Start on a changelog for 0.3.1.1-alpha

1 files changed, 421 insertions, 0 deletions

diff --git a/ChangeLog b/ChangeLog
index fbeb7ce944..57871b0f8b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,424 @@
+Changes in version 0.3.3.1-alpha - 2018-01-??:
+  Blurb goes here
+
+  o Major feature (channel):
+    - Remove the incoming and outgoing channel queues. The reason to do
+      so was due to the fact that they were always empty meaning never
+      used but still looked at in our fast path. Bottom line, it was an
+      unused code path.
+    - The majority ot the channel unit tests have been rewritten and the
+      code coverage has now been raised to 83.6% for channel.c. Closes
+      ticket 23709.
+    - We've simplify a lot the channel subsystem by removing those
+      queues but also by removing a lot of unused code or dead code
+      around it. Overall this is a cleanup removing more than 1500 lines
+      of code overall and adding very little except for unit test.
+
+  o Major features (embedding):
+    - There is now a documented stable API for programs that need to
+      embed Tor. See tor_api.h for full documentation and known bugs.
+      Closes ticket 23684.
+    - Tor now has support for restarting in the same process.
+      Controllers that run Tor using the "tor_api.h" interface can now
+      restart Tor after Tor has exited. This support is incomplete,
+      however: we have fixed the crash bugs that prevented it from
+      working at all before, but many bugs probably remain, including
+      the possibility of security issues. Implements ticket 24581.
+
+  o Major features (IPv6, directory documents):
+    - Add consensus method 27, which adds IPv6 ORPorts to the microdesc
+      consensus. This makes it easier for IPv6 clients to bootstrap and
+      choose reachable entry guards. Implements 23826.
+    - Add consensus method 28, which removes IPv6 ORPorts from
+      microdescriptors. Now that there are IPv6 ORPorts in the microdesc
+      consensus, they are redundant in microdescs. This change is
+      compatible with tor clients on 0.2.8.x and later. (0.2.8.x
+      introduced client IPv6 bootstrap and guard support.)
+      Implements 23828.
+    - Expand the documentation for AuthDirHasIPv6Connectivity when it is
+      set by different numbers of authorities. Fixes 23870
+      on 0.2.4.1-alpha.
+
+  o Major features (onion service v3, control port):
+    - Control port now supports command and events for v3 onion
+      services. See proposal 284 for more information on what has been
+      done exactly. Only the HSFETCH command hasn't been implemented at
+      this stage because of a lack of use case with v3.
+
+      It is now possible to create ephemeral v3 services using the
+      ADD_ONION command. Additionally, several events (HS_DESC,
+      HS_DESC_CONTENT, CIRC and CIRC_MINOR) and commands (GETINFO,
+      HSPOST, ADD_ONION and DEL_ONION) have been extended to support v3
+      onion services. Closes ticket 20699.
+
+  o Major features (Onion Services):
+    - Provide torrc options to pin the second and third hops of onion
+      service circuits to a list of nodes. The option HSLayer2Guards
+      pins the second hop, and the option HSLayer3Guards pins the third
+      hop. Closes ticket 13837.
+
+  o Major features (relay):
+    - Implement an option, ReducedExitPolicy, to allow an Tor exit relay
+      operator to use a more reasonable ("reduced") exit policy, rather
+      than the default one. Closes ticket 13605. Patch from Neel Chauhan.
+
+  o Major features (Rust experimentation):
+    - Tor now ships with an optional implementation of one of its
+      smaller modules (protover.c) in the Rust programming language. To
+      try it out, install a Rust build environment, and configure Tor
+      with "--enable-rust --enable-cargo-online-mode". This should not
+      cause any user-visible changes, but should help us gain more
+      experience with Rust, and plan future Rust integration work.
+      Implementation by Chelsea Komlo. Closes ticket 22840.
+
+  o Major features (storage):
+    - Users can choose to store cached directory documents somewhere
+      other than the DataDirectory by using the CacheDirectory option.
+      Similarly, the storage location for relay's keys can be overridden
+      with the KeyDirectory option. Closes ticket 22703.
+
+  o Major features (v3 onion services):
+    - When v3 onion service clients send introduce cells, include the
+      IPv6 address of the rendezvous point, if it has one. v3 onion
+      services running 0.3.2 ignore IPv6 addresses. In future Tor
+      versions, IPv6-only v3 single onion services can use IPv6
+      addresses to connect directly to the rendezvous point. Closes
+      ticket 23577. Patch by Neel Chauhan.
+
+  o Major bugfixes (onion services):
+    - Fix an "off by 2" error in counting rendezvous failures on the
+      onion service side. While we thought we would stop the rendezvous
+      attempt after one failed circuit, we were actually making three
+      circuit attempts before giving up. Now switch to a default of 2,
+      and allow the consensus parameter "hs_service_max_rdv_failures" to
+      override. Fixes bug 24895; bugfix on 0.0.6.
+
+  o Major bugfixes (relays):
+    - Fix a set of false positives where relays would consider
+      connections to other relays as being client-only connections (and
+      thus e.g. deserving different link padding schemes) if those
+      relays fell out of the consensus briefly. Now we look only at the
+      initial handshake and whether the connection authenticated as a
+      relay. Fixes bug 24898; bugfix on 0.3.1.1-alpha.
+
+  o Major bugfixes (v3 onion services):
+    - New-style (v3) onion services now obey the "max rendezvous circuit
+      attempts" logic. Previously they would make as many rendezvous
+      circuit attempts as they could fit in the MAX_REND_TIMEOUT second
+      window before giving up. Fixes bug 24894; bugfix on 0.3.2.1-alpha.
+
+  o Minor feature (IPv6):
+    - Make IPv6-only clients wait for microdescs for relays, even if we
+      were previously using descriptors (or were using them as a bridge)
+      and have a cached descriptor for them. Implements 23827.
+    - When a consensus has IPv6 ORPorts, make IPv6-only clients use
+      them, rather than waiting to download microdescriptors.
+      Implements 23827.
+
+  o Minor features (API, embedding):
+    - Tor can now start with a preauthenticated control connection
+      created by the process that launched it. This feature is meant for
+      use by programs that want to launch and manage a Tor process
+      without allowing other programs to manage it as well. For more
+      information, see the __OwningControllerFD option documented in
+      control-spec.txt. Closes ticket 23900.
+
+  o Minor features (cleanup):
+    - Tor now deletes the CookieAuthFile and ExtORPortCookieAuthFile
+      when it stops. Closes ticket 23271.
+
+  o Minor features (code correctness, descriptors):
+    - Check that microdesc ed25519 ids are non-zero in
+      node_get_ed25519_id(), before returning them. Implements 24001,
+      patch by "aruna1234".
+
+  o Minor features (defensive programming):
+    - Most of the functions in Tor that free objects have been replaced
+      with macros that free the objects and set the corresponding
+      pointers to NULL. This change should help prevent a large class of
+      dangling pointer bugs. Closes ticket 24337.
+    - Where possible, the tor_free() macro now only evaluates its input
+      once. Part of ticket 24337.
+
+  o Minor features (directory authority):
+    - Make the "Exit" flag assignment only depend on whether the exit
+      policy allows connections to ports 80 and 443. Previously relays
+      would get the Exit flag if they allowed connections to one of
+      these ports and also port 6667. Resolves ticket 23637.
+
+  o Minor features (embedding):
+    - On most errors that would cause Tor to exit, it now tries to
+      return from the tor_main() function, rather than calling the
+      system exit() function. Most users won't notice a difference here,
+      but it should make a significant difference on platforms that try
+      to run Tor inside a separate thread: they should now be able to
+      survive Tor's exit conditions rather than having Tor shut down the
+      entire process. Closes ticket 23848.
+
+  o Minor features (embedding, mobile):
+    - Applications that want to embed Tor can now tell Tor not to
+      register any of its own POSIX signal handlers, using the
+      __DisableSignalHandlers option. This option is not meant for
+      general use. Closes ticket 24588.
+
+  o Minor features (fallback directory mirrors):
+    - Add a nickname to each fallback in a C comment. This makes it
+      easier for operators to find their relays, and allows stem to use
+      nicknames to identify fallbacks. Implements ticket 24600.
+    - Add a type and version header to the fallback directory mirror
+      file. Also add a delimiter to the end of each fallback entry. This
+      helps external parsers like stem and Relay Search. Implements
+      ticket 24725.
+    - Add an extrainfo cache flag for each fallback in a C comment. This
+      allows stem to use fallbacks to fetch extra-info documents, rather
+      than using authorities. Implements ticket 22759.
+    - Add the generateFallbackDirLine.py script for automatically
+      generating fallback directory mirror lines from relay fingerprints.
+      No more typos! Add the lookupFallbackDirContact.py script for
+      automatically looking up operator contact info from relay
+      fingerprints. Implements ticket 24706, patch by teor and atagar.
+    - Reject any fallback directory mirror that serves an expired
+      consensus. Implements ticket 20942, patch by "minik".
+    - Remove commas and equals signs from external string inputs to the
+      fallback list. This avoids format confusion attacks. Implements
+      ticket 24726.
+    - Remove the "weight=10" line from fallback directory mirror
+      entries. Ticket 24681 will maintain the current fallback weights
+      by changing Tor's default fallback weight to 10. Implements
+      ticket 24679.
+
+  o Minor features (fallbacks):
+    - Avoid selecting fallbacks that change their IP addresses too
+      often. Select more fallbacks by ignoring the Guard flag, and
+      allowing lower cutoffs for the Running and V2Dir flags. Also allow
+      a lower bandwidth, and a higher number of fallbacks per operator
+      (5% of the list). Implements ticket 24785.
+    - Update the fallback whitelist and blacklist based on opt-ins and
+      relay changes. Closes tickets 22321, 24678, 22527, 24135,
+      and 24695.
+
+  o Minor features (forward-compatibility):
+    - If a relay supports some link authentication protocol that we do
+      not recognize, then include that relay's ed25519 key when telling
+      other relays to extend to it. Previously, we treated future
+      versions as if they were too old to support ed25519 link
+      authentication. Closes ticket 20895.
+
+  o Minor features (heartbeat):
+    - Add onion service information to our heartbeat logs, displaying
+      stats about the activity of configured onion services. Closes
+      ticket 24896.
+
+  o Minor features (instrumentation):
+    - Add the MainloopStats option to Tor that allows developers to get
+      instrumentation information from the main event loop via the
+      heartbeat messages. Closes ticket 24605.
+
+  o Minor features (logging):
+    - Improve a warning message that happens when we fail to re-parse an
+      old router because of an expired certificate. Closes ticket 20020.
+    - Make the log more quantitative when we hit MaxMemInQueues
+      threshold exposing some values. Closes ticket 24501.
+
+  o Minor features (logging, android):
+    - Added support for the Android logging subsystem. Closes
+      ticket 24362.
+
+  o Minor features (OSX, iOS, performance):
+    - Use the mach_approximate_time() function (when available) to
+      implement coarse monotonic time. Having a coarse time function
+      should avoid a large number of system calls, and improve
+      performance slightly, especially under load. Closes ticket 24427.
+
+  o Minor features (performance):
+    - Support predictive circuit building for onion service circuits
+      with multiple layers of guards. Closes ticket 23101.
+    - Use stdatomic.h where available, rather than mutexes, to implement
+      atomic_counter_t. Closes ticket 23953.
+
+  o Minor features (performance, 32-bit):
+    - Improve performance on 32-bit systems by avoiding 64-bit division
+      to calculate the current timestamp in milliseconds for channel
+      padding computations. Implements ticket 24613.
+    - Improve performance on 32-bit systems by avoiding 64-bit division
+      when timestamping cells and buffer chunks for OOM calculations.
+      Implements ticket 24374.
+
+  o Minor features (performance, windows):
+    - Improve performance on Windows Vista and Windows 7 by adjusting
+      TCP send window size according to the recommendation from
+      SIO_IDEAL_SEND_BACKLOG_QUERY. Closes ticket 22798. Patch
+      from Vort.
+
+  o Minor features (testing, debugging):
+    - For development purposes, Tor now has a mode in which it runs for
+      a few seconds, then stops, and starts again without exiting the
+      process. This mode is meant to help us debug various issues with
+      ticket 23847. To use this feature, compile with
+      --enable-restart-degbugging, and set the TOR_DEBUG_RESTART
+      environment variable. This is expected to crash a lot, and is
+      really meant for developers only. It will likely be removed in a
+      future release. Implements ticket 24583.
+
+  o Minor bugfix (network IPv6 test):
+    - Tor test now checks if "ping -6 ::1" works when the user runs
+      "make test-network-all". Fixes bug 24677; bugfix on 0.2.9.3-alpha.
+      Patch by "ffmancera".
+
+  o Minor bugfixes (build):
+    - Fix output of autoconf checks to display success messages for Rust
+      dependencies and a suitable rustc compiler version. Fixes bug
+      24612; bugfix on 0.3.1.3-alpha.
+
+  o Minor bugfixes (build, rust):
+    - When building with Rust on OSX, link against libresolv, to work
+      around the issue at https://github.com/rust-lang/rust/issues/46797.
+      Fixes bug 24652; bugfix on 0.3.1.1-alpha.
+    - Don't pass the --quiet option to cargo: it seems to suppress some
+      errors, which is not what we want to do when building. Fixes bug
+      24518; bugfix on 0.3.1.7.
+    - Build correctly when building from outside Tor's source tree with
+      the TOR_RUST_DEPENDENCIES option set. Fixes bug 22768; bugfix
+      on 0.3.1.7.
+
+  o Minor bugfixes (code correctness):
+    - Stop invoking undefined behaviour by using tor_free() on an
+      unaligned pointer in get_interface_addresses_ioctl(). This pointer
+      alignment issue exists on x86_64 macOS, but is unlikely to exist
+      elsewhere. Fixes bug 24733; bugfix on 0.3.0.0-alpha-dev; not in
+      any released version of tor.
+
+  o Minor bugfixes (debugging, memory leaks):
+    - Fix a harmless memory leak in tor-resolve. Fixes bug 24582; bugfix
+      on 0.2.1.1-alpha.
+
+  o Minor bugfixes (directory authorities, IPv6):
+    - When creating a routerstatus (vote) from a routerinfo (descriptor),
+      set the IPv6 address to the unspecified IPv6 address, and
+      explicitly initialise the port to zero. Fixes bug 24488; bugfix
+      on 0.2.4.1-alpha.
+
+  o Minor bugfixes (fallback directory mirrors):
+    - Make updateFallbackDirs.py search harder for python. (Some OSs
+      don't put it in /usr/bin.) Fixes bug 24708; bugfix
+      on 0.2.8.1-alpha.
+
+  o Minor bugfixes (hibernation):
+    - When hibernating, close connections normally and allow them to
+      flush. Fixes bug 23571; bugfix on 0.2.4.7-alpha. Also fixes
+      bug 7267.
+
+  o Minor bugfixes (hibernation, bandwidth accounting, shutdown):
+    - Do not attempt to launch self-reachability tests when entering
+      hibernation. Fixes a base of bug 12062; bugfix on 0.0.9pre5.
+    - Resolve several bugs related to descriptor fetching on bridge
+      clients with bandwidth accounting enabled. (This combination is
+      not recommended!) Fixes a case of bug 12062; bugfix
+      on 0.2.0.3-alpha.
+    - When hibernating, do not attempt to launch DNS checks. Fixes a
+      case of bug 12062; bugfix on 0.1.2.2-alpha.
+    - When hibernating, do not try to upload or download descriptors.
+      Fixes a case of bug 12062; bugfix on 0.0.9pre5.
+
+  o Minor bugfixes (IPv6 preferences on bridges):
+    - Tor now always sets IPv6 preferences for bridges, even if there is
+      only router information or router status and warns about them.
+      Fixes bug 24573; bugfix on 0.2.8.2-alpha.
+    - Tor now sets IPv6 address in rs as well as it's set the one in ri.
+      Closes ticket 24572; bugfix on 0.2.4.5-alpha. Patch by "ffmancera".
+
+  o Minor bugfixes (linux seccomp2 sandbox):
+    - When running with the sandbox enabled, reload configuration files
+      correctly even when %include was used. Previously we would crash.
+      Fixes bug 22605; bugfix on 0.3.1. Patch from Daniel Pinto.
+
+  o Minor bugfixes (memory cleanup):
+    - Avoid possible at-exit memory leaks related to use of Libevent's
+      event_base_once() function. (This function tends to leak memory if
+      the event_base is closed before the event fires.) Fixes bug 24584;
+      bugfix on 0.2.8.1-alpha.
+
+  o Minor bugfixes (OSX):
+    - Don't exit the Tor process if setrlimit() fails to change the file
+      limit (which can happen sometimes on some versions of OSX). Fixes
+      bug 21074; bugfix on 0.0.9pre5.
+
+  o Minor bugfixes (performance):
+    - Consider circuits for timeout as soon as they complete a hop. This
+      is more accurate than applying the timeout in
+      circuit_expire_building() because that function is only called
+      once per second, which is now too slow for typical timeouts on the
+      current network. Fixes bug 23114; bugfix on 0.2.2.2-alpha.
+    - Use onion service circuits (and other circuits longer than 3 hops)
+      to calculate a circuit build timeout. Previously, Tor only
+      calculated its build timeout based on circuits that planned to be
+      exactly 3 hops long. With this change, we include measurements
+      from all circuits at the point where they complete their third
+      hop. Fixes bug 23100; bugfix on 0.2.2.2-alpha.
+
+  o Minor bugfixes (performance, fragile-hardening):
+    - Improve the performance of our consensus-diff application code
+      when Tor is built with the --enable-fragile-hardening option set.
+      Fixes bug 24826; bugfix on 0.3.1.1-alpha.
+
+  o Minor bugfixes (testing):
+    - Give out Exit flags in bootstrapping networks. Fixes bug 24137;
+      bugfix on 0.2.3.1-alpha.
+    - Fix a memory leak in the scheduler/loop_kist unit test. Fixes bug
+      25005; bugfix on 0.3.2.7-rc.
+
+  o Code simplification and refactoring:
+    - Remove /usr/athena from search path in configure.ac. Closes
+      ticket 24363.
+    - Remove duplicate code in node_has_curve25519_onion_key() and
+      node_get_curve25519_onion_key(), and add a check for a zero
+      microdesc curve25519 onion key. Closes ticket 23966, patch by
+      "aruna1234" and "teor".
+    - Rewrite channel_rsa_id_group_set_badness to reduce temporary
+      memory allocations with large numbers of OR connections (e.g.
+      relays). Closes ticket 24119.
+    - Separate the function that deletes ephemeral files when Tor
+      stops gracefully.
+    - Small changes to Tor's buf_t API to make it suitable for use as a
+      general-purpose safe string constructor. Closes ticket 22342.
+    - Switch -Wnormalized=id to -Wnormalized=nfkc in configure.ac to
+      avoid source code identifier confusion. Closes ticket 24467.
+    - The tor_git_revision[] constant no longer needs to be redeclared
+      by everything that links against the rest of Tor. Done as part of
+      ticket 23845, to simplify our external API.
+    - We make extend_info_from_node() use node_get_curve25519_onion_key()
+      introduced in ticket 23577 to access the curve25519 public keys
+      rather than accessing it directly. Closes ticket 23760. Patch by
+      Neel Chauhan.
+    - Add a function to log channels' scheduler state changes to aide
+      debugging efforts. Closes ticket 24531.
+
+  o Documentation:
+    - Add documentation on how to build tor with Rust dependencies
+      without requiring being online. Closes ticket 22907; bugfix
+      on 0.3.0.3-alpha.
+    - Clarify the behavior of RelayBandwidth{Rate,Burst} with client
+      traffic. Closes ticket 24318.
+    - Document that OutboundBindAddress doesn't apply to DNS requests.
+      Closes ticket 22145. Patch from Aruna Maurya.
+    - Document that operators who run more than one relay or bridge are
+      expected to set MyFamily and ContactInfo correctly. Closes
+      ticket 24526.
+
+  o Code simplification and refactoring (circuit rendezvous):
+    - Split get rendezvous circuit on client side on two different
+      functions. One that returns only established circuits and another
+      that returns all kinds of circuits. Closes ticket 23459.
+
+  o Code simplification and refactoring (controller):
+    - Make most of the variables in networkstatus_getinfo_by_purpose()
+      const. Implements ticket 24489.
+
+  o Code simplification and refactoring (fallbacks):
+    - Stop logging excessive information about fallback netblocks.
+      Implements ticket 24791.
+
+
 Changes in version 0.3.2.9 - 2018-01-09
   Tor 0.3.2.9 is the first stable release in the 0.3.2 series.