Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
ChangeLog: Arti 1.1.2 — 28 February 2023 Arti 1.1.2 continues our work on onion services, and builds out more of the necessary infrastructure, focusing on backend support for the onion service directories. We've also done a significant revision on our handling of incoming messages on circuits, to avoid a fair amount of unnecessary copying, and defer message parsing until we're certain that the message type would be acceptable in a given context. Doing this turned up several bugs, which are now fixed too. Breaking changes in lower level crates The APIs for tor-cell have changed significantly, to help implement #525 and prepare for #690. This has no downstream implications outside of tor-proto. Our IntegerMinutes type no longer has an erroneous days() accessor. (This accessor did not work correctly, and actually returned a number of minutes!) (bb2ab7c2a3e0994bb43) The PartialNetDir::fill_from_previous_netdir() function has changed its argument types and semantics. (f69d7f96ac40dda5) (Breaking changes in experimental APIs are not noted here.) New features We now have the facility to give a helpful "error hint" in response to a given failure. Right now, we use this to improve the error message given for file-system permission errors, so that it suggests either changing the permissions on a directory, or suppressing the error. (#578, #579, !976, !994, !1018) When we log an error message from inside our code (at "info" or higher), we now make sure to log a full error report, including the cause of the error, its cause, and so on. (#680, !997) When receiving messages on channels, circuits, and streams, we now defer parsing those messages until we know whether their types are acceptable. This shrinks our attack surface, simplifies our code, and makes our protocol handling less error-prone. (#525, !1008, !1013, !1017) We now copy relay cell bodies much less than previously. (#7, ca3b33a1afc58b84) We have support for handling link specifier types verbatim, for cases when we need to use them to contact a rendezvous point or introduction point without checking them. (!1029) Onion service development We can now parse onion service descriptors, including all encrypted layers, with support for descriptor-based client authentication. (#744, !999, !1015) Our network directory code now supports deriving the HsDir directory ring, to find out where onion service descriptors should be uploaded and downloaded. (#687, !1012) We've refactored our implementation of onion service message extensions into a single place, to save on code and avoid type confusion. (5521df0909ff7afa) Our internal onion-service Cargo features have been renamed to start with hs-*. We're still using onion-* as the prefix for our high-level onion-service features. ([#756], [!1033]) Infrastructure All our shell scripts now work when bash is somewhere other than /bin. (!990) Our check_doc_features script is now a little more reliable. (!1023) Our coverage tools now perform better checks to make sure they have all of their dependencies. (#776, !1025) Cleanups, minor features, and bugfixes The internal data structures in tor-netdir now use the typed_index_collections crate to ensure that the indices for one list are not mis-used as indices into another. (!1004) We no longer reject authority certificates that contain an unrecognized keyword. (#752, 266c61f7213dbec7) Our tor-netdoc parsing code now requires the caller to specify handling for unrecognized keywords explicitly, to avoid future instances of bug #752. (!1006) Several internal APIs and patterns in tor-netdoc have been streamlined. (#760, !1016, !1021) Make extension-handling code in for onion service message decoding more generic, since we'll reuse it a lot. (!1020) We now kill off circuits under more circumstances when the other side of the circuit violates the protocol. (#769, #773, !1026) We now expire router descriptors as soon as any of their internal expiration times has elapsed. Previously, we expired them when all of their expiration times had elapsed, which is incorrect. (#772, !1022) We are much more careful than previous about validating the correctness of various message types on half-closed streams. Previously, we had separate implementations for message validation; now, we use a single object to check messages in both cases. (#744, !1026) We now treat a RESOLVED message as closing a half-closed resolve stream. Previously, we left the stream open. (!1026) Thanks to everyone who has contributed to this release, including Dimitris Apostolou, Emil Engler, and Shady Katy. Also, our deep thanks to Zcash Community Grants for funding the development of Arti!
- Loading branch information