Congratulations to all participants. It looks fantastic.
On Wed, Oct 2, 2013 at 12:25 PM, Roger Dingledine <a...@mit.edu> wrote: > Tor 0.2.5.1-alpha introduces experimental support for syscall sandboxing > on Linux, allows bridges that offer pluggable transports to report usage > statistics, fixes many issues to make testing easier, and provides > a pile of minor features and bugfixes that have been waiting for a > release of the new branch. > > This is the first alpha release in a new series, so expect there to > be bugs. Users who would rather test out a more stable branch should > stay with 0.2.4.x for now. > > I'm going to leave the download pages listing 0.2.3.x and 0.2.4.x, > so we don't have the confusion of three branches at once. I'm also not > sure yet how the packaging people plan to handle three branches. > > https://www.torproject.org/dist/ > > Changes in version 0.2.5.1-alpha - 2013-10-02 > o Major features (security): > - Use the seccomp2 syscall filtering facility on Linux to limit > which system calls Tor can invoke. This is an experimental, > Linux-only feature to provide defense-in-depth against unknown > attacks. To try turning it on, set "Sandbox 1" in your torrc > file. Please be ready to report bugs. We hope to add support > for better sandboxing in the future, including more fine-grained > filters, better division of responsibility, and support for more > platforms. This work has been done by Cristian-Matei Toader for > Google Summer of Code. > - Re-enable TLS 1.1 and 1.2 when built with OpenSSL 1.0.1e or later. > Resolves ticket 6055. (OpenSSL before 1.0.1 didn't have TLS 1.1 or > 1.2, and OpenSSL from 1.0.1 through 1.0.1d had bugs that prevented > renegotiation from working with TLS 1.1 or 1.2, so we had disabled > them to solve bug 6033.) > > o Major features (other): > - Add support for passing arguments to managed pluggable transport > proxies. Implements ticket 3594. > - Bridges now track GeoIP information and the number of their users > even when pluggable transports are in use, and report usage > statistics in their extra-info descriptors. Resolves tickets 4773 > and 5040. > - Make testing Tor networks bootstrap better: lower directory fetch > retry schedules and maximum interval without directory requests, > and raise maximum download tries. Implements ticket 6752. > - Add make target 'test-network' to run tests on a Chutney network. > Implements ticket 8530. > - The ntor handshake is now on-by-default, no matter what the > directory authorities recommend. Implements ticket 8561. > > o Major bugfixes: > - Instead of writing destroy cells directly to outgoing connection > buffers, queue them and intersperse them with other outgoing cells. > This can prevent a set of resource starvation conditions where too > many pending destroy cells prevent data cells from actually getting > delivered. Reported by "oftc_must_be_destroyed". Fixes bug 7912; > bugfix on 0.2.0.1-alpha. > - If we are unable to save a microdescriptor to the journal, do not > drop it from memory and then reattempt downloading it. Fixes bug > 9645; bugfix on 0.2.2.6-alpha. > - The new channel code sometimes lost track of in-progress circuits, > causing long-running clients to stop building new circuits. The > fix is to always call circuit_n_chan_done(chan, 0) from > channel_closed(). Fixes bug 9776; bugfix on 0.2.4.17-rc. > > o Build features: > - Tor now builds each source file in two modes: a mode that avoids > exposing identifiers needlessly, and another mode that exposes > more identifiers for testing. This lets the compiler do better at > optimizing the production code, while enabling us to take more > radical measures to let the unit tests test things. > - The production builds no longer include functions used only in > the unit tests; all functions exposed from a module only for > unit-testing are now static in production builds. > - Add an --enable-coverage configuration option to make the unit > tests (and a new src/or/tor-cov target) to build with gcov test > coverage support. > > o Testing: > - We now have rudimentary function mocking support that our unit > tests can use to test functions in isolation. Function mocking > lets the tests temporarily replace a function's dependencies with > stub functions, so that the tests can check the function without > invoking the other functions it calls. > - Add more unit tests for the <circid,channel>->circuit map, and > the destroy-cell-tracking code to fix bug 7912. > - Unit tests for failing cases of the TAP onion handshake. > - More unit tests for address-manipulation functions. > > o Minor features (protecting client timestamps): > - Clients no longer send timestamps in their NETINFO cells. These were > not used for anything, and they provided one small way for clients > to be distinguished from each other as they moved from network to > network or behind NAT. Implements part of proposal 222. > - Clients now round timestamps in INTRODUCE cells down to the nearest > 10 minutes. If a new Support022HiddenServices option is set to 0, or > if it's set to "auto" and the feature is disabled in the consensus, > the timestamp is sent as 0 instead. Implements part of proposal 222. > - Stop sending timestamps in AUTHENTICATE cells. This is not such > a big deal from a security point of view, but it achieves no actual > good purpose, and isn't needed. Implements part of proposal 222. > - Reduce down accuracy of timestamps in hidden service descriptors. > Implements part of proposal 222. > > o Minor features (config options): > - Config (torrc) lines now handle fingerprints which are missing > their initial '$'. Resolves ticket 4341; improvement over 0.0.9pre5. > - Support a --dump-config option to print some or all of the > configured options. Mainly useful for debugging the command-line > option parsing code. Helps resolve ticket 4647. > - Raise awareness of safer logging: notify user of potentially > unsafe config options, like logging more verbosely than severity > "notice" or setting SafeLogging to 0. Resolves ticket 5584. > - Add a new configuration option TestingV3AuthVotingStartOffset > that bootstraps a network faster by changing the timing for > consensus votes. Addresses ticket 8532. > - Add a new torrc option "ServerTransportOptions" that allows > bridge operators to pass configuration parameters to their > pluggable transports. Resolves ticket 8929. > - The config (torrc) file now accepts bandwidth and space limits in > bits as well as bytes. (Anywhere that you can say "2 Kilobytes", > you can now say "16 kilobits", and so on.) Resolves ticket 9214. > Patch by CharlieB. > > o Minor features (build): > - Add support for `--library-versions` flag. Implements ticket 6384. > - Return the "unexpected sendme" warnings to a warn severity, but make > them rate limited, to help diagnose ticket 8093. > - Detect a missing asciidoc, and warn the user about it, during > configure rather than at build time. Fixes issue 6506. Patch from > Arlo Breault. > > o Minor features (other): > - Use the SOCK_NONBLOCK socket type, if supported, to open nonblocking > sockets in a single system call. Implements ticket 5129. > - Log current accounting state (bytes sent and received + remaining > time for the current accounting period) in the relay's heartbeat > message. Implements ticket 5526; patch from Peter Retzlaff. > - Implement the TRANSPORT_LAUNCHED control port event that > notifies controllers about new launched pluggable > transports. Resolves ticket 5609. > - If we're using the pure-C 32-bit curve25519_donna implementation > of curve25519, build it with the -fomit-frame-pointer option to > make it go faster on register-starved hosts. This improves our > handshake performance by about 6% on i386 hosts without nacl. > Closes ticket 8109. > - Update to the September 4 2013 Maxmind GeoLite Country database. > > o Minor bugfixes: > - Set the listen() backlog limit to the largest actually supported > on the system, not to the value in a header file. Fixes bug 9716; > bugfix on every released Tor. > - No longer accept malformed http headers when parsing urls from > headers. Now we reply with Bad Request ("400"). Fixes bug 2767; > bugfix on 0.0.6pre1. > - In munge_extrainfo_into_routerinfo(), check the return value of > memchr(). This would have been a serious issue if we ever passed > it a non-extrainfo. Fixes bug 8791; bugfix on 0.2.0.6-alpha. Patch > from Arlo Breault. > - On the chance that somebody manages to build Tor on a > platform where time_t is unsigned, correct the way that > microdesc_add_to_cache() handles negative time arguments. > Fixes bug 8042; bugfix on 0.2.3.1-alpha. > - Reject relative control socket paths and emit a warning. Previously, > single-component control socket paths would be rejected, but Tor > would not log why it could not validate the config. Fixes bug 9258; > bugfix on 0.2.3.16-alpha. > > o Minor bugfixes (command line): > - Use a single command-line parser for parsing torrc options on the > command line and for finding special command-line options to avoid > inconsistent behavior for torrc option arguments that have the same > names as command-line options. Fixes bugs 4647 and 9578; bugfix on > 0.0.9pre5. > - No longer allow 'tor --hash-password' with no arguments. Fixes bug > 9573; bugfix on 0.0.9pre5. > > o Minor fixes (build, auxiliary programs): > - Stop preprocessing the "torify" script with autoconf, since > it no longer refers to LOCALSTATEDIR. Fixes bug 5505; patch > from Guilhem. > - The tor-fw-helper program now follows the standard convention and > exits with status code "0" on success. Fixes bug 9030; bugfix on > 0.2.3.1-alpha. Patch by Arlo Breault. > - Corrected ./configure advice for what openssl dev package you should > install on Debian. Fixes bug 9207; bugfix on 0.2.0.1-alpha. > > o Minor code improvements: > - Remove constants and tests for PKCS1 padding; it's insecure and > shouldn't be used for anything new. Fixes bug 8792; patch > from Arlo Breault. > - Remove instances of strcpy() from the unit tests. They weren't > hurting anything, since they were only in the unit tests, but it's > embarassing to have strcpy() in the code at all, and some analysis > tools don't like it. Fixes bug 8790; bugfix on 0.2.3.6-alpha and > 0.2.3.8-alpha. Patch from Arlo Breault. > > o Removed features: > - Remove migration code from when we renamed the "cached-routers" > file to "cached-descriptors" back in 0.2.0.8-alpha. This > incidentally resolves ticket 6502 by cleaning up the related code > a bit. Patch from Akshay Hebbar. > > o Code simplification and refactoring: > - Extract the common duplicated code for creating a subdirectory > of the data directory and writing to a file in it. Fixes ticket > 4282; patch from Peter Retzlaff. > - Since OpenSSL 0.9.7, the i2d_*() functions support allocating output > buffer. Avoid calling twice: i2d_RSAPublicKey(), i2d_DHparams(), > i2d_X509(), and i2d_PublicKey(). Resolves ticket 5170. > - Add a set of accessor functions for the circuit timeout data > structure. Fixes ticket 6153; patch from "piet". > - Clean up exit paths from connection_listener_new(). Closes ticket > 8789. Patch from Arlo Breault. > - Since we rely on OpenSSL 0.9.8 now, we can use EVP_PKEY_cmp() > and drop our own custom pkey_eq() implementation. Fixes bug 9043. > - Use a doubly-linked list to implement the global circuit list. > Resolves ticket 9108. Patch from Marek Majkowski. > - Remove contrib/id_to_fp.c since it wasn't used anywhere. > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.10 (GNU/Linux) > > iD8DBQFSTHMj61qJaiiYi/URAmBvAJ9iBT2dZW97RCWm6GAUVoiNjniXFgCaAyty > bn+gpWVAhisVCUwn9Ub83rM= > =Lmqy > -----END PGP SIGNATURE----- > > -- > tor-talk mailing list - tor-talk@lists.torproject.org > To unsusbscribe or change other settings go to > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk > > -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
