release of Tor. If you want to see more detailed descriptions of the
changes in each development snapshot, see the ChangeLog file.
-Changes in version 0.4.9.1-alpha - 2024-12-03
- This is the first alpha of the 0.4.9.x series. This release mostly consists
- of bugfixes including some major ones. There are several minor features in
- this release but no large new subsystem. Most of the fixes in this release
- are already in 0.4.8.x stable series.
-
- o Major bugfixes (circuit building):
- - Conflux circuit building was ignoring the "predicted ports"
- feature, which aims to make Tor stop building circuits if there
- have been no user requests lately. This bug led to every idle Tor
- on the network building and discarding circuits every 30 seconds,
- which added overall load to the network, used bandwidth and
- battery from clients that weren't actively using their Tor, and
- kept sockets open on guards which added connection padding
- essentially forever. Fixes bug 40981; bugfix on 0.4.8.1-alpha;
-
- o Major bugfixes (conflux):
- - Fix an issue that prevented us from pre-building more conflux sets
- after existing sets had been used. Fixes bug 40862; bugfix
- on 0.4.8.1-alpha.
-
- o Major bugfixes (guard usage):
- - When Tor excluded a guard due to temporary circuit restrictions,
- it considered *additional* primary guards for potential usage by
- that circuit. This could result in more than the specified number
- of guards (currently 2) being used, long-term, by the tor client.
- This could happen when a Guard was also selected as an Exit node,
- but it was exacerbated by the Conflux guard restrictions. Both
- instances have been fixed. Fixes bug 40876; bugfix
- on 0.3.0.1-alpha.
-
- o Major bugfixes (onion service):
- - Fix a reliability issue where services were expiring their
- introduction points every consensus update. This caused
- connectivity issues for clients caching the old descriptor and
- intro points. Bug reported and fixed by gitlab user
- @hyunsoo.kim676. Fixes bug 40858; bugfix on 0.4.7.5-alpha.
-
- o Major bugfixes (onion service, TROVE-2023-006):
- - Fix a possible hard assert on a NULL pointer when recording a
- failed rendezvous circuit on the service side for the MetricsPort.
- Fixes bug 40883; bugfix on 0.4.8.1-alpha
-
- o Major bugfixes (sandbox):
- - Fix sandbox to work on architectures that use Linux's generic
- syscall interface, extending support for AArch64 (ARM64) and
- adding support for RISC-V, allowing test_include.sh and the
- sandbox unit tests to pass on these systems even when building
- with fragile hardening enabled. Fixes bugs 40465 and 40599; bugfix
- on 0.2.5.1-alpha.
-
- o Major bugfixes (TROVE-2023-004, relay):
- - Mitigate an issue when Tor compiled with OpenSSL can crash during
- handshake with a remote relay. Fixes bug 40874; bugfix
- on 0.2.7.2-alpha.
-
- o Major bugfixes (TROVE-2023-007, exit):
- - Improper error propagation from a safety check in conflux leg
- linking lead to a desynchronization of which legs were part of a
- conflux set, ultimately causing a UAF and NULL pointer dereference
- crash on Exit relays. Fixes bug 40897; bugfix on 0.4.8.1-alpha.
-
- o Minor feature (authority):
- - Reject 0.4.7.x series at the authority level. Closes ticket 40896.
-
- o Minor feature (bridges, pluggable transport):
- - Add STATUS TYPE=version handler for Pluggable Transport. This
- allows us to gather version statistics on Pluggable Transport
- usage from bridge servers on our metrics portal. Closes
- ticket 11101.
-
- o Minor feature (defense in depth):
- - Verify needle is smaller than haystack before calling memmem.
- Closes ticket 40854.
-
- o Minor feature (dirauth):
- - Add back faravahar with a new address and new keys. Closes 40689.
-
- o Minor feature (dirauth, tor26):
- - New IP address and keys.
-
- o Minor feature (directory authority):
- - Allow BandwidthFiles "node_id" KeyValue without the dollar sign at
- the start of the hexdigit, in order to easier database queries
- combining Tor documents in which the relays fingerprint does not
- include it. Fixes bug 40891; bugfix on 0.4.7 (all supported
- versions of Tor).
- - Introduce MinimalAcceptedServerVersion to allow modification of
- minimal accepted version for relays without requiring a new tor
- release. Closes ticket 40817.
-
- o Minor feature (exit policies):
- - Implement reevaluating new exit policy against existing
- connections. This is controlled by new config option
- ReevaluateExitPolicy, defaulting to 0. Closes ticket 40676.
-
- o Minor feature (exit relay, DoS resitance):
- - Implement a token-bucket based rate limiter for stream creation
- and resolve request. It is configured by the DoSStream* family of
- configuration options. Closes ticket 40736.
-
- o Minor feature (metrics port):
- - New metrics on the MetricsPort for the number of BUG() that
- occurred at runtime. Closes MR 760.
-
- o Minor feature (metrics port, relay):
- - Add new metrics for relays on the MetricsPort namely the count of
- drop cell, destroy cell and the number of circuit protocol
- violation seen that lead to a circuit close. Closes ticket 40816.
-
- o Minor feature (testing):
- - test-network now unconditionally includes IPv6 instead of trying
- to detect IPv6 support.
-
- o Minor feature (testing, CI):
- - Use a fixed version of chutney (be881a1e) instead of its current
- HEAD. This version should also be preferred when testing locally.
-
- o Minor features (debugging, compression):
- - Log the input and output buffer sizes when we detect a potential
- compression bomb. Diagnostic for ticket 40739.
-
- o Minor features (forward-compatibility):
- - We now correctly parse microdescriptors and router descriptors
- that do not include TAP onion keys. (For backward compatibility,
- authorities continue to require these keys.) Implements part of
- proposal 350.
-
- o Minor features (portability, android):
- - Use /data/local/tmp for data storage on Android by default. Closes
- ticket 40487. Patch from Hans-Christoph Steiner.
-
- o Minor features (SOCKS):
- - Detect invalid SOCKS5 username/password combinations according to
- new extended parameters syntax. (Currently, this rejects any
- SOCKS5 username beginning with "<torS0X>", except for the username
- "<torS0X>0". Such usernames are now reserved to communicate
- additional parameters with other Tor implementations.) Implements
- proposal 351.
-
- o Minor bugfix (circuit):
- - Remove a log_warn being triggered by a protocol violation that
- already emits a protocol warning log. Fixes bug 40932; bugfix
- on 0.4.8.1-alpha.
-
- o Minor bugfix (defensive programming):
- - Disable multiple BUG warnings of a missing relay identity key when
- starting an instance of Tor compiled without relay support. Fixes
- bug 40848; bugfix on 0.4.3.1-alpha.
-
- o Minor bugfix (MetricsPort, relay):
- - Handle rephist tracking of ntor and ntor_v3 handshakes
- individually such that MetricsPort exposes the correct values.
- Fixes bug 40638; bugfix on 0.4.7.11.
-
- o Minor bugfix (NetBSD, compilation):
- - Fix compilation issue on NetBSD by avoiding an unnecessary
- dependency on "huge" page mappings in Equi-X. Fixes bug 40843;
- bugfix on 0.4.8.1-alpha.
-
- o Minor bugfix (NetBSD, testing):
- - Fix test failures in "crypto/hashx" and "slow/crypto/equix" on
- x86_64 and aarch64 NetBSD hosts, by adding support for
- PROT_MPROTECT() flags. Fixes bug 40844; bugfix on 0.4.8.1-alpha.
-
- o Minor bugfix (process):
- - Avoid closing all possible FDs when spawning a process (PT). On
- some systems, this could lead to 3+ minutes hang. Fixes bug 40990;
- bugfix on 0.3.5.1-alpha.
-
- o Minor bugfix (relay, sandbox):
- - Disable a sandbox unit test that is failing on Debian Sid breaking
- our nightly packages. Fixes bug 40918; bugfix on 0.3.5.1-alpha.
-
- o Minor bugfixes (bridge authority):
- - When reporting a pseudo-networkstatus as a bridge authority, or
- answering "ns/purpose/*" controller requests, include accurate
- published-on dates from our list of router descriptors. Fixes bug
- 40855; bugfix on 0.4.8.1-alpha.
-
- o Minor bugfixes (bridge):
- - Don't warn when BridgeRelay is 1 and ExitRelay is explicitly set
- to 0. Fixes bug 40884; bugfix on 0.4.8.3-rc.
-
- o Minor bugfixes (bridges, statistics):
- - Correctly report statistics for client count over Pluggable
- transport. Fixes bug 40871; bugfix on 0.4.8.4
-
- o Minor bugfixes (compiler warnings):
- - Make sure the two bitfields in the half-closed edge struct are
- unsigned, as we're using them for boolean values and assign 1 to
- them. Fixes bug 40911; bugfix on 0.4.7.2-alpha.
-
- o Minor bugfixes (compression, zstd):
- - Use less frightening language and lower the log-level of our run-
- time ABI compatibility check message in our Zstd compression
- subsystem. Fixes bug 40815; bugfix on 0.4.3.1-alpha.
-
- o Minor bugfixes (conflux):
- - Avoid a potential hard assert (crash) when sending a cell on a
- Conflux set. Fixes bug 40921; bugfix on 0.4.8.1-alpha.
- - Demote a relay-side warn about too many legs to ProtocolWarn, as
- there are conditions that it can briefly happen during set
- construction. Also add additional set logging details for all
- error cases. Fixes bug 40841; bugfix on 0.4.8.1-alpha.
- - Make sure we don't process a closed circuit when packaging data.
- This lead to a non fatal BUG() spamming logs. Fixes bug 40908;
- bugfix on 0.4.8.1-alpha.
- - Prevent non-fatal assert stacktrace caused by using conflux sets
- during their teardown process. Fixes bug 40842; bugfix
- on 0.4.8.1-alpha.
-
- o Minor bugfixes (conflux, client):
- - Avoid a non fatal assert caused by data coming in on a conflux set
- that is being freed during shutdown. Fixes bug 40870; bugfix
- on 0.4.8.1-alpha.
-
- o Minor bugfixes (directory authorities):
- - Add a warning when publishing a vote or signatures to another
- directory authority fails. Fixes bug 40910; bugfix
- on 0.2.0.3-alpha.
-
- o Minor bugfixes (directory authority):
- - Look at the network parameter "maxunmeasuredbw" with the correct
- spelling. Fixes bug 40869; bugfix on 0.4.6.1-alpha.
-
- o Minor bugfixes (memleak, authority):
- - Fix a small memleak when computing a new consensus. This only
- affects directory authorities. Fixes bug 40966; bugfix
- on 0.3.5.1-alpha.
-
- o Minor bugfixes (memory):
- - Fix a pointer free that wasn't set to NULL afterwards which could
- be reused by calling back in the free all function. Fixes bug
- 40989; bugfix on 0.4.8.13.
- - Fix memory leaks of the CPU worker code during shutdown. Fixes bug
- 833; bugfix on 0.3.5.1-alpha.
-
- o Minor bugfixes (sandbox, bwauth):
- - Fix sandbox to work for bandwidth authority. Fixes bug 40933;
- bugfix on 0.2.2.1-alpha
-
- o Minor bugfixes (testing):
- - Enabling TestingTorNetwork no longer forces fast hidden service
- intro point rotation. This reduces noise and errors when using
- hidden services with TestingTorNetwork enabled. Fixes bug 40922;
- bugfix on 0.3.2.1-alpha.
-
- o Minor bugfixes (tor-resolve):
- - Create socket with correct family as given by sockshost, fixes
- IPv6. Fixes bug 40982; bugfix on 0.4.9.0-alpha.
-
- o Minor bugfixes (vanguards addon support):
- - Count the conflux linked cell as valid when it is successfully
- processed. This will quiet a spurious warn in the vanguards addon.
- Fixes bug 40878; bugfix on 0.4.8.1-alpha.
-
- o Removed features:
- - Directory authorities no longer support consensus methods before
- method 32. Closes ticket 40835.
-
- o Removed features (directory authority):
- - We include a new consensus method that removes support for
- computing "package" lines in consensus documents. This feature was
- never used, and support for including it in our votes was removed
- in 0.4.2.1-alpha. Finishes implementation of proposal 301.
-
- o Removed features (obsolete):
- - Relays no longer support the obsolete TAP circuit extension
- protocol. (For backward compatibility, however, relays still
- continue to include TAP keys in their descriptors.) Implements
- part of proposal 350.
- - Removed some vestigial code for selecting the TAP circuit
- extension protocol.
-
-
Changes in version 0.4.8.12 - 2024-06-06
This is a minor release with couple bugfixes affecting conflux and logging.
We also have the return of faravahar directory authority with new keys and
projects / thirdparty / tor.git / commitdiff
