Commit 765caaea authored by Nick Mathewson's avatar Nick Mathewson 🐛
Browse files

Light edits on changelog. mostly combining sections.

parent f606b3cf
Changes in version 0.3.5.1-alpha-2018-09-??
BLURB HERE. NOTE ABOUT NSS.
 
o Major features (experimental, library support):
- Tor now has _partial_ support for using the NSS cryptography
library in place of OpenSSL. When Tor is configured with
--enable-nss, it will use NSS for several (but not yet all) of its
cryptography. (It still relies on OpenSSL for the rest.)
Eventually, if all goes as planned, "--enable-nss" will produce a
version of Tor that does not depend on OpenSSL. Implements ticket
26816. WARNING: This feature is experimental. Don't use it for
real security yet, until the code has had much more review, and
more bugs have been shaken out.
- When built with --enable-nss, Tor now uses the NSS library for
digests, AES, and pseudorandom numbers. Closes ticket 26815.
o Major features (hidden service v3):
- Implement client authorization at the descriptor level. A new
torrc option was added to control this client side:
ClientOnionAuthDir <path>. On the service side, if the
"authorized_clients/" directory exists in the onion service
directory path, client configuration are read from the files
within. See the manpage for more details. Closes ticket 27547.
Patch done by Suphanat Chunhapanya (haxxpop).
o Major features (hidden service):
- For a newly created hidden service, the default version is now 3.
Tor still supports version 2 service but the operator now needs to
specifically set "HiddenServiceVersion 2" in order to create a new
service. For existing services, tor now learns the version by
reading the key file so the HiddenServiceVersion is not mandatory
in that case. Closes ticket 27215.
o Major features (bootstrap):
- Improve user experience by deferring directory progress reporting
until after a connection to a relay or bridge has succeeded. This
avoids reporting 80% progress based on cached directory
information when we can't even connect to a bridge or relay.
Closes ticket 27169.
 
o Major features (new code layout):
- Nearly all of Tor's source code has been moved around into more
......@@ -44,13 +21,28 @@ Changes in version 0.3.5.1-alpha-2018-09-??
refactored to be acyclic, the main body of Tor is still too
interconnected. We will attempt to improve this in the future.
 
o Major features (onion services):
o Major features (onion services v3):
- Implement client authorization at the descriptor level. A new
torrc option was added to control this client side:
ClientOnionAuthDir <path>. On the service side, if the
"authorized_clients/" directory exists in the onion service
directory path, client configuration are read from the files
within. See the manpage for more details. Closes ticket 27547.
Patch done by Suphanat Chunhapanya (haxxpop).
- Improve revision counter generation in next-gen onion services.
Onion services can now scale by hosting multiple instances on
different hosts without synchronization between them, which was
previously impossible because descriptors would get rejected by
HSDirs. Addresses ticket 25552.
 
o Major features (onion services):
- For a newly created onion service, the default version is now 3.
Tor still supports version 2 service but the operator now needs to
specifically set "HiddenServiceVersion 2" in order to create a new
service. For existing services, tor now learns the version by
reading the key file so the HiddenServiceVersion is not mandatory
in that case. Closes ticket 27215.
o Major features (portability, cryptography, experimental, TLS):
- Tor now has the option to compile with the NSS library instead of
OpenSSL. This feature is experimental, and we expect that bugs may
......@@ -58,6 +50,19 @@ Changes in version 0.3.5.1-alpha-2018-09-??
performance is not CPU-bound, and where NSS is already known to be
installed. To try it out, configure Tor with the --enable-nss
flag. Closes ticket 26631.
- Tor now has _partial_ support for using the NSS cryptography and
TLS library in place of OpenSSL. When Tor is configured with
--enable-nss, it will use NSS for several (but not yet all) of its
cryptography. (It still relies on OpenSSL for the rest.)
Eventually, if all goes as planned, "--enable-nss" will produce a
version of Tor that does not depend on OpenSSL. Implements
ticket 26816.
WARNING: This feature is experimental. Don't use it for real
security yet, until the code has had much more review, and more
bugs have been shaken out.
- When built with --enable-nss, Tor now uses the NSS library for
digests, AES, and pseudorandom numbers. Closes ticket 26815.
 
o Major features (relay):
- Relays no longer run as exits by default. If the "ExitRelay"
......@@ -77,15 +82,8 @@ Changes in version 0.3.5.1-alpha-2018-09-??
Fixes bug 27708; bugfix on 0.3.3.1-alpha.
 
o Minor features (admin tools):
- Add new tool that prints expiration date of signing cert in
ed25519_signing_cert. Resolves issue 19506.
o Minor features (bootstrap):
- Improve user experience by deferring directory progress reporting
until after a connection to a relay or bridge has succeeded. This
avoids reporting 80% progress based on cached directory
information when we can't even connect to a bridge or relay.
Closes ticket 27169.
- Add new tool that prints expiration date of th signing cert in an
ed25519_signing_cert file. Resolves issue 19506.
 
o Minor features (build):
- If you pass the "--enable-pic" option to configure, Tor will try
......@@ -112,6 +110,10 @@ Changes in version 0.3.5.1-alpha-2018-09-??
default). Addresses part of ticket 20424. Based on a patch from
Alex Xu.
 
o Minor features (config):
- The "auto" keyword in torrc is now case insensitive. Closes
ticket 26663.
o Minor features (continuous integration):
- Don't do a distcheck with --disable-module-dirauth in Travis.
Implements ticket 27252.
......@@ -157,8 +159,6 @@ Changes in version 0.3.5.1-alpha-2018-09-??
- When a bandwidth file is used to obtain the bandwidth measurements,
include this bandwidth file headers in the votes. Closes
ticket 3723.
o Minor features (directory):
- Improved support for networks with only a single authority or a
single fallback directory. Patch from Gabriel Somlo. Closes
ticket 25928.
......@@ -168,15 +168,13 @@ Changes in version 0.3.5.1-alpha-2018-09-??
a preconstructed owning controller FD, so that embedding
applications don't need to manage controller ports and
authentication. Closes ticket 24204.
- The tor_api now has a function that returns the name and version
of the backend implementing the API. Closes ticket 26947.
 
o Minor features (geoip):
- Update geoip and geoip6 to the September 6 2018 Maxmind GeoLite2
Country database. Closes ticket 27631.
 
o Minor features (in-process API):
- The tor_api now has a function that returns the name and version
of the backend implementing the API. Closes ticket 26947.
o Minor features (memory management):
- Get libevent code to use the same memory allocator that Tor code
is using by calling event_set_mem_functions() during
......@@ -187,12 +185,12 @@ Changes in version 0.3.5.1-alpha-2018-09-??
encoded format, rather than as expanded public keys. This should
save several megabytes on typical clients. Closes ticket 27246.
 
o Minor features (openssl):
- When possible, use RFC5869 HKDF implementation from OpenSSL.
Resolves ticket 19979.
o Minor features (OpenSSL):
- When possible, use RFC5869 HKDF implementation from OpenSSL rather
than own own. Resolves ticket 19979.
 
o Minor features (rust, code quality):
- Improve rust code quality in the Rust protover implementation by
- Improve rust code quality in the rust protover implementation by
making it more idiomatic. Includes changing an internal API to
take &str instead of &String. Closes ticket 26492.
 
......@@ -209,21 +207,6 @@ Changes in version 0.3.5.1-alpha-2018-09-??
to provide more visibility about where Tor is reading from. Patch
from Unto Sten; closes ticket 27186.
 
o Minor features(config):
- The "auto" keyword in torrc is now case insensitive. Closes
ticket 26663.
o Minor bugfixes (security):
- Refrain from potentially insecure usage of strncat() in
configure_backtrace_handler(). Use snprintf() instead. Fixes bug
26522; bugfix on a969ce464dc23db39725a891d60537f3d3e51b50 (not in
any tor release).
o Minor bugfixes (appveyor ci):
- Improve Appveyor CI IRC logging. Generate correct branches and
URLs for pull requests and tags. Use unambiguous short commits.
Fixes bug 26979; bugfix on master.
o Minor bugfixes (bootstrap):
- Try harder to get descriptors in non-exit test networks, by using
the mid weight for the third hop when there are no exits. Fixes
......@@ -268,6 +251,9 @@ Changes in version 0.3.5.1-alpha-2018-09-??
27044; bugfix on 0.2.9.10.
 
o Minor bugfixes (continuous integration):
- Improve Appveyor CI IRC logging. Generate correct branches and
URLs for pull requests and tags. Use unambiguous short commits.
Fixes bug 26979; bugfix on master.
- Stop reinstalling identical packages in our Windows CI. Fixes bug
27464; bugfix on 0.3.4.1-alpha.
 
......@@ -282,18 +268,6 @@ Changes in version 0.3.5.1-alpha-2018-09-??
- Avoid a double-close when shutting down a stalled directory
connection. Fixes bug 26896; bugfix on 0.3.4.1-alpha.
 
o Minor bugfixes (hidden service v2):
- Demote a log warning to info in case we do not have a consensus
when a .onion request comes in. This can happen while bootstrapping
for instance. The request will follow through after so we really
don't need to warn the user loudly. Fixes bug 27040; bugfix
on 0.2.8.2-alpha.
o Minor bugfixes (hidden service v3):
- In case the hidden service directory can't be created or has wrong
permissions, do not BUG() on it which lead to a non fatal
stacktrace. Fixes bug 27335; bugfix on 0.3.2.1.
o Minor bugfixes (HTTP tunnel):
- Fix a bug warning when closing an HTTP tunnel connection due to an
HTTP request we couldn't handle. Fixes bug 26470; bugfix
......@@ -323,6 +297,18 @@ Changes in version 0.3.5.1-alpha-2018-09-??
- Ensure circuitmux queues are empty before scheduling or sending
padding. Fixes bug 25505; bugfix on 0.3.1.1-alpha.
 
o Minor bugfixes (onion service v2):
- Demote a log warning to info in case we do not have a consensus
when a .onion request comes in. This can happen while bootstrapping
for instance. The request will follow through after so we really
don't need to warn the user loudly. Fixes bug 27040; bugfix
on 0.2.8.2-alpha.
o Minor bugfixes (onion service v3):
- In case the onion service directory can't be created or has wrong
permissions, do not BUG() on it which lead to a non fatal
stacktrace. Fixes bug 27335; bugfix on 0.3.2.1.
o Minor bugfixes (OS compatibility):
- On Linux and Windows properly handle configuration change that
moves a listener to/from wildcard IP address. In case first
......@@ -339,15 +325,13 @@ Changes in version 0.3.5.1-alpha-2018-09-??
is smaller than 24h in order to reduce the efficiency of guard
discovery attacks. Fixes bug 24104; bugfix on 0.1.1.6-alpha.
 
o Minor bugfixes (relay):
o Minor bugfixes (relays):
- In frac_nodes_with_descriptors(), add for_direct_connect, and
replace node_has_any_descriptor() with
node_has_preferred_descriptor(). Also, if we are using bridges and
there is at least one bridge with a full descriptor, set f_guard
in compute_frac_paths_available() to 1.0. Fixes bug 25886; bugfix
on 0.3.5.1-alpha. Patch by Neel Chauhan.
o Minor bugfixes (relays):
- Since 0.3.3.5-rc, authorities require DirCache (V2Dir) for the
Guard flag. Update the message logged on relays when DirCache is
disabled. Fixes bug 24312; bugfix on 0.3.3.5-rc.
......@@ -371,6 +355,8 @@ Changes in version 0.3.5.1-alpha-2018-09-??
- When logging a version mismatch in our openssl_version tests,
report the actual offending version strings. Fixes bug 26152;
bugfix on 0.2.9.1-alpha.
- Fix forking tests on Windows when there is a space somewhere in
the path. Fixes bug 26437; bugfix on 0.2.2.4-alpha.
 
o Minor bugfixes (torrc):
- Tor now validates that the ContactInfo config option is valid UTF-
......@@ -424,12 +410,6 @@ Changes in version 0.3.5.1-alpha-2018-09-??
- Tor no longer attempts to run on Windows environments without the
GetAdaptersAddresses() function. This function has existed since
Windows XP, which is itself already older than we support.
o Testing:
- Fix forking tests on Windows when there is a space somewhere in
the path. Fixes bug 26437; bugfix on 0.2.2.4-alpha.
o Removed features (hidden service, tor2web):
- Remove Tor2web functionalities. The Tor2webMode and
Tor2webRendezvousPoints options are now obsolete. Note that this
feature was never shipped in vanilla Tor and it was only possible
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment