diff --git a/ChangeLog b/ChangeLog index 98f050765f..d2348070ce 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,104 @@ +Changes in version 0.2.4.4-alpha - 2012-10-20 + Tor 0.2.4.4-alpha adds a new v3 directory authority, fixes a privacy + vulnerability introduced by a change in OpenSSL, fixes a remotely + triggerable assert, and adds new channel_t and circuitmux_t abstractions + that will make it easier to test new connection transport and cell + scheduling algorithms. + + o New directory authorities (also in 0.2.3.23-rc): + - Add Faravahar (run by Sina Rabbani) as the ninth v3 directory + authority. Closes ticket 5749. + + o Major bugfixes (security/privacy, also in 0.2.3.23-rc): + - Disable TLS session tickets. OpenSSL's implementation was giving + our TLS session keys the lifetime of our TLS context objects, when + perfect forward secrecy would want us to discard anything that + could decrypt a link connection as soon as the link connection + was closed. Fixes bug 7139; bugfix on all versions of Tor linked + against OpenSSL 1.0.0 or later. Found by Florent Daignière. + - Discard extraneous renegotiation attempts once the V3 link + protocol has been initiated. Failure to do so left us open to + a remotely triggerable assertion failure. Fixes CVE-2012-2249; + bugfix on 0.2.3.6-alpha. Reported by "some guy from France". + + o Internal abstraction features: + - Introduce new channel_t abstraction between circuits and + or_connection_t to allow for implementing alternate OR-to-OR + transports. A channel_t is an abstract object which can either be a + cell-bearing channel, which is responsible for authenticating and + handshaking with the remote OR and transmitting cells to and from + it, or a listening channel, which spawns new cell-bearing channels + at the request of remote ORs. Implements part of ticket 6465. + - Also new is the channel_tls_t subclass of channel_t, adapting it + to the existing or_connection_t code. The V2/V3 protocol handshaking + code which formerly resided in command.c has been moved below the + channel_t abstraction layer and may be found in channeltls.c now. + Implements the rest of ticket 6465. + - Introduce new circuitmux_t storing the queue of circuits for + a channel; this encapsulates and abstracts the queue logic and + circuit selection policy, and allows the latter to be overridden + easily by switching out a policy object. The existing EWMA behavior + is now implemented as a circuitmux_policy_t. Resolves ticket 6816. + + o Required libraries: + - Tor now requires OpenSSL 0.9.8 or later. OpenSSL 1.0.0 or later is + strongly recommended. + + o Minor features: + - Warn users who run hidden services on a Tor client with + UseEntryGuards disabled that their hidden services will be + vulnerable to http://freehaven.net/anonbib/#hs-attack06 (the + attack which motivated Tor to support entry guards in the first + place). Resolves ticket 6889. + - Tor now builds correctly on Bitrig, an OpenBSD fork. Patch from + dhill. Resolves ticket 6982. + + o Minor bugfixes (also in 0.2.3.23-rc): + - Don't serve or accept v2 hidden service descriptors over a + relay's DirPort. It's never correct to do so, and disabling it + might make it more annoying to exploit any bugs that turn up in the + descriptor-parsing code. Fixes bug 7149. + - Fix two cases in src/or/transports.c where we were calling + fmt_addr() twice in a parameter list. Bug found by David + Fifield. Fixes bug 7014; bugfix on 0.2.3.9-alpha. + - Fix memory leaks whenever we logged any message about the "path + bias" detection. Fixes bug 7022; bugfix on 0.2.3.21-rc. + - When relays refuse a "create" cell because their queue of pending + create cells is too big (typically because their cpu can't keep up + with the arrival rate), send back reason "resource limit" rather + than reason "internal", so network measurement scripts can get a + more accurate picture. Fixes bug 7037; bugfix on 0.1.1.11-alpha. + + o Minor bugfixes: + - Command-line option "--version" implies "--quiet". Fixes bug 6997. + - Free some more still-in-use memory at exit, to make hunting for + memory leaks easier. Resolves bug 7029. + - When a Tor client gets a "truncated" relay cell, the first byte of + its payload specifies why the circuit was truncated. We were + ignoring this 'reason' byte when tearing down the circuit, resulting + in the controller not being told why the circuit closed. Now we + pass the reason from the truncated cell to the controller. Bugfix + on 0.1.2.3-alpha; fixes bug 7039. + - Downgrade "Failed to hand off onionskin" messages to "debug" + severity, since they're typically redundant with the "Your computer + is too slow" messages. Fixes bug 7038; bugfix on 0.2.2.16-alpha. + - Make clients running with IPv6 bridges connect over IPv6 again, + even without setting new config options ClientUseIPv6 and + ClientPreferIPv6ORPort. Fixes bug 6757; bugfix on 0.2.4.1-alpha. + - Use square brackets around IPv6 addresses in numerous places + that needed them, including log messages, HTTPS CONNECT proxy + requests, TransportProxy statefile entries, and pluggable transport + extra-info lines. Fixes bug 7011; patch by David Fifield. + + o Code refactoring and cleanup: + - Source files taken from other packages now reside in src/ext; + previously they were scattered around the rest of Tor. + - Avoid use of reserved identifiers in our C code. The C standard + doesn't like us declaring anything that starts with an + underscore, so let's knock it off before we get in trouble. Fix + for bug 1031; bugfix on the first Tor commit. + + Changes in version 0.2.3.23-rc - 2012-10-20 Tor 0.2.3.23-rc adds a new v3 directory authority, fixes a privacy vulnerability introduced by a change in OpenSSL, and fixes a variety diff --git a/changes/6757 b/changes/6757 deleted file mode 100644 index 6b17f951d1..0000000000 --- a/changes/6757 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (client): - - Make clients running with IPv6 bridges connect over IPv6 again, - even without setting new config options ClientUseIPv6 and - ClientPreferIPv6ORPort. - Fixes bug 6757; bugfix on 0.2.4.1-alpha. diff --git a/changes/6982 b/changes/6982 deleted file mode 100644 index edfa066a56..0000000000 --- a/changes/6982 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (portability): - - Tor now builds correctly on Bitrig, an OpenBSD fork. Patch from dhill. - Ticket 6982. diff --git a/changes/addr_is_internal_debug b/changes/addr_is_internal_debug deleted file mode 100644 index 6de221bb2e..0000000000 --- a/changes/addr_is_internal_debug +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - Log the call-site of a failed tor_addr_is_internal(), so that we - can learn who is calling it with AF_UNSPECIFIED and fix the - second (unrelated) part of bug 7086. diff --git a/changes/bug1031 b/changes/bug1031 deleted file mode 100644 index e3ab49b2bd..0000000000 --- a/changes/bug1031 +++ /dev/null @@ -1,5 +0,0 @@ - o Code cleanup: - - Avoid use of reserved identifiers in our C code. The C standard - doesn't like us declaring anything that starts with an - underscore, so let's knock it off before we get in trouble. Fix - for bug 1031; bugfix on the first Tor commit. diff --git a/changes/bug6465 b/changes/bug6465 deleted file mode 100644 index a5ea9e213c..0000000000 --- a/changes/bug6465 +++ /dev/null @@ -1,12 +0,0 @@ - o Infrastructure features: - - Introduce new channel_t abstraction between circuits and or_connection_t - to allow for implementing alternate OR-to-OR transports. A channel_t is - an abstract object which can either be a cell-bearing channel, which is - responsible for authenticating and handshaking with the remote OR and - transmitting cells to and from it, or a listening channel, which spawns - new cell-bearing channels at the request of remote ORs. - - - Also new is the channel_tls_t subclass of channel_t, adapting it to the - existing or_connection_t code. The V2/V3 protocol handshaking code - which formerly resided in command.c has been moved below the channel_t - abstraction layer and may be found in channeltls.c now. diff --git a/changes/bug6816 b/changes/bug6816 deleted file mode 100644 index e9e6877a96..0000000000 --- a/changes/bug6816 +++ /dev/null @@ -1,6 +0,0 @@ - o Infrastructure features: - - Introduce new circuitmux_t storing the queue of circuits for a channel; - this encapsulates and abstracts the queue logic and circuit selection - policy, and allows the latter to be overridden easily by switching out - a policy object. The existing EWMA behavior is now implemented as a - circuitmux_policy_t. This fixes bug 6816. diff --git a/changes/bug7011 b/changes/bug7011 deleted file mode 100644 index f3d0aa2e1e..0000000000 --- a/changes/bug7011 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes: - - Use square brackets around IPv6 addresses in numerous places that needed - them, including log messages, HTTPS CONNECT proxy requests, - TransportProxy statefile entries, and pluggable transport extra-info - lines. Fix for bug 7011; patch by David Fifield. - diff --git a/changes/bug7014 b/changes/bug7014 deleted file mode 100644 index 1d39103a50..0000000000 --- a/changes/bug7014 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - Fix two cases in src/or/transports.c where we were calling - fmt_addr() twice in a parameter list. Bug found by David - Fifield. Fixes bug 7014; bugfix on 0.2.3.9-alpha. - diff --git a/changes/bug7022 b/changes/bug7022 deleted file mode 100644 index 10ac354724..0000000000 --- a/changes/bug7022 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes: - - Fix memory leaks whenever we logged any message about the "path - bias" detection. Fixes bug 7022; bugfix on 0.2.3.21-rc. diff --git a/changes/bug7029 b/changes/bug7029 deleted file mode 100644 index a115b42f8e..0000000000 --- a/changes/bug7029 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (code cleanliness): - - Free some more still-in-use memory at exit, to make hunting for - memory leaks easier. Resolves bug 7029. diff --git a/changes/bug7037 b/changes/bug7037 deleted file mode 100644 index fc3a1ad1c5..0000000000 --- a/changes/bug7037 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes: - - When relays refuse a "create" cell because their queue of pending - create cells is too big (typically because their cpu can't keep up - with the arrival rate), send back reason "resource limit" rather - than reason "internal", so network measurement scripts can get a - more accurate picture. Bugfix on 0.1.1.11-alpha; fixes bug 7037. diff --git a/changes/bug7038 b/changes/bug7038 deleted file mode 100644 index 3805d868b2..0000000000 --- a/changes/bug7038 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (log messages): - - Downgrade "Failed to hand off onionskin" messages to "debug" - severity, since they're typically redundant with the "Your computer - is too slow" messages. Fixes bug 7038; bugfix on 0.2.2.16-alpha. - diff --git a/changes/bug7039 b/changes/bug7039 deleted file mode 100644 index dc5111a00c..0000000000 --- a/changes/bug7039 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes: - - When a Tor client gets a "truncated" relay cell, the first byte of - its payload specifies why the circuit was truncated. We were - ignoring this 'reason' byte when tearing down the circuit, resulting - in the controller not being told why the circuit closed. Now we - pass the reason from the truncated cell to the controller. Bugfix - on 0.1.2.3-alpha; fixes bug 7039. diff --git a/changes/bug7139 b/changes/bug7139 deleted file mode 100644 index dfb7d32838..0000000000 --- a/changes/bug7139 +++ /dev/null @@ -1,9 +0,0 @@ - o Major bugfixes (security): - - - Disable TLS session tickets. OpenSSL's implementation were giving - our TLS session keys the lifetime of our TLS context objects, when - perfect forward secrecy would want us to discard anything that - could decrypt a link connection as soon as the link connection was - closed. Fixes bug 7139; bugfix on all versions of Tor linked - against OpenSSL 1.0.0 or later. Found by "nextgens". - diff --git a/changes/cve-2012-2249 b/changes/cve-2012-2249 deleted file mode 100644 index 625bfa2f58..0000000000 --- a/changes/cve-2012-2249 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes (security): - - Discard extraneous renegotiation attempts once the V3 link - protocol has been initiated. Failure to do so left us open to - a remotely triggerable assertion failure. Fixes CVE-2012-2249; - bugfix on 0.2.3.6-alpha. Reported by "some guy from France". diff --git a/changes/dirserv-BUGGY-a b/changes/dirserv-BUGGY-a deleted file mode 100644 index 35b492a2d7..0000000000 --- a/changes/dirserv-BUGGY-a +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes: - - - Don't serve or accept v2 hidden service descriptors over a - relay's DirPort. It's never correct to do so, and disabling it - might make it more annoying to exploit any bugs that turn up in the - descriptor-parsing code. Fixes bug 7149. - diff --git a/changes/dropped_openssl_vers b/changes/dropped_openssl_vers deleted file mode 100644 index dc79d5e3ff..0000000000 --- a/changes/dropped_openssl_vers +++ /dev/null @@ -1,3 +0,0 @@ - o Required libraries: - - Tor now requires OpenSSL 0.9.8 or later; OpenSSL 1.0.0 or later is - strongly recommended. diff --git a/changes/src_ext b/changes/src_ext deleted file mode 100644 index a1b2a2198f..0000000000 --- a/changes/src_ext +++ /dev/null @@ -1,3 +0,0 @@ - o Code refactoring: - - Source files taken from other packages now reside in src/ext; - previously they were scattered around the rest of Tor. diff --git a/changes/ticket5749 b/changes/ticket5749 deleted file mode 100644 index 0237241981..0000000000 --- a/changes/ticket5749 +++ /dev/null @@ -1,3 +0,0 @@ - o New directory authorities: - - Add Faravahar (run by Sina Rabbani) as the ninth v3 directory - authority. Closes ticket 5749. diff --git a/changes/ticket6997 b/changes/ticket6997 deleted file mode 100644 index 0a33b37552..0000000000 --- a/changes/ticket6997 +++ /dev/null @@ -1,2 +0,0 @@ - o Minor bugfixes: - - Command-line option "--version" implies "--quiet". Closes ticket #6997. diff --git a/changes/warn-about-hses-without-guards b/changes/warn-about-hses-without-guards deleted file mode 100644 index 57b8b4d00f..0000000000 --- a/changes/warn-about-hses-without-guards +++ /dev/null @@ -1,8 +0,0 @@ - o Minor features: - - - Warn users who run hidden services on a Tor client with - UseEntryGuards disabled that their hidden services will be - vulnerable to http://freehaven.net/anonbib/#hs-attack06 (the - attack which motivated Tor to support entry guards in the first - place). Fixes bug 6889. -