mirrors/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-19 09:50:29 +01:00
Code Issues Projects Releases Wiki Activity

forward-port the changelog and release notes for 0.4.1.5

Browse Source
This commit is contained in:
Nick Mathewson 2019-08-20 11:15:17 -04:00
parent 36a27fa2d3
commit d0b62fff05
2 changed files with 623 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

72
ChangeLog
View File

@ -1,3 +1,75 @@
Changes in version 0.4.1.5 - 2019-08-20
This is the first stable release in the 0.4.1.x series. This series
adds experimental circuit-level padding, authenticated SENDME cells to
defend against certain attacks, and several performance improvements
to save on CPU consumption. It fixes bugs in bootstrapping and v3
onion services. It also includes numerous smaller features and
bugfixes on earlier versions.
Per our support policy, we will support the 0.4.1.x series for nine
months, or until three months after the release of a stable 0.4.2.x:
whichever is longer. If you need longer-term support, please stick
with 0.3.5.x, which will we plan to support until Feb 2022.
Below are the changes since 0.4.1.4-rc. For a complete list of changes
since 0.4.0.5, see the ReleaseNotes file.
o Directory authority changes:
- The directory authority "dizum" has a new IP address. Closes
ticket 31406.
o Minor features (circuit padding logging):
- Demote noisy client-side warn logs about circuit padding to
protocol warnings. Add additional log messages and circuit ID
fields to help with bug 30992 and any other future issues.
o Minor bugfixes (circuit padding negotiation):
- Bump the circuit padding protocol version to explicitly signify
that the HS setup machine support is finalized in 0.4.1.x-stable.
This also means that 0.4.1.x-alpha clients will not negotiate
padding with 0.4.1.x-stable relays, and 0.4.1.x-stable clients
will not negotiate padding with 0.4.1.x-alpha relays (or 0.4.0.x
relays). Fixes bug 31356; bugfix on 0.4.1.1-alpha.
o Minor bugfixes (circuit padding):
- Ignore non-padding cells on padding circuits. This addresses
various warning messages from subsystems that were not expecting
padding circuits. Fixes bug 30942; bugfix on 0.4.1.1-alpha.
o Minor bugfixes (clock skew detection):
- Don't believe clock skew results from NETINFO cells that appear to
arrive before we sent the VERSIONS cells they are responding to.
Previously, we would accept them up to 3 minutes "in the past".
Fixes bug 31343; bugfix on 0.2.4.4-alpha.
o Minor bugfixes (compatibility, standards compliance):
- Fix a bug that would invoke undefined behavior on certain
operating systems when trying to asprintf() a string exactly
INT_MAX bytes long. We don't believe this is exploitable, but it's
better to fix it anyway. Fixes bug 31001; bugfix on 0.2.2.11-alpha.
Found and fixed by Tobias Stoeckmann.
o Minor bugfixes (compilation warning):
- Fix a compilation warning on Windows about casting a function
pointer for GetTickCount64(). Fixes bug 31374; bugfix
on 0.2.9.1-alpha.
o Minor bugfixes (compilation):
- Avoid using labs() on time_t, which can cause compilation warnings
on 64-bit Windows builds. Fixes bug 31343; bugfix on 0.2.4.4-alpha.
o Minor bugfixes (distribution):
- Do not ship any temporary files found in the
scripts/maint/practracker directory. Fixes bug 31311; bugfix
on 0.4.1.1-alpha.
o Testing (continuous integration):
- In Travis, make stem log a controller trace to the console, and
tail stem's tor log after failure. Closes ticket 30591.
- In Travis, only run the stem tests that use a tor binary. Closes
ticket 30694.
Changes in version 0.4.1.4-rc - 2019-07-25
Tor 0.4.1.4-rc fixes a few bugs from previous versions of Tor, and
updates to a new list of fallback directories. If no new bugs are

551
ReleaseNotes
View File

@ -2,6 +2,557 @@ This document summarizes new features and bugfixes in each stable
release of Tor. If you want to see more detailed descriptions of the
changes in each development snapshot, see the ChangeLog file.
Changes in version 0.4.1.5 - 2019-08-20
This is the first stable release in the 0.4.1.x series. This series
adds experimental circuit-level padding, authenticated SENDME cells to
defend against certain attacks, and several performance improvements
to save on CPU consumption. It fixes bugs in bootstrapping and v3
onion services. It also includes numerous smaller features and
bugfixes on earlier versions.
Per our support policy, we will support the 0.4.1.x series for nine
months, or until three months after the release of a stable 0.4.2.x:
whichever is longer. If you need longer-term support, please stick
with 0.3.5.x, which will we plan to support until Feb 2022.
Below are the changes since 0.4.0.5. For a list of only the changes
since 0.4.1.4-rc, see the ChangeLog file.
o Directory authority changes:
- The directory authority "dizum" has a new IP address. Closes
ticket 31406.
o Major features (circuit padding):
- Onion service clients now add padding cells at the start of their
INTRODUCE and RENDEZVOUS circuits, to make those circuits' traffic
look more like general purpose Exit traffic. The overhead for this
is 2 extra cells in each direction for RENDEZVOUS circuits, and 1
extra upstream cell and 10 downstream cells for INTRODUCE
circuits. This feature is only enabled when also supported by the
circuit's middle node. (Clients may specify fixed middle nodes
with the MiddleNodes option, and may force-disable this feature
with the CircuitPadding option.) Closes ticket 28634.
o Major features (code organization):
- Tor now includes a generic publish-subscribe message-passing
subsystem that we can use to organize intermodule dependencies. We
hope to use this to reduce dependencies between modules that don't
need to be related, and to generally simplify our codebase. Closes
ticket 28226.
o Major features (controller protocol):
- Controller commands are now parsed using a generalized parsing
subsystem. Previously, each controller command was responsible for
parsing its own input, which led to strange inconsistencies.
Closes ticket 30091.
o Major features (flow control):
- Implement authenticated SENDMEs as detailed in proposal 289. A
SENDME cell now includes the digest of the traffic that it
acknowledges, so that once an end point receives the SENDME, it
can confirm the other side's knowledge of the previous cells that
were sent, and prevent certain types of denial-of-service attacks.
This behavior is controlled by two new consensus parameters: see
the proposal for more details. Fixes ticket 26288.
o Major features (performance):
- Our node selection algorithm now excludes nodes in linear time.
Previously, the algorithm was quadratic, which could slow down
heavily used onion services. Closes ticket 30307.
o Major features (performance, RNG):
- Tor now constructs a fast secure pseudorandom number generator for
each thread, to use when performance is critical. This PRNG is
based on AES-CTR, using a buffering construction similar to
libottery and the (newer) OpenBSD arc4random() code. It
outperforms OpenSSL 1.1.1a's CSPRNG by roughly a factor of 100 for
small outputs. Although we believe it to be cryptographically
strong, we are only using it when necessary for performance.
Implements tickets 29023 and 29536.
o Major bugfixes (bridges):
- Consider our directory information to have changed when our list
of bridges changes. Previously, Tor would not re-compute the
status of its directory information when bridges changed, and
therefore would not realize that it was no longer able to build
circuits. Fixes part of bug 29875.
- Do not count previously configured working bridges towards our
total of working bridges. Previously, when Tor's list of bridges
changed, it would think that the old bridges were still usable,
and delay fetching router descriptors for the new ones. Fixes part
of bug 29875; bugfix on 0.3.0.1-alpha.
o Major bugfixes (circuit build, guard):
- When considering upgrading circuits from "waiting for guard" to
"open", always ignore circuits that are marked for close. Otherwise,
we can end up in the situation where a subsystem is notified that
a closing circuit has just opened, leading to undesirable
behavior. Fixes bug 30871; bugfix on 0.3.0.1-alpha.
o Major bugfixes (onion service reachability):
- Properly clean up the introduction point map when circuits change
purpose from onion service circuits to pathbias, measurement, or
other circuit types. This should fix some service-side instances
of introduction point failure. Fixes bug 29034; bugfix
on 0.3.2.1-alpha.
o Major bugfixes (onion service v3):
- Fix an unreachable bug in which an introduction point could try to
send an INTRODUCE_ACK with a status code that Trunnel would refuse
to encode, leading the relay to assert(). We've consolidated the
ABI values into Trunnel now. Fixes bug 30454; bugfix
on 0.3.0.1-alpha.
- Clients can now handle unknown status codes from INTRODUCE_ACK
cells. (The NACK behavior will stay the same.) This will allow us
to extend status codes in the future without breaking the normal
client behavior. Fixes another part of bug 30454; bugfix
on 0.3.0.1-alpha.
o Minor features (authenticated SENDME):
- Ensure that there is enough randomness on every circuit to prevent
an attacker from successfully predicting the hashes they will need
to include in authenticated SENDME cells. At a random interval, if
we have not sent randomness already, we now leave some extra space
at the end of a cell that we can fill with random bytes. Closes
ticket 26846.
o Minor features (circuit padding logging):
- Demote noisy client-side warn logs about circuit padding to protocol
warnings. Add additional log messages and circuit ID fields to help
with bug 30992 and any other future issues.
o Minor features (circuit padding):
- We now use a fast PRNG when scheduling circuit padding. Part of
ticket 28636.
- Allow the padding machine designer to pick the edges of their
histogram instead of trying to compute them automatically using an
exponential formula. Resolves some undefined behavior in the case
of small histograms and allows greater flexibility on machine
design. Closes ticket 29298; bugfix on 0.4.0.1-alpha.
- Allow circuit padding machines to hold a circuit open until they
are done padding it. Closes ticket 28780.
o Minor features (compile-time modules):
- Add a "--list-modules" command to print a list of which compile-
time modules are enabled. Closes ticket 30452.
o Minor features (continuous integration):
- Our Travis configuration now uses Chutney to run some network
integration tests automatically. Closes ticket 29280.
- When running coverage builds on Travis, we now set
TOR_TEST_RNG_SEED, to avoid RNG-based coverage differences. Part
of ticket 28878.
- Remove sudo configuration lines from .travis.yml as they are no
longer needed with current Travis build environment. Resolves
issue 30213.
- In Travis, show stem's tor log after failure. Closes ticket 30234.
o Minor features (controller):
- Add onion service version 3 support to the HSFETCH command.
Previously, only version 2 onion services were supported. Closes
ticket 25417. Patch by Neel Chauhan.
o Minor features (debugging):
- Introduce tor_assertf() and tor_assertf_nonfatal() to enable
logging of additional information during assert failure. Now we
can use format strings to include information for trouble
shooting. Resolves ticket 29662.
o Minor features (defense in depth):
- In smartlist_remove_keeporder(), set unused pointers to NULL, in
case a bug causes them to be used later. Closes ticket 30176.
Patch from Tobias Stoeckmann.
- Tor now uses a cryptographically strong PRNG even for decisions
that we do not believe are security-sensitive. Previously, for
performance reasons, we had used a trivially predictable linear
congruential generator algorithm for certain load-balancing and
statistical sampling decisions. Now we use our fast RNG in those
cases. Closes ticket 29542.
o Minor features (developer tools):
- Tor's "practracker" test script now checks for files and functions
that seem too long and complicated. Existing overlong functions
and files are accepted for now, but should eventually be
refactored. Closes ticket 29221.
- Add some scripts used for git maintenance to scripts/git. Closes
ticket 29391.
- Call practracker from pre-push and pre-commit git hooks to let
developers know if they made any code style violations. Closes
ticket 30051.
- Add a script to check that each header has a well-formed and
unique guard macro. Closes ticket 29756.
o Minor features (fallback directory list):
- Replace the 157 fallbacks originally introduced in Tor 0.3.5.6-rc
in December 2018 (of which ~122 were still functional), with a
list of 148 fallbacks (70 new, 78 existing, 79 removed) generated
in June 2019. Closes ticket 28795.
o Minor features (geoip):
- Update geoip and geoip6 to the June 10 2019 Maxmind GeoLite2
Country database. Closes ticket 30852.
- Update geoip and geoip6 to the May 13 2019 Maxmind GeoLite2
Country database. Closes ticket 30522.
o Minor features (HTTP tunnel):
- Return an informative web page when the HTTPTunnelPort is used as
an HTTP proxy. Closes ticket 27821, patch by "eighthave".
o Minor features (IPv6, v3 onion services):
- Make v3 onion services put IPv6 addresses in service descriptors.
Before this change, service descriptors only contained IPv4
addresses. Implements 26992.
o Minor features (logging):
- Give a more useful assertion failure message if we think we have
minherit() but we fail to make a region non-inheritable. Give a
compile-time warning if our support for minherit() is incomplete.
Closes ticket 30686.
o Minor features (maintenance):
- Add a new "make autostyle" target that developers can use to apply
all automatic Tor style and consistency conversions to the
codebase. Closes ticket 30539.
o Minor features (modularity):
- The "--disable-module-dirauth" compile-time option now disables
even more dirauth-only code. Closes ticket 30345.
o Minor features (performance):
- Use OpenSSL's implementations of SHA3 when available (in OpenSSL
1.1.1 and later), since they tend to be faster than tiny-keccak.
Closes ticket 28837.
o Minor features (testing):
- The circuitpadding tests now use a reproducible RNG implementation,
so that if a test fails, we can learn why. Part of ticket 28878.
- Tor's tests now support an environment variable, TOR_TEST_RNG_SEED,
to set the RNG seed for tests that use a reproducible RNG. Part of
ticket 28878.
- When running tests in coverage mode, take additional care to make
our coverage deterministic, so that we can accurately track
changes in code coverage. Closes ticket 30519.
- Tor's unit test code now contains helper functions to replace the
PRNG with a deterministic or reproducible version for testing.
Previously, various tests implemented this in various ways.
Implements ticket 29732.
- We now have a script, cov-test-determinism.sh, to identify places
where our unit test coverage has become nondeterministic. Closes
ticket 29436.
- Check that representative subsets of values of `int` and `unsigned
int` can be represented by `void *`. Resolves issue 29537.
o Minor bugfixes (bridge authority):
- Bridge authorities now set bridges as running or non-running when
about to dump their status to a file. Previously, they set bridges
as running in response to a GETINFO command, but those shouldn't
modify data structures. Fixes bug 24490; bugfix on 0.2.0.13-alpha.
Patch by Neel Chauhan.
o Minor bugfixes (channel padding statistics):
- Channel padding write totals and padding-enabled totals are now
counted properly in relay extrainfo descriptors. Fixes bug 29231;
bugfix on 0.3.1.1-alpha.
o Minor bugfixes (circuit isolation):
- Fix a logic error that prevented the SessionGroup sub-option from
being accepted. Fixes bug 22619; bugfix on 0.2.7.2-alpha.
o Minor bugfixes (circuit padding):
- Add a "CircuitPadding" torrc option to disable circuit padding.
Fixes bug 28693; bugfix on 0.4.0.1-alpha.
- Allow circuit padding machines to specify that they do not
contribute much overhead, and provide consensus flags and torrc
options to force clients to only use these low overhead machines.
Fixes bug 29203; bugfix on 0.4.0.1-alpha.
- Provide a consensus parameter to fully disable circuit padding, to
be used in emergency network overload situations. Fixes bug 30173;
bugfix on 0.4.0.1-alpha.
- The circuit padding subsystem will no longer schedule padding if
dormant mode is enabled. Fixes bug 28636; bugfix on 0.4.0.1-alpha.
- Inspect a circuit-level cell queue before sending padding, to
avoid sending padding while too much data is already queued. Fixes
bug 29204; bugfix on 0.4.0.1-alpha.
- Avoid calling monotime_absolute_usec() in circuit padding machines
that do not use token removal or circuit RTT estimation. Fixes bug
29085; bugfix on 0.4.0.1-alpha.
o Minor bugfixes (clock skew detection):
- Don't believe clock skew results from NETINFO cells that appear to
arrive before we sent the VERSIONS cells they are responding to.
Previously, we would accept them up to 3 minutes "in the past".
Fixes bug 31343; bugfix on 0.2.4.4-alpha.
o Minor bugfixes (compatibility, standards compliance):
- Fix a bug that would invoke undefined behavior on certain
operating systems when trying to asprintf() a string exactly
INT_MAX bytes long. We don't believe this is exploitable, but it's
better to fix it anyway. Fixes bug 31001; bugfix on 0.2.2.11-alpha.
Found and fixed by Tobias Stoeckmann.
o Minor bugfixes (compilation warning):
- Fix a compilation warning on Windows about casting a function
pointer for GetTickCount64(). Fixes bug 31374; bugfix on
0.2.9.1-alpha.
o Minor bugfixes (compilation):
- Avoid using labs() on time_t, which can cause compilation warnings
on 64-bit Windows builds. Fixes bug 31343; bugfix on 0.2.4.4-alpha.
o Minor bugfixes (compilation, unusual configurations):
- Avoid failures when building with the ALL_BUGS_ARE_FATAL option
due to missing declarations of abort(), and prevent other such
failures in the future. Fixes bug 30189; bugfix on 0.3.4.1-alpha.
o Minor bugfixes (configuration, proxies):
- Fix a bug that prevented us from supporting SOCKS5 proxies that
want authentication along with configured (but unused!)
ClientTransportPlugins. Fixes bug 29670; bugfix on 0.2.6.1-alpha.
o Minor bugfixes (continuous integration):
- Allow the test-stem job to fail in Travis, because it sometimes
hangs. Fixes bug 30744; bugfix on 0.3.5.4-alpha.
- Skip test_rebind on macOS in Travis, because it is unreliable on
macOS on Travis. Fixes bug 30713; bugfix on 0.3.5.1-alpha.
- Skip test_rebind when the TOR_SKIP_TEST_REBIND environment
variable is set. Fixes bug 30713; bugfix on 0.3.5.1-alpha.
o Minor bugfixes (controller protocol):
- Teach the controller parser to distinguish an object preceded by
an argument list from one without. Previously, it couldn't
distinguish an argument list from the first line of a multiline
object. Fixes bug 29984; bugfix on 0.2.3.8-alpha.
o Minor bugfixes (crash on exit):
- Avoid a set of possible code paths that could try to use freed
memory in routerlist_free() while Tor was exiting. Fixes bug
31003; bugfix on 0.1.2.2-alpha.
o Minor bugfixes (developer tooling):
- Fix pre-push hook to allow fixup and squash commits when pushing
to non-upstream git remote. Fixes bug 30286; bugfix
on 0.4.0.1-alpha.
o Minor bugfixes (directory authorities):
- Stop crashing after parsing an unknown descriptor purpose
annotation. We think this bug can only be triggered by modifying a
local file. Fixes bug 30781; bugfix on 0.2.0.8-alpha.
- Move the "bandwidth-file-headers" line in directory authority
votes so that it conforms to dir-spec.txt. Fixes bug 30316; bugfix
on 0.3.5.1-alpha.
- Directory authorities with IPv6 support now always mark themselves
as reachable via IPv6. Fixes bug 24338; bugfix on 0.2.4.1-alpha.
Patch by Neel Chauhan.
o Minor bugfixes (documentation):
- Improve the documentation for using MapAddress with ".exit". Fixes
bug 30109; bugfix on 0.1.0.1-rc.
- Improve the monotonic time module and function documentation to
explain what "monotonic" actually means, and document some results
that have surprised people. Fixes bug 29640; bugfix
on 0.2.9.1-alpha.
- Use proper formatting when providing an example on quoting options
that contain whitespace. Fixes bug 29635; bugfix on 0.2.3.18-rc.
o Minor bugfixes (logging):
- Do not log a warning when running with an OpenSSL version other
than the one Tor was compiled with, if the two versions should be
compatible. Previously, we would warn whenever the version was
different. Fixes bug 30190; bugfix on 0.2.4.2-alpha.
- Warn operators when the MyFamily option is set but ContactInfo is
missing, as the latter should be set too. Fixes bug 25110; bugfix
on 0.3.3.1-alpha.
o Minor bugfixes (memory leaks):
- Avoid a minor memory leak that could occur on relays when failing
to create a "keys" directory. Fixes bug 30148; bugfix
on 0.3.3.1-alpha.
- Fix a trivial memory leak when parsing an invalid value from a
download schedule in the configuration. Fixes bug 30894; bugfix
on 0.3.4.1-alpha.
o Minor bugfixes (NetBSD):
- Fix usage of minherit() on NetBSD and other platforms that define
MAP_INHERIT_{ZERO,NONE} instead of INHERIT_{ZERO,NONE}. Fixes bug
30614; bugfix on 0.4.0.2-alpha. Patch from Taylor Campbell.
o Minor bugfixes (onion services):
- Avoid a GCC 9.1.1 warning (and possible crash depending on libc
implemenation) when failing to load an onion service client
authorization file. Fixes bug 30475; bugfix on 0.3.5.1-alpha.
- When refusing to launch a controller's HSFETCH request because of
rate-limiting, respond to the controller with a new response,
"QUERY_RATE_LIMITED". Previously, we would log QUERY_NO_HSDIR for
this case. Fixes bug 28269; bugfix on 0.3.1.1-alpha. Patch by
Neel Chauhan.
- When relaunching a circuit to a rendezvous service, mark the
circuit as needing high-uptime routers as appropriate. Fixes bug
17357; bugfix on 0.1.0.1-rc. Patch by Neel Chauhan.
- Stop ignoring IPv6 link specifiers sent to v3 onion services.
(IPv6 support for v3 onion services is still incomplete: see
ticket 23493 for details.) Fixes bug 23588; bugfix on
0.3.2.1-alpha. Patch by Neel Chauhan.
o Minor bugfixes (onion services, performance):
- When building circuits to onion services, call tor_addr_parse()
less often. Previously, we called tor_addr_parse() in
circuit_is_acceptable() even if its output wasn't used. This
change should improve performance when building circuits. Fixes
bug 22210; bugfix on 0.2.8.12. Patch by Neel Chauhan.
o Minor bugfixes (out-of-memory handler):
- When purging the DNS cache because of an out-of-memory condition,
try purging just the older entries at first. Previously, we would
always purge the whole thing. Fixes bug 29617; bugfix
on 0.3.5.1-alpha.
o Minor bugfixes (performance):
- When checking whether a node is a bridge, use a fast check to make
sure that its identity is set. Previously, we used a constant-time
check, which is not necessary in this case. Fixes bug 30308;
bugfix on 0.3.5.1-alpha.
o Minor bugfixes (pluggable transports):
- Tor now sets TOR_PT_EXIT_ON_STDIN_CLOSE=1 for client transports as
well as servers. Fixes bug 25614; bugfix on 0.2.7.1-alpha.
o Minor bugfixes (portability):
- Avoid crashing in our tor_vasprintf() implementation on systems
that define neither vasprintf() nor _vscprintf(). (This bug has
been here long enough that we question whether people are running
Tor on such systems, but we're applying the fix out of caution.)
Fixes bug 30561; bugfix on 0.2.8.2-alpha. Found and fixed by
Tobias Stoeckmann.
o Minor bugfixes (probability distributions):
- Refactor and improve parts of the probability distribution code
that made Coverity complain. Fixes bug 29805; bugfix
on 0.4.0.1-alpha.
o Minor bugfixes (python):
- Stop assuming that /usr/bin/python3 exists. For scripts that work
with python2, use /usr/bin/python. Otherwise, use /usr/bin/env
python3. Fixes bug 29913; bugfix on 0.2.5.3-alpha.
o Minor bugfixes (relay):
- When running as a relay, if IPv6Exit is set to 1 while ExitRelay
is auto, act as if ExitRelay is 1. Previously, we would ignore
IPv6Exit if ExitRelay was 0 or auto. Fixes bug 29613; bugfix on
0.3.5.1-alpha. Patch by Neel Chauhan.
o Minor bugfixes (static analysis):
- Fix several spurious Coverity warnings about the unit tests, to
lower our chances of missing real warnings in the future. Fixes
bug 30150; bugfix on 0.3.5.1-alpha and various other Tor versions.
o Minor bugfixes (stats):
- When ExtraInfoStatistics is 0, stop including bandwidth usage
statistics, GeoIPFile hashes, ServerTransportPlugin lines, and
bridge statistics by country in extra-info documents. Fixes bug
29018; bugfix on 0.2.4.1-alpha.
o Minor bugfixes (testing):
- Call setrlimit() to disable core dumps in test_bt_cl.c. Previously
we used `ulimit -c` in test_bt.sh, which violates POSIX shell
compatibility. Fixes bug 29061; bugfix on 0.3.5.1-alpha.
- Fix some incorrect code in the v3 onion service unit tests. Fixes
bug 29243; bugfix on 0.3.2.1-alpha.
- In the "routerkeys/*" tests, check the return values of mkdir()
for possible failures. Fixes bug 29939; bugfix on 0.2.7.2-alpha.
Found by Coverity as CID 1444254.
- Split test_utils_general() into several smaller test functions.
This makes it easier to perform resource deallocation on assert
failure, and fixes Coverity warnings CID 1444117 and CID 1444118.
Fixes bug 29823; bugfix on 0.2.9.1-alpha.
o Minor bugfixes (tor-resolve):
- Fix a memory leak in tor-resolve that could happen if Tor gave it
a malformed SOCKS response. (Memory leaks in tor-resolve don't
actually matter, but it's good to fix them anyway.) Fixes bug
30151; bugfix on 0.4.0.1-alpha.
o Code simplification and refactoring:
- Abstract out the low-level formatting of replies on the control
port. Implements ticket 30007.
- Add several assertions in an attempt to fix some Coverity
warnings. Closes ticket 30149.
- Introduce a connection_dir_buf_add() helper function that checks
for compress_state of dir_connection_t and automatically writes a
string to directory connection with or without compression.
Resolves issue 28816.
- Make the base32_decode() API return the number of bytes written,
for consistency with base64_decode(). Closes ticket 28913.
- Move most relay-only periodic events out of mainloop.c into the
relay subsystem. Closes ticket 30414.
- Refactor and encapsulate parts of the codebase that manipulate
crypt_path_t objects. Resolves issue 30236.
- Refactor several places in our code that Coverity incorrectly
believed might have memory leaks. Closes ticket 30147.
- Remove redundant return values in crypto_format, and the
associated return value checks elsewhere in the code. Make the
implementations in crypto_format consistent, and remove redundant
code. Resolves ticket 29660.
- Rename tor_mem_is_zero() to fast_mem_is_zero(), to emphasize that
it is not a constant-time function. Closes ticket 30309.
- Replace hs_desc_link_specifier_t with link_specifier_t, and remove
all hs_desc_link_specifier_t-specific code. Fixes bug 22781;
bugfix on 0.3.2.1-alpha.
- Simplify v3 onion service link specifier handling code. Fixes bug
23576; bugfix on 0.3.2.1-alpha.
- Split crypto_digest.c into NSS code, OpenSSL code, and shared
code. Resolves ticket 29108.
- Split control.c into several submodules, in preparation for
distributing its current responsibilities throughout the codebase.
Closes ticket 29894.
- Start to move responsibility for knowing about periodic events to
the appropriate subsystems, so that the mainloop doesn't need to
know all the periodic events in the rest of the codebase.
Implements tickets 30293 and 30294.
o Documentation:
- Mention URLs for Travis/Appveyor/Jenkins in ReleasingTor.md.
Closes ticket 30630.
- Document how to find git commits and tags for bug fixes in
CodingStandards.md. Update some file documentation. Closes
ticket 30261.
o Removed features:
- Remove the linux-tor-prio.sh script from contrib/operator-tools
directory. Resolves issue 29434.
- Remove the obsolete OpenSUSE initscript. Resolves issue 30076.
- Remove the obsolete script at contrib/dist/tor.sh.in. Resolves
issue 30075.
o Testing:
- Specify torrc paths (with empty files) when launching tor in
integration tests; refrain from reading user and system torrcs.
Resolves issue 29702.
o Code simplification and refactoring (shell scripts):
- Clean up many of our shell scripts to fix shellcheck warnings.
These include autogen.sh (ticket 26069), test_keygen.sh (ticket
29062), test_switch_id.sh (ticket 29065), test_rebind.sh (ticket
29063), src/test/fuzz/minimize.sh (ticket 30079), test_rust.sh
(ticket 29064), torify (ticket 29070), asciidoc-helper.sh (29926),
fuzz_multi.sh (30077), fuzz_static_testcases.sh (ticket 29059),
nagios-check-tor-authority-cert (ticket 29071),
src/test/fuzz/fixup_filenames.sh (ticket 30078), test-network.sh
(ticket 29060), test_key_expiration.sh (ticket 30002),
zero_length_keys.sh (ticket 29068), and test_workqueue_*.sh
(ticket 29067).
o Testing (chutney):
- In "make test-network-all", test IPv6-only v3 single onion
services, using the chutney network single-onion-v23-ipv6-md.
Closes ticket 27251.
o Testing (continuous integration):
- In Travis, make stem log a controller trace to the console, and tail
stem's tor log after failure. Closes ticket 30591.
- In Travis, only run the stem tests that use a tor binary.
Closes ticket 30694.
Changes in version 0.4.0.5 - 2019-05-02
This is the first stable release in the 0.4.0.x series. It contains
improvements for power management and bootstrap reporting, as well as