From 12b1d64b0378450fb8c69dfe81fde2d1cd1b36b1 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Thu, 24 Apr 2014 15:18:45 -0400 Subject: [PATCH] Revise changelog verbiage; try to tighten it up. --- ChangeLog | 237 ++++++++++++++++++++++++++---------------------------- 1 file changed, 112 insertions(+), 125 deletions(-) diff --git a/ChangeLog b/ChangeLog index cc5f676901..01fd1b717d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,94 +2,86 @@ Changes in version 0.2.5.4-alpha - 2014-04-?? This release includes several security and performance improvements for clients and relays, including XXX - This release marks end-of-line for Tor 0.2.2.x; those Tor versions have - accumulated many known flaws; everyone should upgrade. + This release marks end-of-line for Tor 0.2.2.x; those Tor versions + have accumulated many known flaws; everyone should upgrade. o Major features (security): - - Block authority signing keys that were used on an authorities - vulnerable to the "heartbleed" bug in openssl (CVE-2014-0160). (We + - Block authority signing keys that were used on authorities + vulnerable to the "heartbleed" bug in OpenSSL (CVE-2014-0160). (We don't have any evidence that these keys _were_ compromised; we're doing this to be prudent.) Resolves ticket 11464. o Major features (relay performance): - - Faster server-side lookups of rendezvous and introduction point - circuits by using hashtables instead of linear searches over all - the circuits. These functions previously accounted between 3 and - 7% of CPU usage on some busy relays. - - Avoid wasting cycles looking for usable circuit IDs. Previously, - when allocating a new circuit ID, we would in the worst case do a - linear scan over the entire possible range of circuit IDs before - deciding that we had exhausted our possibilities. Now, we try 64 - circuit IDs at random before deciding that we probably won't - succeed. Fix for a possible root cause of ticket #11553. + - Speed up server-side lookups of rendezvous and introduction point + circuits by using hashtables instead of linear searches. These + functions previously accounted between 3 and 7% of CPU usage on + some busy relays. Resolves ticket 9841. + - Avoid wasting CPU when extending a circuit over a channel that is + nearly out of circuit IDs. Previously, we would in the worst case + do a linear scan over all possible circuit IDs before deciding + that we had exhausted our possibilities. Now, we try at most 64 + random circuit IDs before deciding that we probably won't succeed. + Fix for a possible root cause of ticket #11553. - o Major features (seccomp2 sandbox): - - Refinements and improvements to the Linux seccomp2 sandbox code: - the sandbox can now run a test network for multiple hours without - crashing. (Previous crash reasons included: reseeding the OpenSSL - PRNG, seeding the Libevent PRNG, using the wrong combination of - CLOEXEC and NONBLOCK at the same place and time, having onion - keys, being an authority, receiving a HUP, or using IPv6.) The - sandbox is still experimental, and more bugs will probably turn - up. To try it, enable "Sandbox 1" on a Linux host. - - Strengthen the Linux seccomp2 sandbox code: the sandbox can now - test the arguments for rename(), and blocks _sysctl() entirely. - - When the Linux syscall sandbox finds an illegal system call, it - now tries to log a stack trace before exiting. Resolves ticket - 11465. + o Major features (seccomp2 sandbox, Linux only): + - The seccomp2 sandbox can now run a test network for multiple hours + without crashing. The sandbox is still experimental, and more bugs + will probably turn up. To try it, enable "Sandbox 1" on a Linux + host. + - Strengthen sandbox code: the sandbox can now test the arguments + for rename(), and blocks _sysctl() entirely. + - When the sandbox blocks a system call, it now tries to log a stack + trace before exiting. Resolves ticket 11465. o Major bugfixes (TLS cipher selection): - - Generate the relay's preference list for ciphersuites - automatically based on uniform criteria, and considering all - OpenSSL ciphersuites with acceptable strength and forward secrecy. - (The sort order is: prefer AES to 3DES; break ties by preferring - ECDHE to DHE; break ties by preferring GCM to CBC; break ties by - preferring SHA384 to SHA256 to SHA1; and finally, break ties by - preferring AES256 to AES128.) This resolves bugs #11513, #11492, - #11498, #11499. Bugs reported by 'cypherpunks'. Bugfix on + - The relay ciphersuite list is now generated automatically based on + uniform criteria, and includes all OpenSSL ciphersuites with + acceptable strength and forward secrecy. Previously, we had + omitted some perfectly fine ciphersuites. Resolves bugs #11513, + #11492, #11498, #11499. Bugs reported by 'cypherpunks'. Bugfix on 0.2.4.8-alpha. - Relays now trust themselves to have a better view than clients of - which TLS ciphersuites to choose. (Thanks to #11513, the relay - list is now well-considered, whereas the client list has been - chosen mainly for anti-fingerprinting purposes.) Resolves ticket - 11528. - - Update the list of TLS ciphersuites that a client advertises to - match those advertised by Firefox 28. This enables selection of - (fast) GCM ciphersuites, disables some strange old ciphers, and - disables the ECDH (not to be confused with ECDHE) ciphersuites. - Resolves ticket 11438. + which TLS ciphersuites are better than others. (Thanks to #11513, + the relay list is now well-considered, whereas the client list has + been chosen mainly for anti-fingerprinting purposes.) Relays + prefer: AES over 3DES; then ECDHE over DHE; then GCM over CBC; + then SHA384 over SHA256 over SHA1; and last, AES256 over AES128. + Resolves ticket 11528. + - Clients now try to advertise the same list of ciphersuites as + Firefox 28. This change enables selection of (fast) GCM + ciphersuites, disables some strange old ciphers, and disables the + ECDH (not to be confused with ECDHE) ciphersuites. Resolves ticket + 11438. o Major bugfixes (undefined behavior): - - Fix two instances of possible undefined behavior in channeltls.c - that could, under unlucky circumstances, have led to a pointer - overflow. Fixes bug #10363; bugfixes on 0.2.0.10-alpha and - 0.2.3.6-alpha. Reported by "bobnomnom". - - Fix another possibly undefined pointer operations in tor_memmem - fallback implementation. Another case of bug #10363; bugfix on - 0.1.1.1-alpha. - - Fix another possibly undefined pointer operations in the eventdns - fallback implementation. Another case of bug #10363; bugfix on - 0.1.2.1-alpha. - - Use AddressSanitizer and Ubsan sanitizers (in clang-3.4) to fix - some miscellaneous errors in our tests and codebase. Fix for bug - 11232. Bugfixes on versions back as far as 0.2.1.11-alpha. + - Fix various instances of undefined behavior in channeltls.c, + tor_memmem(), and eventdns.c, that would cause us to construct + pointers to memory outside an allocated object. (These invalid + pointers were not accessed, but C does not even allow them to + exist.) Fixes bug #10363; bugfixes on 0.2.0.10-alpha, + 0.2.3.6-alpha, 0.1.1.1-alpha, and 0.1.2.1-alpha. Reported by + "bobnomnom". + - Use the AddressSanitizer and Ubsan sanitizers (in clang-3.4) to + fix some miscellaneous errors in our tests and codebase. Fix for + bug 11232. Bugfixes on versions back as far as 0.2.1.11-alpha. o Minor features (Transparent proxy, *BSD): - - Support the ipfw firewall interface for transparent proxy support - on FreeBSD. To enable it, set "TransProxyType ipfw" in your torrc. - Resolves ticket 10267; patch from "yurivict". - - Support OpenBSD's divert-to rules with the pf firewall, when - "TransProxyType pf-divert" is specified. This allows Tor to run a - TransPort transparent proxy port on OpenBSD 4.4 or later without - root privileges. See the pf.conf(5) manual page for information on - configuring pf to use divert-to rules. Closes ticket 10896; patch - from Dana Koch. + - Support FreeBSD's ipfw firewall interface for TransPort ports. on + FreeBSD. To enable it, set "TransProxyType ipfw". Resolves ticket + 10267; patch from "yurivict". + - Support OpenBSD's divert-to rules with the pf firewall for + transparent proxy ports. To enable it, set "TransProxyType pf- + divert". This allows Tor to run a TransPort transparent proxy port + on OpenBSD 4.4 or later without root privileges. See the + pf.conf(5) manual page for information on configuring pf to use + divert-to rules. Closes ticket 10896; patch from Dana Koch. o Minor features (security): - - New --enable-expensive-hardening option to turn on security + - New --enable-expensive-hardening option to enable security hardening options that consume nontrivial amounts of CPU and - memory. Right now, this includes AddressSanitizer and UbSan. - Closes ticket 11477. + memory. Right now, this includes AddressSanitizer and UbSan, which + are supported in newer versions of GCC and Clang. Closes ticket + 11477. - If you don't specify MaxMemInQueues yourself, Tor now tries to pick a good value based on your total system memory. Previously, the default was always 8 GB. You can still override the default by @@ -105,16 +97,14 @@ Changes in version 0.2.5.4-alpha - 2014-04-?? at every 5% of progress. Fixes bug 9963. o Minor features (relay): - - If a circuit timed out for at least 3 minutes check if we have a - new external IP address the next time we run our routine checks. - If our IP address has changed, then publish a new descriptor with - the new IP address. Resolves ticket 2454. + - If a circuit timed out for at least 3 minutes, check if we have a + new external IP address, and publish a new descriptor with the new + IP address if it changed. Resolves ticket 2454. - Warn less verbosely when receiving a malformed ESTABLISH_RENDEZVOUS cell. Fixes ticket 11279. - When we run out of usable circuit IDs on a channel, log only one - warning for the whole channel, and include a description of how - many circuits there were on the channel. Fix for part of ticket - #11553. + warning for the whole channel, and describe how many circuits + there were on the channel. Fix for part of ticket #11553. o Minor features (controller): - Make the entire exit policy available from the control port via @@ -131,36 +121,34 @@ Changes in version 0.2.5.4-alpha - 2014-04-?? going unnoticed. Closes ticket 8787. o Minor features (bridge client): - - Report a failure to connect to a bridge because its transport type - has no configured pluggable transport as a new type of bootstrap - failure. Resolves ticket 9665. Patch from Fábio J. Bertinatto. + - Report a more useful failure message when we can't connect to a + bridge because we don't have the right pluggable transport + configured. Resolves ticket 9665. Patch from Fábio J. Bertinatto. o Minor features (diagnostic): - - Try harder to diagnose a possible cause of bug 7164, which causes + - Add more log messages to diagnose bug 7164, which causes intermittent "microdesc_free() called but md was still referenced" - warnings. We now log more information about the likely error case, - to try to figure out why we might be cleaning a microdescriptor as - old if it's still referenced by a live node_t object. + warnings. We now include more information, to figure out why we + might be cleaning a microdescriptor for being too old if it's + still referenced by a live node_t object. o Minor bugfixes (logging): - - Log only one message when we start logging in an unsafe way. - Previously, we would log as many messages as we had problems. Fix - for #9870; bugfix on 0.2.5.1-alpha. + - Warn only once we start logging in an unsafe way. Previously, we + complain as many times we had problems. Fix for #9870; bugfix on + 0.2.5.1-alpha. - Using the Linux seccomp2 sandbox no longer prevents stack-trace logging on crashes or errors. Fixes part 11465; bugfix on 0.2.5.1-alpha. - Only report the first fatal bootstrap error on a given OR - connection. This prevents controllers from declaring that a - connection has failed because of "DONE" or other junk reasons. - Fixes bug 10431; bugfix on 0.2.1.1-alpha. - - Improve the warning message when trying to enable the Linux - sandbox code on a Tor built without libseccomp. Instead of saying - "Sandbox is not implemented on this platform", we now explain that - we to need be built with libseccomp. Fixes bug 11543; bugfix on - 0.2.5.1-alpha. - - Avoid generating spurious warnings and failure messages when - starting with DisableNetwork enabled. Fixes bug 11200 and bug - 10405; bugfix on 0.2.3.9-alpha. + connection. This stops us from telling the controller bogus error + messages like "DONE". Fixes bug 10431; bugfix on 0.2.1.1-alpha. + - Be more helpful when trying to run sandboxed on Linux without + libseccomp. Instead of saying "Sandbox is not implemented on this + platform", we now explain that we to need be built with + libseccomp. Fixes bug 11543; bugfix on 0.2.5.1-alpha. + - Avoid generating spurious warnings when starting with + DisableNetwork enabled. Fixes bug 11200 and bug 10405; bugfix on + 0.2.3.9-alpha. o Minor bugfixes (closing channels): - If write_to_buf() in connection_write_to_buf_impl_() ever fails, @@ -169,12 +157,12 @@ Changes in version 0.2.5.4-alpha - 2014-04-?? connection_mark_for_close() directly. Fixes bug #11304; bugfix on 0.2.4.4-alpha. - When closing all connections on setting DisableNetwork to 1, use - connection_or_close_normally() rather than closing OR connections out - from under the channel layer. Fixes bug #11306; bugfix on + connection_or_close_normally() rather than closing OR connections + out from under the channel layer. Fixes bug #11306; bugfix on 0.2.4.4-alpha. o Minor bugfixes (controller): - - Avoid sending an garbage value to the controller when a circuit is + - Avoid sending a garbage value to the controller when a circuit is cannibalized. Fixes bug 11519; bugfix on 0.2.3.11-alpha. o Minor bugfixes (tor-fw-helper): @@ -187,24 +175,24 @@ Changes in version 0.2.5.4-alpha - 2014-04-?? Fixes bug 9650; bugfix on 0.2.3.16-alpha. o Minor bugfixes (misc): - - Don't re-initialize a second set of openssl mutexes when starting - up. Fixes bug 11726; bugfix on 0.2.5.3-alpha. - - o Minor bugfixes (memory leaks): - - Fix a minor memory leak that occurred when signing a directory - object. Fixes bug 11275; bugfix on 0.2.4.13-alpha. + - Don't re-initialize a second set of OpenSSL mutexes when starting + up. Previously, we'd make one set of mutexes, and then immediately + replace them with another. Fixes bug 11726; bugfix on + 0.2.5.3-alpha. o Minor bugfixes (platform-specific): - Fix compilation on Solaris, which does not have . Fixes bug 11426; bugfix on 0.2.5.3-alpha. - When dumping a malformed directory object to disk, save it in - binary mode on windows, not text mode. Fixes bug 11342; bugfix on + binary mode on Windows, not text mode. Fixes bug 11342; bugfix on 0.2.2.1-alpha. - - When reporting a failure from make_socket_reuseable(), don't - report a warning when we get a failure from an incoming socket on - OSX. Fix for bug 10081. + - Don't report failures from make_socket_reuseable() on incoming + sockets on OSX: this can happen when incoming connections close + early. Fix for bug 10081. o Minor bugfixes (trivial memory leaks): + - Fix a small memory leak when signing a directory object. Fixes bug + 11275; bugfix on 0.2.4.13-alpha. - Free placeholder entries in our circuit table at exit; fixes a harmless memory leak. Fixes bug 11278; bugfix on 0.2.5.1-alpha. - Resolve some memory leaks found by coverity in the unit tests, on @@ -217,23 +205,22 @@ Changes in version 0.2.5.4-alpha - 2014-04-?? times, not 30. Fixes bug #4241; bugfix on 0.1.0.1-rc. o Minor bugfixes (bridge client): - - Stop accepting bridge lines containing hostnames. Doing so allowed - clients to perform DNS requests on the hostnames, which was not - sensible behavior. Fixes bug 10801; bugfix on 0.2.0.1-alpha. - - Fix a bug where a client-side Tor with pluggable transports would - take 60 seconds to bootstrap if a config re-read was triggered at - just the right timing during bootstrap. Re-fixes bug 11156; bugfix - on 0.2.5.3-alpha. + - Stop accepting bridge lines containing hostnames. Doing so would + cause clients to perform DNS requests on the hostnames, which was + not sensible behavior. Fixes bug 10801; bugfix on 0.2.0.1-alpha. + - Avoid a 60-second delay in the bootstrapping process when a Tor + client with pluggable transports re-reads its configuration at + just the wrong time. Re-fixes bug 11156; bugfix on 0.2.5.3-alpha. - Avoid 60-second delays in the bootstrapping process when Tor is launching for a second time while using bridges. Fixes bug 9229; bugfix on 0.2.0.3-alpha. o Minor bugfixes (DNS): - - When receiving a DNS query for an unsupported type, reply with no - answer rather than with a NOTIMPL error. This behavior isn't - correct either, but it will break fewer client programs, we hope. - Fixes bug 10268; bugfix on 0.2.0.1-alpha. Original patch from - "epoch". + - When receiving a DNS query for an unsupported record type, reply + with no answer rather than with a NOTIMPL error. This behavior + isn't correct either, but it will break fewer client programs, we + hope. Fixes bug 10268; bugfix on 0.2.0.1-alpha. Original patch + from "epoch". o Minor bugfixes (exit): - Stop leaking memory when we successfully resolve a PTR record. @@ -266,8 +253,8 @@ Changes in version 0.2.5.4-alpha - 2014-04-?? o Deprecated versions: - Tor 0.2.2.x has reached end-of-life; it has received no patches or attention for some while. Directory authorities no longer accept - descriptors from relays running any version of Tor prior to - Tor 0.2.3.16-alpha. Resolves ticket 11149. + descriptors from relays running any version of Tor prior to Tor + 0.2.3.16-alpha. Resolves ticket 11149. o Testing: - New macros in test.h to simplify writing mock-functions for unit