Commit f281c363 authored by Nick Mathewson's avatar Nick Mathewson 👜
Browse files

hand-edits to 0.4.2.1-alpha changelog

parent 80426082
Changes in version 0.4.2.1-alpha - 2019-09-??
This is the first alpha release in the 0.4.2.x series. BLURB
BLURB BLURB.
This is the first alpha release in the 0.4.2.x series. It adds new
defenses for denial-of-service attacks against onion services. It also
includes numerous kinds of bugfixes and refactoring to help improve
Tor's stability and ease of development.
 
o Major features (onion service v3, denial of service):
- Add onion service introduction denial of service defenses. They
consist of rate limiting client introduction at the intro point
using parameters that can be sent by the service within the
- Add onion service introduction denial of service defenses. Intro
points can now rate-limit client introduction requests, using
parameters that can be sent by the service within the
ESTABLISH_INTRO cell. If the cell extension for this is not used,
the intro point will honor the consensus parameters. Closes
ticket 30924.
 
o Major bugfixes (circuit build, guard):
- When considering upgrading circuits from "waiting for guard" to
"open", always ignore the ones that are mark for close. Else, we
can end up in the situation where a subsystem is notified of that
circuit opening but still marked for close leading to undesirable
behavior. Fixes bug 30871; bugfix on 0.3.0.1-alpha.
"open", always ignore circuits that are marked for close.
Previously we could end up in the situation where a subsystem is
notified of a circuit opening, but the circuit is still marked for
close, leading to undesirable behavior. Fixes bug 30871; bugfix
on 0.3.0.1-alpha.
 
o Major bugfixes (crash, android):
o Major bugfixes (crash, Linux, Android):
- Tolerate systems (including some Android installations) where
madvise and MADV_DONTDUMP are available at build-time, but not at
run time. Previously, these systems would notice a failed syscall
and abort. Fixes bug 31570; bugfix on 0.4.1.1-alpha.
o Major bugfixes (crash, Linux):
- Tolerate systems (including some Linux installations) where
madvise and/or MADV_DONTFORK are available at build-time, but not
at run time. Previously, these systems would notice a failed
syscall and abort. Fixes bug 31696; bugfix on 0.4.1.1-alpha.
 
o Minor feature (onion service v3):
- Do not allow single hop client to fetch or post an HS descriptor
from an HSDir. Closes ticket 24964.
o Minor feature (onion service):
- Disallow single hop clients to introduce directly at the
introduction point. We've removed Tor2web a while back and
rendezvous are blocked at the relays. This is to remove load off
the network from spammy clients. Close ticket 24963.
o Minor feature (token bucket):
- Implement a generic token bucket that uses a single counter. This
will be useful for the anti-DoS onion service work. Closes
ticket 30687.
o Minor features (best practices tracker):
- Our best-practices tracker now integrates with our include-checker
tool to keep track of the layering violations that we have not yet
fixed. We hope to reduce this number over time to improve Tor's
modularity. Closes ticket 31176.
tool to keep track of how many layering violations that we have
not yet fixed. We hope to reduce this number over time to improve
Tor's modularity. Closes ticket 31176.
- Add a TOR_PRACTRACKER_OPTIONS variable for passing arguments to
practracker from the environment. We may want this for continuous
integration. Closes ticket 31309.
......@@ -56,7 +42,9 @@ Changes in version 0.4.2.1-alpha - 2019-09-??
is violated by a small amount; add a --list-overbroad option to
practracker that lists exceptions that are stricter than they need
to be, and provide an environment variable for disabling
practracker. Closes ticekt 30752.
practracker. Closes ticket 30752.
- Our best-practices tracker now looks at headers as well as C
files. Closes ticket 31175.
 
o Minor features (build system):
- Add --disable-manpage and --disable-html-manual options to
......@@ -76,8 +64,8 @@ Changes in version 0.4.2.1-alpha - 2019-09-??
 
o Minor features (continuous integration):
- When running CI builds on Travis, put some random data in
~/.torrc, to make sure no tests are dependent on default Tor
configuration. Resolves issue 30102.
~/.torrc, to make sure no tests are reading the Tor configuration
file from its default location. Resolves issue 30102.
 
o Minor features (debugging):
- Log a nonfatal assertion failure if we encounter a configuration
......@@ -85,10 +73,6 @@ Changes in version 0.4.2.1-alpha - 2019-09-??
should be impossible, according to the rules of our configuration
line parsing. Closes ticket 31529.
 
o Minor features (development tools):
- Our best-practices tracker now looks at headers as well as C
files. Closes ticket 31175.
o Minor features (git hooks):
- Our pre-commit git hook now checks for a special file before
running practracker, so that practracker only runs on branches
......@@ -124,9 +108,19 @@ Changes in version 0.4.2.1-alpha - 2019-09-??
ticket 31314.
 
o Minor features (IPv6, logging):
- Log IPv6 addresses as well as IPv4 addresses, when describing
- Log IPv6 addresses as well as IPv4 addresses when describing
routerinfos, routerstatuses, and nodes. Closes ticket 21003.
 
o Minor features (onion service v3):
- Do not allow single hop client to fetch or post an HS descriptor
from an HSDir. Closes ticket 24964.
o Minor features (onion service):
- Disallow single-hop clients at the introduction point. We've
removed Tor2web support a while back and single-hop rendezvous
ttempts are blocked at the relays. This change should remove load
off the network from spammy clients. Close ticket 24963.
o Minor features (stem tests):
- Change "make test-stem" so it only runs the stem tests that use
tor. This change makes test-stem faster and more reliable. Closes
......@@ -142,8 +136,12 @@ Changes in version 0.4.2.1-alpha - 2019-09-??
management API. Closes ticket 30893.
- Add integration tests to make sure that practracker gives the
outputs we expect. Closes ticket 31477.
- The practracker tests are now run as part of the Tor test suite.
Closes ticket 31304.
- The practracker self-tests are now run as part of the Tor test
suite. Closes ticket 31304.
o Minor features (token bucket):
- Implement a generic token bucket that uses a single counter, for
use in anti-DoS onion service work. Closes ticket 30687.
 
o Minor bugfixes (best practices tracker):
- Fix a few issues in the best-practices script, including tests,
......@@ -157,26 +155,26 @@ Changes in version 0.4.2.1-alpha - 2019-09-??
 
o Minor bugfixes (build system):
- Do not include the deprecated <sys/sysctl.h> on Linux or Windows
system. Fixes bug 31673; bugfix on 0.2.5.4-alpha.
systems. Fixes bug 31673; bugfix on 0.2.5.4-alpha.
 
o Minor bugfixes (chutney, makefiles, documentation):
- "make test-network-all" shows the warnings from each test-
- "make test-network-all" now shows the warnings from each test-
network.sh run on the console, so developers see new warnings
early. Improve the documentation for this feature, and rename a
Makefile variable so the code is self-documenting. Fixes bug
30455; bugfix on 0.3.0.4-rc.
early. We've also improved the documentation for this feature, and
renamed a Makefile variable so the code is self-documenting. Fixes
bug 30455; bugfix on 0.3.0.4-rc.
 
o Minor bugfixes (compilation):
- Add more stub functions to fix compilation on Android with LTO,
when --disable-module-dirauth is used. Previously, these
compilation settings would make the compiler look for functions
that didn't exist. Fixes bug 31552; bugfix on 0.4.1.1-alpha.
- Add more stub functions to fix compilation on Android with link-
time optimization when --disable-module-dirauth is used.
Previously, these compilation settings would make the compiler
look for functions that didn't exist. Fixes bug 31552; bugfix
on 0.4.1.1-alpha.
 
o Minor bugfixes (configuration):
- Invalid floating-point values in the configuration file are now
detected treated as errors in the configuration. Previously, they
were ignored and treated as zero. Fixes bug 31475; bugfix
on 0.0.1.
treated as errors in the configuration. Previously, they were
ignored and treated as zero. Fixes bug 31475; bugfix on 0.0.1.
 
o Minor bugfixes (coverity):
- Add an assertion when parsing a BEGIN cell so that coverity can be
......@@ -190,8 +188,9 @@ Changes in version 0.4.2.1-alpha - 2019-09-??
31030; bugfix on 0.2.4.1-alpha, 0.3.2.1-alpha, and 0.4.0.1-alpha.
 
o Minor bugfixes (developer tooling):
- Only log git script changes in post-merge script when merge was to
the master branch. Fixes bug 31040; bugfix on 0.4.1.1-alpha.
- Only log git script changes in the post-merge script when the
merge was to the master branch. Fixes bug 31040; bugfix
on 0.4.1.1-alpha.
 
o Minor bugfixes (directory authorities):
- Return a distinct status when formatting annotations fails. Fixes
......@@ -199,8 +198,8 @@ Changes in version 0.4.2.1-alpha - 2019-09-??
 
o Minor bugfixes (error handling):
- On abort, try harder to flush the output buffers of log messages.
On some platforms (macOS), log messages can be discarded when the
process terminates. Fixes bug 31571; bugfix on 0.3.5.1-alpha.
On some platforms (macOS), log messages could be discarded when
the process terminates. Fixes bug 31571; bugfix on 0.3.5.1-alpha.
- Report the tor version whenever an assertion fails. Previously, we
only reported the Tor version on some crashes, and some non-fatal
assertions. Fixes bug 31571; bugfix on 0.3.5.1-alpha.
......@@ -252,30 +251,29 @@ Changes in version 0.4.2.1-alpha - 2019-09-??
by Xiaoyin Liu.
 
o Minor bugfixes (networking, IP addresses):
- When parsing addreses via Tor's internal DNS lookup API, reject
- When parsing addresses via Tor's internal DNS lookup API, reject
IPv4 addresses in square brackets, and accept IPv6 addresses in
square brackets. This change completes the work started in 23082,
making address parsing consistent between tor's internal DNS
lookup and address parsing APIs. Fixes bug 30721; bugfix
on 0.2.1.5-alpha.
- When parsing addreses via Tor's internal address:port parsing and
- When parsing addresses via Tor's internal address:port parsing and
DNS lookup APIs, require IPv6 addresses with ports to have square
brackets. But allow IPv6 addresses without ports, whether or not
they have square brackets. Fixes bug 30721; bugfix
on 0.2.1.5-alpha.
 
o Minor bugfixes (onion service v3):
- When purging the client descriptor cache, always also close any
introduction point circuits associated with it. This avoids
picking those when connecting to them later while not having the
descriptor to complete the introduction. Fixes bug 30921; bugfix
on 0.3.2.1-alpha.
- When purging the client descriptor cache, close any introduction
point circuits associated with purged cache entries. This avoids
picking those circuits later when connecting to them later. Fixes
bug 30921; bugfix on 0.3.2.1-alpha.
 
o Minor bugfixes (onion services):
- In the hs_ident_circuit_t data structure, remove the unused field
circuit_type and the respective argument in hs_ident_circuit_new().
This field is set by clients (for introduction) and services (for
introduction and rendezvous) but is never used afterwards. Fixes
This field was set by clients (for introduction) and services (for
introduction and rendezvous) but was never used afterwards. Fixes
bug 31490; bugfix on 0.3.2.1-alpha. Patch by Neel Chauhan.
 
o Minor bugfixes (operator tools):
......@@ -303,8 +301,9 @@ Changes in version 0.4.2.1-alpha - 2019-09-??
o Minor bugfixes (subsystems):
- Make the subsystem init order match the subsystem module
dependencies. Call windows process security APIs as early as
possible. Init log before network and time, so that network and
time can use logging. Fixes bug 31615; bugfix on 0.4.0.1-alpha.
possible. Initialize logging before network and time, so that
network and time can use logging. Fixes bug 31615; bugfix
on 0.4.0.1-alpha.
 
o Minor bugfixes (testing):
- Teach the util/socketpair_ersatz test to work correctly when we
......@@ -314,9 +313,9 @@ Changes in version 0.4.2.1-alpha - 2019-09-??
o Minor bugfixes (v2 single onion services):
- Always retry v2 single onion service intro and rend circuits with
a 3-hop path. Previously, v2 single onion services used a 3-hop
path when rend circuits were retried after a remote or delayed
failure, but a 1-hop path for immediate retries. Fixes bug 23818;
bugfix on 0.2.9.3-alpha.
path when rendezvous circuits were retried after a remote or
delayed failure, but a 1-hop path for immediate retries. Fixes bug
23818; bugfix on 0.2.9.3-alpha.
 
o Minor bugfixes (v3 single onion services):
- Always retry v3 single onion service intro and rend circuits with
......@@ -324,19 +323,40 @@ Changes in version 0.4.2.1-alpha - 2019-09-??
path when rend circuits were retried after a remote or delayed
failure, but a 1-hop path for immediate retries. Fixes bug 23818;
bugfix on 0.3.2.1-alpha.
- Make v3 single onion services fall back to a 3-hop intro, when
there all intro points are unreachable via a 1-hop path.
Previously, v3 single onion services failed when all intro nodes
were unreachable via a 1-hop path. Fixes bug 23507; bugfix
on 0.3.2.1-alpha.
- Make v3 single onion services fall back to a 3-hop intro, when all
intro points are unreachable via a 1-hop path. Previously, v3
single onion services failed when all intro nodes were unreachable
via a 1-hop path. Fixes bug 23507; bugfix on 0.3.2.1-alpha.
 
o Code simplification and refactoring:
- Eliminate some uses of lower-level control reply abstractions,
primarily in the onion_helper functions. Closes ticket 30889.
- Extract our variable manipulation code from confparse.c to a new
lower-level typedvar.h module. Closes ticket 30864.
o Documentation:
- Improve documentation in circuit padding subsystem. Patch by
Tobias Pulls. Closes ticket 31113.
- Include an example usage for IPv6 ORPort in our sample torrc.
Closes ticket 31320; patch from Ali Raheem.
- Use RFC 2397 data URL scheme to embed an image into tor-exit-
notice.html so that operators no longer have to host it
themselves. Closes ticket 31089.
o Removed features:
- No longer include recommended package digests in votes as detailed
in proposal 301. The RecommendedPackages torrc option is
deprecated and will no longer have any effect. "package" lines
will still be considered when computing consensuses for consensus
methods that include them. (This change has no effect on the list
of recommended Tor versions, which is still in use.) Closes
ticket 29738.
- Remove torctl.in from contrib/dist directory. Resolves
ticket 30550.
o Testing:
- Run shellcheck for all non-third-party shell scripts that are
shipped with Tor. Closes ticket 29533.
- When checking shell scripts, ignore any user-created directories.
Closes ticket 30967.
o Code simplification and refactoring (config handling):
- Extract our variable manipulation code from confparse.c to a new
lower-level typedvar.h module. Closes ticket 30864.
- Lower another layer of object management from confparse.c to a
more general tool. Now typed structure members are accessible via
an abstract type. Implements ticket 30914.
......@@ -350,6 +370,10 @@ Changes in version 0.4.2.1-alpha - 2019-09-??
- Replace our ad-hoc set of flags for configuration variables and
configuration variable types with fine-grained orthogonal flags
corresponding to the actual behavior we want. Closes ticket 31625.
o Code simplification and refactoring (misc):
- Eliminate some uses of lower-level control reply abstractions,
primarily in the onion_helper functions. Closes ticket 30889.
- Rework bootstrap tracking to use the new publish-subscribe
subsystem. Closes ticket 29976.
- Rewrite format_node_description() and router_get_verbose_nickname()
......@@ -368,35 +392,13 @@ Changes in version 0.4.2.1-alpha - 2019-09-??
padding machines. Patch by Tobias Pulls. Closes tickets 31112
and 31098.
 
o Documentation:
- Include an example usage for IPv6 ORPort in our sample torrc.
Closes ticket 31320; patch from Ali Raheem.
- Use RFC 2397 data URL scheme to embed image into tor-exit-
notice.html so that operators would no longer have to host it
themselves. Closes ticket 31089.
o Removed features:
- No longer include recommended packages in votes as detailed in
proposal 301. The RecommendedPackages torrc option is deprecated
and will no longer have any effect. "package" lines will still be
considered when computing consensuses for consensus methods that
include them. Closes ticket 29738.
- Remove torctl.in from contrib/dist directory. Resolves
ticket 30550.
o Testing:
- Run shellcheck for all non-third-party shell scripts that are
shipped with Tor. Closes ticket 29533.
- When checking shell scripts, ignore any user-created directories.
Closes ticket 30967.
o Documentation (hard-coded directories):
- Improve the documentation for the DirAuthority and FallbackDir
torrc options. Closes ticket 30955.
 
o Documentation (tor.1 man page):
- Fix typo -help to --help in tor.1 man page. Fixes bug 31008;
bugfix on 0.2.2.9-alpha.
- Fix typo in tor.1 man page: the option is "--help", not "-help".
Fixes bug 31008; bugfix on 0.2.2.9-alpha.
 
 
Changes in version 0.4.1.5 - 2019-08-20
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment