Loading ChangeLog +177 −177 Original line number Diff line number Diff line Loading @@ -150,100 +150,6 @@ Changes in version 0.4.7.2-alpha - 2021-10-26 ticket 40485. Changes in version 0.4.7.1-alpha - 2021-09-17 This version is the first alpha release of the 0.4.7.x series. One major feature is Vanguards Lite, from proposal 333, to help mitigate guard discovery attacks against onion services. It also includes numerous bugfixes. o Major features (Proposal 332, onion services, guard selection algorithm): - Clients and onion services now choose four long-lived "layer 2" guard relays for use as the middle hop in all onion circuits. These relays are kept in place for a randomized duration averaging 1 week. This mitigates guard discovery attacks against clients and short-lived onion services such as OnionShare. Long-lived onion services that need high security should still use the Vanguards addon (https://github.com/mikeperry-tor/vanguards). Closes ticket 40363; implements proposal 333. o Minor features (bridge testing support): - Let external bridge reachability testing tools discard cached bridge descriptors when setting new bridges, so they can be sure to get a clean reachability test. Implements ticket 40209. o Minor features (fuzzing): - When building with --enable-libfuzzer, use a set of compiler flags that works with more recent versions of the library. Previously we were using a set of flags from 2017. Closes ticket 40407. o Minor features (testing configuration): - When TestingTorNetwork is enabled, skip the permissions check on hidden service directories. Closes ticket 40338. - On a testing network, relays can now use the TestingMinTimeToReportBandwidth option to change the smallest amount of time over which they're willing to report their observed maximum bandwidth. Previously, this was fixed at 1 day. For safety, values under 2 hours are only supported on testing networks. Part of a fix for ticket 40337. - Relays on testing networks no longer rate-limit how frequently they are willing to report new bandwidth measurements. Part of a fix for ticket 40337. - Relays on testing networks now report their observed bandwidths immediately from startup. Previously, they waited until they had been running for a full day. Closes ticket 40337. o Minor bugfixes (circuit padding): - Don't send STOP circuit padding cells when the other side has already shut down the corresponding padding machine. Fixes bug 40435; bugfix on 0.4.0.1-alpha. o Minor bugfixes (compatibility): - Fix compatibility with the most recent Libevent versions, which no longer have an evdns_set_random_bytes() function. Because this function has been a no-op since Libevent 2.0.4-alpha, it is safe for us to just stop calling it. Fixes bug 40371; bugfix on 0.2.1.7-alpha. o Minor bugfixes (control, sandbox): - Allows the control command SAVECONF to succeed when the seccomp sandbox is enabled. Makes SAVECONF keep only one backup file, to simplify implementation. Fixes bug 40317; bugfix on 0.2.5.4-alpha. Patch by Daniel Pinto. o Minor bugfixes (heartbeat): - Adjust the heartbeat log message about distinct clients to consider the HeartbeatPeriod rather than a flat 6-hour delay. Fixes bug 40330; bugfix on 0.2.6.3-alpha. o Minor bugfixes (logging, relay): - Add spaces between the "and" when logging the "Your server has not managed to confirm reachability for its" on dual-stack relays. Fixes bug 40453; bugfix on 0.4.5.1-alpha. Patch by Neel Chauhan. o Minor bugfixes (onion service): - Do not flag an HSDir as non-running in case the descriptor upload or fetch fails. An onion service closes pending directory connections before uploading a new descriptor which leads to wrongly flagging many relays and thus affecting circuit path selection. Fixes bug 40434; bugfix on 0.2.0.13-alpha. o Minor bugfixes (statistics): - Fix a fencepost issue when we check stability_last_downrated where we called rep_hist_downrate_old_runs() twice. Fixes bug 40394; bugfix on 0.2.0.5-alpha. Patch by Neel Chauhan. o Minor bugfixes (tests): - Fix a bug that prevented some tests from running with the correct names. Fixes bug 40365; bugfix on 0.4.3.1-alpha. o Documentation: - Add links to original tor design paper and anonbib to docs/HACKING/README.1st.md. Closes ticket 33742. Patch from Emily Bones. - Describe the "fingerprint-ed25519" file in the tor.1 man page. Fixes bug 40467; bugfix on 0.4.3.1-alpha. Patch by Neel Chauhan. Changes in version 0.4.6.8 - 2021-10-26 This version fixes several bugs from earlier versions of Tor. One highlight is a fix on how we track DNS timeouts to report general Loading Loading @@ -303,52 +209,6 @@ Changes in version 0.4.6.8 - 2021-10-26 Fixes bug 40474; bugfix on 0.4.5.8. Changes in version 0.4.6.7 - 2021-08-16 This version fixes several bugs from earlier versions of Tor, including one that could lead to a denial-of-service attack. Everyone running an earlier version, whether as a client, a relay, or an onion service, should upgrade to Tor 0.3.5.16, 0.4.5.10, or 0.4.6.7. o Major bugfixes (cryptography, security): - Resolve an assertion failure caused by a behavior mismatch between our batch-signature verification code and our single-signature verification code. This assertion failure could be triggered remotely, leading to a denial of service attack. We fix this issue by disabling batch verification. Fixes bug 40078; bugfix on 0.2.6.1-alpha. This issue is also tracked as TROVE-2021-007 and CVE-2021-38385. Found by Henry de Valence. o Minor feature (fallbackdir): - Regenerate fallback directories list. Close ticket 40447. o Minor features (geoip data): - Update the geoip files to match the IPFire Location Database, as retrieved on 2021/08/12. o Minor bugfix (crypto): - Disable the unused batch verification feature of ed25519-donna. Fixes bug 40078; bugfix on 0.2.6.1-alpha. Found by Henry de Valence. o Minor bugfixes (onion service): - Send back the extended SOCKS error 0xF6 (Onion Service Invalid Address) for a v2 onion address. Fixes bug 40421; bugfix on 0.4.6.2-alpha. o Minor bugfixes (relay): - Reduce the compression level for data streaming from HIGH to LOW in order to reduce CPU load on the directory relays. Fixes bug 40301; bugfix on 0.3.5.1-alpha. o Minor bugfixes (timekeeping): - Calculate the time of day correctly on systems where the time_t type includes leap seconds. (This is not the case on most operating systems, but on those where it occurs, our tor_timegm function did not correctly invert the system's gmtime function, which could result in assertion failures when calculating voting schedules.) Fixes bug 40383; bugfix on 0.2.0.3-alpha. Changes in version 0.4.5.11 - 2021-10-26 The major change in this version is that v2 onion services are now disabled at the client, service, and relay: any Tor nodes running this Loading Loading @@ -430,6 +290,183 @@ Changes in version 0.4.5.11 - 2021-10-26 Fixes bug 40474; bugfix on 0.4.5.8. Changes in version 0.3.5.17 - 2021-10-26 The major change in this version is that v2 onion services are now disabled at the client, service, and relay: any Tor nodes running this version and onward will stop supporting v2 onion services. This is the last step in the long deprecation process of v2 onion services. Everyone running an earlier version, whether as a client, a relay, or an onion service, should upgrade to Tor 0.3.5.17, 0.4.5.11, or 0.4.6.8. o Major feature (onion service v2, backport from 0.4.5.11): - See https://blog.torproject.org/v2-deprecation-timeline for details on how to transition from v2 to v3. - The control port commands HSFETCH and HSPOST no longer allow version 2, and it is no longer possible to create a v2 service with ADD_ONION. - Tor no longer allows creating v2 services, or connecting as a client to a v2 service. Relays will decline to be a v2 HSDir or introduction point. This effectively disables onion service version 2 Tor-wide. Closes ticket 40476. o Minor features (bridge, backport from 0.4.6.8): - We now announce the URL to Tor's new bridge status at https://bridges.torproject.org/ when Tor is configured to run as a bridge relay. Closes ticket 30477. o Minor features (fallbackdir): - Regenerate fallback directories for October 2021. Closes ticket 40493. o Minor bugfixes (compatibility, backport from 0.4.6.8): - Fix compatibility with the most recent Libevent versions, which no longer have an evdns_set_random_bytes() function. Because this function has been a no-op since Libevent 2.0.4-alpha, it is safe for us to just stop calling it. Fixes bug 40371; bugfix on 0.2.1.7-alpha. Changes in version 0.4.7.1-alpha - 2021-09-17 This version is the first alpha release of the 0.4.7.x series. One major feature is Vanguards Lite, from proposal 333, to help mitigate guard discovery attacks against onion services. It also includes numerous bugfixes. o Major features (Proposal 332, onion services, guard selection algorithm): - Clients and onion services now choose four long-lived "layer 2" guard relays for use as the middle hop in all onion circuits. These relays are kept in place for a randomized duration averaging 1 week. This mitigates guard discovery attacks against clients and short-lived onion services such as OnionShare. Long-lived onion services that need high security should still use the Vanguards addon (https://github.com/mikeperry-tor/vanguards). Closes ticket 40363; implements proposal 333. o Minor features (bridge testing support): - Let external bridge reachability testing tools discard cached bridge descriptors when setting new bridges, so they can be sure to get a clean reachability test. Implements ticket 40209. o Minor features (fuzzing): - When building with --enable-libfuzzer, use a set of compiler flags that works with more recent versions of the library. Previously we were using a set of flags from 2017. Closes ticket 40407. o Minor features (testing configuration): - When TestingTorNetwork is enabled, skip the permissions check on hidden service directories. Closes ticket 40338. - On a testing network, relays can now use the TestingMinTimeToReportBandwidth option to change the smallest amount of time over which they're willing to report their observed maximum bandwidth. Previously, this was fixed at 1 day. For safety, values under 2 hours are only supported on testing networks. Part of a fix for ticket 40337. - Relays on testing networks no longer rate-limit how frequently they are willing to report new bandwidth measurements. Part of a fix for ticket 40337. - Relays on testing networks now report their observed bandwidths immediately from startup. Previously, they waited until they had been running for a full day. Closes ticket 40337. o Minor bugfixes (circuit padding): - Don't send STOP circuit padding cells when the other side has already shut down the corresponding padding machine. Fixes bug 40435; bugfix on 0.4.0.1-alpha. o Minor bugfixes (compatibility): - Fix compatibility with the most recent Libevent versions, which no longer have an evdns_set_random_bytes() function. Because this function has been a no-op since Libevent 2.0.4-alpha, it is safe for us to just stop calling it. Fixes bug 40371; bugfix on 0.2.1.7-alpha. o Minor bugfixes (control, sandbox): - Allows the control command SAVECONF to succeed when the seccomp sandbox is enabled. Makes SAVECONF keep only one backup file, to simplify implementation. Fixes bug 40317; bugfix on 0.2.5.4-alpha. Patch by Daniel Pinto. o Minor bugfixes (heartbeat): - Adjust the heartbeat log message about distinct clients to consider the HeartbeatPeriod rather than a flat 6-hour delay. Fixes bug 40330; bugfix on 0.2.6.3-alpha. o Minor bugfixes (logging, relay): - Add spaces between the "and" when logging the "Your server has not managed to confirm reachability for its" on dual-stack relays. Fixes bug 40453; bugfix on 0.4.5.1-alpha. Patch by Neel Chauhan. o Minor bugfixes (onion service): - Do not flag an HSDir as non-running in case the descriptor upload or fetch fails. An onion service closes pending directory connections before uploading a new descriptor which leads to wrongly flagging many relays and thus affecting circuit path selection. Fixes bug 40434; bugfix on 0.2.0.13-alpha. o Minor bugfixes (statistics): - Fix a fencepost issue when we check stability_last_downrated where we called rep_hist_downrate_old_runs() twice. Fixes bug 40394; bugfix on 0.2.0.5-alpha. Patch by Neel Chauhan. o Minor bugfixes (tests): - Fix a bug that prevented some tests from running with the correct names. Fixes bug 40365; bugfix on 0.4.3.1-alpha. o Documentation: - Add links to original tor design paper and anonbib to docs/HACKING/README.1st.md. Closes ticket 33742. Patch from Emily Bones. - Describe the "fingerprint-ed25519" file in the tor.1 man page. Fixes bug 40467; bugfix on 0.4.3.1-alpha. Patch by Neel Chauhan. Changes in version 0.4.6.7 - 2021-08-16 This version fixes several bugs from earlier versions of Tor, including one that could lead to a denial-of-service attack. Everyone running an earlier version, whether as a client, a relay, or an onion service, should upgrade to Tor 0.3.5.16, 0.4.5.10, or 0.4.6.7. o Major bugfixes (cryptography, security): - Resolve an assertion failure caused by a behavior mismatch between our batch-signature verification code and our single-signature verification code. This assertion failure could be triggered remotely, leading to a denial of service attack. We fix this issue by disabling batch verification. Fixes bug 40078; bugfix on 0.2.6.1-alpha. This issue is also tracked as TROVE-2021-007 and CVE-2021-38385. Found by Henry de Valence. o Minor feature (fallbackdir): - Regenerate fallback directories list. Close ticket 40447. o Minor features (geoip data): - Update the geoip files to match the IPFire Location Database, as retrieved on 2021/08/12. o Minor bugfix (crypto): - Disable the unused batch verification feature of ed25519-donna. Fixes bug 40078; bugfix on 0.2.6.1-alpha. Found by Henry de Valence. o Minor bugfixes (onion service): - Send back the extended SOCKS error 0xF6 (Onion Service Invalid Address) for a v2 onion address. Fixes bug 40421; bugfix on 0.4.6.2-alpha. o Minor bugfixes (relay): - Reduce the compression level for data streaming from HIGH to LOW in order to reduce CPU load on the directory relays. Fixes bug 40301; bugfix on 0.3.5.1-alpha. o Minor bugfixes (timekeeping): - Calculate the time of day correctly on systems where the time_t type includes leap seconds. (This is not the case on most operating systems, but on those where it occurs, our tor_timegm function did not correctly invert the system's gmtime function, which could result in assertion failures when calculating voting schedules.) Fixes bug 40383; bugfix on 0.2.0.3-alpha. Changes in version 0.4.5.10 - 2021-08-16 This version fixes several bugs from earlier versions of Tor, including one that could lead to a denial-of-service attack. Everyone Loading Loading @@ -479,43 +516,6 @@ Changes in version 0.4.5.10 - 2021-08-16 versions of NSS. Fixes bug 40409; bugfix on 0.3.5.1-alpha. Changes in version 0.3.5.17 - 2021-10-26 The major change in this version is that v2 onion services are now disabled at the client, service, and relay: any Tor nodes running this version and onward will stop supporting v2 onion services. This is the last step in the long deprecation process of v2 onion services. Everyone running an earlier version, whether as a client, a relay, or an onion service, should upgrade to Tor 0.3.5.17, 0.4.5.11, or 0.4.6.8. o Major feature (onion service v2, backport from 0.4.5.11): - See https://blog.torproject.org/v2-deprecation-timeline for details on how to transition from v2 to v3. - The control port commands HSFETCH and HSPOST no longer allow version 2, and it is no longer possible to create a v2 service with ADD_ONION. - Tor no longer allows creating v2 services, or connecting as a client to a v2 service. Relays will decline to be a v2 HSDir or introduction point. This effectively disables onion service version 2 Tor-wide. Closes ticket 40476. o Minor features (bridge, backport from 0.4.6.8): - We now announce the URL to Tor's new bridge status at https://bridges.torproject.org/ when Tor is configured to run as a bridge relay. Closes ticket 30477. o Minor features (fallbackdir): - Regenerate fallback directories for October 2021. Closes ticket 40493. o Minor bugfixes (compatibility, backport from 0.4.6.8): - Fix compatibility with the most recent Libevent versions, which no longer have an evdns_set_random_bytes() function. Because this function has been a no-op since Libevent 2.0.4-alpha, it is safe for us to just stop calling it. Fixes bug 40371; bugfix on 0.2.1.7-alpha. Changes in version 0.3.5.16 - 2021-08-16 This version fixes several bugs from earlier versions of Tor, including one that could lead to a denial-of-service attack. Everyone ReleaseNotes +281 −281 File changed.Preview size limit exceeded, changes collapsed. Show changes Loading
ChangeLog +177 −177 Original line number Diff line number Diff line Loading @@ -150,100 +150,6 @@ Changes in version 0.4.7.2-alpha - 2021-10-26 ticket 40485. Changes in version 0.4.7.1-alpha - 2021-09-17 This version is the first alpha release of the 0.4.7.x series. One major feature is Vanguards Lite, from proposal 333, to help mitigate guard discovery attacks against onion services. It also includes numerous bugfixes. o Major features (Proposal 332, onion services, guard selection algorithm): - Clients and onion services now choose four long-lived "layer 2" guard relays for use as the middle hop in all onion circuits. These relays are kept in place for a randomized duration averaging 1 week. This mitigates guard discovery attacks against clients and short-lived onion services such as OnionShare. Long-lived onion services that need high security should still use the Vanguards addon (https://github.com/mikeperry-tor/vanguards). Closes ticket 40363; implements proposal 333. o Minor features (bridge testing support): - Let external bridge reachability testing tools discard cached bridge descriptors when setting new bridges, so they can be sure to get a clean reachability test. Implements ticket 40209. o Minor features (fuzzing): - When building with --enable-libfuzzer, use a set of compiler flags that works with more recent versions of the library. Previously we were using a set of flags from 2017. Closes ticket 40407. o Minor features (testing configuration): - When TestingTorNetwork is enabled, skip the permissions check on hidden service directories. Closes ticket 40338. - On a testing network, relays can now use the TestingMinTimeToReportBandwidth option to change the smallest amount of time over which they're willing to report their observed maximum bandwidth. Previously, this was fixed at 1 day. For safety, values under 2 hours are only supported on testing networks. Part of a fix for ticket 40337. - Relays on testing networks no longer rate-limit how frequently they are willing to report new bandwidth measurements. Part of a fix for ticket 40337. - Relays on testing networks now report their observed bandwidths immediately from startup. Previously, they waited until they had been running for a full day. Closes ticket 40337. o Minor bugfixes (circuit padding): - Don't send STOP circuit padding cells when the other side has already shut down the corresponding padding machine. Fixes bug 40435; bugfix on 0.4.0.1-alpha. o Minor bugfixes (compatibility): - Fix compatibility with the most recent Libevent versions, which no longer have an evdns_set_random_bytes() function. Because this function has been a no-op since Libevent 2.0.4-alpha, it is safe for us to just stop calling it. Fixes bug 40371; bugfix on 0.2.1.7-alpha. o Minor bugfixes (control, sandbox): - Allows the control command SAVECONF to succeed when the seccomp sandbox is enabled. Makes SAVECONF keep only one backup file, to simplify implementation. Fixes bug 40317; bugfix on 0.2.5.4-alpha. Patch by Daniel Pinto. o Minor bugfixes (heartbeat): - Adjust the heartbeat log message about distinct clients to consider the HeartbeatPeriod rather than a flat 6-hour delay. Fixes bug 40330; bugfix on 0.2.6.3-alpha. o Minor bugfixes (logging, relay): - Add spaces between the "and" when logging the "Your server has not managed to confirm reachability for its" on dual-stack relays. Fixes bug 40453; bugfix on 0.4.5.1-alpha. Patch by Neel Chauhan. o Minor bugfixes (onion service): - Do not flag an HSDir as non-running in case the descriptor upload or fetch fails. An onion service closes pending directory connections before uploading a new descriptor which leads to wrongly flagging many relays and thus affecting circuit path selection. Fixes bug 40434; bugfix on 0.2.0.13-alpha. o Minor bugfixes (statistics): - Fix a fencepost issue when we check stability_last_downrated where we called rep_hist_downrate_old_runs() twice. Fixes bug 40394; bugfix on 0.2.0.5-alpha. Patch by Neel Chauhan. o Minor bugfixes (tests): - Fix a bug that prevented some tests from running with the correct names. Fixes bug 40365; bugfix on 0.4.3.1-alpha. o Documentation: - Add links to original tor design paper and anonbib to docs/HACKING/README.1st.md. Closes ticket 33742. Patch from Emily Bones. - Describe the "fingerprint-ed25519" file in the tor.1 man page. Fixes bug 40467; bugfix on 0.4.3.1-alpha. Patch by Neel Chauhan. Changes in version 0.4.6.8 - 2021-10-26 This version fixes several bugs from earlier versions of Tor. One highlight is a fix on how we track DNS timeouts to report general Loading Loading @@ -303,52 +209,6 @@ Changes in version 0.4.6.8 - 2021-10-26 Fixes bug 40474; bugfix on 0.4.5.8. Changes in version 0.4.6.7 - 2021-08-16 This version fixes several bugs from earlier versions of Tor, including one that could lead to a denial-of-service attack. Everyone running an earlier version, whether as a client, a relay, or an onion service, should upgrade to Tor 0.3.5.16, 0.4.5.10, or 0.4.6.7. o Major bugfixes (cryptography, security): - Resolve an assertion failure caused by a behavior mismatch between our batch-signature verification code and our single-signature verification code. This assertion failure could be triggered remotely, leading to a denial of service attack. We fix this issue by disabling batch verification. Fixes bug 40078; bugfix on 0.2.6.1-alpha. This issue is also tracked as TROVE-2021-007 and CVE-2021-38385. Found by Henry de Valence. o Minor feature (fallbackdir): - Regenerate fallback directories list. Close ticket 40447. o Minor features (geoip data): - Update the geoip files to match the IPFire Location Database, as retrieved on 2021/08/12. o Minor bugfix (crypto): - Disable the unused batch verification feature of ed25519-donna. Fixes bug 40078; bugfix on 0.2.6.1-alpha. Found by Henry de Valence. o Minor bugfixes (onion service): - Send back the extended SOCKS error 0xF6 (Onion Service Invalid Address) for a v2 onion address. Fixes bug 40421; bugfix on 0.4.6.2-alpha. o Minor bugfixes (relay): - Reduce the compression level for data streaming from HIGH to LOW in order to reduce CPU load on the directory relays. Fixes bug 40301; bugfix on 0.3.5.1-alpha. o Minor bugfixes (timekeeping): - Calculate the time of day correctly on systems where the time_t type includes leap seconds. (This is not the case on most operating systems, but on those where it occurs, our tor_timegm function did not correctly invert the system's gmtime function, which could result in assertion failures when calculating voting schedules.) Fixes bug 40383; bugfix on 0.2.0.3-alpha. Changes in version 0.4.5.11 - 2021-10-26 The major change in this version is that v2 onion services are now disabled at the client, service, and relay: any Tor nodes running this Loading Loading @@ -430,6 +290,183 @@ Changes in version 0.4.5.11 - 2021-10-26 Fixes bug 40474; bugfix on 0.4.5.8. Changes in version 0.3.5.17 - 2021-10-26 The major change in this version is that v2 onion services are now disabled at the client, service, and relay: any Tor nodes running this version and onward will stop supporting v2 onion services. This is the last step in the long deprecation process of v2 onion services. Everyone running an earlier version, whether as a client, a relay, or an onion service, should upgrade to Tor 0.3.5.17, 0.4.5.11, or 0.4.6.8. o Major feature (onion service v2, backport from 0.4.5.11): - See https://blog.torproject.org/v2-deprecation-timeline for details on how to transition from v2 to v3. - The control port commands HSFETCH and HSPOST no longer allow version 2, and it is no longer possible to create a v2 service with ADD_ONION. - Tor no longer allows creating v2 services, or connecting as a client to a v2 service. Relays will decline to be a v2 HSDir or introduction point. This effectively disables onion service version 2 Tor-wide. Closes ticket 40476. o Minor features (bridge, backport from 0.4.6.8): - We now announce the URL to Tor's new bridge status at https://bridges.torproject.org/ when Tor is configured to run as a bridge relay. Closes ticket 30477. o Minor features (fallbackdir): - Regenerate fallback directories for October 2021. Closes ticket 40493. o Minor bugfixes (compatibility, backport from 0.4.6.8): - Fix compatibility with the most recent Libevent versions, which no longer have an evdns_set_random_bytes() function. Because this function has been a no-op since Libevent 2.0.4-alpha, it is safe for us to just stop calling it. Fixes bug 40371; bugfix on 0.2.1.7-alpha. Changes in version 0.4.7.1-alpha - 2021-09-17 This version is the first alpha release of the 0.4.7.x series. One major feature is Vanguards Lite, from proposal 333, to help mitigate guard discovery attacks against onion services. It also includes numerous bugfixes. o Major features (Proposal 332, onion services, guard selection algorithm): - Clients and onion services now choose four long-lived "layer 2" guard relays for use as the middle hop in all onion circuits. These relays are kept in place for a randomized duration averaging 1 week. This mitigates guard discovery attacks against clients and short-lived onion services such as OnionShare. Long-lived onion services that need high security should still use the Vanguards addon (https://github.com/mikeperry-tor/vanguards). Closes ticket 40363; implements proposal 333. o Minor features (bridge testing support): - Let external bridge reachability testing tools discard cached bridge descriptors when setting new bridges, so they can be sure to get a clean reachability test. Implements ticket 40209. o Minor features (fuzzing): - When building with --enable-libfuzzer, use a set of compiler flags that works with more recent versions of the library. Previously we were using a set of flags from 2017. Closes ticket 40407. o Minor features (testing configuration): - When TestingTorNetwork is enabled, skip the permissions check on hidden service directories. Closes ticket 40338. - On a testing network, relays can now use the TestingMinTimeToReportBandwidth option to change the smallest amount of time over which they're willing to report their observed maximum bandwidth. Previously, this was fixed at 1 day. For safety, values under 2 hours are only supported on testing networks. Part of a fix for ticket 40337. - Relays on testing networks no longer rate-limit how frequently they are willing to report new bandwidth measurements. Part of a fix for ticket 40337. - Relays on testing networks now report their observed bandwidths immediately from startup. Previously, they waited until they had been running for a full day. Closes ticket 40337. o Minor bugfixes (circuit padding): - Don't send STOP circuit padding cells when the other side has already shut down the corresponding padding machine. Fixes bug 40435; bugfix on 0.4.0.1-alpha. o Minor bugfixes (compatibility): - Fix compatibility with the most recent Libevent versions, which no longer have an evdns_set_random_bytes() function. Because this function has been a no-op since Libevent 2.0.4-alpha, it is safe for us to just stop calling it. Fixes bug 40371; bugfix on 0.2.1.7-alpha. o Minor bugfixes (control, sandbox): - Allows the control command SAVECONF to succeed when the seccomp sandbox is enabled. Makes SAVECONF keep only one backup file, to simplify implementation. Fixes bug 40317; bugfix on 0.2.5.4-alpha. Patch by Daniel Pinto. o Minor bugfixes (heartbeat): - Adjust the heartbeat log message about distinct clients to consider the HeartbeatPeriod rather than a flat 6-hour delay. Fixes bug 40330; bugfix on 0.2.6.3-alpha. o Minor bugfixes (logging, relay): - Add spaces between the "and" when logging the "Your server has not managed to confirm reachability for its" on dual-stack relays. Fixes bug 40453; bugfix on 0.4.5.1-alpha. Patch by Neel Chauhan. o Minor bugfixes (onion service): - Do not flag an HSDir as non-running in case the descriptor upload or fetch fails. An onion service closes pending directory connections before uploading a new descriptor which leads to wrongly flagging many relays and thus affecting circuit path selection. Fixes bug 40434; bugfix on 0.2.0.13-alpha. o Minor bugfixes (statistics): - Fix a fencepost issue when we check stability_last_downrated where we called rep_hist_downrate_old_runs() twice. Fixes bug 40394; bugfix on 0.2.0.5-alpha. Patch by Neel Chauhan. o Minor bugfixes (tests): - Fix a bug that prevented some tests from running with the correct names. Fixes bug 40365; bugfix on 0.4.3.1-alpha. o Documentation: - Add links to original tor design paper and anonbib to docs/HACKING/README.1st.md. Closes ticket 33742. Patch from Emily Bones. - Describe the "fingerprint-ed25519" file in the tor.1 man page. Fixes bug 40467; bugfix on 0.4.3.1-alpha. Patch by Neel Chauhan. Changes in version 0.4.6.7 - 2021-08-16 This version fixes several bugs from earlier versions of Tor, including one that could lead to a denial-of-service attack. Everyone running an earlier version, whether as a client, a relay, or an onion service, should upgrade to Tor 0.3.5.16, 0.4.5.10, or 0.4.6.7. o Major bugfixes (cryptography, security): - Resolve an assertion failure caused by a behavior mismatch between our batch-signature verification code and our single-signature verification code. This assertion failure could be triggered remotely, leading to a denial of service attack. We fix this issue by disabling batch verification. Fixes bug 40078; bugfix on 0.2.6.1-alpha. This issue is also tracked as TROVE-2021-007 and CVE-2021-38385. Found by Henry de Valence. o Minor feature (fallbackdir): - Regenerate fallback directories list. Close ticket 40447. o Minor features (geoip data): - Update the geoip files to match the IPFire Location Database, as retrieved on 2021/08/12. o Minor bugfix (crypto): - Disable the unused batch verification feature of ed25519-donna. Fixes bug 40078; bugfix on 0.2.6.1-alpha. Found by Henry de Valence. o Minor bugfixes (onion service): - Send back the extended SOCKS error 0xF6 (Onion Service Invalid Address) for a v2 onion address. Fixes bug 40421; bugfix on 0.4.6.2-alpha. o Minor bugfixes (relay): - Reduce the compression level for data streaming from HIGH to LOW in order to reduce CPU load on the directory relays. Fixes bug 40301; bugfix on 0.3.5.1-alpha. o Minor bugfixes (timekeeping): - Calculate the time of day correctly on systems where the time_t type includes leap seconds. (This is not the case on most operating systems, but on those where it occurs, our tor_timegm function did not correctly invert the system's gmtime function, which could result in assertion failures when calculating voting schedules.) Fixes bug 40383; bugfix on 0.2.0.3-alpha. Changes in version 0.4.5.10 - 2021-08-16 This version fixes several bugs from earlier versions of Tor, including one that could lead to a denial-of-service attack. Everyone Loading Loading @@ -479,43 +516,6 @@ Changes in version 0.4.5.10 - 2021-08-16 versions of NSS. Fixes bug 40409; bugfix on 0.3.5.1-alpha. Changes in version 0.3.5.17 - 2021-10-26 The major change in this version is that v2 onion services are now disabled at the client, service, and relay: any Tor nodes running this version and onward will stop supporting v2 onion services. This is the last step in the long deprecation process of v2 onion services. Everyone running an earlier version, whether as a client, a relay, or an onion service, should upgrade to Tor 0.3.5.17, 0.4.5.11, or 0.4.6.8. o Major feature (onion service v2, backport from 0.4.5.11): - See https://blog.torproject.org/v2-deprecation-timeline for details on how to transition from v2 to v3. - The control port commands HSFETCH and HSPOST no longer allow version 2, and it is no longer possible to create a v2 service with ADD_ONION. - Tor no longer allows creating v2 services, or connecting as a client to a v2 service. Relays will decline to be a v2 HSDir or introduction point. This effectively disables onion service version 2 Tor-wide. Closes ticket 40476. o Minor features (bridge, backport from 0.4.6.8): - We now announce the URL to Tor's new bridge status at https://bridges.torproject.org/ when Tor is configured to run as a bridge relay. Closes ticket 30477. o Minor features (fallbackdir): - Regenerate fallback directories for October 2021. Closes ticket 40493. o Minor bugfixes (compatibility, backport from 0.4.6.8): - Fix compatibility with the most recent Libevent versions, which no longer have an evdns_set_random_bytes() function. Because this function has been a no-op since Libevent 2.0.4-alpha, it is safe for us to just stop calling it. Fixes bug 40371; bugfix on 0.2.1.7-alpha. Changes in version 0.3.5.16 - 2021-08-16 This version fixes several bugs from earlier versions of Tor, including one that could lead to a denial-of-service attack. Everyone
