Releases: lncm/docker-tor
Releases · lncm/docker-tor
Version 0.4.7.13 - 2023-01-12
Changes in version 0.4.7.13 - 2023-01-12
This version contains three major bugfixes, two for relays and one for
client being a security fix, TROVE-2022-002. We have added, for Linux, the
support for IP_BIND_ADDRESS_NO_PORT for relays using OutboundBindAddress.
We strongly recommend to upgrade to this version considering the important
congestion control fix detailed below.
o Major bugfixes (congestion control):
- Avoid incrementing the congestion window when the window is not
fully in use. Thia prevents overshoot in cases where long periods
of low activity would allow our congestion window to grow, and
then get followed by a burst, which would cause queue overload.
Also improve the increment checks for RFC3742. Fixes bug 40732;
bugfix on 0.4.7.5-alpha.
o Major bugfixes (relay):
- When opening a channel because of a circuit request that did not
include an Ed25519 identity, record the Ed25519 identity that we
actually received, so that we can use the channel for other
circuit requests that _do_ list an Ed25519 identity. (Previously
we had code to record this identity, but a logic bug caused it to
be disabled.) Fixes bug 40563; bugfix on 0.3.0.1-alpha. Patch
from "cypherpunks".
o Major bugfixes (TROVE-2022-002, client):
- The SafeSocks option had its logic inverted for SOCKS4 and
SOCKS4a. It would let the unsafe SOCKS4 pass but not the safe
SOCKS4a one. This is TROVE-2022-002 which was reported on
Hackerone by "cojabo". Fixes bug 40730; bugfix on 0.3.5.1-alpha.
o Minor feature (authority):
- Reject 0.4.6.x series at the authority level. Closes ticket 40664.
o Minor features (fallbackdir):
- Regenerate fallback directories generated on January 12, 2023.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2023/01/12.
o Minor features (relays):
- Set the Linux-specific IP_BIND_ADDRESS_NO_PORT option on outgoing
sockets, allowing relays using OutboundBindAddress to make more
outgoing connections than ephemeral ports, as long as they are to
separate destinations. Related to issue 40597; patch by Alex
Xu (Hello71).
o Minor bugfixes (relay, metrics):
- Fix typo in a congestion control label on the MetricsPort. Fixes
bug 40727; bugfix on 0.4.7.12.
o Minor bugfixes (sandbox, authority):
- With the sandbox enabled, allow to write "my-consensus-
{ns|microdesc}" and to rename them as well. Fixes bug 40729;
bugfix on 0.3.5.1-alpha.
o Code simplifications and refactoring:
- Rely on actual error returned by the kernel when choosing what
resource exhaustion to log. Fixes issue 40613; Fix
on tor-0.4.6.1-alpha.
Version 0.4.7.8 - 2022-06-17
0.4.7.8
This tag was signed with the committer’s verified signature.
nolim1t
nolim1t - f6287b82CC84bcbd
14f9370
This commit was signed with the committer’s verified signature.
nolim1t
nolim1t - f6287b82CC84bcbd
Changes in version 0.4.7.8 - 2022-06-17
This version fixes several bugfixes including a High severity security issue
categorized as a Denial of Service. Everyone running an earlier version
should upgrade to this version.
o Major bugfixes (congestion control, TROVE-2022-001):
- Fix a scenario where RTT estimation can become wedged, seriously
degrading congestion control performance on all circuits. This
impacts clients, onion services, and relays, and can be triggered
remotely by a malicious endpoint. Tracked as CVE-2022-33903. Fixes
bug 40626; bugfix on 0.4.7.5-alpha.
o Minor features (fallbackdir):
- Regenerate fallback directories generated on June 17, 2022.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2022/06/17.
o Minor bugfixes (linux seccomp2 sandbox):
- Allow the rseq system call in the sandbox. This solves a crash
issue with glibc 2.35 on Linux. Patch from pmu-ipf. Fixes bug
40601; bugfix on 0.3.5.11.
o Minor bugfixes (logging):
- Demote a harmless warn log message about finding a second hop to
from warn level to info level, if we do not have enough
descriptors yet. Leave it at notice level for other cases. Fixes
bug 40603; bugfix on 0.4.7.1-alpha.
- Demote a notice log message about "Unexpected path length" to info
level. These cases seem to happen arbitrarily, and we likely will
never find all of them before the switch to arti. Fixes bug 40612;
bugfix on 0.4.7.5-alpha.
o Minor bugfixes (relay, logging):
- Demote a harmless XOFF log message to from notice level to info
level. Fixes bug 40620; bugfix on 0.4.7.5-alpha.
Version 0.4.7.2-alpha - 2021-10-26
0.4.7.2-alpha
This tag was signed with the committer’s verified signature.
nolim1t
nolim1t - f6287b82CC84bcbd
Changes in version 0.4.7.2-alpha - 2021-10-26
This second alpha release of the 0.4.7.x series adds two major
features: congestion control (prop324) for network performance, and
the MiddleOnly flag (prop335) voted by the authorities to pin relays
to the middle position for various network health reasons. This
release also fixes numerous bugs.
The congestion control feature, detailed in proposal 324, still needs
more work before we can enable it by default. It is currently in its
testing and tuning phase which means that you should expect more
0.4.7.x alphas as congestion control gets stabilized and tuned for
optimal performance. And so, at this release, it can not be used
without a custom patch.
o Major features (congestion control):
- Implement support for flow control over congestion controlled
circuits. This work comes from proposal 324. Closes ticket 40450.
o Major features (directory authority):
- Add a new consensus method to handle MiddleOnly specially. When
enough authorities are using this method, then any relay tagged
with the MiddleOnly flag will have its Exit, Guard, HSDir, and
V2Dir flags automatically cleared, and will have its BadExit flag
automatically set. Implements part of proposal 335.
- Authorities can now be configured to label relays as "MiddleOnly".
When voting for this flag, authorities automatically vote against
Exit, Guard, HSDir, and V2Dir; and in favor of BadExit. Implements
part of proposal 335. Based on a patch from Neel Chauhan.
o Major bugfix (relay, metrics):
- On the MetricsPort, the DNS error statistics are not reported by
record type ("record=...") anymore due to a libevent bug
(https://github.com/libevent/libevent/issues/1219). Fixes bug
40490; bugfix on 0.4.7.1-alpha.
o Major bugfixes (relay, overload state):
- Relays report the general overload state for DNS timeout errors
only if X% of all DNS queries over Y seconds are errors. Before
that, it only took 1 timeout to report the overload state which
was just too low of a threshold. The X and Y values are 1% and 10
minutes respectively but they are also controlled by consensus
parameters. Fixes bug 40491; bugfix on 0.4.6.1-alpha.
o Minor feature (authority, relay):
- Reject End-Of-Life relays running version 0.4.2.x, 0.4.3.x,
0.4.4.x and 0.4.5 alphas/rc. Closes ticket 40480.
o Minor feature (onion service v2):
- Onion service v2 addresses are now not recognized anymore by tor
meaning a bad hostname is returned when attempting to pass it on a
SOCKS connection. No more deprecation log is emitted client side.
Closes ticket 40476.
- See https://blog.torproject.org/v2-deprecation-timeline for
details on how to transition from v2 to v3.
o Minor features (fallbackdir):
- Regenerate fallback directories for October 2021. Closes
ticket 40493.
o Minor features (logging, heartbeat):
- When a relay receives a cell that isn't encrypted properly for it,
but the relay is the last hop on the circuit, the relay now counts
how many cells of this kind it receives, on how many circuits, and
reports this information in the log. Previously, we'd log each
cell at PROTOCOL_WARN level, which is far too verbose to be
useful. Fixes part of ticket 40400.
o Minor features (testing):
- We now have separate fuzzers for the inner layers of v3 onion
service descriptors, to prevent future bugs like 40392. Closes
ticket 40488.
o Minor bugfixes (compilation):
- Fix compilation error when __NR_time is not defined. Fixes bug
40465; bugfix on 0.2.5.5-alpha. Patch by Daniel Pinto.
o Minor bugfixes (dirauth, bandwidth scanner):
- Add the AuthDirDontVoteOnDirAuthBandwidth dirauth config parameter
to avoid voting on bandwidth scanner weights to v3 directory
authorities. Fixes bug 40471; bugfix on 0.2.2.1-alpha. Patch by
Neel Chauhan.
o Minor bugfixes (fragile-hardening, sandbox):
- When building with --enable-fragile-hardening, add or relax Linux
seccomp rules to allow AddressSanitizer to execute normally if the
process terminates with the sandbox active. This has the side
effect of disabling the filtering of file- and directory-open
requests on most systems and dilutes the effectiveness of the
sandbox overall, as a wider range of system calls must be
permitted. Fixes bug 11477; bugfix on 0.2.5.4-alpha.
o Minor bugfixes (logging):
- If a channel has never received or transmitted a cell, or seen a
client, do not calculate time diffs against 1/1/1970 but log a
better prettier message. Fixes bug 40182; bugfix on 0.2.4.4.
o Minor bugfixes (onion service):
- Fix a warning BUG that would occur often on heavily loaded onion
service leading to filling the logs with useless warnings. Fixes
bug 34083; bugfix on 0.3.2.1-alpha.
o Minor bugfix (CI, onion service):
- Exclude onion service version 2 Stem tests in our CI. Fixes bug 40500;
bugfix on 0.3.2.1-alpha.
o Minor bugfixes (onion service, config):
- Fix a memory leak for a small config line string that could occur
if the onion service failed to be configured from file properly.
Fixes bug 40484; bugfix on 0.3.2.1-alpha.
o Minor bugfixes (onion service, TROVE-2021-008):
- Only log v2 access attempts once total, in order to not pollute
the logs with warnings and to avoid recording the times on disk
when v2 access was attempted. Note that the onion address was
_never_ logged. This counts as a Low-severity security issue.
Fixes bug 40474; bugfix on 0.4.5.8.
- Note that due to #40476 which removes v2 support entirely, this
log line is not emitted anymore. We still mention this in the
changelog because it is a Low-severity TROVE.
o Minor bugfixes (usability):
- Do not log "RENDEZVOUS1 cell with unrecognized rendezvous cookie"
at LOG_PROTOCOL_WARN; instead log it at DEBUG. This warning can
happen naturally if a client gives up on a rendezvous circuit
after sending INTRODUCE1. Fixes part of bug 40400; bugfix
on 0.1.1.13-alpha.
- Do not log "circuit_receive_relay_cell failed" at
LOG_PROTOCOL_WARN; instead log it at DEBUG. In every case where we
would want to log this as a protocol warning, we are already
logging another warning from inside circuit_receive_relay_cell.
Fixes part of bug 40400; bugfix on 0.1.1.9-alpha.
o Code simplification and refactoring:
- Lower the official maximum for "guard-extreme-restriction-percent"
to 100. This has no effect on when the guard code will generate a
warning, but it makes the intent of the option clearer. Fixes bug
40486; bugfix on 0.3.0.1-alpha.
o Testing:
- Add unit tests for the Linux seccomp sandbox. Resolves
issue 16803.
o Code simplification and refactoring (rust):
- Remove Rust support and its associated code. It is unsupported and
Rust focus should be shifted to arti. Closes ticket 40469.
o Testing (CI, chutney):
- Bump the data size that chutney transmits to 5MBytes in order to
trigger the flow control and congestion window code. Closes
ticket 40485.
Version 0.4.6.8 - 2021-10-26
0.4.6.8
This tag was signed with the committer’s verified signature.
nolim1t
nolim1t - f6287b82CC84bcbd
ac0b938
This commit was signed with the committer’s verified signature.
nolim1t
nolim1t - f6287b82CC84bcbd
Changes in version 0.4.6.8 - 2021-10-26
This version fixes several bugs from earlier versions of Tor. One
highlight is a fix on how we track DNS timeouts to report general
relay overload.
o Major bugfixes (relay, overload state):
- Relays report the general overload state for DNS timeout errors
only if X% of all DNS queries over Y seconds are errors. Before
that, it only took 1 timeout to report the overload state which
was just too low of a threshold. The X and Y values are 1% and 10
minutes respectively but they are also controlled by consensus
parameters. Fixes bug 40491; bugfix on 0.4.6.1-alpha.
o Minor features (fallbackdir):
- Regenerate fallback directories for October 2021. Closes
ticket 40493.
o Minor features (testing):
- On a testing network, relays can now use the
TestingMinTimeToReportBandwidth option to change the smallest
amount of time over which they're willing to report their observed
maximum bandwidth. Previously, this was fixed at 1 day. For
safety, values under 2 hours are only supported on testing
networks. Part of a fix for ticket 40337.
- Relays on testing networks no longer rate-limit how frequently
they are willing to report new bandwidth measurements. Part of a
fix for ticket 40337.
- Relays on testing networks now report their observed bandwidths
immediately from startup. Previously, they waited until they had
been running for a full day. Closes ticket 40337.
o Minor bugfix (onion service):
- Do not flag an HSDir as non-running in case the descriptor upload
or fetch fails. An onion service closes pending directory
connections before uploading a new descriptor which can thus lead
to wrongly flagging many relays and thus affecting circuit building
path selection. Fixes bug 40434; bugfix on 0.2.0.13-alpha.
- Improve logging when a bad HS version is given. Fixes bug 40476;
bugfix on 0.4.6.1-alpha.
o Minor bugfix (CI, onion service):
- Exclude onion service version 2 Stem tests in our CI. Fixes bug 40500;
bugfix on 0.3.2.1-alpha.
o Minor bugfixes (compatibility):
- Fix compatibility with the most recent Libevent versions, which no
longer have an evdns_set_random_bytes() function. Because this
function has been a no-op since Libevent 2.0.4-alpha, it is safe
for us to just stop calling it. Fixes bug 40371; bugfix
on 0.2.1.7-alpha.
o Minor bugfixes (onion service, TROVE-2021-008):
- Only log v2 access attempts once total, in order to not pollute
the logs with warnings and to avoid recording the times on disk
when v2 access was attempted. Note that the onion address was
_never_ logged. This counts as a Low-severity security issue.
Fixes bug 40474; bugfix on 0.4.5.8.
0.4.7.1-alpha
0.4.7.1-alpha
This tag was signed with the committer’s verified signature.
nolim1t
nolim1t - f6287b82CC84bcbd
f95e92d
This commit was signed with the committer’s verified signature.
nolim1t
nolim1t - f6287b82CC84bcbd
Release notes here
Changes in version 0.4.7.1-alpha - 2021-09-17
This version is the first alpha release of the 0.4.7.x series. One
major feature is Vanguards Lite, from proposal 333, to help mitigate
guard discovery attacks against onion services. It also includes
numerous bugfixes.
o Major features (Proposal 332, onion services, guard selection algorithm):
- Clients and onion services now choose four long-lived "layer 2"
guard relays for use as the middle hop in all onion circuits.
These relays are kept in place for a randomized duration averaging
1 week. This mitigates guard discovery attacks against clients and
short-lived onion services such as OnionShare. Long-lived onion
services that need high security should still use the Vanguards
addon (https://github.com/mikeperry-tor/vanguards). Closes ticket
40363; implements proposal 333.
o Minor features (bridge testing support):
- Let external bridge reachability testing tools discard cached
bridge descriptors when setting new bridges, so they can be sure
to get a clean reachability test. Implements ticket 40209.
o Minor features (fuzzing):
- When building with --enable-libfuzzer, use a set of compiler flags
that works with more recent versions of the library. Previously we
were using a set of flags from 2017. Closes ticket 40407.
o Minor features (testing configuration):
- When TestingTorNetwork is enabled, skip the permissions check on
hidden service directories. Closes ticket 40338.
- On a testing network, relays can now use the
TestingMinTimeToReportBandwidth option to change the smallest
amount of time over which they're willing to report their observed
maximum bandwidth. Previously, this was fixed at 1 day. For
safety, values under 2 hours are only supported on testing
networks. Part of a fix for ticket 40337.
- Relays on testing networks no longer rate-limit how frequently
they are willing to report new bandwidth measurements. Part of a
fix for ticket 40337.
- Relays on testing networks now report their observed bandwidths
immediately from startup. Previously, they waited until they had
been running for a full day. Closes ticket 40337.
o Minor bugfixes (circuit padding):
- Don't send STOP circuit padding cells when the other side has
already shut down the corresponding padding machine. Fixes bug
40435; bugfix on 0.4.0.1-alpha.
o Minor bugfixes (compatibility):
- Fix compatibility with the most recent Libevent versions, which no
longer have an evdns_set_random_bytes() function. Because this
function has been a no-op since Libevent 2.0.4-alpha, it is safe
for us to just stop calling it. Fixes bug 40371; bugfix
on 0.2.1.7-alpha.
o Minor bugfixes (control, sandbox):
- Allows the control command SAVECONF to succeed when the seccomp
sandbox is enabled. Makes SAVECONF keep only one backup file, to
simplify implementation. Fixes bug 40317; bugfix on 0.2.5.4-alpha.
Patch by Daniel Pinto.
o Minor bugfixes (heartbeat):
- Adjust the heartbeat log message about distinct clients to
consider the HeartbeatPeriod rather than a flat 6-hour delay.
Fixes bug 40330; bugfix on 0.2.6.3-alpha.
o Minor bugfixes (logging, relay):
- Add spaces between the "and" when logging the "Your server has not
managed to confirm reachability for its" on dual-stack relays.
Fixes bug 40453; bugfix on 0.4.5.1-alpha. Patch by Neel Chauhan.
o Minor bugfixes (onion service):
- Do not flag an HSDir as non-running in case the descriptor upload
or fetch fails. An onion service closes pending directory
connections before uploading a new descriptor which leads to
wrongly flagging many relays and thus affecting circuit path
selection. Fixes bug 40434; bugfix on 0.2.0.13-alpha.
o Minor bugfixes (statistics):
- Fix a fencepost issue when we check stability_last_downrated where
we called rep_hist_downrate_old_runs() twice. Fixes bug 40394;
bugfix on 0.2.0.5-alpha. Patch by Neel Chauhan.
o Minor bugfixes (tests):
- Fix a bug that prevented some tests from running with the correct
names. Fixes bug 40365; bugfix on 0.4.3.1-alpha.
o Documentation:
- Add links to original tor design paper and anonbib to
docs/HACKING/README.1st.md. Closes ticket 33742. Patch from
Emily Bones.
- Describe the "fingerprint-ed25519" file in the tor.1 man page.
Fixes bug 40467; bugfix on 0.4.3.1-alpha. Patch by Neel Chauhan.
Version 0.4.6.7 - 2021-08-16
0.4.6.7
This tag was signed with the committer’s verified signature.
nolim1t
nolim1t - f6287b82CC84bcbd
Changes in version 0.4.6.7 - 2021-08-16
This version fixes several bugs from earlier versions of Tor,
including one that could lead to a denial-of-service attack. Everyone
running an earlier version, whether as a client, a relay, or an onion
service, should upgrade to Tor 0.3.5.16, 0.4.5.10, or 0.4.6.7.
o Major bugfixes (cryptography, security):
- Resolve an assertion failure caused by a behavior mismatch between
our batch-signature verification code and our single-signature
verification code. This assertion failure could be triggered
remotely, leading to a denial of service attack. We fix this issue
by disabling batch verification. Fixes bug 40078; bugfix on
0.2.6.1-alpha. This issue is also tracked as TROVE-2021-007 and
CVE-2021-38385. Found by Henry de Valence.
o Minor feature (fallbackdir):
- Regenerate fallback directories list. Close ticket 40447.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2021/08/12.
o Minor bugfix (crypto):
- Disable the unused batch verification feature of ed25519-donna.
Fixes bug 40078; bugfix on 0.2.6.1-alpha. Found by Henry
de Valence.
o Minor bugfixes (onion service):
- Send back the extended SOCKS error 0xF6 (Onion Service Invalid
Address) for a v2 onion address. Fixes bug 40421; bugfix
on 0.4.6.2-alpha.
o Minor bugfixes (relay):
- Reduce the compression level for data streaming from HIGH to LOW
in order to reduce CPU load on the directory relays. Fixes bug
40301; bugfix on 0.3.5.1-alpha.
o Minor bugfixes (timekeeping):
- Calculate the time of day correctly on systems where the time_t
type includes leap seconds. (This is not the case on most
operating systems, but on those where it occurs, our tor_timegm
function did not correctly invert the system's gmtime function,
which could result in assertion failures when calculating voting
schedules.) Fixes bug 40383; bugfix on 0.2.0.3-alpha.
0.4.6.6
0.4.6.6
This tag was signed with the committer’s verified signature.
nolim1t
nolim1t - f6287b82CC84bcbd
Changes in version 0.4.6.6 - 2021-06-30
Tor 0.4.6.6 makes several small fixes on 0.4.6.5, including one that
allows Tor to build correctly on older versions of GCC. You should
upgrade to this version if you were having trouble building Tor
0.4.6.5; otherwise, there is probably no need.
o Minor bugfixes (compilation):
- Fix a compilation error when trying to build Tor with a compiler
that does not support const variables in static initializers.
Fixes bug 40410; bugfix on 0.4.6.5.
- Suppress a strict-prototype warning when building with some
versions of NSS. Fixes bug 40409; bugfix on 0.3.5.1-alpha.
o Minor bugfixes (testing):
- Enable the deterministic RNG for unit tests that covers the
address set bloomfilter-based API's. Fixes bug 40419; bugfix
on 0.3.3.2-alpha.
0.4.5.6 upstream
0.4.5.6
This tag was signed with the committer’s verified signature.
nolim1t
nolim1t - f6287b82CC84bcbd
6f43bd1
This commit was signed with the committer’s verified signature.
nolim1t
nolim1t - f6287b82CC84bcbd
Changes in version 0.4.5.6 - 2021-02-15
The Tor 0.4.5.x release series is dedicated to the memory of Karsten
Loesing (1979-2020), Tor developer, cypherpunk, husband, and father.
Karsten is best known for creating the Tor metrics portal and leading
the metrics team, but he was involved in Tor from the early days. For
example, while he was still a student he invented and implemented the
v2 onion service directory design, and he also served as an ambassador
to the many German researchers working in the anonymity field. We
loved him and respected him for his patience, his consistency, and his
welcoming approach to growing our community.
This release series introduces significant improvements in relay IPv6
address discovery, a new "MetricsPort" mechanism for relay operators
to measure performance, LTTng support, build system improvements to
help when using Tor as a static library, and significant bugfixes
related to Windows relay performance. It also includes numerous
smaller features and bugfixes.
Below are the changes since 0.4.4.4-rc. For a complete list of changes
since 0.4.4.7, see the ReleaseNotes file.
o Major bugfixes (IPv6, relay):
- Fix a bug that prevented a relay from publishing its descriptor if
an auto-discovered IPv6 that was found unreachable. Fixes bug
40279; bugfix on 0.4.5.1-alpha.
o Minor features (protocol versions):
- Stop claiming to support the "DirCache=1" subprotocol version.
Technically, we stopped supporting this subprotocol back in
0.4.5.1-alpha, but we needed to wait for the authorities to stop
listing it as "required" before we could drop it from the list.
Closes ticket 40221.
o Minor bugfixes (logging):
- Avoid a spurious log message about missing subprotocol versions,
when the consensus that we're reading from is older than the
current release. Previously we had made this message nonfatal, but
in practice, it is never relevant when the consensus is older than
the current release. Fixes bug 40281; bugfix on 0.4.0.1-alpha.
o Minor bugfixes (metrics port):
- Fix a bug warning when a metrics port socket was unexpectedly
closed. Fixes bug 40257; bugfix on 0.4.5.1-alpha
o Minor bugfixes (relay):
- Allow relays to have a RFC1918 address if PublishServerDescriptor
is set to 0 and AssumeReachable is set to 1. This is to support
the use case of a bridge on a local network, exposed via a
pluggable transport. Fixes bug 40208; bugfix on 0.4.5.1-alpha.
o Minor bugfixes (relay, config):
- Fix a problem in the removal of duplicate ORPorts from the
internal port list when loading the config file. We were removing
the wrong ports, breaking valid torrc uses cases for multiple
ORPorts of the same address family. Fixes bug 40289; bugfix
on 0.4.5.1-alpha.
0.4.4.7
0.4.4.7
This tag was signed with the committer’s verified signature.
nolim1t
nolim1t - f6287b82CC84bcbd
e566954
This commit was signed with the committer’s verified signature.
nolim1t
nolim1t - f6287b82CC84bcbd
Changes in version 0.4.4.7 - 2021-02-03
Tor 0.4.4.7 backports numerous bugfixes from later releases,
including one that made v3 onion services more susceptible to
denial-of-service attacks, and a feature that makes some kinds of
DoS attacks harder to perform.
o Major bugfixes (onion service v3, backport from 0.4.5.3-rc):
- Stop requiring a live consensus for v3 clients and services, and
allow a "reasonably live" consensus instead. This allows v3 onion
services to work even if the authorities fail to generate a
consensus for more than 2 hours in a row. Fixes bug 40237; bugfix
on 0.3.5.1-alpha.
o Major feature (exit, backport from 0.4.5.5-rc):
- Re-entry into the network is now denied at the Exit level to all
relays' ORPorts and authorities' ORPorts and DirPorts. This change
should help mitgate a set of denial-of-service attacks. Closes
ticket 2667.
o Minor feature (build system, backport from 0.4.5.4-rc):
- New "make lsp" command to generate the compile_commands.json file
used by the ccls language server. The "bear" program is needed for
this. Closes ticket 40227.
o Minor features (compilation, backport from 0.4.5.2-rc):
- Disable deprecation warnings when building with OpenSSL 3.0.0 or
later. There are a number of APIs newly deprecated in OpenSSL
3.0.0 that Tor still requires. (A later version of Tor will try to
stop depending on these APIs.) Closes ticket 40165.
o Minor features (crypto, backport from 0.4.5.3-rc):
- Fix undefined behavior on our Keccak library. The bug only
appeared on platforms with 32-byte CPU cache lines (e.g. armv5tel)
and would result in wrong digests. Fixes bug 40210; bugfix on
0.2.8.1-alpha. Thanks to Bernhard Übelacker, Arnd Bergmann and
weasel for diagnosing this.
o Minor bugfixes (compatibility, backport from 0.4.5.1-rc):
- Strip '\r' characters when reading text files on Unix platforms.
This should resolve an issue where a relay operator migrates a
relay from Windows to Unix, but does not change the line ending of
Tor's various state files to match the platform, and the CRLF line
endings from Windows end up leaking into other files such as the
extra-info document. Fixes bug 33781; bugfix on 0.0.9pre5.
o Minor bugfixes (compilation, backport from 0.4.5.3-rc):
- Fix a compilation warning about unreachable fallthrough
annotations when building with "--enable-all-bugs-are-fatal" on
some compilers. Fixes bug 40241; bugfix on 0.3.5.4-alpha.
o Minor bugfixes (SOCKS5, backport from 0.4.5.3-rc):
- Handle partial SOCKS5 messages correctly. Previously, our code
would send an incorrect error message if it got a SOCKS5 request
that wasn't complete. Fixes bug 40190; bugfix on 0.3.5.1-alpha.
o Minor bugfixes (testing, backport from 0.4.5.2-alpha):
- Fix the `config/parse_tcp_proxy_line` test so that it works
correctly on systems where the DNS provider hijacks invalid
queries. Fixes part of bug 40179; bugfix on 0.4.3.1-alpha.
- Fix our Python reference-implementation for the v3 onion service
handshake so that it works correctly with the version of hashlib
provided by Python 3.9. Fixes part of bug 40179; bugfix
on 0.3.1.6-rc.
- Fix the `tortls/openssl/log_one_error` test to work with OpenSSL
3.0.0. Fixes bug 40170; bugfix on 0.2.8.1-alpha.
0.4.5.5 Release Candidate
0.4.5.5-rc
This tag was signed with the committer’s verified signature.
nolim1t
nolim1t - f6287b82CC84bcbd
43117c7
This commit was signed with the committer’s verified signature.
nolim1t
nolim1t - f6287b82CC84bcbd
This follows 0.4.5.5
Changes in version 0.4.5.5-rc - 2021-02-01
Tor 0.4.5.5-rc is the third release candidate in its series. We're
coming closer and closer to a stable release series. This release
fixes an annoyance with address detection code, and somewhat mitigates
an ongoing denial-of-service attack.
We anticipate no more code changes between this and the stable
release, though of course that could change.
o Major feature (exit):
- Re-entry into the network is now denied at the Exit level to all
relays' ORPorts and authorities' ORPorts and DirPorts. This change
should help mitgate a set of denial-of-service attacks. Closes
ticket 2667.
o Minor bugfixes (relay, configuration):
- Don't attempt to discover our address (IPv4 or IPv6) if no ORPort
for it can be found in the configuration. Fixes bug 40254; bugfix
on 0.4.5.1-alpha.