tearing down the circuit, resulting
      in the controller not being told why the circuit closed. Now we
      pass the reason from the truncated cell to the controller. Bugfix
      on 0.1.2.3-alpha; fixes bug 7039.
    - Downgrade "Failed to hand off onionskin" messages to "debug"
      severity, since they're typically redundant with the "Your computer
      is too slow" messages. Fixes bug 7038; bugfix on 0.2.2.16-alpha.
    - Make clients running with IPv6 bridges connect over IPv6 again,
      even without setting new config options ClientUseIPv6 and
      ClientPreferIPv6ORPort. Fixes bug 6757; bugfix on 0.2.4.1-alpha.
    - Use square brackets around IPv6 addresses in numerous places
      that needed them, including log messages, HTTPS CONNECT proxy
      requests, TransportProxy statefile entries, and pluggable transport
      extra-info lines. Fixes bug 7011; patch by David Fifield.

  o Code refactoring and cleanup:
    - Source files taken from other packages now reside in src/ext;
      previously they were scattered around the rest of Tor.
    - Avoid use of reserved identifiers in our C code. The C standard
      doesn't like us declaring anything that starts with an
      underscore, so let's knock it off before we get in trouble. Fix
      for bug 1031; bugfix on the first Tor commit.


Changes in version 0.2.3.23-rc - 2012-10-20
  Tor 0.2.3.23-rc adds a new v3 directory authority, fixes a privacy
  vulnerability introduced by a change in OpenSSL, and fixes a variety
  of smaller bugs in preparation for the release.

  o New directory authorities:
    - Add Faravahar (run by Sina Rabbani) as the ninth v3 directory
      authority. Closes ticket 5749.

  o Major bugfixes (security/privacy):
    - Disable TLS session tickets. OpenSSL's implementation was giving
      our TLS session keys the lifetime of our TLS context objects, when
      perfect forward secrecy would want us to discard anything that
      could decrypt a link connection as soon as the link connection
      was closed. Fixes bug 7139; bugfix on all versions of Tor linked
      against OpenSSL 1.0.0 or later. Found by Florent Daignière.
    - Discard extraneous renegotiation attempts once the V3 link
      protocol has been initiated. Failure to do so left us open to
      a remotely triggerable assertion failure. Fixes CVE-2012-2249;
      bugfix on 0.2.3.6-alpha. Reported by "some guy from France".

  o Major bugfixes:
    - Fix a possible crash bug when checking for deactivated circuits
      in connection_or_flush_from_first_active_circuit(). Fixes bug 6341;
      bugfix on 0.2.2.7-alpha. Bug report and fix received pseudonymously.

  o Minor bugfixes (on 0.2.3.x):
    - Fix two cases in src/or/transports.c where we were calling
      fmt_addr() twice in a parameter list. Bug found by David
      Fifield. Fixes bug 7014; bugfix on 0.2.3.9-alpha.
    - Convert an assert in the pathbias code to a log message. The assert
      appears to only be triggerable by Tor2Web mode. Fixes bug 6866;
      bugfix on 0.2.3.17-beta.
    - Fix memory leaks whenever we logged any message about the "path
      bias" detection. Fixes bug 7022; bugfix on 0.2.3.21-rc.

  o Minor bugfixes (on 0.2.2.x and earlier):
    - Don't serve or accept v2 hidden service descriptors over a relay's
      DirPort. It's never correct to do so, and disabling it might
      make it more annoying to exploit any bugs that turn up in the
      descriptor-parsing code. Fixes bug 7149.
    - When relays refuse a "create" cell because their queue of pending
      create cells is too big (typically because their cpu can't keep up
      with the arrival rate), send back reason "resource limit" rather
      than reason "internal", so network measurement scripts can get a
      more accurate picture. Bugfix on 0.1.1.11-alpha; fixes bug 7037.
    - Correct file sizes when reading binary files on Cygwin, to avoid
      a bug where Tor would fail to read its state file. Fixes bug 6844;
      bugfix on 0.1.2.7-alpha.
    - Avoid undefined behaviour when parsing the list of supported
      rendezvous/introduction protocols in a hidden service descriptor.
      Previously, Tor would have confused (as-yet-unused) protocol version
      numbers greater than 32 with lower ones on many platforms. Fixes
      bug 6827; bugfix on 0.2.0.10-alpha. Found by George Kadianakis.

  o Documentation fixes:
    - Clarify that hidden services are TCP only. Fixes bug 6024.


Roger Dingledine's avatar
Roger Dingledine committed
Changes in version 0.2.4.3-alpha - 2012-09-22
  Tor 0.2.4.3-alpha fixes another opportunity for a remotely triggerable
  assertion, resumes letting relays test reachability of their DirPort,
  and cleans up a bunch of smaller bugs.

  o Security fixes:
    - Fix an assertion failure in tor_timegm() that could be triggered
      by a badly formatted directory object. Bug found by fuzzing with
      Radamsa. Fixes bug 6811; bugfix on 0.2.0.20-rc.

  o Major bugfixes:
    - Fix a possible crash bug when checking for deactivated circuits
      in connection_or_flush_from_first_active_circuit(). Fixes bug 6341;
      bugfix on 0.2.2.7-alpha. Bug report and fix received pseudonymously.
    - Allow routers to detect that their own DirPorts are running. When
      we removed support for versions_supports_begindir, we also
      accidentally removed the mechanism we used to self-test our
      DirPort. Diagnosed with help from kargig. Fixes bugs 6814 and 6815;
      bugfix on 0.2.4.2-alpha.

  o Security features:
    - Switch to a completely time-invariant approach for picking nodes
      weighted by bandwidth. Our old approach would run through the
      part of the loop after it had made its choice slightly slower
      than it ran through the part of the loop before it had made its
      choice. Addresses ticket 6538.
Roger Dingledine's avatar
Roger Dingledine committed
    - Disable the use of Guard nodes when in Tor2WebMode. Guard usage
      by tor2web clients allows hidden services to identity tor2web
      clients through their repeated selection of the same rendezvous
      and introduction point circuit endpoints (their guards). Resolves
      ticket 6888.

  o Minor features:
    - Enable Tor to read configuration, state, and key information from
      a FIFO. Previously Tor would only read from files with a positive
      stat.st_size. Code from meejah; fixes bug 6044.

  o Minor bugfixes:
    - Correct file sizes when reading binary files on Cygwin, to avoid
      a bug where Tor would fail to read its state file. Fixes bug 6844;
      bugfix on 0.1.2.7-alpha.
Roger Dingledine's avatar
Roger Dingledine committed
    - Correctly handle votes with more than 31 flags. Fixes bug 6853;
      bugfix on 0.2.0.3-alpha.
    - When complaining about a client port on a public address, log
      which address we're complaining about. Fixes bug 4020; bugfix on
      0.2.3.3-alpha. Patch by Tom Fitzhenry.
    - Convert an assert in the pathbias code to a log message. The assert
      appears to only be triggerable by Tor2Web mode. Fixes bug 6866;
      bugfix on 0.2.3.17-beta.
    - Our new buildsystem was overzealous about rebuilding manpages: it
      would rebuild them all whenever any one of them changed. Now our
      dependency checking should be correct. Fixes bug 6843; bugfix on
      0.2.4.1-alpha.
    - Don't do reachability testing over IPv6 unless AuthDirPublishIPv6
      is set. Fixes bug 6880. Bugfix on 0.2.4.1-alpha.
    - Correct log printout about which address family is preferred
      when connecting to a bridge with both an IPv4 and IPv6 OR port.
      Fixes bug 6884; bugfix on 0.2.4.1-alpha.

  o Minor bugfixes (code cleanliness):
    - Fix round_to_power_of_2() so it doesn't invoke undefined behavior
      with large values. This situation was untriggered, but nevertheless
      incorrect. Fixes bug 6831; bugfix on 0.2.0.1-alpha.
    - Reject consensus votes with more than 64 known-flags. We aren't even
      close to that limit yet, and our code doesn't handle it correctly.
      Fixes bug 6833; bugfix on 0.2.0.1-alpha.
    - Avoid undefined behaviour when parsing the list of supported
      rendezvous/introduction protocols in a hidden service descriptor.
      Previously, Tor would have confused (as-yet-unused) protocol version
      numbers greater than 32 with lower ones on many platforms. Fixes
      bug 6827; bugfix on 0.2.0.10-alpha. Found by George Kadianakis.
Roger Dingledine's avatar
Roger Dingledine committed
    - Fix handling of rendezvous client authorization types over 8.
      Fixes bug 6861; bugfix on 0.2.1.5-alpha.
    - Fix building with older versions of GCC (2.95, for one) that don't
      like preprocessor directives inside macro arguments. Found by
      grarpamp. Fixes bug 6842; bugfix on 0.2.4.2-alpha.
    - Switch weighted node selection rule from using a list of doubles
      to using a list of int64_t. This change should make the process
      slightly easier to debug and maintain. Needed to finish ticket 6538.

  o Code simplification and refactoring:
    - Move the generic "config" code into a new file, and have "config.c"
      hold only torrc- and state-related code. Resolves ticket 6823.
    - Move the core of our "choose a weighted element at random" logic
      into its own function, and give it unit tests. Now the logic is
      testable, and a little less fragile too.
Roger Dingledine's avatar
Roger Dingledine committed
    - Removed the testing_since field of node_t, which hasn't been used
      for anything since 0.2.0.9-alpha.

  o Documentation fixes:
Roger Dingledine's avatar
Roger Dingledine committed
    - Clarify that hidden services are TCP only. Fixes bug 6024.
    - Resolve a typo in torrc.sample.in. Fixes bug 6819; bugfix on
      0.2.3.14-alpha.


Changes in version 0.2.3.22-rc - 2012-09-11
  Tor 0.2.3.22-rc fixes another opportunity for a remotely triggerable
  assertion.

  o Security fixes:
    - Fix an assertion failure in tor_timegm() that could be triggered
      by a badly formatted directory object. Bug found by fuzzing with
      Radamsa. Fixes bug 6811; bugfix on 0.2.0.20-rc.

  o Minor bugfixes:
    - Avoid segfault when starting up having run with an extremely old
      version of Tor and parsing its state file. Fixes bug 6801; bugfix
      on 0.2.2.23-alpha.


Changes in version 0.2.2.39 - 2012-09-11
  Tor 0.2.2.39 fixes two more opportunities for remotely triggerable
  assertions.

  o Security fixes:
    - Fix an assertion failure in tor_timegm() that could be triggered
      by a badly formatted directory object. Bug found by fuzzing with
      Radamsa. Fixes bug 6811; bugfix on 0.2.0.20-rc.
    - Do not crash when comparing an address with port value 0 to an
      address policy. This bug could have been used to cause a remote
      assertion failure by or against directory authorities, or to
      allow some applications to crash clients. Fixes bug 6690; bugfix
      on 0.2.1.10-alpha.


Changes in version 0.2.4.2-alpha - 2012-09-10
  Tor 0.2.4.2-alpha enables port forwarding for pluggable transports,
  raises the default rate limiting even more, and makes the bootstrapping
  log messages less noisy.

  o Major features:
    - Automatically forward the TCP ports of pluggable transport
      proxies using tor-fw-helper if PortForwarding is enabled. Implements
      ticket 4567.

  o Major bugfixes:
    - Raise the default BandwidthRate/BandwidthBurst values from 5MB/10MB
      to 1GB/1GB. The previous defaults were intended to be "basically
      infinite", but it turns out they're now limiting our 100mbit+
      relays and bridges. Fixes bug 6605; bugfix on 0.2.0.10-alpha (the
      last time we raised it).

  o Minor features:
    - Detect when we're running with a version of OpenSSL other than the
      one we compiled with. This has occasionally given people hard-to-
      track-down errors.
    - Log fewer lines at level "notice" about our OpenSSL and Libevent
      versions and capabilities when everything is going right. Resolves
      part of ticket 6736.
    - Directory authorities no long accept descriptors for any version of
      Tor before 0.2.2.35, or for any 0.2.3 release before 0.2.3.10-alpha.
      These versions are insecure, unsupported, or both. Implements
      ticket 6789.

  o Minor bugfixes:
    - Rename the (internal-use-only) UsingTestingNetworkDefaults option
      to start with a triple-underscore so the controller won't touch it.
      Patch by Meejah. Fixes bug 3155. Bugfix on 0.2.2.23-alpha.
Roger Dingledine's avatar
Roger Dingledine committed
    - Avoid segfault when starting up having run with an extremely old
      version of Tor and parsing its state file. Fixes bug 6801; bugfix
      on 0.2.2.23-alpha.
    - Rename the (testing-use-only) _UseFilteringSSLBufferevents option
      so it doesn't start with _. Fixes bug 3155. Bugfix on 0.2.3.1-alpha.
    - Don't follow the NULL pointer if microdescriptor generation fails.
      (This does not appear to be triggerable, but it's best to be safe.)
      Found by "f. tp.". Fixes bug 6797; bugfix on 0.2.4.1-alpha.
    - Fix mis-declared dependencies on src/common/crypto.c and
      src/or/tor_main.c that could break out-of-tree builds under some
      circumstances. Fixes bug 6778; bugfix on 0.2.4.1-alpha.
    - Avoid a warning when building common_sha1.i out of tree. Fixes bug
      6778; bugfix on 0.2.4.1-alpha.
    - Fix a harmless (in this case) build warning for implicitly
      converting a strlen() to an int. Bugfix on 0.2.4.1-alpha.

  o Removed features:
    - Now that all versions before 0.2.2.x are disallowed, we no longer
      need to work around their missing features. Thus we can remove a
      bunch of compatibility code.

  o Code refactoring:
    - Tweak tor-fw-helper to accept an arbitrary amount of arbitrary
      TCP ports to forward. In the past it only accepted two ports:
      the ORPort and the DirPort.


Changes in version 0.2.4.1-alpha - 2012-09-05
  Tor 0.2.4.1-alpha lets bridges publish their pluggable transports to
  bridgedb; lets relays use IPv6 addresses and directory authorities
  advertise them; and switches to a cleaner build interface.

  This is the first alpha release in a new series, so expect there to
  be bugs. Users who would rather test out a more stable branch should
  stay with 0.2.3.x for now.

  o Major features (bridges):
    - Bridges now report the pluggable transports they support to the
      bridge authority, so it can pass the supported transports on to
      bridgedb and/or eventually do reachability testing. Implements
      ticket 3589.

  o Major features (IPv6):
    - Bridge authorities now accept IPv6 bridge addresses and include
      them in network status documents. Implements ticket 5534.
    - Clients who set "ClientUseIPv6 1" may connect to entry nodes over
      IPv6. Set "ClientPreferIPv6ORPort 1" to make this even more likely
      to happen. Implements ticket 5535.
    - All kind of relays, not just bridges, can now advertise an IPv6
      OR port. Implements ticket 6362.
    - Directory authorities vote on IPv6 OR ports using the new consensus
      method 14. Implements ticket 6363.

  o Major features (build):
    - Switch to a nonrecursive Makefile structure. Now instead of each
      Makefile.am invoking other Makefile.am's, there is a master
      Makefile.am that includes the others. This change makes our build
      process slightly more maintainable, and improves parallelism for
      building with make -j. Original patch by Stewart Smith; various
      fixes by Jim Meyering.
    - Where available, we now use automake's "silent" make rules by
      default, so that warnings are easier to spot. You can get the old
      behavior with "make V=1". Patch by Stewart Smith for ticket 6522.

  o Minor features (code security and spec conformance):
    - Clear keys and key-derived material left on the stack in
      rendservice.c and rendclient.c. Check return value of
      crypto_pk_write_private_key_to_string() in end_service_load_keys().
      These fixes should make us more forward-secure against cold-boot
      attacks and the like. Fixes bug 2385.
    - Reject EXTEND cells sent to nonexistent streams. According to the
      spec, an EXTEND cell sent to _any_ nonzero stream ID is invalid, but
      we were only checking for stream IDs that were currently in use.
      Found while hunting for more instances of bug 6271. Bugfix on
      0.0.2pre8, which introduced incremental circuit construction.

  o Minor features (streamlining);
    - No longer include the "opt" prefix when generating routerinfos
      or v2 directories: it has been needless since Tor 0.1.2. Closes
      ticket 5124.
    - Remove some now-needless code that tried to aggressively flush
      OR connections as data was added to them. Since 0.2.0.1-alpha, our
      cell queue logic has saved us from the failure mode that this code
      was supposed to prevent. Removing this code will limit the number
      of baroque control flow paths through Tor's network logic. Reported
      pseudonymously on IRC. Fixes bug 6468; bugfix on 0.2.0.1-alpha.

  o Minor features (controller):