[tor-commits] [tor/release-0.4.3] Copy 0.4.3.7 changelog to releasenotes
nickm at torproject.org
nickm at torproject.org
Thu Nov 12 12:37:44 UTC 2020
commit 26465179fa13b3127cc127d9a598a4b3da524133
Author: Nick Mathewson <nickm at torproject.org>
Date: Thu Nov 12 07:35:53 2020 -0500
Copy 0.4.3.7 changelog to releasenotes
---
ReleaseNotes | 115 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 115 insertions(+)
diff --git a/ReleaseNotes b/ReleaseNotes
index 116c70778f..bba0cab481 100644
--- a/ReleaseNotes
+++ b/ReleaseNotes
@@ -2,6 +2,121 @@ This document summarizes new features and bugfixes in each stable
release of Tor. If you want to see more detailed descriptions of the
changes in each development snapshot, see the ChangeLog file.
+Changes in version 0.4.3.7 - 2020-11-12
+ Tor 0.4.3.7 backports several bugfixes from later releases. It
+ includes a fix for TROVE-2020-005, a security issue that could be
+ used, under certain cases, by an adversary to observe traffic patterns
+ on a limited number of circuits intended for a different relay.
+
+ Please be aware that support for the 0.4.3.x series will end on 15
+ January 2020. Please upgrade to 0.4.4.x or 0.4.5.x before then, or
+ downgrade to 0.3.5.x, which will be supported until at least 1
+ February 2022.
+
+ o Major features (fallback directory list, backport form 0.4.4.3-alpha):
+ - Replace the 148 fallback directories originally included in Tor
+ 0.4.1.4-rc (of which around 105 are still functional) with a list
+ of 144 fallbacks generated in July 2020. Closes ticket 40061.
+
+ o Major bugfixes (security, backport from 0.4.5.1-alpha):
+ - When completing a channel, relays now check more thoroughly to
+ make sure that it matches any pending circuits before attaching
+ those circuits. Previously, address correctness and Ed25519
+ identities were not checked in this case, but only when extending
+ circuits on an existing channel. Fixes bug 40080; bugfix on
+ 0.2.7.2-alpha. Resolves TROVE-2020-005.
+
+ o Major bugfixes (NSS, backport from 0.4.4.3-alpha):
+ - When running with NSS enabled, make sure that NSS knows to expect
+ nonblocking sockets. Previously, we set our TCP sockets as
+ nonblocking, but did not tell NSS, which in turn could lead to
+ unexpected blocking behavior. Fixes bug 40035; bugfix
+ on 0.3.5.1-alpha.
+
+ o Minor features (security, backport from 0.4.4.4-rc):
+ - Channels using obsolete versions of the Tor link protocol are no
+ longer allowed to circumvent address-canonicity checks. (This is
+ only a minor issue, since such channels have no way to set ed25519
+ keys, and therefore should always be rejected for circuits that
+ specify ed25519 identities.) Closes ticket 40081.
+
+ o Minor features (subprotocol versions, backport from 0.4.5.1-alpha):
+ - Tor no longer allows subprotocol versions larger than 63.
+ Previously version numbers up to UINT32_MAX were allowed, which
+ significantly complicated our code. Implements proposal 318;
+ closes ticket 40133.
+
+ o Minor features (tests, backport from 0.4.4.5):
+ - Our "make check" target now runs the unit tests in 8 parallel
+ chunks. Doing this speeds up hardened CI builds by more than a
+ factor of two. Closes ticket 40098.
+
+ o Minor features (tests, v2 onion services, backport from 0.4.5.1-alpha):
+ - Fix a rendezvous cache unit test that was triggering an underflow
+ on the global rend cache allocation. Fixes bug 40125; bugfix
+ on 0.2.8.1-alpha.
+ - Fix another rendezvous cache unit test that was triggering an
+ underflow on the global rend cache allocation. Fixes bug 40126;
+ bugfix on 0.2.8.1-alpha.
+
+ o Minor bugfixes (correctness, buffers, backport from 0.4.4.4-rc):
+ - Fix a correctness bug that could cause an assertion failure if we
+ ever tried using the buf_move_all() function with an empty input
+ buffer. As far as we know, no released versions of Tor do this.
+ Fixes bug 40076; bugfix on 0.3.3.1-alpha.
+
+ o Minor bugfixes (logging, backport from 0.4.5.1-alpha):
+ - Remove a debug logging statement that uselessly spammed the logs.
+ Fixes bug 40135; bugfix on 0.3.5.0-alpha.
+
+ o Minor bugfixes (rate limiting, bridges, pluggable transports, backport from 0.4.4.4-rc):
+ - On a bridge, treat all connections from an ExtORPort as remote by
+ default for the purposes of rate-limiting. Previously, bridges
+ would treat the connection as local unless they explicitly
+ received a "USERADDR" command. ExtORPort connections still count
+ as local if there is a USERADDR command with an explicit local
+ address. Fixes bug 33747; bugfix on 0.2.5.1-alpha.
+
+ o Minor bugfixes (relay configuration, crash, backport from 0.4.5.1-alpha):
+ - Avoid a fatal assert() when failing to create a listener
+ connection for an address that was in use. Fixes bug 40073; bugfix
+ on 0.3.5.1-alpha.
+
+ o Minor bugfixes (relay, usability, backport from 0.4.4.3-alpha):
+ - Adjust the rules for when to warn about having too many
+ connections to other relays. Previously we'd tolerate up to 1.5
+ connections per relay on average. Now we tolerate more connections
+ for directory authorities, and raise the number of total
+ connections we need to see before we warn. Fixes bug 33880; bugfix
+ on 0.3.1.1-alpha.
+
+ o Minor bugfixes (tests, 0.4.4.5):
+ - Fix the behavior of the rend_cache/clean_v2_descs_as_dir when run
+ on its own. Previously, it would exit with an error. Fixes bug
+ 40099; bugfix on 0.2.8.1-alpha.
+
+ o Minor bugfixes (v2 onion services, backport from 0.4.5.1-alpha):
+ - For HSFETCH commands on v2 onion services addresses, check the
+ length of bytes decoded, not the base32 length. Fixes bug 34400;
+ bugfix on 0.4.1.1-alpha. Patch by Neel Chauhan.
+
+ o Minor bugfixes (windows, backport from 0.4.4.4-rc):
+ - Fix a bug that prevented Tor from starting if its log file grew
+ above 2GB. Fixes bug 31036; bugfix on 0.2.1.8-alpha.
+
+ o Deprecated features (onion service v2, backport form 0.4.4.2-alpha):
+ - Add a deprecation warning for version 2 onion services. Closes
+ ticket 40003.
+
+ o Removed features (backport from 0.4.4.3-alpha):
+ - Our "check-local" test target no longer tries to use the
+ Coccinelle semantic patching tool parse all the C files. While it
+ is a good idea to try to make sure Coccinelle works on our C
+ before we run a Coccinelle patch, doing so on every test run has
+ proven to be disruptive. You can still run this tool manually with
+ "make check-cocci". Closes ticket 40030. ticket 40030.
+
+
Changes in version 0.4.3.6 - 2020-07-09
Tor 0.4.3.6 backports several bugfixes from later releases, including
some affecting usability.
More information about the tor-commits
mailing list