summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTor CI Release <no-email@torproject.org>2024-12-03 15:48:11 +0000
committerDavid Goulet <dgoulet@torproject.org>2024-12-03 11:10:03 -0500
commit9918acd57b1f0c80ced1c3e95e0bb98ee4e4e854 (patch)
tree0d517d988c095c8bf99573cfa982ad0822d8cd49
parent5567617e3b725f8a99acada48a5855b2150bc0f4 (diff)
downloadtor-9918acd57b1f0c80ced1c3e95e0bb98ee4e4e854.tar.gz
tor-9918acd57b1f0c80ced1c3e95e0bb98ee4e4e854.zip
release: ChangeLog and ReleaseNotes for 0.4.9.1-alpha
-rw-r--r--ChangeLog276
-rw-r--r--ReleaseNotes276
-rw-r--r--changes/bug404656
-rw-r--r--changes/bug408415
-rw-r--r--changes/bug408424
-rw-r--r--changes/bug408556
-rw-r--r--changes/bug408586
-rw-r--r--changes/bug408623
-rw-r--r--changes/bug408693
-rw-r--r--changes/bug408768
-rw-r--r--changes/bug408784
-rw-r--r--changes/bug408843
-rw-r--r--changes/bug408976
-rw-r--r--changes/bug409105
-rw-r--r--changes/bug409115
-rw-r--r--changes/bug409225
-rw-r--r--changes/bug409333
-rw-r--r--changes/bug409819
-rw-r--r--changes/bug409824
-rw-r--r--changes/ci-pin-chutney3
-rw-r--r--changes/fallbackdirs-2023-08-302
-rw-r--r--changes/fallbackdirs-2023-09-182
-rw-r--r--changes/fallbackdirs-2023-09-252
-rw-r--r--changes/fallbackdirs-2023-11-032
-rw-r--r--changes/fallbackdirs-2023-11-092
-rw-r--r--changes/fallbackdirs-2023-12-082
-rw-r--r--changes/fallbackdirs-2024-04-102
-rw-r--r--changes/fallbackdirs-2024-06-062
-rw-r--r--changes/fallbackdirs-2024-10-242
-rw-r--r--changes/geoip-2023-08-303
-rw-r--r--changes/geoip-2023-09-183
-rw-r--r--changes/geoip-2023-09-253
-rw-r--r--changes/geoip-2023-11-033
-rw-r--r--changes/geoip-2023-11-093
-rw-r--r--changes/geoip-2023-12-083
-rw-r--r--changes/geoip-2024-04-103
-rw-r--r--changes/geoip-2024-06-063
-rw-r--r--changes/geoip-2024-10-243
-rw-r--r--changes/mr7604
-rw-r--r--changes/prop3016
-rw-r--r--changes/prop3517
-rw-r--r--changes/tap-out-part-112
-rw-r--r--changes/testing3
-rw-r--r--changes/thread-memleak3
-rw-r--r--changes/ticket111014
-rw-r--r--changes/ticket402482
-rw-r--r--changes/ticket404873
-rw-r--r--changes/ticket406384
-rw-r--r--changes/ticket406764
-rw-r--r--changes/ticket406893
-rw-r--r--changes/ticket407365
-rw-r--r--changes/ticket407393
-rw-r--r--changes/ticket408154
-rw-r--r--changes/ticket408164
-rw-r--r--changes/ticket408174
-rw-r--r--changes/ticket408353
-rw-r--r--changes/ticket408433
-rw-r--r--changes/ticket408444
-rw-r--r--changes/ticket408484
-rw-r--r--changes/ticket408543
-rw-r--r--changes/ticket408704
-rw-r--r--changes/ticket408713
-rw-r--r--changes/ticket408743
-rw-r--r--changes/ticket408834
-rw-r--r--changes/ticket408915
-rw-r--r--changes/ticket408962
-rw-r--r--changes/ticket409085
-rw-r--r--changes/ticket409183
-rw-r--r--changes/ticket409213
-rw-r--r--changes/ticket409323
-rw-r--r--changes/ticket409663
-rw-r--r--changes/ticket409894
-rw-r--r--changes/ticket409904
-rw-r--r--changes/tor26-change3
74 files changed, 552 insertions, 274 deletions
diff --git a/ChangeLog b/ChangeLog
index f003aeb8c3..365d805dd2 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,279 @@
+Changes in version 0.4.9.1-alpha - 2024-12-03
+ This is the first alpha of the 0.4.9.x series. This release mostly consists
+ of bugfixes including some major ones. There are several minor features in
+ this release but no large new subsystem. Most of the fixes in this release
+ are already in 0.4.8.x stable series.
+
+ o Major bugfixes (circuit building):
+ - Conflux circuit building was ignoring the "predicted ports"
+ feature, which aims to make Tor stop building circuits if there
+ have been no user requests lately. This bug led to every idle Tor
+ on the network building and discarding circuits every 30 seconds,
+ which added overall load to the network, used bandwidth and
+ battery from clients that weren't actively using their Tor, and
+ kept sockets open on guards which added connection padding
+ essentially forever. Fixes bug 40981; bugfix on 0.4.8.1-alpha;
+
+ o Major bugfixes (conflux):
+ - Fix an issue that prevented us from pre-building more conflux sets
+ after existing sets had been used. Fixes bug 40862; bugfix
+ on 0.4.8.1-alpha.
+
+ o Major bugfixes (guard usage):
+ - When Tor excluded a guard due to temporary circuit restrictions,
+ it considered *additional* primary guards for potential usage by
+ that circuit. This could result in more than the specified number
+ of guards (currently 2) being used, long-term, by the tor client.
+ This could happen when a Guard was also selected as an Exit node,
+ but it was exacerbated by the Conflux guard restrictions. Both
+ instances have been fixed. Fixes bug 40876; bugfix
+ on 0.3.0.1-alpha.
+
+ o Major bugfixes (onion service):
+ - Fix a reliability issue where services were expiring their
+ introduction points every consensus update. This caused
+ connectivity issues for clients caching the old descriptor and
+ intro points. Bug reported and fixed by gitlab user
+ @hyunsoo.kim676. Fixes bug 40858; bugfix on 0.4.7.5-alpha.
+
+ o Major bugfixes (onion service, TROVE-2023-006):
+ - Fix a possible hard assert on a NULL pointer when recording a
+ failed rendezvous circuit on the service side for the MetricsPort.
+ Fixes bug 40883; bugfix on 0.4.8.1-alpha
+
+ o Major bugfixes (sandbox):
+ - Fix sandbox to work on architectures that use Linux's generic
+ syscall interface, extending support for AArch64 (ARM64) and
+ adding support for RISC-V, allowing test_include.sh and the
+ sandbox unit tests to pass on these systems even when building
+ with fragile hardening enabled. Fixes bugs 40465 and 40599; bugfix
+ on 0.2.5.1-alpha.
+
+ o Major bugfixes (TROVE-2023-004, relay):
+ - Mitigate an issue when Tor compiled with OpenSSL can crash during
+ handshake with a remote relay. Fixes bug 40874; bugfix
+ on 0.2.7.2-alpha.
+
+ o Major bugfixes (TROVE-2023-007, exit):
+ - Improper error propagation from a safety check in conflux leg
+ linking lead to a desynchronization of which legs were part of a
+ conflux set, ultimately causing a UAF and NULL pointer dereference
+ crash on Exit relays. Fixes bug 40897; bugfix on 0.4.8.1-alpha.
+
+ o Minor feature (authority):
+ - Reject 0.4.7.x series at the authority level. Closes ticket 40896.
+
+ o Minor feature (bridges, pluggable transport):
+ - Add STATUS TYPE=version handler for Pluggable Transport. This
+ allows us to gather version statistics on Pluggable Transport
+ usage from bridge servers on our metrics portal. Closes
+ ticket 11101.
+
+ o Minor feature (defense in depth):
+ - Verify needle is smaller than haystack before calling memmem.
+ Closes ticket 40854.
+
+ o Minor feature (dirauth):
+ - Add back faravahar with a new address and new keys. Closes 40689.
+
+ o Minor feature (dirauth, tor26):
+ - New IP address and keys.
+
+ o Minor feature (directory authority):
+ - Allow BandwidthFiles "node_id" KeyValue without the dollar sign at
+ the start of the hexdigit, in order to easier database queries
+ combining Tor documents in which the relays fingerprint does not
+ include it. Fixes bug 40891; bugfix on 0.4.7 (all supported
+ versions of Tor).
+ - Introduce MinimalAcceptedServerVersion to allow modification of
+ minimal accepted version for relays without requiring a new tor
+ release. Closes ticket 40817.
+
+ o Minor feature (exit policies):
+ - Implement reevaluating new exit policy against existing
+ connections. This is controlled by new config option
+ ReevaluateExitPolicy, defaulting to 0. Closes ticket 40676.
+
+ o Minor feature (exit relay, DoS resitance):
+ - Implement a token-bucket based rate limiter for stream creation
+ and resolve request. It is configured by the DoSStream* family of
+ configuration options. Closes ticket 40736.
+
+ o Minor feature (metrics port):
+ - New metrics on the MetricsPort for the number of BUG() that
+ occurred at runtime. Closes MR 760.
+
+ o Minor feature (metrics port, relay):
+ - Add new metrics for relays on the MetricsPort namely the count of
+ drop cell, destroy cell and the number of circuit protocol
+ violation seen that lead to a circuit close. Closes ticket 40816.
+
+ o Minor feature (testing):
+ - test-network now unconditionally includes IPv6 instead of trying
+ to detect IPv6 support.
+
+ o Minor feature (testing, CI):
+ - Use a fixed version of chutney (be881a1e) instead of its current
+ HEAD. This version should also be preferred when testing locally.
+
+ o Minor features (debugging, compression):
+ - Log the input and output buffer sizes when we detect a potential
+ compression bomb. Diagnostic for ticket 40739.
+
+ o Minor features (forward-compatibility):
+ - We now correctly parse microdescriptors and router descriptors
+ that do not include TAP onion keys. (For backward compatibility,
+ authorities continue to require these keys.) Implements part of
+ proposal 350.
+
+ o Minor features (portability, android):
+ - Use /data/local/tmp for data storage on Android by default. Closes
+ ticket 40487. Patch from Hans-Christoph Steiner.
+
+ o Minor features (SOCKS):
+ - Detect invalid SOCKS5 username/password combinations according to
+ new extended parameters syntax. (Currently, this rejects any
+ SOCKS5 username beginning with "<torS0X>", except for the username
+ "<torS0X>0". Such usernames are now reserved to communicate
+ additional parameters with other Tor implementations.) Implements
+ proposal 351.
+
+ o Minor bugfix (circuit):
+ - Remove a log_warn being triggered by a protocol violation that
+ already emits a protocol warning log. Fixes bug 40932; bugfix
+ on 0.4.8.1-alpha.
+
+ o Minor bugfix (defensive programming):
+ - Disable multiple BUG warnings of a missing relay identity key when
+ starting an instance of Tor compiled without relay support. Fixes
+ bug 40848; bugfix on 0.4.3.1-alpha.
+
+ o Minor bugfix (MetricsPort, relay):
+ - Handle rephist tracking of ntor and ntor_v3 handshakes
+ individually such that MetricsPort exposes the correct values.
+ Fixes bug 40638; bugfix on 0.4.7.11.
+
+ o Minor bugfix (NetBSD, compilation):
+ - Fix compilation issue on NetBSD by avoiding an unnecessary
+ dependency on "huge" page mappings in Equi-X. Fixes bug 40843;
+ bugfix on 0.4.8.1-alpha.
+
+ o Minor bugfix (NetBSD, testing):
+ - Fix test failures in "crypto/hashx" and "slow/crypto/equix" on
+ x86_64 and aarch64 NetBSD hosts, by adding support for
+ PROT_MPROTECT() flags. Fixes bug 40844; bugfix on 0.4.8.1-alpha.
+
+ o Minor bugfix (process):
+ - Avoid closing all possible FDs when spawning a process (PT). On
+ some systems, this could lead to 3+ minutes hang. Fixes bug 40990;
+ bugfix on 0.3.5.1-alpha.
+
+ o Minor bugfix (relay, sandbox):
+ - Disable a sandbox unit test that is failing on Debian Sid breaking
+ our nightly packages. Fixes bug 40918; bugfix on 0.3.5.1-alpha.
+
+ o Minor bugfixes (bridge authority):
+ - When reporting a pseudo-networkstatus as a bridge authority, or
+ answering "ns/purpose/*" controller requests, include accurate
+ published-on dates from our list of router descriptors. Fixes bug
+ 40855; bugfix on 0.4.8.1-alpha.
+
+ o Minor bugfixes (bridge):
+ - Don't warn when BridgeRelay is 1 and ExitRelay is explicitly set
+ to 0. Fixes bug 40884; bugfix on 0.4.8.3-rc.
+
+ o Minor bugfixes (bridges, statistics):
+ - Correctly report statistics for client count over Pluggable
+ transport. Fixes bug 40871; bugfix on 0.4.8.4
+
+ o Minor bugfixes (compiler warnings):
+ - Make sure the two bitfields in the half-closed edge struct are
+ unsigned, as we're using them for boolean values and assign 1 to
+ them. Fixes bug 40911; bugfix on 0.4.7.2-alpha.
+
+ o Minor bugfixes (compression, zstd):
+ - Use less frightening language and lower the log-level of our run-
+ time ABI compatibility check message in our Zstd compression
+ subsystem. Fixes bug 40815; bugfix on 0.4.3.1-alpha.
+
+ o Minor bugfixes (conflux):
+ - Avoid a potential hard assert (crash) when sending a cell on a
+ Conflux set. Fixes bug 40921; bugfix on 0.4.8.1-alpha.
+ - Demote a relay-side warn about too many legs to ProtocolWarn, as
+ there are conditions that it can briefly happen during set
+ construction. Also add additional set logging details for all
+ error cases. Fixes bug 40841; bugfix on 0.4.8.1-alpha.
+ - Make sure we don't process a closed circuit when packaging data.
+ This lead to a non fatal BUG() spamming logs. Fixes bug 40908;
+ bugfix on 0.4.8.1-alpha.
+ - Prevent non-fatal assert stacktrace caused by using conflux sets
+ during their teardown process. Fixes bug 40842; bugfix
+ on 0.4.8.1-alpha.
+
+ o Minor bugfixes (conflux, client):
+ - Avoid a non fatal assert caused by data coming in on a conflux set
+ that is being freed during shutdown. Fixes bug 40870; bugfix
+ on 0.4.8.1-alpha.
+
+ o Minor bugfixes (directory authorities):
+ - Add a warning when publishing a vote or signatures to another
+ directory authority fails. Fixes bug 40910; bugfix
+ on 0.2.0.3-alpha.
+
+ o Minor bugfixes (directory authority):
+ - Look at the network parameter "maxunmeasuredbw" with the correct
+ spelling. Fixes bug 40869; bugfix on 0.4.6.1-alpha.
+
+ o Minor bugfixes (memleak, authority):
+ - Fix a small memleak when computing a new consensus. This only
+ affects directory authorities. Fixes bug 40966; bugfix
+ on 0.3.5.1-alpha.
+
+ o Minor bugfixes (memory):
+ - Fix a pointer free that wasn't set to NULL afterwards which could
+ be reused by calling back in the free all function. Fixes bug
+ 40989; bugfix on 0.4.8.13.
+ - Fix memory leaks of the CPU worker code during shutdown. Fixes bug
+ 833; bugfix on 0.3.5.1-alpha.
+
+ o Minor bugfixes (sandbox, bwauth):
+ - Fix sandbox to work for bandwidth authority. Fixes bug 40933;
+ bugfix on 0.2.2.1-alpha
+
+ o Minor bugfixes (testing):
+ - Enabling TestingTorNetwork no longer forces fast hidden service
+ intro point rotation. This reduces noise and errors when using
+ hidden services with TestingTorNetwork enabled. Fixes bug 40922;
+ bugfix on 0.3.2.1-alpha.
+
+ o Minor bugfixes (tor-resolve):
+ - Create socket with correct family as given by sockshost, fixes
+ IPv6. Fixes bug 40982; bugfix on 0.4.9.0-alpha.
+
+ o Minor bugfixes (vanguards addon support):
+ - Count the conflux linked cell as valid when it is successfully
+ processed. This will quiet a spurious warn in the vanguards addon.
+ Fixes bug 40878; bugfix on 0.4.8.1-alpha.
+
+ o Removed features:
+ - Directory authorities no longer support consensus methods before
+ method 32. Closes ticket 40835.
+
+ o Removed features (directory authority):
+ - We include a new consensus method that removes support for
+ computing "package" lines in consensus documents. This feature was
+ never used, and support for including it in our votes was removed
+ in 0.4.2.1-alpha. Finishes implementation of proposal 301.
+
+ o Removed features (obsolete):
+ - Relays no longer support the obsolete TAP circuit extension
+ protocol. (For backward compatibility, however, relays still
+ continue to include TAP keys in their descriptors.) Implements
+ part of proposal 350.
+ - Removed some vestigial code for selecting the TAP circuit
+ extension protocol.
+
+
Changes in version 0.4.8.12 - 2024-06-06
This is a minor release with couple bugfixes affecting conflux and logging.
We also have the return of faravahar directory authority with new keys and
diff --git a/ReleaseNotes b/ReleaseNotes
index 670d8fb89a..7e5dce10e8 100644
--- a/ReleaseNotes
+++ b/ReleaseNotes
@@ -2,6 +2,282 @@ This document summarizes new features and bugfixes in each stable
release of Tor. If you want to see more detailed descriptions of the
changes in each development snapshot, see the ChangeLog file.
+Changes in version 0.4.9.1-alpha - 2024-12-03
+ This is the first alpha of the 0.4.9.x series. This release mostly consists
+ of bugfixes including some major ones. There are several minor features in
+ this release but no large new subsystem. Most of the fixes in this release
+ are already in 0.4.8.x stable series.
+
+ o Major bugfixes (circuit building):
+ - Conflux circuit building was ignoring the "predicted ports"
+ feature, which aims to make Tor stop building circuits if there
+ have been no user requests lately. This bug led to every idle Tor
+ on the network building and discarding circuits every 30 seconds,
+ which added overall load to the network, used bandwidth and
+ battery from clients that weren't actively using their Tor, and
+ kept sockets open on guards which added connection padding
+ essentially forever. Fixes bug 40981; bugfix on 0.4.8.1-alpha;
+
+ o Major bugfixes (conflux):
+ - Fix an issue that prevented us from pre-building more conflux sets
+ after existing sets had been used. Fixes bug 40862; bugfix
+ on 0.4.8.1-alpha.
+
+ o Major bugfixes (guard usage):
+ - When Tor excluded a guard due to temporary circuit restrictions,
+ it considered *additional* primary guards for potential usage by
+ that circuit. This could result in more than the specified number
+ of guards (currently 2) being used, long-term, by the tor client.
+ This could happen when a Guard was also selected as an Exit node,
+ but it was exacerbated by the Conflux guard restrictions. Both
+ instances have been fixed. Fixes bug 40876; bugfix
+ on 0.3.0.1-alpha.
+
+ o Major bugfixes (onion service):
+ - Fix a reliability issue where services were expiring their
+ introduction points every consensus update. This caused
+ connectivity issues for clients caching the old descriptor and
+ intro points. Bug reported and fixed by gitlab user
+ @hyunsoo.kim676. Fixes bug 40858; bugfix on 0.4.7.5-alpha.
+
+ o Major bugfixes (onion service, TROVE-2023-006):
+ - Fix a possible hard assert on a NULL pointer when recording a
+ failed rendezvous circuit on the service side for the MetricsPort.
+ Fixes bug 40883; bugfix on 0.4.8.1-alpha
+
+ o Major bugfixes (sandbox):
+ - Fix sandbox to work on architectures that use Linux's generic
+ syscall interface, extending support for AArch64 (ARM64) and
+ adding support for RISC-V, allowing test_include.sh and the
+ sandbox unit tests to pass on these systems even when building
+ with fragile hardening enabled. Fixes bugs 40465 and 40599; bugfix
+ on 0.2.5.1-alpha.
+
+ o Major bugfixes (TROVE-2023-004, relay):
+ - Mitigate an issue when Tor compiled with OpenSSL can crash during
+ handshake with a remote relay. Fixes bug 40874; bugfix
+ on 0.2.7.2-alpha.
+
+ o Major bugfixes (TROVE-2023-007, exit):
+ - Improper error propagation from a safety check in conflux leg
+ linking lead to a desynchronization of which legs were part of a
+ conflux set, ultimately causing a UAF and NULL pointer dereference
+ crash on Exit relays. Fixes bug 40897; bugfix on 0.4.8.1-alpha.
+
+ o Minor feature (authority):
+ - Reject 0.4.7.x series at the authority level. Closes ticket 40896.
+
+ o Minor feature (bridges, pluggable transport):
+ - Add STATUS TYPE=version handler for Pluggable Transport. This
+ allows us to gather version statistics on Pluggable Transport
+ usage from bridge servers on our metrics portal. Closes
+ ticket 11101.
+
+ o Minor feature (defense in depth):
+ - Verify needle is smaller than haystack before calling memmem.
+ Closes ticket 40854.
+
+ o Minor feature (dirauth):
+ - Add back faravahar with a new address and new keys. Closes 40689.
+
+ o Minor feature (dirauth, tor26):
+ - New IP address and keys.
+
+ o Minor feature (directory authority):
+ - Allow BandwidthFiles "node_id" KeyValue without the dollar sign at
+ the start of the hexdigit, in order to easier database queries
+ combining Tor documents in which the relays fingerprint does not
+ include it. Fixes bug 40891; bugfix on 0.4.7 (all supported
+ versions of Tor).
+ - Introduce MinimalAcceptedServerVersion to allow modification of
+ minimal accepted version for relays without requiring a new tor
+ release. Closes ticket 40817.
+
+ o Minor feature (exit policies):
+ - Implement reevaluating new exit policy against existing
+ connections. This is controlled by new config option
+ ReevaluateExitPolicy, defaulting to 0. Closes ticket 40676.
+
+ o Minor feature (exit relay, DoS resitance):
+ - Implement a token-bucket based rate limiter for stream creation
+ and resolve request. It is configured by the DoSStream* family of
+ configuration options. Closes ticket 40736.
+
+ o Minor feature (metrics port):
+ - New metrics on the MetricsPort for the number of BUG() that
+ occurred at runtime. Closes MR 760.
+
+ o Minor feature (metrics port, relay):
+ - Add new metrics for relays on the MetricsPort namely the count of
+ drop cell, destroy cell and the number of circuit protocol
+ violation seen that lead to a circuit close. Closes ticket 40816.
+
+ o Minor feature (testing):
+ - test-network now unconditionally includes IPv6 instead of trying
+ to detect IPv6 support.
+
+ o Minor feature (testing, CI):
+ - Use a fixed version of chutney (be881a1e) instead of its current
+ HEAD. This version should also be preferred when testing locally.
+
+ o Minor features (debugging, compression):
+ - Log the input and output buffer sizes when we detect a potential
+ compression bomb. Diagnostic for ticket 40739.
+
+ o Minor features (forward-compatibility):
+ - We now correctly parse microdescriptors and router descriptors
+ that do not include TAP onion keys. (For backward compatibility,
+ authorities continue to require these keys.) Implements part of
+ proposal 350.
+
+ o Minor features (portability, android):
+ - Use /data/local/tmp for data storage on Android by default. Closes
+ ticket 40487. Patch from Hans-Christoph Steiner.
+
+ o Minor features (SOCKS):
+ - Detect invalid SOCKS5 username/password combinations according to
+ new extended parameters syntax. (Currently, this rejects any
+ SOCKS5 username beginning with "<torS0X>", except for the username
+ "<torS0X>0". Such usernames are now reserved to communicate
+ additional parameters with other Tor implementations.) Implements
+ proposal 351.
+
+ o Minor bugfix (circuit):
+ - Remove a log_warn being triggered by a protocol violation that
+ already emits a protocol warning log. Fixes bug 40932; bugfix
+ on 0.4.8.1-alpha.
+
+ o Minor bugfix (defensive programming):
+ - Disable multiple BUG warnings of a missing relay identity key when
+ starting an instance of Tor compiled without relay support. Fixes
+ bug 40848; bugfix on 0.4.3.1-alpha.
+
+ o Minor bugfix (MetricsPort, relay):
+ - Handle rephist tracking of ntor and ntor_v3 handshakes
+ individually such that MetricsPort exposes the correct values.
+ Fixes bug 40638; bugfix on 0.4.7.11.
+
+ o Minor bugfix (NetBSD, compilation):
+ - Fix compilation issue on NetBSD by avoiding an unnecessary
+ dependency on "huge" page mappings in Equi-X. Fixes bug 40843;
+ bugfix on 0.4.8.1-alpha.
+
+ o Minor bugfix (NetBSD, testing):
+ - Fix test failures in "crypto/hashx" and "slow/crypto/equix" on
+ x86_64 and aarch64 NetBSD hosts, by adding support for
+ PROT_MPROTECT() flags. Fixes bug 40844; bugfix on 0.4.8.1-alpha.
+
+ o Minor bugfix (process):
+ - Avoid closing all possible FDs when spawning a process (PT). On
+ some systems, this could lead to 3+ minutes hang. Fixes bug 40990;
+ bugfix on 0.3.5.1-alpha.
+
+ o Minor bugfix (relay, sandbox):
+ - Disable a sandbox unit test that is failing on Debian Sid breaking
+ our nightly packages. Fixes bug 40918; bugfix on 0.3.5.1-alpha.
+
+ o Minor bugfixes (bridge authority):
+ - When reporting a pseudo-networkstatus as a bridge authority, or
+ answering "ns/purpose/*" controller requests, include accurate
+ published-on dates from our list of router descriptors. Fixes bug
+ 40855; bugfix on 0.4.8.1-alpha.
+
+ o Minor bugfixes (bridge):
+ - Don't warn when BridgeRelay is 1 and ExitRelay is explicitly set
+ to 0. Fixes bug 40884; bugfix on 0.4.8.3-rc.
+
+ o Minor bugfixes (bridges, statistics):
+ - Correctly report statistics for client count over Pluggable
+ transport. Fixes bug 40871; bugfix on 0.4.8.4
+
+ o Minor bugfixes (compiler warnings):
+ - Make sure the two bitfields in the half-closed edge struct are
+ unsigned, as we're using them for boolean values and assign 1 to
+ them. Fixes bug 40911; bugfix on 0.4.7.2-alpha.
+
+ o Minor bugfixes (compression, zstd):
+ - Use less frightening language and lower the log-level of our run-
+ time ABI compatibility check message in our Zstd compression
+ subsystem. Fixes bug 40815; bugfix on 0.4.3.1-alpha.
+
+ o Minor bugfixes (conflux):
+ - Avoid a potential hard assert (crash) when sending a cell on a
+ Conflux set. Fixes bug 40921; bugfix on 0.4.8.1-alpha.
+ - Demote a relay-side warn about too many legs to ProtocolWarn, as
+ there are conditions that it can briefly happen during set
+ construction. Also add additional set logging details for all
+ error cases. Fixes bug 40841; bugfix on 0.4.8.1-alpha.
+ - Make sure we don't process a closed circuit when packaging data.
+ This lead to a non fatal BUG() spamming logs. Fixes bug 40908;
+ bugfix on 0.4.8.1-alpha.
+ - Prevent non-fatal assert stacktrace caused by using conflux sets
+ during their teardown process. Fixes bug 40842; bugfix
+ on 0.4.8.1-alpha.
+
+ o Minor bugfixes (conflux, client):
+ - Avoid a non fatal assert caused by data coming in on a conflux set
+ that is being freed during shutdown. Fixes bug 40870; bugfix
+ on 0.4.8.1-alpha.
+
+ o Minor bugfixes (directory authorities):
+ - Add a warning when publishing a vote or signatures to another
+ directory authority fails. Fixes bug 40910; bugfix
+ on 0.2.0.3-alpha.
+
+ o Minor bugfixes (directory authority):
+ - Look at the network parameter "maxunmeasuredbw" with the correct
+ spelling. Fixes bug 40869; bugfix on 0.4.6.1-alpha.
+
+ o Minor bugfixes (memleak, authority):
+ - Fix a small memleak when computing a new consensus. This only
+ affects directory authorities. Fixes bug 40966; bugfix
+ on 0.3.5.1-alpha.
+
+ o Minor bugfixes (memory):
+ - Fix a pointer free that wasn't set to NULL afterwards which could
+ be reused by calling back in the free all function. Fixes bug
+ 40989; bugfix on 0.4.8.13.
+ - Fix memory leaks of the CPU worker code during shutdown. Fixes bug
+ 833; bugfix on 0.3.5.1-alpha.
+
+ o Minor bugfixes (sandbox, bwauth):
+ - Fix sandbox to work for bandwidth authority. Fixes bug 40933;
+ bugfix on 0.2.2.1-alpha
+
+ o Minor bugfixes (testing):
+ - Enabling TestingTorNetwork no longer forces fast hidden service
+ intro point rotation. This reduces noise and errors when using
+ hidden services with TestingTorNetwork enabled. Fixes bug 40922;
+ bugfix on 0.3.2.1-alpha.
+
+ o Minor bugfixes (tor-resolve):
+ - Create socket with correct family as given by sockshost, fixes
+ IPv6. Fixes bug 40982; bugfix on 0.4.9.0-alpha.
+
+ o Minor bugfixes (vanguards addon support):
+ - Count the conflux linked cell as valid when it is successfully
+ processed. This will quiet a spurious warn in the vanguards addon.
+ Fixes bug 40878; bugfix on 0.4.8.1-alpha.
+
+ o Removed features:
+ - Directory authorities no longer support consensus methods before
+ method 32. Closes ticket 40835.
+
+ o Removed features (directory authority):
+ - We include a new consensus method that removes support for
+ computing "package" lines in consensus documents. This feature was
+ never used, and support for including it in our votes was removed
+ in 0.4.2.1-alpha. Finishes implementation of proposal 301.
+
+ o Removed features (obsolete):
+ - Relays no longer support the obsolete TAP circuit extension
+ protocol. (For backward compatibility, however, relays still
+ continue to include TAP keys in their descriptors.) Implements
+ part of proposal 350.
+ - Removed some vestigial code for selecting the TAP circuit
+ extension protocol.
+
+
Changes in version 0.4.8.12 - 2024-06-06
This is a minor release with couple bugfixes affecting conflux and logging.
We also have the return of faravahar directory authority with new keys and
diff --git a/changes/bug40465 b/changes/bug40465
deleted file mode 100644
index d07470f18f..0000000000
--- a/changes/bug40465
+++ /dev/null
@@ -1,6 +0,0 @@
- o Major bugfixes (sandbox):
- - Fix sandbox to work on architectures that use Linux's generic syscall
- interface, extending support for AArch64 (ARM64) and adding support for
- RISC-V, allowing test_include.sh and the sandbox unit tests to pass on
- these systems even when building with fragile hardening enabled. Fixes
- bugs 40465 and 40599; bugfix on 0.2.5.1-alpha.
diff --git a/changes/bug40841 b/changes/bug40841
deleted file mode 100644
index 2e67db3261..0000000000
--- a/changes/bug40841
+++ /dev/null
@@ -1,5 +0,0 @@
- o Minor bugfixes (conflux):
- - Demote a relay-side warn about too many legs to ProtocolWarn,
- as there are conditions that it can briefly happen during set
- construction. Also add additional set logging details for
- all error cases. Fixes bug 40841; bugfix on 0.4.8.1-alpha.
diff --git a/changes/bug40842 b/changes/bug40842
deleted file mode 100644
index bf3bd8bd03..0000000000
--- a/changes/bug40842
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfixes (conflux):
- - Prevent non-fatal assert stacktrace caused by using conflux
- sets during their teardown process. Fixes bug 40842;
- bugfix on 0.4.8.1-alpha.
diff --git a/changes/bug40855 b/changes/bug40855
deleted file mode 100644
index b455ac9a48..0000000000
--- a/changes/bug40855
+++ /dev/null
@@ -1,6 +0,0 @@
- o Minor bugfixes (bridge authority):
- - When reporting a pseudo-networkstatus as a bridge authority,
- or answering "ns/purpose/*" controller requests,
- include accurate published-on dates from our
- list of router descriptors. Fixes bug 40855;
- bugfix on 0.4.8.1-alpha.
diff --git a/changes/bug40858 b/changes/bug40858
deleted file mode 100644
index 4b9d85616e..0000000000
--- a/changes/bug40858
+++ /dev/null
@@ -1,6 +0,0 @@
- o Major bugfixes (onion service):
- - Fix a reliability issue where services were expiring their
- introduction points every consensus update. This caused connectivity
- issues for clients caching the old descriptor and intro points. Bug
- reported and fixed by gitlab user @hyunsoo.kim676. Fixes bug 40858;
- bugfix on 0.4.7.5-alpha.
diff --git a/changes/bug40862 b/changes/bug40862
deleted file mode 100644
index 83ad9376d9..0000000000
--- a/changes/bug40862
+++ /dev/null
@@ -1,3 +0,0 @@
- o Major bugfixes (conflux):
- - Fix an issue that prevented us from pre-building more conflux sets after
- existing sets had been used. Fixes bug 40862; bugfix on 0.4.8.1-alpha.
diff --git a/changes/bug40869 b/changes/bug40869
deleted file mode 100644
index da9666333f..0000000000
--- a/changes/bug40869
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor bugfixes (directory authority):
- - Look at the network parameter "maxunmeasuredbw" with the
- correct spelling. Fixes bug 40869; bugfix on 0.4.6.1-alpha.
diff --git a/changes/bug40876 b/changes/bug40876
deleted file mode 100644
index a467cf64c1..0000000000
--- a/changes/bug40876
+++ /dev/null
@@ -1,8 +0,0 @@
- o Major bugfixes (guard usage):
- - When Tor excluded a guard due to temporary circuit restrictions,
- it considered *additional* primary guards for potential usage
- by that circuit. This could result in more than the specified number
- of guards (currently 2) being used, long-term, by the tor client.
- This could happen when a Guard was also selected as an Exit node,
- but it was exacerbated by the Conflux guard restrictions. Both
- instances have been fixed. Fixes bug 40876; bugfix on 0.3.0.1-alpha.
diff --git a/changes/bug40878 b/changes/bug40878
deleted file mode 100644
index 503ace69da..0000000000
--- a/changes/bug40878
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfixes (vanguards addon support):
- - Count the conflux linked cell as valid when it is successfully
- processed. This will quiet a spurious warn in the vanguards addon.
- Fixes bug 40878; bugfix on 0.4.8.1-alpha.
diff --git a/changes/bug40884 b/changes/bug40884
deleted file mode 100644
index 8f2af04fcb..0000000000
--- a/changes/bug40884
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor bugfixes (bridge):
- - Don't warn when BridgeRelay is 1 and ExitRelay is explicitly set to 0.
- Fixes bug 40884; bugfix on 0.4.8.3-rc.
diff --git a/changes/bug40897 b/changes/bug40897
deleted file mode 100644
index 0c41033c9d..0000000000
--- a/changes/bug40897
+++ /dev/null
@@ -1,6 +0,0 @@
- o Major bugfixes (TROVE-2023-007, exit):
- - Improper error propagation from a safety check in conflux leg
- linking lead to a desynchronization of which legs were part of
- a conflux set, ultimately causing a UAF and NULL pointer
- dereference crash on Exit relays. Fixes bug 40897;
- bugfix on 0.4.8.1-alpha.
diff --git a/changes/bug40910 b/changes/bug40910
deleted file mode 100644
index 6de15bf8c9..0000000000
--- a/changes/bug40910
+++ /dev/null
@@ -1,5 +0,0 @@
- o Minor bugfixes (directory authorities):
- - Add a warning when publishing a vote or signatures to another
- directory authority fails. Fixes bug 40910; bugfix on
- 0.2.0.3-alpha.
-
diff --git a/changes/bug40911 b/changes/bug40911
deleted file mode 100644
index c938b56225..0000000000
--- a/changes/bug40911
+++ /dev/null
@@ -1,5 +0,0 @@
- o Minor bugfixes (compiler warnings):
- - Make sure the two bitfields in the half-closed edge struct are
- unsigned, as we're using them for boolean values and assign 1 to
- them. Fixes bug 40911; bugfix on 0.4.7.2-alpha.
-
diff --git a/changes/bug40922 b/changes/bug40922
deleted file mode 100644
index e47e4f1461..0000000000
--- a/changes/bug40922
+++ /dev/null
@@ -1,5 +0,0 @@
- o Minor bugfixes (testing):
- - Enabling TestingTorNetwork no longer forces fast hidden service
- intro point rotation. This reduces noise and errors when
- using hidden services with TestingTorNetwork enabled.
- Fixes bug 40922; bugfix on 0.3.2.1-alpha.
diff --git a/changes/bug40933 b/changes/bug40933
deleted file mode 100644
index c4f9eb085f..0000000000
--- a/changes/bug40933
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor bugfixes (sandbox, bwauth):
- - Fix sandbox to work for bandwidth authority. Fixes bug 40933; bugfix on
- 0.2.2.1-alpha
diff --git a/changes/bug40981 b/changes/bug40981
deleted file mode 100644
index 7979685c35..0000000000
--- a/changes/bug40981
+++ /dev/null
@@ -1,9 +0,0 @@
- o Major bugfixes (circuit building):
- - Conflux circuit building was ignoring the "predicted ports" feature,
- which aims to make Tor stop building circuits if there have been
- no user requests lately. This bug led to every idle Tor on the
- network building and discarding circuits every 30 seconds, which
- added overall load to the network, used bandwidth and battery from
- clients that weren't actively using their Tor, and kept sockets open
- on guards which added connection padding essentially forever. Fixes
- bug 40981; bugfix on 0.4.8.1-alpha;
diff --git a/changes/bug40982 b/changes/bug40982
deleted file mode 100644
index cb38ec5c71..0000000000
--- a/changes/bug40982
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfixes (tor-resolve):
- - Create socket with correct family as given by sockshost, fixes IPv6.
- Fixes bug 40982; bugfix on 0.4.9.0-alpha.
-
diff --git a/changes/ci-pin-chutney b/changes/ci-pin-chutney
deleted file mode 100644
index f572de9d92..0000000000
--- a/changes/ci-pin-chutney
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor feature (testing, CI):
- - Use a fixed version of chutney (be881a1e) instead of its current HEAD.
- This version should also be preferred when testing locally.
diff --git a/changes/fallbackdirs-2023-08-30 b/changes/fallbackdirs-2023-08-30
deleted file mode 100644
index 499fc8e168..0000000000
--- a/changes/fallbackdirs-2023-08-30
+++ /dev/null
@@ -1,2 +0,0 @@
- o Minor features (fallbackdir):
- - Regenerate fallback directories generated on August 30, 2023.
diff --git a/changes/fallbackdirs-2023-09-18 b/changes/fallbackdirs-2023-09-18
deleted file mode 100644
index be3ef1720f..0000000000
--- a/changes/fallbackdirs-2023-09-18
+++ /dev/null
@@ -1,2 +0,0 @@
- o Minor features (fallbackdir):
- - Regenerate fallback directories generated on September 18, 2023.
diff --git a/changes/fallbackdirs-2023-09-25 b/changes/fallbackdirs-2023-09-25
deleted file mode 100644
index b5cd48d5d1..0000000000
--- a/changes/fallbackdirs-2023-09-25
+++ /dev/null
@@ -1,2 +0,0 @@
- o Minor features (fallbackdir):
- - Regenerate fallback directories generated on September 25, 2023.
diff --git a/changes/fallbackdirs-2023-11-03 b/changes/fallbackdirs-2023-11-03
deleted file mode 100644
index a6456a97e7..0000000000
--- a/changes/fallbackdirs-2023-11-03
+++ /dev/null
@@ -1,2 +0,0 @@
- o Minor features (fallbackdir):
- - Regenerate fallback directories generated on November 03, 2023.
diff --git a/changes/fallbackdirs-2023-11-09 b/changes/fallbackdirs-2023-11-09
deleted file mode 100644
index fcdc92280b..0000000000
--- a/changes/fallbackdirs-2023-11-09
+++ /dev/null
@@ -1,2 +0,0 @@
- o Minor features (fallbackdir):
- - Regenerate fallback directories generated on November 09, 2023.
diff --git a/changes/fallbackdirs-2023-12-08 b/changes/fallbackdirs-2023-12-08
deleted file mode 100644
index 884011e989..0000000000
--- a/changes/fallbackdirs-2023-12-08
+++ /dev/null
@@ -1,2 +0,0 @@
- o Minor features (fallbackdir):
- - Regenerate fallback directories generated on December 08, 2023.
diff --git a/changes/fallbackdirs-2024-04-10 b/changes/fallbackdirs-2024-04-10
deleted file mode 100644
index 4527785112..0000000000
--- a/changes/fallbackdirs-2024-04-10
+++ /dev/null
@@ -1,2 +0,0 @@
- o Minor features (fallbackdir):
- - Regenerate fallback directories generated on April 10, 2024.
diff --git a/changes/fallbackdirs-2024-06-06 b/changes/fallbackdirs-2024-06-06
deleted file mode 100644
index 7775f953c7..0000000000
--- a/changes/fallbackdirs-2024-06-06
+++ /dev/null
@@ -1,2 +0,0 @@
- o Minor features (fallbackdir):
- - Regenerate fallback directories generated on June 06, 2024.
diff --git a/changes/fallbackdirs-2024-10-24 b/changes/fallbackdirs-2024-10-24
deleted file mode 100644
index ddc452e525..0000000000
--- a/changes/fallbackdirs-2024-10-24
+++ /dev/null
@@ -1,2 +0,0 @@
- o Minor features (fallbackdir):
- - Regenerate fallback directories generated on October 24, 2024.
diff --git a/changes/geoip-2023-08-30 b/changes/geoip-2023-08-30
deleted file mode 100644
index 2238cbf788..0000000000
--- a/changes/geoip-2023-08-30
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor features (geoip data):
- - Update the geoip files to match the IPFire Location Database,
- as retrieved on 2023/08/30.
diff --git a/changes/geoip-2023-09-18 b/changes/geoip-2023-09-18
deleted file mode 100644
index d09d9d4a53..0000000000
--- a/changes/geoip-2023-09-18
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor features (geoip data):
- - Update the geoip files to match the IPFire Location Database,
- as retrieved on 2023/09/18.
diff --git a/changes/geoip-2023-09-25 b/changes/geoip-2023-09-25
deleted file mode 100644
index a6ec201381..0000000000
--- a/changes/geoip-2023-09-25
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor features (geoip data):
- - Update the geoip files to match the IPFire Location Database,
- as retrieved on 2023/09/25.
diff --git a/changes/geoip-2023-11-03 b/changes/geoip-2023-11-03
deleted file mode 100644
index eedd3394ad..0000000000
--- a/changes/geoip-2023-11-03
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor features (geoip data):
- - Update the geoip files to match the IPFire Location Database,
- as retrieved on 2023/11/03.
diff --git a/changes/geoip-2023-11-09 b/changes/geoip-2023-11-09
deleted file mode 100644
index cf38ab9b47..0000000000
--- a/changes/geoip-2023-11-09
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor features (geoip data):
- - Update the geoip files to match the IPFire Location Database,
- as retrieved on 2023/11/09.
diff --git a/changes/geoip-2023-12-08 b/changes/geoip-2023-12-08
deleted file mode 100644
index 8d34d777b9..0000000000
--- a/changes/geoip-2023-12-08
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor features (geoip data):
- - Update the geoip files to match the IPFire Location Database,
- as retrieved on 2023/12/08.
diff --git a/changes/geoip-2024-04-10 b/changes/geoip-2024-04-10
deleted file mode 100644
index 30a95612a0..0000000000
--- a/changes/geoip-2024-04-10
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor features (geoip data):
- - Update the geoip files to match the IPFire Location Database,
- as retrieved on 2024/04/10.
diff --git a/changes/geoip-2024-06-06 b/changes/geoip-2024-06-06
deleted file mode 100644
index 2827b8649c..0000000000
--- a/changes/geoip-2024-06-06
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor features (geoip data):
- - Update the geoip files to match the IPFire Location Database,
- as retrieved on 2024/06/06.
diff --git a/changes/geoip-2024-10-24 b/changes/geoip-2024-10-24
deleted file mode 100644
index 1aae8b1c02..0000000000
--- a/changes/geoip-2024-10-24
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor features (geoip data):
- - Update the geoip files to match the IPFire Location Database,
- as retrieved on 2024/10/24.
diff --git a/changes/mr760 b/changes/mr760
deleted file mode 100644
index 845e1031f7..0000000000
--- a/changes/mr760
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor feature (metrics port):
- - New metrics on the MetricsPort for the number of BUG() that occurred at
- runtime. Closes MR 760.
-
diff --git a/changes/prop301 b/changes/prop301
deleted file mode 100644
index 1b270e8cc5..0000000000
--- a/changes/prop301
+++ /dev/null
@@ -1,6 +0,0 @@
- o Removed features (directory authority):
- - We include a new consensus method that removes support for
- computing "package" lines in consensus documents. This feature was
- never used, and support for
- including it in our votes was removed in 0.4.2.1-alpha.
- Finishes implementation of proposal 301.
diff --git a/changes/prop351 b/changes/prop351
deleted file mode 100644
index fca604f1a1..0000000000
--- a/changes/prop351
+++ /dev/null
@@ -1,7 +0,0 @@
- o Minor features (SOCKS):
- - Detect invalid SOCKS5 username/password combinations according to
- new extended parameters syntax. (Currently, this rejects any
- SOCKS5 username beginning with "<torS0X>", except for the username
- "<torS0X>0". Such usernames are now reserved to communicate additional
- parameters with other Tor implementations.)
- Implements proposal 351.
diff --git a/changes/tap-out-part-1 b/changes/tap-out-part-1
deleted file mode 100644
index 3d8a445f12..0000000000
--- a/changes/tap-out-part-1
+++ /dev/null
@@ -1,12 +0,0 @@
- o Removed features (obsolete):
- - Relays no longer support the obsolete TAP circuit extension
- protocol. (For backward compatibility, however, relays still continue to
- include TAP keys in their descriptors.) Implements part
- of proposal 350.
- - Removed some vestigial code for selecting the TAP circuit extension
- protocol.
-
- o Minor features (forward-compatibility):
- - We now correctly parse microdescriptors and router descriptors
- that do not include TAP onion keys. (For backward compatibility,
- authorities continue to require these keys.) Implements part of proposal 350.
diff --git a/changes/testing b/changes/testing
deleted file mode 100644
index 744a7849d3..0000000000
--- a/changes/testing
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor feature (testing):
- - test-network now unconditionally includes IPv6 instead of trying to
- detect IPv6 support.
diff --git a/changes/thread-memleak b/changes/thread-memleak
deleted file mode 100644
index a90792c01e..0000000000
--- a/changes/thread-memleak
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor bugfixes (memory):
- - Fix memory leaks of the CPU worker code during shutdown. Fixes bug 833;
- bugfix on 0.3.5.1-alpha.
diff --git a/changes/ticket11101 b/changes/ticket11101
deleted file mode 100644
index 6c898caa5b..0000000000
--- a/changes/ticket11101
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor feature (bridges, pluggable transport):
- - Add STATUS TYPE=version handler for Pluggable Transport. This allows us to
- gather version statistics on Pluggable Transport usage from bridge servers
- on our metrics portal. Closes ticket 11101.
diff --git a/changes/ticket40248 b/changes/ticket40248
deleted file mode 100644
index 3e8dd96cda..0000000000
--- a/changes/ticket40248
+++ /dev/null
@@ -1,2 +0,0 @@
- o Minor feature (DNS, client):
- - Add 0xF2 returned code in case of an empty DNS response. Closes ticket 40248
diff --git a/changes/ticket40487 b/changes/ticket40487
deleted file mode 100644
index bd64d475b8..0000000000
--- a/changes/ticket40487
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor features (portability, android):
- - Use /data/local/tmp for data storage on Android by default. Closes ticket
- 40487. Patch from Hans-Christoph Steiner.
diff --git a/changes/ticket40638 b/changes/ticket40638
deleted file mode 100644
index 98114b8136..0000000000
--- a/changes/ticket40638
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfix (MetricsPort, relay):
- - Handle rephist tracking of ntor and ntor_v3 handshakes individually such
- that MetricsPort exposes the correct values. Fixes bug 40638; bugfix on 0.4.7.11.
-
diff --git a/changes/ticket40676 b/changes/ticket40676
deleted file mode 100644
index 5a025d79b6..0000000000
--- a/changes/ticket40676
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor feature (exit policies):
- - Implement reevaluating new exit policy against existing connections. This
- is controlled by new config option ReevaluateExitPolicy, defaulting to 0.
- Closes ticket 40676.
diff --git a/changes/ticket40689 b/changes/ticket40689
deleted file mode 100644
index 735d3df02f..0000000000
--- a/changes/ticket40689
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor feature (dirauth):
- - Add back faravahar with a new address and new keys. Closes 40689.
-
diff --git a/changes/ticket40736 b/changes/ticket40736
deleted file mode 100644
index 8f233308a4..0000000000
--- a/changes/ticket40736
+++ /dev/null
@@ -1,5 +0,0 @@
- o Minor feature (exit relay, DoS(resitance):
- - Implement a token-bucket based rate limiter for stream creation and
- resolve request. It is configured by the DoSStream* family of
- configuration options.
- Closes ticket 40736.
diff --git a/changes/ticket40739 b/changes/ticket40739
deleted file mode 100644
index f60bfc5d87..0000000000
--- a/changes/ticket40739
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor features (debugging, compression):
- - Log the input and output buffer sizes when we detect a potential
- compression bomb. Diagnostic for ticket 40739.
diff --git a/changes/ticket40815 b/changes/ticket40815
deleted file mode 100644
index 88129b7bb1..0000000000
--- a/changes/ticket40815
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfixes (compression, zstd):
- - Use less frightening language and lower the log-level of our run-time ABI
- compatibility check message in our Zstd compression subsystem. Fixes bug
- 40815; bugfix on 0.4.3.1-alpha.
diff --git a/changes/ticket40816 b/changes/ticket40816
deleted file mode 100644
index 509b11ad7e..0000000000
--- a/changes/ticket40816
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor feature (metrics port, relay):
- - Add new metrics for relays on the MetricsPort namely the count of drop
- cell, destroy cell and the number of circuit protocol violation seen that
- lead to a circuit close. Closes ticket 40816.
diff --git a/changes/ticket40817 b/changes/ticket40817
deleted file mode 100644
index c99e866d62..0000000000
--- a/changes/ticket40817
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor feature (directory authority):
- - Introduce MinimalAcceptedServerVersion to allow modification of minimal
- accepted version for relays without requiring a new tor release.
- Closes ticket 40817.
diff --git a/changes/ticket40835 b/changes/ticket40835
deleted file mode 100644
index cda51a5d28..0000000000
--- a/changes/ticket40835
+++ /dev/null
@@ -1,3 +0,0 @@
- o Removed features:
- - Directory authorities no longer support consensus methods
- before method 32. Closes ticket 40835.
diff --git a/changes/ticket40843 b/changes/ticket40843
deleted file mode 100644
index 3af63a9164..0000000000
--- a/changes/ticket40843
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor bugfix (NetBSD, compilation):
- - Fix compilation issue on NetBSD by avoiding an unnecessary dependency on
- "huge" page mappings in Equi-X. Fixes bug 40843; bugfix on 0.4.8.1-alpha. \ No newline at end of file
diff --git a/changes/ticket40844 b/changes/ticket40844
deleted file mode 100644
index 73d3bb2b76..0000000000
--- a/changes/ticket40844
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfix (NetBSD, testing):
- - Fix test failures in "crypto/hashx" and "slow/crypto/equix" on x86_64
- and aarch64 NetBSD hosts, by adding support for PROT_MPROTECT() flags.
- Fixes bug 40844; bugfix on 0.4.8.1-alpha. \ No newline at end of file
diff --git a/changes/ticket40848 b/changes/ticket40848
deleted file mode 100644
index a50a9a028f..0000000000
--- a/changes/ticket40848
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfix (defensive programming):
- - Disable multiple BUG warnings of a missing relay identity key when
- starting an instance of Tor compiled without relay support.
- Fixes bug 40848; bugfix on 0.4.3.1-alpha.
diff --git a/changes/ticket40854 b/changes/ticket40854
deleted file mode 100644
index 1a5850cca0..0000000000
--- a/changes/ticket40854
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor feature (defense in depth):
- - verify needle is smaller than haystack before calling memmem.
- Closes ticket 40854.
diff --git a/changes/ticket40870 b/changes/ticket40870
deleted file mode 100644
index c33c83e1a6..0000000000
--- a/changes/ticket40870
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfixes (conflux, client):
- - Avoid a non fatal assert caused by data coming in on a conflux set that is
- being freed during shutdown. Fixes bug 40870; bugfix on 0.4.8.1-alpha.
-
diff --git a/changes/ticket40871 b/changes/ticket40871
deleted file mode 100644
index 32a89eed99..0000000000
--- a/changes/ticket40871
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor bugfixes (bridges, statistics):
- - Correctly report statistics for client count over Pluggable transport.
- Fixes bug 40871; bugfix on 0.4.8.4
diff --git a/changes/ticket40874 b/changes/ticket40874
deleted file mode 100644
index e1091f6b63..0000000000
--- a/changes/ticket40874
+++ /dev/null
@@ -1,3 +0,0 @@
- o Major bugfixes (TROVE-2023-004, relay):
- - Mitigate an issue when Tor compiled with OpenSSL can crash during
- handshake with a remote relay. Fixes bug 40874; bugfix on 0.2.7.2-alpha.
diff --git a/changes/ticket40883 b/changes/ticket40883
deleted file mode 100644
index 1186571122..0000000000
--- a/changes/ticket40883
+++ /dev/null
@@ -1,4 +0,0 @@
- o Major bugfixes (onion service, TROVE-2023-006):
- - Fix a possible hard assert on a NULL pointer when recording a failed
- rendezvous circuit on the service side for the MetricsPort. Fixes bug
- 40883; bugfix on 0.4.8.1-alpha
diff --git a/changes/ticket40891 b/changes/ticket40891
deleted file mode 100644
index c0e2080587..0000000000
--- a/changes/ticket40891
+++ /dev/null
@@ -1,5 +0,0 @@
- o Minor feature (directory authority):
- - Allow BandwidthFiles "node_id" KeyValue without the dollar sign at the
- start of the hexdigit, in order to easier database queries combining
- Tor documents in which the relays fingerprint does not include it.
- Fixes bug 40891; bugfix on 0.4.7 (all supported versions of Tor).
diff --git a/changes/ticket40896 b/changes/ticket40896
deleted file mode 100644
index 4f04ce71dc..0000000000
--- a/changes/ticket40896
+++ /dev/null
@@ -1,2 +0,0 @@
- o Minor feature (authority):
- - Reject 0.4.7.x series at the authority level. Closes ticket 40896. \ No newline at end of file
diff --git a/changes/ticket40908 b/changes/ticket40908
deleted file mode 100644
index 28cd3f0f36..0000000000
--- a/changes/ticket40908
+++ /dev/null
@@ -1,5 +0,0 @@
- o Minor bugfixes (conflux):
- - Make sure we don't process a closed circuit when packaging data. This lead
- to a non fatal BUG() spamming logs. Fixes bug 40908; bugfix on
- 0.4.8.1-alpha.
-
diff --git a/changes/ticket40918 b/changes/ticket40918
deleted file mode 100644
index 7d5e549eef..0000000000
--- a/changes/ticket40918
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor bugfix (relay, sandbox):
- - Disable a sandbox unit test that is failing on Debian Sid breaking our
- nightly packages. Fixes bug 40918; bugfix on 0.3.5.1-alpha.
diff --git a/changes/ticket40921 b/changes/ticket40921
deleted file mode 100644
index 5818b91864..0000000000
--- a/changes/ticket40921
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor bugfixes (conflux):
- - Avoid a potential hard assert (crash) when sending a cell on a Conflux
- set. Fixes bug 40921; bugfix on 0.4.8.1-alpha.
diff --git a/changes/ticket40932 b/changes/ticket40932
deleted file mode 100644
index 10e1b651c4..0000000000
--- a/changes/ticket40932
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor bugfix (circuit):
- - Remove a log_warn being triggered by a protocol violation that already
- emits a protocol warning log. Fixes bug 40932; bugfix on 0.4.8.1-alpha.
diff --git a/changes/ticket40966 b/changes/ticket40966
deleted file mode 100644
index 04fb3caded..0000000000
--- a/changes/ticket40966
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor bugfixes (memleak, authority):
- - Fix a small memleak when computing a new consensus. This only affects
- directory authorities. Fixes bug 40966; bugfix on 0.3.5.1-alpha.
diff --git a/changes/ticket40989 b/changes/ticket40989
deleted file mode 100644
index 26e4b030c6..0000000000
--- a/changes/ticket40989
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfixes (memory):
- - Fix a pointer free that wasn't set to NULL afterwards which could be
- reused by calling back in the free all function. Fixes bug 40989; bugfix
- on 0.4.8.13.
diff --git a/changes/ticket40990 b/changes/ticket40990
deleted file mode 100644
index af613088d8..0000000000
--- a/changes/ticket40990
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfix (process):
- - Avoid closing all possible FDs when spawning a process (PT). On some systems, this could
- lead to 3+ minutes hang. Fixes bug 40990; bugfix on 0.3.5.1-alpha.
-
diff --git a/changes/tor26-change b/changes/tor26-change
deleted file mode 100644
index 8aaabb094c..0000000000
--- a/changes/tor26-change
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor feature (dirauth, tor26):
- - New IP address and keys.
-