[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Tor 0.2.9.3-alpha is released



Hi, all!  There is a new alpha release of the Tor source code, with
fixes for several important bugs, and numerous other updates.

(If you are about to reply saying "please take me off this list",
instead please follow these instructions:
 https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-announce/
.  You will have to enter the actual email address you used to subscribe.)

You can download the source from the usual place on the website.
Packages should be up in a few days.

(There is also a concurrent release of Tor 0.2.8.8; for stable
announcements, please see tor-announce@ or the blog.)


======

Changes in version 0.2.9.3-alpha - 2016-09-23
  Tor 0.2.9.3-alpha adds improved support for entities that want to make
  high-performance services available through the Tor .onion mechanism
  without themselves receiving anonymity as they host those services. It
  also tries harder to ensure that all steps on a circuit are using the
  strongest crypto possible, strengthens some TLS properties, and
  resolves several bugs -- including a pair of crash bugs from the 0.2.8
  series. Anybody running an earlier version of 0.2.9.x should upgrade.

  o Major bugfixes (crash, also in 0.2.8.8):
    - Fix a complicated crash bug that could affect Tor clients
      configured to use bridges when replacing a networkstatus consensus
      in which one of their bridges was mentioned. OpenBSD users saw
      more crashes here, but all platforms were potentially affected.
      Fixes bug 20103; bugfix on 0.2.8.2-alpha.

  o Major bugfixes (relay, OOM handler, also in 0.2.8.8):
    - Fix a timing-dependent assertion failure that could occur when we
      tried to flush from a circuit after having freed its cells because
      of an out-of-memory condition. Fixes bug 20203; bugfix on
      0.2.8.1-alpha. Thanks to "cypherpunks" for help diagnosing
      this one.

  o Major features (circuit building, security):
    - Authorities, relays and clients now require ntor keys in all
      descriptors, for all hops (except for rare hidden service protocol
      cases), for all circuits, and for all other roles. Part of
      ticket 19163.
    - Tor authorities, relays, and clients only use ntor, except for
      rare cases in the hidden service protocol. Part of ticket 19163.

  o Major features (single-hop "hidden" services):
    - Add experimental HiddenServiceSingleHopMode and
      HiddenServiceNonAnonymousMode options. When both are set to 1,
      every hidden service on a Tor instance becomes a non-anonymous
      Single Onion Service. Single Onions make one-hop (direct)
      connections to their introduction and renzedvous points. One-hop
      circuits make Single Onion servers easily locatable, but clients
      remain location-anonymous. This is compatible with the existing
      hidden service implementation, and works on the current tor
      network without any changes to older relays or clients. Implements
      proposal 260, completes ticket 17178. Patch by teor and asn.

  o Major features (resource management):
    - Tor can now notice it is about to run out of sockets, and
      preemptively close connections of lower priority. (This feature is
      off by default for now, since the current prioritizing method is
      yet not mature enough. You can enable it by setting
      "DisableOOSCheck 0", but watch out: it might close some sockets
      you would rather have it keep.) Closes ticket 18640.

  o Major bugfixes (circuit building):
    - Hidden service client-to-intro-point and service-to-rendezvous-
      point cicruits use the TAP key supplied by the protocol, to avoid
      epistemic attacks. Fixes bug 19163; bugfix on 0.2.4.18-rc.

  o Major bugfixes (compilation, OpenBSD):
    - Fix a Libevent-detection bug in our autoconf script that would
      prevent Tor from linking successfully on OpenBSD. Patch from
      rubiate. Fixes bug 19902; bugfix on 0.2.9.1-alpha.

  o Major bugfixes (hidden services):
    - Clients now require hidden services to include the TAP keys for
      their intro points in the hidden service descriptor. This prevents
      an inadvertent upgrade to ntor, which a malicious hidden service
      could use to distinguish clients by consensus version. Fixes bug
      20012; bugfix on 0.2.4.8-alpha. Patch by teor.

  o Minor features (security, TLS):
    - Servers no longer support clients that without AES ciphersuites.
      (3DES is no longer considered an acceptable cipher.) We believe
      that no such Tor clients currently exist, since Tor has required
      OpenSSL 0.9.7 or later since 2009. Closes ticket 19998.

  o Minor feature (fallback directories):
    - Remove broken entries from the hard-coded fallback directory list.
      Closes ticket 20190; patch by teor.

  o Minor features (geoip, also in 0.2.8.8):
    - Update geoip and geoip6 to the September 6 2016 Maxmind GeoLite2
      Country database.

  o Minor feature (port flags):
    - Add new flags to the *Port options to finer control over which
      requests are allowed. The flags are NoDNSRequest, NoOnionTraffic,
      and the synthetic flag OnionTrafficOnly, which is equivalent to
      NoDNSRequest, NoIPv4Traffic, and NoIPv6Traffic. Closes enhancement
      18693; patch by "teor".

  o Minor features (directory authority):
    - After voting, if the authorities decide that a relay is not
      "Valid", they no longer include it in the consensus at all. Closes
      ticket 20002; implements part of proposal 272.

  o Minor features (testing):
    - Disable memory protections on OpenBSD when performing our unit
      tests for memwipe(). The test deliberately invokes undefined
      behavior, and the OpenBSD protections interfere with this. Patch
      from "rubiate". Closes ticket 20066.

  o Minor features (testing, ipv6):
    - Add the single-onion and single-onion-ipv6 chutney targets to
      "make test-network-all". This requires a recent chutney version
      with the single onion network flavours (git c72a652 or later).
      Closes ticket 20072; patch by teor.
    - Add the hs-ipv6 chutney target to make test-network-all's IPv6
      tests. Remove bridges+hs, as it's somewhat redundant. This
      requires a recent chutney version that supports IPv6 clients,
      relays, and authorities. Closes ticket 20069; patch by teor.

  o Minor features (Tor2web):
    - Make Tor2web clients respect ReachableAddresses. This feature was
      inadvertently enabled in 0.2.8.6, then removed by bugfix 19973 on
      0.2.8.7. Implements feature 20034. Patch by teor.

  o Minor features (unit tests):
    - We've done significant work to make the unit tests run faster.
    - Our link-handshake unit tests now check that when invalid
      handshakes fail, they fail with the error messages we expected.
    - Our unit testing code that captures log messages no longer
      prevents them from being written out if the user asked for them
      (by passing --debug or --info or or --notice --warn to the "test"
      binary). This change prevents us from missing unexpected log
      messages simply because we were looking for others. Related to
      ticket 19999.
    - The unit tests now log all warning messages with the "BUG" flag.
      Previously, they only logged errors by default. This change will
      help us make our testing code more correct, and make sure that we
      only hit this code when we mean to. In the meantime, however,
      there will be more warnings in the unit test logs than before.
      This is preparatory work for ticket 19999.
    - The unit tests now treat any failure of a "tor_assert_nonfatal()"
      assertion as a test failure.

  o Minor bug fixes (circuits):
    - Use the CircuitBuildTimeout option whenever
      LearnCircuitBuildTimeout is disabled. Previously, we would respect
      the option when a user disabled it, but not when it was disabled
      because some other option was set. Fixes bug 20073; bugfix on
      0.2.4.12-alpha. Patch by teor.

  o Minor bugfixes (allocation):
    - Change how we allocate memory for large chunks on buffers, to
      avoid a (currently impossible) integer overflow, and to waste less
      space when allocating unusually large chunks. Fixes bug 20081;
      bugfix on 0.2.0.16-alpha. Issue identified by Guido Vranken.
    - Always include orconfig.h before including any other C headers.
      Sometimes, it includes macros that affect the behavior of the
      standard headers. Fixes bug 19767; bugfix on 0.2.9.1-alpha (the
      first version to use AC_USE_SYSTEM_EXTENSIONS).
    - Fix a syntax error in the IF_BUG_ONCE__() macro in non-GCC-
      compatible compilers. Fixes bug 20141; bugfix on 0.2.9.1-alpha.
      Patch from Gisle Vanem.
    - Stop trying to build with Clang 4.0's -Wthread-safety warnings.
      They apparently require a set of annotations that we aren't
      currently using, and they create false positives in our pthreads
      wrappers. Fixes bug 20110; bugfix on 0.2.9.1-alpha.

  o Minor bugfixes (directory authority):
    - Die with a more useful error when the operator forgets to place
      the authority_signing_key file into the keys directory. This
      avoids an uninformative assert & traceback about having an invalid
      key. Fixes bug 20065; bugfix on 0.2.0.1-alpha.
    - When allowing private addresses, mark Exits that only exit to
      private locations as such. Fixes bug 20064; bugfix
      on 0.2.2.9-alpha.

  o Minor bugfixes (documentation):
    - Document the default PathsNeededToBuildCircuits value that's used
      by clients when the directory authorities don't set
      min_paths_for_circs_pct. Fixes bug 20117; bugfix on 02c320916e02
      in tor-0.2.4.10-alpha. Patch by teor, reported by Jesse V.
    - Fix manual for the User option: it takes a username, not a UID.
      Fixes bug 19122; bugfix on 0.0.2pre16 (the first version to have
      a manpage!).

  o Minor bugfixes (hidden services):
    - Stop logging intro point details to the client log on certain
      error conditions. Fixed as part of bug 20012; bugfix on
      0.2.4.8-alpha. Patch by teor.

  o Minor bugfixes (IPv6, testing):
    - Check for IPv6 correctly on Linux when running test networks.
      Fixes bug 19905; bugfix on 0.2.7.3-rc; patch by teor.

  o Minor bugfixes (Linux seccomp2 sandbox):
    - Add permission to run the sched_yield() and sigaltstack() system
      calls, in order to support versions of Tor compiled with asan or
      ubsan code that use these calls. Now "sandbox 1" and
      "--enable-expensive-hardening" should be compatible on more
      systems. Fixes bug 20063; bugfix on 0.2.5.1-alpha.

  o Minor bugfixes (logging):
    - When logging a message from the BUG() macro, be explicit about
      what we were asserting. Previously we were confusing what we were
      asserting with what the bug was. Fixes bug 20093; bugfix
      on 0.2.9.1-alpha.
    - When we are unable to remove the bw_accounting file, do not warn
      if the reason we couldn't remove it was that it didn't exist.
      Fixes bug 19964; bugfix on 0.2.5.4-alpha. Patch from 'pastly'.

  o Minor bugfixes (option parsing):
    - Count unix sockets when counting client listeners (SOCKS, Trans,
      NATD, and DNS). This has no user-visible behaviour changes: these
      options are set once, and never read. Required for correct
      behaviour in ticket 17178. Fixes bug 19677; bugfix on
      0.2.6.3-alpha. Patch by teor.

  o Minor bugfixes (options):
    - Check the consistency of UseEntryGuards and EntryNodes more
      reliably. Fixes bug 20074; bugfix on tor- 0.2.4.12-alpha. Patch
      by teor.
    - Stop changing the configured value of UseEntryGuards on
      authorities and Tor2web clients. Fixes bug 20074; bugfix on
      commits 51fc6799 in tor-0.1.1.16-rc and acda1735 in tor-0.2.4.3-
      alpha. Patch by teor.

  o Minor bugfixes (Tor2web):
    - Prevent Tor2web clients running hidden services, these services
      are not anonymous due to the one-hop client paths. Fixes bug
      19678. Patch by teor.

  o Minor bugfixes (unit tests):
    - Fix a shared-random unit test that was failing on big endian
      architectures due to internal representation of a integer copied
      to a buffer. The test is changed to take a full 32 bytes of data
      and use the output of a python script that make the COMMIT and
      REVEAL calculation according to the spec. Fixes bug 19977; bugfix
      on 0.2.9.1-alpha.
    - The tor_tls_server_info_callback unit test no longer crashes when
      debug-level logging is turned on. Fixes bug 20041; bugfix
      on 0.2.8.1-alpha.
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk