diff options
author | Nick Mathewson <nickm@torproject.org> | 2017-05-19 10:00:54 -0400 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2017-05-19 10:00:54 -0400 |
commit | 8410f47b6e7e6d87f1082c2328cc3fc209d0b2ae (patch) | |
tree | 40976b8887896f85de545dbc4db430c9a8adc272 | |
parent | 3628efe29c170025cec1001001a141dc3f9c5860 (diff) | |
download | tor-8410f47b6e7e6d87f1082c2328cc3fc209d0b2ae.tar.gz tor-8410f47b6e7e6d87f1082c2328cc3fc209d0b2ae.zip |
start changelog for 0.3.1.1-alpha by sorting entries
62 files changed, 394 insertions, 373 deletions
@@ -1,4 +1,397 @@ -Changes in version 0.3.1.1-alpha - 2017-??-?? +Changes in version 0.3.1.1-alpha - 2017-05-?? + blurb goes here + + o Major features (directory protocol): + - Tor relays and authorities are now able to serve clients an + abbreviated version of the networkstatus consensus document, + containing only the changes since the an older consensus document that + the client holds. Clients now request these documents when + available. When this new protocol is in use by both client and server, + they will use far less bandwidth (up to 94% less) to keep an up-to-date + consensus. Implements proposal 140; closes ticket 13339. Based + on work by by Daniel Martí. + + o Major features (directory system): + - Tor's compression module now includes support for the zstd and lzma2 + compression algorithms, if the libzstd and liblzma libraries are + available when Tor is compiled. Once these features are exposed in the + directory module, they will enable Tor to provide better compression + ratios on directory documents. Part of an implementation for proposal + 278; closes ticket 21662. + + o Major features (internals): + - Add an ed diff/patch backend, optimized for consensus documents. + This backend will be the basis of our consensus diff implementation. + Most of the work here was done + by Daniel Martí. Closes ticket 21643. + + o Major features (security, stability, experimental): + - Tor now has the optional ability to include modules written in + Rust. To turn this on, pass the "--enable-rust" flag to the + configure script. + It's not time to get excited yet: currently, there is no actual + Rust functionality beyond some simple glue code, and a notice at + startup to tell you that Rust is running. Still, we hope that + programmers and packagers will try building with rust + support, so that we can find issues with the build system, + and solve portability issues. Closes ticket 22106. + + o Major features (traffic analysis resistance): + - Relays and clients will now send a padding cell on idle OR + connections every 1.5 to 9.5 seconds (tunable via consensus + parameters). Directory connections and inter-relay connections + are not padded. Padding is negotiated using Tor's link protocol, + so both relays and clients must upgrade for this to take effect. + Clients may still send padding despite the relay's version by + setting ConnectionPadding 1 in torrc, and may disable padding + by setting ConnectionPadding 0 in torrc. Padding may be minimized + for mobile users with the torrc option ReducedConnectionPadding. + Implements Proposal 251 and Section 2 of Proposal 254; closes ticket + 16861. + - Relays will publish 24 hour totals of padding and non-padding cell + counts to their extra-info descriptors, unless PaddingStatistics 0 + is set in torrc. These 24 hour totals are also rounded to multiples + of 10000. + + o Major bugfixes (hidden service directory, security): + - Fix an assertion failure in the hidden service directory code, which + could be used by an attacker to remotely cause a Tor relay process to + exit. Relays running earlier versions of Tor 0.3.0.x should upgrade. + This security issue is tracked as tracked as + TROVE-2017-002. Fixes bug 22246; bugfix on 0.3.0.1-alpha. + + o Major bugfixes (linux TPROXY support): + - Fix a typo that had prevented TPROXY-based transparent proxying from + working under Linux. Fixes bug 18100; bugfix on 0.2.6.3-alpha. + Patch from "d4fq0fQAgoJ". + + o Minor feature (defaults, directory): + - Onion key rotation and expiry intervals are now defined as a network + consensus parameter as per proposal 274. The default lifetime of an + onion key is bumped from 7 to 28 days. Old onion keys will expire after 7 + days by default. Closes ticket 21641. + + o Minor feature (hidden services): + - Add more information to the message logged when a hidden service + descriptor has fewer introduction points than specified in + HiddenServiceNumIntroductionPoints. + Follow up to tickets 21598 and 21599, closes ticket 21622. + - Log a message when a hidden service descriptor has fewer introduction + points than specified in HiddenServiceNumIntroductionPoints. + Closes ticket 21598. + - Log a message when a hidden service reaches its introduction point + circuit limit, and when that limit is reset. + Follow up to ticket 21594, closes ticket 21622. + + o Minor feature (include on config files): + - Adds config-can-saveconf to GETINFO command to tell if SAVECONF + will work without the FORCE option, closes ticket 1922. + - Allow the use of %include on configuration files to include settings + from other files or directories. Using %include with a directory will + include all (non-dot) files in that directory in lexically sorted order + (non-recursive), closes ticket 1922. + - Makes SAVECONF command return error when overwriting a torrc + that has includes. Using SAVECONF with the FORCE option will + allow it to overwrite torrc even if includes are used, closes ticket + 1922. + + o Minor features (controller): + - Warn the first time that a controller requests data in the + long-deprecated 'GETINFO network-status' format. Closes ticket 21703. + + o Minor features (defaults, security): + - The default value for UseCreateFast is now 0: clients which haven't yet + received a consensus document will nonetheless use a proper handshake + to talk to their directory servers (when they can). Closes ticket 21407. + + o Minor features (fallback directories): + - Update the fallback directory mirror whitelist and blacklist based on + operator emails. Closes task 21121. + + o Minor features (fallback directory list): + - Replace the 177 fallbacks originally introduced in Tor 0.2.9.8 in + December 2016 (of which ~126 were still functional), with a list of + 151 fallbacks (32 new, 119 existing, 58 removed) generated in + May 2017. + Resolves ticket 21564. + + o Minor features (hidden service, logging): + - Warn user if multiple entries in EntryNodes and at least one + HiddenService are used together. Pinning EntryNodes along with an hidden + service can be possibly harmful for instance see ticket 14917 or 21155. + Closes ticket 21155. + + o Minor features (infrastructure, seccomp2 sandbox): + - We now have a document storage backend compatible with the Linux + seccomp2 sandbox. The long-term plan is to use this backend for + consensus documents and for storing unparseable directory + material. Closes ticket 21645. + + o Minor features (linux seccomp2 sandbox): + - Increase the maximum allowed size passed to mprotect(PROT_WRITE) + from 1MB to 16MB. This was necessary with the glibc allocator in + order to allow worker threads to allocate more memory -- which in + turn is necessary because of our new use of worker threads for + compression. Closes ticket 22096. + + o Minor features (logging): + - Log files are no longer created world-readable by default. + (Previously, most distributors would store the logs in a + non-world-readable location to prevent inappropriate access. This + change is an extra precaution.) Closes ticket 21729; patch from + toralf. + + o Minor features (performance): + - The minimal keccak implementation we include now accesses memory + more efficiently, especially on little-endian systems. + Closes ticket 21737. + + o Minor features (performance, controller): + - Add an O(1) implementation of channel_find_by_global_id(). + + o Minor features (relay, configuration): + - The MyFamily line may now be repeated as many times as desired, for + relays that want to configure large families. Closes ticket 4998; + patch by Daniel Pinto. + + o Minor features (safety): + - Add an explict check to extrainfo_parse_entry_from_string() for NULL + inputs. We don't believe this can actually happen, but it may help + silence a warning from the Clang analyzer. Closes ticket 21496. + + o Minor features (security, windows): + - Enable a couple of pieces of Windows hardening: one + (HeapEnableTerminationOnCorruption) that has been on-by-default since + Windows 8, and unavailable before Windows 7, and one + (PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION) which we believe doesn't + affect us, but shouldn't do any harm. Closes ticket 21953. + + o Minor features (testing): + - Add a "--disable-memory-sentinels" feature to help with fuzzing. + When Tor is compiled with this option, we disable a number of + redundant memory-safety failsafes that are intended to stop + bugs from becoming security issues. This makes it easier to hunt + for bugs that would be security issues without the failsafes + turned on. Closes ticket 21439. + - Add a general event-tracing instrumentation support to Tor. This + subsystem will enable developers and researchers to add fine-grained + instrumentation to their Tor instances, for use when examining Tor + network performance issues. There are no trace events yet, and + event-tracing is off by default unless enabled at compile time. + Implements ticket 13802. + + o Minor features (unit tests): + - Improve version parsing tests: add tests for typical version components, + add tests for invalid versions, including numeric range and non-numeric + prefixes. + Unit tests 21278, 21450, and 21507. Partially implements 21470. + + o Minor bugfix (directory authority): + - Prevent the shared randomness subsystem from asserting when initialized + by a bridge authority with an incomplete configuration file. Fixes bug + 21586; bugfix on 0.2.9.8. + + o Minor bugfixes (bandwidth accounting): + - Roll over monthly accounting at the configured hour and minute, + rather than always at 00:00. + Fixes bug 22245; bugfix on 0.0.9rc1. + Found by Andrey Karpov with PVS-Studio. + + o Minor bugfixes (cell, logging): + - Downgrade a log statement from bug to protocol warning because there is + at least one use case where it can be triggered by a buggy tor + implementation on the Internet for instance. Fixes bug 21293; bugfix on + 0.1.1.14-alpha. + + o Minor bugfixes (code correctness): + - Accurately identify client connections using their lack of peer + authentication. This means that we bail out earlier if asked to extend + to a client. Follow-up to 21407. + Fixes bug 21406; bugfix on 0.2.4.23. + + o Minor bugfixes (configuration): + - Do not crash when starting with LearnCircuitBuildTimeout 0. + Fixes bug 22252; bugfix on 0.2.9.3-alpha. + + o Minor bugfixes (connection lifespan): + - Allow more control over how long TLS connections are kept open: unify + CircuitIdleTimeout and PredictedPortsRelevanceTime into a single option + called CircuitsAvailableTimeout. Also, allow the consensus to control + the default values for both this preference, as well as the lifespan + of relay-to-relay connections. Fixes bug 17592; bugfix on 0.2.5.5-alpha. + - Increase the intial circuit build timeout testing frequency, to help + ensure that ReducedConnectionPadding clients finish learning a timeout + before their orconn would expire. The initial testing rate was set back + in the days of TAP and before the Tor Browser updater, when we had to be + much more careful about new clients making lots of circuits. With this + change, a circuit build time is learned in about 15-20 minutes, instead + of ~100-120 minutes. + + o Minor bugfixes (connection usage): + - Relays will now log hourly statistics on the total number of + connections to other relays. If the number of connections per relay + unexpectedly large, this log message is at notice level. Otherwise + it is at info. + - Use NETINFO cells to try to determine if both relays involved in + a connection will agree on the canonical status of that connection. + Prefer the connections where this is the case for extend cells, + and try to close connections where relays disagree on canonical + status early. Also, additionally alter the connection selection + logic to prefer the oldest valid connection for extend cells. + These two changes should reduce the number of long-term connections + that are kept open between relays. Fixes bug 17604; bugfix on + 0.2.5.5-alpha. + + o Minor bugfixes (control, hidden service client): + - Trigger HS descriptor events on the control port when the client is + unable to pick a suitable hidden service directory. This can happen if + they are all in the ExcludeNodes list or they all have been queried + inside the allowed 15 minutes. Fixes bug 22042; bugfix on + 0.2.5.2-alpha. + + o Minor bugfixes (controller): + - GETINFO onions/current and onions/detached no longer 551 on empty lists + Fixes bug 21329; bugfix on 0.2.7.1-alpha. + + o Minor bugfixes (directory authority): + - When rejecting a router descriptor because the relay is running an + obsolete version of Tor without ntor support, warn about the obsolete + tor version, not the missing ntor key. Fixes bug 20270; + bugfix on 0.2.9.3-alpha. + + o Minor bugfixes (documentation): + - Default of NumEntryGuards is 1 if the consensus parameter + guard-n-primary-guards-to-use isn't set. Default of NumDirectoryGuards + is 3 if the consensus parameter guard-n-primary-dir-guards-to-use isn't + set. Fixes bug 21715; bugfix on 0.3.0.1-alpha. + + o Minor bugfixes (exit-side DNS): + - Fix an untriggerable assertion that checked the output of a + libevent DNS error, so that the assertion actually behaves as + expected. Fixes bug 22244; bugfix on 0.2.0.20-rc. Found by Andrey + Karpov using PVS-Studio. + + o Minor bugfixes (fallback directory mirrors): + - Make the usage example in updateFallbackDirs.py actually work. + (And explain what it does.) + Fixes bug 22270; bugfix on 0.3.0.3-alpha. + + o Minor bugfixes (fallbacks): + - Decrease the guard flag average required to be a fallback. This allows + us to keep relays that have their guard flag removed when they restart. + Fixes bug 20913; bugfix on 0.2.8.1-alpha. + - Decrease the minimum number of fallbacks to 100. + Fixes bug 20913; bugfix on 0.2.8.1-alpha. + - Make sure fallback directory mirrors have the same address, port, and + relay identity key for at least 30 days before they are selected. + Fixes bug 20913; bugfix on 0.2.8.1-alpha. + + o Minor bugfixes (hidden service): + - Stop printing cryptic warning when a client tries to connect on an + invalid port of the service. Fixes bug 16706; bugfix on 0.2.6.3-alpha. + + o Minor bugfixes (hidden services): + - Simplify hidden service descriptor creation by using an existing flag + to check if an introduction point is established. + Fixes bug 21599; bugfix on 0.2.7.2-alpha. + + o Minor bugfixes (memory leak): + - Fix a small memory leak at exit from the backtrace handler code. + Fixes bug 21788; bugfix on 0.2.5.2-alpha. Patch from Daniel Pinto. + + o Minor bugfixes (testing): + - Make test-network.sh always call chutney's test-network.sh. + Previously, this only worked on systems which had bash installed, due to + some bash-specific code in the script. + Fixes bug 19699; bugfix on 0.3.0.4-rc. Follow-up to ticket 21581. + - Use unbuffered I/O for utility functions around the process_handle_t + type. This fixes unit test failures reported on OpenBSD and FreeBSD. + Fixes bug 21654; bugfix on 0.2.3.1-alpha. + + o Minor bugfixes (unit tests): + - Make display of captured unit test log messages consistent. + Fixes bug 21510; bugfix on 0.2.9.3-alpha. + + o Minor bugfixes (voting consistency): + - Reject version numbers with non-numeric prefixes (such as +, -, and + whitespace). Disallowing whitespace prevents differential version + parsing between POSIX-based and Windows platforms. + Fixes bug 21507 and part of 21508; bugfix on 0.0.8pre1. + + o Minor bugfixes (windows, relay): + - Resolve "Failure from drain_fd: No error" warnings on Windows + relays. Fixes bug 21540; bugfix on 0.2.6.3-alpha. + + o Code simplification and refactoring: + - Break up the 630-line function connection_dir_client_reached_eof() into + a dozen smaller functions. This change should help maintainability and + readability of the client directory code. + - Isolate our usage of the openssl headers so that they are only + used from our crypto wrapper modules, and from tests that examing those + modules' internals. Closes ticket 21841. + - Our API to launch directory requests has been greatly simplified + to become more extensible and less error-prone. We'll be using + this to improve support for adding extra headers to directory + requests. Closes ticket 21646. + - Our base64 decoding functions no longer overestimate the output + space that they will need when parsing unpadded inputs. + Closes ticket 17868. + - Remove unused "ROUTER_ADDED_NOTIFY_GENERATOR" internal value. + Resolves ticket 22213. + - The logic that directory caches use to spool request to clients, + serving them one part at a time so as not to allocate too much memory, + has been refactored for consistency. Previously there was a separate + spooling implementation per type of spoolable data. Now there + is one common spooling implementation, with extensible data types. + Closes ticket 21651. + - Tor's compression module now supports multiple backends. Part of + an implementation of proposal 278; closes ticket 21663. + + o Documentation: + - Clarify the behavior of the KeepAliveIsolateSOCKSAuth sub-option. + Closes ticket 21873. + - Correct the documentation about the default DataDirectory value. + Closes ticket 21151. + - Document key=value pluggable transport arguments for Bridge lines in + torrc. Fixes bug 20341; bugfix on 0.2.5.1-alpha. + - Note that bandwidth-limiting options don't affect TCP headers or DNS. + Closes ticket 17170. + + o Removed features (configuration options, all in ticket 22060): + - AllowInvalidNodes was deprecated in 0.2.9.2-alpha and now has been + removed. It is not possible anymore to use Invalid nodes. + - AllowSingleHopCircuits was deprecated in 0.2.9.2-alpha and now has been + removed. It's not possible anymore to attach streams to single hop exit + circuit. + - AllowSingleHopExits was deprecated in 0.2.9.2-alpha and now has been + removed. Relays no longer advertise that they can be used for single hop + exit proxy. + - CloseHSClientCircuitsImmediatelyOnTimeout was deprecated in + 0.2.9.2-alpha and now has been removed. HS circuits never close on + circuit build timeout, they have a longer timeout period. + - CloseHSServiceRendCircuitsImmediatelyOnTimeout was deprecated in + 0.2.9.2-alpha and now has been removed. HS circuits never close on + circuit build timeout, they have a long timeout period. + - ExcludeSingleHopRelays was deprecated in 0.2.9.2-alpha and now has been + removed. Client will always exclude relays that supports single hop + exits meaning relays that still advertise AllowSingleHopExits. + - FastFirstHopPK was deprecated in 0.2.9.2-alpha and now has been removed. + Decision for this feature will always be decided by the consensus. + - TLSECGroup was deprecated in 0.2.9.2-alpha and now has been removed. + P256 EC group is always used. + - WarnUnsafeSocks was deprecated in 0.2.9.2-alpha and now has been + removed. Tor will now always warn the user if only an IP address is + given instead of an hostname on a SOCKS connection if SafeSocks is 1. + - {Control,DNS,Dir,Socks,Trans,NATD,OR}ListenAddress was deprecated in + 0.2.9.2-alpha and now has been removed. Use the ORPort (and others). + + o Removed features: + - We've removed the tor-checkkey tool from src/tools. Long ago, we + used it to help people detect RSA keys that were generated by + versions of Debian affected by CVE-2008-0166. But those keys + have been out of circulation for ages, and this tool is no + longer required. Closes ticket 21842. + Changes in version 0.3.0.7 - 2017-05-15 diff --git a/changes/17868 b/changes/17868 deleted file mode 100644 index 77a8ba1c9d..0000000000 --- a/changes/17868 +++ /dev/null @@ -1,4 +0,0 @@ - o Code simplification and refactoring: - - Our base64 decoding functions no longer overestimate the output - space that they will need when parsing unpadded inputs. - Closes ticket 17868. diff --git a/changes/21662_21663_21664 b/changes/21662_21663_21664 deleted file mode 100644 index da47c6d073..0000000000 --- a/changes/21662_21663_21664 +++ /dev/null @@ -1,12 +0,0 @@ - o Major features (directory system): - - Tor's compression module now includes support for the zstd and lzma2 - compression algorithms, if the libzstd and liblzma libraries are - available when Tor is compiled. Once these features are exposed in the - directory module, they will enable Tor to provide better compression - ratios on directory documents. Part of an implementation for proposal - 278; closes ticket 21662. - - o Code simplification and refactoring: - - Tor's compression module now supports multiple backends. Part of - an implementation of proposal 278; closes ticket 21663. - diff --git a/changes/21873 b/changes/21873 deleted file mode 100644 index 24dc82455e..0000000000 --- a/changes/21873 +++ /dev/null @@ -1,3 +0,0 @@ - o Documentation: - - Clarify the behavior of the KeepAliveIsolateSOCKSAuth sub-option. - Closes ticket 21873. diff --git a/changes/bug16706 b/changes/bug16706 deleted file mode 100644 index b0b3351fb5..0000000000 --- a/changes/bug16706 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (hidden service): - - Stop printing cryptic warning when a client tries to connect on an - invalid port of the service. Fixes bug 16706; bugfix on 0.2.6.3-alpha. diff --git a/changes/bug16861 b/changes/bug16861 deleted file mode 100644 index f540254946..0000000000 --- a/changes/bug16861 +++ /dev/null @@ -1,16 +0,0 @@ - o Major features (traffic analysis resistance): - - Relays and clients will now send a padding cell on idle OR - connections every 1.5 to 9.5 seconds (tunable via consensus - parameters). Directory connections and inter-relay connections - are not padded. Padding is negotiated using Tor's link protocol, - so both relays and clients must upgrade for this to take effect. - Clients may still send padding despite the relay's version by - setting ConnectionPadding 1 in torrc, and may disable padding - by setting ConnectionPadding 0 in torrc. Padding may be minimized - for mobile users with the torrc option ReducedConnectionPadding. - Implements Proposal 251 and Section 2 of Proposal 254; closes ticket - 16861. - - Relays will publish 24 hour totals of padding and non-padding cell - counts to their extra-info descriptors, unless PaddingStatistics 0 - is set in torrc. These 24 hour totals are also rounded to multiples - of 10000. diff --git a/changes/bug17170 b/changes/bug17170 deleted file mode 100644 index 24a9b94fcf..0000000000 --- a/changes/bug17170 +++ /dev/null @@ -1,3 +0,0 @@ - o Documentation: - - Note that bandwidth-limiting options don't affect TCP headers or DNS. - Closes ticket 17170. diff --git a/changes/bug17592 b/changes/bug17592 deleted file mode 100644 index 131791b31f..0000000000 --- a/changes/bug17592 +++ /dev/null @@ -1,13 +0,0 @@ - o Minor bugfixes (connection lifespan): - - Allow more control over how long TLS connections are kept open: unify - CircuitIdleTimeout and PredictedPortsRelevanceTime into a single option - called CircuitsAvailableTimeout. Also, allow the consensus to control - the default values for both this preference, as well as the lifespan - of relay-to-relay connections. Fixes bug 17592; bugfix on 0.2.5.5-alpha. - - Increase the intial circuit build timeout testing frequency, to help - ensure that ReducedConnectionPadding clients finish learning a timeout - before their orconn would expire. The initial testing rate was set back - in the days of TAP and before the Tor Browser updater, when we had to be - much more careful about new clients making lots of circuits. With this - change, a circuit build time is learned in about 15-20 minutes, instead - of ~100-120 minutes. diff --git a/changes/bug17604 b/changes/bug17604 deleted file mode 100644 index 6cd9e2e50a..0000000000 --- a/changes/bug17604 +++ /dev/null @@ -1,15 +0,0 @@ - o Minor bugfixes (connection usage): - - Use NETINFO cells to try to determine if both relays involved in - a connection will agree on the canonical status of that connection. - Prefer the connections where this is the case for extend cells, - and try to close connections where relays disagree on canonical - status early. Also, additionally alter the connection selection - logic to prefer the oldest valid connection for extend cells. - These two changes should reduce the number of long-term connections - that are kept open between relays. Fixes bug 17604; bugfix on - 0.2.5.5-alpha. - - Relays will now log hourly statistics on the total number of - connections to other relays. If the number of connections per relay - unexpectedly large, this log message is at notice level. Otherwise - it is at info. - diff --git a/changes/bug18100 b/changes/bug18100 deleted file mode 100644 index cd3ba2c977..0000000000 --- a/changes/bug18100 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes (linux TPROXY support): - - Fix a typo that had prevented TPROXY-based transparent proxying from - working under Linux. Fixes bug 18100; bugfix on 0.2.6.3-alpha. - Patch from "d4fq0fQAgoJ". - diff --git a/changes/bug19699 b/changes/bug19699 deleted file mode 100644 index 10ba57f73e..0000000000 --- a/changes/bug19699 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (testing): - - Make test-network.sh always call chutney's test-network.sh. - Previously, this only worked on systems which had bash installed, due to - some bash-specific code in the script. - Fixes bug 19699; bugfix on 0.3.0.4-rc. Follow-up to ticket 21581. diff --git a/changes/bug20270 b/changes/bug20270 deleted file mode 100644 index d538a358dc..0000000000 --- a/changes/bug20270 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (directory authority): - - When rejecting a router descriptor because the relay is running an - obsolete version of Tor without ntor support, warn about the obsolete - tor version, not the missing ntor key. Fixes bug 20270; - bugfix on 0.2.9.3-alpha. - diff --git a/changes/bug20341 b/changes/bug20341 deleted file mode 100644 index 419240c3f0..0000000000 --- a/changes/bug20341 +++ /dev/null @@ -1,3 +0,0 @@ - o Documentation: - - Document key=value pluggable transport arguments for Bridge lines in - torrc. Fixes bug 20341; bugfix on 0.2.5.1-alpha. diff --git a/changes/bug20913 b/changes/bug20913 deleted file mode 100644 index df7f106759..0000000000 --- a/changes/bug20913 +++ /dev/null @@ -1,9 +0,0 @@ - o Minor bugfixes (fallbacks): - - Make sure fallback directory mirrors have the same address, port, and - relay identity key for at least 30 days before they are selected. - Fixes bug 20913; bugfix on 0.2.8.1-alpha. - - Decrease the guard flag average required to be a fallback. This allows - us to keep relays that have their guard flag removed when they restart. - Fixes bug 20913; bugfix on 0.2.8.1-alpha. - - Decrease the minimum number of fallbacks to 100. - Fixes bug 20913; bugfix on 0.2.8.1-alpha. diff --git a/changes/bug21121 b/changes/bug21121 deleted file mode 100644 index 96b973028e..0000000000 --- a/changes/bug21121 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (fallback directories): - - Update the fallback directory mirror whitelist and blacklist based on - operator emails. Closes task 21121. diff --git a/changes/bug21155 b/changes/bug21155 deleted file mode 100644 index 67e4a64d14..0000000000 --- a/changes/bug21155 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features (hidden service, logging): - - Warn user if multiple entries in EntryNodes and at least one - HiddenService are used together. Pinning EntryNodes along with an hidden - service can be possibly harmful for instance see ticket 14917 or 21155. - Closes ticket 21155. diff --git a/changes/bug21293 b/changes/bug21293 deleted file mode 100644 index 37e0c8c28c..0000000000 --- a/changes/bug21293 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (cell, logging): - - Downgrade a log statement from bug to protocol warning because there is - at least one use case where it can be triggered by a buggy tor - implementation on the Internet for instance. Fixes bug 21293; bugfix on - 0.1.1.14-alpha. diff --git a/changes/bug21329 b/changes/bug21329 deleted file mode 100644 index c31586e25d..0000000000 --- a/changes/bug21329 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (controller): - - GETINFO onions/current and onions/detached no longer 551 on empty lists - Fixes bug 21329; bugfix on 0.2.7.1-alpha. diff --git a/changes/bug21406 b/changes/bug21406 deleted file mode 100644 index 170e631d79..0000000000 --- a/changes/bug21406 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (code correctness): - - Accurately identify client connections using their lack of peer - authentication. This means that we bail out earlier if asked to extend - to a client. Follow-up to 21407. - Fixes bug 21406; bugfix on 0.2.4.23. diff --git a/changes/bug21407 b/changes/bug21407 deleted file mode 100644 index 8d0d917439..0000000000 --- a/changes/bug21407 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (defaults, security): - - The default value for UseCreateFast is now 0: clients which haven't yet - received a consensus document will nonetheless use a proper handshake - to talk to their directory servers (when they can). Closes ticket 21407. diff --git a/changes/bug21439 b/changes/bug21439 deleted file mode 100644 index 3acc53bfb7..0000000000 --- a/changes/bug21439 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor features (testing): - - Add a "--disable-memory-sentinels" feature to help with fuzzing. - When Tor is compiled with this option, we disable a number of - redundant memory-safety failsafes that are intended to stop - bugs from becoming security issues. This makes it easier to hunt - for bugs that would be security issues without the failsafes - turned on. Closes ticket 21439. diff --git a/changes/bug21496 b/changes/bug21496 deleted file mode 100644 index 24ac85a769..0000000000 --- a/changes/bug21496 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (safety): - - Add an explict check to extrainfo_parse_entry_from_string() for NULL - inputs. We don't believe this can actually happen, but it may help - silence a warning from the Clang analyzer. Closes ticket 21496. diff --git a/changes/bug21507 b/changes/bug21507 deleted file mode 100644 index f83e291b63..0000000000 --- a/changes/bug21507 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (voting consistency): - - Reject version numbers with non-numeric prefixes (such as +, -, and - whitespace). Disallowing whitespace prevents differential version - parsing between POSIX-based and Windows platforms. - Fixes bug 21507 and part of 21508; bugfix on 0.0.8pre1. diff --git a/changes/bug21510 b/changes/bug21510 deleted file mode 100644 index 31c3e1ada9..0000000000 --- a/changes/bug21510 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (unit tests): - - Make display of captured unit test log messages consistent. - Fixes bug 21510; bugfix on 0.2.9.3-alpha. - diff --git a/changes/bug21540 b/changes/bug21540 deleted file mode 100644 index 0cf684b7f2..0000000000 --- a/changes/bug21540 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (windows, relay): - - Resolve "Failure from drain_fd: No error" warnings on Windows - relays. Fixes bug 21540; bugfix on 0.2.6.3-alpha. - diff --git a/changes/bug21586 b/changes/bug21586 deleted file mode 100644 index 29701d94c6..0000000000 --- a/changes/bug21586 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfix (directory authority): - - Prevent the shared randomness subsystem from asserting when initialized - by a bridge authority with an incomplete configuration file. Fixes bug - 21586; bugfix on 0.2.9.8. diff --git a/changes/bug21599 b/changes/bug21599 deleted file mode 100644 index fe0f21a740..0000000000 --- a/changes/bug21599 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (hidden services): - - Simplify hidden service descriptor creation by using an existing flag - to check if an introduction point is established. - Fixes bug 21599; bugfix on 0.2.7.2-alpha. diff --git a/changes/bug21641 b/changes/bug21641 deleted file mode 100644 index b04e52c230..0000000000 --- a/changes/bug21641 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor feature (defaults, directory): - - Onion key rotation and expiry intervals are now defined as a network - consensus parameter as per proposal 274. The default lifetime of an - onion key is bumped from 7 to 28 days. Old onion keys will expire after 7 - days by default. Closes ticket 21641. diff --git a/changes/bug21654 b/changes/bug21654 deleted file mode 100644 index c3badd2bbf..0000000000 --- a/changes/bug21654 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (testing): - - Use unbuffered I/O for utility functions around the process_handle_t - type. This fixes unit test failures reported on OpenBSD and FreeBSD. - Fixes bug 21654; bugfix on 0.2.3.1-alpha. diff --git a/changes/bug21703 b/changes/bug21703 deleted file mode 100644 index 3034fc5e4b..0000000000 --- a/changes/bug21703 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (controller): - - Warn the first time that a controller requests data in the - long-deprecated 'GETINFO network-status' format. Closes ticket 21703. - diff --git a/changes/bug21715 b/changes/bug21715 deleted file mode 100644 index 54ad1ad246..0000000000 --- a/changes/bug21715 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (documentation): - - Default of NumEntryGuards is 1 if the consensus parameter - guard-n-primary-guards-to-use isn't set. Default of NumDirectoryGuards - is 3 if the consensus parameter guard-n-primary-dir-guards-to-use isn't - set. Fixes bug 21715; bugfix on 0.3.0.1-alpha. diff --git a/changes/bug21788 b/changes/bug21788 deleted file mode 100644 index ad8365f5dc..0000000000 --- a/changes/bug21788 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (memory leak): - - Fix a small memory leak at exit from the backtrace handler code. - Fixes bug 21788; bugfix on 0.2.5.2-alpha. Patch from Daniel Pinto. diff --git a/changes/bug22042 b/changes/bug22042 deleted file mode 100644 index dccf83da8e..0000000000 --- a/changes/bug22042 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes (control, hidden service client): - - Trigger HS descriptor events on the control port when the client is - unable to pick a suitable hidden service directory. This can happen if - they are all in the ExcludeNodes list or they all have been queried - inside the allowed 15 minutes. Fixes bug 22042; bugfix on - 0.2.5.2-alpha. - diff --git a/changes/bug22060 b/changes/bug22060 deleted file mode 100644 index db373dde23..0000000000 --- a/changes/bug22060 +++ /dev/null @@ -1,28 +0,0 @@ - o Removed features (configuration options, all in ticket 22060): - - AllowInvalidNodes was deprecated in 0.2.9.2-alpha and now has been - removed. It is not possible anymore to use Invalid nodes. - - AllowSingleHopCircuits was deprecated in 0.2.9.2-alpha and now has been - removed. It's not possible anymore to attach streams to single hop exit - circuit. - - AllowSingleHopExits was deprecated in 0.2.9.2-alpha and now has been - removed. Relays no longer advertise that they can be used for single hop - exit proxy. - - ExcludeSingleHopRelays was deprecated in 0.2.9.2-alpha and now has been - removed. Client will always exclude relays that supports single hop - exits meaning relays that still advertise AllowSingleHopExits. - - FastFirstHopPK was deprecated in 0.2.9.2-alpha and now has been removed. - Decision for this feature will always be decided by the consensus. - - CloseHSClientCircuitsImmediatelyOnTimeout was deprecated in - 0.2.9.2-alpha and now has been removed. HS circuits never close on - circuit build timeout, they have a longer timeout period. - - CloseHSServiceRendCircuitsImmediatelyOnTimeout was deprecated in - 0.2.9.2-alpha and now has been removed. HS circuits never close on - circuit build timeout, they have a long timeout period. - - WarnUnsafeSocks was deprecated in 0.2.9.2-alpha and now has been - removed. Tor will now always warn the user if only an IP address is - given instead of an hostname on a SOCKS connection if SafeSocks is 1. - - TLSECGroup was deprecated in 0.2.9.2-alpha and now has been removed. - P256 EC group is always used. - - {Control,DNS,Dir,Socks,Trans,NATD,OR}ListenAddress was deprecated in - 0.2.9.2-alpha and now has been removed. Use the ORPort (and others). - diff --git a/changes/bug22096 b/changes/bug22096 deleted file mode 100644 index 83dac9c3f5..0000000000 --- a/changes/bug22096 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor features (linux seccomp2 sandbox): - - Increase the maximum allowed size passed to mprotect(PROT_WRITE) - from 1MB to 16MB. This was necessary with the glibc allocator in - order to allow worker threads to allocate more memory -- which in - turn is necessary because of our new use of worker threads for - compression. Closes ticket 22096. diff --git a/changes/bug22244 b/changes/bug22244 deleted file mode 100644 index ed5d36b1dd..0000000000 --- a/changes/bug22244 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (exit-side DNS): - - Fix an untriggerable assertion that checked the output of a - libevent DNS error, so that the assertion actually behaves as - expected. Fixes bug 22244; bugfix on 0.2.0.20-rc. Found by Andrey - Karpov using PVS-Studio. - diff --git a/changes/bug22245 b/changes/bug22245 deleted file mode 100644 index 6ae18593ea..0000000000 --- a/changes/bug22245 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (bandwidth accounting): - - Roll over monthly accounting at the configured hour and minute, - rather than always at 00:00. - Fixes bug 22245; bugfix on 0.0.9rc1. - Found by Andrey Karpov with PVS-Studio. diff --git a/changes/bug22246 b/changes/bug22246 deleted file mode 100644 index dbdf31a433..0000000000 --- a/changes/bug22246 +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfixes (hidden service directory, security): - - Fix an assertion failure in the hidden service directory code, which - could be used by an attacker to remotely cause a Tor relay process to - exit. Relays running earlier versions of Tor 0.3.0.x should upgrade. - This security issue is tracked as tracked as - TROVE-2017-002. Fixes bug 22246; bugfix on 0.3.0.1-alpha. diff --git a/changes/bug22252 b/changes/bug22252 deleted file mode 100644 index 42b9d8e095..0000000000 --- a/changes/bug22252 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (configuration): - - Do not crash when starting with LearnCircuitBuildTimeout 0. - Fixes bug 22252; bugfix on 0.2.9.3-alpha. diff --git a/changes/bug22270 b/changes/bug22270 deleted file mode 100644 index 6b58446402..0000000000 --- a/changes/bug22270 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (fallback directory mirrors): - - Make the usage example in updateFallbackDirs.py actually work. - (And explain what it does.) - Fixes bug 22270; bugfix on 0.3.0.3-alpha. diff --git a/changes/cleanup22213 b/changes/cleanup22213 deleted file mode 100644 index d100aeec5c..0000000000 --- a/changes/cleanup22213 +++ /dev/null @@ -1,4 +0,0 @@ - o Code simplification and refactoring: - - Remove unused "ROUTER_ADDED_NOTIFY_GENERATOR" internal value. - Resolves ticket 22213. - diff --git a/changes/consdiff_21643 b/changes/consdiff_21643 deleted file mode 100644 index 38d465673b..0000000000 --- a/changes/consdiff_21643 +++ /dev/null @@ -1,5 +0,0 @@ - o Major features (internals): - - Add an ed diff/patch backend, optimized for consensus documents. - This backend will be the basis of our consensus diff implementation. - Most of the work here was done - by Daniel Martí. Closes ticket 21643. diff --git a/changes/data_dir_default_doc b/changes/data_dir_default_doc deleted file mode 100644 index 6b49bb2a65..0000000000 --- a/changes/data_dir_default_doc +++ /dev/null @@ -1,3 +0,0 @@ - o Documentation: - - Correct the documentation about the default DataDirectory value. - Closes ticket 21151. diff --git a/changes/fast_channel_lookup b/changes/fast_channel_lookup deleted file mode 100644 index de0f3515c4..0000000000 --- a/changes/fast_channel_lookup +++ /dev/null @@ -1,2 +0,0 @@ - o Minor features (performance, controller): - - Add an O(1) implementation of channel_find_by_global_id(). diff --git a/changes/faster-keccak b/changes/faster-keccak deleted file mode 100644 index 45fc1526a8..0000000000 --- a/changes/faster-keccak +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (performance): - - The minimal keccak implementation we include now accesses memory - more efficiently, especially on little-endian systems. - Closes ticket 21737. diff --git a/changes/feature1922 b/changes/feature1922 deleted file mode 100644 index e3c059d4a5..0000000000 --- a/changes/feature1922 +++ /dev/null @@ -1,11 +0,0 @@ - o Minor feature (include on config files): - - Allow the use of %include on configuration files to include settings - from other files or directories. Using %include with a directory will - include all (non-dot) files in that directory in lexically sorted order - (non-recursive), closes ticket 1922. - - Makes SAVECONF command return error when overwriting a torrc - that has includes. Using SAVECONF with the FORCE option will - allow it to overwrite torrc even if includes are used, closes ticket - 1922. - - Adds config-can-saveconf to GETINFO command to tell if SAVECONF - will work without the FORCE option, closes ticket 1922. diff --git a/changes/feature21598 b/changes/feature21598 deleted file mode 100644 index 317ace4bcf..0000000000 --- a/changes/feature21598 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor feature (hidden services): - - Log a message when a hidden service descriptor has fewer introduction - points than specified in HiddenServiceNumIntroductionPoints. - Closes ticket 21598. diff --git a/changes/feature21622 b/changes/feature21622 deleted file mode 100644 index 163b90b724..0000000000 --- a/changes/feature21622 +++ /dev/null @@ -1,8 +0,0 @@ - o Minor feature (hidden services): - - Log a message when a hidden service reaches its introduction point - circuit limit, and when that limit is reset. - Follow up to ticket 21594, closes ticket 21622. - - Add more information to the message logged when a hidden service - descriptor has fewer introduction points than specified in - HiddenServiceNumIntroductionPoints. - Follow up to tickets 21598 and 21599, closes ticket 21622. diff --git a/changes/feature22106 b/changes/feature22106 deleted file mode 100644 index d277007e68..0000000000 --- a/changes/feature22106 +++ /dev/null @@ -1,12 +0,0 @@ - o Major features (security, stability, experimental): - - - Tor now has the optional ability to include modules written in - Rust. To turn this on, pass the "--enable-rust" flag to the - configure script. - - It's not time to get excited yet: currently, there is no actual - Rust functionality beyond some simple glue code, and a notice at - startup to tell you that Rust is running. Still, we hope that - programmers and packagers will try building with rust - support, so that we can find issues with the build system, - and solve portability issues. Closes ticket 22106. diff --git a/changes/new_spooling_backend b/changes/new_spooling_backend deleted file mode 100644 index a100688900..0000000000 --- a/changes/new_spooling_backend +++ /dev/null @@ -1,7 +0,0 @@ - o Code simplification and refactoring: - - The logic that directory caches use to spool request to clients, - serving them one part at a time so as not to allocate too much memory, - has been refactored for consistency. Previously there was a separate - spooling implementation per type of spoolable data. Now there - is one common spooling implementation, with extensible data types. - Closes ticket 21651. diff --git a/changes/prop140 b/changes/prop140 deleted file mode 100644 index 661028ce15..0000000000 --- a/changes/prop140 +++ /dev/null @@ -1,10 +0,0 @@ - o Major features (directory protocol): - - Tor relays and authorities are now able to serve clients an - abbreviated version of the networkstatus consensus document, - containing only the changes since the an older consensus document that - the client holds. Clients now request these documents when - available. When this new protocol is in use by both client and server, - they will use far less bandwidth (up to 94% less) to keep an up-to-date - consensus. Implements proposal 140; closes ticket 13339. Based - on work by by Daniel Martí. - diff --git a/changes/refactor_reached_eof b/changes/refactor_reached_eof deleted file mode 100644 index 33ab931b9b..0000000000 --- a/changes/refactor_reached_eof +++ /dev/null @@ -1,5 +0,0 @@ - o Code simplification and refactoring: - - - Break up the 630-line function connection_dir_client_reached_eof() into - a dozen smaller functions. This change should help maintainability and - readability of the client directory code. diff --git a/changes/storagedir b/changes/storagedir deleted file mode 100644 index afaaab397f..0000000000 --- a/changes/storagedir +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features (infrastructure, seccomp2 sandbox): - - We now have a document storage backend compatible with the Linux - seccomp2 sandbox. The long-term plan is to use this backend for - consensus documents and for storing unparseable directory - material. Closes ticket 21645. diff --git a/changes/test21470 b/changes/test21470 deleted file mode 100644 index f3ce4846a6..0000000000 --- a/changes/test21470 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features (unit tests): - - Improve version parsing tests: add tests for typical version components, - add tests for invalid versions, including numeric range and non-numeric - prefixes. - Unit tests 21278, 21450, and 21507. Partially implements 21470. diff --git a/changes/ticket13802 b/changes/ticket13802 deleted file mode 100644 index 35cd2b5b68..0000000000 --- a/changes/ticket13802 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor features (testing): - - Add a general event-tracing instrumentation support to Tor. This - subsystem will enable developers and researchers to add fine-grained - instrumentation to their Tor instances, for use when examining Tor - network performance issues. There are no trace events yet, and - event-tracing is off by default unless enabled at compile time. - Implements ticket 13802. diff --git a/changes/ticket21564 b/changes/ticket21564 deleted file mode 100644 index 7e01f41f8f..0000000000 --- a/changes/ticket21564 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor features (fallback directory list): - - Replace the 177 fallbacks originally introduced in Tor 0.2.9.8 in - December 2016 (of which ~126 were still functional), with a list of - 151 fallbacks (32 new, 119 existing, 58 removed) generated in - May 2017. - Resolves ticket 21564. diff --git a/changes/ticket21646 b/changes/ticket21646 deleted file mode 100644 index a0e4fb6352..0000000000 --- a/changes/ticket21646 +++ /dev/null @@ -1,6 +0,0 @@ - o Code simplification and refactoring: - - Our API to launch directory requests has been greatly simplified - to become more extensible and less error-prone. We'll be using - this to improve support for adding extra headers to directory - requests. Closes ticket 21646. - diff --git a/changes/ticket21729 b/changes/ticket21729 deleted file mode 100644 index 51d117311b..0000000000 --- a/changes/ticket21729 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor features (logging): - - Log files are no longer created world-readable by default. - (Previously, most distributors would store the logs in a - non-world-readable location to prevent inappropriate access. This - change is an extra precaution.) Closes ticket 21729; patch from - toralf. - diff --git a/changes/ticket21841 b/changes/ticket21841 deleted file mode 100644 index 08c7406725..0000000000 --- a/changes/ticket21841 +++ /dev/null @@ -1,4 +0,0 @@ - o Code simplification and refactoring: - - Isolate our usage of the openssl headers so that they are only - used from our crypto wrapper modules, and from tests that examing those - modules' internals. Closes ticket 21841. diff --git a/changes/ticket21842 b/changes/ticket21842 deleted file mode 100644 index 4b039c61f9..0000000000 --- a/changes/ticket21842 +++ /dev/null @@ -1,6 +0,0 @@ - o Removed features: - - We've removed the tor-checkkey tool from src/tools. Long ago, we - used it to help people detect RSA keys that were generated by - versions of Debian affected by CVE-2008-0166. But those keys - have been out of circulation for ages, and this tool is no - longer required. Closes ticket 21842. diff --git a/changes/ticket21953 b/changes/ticket21953 deleted file mode 100644 index 46e1642efd..0000000000 --- a/changes/ticket21953 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor features (security, windows): - - Enable a couple of pieces of Windows hardening: one - (HeapEnableTerminationOnCorruption) that has been on-by-default since - Windows 8, and unavailable before Windows 7, and one - (PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION) which we believe doesn't - affect us, but shouldn't do any harm. Closes ticket 21953. diff --git a/changes/ticket4998 b/changes/ticket4998 deleted file mode 100644 index b7b5d62478..0000000000 --- a/changes/ticket4998 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features (relay, configuration): - - The MyFamily line may now be repeated as many times as desired, for - relays that want to configure large families. Closes ticket 4998; - patch by Daniel Pinto. - |