Fwd: [tor-talk] Tor 0.2.8.1-alpha is released.
coderman
coderman@gmail.com
Thu Feb 4 17:44:29 PST 2016
good stuff in:
Major features (security, Linux), and Major features (directory system),
for those in challenging environments...
:P
best regards,
> ---------- Forwarded message ----------
> From: Nick Mathewson <nickm@torproject.org>
> Date: Thu, 4 Feb 2016 18:24:03 -0500
> Subject: [tor-talk] Tor 0.2.8.1-alpha is released.
>
> Tor 0.2.8.1-alpha is the first alpha release in its series. It
> includes numerous small features and bugfixes against previous Tor
> versions, and numerous small infrastructure improvements. The most
> notable features are a set of improvements to the directory subsystem.
>
> You can download the source from the usual place on the website.
> Packages should be available over the next several days.
>
> PLEASE NOTE: This is an alpha release. Expect a lot of bugs. Only
> run this release if you're willing to find bugs and report them. :)
>
> Changes in version 0.2.8.1-alpha - 2016-02-04
> Tor 0.2.8.1-alpha is the first alpha release in its series. It
> includes numerous small features and bugfixes against previous Tor
> versions, and numerous small infrastructure improvements. The most
> notable features are a set of improvements to the directory subsystem.
>
> o Major features (security, Linux):
> - When Tor starts as root on Linux and is told to switch user ID, it
> can now retain the capability to bind to low ports. By default,
> Tor will do this only when it's switching user ID and some low
> ports have been configured. You can change this behavior with the
> new option KeepBindCapabilities. Closes ticket 8195.
>
> o Major features (directory system):
> - When bootstrapping multiple consensus downloads at a time, use the
> first one that starts downloading, and close the rest. This
> reduces failures when authorities or fallback directories are slow
> or down. Together with the code for feature 15775, this feature
> should reduces failures due to fallback churn. Implements ticket
> 4483. Patch by "teor". Implements IPv4 portions of proposal 210 by
> "mikeperry" and "teor".
> - Include a trial list of default fallback directories, based on an
> opt-in survey of suitable relays. Doing this should make clients
> bootstrap more quickly and reliably, and reduce the load on the
> directory authorities. Closes ticket 15775. Patch by "teor".
> Candidates identified using an OnionOO script by "weasel", "teor",
> "gsathya", and "karsten".
> - Previously only relays that explicitly opened a directory port
> (DirPort) accepted directory requests from clients. Now all
> relays, with and without a DirPort, accept and serve tunneled
> directory requests that they receive through their ORPort. You can
> disable this behavior using the new DirCache option. Closes
> ticket 12538.
>
> o Major key updates:
> - Update the V3 identity key for the dannenberg directory authority:
> it was changed on 18 November 2015. Closes task 17906. Patch
> by "teor".
>
> o Minor features (security, clock):
> - Warn when the system clock appears to move back in time (when the
> state file was last written in the future). Tor doesn't know that
> consensuses have expired if the clock is in the past. Patch by
> "teor". Implements ticket 17188.
>
> o Minor features (security, exit policies):
> - ExitPolicyRejectPrivate now rejects more private addresses by
> default. Specifically, it now rejects the relay's outbound bind
> addresses (if configured), and the relay's configured port
> addresses (such as ORPort and DirPort). Fixes bug 17027; bugfix on
> 0.2.0.11-alpha. Patch by "teor".
>
> o Minor features (security, memory erasure):
> - Set the unused entries in a smartlist to NULL. This helped catch
> a (harmless) bug, and shouldn't affect performance too much.
> Implements ticket 17026.
> - Use SecureMemoryWipe() function to securely clean memory on
> Windows. Previously we'd use OpenSSL's OPENSSL_cleanse() function.
> Implements feature 17986.
> - Use explicit_bzero or memset_s when present. Previously, we'd use
> OpenSSL's OPENSSL_cleanse() function. Closes ticket 7419; patches
> from <logan@hackers.mu> and <selven@hackers.mu>.
> - Make memwipe() do nothing when passed a NULL pointer or buffer of
> zero size. Check size argument to memwipe() for underflow. Fixes
> bug 18089; bugfix on 0.2.3.25 and 0.2.4.6-alpha. Reported by "gk",
> patch by "teor".
>
> o Minor features (security, RNG):
> - Adjust Tor's use of OpenSSL's RNG APIs so that they absolutely,
> positively are not allowed to fail. Previously we depended on
> internal details of OpenSSL's behavior. Closes ticket 17686.
> - Never use the system entropy output directly for anything besides
> seeding the PRNG. When we want to generate important keys, instead
> of using system entropy directly, we now hash it with the PRNG
> stream. This may help resist certain attacks based on broken OS
> entropy implementations. Closes part of ticket 17694.
> - Use modern system calls (like getentropy() or getrandom()) to
> generate strong entropy on platforms that have them. Closes
> ticket 13696.
>
> o Minor features (accounting):
> - Added two modes to the AccountingRule option: One for limiting
> only the number of bytes sent ("AccountingRule out"), and one for
> limiting only the number of bytes received ("AccountingRule in").
> Closes ticket 15989; patch from "unixninja92".
>
> o Minor features (build):
> - Since our build process now uses "make distcheck", we no longer
> force "make dist" to depend on "make check". Closes ticket 17893;
> patch from "cypherpunks."
> - Tor now builds successfully with the recent OpenSSL 1.1
> development branch, and with the latest LibreSSL. Closes tickets
> 17549, 17921, and 17984.
>
> o Minor features (controller):
> - Adds the FallbackDir entries to 'GETINFO config/defaults'. Closes
> tickets 16774 and 17817. Patch by George Tankersley.
> - New 'GETINFO hs/service/desc/id/' command to retrieve a hidden
> service descriptor from a service's local hidden service
> descriptor cache. Closes ticket 14846.
> - Add 'GETINFO exit-policy/reject-private/[default,relay]', so
> controllers can examine the the reject rules added by
> ExitPolicyRejectPrivate. This makes it easier for stem to display
> exit policies.
>
> o Minor features (crypto):
> - Add SHA512 support to crypto.c. Closes ticket 17663; patch from
> George Tankersley.
> - Add SHA3 and SHAKE support to crypto.c. Closes ticket 17783.
> - When allocating a digest state object, allocate no more space than
> we actually need. Previously, we would allocate as much space as
> the state for the largest algorithm would need. This change saves
> up to 672 bytes per circuit. Closes ticket 17796.
> - Improve performance when hashing non-multiple of 8 sized buffers,
> based on Andrew Moon's public domain SipHash-2-4 implementation.
> Fixes bug 17544; bugfix on 0.2.5.3-alpha.
>
> o Minor features (directory downloads):
> - Wait for busy authorities and fallback directories to become non-
> busy when bootstrapping. (A similar change was made in 6c443e987d
> for directory caches chosen from the consensus.) Closes ticket
> 17864; patch by "teor".
> - Add UseDefaultFallbackDirs, which enables any hard-coded fallback
> directory mirrors. The default is 1; set it to 0 to disable
> fallbacks. Implements ticket 17576. Patch by "teor".
>
> o Minor features (geoip):
> - Update geoip and geoip6 to the January 5 2016 Maxmind GeoLite2
> Country database.
>
> o Minor features (IPv6):
> - Add an argument 'ipv6=address:orport' to the DirAuthority and
> FallbackDir torrc options, to specify an IPv6 address for an
> authority or fallback directory. Add hard-coded ipv6 addresses for
> directory authorities that have them. Closes ticket 17327; patch
> from Nick Mathewson and "teor".
> - Add address policy assume_action support for IPv6 addresses.
> - Limit IPv6 mask bits to 128.
> - Warn when comparing against an AF_UNSPEC address in a policy, it's
> almost always a bug. Closes ticket 17863; patch by "teor".
> - Allow users to configure directory authorities and fallback
> directory servers with IPv6 addresses and ORPorts. Resolves
> ticket 6027.
> - routerset_parse now accepts IPv6 literal addresses. Fixes bug
> 17060; bugfix on 0.2.1.3-alpha. Patch by "teor".
> - Make tor_ersatz_socketpair work on IPv6-only systems. Fixes bug
> 17638; bugfix on 0.0.2pre8. Patch by "teor".
>
> o Minor features (logging):
> - When logging to syslog, allow a tag to be added to the syslog
> identity (the string prepended to every log message). The tag can
> be configured with SyslogIdentityTag and defaults to none. Setting
> it to "foo" will cause logs to be tagged as "Tor-foo". Closes
> ticket 17194.
>
> o Minor features (portability):
> - Use timingsafe_memcmp() where available. Closes ticket 17944;
> patch from <logan@hackers.mu>.
>
> o Minor features (relay, address discovery):
> - Add a family argument to get_interface_addresses_raw() and
> subfunctions to make network interface address interogation more
> efficient. Now Tor can specifically ask for IPv4, IPv6 or both
> types of interfaces from the operating system. Resolves
> ticket 17950.
> - When get_interface_address6_list(.,AF_UNSPEC,.) is called and
> fails to enumerate interface addresses using the platform-specific
> API, have it rely on the UDP socket fallback technique to try and
> find out what IP addresses (both IPv4 and IPv6) our machine has.
> Resolves ticket 17951.
>
> o Minor features (replay cache):
> - The replay cache now uses SHA256 instead of SHA1. Implements
> feature 8961. Patch by "teor", issue reported by "rransom".
>
> o Minor features (unix file permissions):
> - Defer creation of Unix sockets until after setuid. This avoids
> needing CAP_CHOWN and CAP_FOWNER when using systemd's
> CapabilityBoundingSet, or chown and fowner when using SELinux.
> Implements part of ticket 17562. Patch from Jamie Nguyen.
> - If any directory created by Tor is marked as group readable, the
> filesystem group is allowed to be either the default GID or the
> root user. Allowing root to read the DataDirectory prevents the
> need for CAP_READ_SEARCH when using systemd's
> CapabilityBoundingSet, or dac_read_search when using SELinux.
> Implements part of ticket 17562. Patch from Jamie Nguyen.
> - Introduce a new DataDirectoryGroupReadable option. If it is set to
> 1, the DataDirectory will be made readable by the default GID.
> Implements part of ticket 17562. Patch from Jamie Nguyen.
>
> o Minor bugfixes (accounting):
> - The max bandwidth when using 'AccountRule sum' is now correctly
> logged. Fixes bug 18024; bugfix on 0.2.6.1-alpha. Patch
> from "unixninja92".
>
> o Minor bugfixes (code correctness):
> - When closing an entry connection, generate a warning if we should
> have sent an end cell for it but we haven't. Fixes bug 17876;
> bugfix on 0.2.3.2-alpha.
> - Assert that allocated memory held by the reputation code is freed
> according to its internal counters. Fixes bug 17753; bugfix
> on tor-0.1.1.1-alpha.
> - Assert when the TLS contexts fail to initialize. Fixes bug 17683;
> bugfix on 0.0.6.
>
> o Minor bugfixes (compilation):
> - Mark all object files that include micro-revision.i as depending
> on it, so as to make parallel builds more reliable. Fixes bug
> 17826; bugfix on 0.2.5.1-alpha.
> - Don't try to use the pthread_condattr_setclock() function unless
> it actually exists. Fixes compilation on NetBSD-6.x. Fixes bug
> 17819; bugfix on 0.2.6.3-alpha.
> - Fix backtrace compilation on FreeBSD. Fixes bug 17827; bugfix
> on tor-0.2.5.2-alpha.
> - Fix compilation of sandbox.c with musl-libc. Fixes bug 17347;
> bugfix on 0.2.5.1-alpha. Patch from 'jamestk'.
> - Fix search for libevent libraries on OpenBSD (and other systems
> that install libevent 1 and libevent 2 in parallel). Fixes bug
> 16651; bugfix on 0.1.0.7-rc. Patch from "rubiate".
> - Isolate environment variables meant for tests from the rest of the
> build system. Fixes bug 17818; bugfix on tor-0.2.7.3-rc.
> - Replace usage of 'INLINE' with 'inline'. Fixes bug 17804; bugfix
> on tor-0.0.2pre8.
> - Remove config.log only from make distclean, not from make clean.
> Fixes bug 17924; bugfix on 0.2.4.1-alpha.
>
> o Minor bugfixes (crypto):
> - Check the return value of HMAC() and assert on failure. Fixes bug
> 17658; bugfix on 0.2.3.6-alpha. Patch by "teor".
>
> o Minor bugfixes (fallback directories):
> - Mark fallbacks as "too busy" when they return a 503 response,
> rather than just marking authorities. Fixes bug 17572; bugfix on
> 0.2.4.7-alpha. Patch by "teor".
>
> o Minor bugfixes (IPv6):
> - Update the limits in max_dl_per_request for IPv6 address length.
> Fixes bug 17573; bugfix on 0.2.1.5-alpha.
>
> o Minor bugfixes (linux seccomp2 sandbox):
> - Fix a crash when using offline master ed25519 keys with the Linux
> seccomp2 sandbox enabled. Fixes bug 17675; bugfix on 0.2.7.3-alpha.
>
> o Minor bugfixes (logging):
> - In log messages that include a function name, use __FUNCTION__
> instead of __PRETTY_FUNCTION__. In GCC, these are synonymous, but
> with clang __PRETTY_FUNCTION__ has extra information we don't
> need. Fixes bug 16563; bugfix on 0.0.2pre8. Fix by Tom van
> der Woerdt.
> - Remove needless quotes from a log message about unparseable
> addresses. Fixes bug 17843; bugfix on 0.2.3.3-alpha.
>
> o Minor bugfixes (portability):
> - Remove an #endif from configure.ac so that we correctly detect the
> presence of in6_addr.s6_addr32. Fixes bug 17923; bugfix
> on 0.2.0.13-alpha.
>
> o Minor bugfixes (relays):
> - Check that both the ORPort and DirPort (if present) are reachable
> before publishing a relay descriptor. Otherwise, relays publish a
> descriptor with DirPort 0 when the DirPort reachability test takes
> longer than the ORPort reachability test. Fixes bug 18050; bugfix
> on 0.1.0.1-rc. Reported by "starlight", patch by "teor".
>
> o Minor bugfixes (relays, hidden services):
> - Refuse connection requests to private OR addresses unless
> ExtendAllowPrivateAddresses is set. Previously, tor would connect,
> then refuse to send any cells to a private address. Fixes bugs
> 17674 and 8976; bugfix on 0.2.3.21-rc. Patch by "teor".
>
> o Minor bugfixes (safe logging):
> - When logging a malformed hostname received through socks4, scrub
> it if SafeLogging says we should. Fixes bug 17419; bugfix
> on 0.1.1.16-rc.
>
> o Minor bugfixes (statistics code):
> - Consistently check for overflow in round_*_to_next_multiple_of
> functions, and add unit tests with additional and maximal values.
> Fixes part of bug 13192; bugfix on 0.2.2.1-alpha.
> - Handle edge cases in the laplace functions: avoid division by
> zero, avoid taking the log of zero, and silence clang type
> conversion warnings using round and trunc. Add unit tests for edge
> cases with maximal values. Fixes part of bug 13192; bugfix
> on 0.2.6.2-alpha.
>
> o Minor bugfixes (testing):
> - The test for log_heartbeat was incorrectly failing in timezones
> with non-integer offsets. Instead of comparing the end of the time
> string against a constant, compare it to the output of
> format_local_iso_time when given the correct input. Fixes bug
> 18039; bugfix on 0.2.5.4-alpha.
> - Make unit tests pass on IPv6-only systems, and systems without
> localhost addresses (like some FreeBSD jails). Fixes bug 17632;
> bugfix on 0.2.7.3-rc. Patch by "teor".
> - Fix a memory leak in the ntor test. Fixes bug 17778; bugfix
> on 0.2.4.8-alpha.
> - Check the full results of SHA256 and SHA512 digests in the unit
> tests. Bugfix on 0.2.2.4-alpha. Patch by "teor".
>
> o Code simplification and refactoring:
> - Move logging of redundant policy entries in
> policies_parse_exit_policy_internal into its own function. Closes
> ticket 17608; patch from "juce".
> - Extract the more complicated parts of circuit_mark_for_close()
> into a new function that we run periodically before circuits are
> freed. This change removes more than half of the functions
> currently in the "blob". Closes ticket 17218.
> - Clean up a little duplicated code in
> crypto_expand_key_material_TAP(). Closes ticket 17587; patch
> from "pfrankw".
> - Decouple the list of streams waiting to be attached to circuits
> from the overall connection list. This change makes it possible to
> attach streams quickly while simplifying Tor's callgraph and
> avoiding O(N) scans of the entire connection list. Closes
> ticket 17590.
> - When a direct directory request fails immediately on launch,
> instead of relaunching that request from inside the code that
> launches it, instead mark the connection for teardown. This change
> simplifies Tor's callback and prevents the directory-request
> launching code from invoking itself recursively. Closes
> ticket 17589
> - Remove code for configuring OpenSSL dynamic locks; OpenSSL doesn't
> use them. Closes ticket 17926.
>
> o Documentation:
> - Add a description of the correct use of the '--keygen' command-
> line option. Closes ticket 17583; based on text by 's7r'.
> - Document the minimum HeartbeatPeriod value. Closes ticket 15638.
> - Explain actual minima for BandwidthRate. Closes ticket 16382.
> - Fix a minor formatting typo in the manpage. Closes ticket 17791.
> - Mention torspec URL in the manpage and point the reader to it
> whenever we mention a document that belongs in torspce. Fixes
> issue 17392.
>
> o Removed features:
> - Remove client-side support for connecting to Tor relays running
> versions of Tor before 0.2.3.6-alpha. These relays didn't support
> the v3 TLS handshake protocol, and are no longer allowed on the
> Tor network. Implements the client side of ticket 11150. Based on
> patches by Tom van der Woerdt.
>
> o Testing:
> - Add unit tests to check for common RNG failure modes, such as
> returning all zeroes, identical values, or incrementing values
> (OpenSSL's rand_predictable feature). Patch by "teor".
> - Log more information when the backtrace tests fail. Closes ticket
> 17892. Patch from "cypherpunks."
> - Always test both ed25519 backends, so that we can be sure that our
> batch-open replacement code works. Part of ticket 16794.
> - Cover dns_resolve_impl() in dns.c with unit tests. Implements a
> portion of ticket 16831.
> - More unit tests for compat_libevent.c, procmon.c, tortls.c,
> util_format.c, directory.c, and options_validate.c. Closes tickets
> 17075, 17082, 17084, 17003, and 17076 respectively. Patches from
> Ola Bini.
> - Unit tests for directory_handle_command_get. Closes ticket 17004.
> Patch from Reinaldo de Souza Jr.
>
More information about the cypherpunks
mailing list